On 09/02/2025 12:21, Peter Fairbrother wrote:

On 08/02/2025 23:25, Richard Heathfield wrote:

That it is not really correct - if it is less easy to
communicate and store data securely then more people will have
no option but to use less secure methods.

I don't see the grounds for your protasis. Why is it less easy
to communicate and store data securely? Why must people use
less secure methods?

Because they no longer have access to more secure methods, ie
Apple encryption.

[...]

I agree, but trusting a cryptosystem known to have a back door
certainly does count as stupid.

ITYM *would* count as stupid..

I do, yes. Thank you for the correction.

You might use it as a channel for sheer convenience, but it
would be daft not to superencrypt.

But people don't know how to do that. Even many clever people.

It's easy. Instead of:

apple < plain.txt

you:

cat plain.txt | aes_for_example > apple

and Bob pipes through aes_for_example -d at his end.

In other words, instead of sending plaintext through Apple, you
send ciphertext.

[...]

Note that in the UK you have to give up keys to stored data on
demand.

With a warrant, yes, and that means evidence, which means the
crook has already failed.

Nope, no warrant needed. Just a demand from a mid-level policeman.

Having read the relevant legislation, which is not the kind of
document I'd like to read for the first time in a panic, I'm not
convinced either way. This is a job for an actual lawyer.


--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 09/02/2025 14:48, Richard Heathfield wrote:

On 09/02/2025 12:21, Peter Fairbrother wrote:

On 08/02/2025 23:25, Richard Heathfield wrote:

You might use it as a channel for sheer convenience, but it would be
daft not to superencrypt.

But people don't know how to do that. Even many clever people.

It's easy. Instead of:

apple < plain.txt

you:

cat plain.txt | aes_for_example > apple

and Bob pipes through aes_for_example -d at his end.

In other words, instead of sending plaintext through Apple, you send ciphertext.

But most people don't know how to open a terminal - even clever people.
Just because they don't know computers, computer security, internet
security, cryptography - does not make them stupid.

And even stupid people should have secure comms and data storage.

[...]

Note that in the UK you have to give up keys to stored data on demand.

With a warrant, yes, and that means evidence, which means the crook
has already failed.

Nope, no warrant needed. Just a demand from a mid-level policeman.

Having read the relevant legislation, which is not the kind of document
I'd like to read for the first time in a panic, I'm not convinced either
way. This is a job for an actual lawyer.

Been there, done that, the tee-shirt is now rags. See eg

http://www.chiark.greenend.org.uk/pipermail/ukcrypto/


Peter Fairbrother

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 09/02/2025 15:53, Peter Fairbrother wrote:

On 09/02/2025 14:48, Richard Heathfield wrote:

On 09/02/2025 12:21, Peter Fairbrother wrote:

On 08/02/2025 23:25, Richard Heathfield wrote:

You might use it as a channel for sheer convenience, but it
would be daft not to superencrypt.

But people don't know how to do that. Even many clever people.

It's easy. Instead of:

apple < plain.txt

you:

cat plain.txt | aes_for_example > apple

and Bob pipes through aes_for_example -d at his end.

In other words, instead of sending plaintext through Apple, you
send ciphertext.

But most people don't know how to open a terminal - even clever
people. Just because they don't know computers, computer
security, internet security, cryptography - does not make them
stupid.

No, but such people presumably aren't interested in secure
communication and don't give a damn about keeping their secrets
secret, so how are they relevant to this discussion?

And even stupid people should have secure comms and data storage.

Why would they care, if security is so unimportant to them that
they can't be bothered to learn how to acquire it?

But if they *do* care, they're going to need to invest some
cluons in learning something about this stuff.

Note that in the UK you have to give up keys to stored data
on demand.

With a warrant, yes, and that means evidence, which means the
crook has already failed.

Nope, no warrant needed. Just a demand from a mid-level
policeman.

Having read the relevant legislation, which is not the kind of
document I'd like to read for the first time in a panic, I'm
not convinced either way. This is a job for an actual lawyer.

Been there, done that, the tee-shirt is now rags.

:-)

I'm delighted to report that it's a rabbit-hole I've managed to
avoid, but of course I must cede the point (albeit under protest,
because they *should* need a warrant, dammit).


--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 08/02/2025 06:37 Jan Panteltje <alien@comet.invalid> wrote:

UK demands Apple break encryption to allow gov't spying worldwide, reports say
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple-break-encryption-to-allow-govt-spying-worldwide-reports-say/
Apple last year opposed UK's secret notices demanding encryption backdoors.

The United Kingdom issued a secret order requiring Apple to create a backdoor
for government security officials to access encrypted data,
The Washington Post reported today, citing people familiar with the matter.

.... Work to do ;-)
.

This will be an interesting fight to watch. Did the UK really believe this capability notice would stay secret?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 08/02/2025 05:37, Jan Panteltje wrote:

UK demands Apple break encryption to allow gov't spying worldwide, reports say
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple-break-encryption-to-allow-govt-spying-worldwide-reports-say/
Apple last year opposed UK's secret notices demanding encryption backdoors.

The United Kingdom issued a secret order requiring Apple to create a backdoor
for government security officials to access encrypted data,
The Washington Post reported today, citing people familiar with the matter.

... Work to do ;-)

This is batshit crazy, because the genie left the bottle decades
ago. If Alice wants to communicate secretly with Bob, and if
keeping the government ignorant matters enough to Alice and Bob
both, they can do it, and the government hasn't a prayer. We know
it, they know it, and GCHQ know it. If Apple provide a back door,
Alices who care will simply go elsewhere than Apple, or even roll
their own using tried and tested ingredients. The only people an
Apple back door will ever catch are stupid people with stupid
secrets, e.g. politicians.

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)