David Cameron in 'cloud cuckoo land' over encrypted messaging apps ban

[Syt]

... says Grauniad

http://www.theguardian.com/technology/2015/jan/13/david-cameron-encrypted-messaging-apps-ban

David Cameron in 'cloud cuckoo land' over encrypted messaging apps ban

The prime minister's pledge to give security services access to encrypted communications is 'crazy', experts say

David Cameron is "living in cloud cuckoo land" when he suggests a new Tory government would ban messaging apps that use encryption, security experts have told the Guardian.

The prime minister has pledged anti-terror laws to give the security services the ability to read encrypted communications in extreme circumstances. But experts say such access would mean changing the way internet-based messaging services such as Apple's iMessage or Facebook's WhatsApp work.

Independent computer security expert Graham Cluley said: "It's crazy. Cameron is living in cloud cuckoo land if he thinks that this is a sensible idea, and no it wouldn't be possible to implement properly."

Other security experts echo Cluley, describing the approach as "idiocy" and saying Cameron's plans are "ill-thought out and scary". The UK's data watchdog has also spoken out against "knee-jerk reactions", saying moves could undermine consumer security.

Meanwhile a start-up has warned on the possible effect on Britain's nascent technology sector of Cameron's plans. Eris Industries, which uses open-source cryptography, has said it is already making plans to leave the UK if the Conservative party is re-elected with this policy in its programme.

On Monday, Cameron made a speech in which he decried the ability of ordinary people to have conversations on which the security services were unable to eavesdrop.

"In extremis, it has been possible to read someone's letter, to listen to someone's call, to mobile communications," Cameron said. "The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not."

Cluley said either tech companies would have to work with UK government and build backdoors into their software to allow the authorities to intercept messages, or the apps themselves will have to be banned.

"If there are backdoors in the apps, or if weak encryption is used, then you are only opening up opportunities for hackers to break in and steal information too. That's not going to go down well with businesses or consumers," Cluley said.

Ross Anderson, professor of security engineering at the University of Cambridge, said: "This is just what the agencies pushed in the late 1990s, after Al Gore persuaded Tony Blair to go back on his pre-election promise not to ban encryption.

"Industry fought back, along with civil society, and the outcome was the Rip Act, which gives a chief constable the power to demand decryption."

Peter Sommer, professor of cybersecurity and digital evidence at de Montfort and the Open Universities, said: "The National Crime Agency and the people there understand that relationships with people and the companies like Google are important, as they will help you, but passing laws and badmouthing in public is simply not going to work,"

"But at the top there's been the kind of idiocy exemplified by what happened in the basement of the Guardian, where there were obviously lots of copies of the Snowden material but they insisted on the destruction of a computer that might have been used for storing them."

"Yes you can pass laws in Westminster until you're blue in the face but you can't enforce them," said Sommer.

The UK's data watchdog, the Information Commissioner Christopher Graham and data privacy campaigners were equally worried by Cameron's comments and the implications it could have on data security and privacy.

"We must avoid knee jerk reactions," said Graham. "In particular, I am concerned about any compromising of effective encryption for consumers of online services."

"Citizens, businesses, and nation states need to protect themselves. Internet companies are understandably offering their customers online services that are better encrypted following recent security incidents," said Graham.

"Cameron's plans appear dangerous, ill-thought out and scary," said Jim Killock, director of the Open Rights Group. "Having the power to undermine encryption will have consequences for everyone's personal security. It could affect not only our personal communications but also the security of sensitive information such as bank records, making us all more vulnerable to criminal attacks."

"The only practicable way forward is a new international treaty on access to communications data and content, which must involve safeguards that will be acceptable to all," said Anderson.

Preston Byrne, the chief operating officer of Eris Industries, warns that his company will be forced to leave the UK if Cameron's comments on the technology become policy, and move to "more liberal climes such as Germany, the U.S., the People's Republic of China, Zimbabwe, or Iraq."

Byrne, who is also a fellow at the London-based free-market think tank ASI, told the Guardian that "secure open-source cryptography is at the core of our business... so we were able to make the decision more or less immediately."

Eris Industries uses technology loosely based on the bitcoin cryptocurrency to build a decentralised network, with potential applications in communications, social networking and community governance. But, Byrne warns, "none of these benefits can be realised without secure cryptography, including end-to-end encryption.

"David Cameron has said this measure is designed to 'modernise' the law. He fails to understand the full extent of how out of date the law is. The only way you can shut down cryptographic distributed networks today is to either arrest the vast majority of (or in the case of a blockchain database, all) persons running a node and ensure that every single data store containing a copy of that application database is destroyed; or shut down the Internet."

As a result, he tells the Guardian, "I'd be very surprised if the Conservatives stick to their guns on this."

One insider at a major US technology firm told the Guardian that "politicians are fond of asking why it is that tech companies don't base themselves in the UK".

"I think if you're saying that encryption is the problem, at a time when consumers and businesses see encryption as a very necessary part of trust online, that's a very indicative point of view."

So, mandatory government backdoors to encrypted data:
- feasible?
- necessary?
- can misuse be prevented?
- can criminals exploiting the built in weak spots be avoided?

[frunk]

So, mandatory government backdoors to encrypted data:
- feasible?
- necessary?
- can misuse be prevented?
- can criminals exploiting the built in weak spots be avoided?

maybe
no
no
no

[Martinus]

This is bizarre. It is one thing to let the government spy on people. It is quite another to forbid people to protect themselves from government (or any other) spying. It's like banning people from communicating in code.

First the porn ban and now this. It seems to me Cameron's government has entered the phase of vastly unpopular governments where they desperately try to divert attention from issues that make them unpopular by stirring up other controversies. In practice, this ends up only making them more unpopular with new groups of people, though.

[Brazen]

Rather nice analysis and potential technical fallout from Doctorow:

http://boingboing.net/2015/01/13/what-david-cameron-just-propos.html

What David Cameron just proposed would endanger every Briton and destroy the IT industry

David Cameron says there should be no "means of communication" which "we cannot read" -- and no doubt many in his party will agree with him, politically. But if they understood the technology, they would be shocked to their boots.

What David Cameron thinks he's saying is, "We will command all the software creators we can reach to introduce back-doors into their tools for us." There are enormous problems with this: there's no back door that only lets good guys go through it. If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal -- and like the high-level police who secretly worked for organised crime for years), and criminals will eventually discover this vulnerability. They -- and not just the security services -- will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers. <snip>

[Martinus]

Yeah, I thought that was a no-brainer. Then again, politicians everywhere always find new ways of showing us there are no such things as no-brainers.

[Ideologue]

Another reason to vote for me: the State's interception of encrypted communications will be wholly unnecessary once there is a camera on every street and in every room.

[Eddie Teach]

Another reason to vote for me: the State's interception of encrypted communications will be wholly unnecessary once there is a camera on every street and in every room.

Cameron could float your idea first and then back off to his idea in the classic "Mom, I'm pregnant. Kidding! I just got a tattoo" gambit.

[garbon]

Another reason to vote for me: the State's interception of encrypted communications will be wholly unnecessary once there is a camera on every street and in every room.

Cameron could float your idea first and then back off to his idea in the classic "Mom, I'm pregnant. Kidding! I just got a tattoo" gambit.

I never took that route. I was always like, "Look at all these As that I got. Say what do you think about letting me dye my hair like rainbow bright?"

[Razgovory]

I'm not entirely sure what he wants to do.  From what it sounds like it would sort of like mandating that all locks in the UK must be able to be opened with one key and that all other locks are forbidden.  I must be reading this wrong, because that doesn't make any sense.

[Martinus]

Incidentally, how does he propose to do it in practice, implementation wise? It's one thing to claim that the government will have this "backdoor" that noone else will find out about (it's ridiculous especially given the past record of the British government in keeping sensitive information secret) but then thousands of people who develop communication software would need to know the "backdoor" to be able to build it into the software, right? Or do they propose to subsequently blind and kill them, pyramid builder style?

[Zanza]

This is a really silly proposal.

[Richard Hakluyt]

http://en.wikipedia.org/wiki/Charles_Farr

......is, I think, the real force behind many of these stupid strategies.

[frunk]

Incidentally, how does he propose to do it in practice, implementation wise? It's one thing to claim that the government will have this "backdoor" that noone else will find out about (it's ridiculous especially given the past record of the British government in keeping sensitive information secret) but then thousands of people who develop communication software would need to know the "backdoor" to be able to build it into the software, right? Or do they propose to subsequently blind and kill them, pyramid builder style?

It could be something like, "in the part of the app where you have the message in cleartext, pass it into this government provided program and we'll take care of the rest".  That's assuming no one is smart enough to unravel what the government provided program does (many people will be), or that those who are will not go poking around (they will).

[Sheilbh]

Not the first time Cameron's looked an ignorant arse over internet policy.

As ever I wonder what exactly is the point of the Lib Dems