[Nottingham] Back doors in encryption

Matthew Sackman matthew at sackman.co.uk
Thu Nov 5 12:27:34 UTC 2015

On Thu, Nov 05, 2015 at 12:12:41PM +0000, Denny wrote:
> This is less an attack against encryption
> and more an attack against the PKI, after all, how does one attack
> mathematics?

I get the impression many politicians think that "safely backdoorable"
crypto is possible if only the mathematicians would knuckle down and get
on with it.

> I struggle to understand why, in a world where we still depend on
> ineffective password management without 2FA, this is such a big deal. 
> There are so many other IT security issues "in the wild" that have
> little or nothing to do with encryption that are in my opinion much
> higher priority.  We are being lead to believe that if we put a security
> door on a greenhouse the security will be improved.  I suspect that
> self-serving popular media has created a tempest in a teacup, a vector
> for further weakening our confidence in elected officials and Western
> governments.

Money. It costs money to keep GCHQ employees up to speed with how to
break all the various bits of software they need to break in order to
"do their jobs". After all, we have an annoying tendency of fixing flaws
when we find them. It would be much easier for GCHQ if they could just
tap all the cables and be able to decrypt everything they can capture
without having to go to the expense of breaking in.

> I'm no jurist so I'm unqualified to evaluate or even understand this
> draft bill.  From what little I've read on the subject, it appears to be
> more of an update or reassertion of current legislation.  If that is the
> case then this isn't a seismic change but a evolutionary process.  I'd
> be much more concerned if there were inadequate checks and balances in
> the process uncovered.  Personally, I think that occasionally,
> parliament and congress table bills such as this to test public opinion,
> with the intent to calibrate strategic policy.  I'm not sure how I feel
> about this practice if it is indeed the case.

I don't know if you've seen Spectre yet, but there's one moment in it
when M realises that if they can use a certain piece of technology to
track Bond, then so can others. Jenkins expands on this point today -
- which largely matches your point too:

"Not a week passes without news of some supposedly secure data store
breaking down. NHS patient data leaked, police crime data leaked,
TalkTalk, British Gas and Marks & Spencer customer details all leaked.
Adultery agencies are hacked. Communications between lawyers and clients
are hacked. In 2009, defence ministry vetting details of RAF officers
were leaked. The police have reportedly hacked into journalists’ sources
600 times. If the government can hack citizens’ records, citizens can
hack them too, and hack what is hacked. E-government is not security but

Backdoorable crypto is just going to make this much easier.


More information about the Nottingham mailing list