UK government vs. encryption

[Glaurung]

Here's an interesting report from the BBC's technology correspondent. As I and others have said here before, the UK government has been making noises for some months that sound rather like a ban on the use of strong encryption if it has no "back door" for the security services - and of course if the security services have a back door, then it's available to anyone who works out how to crack it.

The government seems to be stuck in some sort of denial or double-think: they want encryption for law-abiding citizens, while simultaneously wanting no encryption for criminals. They seem unable to grasp, so far, that encryption of a communication service applies to everyone who uses it, or no-one.

[Flamekebab]

I've been rather concerned but I can't imagine that they'd be able to come up with anything even vaguely feasible. The recent overturning of the format shifting element of the changes to copyright law make me feel like the best we can hope for is treading water. The notion of positive progress is fanciful at best.

[Glaurung]

I'm hoping that this will get slapped down comprehensively by all the businesses that are now more or less dependent on the internet for business-to-consumer or business-to-business transactions, when they realise that this will trash their business models. Unfortunately, our Glorious Leader seems to have invested a certain amount of political capital in this, and it would probably be somewhat embarrassing for him to have to admit he understands the whole area so little that he's repeatedly says he wants something that's impossible. If we're lucky, the civil servants will spot this coming, and arrange a "consultation" where the whole thing can be allowed to die out of sight. If we're unlucky, it's goodbye to most of the internet in the UK...

[Son of the King]

If we're unlucky, it's goodbye to most of the internet in the UK...

Including online banking and online shopping. I doubt the banks or big businesses would be too fond of that. Would banning strong encryption mean any company who encrypts their data and internal communications would need to not do that?

Its completely infeasible and it sounds to me like the government are just spewing rhetoric about stopping terrorists from hiding without actually thinking anything through.

[Glaurung]

Including online banking and online shopping. I doubt the banks or big businesses would be too fond of that. Would banning strong encryption mean any company who encrypts their data and internal communications would need to not do that?

Presumably, yes. It's quite conceivable that the bill would be written so as to make the use of strong encryption (i.e. without a back door) a crime, with penalties including a large fine or a prison sentence. Company directors would probably be personally liable if their company used strong encryption - who would risk it?

Its completely infeasible and it sounds to me like the government are just spewing rhetoric about stopping terrorists from hiding without actually thinking anything through.

Exactly my thought.

[Jubal]

Update: ISPs are going to be charging us all more for the privilege of letting the government see our metadata. Funsies!

http://www.theguardian.com/technology/2015/nov/11/broadband-bills-increase-snoopers-charter-investigatory-powers-bill-mps-warned

Politically speaking, the bills around this are likely to fly through parliament, as Labour actually seem to be rolling over and backing the government on the issue.