News Cameron calls for an end to privacy

IMHO it was when that paragon of intellectual thought Mr Bush declared war on terror.

I'm not going to defend what they've done, but do you think any other flavor of government would have done anything different ?

There is hope, well if we are still members of the ECHR or the ECJ by the time the case is heard.

 

Does he have a plan for little bits of paper being passed around? What about meeting in a cafe?

 

Naah, back to the old school of spy craft: surreptitious meetings by men in trenchcoats at the duck pond of the local park.

The sale of red carnations will go through the roof...

 

Our only hope to stop that madness is the EU declaring it illegal...

 

Welcome to the Free Peoples Democratic Republic of England, Scotland, Wales and Northern Ireland.

Might as well rename the country to that just like North Korea etc

All hail our great leader Kim Jong Cameron

 

1. WTF indeed. I've had enough. Where can we go to avoid all this?
2. Failing that, can we not just get someone in power who allows us to vote on EVERYTHING? They issue a paper every quarter with proposals and you tick Yes or No at your polling station, then whatever gets voted in goes through. Although you would have the added complication of voting for what goes on that quarterly proposal paper...
3. Does anyone else add the harshest four letter word they can think of whenever they see "****"? It's a good job the Govt can't read our thoughts (yet)

 

It's not as simple as that, though. Even if the UK gov can force all ISPs to cooperate with its tracking efforts (by, say, routing all traffic through GCHQ monitoring servers), there is a defence against man-in-the-middle attacks through trusted certification - when you make an https connection, the cryptographic credentials presented by the site are tested against ones obtained from a trusted certification authority (I thought Verisign was the best known, but seems it has been bought by Semantec, which is now the market leader in trusted certification).

The MITM can intercept the request and proxy the traffic so it can see what you are sending and receiving, but you know it is doing so because your https connection doesn't have the right certificate, and the MITM can't spoof the certificate without either hacking/stealing/forcing the third party site to reveal the private key to its certificate or falsifying certification so its incorrect credentials appear as legit. Since the first scenario is impractical for every SSL certificate holder in the world, to conduct a successful MITM attack they would need to subvert the certificate authorities, which just isn't going to happen.

They could set up a bogus certification authority and mandate that all software installed on new devices sold in the UK must recognise its "authenticity", but (a) they would very quickly be found out; (b) people would riot after the press s***storm that would follow when they were found out; (c) how would UK gov solve for old software that predates the mandate?; (d) how would they solve for grey imports circumventing the mandate?; (e) how would they stop people installing "illicit" software in breach of the mandate?; (f) how would they solve for people modifying software to ignore the bogus CA?

Basically it's impossible. Basically the only way they could spy on substantially all internet traffic would be to force all ISPs to drop all encrypted packets, forcing everyone onto unsecured connections that anyone could eavesdrop on. This would destroy e-commerce, banking, and all other legitimate reasons for which people use encrypted channels. The fallout would be insane. And even then, people that really REALLY want to keep things secret from the government will find a way, so the outcome of the ill-advised scheme would be to basically put us back to the pre-internet era without even fixing the supposed problem they're trying to solve.

Why don't they just nuke the UK from orbit? It's the only way to be sure nobody is using encrypted channels for nefarious purposes.

The problem with your point (2) is that it is distortive in its own way and the questions asked on the ballot are crucial - as you point out the political process moves to deciding which questions make the ballot. For example, if your quarterly referendum had a question like "should income tax be abolished?" it would very likely get passed (who likes paying tax?!) but the outcome would be disastrous for the economy.

The other problem is that most people probably don't want to have to deal with the tedious minutiae of voting on every issue (or of taking the time to really understand each individual issue), so you'd have some (few) issues that were hotly contested with most people voting but most issues people would just vote blindly or abstain, which is again distortive.

Finally, the sad truth is a large proportion of people are hugely swayed by what they see on TV / hear on radio / read in the press. You'd be handing enormous political power to the media. And while Cameron certainly has his faults, I'd choose him as PM over Rupert Murdoch every single time.

Cam Jong Un?

Passing of paper shall be outlawed without prior approval of the contents of any messages by the Ministry of Love. All cafes shall be monitored at all times by agents posing as old ladies drinking tea.

 

Did you read the rest of my post? Microsoft couldn't accede to this - it would lose the trust of millions of users. Also, even if they did accede, the backlash when the press get hold of the fact that UK gov has coerced a major software manufacturer to insert what amounts to a backdoor to all secure communications would be severe. And they would get hold of it very easily - the list of trusted CAs is easily accessed from the settings pane. Unless it was a sneaky hidden CA, which would trigger even more backlash when it was inevitably found out.

I know you're being facetious, but it's hard to tell where your serious comment ends and the joke begins. There's no chance of the UK dropping connections on the basis of browser ID header; the knowledge of how to modify a browser's header would become commonplace; and there's no chance of it becoming criminal to use a browser that doesn't happen to allow GCHQ to spy on every byte it sends.

This is the more likely, if still highly paranoid, scenario. But yes, if you have the right combination of computational resources, knowledgeable people and political reach, I will concede that you could theoretically instigate a nationwide MITM attack (or at least cultivate the ability to silently monitor any arbitrarily selected target's traffic with minimal chance of detection).

 

I didn't say it hadn't been done. But so far as we know it hasn't been done by the British government. If that's what they want to do, why have Cameron announce it? Just go ahead and do it.

Tin foil hats at the ready!

 

He has to announce to score points with the ukip voters.

Anyway, I don't believe Cameron even has the faintest hint of an idea about the devastating impact a law like that would have, as it would effectively ban development, manufacturing, sale, ownership and use of every piece of hardware and software that doesn't allow the government unrestricted access to all user data.

 

Yeah but those guys are animals.

 

It seems Mr Cameron isn't happy to just limit the breaking of encryption by GCHQ to the UK, apparently he is going to ask Mr Obama to do more.

http://www.theguardian.com/uk-news/2015/jan/15/david-cameron-ask-us-barack-obama-help-tracking-islamist-extremists-online

 

I think the real question here is why the internet should not be subject to the same laws governing print media and telephones, and other established forms of communication. Quite simply, of course it should be subject to the same laws. The fact is that right now, the internet is not subject to the same laws. Cameron and also the Labour Party have both expressed the view that the internet should be subject to the same established laws. Some of those laws may need to be adapted, because the quick development of electronic communications has created legal loopholes that terrorists are able to exploit. The question is whether we wish to close them, or whether we don’t.
Does anyone think there should be specific forms of electronic communications terrorists should be free to use with legal immunity from interception? Or do they think, that under appropriate safeguards, the security services should be able to monitor all of their communications? What is the case is that banning snapchat is not an attack on freedom. Killing innocent people is.

 

Don't let the politicians fool you into believing they only want to extended the same laws governing print media and telephones to the internet, what they propose goes much further, if we reverse what they propose would you still think its a good idea ?

If every letter you posted was opened at the post office, a copy was made to be stored for a year, resealed and sent on it's way, would you see that as acceptable ?

If ever time you used your phone they logged your location, the time, who you called, and for how long would you think that was acceptable ? Do you not think it wouldn't be abused.

It's not a question of legal loopholes, it's a question of civil liberties, is it right to invade innocent peoples privacy ?
It's also not a matter of gathering ever increasing amount of data, it's what's done with the data you do have. Need i remind you that every time there has been an attack the terrorists were known to the security services, 9/11 they were on the radar, 7/11 they were on the radar, Lee Rigby, Charlie Hebdo, the list goes on.

So what's to stop people passing pieces of paper, or talking face to face ?
What's to stop terrorists from using the dark web ?

If this is purely about monitoring specific forms of electronic communications terrorists use with legal immunity from interception then why the need to monitor non-terrorists ?

The politicians answer to an attack on our freedoms is, to take away our freedoms.

 

Well if we have no freedoms left to be attacked, we can't very well complain about our freedoms being attacked now can we?

 

If it was just snapchat...

But it relates to all electronic communication, which would for example ban all companies from using VPN solutions (unless it has a backdoor) so forget working from home, it would ban all companies from using internal chat software (unless they save and hand over all logs), it would force all software developers to add backdoors to every piece of software that has any sort of communication feature. It would ban the sale and use of every last bit of software capable of communication if it doesn't have a backdoor.

And don't forget that every backdoor is a massive security risk, who guarantees that the data won't end up on some lost laptop on a train?
What if someone other than law enforcement figures out how to access the backdoor? (competitors stealing trade secrets, hackers taking down networks).
What about the entire legal process getting thrown out of the window? (you know, needing a suspicion instead of blanket surveillance, needing a search warrant from a court and so on).
How many software developers would simply move their jobs elsewhere?
How many software developers would be willing to add a backdoor to their software just for the UK versus simply not doing business with the UK and how would the UK function without it?
Is there even any benefit? China has been doing widespread censorship and monitoring of the internet for a long time already, but newsflash, bad stuff can happen in China regardless of that.

 

If he adopted the same hairstyle it would almost be worth it.