"If a British citizen with an iPhone purchased in France and roaming in Germany iMessages a Chinese citizen roaming in Sweden using an iPhone purchased in Denmark, which government's keys need to be inserted in the iMessage communications by an American company (Apple) legally based in Luxembourg using servers hosted in Eire?"
Urgh. This should be better phrased. From the BoingBoing article:
David Cameron says there should be no "means of communication" which "we cannot read"
It's very specific to communication, and reading between the lines, messaging, as opposed to something like HTTP communication between a bank and a customer. Don't get me wrong, it's still incredibly stupid, but the government will be able to reply to this petition with "we do not intend to ban encryption" and close it.
The problem with your interpretation is that bank communications are still a means of communication. So the vagueness of the law allows politicians to extend their requirements to any product they wish without exception. This isn't something I believe to be accidental either as terrorism laws are often written to be vague with the intent of common sense regulation - which often gets bypassed when a jobsworth believes they're in the right.
It would be pretty easy to implement messaging between two people who can log in to the same bank account. There are plenty of places you can store text typically, labels on payees, your details etc. Or one could use two accounts under the same login: person A logs in and sets the balance on account 2 to something which represents a character in binary. Then person B "acks" that character by transferring the money back to account 1. Repeat. Those characters could in fact be cipher text for full end to end crypto that even the bank can't decipher.
The government's story has been "we need a way to access people's data so we can catch pedophiles, drug dealers and terrorists" and it seems there is a widely held belief that in order to do this, they would need to either ban encryption or weaken it sufficiently to make it effectively useless. However, as far as I can tell, backdoors into your phone or your desktop PC already exist. All the government has to do is convince Apple, Google, MS or Ubuntu to provide an 'official' update to a target computer, wait for the user to accept (or the OS to accept it automatically) and they have full reign over your device.
Many people say that opening our devices to a special chosen set of good guys is equivalent to opening them to all the bad guys as well. If that's the case, surely we're already vulnerable given most commonly used devices update automatically?
The only purpose I can see for attacking encryption in general is to enable mass surveillance. The government have in fact not been specific about what they are actually asking for, but if they want selective ability to search digital devices, they already have it. If they want further powers, then we need to ask them what they need them for.
Or simply start instilling the idea into ignorant people's minds that crypto is bad and just keep repeating that until it becomes a "truth", or gain votes or leverage on the right occasion when needed with "we told you so".
For the record Cameron was not suggesting on banning everything that uses encryption. Primary seeking a ban on end-to-end encryption messaging applications (ie, textsecure/signal, whatsapp, snapchat) that does no provide the UK government with a backdoor.
Its still a terrifying idea, and shouldn't be allowed to happen.
Seeking a mandatory backdoor is equivalent to banning encryption.
This isn't just metaphorical - it is a practical, provable result of it. The various attempts throughout history have been abysmal failures of security.
The other practical result is that the current UK government appears to believe that citizens are their subjects, whose freedom is a privilege and not a right.
Governments are passing increasingly Orwellian laws, obviously against our wishes. They clearly don't want us to have any privacy whatsoever, and are basically just making that a legal reality too. Hello police state.
In response, people ask governments to stop stripping away their privacy.
How would you expect governments to respond, besides with some PR-bullshit to placate us or give us a false sense of security. "We would never read the contents of your messages, only the metadata! Honest!".. and people buy that as if they didn't know governments lie to us all the fucking time.
Imagine a King telling his subjects he'll raise taxes until the economy implodes. The subjects ask him nicely to please not raise taxes quite that much.
What does the King do? -Whatever the fuck he damn well pleases, as long as people aren't willing to risk their lives in de-throning him. Of course, after a revolution, a new King is throned, because THIS time it'll be different!
This is so fucking insane.. When will people wake up?
Honestly. I'd like to see them try to ban it. They'll see their entire internet economy crash and hell will break loose. People getting pissed why they can't login to gmail or facebook or paypal or do any online shopping. It's such an entirely ridiculous idea that i can't even describe it in words.
Okay to be honest I haven't really read into the material. but is their actual plan to "ban" encryption? Or do they want to license it to certain parties? Or have a weakened "export" encryption scheme like the US government tried? What's the plan?
They'll see their entire internet economy crash and hell will break loose.
The point is that the government want to ban encryption that they can't can't view. That essentially means you'll only be able to run an encrypted service if you're happy to hand over the unencrypted data to the government. It might also mean that end-to-end encrypted services are blocked by ISPs. But the average internet user will still see the little padlock in their browser, so they'll believe it's all still fine, and will carry on as normal.
What the government really seems to fail to understand[1] is the principle that if they can view the decrypted information then so can the bad guys.
[1] Or, I suspect, they do understand but they arrogantly believe they're better at security.
I think we are fighting the wrong battle here. The power equation is already in favor of the government snooping everybody, making it law only puts things in the open. We should fight in that direction, making it so that everything is more transparent. Wanna have my data? Okay, but I want to have yours. I specially want to have all the data about what you do with my data. I want to be able to request all the data you got of me. I want to be able to erase some of it (or at the very least mark it as invalid). I want to be able to add directly to it. I want to know whenever it is used. I want a due process every time it is used for something that affects me. And I want people that make use of data for their own purposes or that don't follow protocol to be prosecuted or at the very least banned from public office.
Cameron doesn't want to ban encryption. he wants encrypted end to end messaging services to have backdoor keys for the security services use. which is stupid, but very different to banning encryption.
Don't get me wrong, I'm not in favour of this, but the distinction is clear and false misinformation isn't going to help prevent this.
There shouldn't be a need for any petition. A government with the illusion that it can "ban encryption" has already lost all authority and credibility, so should not be governing anyone.
Says somebody with a technical understanding of encryption. The problem is there's a lack of understanding in this area and the headlines play well to the media.
I think this is important and have emailed two friends (a doctor and a lawyer) to ask them to sign it. I described it as:
'It may be similar to how you feel when you watch a B movie lawyer or doctor "making a professional decision". The only difference being I'm watching the people who are running this country.'
It really worries me that the leader of our nation does not appear to have all the information required in order to make a decision on a topic as important as this. I would have thought that a domain expert within government would have be consulted before Cameron goes off half cocked in debates and discussions.
With technology a key and growing industry within the UK, shouldn't we expect our leaders to at least attempt to understand the issues around governance?
What past experience would have given you the idea that a UK prime minister would let domain expects stop them from coming up with stupid proposals?
(I was about to single out Cameron, but while I detest him, and while he seem to have a particular blind spot for technology, the problem is by no means unique to the Tories; e.g. consider when David Nutt was asked to go because his evidence-based advice on drugs didn't agree with the Labour governments policy)
I wish they would just go ahead and ban it outright today, and in my naive imagination the whole country would plunge into disaster. Airliner crashes, car crashes, market crashes, the whole lot.
Unfortunately, selective enforcement of this ban will quickly turn it into a tool of tyranny, same as any other.
(Yeah I have a site that doesn't display that stupid cookie notice, but it doesn't matter because I haven't pissed off anybody powerful yet.)
They're not going to ban encryption. Seriously. Stop wasting time on misquotes taken out of context blown up by The Guardian. There's more important things to worry about.
The US has the greatest control over apple. From the US is it shared with the five eyes. GCHQ's oldboys network then passes it on to basically any European who asks, while one of the thousands entry-level "analysts" at the many US intel agencies passes it on to the Chinese. Then the next snowden leaks it to the guardian and every other paper still alive, half of which are under surveillance by various police groups. So within a week the only people who cannot read this text are 50% of us who aren't government employees.
Hopefully we can mostly agree that they're not really going to try to ban encryption.
Would anybody like to speculate on what proposals we might see in reality? Are they going to ban me, as an individual, from using GPG? Are they going to ban companies from operating encrypted messaging services in the UK? Are they going to block traffic from non-compliant overseas providers? Are they going to just have a quiet word with the SnapChat people?
It's pretty staggering that the FBI and gov.uk should choose now — a time of daily, massive security breaches dominating the headlines — to have the "your security is too good" conversation with tech companies. And, compared to the last time we went through this idiocy, they now refuse to put any specific proposals on the table. The whole enterprise is an embarrassment, and not going to happen in a million years.
What is the enforcement plan for this? Will people be taken to jail for sending encrypted communication? How will messaging be differentiated from banking? (if those who claim a more limited scope are correct) The whole plan just seems unworkable.
[+] [-] pjc50|10 years ago|reply
"If a British citizen with an iPhone purchased in France and roaming in Germany iMessages a Chinese citizen roaming in Sweden using an iPhone purchased in Denmark, which government's keys need to be inserted in the iMessage communications by an American company (Apple) legally based in Luxembourg using servers hosted in Eire?"
[+] [-] robin_reala|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] untog|10 years ago|reply
David Cameron says there should be no "means of communication" which "we cannot read"
It's very specific to communication, and reading between the lines, messaging, as opposed to something like HTTP communication between a bank and a customer. Don't get me wrong, it's still incredibly stupid, but the government will be able to reply to this petition with "we do not intend to ban encryption" and close it.
[+] [-] laumars|10 years ago|reply
[+] [-] marcosdumay|10 years ago|reply
As yourself used the term, how is "communication between a bank and a customer" not a form of "communication"?
[+] [-] navait|10 years ago|reply
[+] [-] ianopolous|10 years ago|reply
[+] [-] sorokod|10 years ago|reply
[+] [-] Cakez0r|10 years ago|reply
[+] [-] spuz|10 years ago|reply
Many people say that opening our devices to a special chosen set of good guys is equivalent to opening them to all the bad guys as well. If that's the case, surely we're already vulnerable given most commonly used devices update automatically?
The only purpose I can see for attacking encryption in general is to enable mass surveillance. The government have in fact not been specific about what they are actually asking for, but if they want selective ability to search digital devices, they already have it. If they want further powers, then we need to ask them what they need them for.
[+] [-] IlPeach|10 years ago|reply
[+] [-] rue|10 years ago|reply
And that’s exactly how it should be.
[+] [-] Jaepa|10 years ago|reply
Its still a terrifying idea, and shouldn't be allowed to happen.
https://en.wikipedia.org/wiki/Encryption_ban_proposal_in_the...
[+] [-] pslam|10 years ago|reply
This isn't just metaphorical - it is a practical, provable result of it. The various attempts throughout history have been abysmal failures of security.
The other practical result is that the current UK government appears to believe that citizens are their subjects, whose freedom is a privilege and not a right.
[+] [-] sillygeese|10 years ago|reply
Governments are passing increasingly Orwellian laws, obviously against our wishes. They clearly don't want us to have any privacy whatsoever, and are basically just making that a legal reality too. Hello police state.
In response, people ask governments to stop stripping away their privacy.
How would you expect governments to respond, besides with some PR-bullshit to placate us or give us a false sense of security. "We would never read the contents of your messages, only the metadata! Honest!".. and people buy that as if they didn't know governments lie to us all the fucking time.
Imagine a King telling his subjects he'll raise taxes until the economy implodes. The subjects ask him nicely to please not raise taxes quite that much.
What does the King do? -Whatever the fuck he damn well pleases, as long as people aren't willing to risk their lives in de-throning him. Of course, after a revolution, a new King is throned, because THIS time it'll be different!
This is so fucking insane.. When will people wake up?
[+] [-] arianvanp|10 years ago|reply
Okay to be honest I haven't really read into the material. but is their actual plan to "ban" encryption? Or do they want to license it to certain parties? Or have a weakened "export" encryption scheme like the US government tried? What's the plan?
[+] [-] onion2k|10 years ago|reply
The point is that the government want to ban encryption that they can't can't view. That essentially means you'll only be able to run an encrypted service if you're happy to hand over the unencrypted data to the government. It might also mean that end-to-end encrypted services are blocked by ISPs. But the average internet user will still see the little padlock in their browser, so they'll believe it's all still fine, and will carry on as normal.
What the government really seems to fail to understand[1] is the principle that if they can view the decrypted information then so can the bad guys.
[1] Or, I suspect, they do understand but they arrogantly believe they're better at security.
[+] [-] Djehngo|10 years ago|reply
I expect the language to be broad and the enforcement narrow.
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] iamcurious|10 years ago|reply
[+] [-] throwaway7767|10 years ago|reply
I think your goals are completely orthogonal to the people who made and signed this petition, so your suggestion is unlikely to sway anyone.
[+] [-] mrbig4545|10 years ago|reply
Don't get me wrong, I'm not in favour of this, but the distinction is clear and false misinformation isn't going to help prevent this.
[+] [-] oneandoneis2|10 years ago|reply
[+] [-] jdimov9|10 years ago|reply
[+] [-] u02sgb|10 years ago|reply
I think this is important and have emailed two friends (a doctor and a lawyer) to ask them to sign it. I described it as:
'It may be similar to how you feel when you watch a B movie lawyer or doctor "making a professional decision". The only difference being I'm watching the people who are running this country.'
[+] [-] andybak|10 years ago|reply
a) they ban all end-to-end encryption
or
b) this law is ridiculously easy to circumvent for even non-technical users
An example of b) would be: piggyback messaging on an existing service that has a valid reason for being encrypted
[+] [-] dgmdoug|10 years ago|reply
With technology a key and growing industry within the UK, shouldn't we expect our leaders to at least attempt to understand the issues around governance?
[+] [-] vidarh|10 years ago|reply
(I was about to single out Cameron, but while I detest him, and while he seem to have a particular blind spot for technology, the problem is by no means unique to the Tories; e.g. consider when David Nutt was asked to go because his evidence-based advice on drugs didn't agree with the Labour governments policy)
[+] [-] jimworm|10 years ago|reply
Unfortunately, selective enforcement of this ban will quickly turn it into a tool of tyranny, same as any other.
(Yeah I have a site that doesn't display that stupid cookie notice, but it doesn't matter because I haven't pissed off anybody powerful yet.)
[+] [-] reasonishy|10 years ago|reply
[+] [-] retube|10 years ago|reply
[+] [-] tankenmate|10 years ago|reply
[+] [-] nailer|10 years ago|reply
[+] [-] digital-rubber|10 years ago|reply
[deleted]
[+] [-] sandworm101|10 years ago|reply
The US has the greatest control over apple. From the US is it shared with the five eyes. GCHQ's oldboys network then passes it on to basically any European who asks, while one of the thousands entry-level "analysts" at the many US intel agencies passes it on to the Chinese. Then the next snowden leaks it to the guardian and every other paper still alive, half of which are under surveillance by various police groups. So within a week the only people who cannot read this text are 50% of us who aren't government employees.
One keyring to rule them all.
[+] [-] Joeboy|10 years ago|reply
Would anybody like to speculate on what proposals we might see in reality? Are they going to ban me, as an individual, from using GPG? Are they going to ban companies from operating encrypted messaging services in the UK? Are they going to block traffic from non-compliant overseas providers? Are they going to just have a quiet word with the SnapChat people?
[+] [-] p01926|10 years ago|reply
[+] [-] sorokod|10 years ago|reply
[+] [-] redblacktree|10 years ago|reply
[+] [-] redblacktree|10 years ago|reply
[+] [-] alkonaut|10 years ago|reply