1) The Government is not seeking to ban or limit encryption.
2) The Government is clear we need ... to ensure that ... the police and intelligence agencies can ... access the content of communications of terrorists and criminals.
Not too surprising that around 26 of the 650 members of Parliament have degrees in science or technology.
I don't think those two statements are contradictory or inconsistent, when you Think Like A Civil Servant .
From gov.uk's perspective encryption plays a necessary role in enabling the digital economy by encrypting data in transit. They won't interfere with SSL / TLS, for example, because that would chase billions of £ of business out of the UK.
But they intend to strong-arm communications providers into giving access to the at-rest data. Whether that is encrypted or not is orthogonal to the discussion; a court order will be served, and the provider will have to respond.
Whether the provider is BT or Mr Joe Bloggs hosting his own e-mail is also irrelevant; it will be a criminal offense to fail to respond with the demanded data. Bonus points for GCHQ if this means that providers simply don't encrypt data at rest, for simplicity's sake.
She is technically correct, but it's a very misleading technicality. Surveillance is monitoring, and the government can claim that what they actually do is mass recording of Internet traffic.
Funny thing about the "Big Lie", it only works if it's repeated enough successfully.
James Clapper was able to repeat the big lie long enough to avoid charges of lying to congress. Ms. May has her own rodeo to deal with now. let's see how she ends up.
So the UK government is trying to amass a toolset that wold be the stuff of wet dreams for the Stasi - but they're absolutely not going to use them for the very thing they are designed to do - even though we know they're already doing the things they say they're absolutely never going to do with he tools they say they don't have but they actually do have.
Hmmmmm. Okey dokey asshats.
What puzzles me though is this: These things aren't designed and built by politicians. They're designed and built by highly skilled people with above average intelligence. And the UK security services don't pay that much money. So who are these idealogical geniuses who are ready and willing to arm a government with tools they should not possess?
It should have been obvious to the project team that the hole would be noted, or suspected if the details were obfuscated. I'm more concerned about the waste of public money on a doomed project.
Why "doomed"? Public bodies will adopt it. People who need to work with public bodies will adopt it. And sooner or later, ISPs will be forced to adopt it.
The protocol is working as expected. It doesn't have to be technologically superior to win adoption, it will be mandated by law. It just has to be good enough for the purpose it was developed: to provide an obfuscation layer that can "keep out" casual intruders while allowing unfettered access to the security apparatus (I won't say "law-enforcement officers" because these people are actually law-breaking).
GCHQ, who have been implicated in mass surveillance for many years, and who were showed by Snowden's releases to be doing lots of snooping and sniffing around indiscriminately and who haven't come under any criticism whatsoever from the UK government in light of these releass, have made a compromised encryption product that allows them to carry on doing what they do.
I previously worked at Cryptify AB with Cryptify Call.
I think this article misses the point somewhat. This is not a backdoor, it is the entire point of the scheme. As I understood it CESG wants MIKEY-SAKKE primarily for use within the government or within companies working for the government.
For the network owner MIKEY-SAKKE is very convenient because it satisfies the criteria for Lawful interception[1] while also enabling end users to both authenticate and encrypt messages without actually talking to the network owner after the initial trust has been established. It works well as long as the user trust the network owner and you want to protect your users from external powers while maintaining the ability to decrypt any message in the network.
Yes let's let government surveillance outfits design protocols. I mean who ever though this would ever be a good idea? They will 100% of the time fail at this task.
[+] [-] n4r9|10 years ago|reply
The government's response boiled down to
1) The Government is not seeking to ban or limit encryption.
2) The Government is clear we need ... to ensure that ... the police and intelligence agencies can ... access the content of communications of terrorists and criminals.
Not too surprising that around 26 of the 650 members of Parliament have degrees in science or technology.
[+] [-] pbhjpbhj|10 years ago|reply
Is that particularly unrepresentative of the population as a whole?
[+] [-] dingaling|10 years ago|reply
From gov.uk's perspective encryption plays a necessary role in enabling the digital economy by encrypting data in transit. They won't interfere with SSL / TLS, for example, because that would chase billions of £ of business out of the UK.
But they intend to strong-arm communications providers into giving access to the at-rest data. Whether that is encrypted or not is orthogonal to the discussion; a court order will be served, and the provider will have to respond.
Whether the provider is BT or Mr Joe Bloggs hosting his own e-mail is also irrelevant; it will be a criminal offense to fail to respond with the demanded data. Bonus points for GCHQ if this means that providers simply don't encrypt data at rest, for simplicity's sake.
[+] [-] aries1980|10 years ago|reply
[+] [-] bede|10 years ago|reply
"The UK does not undertake mass surveillance".
Make of this what you will.
[+] [-] mirimir|10 years ago|reply
[+] [-] SideburnsOfDoom|10 years ago|reply
> "Ms May either doesn't know what "mass surveillance" means, or she has perjured herself to Parliament." http://boingboing.net/2016/01/14/443636.html
[+] [-] joosters|10 years ago|reply
[+] [-] anonbanker|10 years ago|reply
James Clapper was able to repeat the big lie long enough to avoid charges of lying to congress. Ms. May has her own rodeo to deal with now. let's see how she ends up.
[+] [-] qubex|10 years ago|reply
[+] [-] tomelders|10 years ago|reply
Hmmmmm. Okey dokey asshats.
What puzzles me though is this: These things aren't designed and built by politicians. They're designed and built by highly skilled people with above average intelligence. And the UK security services don't pay that much money. So who are these idealogical geniuses who are ready and willing to arm a government with tools they should not possess?
[+] [-] aries1980|10 years ago|reply
[+] [-] GordonS|10 years ago|reply
[+] [-] BrockSamson|10 years ago|reply
[+] [-] wmt|10 years ago|reply
[+] [-] conjectures|10 years ago|reply
[+] [-] toyg|10 years ago|reply
The protocol is working as expected. It doesn't have to be technologically superior to win adoption, it will be mandated by law. It just has to be good enough for the purpose it was developed: to provide an obfuscation layer that can "keep out" casual intruders while allowing unfettered access to the security apparatus (I won't say "law-enforcement officers" because these people are actually law-breaking).
[+] [-] Nursie|10 years ago|reply
GCHQ, who have been implicated in mass surveillance for many years, and who were showed by Snowden's releases to be doing lots of snooping and sniffing around indiscriminately and who haven't come under any criticism whatsoever from the UK government in light of these releass, have made a compromised encryption product that allows them to carry on doing what they do.
I'm absolutely floored by this.
[+] [-] tednoob|10 years ago|reply
I think this article misses the point somewhat. This is not a backdoor, it is the entire point of the scheme. As I understood it CESG wants MIKEY-SAKKE primarily for use within the government or within companies working for the government.
For the network owner MIKEY-SAKKE is very convenient because it satisfies the criteria for Lawful interception[1] while also enabling end users to both authenticate and encrypt messages without actually talking to the network owner after the initial trust has been established. It works well as long as the user trust the network owner and you want to protect your users from external powers while maintaining the ability to decrypt any message in the network.
[1] https://en.wikipedia.org/wiki/Lawful_interception
[+] [-] ianamartin|10 years ago|reply
1. Failing to be any good at what they are trying to do and, 2. Using said failures to take advantage of poor people and put them in jail.
This seems like a case of both happening.
[+] [-] mirimir|10 years ago|reply
Mikey: "A seemingly innocent and sweet little boy causes murder and mayhem in his new neighborhood ..." [0]
saake: "arrested number of young" in Somali [1]
[0] http://www.imdb.com/title/tt0104870/
[1] https://translate.google.com/#auto/en/saake
[+] [-] triplesec|10 years ago|reply
[+] [-] toyg|10 years ago|reply
[+] [-] akie|10 years ago|reply
[+] [-] x5n1|10 years ago|reply