Your daily round-up of some of the other stories in the news
Call to withhold encryption unless you verify your ID
A lawyer has suggested that access to encryption technologies on social media should be denied to those who don’t “verify” their identities.
Max Hill QC, who is leading a review of the UK’s terrorism laws, told the London Evening Standard that “A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user.” He added that he didn’t think this would “involved wholesale infringement on free speech use of the internet”.
Hill’s views seem to be building on a declaration by UK home secretary Amber Rudd that “real people don’t want unbreakable encryption“.
Naked Security’s Paul Ducklin has discussed the technical feasibility of intercepting encryption, and concluded then that Rudd “has as much chance of getting US firms to buy that idea as successfully hosting a mad-hatter’s tea party with a chocolate teapot”.
However, the idea of tying verified identities to encryption is a new development. We’ll be returning to this story in more detail next week – but in the meantime, what do you think?
Facebook knows where you live
Facebook knows where you live – and it knows where every other human on the planet lives, too, to within 15ft.
Janna Lewis, who manages innovation partnerships for Facebook, told the Space Technology and Investment Forum in San Francisco this week that the social media giant has created a data map of all the humans on the planet by combining census information with satellite data, reported CNBC on Friday.
The aim, said Lewis, is to help Facebook understand how it can deliver internet connectivity to everyone on Earth. “Our data showed the best way to connect cities is an internet in the sky,” she said, adding: “We’re trying to connect people from the stratosphere and from space, using high-altitude drone aircraft and satellites, to supplement earth-based networks.”
Alleged Mirai blackmailer extradited from Germany
A British man accused of being behind a cyberattack on two of the UK’s biggest banks has been extradited from Germany to face charges.
Daniel Kaye, 29, of Egham, Surrey, is facing nine charges under the Computer Misuse Act, two charges of blackmail and one of possession of criminal property. He’s accused of using the Mirai botnet to launch DDoS attacks on Lloyds, Halifax and Bank of Scotland over two days in January this year.
He’s alleged to have asked Lloyds for a ransom of £75,000-worth of Bitcoin, which was not paid. Kaye is also charged with endangering human welfare with an alleged attack against Liberia’s biggest ISP, Lonestar MTN.
The UK’s National Crime Agency said: “The investigation leading to these charges was complex and crossed borders. Our cybercrime officers have analysed reams of data on the way. Cybercrime is not victimless and we are determined to bring suspects before the courts.”
Catch up with all of today’s stories on Naked Security
Wilderness
“However, the idea of tying verified identities to encryption is a new development.” I like the idea. I think it’s creative and worth a shot.
Kate Bevan
It’s a terrible idea, for so many reasons. It’s precisely the kind of thing an authoritarian government cracking down on dissidents would love, for starters, and it’s pretty repressive to deny people the opportunity to be anonymous. You’re using an anonymous handle here, for example: how would you like not being able to comment here or anywhere else except under your real name, an identity that you’ve had to verify with a government agency? And be denied a secure connection to websites until you registered?
Also, how do you enforce it with providers outwith the jurisdiction? How do you verify identity? Have a look at what’s happening in India with the Aadhaar scheme – we’ve written a bit about it on Naked Security and we’ll be returning to it next week. It’s a terrible, heavy-handed and badly implemented attempt by India to give everyone a digital identity, which is supposed to be voluntary but is required for so many things now that it’s simply not practical not to have an Aadhaar number.
Porn sites in the UK are rightly protesting about the coming requirement for age verification, which only affects UK-based businesses and thus hobbles them: it’ll be impossible to require from or enforce upon companies outside the UK, so the British industry is going to be disadvantaged by a layer of faff that will put people off. Also, the preferred age-verification system is owned by one big company which will be handed an enormous advantage on a plate while at the same time putting a huge compliance burden on small companies.
And all that’s even before we start discussing just how you’d actually deny encryption to people who don’t register their ID …
wow really?
Because gun control works so well right?
Anonymous
I don’t understand what benefit this would give anyway? So you have to validate your identity before you can talk with your fellow terrorists through encrypted channels? Is that supposed to be some sort of deterrent?
Anonymous
Might as well not use encryption
Pankhurst
“However, the idea of tying verified identities to encryption is a new development.”
I hope that does not mean tying encryption keys to identity, but with this Government anything is possible!
Marcus Marik
“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user.”
I propose a few followup discussions:
“A discussion I have had with some of the finance companies is whether it is possible to increase spending, cut taxes, and balance the budget.”
“A discussion I have had with some of the food companies is whether it is possible to eat whatever you like as much as you like and lose weight.”