BBC article says GCHQ want to work with tech firms over the encryption issue.
Unfortunately there is a conflict of interest here - what the tech firms wish to do is keep user's data safe - they should do this - it is even in the Data Protection Act that personal data is important and should be kept safe.
So the objective of the tech firm is at odds with the objective of GCHQ which is to access user's data when they want to.
The gold standard for the tech firm is to make the data so safe that even they cannot access it. Even someone that knows exactly how it all works, that wrote the code that is used, cannot, by any means, access the data. Apple are pretty close and I am sure are working on ensuring this is the case.
If a tech firm is successful in this goal then there is not really a lot to discuss with GCHQ, is there? They cannot have the data, end of story. If there was something to discuss, some way that the data could be accessed by any means, then that is a loophole the tech company should be working on plugging!
One statement "The solution is not, of course, that encryption should be weakened, let alone banned. But neither is it true that nothing can be done without weakening encryption," shows the problem.
Let's be clear - this is not about the mathematics - this is a very simple high level thing. Anything that allows a third party (such as GCHQ) access to data is weakening the encryption. It does not matter if that is some procedural change, some storage of keys in a "safe place", some trick in the mathematics to allow a third key - none of that matters - the very possibility of access is a "weakening of encryption" by definition.
I am shocked that they seem not to understand this. Well, I am sure they do, but want to gloss over it.
Of course, the real "back door" to any system is the software update. It is essential to have this, not just for new features in a product, but also to fix vulnerabilities. Software is never 100% perfect, and even if it was the world changes and what is necessary to defend against attacks changes. So s/w updates are needed and should be encouraged. They should be digitally signed to ensure the s/w is genuine, of course. The issue is that new software can help access data - whether by allowing lots of attempts very quickly (what the FBI want) or by capturing keys next time the user legitimately unlocks the data.
There are steps a tech firm can take, and I expect Apple are working on this, such as ensuring there is no way to update the software on a locked phone. Even make the security hardware not allow an update without correct use of the PIN or password (and not allow many attempts). This addresses the issue of access to a device after it has been seized, but not the possibility of a systemic vulnerability being introduced on devices in advance - that needs trust in the suppler.
Of course if you do not trust your supplier or the government, you can do encryption yourself, and none of this will then apply. I should not have to keep saying this but criminals can always use encryption, and even do so covertly. Such laws or discussions only impact the non criminals!
Sadly the UK wants to remove all trust in any UK firm by allowing secret orders that could do exactly that - compromise security on all devices in advance. It will be a sad state of affairs very soon when we have to trust a foreign supplier as we cannot trust anyone in our own country.
"Made in UK" will become the hallmark of distrust by the end of the year!
P.S. The original talk was actually more balanced, but still misses the key points in many ways and thinks there can be a way for law and encryption not to clash, and somehow that criminals would obey any such laws anyway.
His comment "On encryption, it simply repeats the position of earlier legislation: where access to data is legally warranted, companies should provide data in clear where it is practicable or technically feasible to do so. No-one in the UK Government is advocating the banning or weakening of encryption." clearly lacks an understanding of the power of the bill going through parliament, that can secretly demand much much more.
As previously posted , I am quite impressed with Shelly stuff anyway, but the new "Plus" range has allowed some interesting develo...
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
The ASR33, like most teletypes of the era, works at a fixed rate. It does 10 characters per second. It is 110 Baud, using 1 start, 8 data (i...
I am using KiCad for PCB design, and it is pretty impressive, but KiCad version 6 has just been released. There are lots of small changes, b...