Theresa may calls for tighter internet regulations after London attack
- Thread starter Amaede
- Start date
I doubt that very much.
This will never happen. Once we are out of Europe, and out of the "clutches" of the EU, and they've repealed EU laws and basic rights, there will be no way of taking them to court over such legislation.
And, if you're still too naive to think there are issues with governments bulk collecting datasets: an absolutely mind-bogglingly bad and unforgivable breach of privacy.
The American government has worked hard in recent years to strip away it's people's right to privacy. We should not be following suit.
The American government has worked hard in recent years to strip away it's people's right to privacy. We should not be following suit.
Yes, inevitably leaked data would become an issue. Firstly however, it already is on a smaller scale and secondly, in my ‘fantasy’ land where it does stop attacks like we have been used to over the last few months, can you or anyone honestly argue that leaked data is not a better situation to be in and fighting against than terrorists killing innocent people?
But how are the regulations going to prevent terrorism? That is what I want to know. It's not as if they are suddenly going to go "Oh, government is collecting data and encryption is now illegal, I better not use it any more and better stop doing terrorist stuff". They will just move on to freely available encryption and services hosted outside of the UK's jurisdiction. It's trying to close the door after the horse has bolted. Actually it's worse than that. It's trying to close a door, knocking it off its hinges in the process and then wondering why your horse can now freely move through it.
Leaked data is on a smaller scale? What? Have you read the link I posted above?
^Rilot has asked what I was getting at and what you seem to have missed. In your fantasy land - where encryption is illegal and only a few million people a year suffer from leaked data - what on earth makes you think the terrorists are going to either obey that law? Or just carry on as normal - eg in the Paris attacks where they were communicating in plain text sms messages, and as has become a running theme: where known to the authorities before hand.
Let that sink in for a minute, many of the recent terrorist attacks have come from people known to the authorities. So, with all this extra bulk data collection and breaking of internet based technologies, terrorist attacks would still happen.
So, whats actually happened? We've lost our right to privacy, changed our way of life, and terrorism will still happen: the terrorists have won.
I notice how you've conveniently ignoredy post pointing out the massive difference in the chances of those things happening...
Victims of identity theft in the UK (figures from 2015 since they're the most recent ones I can find from a reputable source): 148,463 (bear in mind the real figure is probably higher, since those will just be the ones serious enough to have been reported to the police etc. and so that figure likely doesn't include relatively unimportant things like email/Facebook etc accounts being stolen)
https://www.cifas.org.uk/press_centre/criminals_target_UK_youth_as_dentity_fraud_rises
Can't actually find a solid source for the number of terrorist caused deaths, but this article suggests less than 100 for this year and last combined:
https://www.google.co.uk/amp/www.telegraph.co.uk/news/0/many-people-killed-terrorist-attacks-uk/amp/
So you're at least 1480 times more likely to be a victim of identity fraud than killed by a terrorist, a figure which would almost certainly rise if the methods of protecting yourself against identity fraud are removed.
Pretty sure you're more likely to die falling down the stairs than in a terror attack, shall we ban stairs?
Over 1000 people a year die from falling down the stairs in the UK
Quite a sobering thought if you think 3 people are going to die today from that...
We should definitely ban cars. As they're so easy to weaponise.
And planes, in case one gets hijacked or blown up.
Probably drones too.
Knives are also pretty scary, we should probably just get all our food pre sliced so we can ban them.
Stairs are a very good one, oh, oh, and ladders too!
Trucks seem like pretty good terrorist tools, lets ban those. Actually, transport and travelling in general is a really dangerous thing to do even without people trying to weaponise the vehicles, the benefit we get to society as a whole from all this technology definitely isn't worth it for the deaths incurred by implementing and using them all on a daily basis.
Lets just all stay and home, not leave the house and work remotely online. At least we can live in our little UK internet bubble and only visit sites that are pre-approved by Maybot and Co. Thankfully they'll make sure they're all safe, and also that I can't get onto any sites are too kinky! Heaven forbid.
Except without encryption all my data will be massively at risk. Online shopping and banking without encryption? Sounds a bit dangerous? What if all my details get taken, my identity stolen, my bank details leaked. Surely my life could get absolutely turned up side down!? Nah, the government would definitely think this through though and make sure the great firewall of Free Britain is air tight and that no one from the Food Standards agency would be able to access all my private internet records. Surely no one will get blackmailed or alter their behaviour because of all this monitoring? I totally trust our government with all of this. Thank goodness they're looking out for us and keeping us safe at scale online and not cutting back on local community policing. The kind of policing where officers can actually engage with the community IRL and properly investigate known terrorist suspects. Because that doesn't work.
And planes, in case one gets hijacked or blown up.
Probably drones too.
Knives are also pretty scary, we should probably just get all our food pre sliced so we can ban them.
Stairs are a very good one, oh, oh, and ladders too!
Trucks seem like pretty good terrorist tools, lets ban those. Actually, transport and travelling in general is a really dangerous thing to do even without people trying to weaponise the vehicles, the benefit we get to society as a whole from all this technology definitely isn't worth it for the deaths incurred by implementing and using them all on a daily basis.
Lets just all stay and home, not leave the house and work remotely online. At least we can live in our little UK internet bubble and only visit sites that are pre-approved by Maybot and Co. Thankfully they'll make sure they're all safe, and also that I can't get onto any sites are too kinky! Heaven forbid.
Except without encryption all my data will be massively at risk. Online shopping and banking without encryption? Sounds a bit dangerous? What if all my details get taken, my identity stolen, my bank details leaked. Surely my life could get absolutely turned up side down!? Nah, the government would definitely think this through though and make sure the great firewall of Free Britain is air tight and that no one from the Food Standards agency would be able to access all my private internet records. Surely no one will get blackmailed or alter their behaviour because of all this monitoring? I totally trust our government with all of this. Thank goodness they're looking out for us and keeping us safe at scale online and not cutting back on local community policing. The kind of policing where officers can actually engage with the community IRL and properly investigate known terrorist suspects. Because that doesn't work.
The planning of these events may have been made using encryption, so making (unlicensed) encryption illegal could help ?, however they would then adopt other strategies (stenographic images on facebook ?)
Encryption was restriced in France pre 1999 but they regretably? relaxed that completely, the state used to hold master keys for those licensed institutions.
so the proposal would not be carte blanche banning of encrypytion, compromising shopping/banking, those insititutions would be licenced
Except this is an assumption based on nothing. No evidence whatsoever.
If you, or indeed any government, can prove that making something illegal prevents criminal activity, then I'm all for being shown this evidence. You've even contradicted your own premise in the same sentence. They just adopt other means of communication.
Ok, so you need a licence in order to practice encryption in the UK.
So anyone with any modicum of technical know how simply uses communication systems in other countries, of which there are plenty that allow dubious internet-based operations. How are we any closer to stopping terrorism? How do we police people using encryption without a licence? I don't know about you, but I've seen the figures on policing and it doesn't really look like they have the man power to police this. Let alone the technical know how. GCHQ? Again, not enough man power. ISPs? Who's going to foot that bill do you think? So again, the only people who are going to suffer are the law-abiding due diligence types who wouldn't have broken the law/committed terrorism in the first place.
(encrypted) WhatsApp was implicated in the HP attack, and has become more pervasive since Paris ,and if folks believe they can communciate with impunity/ease for planning they will do so,
increasing the impact/effectiveness of attacks.
adding to the list of analogies - licensing fire-arms reduces fatalities ?
if you are using an unlicensed VPN your ISP will block/disconnect you, or if communication via your ISP/phone includes data formats that indicate the use of encryption block the user. (IMEI or MEID)
So? The terrorists in this case used WhatsApp. Ok. How many terrorist conversations go on in chat rooms on VPNs, in a cafe down a street?
Does it? I'm afraid I don't know the statistics in this case. I would however say that anecdotally America doesn't exactly seem to be a country where licensing firearms seems to be working.
I didn't ask about unlicenced VPNs, I asked - specifically - if people are using encryption without a licence, how do you propose we police that? What you seem to be suggesting is that we entrust ISPs to start policing traffic at a much more granular level, and down that road lies a very dangerous future. The sanctity of the internet is already being threatened by the US government being very pro traffic tiering. Do you really trust private organisations - beholden to shareholders - to police things fairly?
... I thought I explained .. ISP's / mobile providers become responsible for sampling traffic and taking the appropriate actions
(edit - blacklist of emei's etc)
Last edited:
Yes thats what I've assumed your meaning if you see my edit.
So we're back to the original question. Given that this won't stop terrorists, why are you happy for measures such as this that will only affect law abiding people?
So say facebook removes the encryption. What then?
They'll move onto Signal, or Telegram or whatever other encrypted app there is.
They get banned too? Then what?
Then the large terrorist organisations, the ones that are organised and have resources end up just building their own private messaging app with end to end encryption using the math that's already out there. They don't release it on the app stores and distribute it purely among themselves through other encrypted online channels.
How does that that traffic get detected and differentiated from the licensed encrypted traffic going through the UK pipes? How does any unlicensed encrypted traffic get detected? Genuinely curious. Is there a way for ISPs to block the encrypted connection from being established somehow?
What about banking? It's all encrypted. My online banking apps are encrypted. If encryption is banned the banks will kick up a big stink.
The more I think about it, the more I get the impression that May doesn't know what she's talking about and doesn't realize that encryption is a common, basic and necessary part of security for a great deal of every day services we use, the lack of encryption would lead to skyrocketing cases of fraud, hacks and other crimes.
It's like banning kitchen knives because somebody went stabby stabby with one.
Where are her advisers and experts in all of this?
The more I think about it, the more I get the impression that May doesn't know what she's talking about and doesn't realize that encryption is a common, basic and necessary part of security for a great deal of every day services we use, the lack of encryption would lead to skyrocketing cases of fraud, hacks and other crimes.
It's like banning kitchen knives because somebody went stabby stabby with one.
Where are her advisers and experts in all of this?
Well the worrying thing is that it is entirely possible to filter this traffic: you give the ISPs the keys of every licenced certificate. You want a licence? You give us your private key. Thereby creating the governments wet dream of backdooring encryption. It's so simple I'm surprised Amber Rudd hasn't suggested it - save for the fact that she doesn't know what an encryption key is of course.
And then, naturally as is the course of these things, an ISP gets hacked, simply misplaces the data, or a disgruntled employee or just one who's out to make some money sells these keys to the highest bidder, and voila. You've backdoored the internet, broken encryption, and broken the internet.
(I help build ISP networks and work for a big US network tech company)
Most types of VPNs (nordnet, IPvanish, etc,) use SSL, whilst it's not possible to break the encryption of the VPN and see the data - it is possible (using various methods) to detect an SSL VPN connection, vs someone simply using SSL to buy something on a website, or something. There are enough differences between how an SSL VPN works, vs how a simple SSL connection to a website works, that enables a provider to differentiate between the two.
So just thinking about it - it would be quite simple for an ISP to maintain a register of subscribers who have VPN licences, who are allowed - vs subscribers who don't, using available technology - anybody using an unlicensed VPN could be detected, redirected and blocked.
(Of course, this only affects SSL VPNs, it wouldn't stop people encrypting messages inside youtube videos or pictures on imgur or whatever)
Basically - it's technically feasible, but ultimately - people will find different ways, like they do to get around torrent site blocks...
It's not about banning encryption, persay, thats just headline grabbing muck for the uninformed.
It's about controlling it, and making the data on the internet harvest-able. That you break security on the internet for good does not matter to a government that thinks people don't need basic human rights.