UK Tories say they'll exploit Manchester's dead to ban working crypto in the UK


#1

Originally published at: http://boingboing.net/2017/05/24/tories-vs-technology.html


#2

When I saw the headline today about troops on the streets, I just thought, “Security Theatre”. Of course it will play well with the Tories’ target audience. I expect the rest of the campaign to focus on Corbyn’s “terrorist sympathies”.


#3

Good to see somebody’s learning the lessons of 9/11 - that a terror attack can be used to justify any expansion of government power.


#4

I’ve worked for three IT support and consultancy firms and can attest to the fact it’s a business model that exists solely due to encryption allowing remote support over the Internet. These firms are going to have an extremely hard time coming up. So will all their clients. All 1000+ of them, just from those three.


#5

The fact that “encryption” has lots of button-down business users, and isn’t just for cypherpunks and dark road drug salesmen certainly makes it harder to crack down on in broad terms; but it is often possible to add the backdoors or decrypt-on-demand mechanisms that team spook is looking for without necessarily upsetting the business cases.

Sometimes, that’s because the encryption already depends on fairly centralized 3rd parties who could be compelled reasonably silently(eg. Certificate Authorities unless certificate transparency is being done quite carefully indeed); in other cases it’s because ‘at rest’ encryption at one end or the other, or both, is weak or nonexistent; and the bulk of the effort has gone into securing traffic over the internet; in which case you just lean on whoever is most convenient for the at-rest records of what transpired over the encrypted link.

That’s why ‘end-to-end’(especially when ‘end’ is ‘phone with reasonably strong security design’) encryption displeases Team Fed greatly; while it is generally seen as neutral, or even encouraged, when more traditional designs(most email and IM that isn’t encrypted at the client, say) that allow for easy storage of messages by the provider add SSL/TLS to the link between the end user and the provider. Only criminals and opportunists benefit from having tons of cleartext flowing between you and your mailserver; and the feds don’t really care about how well that traffic is encrypted as long as they can just subpoena the server operator and get all the goods neatly packed for them there.


#6

So they think they can distinguish between someone using haard cryptography, and someone who’s just not making any sense? I can do both.


#7

Lazarus? Been a while…


#8

I am old-school. Struth, was that nearly 30 years ago?!


#9

As ever, authoritarian arseholes in government use the actions of terrorist arseholes as an excuse to enact unrelated “preventative” measures. One can only wonder what the regime in Washington has in store if the terrorist incident its anticipating comes to pass before they’re kicked out of office.


#10

Someone better explain to the Dear Leader that all her backers in the City of London rely on unbreakable encryption.


#11

Yeah… Sorry. We moved up a demographic. Not sure if that’s a good thing or not.


#12

Does this mean that they will go after crypto ransomware for not having a government sanctioned back door? That is a fight I want to see.


#13

I have to wonder how much the spies follow this kind of restriction. The only ones stopping them from including the members of parliament in their snooping is, ultimately in the technical sense, themselves. If the whole agency in essence decides to keep tabs on politicians in order to keep them in line, then, once they have these powers, what’s to stop them?


#14

No shit. This was baked into the snooper’s charter from day 1, with the wording allowing our authoritarian overlord and her cronies to interpret however they wish. The guv’ment were questioned about just what a TCO notice would cover but they wouldn’t answer. The ministers and lords voting for this nonsense deemed that sufficient and voted it in anyway so go figure.


#15

The problem right now is that “encryption ban” is not specific about what kind of encryption they’re talking about. The original ban that was mooted by David Cameron was for messaging apps that supported end-to-end encryption. Obviously he’s never heard of PGP. The ban they’re talking about now… no technical details. And when it comes to the current n00bs in the UK government and technical details, it pays dividends to assume the absolute worst and put plans into motion early.

Also, the businesses I worked with generally relied on 3rd party remote access tools like LogMeIn and TeamViewer. I say “relied”, because after chatting to a few, they’re making sure every business they look after has a reliable, ‘secure’ firewall with support for IPSEC/L2TP, certificates for which will be rotated every month, allowing techs to attach their own systems to our client’s networks in a special DMZ, then SSH tunnel from there to the client system they need access to. This is considered a ‘stopgap measure’.


#16

With enough people doing it, encryption is like vaccination and helps build herd immunity. And also in that there are a few vocal wackos who don’t want their citizens (children) encrypted (vaccinated) because they think it causes terrorism (autism).

Has the rest of the world considered setting up a reverse Great Firewall around the UK to keep them from endangering the rest of the internet yet? The idea of cyberquarantines have come up before, but it used to be about quarantining individual infected users. When a government mandates that everyone must run malware, that seems a legitimate reason to shut the whole country out of the global net.


#17

This topic was automatically closed after 5 days. New replies are no longer allowed.