Jump to content

The future of encrypted communication


whitenoise

Recommended Posts

Hey!

Inspired by this article

http://arstechnica.com/tech-policy/2015/01/uk-prime-minister-wants-backdoors-into-messaging-apps-or-hell-ban-them/

which was recently published by ars in relation to the attacks in paris I want to start a discussion about the (legal) use of encryption in the future.

What do you guys think? Will rights be restricted so much that encrypted communication for everyone won't be allowed anymore? Is this a possible scenario or just some public crying of politicians?

And let us not forget: encryption != encryption

An encrypted communication needn't be a trusted encryption and we all know about encrypted services that have their own backdoors embedded (such as Skype).

Link to comment
Share on other sites

In light of the ongoing AIDS epidemic, killing thousands of persons each year and causing many more to require lengthy expensive medical treatments they can't afford themselves and we the government refuse to pay for them, we've decided to place a complete ban on all sexual activity. Citizens found having sex in our beautiful nation will face a jail sentence of up to 7 years. To aid in the detection of illegal sexual activity, all male members of the public will be given special drugs that will prevent them from having an erection. All forms of birth control will from this day forth be illegal. When a lawfully married couple wants to procreate, after filling in the requisite forms, the male will be secluded from society and taken off the anti-erection drug. When after 1 week the drug has lost its effect, semen extraction will take place in a laboratory while the male is in a medically induced coma which he will remain in for another week as he's put back on the drug allowing the effect to take hold again. I've been told it's for the better since the pain from the procedure was said to be quite horrific to the test subjects we allowed to remain conscious. Having extracted the semen, artificial insemination will take place with the woman.

All hail the new republic!

Sound over the top? It's the same train of thought as that politipuppet is trying to instill in his constituency.

In general, but particularly in light of that attack, how exactly does preventing you to communicate without fear of being listened in on protect free speech?

Link to comment
Share on other sites

  • 2 weeks later...

Here is an update for the EU!

A high ranking EU official wants to force telecommunication companies to hand over the encryption keys of the encryption of the user data to the police and other intellegence agencies. A reason for legalizing this is the alleged increasing danger of terrorism.

f) Encryption/interception
Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible.
The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys).

http://www.statewatch.org/news/2015/jan/eu-council-ct-ds-1035-15.pdf

Edited by whitenoise
Link to comment
Share on other sites

Yes, but that's the telecom companies *themselves*. This says nothing about the encryption you use when communication with, say, your bank. Those keys are never in the possession of the telecom companies so they're not able to hand them over even if they wanted or are compelled to. If you believe that you have secure communications with the mail server of your internet provider, sorry, that data can and will be delivered to law enforcement in unencrypted form when they're asked/compelled to hand it over. If you encrypted the email content itself, however, only the recipient of that email should be able to read the content. Note that with secure email (S/MIME), all headers INCLUDING THE SUBJECT LINE are communicated in the clear.

It's worth noting that telecom companies at least in .nl and .co.uk and probably most of the rest of .eu are already required by law to retain 'metadata' on all communications going across their network. This 'metadata' being essentially, for voice communication who (=phone id + subscriber id + phone location info) communicated with who (phone id + subscriber id + phone location info) when for how long, for general data communication what IP exchanged how much data with which other IP at what times, for email what IP sent as what sender email address how much data to what other email address(es) at what time. For the phone thing, subscriber id will be limited in case of prepaid phones, phone location info means what towers were used during the communications, not your phone reporting its GPS data.

Telecom companies are required to record this information and retain it for 6 months with regard to data communication and 12 months for voice. This directive (06/24/EG), published in 2006, was a direct response to the september 11 attacks in the US (yes, it took 5 years to draft and get everybody to agree on it). This directive was later deemed unconstitutional by the EU Court Of Justice. The European Commission is currently studying the ruling to see in what way the directive needs to be adjusted or maybe even retracted. While this is ongoing, the existing laws stand.

In case you don't know, the EU publishes directives which member states are required to enact into local law within 18 months. Those laws or similar ones have to remain on the books of a member state for as long as the directive stands. That's interesting because back in 2009 a german judge already rules that the original directive was in violation of European human rights. Because of this, Germany does not have laws on data retention on the books yet at least until a new directive is published.

Edited by Cooper
Link to comment
Share on other sites

@Cooper: Thanks for your input! Of course you're right and sure, if you want to send an encrypted email then do it via PGP. But still the meta data will always be readable. I just like that topic because there are already people saying "privacy does not exist anymore". I'd love to prove they're wrong and to keep this good alive despite all those new regulations. For me this looks more like that after the Snowden revelations more and more people care about security and might use encryption. So how to stop that from a government side? - By law.

In Germany right after the attacks in Paris the topic is back again and is currently discussed. I'm curious about the outcome. We call that 'Vorratsdatenspeicherung' which means that all the meta data will be stored for a peroiod of time and can be required - as you already wrote :). The Germans are a bit special ... we care more about having horse meat in the lasagne than the state is reading our emails, you probably know the story ;)

I'm also curious if in general encrypted communication will still be allowed in 5 or 10 years. It might be that if encrypted traffic is detected you automatically get classified as suspicious. I can hardly imagine that besides the fact that there are a lot of useful applications for encryption i.e. money transfer and how they will seperate this. Anyway, also encrypted communication is developing and new ideas are comming up (like bitmessage and others).

Edited by whitenoise
Link to comment
Share on other sites

Here is an up to date article, the discussion keeps on:

The increased use of encryption technologies, particularly in everyday services such as email, will lead spy agencies to commit “ethically worse” behavior, such as hacking individual computers, a former GCHQ boss has warned.

...

Security agencies can use “network exploitation” or direct hacking to get around encryption technologies, which currently support WhatsApp and iMessenger, and monitor the messages as they are written.

...

The surveillance technique of “close access” usually means the agent has to be within a certain level of physical proximity to the subject. It could be bugging, direct hacking of phones or computers, or even physical observation.

source: http://rt.com/uk/225643-encryption-unethical-spy-behaviour/

Link to comment
Share on other sites

The point to me in this is that they can already do that but in order for them to resort to these tactics they'd have to put in a lot more effort so unless they really, really want to see what you're doing, they won't bother.

It's like with parking/speeding fines you incurred abroad. For the fine to reach you the police has to make an international request for your home address based on your license plate number, send you the fine via certified mail and hope you'll respond by paying the amount. All this extra effort and extra cost to get you to pay $20 for doing 50 in a 45 or having parked 5 minutes longer than what you paid for? Nah, they'd simply chunk those in the bin. If you did 90 in a 30 and performed a hit-and-run, they'd be more inclined.

What you should take away from that update is 2 things:

1. Encryption works. If they could beat it they wouldn't have to work around it.

2. The direct hacking approach is downright illegal so unless they already have a waiver from a judge they can't do this. See earlier point about extra effort.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...