Have a feeling this won’t work

Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday.
Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.

As was pointed out in the comments yesterday, who think Apple is going to produce a version of the iPhone, or iOS, just for the UK?

Because that’s what they’d have to do in order to obey this: they cannot, even in a clean room, on the bench, access customer encrypted data without the customer’s password.

48 thoughts on “Have a feeling this won’t work”

  1. No encryption is unbreakable. You can just use brute force. So what if it takes longer than the lifetime of the universe.

    They could argue that they can decipher stuff when asked to, but it may take a little while to get back to you!?!

    Meanwhile back in the real world it really does seem that we are descended from the Golgrafrinchans.

  2. That’s not “advanced encryption”. That’s just “properly implemented encryption”.

    What this should actually be stated as is, assuming it is true, “all encryption vendors will be required to include a back door.”

    Even for politicians, this is a stunningly stupid idea. I may have to start VPN across my wifi, for example. Using a downloaded in the US version of IPSec.

  3. It’s huge nonsense.

    Apart from the fact that that rules out pretty much any online backup service (all of which sell the fact that they can’t see your data), what do they think it would achieve anyway? Is this going to stop people running PGP? Is this going to stop people sticking a VOIP solution on a PC at one end? Are we going to block people reaching all the services in foreign countries with different rules?

  4. It could work. A ban on the sale of iPhones in the UK would quickly make Apple change their tune. And it’s very simple technically for them to disable strong encryption for the UK market – just as easy as spelling “colour” correctly, or lamenting the atrocities of 11/9 rather than 9/11.

    Yes, you can always compile your own hack-proof software on your custom-built PC which runs Linux, but most people aren’t going to do that. The plod would be very happy to catch only the 99% of criminals who aren’t also tech geeks.

    As with yesterday’s story about trying to make Amazon Marketplace & eBay charge VAT properly, yes a small number of people would escape any such regime. But catching even just 80% of tax due / 80% of criminals is considered very worthwhile.

  5. When asked for the impossible decrypt, firms should simply supply any text they like. (“I’ve read that Mrs May is very nice, but I shouldn’t like to meet her twice!”) Perhaps a choice from Project Gutenberg. Who is to say that wasn’t the plaintext?

  6. “trying to make Amazon Marketplace & eBay charge VAT properly,”
    Ebay do charge VAT properly. I’ve seen it shown on my seller’s charges.

  7. ” The plod would be very happy to catch only the 99% of criminals who aren’t also tech geeks.”

    The problem I have with this approach, as a citizen, is that it would discover the hapless and the fantasists, and keep the over-loaded courts busier, but will not the serious criminals who will indeed be using sensible security.

  8. “to offer encryption so advanced that even they cannot decipher it when asked to”

    As Surreptitious Evil says, they really are looking for a back door.
    “What could possibly go wrong?” As it happens, we know that: historically, back doors put in software by one group have been discovered and used by others (Sendmail’s being an early example), with unhappy results. Indeed, some Eastern European developers gave themselves a back door into PIN-based Point of Sale terminals, that they found quite useful. Given the spread of smart phones and tablets, a globally-available back door would be a fantastic help for criminals.

  9. A ban on the sale of iPhones in the UK would quickly make Apple change their tune.

    Well, it would quickly make someone change their mind, but not necessarily Apple.

    Apple just says the goverment has banned iPhones. If that pisses you off, talk to them.

    PS. More people own an iPhone than voted for fellow traveler Cameron.

  10. Question for the techie ones amongst you.
    I’ve been looking at the data transfer services I use & apart from possibly Skype – when I’m UK side – & of course the internet service provider itself – I don’t use a single UK service provider. My paid e-mail’s all US based & the freemail accounts are all over the world.
    How’s this going to affect me?

  11. They could produce an insecure version of apps such as iMessage for the UK. (Careful what you say when chatting to Gran in New Zealand!) I can’t believe they’d distribute it outside the UK.

    I’ve already observed that obviously proper criminals will anyway be using their own apps, because they won’t trust the supplied ones. Still, suppose they use iMessage and Google Hideouts.

    Now, Mr Naughty arrives in the UK from abroad, with his iPhone. Is he going to receive a surreptitious update with the UK-specific application? Most likely not. Suppose they noticed! Are iPhones or iPhone apps from abroad going to be banned from operating in the UK? Will that work well? Perhaps not, then. Ah, but if they talk to someone in the UK, that will be monitored, because it’s impossible for a villain here to obtain or be given a phone from abroad. (That reminds me: I’m sure I read a report of one terrorist trial where the local crew was indeed provided with special phones by the sinister organisation supporting them.)

    I can’t believe how much effort politicians put into hopeless policies, and that I’m paying them a much better pension than I’ll ever get.

  12. Andrew M,

    But it’s not about “tech geeks”. Installing a lot of stuff (like PGP in Outlook, or a SIP client) isn’t hard. You can get a SIP client from the Android store and have 2 phones talking to each other securely.

    And this all has a cost. If I can’t pay a company for secure backups, I now have to run my own backup server. Commercial companies won’t use Facetime. They’ll have to set up their own VOIP servers (and again, does the government expect this data to be retained anywhere?).

  13. who think Apple is going to produce a version of the iPhone, or iOS, just for the UK?

    It’s not inconceivable; CheckPoint used to produce a hamstrung version of their FireWall-1 product with only 40 bit DES encryption for VPNs, in order to comply with France’s then extant rules on domestic private use of cryptography.

  14. A lot of big corporates have ambitious plans to move to off-site hosting for much of their data. Some have already done so. This is going to bring that to a screeching halt. It breaches any number of financial regulatory rules around encryption of secret and confidential customer data for a start. There’s nothing in the rules about binmen being exempt.

    Well done HMG, you just killed Cloud Computing.

  15. I think it is absurd to suggest the police and the security services have a kind of casual desire to intrude on the privacy of the innocent,” he said.

    “They have enough difficulty finding the guilty. No-one has produced any evidence of casual curiosity on part of the security services.”

    Bollocks. Time and time again when given the chance to go after easy soft targets or hard, risky ones, the soft targets are chosen.

  16. It’s not necessary for our beloved leaders to believe in a statement to say it. They may be saying the thing because it is politically expedient to say it. Perhaps it shores up or wins political capital. Perhaps they are demanding A but will be satisfied with B. Rather like someone demanding a large raise and pretending to grudgingly settle for a smaller raise.
    I think it is dangerous to assume Cameron, May et al don’t know what they are doing, regardless of whether they truly understand the technical details.

  17. Tim Almond,

    I accept that the barriers to entry are low, but I’m talking about the 80% of dumb criminals. Installing a SIP client means getting both dumb you and your dumb colleague (who you’re already reluctant to trust) to install the app, configure it correctly, and then actually use it correctly. You’d be surprised how many would fail on those simple tasks.

    Banning encryption also means communication with non-criminals is open. This can provide good clues. Phone calls to your partner to say you’re “working late”, texts to your mate to say you’ll be able to refund the £200 you borrowed last week, emails of hotel reservations, even websites where you looked up the departure time of the next train.

    Banning encryption also catches out occasional criminals: those whose crimes aren’t sufficiently pre-meditated such that they thought about securing their phones. This includes crimes of passion, crimes when drunk, and quite a few more.

    As Rob mentions above, when given the chance the police will go after soft targets. Banning encryption gives them easy access to those soft targets, while the Mr Bigs quietly get on with their underworld work.

    I’m not saying that I’m in favour of this proposal. But it’s entirely technically workable and it will help the Home Office meet their targets, albeit with negative consequences elsewhere.

  18. Isn’t this going to bring the financial services industry in the UK to a screeching halt? Who would do business here if there is a very public back door available and under constant bombardment from hackers?

  19. Rob: “Whoever you vote for, all are wearing Richard Murphy face masks.”

    If only. ZaNu/BluLab are wearing masks of Richard Murphy’s arse.

  20. Bloke in Costa Rica

    The secure area in iOS gadgets operates at a very low level in the hardware. It’s not even a firmware thing, let alone transport layer or above (although there are of course encryption protocols working there as well). It’s why, for example, you have to re-enter your passcode on device restart in order to use the touch ID, because the fingerprint profiles are not stored outside the encrypted zone. My iPhone, which I bought in Costa Rica, worked on Vodafone last time I was there. I assume the same is true of Android devices. The manufacturers quite deliberately made this hard to circumvent. This is unworkable and idiotic.

  21. ”The plod would be very happy to catch only the 99% of criminals who aren’t also tech geeks.”

    The plod and I have substantially different ideas as to who is a criminal.

  22. @ukliberty

    That’s the “poke you in the eye and punch you in the head” strategy. As in “I’m going to poke you in the eye and punch you in the head “….”No please don’t!”….”Ok then I’ll just poke you in the eye, aren’t I nice.”… “Oh thank you!”

  23. Tim Almond, who knows a lot about this sort of thing asks some questions which i can answer.

    Is this going to stop people running PGP? – yes, unless you have a govt issued key, it will be against the law.

    Is this going to stop people sticking a VOIP solution on a PC at one end? – yes, unless you have a govt issued key, it will be against the law.

    Are we going to block people reaching all the services in foreign countries with different rules? – yes, unless you have a govt issued key, it will be against the law.

    If foreign services are not govt compliant they will inaccessible.

    Eventually, when we are all using govt issue keys, it will become illegal to NOT use encryption, as the govt seeks to monitor and control all traffic, and doesn’t want unregulated (unencrypted) services to exist.

  24. johnny bonk,

    “Is this going to stop people running PGP? – yes, unless you have a govt issued key, it will be against the law.”

    Unlikely, because if you ban PGP, you also have to ban HTTPS. And they aren’t going to ban that.

    I doubt any of this will come about. A few sane Conservative back benchers would defeat it. I wouldn’t be at all surprised if this is just a “government is doing something” announcement, without implementing it.

  25. @johnny bonk

    It’s not too hard to change the information entropy of an encrypted data stream (encrypted using a good algorithm) to make it essentially indistinguishable from a compressed data stream, especially since some compression algorithms produce data that has characteristics very close to encrypted streams.

    In other words, it can be made hard to tell whether a stream is encrypted, or just compressed using some unknown algorithm.

    Thus, in order to stop people encrypting things, and detect automatically when they are, you’d need to stop them compressing things, or at least experimenting with compression algorithms.

    So now we’ve banned encryption and compression. We’ve also effectively banned work on new encryption and compression algorithms, because the spooks won’t be able to work out what they are.

  26. “A few sane Conservative back benchers would defeat it.”

    I suspect it would anyway fail in the House of Lords, since they haven’t got a majority there. Any attempt to threaten the Lords with “reform” would (if carried out) only make things worse from any government’s point of view, since any reform would lend its rejections more legitimacy.

  27. Government registered encryption keys and similar – this sort of thing is simply not going to happen.

    Geography. If it’s unilateral, then destruction of the economy and all that – come on guys!

  28. Unlikely, because if you ban PGP, you also have to ban HTTPS. And they aren’t going to ban that.

    Not ban it, license it – a law that you can only use ‘registered’ encryption where govt issues the keys.

    Might fit quite nicely with some variation of pgp signatures – if the isp doesn’t get the signature validated by a gov’t server then they won’t carry the message.

    Like I said, it will eventually come to be illegal to NOT use encryption and a govt issued key, so that they really can see WHO is sending WHAT. The same algorithmic certainty that the person who holds the public key is the private key holder also means the govt can be sure who sent the message !! ( The back’s as wide of the front ).

    And they aren’t going to ban that. they might, wouldn’t put it past them, would you? 🙂

    Mr Almond, good to talk, seen many good posts of yours 🙂 but don’t think i’ve had the pleasure before.

  29. @PF
    Government registered encryption keys and similar – this sort of thing is simply not going to happen.
    i would say that that is exactly what is going to happen.

  30. johnny bonk

    “if the isp doesn’t get the signature validated by a gov’t server then they won’t carry the message”

    What if the ISP simply doesn’t see any plain text to a particular IP address? At the end of the day, the ISP is just a pipe.

  31. In other words, it can be made hard to tell whether a stream is encrypted, or just compressed using some unknown algorithm.

    If the isp cannot get the signature and get it validated on govt server then they don’t carry it.

    This, like most everything else, comes down to who is stronger, there is little we can do if govt credible threaten isps (aka pass enforceable laws). They can, I can design the system for them using PGP alone.

  32. @PF,
    What if the ISP simply doesn’t see any plain text to a particular IP address? At the end of the day, the ISP is just a pipe.
    then they do not carry the message, responsibility of the sender to make sure that the isp can validate it.

  33. johnny bonk

    @PF,

    >What if the ISP simply doesn’t see any plain text to a particular IP address? At the end of the day, the ISP is just a pipe.

    then they do not carry the message, responsibility of the sender to make sure that the isp can validate it.

    I’m not convinced.

    Just out of curiosity, does this impact on your take on this at all.

    http://www.revk.uk/2015/11/government-still-think-there-are.html

    This guy is an MD / owner of a UK ISP (ie, he’s got skin in the game). I’ve read most of his “rants” over the years, and he’s fairly adamant that most of this current data comms legislation is nonsense? He is coming up with ideas (‘overseas’ being the clue – VPN’s, encrypted PPP, etc, and more) whereby anything “geographic to this country alone” can be bypassed (legitimately, be it separate companies / contracts and all that). Is he wrong, and if so, why?

    If the answer (your latest post) is that the ISP will have legal responsibility for “not being a pipe” and quite simply nothing else counts, then let’s just politely agree to disagree. Whatever you may imagine – in my very humble opinion, politically it is simply not going to happen.

  34. Or perhaps even try this (not in the context of logging, but the ISP being an “encryption controller”)?

    http://www.revk.uk/2015/10/no-we-will-not-be-logging-your-search.html

    “Or maybe we will make each and every customer an ISP themselves and we’ll merely be “transit” for them, then they can each discuss the fee for imposing logging and secure retention of the search history for their home/office individually with the government. That would be fun.”

  35. It would seem to me that the signing bit is more important that the encryption part. There’s nothing you can do about “the eagle flies at noon” stuff, but if everybody has to have an authorised signature to use the internet, that would be something else.

  36. Bloke in Costa Rica

    Authorised by whom, exactly? If I want to talk HTTPS to a server in the UK, who issues my “key”? The UK? Costa Rica? What if I go on holiday to Nicaragua and take my laptop? How do they share their registry?

    From a technical standpoint, most webservers, at least those administered by someone halfway competent, are using some form of Ephemeral Diffie-Hellman to do the session key exchange, so compromising a session doesn’t matter (perfect forward secrecy). I doubt you could get Theresa May to understand the idea of elliptic curve cryptography if you told her her life depended on it. Is she going to outlaw modular exponentiation and discrete logarithms?

    The more I think about this, the bigger the load of bollocks it sounds.

  37. Since Diffie-Hellman has been mentioned, I’ll note that, as it happens, we now know the effects of using a restricted set of parameters (not even knowing the keys produced from them): it is easy to pre-calculate values that make it easy to crack data encrypted with any keys generated from those parameters, destroying forward secrecy. To save computation time, a great many sites using popular implementations of web security software chose to use parameters from the same small set of known values, because it didn’t seem to matter. This caused a bit of a flap recently. (There is also some worry about the effectiveness of elliptic curve cryptography, but at the moment it’s just nervousness.)
    The maths was fine, but there were some important points overlooked in putting it into practice.

    The point is that it’s surprisingly hard to do security properly, when you’re trying really hard, and we do try hard. Forcing people to add back doors, use weak key systems, use known (“registered”) keys, etc will simply make it easier not just for the spooks but for anyone who can intercept a communication and can do a little intensive computation (and it’s easy to get networks of computers if you need them to do that).

  38. As to letting Mr Jobsworth from the local council get access to this sort of information, even the phone and net information currently connected: it’s insane.

  39. The “protecting the public” excuse seems to be completely unchallenged in the UK. The necessary response, that the public need, at least as much, protecting from extraordinary powers in the hands of officials susceptible to corruption and demonstrably incompetent is left unsaid.

  40. Bloke in Costa Rica

    CHF, Logjam was supposed to be capable of attacking 1024-bit DH groups in a timeframe feasible for a well-funded attacker (i.e. national governments). It is mitigated by going to 2048-bit groups or using elliptic curve. There are no known-feasible attacks on ECDHE (although the spooks might have one, I doubt it). There’s a strong possibility that the NSA deliberately weakened a publicly standardised EC system (Dual_EC_DRBG), but that hole was found and thus no-one uses it any more (it wasn’t much used before because it was dog slow).

    The reason they want the force of law to give them backdoors into things is because they mostly haven’t been very good at coming up with them on their own.

  41. @Bloke

    You’re probably right that if they found it that easy to break in, they wouldn’t go through the fuss to get the laws requiring back doors.

    Logjam itself was embarrassing and dangerous. (A security protocol allowed negotiation of so-called “export-grade” encryption — really very weak — but an adversary who got between the two parties could also force that choice.) I was referring more to the other attacks on DH you mention, discussed in the “Imperfect Forward Secrecy” paper at CCS15. I was particularly interested in the use of fixed groups.

    Regarding elliptic curves (and the NSA): I was alluding to the following paper: http://eprint.iacr.org/2015/1018.pdf , and there’s a useful discussion with other links here: http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html

  42. It’s interesting that (of course) the definition of telecommunication service provider in the Draft Bill is about as broad as one could make it, like the definition of telecommunications services, which seems likely to cause trouble as a great many individuals and organisations who did not and would not think of themselves as CSPs discover that they qualify. Better get logging!

  43. The definition of telecommunication service providers is, I believe, inherited from EU regulations. And, yes, is very broad. Various other UK law has limited it to “public telecommunications service providers”.

    However, the definition you need is “telecommunications operator” – s193(10).

    However, note that the threatened “ban on effective encryption” is nowhere in there. Although there is s189(4)(c), that only applies to protection applied by the operator, not to protection applied by the individual.

Leave a Reply

Your email address will not be published. Required fields are marked *