British government will (unsuccessfully) ban end-to-end encryption


#1

[Read the post]


#2

So, they can’t spy on members of parliament, but will have complete and fine-grained data on everything they did before they were elected.

I also wonder how they plan to deal with the consequences of not using strong encryption for financial transactions. Or for corporate VPNs that transmit confidential information. (rhetorical questions. This woman and her cronies are about as technologically literate as baboons, and I’m guessing they just haven’t thought that far ahead.

Reading about this has inspired a great idea for a free phone app, that I might try to put together next time I take a vacation. It would take advantage of the fact that, under proper operating conditions, the least significant bit of each color from each pixel of a phone’s camera (or any other digital camera) is genuinely random quantum noise. (This is pretty cool, since making random numbers computationally is actually really hard, if not impossible)
The app would take advantage of that to make a few strings of random hex digits, of random length (within user-set limits), and send them to your, or other people’s, email, whenever you activated it.

It could, optionally, choose a suspicious subject line from a pre-generated list, like:

Re: Those Pakistani nukes you ordered.

or

d00d! I’ve got enough special K to kill an elephant.

or

ISIS recruit party: 9:00 at Buffalo Wild Wings. Open Bar!

It would take moderately widespread usage to have much effect, but if it did catch on, it would be totally awesome.


#3

It’s almost like they looked at 1984 and thought “Challenge accepted”. End-to-end encryption is needed to make doing anything online safe, from making purchases to online banking. If you compromize that in any way you open the door for hackers.

So to capture one or two terrorists and “make the world safe” they will take away all of your online safety and actually make your life much less safe.

Also, technically this will just not work. Even if they manage to ban all the available software from not using end-to-end encryption, there is no reason why anyone with minimal coding skills would not still build software with encryption.


#4

Article implies that Google, Apple, and Facebook will have to “re-engineer” their products to be able to retain user’s messages, but neither Google’s nor Facebook’s main messaging services use E2E encryption (I’m aware of their side-projects). Apple’s service probably won’t need to be “re-engineered” either as Apple does the key exchange and provides no verification function, so is already able to decrypt users messages if required.


#5

Also, the bill is somehow 296 pages long. WTF? No wonder the first reaction was general support, because no-one had read it.


#6

Politicians should stick at what they are good at… whatever that might be…?


#7

What about stray radio signal noise? That’s easily accessed from a phone. Hell, if you’re concerned it’s not noisy enough, configure the phone to emit an ultrashort radio pulse. Based on Heisenberg’s uncertainty principle, the pulse will emit over a range of frequencies because it’s too short to settle on a single one. Then have the phone accept the radio reflections from your immediate environment. You’ll get a different signal every time.


#8

Much harder than using data that it’s already configured to generate and save.


#9

It’s not as cool as SGI’s classic laval-lamp based RNG; but there is at least one tool designed to use webcam thermal noise for that purpose. As you say, the chatter in a dark-field video stream should be good, honest, quantum noise; though I cannot vouch for what effect various noise-reduction/pretty-ifying filters built into a given device’s signal path might have; nor whether the various subtle biases that can creep in when trying to get a good RNG are suitably taken into account(I know enough to know that ‘whitening’ algorithms and entropy quality testing are nontrival; but not enough to judge the correctness of an implementation).


#10

I like the idea, but I’m not sure if the CCD data is biased. Quite often random noise is not automatically a good random number generator. You could couple the output with a crypthographic hash function, afaik a rather secure and easy way to minimize biased input, in this case the camera data.


#11

But if it’s saved as a matter of course, it’s exploitable by spooks with big enough budgets. So harder, but maybe worth it? I admit I don’t know enough about cryptography, but it’s my understanding that if you have access to the random seed, you can break the code. I leave it to you to know more about this than me.


#12

I hope being “ashley madisoned” becomes the new “Streisand effect”. Data will leak.

I have a bag of microwave popcorn on my shelf for when they actually try to implement this law.


#13

One bag of popcorn? Implementing this law will be a reason to open the strategic popcorn reserves.


#14

To the best of my knowledge there is only one Conservative MP with a degree in comp sci (David Davis). Oddly (?) he is also a civil libertarian. And the Government won’t let him near IT stuff, perhaps because he actually might understand it. (He also opposed the latest benefit cuts).

Conservatism in both the US and the UK: the more you know about a subject the further they keep you from actually making government policy on it. Climate change, science education, security, IT all ruled by the most ignorant.


#15

This government are making the UK a laughing stock. They may as well try to ban cheese.

I’ll sit back and watch as they get defeated on tax credits (Tories in hit the poor shocker), Junior doctors working hours (who only work an average of 90 hrs a week the lazy bastards), the deficit (which is increasing), immigration (which is increasing) and now encryption which will only affect UK citizens???

The only thing they have done is increase the number of jobs. Shame that these are all low paid and part-time.

Total bunch of fucktards.


#16

Don’t let the Opposition off the hook.

Labour has promised to back the Bill and its response was in the hands of Andy (ID cards, detention without trial, privatising the NHS is okay when I do it) Burnham.

The dreadful fact is that the LibDems were a restraint on government excess.


#17

What I’d love to see is for every website that requires end-to-end encryption to just put up a page when someone accesses the site from the UK that says “Sorry, it’d cost to much for us to re-write everything to be less secure, and we don’t want to do it. Tell your government they’re being stupid.”


#18

Let’s hear it for unintended benefits!

Now lets ban all other “products” to kickstart some maker revolution.


#19

Yet more crap policy from the government. Tory, Labour it’s all been the same all through my lifetime.

If I could permanently get out of this shithole of a country I would. I don’t think there’s anywhere that would accept an anarchist trans-woman with chronic disabilities though.


#20

In 1985, Orwell was proved right. Can we just rename the country airstrip one now and have done with it? Having said that, where in this bill is there a ban on end-to-end encryption? Closest i can find is they want providers to be able to access encrypted content for them? You can’t have a little bit of encryption for fuck sake! The initial bill reading seemed so reasonable didn’t it, with labour rolling over and showing their belly like the good little lapdops they are. You must be glad you got out of the country when you could eh, Cory?