UK's Terrorism Law Reviewer Says Tech Companies Shouldn't Offer Encryption To Anonymous Users
from the nothing-to-hide,-everything-to-fear dept
Once again, someone’s suggesting the best way to combat the spread of terrorist-related communications online is to make the tech companies do it, have them foot the bill, and do it all without being legislated into submission or making impudent comments like “That’s not how any of this works.”
Traveling beyond the groundwork of “necessary hashtags” and constant threats to bludgeon tech companies into mandatory, worldwide speech policing, the UK’s independent reviewer of terrorism laws — former key terrorism prosecutor Max Hill QC — suggests the better route lies not through legislation, but through some sort of tech wizardry.
[C]ooperation with tech giants such as Google and Facebook offered the best way forward, including the potential introduction of “verification” checks on social media users.
“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user,” said Mr Hill.
“If the technology would permit that sort of perusal, identification and verification, prior to posting that would form a very good solution… and would not involve wholesale infringement on free speech use of the internet.
“I’m talking about a nano-second.”
Yes, Hill is calling for encryption to be withheld from anonymous or pseudonymous users — often the very users (dissidents, journalists, whistleblowers) for whom the added protection is key to survival. This pitch takes “nothing to hide/nothing to fear” to its illogical extremes, suggesting protected communications be limited to those who have made their personal information available to tech companies — who then, in turn, can be forced to hand it over to various governments with a minimum of paperwork.
Hill is correct — beating tech companies over the head with broadly-written legislative sledgehammers is unlikely to end well. But his “fix” isn’t any better. In fact, the thing he thinks can be done in a “nano-second” may not even be possible. And that’s by his own admission.
Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.
Something everyone can agree on — “independent” or not — is that tech companies should pay for whatever measures they’re being forced to undertake for the government.
He added: “The vast sums of money that tech companies generate … means that we should all be looking to those companies to recycle some of those profits into the fight to take down extreme material.”
So, let’s attempt to add this all up:
Hill thinks “sledgehammer legislation” would backfire. He also thinks tech companies should be able to flip switches somewhere to encrypt/decrypt communications as needed (million-dollar switches perhaps, but “recycle” those “profits!”). He also concedes no one has said these “nano-second” switch flips are actually possible. Finally, he believes tech companies will implement these measures and pay for them without being forced to by “sledgehammer legislation.”
Hill has assembled a handful of logical flaws and presented them as a plan — one whose impossibilities can be surmounted if everyone involved just talks about it for awhile. These are the words of a former prosecutor who has mistaken daydreaming out loud with acting as an independent overseer of terrorism-related legislation.
Filed Under: anonymity, encryption, going dark, identification, max hill, privacy, uk
Comments on “UK's Terrorism Law Reviewer Says Tech Companies Shouldn't Offer Encryption To Anonymous Users”
I have a better idea. Why don’t we acknowledge that 100% crime prevention is impossible anyway and that shit happens and then start dealing with what is actually causing such extremism by teaching tolerance in the schools, weeding out bigotry from the government, police, legislative, courts? Ah, it’s easier to advocate for a mythical, magical solve all switch. Ok, carry on.
The escalation of extremism everywhere, from white supremacists and Jesus followers in the West, through radical Muslims in the middle-east to lunatic tyrants in Asia we humanity are ripe for mutual assured destruction.
Re: Re:
A major cause of extremism is the great disparity in wealth between rich and poor, and first and third world.
The western Roman empire fell not because those outside the empire hated its way of life, but rather because they wanted a share of that way life.
Re: Re: Re:
This of course but if you focus on providing welfare to the masses with good public health, education and justice you are already a long way into fixing this issue. I’m not against billionaires, I’m against them existing while there are people in total misery. If everybody has the minimum to live with dignity then by all means go buy your yachts and planes.
Re: Re: Re: Re:
It is in their best interests, long term, but they do not think long term. The wealthy need to wake the hell up and smell the disaster they are creating, it will impact them no matter how strong their bomb proof fortress is – this is quite obvious to many – but not them.
Re: Re: Re:2 Re:
And the people that keep pointing at the “wealthy” really need to understand what “wealthy” means to the majority of the world.
Because if you think “wealthy” means someone with hundreds of thousands of dollars in the bank, you are very much mistaken.
Re: Re: Re:3 Re:
” if you think “wealthy” means someone with hundreds of thousands of dollars in the bank”
Could someone like that afford a multi million dollar fortified bomb shelter?
…. No, obviously not
So what are you talking about there mister? It was quite obvious what was meant.
Re: Re: Re:4 Re:
I think what he means is that to “the rest of the world” wealthy means having: so much food you could actually throw some of it away; a car; electricity that actually works all the time; hot and cold running water (or even just reliable clean water); medicine when you need it. And so on.
Re: Re: Re:5 Re:
Yeah, I get that and it is a valid point … but that is unrelated to the post he responded to.
Re: Re: Re:6 Re:
I don’t know about that – if I can be so bold as to risk putting words in his mouth, I think his point is that it’s not just the yacht crowd that is building up a disaster for themselves, but more or less the entire developed world. And that seems relevant. I don’t know that he’s right, though.
Re: Re: Re: Re:
“I’m not against billionaires, I’m against them existing while there are people in total misery.”
Wealth doesn’t work that way.
It isn’t a zero-sum game.
Someone being rich does not MAKE someone else poor.
Re: Re: Re:2 Re:
You’ve missed his point. If there are people that are that rich, there’s clearly enough resources to go around so that there could be no one in abject poverty.
Like he said, he’s not against there being billionaires, only against there being billionaires while there are people in abject poverty. Some one making a lot of money doesn’t necessarily make others poor, but making some one less rich could make some one else less poor.
Re: Re: Re:2 Re:
Because most rich people got that way through their own hard work, right? And the harder you work, the richer you get, right? Hardly. Most of the wealth added to the economy is done by those who will never be wealthy themselves. Most rich people were born that way and stay that way by finding ways to channel the wealth created by others to themselves.
Re: Re: Re:2 Re:
Perhaps, but then sometimes it does work exactly like that.
For example why do you think there are so many employers who oppose providing their employees with a living wage in return for 40 hr work week? It’s bad enough they do not provide any benefits and push their work on demand bullshit but then they expect others to cover their deficiencies via food stamps and welfare. Corporate subsidy needs to stop. They wag their fingers at the less fortunate with the “personal responsibility” demand while shirking their own – many people are getting tired of paying for these corporate slackers while they claim to be “good citizens” and looking out for your well being, what a crock.
Re: Re: Re:
Do you make up your own facts and history all the time or is it more of just a hobby?
Re: Re: Re: Re:
Please itemize those things from said post that you consider to be incorrect.
Re: Re: Re:2 Re:
Extraordinary claims require proof. Where are your citations?
Re: Re: Re:3 Re:
I made no claims …. just a question.
Guess that is too difficult for you.
Re: Re: Re:4 Re:
Here is your claim:
“The western Roman empire fell not because those outside the empire hated its way of life, but rather because they wanted a share of that way life.”
Where are your citations?
Re: Re: Re:5 Re:
Look again as that was some other AC, please – do try to keep up
Re: Re: Fall of Rome
I thought it was the adoption of Christianity.
Re: Re:
You mean address problems instead of symptoms? That will never work!
Re: Re: Re:
They don’t even address the symptoms, they do a lot of hand waving, money grubbing and lying.
Re: Re:
Agreed.
Extremism / radicalization is spreading so efficiently because we don’t recognize their root causes. We recognize causes that are immediately adjacent to manifestations that we consider important; like terrorism. By the time is gets that bad allowable responses have deteriorated and narrowed into “war responses”. This is true in many, MANY domains not just international relations.
The big names, like Terrorism, “suck all the oxygen out of the room”. The fabric of our collective lives is the real monster that gives birth to these relatively baby monsters.
Re: Re: Re:
“Extremism / radicalization is spreading so efficiently because we don’t recognize their root causes.”
No, it spreads because of ignorance. Fear, the root cause, is well known and understood. The problem is the fact that people do not wish to remediate their ignorance.
Thank you for being a part of the cycle of ignorance!
Re: Re: Re: Re:
Most of that fear and ignorance is spread by men of religion who called themselves learned.
Re: Re: Re:2 Re:
Re: Re:
Maybe you should try practicing what you preach.
So when do we start prosecuting this facilitator of extremism and terrorism or is he under the protection of the mental health laws?
Re: Re:
His remarks already give away his hate for anonymity so Force him to give up encryption for life now. No phone encryption, email or even HTTPS. People who attack freedom do not deserve to be protected by it.
Re: Re: Re:
Wait. I thought "true freedom" included the freedom to take other people’s freedom away. No?
Re: Re: Re: Re:
no!
true freedom is the state where no one can tell YOU what to do.
It has ZERO to do with you having power or justification to do something to others.
Re: Re: Re:2 Re:
“It has ZERO to do with you having power or justification to do something to others.”
Like kicking them off land?
Re: Re: Re:2 Re:
Perhaps the /s tag was implied and you missed it
The UK seems to be leaning towards running their section of the internet in a very Chinese manner.
Mr. Hill,
Please to go fornicate without a partner.
Tech companies are not & should not be placed in a position to decide if someone is a “Good Guy™”.
Tech companies should not foot the bill to do bullshit feel good but worthless programs.
The problem isn’t the technology but the billions of dollars brain-trusts like yourself have demanded be poured into programs that are modern day phrenology, expecting untested unproven “science” of an eye twitch will unmask terrorists.
The world can not be 100% safe. Stop telling people they can be 100% safe. Unless they are willing to surrender all rights & human contact & be sealed in their own personal cells it ain’t happening.
The battle cry of “Tech should fix this!!!” is nice soundbite fodder, but how are they supposed to do what the billions you paid the phrenologists weren’t able to do?
You are not serious in these attempts, this is PR spin to make sure people are pissed at tech instead of the impotent leaders who just want everyone, but them, monitored in real time 24-7 by invasive systems that can and will be abused by those with power.
Orwell would be pleased you read his book, he is rolling in his grave that you’ve all taken it as a blueprint to make the world better. Unity through Faith, Faith through Unity and lets just ignore the fingermen raping & beating girls because they have a badge that says “good guy™”.
It was a warning, but the leaders are completely blind to what is coming as they strip away each bit of rights that supposedly make us free countries and we slide into the abyss of Big Brother telling us it isn’t raining as we stand in the rain soaked to the bone… but no one will say it is raining to avoid the reeducation camps.
>including the potential introduction of “verification” checks on social media users.
Just how does a company identify a user, when the create an account, and every time they use such an account? It is not unknown for people in the UK to have multiple identities for social benefits, and they have to interact with humans to verify their identity.
Re: Re:
Not easily. For example, even the FBI counter espionage unit has in the past been infiltrated by the very foreign spies it was supposed to be hunting because it failed to identify them as such, despite having virtually unlimited resources for doing so.
Get ready for password sharing to be a prosecuted under anti-terror legislation
I’m a developer, and maybe that has jaded my thinking about issues and problems… I would have thought that lawyers would have had the same rationale as me, but I’m starting to think they are the yin to our yang.The more I think about it… developers try to close all loop holes and lawyers try to create as many as possible.
We try and create a solution that works for the largest amounts of use cases with the smallest amount of effort. In cases like this; where you are looking for a zero-tolerance policy (absolutely no terrorists/anonymous interactions) then you are setting yourself up for complete and utter failure…
When a workaround is as simple as sharing a password, STEALING a password, or using an open protocol (*gasp!*)… you have failed even the most rudimentary of protections… of course then you have to create an anti-terror law to fix this ‘edge case’. etc. etc. etc.
Math is Not a Crime
Tim,
You guys might need to bring back the “Math is Not a Crime” shirts with a new tagline at the bottom:
“Except in the UK”
Re: Math is Not a Crime
Unless you know the necessary hashtags, in which case the UK is willing to overlook your criminal knowledge so long as you are willing to work with their ‘experts’.
'You are allowed to wear a mask only after you put on your name-tag.'
“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user,” said Mr Hill.
Translation: "People should only be allowed ‘anonymity’ after they’ve been identified."
Another not-so-hidden trick here is that if encryption can be toggled on it can just as easily be toggled off, so chalk this up to yet another attempt at conning/forcing companies to offer broken-by-design ‘encryption.’
Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.
It would be curious as to what ‘experts’ think that such checks are feasible, because I can’t help but suspect most or even all of those ‘experts’ have no actual expertise in the field of encryption.
I also can’t help but suspect that, similar to those in the US who call for ‘discussions’ and ‘conversations’ regarding this sort of thing that he’s not interested in any ‘debate’ that doesn’t start and end with something along the liens of "Why yes, you are absolutely right, we’ll get right on that on our time and our dime."
He added: “The vast sums of money that tech companies generate … means that we should all be looking to those companies to recycle some of those profits into the fight to take down extreme material.”
Translation: "They make a lot of money, ‘extreme’ stuff(like the ability to post anonymously) is bad, therefore they should spend some of that money to combat the ‘extreme’ stuff."
Pretty sure that as profitable as Google and Facebook can be they still have less money to throw about than the UK government, so if anyone should be paying for the development of such broken encryption the UK government should be the one paying the bills(or even better, have the idiots trying to undermine public safety and security via undermining encryption and anonymity foot the bill with their own personal funds).
Re: 'You are allowed to wear a mask only after you put on your name-tag.'
By allowing the “feasibility” argument you’ve already lost. It doesn’t matter if it’s feasible because it’s a bad fucking idea either way. That’s a pure distraction.
Re: Re: 'You are allowed to wear a mask only after you put on your name-tag.'
A very good point. It doesn’t matter how feasible it may or may not be, the underlying idea is a terrible one and not deserving anything but a resounding ‘NO’ from those that understand it.
Re: Re: Re: 'You are allowed to wear a mask only after you put on your name-tag.'
I propose a feasibility study in which we determine if I am able to take a million dollars right now and turn it into a reasonable retirement nest egg. Warning, this study may take many decades to complete.
Re: 'You are allowed to wear a mask only after you put on your name-tag.'
All he wants is a compromise. The British way. Like “So we compromised. I’ve got what I wanted, and they didn’t”.
lolwut
But they already know the identities of many of these extremists. They simply choose to do nothing about it.
Far easier to arrest some squaddies for being members of an obnoxious right-wing group than to deal with actual terrorists.
Re: lolwut
“But they already know the identities of many of these extremists. They simply choose to do nothing about it.”
Which in my small mind means that they are being disingenuous at best.
Had to check twice, but
Mr. Hill’s first name is indeed Max, not Benny.
Where is our resident TOR pirate to offer his pithy take on this story I wonder?
Re: Re:
Probably nerding harder
Re: Re:
out_of_the_blue doesn’t really show up on encryption articles. Surveillance articles, possibly, to whine about the government increasing surveillance. By the government, he really means the NSA. And by the NSA, he really means Google.
You’re thinking of MyNameHere/Whatever/horse with no name/Just Sayin’. His gimmick is to be an apologist for adding backdoors and increasing surveillance on the basis of “everybody posts personal things on social media so you should have no problem with the government grabbing all that data, you willingly put it up, you’re a pirate and I’m such a model citizen”.
Opinion is divided
Mr. Hill has clearly been "up the old sea dog" and talking to Captain Redbeard Rum.
Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.
I hope they televise that debate:
Tonight’s Topic: Bypassing Online Anonymity Safely and Securely
Max Hill – ‘De-anonymized anonymity makes sense and is feasible to implement.’
Everyone Else – ‘Max Hill is a fucking idiot.’
There you have it. They want an internet identification card.
Nuclear Weapons Hoax
NUCLEAR WEAPONS DO NOT EXIST:
http://heiwaco.tripod.com/bomb.htm
http://www.big-lies.org
http://mileswmathis.com/trinity.pdf
https://vexmansthoughts.wordpress.com/2017/08/27/what-the-nuclear-hoax-implies/
Re: Nuclear Weapons Hoax
Wow, I hadn’t heard that conspiracy theory before, though of course it exists. For everything that’s ever happened it seems there’s someone insisting it never happened.
Make sure to click the second link though. Could be the worst designed web site in the history of humankind. I don’t recommend you read it or anything, you might hurt your eyes, but just glance at it.