back to article Five-eyes nations want comms providers to bust crypto for them

This week's five-eyes meeting has issued its communique, promising to get the tech sector to solve the problems of online terrorism and encrypted communications. As is the way of political communiques, there's a carefully-crafted lack of detail (sufficient, for example, for plausible deniability) about what exactly is planned …

  1. Frumious Bandersnatch

    "deal with the relentless threats of terrorism"

    When are our legislators going to declare war on rust? Rust never sleeps, and neither should we. Someone should do something! It's a travesty!

    1. Anonymous Coward
      Anonymous Coward

      Re: "deal with the relentless threats of terrorism"

      They haven't got the metal to deal with the real issues. While were at at I think we should declare war on terrierism, won't somebody think of the ankles?

      I'm not worried about relentless threats I'm more concerned about actions, the ones they currently do naff all about even when they know about the people involved in advance without breaking encryption.

    2. Doctor Syntax Silver badge

      Re: "deal with the relentless threats of terrorism"

      "When are our legislators going to declare war on rust?"

      You mean we should all use Go?

    3. Gene Cash Silver badge

      Re: "deal with the relentless threats of terrorism"

      When are our legislators going to declare war on rust? Rust never sleeps, and neither should we. Someone should do something! It's a travesty!

      And at this moment I'm reading "Rust: The Longest War" talking about the US government's efforts to stop corrosion on the Statue of Liberty, the Navy fleet, the Golden Gate bridge, and other things...

    4. DeKrow
      Big Brother

      Re: "deal with the relentless threats of terrorism"

      The only "threats of terrorism" I'm relentlessly exposed to are those from various governments continually threatening to erode privacy, human rights, and civilisations existence through various forms of denial of facts and paths of causation.

      Things that terrify me more than the spectre of terrorism:

      The trend of government control fetishism

      Riding a bike alongside humans driving cars

      My children learning to drive amongst said humans driving cars

      Governments that use the word 'mandate'

      Wilfully ignorant people with the right to vote

      Skepticism of the scientific method

      The weight given to anecdotal evidence

      The government spending tax payer's money on a new coal-fired power station (what century is this?)

      The lack of security around the electricity grid against the constant threat of squirrorists

  2. Charles 9

    Have the 5 eyes actually wised up and are demanding encrypted content be snagged OUTSIDE the envelopes, at points where the contents MUST be decrypted (such as when being read, since we don't have encrypted eyes)?

    1. Anonymous Coward
      Big Brother

      Don't give them ideas, or the 5 Eyes are going to start inserting chips in our brains to read signals from our optical nerves.

    2. big_D Silver badge

      Missed by most of the tech world is the fact that Germany last week enacted a law to tackle encrypted communications.

      Law enforcement, in Germany, can apply for a court order and then hack into a device and leave behind a "Bundestrojaner", a state approved piece of malware to intercept communications directly on the device.

      1. Stork Silver badge

        Germany

        as you write, requires a court order. This makes a difference from what May et.al. want, and is in my mind parallel to court orders for phone tapping, opening letters etc.. I am OK with that in principle, as long as law enforcement plays by those rules.

        I do not see reference to Germany wanting to weakening encryption generally.

        1. This post has been deleted by its author

        2. big_D Silver badge

          Re: Germany

          They accepted that protecting personal communications through encryption is generally good, but they need to access encrypted communications of "bad actors". This is the compromise they came up with.

          1. Doctor Syntax Silver badge

            Re: Germany

            "They accepted that protecting personal communications through encryption is generally good,"

            This is the point that's totally beyond most politicians. They can't grasp the idea that electronic communications without encryption is equivalent to conducting all your business, no matter how confidential, by post-card.

        3. EricM

          Re: Germany

          Agreed: A court order that enables state-sponsored-hacking to infect and control a suspect's device to capture information before/after encryption is different from weakening encryption in general. It will not enable mass-surveillance. But also this solution will lower security for all. A new well-funded player enters the black market that will purchase exploits and keep them secret from manufacturers - so they won't be fixed. This in turn will enable future WannaCry/Petya/NotPetya outbreaks once these weapons caches are raided once in a while by criminals or state-sponsored actors.

          So in order to make us all "safe" we in fact create the basis for a worldwide cyber-attack on developed nations, the "west", ourselves.

          Sounds rather dumb if you ask me ...

          1. Bernard M. Orwell

            Re: Germany

            "Agreed: A court order that enables state-sponsored-hacking to infect and control a suspect's device to capture information before/after encryption is different from weakening encryption in general. It will not enable mass-surveillance."

            Unless, of course, you don't assume that one court order is for one subject. It's simple enough for a single court order to permit the surveillance of very, very large numbers of people. Ask FISA for details. (though they may refuse to admit how many people are affected by their rulings, only the number of rulings themselves).

            1. big_D Silver badge

              Re: Germany @Bernard

              We are talking about Germany here, the courts are very strict, often to the consternation of the government and law enforcement.

            2. EricM

              Re: you assume that one court order is for one subject.

              Not necessarily, but the devices still need to be hacked one by one, extremely limiting usefulness of this approach for anything with "mass" in its name...

        4. pxd

          Re: Germany

          ... as you write, requires a court order.

          This, exactly. If there is not enough evidence to persuade a judge to issue a warrant, then there isn't enough evidence. pxd

      2. handleoclast
        FAIL

        Re: Germany

        @ all those who thought the German idea was a good one

        It's not.

        Really, it's not.

        Really, really, really.

        You already understand that weak crypto is a bad idea because the bad guys will be able to break it.

        You probably understand that some sort of backdoor master key for the good guys is a bad idea because the bad guys will concentrate their attacks on that back door (one success opens not just one device's communications but all of them) and/or bribing those who have the master key. Snowden, anyone?

        What you have yet to understand that allowing the good guys to hack into your phone so they can see the plain text before/after it is encrypted is just as bad. It's a single point of attack for all devices. Break the Federal Trojan key (or bribe somebody to give it to you) and you can then read everything on all devices. Not just the communications but local data that is never transmitted or synched to the cloud.

        At first sight it looks like a good compromise that retains secure communications for most people but gives the white hats the ability to selectively read the comms of the black hats. In reality it opens up everyone's devices to the black hats. It puts all the eggs in one very valuable basket.

        This is actually the worst idea yet.

        1. Stork Silver badge

          Re: Germany

          Provided the German law enforcement does not hoard vulnerabilities, please explain me how it opens up systems any more than they already are?

          As I understand the new law (and I am happy to be corrected) it makes it legal, with a court order, for the law enforcement to plant a trojan on one or more devices.

          I have not seen reference to compulsery installation of trojans on all equipment.

          Care to explain?

    3. NonSSL-Login
      Stop

      They already have the ability to pwn individual phones and spy on everything done on them, including before messages are encrypted.

      What this is actually about is mass surveillance using ISP's and comms companies Man in the Middle position to strip encryption silently. They don't care about little terrorists, which is shown by the fact that most of the naughty guys lately had been reported for 'terrorist tendencies' and ignored.

      The fives eyes just want stuff they can use as leverage or blackmail in their usual espionage game and mass surveillance of unencrypted gives them that.

  3. Anonymous Coward
    Anonymous Coward

    "deep commitment to the shared values of democracy, human rights and the rule of law"

    er... since when? Every one of the 5 eyes countries has issues with their democracy, human rights and governments obeying the rule of law.

    1. spacecadet66

      Re: "deep commitment to the shared values of democracy, human rights and the rule of law"

      "The more he boasted of his honesty, the more we counted the silverware."

  4. dan1980

    As I said in response to a previous story, our Governments are like transport companies setting impossible timetables for truck drivers and then claiming not to be responsible for their drivers speeding or taking dangerous stimulants to stay awake.

    They are dictating an end result that REQUIRES certain processes and then disclaiming responsibility for those same processes.

    "We're aren't asking for cows to be killed, we are just saying that you need to bring us a steak when we ask."

    1. Charles 9

      If it isn't governments setting impossible timetables, it's private enterprise setting impossible timetables. Pick your poison.

      1. MrDamage Silver badge

        More like

        Governments legislating private companies set impossible timetables.

        1. Charles 9

          Re: More like

          No, they're doing it on their own in pursuit of the almighty credit (replace with preferred currency). They figure cheating, covering up, and paying for the occasional bust is cheaper than playing honest.

  5. Mark 85

    As is the way of political communiques, there's a carefully-crafted lack of detail (sufficient, for example, for plausible deniability) about what exactly is planned.

    In other words... we're about to get shafted as far as encryption and privacy go and they won't tell us until long after it happens.?

  6. Winkypop Silver badge
    Facepalm

    In other news

    A spokeswonk from the King Canute Tidal Institution claimed the Moon has something to do with it. Research continues.

  7. Meph
    FAIL

    Breaking News: Water is wet

    "About encryption, the HTTPS-hosted communique says it can “severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism.”"

    I say chaps, it's blasted inconvenient of you to be speaking in a way that we can't understand!

    I'm having genuine trouble believing that the leaders of multiple countries are thick enough to think that stamping their collective feet like petulant children is going to miraculously solve this problem for them.

    Does anyone want to place bets on how long it is until someone writes an app that not only encrypts a message, but then uses old-school style cyphers to hide the messages inside innocuous looking plain-text internet posts?

    1. MrDamage Silver badge

      Re: Breaking News: Water is wet

      Someone already has. He's called "AmanfromMars".

    2. dan1980

      Re: Breaking News: Water is wet

      @Meph

      I'm having genuine trouble believing that the leaders of multiple countries are thick enough to think that stamping their collective feet like petulant children is going to miraculously solve this problem for them.

      Depends on what the 'problem' is. So far as our governments and their agencies are concerned, the 'problem' is not having on-demand access to any and all communication. I.e. - their problem is encryption.

      They are smart enough, however, to know that demanding consumer software abandon encryption wholesale is not going to fly. They are also observant enough to know that the term 'backdoor' now carries a load of negative press (and rightly so), forcing them to use language that avoids - so far as is possible - any comparison or connection with a 'backdoor'.

      They have been fought and, on these points, been beaten by the tech companies in the public mind. So what are they doing? Saying that they aren't going to dictate how the tech world runs itself and how they make their software - they will just insist on an outcome that they can frame in the most positive and reasonable light available to them: the ability to obtain information pursuant to a valid, legal warrant.

      I believe that our governments understand that what they want isn't possible without either a backdoor or the complete removal of encryption and they don't care, so long as they can pass the buck.

      For them, the problem is the existence of strong encryption - not how to access (strongly) encrypted data without weakening encryption; they couldn't care less about that.

      1. Doctor Syntax Silver badge

        Re: Breaking News: Water is wet

        "forcing them to use language that avoids - so far as is possible - any comparison or connection with a 'backdoor'."

        To which the obvious counter is "Oh, you mean a backdoor.". Train the public to recognise a backdoor when they see one.

    3. Milton

      Re: Breaking News: Water is wet

      "Does anyone want to place bets on how long it is until someone writes an app that not only encrypts a message, but then uses old-school style cyphers to hide the messages inside innocuous looking plain-text internet posts?"

      I assume a touch of facetiousness, because you surely know this happens all the time. A seemingly innocuous blog post about the price of strawberries in Tesco can just as easily be the activation command for a dastardly plot.

      But even such elementary codes are unnecessary if your eyewateringly expensive national security apparatus, which collects a million hours of phone intercepts every week in highly accented, idiomatic, convoluted Arabic dialects, employs only 77 people as translators.

      There are many examples of vast budgets being deployed on magical technical projects which actually gum up the works, when what's needed is plain old-fashioned humint, shoe leather and for want of a better word: traditional police work

    4. Doctor Syntax Silver badge

      Re: Breaking News: Water is wet

      "Does anyone want to place bets on how long it is until someone writes an app that not only encrypts a message, but then uses old-school style cyphers to hide the messages inside innocuous looking plain-text internet posts?"

      A double book cypher. Use two books. Look up the page and word number of the first instance a word, e.g. "the", in one book. Substitute the word, e.g. "attack" in the same position in the second.

      If only we knew the two books amanfrommars uses...

      1. hplasm
        Happy

        Re: Breaking News: Water is wet

        "If only we knew the two books amanfrommars uses..."

        One of them is in Martian...

    5. marlowa

      Re: Breaking News: Water is wet

      Steganography has already been done.

      1. Charles 9

        Re: Breaking News: Water is wet

        "Steganography has already been done."

        But it gets trickier the more information you have to pass along at a time, especailly in a "low-shared-knowledge" situation where you and the target have little if any in common. Plus for many methods of steganography, there are ways to sanitize them. For example, hiding in whitespace can be defeated by sanitizing whitespace to minimum spacing standards, and so on. Nonsense messages like book codes will tend to stand out (as will outlandish sports predictions), images can be stretched, flattened, etc. There are limits.

        PS. As for the idea the Panopticon will be Too Much Information, ever considered they could winnow the stuff through machines first? They do that already with large camera arrays like in casinos.

        1. Meph
          Black Helicopters

          Re: Breaking News: Water is wet

          "As for the idea the Panopticon will be Too Much Information, ever considered they could winnow the stuff through machines first?"

          The trouble here is that while machines are excellent at pattern recognition, they'll only ever find the precise thing you tell them to look for. Heuristic scanning is notoriously hit and miss, and even then, you still need to give the system a series of baseline behaviours to check against.

          I think Vic has the heart of it though, there are two ways to hide a message. Either squirrel it away and hope nobody trips over it, or generate so much noise that nobody is sure if what they're hearing is random crap or something of value. Too much signal tends to make your average Joe tune out.

          1. Charles 9

            Re: Breaking News: Water is wet

            "The trouble here is that while machines are excellent at pattern recognition, they'll only ever find the precise thing you tell them to look for. Heuristic scanning is notoriously hit and miss, and even then, you still need to give the system a series of baseline behaviours to check against."

            Fine enough. As long as it's the first line, it can winnow out the noise to leave less for the humans to skim.

            "Too much signal tends to make your average Joe tune out."

            That's the beauty of machines. They DON'T tire. In fact, given the right learning system, the more data the merrier for it.

    6. Vic

      Re: Breaking News: Water is wet

      Does anyone want to place bets on how long it is until someone writes an app that not only encrypts a message, but then uses old-school style cyphers to hide the messages inside innocuous looking plain-text internet posts?

      I imagine it's already happening - and the *ideal* vector already exists.

      Spam.

      Receiving a piece of spam is all the plausible deniability you need. Everyone gets it - it's a menace. Not my fault, guv'nor.

      You could even send the appropriate spam to the email address of the bloke supposed to be surveilling the operation - if it isn't filtered by his mail provider, it'll get thrown away. Even NSA agents won't admit to needing penis growth medicines...

      But if the Bad Guy(tm) checks with his stego tool, he'll find the message that was sent to him - and a million others, although they don't know it - and so the communication has happened, in plain sight of everyone including the investigating authorities. And everyone except the terrorists will simply ignore it.

      Vic.

      1. Bernard M. Orwell

        Re: Breaking News: Water is wet

        "uses old-school style cyphers to hide the messages inside innocuous looking plain-text internet posts?"

        Like UseNet?

  8. technoise

    Follow that camel

    Given that, after the unfortunate result when he turned on his satellite phone, Bin Laden relied only on couriers and sneakernet to convey messages, and T.E Lawrence managed to conduct an entire insurgency campaign in the Middle East using nothing more for communication than messages carried by camel, could the "Five Eyes" prove to us what plots could have been averted using the decryption of strongly encrypted messages, what plots were coordinated using strong encryption, and what terrorist actions could not be coordinated by other means, i.e messengers and sneakernet? Bearing in mind that once an operation is under way, communications won't even need to be encrypted, and you'll have a pretty good idea the operation is happening, anyway?

    The clock ticking while the boffins try to decipher the message to discover the location of the bomb, while the grinning terrorist sits there in his cell, keeping stumm, is just too much of a Hollywood movie plot scenario.

    1. This post has been deleted by its author

    2. spacecadet66

      Re: Follow that camel

      "We'd love to tell you, but it's classified," said the implicitly trustworthy person with a government-issued official ID and everything.

  9. Anonymous Coward
    Anonymous Coward

    Typical bureaucratic response: doesn't believe expert advice that it's just not possible and tries to dump the problem in someone else's lap. Twats.

  10. Paul Hargreaves
    Big Brother

    So they could go back to the good old days and say 'nothing over 56 bit' or some random number above that.

    Except - AWS. In ye olde days it would be troublesome to decrypt something unless you had lots of computers, something governments have but the unwashed didn't.

    Cores are so cheap to rent now by the thousand. Weak crypto won't work.

    Really they can play wack-a-mole and ask / tell each, and, every, single, developer, and, tech, company to give them the private keys.

    Excluding China/Russia (oops), that'll work for big companies (in western countries) that provide SSL keys, and large app vendors such as Google, Microsoft etc.

    Those pesky criminals, however, will use something else... since 'crypto' worked well before computers. Mine's a copy of 'The Catcher in the Rye'.

    1. Anonymous Coward
      Anonymous Coward

      Allegedly at the sunny internationale standardisation process which started in 1982, GSM's A5/1 was originally proposed to have a key length of 128 bits. (it would have remained 'safe' for ~32 years!),

      wikipedia says that the British insisted on weaker encryption, . . .the British delegate [said] that this was to allow the Brits geheimpolizei to eavesdrop more easily.

      The British proposed a key length of 48 bits, while the (West) Germans wanted stronger encryption to protect against (East) German spying, so the compromise became a key length of 54 bits (A5/1 had 10 of the key bits fixed at zero, resulting in an effective key length of 54 bits)

      It's an old story, as you say, as even Mary QoS's encrypted barrels were subject to MITM, with likely agent-provocation and fake-news compromat combined

  11. EricM

    Carefully crafted lack of knowledge or just cowards?

    Once information is end-to-end encrypted, no amount of political wishful thinking can unencrypt it without compromised endpoints. The only way for the "5 eyes" (and everyone else) to keep spying on everyone else unhindered will be to force insecure encryption systems for everyone. This will enable the "5 eyes" (and everyone else) to read every communication.

    So this will also enable crooks to read your banking passwords, your sensitive company information and your medical data.

    So dear "5 eyes", maybe you should stand up and tell the world you want to ban working encryption, so we can start discussing the _real_ pro's and con's.

    But please stop suggesting "solutions" from fairy-tale-land, just because you do not dare to name the full consequences of said "solutions" for society.

    1. cbars Bronze badge

      Re: Carefully crafted lack of knowledge or just cowards?

      I hate all this stuff as much as you guys - but really they will end doing it and it will be this:

      SSL between me and WhatsApp server

      SSL between WhatsApp server and you

      web service from WhatsApp server to 5 eyes - probably through a VPN

      Now there are 3 points of attack instead of 2, but in the example of online banking - this isn't really all that different to what we have now. Thing is, I just think lists are a bad thing and this doesn't stop me having a conversation outside, so it's completely pointless. I'm also sure it'll end up being more expensive for consumers and the government will tax something to pay for it.

      No need, but yes it will happen

  12. John H Woods Silver badge

    Arms race ...

    Although the codebreakers have been snapping at the heels of the codemakers ever since the end of the Second World War, I'm guessing they will remain a little behind right up to an eventual limit where all non quantum cryptography can be broken instantly, and quantum cryptography never.

    Even then, I suspect there'll be absolutely no way of detecting, let alone comprehending, a signal formed by including, in set of innocuous looking Facebook photos of the account holder's dogs and cats, say three pictures in succession of only the dog.

    And all this effort for what ... to counter a threat that takes less lives than bathtubs, let alone traffic.

  13. JimmyPage Silver badge
    Big Brother

    I can start to see what's going to happen ...

    Imagine the T&Cs of your ISP contract have a clause along the lines of:

    ...1) You shall not permit any communication using the service provided which is encrypted beyond the ability of the Service Provider to decrypt

    ...2) In order to ensure compliance with (...1) the Service Provider shall be permitted to undertake detailed inspection of all and any network traffic that enters or leaves the network at the instigation or behest of the customer

    ...3) Failure to adhere to these conditions may result in termination of the services provided. Additionally customers may be reported to the appropriate authorities.

    Time to plug some pink noise into the internet I guess.

  14. John Smith 19 Gold badge
    Gimp

    "And all this effort for what ... to counter a threat that takes less lives than bathtubs, l"

    In the UK the entire death toll of terrorist incidents for the last 12 years was 37.

    The UK has spent probably several £500m -£1Bn a year and will no doubt point to all the people who would have been killed (but they cannot actually provide an estimate for that number) if they hadn't

    It's time to confront the real enemy.

    The cabal of data fetishists who have a pathological desire to know everything, about everyone, all the time, forever.

    Strong encryption is indeed an enemy of theirs.

    But their real enemy are people's desire for privacy. How dare we want to have times when we want to keep our thoughts, our feelings (and finances) private. Don't we know that "Caring is sharing (with them)?"

    This communique is exactly the result of the echo chamber you get when these groups get together and reinforce their shared, delusional belief system.

    1. Commswonk

      Re: "And all this effort for what ... to counter a threat that takes less lives than bathtubs, l"

      In the UK the entire death toll of terrorist incidents for the last 12 years was 37.

      Are you certain about that? Your 12 year window includes 7/7 and that resulted in 56 deaths on its own. Or did you try to manipulate the figures by forgetting that 7/7 is within your chosen time frame?

      I will concede that terrorist related deaths in the UK over that period - while rather higher than your figure - is less than 100, which isn't an enormous number. However, by just using the number of deaths as some sort of yardstick you are ignoring all the suffering and distress caused to the injured; 7/7: 700; Westminster Bridge: 49; Manchester Arena: 120; Borough Market: 48. Are you dismissing all these and others as being of no account?

      I am not trying to argue any particular case in respect of encryption and its perceived evils; I am merely seeking to expose what seems to be an attempt to downplay the effects of terrorist activity.

      And of course it is possible to remove human casualties from the mix entirely and just look at the disruption to infrastructure (e.g. London Underground in 7/7) and its direct consequences and costs. Is all that of no importance either?

      To simply use an incorrect figure for terrorist killings over a given period as some sort of measure of the impact of terrorism while ignoring everything else is at best silly and at worst wilfully misguided, perhaps in attempt to wilfully mislead.

      1. John Smith 19 Gold badge
        Unhappy

        Your 12 year window includes 7/7 and that resulted in 56 deaths on its own.

        No. I chose 12 years as post 7/7 but let's include them.

        And while we're at it let's include the Brazillian electrican that got shot for wearing a heavy jacket on the wrong day as well. That's 57, not 56. And the English nutter terrorist that ran into a group of Moslems leaving their Ramadam prayers in North London and killed one as well. That's a "terrorist" incident as well.

        And let's not forget Lee Rigby, Victim of a pair of "terrorists," or 2 people with mental health issues who should have been sectioned?

        That's 94 people over a 13 year period, who might (not would, might) be alive today if anyone's encrypted traffic could be compromised at will by "The State," for "The Greater Good." BTW Most of them, including the 7/7 bombers were "Known to the authorities" already.

        Meanwhile the confirmed death toll of 1 UK tower block due to either inadequate fire regulations, or their enforcement, is up to 80 (the other 18 are still listed as "missing" IE they can't match the remains found to an actual person, yet). Meanwhile every block so far tested (with similar cladding) has failed fire tests. There are about 600 such blocks in the UK.

        BTW 94 is just over 10.5Hrs of smoking related deaths in NHS hospitals for 2014.

        I think most of the UK readers of this site who lived through the IRA activities of the 1970's, 80's and 90's would consider compromising end to end encryption (as used for home banking and shopping) a grossly disproportionate response against what might be fairly described as a bunch of "shabolic motherf**kers," compared to the activities of the IRA.

        The NHS figure (even better housing safety regs) says there are a lot better ways to save lives than this, but I don't think that's what you're concerned with. :-( .

        If you, or someone you know, has been a victim of a terrorist incident I have a special message for you and them.

        <profanity filter off>

        Shit happens.

        </profanity filter off>

        You or they were very unlucky to be in the wrong place at the wrong time. It was grossly unfair. But that was the event, which has passed.

        It's time to start thinking rationally again.

        Most people have lost people who've died before they think they should have. Most deaths are preventable if you're prepared to sacrifice enough money, time or effort to do so.

        The question is should you?

        The purpose of a terrorist is to make you terrified.

        If you (or someone you know) are terrified, they have won.

        If you live you life making every decision based on wheather it (might) make you being the victim of a terrorist incident more or less likely, they have won.

        When you refuse to be terrified, they lose. Fear is your choice. But understand it is your choice, not anyone elses.

        A cold hard assessment of what these proposals will do with the reduction in terrorism, versus the reduction in everyone's security and privacy would conclude they are literally not worth the money they will cost.

        But I don't believe "security" is the reason this is wanted. I believe it's a convenient excuse to introduce it. They just as happily use the risk of internet paedophiles, money laundering or drug dealing to justify it as well.

        Data fetishists have no shame. They will hijack any issue to drive their agenda through.

        1. Mark 85

          @ John Smith 19 -- Re: Your 12 year window includes 7/7 and that resulted in 56 deaths on its own.

          Well said and thought out. As with any "war" or even "crime" give in and you lose. Unfortunately, we have tons of snowflakes on both sides of the pound which seem to be from parents raised as 'flower children". They will shout down any rational argument and maybe sing "Give Peace a Chance" in 3 part harmony.

          1. John Smith 19 Gold badge
            Unhappy

            "sides of the pound which seem to be from parents raised as 'flower children". "

            I think you need to re-read my post.

            Not turning the country into a police state might be described as the PoV of the "flower children."

            It's usually the "ordinary decent law abiding (blah blah)" types who scream at the slightest threat to their life style who demand the most absurdly repressive measures. They don't really cope with anyone who's not exactly like them very well.

            People can mistake broad tolerance for weakness. I once drank in bar were most of the regulars were ex-cons. They were very tolerant of casual visitors, provided they were well behaved. The bar did not have door staff because it didn't need them. People who were unwise enough to mistake their tolerance for weakness regretted it.

        2. handleoclast

          Re: Your 12 year window includes 7/7 and that resulted in 56 deaths on its own.

          @John Smith 19

          A very good analysis.

          I will add two things for a little extra perspective.

          1) The US may soon pass legislation that will result in 22,000,000 losing health care and cause in excess of 20,000 deaths per year sooner than would otherwise have occurred. This is in order to give $70 billion/year in tax cuts to the rich. Preventing death doesn't seem of great importance to these people, despite their claims of the necessity to defeat terrorism in order to prevent deaths.

          2) If, in order to defeat your enemy, you have to adopt those behaviours that make him your enemy, then your enemy has won (whatever you do). We are moving towards a repressive, totalitarian regime in order to defeat people who wish to impose a repressive, totalitarian regime upon us. Dubya (now only the second worst president ever) said: "They hate us for our freedoms" then proceeded to stop them hating us by removing our freedoms whilst bombing the shit out of them.

          I suspect it's going to get a lot worse before it gets better. If it ever does.

          1. John Smith 19 Gold badge
            Unhappy

            "if...., you have to adopt those behaviours that make him your enemy, then your enemy has won "

            Exactly.

            In the US context Bin Laded must have ROTFLFAO when Congress passed THE PATRIOT Act, with one Congressman refusing (because he'd actually read the 200+ pages of it and thought it was a PoS).

    2. Rob D.

      Re: "And all this effort for what ... "

      The original point was about all this effort to try and close the final gap. The money spent so far and the efforts invested in combatting terrorism so far have resulted in the impact (casualties, fatalities, consequential losses etc) being no worse than what it was under the use/abuse of current legislation and technical capabilities.

      The government spooks don't really care about your privacy though - actual or perceived. They want a public discourse that argues endlessly about impractical limits on encryption but permits laws allowing the compromise of endpoints on mass market usage. Detection of 'real' security in use becomes a potential flag for targeted investigation.

      After that you just need to trust your government in perpetuity and hope the crims don't break the locks. So no problem then.

  15. batfastad

    How to find a needle in a haystack

    Q: How do you find a needle in a haystack?

    A: Bigger haystacks!

  16. Will Godfrey Silver badge
    Happy

    A classic

    Anyone remember Arnold Schwarzenegger's reply when an attempt was made to block his budget?

    His real reply was to be had by reading the first letter of each paragraph, but he managed to get it published before anyone cottoned on.

    1. Roj Blake Silver badge

      Re: A classic

      A journalist at the Daily Express did something similar when Richard Desmond bought the paper. It was his final piece.

      https://www.theguardian.com/media/2001/jan/08/uknews

  17. Anonymous Coward
    Anonymous Coward

    “deal with the relentless threats of terrorism, violent extremism, cyber-attacks, and international instability, while retaining our deep commitment to the shared values of democracy, human rights and the rule of law”.

    Horse shit. They are faced with a general populous that they are unable to spy on, and they don't like it. The above is almost too argumentum ad metum for words. Only surprise is they didn't mention noncing too. Make the plebs afraid, they will then let you get away with anything.

    1. Charles 9

      "Horse shit. They are faced with a general populous that they are unable to spy on, and they don't like it."

      Oh? And this was any different from, say, 40 years ago—when computers didn't exist, the population was thinner but still diverse, and manpower was still lacking?

  18. Anonymous Coward
    Anonymous Coward

    I've mentioned Alice and Bob before....

    Why is it that the politicians want to breach commercially available "end-to-end" encryption? Alice and Bob (English speakers) have implemented a simple book cipher, and they use The Register, because, although that might communicate the originator of the message, it completely fails to communicate the RECIPIENTS to the NSA or GCHQ. The "book" is unknown, the randomisation of the book is unknown, and the application which does the (symmetrical) encoding and decoding was written by Charlie for the group (in Python). Alice has sent me (AC) another test message for onward communication.

    *

    enchant chistera Sonja Diann smalts overaccurately diminisher squushy viduation arthrosporous bandidos fringiness half-plane babbly dasyproctine shikimi saucer resolder overindebted formals abort sophies Cryptobranchus Keb chacate termor hermeneutics Tzapotec OOP hexactine hout alada

    *

    1. Vic

      Re: I've mentioned Alice and Bob before....

      enchant chistera Sonja Diann smalts overaccurately diminisher squushy

      Ah, durka durka durka Mohammed jihad.

      Vic.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon