We're a very long way from being a totalitarian state and likely to remain so for quite some time but, make no mistake, this is the thin end of a very long and ultimately very fat wedge. It therefore behooves us well to hold the government to account when they try to get us to swallow more of that wedge.<p>Sure, encryption helps terrorists as well as ordinary citizens but it's my belief that freedom and privacy are more important than that. The work of police and security services has never been easy in a free society, but protecting and upholding that free society is the very essence of the job. Dilution of that freedom is therefore counter to the purpose for which these agencies exist, and so when the government tries to move in that direction we, as citizens, should voice our resistance, and keep voicing it until they understand.
Amber Rudd is the UK's Home Secretary not just any minister.<p>"We need to make sure that our intelligence services have the ability to get into situations like encrypted Whatsapp."<p>She has said she is "calling in" technology companies this week to try to "deliver a solution".<p>Marr asks if they refuse to do that, will you legislate to force them to change? She's not drawn on that.<p>Interview is here:<p><a href="http://www.bbc.co.uk/iplayer/episode/b08l62r7/the-andrew-marr-show-26032017" rel="nofollow">http://www.bbc.co.uk/iplayer/episode/b08l62r7/the-andrew-mar...</a> [from 45:18]<p>I understood that UK IP Bill already mean that she already has the ability to e.g. demand a backdoored version of Whatsapp be sent to a target device, but that's not covered in the interview.<p><a href="https://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdoors/" rel="nofollow">https://www.theregister.co.uk/2016/11/30/investigatory_power...</a>
I watched Amber Rudd interviewed by Andrew Marr this morning and the scariest thing about it was that Marr completely agreed with her. Rather than providing an opposing viewpoint and counteracting her points, he agreed with the idea that it was unacceptable for people to be allowed to use encryption and that it was terrible these companies were using it as a selling point. All he pushed her on was if she would enforce cooperation from tech companies.
How do they want to prevent someone from creating his own end-to-end encryption app? It may use other protocols to encode content (images, tweets, fb posts etc.).<p>For me it seems to be more in a direction of so called "Big Brother" than real counter-terrorism.
We hear most terrorists ate with forks so all forks are now banned.<p>Also, we were shocked to discover that virtually ALL criminals rely on something called Oxygen to perform their work so this is now a controlled substance that will be heavily regulated.<p>We were then terrified to learn that after banning forks, terrorists were able to successfully eat with spoons or even their hands.<p>/s<p>Seriously, you cannot ban tools. Lawmakers have to approach this with a firm grounding in statistics (how LIKELY is a risk, relative to the magnitude of the measures to prevent it?). They also have to realize that some things are just necessary for society to function. Stop being paranoid.
So they get a backdoor into WhatsApp and terrorists just move onto some other non-compromised tool. Rinse and repeat. You can't ban maths ffs.<p>TBH I am surprised attackers do not better destroy their electronic equipment just before they carry out their attack. Pop your phone and SSD/flash drives in the microwave on high for a few minutes is pretty much going to destroy all evidence on them, and if not then chances are you are dead anyway so whatever data they might be able to get off will most likely be useless to them anyway.
>Referring to Whatsapp's system of end-to-end encryption, she said: "It is completely unacceptable. There should be no place for terrorists to hide.<p>Thats it guys. Mommy says no more maths.
The British gov is looking more and more like the Finger from V for Vendetta. The US president more and more like the one from Idiocracy. That we tend to live up to caricatures should be an alarming sign, but I only see worries on sites like HN. Most people still don't see the catastrophy in it.
If I may ask a very naive question:
Do politicians like her really think encryption is dangerous or is it a devious way to expand mass surveillance?<p>Attacks of the past have shown that terrorists don't have a need to resort to encryption. The people involved in the Berlin attack last year, for instance, were monitored. Authorities knew they would strike but they didn't have sufficient incriminating evidence that would count in court to lock those guys up.<p>Even if encryption on messaging services were forbidden (which would make millions of law abiding people vulnerable in some way), terrorists could use throwaway email accounts from internet cafés and wrap their messages in password protected attachments.
It would help the UK government's argument if they didn't grossly abuse every single surveillance power they have: <a href="https://www.theguardian.com/world/2016/dec/25/british-councils-used-investigatory-powers-ripa-to-secretly-spy-on-public" rel="nofollow">https://www.theguardian.com/world/2016/dec/25/british-counci...</a>
Coming from the same government that wants all ISPs to keep a log of all the sites you visit. These people are beasts and as dangerous, if not more, as the perils they are supposed to save us from.<p>If people knew the damage these idiots do, they would be in the streets.<p>Oh wait, they already are in the streets...
I'm surprised it took this long for her to bring up the subject – Theresa May would've had her soundbites prepared in advance and released within hours of the attack if she was still Home Sec.<p>> That is my view - it is completely unacceptable<p>You know what else is completely unacceptable? Technologically illiterate, authoritarian jobsworths capitalising on tragedy to push through their agendas. But that's just my view.<p>Home Office always seems to attract the nastiest and dumbest of politicians, but this is a whole new level of dumb, and sadly will only gain her more support, because the general public either have no idea about the implications of backdoored crypto, or simply don't have any expectation of privacy and are happy to give up what little they have left in order to feel safe.
It is the duty of the Home Secretary (and the UK's various nosey institutions - e.g. intelligence agencies, police, etc) to continuously badger us for this information - unfortunately, it's pretty much part of the job description.<p>It is our duty, as the public, to continuously say "no".<p>Disregarding any negative consequences, their motivations are pretty transparent - there's little doubt that being able to read everyone's private messages will enable the intelligence services to better do their jobs. However, as Edward Snowden and others have already shown to us many times over the last few years, the UK government can't be trusted with this responsibility - and that this is probably the thin end of the wedge. Britain is already the closest thing that Europe has to a surveillance state, and the number of people killed in the UK by terrorism is vanishingly small - we are hundreds of times more likely to die in a car accident. Is it really worth giving up the last vestiges of our privacy for a little bit more security?
In the 1970s, an American president had to resign because of some bugs planted.<p>Now, private conversation is illegal.<p>I guess it leads to "ownlife".
> She said it was a case of getting together "the best people who understand the technology, who understand the necessary hashtags"<p>Our Government is an absolute disgrace; and unfortunately, one to which there is currently no credible, strong opposition.<p>(from <a href="https://www.buzzfeed.com/matthewchampion/necessary-hashtags" rel="nofollow">https://www.buzzfeed.com/matthewchampion/necessary-hashtags</a>)
It's an incredibly foolish thing for a minister to suggest. She demonstrates a complete lack of understanding on the subject and has commited political seppuku. Has she never read Orwell, Huxley, seen articles about tyrannical governments or even heard about the reasons the US constitution was drawn up?
There are a few reasons to laugh at her position.<p>* The UK government leads the "free world" in ignoring its own warrant process, and pursuing a "collect it all" strategy for commsec. UK citizens have no reason to trust that their government, given such access, would not abuse it. They've abused all their other access thus far.<p>* Privacy and Security help normal citizens and criminals alike. This is as true for a locked front door as it is for an encrypted message. We grant governments the ability to violate privacy under warrant - they may snoop, spy, enter our homes, and read our mail. We do not grant them the ability to violate security, however. They still have to pick the lock, steam the envelope, and crack the safe. These are important distinctions. We do not engineer a backdoor into all encrypted messages, for the same reason we don't mandate a government master key for all doors.<p>* The idea that you can legislate math out of existence is a joke.<p>There is one reason to cry at her position.<p>* They will eventually legislate this way anyway.
"He sent an encrypted message from whatsapp"<p>Yes, and then he went and did something stupid with easily accessible tools and acted alone.<p>You <i>might</i> have an argument if he was part of a coordinated attack against something but lone-wolf terrorism has always been defined as unpreventable by security services such as SIS. Once radicalised it's impossible to prevent individuals doing stupid stuff.<p>The only thing she has revealed his the conservative parties desire for totalitarian control. :(
Hmm, this definitely brings up an interesting discussion I don't think HN has had before, especially something in a similar vein since Apple+San Bernardino fiasco.<p>Obviously privacy is something that HN holds very close to its heart. But I'm interested in what do people here have to say about the privacy features are used by terrible people to do terrible things.<p>And I want to share something that I think is one of the best arguments for privacy, complete privacy. I do agree with this completely: <a href="https://moxie.org/blog/we-should-all-have-something-to-hide/" rel="nofollow">https://moxie.org/blog/we-should-all-have-something-to-hide/</a>
It's just reverse psychology.<p>They have the means to break, degrade or bypass the encryption and they emit statements like these so people remain confident that they're not being spied on.<p>This routinely happens after leaks reveal that certain type of traffic is being targeted. In this particular case, Wikileaks.<p>In the past after all the PRISM collusion was revealed, all the PRISM partners started their PR campaigns showing their "commitment to privacy", and the soap opera with law enforcement agencies claiming they couldn't decrypt devices. In reality they have many tricks they have used for years now, like setting up a fake cell antenna, impersonate a phone carrier to take over a device.
For two decades I've been waiting for popular support for a complete or at least Clipper-chip-style encryption ban in the "free world". It always was on the other far end of the spectrum, directly oppsite questions like IV/nonce choice, PRNG initialization flaws, RSA attack vectors. I have great fear for the freedom and living standard of my kids when I read these top-level news pieces. We stand a real test and we will have to argue against hatred, fear and terrorism. Let's just hope our leaders have no-nonsense advisors as well as those that inspire such news.
This is a complete nonsense. Such move would simply encourage "bad guys" to find other means of secure communication while exposing everyone else.
When you take away our freedom in order to stop terrorism, then the terrorists win. This is one guy in an estate car. Amber Rudd is not a democrat if she really believes this
Reading all of the comments I am deeply concerned. Everyone who is opposed to this is doing 'their side' a disservice.<p>Comments are about how stupid, or ill informed the Home Secretary and advisors are, or that they are being blackmailed by the intelligence services. Seriously? These kinds of comments are not going to get the broader public to support your ideals.<p>I think you misunderstand why she (and law enforcement) believe that they should have access to the messages. If the terrorist called someone they can get a warrant for the metadata and see who he called and whether it is relevant to the investigation. If the terrorist sent an SMS they can get a warrant for it. However, if the terrorist sends a WhatsApp message what can they get? Why should a WhatsApp message be treated different from an SMS?<p>That is what we as the tech community need to explain, why backdoors, weak encryption, and escrow are not a solution.<p>I value my privacy. I want my messages to be secure. But if the tech community keep acting like most of the comments on this, we will lose.
So when they discover that he wrote and sent actual letters, will they then demand access to open our mail?<p>Also: Will breaking encryption stop a man grabbing a knife and jumping into his car? No.
If the govt. was to force WhatsApp's hand, I'm sure we'd see democracy in action if they prevented everyone using the app for 24 hours, replacing the facility to message with a note telling users to contact their local MP (with clickable email / phone numbers - and maybe links to the ORG).
Even though the article mentions specifically about UK, there are many in the US who hold the same belief. If you want to ban encryption because terrorists might misuse it, what about Guns? Then it is a matter of "freedom".
Smartness should be banmed.
They are too much of a problem!
Everyday disruption disruption disruption...<p>Evolution should be banned too and all those books about biology or astronomy.
God made it all!
I morbidly curious how many terrorist attacks we are away from actual laws that will attempt to outlaw encryption as used by WhatsApp (even if it wouldn't make sense to do that). Resistance against such measures outside of the tech scene would probably be low. The "I've got nothing to hide" mentality is actually quite widespread among the population, so I don't even think it would be a risky move politically.
I assume someone has already brought this up, but it is late and I can't read through 300 comments. From what I recall and have read, this individual has been on the radar of the security services since 2010 and so was a known potential threat. With a history of violence and criminal behavior. Yet effective monitoring of such individuals WAS NOT DONE and apparently isn't. Instead, there is this post-hoc demand that all of the public must give up their right to privacy because the idea of 'pre-crime' prevention is actually viable...<p>complete and utter bollocks.<p>So a blanket violation of law abiding citizens rights is more important than actually keeping tabs on known threats more closely and effectively. Pedophiles are viewed with less disdain than terrorists it seems. And the threat of terrorism is trumpeted to the heavens while pedophilia is apparently more rampant is UK society...<p>It is quite illogical that law abiding people suddenly snap and decide to drive their cars into groups of tourists. How prevalent are the actual potential terrorists - i.e. those with a history of violence, trouble with the law, radicalization, etc? If I knew those stats, then I personally would be better able to judge the claims of the authorities. But I don't have those stats and so the logical assumption is that their claims are exaggerated shite designed to drum up fear and etc etc. Meanwhile idiotic claims that all encryption must be banned or tapped, even for law abiding businesses (does no one remember Cameron's proposals?) are floated... nothing but Band-aids all the way down.<p>I could move back to America, but at this point, that is like jumping out of the frying pan. I really need to learn a second language, preferably Mongolian.
How difficult would it be for these so called terrorists to develop their own end to end encrypted app? Perhaps something masquerading as something common like any port under 1000?
It is feasible that the elimination of whatsapp/telegram/signal encryption would just lead to a way more complicated encryption system developed internally to these organisations.
How about they look into their business partner Saudi Arabia first? It sounds like as if they let this country poison the minds of mentally ill people in hope the attacks they carry on could be used as an excuse to expand control of the society. Use of this tragedy to do just that is simply disgusting and put in question what government is actually doing.
Some people will simply refuse to let all and sundry (we have no idea as to who reads and acts on intercepted emails) to read private emails and they will therefore turn to steganography or one time pads with a seemingly ambiguous pre-arranged code. Good luck with reading the latter or even thinking it has a hidden message.
Isnt it weird that drasticly restrictive all encompassing rules are hastily pushed <i>after</i> attacks? Blanket Decryption of messages, and other privacy suppression rules will make intelligence agencies into super powers with too much control at a very reduced cost (less messy assassinations, or physical threats needed)
So a statement that he acted alone by the met police is bing utterly ignored. Ironically no mention of banning 4x4 cars and that frankly puts this whole situation into perspective - government ignorance of encryption, once again.
One reason it's good that governments cannot force WhatsApp to disable end-to-end encryption is that different governments have different definitions of nefarious activity. While the British Government could arguably use a backdoor to stop terrorist attacks, what would stop Pakistan or Saudi Arabia from using the same back door to enforce blasphemy laws? The issue is the same: should a private company help law enforcement by disabling encryption?<p>It's nice to know WhatsApp can help people break the law in places where the law itself is immoral.
<i>"Home Secretary Amber Rudd told Sky News it was "completely unacceptable" that police and security services had not been able to crack the heavily encrypted service."</i><p>This is great news, actually. It means that WhatsApp's encryption works, and stonewalls the efforts of state actors (or at least, hers) to break it.<p>That said, we don't know if she's lying about this, or not.
They don't need to touch encryption in any way. It's way simpler to subvert the endpoints, as most people use closed-source operating systems such as iOS and Android which offer closed-source applications.<p>All they need to do is to pressure Apple and Google to keep some backdoors open, which is more than realistic, as Snowden's revelations have shown a couple of years ago.
Looking away from the fact that what they want isn't actually achievable, what does the UK risk by beginning to go down this road? What consequences could this potentially have for their domestic tech sector?<p>My intuition says that they stand to lose more than they could possibly gain, but I'm curious to hear a more knowledgeable perspective.
Thought-experimentally: could we potentially be able to scan message databases for the <i>absence</i> of certain phrases, using something like [1], but in a probabilistic manner akin to that of a Bloom filter? This would ensure that law enforcement would be able to flag certain keywords with a nonzero (and nontrivial) false-positive rate. That way, repeated flags end up identifying potentially interesting members of society, <i>without proof</i> and with data inadmissible as reliable evidence in a court of law.<p>Of course, one runs the risk of the existence of false positives being forgotten, TLA/government pressure to reduce the false positive rate, and so on. But I think this is a slightly interesting way to (partially) preserve privacy while satisfying lawmakers who demand that there be some way for them to listen in on (what should ideally be completely private) data. (This is, of course, only possible once one drops the axiom of privacy being an absolute right: I don't personally support doing this at all.)<p>[1]: <a href="https://crypto.stanford.edu/portia/papers/HardNDB.pdf" rel="nofollow">https://crypto.stanford.edu/portia/papers/HardNDB.pdf</a>
In a similar vein, to prevent corruption and bribery we should require Ms. Rudd et al to post all email exchanges (official or otherwise) they engage in publicly, along with their bank statements.<p>After all, we can't allow corrupt politicians ANYWHERE TO HIDE. ;)
It's going to be a total clusterf*ck when the UK leaves the EU and starts introducing draconian intelligence gathering laws that go further than the EU regulations permit. Think Privacy Shield style problems but much worse...
The relevant discussion is here:
<a href="https://www.youtube.com/watch?v=8yIPuHsB8q8" rel="nofollow">https://www.youtube.com/watch?v=8yIPuHsB8q8</a>
I assume that the UK government has been doing these extremely pro-surveillance, anti-encryption, and anti-porn stances because they detect sufficient support from the UK population?
> "That is my view - it is completely unacceptable, there should be no place for terrorists to hide."<p>I am sure a ban on encryption would work.<p>Hey, guys, I just had a great idea. Let's ban bombs, knifes, and driving into people. That would fix the terrorism problem. Once it is illegal, no terrorist would dare do it!!!<p>I'm wondering why Churchill didn't think to ban the Enigma machine. If only England was led by smart people like the British interior minister...
If I have to choose one from end-to-end encryption and security, I will choose security. I don't mind my WhatsApp chats are scanned by police's software, if it can reduce terrorism. Of course, we need to make sure it is used for anti-terrorism only.<p>Update: One solution of 'make sure' is the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts.<p>PS. Downvoting my post doesn't solve any problem. If you have any better idea, welcome to post it out. Thanks