More Mathemagicien savagery
Pedophiles are voting Tory. Lets ban the Tory party. Watch
- 03-10-2017 20:17
- Political Ambassador
- 03-10-2017 20:19
- Thread Starter
Last edited by FriendlyPenguin; 03-10-2017 at 21:32.
- 03-10-2017 20:22
(Original post by AlexanderHam)
- 03-10-2017 20:36
Why does an ordinary citizen in a Western democracy need hard encryption for their personal communications? Other than very specific things like banking data and health information, why do ordinary citizens need to be able to encrypt their text messages to their friends and family?
I personally do not subscribe to the idea that there should be communications that the government cannot surveill and wiretap if they need to and have a judicial warrant.
Now, while I don't personally subscribe to quite so paranoid a worldview, one could yet argue that this balance is more delicate—and precarious—than you might think: Donald Trump's domestic surveillance policy isn't Barack Obama's domestic surveillance policy, but those NSA databanks sure as hell don't purge themselves every four years, and if Theresa May weren't so laughably ineffectual I'd trust her about as much as I do the former.Last edited by Profesh; 03-10-2017 at 20:43.
(Original post by Mathemagicien)
- 03-10-2017 20:46
Banks, shops, all sorts of websites rely on peer to peer encryption. You want us all to send passwords as cleartext over the internet?Why aren't you using your real name to post here, citizen? Why do you use passwords?
- Thread Starter
(Original post by AlexanderHam)
- 03-10-2017 20:48
Apples and oranges. I post here using a pseudonym. That's a different proposition from saying that MI5 shouldn't be able to intercept my communications between this computer and the website should they obtain a judicial intercept warrant.
I'm saying there shouldn't be backdoors, and there shouldn't be blanket bans on us lowly citizens from encrypting our communications.
Do me the courtesy of actually reading it, then come back to me.I'm saying there shouldn't be backdoors
- 03-10-2017 21:17
If you'd bothered to read the post to which you were replying, you'd realise I said that organisations like banks and hospitals and other similar vendors should have access to hard encryption so that people can transmit their data securely over the internet. If the security services need a wiretap, they can do it at the bank end; the bank simply provides the data to the government (that is not a backdoor; that's just the bank providing data upon request).
So citizens would have access to apps and software from companies with whom they do business that would allow them to transmit data securely over the internet. Said businesses would have to provide any such data upon request with a judicial warrant.
Businesses would also have access to hard encryption to secure their own data, networks and intellectual property.
The difference between your position and mine is that citizens would not have access to messaging apps that had hard encryption. So when they're doing bank transactions online, their data would be perfectly secure. No backdoors, no change from now. The only thing they wouldn't be able to do is have apps like Whatsapp and Telegram that use crypto protocols like Needham-Schroeder to make normal communications between citizens highly secure and resistant to decryption even with significant computing power given over to brute decryption.
I'll give you two scenarios. In the first scenario, which is how things are currently, citizens have apps like Whatsapp that have hard crypto built in to it and all messages are automatically encrypted and even the app provider isn't able to see them and has no backdoor. Let's say MI5 issues a warrant to wiretap Mr A so they can see his communications with Mr B, which are occurring over Whatsapp. They can't get Whatsapp to turn over the data to them as the company can't access that data. They can't wiretap the connection between them as all they will have is the encrypted text, which would take massive computing power to brute force it.
If they want to wiretap Mr A's whatsapp conversation, they have to mount a significant operation to somehow get malware installed onto the phone. That's a huge undertaking; it would take a number of agents a significant period of time to work out how and where they can inject malware onto the phone. Or else they have to install bugs in his house and car to physically listen to what he is saying and, to the extent possible, watch him.
That's different to if MI5 wants to get hold of Mr A's banking transactions; although the transactions and data are encrypted when they travel over the internet, the bank itself has the data and can provide it to MI5 upon request if needed.
Requiring MI5 to mount a significant operation to install malware onto a target's phone every time they want to tap their comms is a huge impost on their resources. Given there are around 5,000 jihadis on MI5's watch list and they only have 4,000 employees (of whom perhaps only 40% might be assigned to counterterrorism), the only way they can keep an eye on large numbers of jihadis is with electronic surveillance; that is the advantage the Security Services have had. The availability of hard crypto for normal messaging conversations nullifies that advantage.
So here's the second scenario. MI5 obtains a wiretap warrant for Mr A's communications. Hard crypto for normal civilian communications (other than that provided by banks, healthcare, and organisations who have access to the data at the other end and can provide the information to law enforcement on request) has been outlawed in this scenario. Instead of having to mount a large operation with maybe up to a dozen agents working out how and when they can inject malware onto his phone or bug his house and car, they can simply log into a system like Xkeyscore and open up Mr A's whatsapp communications.
MI5 doesn't care that some hippy in Brighton likes Corbyn or voted Green, or that some dude in Manchester likes big butt porn. They do care about Mr A's communications with his ISIS controller, and the prohibition on hard crypto in consumer messaging apps means that they could use electronic surveillance to even up the score just a little bit, given the huge number of jihadis and the very limited resources MI5 has in terms of keeping an eye on all of them.
Now I'm not saying you have to agree with this proposition, but at least characterise it properly rather than claiming I'm advocating for weakened crypto for everyone including business transactions, banking, health etc. My position is hard crypto for banking, health etc, (situations where MI5 can always just request the data from the organisation/company) but not for consumer-level messaging apps. A person not having access to encrypted personal messaging apps doesn't make their computing insecure, and if they really want to, they can encrypt it using shared keys or some similar thing. But for general, consumer-level messaging apps (the sort jihadist sympathisers might be likely to use), hard crypto built-in would not be available. I don't see how this is really any serious imposition on civil liberties, but it does provide MI5 with the necessary electronic surveillance advantage over the jihadis to keep (as far as is possible and realistic) as many of those 5,000 under surveillance as they possibly can.Last edited by AlexanderHam; 03-10-2017 at 21:23.