55 comments

[ 3.2 ms ] story [ 104 ms ] thread
> And she said she did not need to understand how they worked to know they were "helping criminals"

And I wonder why.

(comment deleted)
(comment deleted)
Reading that it sounds like she doesn't want backdoors, she wants backdoors.
She doesn't want government access to be called a backdoor, but she wants government access and a backdoor is the only way to implement it.
That was tough to read. I suppose she hasn't considered the problem isn't with tech companies not coddling politicians, but rather that we should elect some politicians who are actually smart enough to understand this fairly basic stuff.
I think it's a bit arrogant to assume that tech companies (especially those based out of other countries) are deliberately trying to undermine governments rather than empower people.
Unless your assumption is that governments exist to disempower people. Hmmm...
Tech culture used to be pretty anti government I think
It's arrogant to assume they're trying to undermine governments, but it's naive to assume they're trying to empower people. Tech companies above a certain size are interested in making money, period. They'll back whatever agenda they think will help them make money. Sometimes that lines up with the general public good. Never assume it will always remain so.
Undermining The Man used to be a highly common trope in hacker culture.
>And she said she did not need to understand how they worked to know they were "helping criminals".

>She insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services.

>"I understand the principle of end-to-end encryption - it can't be unwrapped. That's what has been developed. "What I am saying is the companies who are developing that should work with us."

Well I hate to "sneer" at her and reinforce her perception of tech people, but Jesus Christ, what a moron. If you refuse to learn how it works then you cannot reasonably expect to be capable of offering any kind of input on how to change it.

All she's capable of understanding is "WE MUST STOP THE TERRORISM"

She well understands that being a member of Five Eyes is of huge value to UK industry, as the point of dragnet surveillance is using competitor nations' secrets for economic advantage, not for fighting terrorism.

These people aren't stupid.

They aren't stupid, but I'd suspect they've drunk their own kool-aid, which seems to be the standard operating procedure at organizations gone awry. Especially towards the top where you get selection pressure for confidence.

The ability to think rationally is tightly coupled to the ability to rationalize so smart people aren't actually less likely to participate in collective madness.

> These people aren't stupid.

"These people have selfish reasons for what they're doing" is different from "These people aren't stupid."

> as the point of dragnet surveillance is using competitor nations' secrets for economic advantage, not for fighting terrorism.

Source / examples? Seems like a rather extraordinary claim.

Private Eye have covered this kind of thing since the 80s and various aerospace, arms, middle eastern infrastructure deals etc. All the countries do this - an explicitly stated aim of security services is to protect economic interests as well as security.
Likely difficult to find proof or definitive examples of it happening, but Intelligence Services Act 1994[0] states:

http://www.legislation.gov.uk/ukpga/1994/13/section/3

> [GCHQ shall] monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material; [... said functions] shall be exercisable [...] in the interests of the economic well-being of the United Kingdom in relation to the actions or intentions of persons outside the British Islands

There's very similar language for SIS.

[0] http://www.legislation.gov.uk/ukpga/1994/13/section/3

Some of them can be surprisingly stupid. Not everyone is a canny deep-state actor.
Bonus points for using words without knowing what they mean!

> "we don't get that help - although we sometimes get it in a fulsome way after an event has taken place".

(I can't even guess what she thinks it means ….)

Probably she means that they don't get assistance - although sometimes there comes an excessive rush of help on occasions when the bad shits already gone down.
I understand the principle of two plus two equals four and I'm not saying we should make two plus two equal three, something mathematicians have warned would harm everyone's ability to do basic math, nor do I want to ban math all together.

I simply want people who are doing arithmetic to help us make two plus two equal three when criminals try to use math.

Why is it considered ok to regulate technology without understanding it? Even Jeremy Hunt claims to understand the papers he used to justify more weekend services for the NHS. Osborne tried to justify austerity as an answer to the recession with (sketchy) evidence. But when it comes to technology politicians (The Tories most of all) stop even pretending to understand the technology. Why is this?
Politics is based on abstractions of reality that are highly flawed. But they sound plausible to the general public and win votes. It is perfectly possible that she has a nuanced understanding of the topic and realises how flawed the policy is. But that is not what she is going to say in public. Or she really believes this nonsense. Either way this is a PR message. You have to combat it with a more compelling story, not better facts.
The person in charge of science in the US House of Representatives generally doesn't believe in science when it conflicts with the companies that fund his campaigns. He thinks climate science is "fake news" and that fracking is good for the environment and there is no need to investigate it further. He is actually a writer for a "fake news" website called Breitbart.

Voters in Texas don't care.

https://en.wikipedia.org/wiki/Lamar_S._Smith

If you're the kind of person who walks into a taco joint and starts trying to place an order for office supplies, then when questioned insists that "no I totally understand tacos, I just really need some ink cartridges", basically anything that follows is likely to come off to you as "sneering", whether it is or not.
> She insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services.

This is a prime example of magical thinking, and it's so infuriating to watch. It's not the case that smart people just haven't figure this out yet, it's that it's fundamentally impossible to get what she asks for, she might as well ask for a unicorn.

When people say it's impossible, they don't mean "not yet", they actually mean "never". And she's just one more in a long line of politicians who have asked the same thing over and over and over again, so how hard is it to understand that the industry is kinda tired of people dropping by and asking for unicorns?

"I don't want to be able to fly. I understand that's impossible. All I'm asking for is to make it easier to defy the force of gravity."
> When people say it's impossible, they don't mean "not yet", they actually mean "never".

This is a very good point. I think the problem is that some people do say "impossible" to mean "probably never" ("it's impossible to understand specialist language"), and some people (sometimes the same people) say "impossible" to mean "actually never" ("it's impossible to use only a straightedge and compass to square a circle"); and, unless you're a specialist, then you're probably not qualified to judge which meaning is intended, and you're possibly not even aware that there are two meanings.

Maybe "physically impossible" helps convey the point a bit better?
I'm usually a nice guy so I wouldn't sneer at her. At the same time, I'd not judge harshly those who did.
We need to understand that this is an alien concept for them: for the first time in history, there's a way of communicating end-to-end that's mathematically guaranteed (or quasi-guaranteed) to be secure. This is a dead-end. Not only criminals: they can't read anyone's communication, period.

Intelligence methods have to adapt, if they haven't yet.

England's army occupies the six north counties of Ireland, so as to make its people subjects of the queen. Those who have stood up and fought back, to drive out this foreign army are "terrorists", and Rudd demands the ability to see the communications of the queen's subjects, on top of whatever else Orwellian CCTV monitoring nightmare the Ununited Kingdom already has.

Where are the transcripts of British intelligence collusion, when the English military gave guns to the loyalist death squads?

It's pretty clear she's not being stupid and asking for the mathematically impossible. She wants capability to tap at the server end or some equivalent provided by the platforms; and she is quite right that she can regulate companies out of the UK market if they don't make that available. This already happens in Asia and Russia to our knowledge and will soon be everywhere if it isn't already.
Wouldn't tapping at the server end be futile for messages with end-to-end encryption? So she must be asking for the removal of the encryption. I think that's why people are criticizing her. She's implying the encryption must go without explicitly stating it.
Well not all platforms are direct messaging, but sure for direct messaging apps with e2e encryption that would be one possibility. Or remove just for warranted individuals, or remove flagged messages etc. That's just off the top of my head in 2 minutes - the idea is that the tech companies are best positioned and incentivised to come up with a creative solution if they want market access. The politicians are explicitly acknowledging that they don't have expert knowledge and aren't trying to dictate a solution - they are just explaining the requirements.

In ye olden days comms would go through a mail sorting system or a switchboard and authorised gov agents could take a peek as they needed and were allowed by law (hopefully). If a tech company wants to get into that business they need to figure out that part of the solution as well as the routing of messages bit. Government didn't mandate e2e encryption - that was a choice by tech companies, so the ball is being placed firmly in their court. (I do get the security and privacy concerns but that's a legal and governance question for the jurisdiction - a technology firm's business model or choice of technical architecture doesn't trump that.)

I know this all seems really controversial and awful but from a governance view it's not really different to any other industry. For example if you want to sell chicken, you'll need to conform to a specific set of standards - doesn't matter if it's very inconvenient and you need to rebuild your entire manufacturing and supply chain to meet those standards for a given market. (Or the standards for another market might be very low and your existing fully traceable organic product is uneconomic etc)

That makes sense, and thanks for taking the time to write that out. What still bothers me is the inevitability of some easily available software providing end-to-end encryption. Terrorists with an ounce of dedication will still figure out ways to subvert these policies.
"I'm not the expert, you are. Therefore surely you can design something that fits these requirements."

Your entire comment brings to mind this sketch:

https://youtu.be/BKorP55Aqvg

Hardly. As I pointed out she isn't asking for anything logically impossible - that's just a conservative-minded assumption from people tethered to the status quo :) What's new is that they are talking about regulating the internet just as they regulate the radio spectrum, transport infrastructure, pharmaceuticals, the media, or anything else which meaningfully impacts the country. In principle, the UK government has the power and authority to block Facebook and Google and develop their own fully tapped and controlled platforms just as China has done. The question being put by the UK government is what is technically possible between that extreme and the status quo where you have foreign companies doing what they want, and what is politically acceptable.
A charitable reading could be that she wants cooperation from the tech industry to place client software with broken encryption on requested target machines.

That would work and would indeed require cooperation.

> A charitable reading could be that she wants cooperation from the tech industry to place client software with broken encryption on requested target machines.

She specifically says that she's not asking for back doors. (Well, the exact quote from the article is "She insisted she does not want 'back doors' installed in encryption codes", so maybe it means that she wants back doors installed later.)

I agree with Amber Rudd. Furthermore, something needs to be done about whispering. Terrorists have been whispering their plans to each other so softly that we can't overhear them. How about we enforce a decibel minimum for all human vocalizations? That'll make us safer.
Wow. A "moral" obligation lecture to silicon valley from a scummy politician who wants to regulate something she doesn't understand.
Can't end-to-end decryption be defeated by recording the original private key when the exchange first happens? I assume most of these services don't require the two participants to exchange a shared secret in the meatspace?
Presumably so, though I doubt WhatApp would be keen to have the app send your private key to the security services. Still maybe that's the kind of thing Rudd is thinking of.
That's just end-to-end with key escrow. Little different than a backdoor at that point.
The private key never needs to get sent and can be generated by the user's device. The public key gets verified through the channel to detect and prevent man-in-the-middle attacks.

To defeat end-to-end encryption, you need to defeat the ends.

No, because of public key cryptography. Neither side ever exchanges private keys in the clear.
I can think of no group more worthy of sneering and derision than politicians.

Let us be clear: politicians are ignorant fools who have the power to legislate upon matters they have no understanding of, and are happy to make politically expedient policy decisions that are not wise.

These fools have done little to nothing to earn more than a sneer.

Respect is earned, and cannot be demanded, unless of course one is a politician.

Ideally there's a public partnership between government and the private sector rather than any one side bending the knee, but not so close as to have any secret handshakes.