Parliamentary petition against 'backdooring' e2e encryption

[Rainmaker]

While it's not gathered much momentum thus far, someone has made a petition on the official Parliamentary petition site objecting to the ongoing plans to 'backdoor' end-to-end encryption in the UK. It's an important issue, and one that doesn't (shouldn't?) need any explaining on a forum like this.

Ignoring the fact that you simply can't make mathematics illegal, not only are the plans/suggestions short-sighted they're also entirely spurious. The various agencies already have unprecedented access to mainstream tech platforms and communications services (see Snowden - Tempora, PRISM et al.). The UK's 'Snoopers' Charter' already overreaches and has been ruled illegal by the highest EU courts; but that won't do us much good soon and continues to operate with impunity regardless. It includes forcing ISPs and telecoms companies to keep years of records on user activity and make it available to every copper, spook and parish councillor who has a passing interest in what you've been doing.

To force a 'law enforcement friendly' backdoor into encryption used by popular apps and platforms, and expect that (1) it remain only used by officials and (2) doesn't weaken already volatile civil liberties is something of a dry joke. Remember when Microsoft's "Secure Boot" keys were compromised? LOL

While it's not the most verbose petition, nor does it really set out any arguments against the 'backdoor', it is the one being (mildly) referenced in media and as such it's the one I've linked to here. Please sign it and push back against this nonsensical erosion of privacy and security.

 

[Rainmaker]

*pulls on devils advocate hat*

So, what alternative proposition do you (or indeed the petition creator) have to ensure encryption technologies aren't used to aid, facilitate or hide criminal endeavours?

This isn't to say there aren't massive problems with the government proposal, there are, but it is also trying to fulfill and maintain a legitimate policy requirement.

There's been zero measurable impact on anti-terrorism and other criminal areas due to this type of dragnet surveillance. None. That's despite the absolute mass of surveillance available. Making mine and your chats (eg Signal) compromised doesn't stop Abdul, Paddy and Roger from conspiring to commit criminal/terrorist acts. There's always ways and means, and the mass of FOSS software will mean they always have access to encryption if they really want it. Like I said, it's just maths. Mandating backdoors in widely used encryption (whether HTTPS, TLS, Noise, whatever) will just lead to the likes of us and those less savvy being (1) more heavily monitored than we already are and (2) allowing the already significant criminal element to exploit the law-abiding even more.

Edit:

Why does an alternative need to be proposed to criticise a bad proposal or indeed a bad policy requirement in this case?

If you backdoor encryption you undermine the entire modern economy that depends on the security provided.

We don't need an oppressive surveillance apparatus.

Also, that.

 

[Rainmaker]

We also do not need ransom ware, theft of bitcoin, child pornography and pedophile rings, nor vendors of viruses, spyware and other bad actors, immune from police action

That is a highly spurious argument. How does preventing you and I from having a private conversation, or weakening and undermining the encryption I use to bank, prevent any of those things in the real world? Hint: It doesn't. We live in the most surveilled and digitally oppressed country in the 'free' world, and yet 7/7 and the Manchester bombing still happened. The country is also still full of paedophiles (many of whom operate in the very halls of power pushing this agenda).

If you undermine encryption and make things like VPNs illegal, all you're doing (again) is harming the law abiding and leaving the wicked unaffected. What's to stop them meeting in person, talking in code, and generating one time pads to send encrypted letters via Royal Mail? Do we ban the Post Office just in case, because 'think of the children'? How do you 'backdoor' all the FOSS projects like OpenSSH, OpenSSL, and Signal (ironically the very messaging app pushed and recommended by the EU and NCSC et al.)?

All that will be achieved is even more dragnet surveillance of the wider populace, which was the wider (American led) agenda all along. See PRISM, X-KEYSCORE, Tempora and EARN IT Act etc.

The criminal element will carry on regardless as they always have. If you seriously think that mandating backdoors in encryption will end child abuse, 'bitcoin theft' and malware I have sad news for you... Has Australia made any significant dents in these problems since their own version of the legislation passed? No. But their populace is now much easier to spy on and manipulate digitally. The individual right to privacy is enshrined in law and outweighs any spurious lamentations of law enforcement. Where targeted surveillance is necessary and signed off by a judge, there are many ways and means to get what you want and weed out the bad guys without resorting to undermining the underpinnings of modern technology.

 

[Rainmaker]

and just backdoor communications used by many criminals

Those criminals with the brain cell required to use an encrypted communications platform in the first instance will simply switch to one unaffected by the backdoor. Again, what did we gain versus what we lost? There's already murmurs about restricting access to VPNs and weakening TLS and widespread adoption of HTTPS.

As a further example, the UK is the one country where Mozilla aren't rolling out DNS over HTTPS by default, because the government, spy agencies and ISPs complained so much that it'd be harder to spy on the wider population and hoard their communications and web browsing habits. Tell me again, when did we decide it was OK to have our very move logged and spied upon, without prior reason? Since when did Snowden's revelations stop being shocking, and start being something we actively wished for 'because paedos, killers, terrorists and Middle East Wackos' (spot the reference)?

It's all a (very thin) veneer to adopt an even wider warrantless surveillance dragnet. Why are people so keen to agree? I honestly don't get it. We already have tools, personnel and the ability to directly target those we (strongly) suspect of wrongdoing. That doesn't encompass the need to weaken wider platforms and protocols. You don't need to break into Aunt Maggie's messenger to plant a bug in Terry O'Wrist's appartment or plant a RAT on his PC. The difference, of course, is judicial oversight, a warrant and an active reason to do so.

 

[Rainmaker]

"Network providers must also “take measures to prevent activities that unreasonably restrict monitoring, analysis and investigation.”"

Welp, looks like that's the end of internet banking then!

"Unreasonably". It's a terrifyingly open-ended and subjective word, isn't it?