UK Home Secretary Calls Tech Leaders 'Patronizing' For Refusing To Believe Her 'Safe Backdoors' Spiels

from the if-you-don't-want-to-be-treated-like-a-petulant-child... dept

It appears we're headed towards some sort of encryption showdown in the UK. The only question is: what sort of weapons will everyone be bringing to the brawl?

Home Secretary Amber Rudd is giving off the vibe the UK government may soon be wielding mandates and legislation, if not literal slings and arrows. The more Rudd (and other top UK politicians) argue for encryption backdoors they insist aren't backdoors, the more they're running into opposition from those expected to create the backdoors.

Rudd's finding out ignorance isn't bliss.

Asked by an audience member if she understood how end-to-end encryption actually worked, she said: "It's so easy to be patronised in this business. We will do our best to understand it.

"We will take advice from other people but I do feel that there is a sea of criticism for any of us who try and legislate in new areas, who will automatically be sneered at and laughed at for not getting it right."

She added: "I don't need to understand how encryption works to understand how it's helping - end-to-end encryption - the criminals.

"I will engage with the security services to find the best way to combat that."

To be sure, Rudd is taking additional criticism. But it's not for her ignorance. It's for her obstinance. Her ignorance of encryption fundamentals allows her to continue claiming there's such a thing as a secure backdoor. She may understand what end-to-end encryption means, but insists it can be subverted without destroying it.

Understandably, tech companies have attempted to set the record straight repeatedly, using actual facts. That's what Rudd views as "patronising." Facts. And people who do understand encryption attempting to explain the facts to someone who views facts as inconvenient barriers to lawful access.

Rudd does know this: terrorists are using encrypted apps to communicate. What's not being considered is the security of millions of non-terrorists using the same encrypted apps. So, she's obviously frustrated and lashing out at those companies she views as taking the side of terrorists.

But what she wants are things tech companies can't provide without sacrificing the security of millions of non-terrorists..

She insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services.

If she's angry, the tech companies she refuses to listen to are just as fed up. That's when the snark kicks in: when all other more reasonable lines of communication have been ignored.

At this point, it's gone beyond simple facts and science. The war on encryption has shifted to a religious crusade.

She told the meeting Silicon Valley had a "moral" obligation to do more to help the fight against crime and terrorism.

Counterpoint: the government has lots of moral obligations as well, but seldom lives up to those. But beyond that, no company has a "moral" obligation to cave to government demands for weakened user security. Companies are doing what they can to assist law enforcement and are heavily engaged in moderating content uploaded to their platforms. Insisting this is a "moral" issue warps the conversation, taking it past a discussion of what is or isn't possible and into the realm of wonders and miracles.

If Rudd doesn't like being talked down to by tech leaders, perhaps she should start listening to what they're saying. More importantly, she needs to start accepting their answers.

Filed Under: amber rudd, encryption, going dark, uk

UK Home Secretary Doesn't Want Backdoors; She Just Wants Companies To Stop Offering Encryption Because No One Wants It

from the insanity-plea dept

UK Home Secretary Amber Rudd, perhaps now most famously known for not knowing the "necessary hashtags," is back to beating up on encryption because it (no citation provided) helps terrorists get away with terrorism. Her op-ed piece for The Telegraph begins as so many pleas to undermine encryption do: with the horrors perpetrated by terrorists. Only now, the parade of horrors tends to sound something like a "CSI: Cyber" exposition outtake.

Nearly every plot we uncover has a digital element to it. Go online and you will find your own “do-it-yourself” jihad at the click of a mouse. The tentacles of Daesh (Isil) recruiters in Syria reach back to the laptops in the bedrooms of boys – and increasingly girls – in our towns and cities up and down the country. The purveyors of far-Right extremism pump out their brand of hate across the globe, without ever leaving home.

The scale of what is happening cannot be downplayed. Before he mowed down the innocents on Westminster Bridge and stabbed Pc Keith Palmer, Khalid Masood is thought to have watched extremist videos. Daesh claim to have created 11,000 new social media accounts in May alone. Our analysis shows that three-quarters of Daesh propaganda stories are shared within the first three hours of release – an hour quicker than a year ago.

An hour quicker! In internet time, that's practically a millennium. It's tough to tell what Rudd's attempting to make of this technobabble. Is she suggesting future Masoods will act quicker because they'll be able to complete their viewing of extremist videos faster? If that's the case, maybe regulators need to step in and throttle broadband connections. The more the video buffers, the less likely it is someone will watch it… and the less likely it is someone will carry out an attack. The math(s) work out.

Unfortunately, this is not where the op-ed is heading. Sadly, Rudd is here to take a swing at encryption. But she takes a swing at it in prime passive-aggressive, Ike Turner-style, saying she loves it even as the blows rain home.

Encryption plays a fundamental role in protecting us all online. It is key to growing the digital economy, and delivering public services online.

I ain't mad at ya.

But, like many powerful technologies, encrypted services are used and abused by a small minority of people. The particular challenge is around so called “end-to-end” encryption, where even the service provider cannot see the content of a communication.

But you mess me up so much inside.

To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption. But the inability to gain access to encrypted data in specific and targeted instances – even with a warrant signed by a Secretary of State and a senior judge – is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.

In a fun twist, Rudd doesn't call for harder nerding. (Note: Rudd is visiting Silicon Valley to meet with tech leaders, so it's safe to assume requests for harder nerding will be made, even if not directly in this op-ed.)

No, Rudd doesn't want the impossible: secure, backdoored encryption. Instead, she wants to know if tech companies will just take the encryption off one end of the end-to-end. Her bolstering argument? The public doesn't give a shit about encryption. It just wants easy-to-use communication tools.

Real people often prefer ease of use and a multitude of features to perfect, unbreakable security. So this is not about asking the companies to break encryption or create so called “back doors”. Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? Companies are constantly making trade-offs between security and “usability”, and it is here where our experts believe opportunities may lie.

Having set up her straw app user, Rudd moves towards her conclusion… which is severely lacking in anything cohesive or coherent. The "opportunities" lie in persuading tech companies to provide users with less secure communications platforms. Should be an easy sale, especially if the average user doesn't care about security. But maybe the company does and doesn't want to give bad people an easy way to access the communications of others. Hence encryption. Hence end-to-end, so even if the provider is breached, there's still nothing to access.

What Rudd is looking for can't be called a trade-off. The government has nothing tech companies want. All they can offer is platitudes about fighting crime and national security. The government, meanwhile, wants tech companies to write software the way the government wants it, rather than how the company or its users want it. That's not a trade-off. That's a one-way street where every internet communication platform becomes a proxy government agency.

Rudd's idea is bad and she should feel bad. But I get the feeling that no matter how many tech experts she talks to, she's still going to believe her way is the right and best way.

Filed Under: amber rudd, backdoors, encryption, fud, terrorism, uk

UK Government Using Manchester Attacks As An Excuse To Kill Encryption

from the say-what-now? dept

It's no secret that there are those in the current UK government who are just itching to kill encryption. Earlier this year, Home Secretary Amber Rudd made some profoundly ill-informed comments about how encryption on the internet was "completely unacceptable" and saying that they needed to stop companies from providing end-to-end encryption. And, in the recently leaked Tory Manifesto, it was made clear that the current government sees breaking encryption as a priority:

In addition, we do not believe that there should be a safe space for terrorists to be able to communicate online and will work to prevent them from having this capability.

As has been explained time and time again, the only way you prevent bad guys from having encryption is by preventing everyone from having effective encryption... and that makes everyone significantly less safe. Seriously, the only way to do this is to put dangerous vulnerabilities into encryption that will certainly be hacked fairly quickly. This doesn't make people safer. It makes them less safe.

But, of course, like so many politicians these days (of all major parties) it appears that the Conservative Party in the UK can't let a good tragedy go to waste. The Independent is reporting that, because of the attack in Manchester this week, the party is ramping up its plans to outlaw encrypted communications:

Government officials appear to have briefed newspapers that they will put many of the most invasive parts of the relatively new Investigatory Powers Act into effect after the bombing at Manchester Arena.

The specific powers being discussed – named Technical Capability Orders – require big technology and internet companies to break their own security so that messages can be read by intelligence agencies.

Again, in case you're just joining us, requiring that internet companies "break their own security so that messages can be read by intelligence agencies" is the nice way of saying "kill real encryption." It means that these companies will be deliberately forced to leave vulnerabilities in encryption that will be a goldmine for hackers of all kinds, from foreign surveillance to online criminals.

And, so far, there is zero evidence that the Manchester attack had anything to do with encryption. And, even if it did, so what? If the UK forced companies to break encryption, people planning terrorist attacks would just switch to other encryption products that don't have corporate entities in the UK. Or they'd come up with other ways to communicate. It will do basically nothing to stop terrorist attacks, but will instead make it much, much easier for all sorts of people with nefarious intent to hack into the private communications of everyone.

Filed Under: amber rudd, encryption, manchester, privacy, security, theresa may, uk

Limited Edition Gear For Our Friends In The UK: Necessary Hashtags

from the unnecessary-t-shirts dept

Available For One Week Only: Necessary Hashtags Gear From Techdirt
UK/EU Shipping | US Shipping

Ever since UK Home Secretary Amber Rudd offered up her confused ideas about internet censorship, the somewhat meta hashtag #necessaryhashtags has been busily buzzing away with quips at her expense. For those of you who are in on the joke, and especially our UK readers for whom I'm sure it hits closest to home, we've launched a new limited edition line of t-shirts, hoodies, mugs and stickers available only until Monday, April 3rd.

Also, consider this UK-focused offering a celebration of the fact that all our gear now has European shipping options available that should make things much less expensive for overseas buyers. When you check out any of our products with an IP address from outside the US, you should be given the option to choose your fulfillment center — but sometimes with new shirts there is a delay before this automated setup is in place, so you can also look for the link in the product description on Teespring. For now, here are the separate links for UK/EU shipping and US shipping for this latest design.

Check out the Techdirt Gear store for Necessary Hashtags and more »

Filed Under: #necessaryhashtags, amber rudd, necessary hashtags, t-shirts

UK Home Secretary: I Need People Who Understand The Necessary Hashtags To Censor Bad People Online

from the oh,-and-to-break-encryption-to dept

So, last week a clearly troubled individual by the name of Khalid Masood killed four people in Westminster and, as happens all too often after something bad happens, politicians went insane. But no one more so than UK Home Secretary Amber Rudd, who really maybe should have taken a moment or two to find out what the hell she was talking about before going on TV spouting off complete and utter nonsense about technology, social media and encryption. Instead, Rudd, who again, I remind you, is in a very powerful position within the British Cabinet (sort of loosely equivalent to the head of Homeland Security in the US) said this while talking about getting various social media companies to be more proactive in censoring content:

“What I’m saying is the best people who understand the technology, who understand the necessary hashtags to stop this stuff even being put up, not just taking it down, are going to be them. That’s why I would like to have an industry-wide board set up where they do it themselves.”

The best people... who understand the necessary hashtags. The. Necessary. Hashtags. Or should that be #NecessaryHashtags. I mean, that's so insane that it distracts from the fact that the UK Home Secretary is literally saying that she wants internet companies to come together in a mass collusion to censor content the UK Home Secretary doesn't like.

Believe it or not, that wasn't even the craziest thing that this person-in-power had to say. Prior to the #NecessaryHashtags, we were given a full throated UK-version of James Comey and his silly, debunked "going dark" nonsense, just with a British accent:

“It is completely unacceptable. There should be no place for terrorists to hide.

“We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other.

“It used to be that people would steam open envelopes, or just listen in on phones, when they wanted to find out what people were doing, legally, through warrantry, but in this situation we need to make sure that our intelligences services have the ability to get into situations like encrypted WhatsApp.”

We don't necessarily (hashtag or not!) need to rehash just how wrong this is -- we've covered that plenty of times in the past. The fact is there are always going to be tons of places where "terrorists" can communicate with each other that no one can see. Sometimes it will be in person. Sometimes it will be in public, but using a pre-designated code. And, of course, even more importantly, this crazy decision to blame encrypted communications apps in a case where even Rudd admits the guy was a lone actor, completely ignores just how important encrypted, private communications are to the rest of us. It takes quite a misguided thought process to think "here we have a disturbed lone actor who did an attack, and therefore we need to make absolutely everyone else significantly less safe." It takes an even more misguided process to take that thought and go on TV and announce it as an official plan of the UK government.

Oh, and remember, this is the same UK government that just months ago got massive new powers to spy on the public.

If it's not yet obvious from what was said above that Rudd is just playing tech buzzword bingo and has simply no idea what she's talking about, she also said this:

“We’re not saying open up, we don’t want to go into the cloud, we don’t want to do all sorts of things like that, but we do want them to recognise they have a responsibility to engage with government, to engage with law enforcement agencies when there is a terrorist situation”.

You're not saying open up and you don't want to go into the cloud? But you are saying that encryption shouldn't be allowed to work? What is she even saying? This is all nonsense. The companies do engage with governments all the time. When given a valid and legal warrant, they do what they can. Sometimes that's nothing.

Of course, all of this is coming on the heels of another misguided outrage at other tech companies for sometimes allowing bad people to use their tools. Paul Bernal has an oasis of sanity responding to some of this cesspool of craziness.

Terrorists use the internet to communicate and to plan because we all use the internet to communicate and plan. Terrorists use the internet to access information because we all use the internet to access information. The internet is a communicative tool, so of course they’ll use it – and as it develops and becomes better at all these things, we’ll all be able to use it in this way. And this applies to all the tools on the net. Yes, terrorists will use Google. Yes, they’ll use Facebook too. And Twitter. And WhatsApp. Why? Because they’re useful tools, systems, platforms, whatever you want to call them – and because they’re what we all use. Just as we use hire cars and kitchen knives.

[....]

The same is true of privacy itself. We all need it. Undermining it – for example by building in backdoors to services like WhatsApp – undermines us all. Further, calls for mass surveillance damage us all – and attacks like that at Westminster absolutely do not help build the case for more of it. Precisely the opposite. To the surprise of no-one who works in privacy, it turns out that the attacker was already known to the authorities – so did not need to be found by mass surveillance. The same has been true of the perpetrators of all the major terrorist attacks in the West in recent years. The murderers of Lee Rigby. The Boston Bombers. The Charlie Hebdo shooters. The Sydney siege perpetrators. The Bataclan killers. None of these attacks needed identifying through mass surveillance. At a time when resources are short, to spend time, money, effort and expertise on mass surveillance rather than improving targeted intelligence, putting more human intelligence into place – more police, more investigators rather than more millions into the hands of IT contractors – is hard to defend.

Why is it that all the sane thoughts on this seem to be coming from outside the government, and the craziest ideas coming from those in the highest positions of power?

Filed Under: amber rudd, censorship, encryption, free speech, going dark, necessary hashtags
Companies: telegram, whatsapp, wordpress

UK Home Secretary Agrees To Turn Over Accused Hacker Lauri Love To US Government

from the solitary-confinement-of-foreign-soil:-so-very-healing dept

Accused hacker Lauri Love is headed to the United States to face prosecution, thanks to an order signed by UK Home Secretary Amber Rudd. The Home Office felt that -- after "all things" were "considered" -- the best place for an Asberger's sufferer with suicidal tendencies is the US prison system, most likely segregated from the general population.

The 31-year-old activist, who has Asperger syndrome, lost his legal challenge to avoid extradition in September, and on Monday the Home Office said the necessary order allowing his removal had been signed after Rudd “carefully considered all relevant matters”.

The Home Office said Love “has been charged with various computer hacking offences which included targeting US military and federal government agencies”.

It didn't have to go this way. A UK court did find the US government's desire to extradite and prosecute understandable and explained away all the arguments Love raised against being forced to leave the country. In the court's estimation, the US prison system is more than capable of meeting Love's particular "needs." Apparently, the court has never read anything at all about the federal prison system. Maybe it feels throwing suicidal people into solitary confinement is just a part of the recovery process.

Over 100 members of Parliament signed a letter urging President Obama to drop the extradition. They noted former Home Secretary Theresa May -- no one's idea of a people's champion -- stiff-armed the US's attempt to extract another hacker (Gary McKinnon) for basically the same allegations.

The group also wanted to know why it was so necessary to go this route. The UK court system is perfectly capable of handling the process without having to send someone with multiple mental health issues halfway around the world.

"We would like to ask, why then is the United States insistent on Mr Love's extradition, despite the UK having a proven track record of appropriately sentencing and rehabilitating individuals who have committed computer-hacking offences against the US?"

The answer is "because" and "if you like our surveillance partnerships, you'll do as you're asked." Theresa May pushed back against the US government's demands, but that was pre-Snowden. Now, everyone's favorite secret surveillance programs aren't so secret anymore and are facing numerous legal challenges. No one agency can do it all. The Five Eyes partnership is more important than ever because it allows participating countries to route legislative changes and court rulings.

That probably fed into Rudd's decision. Another factor may have been the ongoing hysteria over all things cyber. The US government is routinely hacked and this recent election opened the doors to fears that foreign powers could disrupt the oh-so-sacred election process. Anyone hacking into anything government-related is going to face the full force of as many federal prosecutors the DOJ can spare, so this should certainly go well for Love.

Filed Under: amber rudd, extradition, hacking, laurie love, theresa may, uk, us