Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
United Kingdom Encryption Privacy Security Your Rights Online Politics

UK Government Says App Developers Won't Be Forced To Implement Backdoors (betanews.com) 86

Mark Wilson writes: The UK government is sending mixed messages about how it views privacy and security. Fears have been mounting since Prime Minister David Cameron wondered aloud 'in our country, do we want to allow a means of communication between people which we cannot read?' — his view obviously being that, no, we don't want to allow such a thing. Following the revelations about the spying activities of the NSA and GCHQ, public attention has been focused more than ever on privacy and encryption, Cameron having also suggested a desire to ban encryption. Today, some fears were allayed when it was announced that the government was not seeking to require software developers to build backdoors into their products. That said, the government said that companies should be able to decrypt 'targeted' data when required, and provide access to it.
This discussion has been archived. No new comments can be posted.

UK Government Says App Developers Won't Be Forced To Implement Backdoors

Comments Filter:
  • by Anonymous Coward on Thursday October 29, 2015 @02:35AM (#50823151)

    Unfortunately, Mr Cameron lacks even basic knowledge of technology, so is unable to appreciate that his expectations of making encrypted data readable by the NSA/GCHQ/Stasi, are completely unrealistic. Cameron should keep his slimy far right persona out of areas that he can't understand - since that appears to include most areas of government, maybe he'd be better seeing employment that is more fitting for his level of ability - perhaps as a clown or jester.
    And, to answer Mr Cameron's question as to whether we want to allow means of communication between people which can't be read by the secret police - I think anyone supporting of democracy will be screaming 'yes - of course we do'. This is fundamental to any democratic society. Cameron might want some kind of despotic right wing regime, but most people here don't. Remember - Cameron was elected by a very small minority of the British people (~20%), because of the way the antiquated electoral system has failed. He most certainly has no democratic mandate to rule.

    • by Kkloe ( 2751395 )
      I think they are talking about getting data that passes the server of said company that would have master keys to unlock it
    • Remember - Cameron was elected by a very small minority of the British people (~20%), because of the way the antiquated electoral system has failed. He most certainly has no democratic mandate to rule.

      What would you consider a mandate, and what British PM has ever achieved that sort of level of support?

    • Your figures are off.

      http://www.bbc.com/news/electi... [bbc.com]

    • by Jamu ( 852752 )
      24% of the electorate voted for a Conservative candidate. 0.08% voted for David Cameron.
    • by AmiMoJo ( 196126 )

      Don't underestimate Cameron. The upper class twat persona is just a mask. He is extremely careful to be bland an inoffensive at all times, speaking only in generalities and vague benign sounding ideals.

      For example, on this issue he always talks about safety. No-one opposes safety, right? Safety is good. He avoids being too specific or saying anything too ideological.

      He is a dangerous opponent, because he turns people to apathy. They vote for him because he stands for nothing specific, so they fill in the bl

    • by 0123456 ( 636235 )

      Ha-ha. You think Cameron is 'far right'.

      He's at best a cuckservative, and even that is debatable.

    • Clown or Jester is the perfect job description for the modern politician. Look at the U.S. They are about to elect Trump.
  • in every major encryption algo. So why do they worry?
    • by AHuxley ( 892839 )
      The US and UK have 3 areas to worry about.
      Open source efforts produce a good new method thats free, accepted and upgraded.
      Some neutral nation outside the US and UK direct academic influence sells, creates or offers good working encryption at a low price.
      A brand installs harder than average encryption responding to market forces that does not decode easily in realtime in consumer hardware or software.
      Most of the above are fixed with big cash offers, international treaties or a nice chat.
    • by gweihir ( 88907 )

      They do not. Really not. That would be a catastrophe waiting to happen. (Then, we still have enough nukes at the ready to destroy the planet several times over, so that may not be much of a deterrent.) But it seems highly unlikely that they can break modern crypto like AES or indeed any of the other finalists for a number of reasons. In addition, the continued failure to force companies to make their software more secure does deliver a host of vulnerabilities all the time. I am not sure this is an accident.

  • Any data flow could be of interest to the UK gov at some time for some reason and UK staff will have to provide gov/mil access when demanded.
    A brand thinking their data sets will not be of interest and not build in UK ready traps doors or back doors would be offering a "means of communication between people which we cannot read".
    By default UK based brands will have to build in trapdoors, backdoors just to cover that UK gov request eventuality ie "companies must be able to provide targeted access"".

    Nobo
  • Bottom line (Score:5, Insightful)

    by 93 Escort Wagon ( 326346 ) on Thursday October 29, 2015 @02:57AM (#50823189)

    The politicians deciding these rules have no idea how this stuff works. "We're not asking for back doors. Back doors are bad. We just want a way to access the contents of encrypted messages when we deem it necessary."

    It'd be funny if the stakes weren't so high.

    • by Kkloe ( 2751395 )
      ?, as a developer I cant see how you cant build so the cant be unencrypted if it passes the servers we have control over, like apple, they have encryption on the phone that apple cant crack but when that message\data is passed\synced through apples servers they can allow other access to it.
      this is what they probably are talking abou
      • as a developer I cant see how you cant build so the cant be unencrypted if it passes the servers we have control over, like apple, they have encryption on the phone that apple cant crack but when that message\data is passed\synced through apples servers they can allow other access to it.
        this is what they probably are talking abou

        Please explain your rationale for believing that.

        • by Kkloe ( 2751395 )
          http://mashable.com/2014/09/18... [mashable.com]

          There's a catch, though: even if Apple is unable to hand over the data from your phone, it can (and will, if asked via a court order) hand over the data from your iTunes or iCloud account

          maybe

          • as a developer I cant see how you cant build so the cant be unencrypted if it passes the servers we have control over, like apple, they have encryption on the phone that apple cant crack but when that message\data is passed\synced through apples servers they can allow other access to it.
            this is what they probably are talking abou

            Please explain your rationale for believing that.

            "There's a catch, though: even if Apple is unable to hand over the data from your phone, it can (and will, if asked via a court order) hand over the data from your iTunes or iCloud account"

            The government can already get your unencrypted transmissions, because they have tapped all backbone links in the USA, and probably everywhere. But the only way that Apple can provide the data from your iTunes or iCloud account is if there's a back door in the encryption system.

            • by Kkloe ( 2751395 )
              back door?, no they use their own keys to encrypt the stuff on *their* servers, thats not a back door, that is how it is
              • by dkasak ( 907430 )

                Your data passing through someone else's servers doesn't automatically imply they have means of decrypting that data. Clients can generate keys themselves (or negotiate them securely with each other, in the case of asymmetric encryption) and keep them secret. Data encrypted in such a way can be stored wherever you want without the party owning the infrastructure being able to read it.

              • That may be how it is, but it is not necessarily how it has to be. It is possible to build a system where the data is encrypted with per-user private keys, which never leave the user's device(s) - at least, not in the clear, and ideally only when being migrated/copied to other devices. Do all the crypto on the device, transmit & store it with private keys unknown to the owners of the infrastructure.

                For all I know, this might in fact already be how iTunes & iCloud work already; that certainly seems t

            • Not true. This Data is not encrypted by the users password or a separate encryption key. iMessage is encrypted end-to-end.

              Emails, calendar, notes, address book, photos, unencrypted backup are not encrypted with a key apple has no access to on the icloud. You could encrypt the backup with a special password, the other stuff is NSL-able.

              You could use posteo.de or similar services for emails, calendar and address book and encrypt the stored data with the password for login. That is easy because apple uses stan

      • by Lakitu ( 136170 )

        like apple, they have encryption on the phone that apple cant crack

        If Apple can't unencrypt it on the phones, then they can't unencrypt it ever.

        but when that message\data is passed\synced through apples servers they can allow other access to it

        When the phone owner unencrypts his unencryptable data and sends that in an unencrypted message through Apple's servers, then Apple has the unencrypted data.

    • by gweihir ( 88907 )

      Probably the only real problem with democracy is that most voters are morons, but more so, most politicians are morons and with all shreds of personal honor, integrity or morality removed.

  • by Anonymous Coward

    It's high time the governments of the world started cracking down on the terrorist nests that are analog books. It's impossible to know if thought crimes are committed with ink and paper. Perhaps a mandatory legal waiver of ones human rights with each purchase of writing materials?

    It might be best to just proceed to the inevitable conclusion and burn every literate human being at the stake unless they agree to live with a government approved guardian overseeing their every action and thought.

    • by gweihir ( 88907 )

      +1000000, insightful. Sorry, no mod points. (Time to start reading those classics again. They become more and more relevant, unfortunately.)

  • David Cameron made a speech. He said the government wants it to be impossible for terrorists to hide from the security services.

    Tech media sites assumed that Cameron knew exactly what he was talking about while at the same time having no idea what he was talking about. They concluded that the only way this would be achievable would be to ban encryption. In fact, given that pretty much everyone who talked about it mentioned WhatsApp and Snapchat, and no other services, it makes it pretty obvious they were
    • How could this possibly be? How could we assume that he is an orwellian Big Brother, conpiring with the USA to build an orwellian, fascist surveillance scheme?

      Because of reports like this? https://theintercept.com/2015/... [theintercept.com]

      Because there is nothing holding back the GCHQ from intersepting everything including porn use to denounce any resistance? Because the GCHQ has already infiltrated legal NGOs to undermine and control those "terrorist" NGOs like Amnesty International?

      http://www.theguardian.com/uk-... [theguardian.com]

      Because

      • Well, yes... Most governments want to spy on their citizens. I am not defending this.

        I'm just pointing out the idiocy of people who infer specifics based on a wild interpretation of a speech.
    • by gweihir ( 88907 )

      David Cameron made a speech. He said the government wants it to be impossible for terrorists to hide from the security services.

      And that is the problem right there: The only environment where that even gets close to the truth is extreme Fascism. If there is even a bit of personal freedom left, terrorists can hide. Hence even extreme Fascism offers some possibilities for terrorists to hide, so you have to have things like concentration camps, wars and famines to keep them otherwise occupied. But remember all those people that hid Jews in the 3rd Reich? All these qualify as "terrorists" in the convoluted mind-set of Cameron and he wan

  • Answer: "When you can see their lips moving".

    Cameron is an ex-PR flack who never lets truth get in the way of the message.

  • Not forced (Score:2, Insightful)

    by Anonymous Coward

    NO developers were forced to add back doors to these apps, but most of them voluntarily chose to live peacefully with their families.

  • Today, some fears were allayed when it was announced that the government was not seeking to require software developers to build backdoors into their products. That said, the government said that companies should be able to decrypt 'targeted' data when required, and provide access to it.

    What's the difference here? Companies like Apple are designing their systems such that they never have the key to the data. They hold the data, but have no way to access it, by design. The UK is saying they're not going t

  • by FrozenGeek ( 1219968 ) on Thursday October 29, 2015 @06:42AM (#50823831)
    The majority of the public won't understand that "should be able to decrypt on demand" is the same thing as a back door. To them, what he said was good and fair. This is just another case of a politician playing with words in order to manipulate the electorate.
  • Developers "Won't be forced" because they will otherwise be motivated (i.e. what just happened in the US where telcos get immunized against lawsuits in exchange for providing customers' private data to the Feds).

  • by DickBreath ( 207180 ) on Thursday October 29, 2015 @08:17AM (#50824273) Homepage
    As long as they are insecurely secure.

    In classic government oxymoronic style. Governments are full of oxymorons.

    Some government "adult male" in their "arrogant humility" engaged in "a just war" wants us to "agree to disagree" to introduce "astronomically small" insecurities into our "insecurely secure" systems so that "military intelligence" can "read unreadable" messages.

    It all makes sense.
  • UK Government Says App Developers Won't Be Forced To Implement Backdoors

    But if they know what's good for them...

  • So I'm confused. They won't make app developers put in a back door (to allow them to intercept communication) but will require them to have a method to intercept communication on demand. How exactly is that not a backdoor?
    • by gweihir ( 88907 )

      Something needs to be intentionally broken if they can intercept and decrypt communications. That is a "compromise" of the security of the app, but it is not a backdoor, which is a command and control interface into the app. Intercepting and decrypting communication can be done by weaknesses in the Architecture, design and implementation, but may not require contacting the app at all.

      The distinction is purely technical though, the result is the same: A broken product that endangers its users.

  • This is really the best of both worlds: Force backdoors (which are insecure, of course) in there, but make it right again forcing the people involved to lie about it. Everybody that does not comply is obviously a terrorist and will go into an isolation cell in prison for his remaining lifetime.

    In particular the British administration is lying habitually and pathologically and nothing they say can be trusted.

  • And not understand this cat is out of the bag and you will never be able to put it back in.

Keep up the good work! But please don't ask me to help.

Working...