Law enforcement gone too far?

[DeZmond]

DeZmond's Debate
16 February 2006

Has law enforcement gone too far?

I was looking at BBC News today (as I regularly do) and I came across something quite shocking: http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm

For those who don't want to read the whole article (although I think you're mad) here's some of the worrying bits:

UK officials are talking to Microsoft over fears the new version of Windows could make it harder for police to read suspects' computer files.

...

Professor Anderson said people were discussing the idea of making computer vendors ensure "back door keys" to encrypted material were made available.

The Home Office should enter talks with Microsoft now rather than when the system is introduced, he said.

...
​

A Home Office spokesman said: "The Home Office has already been in touch with Microsoft concerning this matter and is working closely with them."
Increased awareness about high-tech crime and computer crime has prompted the Home Office to talk to IT companies regularly about new software.

Government officials look at the security of new systems, whether they are easy for the general public to hack into and how the police can access material in them.
​

So now we have a situation where a new encryption technology designed to keep your information private could be prised open in seconds by anyone with the right 'back-door' code - how long would it take for a skilled hacker to get this kind of key, and suddenly expose a long list of computers and data? Is this not making the technology effectively useless?

Of course, this is in reaction to the fact that the government could lose it's precious part of the Regulation of Investigatory Powers Act 2000, where it can force any individual to hand over their encryption keys. With a piece of software/hardware that does not allow you physical access to the encryption keys, that part of the law is effectively nulled, not something they are particularly happy with.

Is it just me, or is this too far? Technically, if such a system were implemented, you could sue Microsoft under the Trade Description Act for falsely claiming to have secure encryption technology!

Anyway, that's just what I think - what's your opinion?​

 

[Haven]

Only terrorists use encryption you silly man !

 

[DeZmond]

Er, yes... uh... excuse me a second.

*runs to PC and starts deactivating the 1024-bit encryption cyphers on the hard drive*

 

[Fi$hy]

Well, I'd expect most teenage males have some form of password-encryption on certain files lodged in a fake directory somewhere

 

[Haven]

Heh technically I havent got any as my last key ran out and I never bothered to renew it (nobody I know uses PGP/GPG much these days):

http://wwwkeys.pgp.net:11371/pks/lookup?op=index&search=Simon+Alman

 

[Haven]

Nah I keep mine on your computer convincingly named explorer.exe ... if you dont need them then feel free to delete

 

[DeZmond]

Hey! Where did fi$hy go?

Well I use biometric security in tandem with 256 bit AES (Rijandel) at the moment on my pen drive, but otherwise I don't really have any.

 

[thatbloke]

Another example of this (or something similar) is a slashdot item I read here.

The quote "Even if CDs do become damaged, replacements are readily available at affordable prices." sums it all up really. Even though we have bought this, should it become damaged we still have to go get another one...

Load of bollocks.

 

[DeZmond]

Quite right.

Just print your own money to pay for them with. If anyone complains point out that "replacements are readily available (from banks) at affordable prices".

Heh - that one almost killed me!

 

[Pestcontrol]

New encryption technologies with backdoors are quite pointless. They wouldn't qualify as encryption technologies, and if i want something to be kept private, i have plenty of choice with current ciphers anyway.

There is talk of requiring software vendors to install backdoors every now and then, but if the intelligence services can get in, it's a matter of time until a hacker figures out how to do the same. Besides, you can bet that there will be patches and firewalls to block this, and they will be pretty common. Many users, even the less technical ones, wouldn't want it to be that way and take action, expecially the ones that have anything to hide.

If i write something on a piece of paper and the police want to read it, they have to obtain a search warrant, i don't see why it should be any different for information stored digitally. And if i happen to have that data encrypted, too bad. If i have anything incriminating on paper and i know i'm a suspect i'll make sure it's burned or otherwise gone before any officer gets to see it, too, and that's much harder to crack, it can't be undeleted

Internet and communications lines are something different, like phonelines can be tapped, so can your net access be. But if you encrypt your traffic.. well, too bad. Secure communication is possible, and that's an irreversible fact.

What's being suggested is just not going to work.

I store things dear to me on an old, 4MB compactflash card. And i don't plug it in unless i need to. Having your data offline is the best possible security.


It's laughable how clueless journalists, politicians and even (some people in) the military are with regard to digital security, i've seen articles like these pop up ever now and then, in fact, the exact same talk of mandatory backdoors existed when XP was close to release. Talk about history repeating.

 

[Taffy]

Well, I don't know this for a fact, nor could I get any evidence to back it up, but i'm pretty sure I read something somewhere that MI5 has some sort of code which allows them immediate access to any computer in the UK. Or it may have been that they were working on it, i'm not sure.

As far as i'm concerned, anything to help security of the UK is good. If you've got nothing to hide, you shouldn't worry about it.

 

[Gopha]

true but i think people are worried about the fact that this code could be found out by hackers and all bank details etc get stolen

 

[Taffy]

true but i think people are worried about the fact that this code could be found out by hackers and all bank details etc get stolen

Invest in a filing cabinet! No way of hacking into that, AND they're fire-proof! As far as I know, computers aren't.

 

[DocBot]

bah, get a big enough axe and I'm sure you could hack a cabinet, too.

 

[Pestcontrol]

That's a destructive memory read though.