Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

UK Government Wants Private Encryption Keys

Posted by Zonk on Thu May 18, 2006 12:18 PM
from the my-keys-not-yours dept.
Security Government Encryption Politics
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
+ -
story

Related Stories

[+] UK Law May Criminalize IT Pros 514 comments
An anonymous reader writes "More worrying news from the UK. This time, a bill meant to fight cybercrime may make it illegal to use or make available network security tools available, just because they could be used by hackers." From the article: "Clayton cited the Perl scripting language, created by Larry Wall in 1987, as an example of a useful technology that could fall foul of the law. 'Perl is almost universally used on a daily basis to permit the Internet to function,' said Clayton. 'I doubt if there is a sysadmin on the planet who hasn't written a Perl program at some time or another. Equally, almost every hacker who commits an offense under section 1 or section 3 of the CMA will use Perl as part of their toolkit. Unless Larry is especially stupid, and there is very little evidence for that, he will form the opinion that hackers are likely to use his Perl system. Locking Larry up is surely not desirable.'" A note that this is equally confusing but separate from yesterday's story about the UK government wanting private encryption keys.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

UK Government Wants Private Encryption Keys 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • My God (Score:5, Insightful)

    by voice_of_all_reason (926702) on Thursday May 18 2006, @12:19PM (#15358140)
    I believe we are in need of a new Slashdot section: Horrifying

    • Re:My God (Score:5, Insightful)

      by h4rm0ny (722443) <h4rm0nyNO@SPAMtarddell.net> on Thursday May 18 2006, @12:33PM (#15358291) Journal

      Or how about a new /. heading: Wake Up !

      This is nasty. You can always tell when there are no reasons that would fly with the public when they have to invoke the paedophiles. US government has War on Terror, the UK has paedophiles.

      E-mail was a god-send for the intelligence services. Automated scanning and copies of everything to look back on if they ever chose. Encryption means the free party is coming to an end. GPG is turning off the stereo and saying "GO HOME!"

      They managed without it before. They can manage without it again. And if that means the Government can't achieve omniscience over the population... good!

    • More like "Horribly Bad Joke." (Score:5, Insightful)

      by C10H14N2 (640033) on Thursday May 18 2006, @12:39PM (#15358352)
      Just an example of astoundingly ignorant politicians who don't realize they're effectively criminalizing the use of cellular phones, the constantly changing keys of which would amass petabytes of data within a year, in just the UK--and that's just the keys, not the data they encrypted...and that's just the cellphones.

      What absolute morons.

  • Simple solution. (Score:5, Funny)

    by Kenja (541830) on Thursday May 18 2006, @12:20PM (#15358145)
    Just stick a computer in the corner churning out encryption keys and mailing them to the UK government all day every day untill you break their database.

    • Re:Simple solution. (Score:5, Interesting)

      by dgatwood (11270) on Thursday May 18 2006, @12:27PM (#15358224) Journal
      You do know that with the way SSL/SSH works, that's EXACTLY what you would be forced to do to comply with this law, right?

      Methinks the UK government doesn't know that what it wants is technologically infeasible....

  • Encryption keys don't kill people, people kill people.

    If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.

    These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.

    The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.

    A convincing point about the futility of this proposed rule comes from the article:

    Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton.

    • Re:key turning point in government relations (Score:5, Insightful)

      by pete6677 (681676) on Thursday May 18 2006, @12:31PM (#15358271)
      Just as all criminals turned in their guns when they were outlawed, I'm sure they'll all turn over their encryption keys and keep using them to communicate so law enforcement can observe. Right. What would someone have to be smoking in order to think this is a good idea? Its nothing more than a blatant power grab that will ONLY affect law abiding people and have no effect whatsoever on "terrorists" or whatever other boogeyman will be used to justify more overreaching laws.

  • Stop giving the US gov't ideas (Score:5, Funny)

    by courtarro (786894) on Thursday May 18 2006, @12:22PM (#15358157) Homepage
    It's a good thing that, as an American citizen, I don't have to worry about these violations of my privacy.

  • Spaceballs: (Score:5, Funny)

    by norminator (784674) on Thursday May 18 2006, @12:22PM (#15358163)
    My encryption key is:

    1.....2.....3.....4.....5

  • I RTFA, but I don't get it... (Score:5, Funny)

    by Nijika (525558) on Thursday May 18 2006, @12:23PM (#15358168) Homepage Journal
    So is it that they want the criminals to hand over their passwords before they commit a crime? This should go well with the anti bank-robbery legislation requiring all would-be robbers to call in a schedule before they pull off a heist.

  • Warning (Score:5, Insightful)

    by Nerdfest (867930) on Thursday May 18 2006, @12:24PM (#15358180)
    If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.

  • What about global corporations? (Score:5, Interesting)

    by voice_of_all_reason (926702) on Thursday May 18 2006, @12:24PM (#15358183)
    Most major companies have offices all around the world, presumably. So now they'll have to have a separate (pretty much disposable) encryption method just for the UK?

    What about communication between offices on the internet? A japanese analyst creates some research, but due to technical problems the only Compliance office up is in Europe. So every program or service that can comminicate with Britain has to check if a request is going to/through the UK before applying the "approved" encryption.

    To quote, "this is madness"

  • This is bizarre (Score:5, Funny)

    by idontgno (624372) on Thursday May 18 2006, @12:25PM (#15358185) Journal
    It's like some sick competition between the US administration and the UK one.

    "Oh, yeah, you think that telephone call database is slick, check this sh*t out. We're gonna make our subjects give up their crypto keys or go to jail"
    "Oooh, good one!" (high five)

  • Steganography (Score:5, Insightful)

    by MarkByers (770551) on Thursday May 18 2006, @12:25PM (#15358194) Homepage Journal
    Time for steganographic file systems where your private data can be hidden inside innocent looking files. They can't force you to disclose your key if they don't know and/or can't prove that you have one.

    http://en.wikipedia.org/wiki/Steganography [wikipedia.org]

  • In other news... (Score:5, Insightful)

    by GillBates0 (664202) on Thursday May 18 2006, @12:25PM (#15358200) Homepage Journal
    increased use of encryption by criminals, paedophiles, and terrorists.

    ...it has been found that:

    - cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
    - houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
    - cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
    - ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
    - Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
    - Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.

    • 1984 news (Score:5, Informative)

      by Teun (17872) on Thursday May 18 2006, @12:40PM (#15358365) Homepage
      - cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.

      You're behind the times.
      The UK is already (planning) installing a system of automatic licence plate recognising camera's throughout the country. The resulting database will allow a very comprehensive following of cars and thus persons.

      The next step is of course that you have to report to the police whenever you've driven an other car but your own...

  • England Prevails (Score:5, Interesting)

    by zariok (470553) on Thursday May 18 2006, @12:26PM (#15358211)
    "England Prevails"

    Parliment better watch out... hear there's a train heading there loaded with fireworks and other things that go boom.

  • New encryption scheme (Score:5, Interesting)

    by Guysmiley777 (880063) on Thursday May 18 2006, @12:28PM (#15358231)
    Simple solution: You have a new encryption scheme where there are 2 private keys. The first one allows decryption, the second wipes the drive. Guess which one you give to the police?

  • In Soviet Russia... (Score:5, Insightful)

    by Fapestniegd (34586) <james AT jameswhite DOT org> on Thursday May 18 2006, @12:30PM (#15358258) Homepage
    There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.

    Yeah, no "In Soviet Russia" Joke here.

    This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.

    But at least we have 37 types of cereal.
  • A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.

    A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.

    A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.

    We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.

    I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?

    Don't criminalize tools, criminalize criminal actions.

  • Summary is not complete (Score:5, Informative)

    by igb (28052) on Thursday May 18 2006, @12:34PM (#15358300)
    I'm as opposed to section 3 of RIPA as the next man, but I have the benefit of having read it in detail. What is proposed is that, following a lawful search with a warrant issued by a judge, the police or judiciary can demand the keys to any encrypted material that is seized. Refusal to produce keys can be treated as a crime in its own right. Since in America your government, it would appear, doesn't bother with the ``lawful search with a warrant'' part, I think we can safely tone down the ``UK sucks'' tone.

    The basic argument is that the purpose of a search warrant is defeated by encryption. Now I think that's wrong, or at least part wrong, and I think an alternative would be to make material held by the defendant which he does not choose to decrypt something that the jury can take account of, just as refusal to testify is now, under limited circumstances, something the judge can point to during summing up. And the alternative of forcing decryption isn't offered (although quite how someone would demonstrate that plain text they offered really _was_ the decryption is a whole other question).

    The is bad, illiberal law, and those of us involved in campaigning against it have been in correspondance with our MPs for some years. But it's not just Britain that is tearing up its freedoms in the face of minor terrorism: the USA collectively shat its pants and ripped up a century of jurisprudence on the 12th of September. It makes far more sense for people with a desire for freedom to work together, rather than to assume that we're a bunch of proto-fascists while Bush Jr defends your constituional rights.

    ian

  • People; don't say "This can't be done."

    This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.

    The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.

    Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.

    This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.

    • Re:Brilliant idea... (Score:5, Interesting)

      by grub (11606) <slashdot@grub.net> on Thursday May 18 2006, @12:33PM (#15358285) Homepage Journal

      I'm sure the criminals, paedophiles, and terrorists will just be lining up to hand over their keys, too.

      That's the odd thing about this. You can get up to 2 or 5 years in the can (depending on if they think you're a terrorist). So if you have gigs of terrorist info that could get you sent away for life, just say you lost your keys and go away for 5 years max.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.