Cameron wants to ban encryption
Scroll to see replies
That is absolutely ridiculous. It shows just how out of touch these people are.
Original post by Dez
Putting aside the fact that it's technically unfeasible, if you had a ban like this why would it stop the terrorists? They're committing crimes already, a few more won't make any difference. Unless the encrypted traffic can either be stopped or decrypted (both of which are impossible if you plan to allow other encrypted data, for financial transactions as you suggested), there's no way to enforce such a ban other than prosecution.
I agree with you, it would be very difficult technically to remove such constraints which are so well implemented. It would also be difficult as we are reliant on servers hosted in other countries which would not be affected by such legislation. Something needs to be done regarding personal communications but it would be difficult to harness the support of multinational companies who endorse encryption and banishing encryption for financial transactions would be ludicrous.
Original post by ChaoticButterfly
TSR worker monkeys are aloud to express political viewpoints? 
Most are quite vocal left wingers, actually.
Original post by DBR247
There is a very fine line regarding encryption which needs to be distinguished. Encryption is a vital method for securing financial transactions and is used by all major organisations. However, encryption can also abused by perpetrators of terrorism and those committing illegal activities. It would be unfeasible for the government to ban all encryption and would be severely objected to by large organisations, especially those in the finance industry. A ban on encryption for personal communications would be more suitable to allow the government to monitor and deter those who intend to commit such acts.
Hang on... You're going to make something illegal that is impossible to enforce and assume that the people the government wants to be able to spy on will be deterred from using encryption when they're planning terrorist attacks, which is a little "more" illegal. Lifetime in Belmarsh isnt enough of a deterrent to stop them from doing that.
First he bans our porn. AND NOW THIS?!
MONSTER!
MONSTER!
I'll just add that you can't ban encryption. It's impossible.
It's impossible to prove something is encrypted.
It's impossible to prove something is encrypted.
Original post by ComputerMaths97
I'll just add that you can't ban encryption. It's impossible.
It's impossible to prove something is encrypted.
It's impossible to prove something is encrypted.
False.
Original post by Mad Vlad
False.
Elaborate?
Original post by ComputerMaths97
Elaborate?
If you use the correct algorithm and the key, it will produce an intelligible message.
Impossible is not the right word; very very difficult would be more accurate. Also some encryption methods have telltale markers that betray the algorithm used and that the entropy of the data is not as high as you would expect from white noise.
What I always want to know when it comes to this sort of thing is where are the millions of office workers or millions of £££ invested in some mad 1984 style super-computer examining the data? The government seems to want to cast a net on all forms of communication....but how do you then process it at all? I mean imagine rounding up every Facebook comment, every tweet, every snapchat etc...and what, looking for keywords? That's still going to give you millions of pieces of text a day which are meaningless and any terrorist worth their salt is going to A) Not make accounts which would associate with their ID, and not use phrases/words. which would make intent obvious.
I don't blame Cameron and May for their desire to ban encryption - they just simply don't have the knowledge or understanding of what it is they're proposing. It's their advisors and the senior figures within the Intelligence Community that are the ones to blame, and it's worth remembering that Labour was just as bad in their time in office.
Since 2001, we've seen an unprecedented erosion of freedoms in the name of "security" and it's borne some truly dreadful legislation at home and around the world, much of it as a knee-jerk response to things that happened, and it really is questionable how beneficial a lot of this has really been. Of course, we're not able to judge for ourselves because a lot of the work done in the name of these laws exists in the classified space at the doughnut or the fort.
The proposals aren't workable at all. As someone that relies on and uses strong encryption every day of my life and works in cyber security, the proposals are not just harmful, but impossible to implement. They're not proposing a ban of encryption per se, moreover they're wanting to hold private keys in escrow so that they can intercept and decrypt messages in transit. The problem is, I really don't think they've thought through how that's going to work; let alone how they're planning on securing this skeleton key, seeing as some of the most powerful governments in the world can't even protect their own data, let alone everyone else's. Corporations will not tolerate having their corporate networks exposed at the mercy of HMG. And as for the regular technology user on the ground, it's utterly abhorrent. It exposes their personal data to threats of misuse and interception from nefarious 3rd parties (ignoring for a moment the spooky agencies) - from cyber criminals. Everybody loses with this proposal. Everyone but the people that the proposal seeks to spy on, for the reason I stated before - the bad guys don't care about the law; that's why we're trying to spy on them in the first place... so writing laws banning encryption for forcing people to hand over their private keys to use encryption, isn't going to achieve its intended goal.
I'm not a conspiracy theorist. I used to work in the defence industry. I know what governments want to do and what they have no intention of doing. I genuinely believe that this is a well meaning proposal and that it's not intended as an enabler for the government to be able to invade your privacy in a very intrusive way as part of some horrific dystopian police state, but its aims are totally divergent from the effect it will achieve. I also believe that it won't happen and despite be being a supporter of this government, I will never support this proposal.
Since 2001, we've seen an unprecedented erosion of freedoms in the name of "security" and it's borne some truly dreadful legislation at home and around the world, much of it as a knee-jerk response to things that happened, and it really is questionable how beneficial a lot of this has really been. Of course, we're not able to judge for ourselves because a lot of the work done in the name of these laws exists in the classified space at the doughnut or the fort.
The proposals aren't workable at all. As someone that relies on and uses strong encryption every day of my life and works in cyber security, the proposals are not just harmful, but impossible to implement. They're not proposing a ban of encryption per se, moreover they're wanting to hold private keys in escrow so that they can intercept and decrypt messages in transit. The problem is, I really don't think they've thought through how that's going to work; let alone how they're planning on securing this skeleton key, seeing as some of the most powerful governments in the world can't even protect their own data, let alone everyone else's. Corporations will not tolerate having their corporate networks exposed at the mercy of HMG. And as for the regular technology user on the ground, it's utterly abhorrent. It exposes their personal data to threats of misuse and interception from nefarious 3rd parties (ignoring for a moment the spooky agencies) - from cyber criminals. Everybody loses with this proposal. Everyone but the people that the proposal seeks to spy on, for the reason I stated before - the bad guys don't care about the law; that's why we're trying to spy on them in the first place... so writing laws banning encryption for forcing people to hand over their private keys to use encryption, isn't going to achieve its intended goal.
I'm not a conspiracy theorist. I used to work in the defence industry. I know what governments want to do and what they have no intention of doing. I genuinely believe that this is a well meaning proposal and that it's not intended as an enabler for the government to be able to invade your privacy in a very intrusive way as part of some horrific dystopian police state, but its aims are totally divergent from the effect it will achieve. I also believe that it won't happen and despite be being a supporter of this government, I will never support this proposal.
(edited 8 years ago)
Original post by joey11223
What I always want to know when it comes to this sort of thing is where are the millions of office workers or millions of £££ invested in some mad 1984 style super-computer examining the data? The government seems to want to cast a net on all forms of communication....but how do you then process it at all? I mean imagine rounding up every Facebook comment, every tweet, every snapchat etc...and what, looking for keywords? That's still going to give you millions of pieces of text a day which are meaningless and any terrorist worth their salt is going to A) Not make accounts which would associate with their ID, and not use phrases/words. which would make intent obvious.
With great difficulty. You only have to look at the size and scale of the NSA's recently opened data centre in Bluffdale, Utah to get an idea of the mind-boggling amounts of hardware you need to run this kind of operation: https://en.wikipedia.org/wiki/Utah_Data_Center#Structure
That's the problem with "big data"... it's big.
Original post by Mad Vlad
If you use the correct algorithm and the key, it will produce an intelligible message.
Impossible is not the right word; very very difficult would be more accurate. Also some encryption methods have telltale markers that betray the algorithm used and that the entropy of the data is not as high as you would expect from white noise.
Impossible is not the right word; very very difficult would be more accurate. Also some encryption methods have telltale markers that betray the algorithm used and that the entropy of the data is not as high as you would expect from white noise.
Does that actually prove anything though? As you said in another post this law would be utterly unenforceable anyway and likely won't happen, but if somehow it did I really can't see stuff like the above holding up in court.
Original post by Mad Vlad
If you use the correct algorithm and the key, it will produce an intelligible message.
Impossible is not the right word; very very difficult would be more accurate. Also some encryption methods have telltale markers that betray the algorithm used and that the entropy of the data is not as high as you would expect from white noise.
Impossible is not the right word; very very difficult would be more accurate. Also some encryption methods have telltale markers that betray the algorithm used and that the entropy of the data is not as high as you would expect from white noise.
No but in the real word a basic key is never used. I guess impossible was the wrong word, but you say intelligible, which is very possible. But proving it on the other hand, would require it to be first cracked. So banning it, would require decryption of all messages.
And if they could do that, there would be no point in the ban xD
Just a backwards argument, he's trying to ban something instead of fixing it, that's not how life works.
It's like there being an overpopulation problem and then just banning kids, shouldn't be done like that xD
Original post by Mad Vlad
I'm not a conspiracy theorist. I used to work in the defence industry. I know what governments want to do and what they have no intention of doing. I genuinely believe that this is a well meaning proposal and that it's not intended as an enabler for the government to be able to invade your privacy in a very intrusive way as part of some horrific dystopian police state, but its aims are not totally divergent from the effect it will achieve. I also believe that it won't happen and despite be being a supporter of this government, I will never support this proposal.
I'm not a conspiracy theorist. I used to work in the defence industry. I know what governments want to do and what they have no intention of doing. I genuinely believe that this is a well meaning proposal and that it's not intended as an enabler for the government to be able to invade your privacy in a very intrusive way as part of some horrific dystopian police state, but its aims are not totally divergent from the effect it will achieve. I also believe that it won't happen and despite be being a supporter of this government, I will never support this proposal.
Enjoyed reading your insight, so thank you (genuine compliment). I have a bit of inside knowledge, having worked in IT (including a short spell in a 'relevant' sector), but your technical knowledge is far superior to mine.
I basically agree with a lot of what you said. Cameron has to at least be seen to be doing something. i really don't think it's part of some insidious plot by central government to turn the UK into some kind of Stalinist police state. It's more likely that he's delving into matters he really hasn't got a clue about. It seems to me that encryption, like a lot of things, can be used for all sorts of applications that fall at all points along the moral spectrum. Your analysis above gives some insight into how utterly impractical the whole idea is.
Original post by Dez
but if somehow it did I really can't see stuff like the above holding up in court.
tbh I can't see how the government would actually want to go to court without making North Korea/China/Saudi laugh in our faces.
I mean lets say we were mates who chatted online, for whatever reason, we sent messages via encryption. So if the government proves we're sending each other encrypted messages, and private users carrying out encryption is illegal, we're seriously going to potentially face jail-time for basically talking to each other in a secret language? We'd be the laughing stock of the world surely? You'd have countries like China being able to act all holier then thou over it.
Also I hope this doesn't apply to offline. As a toddler, party due to dyspraxia impacting my ability to learn pronunciation as well (or whatever medical BS it was about me being slow) I used to make up words for multiple things and would insist on using them, so a train was a lalorg, a plane was a lylaguy....kids encrypting!
(edited 8 years ago)
Original post by joey11223
tbh I can't see how the government would actually want to go to court without making North Korea/China/Saudi laugh in our faces.
I mean lets say we were mates who chatted online, for whatever reason, we sent messages via encryption. So if the government proves we're sending each other encrypted messages, and private users carrying out encryption is illegal, we're seriously going to potentially face jail-time for basically talking to each other in a secret language? We'd be the laughing stock of the world surely? You'd have countries like China being able to act all holier then thou over it.
Also I hope this doesn't apply to offline. As a toddler, party due to dyspraxia impacting my ability to learn pronunciation as well (or whatever medical BS it was about me being slow) I used to make up words for multiple things and would insist on using them, so a train was a lalorg, a plane was a lylaguy....kids encrypting!
I mean lets say we were mates who chatted online, for whatever reason, we sent messages via encryption. So if the government proves we're sending each other encrypted messages, and private users carrying out encryption is illegal, we're seriously going to potentially face jail-time for basically talking to each other in a secret language? We'd be the laughing stock of the world surely? You'd have countries like China being able to act all holier then thou over it.
Also I hope this doesn't apply to offline. As a toddler, party due to dyspraxia impacting my ability to learn pronunciation as well (or whatever medical BS it was about me being slow) I used to make up words for multiple things and would insist on using them, so a train was a lalorg, a plane was a lylaguy....kids encrypting!
Some conversations I have with friends might as well be encrypted, such is the chance of an outsider understanding what the hell we're on about. Oh well, guess it's the clink for cliques.
Original post by Dez
Does that actually prove anything though? As you said in another post this law would be utterly unenforceable anyway and likely won't happen, but if somehow it did I really can't see stuff like the above holding up in court.
Well quite. That's not "proof" I guess... but in the astronomically unlikely event that the authorities managed to brute force an encryption key and decrypted the contents, you'd be hard pushed to argue that an intelligible message derived in a reproducible forensic manner, using realistic input parameters could have been obtained any other way. You'd be essentially arguing that a sea of monkeys with typewriters have reproduced the entire works of Shakespeare, rather than they successfully decrypted a message that you encrypted.
It's the same legal argument why the use of MD5 as a hashing algorithm (which as we know is fundamentally cryptographically broken) is still accepted as evidentiary quality crypto in a court of law. Rob Lee from SANS sums this up nicely in this blog post from 2009 using an analogy that an examiner called Scott Moulton used to defend MD5 in court on the subject of hash collisions and the attempt to discredit digital evidence on the basis of doubt that the evidence has not been tampered with:
...it is more likely that before showing up for jury duty, all the jurors randomly put the same 7 numbers into the Powerball Lottery and won. That has a much greater chance of happening than a naturally occurring collision.
Probability is everything in courts, especially where forensics are concerned.
Original post by Mad Vlad
Well quite. That's not "proof" I guess... but in the astronomically unlikely event that the authorities managed to brute force an encryption key and decrypted the contents, you'd be hard pushed to argue that an intelligible message derived in a reproducible forensic manner, using realistic input parameters could have been obtained any other way. You'd be essentially arguing that a sea of monkeys with typewriters have reproduced the entire works of Shakespeare, rather than they successfully decrypted a message that you encrypted.
It's the same legal argument why the use of MD5 as a hashing algorithm (which as we know is fundamentally cryptographically broken) is still accepted as evidentiary quality crypto in a court of law. Rob Lee from SANS sums this up nicely in this blog post from 2009 using an analogy that an examiner called Scott Moulton used to defend MD5 in court on the subject of hash collisions and the attempt to discredit digital evidence on the basis of doubt that the evidence has not been tampered with:
Probability is everything in courts, especially where forensics are concerned.
It's the same legal argument why the use of MD5 as a hashing algorithm (which as we know is fundamentally cryptographically broken) is still accepted as evidentiary quality crypto in a court of law. Rob Lee from SANS sums this up nicely in this blog post from 2009 using an analogy that an examiner called Scott Moulton used to defend MD5 in court on the subject of hash collisions and the attempt to discredit digital evidence on the basis of doubt that the evidence has not been tampered with:
Probability is everything in courts, especially where forensics are concerned.
TBH I'd take a prison sentence if the court case against me included proof of P = NP.
Fuсk this guy
probably mentally disfunctional or sucking major corporation сock
revolution now!
probably mentally disfunctional or sucking major corporation сock
revolution now!
Quick Reply
Related discussions
- Reshuffle: David Cameron is back and Braverman sacked
- Do we have to know the Diffie-Helman key exchange for a level comp sci aqa paper 2?
- Boris Johnson ‘can’t remember passcode’ to phone with Covid WhatsApp messages
- Random number texting me
- Do you wish Johnson to return?
- Will i be able to study cyber security without the preferred entry requirements
- can i remove imac 2011 hard drive with the data and view it on a pc
- Cameron-comeback, opinions?
- Lattice based encryption
- How to send files safely on TSR?
- Should I give my password to my EPQ co-ordinator?
- AQA A level computer science NEA ideas
- Unit 7 p4
- EPQ - Tired Year 12 student.
- Can my school see my search history if I am using a vpn?
- Desire for net zero referendum growing among public, poll finds
- GCSE computer science ocr
- How can businesses protect themselves from cyber threats?
- Maths personal statement help
- Deleting tiktok
Latest
Trending
Last reply 2 days ago
Why is the political left now censorious and authoritarian??Last reply 2 days ago
Is it true that British unis are prejudiced towards degrees from Scottish unis?Last reply 2 days ago
If the Russell Group was now a fair representation of what it still claims to beLast reply 2 weeks ago
TSR Goes Green: How important will the environment be in this year's election?Last reply 2 weeks ago
Research Rankings of universities if you add Research Quality & Intensity percentagesLast reply 1 month ago
Is University of Birmingham prestigious and respected well enough in UK ?Trending
Last reply 2 days ago
Why is the political left now censorious and authoritarian??Last reply 2 days ago
Is it true that British unis are prejudiced towards degrees from Scottish unis?Last reply 2 days ago
If the Russell Group was now a fair representation of what it still claims to beLast reply 2 weeks ago
TSR Goes Green: How important will the environment be in this year's election?Last reply 2 weeks ago
Research Rankings of universities if you add Research Quality & Intensity percentagesLast reply 1 month ago
Is University of Birmingham prestigious and respected well enough in UK ?
