Just been a piece about it on the One Show and didn't see any discussion about it here. Is the idea of backdoor access to encryped services a good thing or a bad thing?
Think there's a generational split on this issue since the Government have called for backdoor access into WhatsApp in the last couple of days.
1
Comments
All banter though...
Plus can we just agree how absurd it is the government has been trying to outlaw MATHS which is basically all the process of encryption is.
The actual technical and legal hoolahooping to put together a law against it in itself means this is impossible. Regardless of any "nothing to hide" arguement.
If you allow services like this to be 'open' as well then it opens up a whole ton of problems for everyday people.
Giving up civil liberty in the name of terrorism is instant defeat. I'm sure there are plenty in the security services who do only have good intentions, but can such organisations be trusted? We've seen plenty go wrong in this regard. Let's just turn to the Home Secretary Amber Rudd for a moment, who said she wants to consult...
“The best people who understand the technology, who understand the necessary hashtags to stop this stuff ever being put up, not just taken down, but ever being put up in the first place are going to be them.”
Hashtags. Fucking terrorist hashtags. If the Home Secretary is talking in these terms, how much trust could anyone possibly have in their privacy being secure?
If a way is left for end to end encryption to be broken, every crim will be able to use it almost from the start. All this 'we will only access it under court order' doesn't seem feasible.
Even if WhatsApp was unencrypted the end users could just encrypt messages themselves if they were concerned about security.
The problem with being governed by these out of touch loonies is that for them the fax machine is the pinnacle of human achievement in the field of telecommunications they think everything they don't understand is evil and should be banned. Don't these berks have scientific advisors to advise them before they go on national media and produce such verbal diarrhea.
In practice: where access to data is required, you attack it when it's not in-transit - i.e on the device. (If I was the conspiracy theorist type, I'd suggest this is why security updates to phones can take so long to get sent by carriers.. but I'm not, and conveniently most carriers are lazy and QA is hard.)
Honestly? I quite like that. It gives people privacy, prevents Orwellian mass-surveillance, and still allows targeted data gathering.
Not to mention, GCHQ and the NSA are just as interested in the information pertaining to a communication - or the metadata - as they are the contents of the communication. Guess what? They already get this from WhatsApp et al. (After all, it would be barmy for Facebook, a company whose product is literally your data, to buy WhatsApp and not store your data in a readable way!)
It's a completely and utterly misleading suggestion to say that encryption is directly enabling terrorist attacks. One of - if not the most - bloody attacks in Western Europe of recent years, The Bataclan, was coordinated via SMS. The Westminster attacker may well have had WhatsApp installed on his phone, but even if it didn't encrypt his communications: he was no longer being monitored anyway!
On the other hand, it's not possible to backdoor encryption itself - these are ridiculously painful mathematical ideas that simply don't work that way. To have a realistic chance at breaking encryption you have to rely upon the idiocy of a developer deciding to write their own implementation of a given algorithm. ("dont roll your own crypto")
So if we can't backdoor it then someone is bound to argue for banning it.. but without it everything is broken. Who even defines what encryption is? Do we include browsing SSL enabled websites like Amazon or Barclays with the green padlock? Do we include network operations staff remotely logging in to a hospital for maintenance? What about your home WiFi network? These are all encrypted communications channels after all.
I'll give Amber Rudd some benefit of the doubt regarding her stupid "hashtag" comment though, she may have meant "people that understand hashing", which indeed would mean cryptographers.
Theresa May has also regularly attacked online privacy measures and encryption.
It's almost as though these MPs are either woefully ill-informed and not briefed properly on subjects, or their advisors are completely stupid.
Even the Government's own National Cyber Security Center acknowledge the need to keep data secure in-transit.
Basically we're talking about something as utterly moronic as crippling our national security (by which I include espionage and critical infrastructure attacks) and banning a form of mathematics.. It's not going to happen.
Tim Berners-Lee has his say.