Just To Be Safe, UK Government To Confiscate Cryptographic Keys

from the trust-us,-well-keep-it-secure dept

As new UK regulations come into force, businesses may be compelled to hand over cryptographic keys to the police force. The explanation, surprisingly enough, is that the government needs the keys in order to effectively combat pedophiles, terrorists, and any other public menace that a politician can dream up. Defenders of the actions say there is a difference between handing over the keys and being required to decrypt private data, but it's not clear why the key can't be handed over after the police suspect illicit communication. Besides, a centralized collection of cryptographic keys would be quite the mother lode for cyber-criminals to attack. Even if they're impenetrable from the outside, they'll be hard to protect from an internal attack (e.g. a spy). Should the regulations be executed, the big loser could be the UK, as companies keep important information and keys outside of its borders. As hard as it is to imagine, it seems a regulation designed to keep people safer from predators might actually heighten their risk.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    hobot, 18 May 2006 @ 1:40pm

    wow

    wow
    wow
    wow

    This is fucking terrible.
    WHO THE FUCK THOUGHT THIS UP, THIS IS THE WORST IDEA I HAVE EVER HEARD.
    DUR DUR DUR UD RU.

    Jesus fuckign christ on a cracker.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 18 May 2006 @ 3:13pm

    -----BEGIN PGP MESSAGE-----
    Version: PGP Desktop 9.0.6 (Build 6060)

    qANQR1DDDQQJAwIOdpcZlLBRJ2DSWQE/hp3MzzU1KGi+94MU9vUVM2mKifsATh01
    HvnvCNfHhiDgX3n92C1TJN83C U3v5V+e021QCZqsQaeXacqnJ/wRKmpLaiC41Bbo
    lgxG3K2c9VIwzsDx7e2B
    =hKZB
    -----END PGP MESSAGE-----

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 18 May 2006 @ 3:15pm

    Re:

    HOW DO I READ UR MESSAGE ??

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 18 May 2006 @ 3:19pm

    Re: Re:

    never

    link to this | view in thread ]

  5. identicon
    I, for one, 18 May 2006 @ 3:53pm

    Faulted reasoning

    This says some important things.

    Firstly it an admission that GCHQ/MI5 etc lack the computer capabilities and/or resources to crack everyday crypotgraphy. That means that PGP etc really is pretty good.

    Secondly it is, on the face of it quite sensible. It places the responsibility for data with the data owner. Many companies simply can't manage their internal security (hell some can't even manage basic website security) so they place their keys in escrow. The law is designed to pave the way for forcing the accused to get those keys back not tie up police time and resources chasing rainbows.

    The requirement is not an a priori arrangement as many people will assume. You don't have to hand over keys for all and any encrypted data you have. It is a measure to be used when a crime is under investigation not an open door to give the police unfettered access to company and private data.

    But, it falls down on two points.

    It creates a crime of not handing over the keys. There are many legitimate reasons to not have keys. Any good security policy rotates keys on a weekly or daily basis for non retained info. And why would you keep old keys, especially if you are up to no good? Thus it makes no distinction between well intentioned good security policy and suspicious behaviour.

    It's based on the investigators assumption. There is no distinction between random noise and encrypted data. If the police come across a block of noise from a random wipe how are they to identify it? They ask the user for the key, and of course there is none, but then a criminal would say that wouldn't they. Thus, again, there is no technical way to differentiate between illegal and legal activity. One is therefore guilty of a crime (refusing to hand over non-existant keys) purely on the basis of an arbitary accusation.

    In summary it has the usual effect of making those who are truly criminal but well informed safer (they will rotate and destroy keys for nefarious reasons) while exposing the innocent to greater chance of injustice and abuse.

    Now I'll tell you, I know a few good cops. They hate this crap. They are overwhelmed, lacking in expertise and resources and completely befuddled by the technicalities and the laws. Most (all normal police but a few uber geek detectives) want to abandon what they see as a huge waste of time chasing technological evidence and go back to old fashioned methods of psychology and human investigation. That's how you catch criminals.

    Which is why this law was obviously not created by the needs of criminal investigation. It is an admission by government that they powerless against criminals who use sophisticated methods and an attempt to change the burden of proof. They need to acknowledge that they have lost this battle and shift resources back into manpower where it can be effective (observation, infiltration, case building).

    link to this | view in thread ]

  6. identicon
    Colin LeMahieu, 18 May 2006 @ 5:14pm

    Citizens of the UK

    People living in the UK need to put their government on a leash. Far too long have they allowed their government to get out of control with their policing policies.

    link to this | view in thread ]

  7. identicon
    |333173|3|_||3, 18 May 2006 @ 5:26pm

    Re: Citizens of the UK

    But all the leader of major parties are Scots, and they have different laws anyway, so what chance do everyone else have. All they do is pass one set of laws in Scotland and a different set in Westminster, just like with university fees. the public won't act because too many ppl are ignorant sheep, just like in the USA or Aus.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 18 May 2006 @ 5:58pm

    Mein Fuehrer in London, we in the EU and US will follow you in the interest of harmonisation.

    link to this | view in thread ]

  9. identicon
    Grokodile, 18 May 2006 @ 6:07pm

    This Doesn't Seem Plausible

    I mean, it's certainly plausible that government officials will be this stupid.

    However, I don't understand why governments go to such lengths to punish the law abiding while those breaking the laws will just continue to ignore the new rules as well. Idiots!

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 18 May 2006 @ 9:27pm

    given how laws in one country often turn up in another, I suspect it's only a matter of time before similiar legislation turns on in the US. Given the amount of stories I've read about government compromised systems, or occasionally sheer incompetence, I don't have to worry about terrorist and theives. The government is doing most of their legwork for them.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 18 May 2006 @ 10:49pm

    Nothing we can do except sit back and watch the world destroy itself.

    link to this | view in thread ]

  12. identicon
    Louis, 19 May 2006 @ 3:54am

    Totally insane.

    link to this | view in thread ]

  13. identicon
    Skype, 19 May 2006 @ 4:22am

    Why do you think AOL paid billions for Skype?

    AOL recieved funding from the US Gov to purchase Skype to get access all all the encryption keys. Now the NSA can eavesdrop on all your skype calls too.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 19 May 2006 @ 4:48am

    ANOTHER BRILLIANT IDEA FROM THE SAME MORONS WHO CONFISCATED MOST FIREARMS NOT IN CRIMINAL HANDS. i DIDN'T NOTE TOO MUCH WHINING THEN. YOUR OX JUST GOT GORED, HOPE YOU ENJOY IT.

    link to this | view in thread ]

  15. identicon
    qkslvrwolf, 19 May 2006 @ 6:35am

    Stupid and stupid

    First, the idea is stupid because only people with nothing to hide are going to give up their keys. Everyone else isn't. So you're going to have access to the information you don't need. The poster above pretty much outlined all the reasons this is ridiculous.

    Also stupid, however, is number 14. Hey dipshit...they never had guns. The laws preventing your average everyday citizen and/or criminal from getting guns came early...before guns were really common. Thus...NO ONE got guns, and they still don't have them. Criminals or "good guys" alike.

    This obviously won't work in the US because we all already have guns, so only the law abiding citizens would be likely to give them up. Which would be kinda dumb. In fact, its almost the same thing as the crypt keys.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 19 May 2006 @ 9:37am

    Re: Stupid and stupid

    what planet are you from. crooks buy new guns all the time. its not a matter of it being impossible to get people to give up their guns--its a matter of it being impossible to get people to quit buying them. or quit selling them.

    link to this | view in thread ]

  17. identicon
    Dee, 28 Jul 2006 @ 6:57am

    Re: Faulted reasoning

    Well said

    link to this | view in thread ]

  18. identicon
    Dee, 28 Jul 2006 @ 7:00am

    (__/) (='.'=)This is Bunny. Copy and paste bunny (")_(")into your signature to help him gain world domination. :D ._...|..____________________, , ....../ `---___________----_____|] = = = D ...../_==o;;;;;;;;_______.:/ .....), ---.(_(__) / ....// (..) ), ----" ...//___// ..//___// .//___// ................ __ ...........__.(__)..__ ..........(__)l.....l(__) ..........l.=.ll..=.ll.=.l.__ ..........l... .ll.....ll....l(__) ..........l.=.ll==ll.=.ll.=.l ..........l....ll.....ll....ll....l __.......l. =.ll==ll.=.ll.=.l l]...)....l......................l l....|....l......................l (......_. /......................l ................................l ...............................l ..... ........................./ ..._......................./ ...l.....................l

    link to this | view in thread ]

  19. identicon
    Dee, 28 Jul 2006 @ 7:01am

    (__/)
    (='.'=)This is Bunny. Copy and paste bunny
    (")_(")into your signature to help him gain world domination. :D


    ._...|..____________________, ,
    ....../ `---___________----_____|] = = = D
    ...../_==o;;;;;;;;_______.:/
    .....), ---.(_(__) /
    ....// (..) ), ----"
    ...//___//
    ..//___//
    .//___//


    ................ __
    ...........__.(__)..__
    ..........(__)l.....l(__)
    ..........l.=.ll..=.ll.=.l.__
    ..........l... .ll.....ll....l(__)
    ..........l.=.ll==ll.=.ll.=.l
    ..........l....ll.....ll....ll....l
    __.......l. =.ll==ll.=.ll.=.l
    l]...)....l......................l
    l....|....l......................l
    (......_. /......................l
    ................................l
    ...............................l
    ..... ........................./
    ..._......................./
    ...l.....................l

    link to this | view in thread ]

  20. identicon
    Dee, 28 Jul 2006 @ 7:01am

    (__/)
    (='.'=)This is Bunny. Copy and paste bunny
    (")_(")into your signature to help him gain world domination. :D


    ._...|..____________________, ,
    ....../ `---___________----_____|] = = = D
    ...../_==o;;;;;;;;_______.:/
    .....), ---.(_(__) /
    ....// (..) ), ----"
    ...//___//
    ..//___//
    .//___//


    ................ __
    ...........__.(__)..__
    ..........(__)l.....l(__)
    ..........l.=.ll..=.ll.=.l.__
    ..........l... .ll.....ll....l(__)
    ..........l.=.ll==ll.=.ll.=.l
    ..........l....ll.....ll....ll....l
    __.......l. =.ll==ll.=.ll.=.l
    l]...)....l......................l
    l....|....l......................l
    (......_. /......................l
    ................................l
    ...............................l
    ..... ........................./
    ..._......................./
    ...l.....................l

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.