News 'Five Eyes' countries hint at mandatory encryption back door demands

I'm fine with letting these countries have back doors. As long as China, Russia and North Korea can have access to them as well. If you don't give them the access, they'll find a way to get it anyway, so may as well be open about it.

 

It is impossible to create an encryption with selective backdoor access while maintaining security.

You can either deliberately have a vulnerability in the software and tell those you want to have access all about it, which does nothing to prevent others from discovering said vulnerability on their own, or you force companies that make the software to run a permanent man in the middle attack and hand over the data, which then allows the company making the software to abuse the data in whatever manner they damn well please.

 

Ah, crap, forgot to use the [sarcasm] [/sarcasm] tags. I thought they were implied.

 

It perturbs me that people who get to make decisions about things like this simply don't have any idea what they're talking about.

 

Yeah I kind of missed the sarcasm, although to be fair the sheer stupidity of the government proposal doesn't help in detecting sarcasm in replies to it.

 

It's even worse than that. They preach their misinformed misinterpreted opinion as if it's the gospel. Saying that people don't care about privacy? Then why the hell do they have curtains?!

 

I wouldn't say impossible, just not secure enough and bad idea in general.

Most encryption schemes support multiple target public keys, so any of the recipients with corresponding private keys could decrypt the message. A company could make a pair of keys for every customer - one key per customer for legal purposes stored on company servers and second key for the actual customer. Thus company could decrypt the message too, as they public key would be included in message too.

Problem then shifts to legal and safety side - can the companies keep their private key safe from governments ? Which court orders will the companies accept ? I mean, if let's say Chinese court will order all data of Taiwanese prime ministers iPhone, will US based Apple comply with court order ?

It is obvious the 'Five eyes' think about the access for themselves exclusively, but how can they stop other countries forcing the hand of companies too ?

 

Hence the impossible bit.
Multiple keys? You can't guarantee the company doesn't access the data (or grant another 3rd party access, or gets hacked).

And the biggest irony of it all, in the hypothetical scenario that someone actually succeeded in creating an encryption with selective access for 3rd parties they would automatically defeat the concept of selective 3rd party access:

Just stack two encryptions with different 3rd party access to kill all 3rd party access, if you used one encryption that only Russia can get through and stacked another on top of it that only GCHQ can get through then neither can get to your data.

 

"'real people' don't care about encryption" my arse.
Boring politicians and people who don't know much about computers, don't care about encryption.
They are getting fewer and fewer in number. Those of us who grow up in a tech environment are becoming an increasing majority as time goes by.
We want and we use encryption, and we don't want pen pushers spying on us in their Orwellian way at the drop of a hat....... And no, we don't have anything to hide. But that still doesn't mean we find it acceptable.

 

Simple, when we do it it's good and should be allowed because we're the good guys, when someone we don't like want's to do it we'll say no as they're the bad guys.

At least that's how it seems to work when governments want to drop bombs on things.

EDIT: If governments are so adamant that lawful access solutions can be implemented without putting citizens in danger maybe they should try it out on government sites and politicians first, it should be easy for them to insert a backdoor into a modified TLS, if that backdoor goes undiscovered for 5 years then have at it.

 

Also will the ASA mandate "not intended to be actually secure" disclaimers in all encryption related advertisements?

 

Don't worry, you can easily be made to look like you have.

'If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.' -Cardinal Richelieu [Disputed]

 

I think your interests are skewing your viewpoint.

The majority of older, pension age folk are largely tech-ignorant, but I find most of the younger generation are apathetic towards and almost equally ignorant of the tech they make use of every day. I think we're already beyond the peak of the bell curve of tech savvy people who give enough of a damn to make a stand.

IMO, governments are in a golden age of a largely ignorant/apathetic/lazy electorate. A great deal of policy can be pushed through parliament with little more than a few standouts raging in protest. Civil rights groups are marginalised and vilified as subversives, to mitigate their impact or appeal, and the right fear-mongering PR campaign can accomplish astonishing feats these days. Exhibits a and b: Trump and Brexit.

 

Indeed, not only it's a golden age of what you mentioned, they also don't trust the experts. Something got to be done soon otherwise Idiocracy could become a reality.