Comment on the UK Gov Proposal to Ban “Bespoke” “Sophisticated” Encrypted Phones
cyberlaw.stanford.eduThere are some good arguments in here, but I think it misses the broader picture.
Clearly someone at GCHQ has told the UK government that if they want to ban secure apps like Signal, they first need to get the apps taken out of the app stores, then they need to mandate that phone OSes don't allow side-loading, then finally they need to ban "bespoke" phones, i.e. ones that allow general purpose computing.
Not only Stallman[0], but Doctorow[1] was right too.
After implementing this, they'll do the same for desktops, using something like Apple's Gatekeeper software[2]. Linux distros will gain support for this using "Secure Boot" and something like systemd-censord, which Microsoft might get Lennart to implement for them.
[0] https://www.gnu.org/philosophy/right-to-read.en.html
[1] https://boingboing.net/2012/01/10/lockdown.html
[2] https://support.apple.com/en-gb/guide/security/sec5599b66df/...
They will never stop coming for open source and privacy.
The only option is to write malware that replaces all installations of proprietary OSes with an open source os.
This should not be impossible given the number of 0days these typically ship with.
A self replicating reinforcement learning AI that distributes peer to peer over any network available and reproduces with other copies of itself to improve itself.
> A self replicating reinforcement learning AI that distributes peer to peer over any network available and reproduces with other copies of itself to improve itself.
Behold, the birth of a true computer virus!
The British State treats people born on this island as subjects, and will go to great lengths to have a full spectrum advantage over other countries, including infecting primary school age kids with things like Anthrax (me for one), and will do other things like intercepting telecoms data as detailed here.
https://cryptome.org/eyeball/capen/capen-eyeball.htm
The state will attempt and do kill innocent British civilians in this country and its all covered up. This model of governance is employed in other country's but most people want to believe the state is there as a purpose for good.
Do you mind elaborating on the anthrax context?
You get asked to collect wool off barbed wire from fields on a farm, wire fence with the top line being barbed wire, next to hedges and banks. Some of the wool is not snagged on the barbs like fluffy tufts of wool but is wrapped around and along the barbed wire, so you have to untwist it. A day or two later you start getting rashes where our hands had touched our arms, like top of arms near the elbow and sides of the calf muscle, yet no plant had been in contact with these areas. It starts eating your flesh away with black scabs, very black scabs, not like a cut or graze. GP prescribes some antibiotics and eventually the black scabs heal up, but the NHS never do bacterial swab tests, leaving that doubt it could have been an allergic reaction to some plant in the hedgerows if those parts of the body had been in contact with a plant, which is fair enough, but the wool was wrapped around and along stretchs of the barbed wire, not the cleanest wool either some of it with sheep muck on, so it was weight enough to not able to twist itself around the barbed wire in the wind either. 50p I got for several plastic bags full of crappy wool when that was taken to market!
Other examples include the infected blood scandal, where the UK govt delayed an enquiry allowing key decision makers to retire and die off.
Only one person is left alive who stated the govt decided to not buy the US tests, but rather wait for a British company to develop their own which took months.
The British Govt could have bought in the US developed tests to check blood supplies and ran with that until a British equivalent was developed.
It would not have delayed the scientific discovery, helping to save many lives, and the psychological effects that being done over by the "incompetence" of the state created for some people.
I even reported this to the Met Police and have heard nothing from them!
What also stinks, is the NHS had a practice of cutting out tonsils in the 80's and some surgeons were negligent at best, malicious at worse, which resulted in blood transfusions having to be given to kids, hence me mentioning the infected blood scandal and I know now, their vitamin K and thus blood clotting and anti-clotting proteins would have been sufficient to have clotted the tonsils.
Its just Nazi experimentation on kids.
The metal contraption with a metal loop that ensnared and cut the tonsil off was even shown on ITV's Wide A Wake Club one Saturday morning! That should have come with a warning, but its the states way of normalising surgical procedures, where healthier dietary methods existed.
Manganese chloride will give you a scab like deep red superglue, and that scab is resistant to water, so it would not come away in a bath, shower or swimming pool. It literally is a good as using the surfers trick of using superglue to stick a cut back together again in order to carry on surfing. Manganese also has vit K like activity in the body as well.
Other examples, artificial joints, dietary solutions exist but they dont generate as much GDP unlike the hyper expensive titanium joints and all that that entails. Bariatric surgery's, again dietary solutions exist, but they dont make as much money.
Wonder how they expect this to mesh with the new EU law mandating, among other things, open app ecosystems.
Will Britons just import their phones from France?
Presumably mobile networks will be required to only grant internet service to phones that were bought in the UK (or that have been registered with a foreign network for more than N months).
I'm not sure how easy it is for networks to filter by IMEI (and presumably there would have to be a database for recording which IMEIs were sold with UK-compliant OSes) but eventually there would be a system which covered all access to the internet, not just from phones.
This means broadband ISPs doing a Remote Attestation check before routing any other packets from your device. A proof of concept for this has been implemented for some online games already.[0]
[0] https://arstechnica.com/gaming/2021/09/riot-games-anti-cheat...
Even with attestation you could just daisy chain and use the attesting device as a proxy. Not to mentioned the billion of internet enabled devices that would never support it
> Even with attestation you could just daisy chain and use the attesting device as a proxy.
But you'd need the attested device to run the proxy server software, which would obviously not be allowed in the app store, and would be blocked by the gatekeeper daemon or the OS-level firewall. Well, proxy software would be allowed, but it would have to perform its own attestation checks on the devices it proxies for.
> Not to mentioned the billion of internet enabled devices that would never support it
The billion internet enabled devices would be allowed onto a special "safe" segment of the internet, which companies could apply to add their static IPs to. So your internet connected fridge could still phone home, but the manufacturer would take liability for any data that a rooted fridge managed to send out to the internet.
There might still be millions of old devices that don't support TPMs and don't have manufacturers willing to apply to have their IPs whitelisted, but the government will say that kicking these insecure unpatched devices off their internet would be a huge win for cybersecurity. Making people buy a whole load of new devices would probably also give a temporary boost to the economy too.
I think you're missing the point. Attestation is just key signing and verification with more bells and whistles and overhead. DRM tries and fails for the same reason: you have to give the user both the key and the content. There has been 30 years of attempts to somehow obfuscate and keep them apart, all without success.
An attacker with physical access and unbounded time cannot be defeated.
The reason why DRM has failed in the past is that it only takes one person to crack the DRM on their own device, and then they have an unencumbered digital file which can be copied and distributed freely.
Applying DRM to kernels and applications rather than to media files is completely different. If someone wants to have an E2E encrypted conversation, not only do they have to have jailbroken their own device by extracting the secret keys from inside its processor (using an electron microscope, perhaps) but their conversation partner has to have done the same to their own device.
Even if a few brave and well-resourced journalists/lawyers/activists managed to do this among themselves, they would quickly be exposed by traffic analysis, allowing the government to simultaneously arrest all of them and use their devices as evidence.
UK is not a part of the EU so it wouldn’t have to mesh at all unless I’m missing something?
Some EU laws apply in Northern Ireland - I don’t know about laws in this area specifically. If a phone is legal in the EU, the UK may be required under the Northern Ireland Protocol (and the new “Windsor Framework”) to allow it in Northern Ireland. If they have to make a phone legal in Northern Ireland, it will be very hard to ban it in England, Scotland and Wales
Sure, but its not that hard or expensive to hop a ferry/train/plane trip to France or Ireland and buy an unlocked phone, as one example. Any laws the UK passes have to account for the geographical realities of its location.
Just because the UK is no longer in the EU doesn't mean its not affected by many of its decisions, given the enormous volume of trade that will continue to occur between them.
What happens when you get stopped and searched in the UK (probable cause isn't a factor here) and they find a "special encryption" phone?
I hate to break the bad news, but people break laws all the time, including in the UK. People will just manage the risk exactly like any other law they choose to ignore.
Criminals still carry blades as weapons in the UK, despite it being a strict liability crime and at risk of stop and search.
>Any laws the UK passes have to account for the geographical realities of its location.
The sun never sets.....
And the Channel between England and France is a mere 20 miles at its narrowest point, Ireland is 12 (the UK's nearest EU neighbors). You can argue it down to zero miles for Ireland if you start your journey in Northern Ireland.
The sun absolutely does set on what little is left of the "British Empire" in the 21st century.
> The sun absolutely does set on what little is left of the "British Empire" in the 21st century.
I suggest you look at the locations of the British Overseas Territories
The famous phrase was as much about the relative geo-political strength of the empire in the 18th and 19th centuries as much as it has to do with actually being able to see a sunset... but feel free to take it literally if you like.
this subthread is literally about geography
Its literally about the quote widely used to generally describe the nature of 19th century British power, but ok!
> The sun never sets...
> https://www.phrases.org.uk/meanings/the-empire-on-which-the-...
Everyone with a precursor phone[1] should probably reply to this consultation. And then watch the law to see if you will automatically become a criminal.
From the Consultation Paper
"Sophisticated encrypted communication devices have been used extensively by criminals to facilitate organised crime. We’re targeting the modified and bespoke devices that enable access to platforms, similar to Encro Chat, where the software/ hardware has been developed to anonymise its users and their communications and its user base is assessed to be almost certainly criminal. Under Option 1 where articles will be specified, we will be targeting those that supply, modify, and possess these bespoke devices; the provisions will not apply to commercially available mobile phones nor the encrypted messaging apps available on them. The proposed offences will seek to tackle those supplying and exploiting these devices in order to carry out serious crimes and will seek to reduce the supply of these devices to serious criminals." [1]
1. https://www.gov.uk/government/consultations/strengthening-th...
Oh no looks like I will have to commit my crimes on paper, with cash and in person.
More seriously though I’m accepting this as the status quo and keep things I need to keep secret airgapped from the public internet and devices.
I hope they’re eventually prepared to legislate against one-time pads, as they’re bespoke and sophisticated and equally impossible to crack.