encryption

E2E & Zoom

The Zoom CEO stated at an Analysts Conference that they planned to introduce End to End Encryption (E2E) for their paying customers. At the moment, zoom does not do E2E encryption, they are encrypted between the user device and Zoom’s servers, but zoom’s servers can be tapped. This means that GCHQ can’t see what’s happening, but the NSA & FBI can. (This assumes that GCHQ can’t break properly configured TLS.) In the end, doing zoom rather than skype or google hangouts, if you believe them to be more secure, is like going to a meeting and trying to spot the special branch cop, preferably before you’ve fucked them. The rest of this blog discusses the issues of the device security, technical complexity, and the problem of user identity. See below/overleaf … …

Why you should be bothered about the Snoopers Charter

Late last year, the UK Parliament passed the Investigatory Powers Act 2016. This law builds on the Regulation of Investigatory Powers Acts and the Data Retention Laws. This law allows the Government to store all our electronic communications traffic, read the content and meta data and co-opt the product and service vendors to help them. I describe this in more detail below.

The Law was written in the aftermath of Court of Justice of the European Union’s (CJEU) ruling in the Schrems vs. Facebook case that the EU’s Data Retention Directive and hence the member state implementations were in contradiction to the EU’s human rights law, the Charter of Fundamental Rights. Parliament had considered aspects of these proposals twice before under the two previous administrations and rejected them.

This article looks at the new Law, criticises it on Human Rights grounds in that it jeopardises the right to privacy, the right to organise, the right to a fair trial and rights to free speech and on IT Security grounds in that the new regulation of encryption products jeopardises access to electronic trust and privacy. It also examines the likely impact of the recent CJEU ruling on the legality of its predecessor law, and in passing, likely conflicts with last year’s passage of the General Data Protection Regulation (GDPR) by the European Union. …

No more secrets for you!

After Paris, the road to more surveillance

…

The end of (British) privacy

As the dust settles in Paris after the attack on “Charlie Hebdo”, politics in Britain returns to posturing as normal. Cameron states that the Tory Manifesto for the General Election in May will include promises to increase the legal powers of surveillance by MI5 to cover all communication. Jim Killock of the Open Rights Group writes a considered piece on what this might mean. The end of this road is prohibiting encryption for the use of ordinary law abiding citizens. …