British government will (unsuccessfully) ban end-to-end encryption

[Read the post]

1 Like

So, they canā€™t spy on members of parliament, but will have complete and fine-grained data on everything they did before they were elected.

I also wonder how they plan to deal with the consequences of not using strong encryption for financial transactions. Or for corporate VPNs that transmit confidential information. (rhetorical questions. This woman and her cronies are about as technologically literate as baboons, and Iā€™m guessing they just havenā€™t thought that far ahead.

Reading about this has inspired a great idea for a free phone app, that I might try to put together next time I take a vacation. It would take advantage of the fact that, under proper operating conditions, the least significant bit of each color from each pixel of a phoneā€™s camera (or any other digital camera) is genuinely random quantum noise. (This is pretty cool, since making random numbers computationally is actually really hard, if not impossible)
The app would take advantage of that to make a few strings of random hex digits, of random length (within user-set limits), and send them to your, or other peopleā€™s, email, whenever you activated it.

It could, optionally, choose a suspicious subject line from a pre-generated list, like:

Re: Those Pakistani nukes you ordered.

or

d00d! Iā€™ve got enough special K to kill an elephant.

or

ISIS recruit party: 9:00 at Buffalo Wild Wings. Open Bar!

It would take moderately widespread usage to have much effect, but if it did catch on, it would be totally awesome.

7 Likes

Itā€™s almost like they looked at 1984 and thought ā€œChallenge acceptedā€. End-to-end encryption is needed to make doing anything online safe, from making purchases to online banking. If you compromize that in any way you open the door for hackers.

So to capture one or two terrorists and ā€œmake the world safeā€ they will take away all of your online safety and actually make your life much less safe.

Also, technically this will just not work. Even if they manage to ban all the available software from not using end-to-end encryption, there is no reason why anyone with minimal coding skills would not still build software with encryption.

8 Likes

Article implies that Google, Apple, and Facebook will have to ā€œre-engineerā€ their products to be able to retain userā€™s messages, but neither Googleā€™s nor Facebookā€™s main messaging services use E2E encryption (Iā€™m aware of their side-projects). Appleā€™s service probably wonā€™t need to be ā€œre-engineeredā€ either as Apple does the key exchange and provides no verification function, so is already able to decrypt users messages if required.

2 Likes

Also, the bill is somehow 296 pages long. WTF? No wonder the first reaction was general support, because no-one had read it.

4 Likes

Politicians should stick at what they are good atā€¦ whatever that might beā€¦?

5 Likes

What about stray radio signal noise? Thatā€™s easily accessed from a phone. Hell, if youā€™re concerned itā€™s not noisy enough, configure the phone to emit an ultrashort radio pulse. Based on Heisenbergā€™s uncertainty principle, the pulse will emit over a range of frequencies because itā€™s too short to settle on a single one. Then have the phone accept the radio reflections from your immediate environment. Youā€™ll get a different signal every time.

3 Likes

Much harder than using data that itā€™s already configured to generate and save.

1 Like

Itā€™s not as cool as SGIā€™s classic laval-lamp based RNG; but there is at least one tool designed to use webcam thermal noise for that purpose. As you say, the chatter in a dark-field video stream should be good, honest, quantum noise; though I cannot vouch for what effect various noise-reduction/pretty-ifying filters built into a given deviceā€™s signal path might have; nor whether the various subtle biases that can creep in when trying to get a good RNG are suitably taken into account(I know enough to know that ā€˜whiteningā€™ algorithms and entropy quality testing are nontrival; but not enough to judge the correctness of an implementation).

2 Likes

I like the idea, but Iā€™m not sure if the CCD data is biased. Quite often random noise is not automatically a good random number generator. You could couple the output with a crypthographic hash function, afaik a rather secure and easy way to minimize biased input, in this case the camera data.

1 Like

But if itā€™s saved as a matter of course, itā€™s exploitable by spooks with big enough budgets. So harder, but maybe worth it? I admit I donā€™t know enough about cryptography, but itā€™s my understanding that if you have access to the random seed, you can break the code. I leave it to you to know more about this than me.

3 Likes

I hope being ā€œashley madisonedā€ becomes the new ā€œStreisand effectā€. Data will leak.

I have a bag of microwave popcorn on my shelf for when they actually try to implement this law.

5 Likes

One bag of popcorn? Implementing this law will be a reason to open the strategic popcorn reserves.

9 Likes

To the best of my knowledge there is only one Conservative MP with a degree in comp sci (David Davis). Oddly (?) he is also a civil libertarian. And the Government wonā€™t let him near IT stuff, perhaps because he actually might understand it. (He also opposed the latest benefit cuts).

Conservatism in both the US and the UK: the more you know about a subject the further they keep you from actually making government policy on it. Climate change, science education, security, IT all ruled by the most ignorant.

9 Likes

This government are making the UK a laughing stock. They may as well try to ban cheese.

Iā€™ll sit back and watch as they get defeated on tax credits (Tories in hit the poor shocker), Junior doctors working hours (who only work an average of 90 hrs a week the lazy bastards), the deficit (which is increasing), immigration (which is increasing) and now encryption which will only affect UK citizens???

The only thing they have done is increase the number of jobs. Shame that these are all low paid and part-time.

Total bunch of fucktards.

6 Likes

Donā€™t let the Opposition off the hook.

Labour has promised to back the Bill and its response was in the hands of Andy (ID cards, detention without trial, privatising the NHS is okay when I do it) Burnham.

The dreadful fact is that the LibDems were a restraint on government excess.

4 Likes

What Iā€™d love to see is for every website that requires end-to-end encryption to just put up a page when someone accesses the site from the UK that says ā€œSorry, itā€™d cost to much for us to re-write everything to be less secure, and we donā€™t want to do it. Tell your government theyā€™re being stupid.ā€

5 Likes

Letā€™s hear it for unintended benefits!

Now lets ban all other ā€œproductsā€ to kickstart some maker revolution.

Yet more crap policy from the government. Tory, Labour itā€™s all been the same all through my lifetime.

If I could permanently get out of this shithole of a country I would. I donā€™t think thereā€™s anywhere that would accept an anarchist trans-woman with chronic disabilities though.

3 Likes

In 1985, Orwell was proved right. Can we just rename the country airstrip one now and have done with it? Having said that, where in this bill is there a ban on end-to-end encryption? Closest i can find is they want providers to be able to access encrypted content for them? You canā€™t have a little bit of encryption for fuck sake! The initial bill reading seemed so reasonable didnā€™t it, with labour rolling over and showing their belly like the good little lapdops they are. You must be glad you got out of the country when you could eh, Cory?