People tend to underestimate the deviousness of totalitarian streak in every government. Our mental image tends to reduce them to the level of cartoon villain. In reality they are much more cunning than that. They might be dumb but they are not stupid. They know such law is utterly impossible to enforce in its stated form. But their goal is not to actually remove all such tech from use in UK.
Their goals is much more perfidious, create a legal environment where everyone even using a device or software with end-to-end crypto is by default engaging in illegal activity. This opens the door to legal persecution of such person purely on basis of use of such device regardless of content of information. There would be no need for them to break the crypto and peak in on your data. They can simply throw a book at you simply because they caught you using crypto in the first place. The possession of encrypted data becomes crime nough. This gambit creates environment where person basically breaks the law simply by engaging in (what are elsewhere) normal everyday activities. This is a sort of pre-crime. Ready made trap. Government can at their leisure spring the trap, and pull out a ready made charge.
Or all the new-fangled wiretap laws sprouting everywhere are a consequence of the Snowden leaks: All tapping done in secret is now hectically legalised.
Giving legal backing to the stuff they are doing anyhow is also a goal. But than again they are at least forced to acknowledge it. At least this gives us hope of forcing them to make it illegal one day. After all you canât ban something that (officially) doesnât exist.
Donât care if itâs exploitable. The point is twofold, and neither of them involves actually using these random numbers to send encrypted messages:
have lots of people sending suspicious looking messages consisting of random noise, so they waste resources on it and canât tell whether a given message is someone using strong crypto or just sending random noise
have a lot of people publicly institute a practice of keeping random number collections on all of their devices, so any encrypted file has plausible deniability as a simple collection of random numbers. Everyone should maintain a personal random number collection.
These both require significant adoption to do any good.
âUs? Illegally surveilling you? Why thatâs⌠thatâs⌠ummm⌠Hey!!! Look over there!!!â
âWhat? I donât see anything?â
âOh, it must have gone. Anyway everything we did was legal now. Bye bye!!!â
Nick Clegg has stuck the knife in by revealing he was âtotally shockedâ that only a handful of senior ministers were aware that the security services has been illegally spying on UK citizens for decades.
Iâm not impressed with the political point scoring but it is at least one benefit of the coalition government that it is now coming to light.
The fact that this is retrospective legislation highlights that the intelligence services had access to this in the past but were unable to stop 7/7.
Part of the reason MPs are exempt from spying, is because their communications with their constituents (ie the people who elected them, and who they directly work for) should be kept private.
[Imagine youâd just found out that the security services were overstepping their bounds and hoovering up all manner of personal information, one of your first steps might be to contact your MP and have them raise the matter in parliament]
On the other hand, it looks like even if the security services had proof that an MP was committing a crime, they would be unable to intercept their communications (legally).
I believe France had similar laws in the 1990s (?), the then current Windows Terminal Server had a special French edition with disabled or weakend encryption. Not sure when this law was revoked and how good it worked when in effect.
