UK Gov Says New Home Sec Will Have Powers To Ban End-to-end Encryption (theregister.co.uk) 282
An anonymous reader writes: During a committee stage debate in the UK's House of Lords yesterday, the government revealed that the Investigatory Powers Bill will provide any Secretary of State with the ability to force communication service providers (CSPs) to remove or disable end-to-end encryption. Earl Howe, a Minister of State for Defence and the British government's Deputy Leader in the House of Lords, gave the first explicit admission that the new legislation would provide the government with the ability to force CSPs to "develop and maintain a technical capability to remove encryption that has been applied to communications or data".
This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for Energy and Climate Change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter.
This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for Energy and Climate Change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter.
1984 (Score:5, Insightful)
Just checked the calendar. It is 1984.
Re: (Score:3, Insightful)
Re: (Score:3)
Having left Europe, Britain is on the brink of leaving reality!
Certainly, of leaving the worlds of banking, finance and digital subscriber transactions.
Re:1984 (Score:5, Funny)
Just checked the bathroom mirror. No it ain't!
Re: (Score:3)
With a large extra serving of stupid on top, as this is not doable in the first place. Nobody can "remove encryption that has been applied to communications or data", unless they have the key. So they will probably make modern crypto illegal to use in the first place, pushing Britain back into the stone-age where it apparently belongs.
Re: (Score:2)
Already tagged this story "andiwantapony".
Re: (Score:3)
Yeah, someone needs to tell the "powers that be", that Orwells' novel 1984 was supposed to be an interesting work of fiction....not a fucking Guidline/Playbook/Manual for going forward in the future!!!
Re: (Score:2)
-1 Sad
Re: (Score:2)
ANON! 6079 ANON! Yes YOU! Post more truthfully, please. You can do better than that! You're not trying! The year is 2016. Higher year, Please. THAT'S better, comrade!
Truer than you realize .... (Score:5, Informative)
Re: (Score:2)
Re: (Score:3)
Oh, no, no, you naive one. We're no where near peak dystopia. No where near.
so, the UK wants to essentially unplug as well (Score:2)
Turkey, Iran, and Pakistan say welcome. now beat up your people and jail them in black holes for life.
no end-to-end no streaming media (Score:5, Insightful)
So how will things like netflix work without end to end encryption?
Does this mean the end of https and secure transactions?
Looks like, as usual, the politicians do not understand the technology.
Re: (Score:2)
HTTPS? Hate to break the news to you [triumfant.com]. Internet security is an illusion.
Re:no end-to-end no streaming media (Score:5, Informative)
Internet security is not an illusion, but if the threat you care about is powerful enough, the CA system is just about the worst possible way to establish a basis of trust. Any CA can sign certs for any domain. If you have a powerful adversary that can co-opt a CA, you have a completely false sense of security. It's really easy to get users to trust rogue certs signed by real CAs, because it happens automatically with no user input!
Even worse, a less powerful adversary, like a browser maker or computer maker can undermine your system by installing trusted fraudulent root CA certs which should not be trusted to man-in-the-middle your TLS connections. Opera, Lenovo and Dell have all done this to name a few.
I work at a university, and to connect to the wireless, you need to "trust" a self-signed certificate. In some operating systems, you have to specifically follow some installation instructions for installing a cert manually, but on Windows and OS X, I think you just click "trust this certificate" and it pins the cert. I work in computer security (but in research, not IT). I have to explain this decision to many people who say it's insecure. Actually, it's more secure, because it forces even dumb users to pin a certificate that doesn't chain up to an public CA. Once you install the self-signed cert, it will warn you if it changes (I actually, don't know what the OS would say). This converts the certificate from the CA model to a trust-on-first-use (TOFU) model. Clearly the Uni's IT are no dummies.
TL;DR: I learned how terrible the CA system actually is in undergrad over 15 years ago. Only recently, however, has it become clear that powerful adversaries are seeming exploiting this weakness. I have no idea why there isn't more interest to actually change it, rather than just a lot of talk.
Re: (Score:3)
It does not. It simply sets a flag saying you trust that certificate. If an attacker replaces it with a CA-signed certificate they control, then your computer will still trust that certificate under the CA model.
Re:no end-to-end no streaming media (Score:5, Informative)
YMMV. It depends on the application and the implementation.
Modern Apple and Microsoft dot1x supplicants do pin on first use, but the only consequence of that is if someone spoofs a cert, the user gets a popup, and how they react to that depends on their training.
Android dot1x supplicants won't, and won't even allow you to pin a particular CA to limit exposure when using a public CA, nor even check the DN, so you are vulnerable to any old stolen key/certificate pair signed by a CA in the base OS trusted list.
If you set it up by hand, wpa-supplicant for Linux has the ability to pin either a particular cert or a CA/DN. Various GUI config tools may or may not support setting these options.
For IPSEC VPN, Windows supplicants cannot pin a CA/DN unless you use EAP-PEAP-MSCHAPv2 either for L2TP/IKEv1 or as the auth protocol in IKEv2, and it must be pinned manually or through a setup/install script. If you use EAP-MSCHAPv2/IKEv2 there is a check that DNS matches the DN, but that's not much extra security if your OS store includes a compromised CA, and Windows also cannot support DH groups higher than modp2048 in a RAS dialer, only in the decidedly user-unfriendly firewall policy feature set. Some 3rd-party VPN clients improve things slightly but often still play it loose with the store/validation. If installed through a mobileconfig, OSX and IOS do support locking things down, I think... that's next on my list of things to kick the tires on. Strongswan on linux pretty much kicks ass, once you've patched it up past the oopsie they had with the EAP state machine, but again, not an end-user-friendly animal so you are at the mercy of GUI tools to not be setting things up wrong.
The whole crypto landscape is a bit of a mess on the client side... the above doesn't really scratch the surface.
Re: (Score:3)
Internet security is imperfect. However, in this case, the UK would have to have stolen the signing certs for all existing CAs to intercept all HTTPS without it becoming obvious.
When corporate gateways intercept HTTPS, they do it by installing a new CA cert in all the browsers and it is obvious.
Of course, if Netflix ships an app with a privately generated cert embedded in it, none of the above will work unless they get hacked too.
Re:no end-to-end no streaming media (Score:4, Funny)
It would also mean the end of DRM, so the US will probably have to nuke Britain.
Re: (Score:2)
It would also mean the end of DRM, so the US will probably have to nuke Britain.
I don't know. Can we hit such a small target from orbit? [ Ba Bam - Britain slam :-) ]
Re: (Score:3)
If your ISP is a CSP, then this bill is impossible to enforce unless the ISPs either prevent encrypted packets from crossing their network or else they MITM their customers by intercepting packets during the handshake, posing as the customer, and then inserting themselves in all subsequent communications.
Of course, in your example, Netflix itself may be considered the CSP, in which case it already has the ability to provide all of the transmitted data, given that it's one of the parties to the end-to-end en
Re: (Score:3)
And, almost immediately after hitting Submit, I realized I overgeneralized and misstated some simple facts regarding an ISP's ability to conduct a MITM attack. While they certainly are in the best position to do so, given that they are, by their very nature, a MITM, they can't actually insert themselves arbitrarily in an end-to-end encrypted communication, even if they are privy to all parts of the conversation including the handshake, for the simple reason that they don't hold the private keys for either o
Re: (Score:3)
Yeah, I overstated things a bit, unfortunately. Corrections and clarifications are in a followup post.
That said, they could just reject a packet if they're not capable of doing deep packet inspection on it. And for consumer-level (i.e. tier 3) ISPs, they'd be present for the handshake, meaning that they may be able to stop the encryption before it begins, which is something they've already been caught doing [slashdot.org].
Re: (Score:3)
I have set up several servers serving random data. My job is making random data and making things that make random data.
If the government seized my computer and assumed the large random binary files on my disk were encrypted, they would be wrong. They are large random bit strings only.
Like this!" [deadhat.com]
Re: (Score:3)
Thank you for filling my server's disk.
I've limited the amount to 16 Mbytes so you can't do that.
Welp... (Score:2, Interesting)
... so much for anybody ever using a British ISP for anything. Aren't "conservatives" supposed to support corporate interests, instead of killing businesses outright?
Re:Welp... (Score:4, Funny)
... so much for anybody ever using a British ISP for anything. Aren't "conservatives" supposed to support corporate interests, instead of killing businesses outright?
Yes, but they're also supposed to be almost completely clueless when it comes to "all that computer stuff", so a little "mixed messaging" is to be expected.
Re: (Score:2)
On the bright side, I'm sure all the criminals that already break lots of existing laws will respect this UK demand for an end to end-to-end encryption....
Re: (Score:2, Offtopic)
Butthurt is the only reason parent is modded down. Parent is spot on, as any EU resident who's not been in a coma for the last decade or two can tell you.
Seriously. I like Britain and the British just fine (just spent a holiday there, in fact), but to the EU (including this EU national), the UK looks an awfully lot like that spoiled brat who quit the game because he got the rules bent "only" 90% in his favour.
Re: (Score:2)
Idioits (Score:5, Informative)
Re: (Score:2)
You consider the Tories "progressive", do you?
My illusions have been shattered (Score:5, Funny)
This is so disappointing for an American. We Americans have always been a little insecure about our accents, our education level, etc, and we look at the British, with their smart-sounding accents, and their large vocabularies, and we just intrinsically KNOW that they are smarter than us. And then something like this happens that shatters our illusions, and tells us that British people can be just as dumb as anyone else.
Re:My illusions have been shattered (Score:5, Informative)
Re: (Score:2)
Indeed. The majority of people are morons. The problem is however morons with lust for power and disregards for their fellow human beings, because they usually find ways to make the average moron cheer for them, vote for them, etc.
Re: (Score:3)
Re: (Score:2)
"Rule of Law" == rule of power and money grubbing scum in the pockets of mega-corporation's cartel thugs
Re: (Score:2)
It's a subconscious reflex caused by the accent. Even a complete dolt sounds intelligent and authoritative when speaking in the Received Pronunciation (ie. BBC English). The RP adds a few points to the default sexiness of the speaker as well.
Re: (Score:3)
Not everybody in the UK enunciates in Received Pronunciation like a BBC announcer. Nothing sounds any dumber than a Cockney accent, gov'ner. Midlands is pretty crazy too. Cornwall accent can be falling-down funny. If you're a devotee of Doc Martin, you just love the sound of it. Scottish English is truly to be savored; very difficult to comprehend though.
It isn't just the UK and USA that are separated by a common language. The UK is itself separated into fragments by a common language.
Re: (Score:2)
And then something like this happens that shatters our illusions, and tells us that British people can be just as dumb as anyone else.
Here you go: https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Re:My illusions have been shattered (Score:5, Insightful)
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:3)
That there are UK racists who voted for brexit but that does not mean that everyone who voted for brexit is a racist. Many who oppose racism voted brexit to protest the former government and/or because Corbyn, the current Labor head thinks that he has a better chance at becoming PM without the rest of the EEC socialists telling everyone he's daft.
Re: (Score:2)
Re: (Score:2)
Really? Show me a clip where someone says "they voted because of racism". Racists don't admit to it.
No. They rely on slogans like, "Make <insert country here> White - I mean, 'Great' - Again." to make their point.
Re: (Score:2)
This bad decision != Every bad decision.
But the Brexit campaign was nothing if not racist. I'd like to be able describe it as "thinly veiled" but it wasn't even *thinly* disguised as anything other than anti-immigrant/anti-foreigner. In other words--racist to the core, yes.
Re: (Score:2)
Re: (Score:2)
At least this kind of thing couldn't happen in America. We are the herald of freedom, the trumpet of ... trump of ... Trump ...
Oh, shit.
Re: (Score:2)
Nice. Makes perfect sense as it is fully consistent with the observable facts.
That's not how end-to-end encryption works (Score:5, Interesting)
I'm also wondering - does the financial sector get a pass from these directives? If not, good luck keeping London as the de-facto headquarters for the financial sector in Europe. If so, I wonder how they plan to restrict encryption to only the financial center?
Re: (Score:3, Informative)
Re: (Score:2)
Airstrip One is part of Oceania. Always has been, too.
Re: (Score:3)
Are they going to force Google, Microsoft, and Mozilla to add in British-government-controlled certificate authorities to their browsers distributed in the UK? Or force hardware vendors to provide access to decrypted data on end-users' machines? I don't think they've thought through how little control over the process CSPs have.
The Russians have declared that they are going to be doing it. So, sure, why not the Brits?
(of course, we used to point to the Russians as the poster example of "no freedom." But that was then, this is now, and I guess that's changed, right? No more commies, so they must be free!)
I'm also wondering - does the financial sector get a pass from these directives? If not, good luck keeping London as the de-facto headquarters for the financial sector in Europe. If so, I wonder how they plan to restrict encryption to only the financial center?
Didn't you hear? The Brits voted to give up on having London as the financial center for Europe. That's what Brexit accomplishes, since there's no chance in hell that the Europeans will give Britain the financial access to Euro
Re: (Score:3)
It'll be fun watching the Brits and Russia fight it out while each trying to be secure since both are essentially demanding the keys for everything.
Re: (Score:2)
I'm also wondering - does the financial sector get a pass from these directives?
It's kind of funny how you think the "rule of law" is some kind of universal concept that applies to everyone equally.
Of course this is meant to be selectively applied and not meant to be applied in a way that hurts their financial benefactors.
In other terms...
"Plebian, this law only applies to you. Our productive Equites and Senatores are not governed by this rule. Now, move along before I report your disloyal questioning to the Censor."
Re: (Score:3, Informative)
No. Read up on how the Great Firewall of China works. If the client requests a secure connection, and doesn't accept a certificate signed by the State MITM Attacker (claiming to be the connection target, if necessary generated on the fly) the connection goes no further. It's actually quite simple.
It can be worked around by letting the State MITM the connection with a proxy, then using real security for the connection through the proxy. Don't get discovered, though: doing this is terrorism. And proxies as th
UK and CHINA (Score:2)
Re:UK and CHINA (Score:4, Funny)
Is it the same country?
No. China has decent food.
Re: (Score:2)
Even the Chinese food in the UK sucks.
Re: (Score:2)
Perhaps this is what the UK had to institute in order to attract Chinese state investors to bail out the UK economy.
Not possible (Score:5, Insightful)
Re:Not possible (Score:4, Insightful)
TLS has unique challenges in this regard.
In theory, a hostile Government can pressure the CA to provide a signature for a MITM certificate, although this is transparent (it's easily discovered if that certificate is ever revoked, and identifiable if the old certificate is known).
A hostile Government can pressure the end provider (e.g. Google) to submit their Private key, thus breaking TLS: the Client asks the Server for its Certificate, then uses that Certificate to dictate a session key (and client certificate) to the Server. A passive eavesdropper with the server's Private Key can decrypt this exchange.
The best I can come up with is the Client sends the Server a random public key, and the Server sends the Client a session key; then the hostile Government must use a MITM to break it. A passive eavesdropper can be stopped, but an active MITM can't.
Your endpoints have to be non-hostile for end-to-end encryption to work. If they're infiltrated, it doesn't work.
Re: (Score:2)
Re:Not possible (Score:4, Informative)
If you have the private key, you can listen in on encryption. If you do some monkey business in the protocol, you can make a passive eaves drop impossible even in this situation; in which case, if you have the private key, you can insert yourself in the network path and mediate the conversation, thus accessing the plaintext while posing as the end server in a way the client is 100% incapable of identifying and unable to mitigate.
Having one end hand over the keys does, in fact, completely remove end-to-end encryption for that eavesdropper.
Re: (Score:2)
Having is not the same as using powers (Score:2)
I have a number of NHS Trusts among my customers. One reason they need to have end-to-end encryption is to secure patient identifiable data in transactions. If a reporting radiologist is on call, working out of his home, how is that traffic going to be sent across the Interwebs without breaking the rules in the Care Record Guarantee about keeping patient data safe, and only available to those wh
Expect Wider Use of OTPs (Score:3)
Only applies to domestic providers... (Score:2)
This power, if applied, would be imposed upon domestic CSPs [Communication Service Providers]
All this will do is ensure that anyone with a clue uses services based outside the UK. There will be no UK service providers providing encryption, because no one will trust them.
Politicians being idiots...but I repeat myself...
Will they ban browsers with JavaScript? Programmin (Score:2)
Crypto can be done easily in JavaScript with commonly available libraries. A simple Ajax script with one additional function call ( as in send(end(msg),key) rather than send(msg) and similar for decryption ) is all you need once you have your encryption library and a means of secure key exchange. How they will implement something which can be implemented in a simple php script with a common is library is beyond me.
Re: (Score:2)
How they will [ban] something which can be implemented in a simple php script with a common is library is beyond me.
It is rather easy actually, I'll lay it out step by step.
1. You, a UK citizen, create service with encryption.
2. The UK government sends you a letter advising you to disable the encryption for them or go to jail.
3A. You disable the encryption.
3B. You go to jail, the government seizes your service and disables the encryption.
Re: (Score:2)
Re: (Score:2)
Which leads to:
4. All businesses which require encryption moving out of the UK.
5. Hackers take advantage of the lack of strong encryption to decrypt data that needed to remain secure. (e.g. credit card information)
6. Criminals and terrorists use freely available strong encryption from non-UK sources.
Not hard to work around... (Score:2)
Trivial for geeks (and white collar criminals and terrorists), but ordinary folk won't know how or be able to do it, so they'll be the ones to suffer.
Mindlessly unenforceable (Score:4, Insightful)
This law would require dispensations for credit cards, banks, point of sale software, (the government itself), and many more infrastructural e-orgs that cannot function without encryption.
It would also require makers of cell phones that encrypt, Facebook (soon), and increasinly many e-firms to recognize any device/account as being ENGLISH so that it can selectively stomp all over those peoples' freedoms.
It will also generate an *ungodfy* large amount of data that will swamp the GCHQ's resources and waste their time sifting through zottabytes of drivel, since BAD GUYS DON"T CHAT ON THE PHONE.
This policy is so halfass and dumbass that it'll be impossible to enforce.
This won't wash (Score:3)
Re:This won't wash (Score:4, Informative)
Let's say I am an ISP and I have a data stream coming through my system. How do I know if the data is encrypted or not? Data is data. Neither IP nor UDP packets have an 'encrypted data' indicator.
How would we differentiate between an encrypted data stream and a video stream in a new movie format? What's the difference between decrypting vs displaying a movie? Both processes are a conversion operation being performed on a data stream.
Simple. Packet capture and look for the key exchange. I do this daily.
Re: (Score:2)
How would we differentiate between an encrypted data stream and a video stream in a new movie format? What's the difference between decrypting vs displaying a movie? Both processes are a conversion operation being performed on a data stream.
Simple. Packet capture and look for the key exchange. I do this daily.
Dunno if you are trying to be funny or are just a complete idiot. There's no need whatsoever for "key exchange" when I send an encrypted message to my broker in the Caymans. He has the decryption software and password. NOthing but the message is transmitted.
See also PGP.
Re: (Score:3)
How would we differentiate between an encrypted data stream and a video stream in a new movie format? What's the difference between decrypting vs displaying a movie? Both processes are a conversion operation being performed on a data stream.
Simple. Packet capture and look for the key exchange. I do this daily.
Dunno if you are trying to be funny or are just a complete idiot. There's no need whatsoever for "key exchange" when I send an encrypted message to my broker in the Caymans. He has the decryption software and password. NOthing but the message is transmitted.
See also PGP.
That's nice. Also totally unrelated to what the GP asked.
"performed on a data stream"
Re: (Score:2)
The power to ban mathematics? (Score:5, Insightful)
Because how could that be an ineffective gesture.. (Score:2)
designed to placate technopeasants and convince them that government actually has control of this.
If someone wants to encrypt a message, they will, and there's nothing, really, that anyone can do about it.
Just...wow... (Score:3)
I know England longs for the good old days when it thought it ruled the world, but they're proposing a giant leap backwards to the stone age....
The "Extinction Event" Asteroid can't hit fast enough at this pace or rising government fascism around the world...
No changes wrt. RIPA 2000 (Score:5, Informative)
Really? (Score:2)
The pope has also the power to 'ban' stuff, but there too nobody gives a shit.
Let me tell you exactly how long this will last: (Score:3)
This will last precisely as long as it takes for the first time the UK Home Secretary gets their bank account drained, or identity stolen, because there was no effective encryption on the very much public Internet to protect their very much private and personal data from criminals. Furthermore, I can see how legislation like this would actually increase the likelihood of terrorism; terrorists often use profits from criminal activities as operating funds; removing (or crippling) encryption on the Internet will allow them to commit cybercrimes with relative ease, thus increasing their operating funds that much more.
Of course, policitians being the duplicitous creatures they are, they -- and the rich, no doubt -- will create loopholes allowing them to posess and use full, non-crippled encryption -- for 'security purposes', of course -- and the common citizens can go fuck themselves, so far as they're concerned.
Nice job, UK. Don't you dare mock and make jokes about American politics, not when your own political system and government are at least as much of a bloody bollixed-up mess as ours, if not more so.
MEMO TO UK POLITICIANS: Go take some gods-be-damned basic computer science courses, will you? Because you have NO IDEA what the hell you're doing!
Attractive to business? (Score:2)
I thought the whole premise of Brexit is that it would allow the UK to become more attractive to business.
The Government are going about this in a curious way.
ssh? (Score:4)
So, he's going to order ssh banned from the UK? Really?
Wonder how their MoD will respond to that. Or *any* large company.....
mark
Re: Good luck with that? (Score:2)
Encode encrypted messages using pseudo poetry or something. Make it an approximation of the crap many post on fingers these days. Using a 24k article full of new age bullshit to transmit 1k of encrypted text is quite feasible.
Re: (Score:2)
First person to make an encryption protocol that disguises the data as a funny cat video wins 50 Internet Points.
Re: (Score:2)
First person to make an encryption protocol that disguises the data as a funny cat video wins 50 Internet Points
OK, I'm done. Send my my points in BitCoin equivalent.
Signed,
Joe Steganographer
Re: (Score:2)
That's actually not that hard.
If I just had a little more time at my hands.
How about a plug-in architecture (Score:4, Interesting)
Browser makers should just allow encryption plug-ins/extensions (just like they allow other extensions).
That way the browser maker is not responsible for the encryption and has no backdoor to it.
Re: (Score:2)
It is _politicians_ that want this. As in "people that tried to learn something useful, but failed". Nobody that has any connection to reality left would ever want to be a politician.
Re:Good luck with that? (Score:4, Insightful)
What exactly do they think an ISP is going to be able to do if the data is already encrypted when it hits their network?
Simple: they legislate that the ISP has to decrypt it.
It's not much different than the US state government which legislated the Pi equals 3.
Re: (Score:2)
Wireless, obviously.
Re: (Score:2)
Just drive down the road and disconnect all your neighbors. At some point the critical mass of angry peasants with pitchforks is reached and that idiocracy ends.
Re: (Score:2)
That's not a "simple solution". That's something that a group of geeks know how to do, not generic, every person who has a phone gets private communication. Further to that, the fact that you're using ssh and talking over it makes it end-to-end encryption that's banned by this law.