They weren't able to spy in bulk when communication was primarily offline, and they won't when it's primarily encrypted.
Don't let them frame the brief, anomalous period when they could listen in on everyone, as 'normal'.
Because of our state-of-the-art security, we're now able to do more things online in less secure environments. A secure, distributed internet is normal. One that is insecure by design is not.
- She resigned from her previous position as International Development Secretary in 2017 when it was discovered she held secret unauthorised meetings with Israeli officials and lied about it. The meetings were not sanctioned by the Foreign Office and were a breach of ministerial code.
- A supporter of Brexit, she suggested last year that the UK leverage the prospect of food shortages in Ireland in order to gain a better Brexit deal. Although, she quickly back-pedalled on her comments, she was rightly criticised for her remarks.
The depressing reality is that the current Conservative Party in the UK is stuffed to the rafters with nasty politicians just like her.
Priti Patel's voting record in parliament: https://www.theyworkforyou.com/mp/24778/priti_patel/witham/v...
"Generally voted for requiring the mass retention of information about communications"
"Voted for mass surveillance of people’s communications and activities"
https://en.wikipedia.org/wiki/Priti_Patel#Home_Secretary:_Ju...
Most of the reasonable and moderate members of the Tory party are on the back benches, leaving or about ready to retire. The old, reasonable, one nation Tory party is dead as a dodo.
Consider that it's the first one which appears to be serious about actually doing what the government repeatedly said it would do, both before and after the vote. A government doing what it promised it would do is reasonable. It is led by a man who wants very much to reach an acceptable deal with the EU, but will leave without one if the EU makes it necessary. That's a reasonable and moderate position of the sort that millions of business leaders take every single day.
The previous cabinet had a position like this: we're saying we'll leave no matter what, but we're lying because we definitely won't ever leave without a "deal" of some sort, which basically means the party we're negotiating with can propose whatever terms they like and we'll always accept them regardless of how terrible. Thus an "agreement" which is universally regarded as awful is presented as the only possible path forward, other than ignoring the biggest vote in British history. That's not at all a reasonable way to go about negotiations or politics. Nor is it even slightly moderate - "we must accept terrible terms or else we'll be destroyed" is an unusually extreme belief, of the sort usually held by countries which just lost a war.
Patel may have broken some ministerial code, and that's bad. But the former Prime Minister and her cabinet said 108 times the country would leave the EU on the deadline with or without a deal and they were lying every single time. The cabinets before that told voters they were committed to bringing down immigration, but after leaving government Osborne admitted the cabinet never believed in their stated goal, didn't want to do it and therefore just ignored it. That sort of blatant, knowing manipulation is far, far worse and completely destructive to trust in politics. Meeting Israelis without filing the right paperwork is trivial compared to it.
https://www.youtube.com/watch?v=_DrsVhzbLzU
I'm still shocked that we have someone as Home Secretary who thought capital punishment was a good idea.
Are we going to now have three verdicts?
Not guilty
Guilty
No, we really mean it this time, actually properly guilty.
Her unapproved meetings with foreign states should be enough to warrant her resignation but how she continue baffles me.
Even if it it was possible I think the bigger question is do we want to live in a society where any and all conversations can be ease-dropped on? I get the point that they want it for investigations, but its been proven over and over that if there is a way it will be abused.
Would intelligence and LE also be ok with that same rules applying to them?
Really the fact intelligence and law enforcement agencies are lobbying is actually utterly fucked up. Their purpose is to serve us not the other way around.
If people with actual sense were in charge the fuckers pushing for it would be fired and out the door so fast it breaks the sound barrier - actively undermining that which the nation benefits from the most economically and making them weaker to attackers - all while not making adversaries weaker? That is inexcusable incompetence.
However "we" want them to be able to "stop the bad guys" and "monitor bad communication". "We" also have nothing to hide.
This yougov poll shows more Americans support backdoors in encryption than oppose it
https://today.yougov.com/topics/technology/articles-reports/...
https://d25d2506sfb94s.cloudfront.net/cumulus_uploads/inline...
In reality these are massive organisations of people who want to do good and protect people from actual dangers and repeats of actual harmful incidents. So I think framing the motives as malevolent isn’t helpful because the motives aren’t malevolent.
I think it’s much more reasonable to ask why these things arise. Eg maybe the government says “how will you stop something like x happening again” and they say “well it would have been really hard to detect but we were slightly suspicious of them. If only we could get a warrant to find out what they were talking about...”. And this probably seems reasonable to the minister who still thinks these intelligence agencies are steaming open letters or tapping into phone lines.
It doesn’t even need to be the case that people know these laws would work/be useful, all they need is to feel that they would. And this can quite easily happen without any malicious intentions.
Other things one could imagine happening are finding warrants annoying because they feel like a formality and feeling that the pause in the process potentially causes harm. Or seeing the whole “I ask my ally to spy on my citizens” process as a silly way to get round an annoying loophole. I can imagine something like this happening in a multinational company and if you see intelligence allies as actually working together in a team it doesn’t seem so crazy to see it as a silly legal formality to allow the actual teamwork. So (to say the same thing again) I don’t think these things arise from bad intentions.
A final thing is that many people in these intelligence organisations seem to care about how this surveillance is done in an ethical way (although some people don’t). Eg note here that they want to get this ability with a warrant (perhaps they really want it warrantless and plan to get it or perhaps they feel like they were burned by the various revelations and don’t think they could get it anyway).
Compare this to the way much of the modern mass surveillance we are exposed to every day is planned where there is virtually no ethical oversight at all.
I'm going to defend what is probably the minority opinion on this site and say yes, I'd rather live in a society where communication is open to surveillance.
The reason being that the situation appears to me very binary (and I think most people would agree on this), either there's strong encryption in which case almost all communication is not subject to surveillance, or the state has the capacity to eaves-drop.
The first scenario scares me because it essentially eliminates the ability to engage in surveillance when it is needed. Be it financial fraud on a wide scale, terrorism, crime, radicalisation or whatever else, and society has a vested interested in having the capacity to prevent this.
I don't think the two most cmmon criticisms hold up. The first one is that surveillance affects many people adversely. I don't think that's true. Nobody has an interest in eaves-dropping on average citizens, it's simply a waste of resources. The second one is the slippery slope line of argument you brought up. I don't think there is a lot of evidence that, in states of law, surveillance has been abused or employed illegaly.
What about in the current case of the Nicaraguan government? https://www.hrw.org/world-report/2019/country-chapters/nicar...
[1] https://www.privateinternetaccess.com/blog/2016/09/police-ro...
Intelligence agents willingly sacrifice much of their personal privacy as a condition of their security clearance, so by selection bias would be more willing to subject others to loss of privacy.
> its been proven over and over that if there is a way it will be abused.
Is there actually any good, cite-able instance of government backdoors being abused? I believe it is possible, but i don't know of any instance of it happening.
They seem to unlock most of this info though by attacking the endpoint itself anyway.
Last year, my own country (Australia) passed a law which allows the government to force companies or even individuals to add backdoors to their products, and makes it a criminal offence to refuse or publicly disclose their requests. I would go to jail before I complied.
For those of you in other five eyes countries, you'll have similar laws soon too. Our intelligence agencies have clearly set themselves up against fundamental principles of human rights, and their efforts to undermine these must be fought.
I think the tech media and community overstates the impact of this law. The law [0] makes it clear that the backdoor cannot introduce any systematic weakness of vulnerability, which explicitly includes "a new decryption capability in relation to a form of electronic protection".
What it allows is stuff that targets a specific person _and_ is incapable of affecting anybody else. The second part overrides the first part, so if it's not possible to target a specific person without weakening protection for everybody else, you're not required to do anything.
For example asking you to put code into your app that creates a copy of private keys and sends them to ASIO if the user's ID matches a hard-coded value would be legally okay per my reading of the law.
However adding ASIO's key to every single message would not be okay.
I'm not saying I'm in favour of the law (I'm not) but its actual effect isn't at all what people assume (I hear a lot of comments about "Australia banned encryption" and other such nonsense).
[0]: http://www5.austlii.edu.au/au/legis/cth/consol_act/ta1997214...
You can hold all the meetings you want. pound fists to table, elegantly restate your problem, but the mathematic fundamentals of it are your immovable object. your only option is to block it throughout your nation. this just makes room for a new, or an updated version of the fly you swat last week that gets around your flyswatter.
Sure, you can try to poison the code base, or inject some kind of malware, but this trick only works once. its not a silver bullet.
http://coding2learn.org/blog/2017/06/11/dear-theresa/
Given that the maths is "out of the bag", any motivated criminal organisation or group that is intent on not being caught can quite easily encrypt their own communications. The only people who won't are the innocent public, who can be spied on with impunity.
It's always the innocent public who is the target of such moves. The goal is state omniscience, not crime fighting.
Competent criminal organisations wouldn't care about laws banning encryption, and would know to use the proper tools.
The random non-competent criminals caught this way, would be used to justify the measure...
Then you confiscate devices and jail people when you believe (or have "reasonable suspicion") that they use one.
Problem solved for the 99% of the population!
This isn't p*rnhub. You can't backdoor everything.
Why would you censor pornhub?
This entitlement is obscene.
If backdoor access is granted then a new set of heads will emerge from the hydra.
Dealing with the challenges faced by having a mere 97% conviction rate, federal prosecutors and law enforcement conspire with foreign powers to remove pesky civil liberties.
> By choosing a simple but strong cipher that is already widely published and agreeing on how to use it, anyone with elementary programming skills can write their own encryption program without relying on any products that can be banned.
And Pontifex, aka the Solitaire Encryption Algorithm (SPOILER ALERT):
> In Neal Stephenson's novel Cryptonomicon, the character Enoch Root describes a cryptosystem code-named "Pontifex" to another character named Randy Waterhouse, and later reveals that the steps of the algorithm are intended to be carried out using a deck of playing cards.
https://www.schneier.com/academic/solitaire/
Laws cannot stop encryption, they can stop law-abiding people from using it maybe but not criminals.
Also, when you implement the ciphersaber, you're still only about 1/4 of the way to the functionality of early-1990s PGP, notably lacking any public key functionality.
> For file encryption, a user need only memorize one key or passphrase. For messaging, users need to exchange pairs of keys through some secure means, most likely in person. Maintaining a list of correspondent's keys or passphrases in a master file, preferably itself encrypted with a memorized master key, is less convenient than public key encryption. But it may be all that is left in a few years if PGP key servers are banned.
> It may even be possible to teach a manual version of the Diffie-Hellman key exchange, perhaps using large number calculators (easily built in Java 1.1). The Diffie-Hellman procedure need be carried out just once per pair of correspondents, since CipherSaber eliminates the need to exchange keys for every message.
Apart from the implausibility of some of this, you have a very severe issue about key synchronization if you literally only want to do a key exchange once. For example, an attacker who can intercept one party's message and then trick another party into encrypting a known plaintext with the same key material (because that party doesn't know that the keystream has advanced yet?) can then decrypt the intercepted message.
Even having the two users accidentally use the same part of the keystream to send separate unknown messages m₁ and m₂ will allow an adversary to compute m₁⊕m₂, which is very bad in many cases. One thing I remember from Dan Boneh's cryptography class is that if either message contains an ASCII space character (' ') at some position, then m₁⊕m₂ will contain the other message's plaintext with uppercase and lowercase inverted (for example,' '^'q' is 'Q').
The ciphersaber idea is conceptually really great, and I love the idea of helping teach people to create their own communications and communications security infrastructure. But I think that, apart from just how archaic the cryptographic technology it teaches is, the project really underestimates how far away this cipher implementation is from a complete system.
It is also likely that the technology they use to solve that problem will be much less sophisticated.
Ballots, surely.
Well, one of the four boxes, anyway.
