UK Home Secretary Calls Tech Leaders 'Patronizing' For Refusing To Believe Her 'Safe Backdoors' Spiels

from the if-you-don't-want-to-be-treated-like-a-petulant-child... dept

It appears we're headed towards some sort of encryption showdown in the UK. The only question is: what sort of weapons will everyone be bringing to the brawl?

Home Secretary Amber Rudd is giving off the vibe the UK government may soon be wielding mandates and legislation, if not literal slings and arrows. The more Rudd (and other top UK politicians) argue for encryption backdoors they insist aren't backdoors, the more they're running into opposition from those expected to create the backdoors.

Rudd's finding out ignorance isn't bliss.

Asked by an audience member if she understood how end-to-end encryption actually worked, she said: "It's so easy to be patronised in this business. We will do our best to understand it.

"We will take advice from other people but I do feel that there is a sea of criticism for any of us who try and legislate in new areas, who will automatically be sneered at and laughed at for not getting it right."

She added: "I don't need to understand how encryption works to understand how it's helping - end-to-end encryption - the criminals.

"I will engage with the security services to find the best way to combat that."

To be sure, Rudd is taking additional criticism. But it's not for her ignorance. It's for her obstinance. Her ignorance of encryption fundamentals allows her to continue claiming there's such a thing as a secure backdoor. She may understand what end-to-end encryption means, but insists it can be subverted without destroying it.

Understandably, tech companies have attempted to set the record straight repeatedly, using actual facts. That's what Rudd views as "patronising." Facts. And people who do understand encryption attempting to explain the facts to someone who views facts as inconvenient barriers to lawful access.

Rudd does know this: terrorists are using encrypted apps to communicate. What's not being considered is the security of millions of non-terrorists using the same encrypted apps. So, she's obviously frustrated and lashing out at those companies she views as taking the side of terrorists.

But what she wants are things tech companies can't provide without sacrificing the security of millions of non-terrorists..

She insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services.

If she's angry, the tech companies she refuses to listen to are just as fed up. That's when the snark kicks in: when all other more reasonable lines of communication have been ignored.

At this point, it's gone beyond simple facts and science. The war on encryption has shifted to a religious crusade.

She told the meeting Silicon Valley had a "moral" obligation to do more to help the fight against crime and terrorism.

Counterpoint: the government has lots of moral obligations as well, but seldom lives up to those. But beyond that, no company has a "moral" obligation to cave to government demands for weakened user security. Companies are doing what they can to assist law enforcement and are heavily engaged in moderating content uploaded to their platforms. Insisting this is a "moral" issue warps the conversation, taking it past a discussion of what is or isn't possible and into the realm of wonders and miracles.

If Rudd doesn't like being talked down to by tech leaders, perhaps she should start listening to what they're saying. More importantly, she needs to start accepting their answers.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: amber rudd, encryption, going dark, uk


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 5 Oct 2017 @ 7:51am

    "just to allow easier access by police and the security services."

    And how does she think it can be done? I mean, she's asking the experts and they are saying there's no way of doing this so what does she propose? Does she have some super-hyper-experts that can do better than actual experts from all around (read: magicians) and are hiding it? Ask her that question.

    "Ms Rudd, despite having created awesome security systems and/or companies that are worth hundreds of billions we don't know how to provide encryption that's easier to access by law enforcement that won't be as easier to the crooks. We are dumbasses so please enlighten us from the top of your marvelous wisdom!"

    No seriously. Throw the ball in her lap. If she actually takes it and manages to give birth to some system then quickly compromise it to show her she is an idiot. Sure a lot of taxpaying money will be wasted but at the very least you drive the point home: there's no such a thing as 'encryption that can be more easily accessed by law enforcement' that isn't effectively 'no encryption at all'.

    link to this | view in thread ]

  2. identicon
    Charles Ip, 5 Oct 2017 @ 9:43am

    Safe Backdoors

    Every time this comes up, I just point at the TSA keys. A "safe backdoor" that compromised every single travel lock in the world. What now?

    link to this | view in thread ]

  3. identicon
    bshock, 5 Oct 2017 @ 9:45am

    I wear my Techdirt "Nerd Harder" t-shirt with pride. It will never lose relevance.

    link to this | view in thread ]

  4. icon
    afn29129 (profile), 5 Oct 2017 @ 9:51am

    Call Harry Potter

    Tell you what Amber Rudd why don't you just call Harry Potter for a magical solution. Magic is clearly what you want and a make believe magical character can give it to you. Now lets see them unicorns fly out your butt.

    link to this | view in thread ]

  5. icon
    Mason Wheeler (profile), 5 Oct 2017 @ 9:52am

    Understandably, tech companies have attempted to set the record straight repeatedly, using actual facts. That's what Rudd views as "patronising." Facts.

    Yes, that is generally how the term is deployed these days, sadly enough.

    Proper response: "we'll create an encryption backdoor that can only be used by legitimate authorities to target bad guys the day after you create a gun that operates on those same principles."

    link to this | view in thread ]

  6. icon
    TheResidentSkeptic (profile), 5 Oct 2017 @ 10:00am

    Not a good track record on locking/breaking

    TSA Locks - suitcases broken by TSA agents who weren't trained to use the TSA keys;

    Facial Recognition: Broken with a photograph;

    Denuvo "uncrackable" DRM: Broken in Months, then Weeks, then Days, now Hours;

    User-Only Gun - Broken with a Magnet;

    High-Security bike lock - Broken with a Bic Pen barrel;

    So, I predict:

    "Government Only Backdoor" - Broken prior to arrival.

    link to this | view in thread ]

  7. icon
    Roger Strong (profile), 5 Oct 2017 @ 10:07am

    Her government would also find it much easier to balance the budget, if only those mathematicians weren't so patronizing in their responses to requests to change the rules of mathematics.

    link to this | view in thread ]

  8. identicon
    Stosh, 5 Oct 2017 @ 10:20am

    I'll agree to her proposals if she'll agree to do all her online banking in the clear, no encryption necessary.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:20am

    Rudd is making her case at an emotional level. ("Tech companies knowingly aiding/abetting terrorists")

    Tech companies are making their case at a rational/intellectual level. ("math doesn't work that way....")

    Basic psychology says that Rudd _will_ win eventually, unless the Tech companies can come up with an equally compelling emotional argument.

    This is pretty much the same tactic that put Trump in the White House.

    link to this | view in thread ]

  10. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Oct 2017 @ 10:24am

    Isn't surprising that both the author and comments here mansplain. We get it, women just can't understand this because its hard.

    link to this | view in thread ]

  11. icon
    Roger Strong (profile), 5 Oct 2017 @ 10:33am

    Re:

    No; she wants encryption. But she also demands the mythical "known back doors that work only for the good guys."

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:49am

    The other thing she does not get is that almost unbreakable open source encryption exists, and forcing a back door into it will immediately give it to the bad guys, while they avoid using the compromised version. So all she will achieve is compromising the communications of people who follow the law, while leaving those who don't with secure communications.

    Not only is the encryption genie out of the bottle, but the bottle is broken so it cannot be captured again.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:50am

    Re:

    mansplain? is that "manual explaining"? Instead of automatic explaining?

    I don't understand.

    autosplain

    hamstring sprain

    ouch

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:56am

    crypto fans are being disingenuous

    She isn't necessarily asking tech companies to change mathematics. Much of what the government wants can be accomplished with policy changes.

    For example, when you use Messages on an iPhone, you are trusting Apple to add only keys for the parties in the conversation. It would be easy for them to insert an additional key. No mathematics are violated and the encryption isn't weakened. Adding another key isn't a backdoor, it's an additional front door.

    The government can demand telecom companies provide access to law enforcement. It's not a huge stretch to say handset makers should do the same.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:57am

    Re:

    Was it also mansplaining when Techdirt was condescending of Max Hill, Christopher Wray and James Comey, George Brandis and Malcolm Turnbull, and many others (mostly men) for not listening to tech experts about this exact same issue?

    I'm generally sympathetic to suggestions that when a woman is talked down to, some of that condescension may be due to sexism. However, I think that the general tenor of this post (and previous Techdirt coverage of the "Going Dark" issue) tends to be "Tech advisors are becoming increasingly condescending because politicians aren't listening to them, simply because the answers they're giving don't line up with what the politicians want to hear," rather than "Tech advisors are becoming increasingly condescending to women because they think that tech is too much of a men's issue that women can't understand."

    If I'm wrong, please, tell me: show me where this post says that the secretary's inability to understand has anything to do with her gender, or, by comparing this post to any of the other "Going Dark" posts listed above, show me how Ms Rudd is being treated any differently then the men making similar assertions have been.

    Women shouldn't be thought of as being less capable of understanding any given issue than a man would be, but they no one, regardless of gender, should be given a free pass from criticism when they clearly don't understand that issue.

    link to this | view in thread ]

  16. identicon
    anon, 5 Oct 2017 @ 10:58am

    Re:

    techsplain? how is this essentially male centric?

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:59am

    Re:

    That's okay. It doesn't have to be perfect. If they can decrypt most of what they want, that's going to be good enough. It's basically the same standard that they apply to telecom companies that must include intercept capabilities in their networks.

    Just because bad guys can use scramblers to encrypt voice calls placed over landlines to foil eavesdroppers doesn't mean wiretaps have no value to law enforcement.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:02am

    Re: Re:

    Mansplaining = a man explaining a subject to a woman with the assumption that she is less capable of understanding it than he is because she is a woman.

    The prototypical example is the case brought up by [Rebecca Solnit] (http://articles.latimes.com/2008/apr/13/opinion/op-solnit13) (although she did not use the term), of a man who tried to explain the content of a book to her, ignoring her repeated protest that she didn't need the book explained to her as she was its author.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:03am

    Re: Re:

    Think of all the so called Good Guys around the world with those keys!!! Why hack them when I'm sure someone, someplace will just throw them out onto the Internet anyway.

    If it's not a Backdoor she wants, then what? The only thing left is MAGIC.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:08am

    Re: crypto fans are being disingenuous

    For example, when you use Messages on an iPhone, you are trusting Apple to add only keys for the parties in the conversation. It would be easy for them to insert an additional key. No mathematics are violated and the encryption isn't weakened. Adding another key isn't a backdoor, it's an additional front door.

    Everyone (with the required technical acumen) acknowledges that what you describe can easily be done.

    However, this is still considered to be weakening encryption, because all it takes is one bad actor to get a hold of that "additional key" and every iPhone Message ever sent with that key is now compromised. And, given the number of requests there will be for that key, and therefore the number of people who would lay eyes on the key, it would inevitably be leaked. "Three can keep a secret if two are dead," and all that.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:08am

    you'll never teach a member of a government anything. there is enough of this going on here. what is worse is where there isn't room for common sense, let alone anything more complicated, you cant put it! as with just about every government member and politician in general, all they see is what they want to see and that is the thing they think will make them more popular with voters, either just after or just before they fuck(ed) up completely!!

    link to this | view in thread ]

  22. icon
    MDT (profile), 5 Oct 2017 @ 11:14am

    Re: crypto fans are being disingenuous

    Right, just add another key.

    Who has that key? The government? Which government? The UK government? China? Iran? North Korea?

    The answer is, all of the above.

    Ooh, Ooh, I can hear it now, ooh ooh, each government gets their own key!

    Which means that if ANY government leaks their key, anyone can access any communication.

    What you're positing is the TSA Key, which they leaked in a freaking photograph on the front page of a national freaking paper. What happens when they leak the key in a photo because it's written on a black board in the background at a security conference?

    Go sit in a corner and think about how stupid that suggestion is.

    link to this | view in thread ]

  23. icon
    JoeCool (profile), 5 Oct 2017 @ 11:16am

    Re:

    Not quite emotional, but quite compelling to the average voter: Criminals will use the backdoors to steal your life savings.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:19am

    Re:

    Did you just assume Tim's gender?

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:20am

    Re: crypto fans are being disingenuous

    And this is why those of us who actually understand security look down on ignorant newbies like you with sneering contempt. It's bad enough that you're obviously stupid. It's bad enough that you're obviously uneducated. It's bad enough that you haven't been paying attention. It's bad enough that you have failed to grasp even the mere rudiments of the problem, let alone the subtleties.

    But then you had to open your huge, ignorant mouth and speak nonsense while expecting us to pay attention to you.

    Sit down. Shut up. And learn, if you can manage that -- which I doubt -- from those who are superior to you. If you can't or won't learn, then at least stay seated and silent so that you don't contaminate our discourse with your filth.

    link to this | view in thread ]

  26. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Oct 2017 @ 11:39am

    Re: Re:

    I just assumed he was a pussy, not that he had one.

    link to this | view in thread ]

  27. icon
    SteveMB (profile), 5 Oct 2017 @ 11:45am

    Re: crypto fans are being disingenuous

    > Much of what the government wants can be accomplished with policy changes.

    Well, yes, what the government *actually* wants (an end to effective privacy) can be accomplished with policy changes.

    What the government *claims* to want (a good-guys-only access point that does not otherwise compromise privacy) cannot.

    Since the government cannot, for obvious reasons, admit to the former as their real agenda in public, they are forced to make asses of themselves by pretending that the latter can be accomplished by nerding harder.

    link to this | view in thread ]

  28. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Oct 2017 @ 11:46am

    I have eyes.
    I can see how unattractive Amber Rudd actually is.

    I can see how NO-ONE would ever want to break her backdoors in......

    link to this | view in thread ]

  29. icon
    ShadowNinja (profile), 5 Oct 2017 @ 11:50am

    Only *millions*

    But what she wants are things tech companies can't provide without sacrificing the security of millions of non-terrorists..

    LOL only millions. LOL I wish.

    Multiply that by 1,000 and you'll be closer to the actual number.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:50am

    Almost agree with you, Tim

    Tim, I agree with you on most points. Where we differ comes from your assessment of Ms. Rudd's intelligence.

    She talks about "tech companies" (presumably companies like Microsoft, Facebook, Apple, etc.). What she fails to understand is that NONE of the so-called "tech companies" roll their own encryption. They used tried and trusted methods and code developed by cryptographers. The "tech companies" have no more ability to modify -- in a secure way -- the encryption they are using than anyone else would.

    The real hoot is that the "tech companies" are prevented from using anything other than tried and trusted encryption because, if they did, they wouldn't qualify for FIPS certification which means they couldn't sell it to the government -- the U.S. as well as all others.

    Tim, with all due respect, I submit to you that Ms. Rudd is a moron (note: I said that, not Rex Tillerson).

    link to this | view in thread ]

  31. identicon
    ryuugami, 5 Oct 2017 @ 11:52am

    Appropriate

    If you don't want to be 'patronized', don't act like a toddler.

    link to this | view in thread ]

  32. icon
    Ryunosuke (profile), 5 Oct 2017 @ 11:55am

    lets put it this way. say there is a backdoor to Parliament, and someone either obtains a key or brute forces the door open, that door is no longer secure. Now lets say that back door leads to financial records, or other sensitive information of Parliament. What then? They have fucked up by putting a back door into the secure records of Parliament and thinking no one but "authorized" personnel has access to it. Meanwhile, the door doesn't care if you have proper authorization or not, it is there for one purpose, to let people in and out.

    link to this | view in thread ]

  33. identicon
    Baron von Robber, 5 Oct 2017 @ 11:57am

    "UK Home Secretary Calls Tech Leaders 'Patronizing' For Refusing To Believe Her 'Safe Backdoors' Spiels"

    Then it is appropriate to tell her to bugger off.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 5 Oct 2017 @ 12:12pm

    Re:

    lol what a weak defense

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 5 Oct 2017 @ 12:52pm

    Re:

    Unfortunately, guns already exist that operate on those same principles -- they use biometrics sensors in the grips to only allow the safety to be disengaged by the registered user(s).

    And yeah, only criminals can bypass the biometric sensors.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:03pm

    Re: Re: Re:

    sadly (or maybe not), this phenomenon isn't limited to men "explaining" to women.

    This is the patronizing attitude that people in power can slip into when dealing with those from a circle of less influence.

    I've been the victim of the "mansplain" a few times, sometimes by a woman, always someone who felt they were talking from a position of superiority. Usually I'd just play dumb and then ask them a question based on the concepts they had so plainly failed to grasp. That's left a few floundering, and once or twice this was completely missed by the splainer -- at which point I know that having any sort of a meaningful conversation or learning experience is totally impossible.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:08pm

    Re: Re: crypto fans are being disingenuous

    You wouldn't do one key per government. You would do one key per message or maybe one key per user but you would expire it quickly.

    If the government loses control of that key (like they did with the physical TSA key), then that message (or messages) from that one user can now be decrypted. Every other message sent by that user and all other users is still protected.

    It's not much different than when they put a wiretap on a landline. They could lose those tapes, but all the other conversations are still private.

    link to this | view in thread ]

  38. icon
    Mason Wheeler (profile), 5 Oct 2017 @ 1:16pm

    Re: Re:

    That only solves the first part of the equation, even assuming the biometrics are infallible, which, as you pointed out, they aren't.

    It does nothing for the second part, about only shooting bad guys.

    link to this | view in thread ]

  39. identicon
    Almost Anonymous, 5 Oct 2017 @ 1:23pm

    Re: Safe Backdoors

    Look, stop twisting her words! She's not asking for a backdoor! She just wants a rear entryway that anyone (good or bad) with the proper key can get into.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:25pm

    Re: Re: Re: Re:

    There's no denying that Dunning-Kruger syndrome is prevalent among everyone, regardless of gender. Everyone has had something condescendingly explained to them, and most people have tried to explain something to the best of their knowledge, but have then been overruled by someone with actual professional knowledge of the subject.

    The idea of "mansplaining" is that there's a certain subcategory of men that believe that women are intrinsically less competent, and thus this behaviour happens more often when a man is trying to explain something to a woman rather than in any other kind of interaction.

    I'm a man myself, and thus can't speak directly to how often it happens to women, but given how I've seen and heard other men talk, write, etc. about women, I'm sure that subcategory exists, and I have little problem believing that it's as large as women claim that it is.

    link to this | view in thread ]

  41. identicon
    Almost Anonymous, 5 Oct 2017 @ 1:28pm

    Re: Re:

    Two words: Equi. Fax.

    link to this | view in thread ]

  42. icon
    Stephen T. Stone (profile), 5 Oct 2017 @ 1:34pm

    Re: crypto fans are being disingenuous

    Adding another key isn't a backdoor, it's an additional front door.

    An additional “door” gives hackers an additional opportunity to crack encryption. Where you put this metaphorical door does not change that fact.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:35pm

    Re:

    "Isn't surprising that both the author and comments here mansplain. We get it, women just can't understand this because its hard."

    Except that it appears, as was noted in the tfa, that Rudd is willfully ignorant, and revels in that ignorance as it gives her free reign to demand impossible things, without the pain of the headache that would cause to someone that actually understands the subject. She flatly refuses to educate herself, on the basis that no matter what she learns, she will still "believe" that slightly compromised encryption is ok, when everyone that knows anything about encryption is shouting at her that there is NO SUCH THING as slightly compromised encryption.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:36pm

    Re: Re: Re: crypto fans are being disingenuous

    You would do one key per message or maybe one key per user but you would expire it quickly.

    Average number of iMessages sent per year: 63,000,000,000,000,000.

    Current secure key storage size: 2048 bits (256 bytes)

    That's 1,600,000,000,000,000 bytes of information per year.

    Would you care to put up the cash for the 1.6 petabytes of storage that your suggestion would take (not counting the necessary metadata needed to tie the key to the message)?

    Oh, and don't forget that you have just shifted the one thing you would need to decrypt all messages from "the master decryption key" to "access to the database of decryption keys." Unless you really trust Apple to keep those keys secure (as much as you'd trust, say, Yahoo!, Equifax, eBay, Target, Evernote, FriendFinder, SnapChat, the Turkish government...)

    link to this | view in thread ]

  45. icon
    Stephen T. Stone (profile), 5 Oct 2017 @ 1:39pm

    Re: Re: Re: crypto fans are being disingenuous

    Who would get to define how quick that new key lasts—the device manufacturer, the software developer, the end user, or the government?

    What assurances can any of those entities offer that those keys could not be intercepted and used to eventually crack the encryption?

    What makes having two keys and two doors—two methods for potentially cracking encryption—safer than one?

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:40pm

    Re: Re: Re: crypto fans are being disingenuous

    Holy crow, do you even understand what you are suggesting? A new unique key for each interested party generated for each unique message for each unique user? Can you not see how useless that is?

    Govt A: I want to decrypt this message.

    Apple: <dumps a quintillion keys labeled "Govt A" on the floor> Here ya go, good luck.

    Govt A: ...

    link to this | view in thread ]

  47. icon
    Stephen T. Stone (profile), 5 Oct 2017 @ 1:40pm

    Re:

    Her appearance is not germane to this conversation in any way. Please fuck off to some other slime-covered corner of the Internet and stay there.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:42pm

    Re: Re: Re: Re: crypto fans are being disingenuous

    The whole point is that you don't intercept every message. Apple gets a court order saying collect messages from user X for the next Y days. Making mass collection untenable, isn't a bug, it's a feature.

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:42pm

    Re: Re: crypto fans are being disingenuous

    Wow. I mean, yeah, you're right, but you were still a bit rough on the little guy.

    link to this | view in thread ]

  50. icon
    Stephen T. Stone (profile), 5 Oct 2017 @ 1:46pm

    Re: Re: Re: crypto fans are being disingenuous

    Be nice, until it is time to stop being nice—then destroy them.

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:49pm

    Re: Re: Re: crypto fans are being disingenuous

    I'm pretty sure it's satire.

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 5 Oct 2017 @ 1:50pm

    Re: Re: Re: crypto fans are being disingenuous

    You wouldn't do one key per government. You would do one key per message or maybe one key per user but you would expire it quickly.

    That would mean acquiring keys from or sending to a central key registry. Also, that means tagging the message with an identifier for the government key. That registry would be a very valuable target for the bad guys and other governments to compromise. Such an approach also destroys perfect forward secrecy, because a key that can decrypt messages is kept beyond the life of the messages. (Hint, such keys are useless unless available to government when they want them, and they need to know which key to use).

    Also note that if governments get their way, you will not be able to have private electronic communication with you doctor, lawyer, minister, priest or analyst. Also you will not be able to have private online discussion about politics, or the means or desirability of protesting governments actions.

    link to this | view in thread ]

  53. identicon
    Anomalous Cowherd, 5 Oct 2017 @ 1:57pm

    Reminds me of

    Charles Babbage:

    "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."

    Arthur C. Clarke:

    "Any sufficiently advanced technology is indistinguishable from magic."

    link to this | view in thread ]

  54. identicon
    Anonymous Coward, 5 Oct 2017 @ 2:01pm

    Re: Re: Re: Re: Re: crypto fans are being disingenuous

    More like government says keep every message and associated key for n months or years, just in case we need to look at a persons history.

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 5 Oct 2017 @ 2:03pm

    Re: Re: Re: Re: crypto fans are being disingenuous

    > What makes having two keys and two doors—two methods for potentially cracking encryption—safer than one?

    It isn't safer than one. It's not significantly less safe though either.

    As I understand it, the actual message is typically encrypted with a symmetric cypher. The symmetric key is (asymmetrically) encrypted with the public key for each recipient. So if you are doing a group chat with four people, the symmetric key is encrypted with each person's public key.

    When you receive the message, use your private key to get the symmetric key and use that to decrypt the message.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 5 Oct 2017 @ 2:11pm

    Re: Re: Re: Re: Re: crypto fans are being disingenuous

    It is much less safe, because they will be too many people in too many agencies requiring private keys for them to remain secure for long.

    link to this | view in thread ]

  57. identicon
    Grandma Nertsi, 5 Oct 2017 @ 2:12pm

    Factronising.....

    patronising the obstinate with facts.

    link to this | view in thread ]

  58. icon
    orbitalinsertion (profile), 5 Oct 2017 @ 2:16pm

    Re:

    I don't believe you are for real. Not that some people aren't stupid enough to make such a comment, but i am feeling it is more likely you are just trolling.

    link to this | view in thread ]

  59. icon
    orbitalinsertion (profile), 5 Oct 2017 @ 2:26pm

    Re:

    Who sent you people? Or are you all the same one?

    link to this | view in thread ]

  60. identicon
    Anonymous Coward, 5 Oct 2017 @ 2:32pm

    "We will take advice from other people but I do feel that there is a sea of criticism for any of us who try and legislate in new areas, who will automatically be sneered at and laughed at for not getting it right."

    She added: "I don't need to understand how encryption works to understand how it's helping - end-to-end encryption - the criminals.

    Yes! YES you need to understand the freaking core of the subject when doing something as potentially destructive as legislation. If you don't understand the subject - and I know that no politician can be experts on every subject themselves - then listen to the army of people that does have the knowledge. The patronizing one here is Amber Rudd who is trying to tell us that we don't know our jobs well enough to protest against a very uninformed and dangerous path. She balks at imagined slights while basically calling us lazy and supporters of terrorists and killers, which is a terrible accusation.
    The politicians get an idea in their head and then just tell us to make it happen, but they forgot the most important skill they should need in politics: To listen.
    Here is something that I would listen to: If she shows us several respected and knowledgeable people in the field that can present a safe and sustainable proposition to a solution then we could start to talk and hammer it out to something useful. Of course most of us know that is impossible and I suspect very much that Amber Rudd has had many of their own experts tasked with this subject without luck.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 5 Oct 2017 @ 2:45pm

    Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    I think that's why this discussion is so hard for people to have. It isn't a collect everything or collect nothing dichotomy. We want to give up nothing and the government wants everything and that's pretty much how negotiations have to start.

    If we aren't willing to give up anything, we are going to lose everything. With no input from tech companies, the government will pass some overreaching legislation like log-everything-for-seven-years. Arguing that some scheme isn't perfect isn't helpful either. Wiretapping voice lines isn't perfect (voice scramblers exist) but that doesn't mean it isn't useful.

    So we have to think about what can be done to serve legitimate law enforcement needs and how does that impact users? Everybody agrees that users not being investigated shouldn't be impacted at all. Blanket *gather-everything* orders shouldn't be possible.

    What should be possible is highly targeted surveillance against a legitimate court order. By highly targeted I mean it should apply to an individual account beginning on some date and ending on some small number of days in the future. Basically the same as wiretap orders.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 5 Oct 2017 @ 3:04pm

    Re: Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    >So we have to think about what can be done to serve legitimate law enforcement needs and how does that impact users?

    Pre_Internet, law enforcement and security services carried out their function without access to the Information that they are now demanding. Indeed much of the Information they now want to collect was not available because much of it was carried out by face to face, or via phone conversation which were not available because it was recorded at the time.

    Now Government are demanding not only that they are party to all electronic conversation, but they are also risking everybody security and privacy, which includes conversations with your bank, doctor lawyer etc. Because they will overuse the ability that they demand to be made available, critical keys will leak to the bad guys, and they will no do anything to help you repair things like a trashed credit rating.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 5 Oct 2017 @ 3:17pm

    Re: Re: Re:

    What a sexist assumption that the comments are all from men. Not to mention the word itself is sexist.

    arrogant, assuming, big-headed, bossy, cocky, conceited, domineering, egotistic, haughty, hubristic, imperious, know-it-all, overbearing, pompous, presumptuous, pretentious, smug, vain.

    link to this | view in thread ]

  64. icon
    Stephen T. Stone (profile), 5 Oct 2017 @ 3:28pm

    Re: Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    You are still arguing that someone—whether it be the tech companies or the government—should have an open backdoor to read encrypted communications. Having two doors is more dangerous than having just one; keeping open at least one of those two doors all but invites hackers in.

    Asking for what you want is like keeping your backdoor open all day: It stands a huge chance of letting in people and things you wanted to keep out. Encryption with a backdoor—no matter how temporary or limited as you think it could or should be—is encryption that, sooner or later, the “bad guys” will crack. If you have a way of resolving that issue without a focus on fantastical thinking (e.g., “The nerds can totally make a backdoor that only the good guys can get through!”), you have not yet shared it.

    link to this | view in thread ]

  65. icon
    TKnarr (profile), 5 Oct 2017 @ 3:41pm

    Re: crypto fans are being disingenuous

    This was already tried. Look up the history of the Clipper chip. It used your proposed mechanism: encrypting the message with an additional key that was escrowed with the government. The entire mechanism was so vulnerable that the Clipper chip was abandoned only 3 years after it was introduced.

    You can find one of the papers analyzing the architectural (not implementation-dependent) vulnerabilities here: https://academiccommons.columbia.edu/catalog/ac%3A127127

    link to this | view in thread ]

  66. icon
    That One Guy (profile), 5 Oct 2017 @ 3:47pm

    Flawed encryption by any other name would still be... flawed encryption

    She insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services.

    Taken into the physical realm, this would be like claiming that the government/police don't want to make it illegal to have blinds in your house, or hold private conversations, as that would be a huge violation of privacy and allow anyone to peek in, something they are totally against.

    No, all they want is devices installed that would allow 'the proper authorities' to retract those blinds when they want/'need' to look in, and mics installed which of course would only ever be turned on by 'the proper authorities' acting in 'legal' fashion.

    Calling a demand for crippled encryption something else does not make it not a demand for crippled encryption.

    She told the meeting Silicon Valley had a "moral" obligation to do more to help the fight against crime and terrorism.

    I find this line of 'reasoning' particularly entertaining because it's not hard to turn it around on her and make the case that they are upholding that 'moral obligation' by refusing to cripple security. Making everyone less secure, which is what her demand would do, would be a massive boon to criminals and terrorists, who would be able to access and exploit vast amounts of sensitive and private data for their own ends, and at the cost of the public.

    By refusing to bow to her insane and idiotic demands they are doing more to combat crime and terrorism than she could ever do.

    link to this | view in thread ]

  67. icon
    That One Guy (profile), 5 Oct 2017 @ 4:13pm

    Re: Re: Re:

    Well that's easy enough, just need to fiddle with a few laws and definitions such that anyone shot by one of those guns operated by an authorized user is, by definition and by the law, a 'bad guy'.

    Like magic you've got a gun that can only be used by 'Good Guys', and that only shoots 'Bad Guys'.

    link to this | view in thread ]

  68. identicon
    Anonymous Coward, 5 Oct 2017 @ 4:31pm

    Perhaps women politicians were a bad idea, after all

    "I don't need to understand how gravity works to understand how it's helping - via flush toilets - the criminals to get rid of evidence."

    "I will engage with Albert Einstein and Thomas Crapper to find the best way to combat that."

    link to this | view in thread ]

  69. icon
    That One Guy (profile), 5 Oct 2017 @ 4:32pm

    Re:

    'The encryption that criminals and terrorists can use to hide their activity is the very encryption that protects the personal and private data of members of the public from criminals and terrorists, similar to how the ability to hold a private conversation can be used to plan a crime or hold a personal conversation that you don't want people to listen in to for reasons that have nothing to do with the legality of the topic.

    Undermining encryption use by terrorists is undermining encryption used by the public, and with vastly more people in the latter category than the former, the public will suffer far more than any terrorist by such a drastic attack on safety and security.'

    Or the tl;dr version:

    'Politicians who are calling for 'back-doors' in encryption, or anything along those lines, are politicians calling for the undermining of public privacy and security, and claiming that they are doing so in order to protect privacy and security. They are either lying and/or willfully ignorant in their attempts to do so and should be soundly mocked for putting forth such dangerous ideas and their demands refused.'

    link to this | view in thread ]

  70. icon
    That One Guy (profile), 5 Oct 2017 @ 5:18pm

    'Stupid' isn't gender specific

    Copy-pasting from another comment:

    'Was it also mansplaining when Techdirt was condescending of Max Hill, Christopher Wray and James Comey, George Brandis and Malcolm Turnbull, and many others (mostly men) for not listening to tech experts about this exact same issue?'

    She's being an idiot and/or grossly dishonest, but that has nothing to do with her gender, making it irrelevant at best to the discussion. There have been and continue to be plenty of idiotic/dishonest men 'asking' for dangerously stupid concession regarding encryption, that she happens to be a woman doesn't suddenly make her demand for dangerously stupid concessions any better or worse, or her gender relevant to the discussion.

    link to this | view in thread ]

  71. icon
    That One Guy (profile), 5 Oct 2017 @ 5:25pm

    Re: Almost agree with you, Tim

    Tim, with all due respect, I submit to you that Ms. Rudd is a moron (note: I said that, not Rex Tillerson).

    Were this early on in the Crypto Wars 2.0 I might agree that she's simply being an idiot, however at this point there really is no valid excuse for a major politician not to have done enough research on the subject to understand that what they are asking for is simply not possible, and that the experts in the field are telling the truth when they attempt to explain this.

    As such I'd disagree with you that those that are still making the demands are idiots. They may or may not be idiots in general, but on this topic they are much more likely to be extremely dishonest, or at the very least willfully ignorant(which I suppose would fall under the category of 'dishonest').

    link to this | view in thread ]

  72. icon
    JMT (profile), 5 Oct 2017 @ 5:42pm

    Re: Re: Re: Re: crypto fans are being disingenuous

    "Holy crow, do you even understand what you are suggesting?"*

    Clearly not. This is yet another person suffering from exactly the ignorance as Amber Rudd. If you don't trally understand the problem you're talking about, the solutions seem numerous and easy.

    link to this | view in thread ]

  73. icon
    JMT (profile), 5 Oct 2017 @ 5:43pm

    Re: Re: Re: Re: crypto fans are being disingenuous

    Hope not, it sounds absolutely spot on to me.

    link to this | view in thread ]

  74. identicon
    Lawrence D’Oliveiro, 5 Oct 2017 @ 5:57pm

    Please Don’t Try Conflating Encryption With Guns

    Those folks in the US, please do not try to bring up gun analogies to try to justify your opinions on encryption, because that’s the last thing we need.

    For those having trouble understanding the difference, encryption is a constructive tool with many important uses, while a gun is just a destructive weapon.

    link to this | view in thread ]

  75. identicon
    Lawrence D’Oliveiro, 5 Oct 2017 @ 6:00pm

    The UK Has GCHQ, Like The US Has The NSA

    Rather than trying to persuade private companies to do what she wants, has she tried talking to the Government’s own spooks at GCHQ, to see if they can come up with some scheme? Then she could offer that up and say “See? I told you so!”, and have the satisfaction of proving how stupid all the encryption experts are in the unclassified community.

    But she won’t do that, can she? Or she has, and they’ve already made it clear it can’t be done.

    link to this | view in thread ]

  76. icon
    slander (profile), 5 Oct 2017 @ 6:44pm

    Re: Re: Re: Re: Re:

    You forgot to tip your fedora.

    link to this | view in thread ]

  77. icon
    Rapnel (profile), 5 Oct 2017 @ 6:45pm

    Re: Re: Re: Re: crypto fans are being disingenuous

    This is most definitely not satire.

    link to this | view in thread ]

  78. identicon
    Anonymous Coward, 5 Oct 2017 @ 7:13pm

    Re: Re: Re: Re: Re: Re:

    LinuxMint, actually, but thanks for noticing!

    link to this | view in thread ]

  79. icon
    sehlat (profile), 5 Oct 2017 @ 7:31pm

    Incurability

    To paraphase a well-known teacher, "The ignoranus ye shall always have with you."

    link to this | view in thread ]

  80. icon
    Rapnel (profile), 5 Oct 2017 @ 7:35pm

    Re: Please Don’t Try Conflating Encryption With Guns

    Perhaps you could elaborate? Encryption is both defensive and offensive, as are guns. Given the very basest of comparisons I would say that both of these can be categorized as necessary tools in the interests of security, self-preservation and privacy. Dangerous freedom is the preferred state - tenuous grasps of reality are not.

    A gun is also a very, very constructive tool when the use of threats, injury or death are required to compel or force a range of various outcomes. That's why police, thugs, armies and tyrants use them. Defense, in almost any form, is a constructive principle of security.

    And try not to tell other people what to do in a condescending and patronizing manner when clearly you have not considered the total shape of the thing.

    link to this | view in thread ]

  81. identicon
    Lawrence D’Oliveiro, 5 Oct 2017 @ 8:41pm

    Re: crypto fans are being disingenuous

    Prove it. All you have to do is come up with a workable scheme that the crypto experts have said can’t be done. Wouldn’t you love the opportunity to make them all look stupid?

    link to this | view in thread ]

  82. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:06pm

    Re: The UK Has GCHQ, Like The US Has The NSA

    I am willing to bet that they have been working for years, if not decades, on this "problem" and come up with nothing or a very unsatisfactory solution. Being politicians they are going to make the law first that requires a solution from the tech industry within a time-limit and when that fails to produce anything too, they will force a very bad, very unsafe solution into practice.
    They know that this is easy popularity points for them and they know that it is going to require many episodes of hacking and many years to prove that this vulnerability were responsible. Then they are going to shift the blame, deny involvement, and finally just say "that no one could have known". In the end the politicians responsible will feel no actual punishment for not listening because they will be retired or dead of old age. If all this does somehow happen in their lifetime, they will still feel no actual punishment. How often do we see that they just quit their job and then they are seemingly immune to any of the supposed consequences because "The horror of loosing their position must be punishment enough" - even as they get a lucrative job in the private sector or live the rest of their lives on big pensions paid by the people they screwed over.

    link to this | view in thread ]

  83. identicon
    Anonymous Coward, 5 Oct 2017 @ 10:06pm

    Re:

    Who is "we" and why do they suck that badly at tone-trolling?

    link to this | view in thread ]

  84. identicon
    Lawrence D’Oliveiro, 5 Oct 2017 @ 10:47pm

    Re: Defense, in almost any form, is a constructive principle of security.

    How well did your “defensive” excuse for guns hold up with the Las Vegas shooter?

    link to this | view in thread ]

  85. identicon
    Anonymous Coward, 5 Oct 2017 @ 11:15pm

    Re: crypto fans are being disingenuous

    Crypto-factist perhaps? - nod to Red Dwarf: Smeg and the Heads

    link to this | view in thread ]

  86. identicon
    eol, 5 Oct 2017 @ 11:42pm

    Politician: Turn off gravity.
    Scientist: That's impossible!
    Politician: But you have a moral obligation to turn off gravity. Moral obligation makes everything possible!

    link to this | view in thread ]

  87. identicon
    Anonymous Coward, 6 Oct 2017 @ 1:43am

    Re: Re: Almost agree with you, Tim

    As a UK citizen I can state that Rudd is both dishonest and a moron, unfortunately currently quite a common combination in UK government.

    link to this | view in thread ]

  88. identicon
    Anonymous Coward, 6 Oct 2017 @ 3:42am

    Re: Call Harry Potter

    you mean out her backdoor.....

    link to this | view in thread ]

  89. identicon
    Anonymous Coward, 6 Oct 2017 @ 3:57am

    Re: Re: Re: Re: Re: crypto fans are being disingenuous

    They often don't know who is a terrorist until after the event, so what would the point be?

    You are literally asking everyone to be insecure in order to catch a few bad guys that you possibly can't actually identify before they do something anyway.

    link to this | view in thread ]

  90. icon
    Matthew Cline (profile), 6 Oct 2017 @ 4:26am

    Re: crypto fans are being disingenuous

    It would be easy for them to insert an additional key.

    Are you proposing that, upon getting a court order, Apple would push out a special key to a particular phone, and after a certain amount of time had passed the regular key would be put back in?

    link to this | view in thread ]

  91. icon
    Richard (profile), 6 Oct 2017 @ 4:38am

    Re: Call Harry Potter

    Harry Potter wears spectacles - so clearly even his magic has its limitations.

    link to this | view in thread ]

  92. icon
    Richard (profile), 6 Oct 2017 @ 4:44am

    Re: Re: Re:

    The only thing left is MAGIC

    She should call Penn Jillette. Not because he has a solution to her problems - but because he is so brilliant at being sarcastically patronising - just what she needs!

    link to this | view in thread ]

  93. identicon
    Anonymous Coward, 6 Oct 2017 @ 4:55am

    Re: Re: Re: Almost agree with you, Tim

    Also she is about as much use as a home secretary as her predecessor was.

    link to this | view in thread ]

  94. identicon
    Anonymous Coward, 6 Oct 2017 @ 4:57am

    Re:

    You also can't replace that door, there will now always be a gaping open backdoor to parliament.

    link to this | view in thread ]

  95. icon
    Richard (profile), 6 Oct 2017 @ 4:58am

    Re:

    women just can't understand this because its hard.

    No - the evidence is that Amber Rudd doesn't understand this because of the things she says.

    Trying to play the "sexist" card in this case is simply an Ad-hominem attack!

    link to this | view in thread ]

  96. identicon
    Anonymous Coward, 6 Oct 2017 @ 5:01am

    Re: The UK Has GCHQ, Like The US Has The NSA

    GCHQ probably already have exploits for a lot of encryption algorithms so they will have no need for a backdoor, they have actually been very vocal against it.

    link to this | view in thread ]

  97. icon
    Richard (profile), 6 Oct 2017 @ 5:12am

    Re: crypto fans are being disingenuous

    you are trusting Apple to add only keys for the parties in the conversation. It would be easy for them to insert an additional key.

    No -it is not easy it is impossible. There are only two keys in play here. You can't change that without changing the algorithm completely.

    As things stand at present the key that is used to decrypt the data never leaves the device belonging to the recipient.

    The key used to encrypt the data cannot be used to decrypt the data.

    link to this | view in thread ]

  98. icon
    Richard (profile), 6 Oct 2017 @ 5:18am

    Re: Only *millions*

    "Millions" does include 1000's of millions.

    After all Alpha Centauri is only inches away:

    1,627,657,838,760,000,000 inches to be precise!

    link to this | view in thread ]

  99. icon
    Richard (profile), 6 Oct 2017 @ 5:22am

    Re:

    who will automatically be sneered at and laughed at for not getting it right

    Interesting that she admits that she is not going to get it right...

    link to this | view in thread ]

  100. icon
    Richard (profile), 6 Oct 2017 @ 5:29am

    Re: Re: Please Don’t Try Conflating Encryption With Guns

    Encryption is both defensive and offensive, as are guns.

    Guns are only defensive on the principle of attack being the best form of defence.

    Bullet proof vests are a better analogy for encryption.

    So what Amber Rudd is saying is that all bullet proof vests should be compromised in such a way that a certain type of gun is required to shoot you - and of course ONLY the police will have these guns.....

    link to this | view in thread ]

  101. identicon
    Wendy Cockcroft, 6 Oct 2017 @ 5:46am

    Re: Re: Re: Re:

    As a woman I'd be patronizing Rudd myself. What an awful, awful, awful woman! She's so bloody thick!

    Nobody should be above being 'splained or indeed derided for being proud of being ignorant.

    Let me tell you, I know sod all about encryption except for what I pick up here on TD and Ars Technica so if someone kindly takes the time to explain it to me I am grateful that they made the effort. Amber Rudd would be wise to do the same.

    link to this | view in thread ]

  102. identicon
    Wendy Cockcroft, 6 Oct 2017 @ 5:49am

    Re: Re:

    As a woman... what Richard says. There's no sexist card to play; Rudd is proud of her ignorance on all things tech-related and has no plans to remedy this state of affairs. Her willful ignorance is at issue here, not her gender.

    link to this | view in thread ]

  103. identicon
    Wendy Cockcroft, 6 Oct 2017 @ 5:52am

    Re: Re: Re: Re: Re: crypto fans are being disingenuous

    If one doesn't truly understand the problem one is talking about one has an obligation to educate oneself — stat.

    link to this | view in thread ]

  104. identicon
    Wendy Cockcroft, 6 Oct 2017 @ 5:57am

    Re: Re: Re: Re: crypto fans are being disingenuous

    That's a feature, not a bug.

    link to this | view in thread ]

  105. identicon
    Wendy Cockcroft, 6 Oct 2017 @ 6:01am

    Re: Re: Re: Re: Almost agree with you, Tim

    I suspect there's Torybot breeding program somewhere in Norfolk...

    link to this | view in thread ]

  106. identicon
    Wendy Cockcroft, 6 Oct 2017 @ 6:05am

    Re: Re: Re: Please Don’t Try Conflating Encryption With Guns

    link to this | view in thread ]

  107. icon
    SteveMB (profile), 6 Oct 2017 @ 6:10am

    Re: Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    If we aren't willing to give up anything, we are going to lose everything.

    This is precisely backwards. Each concession simply becomes the starting point for the next series of demands. A hard "no" is the only "Dane repellent" that works.

    link to this | view in thread ]

  108. identicon
    Anonymous Coward, 6 Oct 2017 @ 6:27am

    Re: Re: Re: Re: crypto fans are being disingenuous

    > you will not be able to have private electronic communication

    How is this any different than with phone calls? The government can wiretap voice calls and so there's no such thing as a private phone call, right?

    link to this | view in thread ]

  109. identicon
    Anonymous Coward, 6 Oct 2017 @ 6:28am

    Re: Re: Only *millions*

    It's weird how that works out to an even multiple of 10,000,000 inches.

    The odds of that happening are, well, 10,000,000:1.

    link to this | view in thread ]

  110. identicon
    Anonymous Coward, 6 Oct 2017 @ 6:33am

    Re: Re: crypto fans are being disingenuous

    > come up with a workable scheme

    It's right there in the comment you replied to.

    If wiretapping of phone calls wasn't already a thing and the governments of the world started to demand the ability to record calls, we would be making the same arguments. But somehow wiretaps exist and hackers don't have access to every single voice call made.

    link to this | view in thread ]

  111. identicon
    Anonymous Coward, 6 Oct 2017 @ 6:40am

    Re: Re: crypto fans are being disingenuous

    > There are only two keys in play here

    That's not true. The message itself is encrypted with a symmetric cipher and the key to the symmetric cipher is encrypted with each participants public key. The weakness in Apple's Messages app is that you have to trust Apple to manage all the public keys.

    If there were only two keys, you could never do secure group chats.

    link to this | view in thread ]

  112. icon
    crade (profile), 6 Oct 2017 @ 6:53am

    The best way to fight terror is obviously to pass laws in fear until no one is allowed to do anything but cower in their basements.

    link to this | view in thread ]

  113. identicon
    Anonymous Coward, 6 Oct 2017 @ 7:55am

    Re: Re: Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    > sooner or later, the “bad guys” will crack

    That's a pretty fatalist viewpoint. If you are going to subscribe to it, then we have already lost because we (in the general sense) are trusting Google, Apple, and other messaging operators to keep our secrets. Since they control the hardware, software, and firmware on our phones and computers, eventually the bad guys will penetrate their defenses making all of the efforts to protect our communications useless. So none of this discussion matters, right?

    I'm a lot more optimistic than that. I think Apple, Google, and others are deserving of our trust. I also think there are legitimate reasons for law enforcement to want to gain access to the communications that pass through these company's servers. It's often possible for these companies to "tap" that data stream in the same way phone and VOIP companies do.

    If we ask the same from these messaging companies that we do from telecom companies, then I think that's reasonable. That means they can be ordered to provide access in the future to the data, not the past (ie no dragnet orders). Phone wiretap orders apply to specific numbers over a specific period and so should messaging interception orders.

    You can buy an encrypting telephone and that would make wiretaps useless. The equivalent for messaging would be encrypting your messages before handing them off to the messaging company to deliver. That's okay that these workarounds exist. Any solution only has to be good, not perfect.

    link to this | view in thread ]

  114. identicon
    Anonymous Coward, 6 Oct 2017 @ 8:19am

    Re: Re: crypto fans are being disingenuous

    No.

    I'm proposing that, for the case of Apple Messages, if given a court order to collect messages from a user for the next 90 days (for example), they would generate a new key and add that to the list of keys that are encrypting messages to or from that user. Apple does key management for their users so this is possible. The additional key would be unique and not reused. If the corresponding private key were leaked, only that set of messages would be compromised.

    link to this | view in thread ]

  115. identicon
    Anonymous Coward, 6 Oct 2017 @ 8:35am

    Re: Re: Re: crypto fans are being disingenuous

    That is because not every phone call, indeed very few phone calls are recorded. Therefore they are not available in some massive database for hackers to steal.

    There is a difference from targeted recording of selected peoples phone calls and requiring that all electronic communications are kept just so the government can look at them should they take an interest in you or anybody you have ever communicated with.

    link to this | view in thread ]

  116. identicon
    Anonymous Coward, 6 Oct 2017 @ 9:06am

    Re: Re: Re: Re: Re: crypto fans are being disingenuous

    There is a difference between can, if they get a warrant from a court, otherwise their is no recording of the conversation, (unless you or the person you are speaking to records it,) and the keep a record of all conversation, and the necessary key to decrypt them just in case we want to look at them days, weeks, months or years after the conversation took place.

    link to this | view in thread ]

  117. identicon
    Anonymous Coward, 6 Oct 2017 @ 9:21am

    Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    But a similar infrastructure with similar capabilities is exactly what I'm proposing. When it comes to bulk collection I'm with everybody else here in saying it's a terrible idea that can't be done safely.

    link to this | view in thread ]

  118. icon
    Rapnel (profile), 6 Oct 2017 @ 11:01am

    Re: Re: Defense, in almost any form, is a constructive principle of security.

    You're more than welcome to your dirty logic leaps however I have equal rights to gun ownership and encryption (more so the later than the former simply because math) in the interests of providing for and maintaining my own security.

    To your .. point - bad people do bad things. No amount of law or state privilege will ever put a cork in that bottle, ever.

    I believe that we have a natural and inherent right to self-preservation to include life, liberty, property and privacy. These are things we, as individuals, must do for ourselves as only we can truly do. I am fully aware of the myriad things that can kill me tomorrow or today. This, necessarily, includes a mad shooter, a fucker with a loaded backpack or an idiot behind the wheel. I, for one, am loath to be ruled or led around by the leash of other peoples fears and false promises.

    link to this | view in thread ]

  119. icon
    Stephen T. Stone (profile), 6 Oct 2017 @ 12:51pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    That's a pretty fatalist viewpoint.

    “On a long enough timeline, the survival rate for everyone drops to zero.” Replace “everyone” with “everything” and you can accurately sum up my viewpoint.

    Everyone wants to claim that they have unhackable, unbreakable, undefeatable encryption. And right now, maybe they do. But on a long enough timeline, anything can be hacked, any system broken, any enemy defeated. Just ask Denuvo about how long it took their system to be hacked—then ask about how quick the hacking happens nowadays. All it took was one crack and the walls came tumbling down.

    You could craft a form of encryption that takes years—decades!—to break. It would be an amazing accomplishment, to be sure. And as soon as one person cracks it, that accomplishment becomes meaningless. Giving that person more chances to crack it via backdoors will only hasten the process.

    If we ask the same from these messaging companies that we do from telecom companies, then I think that's reasonable.

    This line of thinking assumes that telephone communications work the exact same way as encrypted VOIP calls or encrypted text messages. It also assumes that tech companies could break end-to-end encryption and place a “wiretap” on encrypted communications without also compromising the safety and effectiveness of the entire encryption system. As much as you might wish these things were true, they are not. You may want to re-examine these assumptions of yours; they are flawed at best and a sign of magical “nerd harder” thinking at worst.

    link to this | view in thread ]

  120. icon
    Stephen T. Stone (profile), 6 Oct 2017 @ 12:55pm

    Re: Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    In bulk or in particular, the collection of encrypted information would still require tech companies to compromise end-to-end encryption in some way. If they create that compromise themselves, they help open the door to a far more public compromise of encryption. Why this idea does not frighten you is beyond my understanding.

    link to this | view in thread ]

  121. icon
    Stephen T. Stone (profile), 6 Oct 2017 @ 12:59pm

    Re: Re: Re: crypto fans are being disingenuous

    If that key leaks and eventually leads to a much larger cracking of that encryption, what then will you say to the people whose devices come under attack, whose personal and private communications are leaked, whose lives may be upended by what is on a device they thought was secure until Apple made it insecure?

    Encryption should not have backdoors. No one can guarantee that only “the right people” can and will ever use them; you are no exception.

    link to this | view in thread ]

  122. identicon
    Anonymous Coward, 6 Oct 2017 @ 1:10pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: crypto fans are being disingenuous

    If we ask the same from these messaging companies that we do from telecom companies, then I think that's reasonable

    The problem is that the government are asking for much more, like requiring companies keep years worth of data, and make it available to the government on demand. That is they have switched from asking that selected people are brought under surveillance, to wanting a full history of anybodies activities being kept, just in case they come to the attention of the authorities in the future. They also classify those who organize protests against any action that they propose as low level terrorists, which give the security services an excuse to examine the activists life in great detail, in the hope that they can find something to attack them with.

    link to this | view in thread ]

  123. identicon
    Personanongrata, 6 Oct 2017 @ 2:13pm

    Reality Bytes

    UK Home Secretary Calls Tech Leaders 'Patronizing' For Refusing To Believe Her 'Safe Backdoors' Spiels

    How dare you not believe in unicorns that poop golden eggs.

    link to this | view in thread ]

  124. identicon
    Lawrence D’Oliveiro, 6 Oct 2017 @ 2:52pm

    Re: I have equal rights to gun ownership

    You have no moral right to brandish dangerous weaponry in public. Just because your particular country--alone in the world--makes it legal, does not make it right.

    link to this | view in thread ]

  125. identicon
    Anonymous Coward, 6 Oct 2017 @ 3:03pm

    Re: Re: Re: crypto fans are being disingenuous

    What secrets do you and Ms. Rudd have that you know so much more than all of the experts in the field. You and she should get together and build the magical golden secure backdoor key of unicorn farts and horns. Show the crypto professional world how its done.

    link to this | view in thread ]

  126. identicon
    Anonymous Coward, 6 Oct 2017 @ 6:05pm

    She told the meeting Silicon Valley had a "moral" obligation to do more to help the fight against activism and journalism.

    link to this | view in thread ]

  127. identicon
    Anonymous Coward, 6 Oct 2017 @ 10:13pm

    Re: Turn off gravity

    If the politician was in unconstrained free-fall from a great height, they could experience zero-g. Or perhaps they could spend some time in Outer Space.

    It only needs to happen long enough for the complaining to stop.

    link to this | view in thread ]

  128. identicon
    Anonymous Coward, 7 Oct 2017 @ 1:31am

    Re: Re: Re: crypto fans are being disingenuous

    That is not what the government want. They want the ability to be able to get that court order after the event, and be able to read historic messages. To do the latter requires that the keys are built in from the start.

    Governments will never accept that the can get historic messages and not be able to read them, indeed almost all the evidence that they offer about encryption hindering investigations are that they have these messages, or have these devices, and cannot read the contents.

    link to this | view in thread ]

  129. icon
    Richard (profile), 7 Oct 2017 @ 9:28am

    Re: Re: Re: crypto fans are being disingenuous

    I am perfectly well aaware that the actual system uses a symmetric cipher to encrypt the actual message, the public keys being used to encrypt the key for that cipher. However when this system is correctly deployed the effect is the same as encrypting the message itself using the public key cipher. If this were not the case then there would be no point in using the public key cipher at all.

    link to this | view in thread ]

  130. icon
    Bergman (profile), 8 Oct 2017 @ 6:52pm

    Re: Re: Re: Re:

    We need a 'horrifying' button, dammit.

    link to this | view in thread ]

  131. identicon
    Cowardly Lion, 10 Oct 2017 @ 4:59am

    Disingenuous comparisons

    I love how you're comparing encrypted internet communications to phones. Besides having been around for nearly 150 years and having it's history well and truly planted in the physical realm, it's still a rare thing for telephone calls, including cellular calls, to be encrypted.

    Non of your arguments are persuasive; you may as well make your comparison against using steam to open paper envelopes.

    link to this | view in thread ]

  132. identicon
    Anonymous Coward, 10 Oct 2017 @ 8:12am

    Heh, heh! Turns out are ALREADY backdoors!

    From the Daily Mail: "Secret backdoor in Uber's app granted by Apple lets the firm record your iPhone's screen without you knowing"

    Headline is enough.

    Here's the obvious implication: all you smarty-pants who believe this can't be done are considering only mathematics but doesn't matter if you're right on that, because API can send the message in parallel, or use a known key, or by any number of tricks give both application and key used.

    An operating system provides no security from those who wrote it.

    Apple / Google / Microsoft nor any corporation are your friend, they're man-in-the-middle agencies of the surveillance state. This PR is just announcing current capability.


    Intentionally late to have the last laugh.

    link to this | view in thread ]

  133. identicon
    Anonymous Coward, 10 Oct 2017 @ 1:48pm

    Re: Heh, heh! Turns out are ALREADY backdoors!

    "Apple / Google / Microsoft nor any corporation are your friend, they're man-in-the-middle agencies of the surveillance state."

    Making the case for FOSS with Linux, nice.

    link to this | view in thread ]

  134. identicon
    Anonymous Coward, 12 Oct 2017 @ 5:40am

    Re: Heh, heh! Turns out are ALREADY backdoors!

    You seem awfully chummy with the RIAA though. How's that Mitch Bainwol baby batter taste?

    Last laugh, my ass. Nice try.

    link to this | view in thread ]

  135. icon
    Shane Killian (profile), 13 Oct 2017 @ 6:31am

    Protecting us from kid sisters

    Bruce Schneier said in his Applied Cryptography textbook:

    There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.

    What she wants to do is to put all of our crypto into the "kid sister" category.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.