Jump to content
×
×
  • Create New...

The Home Office is preparing another attack on encryption


Recommended Posts

Equin0x

The UK is planning a new attack on end-to-end encryption, with the Home Office set to spearhead efforts designed to discourage Facebook from further rolling out the technology to its messaging apps.

https://www.wired.co.uk/article/uk-encryption-facebook-home-office-nspcc

 

Fighting a losing battle if you ask me, encryption software is not something that can be contained. I also dislike the trend in recent years towards an assumption that only criminals want privacy. The starting point should be that everyone deserves it as a right, without having to justify a specific reason. Balanced against that is the argument that police sometimes do need access to some communications data to solve cases. Where should we draw the line? What is proportionate?

Link to post
Share on other sites
Radman

Someone gave the example a few years ago which seemed to make sense if whether it was justifiable for a briefcase company that managed to design a case that could not be opened without the key to deliberately put a flaw in its design just for policing purposes or whether the onus was on the police to find a way into that case without a design flaw being put into that case. 

I'd argue in the interests of freedom the onus is on the cops to find a way in rather than a company putting in a deliberate flaw that could be exploited by the wrong people. 

Link to post
Share on other sites
Father Jack

Reference the above, the worst example I can think of, is the "TSA approved" luggage locks that are recommended when traveling to the USA. They function like a normal padlock or combination padlock. However, they have a smaller secondary keyhole that can be opened by a "TSA key". A cursory search online will find "TSA keys" for sale, making the padlocks next to useless for any real applications.

Perhaps a useful analogy for building in an exploitable route into a system. These routes never stay secret long, and may become public knowledge before too long.

Link to post
Share on other sites
Equin0x
Posted (edited)

Agree with you both. I personally think privacy should be the default expectation, and that each and every intrusion on that privacy must be justified. Collecting communications data in bulk to sift through it later looking for criminals is the wrong approach and presumes everyone to be potentially guilty. The more apps that roll out encryption, the more secure our communications are. I personally use Signal on my phone.

Edited by Equin0x
  • Confused 1
Link to post
Share on other sites
Ether

Whilst it makes the job more difficult, I agree that we should start from a place of privacy, to be lost when justified. Not expect the police to be able to snoop around whenever we see fit. 
 

I do believe when convicted of certain crimes you should lose that privacy. 

Link to post
Share on other sites
SD

Yeah, let's all have the equivalent of Encrochat at the tip of our fingers.

Link to post
Share on other sites
Father Jack
33 minutes ago, SD said:

Yeah, let's all have the equivalent of Encrochat at the tip of our fingers.

You don't need anything as sophisticated as Encrochat, in fact I'm pretty sure that got cracked recently? If I wanted to "fly under the radar" I'd buy a prehistoric mobile phone, like I owned in the early 2000's (no internet, no GPS) that can only be traced to the nearest tower. Use a book cypher or other pre arranged code to communicate with, good luck cracking that!

Edited by Father Jack
Link to post
Share on other sites
SD
24 minutes ago, Father Jack said:

You don't need anything as sophisticated as Encrochat, in fact I'm pretty sure that got cracked recently? If I wanted to "fly under the radar" I'd buy a prehistoric mobile phone, like I owned in the early 2000's (no internet, no GPS) that can only be traced to the nearest tower. Use a book cypher or other pre arranged code to communicate with, good luck cracking that!

It got cracked by chance and messages sent from old can still be tracked. As for book ciphers at least you can plot links. But I've stopped caring because apparently it a 'right for Joe blogs to have government level encryption to remind the wife to pick up chicken from tescos.

Link to post
Share on other sites
Ether
36 minutes ago, Father Jack said:

You don't need anything as sophisticated as Encrochat, in fact I'm pretty sure that got cracked recently? If I wanted to "fly under the radar" I'd buy a prehistoric mobile phone, like I owned in the early 2000's (no internet, no GPS) that can only be traced to the nearest tower. Use a book cypher or other pre arranged code to communicate with, good luck cracking that!

This is exactly how I would do it, top up using cash but not add it to the phone pre 28 days so CCTV was gone. 
 

Probably could use a book cypher over an old CB, given how it’s not really monitored. 

Link to post
Share on other sites
Equin0x
1 hour ago, SD said:

It got cracked by chance and messages sent from old can still be tracked. As for book ciphers at least you can plot links. But I've stopped caring because apparently it a 'right for Joe blogs to have government level encryption to remind the wife to pick up chicken from tescos.

 

In a way the government have brought it on themselves, because people now see that encryption is the only way to stop their data ending up in PRISM or other government surveillance system. If I knew that my data wouldn't be collected without reason it would perhaps be a different story. But if I want my messages to be secure, I need to use Signal, or Telegram. No need for snake oil products like Encro tbh.

Link to post
Share on other sites
Beaker

Talk of banning encryption has been around for as long as I've been using the Internet (about 1993(.  The reason they haven't dokeit is that we would need every single country to sign up for it.  If they blocked encrypted apps in the UK all people will do is download an .APK from a country that does allow it instead. 

Ultimately we end up with the VHS recorder problem.  The fact that something CAN be used for illegal purposes doesn't mean is can be banned. 

Link to post
Share on other sites
BlueBob
6 hours ago, Beaker said:

Talk of banning encryption has been around for as long as I've been using the Internet (about 1993(.  The reason they haven't dokeit is that we would need every single country to sign up for it.  If they blocked encrypted apps in the UK all people will do is download an .APK from a country that does allow it instead. 

Ultimately we end up with the VHS recorder problem.  The fact that something CAN be used for illegal purposes doesn't mean is can be banned. 

Ah yes, them were the days.  I recall a program about  “pretty good protection”/ PGP,  and how concerned governments were about its encryption factor.  At the time I never really thought or considered it.  These days, VPN and encryption is forced on us by banks etc so,it becomes the norm.  
As above, the default should be privacy. Not sure how that could be broken in legal terms though whilst still retaining the policing needs

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Police Community is a forum that is supported financially through advertisements. It is a breach of our standard use policy to use Adblock plugins/software on our site. 

In order to continue using our site you will need to disable Adblock across our site. Alternatively you can purchase a membership package from our online store to remove adverts as part of the membership subscription. 

https://police.community/remove-adverts/

Thank you for your support.

I have disabled Adblock