Terrorism

but complex passwords

Enforcable in a heart beat, watch the chaos

[/quote]

Yes they are, but we need to retrain peopple about what complex means…

Complex (in terms of strength* of security) doesn’t have to mean difficult to remember, it just needs high entropy and to not be predictable, people have been conditioned into very poor password practises over the years, all via good intentions but poor implementation.

Enforcing a a complexity policy doesn’t necessarily mean chaos, enforcing a poor policy will though 😉

* function of character set, length and ‘randomness’

EDIT – I was in two minds about posting the XKCD strip as it’s become a bit cliched over the years but it is still relevant!

@Cougar, your Roman example is still a form of recognisable key exchange encryption though, an observer may not be able to read the message, but could identify that there is one. Although I agree with your point I was actually trying to highlight other forms of steganography, which still requires the sender and recipient to agree on a protocol to reveal the message, but allows communications to be sent over traditional mediums while NOT appearing to be encrypted, as the previous comments from other poster were about identifying encrypted comms either in order to collar infringers, or for further scrutiny. But if the comms don’t even look encrypted, and you can’t prove they are encrypted without knowing how to decrypt them then your entire reason for banning it, however poorly justified, falls down immediately.

https://xkcd.com/936/

Your attempts to stop it will not work.
There are literally hundreds of ways around it.
It will only cause more problems for people doing nothing wrong.

Read the NHS Hack link, the NSA had a back door, they let that out/lost it. Then a load of other people have your information. Who cares if they want to read it or not they don’t get access because some idiot politician wants to make a headline.

This.

Plus bear in mind – the NSA tool exploited an inherent vulnerability in SMB. Read that again, “vulnerability,” the clue’s in the name here. It’s not only vulnerable to the NSA, or to anyone with a leaked copy or EternalBlue, it’s vulnerable full stop. Even if the NSA software had never got out into the wild, someone totally unrelated could have later tripped over the vulnerability and done something similar.

And here’s something for you to mull over, which I don’t have the answer to. Did the NSA discover the vulnerability and not disclose it to Microsoft (which is what I’d guess happened), or were they instrumental in putting it there in the first place? And, which of those two scenarios is worse?

gmail is read / scanned by google in order to sell advertising. No one seems to be too worried about that. No end-to-end encryption “needed” there

jamby, doesn’t mean people don’t want a secured and encrypted means of communication for innocent and legal reasons.

Still no practical reasons or useful ways to implement this or how it will prevent terror attacks then?

Still no practical reasons or useful ways to implement this or how it will prevent terror attacks then?

nah its a great
though

I can only claim to speak for myself.

I think this is half the problem. Is there value in your data? Probably not, but surely you can see the issue if they have access to everyone’s data, no?

I’ll have his data. String with the credit card number, passport, banking login etc etc…

gmail is read / scanned by google

It’s a tad disingenuous to lump those two actions together there as if they were the same thing. Gmail is scanned by Google, yes. But it is not read by them.

In a typical email server deployment other people’s mailboxes are not readable by anyone else, even the administrators. As I said before, best practice in the security world is what we call “least privilege” – you give people the bare minimum access to what they require to do their job.

This can of course be changed, but we’re then back into the realms of “trust.” Google say they don’t read emails, they could be lying.

in order to sell advertising.

… unless you opt out.

No one seems to be too worried about that. No end-to-end encryption “needed” there

Because as we’ve been discussing, email isn’t secure. Whether it’s “needed” or even needed is another matter. I send emails day in, day out but none of it is secure or particularly needs to be. I doubt very much that finding out I’m restarting a non-critical FTP server at 4pm today or that a customer’s pre-stage is ready to go out for delivery is going to be of national tactical advantage to a terrorist or valuable corporate data to a competitor.

That doesn’t however mean that I don’t occasionally need to send, say, a username and password to someone. If I wanted to send confidential data to someone I wouldn’t use plain email; just because the bulk of my communications are innocuous doesn’t mean that there isn’t sometimes a requirement for secure communication.

In this brave new unencrypted world, cyber-terrorism will become very easy.

Good summary for the hard if understand (including Maybot- you’d think she of all android s would get it ). https://www.newscientist.com/article/2133644-theresa-mays-repeated-calls-to-ban-encryption-still-wont-work/

No end-to-end encryption “needed” there

Oh, and,

Just because it’s not true end-to-end encryption, don’t think there’s no encryption. Email works by hopping from server to server as it gets to its destination, and it’s likely that the bulk (if not all) of that message transfer is encrypted whilst it’s in transit.

Certainly any data you send / receive between your email client (be that a phone app, a full-fat desktop client or webmail) and Gmail’s servers will be encrypted. Whether the rest of it is encrypted depends on the other servers on the journey supporting / negotiating secure communications between themselves but in this day and age there’s little reason for them not to.

Do we need it? Consider this. If you’re reading your emails on a public Wi-Fi hotspot in a web cafe or a hotel somewhere, and you’re using regular SMTP / POP3, then I could be reading them too. It is trivially easy.

Still don’t care? If I can read your emails, I can request a “forgot my password” reset from any services you have linked to that account. Amazon? Ebay? Paypal? Online banking?

Still don’t care? I have your email address, here, have some malware. Spoofed to look like it’s been sent by your partner (I can now copy her writing style, remember) and convincing SMTP to lie on my behalf is even more trivial, it’s a protocol that’s been around for well over 30 years. Boom, I now have full remote admin access to your laptop. all your saved website usernames and passwords (they should be encrypted of course but you want to do away with that), corporate secrets (they should be encr… you get the idea), your secret hentai collection (I wonder if your partner knows about that, possible blackmail material?), maybe install a keylogger so I can record what you type in the future, and then when I’m done I can fire a parting shot of Cryptolocker using actually unbreakable encryption because banning it doesn’t stop it from ****ing existing.

FFS.

In this brave new unencrypted world, cyber-terrorism will become very easy.

Indeed. Lest we not forget: encryption may protect the criminals from the authorities, but it protects everyone from the criminals.

Problem: A terrorist has locked himself in his house where we can’t get to him.
Solution: Ban locks.

So,

Problem: A terrorist has locked himself in his house where we can’t get to him.
Solution: Ban locks.

Welll, no, we don’t need to, because brute force works. Now, how well do brute force attacks work on encryption?

In other news – Knife and hammer wielding terrorist attack in Paris this afternoon… and look what happens when all police are armed, instead of the first policeman on scene having to take him on armed just with a metal stick.

May cut numbers of armed police at a faster rate than normal police.

She’s now doing another u-turn as she describes measures that are equivalent to the labour control orders she scrapped in 2010

Welll, no, we don’t need to, because brute force works.

What if I have a reinforced door/walls. Should household security be limited to a level at which the cops can put the door in easily?

In other news – Knife and hammer wielding terrorist attack in Paris this afternoon… and look what happens when all police are armed

He gets shot rather than arrested? Note that he attacked several coppers. If he had launched an attack on a lone copper then the chances are instead of carrying a hammer he would then be carrying a pistol.

Welll, no, we don’t need to, because brute force works. Now, how well do brute force attacks work on encryption?

Whether we “need to” or not isn’t my point – my point is that that’s the solution being proposed. Assuming for the sake of analogy that the terrorist has got hold of some sort of impenetrable lock on his door that cannot be brute forced. Is the best solution really “ban locks”?

And once you’ve banned them, what’s to stop criminals from carrying on using the locks anyway (because, y’know, they’re criminals) whilst the rest of us all have our front doors wide open for any passing munchkin to pop in and nab our telly?

And of course, it’s common knowledge that since we banned the carrying of knives there hasn’t been a single knife crime in the UK… oh.

equivalent to the labour control orders she scrapped in 2010

The same control orders that the lib dems gave a manifesto commitment to get rid of, and that Liberty said were a blot on the human rights record of the UK?

Assuming for the sake of analogy that the terrorist has got hold of some sort of impenetrable lock on his door that cannot be brute forced. Is the best solution really “ban locks”?

Rather than ban that specific type of impenetrable lock?

And once you’ve banned them, what’s to stop criminals from carrying on using the locks anyway (because, y’know, they’re criminals) whilst the rest of us all have our front doors wide open for any passing munchkin to pop in and nab our telly?

And guess what happens when you walk round looking randomly at people’s doors, and spot one with that (fairly obvious) banned lock? you’ve just found someone who you want to look really carefully at, haven’t you? You know, a bit like when the police do DNA tests after a murder, that are completely voluntary, but if you, completely innocently, refuse or avoid it, then you know what the police are going to do, don’t you?

And of course, it’s common knowledge that since we banned the carrying of knives there hasn’t been a single knife crime in the UK… oh.

Well, you lot are pretty keen on jumping up and down saying that gun control is so vital aren’t you? By your logic we shouldn’t restrict guns from all those perfectly innocent happy shooters, we should just ban them from potential murderers and bank robbers

If he had launched an attack on a lone copper then the chances are instead of carrying a hammer he would then be carrying a pistol.

If he had launched an attack on a lone copper then the chances are that the copper would be dead long before he’d have chance to shout “arretez,” let alone get a firearm ready to be used.

Yes those are the ones. I don’t agree with them. But clearly if you are desperately clutching for voters, saying you’ll opt out of human rights to enact them will boost your standing among some demographics

If he had launched an attack on a lone copper then the chances are that the copper would be dead long before he’d have chance to shout “arretez,” let alone get a firearm ready to be used.

Unlike in Britain, where when you’ve got seconds to save someone’s life, the armed police are only minutes away

Unlike in Britain, where when you’ve got seconds to save someone’s life, the armed police are only minutes away

I don’t want to live in a country where the police are routinely armed. (neither do the police for that matter) I’m therefore content to compromise in the rare event when all other responses have been exhausted, armed cops are the last resort, not the first. If it takes 8 minutes, it takes 8 minutes. I see the headlines are all about how we should not change our way of life; not OMG, the cops have to have guns all the time from now on.

Anyway, if the cops went round carrying guns, you’d have a semi all the time, and that would be embarrassing for everyone If, however you want to live in a country where the cops carry all the time, feel free to **** off…

Another point about encryption; most posters here believe they live in a country where the government has (to varying degrees) good intentions to its people. In dictatorships, banana republics, theocracies etc where people who campaign for democracy, free speech, gay rights, womens equality use encrypted messages to communicate with each other, exchange ideas, organise gatherings and protests or communicate with people in the “free world”. It’s not all nefarious.

If you remove one end of the end to end encryption you are potentially jeopardizing people’s lives.

And guess what happens when you walk round looking randomly at people’s doors, and spot one with that (fairly obvious) banned lock? you’ve just found someone who you want to look really carefully at, haven’t you?

Missed my comments about steganography then?

If naughty people really want to keep something hidden then you won’t spot it by randomly wandering around looking for it on the off chance, all you’ll do is intrude on everyone else needlessly, while pissing them off in the process and also removing a load of legitimate and positive uses.

Also, for the last time, even if everyone agreed tomorrow to only allow secure but state backdoorable encryption, you can’t, those two elements are mutually exclusive. You can’t make maths obey your will, you can try, but you’ll fail.

By your logic we shouldn’t restrict guns from all those perfectly innocent happy shooters, we should just ban them from potential murderers and bank robbers

That’s not the same, you know it’s not, and I know you know it’s not no matter how pro-gun you are, so stop pretending you’re stupid to try and make a bad point.

I don’t want to live in a country where the police are routinely armed.

If you arm the police, you arm the criminals. Most criminals don’t carry guns because a) it’s more difficult and b) they don’t need to. Remove the latter and they’ll concentrate harder on the former.

Another point about encryption; most posters here believe they live in a country where the government has (to varying degrees) good intentions to its people. In dictatorships, banana republics, theocracies etc where people who campaign for democracy, free speech, gay rights, womens equality use encrypted messages to communicate with each other, exchange ideas, organise gatherings and protests or communicate with people in the “free world”. It’s not all nefarious.

Moreover, we’re slowly creeping ever closer to being the latter rather than the former. Anyone who isn’t both concerned and terrified by this is either in a position of power or a blithering idiot.

The criminals are already armed, hadn’t you noticed? How did Dixon of Dock Green die?

That’s not the same, you know it’s not,

only because it hurts your brain when you realise you are now arguing that it’s OK to ban one thing that you don’t like, because bad people abuse them, and at the same time argue that it’s unfair to ban something you do like because bad people abuse them

If it takes 8 minutes, it takes 8 minutes.

I’ll bet you wouldn’t be saying that if it was one of your loved ones stabbed to death after the first policeman got on scene, but couldn’t do anything because all he had was a metal stick

Cougar

Moreover, we’re slowly creeping ever closer to being the latter rather than the former. Anyone who isn’t both concerned and terrified by this is either in a position of power or a blithering idiot.

Agree 100% and the thing is, most people won’t even see it coming. Or if it’s here, we didn’t see it coming.

I reckon Ninfan’s walls are plastered with Dirty Harry posters and Death Wish is on a permanent loop on his TV

Ah, as usual – lefties see they are losing the argument so resort to personal abuse and character attacks 🙄

3 of the last 4 recent terrorist attacks have now been stopped not by the first policeman to arrive on scene, but the first policeman to arrive on scene with with a gun,

We learned from the best.

I’ll bet you wouldn’t be saying that if it was one of your loved ones stabbed to death after…blah blah blah …

Today’s logical fallacy is…appeal to emotion.

only because it hurts your brain when you realise you are now arguing that it’s OK to ban one thing that you don’t like, because bad people abuse them, and at the same time argue that it’s unfair to ban something you do like because bad people abuse them

My brain is fine thanks, and that’s not what’s going on at all, the two things under discussion are so very very different that you can’t make that comparison.

It’s not even like comparing apples and oranges, I was going to say it’s like comparing cheese and poetry, but actually the reality is even more ridiculous, it’s comparing guns and maths!

so ninfan did you support May cutting armed police at a greater rate than other police?

is pointing out that you are obsessed with guns an insult? – possibly, but its worth noting

Edit, waaay too slow

only because it hurts your brain when you realise you are now arguing that it’s OK to ban one thing that you don’t like, because bad people abuse them, and at the same time argue that it’s unfair to ban something you do like because bad people abuse them

It’s not a case of what anyone “likes.”

Guns have a primary purpose. To kill people.
Encryption has a primary purpose. To protect people.

And yes, you could argue that guns are for “protection,” but as someone else said you’re in the wrong country for that. Look how well the Second Amendment is preventing people from being killed in the US.

so ninfan did you support May cutting armed police at a greater rate than other police?

How does arming all police result In cutting the number of armed police?

Second amendment

Straw man, I am calling for armed police (the same as we already have in NI, Ireland, France, Germany, Italy etc.), not a right to bear arms.

The last one was stopped by eight officers firing 46 shots, should the police go round in groups of eight from now on then? What other quotidian policing requires carrying firearms?

@ninfan I don’t why you are bothering, we warned what would happen. It’s happening and now things will change as we said they would need to.

FWIW, having spent 20+ years in Northern Ireland I really feel like a lot of the arguments against armed police are complete distortions or fallacies.