So, they canāt spy on members of parliament, but will have complete and fine-grained data on everything they did before they were elected.
I also wonder how they plan to deal with the consequences of not using strong encryption for financial transactions. Or for corporate VPNs that transmit confidential information. (rhetorical questions. This woman and her cronies are about as technologically literate as baboons, and Iām guessing they just havenāt thought that far ahead.
Reading about this has inspired a great idea for a free phone app, that I might try to put together next time I take a vacation. It would take advantage of the fact that, under proper operating conditions, the least significant bit of each color from each pixel of a phoneās camera (or any other digital camera) is genuinely random quantum noise. (This is pretty cool, since making random numbers computationally is actually really hard, if not impossible)
The app would take advantage of that to make a few strings of random hex digits, of random length (within user-set limits), and send them to your, or other peopleās, email, whenever you activated it.
It could, optionally, choose a suspicious subject line from a pre-generated list, like:
Re: Those Pakistani nukes you ordered.
or
d00d! Iāve got enough special K to kill an elephant.
or
ISIS recruit party: 9:00 at Buffalo Wild Wings. Open Bar!
It would take moderately widespread usage to have much effect, but if it did catch on, it would be totally awesome.
Itās almost like they looked at 1984 and thought āChallenge acceptedā. End-to-end encryption is needed to make doing anything online safe, from making purchases to online banking. If you compromize that in any way you open the door for hackers.
So to capture one or two terrorists and āmake the world safeā they will take away all of your online safety and actually make your life much less safe.
Also, technically this will just not work. Even if they manage to ban all the available software from not using end-to-end encryption, there is no reason why anyone with minimal coding skills would not still build software with encryption.
Article implies that Google, Apple, and Facebook will have to āre-engineerā their products to be able to retain userās messages, but neither Googleās nor Facebookās main messaging services use E2E encryption (Iām aware of their side-projects). Appleās service probably wonāt need to be āre-engineeredā either as Apple does the key exchange and provides no verification function, so is already able to decrypt users messages if required.
Also, the bill is somehow 296 pages long. WTF? No wonder the first reaction was general support, because no-one had read it.
Politicians should stick at what they are good atā¦ whatever that might beā¦?
What about stray radio signal noise? Thatās easily accessed from a phone. Hell, if youāre concerned itās not noisy enough, configure the phone to emit an ultrashort radio pulse. Based on Heisenbergās uncertainty principle, the pulse will emit over a range of frequencies because itās too short to settle on a single one. Then have the phone accept the radio reflections from your immediate environment. Youāll get a different signal every time.
Much harder than using data that itās already configured to generate and save.
Itās not as cool as SGIās classic laval-lamp based RNG; but there is at least one tool designed to use webcam thermal noise for that purpose. As you say, the chatter in a dark-field video stream should be good, honest, quantum noise; though I cannot vouch for what effect various noise-reduction/pretty-ifying filters built into a given deviceās signal path might have; nor whether the various subtle biases that can creep in when trying to get a good RNG are suitably taken into account(I know enough to know that āwhiteningā algorithms and entropy quality testing are nontrival; but not enough to judge the correctness of an implementation).
I like the idea, but Iām not sure if the CCD data is biased. Quite often random noise is not automatically a good random number generator. You could couple the output with a crypthographic hash function, afaik a rather secure and easy way to minimize biased input, in this case the camera data.
But if itās saved as a matter of course, itās exploitable by spooks with big enough budgets. So harder, but maybe worth it? I admit I donāt know enough about cryptography, but itās my understanding that if you have access to the random seed, you can break the code. I leave it to you to know more about this than me.
I hope being āashley madisonedā becomes the new āStreisand effectā. Data will leak.
I have a bag of microwave popcorn on my shelf for when they actually try to implement this law.
One bag of popcorn? Implementing this law will be a reason to open the strategic popcorn reserves.
To the best of my knowledge there is only one Conservative MP with a degree in comp sci (David Davis). Oddly (?) he is also a civil libertarian. And the Government wonāt let him near IT stuff, perhaps because he actually might understand it. (He also opposed the latest benefit cuts).
Conservatism in both the US and the UK: the more you know about a subject the further they keep you from actually making government policy on it. Climate change, science education, security, IT all ruled by the most ignorant.
This government are making the UK a laughing stock. They may as well try to ban cheese.
Iāll sit back and watch as they get defeated on tax credits (Tories in hit the poor shocker), Junior doctors working hours (who only work an average of 90 hrs a week the lazy bastards), the deficit (which is increasing), immigration (which is increasing) and now encryption which will only affect UK citizens???
The only thing they have done is increase the number of jobs. Shame that these are all low paid and part-time.
Total bunch of fucktards.
Donāt let the Opposition off the hook.
Labour has promised to back the Bill and its response was in the hands of Andy (ID cards, detention without trial, privatising the NHS is okay when I do it) Burnham.
The dreadful fact is that the LibDems were a restraint on government excess.
What Iād love to see is for every website that requires end-to-end encryption to just put up a page when someone accesses the site from the UK that says āSorry, itād cost to much for us to re-write everything to be less secure, and we donāt want to do it. Tell your government theyāre being stupid.ā
Letās hear it for unintended benefits!
Now lets ban all other āproductsā to kickstart some maker revolution.
Yet more crap policy from the government. Tory, Labour itās all been the same all through my lifetime.
If I could permanently get out of this shithole of a country I would. I donāt think thereās anywhere that would accept an anarchist trans-woman with chronic disabilities though.
In 1985, Orwell was proved right. Can we just rename the country airstrip one now and have done with it? Having said that, where in this bill is there a ban on end-to-end encryption? Closest i can find is they want providers to be able to access encrypted content for them? You canāt have a little bit of encryption for fuck sake! The initial bill reading seemed so reasonable didnāt it, with labour rolling over and showing their belly like the good little lapdops they are. You must be glad you got out of the country when you could eh, Cory?