I really hope it can be undone, but it might be too late. When the general public doesn't understand what end-to-end encryption is or how important it is in their daily lives, who is really in the position to stop them? It's not the public's fault either. They never learn about this in the course of their regular studies, even in college. The EFF is working hard to educate people, but as the NSA has shown once you fall into the hole climbing out is much harder.
Do these people understand that encryption is just software, and you can't prevent software from proliferating just by passing some legislation? It would make all legitimate purposes of end to end encryption illegal, and leave it only for the criminals. Have we not learned anything from the conversation on gun control?
Am I the only one frightened by the thought that only police have guns? Perhaps it's due to the rampant police violence in my (Canadian) city, but that idea terrifies me. Who watches the watchmen?
>> "Have we not learned anything from the conversation on gun control?"
Terrible comparison. Gun control works fine here in the UK imo. In the US I think it's different as getting those weapons back from a heavily armed public is more trouble than it's worth - getting them back from criminals will be impossible. Anyway, it has nothing to do with encryption. I'm sure Cameron understands the implications of banning it - he just doesn't care. And there's very little we can do about it. There are elections coming up but our alternatives are just as shit.
>> Gun control works fine here in the UK imo. In the US I think it's different as getting those weapons back from a heavily armed public is more trouble than it's worth - getting them back from criminals will be impossible.
Re-read that last part... I think you're making your own point. Encryption is already in the hands of everyone - it's far more widespread than guns were in the US when gun control laws began. How are you going to go about getting GPG for example 'back from the criminals'?
I understand your point but I don't think the comparison works. Encryption may be 'available' to us all but how many people actually know how to use it or understand what it even means? While I think banning encryption is incredibly stupid bringing the gun control debate into it doesn't work globally as guns are uncommon in, for example, the UK.
Government doesn't need to ACTUALLY stop it. They just like having fear to keep the masses in line and outrageous penalties to leverage people who disagree with the insane laws.
They can't prevent drugs or guns getting to addicts and criminals either, but they can destroy your life if you have either.
Bad example. Gun control is fairly total in western Europe. In the UK you can own certain guns but to own anything other than a 3-shot shotgun you need a "good reason" to own it and can only use it in certain places.
And I think most people are happy with that situation. Some aren't but any of their arguments are quickly smothered with a "look at the US where they can't go 18 minutes without shooting (and killing) somebody"... It's a hard argument to counter. There's no right to arm yourself, there's no enshrined want to overthrow a government... Simply put, safety wins.
So yeah... I guess they'd seize on that and say that it's all for the best. I know it isn't, you know it isn't... But if they say it enough, and find an example of 20 where encryption is costing lives, it won't be long before the public thinks it's the right idea.
> arguments are quickly smothered with a "look at the US where they can't go 18 minutes without shooting (and killing) somebody"... It's a hard argument to counter
Sometimes I go for up to 30 minutes without doing this ;)
Yes. They understand it perfectly. You will find people right here who are so in love with the idea of sovereigns having literally unlimited power, physics and math be damned, that they will defend such denial of reality.
It still is, to an extent: if you have strong enough encryption products, you have to get an export permit for it, even now.
I’ve had to sign ITAR certifications when I’ve worked for U.S.-based companies, and some companies here in Canada have to prevent any Iranian-born employees from working on certain software in order to comply with ITAR (even if those employees are now Canadian citizens).
It’s stupid and I’m glad that I don’t work for those sorts of companies anymore.
For most "mass market" software, since 2010 all you need is an encryption registration. Before that you had to do a classification request which was a harder and more difficult process. I wonder why this took until 2010 before it was fixed.
It still is, and pretty much every nation on earth has signed the agreement.
Most nations don't make themselves look like idiots by enforcing it against a bunch of open-source hippies, but try to export some crypto software for military use to North Korea...
Has Cameron or the UK gov't actually taken actual steps to ban encryption, or is this entire article extrapolating that from the 'no safe space to communicate' quote?
There is a blatant effort underway in the Lords to revive the Snoopers' Charter, spearheaded by known securocrats -- the government won't say it out loud (yet), but if this stuff finds its way into the Commons, Cameron's cronies will try to vote it into law.
People are twitchy because the double-whammy of election time and mayhem in Paris gives authoritarians the perfect excuse to put all sorts of shenanigans into law, and the LibDems (the last line of defense against cyber-totalitarianism in the country, I have to give them that) will likely be annihilated at the polls (because of their blunders on, well, any policy except this).
...the LibDems (the last line of defense against cyber-totalitarianism in the country, I have to give them that) will likely be annihilated at the polls (because of their blunders on, well, any policy except this).
I wonder how likely this really is, though.
Right now both UKIP and to some extent the Greens are looking a lot like the Lib Dems did before the last election. They are potentially disruptive, rising in the polls, the parties for people who want to vote for "someone else".
However, the reality at the last election was that for all the talk about TV debates and Clegg-mania, the Lib Dems didn't do much better on polling day than they had before. They wound up in government more through good luck than anything else, because unusually neither the Conservatives nor Labour managed enough support to win outright.
Of course watching them in government has been like watching a slow motion train wreck almost from day one, as they've made one politically naive judgement after another and squandered much of the good will they had accumulated prior to the election. If either UKIP or the Greens form part of a coalition after the election this year, I find it hard to see anything different happening to them when their idealised and sometimes extreme policies come face to face with the reality of running a country.
Ironically, the very First Past The Post electoral system that the Lib Dems so wanted to change may be the one thing that keeps them in power after the election, if the "someone else" voters split between UKIP and the Greens, but on the day a lot of people decide not to vote for those parties after all (as happened to the Lib Dems last time), the protest votes that remain cost Conservatives and Labour crucial swing votes, and ultimately the Lib Dems then manage to hold a majority in enough parliamentary seats to remain relevant. The irony of that result would keep the political pundits at the newspapers busy for weeks following the election. :-)
There are more dynamics in place (e.g. Scotland will see a SNP surge; UKIP in the North of England splits the right-wing LibDem vote, not Tory; etc), I guess we'll see.
To my knowledge, there is no law on the books today that prevents encryption.
There is, however, already a law requiring the disclosure of keys/passwords under certain circumstances (the Regulation of Investigatory Powers Act 2000).
Remember that it's election season in the UK, and it's going to be a close one. There may literally be a greater number of distinct, plausible outcomes than we've had in the history of British politics, including a wide range of potential coalitions.
On top of that, the public will be sceptical of any manifesto claim this time around. A coalition government, as we've had for the past five years, is a new thing for most voters in the UK. As an electorate, we've just seen first hand how parties in a coalition make separate agreements that have to compromise, and how that means they don't always honour the manifesto pledges that got them elected in the first place.
So, the leaders of our political parties are all saying lots of things that are superficially attractive to some demographic accordingly. If the electoral strategists at Conservative HQ have already decided that geeks are unlikely to vote for them anyway, which is probably a reasonable assumption given their track record on technology issues, they have nothing to lose by completely ignoring the reality of technology and appealing to the "nothing to hide, nothing to fear" contingent who don't know any better. I suspect (though this is mere conjecture) that this is exactly what's going on here.
If you listen to the speech[1], what Cameron is actually saying is that he believes that it should be possible to intercept the content of communications via the Internet in the same way that letters and phone calls can be intercepted (when authorised by a warrant from the Home Secretary).
My interpretation is that this is aimed at companies like Facebook[2] and Twitter. There's been no specific mention (to my knowledge, at any rate) of banning encryption or forcing companies to backdoor encryption software.
Yes, but it's impossible to achieve what Cameron said he wants to achieve without restricting encryption. It's hard to imagine a workable law that bans the distribution of chat apps that do end-to-end encryption that doesn't also ban setting up a web server that supports TLS and connecting to it with a web browser that supports TLS, or using a web browser that supports WebRTC. etc etc there are endless examples. Maybe some kind of licensing system where you agree to log everything in exchange for being allowed to encrypt things over the wire, but the more you think about it the more utterly unworkable it is.
When he first made these comments I assumed it was either him mis-speaking, or making up policy on the fly during a speech without actually understand the implications of what he was saying (which he has a history of). But he has come out with the same line several times now and importantly it has been reported across much of the press. Normally when a politician mis-speaks or says something dumb that would shit all over an entire industry the politician's party would be desperately back-tracking by lunchtime. That has not happened.
I can only assume that the Tories are at least happy for everybody to go into the next election with the impression that they want to move to restrict crypto, even if they don't actually plan to legislate on it. To my mind that is still grossly reckless. How much investment in the UK tech sector is he going to scare off with this posturing?
Not to mention that awful Yahoo! webcam spying thing, OPTIC NERVE - a particularly distasteful one, that. Petabytes of JPGs of private (unencrypted) webcam streams, simply hoovered up en masse and untargeted - a not-insignificant number of them extremely intimate and personal, many between people of absolutely no intelligence relevance or value whatsoever - and used as a dataset for face-recognition experiments, amongst other things. They've got an extension you can call for counselling if an analyst happens to be selecting/browsing through it and sees 'something that may disturb them' (underage sexual acts, for example). I seriously doubt any of it has ever been deleted, either, even since.
When GCHQ spout their boilerplate, what they're pointedly not disclosing is that GCHQ have a general interception policy for all communications they believe might be useful for intelligence purposes in the future (I've never quite been clear myself whether that's under some sort of actual general warrant, or they just do it under An Understanding - quite possibly the latter, because spying on MPs could be rather legally thorny!). And they try doing just that, limited only by the practicalities of storage space and processor power - hence the 72-hour ring buffers on full-take feeds on major links like Level3 and GlobalCrossing, progressively filtered down by highly-specialised lexers and parsers.
Data point: There were apparently mentions of WhatsApp at the conference, but not on transcript. It uses the TextSecure protocol now, which is remarkably good and has forward-secure ratcheting. (It's closed-source, so I'd never recommend it over TextSecure/Signal itself, but it does not appear to me to have been compromised, and the huge number of people using that app getting this sort of pretty strong encryption for free is great news overall.) So yes, it seems he does (at the moment, before any potential U-turns! - I mean, "clarifications") want backdoored encryption, and to ban any end-to-end encryption that isn't backdoored. He plans to raise it after the election, if he wins, and he wants to do this specifically because GCHQ and The Security Service ("MI5") asked him to.
It's almost like they don't realise they're doing anything wrong, and they're doubling-down on their tactics - because, save for a few very brave whistleblowers, they actually, really, don't think they are. Road to hell's paved with good intentions and all that, even if you're still buying the good intentions. Their reaction to the rise of stronger encryption since Snowden has so far been to get their friends/ex-bosses to make vague threats that this would mean they'd have to hack more (like making them need to work to do targeted interception in specific, more justified cases instead of bulk collection is a bad thing?!). Ugh.
You seem the most knowledgable on subject, I'm curious what type of legislation could they possibly employ?
Sure they intercepted HTTP traffic from Yahoo but Cameron has not yet officially said he wants to ban encryption. It could easily be further legal basis to automatically exploit phones and retrieve WhatsApp msgs.
Would I be right in suggesting that it's not encrypted data unless someone can decrypt it to prove so? In other words, we're free to send garbled nonsense to each other.
I was thinking something less obviously encrypted than a usb stick with a dialog box saying "Enter password" - how about steganography? "A password for my image?"
To my (lay!) knowledge, no. The primary legislation indicates that to be in violation of that section the court has to believe you did have a way, when you were given an order under RIPA, to make the content they're seeking readable, and you haven't done so. If you do not possess a means to make it readable at that point because you routinely use ephemeral keys - as most people do now (specific example: ECDHE TLS ciphersuites) - you wouldn't be in violation of RIPA in that case, I believe.
Also, keys which are only used for signing are specifically exempted from disclosure in the primary legislation - so don't hand over private TLS signing keys (if, and only if, you always use ephemeral keys, not static RSA) or any GnuPG/PGP signing keys (encryption subkeys on the other hand? However, GnuPG has a way to output the symmetric keys for individual messages, allowing you to limit the damage)!
Of course, if ever presented with any such order, you absolutely need very good legal advice rather than taking it from a lay random on Hacker News. I would definitely encourage you to fight, if you can.
I've rar'd quite a few files in my day, many with a password. The majority of them I could not remember if asked. We effectively have made forgetting a crime in the name of protecting children and stopping terrorism.
And it won't do either, merely encourage the use of other routes to planning such activities. It's not difficult to imagine a terrorist plan that has no dependence on electronic messaging. Talk about selling your birthright for a mess of potage.
Civilization should have collapsed the moment a large group of people agreed that one element should disclose a specific piece of knowledge, or face punishment. If everything else if my life fails, I want to become a martyr to this cause.
When applied to having a hidden truecrypt OS, I don't think this would work with UK's laws. You give the password to the dummy OS, not the true OS, but there still being a large chunk of seemingly encrypted data on the hard drive would lead them requiring you to unencrypt that as well.
Deniable encryption schemes are meant to protect the confidentiality of data under duress. They are not meant to protect the person placed under duress.
Indeed, for some schemes, even if someone cooperates fully, they will be unable to prove that they have, which could leave them in a very dangerous situation. It will also be difficult to prove that they haven't cooperated fully, but whether that is relevant depends on the type of duress they face - you may have varying degrees of success or failure facing thresholds of 'beyond reasonable doubt', 'preponderance of the evidence', or 'hammer to the kneecaps'.
A vitally important thing to know, if you're a keyholder of such a system. Given such a disadvantage, they are not very commonly used. The vast majority of all those who use (and have used) TrueCrypt don't use hidden volumes.
It's also worth pointing out that any disk usage metadata - as, for example, is kept by any and every SSD - tends to catastrophically break deniability. I don't know of anything that can do deniability with a flash device.
just because someone is talking about passing a law, through a democratiocally elected parliament and to be administered by an independent judiciary, you not liking it doesn't make it totalitarian.
Having said that, I'm utterly furious at Cameron. I'm not actualy afraid they'll pass such a law, it would be ludicrous to try to enforce it and I'm sure cooler heads will prevail. IMHO that's not the real problem.
The issue is that by mooting the idea of such a law, he is creating the impression in a non-technical public that such a law might be reasonable to even discuss and debate. He has established a basis for future, similar ideas to become an acceptable subject for public discourse. That is a pernicious and deplorable act. It creates space within which less infeasible but still awful ideas along similar can seem 'more' acceptable.
The definition of totalitarianism is not me liking / not linking something, but total control of even personal, non-political aspects of life by state.
As for "democratically elected parliament", FYI, Hitler came to power by democratic elections.
just because someone is talking about passing a law, through a democratiocally elected parliament and to be administered by an independent judiciary
Perhaps the biggest problem with our political system in the UK today is that all of those statements are now open to reasonable challenge.
Two general elections ago, we found ourselves with a third-term Labour government that had an absolute majority, yet had won only 35% of the popular vote, just 3% more than the second-placed Conservatives. That's before you consider the issue of West Lothian question (Scottish votes affecting Westminster power balance), because the Conservatives actually had the popular majority in England alone. It's also before you consider the obvious electioneering of the Labour party, stating unambiguously that Blair would serve a full third term and Brown would not be taking over as PM halfway through, which of course is exactly what then happened.
Last general election, the coalition government that ultimately took power wasn't directly voted for by anyone, and predictably upset a lot of people who had voted for each of the two parties in the coalition. Those parties have since reneged on several significant manifesto commitments, most infamously the Lib Dems on the issue of student fees.
At the coming election, it is entirely possible that we will get the worst of both worlds. We could see an outright victory by the Conservatives or Labour with an even smaller fraction of the popular vote, as a result of our First Past The Post voting system and a division of votes between now five significant parties in England plus the national parties in the other parts of the UK. Alternatively, we could see any of numerous coalition possibilities, some involving more than two parties, inevitably meaning the politicians ultimately wielding power would not be able to implement some of the policies that may have earned them votes in the first place.
In short, it's difficult to argue that our recent governments have even had a democratic mandate in the Commons. Of course, this is even less true in the Lords, where appetite for reform seems to have faded considerably since the AV fiasco early in the present government's term but we still have people who in principle can vote on our laws just because they are (for example) senior figures in a certain religion. As we've seen with the recent Snooper's Charter shenanigans, allowing unelected and unaccountable politicians to directly influence legislation is not necessarily a good idea.
Finally, although our judiciary are in principle independent, clearly those who rise to the top of our legal system are not exactly representative of the population as a whole. Their collective views on a number of topical issues could be regarded as biased at best, and particularly when it comes to issues of technology and/or civil liberties, their track record in recent years is alarming. Not that any of this matters much if the authorisation of surveillance powers rests with a government minister rather than a judge, of course.
"Would Britons be required to avoid software from creators that fall outside of the UK’s jurisdiction? Would visitors to the UK be expected to replace the software on their laptops, and have all messages to and from the UK be scrutinised by the government for contamination by encryption?"
Clearly it's not possible to enforce any such law generally. So what would actually happen would be that the law would be enforced only for people whom the government dislikes - e.g. investigative journalists or political activists. It's just another pretext on which to lock up inconvenient people.
I agree, but where did you hear books are banned? They made it so people from outside couldn't send books into prison, but the prisoners could access books from the in-jail library. And anyway, that whole thing got changed today (I think) and you can send them books again.
The most relevant objection to these plans is that it is trivial to relocate any server outside of the UK. In fact most cloud datacenters (amazon, azure) are already outside of the UK. How is he going to influence the web protocoles? Are we going to have a "UK TLS" with a system of double key? If not that means handing out all private keys. If the server isn't in the UK, I don't see how they can control that.
I imagine it would be much like the new VAT rules. Big companies would put profit over privacy, and small businesses that can't afford to deal with the UK silliness would just stop doing business in the UK.
That assumes they will block all foreign traffic to which they do not have the key. I just don't see them doing that.
Some businesses need to have a legal presence in the UK to operate in the UK. I don't think most messaging/webmail services need to. What is going to prevent a UK customer to sign up to a web service based in Norway?
I just read this quote from him. When he views his job in this way what more should we expect?
"I think my first job is to try and keep this country safe from terrorism and if that means you have to build strong relationships sometimes with regimes you don't always agree with, that I think is part of the job and that is the way I do it." [1]
61 comments
[ 3.3 ms ] story [ 139 ms ] threadIt will take a long time to undo the damage these people are doing to our society.
Gun control: working as intended.
Terrible comparison. Gun control works fine here in the UK imo. In the US I think it's different as getting those weapons back from a heavily armed public is more trouble than it's worth - getting them back from criminals will be impossible. Anyway, it has nothing to do with encryption. I'm sure Cameron understands the implications of banning it - he just doesn't care. And there's very little we can do about it. There are elections coming up but our alternatives are just as shit.
Re-read that last part... I think you're making your own point. Encryption is already in the hands of everyone - it's far more widespread than guns were in the US when gun control laws began. How are you going to go about getting GPG for example 'back from the criminals'?
They can't prevent drugs or guns getting to addicts and criminals either, but they can destroy your life if you have either.
And I think most people are happy with that situation. Some aren't but any of their arguments are quickly smothered with a "look at the US where they can't go 18 minutes without shooting (and killing) somebody"... It's a hard argument to counter. There's no right to arm yourself, there's no enshrined want to overthrow a government... Simply put, safety wins.
So yeah... I guess they'd seize on that and say that it's all for the best. I know it isn't, you know it isn't... But if they say it enough, and find an example of 20 where encryption is costing lives, it won't be long before the public thinks it's the right idea.
Sometimes I go for up to 30 minutes without doing this ;)
http://en.wikipedia.org/wiki/Gun_politics_in_Switzerland
Though the opening line kind of agrees with you:
> Gun politics in Switzerland are unique in Europe
I’ve had to sign ITAR certifications when I’ve worked for U.S.-based companies, and some companies here in Canada have to prevent any Iranian-born employees from working on certain software in order to comply with ITAR (even if those employees are now Canadian citizens).
It’s stupid and I’m glad that I don’t work for those sorts of companies anymore.
Most nations don't make themselves look like idiots by enforcing it against a bunch of open-source hippies, but try to export some crypto software for military use to North Korea...
http://www.wassenaar.org/ it's in chapter 5, can't remember whether a or b
Windriver recently got booked because of exporting OpenSSL...
It's also important to note that enforcing such a thing will require heavy government regulation of software production and distribution.
People are twitchy because the double-whammy of election time and mayhem in Paris gives authoritarians the perfect excuse to put all sorts of shenanigans into law, and the LibDems (the last line of defense against cyber-totalitarianism in the country, I have to give them that) will likely be annihilated at the polls (because of their blunders on, well, any policy except this).
I wonder how likely this really is, though.
Right now both UKIP and to some extent the Greens are looking a lot like the Lib Dems did before the last election. They are potentially disruptive, rising in the polls, the parties for people who want to vote for "someone else".
However, the reality at the last election was that for all the talk about TV debates and Clegg-mania, the Lib Dems didn't do much better on polling day than they had before. They wound up in government more through good luck than anything else, because unusually neither the Conservatives nor Labour managed enough support to win outright.
Of course watching them in government has been like watching a slow motion train wreck almost from day one, as they've made one politically naive judgement after another and squandered much of the good will they had accumulated prior to the election. If either UKIP or the Greens form part of a coalition after the election this year, I find it hard to see anything different happening to them when their idealised and sometimes extreme policies come face to face with the reality of running a country.
Ironically, the very First Past The Post electoral system that the Lib Dems so wanted to change may be the one thing that keeps them in power after the election, if the "someone else" voters split between UKIP and the Greens, but on the day a lot of people decide not to vote for those parties after all (as happened to the Lib Dems last time), the protest votes that remain cost Conservatives and Labour crucial swing votes, and ultimately the Lib Dems then manage to hold a majority in enough parliamentary seats to remain relevant. The irony of that result would keep the political pundits at the newspapers busy for weeks following the election. :-)
There is, however, already a law requiring the disclosure of keys/passwords under certain circumstances (the Regulation of Investigatory Powers Act 2000).
Remember that it's election season in the UK, and it's going to be a close one. There may literally be a greater number of distinct, plausible outcomes than we've had in the history of British politics, including a wide range of potential coalitions.
On top of that, the public will be sceptical of any manifesto claim this time around. A coalition government, as we've had for the past five years, is a new thing for most voters in the UK. As an electorate, we've just seen first hand how parties in a coalition make separate agreements that have to compromise, and how that means they don't always honour the manifesto pledges that got them elected in the first place.
So, the leaders of our political parties are all saying lots of things that are superficially attractive to some demographic accordingly. If the electoral strategists at Conservative HQ have already decided that geeks are unlikely to vote for them anyway, which is probably a reasonable assumption given their track record on technology issues, they have nothing to lose by completely ignoring the reality of technology and appealing to the "nothing to hide, nothing to fear" contingent who don't know any better. I suspect (though this is mere conjecture) that this is exactly what's going on here.
If you listen to the speech[1], what Cameron is actually saying is that he believes that it should be possible to intercept the content of communications via the Internet in the same way that letters and phone calls can be intercepted (when authorised by a warrant from the Home Secretary).
My interpretation is that this is aimed at companies like Facebook[2] and Twitter. There's been no specific mention (to my knowledge, at any rate) of banning encryption or forcing companies to backdoor encryption software.
1: http://www.independent.co.uk/life-style/gadgets-and-tech/new...
2: http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/1...
When he first made these comments I assumed it was either him mis-speaking, or making up policy on the fly during a speech without actually understand the implications of what he was saying (which he has a history of). But he has come out with the same line several times now and importantly it has been reported across much of the press. Normally when a politician mis-speaks or says something dumb that would shit all over an entire industry the politician's party would be desperately back-tracking by lunchtime. That has not happened.
I can only assume that the Tories are at least happy for everybody to go into the next election with the impression that they want to move to restrict crypto, even if they don't actually plan to legislate on it. To my mind that is still grossly reckless. How much investment in the UK tech sector is he going to scare off with this posturing?
And to retroactively legitimise GCHQs unfettered access to Skype calls.
When GCHQ spout their boilerplate, what they're pointedly not disclosing is that GCHQ have a general interception policy for all communications they believe might be useful for intelligence purposes in the future (I've never quite been clear myself whether that's under some sort of actual general warrant, or they just do it under An Understanding - quite possibly the latter, because spying on MPs could be rather legally thorny!). And they try doing just that, limited only by the practicalities of storage space and processor power - hence the 72-hour ring buffers on full-take feeds on major links like Level3 and GlobalCrossing, progressively filtered down by highly-specialised lexers and parsers.
Data point: There were apparently mentions of WhatsApp at the conference, but not on transcript. It uses the TextSecure protocol now, which is remarkably good and has forward-secure ratcheting. (It's closed-source, so I'd never recommend it over TextSecure/Signal itself, but it does not appear to me to have been compromised, and the huge number of people using that app getting this sort of pretty strong encryption for free is great news overall.) So yes, it seems he does (at the moment, before any potential U-turns! - I mean, "clarifications") want backdoored encryption, and to ban any end-to-end encryption that isn't backdoored. He plans to raise it after the election, if he wins, and he wants to do this specifically because GCHQ and The Security Service ("MI5") asked him to.
It's almost like they don't realise they're doing anything wrong, and they're doubling-down on their tactics - because, save for a few very brave whistleblowers, they actually, really, don't think they are. Road to hell's paved with good intentions and all that, even if you're still buying the good intentions. Their reaction to the rise of stronger encryption since Snowden has so far been to get their friends/ex-bosses to make vague threats that this would mean they'd have to hack more (like making them need to work to do targeted interception in specific, more justified cases instead of bulk collection is a bad thing?!). Ugh.
Sure they intercepted HTTP traffic from Yahoo but Cameron has not yet officially said he wants to ban encryption. It could easily be further legal basis to automatically exploit phones and retrieve WhatsApp msgs.
England will imprison people who forget passwords. Here are two examples:
http://bbc.co.uk/news/uk-25745989
http://www.theregister.co.uk/2009/11/24/ripa_jfl/
Also, keys which are only used for signing are specifically exempted from disclosure in the primary legislation - so don't hand over private TLS signing keys (if, and only if, you always use ephemeral keys, not static RSA) or any GnuPG/PGP signing keys (encryption subkeys on the other hand? However, GnuPG has a way to output the symmetric keys for individual messages, allowing you to limit the damage)!
Of course, if ever presented with any such order, you absolutely need very good legal advice rather than taking it from a lay random on Hacker News. I would definitely encourage you to fight, if you can.
http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingd...
.. and if there is no key then you may be in a very difficult position.
Indeed, for some schemes, even if someone cooperates fully, they will be unable to prove that they have, which could leave them in a very dangerous situation. It will also be difficult to prove that they haven't cooperated fully, but whether that is relevant depends on the type of duress they face - you may have varying degrees of success or failure facing thresholds of 'beyond reasonable doubt', 'preponderance of the evidence', or 'hammer to the kneecaps'.
A vitally important thing to know, if you're a keyholder of such a system. Given such a disadvantage, they are not very commonly used. The vast majority of all those who use (and have used) TrueCrypt don't use hidden volumes.
It's also worth pointing out that any disk usage metadata - as, for example, is kept by any and every SSD - tends to catastrophically break deniability. I don't know of anything that can do deniability with a flash device.
Having said that, I'm utterly furious at Cameron. I'm not actualy afraid they'll pass such a law, it would be ludicrous to try to enforce it and I'm sure cooler heads will prevail. IMHO that's not the real problem.
The issue is that by mooting the idea of such a law, he is creating the impression in a non-technical public that such a law might be reasonable to even discuss and debate. He has established a basis for future, similar ideas to become an acceptable subject for public discourse. That is a pernicious and deplorable act. It creates space within which less infeasible but still awful ideas along similar can seem 'more' acceptable.
As for "democratically elected parliament", FYI, Hitler came to power by democratic elections.
Perhaps the biggest problem with our political system in the UK today is that all of those statements are now open to reasonable challenge.
Two general elections ago, we found ourselves with a third-term Labour government that had an absolute majority, yet had won only 35% of the popular vote, just 3% more than the second-placed Conservatives. That's before you consider the issue of West Lothian question (Scottish votes affecting Westminster power balance), because the Conservatives actually had the popular majority in England alone. It's also before you consider the obvious electioneering of the Labour party, stating unambiguously that Blair would serve a full third term and Brown would not be taking over as PM halfway through, which of course is exactly what then happened.
Last general election, the coalition government that ultimately took power wasn't directly voted for by anyone, and predictably upset a lot of people who had voted for each of the two parties in the coalition. Those parties have since reneged on several significant manifesto commitments, most infamously the Lib Dems on the issue of student fees.
At the coming election, it is entirely possible that we will get the worst of both worlds. We could see an outright victory by the Conservatives or Labour with an even smaller fraction of the popular vote, as a result of our First Past The Post voting system and a division of votes between now five significant parties in England plus the national parties in the other parts of the UK. Alternatively, we could see any of numerous coalition possibilities, some involving more than two parties, inevitably meaning the politicians ultimately wielding power would not be able to implement some of the policies that may have earned them votes in the first place.
In short, it's difficult to argue that our recent governments have even had a democratic mandate in the Commons. Of course, this is even less true in the Lords, where appetite for reform seems to have faded considerably since the AV fiasco early in the present government's term but we still have people who in principle can vote on our laws just because they are (for example) senior figures in a certain religion. As we've seen with the recent Snooper's Charter shenanigans, allowing unelected and unaccountable politicians to directly influence legislation is not necessarily a good idea.
Finally, although our judiciary are in principle independent, clearly those who rise to the top of our legal system are not exactly representative of the population as a whole. Their collective views on a number of topical issues could be regarded as biased at best, and particularly when it comes to issues of technology and/or civil liberties, their track record in recent years is alarming. Not that any of this matters much if the authorisation of surveillance powers rests with a government minister rather than a judge, of course.
Clearly it's not possible to enforce any such law generally. So what would actually happen would be that the law would be enforced only for people whom the government dislikes - e.g. investigative journalists or political activists. It's just another pretext on which to lock up inconvenient people.
This is really nothing new. I don't know how anyone can claim that the UK is anything resembling a "free country" for a very, very long time now.
Cameron Trying to Kill Online Banking
Cameron Trying to Kill Online Retail
Some businesses need to have a legal presence in the UK to operate in the UK. I don't think most messaging/webmail services need to. What is going to prevent a UK customer to sign up to a web service based in Norway?
A vote for https is a vote for pedophiles and terrorists.
"I think my first job is to try and keep this country safe from terrorism and if that means you have to build strong relationships sometimes with regimes you don't always agree with, that I think is part of the job and that is the way I do it." [1]
[1] http://www.bbc.co.uk/news/uk-politics-31098378