Honestly, it sounds kind of relaxing. Good excuse to get some sunshine.<p>On a more serious note, I can't help but think David Cameron is employing the technique of attempting something extreme so that he can do something less extreme (but still really bad) later with less oversight. Of <i>course</i> you can't ban strong encryption. His advisers know that, he knows that, _everyone_ knows that.<p>It will be very interesting to see what actually gets put (or attempted to be put) into law. Right now it's just a whole lot of unrealistic noise.
It's pretty clear that the UK government doesn't have the power to ban encryption. This is just a distraction so that we are happy to accept whatever "less bad" proposals they come up with to increase their surveillance powers. I can't help but feel that peoples dislike of Cameron is a pointless distraction too. This is not Cameron. This is government. We will still be having this same discussion in 50 years, unless some miracle technical advancement makes it moot.
There won't be a ban, it will be licensed. Big companies like banks etc will get their licence right away, so your secure banking will be fine. Routers will still have wifi encryption because they'll have a licence.<p>The licence will be implemented as a fee for a digital certificate that properly authenticates.<p>So, you're a small startup with an idea for a secure messaging app. want a licence. no problem, its £10M. have you got the money handy?
Suggestions like banning strong encryption is a form of ritual abuse. It is meant to get the public used to the idea of pervasive surveillance. That pervasive surveillance will be carried out through a continuation of what existed before the Snowden revelations, which was a successful Straussian confection of fake freedom, carefully managed.
Happily looking forward to being rick-rolled, I click the YouTube link. It fails, telling me the German content mafia doesn't allow YouTube to display the video due to licensing issues.<p>Woo!
As far as I remember (and I may be wrong), the specific quote from David Cameron was about banning encryption that can't be backdoored, so that the government can look at things if they need to.<p>Obviously I'm completely against that, because once there's a backdoor, it's all too easy to collect by default, instead of only when "needed".<p>With this clarification though, lots of this tech would still work. Most things based on TLS will continue to work, if every computer has to have a government CA certificate installed to allow MITMs. Hopefully HTTP Public Key Pinning will become more prevalent if this looks likely to happen.
Except Cameron wants to backdoor end-to-end encryption like iMessage/Whatsapp, rather than mess with something like SSL. With SSL they can just get a warrant (or you know, don't get a warrant) and look at the server, where everything is in plain text.<p>One possible way to backdoor it might be mandate that companies keep copies of the encrypted messages, tagged with a device ID. Then to decrypt you need to get the person's phone, which is a clearer analogy to getting a warrant to search someone's house to look for things they have stashed.
The UK Crypto mailing list has some discussion.<p><a href="http://www.chiark.greenend.org.uk/mailman/listinfo/ukcrypto" rel="nofollow">http://www.chiark.greenend.org.uk/mailman/listinfo/ukcrypto</a><p>EG: <a href="http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2015-May/002532.html" rel="nofollow">http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2015-Ma...</a><p>But there's quite a lot of useful discussion there.
9:15 : Think this is all a bit bizarre so phone colleague on mobile, she answers to say that she’s having lots of problems too.<p>Mobiles are encrypted too: <a href="https://en.wikipedia.org/wiki/A5/1" rel="nofollow">https://en.wikipedia.org/wiki/A5/1</a>
Why do we still have politicians trying to pass laws in technology if they don't understand it at all? Really we need to change how laws affecting technology are approved or something. It's always the same thing, some politician is passing some law affecting technology in what seems like the most absurd approach.
So what are we going to do about it?<p>We've spent the last year running twitter campaigns, but the people that matter (voters, well tory voters) don't do social media.<p>This means that you need to write a letter. Yes a real letter, not a fucking email. Write a letter to your MP, then a local Lord.<p>Then you need to write to your boss, tell them that the cost of business will go through the roof (if you're able to do business. )<p>Then start looking at jobs abroad. Because no doubt there will be a twitter campaign, meaning that nobody actually bothers to engage in how the democratic process actually works.
I'm a very happy customer of mythic-beasts. They do <i>insist</i> on sftp/ssh/tls &c for all connections which is probably wise.<p>I hope this gets the idea across to influential civilians (i.e. non-techs). Humour can work quite well in the UK. The HGTTG references may be lost on the younger ones though.
The most unrealistic part is<p>> Youtube fails to load with a secure connection error.<p>YouTube still refuses to use anything more recent than RC4 encryption, so, if Cameron would ban all secure encryption, YouTube would probably still work.
The ban is not about encryption: <a href="http://rys.io/en/149" rel="nofollow">http://rys.io/en/149</a><p>Of course they can't expect to effectively police the ban if it's put into law. But they don't have to. Everybody will encrypt anyway and that's fine, because once they <i>want</i> somebody put away, they will be able to simply by saying "that person broke the Snooper's Charter by using SSH".<p>It's not about banning encryption, it's about having a convenient law to put tech-savvy people away.
The rhetoric of "not allowing a safe space for terrorists to communicate" is complete bullshit.<p>Terrorists can communicate using a book cipher or pick from any of a huge number of other options. The kind of terrorists we should actually be concerned about (competent ones) will already use extra measures such as this in conjunction with strong encryption.<p>This is totalitarianism.<p>"For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone." - David Cameron.
One-time pad encryption, implemented correctly, cannot be broken or backdoored.
There is the matter of key exchange of course, but that is as old as the use of covert communications itself.
Anyone who cares enough about their communication remaining secret will find a way of exchanging keys for which any attempt at interception by a government entity is entirely impractical.
What's to stop people from using strong encryption on their own, illegally, end to end? It's not like this is the first time the government has inserted itself in between people's legitimate communications and intercepted them with no recourse. If you assume that that is the default state of being (and except for a few small governments, it is), then you realize that the short periods of time where people could communicate freely and privately using networks outside of private in-person meetings have been lapses in government surveillance more than anything else and minor moments of relief for those who want to communicate privately. Governments will spy. That is a given. They will try to remove privacy. That is a given. Regardless of any laws and especially when it's as simple and undetectable as making some database queries.<p>I'm not defending any government's actions to remove privacy and spy on its people. Quite the contrary, once one has accepted that as inevitable, it's easier to move on. The need for human privacy is also, IMO, a fact. Some may dispute that, yet there are true, the only other option then becomes to go around the law. An unjust law <i></i>must be broken<i></i>. And it will. The worse the government gets, the more it will be broken.<p>I don't see why people in the UK and elsewhere couldn't get copies of software that still had strong encryption despite the idiotic laws. After all, it's just as easy to click one link as another. Will the UK be monitoring traffic for actual binaries and source code? Will the arrest people that use encryption they can't break? Will they arrest people for sending garbage data that looks like encrypted data but isn't and therefore can't decrypt? As the government gets more totalitarian, I think we will see even regular people training themselves in encryption and its proper uses. It's inevitable as people have more and more to lose. Once life, limb, and property are at stake, people either become competent or become victims, and people are generally a lot more competent than they appear when high stakes are on the line.<p>Of course, UK companies will be hurt. They won't be able to do a lot of business internationally. UK citizens will have their information stolen in massive data breaches. Bank accounts and identities will be compromised. Many accounts that are not with UK companies will be compromised because of password reuse. Cameron doesn't have to ban ALL strong encryption. Whatever systems he bans it in, will be compromised. That's inevitable. At the same time, the people don't have to put up with it. Stop online banking with banks that don't use strong encryption. Request paper bills. Clog up phone lines. Pay in cash if possible. These are all things a regular person could do in the event that strong encryption is banned that if done by even a small percentage will increase costs quite a bit. It may not get the law reversed, but it might get companies on the side of people if they have to cut paper bills again at a 10-100x cost over electronic ones, for example.<p>tl;dr: Governments will spy and people will use strong encryption regardless of the law as privacy is a human right and oftentimes necessary to survival. Businesses and convenience will suffer greatly.