War on Encryption

Discussion in 'Internet and Technology' started by MagicalAzareal, Oct 17, 2019.

  1. zappaDPJ

    zappaDPJ Administrator

    6,849
    1,432
    +5,438
    I have mixed feelings about this. I want my privacy but I also want my head to remain connected to my body and not removed by a bomb. I think there's a balance to be struck here but that would require common sense and we all know what happened to that poor fellow.
     
  2. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    You're never really going to be able to drive crime (or the chances of terrorism, as you're suggesting) to zero though, it's impossible even if one goes full China. Encrypted DNS (one of the things the U.K. is kind of losing it over) also helps secure people against things like phishing pages and bad actors along the way.

    The police is also a fair bit more competent than people actually think, they do have ways of dealing with people whether it's computer exploits, datamining metadata (e.g. they can see who talks to who and for how long), and looking for slip-ups. A lot of criminals tend to be very stupid, so they will often give themselves up in ways that the police can catch. They have caught actual terrorists the same ways.

    Any serious bad guy who is really competent probably isn't going to be using Whatsapp or Facebook Messenger (if they do they could speak in code to annoy the police the same way), they're instead going to use methods that are harder to track, harder to peer into, etc. A lot of this harms regular folks and makes it a bit easier to track down stupid criminals.

    One thing to note is that the police has a tendency of rounding them up, only to discover the government hasn't provided enough money to actually arrest all of them. This happens a lot with the four horsemen who we're all supposed to be "deathly afraid" of. Prisons are expensive and the police really need the government to provide more money, not pass laws that will cause billions or even tens of billions of dollars in damages to the economy.
     
  3. zappaDPJ

    zappaDPJ Administrator

    6,849
    1,432
    +5,438
    It is apparent that the security forces in the UK have a decent success rate when it comes to thwarting domestic terrorism. I guess the question is what methods did they use and that of course is something we are unlikely to be told. I suspect some of that success must be down to methods employed by GCHQ and these encryption initiatives will only make their job harder.

    On the other hand I don't want my data misused and now data has become the most valued commodity in the world that's an inevitability. For me it's still all swings and roundabouts.
     
  4. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    Tackling serious crime is one of GCHQ's duties and they have a lot of zero day vulnerabilities stocked up for it, so it likely involved them. I can't say how they managed to track down the plots, although in some cases, the domestic types tend to say stupid things on Twitter or publically on Facebook which gets them caught sometimes.

    It is hard to figure GCHQ out as they are very secretive and politicians used to push a law allowing mass surveillance. In the end, it turned out that GCHQ was already doing that. I generally lean to the side of scepticism when it comes to crypto war type rhetoric as politicians historically have operated in bad faith regarding it.
     
    Last edited: Oct 17, 2019
  5. zappaDPJ

    zappaDPJ Administrator

    6,849
    1,432
    +5,438
    I think a more balanced approach would be the requirement of a court order to gain access to encrypted data on a case by case basis. On a similar subject, I also think there needs to be legislation that allows executors and where necessary, law enforcers to gain access a deceased person's smart phone.

    I still lean towards the side of privacy but not at any cost and I certainly don't like these initiatives as currently laid out by governments such a Germany.

    Unfortunately these days there seems to be little or no room for compromise, people are either for or against. I feel quite strongly these decisions need independent arbitrators with no agenda to prevent what could well end up as Orwellian decisions.
     
  6. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    Court orders are fairly reasonable, as-long as they don't mandate systemic flaws in systems.

    There was a big stink regarding the FBI a few years back where they harped on about how they wanted to be able to get into terrorists phones, in the end, they were able to do it with one of their zero day vulnerabilities. If a court authorises it, then it is reasonable to use any means at their disposal like exploits, although controls should be put in place to make sure intelligence agencies don't just hoard vulnerabilities perpetually to avoid a repeat of Wannacry.

    There is a balance to be struck with security, but no one should be made to undermine their own security. Trust is a very important thing in today's society and no one will trust a backdoored system or provider.

    It should be noted that while end-to-end encryption seems omnipotent, in a lot of cases, people face being sentenced to a decade in prison for refusing to decrypt or the fear of repercussions. Both things tend to get mouths going to cut a lighter sentence.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.