News Home Secretary Amber Rudd says 'real people' don't care about encryption

Discussion in 'Article Discussion' started by bit-tech, 1 Aug 2017.

  1. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,094
    Likes Received:
    125
    Companies can do the old man in the middle where by each device has an encrypted connection to the company's server and the company server decrypts the sender's traffic and log it before re-encrypting it and sending it to the receiver. This method doesn't rely on back doors or breaking encryption. Meaning the data is secure in transit. It does mean that every government agency will have access to the logs as well as people working in the company. Which is basically what your government seems to want. I think if the UK pushes forward with this using law, this will be the likely implementation for any vendors that wish to operate in the UK. What's more I think most people will be fine with this approach as well.

    This Rudd woman seems to be an imbecile.
     
    Last edited: 1 Aug 2017
  2. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,607
    Likes Received:
    112
    When it comes to crossing rivers real people don't care about physics or engineering. They only care about being able to drive across bridges.

    [​IMG]
     
  3. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,646
    Likes Received:
    98
    The only problem with that is you don't need a company, or middle man, to encrypt something, you can do it with nothing more than a pencil and paper, i could even send an encrypted SMS if the person i was sending it to knew the key in advance.
     
  4. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,094
    Likes Received:
    125
    Yeah I know, but people manually encrypting things is not what they seem to care about. The overwhelming vast majority of people won't do that anyway. Besides, with a government computer and AI it seems like pulling encrypted strings from plain text messages would be easier to do than finding people communicating on criminal acts using in terms and basic code words. In essence people sending encrypted messages on a system that the government monitors in plain text would stick out like a sore thumb.

    Anyway this is as much about finding people that haven't paid their TV license (and other trivialities) as it is about terrorism. People won't use manual encryption to discuss the latest Mock the Week episode.

    Ultimately, forcing companies to use a man in the middle approach to communications would shut the likes of Rudd up and give these people the kind of access to the private matter of citizens they seems so obsessed with having.
     
    Last edited: 1 Aug 2017
  5. l3v1ck

    l3v1ck really joined on Dec 24th 2004.

    Joined:
    23 Apr 2009
    Posts:
    12,902
    Likes Received:
    9
    1)Yes we do.
    2)I know two people who decided not to vote Tory at the last election, specifically because of their stance on the internet and encryption.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,447
    Likes Received:
    310
    There are so many problems with that. Let's ignore the biggest, like the fact that the government has a history of abusing such access (remember those powers it needed because terrorists then immediately started using to see if people had paid their council taxes?) and jump straight to the big one: data breaches.

    WhatsApp gets hacked, my chat (and video, and audio, and file) history is safe 'cos it's end-to-end encrypted. This is Good.

    Crappy Man in the Middle Chat Services R We gets hacked, the hackers get the lot 'cos it's not end-to-end encrypted - and the hackers probably got it 'cos some civil servant downloaded it to his laptop and left it on the train.

    The government is the weak link here. Not only do I not want them to have access to my stuff because they're likely to abuse said access, but I don't want them to have access to my stuff because they'll almost certainly bloody well lose it.

    Turkish citizenship database: 49,611,709 records. Stolen. Philippines Commission on Elections: ~50,000,000 records. Stolen. US Office of Personnel Management: 4,000,000 records. Stolen. US Office of Personnel Management (again, 'cos Security is Hard You Guys): 21,500,000 records. Stolen. Clinton Electoral Campaign: ~5,000,000 records. Stolen. Privatisation Agency of the Republic of Serbia: 5,190,396 records. Stolen. Australian Immigration Department: 500,000 records. Stolen. Florida Department of Juvenile Justice: 100,000 records. Stolen. Twice. US Diplomatic Cables 1973-1976 (the 'Kissinger Cables'): 1,700,000 records. Stolen. California Department of Child Support Services: 800,000 records. Stolen. Washington State Court System: 160,000 records. Stolen. South African Police Whistleblowing Service: 160,000 'anonymous' records. Stolen. South Caroline State Department of Revenue: 3,600,000 records. Stolen. Office of the Texas Attorney General: 6,500,000 records. Stolen. Medicaid: 780,000 records. Stolen. Greek Government: 900,000 records. Stolen. San Francisco Public Utilities Commission: 180,000 records. Stolen. US National Law Enforcement: 123,461 records. Stolen. Her Majesty's Revenue and Customs right here in the UK: 25,000,000 records. Stolen.

    And those are just the highlights, gathered from this swish site and filtered to governmental breaches only.

    Give the government unfettered access to my plaintext in the name of security? Pull the other one, it's got bells on.
     
    Last edited: 1 Aug 2017
    edzieba likes this.
  7. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,094
    Likes Received:
    125
    Yeah I know, there's no need really for the rest of your post. It's not secure, purely because people in a company have access to the data. That's not even taking into account server hacks, disgruntled employees etc. I'm not that naive, your mistaking my post for advocacy which it is not.

    But it gives the government what they want and they can sell it as keeping end to end encryption (even though its not) because technically both ends are encrypted (just not on the same communication line) and not putting back doors in encryption algorithms (which it doesn't). On the surface it appears to be a keep the cake and eat it situation and would be an easy sell to an uninformed public. If push comes to shove that's what's going to happen is my guess. That's all I'm saying really.
     
  8. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,447
    Likes Received:
    310
    It's not end-to-end encryption, because end-to-end encryption means it is encrypted from one end to the other - not from one end to the middle and from the middle to the other end. And d'you know what you call putting a special means of access to supposedly 'encrypted' data? A back door. It's not a back door in the algorithm, it's a back door in the implementation.

    Remember what happened when Yahoo put a totally-not-a-back-door-honest-govnah into its email system for the US government to play with? Every bugger's email got got.
     
  9. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,094
    Likes Received:
    125
    I know its not end to end encryption. That's why I said that it wasn't.
    I know its a back door in the implementation which is why I said they aren't putting back doors in the algorithm.

    Will you point out where I said this was a good idea or that it was secure?
     
  10. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,447
    Likes Received:
    310
    Ahem:
    That all sounds t'me like you think it's a good idea. (I certainly wouldn't describe a bad idea as being like having my cake and eating it.) If not, why propose it?
     
  11. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,094
    Likes Received:
    125
    Ok let me explain.

    The first emboldened sentence I was referring to back doors specifically in the encryption algorithm and I probably should have been more clear.

    The second, I believe that most people won't actually care if the government do something like this. That doesn't mean that they shouldn't care, it just means they won't care. I think the vast majority of people will be ignorant, indifferent or both of the consequences of taking such an approach. That's not advocacy that is me predicting the reaction of the general public.

    Forcing companies to do man in the middle and log stuff would give the government what they want. That is just a very simple fact. No where here am I saying that giving the government what they want is a good idea.

    In the final quote I'm demonstrating how politicians could twist the reality to sell it to people that aren't informed on such matters. You know politicians lie, twist things, put spin on things. This why I've tried to clarify the reality of the situation in brackets which you seemed to have ignored.

    Try this. Start with the thought that I actually agree with your position and re-read my posts.

    Why propose it? Because that how I believe a government that wants to intercept WhatsApp type communications will achieve their goal. My posts outline how politicians will sell such a thing to the public and how I believe the people will react to such a move and why using manual encryption (which I'm considering some sort of pen and paper type encrypted string copied into a messenger app) on such a compromised service would just flag people quicker.

    On the surface Gareth on the surface. It means superficially.
     
    Last edited: 1 Aug 2017
  12. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,447
    Likes Received:
    310
    I have done so, but I'm still rather confused (but it is late, and I'm ever so tired, so I'm perfectly willing to believe the fault is mine.) In your first post, you describe exactly what Amber Rudd is actually asking for (companies using end-to-end encryption to stop doing so Because Terror and switch to a system like MITM while giving The Forces of Good access to the plaintext via a back door) and later suggest that this would be an acceptable solution, but you call her an imbecile.

    I think that's what has me confused!
     
  13. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,094
    Likes Received:
    125
    I'm not saying its an acceptable solution for the public. I think that even though its not an acceptable solution, there is enough in the implementation of a man in the middle approach for politicians to force companies to use it and then feed the public a twisted perspective on that reality to make the public believe everything is still secure and ok. The public who aren't tech savvy or know anything about encryption will just buy this twisted perspective and assume everything is still fine. Its just a prediction of what will happen if the government forces action on their intent to snoop on communications.

    I called Rudd an imbecile because I agree with your position and she clearly is one.
     
  14. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,447
    Likes Received:
    310
    Then we are locked in violent, passionate agreement - huzzah!
     
  15. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,094
    Likes Received:
    125
    Indeed.

    Anther thing that I was getting at without actually saying it (good job me). Is that I think some people believe that this sort of snooping would mean compromising the encryption algorithms themselves. Meaning encryption is globally broken and some random hacker could intercept traffic and decrypt it because the algorithm is essentially broken. But a vendor based man in the middle allows spying without breaking encryption algorithms.

    Man in the middle is how employers find out you were googling pictures of the Fallen Madonna with the Big Boobies even though your traffic was properly encrypted going out on the internet itself.
     
  16. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,447
    Likes Received:
    310
    Now that is something I haven't heard in a long, long time. <listlessly slaps feet together, waves hand vaguely in the air> 'tler!
     
  17. Paradigm Shifter

    Paradigm Shifter de nihilo nihil fit

    Joined:
    10 May 2006
    Posts:
    1,903
    Likes Received:
    22
    It has long been obvious that politicians neither understand nor care to understand the things that they find themselves having power over. They seem to operate purely on a lust for the generous salary, exorbitant expenses allowances and ability to get away with the exact same things they lecture us as being wrong.
     
  18. Broadwater06

    Broadwater06 Member

    Joined:
    10 Apr 2016
    Posts:
    194
    Likes Received:
    3
    Rudd was just a few votes away from losing her seat, ****, so close.
     
  19. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,646
    Likes Received:
    98
    Totally agree, public perception can be very different from realities and Rudd seems to be playing up to those public perceptions, i still live in hope that someday the public will care enough about governments conducting surveillance on their citizens to be bothered to do something about it, unfortunately i suspect I'm wrong to believe that. :(
     
  20. wst

    wst Active Member

    Joined:
    30 Aug 2009
    Posts:
    820
    Likes Received:
    88
    My MP's getting an email about it. I've included my PGP fingerprint so he can verify the sender of any replies I send to him ;)

    Edit:

    Irony has struck! The footer of the email that's been sent says....

    279eb16cfbe5ec55921a/a1d80d942236cbb2f133 (Signed with an electronic signature in accordance with section 7(3) of the Electronic Communications Act 2000.)

    Edit 2:

    Irony strikes twice! I searched on Google for the Electronics Communications Act 2000 and got this error message when trying to load the page with the text of said Act on it...

    [​IMG]
     
    Last edited: 2 Aug 2017
Tags: Add Tags

Share This Page