Everyone Is Guilty - Welcome To Total Surveillance

[Traktion]

According to the BBC:

don't[/i]ww.bbc.co.uk/news/uk-politics-17580906"]http://www.bbc.co.uk/news/uk-politics-17580906

"Instead internet service providers have had to keep details of users' internet access, email and internet phone calls for 12 months under an EU directive from 2009.

Although the content of the calls themselves is not kept, the sender, recipient, time of communication and geographical location does have to be recorded. "

(This is what is kept already )

"Internet firms will be required to give intelligence agency GCHQ access to communications in real time under new legislation set to be announced soon."

This is what they want added

The thing is, those who don't want GCHQ to know this stuff will be using technology and methods which avoid it already.

There is nothing to stop 'terrorists' from setting up their own VOIP service and using encrypted tunnels to access it. The same goes for mail servers. They could also use anonymous encrypted network wrappers (such as Tor: https://www.torproject.org/ - developed by the US Navy, but now open source).

This is why I doubt they will catch any professional criminals. I'm sure they will catch plenty of regular people over minor infringements, but the real criminals will be way more prepared.

[corevalue]

For over ten years, the hardware at the local exchange level has been engineered to be able to forward a copy of ALL data. There's plenty of fibre capacity on the backbone, so I guess they're just rounding off the storage and filtering part. Don't the yanks have their Utah centre planned to open in 2013?

NSA Utah centre

The fact we have a no-questions extradition policy with the moronicons fills me with a warm, tingly snuggly feeling. Not.

[Traktion]

For over ten years, the hardware at the local exchange level has been engineered to be able to forward a copy of ALL data. There's plenty of fibre capacity on the backbone, so I guess they're just rounding off the storage and filtering part. Don't the yanks have their Utah centre planned to open in 2013?

NSA Utah centre

The fact we have a no-questions extradition policy with the moronicons fills me with a warm, tingly snuggly feeling. Not.

If it's encrypted well, they can copy the lot and it will still be useless to them.

[madpenguin]

If it's encrypted well, they can copy the lot and it will still be useless to them.

Depends on the strength of the encryption, the NSA have got some fairly useful computing power and cryptographic experts, as have GCHQ, bear in mind ciphers like IBM's DES had the length of the key deliberately shortened by the NSA before it was allowed to be released in order it kept most people out but not them, with the increase in computing power since I doubt they need to do that anymore, for the simple encryption we have access to you can buy or download stuff to crack most of it already.

Anything based on public key cryptography is believed to still be secure but how would we know?, the spooks are certainly not going to tell us if they have cracked it.

Encrypting communication to protect your privacy or finances from competitors or criminal's is fine, when you come up against major governments it's a fairly flimsy defense at best

[zebbedee]

They must be barmy the amount of storage they would need would be insane.

I use iplayer a lot, so far this month I have downloaded over 1tb which is about normal. In addtion to this I have probably downloaded a further 1tb in games from steam, mods, etc.

Where does the government think its going to get the storage. Also the network they need to use is going to have to be gargantuan just to receive all this data.

Funnily enough my connection runs virtually 24/7 at 10MB so I guess I'll leapfrog you lot and go straight to the an al questioning techniques.

[Traktion]

Depends on the strength of the encryption, the NSA have got some fairly useful computing power and cryptographic experts, bear in mind ciphers like IBM's DES had the length of the key deliberately shortened by the NSA before it was allowed to be released in order it kept most people out but not them, with the increase in computing power since I doubt they need to do that anymore, for the simple encryption we have access to you can buy or download stuff to crack most of it already

PGP with a big key and pass phrase will take them an eternity, no matter what hardware they have.

As much of the software doing the encryption is open source, there is nothing to stop developers creating custom 'ultra hardened' versions of other encryption protocols either.

Ofc, the average Joe isn't going to know about this stuff (yet), so I'm sure there will be all sorts of snooping over taxes, non-compliance with arbitrary legislation and so forth. However, the real criminals are going to be far harder to catch out. This is why I think it's more about controlling the citizens than catching 'terrorists'.

The arms race between encrypted and decoding is massively one sided in the favour of the former. Brute force attacks are enormously slow compared to the time taken to encrypt.

I found this URL interesting for pass phrase security: http://www.lockdown.co.uk/?pg=combi. A large, distributed super computer would take about 631 billion years to brute force a 20 character single case, letters only password... throw in other characters and cases and this number will look tiny.

An 8 char password in lower case, letters only takes about 3.5 minutes, but with more variation, it would take 83 days. I haven't worked out what a 15 or 20 char version of the latter would take, but it would likely take a super computer trillions of years!

Food for thought.

EDIT: I didn't get your edit until after there, but I doubt they have cracked such things and managed to keep them secret. Millions of minds on the Internet are more than a match for any government, IMO. I could be wrong, but I'm sure their main policy is FUD.

[corevalue]

PGP with a big key and pass phrase will take them an eternity, no matter what hardware they have.

As much of the software doing the encryption is open source, there is nothing to stop developers creating custom 'ultra hardened' versions of other encryption protocols either.

Ofc, the average Joe isn't going to know about this stuff (yet), so I'm sure there will be all sorts of snooping over taxes, non-compliance with arbitrary legislation and so forth. However, the real criminals are going to be far harder to catch out. This is why I think it's more about controlling the citizens than catching 'terrorists'.

The arms race between encrypted and decoding is massively one sided in the favour of the former. Brute force attacks are enormously slow compared to the time taken to encrypt.

I found this URL interesting for pass phrase security: http://www.lockdown.co.uk/?pg=combi. A large, distributed super computer would take about 631 billion years to brute force a 20 character single case, alpha numeric password... throw in other characters and cases and this number will look tiny.

An 8 char password in lower case alpha takes about 3.5 minutes, but with more variation, it would take 83 days. I haven't worked out what a 15 or 20 char version of the latter would take, but it would likely take a super computer trillions of years!

Food for thought.

EDIT: I didn't get your edit until after there, but I doubt they have cracked such things and managed to keep them secret. Millions of minds on the Internet are more than a match for any government, IMO. I could be wrong, but I'm sure their main policy is FUD.

They'll just ask you for the key. You have to be more subtle. Stenography.

I don't like the idea of the government snooping around in my personal space on fishing trips. We all know the dire consequences of saying the word "bomb" in an airplane, for example, but these data mining expeditions mean that even quite innocent remarks like "badger" in a email (yes, it's in their dictionary of suspect words) brings you in their envelope of "suspects". You might suddenly find that you can't take that overseas trip you were planning.

My solution would be to offer all my emails unencrypted. I'll handwrite them, photograph them, and overlay the text on my favourite holiday snaps and send them as jpg. That almost definitely guarantees that a human will have to be involved in the interception, which means that they would have to concentrate on actual suspects. They're only doing this because it's cheap, so make it expensive.

[Take Me Back To London!]

Just a simple question but no doubt so simple to answer; is it illegal to send encrypted information? So there would be a market for encryption software that you would need to use a password to enable you to read emails etc. I think certain Governments have been conflicted with RIM in the past because their messaging system has been secure enough to withstand the hackers.

You could have some sort of updated solid state Enigma machine with electonic memory and once sychronised with another unique encoder/decoder machine, every single letter would have its own unique code which would never repeat and would be impossible for a third party to decipher.

[Game_Over]

PGP with a big key and pass phrase will take them an eternity, no matter what hardware they have.

As much of the software doing the encryption is open source, there is nothing to stop developers creating custom 'ultra hardened' versions of other encryption protocols either.

Ofc, the average Joe isn't going to know about this stuff (yet), so I'm sure there will be all sorts of snooping over taxes, non-compliance with arbitrary legislation and so forth. However, the real criminals are going to be far harder to catch out. This is why I think it's more about controlling the citizens than catching 'terrorists'.

The arms race between encrypted and decoding is massively one sided in the favour of the former. Brute force attacks are enormously slow compared to the time taken to encrypt.

I found this URL interesting for pass phrase security: http://www.lockdown.co.uk/?pg=combi. A large, distributed super computer would take about 631 billion years to brute force a 20 character single case, letters only password... throw in other characters and cases and this number will look tiny.

An 8 char password in lower case, letters only takes about 3.5 minutes, but with more variation, it would take 83 days. I haven't worked out what a 15 or 20 char version of the latter would take, but it would likely take a super computer trillions of years!

Food for thought.

EDIT: I didn't get your edit until after there, but I doubt they have cracked such things and managed to keep them secret. Millions of minds on the Internet are more than a match for any government, IMO. I could be wrong, but I'm sure their main policy is FUD.

That's what the Germans thought about the enigma code

[Asheron]

They have been doing this for over 10 years already.

[Traktion]

That's what the Germans thought about the enigma code

Who would have thought it? Our resident uber statist spreading rumours that the all powerful state has it all cracked already!

I'm sure it is possible, but I find it incredibly unlikely, considering the global exposure which such open source routines have been exposed to.

[madpenguin]

Who would have thought it? Our resident uber statist spreading rumours that the all powerful state has it all cracked already!

I'm sure it is possible, but I find it incredibly unlikely, considering the global exposure which such open source routines have been exposed to.

Open source works both ways, GCHQ and certainly the NSA have a lot of very clever people working for them and there's nothing to say they may have found a weakness they aren't letting on about, and it only protects a message in transit, once you decrypt it's either plain text, or they give the old "give us the pass phrase or go to Jail" ploy, in the case of ssh it only uses public key to connect after which it usually switches to a weaker but faster cipher like 3DES

To think anything uncrackable usually leads to disappointment, and quantum computers are coming:

http://www.newscientist.com/article/mg19526216.700

http://www.newscientist.com/blog/technology/2007/09/how-quantum-computer-factorises-numbers.html

GCHQ has already announced official deals with Universities to "protect the UK" from digital attacks, I'm sure the NSA has been doing this with the likes of MIT for decades, who knows what little boxes they have sitting in their datacentres? (bearing in mind the New Scientist blog was published 2007)

[Traktion]

Open source works both ways, GCHQ and certainly the NSA have a lot of very clever people working for them and there's nothing to say they may have found a weakness they aren't letting on about, and it only protects a message in transit, once you decrypt it's either plain text, or they give the old "give us the pass phrase or go to Jail" ploy, in the case of ssh it only uses public key to connect after which it usually switches to a weaker but faster cipher like 3DES

To think anything uncrackable usually leads to disappointment, and quantum computers are coming:

http://www.newscientist.com/article/mg19526216.700

http://www.newscientist.com/blog/technology/2007/09/how-quantum-computer-factorises-numbers.html

GCHQ has already announced official deals with Universities to "protect the UK" from digital attacks, I'm sure the NSA has been doing this with the likes of MIT for decades, who knows what little boxes they have sitting in their datacentres? (bearing in mind the New Scientist blog was published 2007)

There are encryption routines which aren't easily broken by quantum computers too.

I'm sure anything is possible, but forgive me if I'm sceptical.

[Take Me Back To London!]

To think anything uncrackable usually leads to disappointment, and quantum computers are coming:

If you have a code that never repeats, between 2 code machines that are programmed with the code sequence and sychronised together, then no amount of computer power or back room boffins will be able to crack it.

[Georgia O'Keeffe]

If you have a code that never repeats, between 2 code machines that are linked and sychronised together, then no amount of computer power or back room boffins will be able to crack it.

+1

it was pretty much proved in the scrolls "Deception Point" and its NASAs fault, in conjunction with Prof Snape

[Game_Over]

Who would have thought it? Our resident uber statist spreading rumours that the all powerful state has it all cracked already!

I'm sure it is possible, but I find it incredibly unlikely, considering the global exposure which such open source routines have been exposed to.

The internet is not going to destroy the state

And wishing things were otherwise isn't going to change the inevitable trajectory of 5000 years of history

[cica]

If you have a code that never repeats, between 2 code machines that are programmed with the code sequence and sychronised together, then no amount of computer power or back room boffins will be able to crack it.

...and one time pads have a fantastic ability for plausible deniability.

[DaleRHP]

Free speech was a great idea.

Until we all actually got it.

[interestrateripoff]

You could have some sort of updated solid state Enigma machine with electonic memory and once sychronised with another unique encoder/decoder machine, every single letter would have its own unique code which would never repeat and would be impossible for a third party to decipher.

Watched a docu on them cracking the enigma, one code was broken because they sent the same message twice using the same settings. This allowed them a way in.

[Take Me Back To London!]

Watched a docu on them cracking the enigma, one code was broken because they sent the same message twice using the same settings. This allowed them a way in.

If I recall correctly, the settings were changed daily. One weakness was that every message ended with "heil adolf hitler", so that helped greatly in breaking down the daily code transmissions. However, with an upgraded Enigma Premium Pro machine that would not be a problem.

[Nuggets Mahoney]

There are encryption routines which aren't easily broken by quantum computers too.

I'm sure anything is possible, but forgive me if I'm sceptical.

Interesting as the nuts and bolts of code making and code breaking may be, this is all neither here nor there imho.

I'd suggest that state agencies have been crawling all over ordinary people's correspondence and copying what they like since the year dot.

So, the key question for me about this latest news is why is the state bothering to announce it? My suggested answer is that it is to remind us serfs who's boss and to challenge us to do something about it. We won't. So it'll be chocks away for whatever the next encroachment on the to do list may be.

[Ulfar]

One way to bring down the system would be to randomly, continually downloading and sending masses of emails.

Those who want to hide for criminal or terrorist reasons are already doing it, they have no need to worry about any of these measures. The state are using this as a threat against the people, don't step out of line as we are watching you.

Terrorists who need to communicate with each other don't need to do it on the web and they aren't stupid either.

One option would be for one member of a cell to install a wireless router, pass the password and encryption key to other cell members either physically or via the post. An encryption key can be something quite innocent looking, such as a set of mp3 files. They can then park or drive through that routers range and pick up any messages without ever being on the net.

Another is to use wireless routers to set up your own private network within an area.

Two ideas that took two minutes to think up.

On this point demonstrators will also get much more switched on if this legislation is used against them.

[zebbedee]

If you have a code that never repeats, between 2 code machines that are programmed with the code sequence and sychronised together, then no amount of computer power or back room boffins will be able to crack it.

One time pad, unbreakable without the pad, and if they have that your **** is in a sling.

[The XYY Man]

"Allo, allo, this is Nighthawk, are you receiving me....?.

"Allo, allo. Captain Hook is waiting for Peter Pan in Never-neverland".

YXX

[Traktion]

Interesting as the nuts and bolts of code making and code breaking may be, this is all neither here nor there imho.

I'd suggest that state agencies have been crawling all over ordinary people's correspondence and copying what they like since the year dot.

So, the key question for me about this latest news is why is the state bothering to announce it? My suggested answer is that it is to remind us serfs who's boss and to challenge us to do something about it. We won't. So it'll be chocks away for whatever the next encroachment on the to do list may be.

That's a good question.

Perhaps they're concerned that the tax cattle is getting restless, so they think it is time to show the cattle prod?

It certainly doesn't feel like it's for our benefit, either way.