Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Privacy Communications Encryption Government United Kingdom

Snoopers' Charter Could Mean Trouble For UK Users of Encryption-Capable Apps 174

An anonymous reader writes with a story at IB Times that speculates instant messaging apps which enable encrypted communications (including Snapchat, Facebook Messenger and iMessage) could be banned in the UK under the so-called Snooper's Charter now under consideration. The extent of the powers that the government would claim under the legislation is not yet clear, but as the linked article says, it "would allow security services like the Government Communications Headquarters, or GCHQ, and MI5, or Military Intelligence Section 5, to access instant messages sent between people to and from the country," and evidently "would give the government right to ban instant messaging apps that use end-to-end encryption." That might sound outlandish, but reflects a popular and politically safe sentiment: "'In our country, do we want to allow a means of communication between people which we cannot read? My answer to that question is: "No, we must not,"' [Prime Minister] Cameron said earlier this year following the Charlie Hebdo shooting in Paris."
This discussion has been archived. No new comments can be posted.

Snoopers' Charter Could Mean Trouble For UK Users of Encryption-Capable Apps

Comments Filter:
  • by sandbagger ( 654585 ) on Sunday July 12, 2015 @10:40AM (#50093105)

    They planned their horrific act over a kitchen table. They had no need for instant messengers, e-mails of Skype to talk from one end of the apartment to another.

    • by s0litaire ( 1205168 ) on Sunday July 12, 2015 @10:43AM (#50093115)

      Never underestimate the laziness of a person with a smartphone!

    • by sumdumass ( 711423 ) on Sunday July 12, 2015 @11:01AM (#50093183) Journal

      They also have no way of distinguishing codes used in furthering their goesl. For instance we could nickname components of a bomb recipe the same as foods. "I'm having a party, what can you bring that we can put on the grill" could be a code for lets bomb something, got any explosives. And the response "nothing but i have plenty of eggs and bacon if I can stay over" could mean I'm in- no explosives but lors of ammo and guns. Someone else could chime in with "i need to stay over too and i have plenty of beer and some beef for the BBQ" could mean I'm in and have these components of explosives.

      And all that can be determined over the kitchen table or in another country or whatever in advance. No amount of listening in will catch that before something happened and would be a shaky guess only pointing to a connection between people after the fact.

    • by Z00L00K ( 682162 )

      In addition to this - if you want to exchange sensitive information then do that in messages using steganography. Key messages on activities can be attached covertly to images or other bodies of text.

      So the bad guys will still be able to get their messages through while good guys messages regarding commercial secrets may end up being leaked.

    • In that case the Stasi could have done a better job here .. Unless of course if they were playing Wagner at full blast.
    • by BlueStrat ( 756137 ) on Sunday July 12, 2015 @12:33PM (#50093609)

      "'In our country, do we want to allow a means of communication between people which we cannot read? My answer to that question is: "No, we must not,"' [Prime Minister] Cameron said earlier this year following the Charlie Hebdo shooting in Paris."

      Cameron is asking the wrong (or a misleading) question.

      The choices are communications you (GCHQ/MI5/etc) may not be able to decrypt, or communications that anyone may be able decrypt.

      There is no 'secret sauce' method of making communications secure against common threats while simultaneously making them insecure to the government.

      If the government can read the communications, so can any other interested party including, terrorists, foreign intelligence agencies, rival/foreign businesses, journalists, etc etc.

      Including Cameron's own political enemies.

      He may not like it if he gets what he's advocating for.

      Strat

      • by dryeo ( 100693 )

        Do you really think there won't be an exception for the government to use secure communication? As the western world moves right on the political spectrum, we'll see more and more secretive governments who demand to know everything about their subjects. Been watching it here in Canada ever since the Conservatives got voted in (on an open government ticket). Expansion of police and spying agencies powers including blanket immunity from breaking the law. Increasing secrecy in the government, often using auste

        • Do you really think there won't be an exception for the government to use secure communication?

          Not everyone for whom it is vital for politicians to communicate securely with are in government. Also, government does not operate in a vacuum. There are all manner and sorts of private contractors, suppliers, etc etc.

          And this is without even discussing the effect on the security of online banking, e-commerce, and interactions between individuals and government.

          It is impractical and self-defeating, as unless the exceptions are so broad they are meaningless, the whole thing is unworkable.

          In other news, Came

          • by dryeo ( 100693 )

            Strategic partners of the government such as certain lobbyists will also be immune (or continue to interact in person as they do now to avoid any written records) and things like banking will be tapped at the server so communication over the internet will still be secure. Same with interactions with the government. What will be blocked is person to person encryption as well as communication with organizations who are not in the governments good side.

        • Do you really think there won't be an exception for the government to use secure communication?

          Sure, for official government business. But what about communications within the Conservative party? Do you think that everyone at every level is going to be allowed unbreakable encryption for party use? What about for communications between MPs and their mistresses/corporate overlords/racist backers? Scandals become a lot easier if you can decrypt everything that MPs send and receive, and even easier if official business is all done encrypted but unofficial things are insecure.

      • by AmiMoJo ( 196126 )

        He might not be taking about weakening encryption. He might mean banning apps where the service provider isn't involved in the crypto and thus can't decrypt messages on demand. Like Skype for example - it's basically secure crypto-wise, but since everything goes through Microsoft servers they can (and do) eavesdrop on any conversation they like.

        Of course it's vulnerable to the server being hacked as well, but the crypto itself can remain "secure", you just can't choose who you share the keys with.

        • He might mean banning apps where the service provider isn't involved in the crypto and thus can't decrypt messages on demand. Like Skype for example - it's basically secure crypto-wise, but since everything goes through Microsoft servers they can (and do) eavesdrop on any conversation they like.

          A weak implementation of crypto is just as bad as week crypto, though. In the case of Skype, for instance, Microsoft can force clients to (silently) downgrade from p2p crypto to server-mediated crypto for eavesdropping. Even if you consider the Russian and Chinese governments (who have access to this capability [google.com]) to be good guys this MITM capability is always at risk of being used by others.

          Also there's little they can do about plugins like OTR [cypherpunks.ca]: they don't need to access a server so they can't be blocked, it

      • by Xest ( 935314 )

        "The choices are communications you (GCHQ/MI5/etc) may not be able to decrypt, or communications that anyone may be able decrypt."

        Actually I think that's exactly what he was gunning for, having followed the original announcements and speech. This Australian IBTimes article seems to be putting a completely different interpretation on what was said at the time.

        At the time, Cameron was talking about increasing funding and tools for the security services, as such, it seemed pretty clear he was talking about bol

        • by jeremyp ( 130771 )

          Cameron is a prick, there's no doubt about that, but he isn't stupid. Even he knows a ban on certain applications would never work.

          Are you sure about that? Plenty of very intelligent people have blind spots with respect to aspects of computer technology. I wouldn't be at all surprised if Cameron fundamentally doesn't understand the problem, or if he does, he doesn't understand the consequences for the UK IT industry and online economy.

          • by Xest ( 935314 )

            If the question was being asked of Gordon Brown when he was pushing the same thing back in 2009, I'd agree, he had no clue. But the thing to bear in mind with Cameron is that he's surrounded himself with tech advisors - from Ian Livingstone, BT's old boss, to Martha Lane Fox, founder of lastminute.com. He's also quite close to Google, having been a key driver in involving them with his Silicon Roundabout initiative. He's also spent a lot of time with Berners Lee on the open data initiative, so whilst I real

    • Time to ban kitchen tables.
    • They planned their horrific act over a kitchen table. They had no need for instant messengers, e-mails of Skype to talk from one end of the apartment to another.

      In that case we must ban kitchen tables! Just think of the children!

  • by Anonymous Coward

    Get in touch with your representatives and whack them over the head until they see sense. TA.

    • No, the voters want this. They are the ones who need a *damn good whacking*. And we should never let the majority vote away our rights anyway.

  • by Anonymous Coward

    Do you want zero expectation of privacy in every aspect of your life, Mr. Cameron? Well, do ya? PUNK?

  • by paul_metcalfe ( 2252790 ) on Sunday July 12, 2015 @10:53AM (#50093153)
    I guess if I can't encrypt communications between myself and my bank, because the government can't see that I'm not talking about terrorist plans, I should stop on-line banking altogether, and just go back to paper, as it's more secure that way.

    I sure as hell won't be giving any sites my credit card details if I can't encrypt them. No crypto, or easily defeated crypto means that ANYONE, not just the "good guys" can read my traffic.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Someone ought to let manufacturers and vendors know that people will refuse to buy products shipped with holes in them.

      Considering the number of international partners that the U.K. has in ALEC, it's not the citizens communications that most need to be exposed.

      • It's soon going to be easy to do a screen on the security of a system or application: just ask for delivery to the UK of the system you were planning to use somewhere else.
      • by johanw ( 1001493 )

        Someone should step out of this strange fundamentalistic limited capitalistic thinking that only companies can provide encryption products. The best encryption software is open source: GnbuPG for email, TextSecure and Redphone / Signal for chats and calls on Android cq iOS, SMSSecure provides a secure SMS solution. Sourcecode is freely available, no government backdoors present.

  • by whoever57 ( 658626 ) on Sunday July 12, 2015 @11:09AM (#50093219) Journal

    They know that a ban on Whatsapp would be immensely unpopular and would make millions of people realize how stupid their drive against encryption is.

    Instead, their intent is to force Whatsapp and others to voluntarily hand over the communications of their users, much like Blackberry (reportedly) agreed to do for countries with regressive regimes.

    • by AmiMoJo ( 196126 )

      People will just move to messaging systems where the vendor never has the key. There are plenty of choices already available.

      We have seen this happen already with mass surveillance. The more they tighten their grip, the more people fall through their fingers.

      • No, that's the point. The reason why iMessage, Facebook Messenger and SnapChat would be banned is exactly because these are messaging platforms where the vendor does not have the key.

        The government wants to ban such messaging platforms.

    • by Zocalo ( 252965 )
      True, but that's the big flaw in the plan that they just don't seem to grasp. WhatsApp and the makers of other tools *can't* voluntarily had over the communications without a major redesign of their software, which they are most probably not going to do because it would also compromise all their other users that are not afflicted by clueless politicians who refuse to accept the advice of people who do have a clue. There's also the issue of the sheer number of tools that let people DIY their own P2P commun
      • by johanw ( 1001493 )

        Blocking WhatsApp would be done by blocking their messaging servers. Preventing the software from entering the country is, of course, impossible. But if you can't send any messages with it it's useless.

        • Until WhatsApp counter with a decentralised network.

          • by Altrag ( 195300 )

            Which they won't do. They'll either comply (probably by just disabling the encryption layer,) or pull out completely.

            Remember, WhatsApp (and other such companies) aren't in the business of social reform. They're in the business of making money. The only way they would go to the effort of decentralizing their software (or any significant change) is if they thought it would provide a reasonable ROI (which may be in the form of stifling losses as opposed to producing profits.)

            I have significant doubts that

            • Some will comply. Some won't. It's not just the UK that poses such an issue for them - if the UK starts, every repressive country in the world will be hurrying to copy, starting with China and followed quickly by Russia. It's not practical to comply with many different laws in different countries, and the inability to promise confidentiality means a loss of business contracts - not a big deal for WhatsApp, but a big problem for Skype.

              • by Altrag ( 195300 )

                Absolutely, which is why "pull out" is another option if they feel they can't comply. My real point is that attempting to subvert the law is probably not going to be the choice they make. Taking that tack is a lot of risk for very little payoff, which may be worthwhile for political reformists but less so for businesses.

                Though that brings up a more interesting issue -- what happens if they decide to comply in some way other than "no encryption?" Do they now have to figure out ways to generate separate ke

    • Right, but what will actually happen (hopefully) is that the law will come into force, and WhatsApp, SnapChat, Apple, Google and Facebook will all say "okay, well, all your chat apps are now unavailable, sorry".

      As you rightly point out, that'll make the law immensely unpopular, and hopefully it'll get repealed.

    • British people who want to continue to use WhatsApp can continue to use WhatsApp by moving to China. British people will still have a choice.

    • by Demena ( 966987 )
      It is not just WhatsApp. Apple's entire ecosystem uses encryption. Supposedly even Apple cannot read the content of your messages. If they pass this as it is stated all current Apple's will become illegal. Or am I wrong in that?
  • by currently_awake ( 1248758 ) on Sunday July 12, 2015 @11:11AM (#50093227)
    If you are on vacation and you need to visit the hospital, they will likely want to talk with your doctor (in another country, using an incompatible medical records system). How are they going to manage that without violating government rules on transmition of medical records?
    • by Altrag ( 195300 )

      Fax?

      Other than that.. hand-waving and magic. Government officials (in every country) that come up with these plans seem to be under the impression that its possible to have a government back door while still being generally secure against everybody else.

      Its dreadfully obvious that these people don't know the first thing about computer security, but unfortunately only to people who DO know the first thing about computer security. The Dunning-Kruger effect [wikipedia.org] is in full force when it comes to politicians creat

  • Access (Score:3, Insightful)

    by MrKaos ( 858439 ) on Sunday July 12, 2015 @11:11AM (#50093229) Journal

    Get an interception warrant. The government has access to enough legal vehicles for dealing with people obstructing justice and it's not as if there isn't a case for encryption already. It is illegal to open mail that is not addressed to you. The difference is that where an envelope reminds the holder to respect another persons privacy, encryption enforces a persons right to privacy.

    Governments are not too happy with things that put peoples rights firmly with the people who own the government in the first place.

    • The people don't own the government. They sell it off to the higher bidder in the biennial auction... errr. I mean election...

  • by Anna Merikin ( 529843 ) on Sunday July 12, 2015 @11:14AM (#50093241) Journal

    (D)o we want to allow a means of communication between people which we cannot read? My answer to that question is: "No, we must not,"

    Just ten or twenty years ago a sitting politician saying this in a "democracy" and expecting to keep his job would be unthinkable.

    • Just ten or twenty years ago a sitting politician saying this in a "democracy" and expecting to keep his job would be unthinkable.

      Oh really? CALEA is 21 years old in the US and yet neither Bill Clinton nor anyone in Congress lost their jobs over it.

      • Thanks for the info; I knew there was only one place to get training to become a police chief, but I didn't know why -- I assumed it was simply survival of the fittest (school.) A duckduckgo search on "calea" filled me in.

  • Don't worry. If you're not doing anything wrong you have nothing to worry about, until the government decides to ban whatever it is you're doing.

    • There are legitimate reasons to have secrets. If i came into a bunch of money, I wouldn't want every crack addict knowing it. If my wife cheated and we worked it out, I wouldn't want everyone knowing about it. If i was looking for aother job, i wouldn't want my employer to know about it until I gave them notice. If the government has a back door, it is only a matter of time before others have access to it too.

  • by Anonymous Coward on Sunday July 12, 2015 @11:26AM (#50093281)

    In our country, do we want to allow a means of communication between politicians which we the citizens cannot read? My answer to that question is: No, we must not.

    • by MacDork ( 560499 ) on Sunday July 12, 2015 @09:49PM (#50095859) Journal
      That's what I would ask him. "No secret messages? Then how do you feel about Manning leaking your secret messages then? And Snowden? You must be in favor of a full pardon for those guys, yes? How do you plan to explain the shutdown and/or hacking of every Internet web server in your entire country, because you've outlawed SSH? Also, were you born with brain damage or did you acquire that at some later point in life?" :)
  • We must work around it, circumvent it any way we can. When our rights can be voted away, majority rule has hit a brick wall

  • Call it what it is (Score:4, Insightful)

    by whoever57 ( 658626 ) on Sunday July 12, 2015 @11:38AM (#50093325) Journal
    What the government want is the "Great Firewall of the UK". That's what we should call it, instead of the "Snooper's Charter".
    • by amiga3D ( 567632 )

      Maybe Pooper Snooper. Has a good ring to it.

    • by Altrag ( 195300 )

      Snooper's Charter sounds even more ominous to be honest. At least a "firewall" has some implication of protection even if everyone knows its true purpose.

      "Snooping" on the other hand has pretty much purely negative connotations since early grade school for most people.

      Then again, its kind of refreshing that the government is at least being honest about the purpose of the program. If it was in the US it would be called PINKUNICORN or some other absurd backcronym created purely to sound "nice" in print with

      • Then again, its kind of refreshing that the government is at least being honest about the purpose of the program. If it was in the US it would be called PINKUNICORN or some other absurd backcronym created purely to sound "nice" in print without giving away its sinister underpinnings

        The government calls it the Communications Data Bill, Snoopers' Charter is the name given to it by the press.

  • For all the good reasons already posted here. Which just goes to show how out of touch most politicians are.

    What's really funny is that "Joe Poster" imagines that it will happen and thinks up endless ridiculous scenarios.

  • Period. End of story.
    • by ihtoit ( 3393327 )

      Protection from self-incrimination is an individual right.

      Your turn, Internets.

  • by Anonymous Coward

    How does the government intend to prevent illegal encryption being hidden inside legal, weak-sauce encryption, without systematically cracking all of the latter? Note that such actions entirely pre-empt the promise to only handle private data with per-case permission from a court.

    • They do intend to break everything. By banning good encryption they can sort out the lawbreakers by looking for stuff they can't read.
    • Who's going to be the one breaking it to the banks that they have to employ tellers again 'cause people can't use online banking anymore?

      And, more important, may I be there to enjoy the reaction?

      • People could still use online banking under their scheme. It's just that all the certificates for bank servers would have to also be provided to the govt so that it can spoof the connection and execute a MITM if they want to intercept.

        • Just wait 'til word gets out that government can spy on all your online banking. I have a feeling a LOT of people will return to doing offline banking.

          And trust me if I tell you that, banks do NOT want that!

  • It's impossible to enforce an encryption ban in all it's forms. While the UK's government could in theory try to ban obvious encryption, they can't necessarily detect and stop every kind of encryption. Good people have obvious uses for encryption, and obviously would try to use some for security. One way I see is to use mimicry, where communications are encrypted to look like a plain kind of communication like poetry or spam. This kind of communication is pretty hard to "prove" that it is encrypted. All yo
  • because their no-encryption stance will force it.

    oh, and internal communications in their corporations with encryption in the data centers... shut those boys down, they're criminals! GHCQ said so.

  • Cameron sounds like the Donald Trump of the UK, except scarier - he's already been elected.

  • I can't encrypt my data in the UK? Then I guess I have to take my business elsewhere.

    Seriously, how long will you allow this idiot to cripple your economy along your privacy?

  • Only criminals will use Facebook Messenger?
  • ...underestimate the power of a one time pad and Radio Londres.

    (not necessarily a radio, there's also the option of snail mail or just sending what appears to be nonsense strings via email or IM and using an OTP to decode...)

    The point is you can encrypt using a non-repeating cipher AKA one time pad and in about oh, three seconds destroy that pad if need be.

    "The pigeon has flown. Jack Bauer has bitten the ear off the dog. Leaky faucets trip horses."

    ^Decrypt that, motherfuckers.

    • by cfalcon ( 779563 )

      The issue isn't that they will ban encryption- they can't for physical / mathematical reasons. But they CAN fuck with anyone trying to both sell a product, and add freely available encryption to that product. That's their attack point. It could be trivial to turn on a well documented open source algorithm, but the government leans on them until they turn it off and remove all user hooks. Once only techies can encrypt, it becomes much easier to strong arm them based on their encrypted traffic sticking ou

  • Events like the one in France in 1789, or in Russia in 1917, etc. happen from time to time. And sociologists still do not know why. There are several conflicting theories, but nobody knows why exactly, and how to prevent it. Louis XVI, the king of France, even wrote in his diary on July 14, 1789: "Rien", what means in English "Nothing". And the storming of Bastille came from the blue sky on this very day.

    Such events bring countless tragedies to millions or even billions. And it is all about trying to und
  • It is perhaps worth remembering that we still have no real idea exactly what this proposed legislation is going to say other than a fairly clear indication that ISPs will be required to keep some sort of record of web sites visited. There are also a couple of other reasons to think positively:
    1) The recent government sponsored report into this matter [independent.gov.uk] came out very clearly against suggestions that encryption should be controlled. But, governments are good at ignoring reports which don't say what they wa
    • I wonder why successive governments seem to want to put themselves into this particular firing line. It's as if Obama periodically gets a call from the NSA saying "Hey, go call the limeys and make sure they're doing as we asked". Us Brits then have to "look busy" but then get these things defeated by a small margin so that we can say "we tried really, really hard".

Science is to computer science as hydrodynamics is to plumbing.

Working...