Misleading to call a government minister a "security top guy".
On 27/02/2025 in message <slrnvs16ur.4ph.jon+usenet@raven.unequivocal.eu>
Jon Ribbens wrote:
On 2025-02-27, Jeff Gaines <jgnewsid@outlook.com> wrote:
On 27/02/2025 in message <slrnvs0n3q.4ph.jon+usenet@raven.unequivocal.eu> >>>Jon Ribbens wrote:
On 2025-02-27, Jeff Gaines <jgnewsid@outlook.com> wrote:
On 27/02/2025 in message >>>>><slrnvs0j2i.4ph.jon+usenet@raven.unequivocal.eu>
Jon Ribbens wrote:
On 2025-02-27, Jeff Gaines <jgnewsid@outlook.com> wrote:
On 27/02/2025 in message <vpp5jb$31866$1@dont-email.me> Mike Scott >>>>>>>wrote:
From a Beeb web page I've just seen:Does anybody know the situation in the USA? I find it hard to believe >>>>>>>that the USA government accepts it is unable to see this data, it's an >>>>>>>obvious situation for terrorists to take advantage of.
The Minister of State for Security said: "I cannot comment on >>>>>>>>operational matters, and it would not be appropriate for me either >>>>>>>>to confirm or to deny the existence of any notices under the >>>>>>>>Investigatory Powers Act 2016."
[fair enough; I'd expect that. But.....]
He added: "What I can say is that the suggestion that privacy and >>>>>>>>security are at odds is not correct; we can and must have both." >>>>>>>>
[https://www.bbc.com/news/articles/c1kjmddx2nzo]
Really? A security "top guy" really cannot see the problem in saying >>>>>>>>that?
It also seems we've rubbed up the USA the wrong way too over this. >>>>>>>
Terrorists are not renowned for their strict adherence to the law. >>>>>>If they want to communicate in an encrypted manner then they will >>>>>>do so whether the law allows it or not. There are tools easily >>>>>>available regardless of whether major companies make it a simple >>>>>>consumer option.
But in this case they wouldn't be breaking the law, they would just >>>>>send/save data on an iPhone when, apparently, nobody else can see it.
Yes. Or indeed not an iPhone but any one of many other encrypted systems. >>>>What's your point?
I was responding to what you said, "Terrorists are not renowned for their >>>strict adherence to the law." However, they wouldn't be breaking the law >>>in using an iPhone.
You missed my point, which is that you said iPhone data being encrypted
is an "obvious situation for terrorists to take advantage of", but they >>will encrypt their data if they want to regardless of whether or not it
is legal for them to do so and whether or not the iPhone provides that >>encryption as standard.
I think we may have missed each other's points. Criminal wouldn't
have to do anything or use anything except an iPhone to hide their
data, assuming it is true that no other party can access it.
I think we may have missed each other's points. Criminal wouldn't
have to do anything or use anything except an iPhone to hide their
data, assuming it is true that no other party can access it.
I didn't miss your point, I am saying your point is... pointless.
It isn't a "situation for terrorists to take advantage of" since
there is no advantage to them. They can use encryption either way.
I didn't miss your point, I am saying your point is... pointless.
It isn't a "situation for terrorists to take advantage of" since
there is no advantage to them. They can use encryption either way.
There was a case a while back where Apple "refused" to unlock an iPhone. Because it couldn't be done. It was set to hit the courts then the FBI claimed "they found another way", which no one believed.
On 28/02/2025 in message <slrnvs36pp.4ph.jon+usenet@raven.unequivocal.eu>
Jon Ribbens wrote:
I think we may have missed each other's points. Criminal wouldn't
have to do anything or use anything except an iPhone to hide their
data, assuming it is true that no other party can access it.
I didn't miss your point, I am saying your point is... pointless.
It isn't a "situation for terrorists to take advantage of" since
there is no advantage to them. They can use encryption either way.
You still seem to be having a problem, I said:
"Does anybody know the situation in the USA? I find it hard to believe
that the USA government accepts it is unable to see this data, it's an obvious situation for terrorists to take advantage of."
As I said it is a clear and obvious situation for terrorists or, indeed,
any criminal to take advantage of.
That kind of justifies the sentence in the OP: "What I can say is that
the suggestion that privacy and security are at odds is not correct; we
can and must have both."
On 28/02/2025 14:35, GB wrote:
That kind of justifies the sentence in the OP: "What I can say is that
the suggestion that privacy and security are at odds is not correct; we
can and must have both."
But we come back to the fundamental issue that either something is
secure, in which case no-one can pry including HMG, or HMG can get at it
in which case /anyone/ can get at it. Only today
<https://www.bbc.com/news/articles/c3vwwq260gdo>
"The force said the mother of PC Molly Bury, 28, was overheard at an
event in Burnley telling someone "Molly checked the police system"
before it emerged the officer had illegally accessed police computer
systems over several years."
If a government agency has the keys, the wrong people /will/ use them
for wrong purposes. And when (if) you find out, it's too late.
If you're interested in "casual security", settle for ROT13.
From a Beeb web page I've just seen:
The Minister of State for Security said: "I cannot comment on
operational matters, and it would not be appropriate for me either to
confirm or to deny the existence of any notices under the Investigatory >Powers Act 2016."
[fair enough; I'd expect that. But.....]
He added: "What I can say is that the suggestion that privacy and
security are at odds is not correct; we can and must have both."
[https://www.bbc.com/news/articles/c1kjmddx2nzo]
Really? A security "top guy" really cannot see the problem in saying that?
On 28 Feb 2025 at 12:01:01 GMT, ""Jeff Gaines"" <jgnewsid@outlook.com>
wrote:
On 28/02/2025 in message <slrnvs36pp.4ph.jon+usenet@raven.unequivocal.eu> >>Jon Ribbens wrote:
I think we may have missed each other's points. Criminal wouldn't
have to do anything or use anything except an iPhone to hide their >>>>data, assuming it is true that no other party can access it.
I didn't miss your point, I am saying your point is... pointless.
It isn't a "situation for terrorists to take advantage of" since
there is no advantage to them. They can use encryption either way.
You still seem to be having a problem, I said:
"Does anybody know the situation in the USA? I find it hard to believe
that the USA government accepts it is unable to see this data, it's an >>obvious situation for terrorists to take advantage of."
As I said it is a clear and obvious situation for terrorists or, indeed, >>any criminal to take advantage of.
As is being able to lock your car boot and being able to refuse permission
to
the police to search it without probable cause. But the Americans take
their
civil liberties seriously, and if anyone does search your car improperly
they
can't use the evidence they find. I think this is a good thing, ditto >encryption.
On 2025-02-28, Mike Scott <usenet.16@scottsonline.org.uk.invalid> wrote:
On 28/02/2025 14:35, GB wrote:
That kind of justifies the sentence in the OP: "What I can say is that
the suggestion that privacy and security are at odds is not correct;
we can and must have both."
But we come back to the fundamental issue that either something is
secure, in which case no-one can pry including HMG, or HMG can get at
it in which case /anyone/ can get at it. Only today
<https://www.bbc.com/news/articles/c3vwwq260gdo>
"The force said the mother of PC Molly Bury, 28, was overheard at an
event in Burnley telling someone "Molly checked the police system"
before it emerged the officer had illegally accessed police computer
systems over several years."
If a government agency has the keys, the wrong people /will/ use them
for wrong purposes. And when (if) you find out, it's too late.
If you're interested in "casual security", settle for ROT13.
Apparently *over half* of all cybercrime prosecutions in the UK are of
police officers abusing the system.
https://www.cl.cam.ac.uk/~ah793/papers/2025police.pdf
One solution is to hack the iphone and extract the encrypted data, so
that it can then be worked on by simple brute force techniques.
On 28/02/2025 in message <5111730902.1dd963cc@uninhabited.net> Roger
Hayter wrote:
On 28 Feb 2025 at 12:01:01 GMT, ""Jeff Gaines"" <jgnewsid@outlook.com>
wrote:
On 28/02/2025 in message <slrnvs36pp.4ph.jon+usenet@raven.unequivocal.eu> >>> Jon Ribbens wrote:
I think we may have missed each other's points. Criminal wouldn't
have to do anything or use anything except an iPhone to hide their
data, assuming it is true that no other party can access it.
I didn't miss your point, I am saying your point is... pointless.
It isn't a "situation for terrorists to take advantage of" since
there is no advantage to them. They can use encryption either way.
You still seem to be having a problem, I said:
"Does anybody know the situation in the USA? I find it hard to believe
that the USA government accepts it is unable to see this data, it's an
obvious situation for terrorists to take advantage of."
As I said it is a clear and obvious situation for terrorists or, indeed, >>> any criminal to take advantage of.
As is being able to lock your car boot and being able to refuse permission >> to
the police to search it without probable cause. But the Americans take
their
civil liberties seriously, and if anyone does search your car improperly
they
can't use the evidence they find. I think this is a good thing, ditto
encryption.
Does America accept it is unable to see this data? I struggle a bit with that, especially after today's performance from Trump/Vance!
On Fri, 28 Feb 2025 20:49:05 +0000, Jon Ribbens wrote:
On 2025-02-28, Mike Scott <usenet.16@scottsonline.org.uk.invalid> wrote:
On 28/02/2025 14:35, GB wrote:
That kind of justifies the sentence in the OP: "What I can say is that >>>> the suggestion that privacy and security are at odds is not correct;
we can and must have both."
But we come back to the fundamental issue that either something is
secure, in which case no-one can pry including HMG, or HMG can get at
it in which case /anyone/ can get at it. Only today
<https://www.bbc.com/news/articles/c3vwwq260gdo>
"The force said the mother of PC Molly Bury, 28, was overheard at an
event in Burnley telling someone "Molly checked the police system"
before it emerged the officer had illegally accessed police computer
systems over several years."
If a government agency has the keys, the wrong people /will/ use them
for wrong purposes. And when (if) you find out, it's too late.
If you're interested in "casual security", settle for ROT13.
Apparently *over half* of all cybercrime prosecutions in the UK are of
police officers abusing the system.
https://www.cl.cam.ac.uk/~ah793/papers/2025police.pdf
What is "cybercrime" though ? IIRC just manually entering a URL can be considered "sophisticated hacking" by the time the Daily Mail gets ahold
of it.
On Fri, 28 Feb 2025 14:47:43 +0000, GB wrote:
One solution is to hack the iphone and extract the encrypted data, so
that it can then be worked on by simple brute force techniques.
Is that possible ? AS in has it been done and reported ? Pics or it
didn't happen.
On 27/02/2025 15:32, Jethro_uk wrote:
On Thu, 27 Feb 2025 13:31:18 +0000, Martin Brown wrote:ROT13 is pretty secure - especially if you double-encode your text.
Personally I wouldn't trust anyone elses encryption.
You have to be very very good at it before DIY encryption will be even
remotely secure. PGP back in its day was classed as exporting munitions
by the US government when they decided to persecute the author.
--
Oh I agree. The security fails from roll-your-own encryption are legend.
Which is why I wouldn't risk that.
Bottom line is you have to assume all channels are compromised and work
with that.
Apparently *over half* of all cybercrime prosecutions in the UK are of
police officers abusing the system.
https://www.cl.cam.ac.uk/~ah793/papers/2025police.pdf
On 27/02/2025 18:16, Sam Plusnet wrote:
On 27/02/2025 15:32, Jethro_uk wrote:
On Thu, 27 Feb 2025 13:31:18 +0000, Martin Brown wrote:ROT13 is pretty secure - especially if you double-encode your text.
Personally I wouldn't trust anyone elses encryption.
You have to be very very good at it before DIY encryption will be even >>>> remotely secure. PGP back in its day was classed as exporting munitions >>>> by the US government when they decided to persecute the author.
--
Oh I agree. The security fails from roll-your-own encryption are legend. >>> Which is why I wouldn't risk that.
Bottom line is you have to assume all channels are compromised and work
with that.
AFAIK, you can use a proper form of encryption such as AES but with 128
bit keys, and this will not be a problem for the security services?
On Fri, 28 Feb 2025 20:49:05 -0000 (UTC), Jon Ribbens
<jon+usenet@unequivocal.eu> wrote:
Apparently *over half* of all cybercrime prosecutions in the UK are of >>police officers abusing the system.
https://www.cl.cam.ac.uk/~ah793/papers/2025police.pdf
I suspect, though, that that's mainly because access to, and usage of, the PNC is strictly regulated and routinely monitored, precisely because of the potential for abuse. Which means that someone abusing that privilege has a very strong probability of being detected and, if the offence is
sufficiently egregious, prosecuted. So I don't think that tells us anything useful about the prevalence of undetected and unprosecuted cybercrime in the wider community.
On 01/03/2025 09:47, Jethro_uk wrote:
On Fri, 28 Feb 2025 14:47:43 +0000, GB wrote:I have it on good authority from the FBI that it can be done. OTOH, I
One solution is to hack the iphone and extract the encrypted data, so
that it can then be worked on by simple brute force techniques.
Is that possible ? AS in has it been done and reported ? Pics or it
didn't happen.
hear from some anonymous bloke on the internet that it can't be done. He
says that I must prove him wrong, or else it's 100% certain that the FBI
are lying.
ROT13 is pretty secure - especially if you double-encode your text.
AFAIK, you can use a proper form of encryption such as AES but with 128
bit keys, and this will not be a problem for the security services?
On 01/03/2025 12:26, GB wrote:
ROT13 is pretty secure - especially if you double-encode your text.
AFAIK, you can use a proper form of encryption such as AES but with
128 bit keys, and this will not be a problem for the security services?
I believe perhaps there should have been smiley.
You do know what happens if you apply rot13 twice?
AFAIK, you can use a proper form of encryption such as AES but with 128
bit keys, and this will not be a problem for the security services?
What, precisely, would be the point?
Well I'm sure you're right that it's prosecuted because it's easily
detected and the people doing the detecting are themselves police
(or work for the police). But the point is that it sets an absolute
minimum of how much cybercrime the police are committing, and the
police are asking for more powers to access private data that will
then inevitably be abused.
On 01/03/2025 17:09, Roger Hayter wrote:
AFAIK, you can use a proper form of encryption such as AES but with 128
bit keys, and this will not be a problem for the security services?
What, precisely, would be the point?
I know it's a long thread, but I have already answered that question. I haven't made many posts on this thread, so it wouldn't take you long to
find my answer.
On 01/03/2025 18:40, Jon Ribbens wrote:
Well I'm sure you're right that it's prosecuted because it's easily
detected and the people doing the detecting are themselves police
(or work for the police). But the point is that it sets an absolute
minimum of how much cybercrime the police are committing, and the
police are asking for more powers to access private data that will
then inevitably be abused.
There are cases like Molly Bury, who accessed the PNC for personal
amusement. Whilst I don't approve of what she did, it's not serious
abuse. And, it's certainly not abuse by the state.
You seem to be moving on from there to something far more sinister, but
not really justifying it.
On Sat, 1 Mar 2025 09:47:35 -0000 (UTC), Jethro_uk
<jethro_uk@hotmailbin.com> wrote:
On Fri, 28 Feb 2025 14:47:43 +0000, GB wrote:
One solution is to hack the iphone and extract the encrypted data, so
that it can then be worked on by simple brute force techniques.
Is that possible ? AS in has it been done and reported ? Pics or it
didn't happen.
Do you really think that GCHQ and/or NSA would disclose how far advanced
they are in decryption? Bearing in mind the amount of leading-edge
equipment they have - possibly even quantum - I suspect they have got a
lot further than we'd imagine.
On 1 Mar 2025 at 09:45:53 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> wrote:
On Fri, 28 Feb 2025 20:49:05 +0000, Jon Ribbens wrote:
On 2025-02-28, Mike Scott <usenet.16@scottsonline.org.uk.invalid> wrote: >>>> On 28/02/2025 14:35, GB wrote:
That kind of justifies the sentence in the OP: "What I can say is that >>>>> the suggestion that privacy and security are at odds is not correct; >>>>> we can and must have both."
But we come back to the fundamental issue that either something is
secure, in which case no-one can pry including HMG, or HMG can get at
it in which case /anyone/ can get at it. Only today
<https://www.bbc.com/news/articles/c3vwwq260gdo>
"The force said the mother of PC Molly Bury, 28, was overheard at an
event in Burnley telling someone "Molly checked the police system"
before it emerged the officer had illegally accessed police computer
systems over several years."
If a government agency has the keys, the wrong people /will/ use them
for wrong purposes. And when (if) you find out, it's too late.
If you're interested in "casual security", settle for ROT13.
Apparently *over half* of all cybercrime prosecutions in the UK are of
police officers abusing the system.
https://www.cl.cam.ac.uk/~ah793/papers/2025police.pdf
What is "cybercrime" though ?
IIRC just manually entering a URL can be
considered "sophisticated hacking" by the time the Daily Mail gets ahold
of it.
Well it would be a crime if you are accessing data you are not entitled to >see, and using credentials given to you for other purposes to do so.
In the innocent days of a decade or two back, the web was awash with data that >its owners regarded as secret but was not protected in any way from anyone who >could find, or guess, the address. I think it was established to be criminal >to deliberately access data you knew you were not entitled to see, even if no >passwords or other credentials were involved. Roland could probably remind us >whether that was established.
I think generally people have learned to not leave secret stuff
unprotected.
In message <2806583049.102f1222@uninhabited.net>, at 11:21:06 on Sat, 1<------------------------------>
Mar 2025, Roger Hayter <roger@hayter.org> remarked:
On 1 Mar 2025 at 09:45:53 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> wrote: >>
Well it would be a crime if you are accessing data you are not entitled to >>see, and using credentials given to you for other purposes to do so.
In the innocent days of a decade or two back, the web was awash with data that
its owners regarded as secret but was not protected in any way from anyone who
could find, or guess, the address. I think it was established to be criminal >>to deliberately access data you knew you were not entitled to see, even if no >>passwords or other credentials were involved. Roland could probably remind us >>whether that was established.
I don't know, but do recall the issue of "guessing a url" in order to
access unlinked data.
I think generally people have learned to not leave secret stuff >>unprotected.
Security by obscurity is not a good idea.
In message <lRgSwFXjNfynFAS8@perry.uk>, Roland Perry <roland@perry.uk>
writes
In message <2806583049.102f1222@uninhabited.net>, at 11:21:06 on Sat,<------------------------------>
1 Mar 2025, Roger Hayter <roger@hayter.org> remarked:
On 1 Mar 2025 at 09:45:53 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> wrote: >>>
.......
Well it would be a crime if you are accessing data you are not entitled to >>>see, and using credentials given to you for other purposes to do so.
In the innocent days of a decade or two back, the web was awash with
data that
its owners regarded as secret but was not protected in any way from >>>anyone who
could find, or guess, the address. I think it was established to be criminal >>>to deliberately access data you knew you were not entitled to see, even if no
passwords or other credentials were involved. Roland could probably remind us
whether that was established.
I don't know, but do recall the issue of "guessing a url" in order to >>access unlinked data.
I think generally people have learned to not leave secret stuff >>>unprotected.
Security by obscurity is not a good idea.
There was a case in 2005 focusing on an innocent "directory traversal"
https://www.scl.org/821-computer-misuse-prosecutions/
The Tsunami Case. I remembered it because I also tried to donate and
hit similar problems. I just gave up.
It seems that just editing a url can be enough to set the alarms off.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 498 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 41:59:18 |
| Calls: | 9,799 |
| Calls today: | 1 |
| Files: | 13,751 |
| Messages: | 6,189,575 |