Parliamentary petition against 'backdooring' e2e encryption

Rainmaker · 29 Nov 2020 at 13:16

While it's not gathered much momentum thus far, someone has made a petition on the official Parliamentary petition site objecting to the ongoing plans to 'backdoor' end-to-end encryption in the UK. It's an important issue, and one that doesn't (shouldn't?) need any explaining on a forum like this.

Ignoring the fact that you simply can't make mathematics illegal, not only are the plans/suggestions short-sighted they're also entirely spurious. The various agencies already have unprecedented access to mainstream tech platforms and communications services (see Snowden - Tempora, PRISM et al.). The UK's 'Snoopers' Charter' already overreaches and has been ruled illegal by the highest EU courts; but that won't do us much good soon and continues to operate with impunity regardless. It includes forcing ISPs and telecoms companies to keep years of records on user activity and make it available to every copper, spook and parish councillor who has a passing interest in what you've been doing.

To force a 'law enforcement friendly' backdoor into encryption used by popular apps and platforms, and expect that (1) it remain only used by officials and (2) doesn't weaken already volatile civil liberties is something of a dry joke. Remember when Microsoft's "Secure Boot" keys were compromised? LOL

While it's not the most verbose petition, nor does it really set out any arguments against the 'backdoor', it is the one being (mildly) referenced in media and as such it's the one I've linked to here. Please sign it and push back against this nonsensical erosion of privacy and security.

jpaul · 29 Nov 2020 at 14:01

Maybe some degree of double bluff here, suggesting that peoples data/comms are more secure than they currently think they are,
look at Khassoghi(Israel-pegasus s/w), the comprmise on encrochat, so govt can get the data if they want;
Apple methinks protesteth too much, with their persistant adds extolling their platform security(people buy into that).

If the govt were given a new formal back-door, that doesn't seem to represent a significant further loss of privacy, and, if they then in turn black-listed/prosecute encrochat/pegasus,
the power would, at least, be in elected hands.

Human rights in Syria/Russia/China probably not impacted either way.

Dolph · 29 Nov 2020 at 14:05

*pulls on devils advocate hat*

So, what alternative proposition do you (or indeed the petition creator) have to ensure encryption technologies aren't used to aid, facilitate or hide criminal endeavours?

This isn't to say there aren't massive problems with the government proposal, there are, but it is also trying to fulfill and maintain a legitimate policy requirement.

Energize · 29 Nov 2020 at 14:17

Dolph said:
*pulls on devils advocate hat*

So, what alternative proposition do you (or indeed the petition creator) have to ensure encryption technologies aren't used to aid, facilitate or hide criminal endeavours?

This isn't to say there aren't massive problems with the government proposal, there are, but it is also trying to fulfill and maintain a legitimate policy requirement.

Why does an alternative need to be proposed to criticise a bad proposal or indeed a bad policy requirement in this case?

If you backdoor encryption you undermine the entire modern economy that depends on the security provided.

We don't need an oppressive surveillance apparatus.

Rainmaker · 29 Nov 2020 at 14:18

Dolph said:
*pulls on devils advocate hat*

So, what alternative proposition do you (or indeed the petition creator) have to ensure encryption technologies aren't used to aid, facilitate or hide criminal endeavours?

This isn't to say there aren't massive problems with the government proposal, there are, but it is also trying to fulfill and maintain a legitimate policy requirement.

There's been zero measurable impact on anti-terrorism and other criminal areas due to this type of dragnet surveillance. None. That's despite the absolute mass of surveillance available. Making mine and your chats (eg Signal) compromised doesn't stop Abdul, Paddy and Roger from conspiring to commit criminal/terrorist acts. There's always ways and means, and the mass of FOSS software will mean they always have access to encryption if they really want it. Like I said, it's just maths. Mandating backdoors in widely used encryption (whether HTTPS, TLS, Noise, whatever) will just lead to the likes of us and those less savvy being (1) more heavily monitored than we already are and (2) allowing the already significant criminal element to exploit the law-abiding even more.

Edit:

Energize said:
Why does an alternative need to be proposed to criticise a bad proposal or indeed a bad policy requirement in this case?

If you backdoor encryption you undermine the entire modern economy that depends on the security provided.

We don't need an oppressive surveillance apparatus.

Also, that.

Calabi · 29 Nov 2020 at 15:00

Dolph said:
*pulls on devils advocate hat*

So, what alternative proposition do you (or indeed the petition creator) have to ensure encryption technologies aren't used to aid, facilitate or hide criminal endeavours?

This isn't to say there aren't massive problems with the government proposal, there are, but it is also trying to fulfill and maintain a legitimate policy requirement.

So for the possibility(slim possibility) to stop a minority of crime, one's that are stupid to openly talk about their crimes in public open systems that they now know is unencrypted, your willing to the let the your own country and rest of the world and anyone smart pretty much have access to your bank accounts and all your personal data?

Dolph · 29 Nov 2020 at 15:12

Energize said:
Why does an alternative need to be proposed to criticise a bad proposal or indeed a bad policy requirement in this case?

Because anyone can indulge in pointless whining, but if you actually want to be taken seriously, you need to both engage with the subject matter and the purpose meaningfully.

If you backdoor encryption you undermine the entire modern economy that depends on the security provided.

We don't need an oppressive surveillance apparatus.

Ok, so what alternatives are you proposing? We already have laws, for example, that make it a criminal offense to refuse to decrypt information or provide the decryption key when ordered by the state, but in many cases, refusing to provide the key can result in a significantly lesser sentence than the crime under investigation.

It's also important to note that banning or restricting particular apps, frameworks or implementations isn't necessarily going to "undermine the entire modern economy", although that's not the specific proposal here.

Dolph · 29 Nov 2020 at 15:16

Calabi said:
So for the possibility(slim possibility) to stop a minority of crime, one's that are stupid to openly talk about their crimes in public open systems that they now know is unencrypted, your willing to the let the your own country and rest of the world and anyone smart pretty much have access to your bank accounts and all your personal data?

You'd prefer the ability of the state to break encryption to remain undocumented, uncontrolled and unregulated?

I can engage in irrational hyperbole too.

Dolph · 29 Nov 2020 at 15:19

jpaul said:
Maybe some degree of double bluff here, suggesting that peoples data/comms are more secure than they currently think they are,
look at Khassoghi(Israel-pegasus s/w), the comprmise on encrochat, so govt can get the data if they want;
Apple methinks protesteth too much, with their persistant adds extolling their platform security(people buy into that).

If the govt were given a new formal back-door, that doesn't seem to represent a significant further loss of privacy, and, if they then in turn black-listed/prosecute encrochat/pegasus,
the power would, at least, be in elected hands.

Human rights in Syria/Russia/China probably not impacted either way.

Exactly, in many ways, if they could be implemented successfully and securely (which I agree with others is not really possible, for the avoidance of doubt), it would represent an increase in accountability and protection from undocumented state surveillance as use of the 'backdoors' would be regulated.

Energize · 29 Nov 2020 at 15:28

Dolph said:
Because anyone can indulge in pointless whining, but if you actually want to be taken seriously, you need to both engage with the subject matter and the purpose meaningfully.

It's not pointless whining to make sound criticisms of a bad proposal and policy. If you don't agree with the purpose then proposing alternatives is a wasted exercise.

Ok, so what alternatives are youproposing? We already have laws, for example, that make it a criminal offense to refuse to decrypt information or provide the decryption key when ordered by the state, but in many cases, refusing to provide the key can result in a significantly lesser sentence than the crime under investigation.

It's also important to note that banning or restricting particular apps, frameworks or implementations isn't necessarily going to "undermine the entire modern economy", although that's not the specific proposal here.

We don't need alternatives, the misuse of encryption is not significant enough to warrant them, nor would the trade-offs of liberty be worth the security.

Yes I know about the RIPA act, it's a terrible piece of legislation that would violate the law of countries with stronger protections of civil liberties like the 5th amendment of the US constitution. That being said the legislation has thankfully been thoroughly obliterated by advances in nested encryption that prevent law enforcement from determining whether additional keys are being withheld and it is fundamentally inapplicable to asymmetric encryption.

The most prominent threat both historically and currently to our liberty is government, which has branded as criminals and persecuted those it considers undesirables such as gays, drug users, sex workers, those possessing "obscene" materials, and in the latest draconian assaults, those speaking "hate speech" or breaking covid restrictions.

The threat is not from criminals but rather to "criminals", any threats to encryption are threats to the most powerful weapon we have to resist tyrannical government and that is not a price we can afford to pay no matter how high the cost.

Liquidfox · 29 Nov 2020 at 17:15

Dolph said:
So, what alternative proposition do you (or indeed the petition creator) have to ensure encryption technologies aren't used to aid, facilitate or hide criminal endeavours?

There is very little, if anything, anyone can do to stop Joe Bloggs writing his own app which uses encryption that the state can't access. Any terrorist organisation would simply pay someone to write an application that state governments didn't have access to and use that instead.

iamdjdz · 29 Nov 2020 at 17:25

So say UK law enforced a backdoor into an encrypted messenger app but I then created an Outline VPN to a Google Cloud server in the US or another country with my personal details on the GC account. I then connect to my VPN and use the messaging app, does the UK have the jurisdiction to then use the back door considering my traffic is now going via another country?

d_brennen · 29 Nov 2020 at 17:31

Some of the most useful tools hackers have today started life as state sponsored cyber warfare tools... Until they leaked out. Successive governments of the UK have shown themselves to be blithering idiots.

Security shouldn't be left in the hands of any government, let alone the turkeys we have at the moment.

Quartz · 29 Nov 2020 at 17:39

Dolph said:
So, what alternative proposition do you (or indeed the petition creator) have to ensure encryption technologies aren't used to aid, facilitate or hide criminal endeavours?

None. We know that they already are. But the benefits of secure encryption outweigh the disadvantages. Never mind privacy; it's all about money, securely transferring money and trading. Imagine if the London Stock Exchange got hacked.

Danthus · 30 Nov 2020 at 09:28

I'm with Dolph here.

As much as I don't like the idea of a backdoor, regardless of who has the key. I also don't like the idea the criminals can exploit encryption to commit crimes such as terrorism or the transmission of child pornography etc.

PlacidCasual · 30 Nov 2020 at 09:48

Even if this is introduced the state will covertly use undocumented decryption. This isn't going away. Weakening the general defence of messaging apps etc. the backdoors to which will ultimately end up in criminal hands doesn't seem that bright. Also the state has shown no reticence in misusing the powers they already have no doubt we'd have every intern in the local council decrypting messages before the first year of this was finished.

Haggisman · 30 Nov 2020 at 09:51

Liquidfox said:
There is very little, if anything, anyone can do to stop Joe Bloggs writing his own app which uses encryption that the state can't access. Any terrorist organisation would simply pay someone to write an application that state governments didn't have access to and use that instead.

This.

Banning encryption/forcing a backdoor is as stupid and pointless an idea as trying to ban say, knives because of a few stabbings.

Great, so now nobody can legally prepare food, but criminals are still running around with pieces of metal they've sharpened themselves.

You force all encryption methods to have a backdoor, that backdoor doesn't stay secret for long, it only took a year for the decryption key for blu-ray to be released into the public. How long do you think the key(s) to all global financial transactions will remain secure when you have highly organised criminal gangs throwing significant resources at finding them?

Meanwhile the people we're actually trying to stop will be using their own software which doesn't have a backdoor, rendering the whole thing pointless.

mmj_uk · 30 Nov 2020 at 10:40

It's not pointless it's just that the guise of fighting terrorism has always been a fraud perpetuated on the masses for a big brother surveillance state. If they really wanted to stop terrorism they would stop foreign entanglements/wars (which are likely to return with a Biden presidency) and have better immigration controls. The best protection from fire is prevention, not figuring out what's the best way to fight it once your house is already ablaze.

The only time Trump was ever praised by the establishment/media was when he launched a few missiles in Syria.

Hagar · 30 Nov 2020 at 11:18

Energize said:
Why does an alternative need to be proposed to criticise a bad proposal or indeed a bad policy requirement in this case?

If you backdoor encryption you undermine the entire modern economy that depends on the security provided.

We don't need an oppressive surveillance apparatus.

We also do not need ransom ware, theft of bitcoin, child pornography and pedophile rings, nor vendors of viruses, spyware and other bad actors, immune from police action

Rainmaker · 30 Nov 2020 at 11:51

Hagar said:
We also do not need ransom ware, theft of bitcoin, child pornography and pedophile rings, nor vendors of viruses, spyware and other bad actors, immune from police action

That is a highly spurious argument. How does preventing you and I from having a private conversation, or weakening and undermining the encryption I use to bank, prevent any of those things in the real world? Hint: It doesn't. We live in the most surveilled and digitally oppressed country in the 'free' world, and yet 7/7 and the Manchester bombing still happened. The country is also still full of paedophiles (many of whom operate in the very halls of power pushing this agenda).

If you undermine encryption and make things like VPNs illegal, all you're doing (again) is harming the law abiding and leaving the wicked unaffected. What's to stop them meeting in person, talking in code, and generating one time pads to send encrypted letters via Royal Mail? Do we ban the Post Office just in case, because 'think of the children'? How do you 'backdoor' all the FOSS projects like OpenSSH, OpenSSL, and Signal (ironically the very messaging app pushed and recommended by the EU and NCSC et al.)?

All that will be achieved is even more dragnet surveillance of the wider populace, which was the wider (American led) agenda all along. See PRISM, X-KEYSCORE, Tempora and EARN IT Act etc.

The criminal element will carry on regardless as they always have. If you seriously think that mandating backdoors in encryption will end child abuse, 'bitcoin theft' and malware I have sad news for you... Has Australia made any significant dents in these problems since their own version of the legislation passed? No. But their populace is now much easier to spy on and manipulate digitally. The individual right to privacy is enshrined in law and outweighs any spurious lamentations of law enforcement. Where targeted surveillance is necessary and signed off by a judge, there are many ways and means to get what you want and weed out the bad guys without resorting to undermining the underpinnings of modern technology.