a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by jezzer
jezzer  ·  3429 days ago  ·  link  ·    ·  parent  ·  post: UK to actively counter strong encryption

I can't see how this could possibly work. Strong encryption methods are public knowledge. There's nothing to prevent independent implementations of strong encryption. The only people affected will be those that use off the shelf software - who'd be using weaker 'legal' encryption. That'd be the majority of users - who would then be more at risk of malicious software doing bad things. The only winners here are the bad guys.





mailor  ·  3429 days ago  ·  link  ·  

this policy is obviously not oriented toward preventing secure technology to be developed and distributed. Rather, its effect is that it makes its use illegale, hence providing a way for law enforcement to act over its usage upon necessity. In the UK it already is illegal to not provide a password/encryption key upon request; my understanding is that in this case, the law enforcement need some ground to make the request (e.g. threat to national security) which may be hard to prove (being the content encrypted).

If you make the use of encryption itself illegal, you don't need the "national security" pretext anymore to demand access to the data.

NoTroop  ·  3429 days ago  ·  link  ·  

With the UK trying to ban encryption, are they not just trying to get people to share keys for their encrypted data? If they make it illegal to not provide an encryption key, does the UK not have an equivalent of a right to remain silent/not incriminate yourself? Also, would the argument of "I forgot the key/password" immediately be seen as a sign of guilt? I don't understand what they could accomplish if this is the case, at least for individuals.

histo_toxic  ·  3429 days ago  ·  link  ·  

Luckily, steganography is still perfectly legal in modern Britain. So we can all still hide our secret messages in cat pictures on reddit.

violinist  ·  3429 days ago  ·  link  ·  

Like was mentioned above, encryption is already used in so many places on consumers' devices that it's unlikely many of them even know they're using it. If the development and distribution of secure technology is not attacked, there would need to be a massive educational campaign to inform consumers of what technology is being made illegal. I can't imagine that this is practical—I don't think Apple, Google, banking sites, or many of the other providers of encryption will change their practices to enable back doors, and without much broader knowledge by consumers of what software devices use encryption, there won't be a shift in user behavior to avoid cryptography.

jezzer  ·  3429 days ago  ·  link  ·  

Distribution is not exactly my point - the key element is that the bad guys win both ways - they get to use strong cryptography (because they are the bad guys who don't follow the law) AND they get to attack weak legal crypto to defraud legitimate citizens.