Amber Rudd fails to understand the internet

[adolf hamster]

the problem is that you can't brute force it, you get a limited number of attempts

the login only gave 3 attempts, but the actual encryption itself is surely open to brute forcing?

its difficult, and you need a pretty massive computer, but then i'm sure the cia probably have access to that sort of thing and if the information is that valuable....

 

[dowie]

the login only gave 3 attempts, but the actual encryption itself is surely open to brute forcing?

its difficult, and you need a pretty massive computer, but then i'm sure the cia probably have access to that sort of thing and if the information is that valuable....

no, I'm pretty sure the CIA doesn't have some magical computational powers unknown to the rest of mankind, you're not going to just brute force encryption... unless you want to wait a very very long time

 

[FishFluff]

the login only gave 3 attempts, but the actual encryption itself is surely open to brute forcing?

its difficult, and you need a pretty massive computer, but then i'm sure the cia probably have access to that sort of thing and if the information is that valuable....

Organisations like the NSA will always be working on 0-Day exploits to unlock devices. Look at the recent Wiki-leaks files for instance, they show that security organisations had exploits for a hell of a lot of devices (which have since been patched).

 

[FortuitousFluke]

That hashtag comment suggests that all of this is being implemented because May and Rudd are disappointed that they don't have as many Instagram followers as they'd like. "When I implement my new online comms bill I will be the most powerful woman on the interwebs, that's right, I'll have all the hashtags! *maniacal laughing*".

 

[adolf hamster]

no, I'm pretty sure the CIA doesn't have some magical computational powers unknown to the rest of mankind, you're not going to just brute force encryption... unless you want to wait a very very long time

I didnt say it wouldnt take ages for a supercomputer, just that it was possible if the info was deemed valuable enough.

Time sensitive information aside, the point is encryption isnt infallible either.

 

[dowie]

I didnt say it wouldnt take ages for a supercomputer, just that it was possible if the info was deemed valuable enough.

Time sensitive information aside, the point is encryption isnt infallible either.

it is quite possible the people who want the information would be dead before the encryption was broken

yes it isn't infallible - but as pointed out it would take a very very long time, it isn't realistic

 

[nox_uk]

The metadata should be available to the government and law enforcement agencies. The content of messages should not. The government can then go to the person at the other end of the communication and 'speak' to them about the contents of the communication. If there was communication outside the country where this is not possible, the contacted number should be put on a watched list and metadata to/from this device monitored as best as possible.

 

[platypus]

Time for a dose of reality from respected Tech market analyst Richard Holway: http://www.techmarketview.com/ukhot...26/backlash-against-goole-and-facebook-mounts

What a pity your dose of reality doesn't match the facts of how the systems work in the real world.

You probably still think encryption is safely backdoorable.

 

[platypus]

The metadata should be available to the government and law enforcement agencies. The content of messages should not. The government can then go to the person at the other end of the communication and 'speak' to them about the contents of the communication. If there was communication outside the country where this is not possible, the contacted number should be put on a watched list and metadata to/from this device monitored as best as possible.

And what use would this metadata be in this Stasi-esque paradise of yours?

 

[adolf hamster]

You probably still think encryption is safely backdoorable.

of course it is! just make a master key and give it to all the governments who ask for it, they'll keep it safe for us, and definitely won't be doing anything other than arresting all them terrorphiles with their new power.

 

[Washout]

I guess if push comes to shove the WhatsApps/Facebooks could essentially forward (encrypted) all messages a user sends/receives to their servers where it's 'securely' stored.

Could be sold to the punters as a backup/iCloud type thing where when you move the app to a new phone you can restore your messages.
Access to said data should only be made available by court order and from countries where the judiciary is recognised as capable and independent - ie you dont want a human rights lawyer getting his messages read.

It's the sort of thing you really need UN type resolutions on. Problem is could you really trust the Russians, Chinese and to a lesser extent the Americans to play nice and not abuse it?

 

[nox_uk]

And what use would this metadata be in this Stasi-esque paradise of yours?

ask Google or Facebook...

The contents of the messages would be secure, but the government would know who you are communicating with. This is no different to the data that is already being freely handed over to companies like Facebook via progams like Whatsapp anyway.

Point being if people are communicating with known extremists cells they can be monitored more closely using more traditional methods. The actual contents of the messages are almost irrelevant anyway as they could and probably are using steganography.

it's a compromise, and it's only the equivalent of what WhatsApp has in place at the moment - which RETAINS end to end encryption. The metadata is already harvested by these companies anyway, so why not let the government have access to it. I'd rather it was used for counter terrorism than advertising.

 

[CaptainComedy]

Pretty sure they don't understand that you can't break encrypted messages like they did in the war.

but they are going about it all wrong. If they want to snoop, they need to first setup the infrastructure for companies to plug into it - nobody is going to invest in building a feed for the government that would just work for that software, likewise any feed that would connect to a government network would have to be made with some sort of benefit / assurance that it either won't get abused / they have control over.

 

[mrk]

no, I'm pretty sure the CIA doesn't have some magical computational powers unknown to the rest of mankind, you're not going to just brute force encryption... unless you want to wait a very very long time

I'm surprised people even on this forum as evidenced in this thread, fail to grasp basic concepts like end to end encryption.

Let's put it into perspective, to brute force WhatsApp's encryption (AES-256 for messages, ignoring the additional encryption for the initial install, then authentication parts themselves), it would take approximately the age of our universe if all the supercomputers on the planet were sat there crunching away. And that's just to check the keys of a message...

On the flipside, this does pose a risk to the system. What if both end to end devices are destroyed once messages have been sent? All efforts are completely wasted in trying to get to those messages.

I see where both sides of this debate are coming from, but it's a pointless exercise. Intelligence monitoring and information gathering is the key to catching terrorism. SIS and the like have already stopped many potential attacks from happening over the years, so they are doing their part, but you simply can't stop them all.

 

[platypus]

Point being if people are communicating with known extremists cells they can be monitored more closely using more traditional methods.

And when thats not enough?

 

[nox_uk]

And when thats not enough?

less traditional methods?

I am fully 100% on the side of keeping encryption, and I am just pointing out the metadata is already being harvested so why not let the government have more ready access to it. People seem happy for this data to be freely used anyway. would have been no different than if the UK government had bought whatsapp for 22 billion under a shell company. Bet they wish they had...

Nox

 

[Amp34]

So this all stems from the media speculating that the guy sent a whatsapp message during the event. Now let's assume he did - why do they need to break the encryption on it? Do they not have access to his phone? Whatsapp doesn't automatically delete messages.

Or is this nothing to do with the incident they are trying to profit from and just another way of trying to circumvent privacy concerns, after being the cause of the encryption being put in place in the first place because they couldn't be trusted not to read messages illegally prior to the encryption?

 

[nox_uk]

They don't need to break the encryption, which is my point. If they had the metadata there would be nothing stopping them going and talking to the person he messaged, and asking for the message. Chances are it's irrelevant content (in the way the attack has already happened) but it might identify an associate. But this can be done from the metadata anyway without any need for breaking encryption.

I feel like the Government really need to employ people that know what they are doing - and more importantly know how to use what info they already have rather than keep wanting more because they are a bit clueless. i'm talking about the people that stand up in front of the press rather that the various MIx departments - i have no doubt they know what they are doing (but probably still want an easy life!)

 

[Amp34]

Why do they need the metadata? Just look at his damn phone.

 

[Haggisman]

I guess if push comes to shove the WhatsApps/Facebooks could essentially forward (encrypted) all messages a user sends/receives to their servers where it's 'securely' stored.

And the omgterrorists spend a week or 2 writing their own system and the whole thing is moot...