19/01/2015

Why the UK needs more ways to wiretap .... NOT

David Cameron has recently come out with the UK needs new laws to curb evil terrorists and as part of this process banning end-to-end security in messaging applications and putting back holes into encryption protocols so GCHQ and the Security Services can do more snooping than they already do.

Edward Snowdon has already shown how much the NSA and GCHQ already have been complicit in installing back doors in routers and other devices and they have talked with security companies to put back doors in existing systems.

They even built a (mini) GSM network so they could tap what various people were doing when they came to the UK (that pretended to be the normal networks, but intercepted all voice, text and data traffic, put it through their network first and then sent it on to the normal networks). That caused a bit of a row and the Germans didn't much like it (so much so they promptly made everyone in Government use Blackberry's which do support encryption and secure traffic).

The Government already has powers of intercept. It can force anybody that has infrastructure in the UK or operates in the UK to hand over data records (RIPA has been around for a while).

Cable and Wireless (now Vodafone) used to be a big player in International data pipes and a lot of their undersea cables land in a small bay in Bude, Cornwall. There's a little C&W building above the beach where the cables terminate and then shoot out to the rest of the UK. Oddly there's a GCHQ listening station right next door (allegedly GCHQ don't even have to tap the fibres, C&W just give them a direct split) and the listening station is just a big data centre that can hold 30 days worth of data and it's a big FIFO (first in first out). The bods at GCHQ can look at the connections (which is generally who was talking to who, whether that's a person talking to another person or a person to a particular website) and then drill into the actual connection data when it's interesting to them.

The US have a big 'listening' station at Menwith Hill (in the UK).

Unfortunately giving the Government more power to do interception and weaken encryption isn't going to help anyone. Encryption technologies tend to be the same whatever the application. So the same encryption that may protect a messenger protocol is also the same protocol used to protect the web protocol (i.e. https rather than http). By reducing the encryption (or worse putting back doors in) it's not just the messenger protocols that suffer, it's also the services that should be secure that are affected too.

The other main problem is that it doesn't really affect the terrorists that the Government want to stop. They are going to CONTINUE using encryption whether the Government wants them too or not. The UK can't mandate non-encrypted (or reduced encryption) outside the UK, so everyone who wants security moves their services to a place that does allow it.

Disallowing or reducing the effectiveness of encryption is not the answer to terrorism.

Post a Comment