spraci.info

#MI5 chief asks tech firms for 'exceptional access' to encrypted #messages


source: https://www.theguardian.com/uk-news/2020/feb/25/mi5-chief-asks-tech-firms-for-exceptional-access-to-encrypted-messages
Parker called on the tech firms to “use the brilliant technologists you’ve got” to answer a question: “Can you provide end-to-end encryption but on an exceptional basis – exceptional basis – where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?”
#encryption #security #terror #crime #politics #surveillance #uk #gchq #question
Dahaka diaspora
I think this is end-to-multiend :D lol
encryption can be worked around
for example:
No, if it's true end to end encryption, you've got to attack the endpoints. And it you put backdoors into the endpoints, anybody can use them.
Dahaka diaspora
Everyone is voting with no but almost everyone will sing another song after the first bank transfer with many zeros...
@worblux@diaspora.koehn.com as noted, endpoints may be considered largely compromised and hence encryption can be worked around.
@Alien (A23P)

Compromised in theory is not the same as in practice. Having to reach out over the network leaves trails that can be noticed and discovered. The three letter agencies don't want to waste their zero-days on minor activists and black marketeers.

And I don't buy the theories that platform setup code was designed as a backdoor, though nearly all code has bugs, and some bugs are exploitable. Bringing up a known simple and dumb processor with assembly, and then bootstraping the initialization of the main complex processor (that changes fundamentally every year) with a higher-level language running on the simple processor, saves multi-million dollar amounts of development costs, and likely even makes the end result less buggy as higher level languages are easier to audit and examine. ARM and POWER do the same sort of thing. (though a variant of Power's BMC is open source)

And yes individuals would be more secure if the embedded controller didn't interact with net... Show more...
Yes, this is possible at least in closed source messengers (just turn off the encryption or add a second key in case of a legal warrant).
All parties should be always informed about this. So turning off the encryption should always be transparent to all.
@worblux@diaspora.koehn.com
nods

was in particularly as it pertains to "large" adversary that most systems are openly and publicly established as "compromised".
Nation State legal court laws often hold an interesting apparent paradox in relation to what they permit and do no permit.
For example, Intel "legally" implemented the ME chipset and AMD "legally" implemented the PSP chipset. BUT, both implementations basically render the end user compromised in so much that the ME and PSP engines have access to full system resources.

the original post posses the question:
"exceptional basis – where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?"

my point was that legal structures had already facilitated (hardware) "backdoors" that can work around encryption on the vast market majority of consumer and enterprise (network) computers currently in u... Show more...
lntl Diaspora
I'm sure they just attack the end-points. If the govt wants to know whats on my phone, they would just "login" so to speak with a clandestine service and see my cat pictures, etc. How many backdoors does Android have?

I dont really think encryption exceptions are necessary, theyre only bad publicity.
^---!!!POINT O FACT!!!---^