UK Government Wants Private Encryption Keys

An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"

My God

[voice_of_all_reason]

I believe we are in need of a new Slashdot section: Horrifying

key turning point in government relations

[yagu]

Encryption keys don't kill people, people kill people.

If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.

These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.

The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.

A convincing point about the futility of this proposed rule comes from the article:

Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton.

odd request

[arakis]

How will they know that they have the correct private keys without "testing" them on the owners' encrypted communications every so often? Oh well, it is England after all. Living on an island can do odd things to living things.

Orwell, here we go again!!

[casings]

Britain's use of anti-privacy situational crime prevention measures are a means of targeting petty crimes and the innocent while displacing more professional and semi-professional crime into other areas. These techniques do not stop the criminal, as he is already committing a crime, what would he care if you added "refused to give up private key" to his list of crimes?

The UK needs to wake up and realize that these forms of crime control only waste money and create more crime, than stop crime from happening.

It won't be long

[Anonymous Coward]

before we all get issued our Newspeak dictionaries...

http://www.newspeakdictionary.com/ns_frames.html [newspeakdictionary.com]

Warning

[Nerdfest]

If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.

perfectly reasonable

[Surt]

Much like a warrant to search a physical premises, having the police have the power to force you to expose your private data is perfectly reasonable, so long as it is similarly regulated by the courts. Unfortunately, as the article points out, there are problems with proving that you do or don't have the key to unencrypt, but the general principal of allowing the police to search something with a warrant does not seem problematic.

Steganography

[MarkByers]

Time for steganographic file systems where your private data can be hidden inside innocent looking files. They can't force you to disclose your key if they don't know and/or can't prove that you have one.

http://en.wikipedia.org/wiki/Steganography [wikipedia.org]

Re:odd request

[gurutc]

And you could just add a false layer to the encryption. So the keys the govt have decrypt the data into something that's recognizable and looks real, but is just a facade for another still encrypted layer.

In other news...

[GillBates0]

increased use of encryption by criminals, paedophiles, and terrorists.

...it has been found that:

- cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
- houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
- cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
- ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
- Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
- Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.

Answer to UK rants about NSA/ATT

[Anonymous Coward]

Gee, I wonder what all the uk fanboys who were dissing the US about the whole NSA/ATT debacle have to say about this? Face it boys and girls, this is happening everywhere. The terrorists won a major strategic battle on 9/11, they have successfully changed the scope and nature of privacy rights across many of the worlds "democratic" nations.

Re:My God

[Anonymous Coward]

I just tagged it "nazis", hope others do the same. Godwin be damned!

And how about wifi?

[mustafap]

So, do I need to send my wifi keys too? And bluetooth? What about the encryption used by GSM?

And my car remote lock fob, that too?

Is it April the 1st?

Just following suit.

[bi_boy]

Eastasia set the tone and Oceania is keeping in step. Just wait for the perpetual war, that'll be fun.

Re:My God

[cosmo_the_third]

Yeah..."Big Brother is Watching You" has become "Big Brother Knows All Your Secrets"

Re:perfectly reasonable

[btpier]

If they want to force someone to expose their private data, they should get a warrant to do that once you are suspected of a crime not before. As others have said, this treats everyone like a criminal.

In Soviet Russia...

[Fapestniegd]

There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.

Yeah, no "In Soviet Russia" Joke here.

This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.

But at least we have 37 types of cereal.

Private keys for criminals

[BaltikaTroika]

Here's an idea... why not just make it a crime for pedophiles, criminals and terrorists to NOT give over their private keys AFTER they've committed their crime.

That way Joe Sixpack can keep sending encrypted communications and not have to worry about the government reading them - as long as he doesn't start blowing stuff up, too.

Re:key turning point in government relations

[pete6677]

Just as all criminals turned in their guns when they were outlawed, I'm sure they'll all turn over their encryption keys and keep using them to communicate so law enforcement can observe. Right. What would someone have to be smoking in order to think this is a good idea? Its nothing more than a blatant power grab that will ONLY affect law abiding people and have no effect whatsoever on "terrorists" or whatever other boogeyman will be used to justify more overreaching laws.

Actions are criminal, not tools

[dada21]

A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.

A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.

A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.

We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.

I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?

Don't criminalize tools, criminalize criminal actions.

Re:Simple solution.

[Anonymous Coward]

I had the same thought. Most encryption is transparent to the user, and session based.
All I ever see is a little icon that tells me the connection is encrypted when I go to my banks web page...so, am I responsible for reporting the keys or is the bank? Or both? And does it matter that they are useless as soon as I log out?

Re:My God

[h4rm0ny]

Or how about a new /. heading: Wake Up !

This is nasty. You can always tell when there are no reasons that would fly with the public when they have to invoke the paedophiles. US government has War on Terror, the UK has paedophiles.

E-mail was a god-send for the intelligence services. Automated scanning and copies of everything to look back on if they ever chose. Encryption means the free party is coming to an end. GPG is turning off the stereo and saying "GO HOME!"

They managed without it before. They can manage without it again. And if that means the Government can't achieve omniscience over the population... good!

Re:Who needs encryption?

[SylvesterTheCat]

Convince you? OK. How about this?

It is MY PRIVATE DATA.
If the government has reason to believe that I am doing something illegal, then convince a judge to SIGN A WARRENT.

Implementation

[WhiteWolf666]

People; don't say "This can't be done."

This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.

The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.

Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.

This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.

Sleepwalking into a Police State

[thagrol]

This is just the latest in a long line of moves by the current government to reduce freedom and liberty in the UK, all in the name of security.

Add this to the National Identity Register, ID cards, the Civil Contingencies Act and the Parliament Act and the UK is well on the way to becoming a police state.

And the worst of it is, most people seem to think this is a good thing.

Porn, not informative!

[pla]

Who the hell modded this informative?

Check the destination of that link before you click it... It goes to Bottle Guy - Just another site similar to Goatse or TubGirl.

More like "Horribly Bad Joke."

[C10H14N2]

Just an example of astoundingly ignorant politicians who don't realize they're effectively criminalizing the use of cellular phones, the constantly changing keys of which would amass petabytes of data within a year, in just the UK--and that's just the keys, not the data they encrypted...and that's just the cellphones.

What absolute morons.

Re:Just following suit.

[dew-genen-ny]

OMFG! The perpetual war is here already... don't you pay attention? What do you think this pointless, fruitless search for terrorists is? They're the ultimate enemy (in the eyes of the goverment) because they can never be caught or defeated...

Re:perfectly reasonable

[kennygraham]

Much like a warrant to search a physical premises, having the police have the power to force you to expose your private data is perfectly reasonable, so long as it is similarly regulated by the courts.

And if this law were "You have to give up your encryption keys if a court issues a warrant to search your computer", your post would make sense. This is more similar to giving the government a copy of your house key just incase they ever get a warrant. But I suppose if I have nothing to hide...

Re:Who needs encryption?

[lexarius]

You need encryption to ensure that when you send your credit card number to a website, all the networks in between do not get to write that number down and save it for later. You need to keep your private key private so that, when a malicious cracker gets into the website for your major operating system and puts in some innocent looking update files on the server, the clients on the other end can verify that they have not been signed by you. You need encryption so that you can keep your plans for rebellion out of sight of the oppressive government you live under. Maybe not the U.S. or Britain (yet), but one would hope that people in places like Iran are able to secretly make plans with themselves and with outside forces to throw off the yolk of whatever is bothering them.

Re:key stupid point in government relations

[Bastian]

Another purely pragmatic fear is that this would be nothing but a waste of time and money, and a distraction. This law effectively requires that law enforcement must put a respectable amount of effort into collecting and cataloguing what could be billions of encryption keys. (I couldn't even count the number of keys that I use offhand, not even counting SSL, which I assume they don't care about.) All of these keys have to be associated with their owners and users, what they're being used for, and what data they're being used to encrypt. That could easily grow to be one mess of a database.

A database that would be effectively useless. The only people who are going to provide keys are law-abiding citizens who provide them all and non-abiding citizens who provide all but the keys they don't want the gov't knowing about. Meaning none of the keys in the database will be useful for finding anything the law might need to know. Meanwhile, it's going to provide another distraction if they actually try to enforce it, because they'll have to start hunting down all the folks who are no threat, but don't provide keys because they don't know, don't care, or value their privacy. I'm completely lost as to what they think they can gain by maintaining this. It's not like this database would be particularly useful for, say, mounting a dictionary attack on data that was encrypted with an unknown key by a real shady figure.

I'm sure implementation details can vary how much this is going to pull resources away from real counterterrorism and law enforcement, but I can't see how this can possibly do anything but make counterterrorism and law enforcement more difficult. And I'm sure anybody worth their salt probably realizes this; I can't see why the true motive could be anything but irrational paranoia or a Big Brother attitude. (Of course, those are probably really the same thing.)

I'd like to see some stats...

[erroneus]

...I know that's like asking to be lied to, but I would like to know how often criminal investigations are hampered or even prevented because communications or information had been encrypted.

Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.

I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.

Re:More like "Horribly Bad Joke."

[Tony Hoyle]

..and you ipsec keys, which change every few minutes, your ssh key, which is per session, your kerberos key, etc.

Most people don't even realize how many keys they use. They could default on a law like this without even knowing it.

On the other hand

[DragonWriter]

Maybe they do, and this serves as a way to indirectly outlaw a whole host of encryption technologies (at least when used by private individuals, rather than the government).

Of course, its quite likely that if the UK is like every other country, the law would be selectively enforced. They wouldn't go after everyone using technology that made the mandatory reporting impractical, but if law enforcement got in in their mind that you were guilty of something else (whether another crime or just doing something not-illegal that law enforcement authorities don't like), they'd use your use of such technology, and the fact that it made you guilty of a chargeable offense, as a lever or as a fallback charge.

Re:key turning point in government relations

[gowen]

Despite the slashdot spin, it's not about everyone turning their keys over the the Govt as a matter of course, its about the police/courts/judiciary's rights to demand that a suspect turn over the key for encrypted data believed to be material to a case.

But don't let the facts get in the way of lazy stereotyping...

Cat. Mouse. Cat. Mouse. Cat. Mouse.

[hacker]

"The use of encryption is... proliferating..."

The use of illegal government spying on innocent citizens is proliferating.

Your move now.

...(and no, you may not have my encryption keys [gnu-designs.com]).

Re:More like "Horribly Bad Joke."

[caluml]

Most people don't even realize how many keys they use. They could default on a law like this without even knowing it.

Excellent! Everyone's a criminal. Now just make sure you toe the party line, otherwise we could, you know, check up on you.

Re:Stop giving the US gov't ideas

[magnumquest]

What ideas, US is way ahead at this whole package of buying civil liberties for the same excuse 'criminals, paedophiles, and terrorists.'

NSA Phone Home anyone?
CIA wants internet-usage-information
FBI wants ability to barge in for a cup-a-coffee without a warrant

I'm out of here...

[crossmr]

Is anyone else getting the feeling that its not safe on either side of the water and its about time to find an uninhabited unclaimed island and start your own country?

Re:key turning point in government relations

[IgnoramusMaximus]

Despite the slashdot spin, it's not about everyone turning their keys over the the Govt as a matter of course, its about the police/courts/judiciary's rights to demand that a suspect turn over the key for encrypted data believed to be material to a case.

Oh really? What happens if some blob of data on the computer is deemed "encrypted" by the Glorious Defenders from Assorted Boogeymen? How do you tell well encrypted data from random pile of binary junk?! Better the encryption, more mathematically similar to random noise the data is, no?

To me it is simple: this is a method for the State Security Apparatus to have yet another excuse to try someone as "uncooperative terrorist" for failing to decrypt the data on the empty sectors of the hard drive or some such. Police State, pure and simple.

And another thing, what is a difference between demanding "decryption keys" to some pile of encrypted data on your computer and demanding that you undergo a brain scan "decrypting" your innermost thoughts to prove yourself "innocent", should such technology become available? Do you even realize implications of a world in which you are not entitled to keep anything secret from the government, even if it deters terrorist/pedophile boogeymen?

Re:key turning point in government relations

[gowen]

What happens if some blob of data on the computer is deemed "encrypted" by the Glorious Defenders from Assorted Boogeymen?

Well, they go to court, and they have to try and convince a jury of your peers that they are correct, beyond a reasonable doubt. The same way every single other law operates. If they can support their assertions with sufficient convincing evidence you go to prison, if not, you don't.

Besides, there are already horribly injust mechanisms for detaining people in Britain without the need for a trial. Thats what we should be getting worked up about (although the Human Rights Act is doing for them, fortunately).

But this far more measured Act (which involves warrants, Section 49 orders, actual trials, and the need for evidence and all that) is what slashdotters choose to get worked up about. And why? Because it involves computers.

Frankly, thats pretty pathetic.

Re:My God

[IAmTheDave]

Or "Big Brother is Watching You, and If You Try To Stop Him, You Will Go To Jail."

Re:perfectly reasonable

[drooling-dog]

Why not get right to the root of the matter, then, and simply criminalize any attempt to engage in a private conversation? After all, speaking to someone face-to-face in a secure setting is functionally the same as using encryption in a remote communication. No more walks in the woods, unless you immediately file a synopsis of everything you talked about with the proper authorities...

Re:My God

[theguyfromsaturn]

Seems stupid to me. Criminals are STILL going to encrypt their data anyways (what's one more law broken). All this ensures is that some corrupt government employees will make millions selling encryption keys on the black market. And YES there are at EVERY level of every government and private organisation corrupt and criminal elements. You only need one such person to compromise EVERYONE's encryption keys. What's more, I'm willing to bet that the government will store these keys in unencrypted harddrives that will be stolen at the first opportunity.

Re:More like "Horribly Bad Joke."

[RexRhino]

The real question is not why you think these encryption laws are idiotic... of course they are idiotic. The real question is why you think the laws on education, civil planning, economy, enviornment, health care, or anything else are more reasonable that these laws on encryption.

You are probably an expert on computers/encryption, being a part of the Slashdot crowd, that you can understand how messed up these rules are. But if you were a doctor, you would probably think these rules are reasonable, and instead would think that the laws on health care are messed up. You are critical of these laws, because you have the knowledge to understand what is wrong with them... and you are probably don't really question the laws on subjects which you might not understand.

So you must understand, the vast majority of the population who doesn't understand encryption, will think these laws are reasonable and nessicary, the same way you probably think the laws on education, or enviornment, or whatever are reasonable and nessicary. The average person is not going to take you any more seriously complaining about this, than you take the complaints from factory owners about enviornmental laws.

At some point you are going to have to realize it isn't "idiotic" leaders who are making "idiotic" policies that are the problem... that our leaders are very very smart and competent... but that it is the idiotic concept that a handful of experts and technocrats can manage virtually every aspect of a huge diverse society. It is the concept that society can be centrally planned / regulated / and managed by lawmakers that is the problem, not with the specific "central planning".

Why would a bad guy worry about breaking more laws

[mljames]

I don't post often, but this spurred me to action.. It reminds me of gun laws in the U.S. Honest Citizens are expected to wait 5 days and complete a form acknowledging among other things that they are not a criminal. The funny thing is.. I don't think that criminals admit they are criminals..so they get their guns illegally or check "no" i am not a criminal on the form. If honest citizens are expected to turn over their private keys.. I might expect that the criminals wouldn't turn theirs over - they have already broken at least one law (to become a criminal).. I'm sure they wouldn't have a moral problem with breaking another. or They could simply turn over the a throw away private key to satisfy the requirement and use an illeagal set for their business. Just my opinion

Re:key turning point in government relations

[goaliemn]

The gun thing is the best analogy. Gun crimes still happen in England all the time. Criminals didn't turn in their guns.

As far as safety with children, more die every year in car accidents and drownings. Do we ban bathtubs, pools and cars? Once anything is invoked "for the children" or "to protect the children" its bad. It will be used as artillery in the next election because he didn't vote "for the children"

Re:On the other hand

[DragonWriter]

Catching up? That's so unfair. Its not like the British are newcomers at this -- if they hadn't done it first, there likely wouldn't be a US.

patently wrong

[l4m3z0r]

In america we have whats called the 5th amendment. Which should mean that I have protection under the law to not be forced to answer questions that incriminate myself. What is your password? and what is your encryption key? should be similiar to Where were you the night the victim was shot? I don't have to answer if i believe that in answering the question it will incriminate me in a crime.

Obligatory Ayn Rand

[mrchaotica]

"There's no way to rule innocent men. The only power government has is the power to crack down on criminals. When there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws." -- Ayn Rand

Re:My God

[mrchaotica]

If you know something about cryptography it isn't that horrifying.

<snip>

Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.

Doesn't that make it more horrifying, not less?

Parent is speaking BS

[h2g2bob]

The law - which is here:
http://www.opsi.gov.uk/acts/acts2000/20000023.htm [opsi.gov.uk]

It requires you to provide a key - if it is reasonable to assume you have it - to decrypt encrypted data. It is only illegal to refuse to give a key IF ASKED, and NOT "look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail."

It IS an offense (from the legal text liked above) "if he knowingly fails, in accordance with the notice, to make the disclosure required by virtue of the giving of the notice."

Re:Plausible Deniability

[dr_dank]

TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:

a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."

b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"

The problem I can see with "rubberhose" systems like this is that governments won't buy your line that you went through all the trouble of setting an encrypted volume or whatnot to protect lame things. I'm sure they would have no problem jailing or coercing the user until they gave up the key to something juicy.

Since you can't prove a negative, you'd better hope you last longer than they do.

Re:Unenforcable Law

[Hakubi_Washu]

But they can "force" (if you don't want to go to prison or pay some fine, probably torture in the future?) you to hand over the key to the first container. Opening it (Usually they'll have the legal "right" to do so by the time they come asking for the first key, because otherwise they probably would'nt even know about that one in the first place) and finding the second container, thus getting to know it's existance... ad infinitum. Plausible deniablity only works as long as "they" can't get their hands on your raw drive and "known" container keys legally. I prefer not to even deny I'm encrypting, but keeping the key on an encrypted USB stick, which can easily be destroyed, effectively destroying all my data at the same time (Until the original encryption is broken, which is, in all likelyhood, long after my death). I may end up "destroying probable evidence" and even being "unwilling to disclose my keys" (thouh that would be a stretch), but they can't, under any circumstances, gain those keys anymore (Neither can I, but that's worth it). But then, I live in Germany, where at this time, encryption is still legal and even recommended by the courts to protect private data.

Re:My God

[wirelessbuzzers]

There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file. This allows a user to encrypt a sensitive file with an innocuous one, so that when required to disclose a private key the user can just give the one that decrypts the innocent data.

Except not: plausible deniability only works if you're innocent until proven guilty. In the U.S., and even more so in Britain, if you're using crypto, it isn't true anymore. Just having a crypto program on your hard drive shows criminal intent, and if it does layered encryption, that shows intent to commit perjury also.

Re:More like "Horribly Bad Joke."

[minuszero]

erm.
RTFA

Despite the poorly worded title, the UK govt. isn't about to ask you to submit every single key you ever generate.
It just wants the ability to 'force' you to hand over the keys if and when it asks for them.

Granted, this causes problems of it's own. I mean, I don't keep a list of every key i've used...

Re:My God

[RedBear]

Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.

v'z fher v'yy trg zbqqrq qbja sbe guvf fvapr v'z rkcerffvat n ceb-crefbany-svernezf ivrjcbvag, ohg naljnl...

Indeed, there is a very strong parallel between this and gun control schemes. The honest people give up their guns/keys to the government, the people who are already criminals have no reason to do so. The bad guys simply get smarter at hiding what they do. Who gets screwed in the end? It's always the honest, law-abiding citizens.

Oh yeah, dear UK government, you can pry the encryption key for this post from my cold, dead hands, along with my firearm... (Although in this particular case I think it will be more difficult to get the gun than the key.)

Doesn't seem like Orwell and friends really accomplished much, does it? They showed us the future but we're just walking right smack into it anyway, eyes wide shut.

Re:More like "Horribly Bad Joke."

[ajs]

You're misunderstanding the technology or the law (I'm not sure which).

They're talking about private keys (as in the private half of the public/private key pair in public key cryptography), not private keys (as in the only key in private key cryptography).

This is a huge difference. Private key cryptography is used as the underlying scheme for protocols like SSH, SSL, etc, but public key cryptography is used to ensure the secure exchange of that key. of the private half of the key pair is known, that initial exchange is not secure, and thus there is no need to be TOLD the private key cryptosystem's key: it is handed to any listener who knows the private key that goes with the public key used to initiate the session.

Oh, and the cell phone companies almost certainly already hand over the key pairs for the phones (or are issued them).

Re:My God

[mishmash]

This is already enacted, it just needs a ministerial order to bring it into effect. The debate was over five years ago. It came to prominance again in November last year, when the UK was debating how long it was reasonable to keep people in jail without trial [slashdot.org], with a key point of the Government's argument being that they needed three months to decrypt data - the opposition pointed out that with holding encryption keys was already an offence in its self so that argument was nonsense.

This law scares me, because it, like many of the 700-1000 new criminal offences created by Blair's Government since 1997 [telegraph.co.uk] it has the potential to criminalise people who've not activly done anything wrong. Read Section 3 of the RIP act [opsi.gov.uk] the State only has to have reasonable grounds for believing someone has an encryption key to force you to reveal it (then throwing you in jail if they won't / can't / or havn't a clue what an encryption key is, when they might have used one or how to supply it to big brother.)

The law also states that it may, depending on the circumstances, be an offence to tell anyone that you've been asked to disclose your encryption keys - there is no exemption for instructing a lawyer to defend the demand for the key.

This law is not only bad for Business as indicated in the article, but yet another frightening step knocking the relationship between the state and its people out of balance

Re:My God

[mrchaotica]

Oh, we're looking at it in two different ways: you say it's less bad because there's a workaround; I say it's worse because that makes it totalitarian and ineffective.

Re:Nothing compared to Tuesday's Dictatorship Bill

[Anonymous Coward]

Tony Blair is a truly scary individual. He has surrounded himself with sycophants, and claims 'history will judge him' in order to stay in denial about his 25% approval rating. He lives in the delusion that he is a great leader, a president of britain (and at one point, in his mind at least, of europe)

He believes he knows better than us. He believes that we should just sit down and shut up because he has some great destiny to fulfil for himself and the nation.

In short, he is a bit of a Stalinist.

Re:patently wrong

[hacker]

But not disclosing your passphrase, password or keys IS the crime in this case. So its a Catch-22 now. This is exactly how the current administration (at least in the US) is working things out. They'll make it all doublespeak, so no matter what, you're screwed.

Now where did I put my Civil War handbook again?

Re:Actually...

[TomatoMan]

In mainstream politics, if you support equal and universal health care, YOU MUST SUPPORT STATE RUN HEALTHCARE.

Well, my serious question is: how else are you going to do it? What entity other than the state can provide universal health care?

Or, are you positing that either:

1. Under pure anarchy, people would naturally take care of each other and no-one would go without care, or
2. Universal health care is impossible and there's no point in striving for it?

Legitimate questions, not a flame. I'm just not sure what you'd call any entity that provided universal health care other than "the state".

Re:My God

[jez9999]

I'm pretty sure that idea died a Horrifying death

Wishful thinking, they extended it to 28 days without trial/evidence instead. Blair was still spouting on that the country's security had been compromised. Because police and security services had some power removed, right? ...

One of Blair's favourite lines went something like this,

"I don't understand why people seem to think that the rights of terrorist suspects should be more important than those of innocent people."

Re:More like "Horribly Bad Joke."

[BalanceOfJudgement]

"At some point you are going to have to realize it isn't "idiotic" leaders who are making "idiotic" policies that are the problem... that our leaders are very very smart and competent..."

It goes both ways. While I disagree that our leaders are very smart and competent (I have personal experience that indicates otherwise, that they are just as ignorant and uninformed as the average Joe), I also think that we are responsible for the leaders we create.

At the end of the day, we will ALWAYS only have ourselves to blame; our leaders are just the convenient target of that blame. But we created them. We educated (or didn't educate) them. We elected them.

The world is what WE make of it - or if we prefer to do nothing, we will be subjected to the world that others would make for us.

Re:More like "Horribly Bad Joke."

[Skjellifetti]

Hmmm...

I'm not a food scientist, but I think labeling laws and food safety inspection regulations are very necessary. Who doesn't think that? The food industry that doesn't want me to know that their product contains transfats and which would be happy to sell me contaminated meat.

I'm not a chemical engineer, but I support regulation of gasoline additives. Who doesn't support that? The oil companies who understand that lead is a very cheap way to increase octane levels.

The real question is why you think the laws on education, civil planning, economy, enviornment, health care, or anything else are more reasonable that these laws on encryption.

Because most regulations are designed to establish the bounderies of various property rights. Who owns the air -- you or the oil companies? In this case, the regs define the limits of what an individual or company can do with a common resource. Should a food company have the property right to sell unlabled food? Here, the regs are designed to put buyer and seller on more even terms -- they reduce the transaction costs of buying and selling food.

But mandatory government access to private keys does nothing except make it easier for governments to invade personal privacy. In no way do such regs reduce the costs of transacting commerce or establish property rights boundries on common resources. These regs are fundamentally different from food, health, and environmental regulations.

What if you legitimately forget your passphrase?

[jroysdon]

Here is one for them to stop and ponder:

What if someone is totally innocent, has a bunch of different encryption programs and passphrases, and is raided by law enforcement.

What if they cannot recall every single passphrase? If they forget just one, are they going to jail until they can remember?

Think about that, I've got PCs sitting around from years back. I've used different password systems over time, and often I cannot remember very old passwords. If I were living in the UK and were to get raided (I have no reason to, I don't even download TV shows or have MP3, just OGGs of stuff I own, so move along), I'd be sitting in jail, I suppose.

What if, because you cannot recall a password, you reformat a hard drive? Then they find the drive and want the password because they can recover the data?

What if someone send you an email with an encrypted content (whatever the method), and you don't legitimately have the means to decrypt it? Sounds like a great way to set up a suspected criminal. "Yes, we see you have several emails in your trash with encrypted contents. Tell us how to decrypt it or you're going to rot in jail."

How about amnesia? It goes on and on...

It's not hard to blow massive holes in this playing devil's advocate. Then all a real criminal has to do is play ignorant.

Re:Actually...

[RexRhino]

Under pure anarchy, people would naturally take care of each other and no-one would go without care, or

Under pure anarchy, people COULD take care of each other and no-one would go without care. How successful they are is up in the air - Most anarchists or minarchists are not utopians, so just because we have anarchy doesn't mean our problems are all solved. In the same way that we support science, but we don't expect science to solve all our problems.

Here are some examples of ways everyone could have universal and equal health care without being provided by the state:

1. We could have such a wealthy society that healthcare would be so cheap and plentiful as to be essentially free and universal. Take, for example, television. Go to the poorest neighborhoods in the U.S., and all homes will have a television set. The vast majority will even have cable or satalite. In fact, people living in poverty are more likely to see a television as an "essential" item than rich people (who can afford other types of entertainment). There is no government run television program that provides it to everyone... it is just that our society is so wealthy that TV has become so cheap that it is universal. It is possible that we could have such a thriving economy that paying for health care is just not an issue.

2. We could have private, self-organized, voluntary organizations that provide health care to everyone. Churches aren't funded by the government, they rely totally on voluntary participation and funding, and yet churches exist everywhere. There is no reason why any service couldn't be provided equally to all people, based on voluntary contribution.

3. There could be some sort of technological advancement that renders conventional medicine irrelevant.

4. Labor could form unions, and demand health care as a standard part of all employment. Employeers would be forced to pay for medical care, or face a highly organized nationwide strike.

4. There could be any combination of the above. Or any number of other possible situations that I cannot even begin to list. Use your imagination.

Universal health care is impossible and there's no point in striving for it?
Universal Health care seems to be a failure as it has currently been implemented by governments. One could argue that by relying on the state to give universal health care, that we have given up on health care.

I'm just not sure what you'd call any entity that provided universal health care other than "the state".

The state is enforced on all who exist in a geographic location based on the threat of violence through the police and military. Any entity that does not use violence, and does not force participation in the system, would not be a state system. You may thing "the present system is not violent", but it is. The violence may be hidden under layers of beurocracy, but try refusing to pay your tax, or try opening a health clinic without government permission, and the government is going to send some armed individuals to deal with you pretty quickly.

But on a deeper level, the fact that you have to ask me how we could provide universal health care without a state, is a symptom of the bias and indoctrination. You should be able to think up a few methods for solving the problem without the use of the state yourself. Even if you think the state is still the best way to solve the problem, the fact that the average person cannot even comprehend there could be other solutions besides the government... the fact that virtually no-one gives the other solutions any thought should be warning signs that there is a serious problem. The fact that to be anti-government in our society means to be anti-equality, or anti-prosperity, means that any non-government solutions are going to be supressed. After all, who wants to be anti-equality or anti-prosperity.

Re:...what if...

[RexRhino]

Statist indoctrination trumps. There may be disagreement about how a state is run, but my guess is that everyplace you were educated, the absolute nessicity of a strong central state was a given. One country might justify the need for a state in order to protect itself from foriegn enemies, another might justify the state in order to provide social services, another might justify the state for other reasons. But they all agree on the supremecy of the modern centralized state. They disagree on the way a state should be run, the principles the state should abide by... but they all see the state as an institution that is intrinsicly "good". I very highly doubt that anywhere in the world, you were taught to question the government itself as an institution (and I don't mean to question the current political regime, or the current party in power... but I mean to question the state in itself).

There's a silverlining

[takeya]

The silver lining to this is that this is proof that the government doesn't really have the capability to decrypt encrypted email in a timely manner, even with all their supercomputing power.

Which means that those in Britain willing to break their retarded laws, and us here in the US where encryption isn't illegal, are, by using encryption, successfully sending TRULY private emails.

The criminals dont follow laws anyhow..

[segfault_0]

The criminals using encryption are already breaking the law and obviously wont turn in their keys to the police. The only people who will be caught up in this legislation are the good people who follow laws. Whomever thought this up should be sacked for pure stupidity.

Re:patently wrong

[Anonymous Coward]

They would have a bit of difficulty citing 4th and 5th Amendment protection, given that they'd be British.

right....

[smash]

Let me get this straight... by forcing commerce to surrender their private keys, this surrender's the terrorist's keys how?

This achieves nothing, other than piss innocent people off.

Oh, I'm *sure* a terrorist who is plotting a terrorism event will stop and think, "Oh, fuck - I'd better submit my private encryption key to the US/UK government, or they'll send me an angry letter!".

This law smacks of being formulated by someone who has no fucking clue as to how easily configured and commonplace encryption is...

smash.

Re:My God

[alan.briolat]

I agree entirely - there seems to be a prevailing attitude that "suspects" now have the same lack of rights that actual "criminals" have. I think that the "Western Empire" is getting ready for its demise. The populations of the major player in said empire are becoming stupider and more gullible, and the politicians have crippled economies with their greed. There is nothing left but the promises and IOUs that account for the amount that countries like the US and the UK are going further into debt by each day.

But not to worry - those of us who see what is happening before it happens can prepare. Everyone else will only find out when it is too late.

Re:Stop giving the US gov't ideas

[isorox]

so, you basically have to go somewhere else after drinking there....and in most places, you sure don't want to leave your car there unattended overnight.

So let me get this straight. You drive to a bar, with the intent to drink alcohol, and intend to drive home after? And this is the bars fault?

You are not an "it" getter

[spun]

You don't get it. Government is the big bad ooky thing that tells us all what to do and takes our money. In Anarchy, we don't have that. We have a bunch of individuals who, um, organize themselves into groups and decide, errr, how to distribute resources, and how to enforce that distribution, and what to do about the Bad People and stuff like that. That's not government, see, because it's different. It's only because of your Statist indoctrination that you can't see the difference.

I consider myself an Anarcho-Syndicalist, but man! the twists of logic that some Anarchists go through... Talk about indoctrination. Anarchism is a form of Government, and if you can't see that, you really need to read a little more.

"Oh, but spun, Anarchists don't Initiate Force (you can hear the capitals when they talk, can't you?)" you say, "We don't force people to do anything!"

Oh really? You don't force them to respect your property rights and conflict resolution system?

"Oh, but that's not Initiation of Force! That's Retaliatory Force! They started it!"

Yeah, sure. "They started it" is the favorite excuse of tyrants everywhere. What about my right to go anywhere I want and use any natural resource I want? Why should I respect your supposed "right" to take that away from me? If you weren't here, I could use the land you claim as your own.

Basically, the parent post is correct, anytime you have more than one person, that is political science. Discussion of things such as property rights, conflict resolution, decision making systems, etc. THAT IS GOVERNMENT!

I'm sure some Libertarian is going to come along now and demonstrate the meaning of the word Sophistry [wikipedia.org] for us.

Re:...what if...

[shutdown -p now]

One country might justify the need for a state in order to protect itself from foriegn enemies, another might justify the state in order to provide social services, another might justify the state for other reasons. But they all agree on the supremecy of the modern centralized state.

Don't you think that this fact alone - that there's no way you can get education without "statist indoctrination" - hints at the truth of the statement that modern centralised states are superior? How long do you think would an anarchist (anarcho-capitalist or socialist/communist) community last in the world before its statist neighbours take it over?

I am a fellow anarchist at heart myself (albeit of a socialist persuasion), but in present situation, I see state as a necessary evil to protect its citizens from some of the worse states out there. I'd rather live in a social representative democracy than under a plutocratic totalitarian regime, that's for sure.

Re:More like "Horribly Bad Joke."

[Eunuchswear]

No, the law says if you don't give them the key you go to jail for 3 years. You didn't give them the key, you're guilty.

They don't want the keys - they want the power to bang you up without having to do the work of proving you guilty of something real.