UK Government Wants Private Encryption Keys

An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"

no diffreance than real life

[a_greer2005]

I assume that the there is a simmaler rule for safes/lockbox combinations.

What about global corporations?

[voice_of_all_reason]

Most major companies have offices all around the world, presumably. So now they'll have to have a separate (pretty much disposable) encryption method just for the UK?

What about communication between offices on the internet? A japanese analyst creates some research, but due to technical problems the only Compliance office up is in Europe. So every program or service that can comminicate with Britain has to check if a request is going to/through the UK before applying the "approved" encryption.

To quote, "this is madness"

England Prevails

[zariok]

"England Prevails"

Parliment better watch out... hear there's a train heading there loaded with fireworks and other things that go boom.

Re:Simple solution.

[dgatwood]

You do know that with the way SSL/SSH works, that's EXACTLY what you would be forced to do to comply with this law, right?

Methinks the UK government doesn't know that what it wants is technologically infeasible....

New encryption scheme

[Guysmiley777]

Simple solution: You have a new encryption scheme where there are 2 private keys. The first one allows decryption, the second wipes the drive. Guess which one you give to the police?

One Key

[Tackhead]

> I believe we are in need of a new Slashdot section: Horrifying

One key to rule them all; one key to find them. One key to bring them in and in the darkness grind them. In the land of Norsefire, where England Prevails.

Re:Brilliant idea...

[grub]

I'm sure the criminals, paedophiles, and terrorists will just be lining up to hand over their keys, too.

That's the odd thing about this. You can get up to 2 or 5 years in the can (depending on if they think you're a terrorist). So if you have gigs of terrorist info that could get you sent away for life, just say you lost your keys and go away for 5 years max.

A solution

[ratboy666]

Presuming that current crypto is secure, public key cryptography provides a solution.

Specifically, the public key is published, but private keys are pretty much unknown. The only thing you really know about your private key is the passphrase needed to use it (note that the computer using an entropy source generated the key in the first place).

The key itself? Should be stored on a flash memory card. Or another easily destroyed medium. If broken, you have NO way of supplying the key to the government.

The issue is key management. If the key doesn't exist, no amount of threatening or torture can cough it up. Sure, the passphrase (at the drop of a hat), but the key?

Ratboy

Re:Who needs encryption?

[hunterx11]

Encryption may not be a must for most people, but keeping the government out of one's private business is a must for all people, everywhere.

what will this do?

[joe 155]

To say, as they did, that this will stop terrorists is stupid. The thing that terrorists have the liberty of doing is sitting back and saying "no" whilst waiting for the rest of their cell to carry out the act; they were going to die anyway, what does it matter. The sentence has to be for a fixed length of time (well it doesn't have to be - in contept of court you could just be held forever untill you are willing to say your name/stop swearing at them etc.) - you can't have crazily long sentences because someone might just forget the key and not be doing anything wrong - so if you say 6 months then they will be out in 3 - which is not enough to stop someone from being a terrorist (if you could even have a sentence which would) and it is far less than peado's get - so it's still the sensible option. Also when you are in prison you can say "I'm in for telling the government to fuck off"... which will make you infinately more popular than "I like watch little kids getting abused" (which will get you beaten till you bleed out your ears)... so I can see a lot of convictions coming

Re:perfectly reasonable

[Anonymous Coward]

Actually not the same as a search warrant at all. The police can get a warrant to search a house if they show probable cause, but they can't require you to testify against yourself and reveal the location of the item(s) they are looking for. Likewise, they can sieze a computer with a warrant and examine the contents of the memory and drives, but they should not be able to compell you to testify against yourself by revealing an encryption key. This is basically removing a very long standing common law right against self incrimination - brought to you courtesy of the same government that erode its subjects right to trial by jury.

Bad Legislation

[Ilex]

This is an example of the government passing bad laws which have no real effect on terrorism, it's just posturing. It'll be impossible to prove that a person really knows the encryption key or if the key that was coerced from them is the real key.

These days encryption software like truecrypt have multiple levels of "plausible deniability" so even if a key was coerced out of someone you don't know if the data that is decrypted is the real deal or just another decoy.

These so called government security advisers really don't know anything about security. The UK Government can't even remember to deport foreign criminals after they server their sentence. The country will be a lot safer if the Government fixed their own incompetence rather than pass TROLL laws which deprive the real law abiding citizens of their liberties whilst allowing the terrorists to carry on business as usual.

Re:Simple solution.

[nizo]

Two words: deniable encryption [wikipedia.org].

Plausible Deniability

[israfil_kamana]

I think this will increase the proliferation of encryption technologies which provide a certain level of plausible deniability. Things like TrueCrypt (http://truecrypt.org/) provide an encrypted container which has a basic access and a secondary access. The container cannot be detected as being an encrypted anything - it is just a bunch of random data. If you use the basic access mechanism, you get your data. If you use the secondary access, you get an alternate contents, which can be seemingly important, but relatively benign data you put there to look like soemone got something important. However, you cannot tell which one is which, or even that the alternate access isn't the primary one.

TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:

a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."

b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"

Lastly, if you use things like encrypted swap on a unix device, you can plausably say that what is there is just an encrypted swap file, and you don't have a key because the key is never saved to the disk. Why isn't it mounted now? You only set it up temporarily and forgot to delete the file when it was done. (for 1Gb files or larger...) If you have a 20Gb file, you're probably going to have to explain it... and go for option (b) above.

Of course, if your 20Gb file is not a file, but is just an "empty" partition... well there you go.

Please note - I'm not advocating breaking any law here - just outlining what this will drive people who care enough to do.

Unenforcable Law

[EllisDees]

Go to http://www.truecrypt.org/ [truecrypt.org] and check out their product. It allows you to store and encrypted drive inside another encrypted drive in such a way that it's impossible to tell that the first one even exists. They can't force you to give them the keys to something that they don't know is there.

This is why...

[Anonymous Coward]

GPG is better than PGP. There is no customer database. The UK government could request the customer database of all UK customers then they have an instant "hit list" so to speak. GPG requires no install so it is [almost] impossible to trace (use a file shredder to securly delete it, etc. making it as close to impossible as you can get).

It will also force more people to use much more sophisticated technoligies. Things such as TrueCrypt's Hidden Volume [truecrypt.org] feature for Plausible Deniability. Again TrueCrypt requires no install, is open source so people can be happy knowing that others can review the code to ensure there are no back doors and it uses well known (and therefore well tested) algorithms.

Also the government are kidding themselves if they think they will catch terrorists with this. If you are willing to kill hundreds or thousands of people and more than likely kill yourself in the process, are you going to be worried about going to prison for with holding your private key? Of course not. The same holds true for the really evil pedos. Going to prison for with holding your private key isn't as bad as going to prison for having 20,000 pictures of naked 3 year olds.

The only thing this will do is hurt our country. More rights lost with no real gain. If they could be 100% sure it would remove terrorism and pedos I would think about it but it won't, it won't make any difference what so ever. Next they will be requesting a copy of a key to your house so they can secretly search it without you knowing to ensure you are not breaking the law.

Re:More like "Horribly Bad Joke."

[mrogers]

They don't need the encryption keys for mobile phones.
1) Information is only encrypted between the phone and the base station, so they can just tap the base station
2) Some of the encryption algorithms are known to be broken, others are secret and probably backdoored

In related news...

[user24]

In related news, the UK police say they will shortly be making home visits to every house in britain, requiring copies of front and back door keys for businesses, homes, apartments and garages..

Re:In Soviet Russia...

[muellerr1]

Comparing any of our current major governments to Soviet Russia sounds an awful lot like a new version of Godwin's Law [wikipedia.org]. Can we call this one "Fapestniegd's Corollary"? It would state that as an online discussion (about government) grows longer, the probability of a comparison involving Soviet Russia or 1984 approaches one.

Re:On the other hand

[dgatwood]

But the thing about ephemeral keys is that they are ephemeral, i.e. they can't be "produced" on cue. All it takes is a permanent VPN connection to make this useless.

Even better, I could see a fairly trivial encryption mechanism that would make this absolutely insanely fun for the UK government. Modify the crypto so that:

• Each ephemeral key is encrypted using the previous one. (I think this is already the case.)
• Each ephemeral key is written temporarily to disk in such a way that the previous one is obliterated.
• Each new connection starts with the previous connection's final (or current in the case of concurrent connections) ephemeral key as a seed.
• A shared key mechanism is chosen specifically to thwart known-plaintext attacks.
• The time between key generation is random.
• Multiple connections are made each time, and the sending end chooses which one to actually use at random, using chunk stamps to maintain data ordering on the receiving end.
• Each connection will randomly write its preexisting key to disk without changing it.

In this case, once the attacker (the UK government, in this case) got the current key, they would have to find a way to take that, coupled with the packet containing the encrypted copy of that routine, and obtain the key used to encrypt it. As long as the cipher makes known-plaintext attacks relatively hard, this is relatively hard. Because of the random periods between key generation, coupled with the creation of multiple streams and the random-time writing of preexisting keys, this will mean that the attacker will have to guess a potentially large number of keys before arriving at the one that successfully decodes a second stream started while the first is going. It will also require accurate time stamps of the data.

Basically, the only practical way to break such a scheme is to have been monitoring since the very first connection was established between the two hosts.

Re:Nothing compared to Tuesday's Dictatorship Bill

[john83]

He already has locked up people for 3 years without trial or even being questioned - although he has been twice been 'told off' for breaching the Human Rights Act in this way.

Could you quote a source for that please? Thanks.

Re:Actually...

[RexRhino]

I'm a political scientist by education. Where does that put me in your example?

It means that you have been fully indoctrinated to accept the political and social assumptions of your society, and you now indoctrinate others into those assumptions... in such a way that it perpetuates the current political system. You are to the modern state what a priest is in Catholisism.

An example of a political assumption in a society would be something like the debate over government's role in health care in Europe. There are those who argue that equality of care (everyone is entitled to equal care) is why health care should be provided and controled by the government... and those that disagree. There are those who argue that no-one should be without health care, and therefore the state should provide it to everyone... and there are those that disagree. BUT, no one questions the idea that the government can or will provide truly equal care, or that the government can or will provide the care to everyone. The political assumption is that government never fails to provide people with services, and that government always provides those services in a manner that is equal to everyone. Even the people who are against the state's intervention into health care don't question that government will provide health care, and they don't question that the government will do it with absolute equality.

In a reasonable debate, you would hear people argue that states have engaged in terrible acts of inequality... in fact the worst acts of inequality, such as mass genocide, have been commited by the state. In a reasonable debate one would argue that states have often commited horrible failures in providing services to it's citizens, in some cases resulting in millions of deaths. Yet, in modern mainstream political debate, it is unheard of and inconceivable that someone could support universal and equal health care for everyone, and also not support state control of health care. In mainstream politics, if you support equal and universal health care, YOU MUST SUPPORT STATE RUN HEALTHCARE. Through political "scientists" such as yourself, and many years of indoctrination and government controlled education, you have been able to control people's thoughs as such that THE STATE = EQUALITY, and THE STATE = PROVIDING FOR THE NEEDS OF SOCIETY... and to be against the state is to be against equality and providing for the needs of everyone. As a "scientist", you should be able to step out of your views for a second and see that is a very powerful form of brainwashing!

Your job, as a political scientist, is to maintain a faith in the state and political process. You may question a specific government policy (but that is like questioning what type of sandwich I should eat for dinner... there is a big assumption that I should be eating dinner, and that my dinner should be a sandwich), but your job is to make sure all debate about the political sytem preserves the political system.

Now, I will admit I am stereotyping political science people. I suppose there are few token anarchists or libertarians or classical liberals in the political science field. But I think that you would probably agree, that anarchists or libertarians or classical liberals are probably few and far between in the field of political science. You wouldn't expect a political scientists to be against the political system, any more than you would expect a carpenter to be against wood.

...what if...

[C10H14N2]

I received that "indocrination" on three wildly different continents in four languages? (which, incidentally, is true)

Which "indocrination" trumps?

Easy Solution

[God of Lemmings]

Just create a couple gigs of nothing but encryption keys on your hard disk, then choose an arbitrary number of them randomly whenever you want to encrypt something. When they want the keys... give them the entire contents of that partition.

Government is not all that sucks...

[Kazoo the Clown]

The problem is, the non-governmental "solutions" are just as broken as the govermental ones, but also there are fewer checks and balances against them. The closer you get to anarchy, the easier it is for independent "gangs" to form and move to exert control over something. In government, you have gangs too, but those gangs that have a little more transparency and they can at least theoretically be removed or altered via democratic processes.

The idea that market forces can keep independent gangs in line is a myth that is dispelled as soon as you look very close at corporate-gang behaviors, especially once they start getting large enough to either exert significant control over a market, or collude with their peers to shut down the smaller competition. Often products do not succeed due to their inherent quality, but rather the quality of the marketing applied to them or the quality of the control a company has over the marketplace. Perhaps you'd be comfortable selecting a medical procedure based on the most persistent marketing rather than its success rate? You won't even *know* the success rate unless they're regulated into telling you, just like food companies had to be regulated into telling you the ingredients of their products.

Sure the government system sucks, but the reason we *know* it sucks is largely due to the transparency it has. Other systems suck too, but you may not know how much they suck if there's no means to impose some transparency of the processes. "Voting with your dollars," just won't do it.

Re:Actually...

[Valdrax]

The simple answer is that you run it like auto insurance in many states. You make people get it or make all employers provide it. In the former case you provide subsidies for poor people who couldn't normally afford it. The latter case is the path that Massachusetts chose.

You can also use state authority to provide for an independently funded institution that competes on the free market (with a little leverage to make the market more free than it currently is in certain areas) as outlined in this guy's plan. [healthsecu...merica.com]

Re:More like "Horribly Bad Joke."

[mre5565]

They're talking about private keys (as in the private half of the public/private key pair in public key cryptography), not private keys (as in the only key in private key cryptography).

No you are wrong.

There was a period of time when the Clinton Administration allowed export of software (only to the USA's allies) that encrypted data over the network provided it had support for key escrow. Someone in my employer's company had the idea that, "gee, Kerberos Key Distribution Centers keep each user's key in a data base, in the clear. Why not propose that, unchanged, as a Key Escrow System to the NSA? Law enforcement can obtain a warrant to get a user's private key per the policy of the Clinton Administration.".

So I did just that. The NSA's response: not good enough because they need to be able to descrypt arbitrary sessions, which means they needed a centralized place in a modified Kerberos system to record each session key, and BTW, have vendor supplied tools for making this really easy. As vendors we were unwilling to do all that because it would severely weaken the strength of the system. So we told the NSA, thanks, but no thanks.

The UK government is either very naive, or very stupid.