British government will (unsuccessfully) ban end-to-end encryption
Home Secretary Theresa May has introduced the long-awaited, frequently assayed Snoopers' Charter, and it is a complete disaster.
In the new bill, May says that she will ban products that use end-to-end encryption, whereby the company that made the product can't tell how it's being used. She seems to think that all this will require is orders to Facebook, Apple, Google and perhaps a couple of smaller players to get them to re-engineer their products so that all messages get decrypted at their data-centres, re-encrypted and passed on to their recipients.
She is wrong.
End-to-end encryption can be accomplished with literally thousands of products, many of them free/open source software that can be downloaded from tens of thousands of websites, including websites like Github that are indispensable to UK industry and cannot be blocked without crippling the economy. Even the Chinese government was unable to block Github.
This means that anyone who wants to communicate in a way that cannot be intercepted needs only to go on using the tools that they use presently. It means that anyone who wants to communicate in a way that the government can't intercept can download software from any of many, many, many sites and they're home free.
It also means that law-abiding people who lack technical sophistication will have infinitely large troves of sensitive communications captured and retained by Internet companies. When those companies have a security breach (this is a when, not an if), those innocent and technologically naive Britons will have all of their sensitive, personal information ashley-madisoned all over the Internet.
It gets worse. The Snoopers' Charter also legalises the security services' practice of creating and deploying cyberweapons, which means that they will be accelerating their practice of both introducing and hoarding security flaws in the technology that Britons use. Because these flaws are and will continue to be independently discovered and weaponised by foreign spies, criminals, voyeurs, etc, all of the services that comply with UK law by banning end-to-end encryption and by retaining sensitive personal information will be even more vulnerable.
The government is insisting that every service provider stockpile massive quantities of unstable toxic personal information, and simultaneously taking measures to make those stockpiles much, much less secure.
The government also admitted that MI5 had been spying on Britons for more than a decade without proper legal authorisation, and then used this as a pretense for the Snoopers' Charter, arguing that what was needed here was an expansion of spying power to legalise the practice, rather than an inquiry into why they were doing it in the first place.
Cynically, the government has brought in measures intended to buy off Parliament. They will enshrine the Wilson Doctrine into law, banning the security services from spying on Members of Parliament. They will allow some judges to overrule spying orders by the Home Secretary, but remember that in the US FISA system, the judges with this power have virtually never exercised it, over decades and decades.
This is the exact opposite of cybersecurity legislation. It's rules that will make things less secure for Britons, expand the potential for abuse of powers, and give security forces an incentive to go on weakening actual technical security.
May wrong to say surveillance bill creates judicial authorisation for interception, says Liberty – live
[Andrew Sparrow/The Guardian]
(Image: Rt Hon Theresa May MP, Home Secretary, at 'The Pioneers: Police and Crime Commissioners, one year on' [Policy Exchange/CC-BY)
A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes […]
"Massive scale" intrusion into mobile carriers' networks exposed customers' location, call data for years
The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years."
Independent evaluation of "aggression detection" microphones used in schools and hospitals finds them to be worse than useless
One of the griftiest corners of late-stage capitalism is the "public safety" industry, in which military contractors realize they can expand their market by peddling overpriced garbage to schools, cities, public transit systems, hospitals, etc -- which is how the "aggression detection" industry emerged, selling microphones whose "machine learning" backends are supposed to be able […]
In case it wasn’t clear from the Google pedigree, Google Go has a ton of support in the coding world. Already, this new programming language is the fourth most active on Github, and developers who work with Go are the third-highest paid globally in the Stack Overflow developer survey for 2019. Globally, the average Go […]
When it comes to large computer systems, not one of them is fully secure. Even with constant updates to the platforms that keep vital networks humming, there’s always a back door. And companies are willing to pay handsomely to effective bouncers that can keep an eye on them. Call them ethical hackers or white hat […]
So you’ve visited the Kennedy Space Center every year. You’ve watched “The Right Stuff” for the 95th time. There must be something to do while you’re waiting to join Space Force for the next manned mission to Mars or the moon. Here’s a combo that should raise a salute from any fan of space or […]