Internet firms to be banned from offering unbreakable encryption under new laws - Polidicks

[QUOTE=lyna;49043905]It'd be hilarious if these companies decided to not provide services for the UK because of this law[/QUOTE] Holy shit I want this to happen so badly. Just imagine if the biggest computer companies in the world stopped supporting a country like the UK. The entire country would be flipped upside down and straight into a trashcan of riots and panic. It would be the best demonstration ever towards idiocy like this.

[QUOTE=DrDevil;49045201]The UK is turning into a fucking nazi-nannystate. It's good to know that I should never ever fucking buy anything from a UK based website anymore or use any UK based service. If you're living in the UK you should totally consider escaping to any other country.[/QUOTE] George Orwell is spinning in his grave at record speeds at the knowledge that the British government is using 1984 as a guide rather as a warning.

I can't put into words the hate I feel towards this government. Completely obsessed with snooping on you. Everyone's privacy is being threatened and nobody gives a shit.

There's no way this will go through, too much business would be lost.

So they want the authority to have access to passwords, credit card information and so on on the spot? Yeah, that sounds totally safe.

[QUOTE=Handsome Matt;49045349]As soon as I'm declared innocent ([B]which 100% I am[/B]) I am out of here.[/QUOTE] its okay bro no need to lie you're among bros you can tell us all about that hack you did Seriously now best of luck with that.

[QUOTE=ferrus;49044854]Any 'terrorists' or individuals with a modicum of tech know-how will have no trouble at all circumventing these measures by using custom or thirdparty software. We are still in the era of old farts making laws about that which they do not understand.[/QUOTE] Basically. No terrorist organization is going to use fucking Skype or whatever to coordinate their plans, that's idiotic. Rolling your own encryption is hard, but there's a selection of open source libraries available that make it easy enough for anyone with a decent knowledge of programming to encrypt information. What're they going to do next, make it illegal for anyone but government or licensed officials to develop and use encryption technology? The stance that the UK has been taking on encryption and related tech policy lately has been fucking moronic.

[QUOTE=Tools;49045882]Holy shit I want this to happen so badly. Just imagine if the biggest computer companies in the world stopped supporting a country like the UK. The entire country would be flipped upside down and straight into a trashcan of riots and panic. It would be the best demonstration ever towards idiocy like this.[/QUOTE] I don't think the British government would take kindly to the American tech sector essentially trying to take over their power by extorting them.

[QUOTE=DrTaxi;49046221]I don't think the British government would take kindly to the American tech sector essentially trying to take over their power by extorting them.[/QUOTE] It's not extortion, having to use weak encryption like this is a legitimate risk to a company's running, this law will force companies to either be insecure or leave the country.

[QUOTE=DrTaxi;49046221]I don't think the British government would take kindly to the American tech sector essentially trying to take over their power by extorting them.[/QUOTE] "Your recently implemented laws stop us from ensuring safe online business with residents in your country. In order to not taint our company image by providing insecure service to the affected resident, we have chosen to cease providing our service in the UK." Simple and direct. But whats actually going to happen is that companies will just not care, and continue using the encryption they have now. UK Government can't really get to them, since these big companies for the most part aren't based within the UK. They can slap on fines, but who gives a fuck. What is the UK going to do if they don't pay up? Block their websites? They would only shoot themself in the foot if they do that.

I hate this government they ham fist anything they can because they have a majority to pass it.

At least they're not trotting out the hilaribad scaremongering that only pedophiles and terrorists need strong encryption because they have something to hide.

Is there any reason these companies can't just implement a multi-key encryption scheme and keep a set of keys themselves, so there's no backdoor in the encryption scheme itself? The article doesn't seem to be saying companies can't have unbreakable encryption, it's saying they can't use encryption that they have no way to decrypt if the government comes along with a search warrant. Multi-key encryption seems like it would satisfy that requirement while still being the same 'unbreakable' encryption.

[QUOTE=ferrus;49045812]As nice as that would be, I think there is too much ignorance on the subject among the majority of the public for any large scale protests to materialize. Nonetheless I would certainly support any protests.[/QUOTE] Protests are ineffective. Look there are a couple ways to fight this. It just depends how far you wanna take it. One way would in the end would make you rich.

[QUOTE=catbarf;49047170]Is there any reason these companies can't just implement a multi-key encryption scheme and keep a set of keys themselves, so there's no backdoor in the encryption scheme itself?[/QUOTE] Well if you're sending messages back and fourth with ssh or the likes then I guess thats possible, it does create security issues though. It's bad practice to store banking details in such a way that an employee of the company could access them, If I had a choice between a service through which only I can access my details (one hosted not in a country with backwards ass laws) and one where any employee can access my details I would obviously choose the former. Also if you're going to store the decryption keys they would obviously need to be stored separately from the data, consider one of the many scenarios recently where private data has been leaked but was useless because it was encrypted - if the keys were also leaked from the same or a different database then the encryption is useless and you have a major scandal on your hands. Whoever advised the government to do this was a dumbass, when laws put citizens in more danger then you have to ask just how valid they are. If their definition of encryption includes hashing then it gets even worse.

[QUOTE=mdeceiver79;49047211]It's bad practice to store banking details in such a way that an employee of the company could access them, If I had a choice between a service through which only I can access my details (one hosted not in a country with backwards ass laws) and one where any employee can access my details I would obviously choose the former. Also if you're going to store the decryption keys they would obviously need to be stored separately from the data, consider one of the many scenarios recently where private data has been leaked but was useless because it was encrypted - if the keys were also leaked from the same or a different database then the encryption is useless and you have a major scandal on your hands.[/QUOTE] I don't see why it wouldn't be treated the same way as passwords. Hash a unique encryption key to each user, transaction, whatever level of granularity you want and store that somewhere separate from the data itself. It wouldn't be available to any employee of the company any more than your banking password is available to any employee of the bank- the company keeps your password somewhere but it's not on a system that just anyone can access. Obviously there are additional security concerns here over the current system where you alone keep your encryption key and the company would have to be responsible for that. Not saying I approve of this proposed law or anything like that, I just think it's really sensationalism to call it a mandatory backdoor or say that it would make encryption worthless like some people seem to be doing.

Tech companies will flip their shit if they try to enforce this. I hope

Encryption banned. Rename term encryption to locking. Our data is not encrypted, it is locked!

[QUOTE=Coolboy;49048611]Tech companies will flip their shit if they try to enforce this. I hope[/QUOTE] It's highly likely. The potential liability issues are ginormous.

This bill is completely fucked up once you actually look into it: [quote]The Wilson doctrine - preventing surveillance of Parliamentarians' communications - to be written into law[/quote] Also this [img]https://pbs.twimg.com/media/CS-oj3WWsAAIrdm.png[/img] [img]https://pbs.twimg.com/media/CS-okp9W4AELOkE.png[/img] Anti-whistleblower clause

"In an era of modern technology, Unsinkable Aircraft Carriers do not exist" - USSR

Time to start rolling out "SHA-8 UK Edition"

[QUOTE=TheCreeper;49043828]UK[/QUOTE] Which is hilarious, since they can just offer it out of ireland and over the internet or something else. Not to mention some company might go and make a case in front of the ECJ since a limitation like this is very obviously not okay under both cassis and de minimis. [quote] [url]https://pbs.twimg.com/media/CS-okp9W4AELOkE.png[/url][ [/quote] This actually sort of makes sense. yeah you know, don't tell a criminal we're actually already investigating them and have their shit tapped.

[QUOTE=Handsome Matt;49045349]I would but I'm currently on bail because these laws (muh cyberterrorism) can hold someone on suspicion of computer related crimes for up to 18 months with no real charges. As soon as I'm declared innocent (which 100% I am) I am out of here. edit: I'll write a full blog post / thread about it when its all over with - point is this country is awful and I'm gtfoing asap[/QUOTE] Its probably against your legal council's advice to even mention on the internet, but ok

Shouldn't decrypting seized information be considered alteration of evidence anyway? If you seize something as evidence you can't alter it to show whatever you want it to, why should data be any different?

I don't think this will stop people from using programs like GnuPG.

[QUOTE=kaukassus;49046281]"Your recently implemented laws stop us from ensuring safe online business with residents in your country. In order to not taint our company image by providing insecure service to the affected resident, we have chosen to cease providing our service in the UK." Simple and direct. But whats actually going to happen is that companies will just not care, and continue using the encryption they have now. UK Government can't really get to them, since these big companies for the most part aren't based within the UK. They can slap on fines, but who gives a fuck. What is the UK going to do if they don't pay up? Block their websites? They would only shoot themself in the foot if they do that.[/QUOTE] this is one of those rare cases where corporations having more power than the government is a good thing.

corporations are doing better for the people than the government that was elected to represent the people is

[QUOTE=Sableye;49044852]I understand its in the UK but this trend didn't start till the US started saying people can't encrypt their stuff, and if we were to reverse that position, this trend would vanish overnight It's mind blowing how large the disconnect is between policy scaremongerers and the actual science they're trying to regulate. Everyone says this will destroy the internet, companies and people are constantly being hacked, and China is expanding its military espionage and we have policy makers not only wanting to open the door, they want to put a damn law in saying the door must be there to begin with[/QUOTE] It's cute how people think their governments don't hold similar if not more extreme ideals to us just because we've got more coverage. I promise you that a majority of world powers would kill to have legislation like this succeed.

Wow, this is just like 1984, where it is illegal to use any sort of information storage that the government can't access. Scary stuff, sad thing that it's happening in the UK.