Won't somebody please think of the children!!! UK to mount fresh assault on end-to-end encryption in Facebook


UK Home Secretary Priti Patel will badmouth Facebook's use of end-to-end encryption on Monday evening as she links the security technology with paedophilia, terrorism, organised crime, and so on.

The ever-popular politician will say at the National Society for the Prevention of Cruelty to Children (NSPCC) event: "Sadly, at a time when we need to be taking more action, Facebook are pursuing end-to-end encryption plans that place the good work and progress achieved so far [on fighting the issue of child abuse] in jeopardy."

Patel's speech is intended to kickstart a fresh round of government campaigning against end-to-end encryption, as previewed by Wired a few weeks ago.

The British state is hostile towards end-to-end encryption; the idea of people being able to communicate privately without the government listening in seems intolerable to Whitehall. Bureaucrats' favoured way of campaigning against messaging apps' adoption of E2E encryption is to depict it as actively putting children into harm's way.

Wired wrote that advisory firm PA Consulting has been paid by the Home Office to write a report talking up how E2E encryption protects "adults' privacy at the expense of children's safety." In particular, the report will claim that methods for government agencies to read people's messages in the E2E era will "almost certainly be less effective than the current ability to scan for harmful content."

boris READ MORE

In a prepared statement, a Facebook spokesperson said E2E encryption's "rollout on our messaging services is a long-term project and we are building strong safety measures into our plans."

Law enforcement agencies claim that E2E encryption would make it more difficult for them to investigate crimes at all levels. Last year the National Crime Agency revealed the depth of splits within the establishment; the agency claimed a sex offender "wouldn't have been caught" if Facebook had enabled E2E encryption, but also revealed that classic join-the-dots policing led to his identification and arrest.

Neither does E2E always pose a significant speedbump to police nowadays. French and Dutch police took down the Encrochat E2E phone network by deploying malware to all of its users that copied the contents of their handsets back to police-controlled servers. There is no reason in principle that this couldn't be done under strict judicial pre-authorisation against named individual suspects in the UK.

Closer to home, 400,000 arrest, fingerprint, and DNA records were accidentally deleted by bungling Home Office officials, suggesting that time and effort spent railing against social media companies is better spent on teaching and reinforcing the basics of police record-keeping and investigatory techniques.

The only fully-thought-out plan for snooping on E2E encrypted chats was put forward by the National Cyber Security Centre's technical chief, Ian Levy, who suggested police were automatically added to every single messaging app conversation as a "ghost user." The Western infosec world laughed it out of the room. ®

  • Let's opt every WordPress site out of FLoC. Nice idea, but security update? Really?

    A proposal by a WordPress core contributor to treat Google's FLoC ad tech as a security vulnerability, and therefore backport an automatic opt-out to previous WordPress versions, shows the depth of community opposition to the technology.

    FLoC (Federated Learning of Cohorts) is Google’s scheme to replace third-party cookies with an ad personalisation system based on groups of users. It has run into wide opposition from privacy advocates and browser makers, but Google has nonetheless pressed ahead with trials in the current version of Chrome.

    Now a WordPress Core contributor has proposed treating “FLoC as a security concern.”

    Continue reading
  • Ex-BT boss is familiar with the football lifestyle – being paid millions for doing very little

    Gavin Patterson, former boss of BT, is in the frame to lead a proposed European football league at the centre of a storm of criticism.

    According to Sky News, Patterson was approached informally several weeks ago about the role.

    Proposals for the European Super League – which UK football clubs Arsenal, Chelsea, Liverpool, Manchester City, Manchester United and Tottenham Hotspur have agreed to join – include a "new midweek competition" with teams continuing to "compete in their respective national leagues". AC Milan, Atletico Madrid, Barcelona, Inter Milan, Juventus and Real Madrid have also agreed to join the controversial league, which plans say will have 20 teams: the 12 founding members plus the three unnamed clubs they expect to join soon, and five teams who qualify annually according to their domestic achievements.

    Continue reading
  • Share price immediately dips for GPU-maker

    The proposed sale of Arm to NVIDIA looks a bit more tenuous today after UK digital secretary Oliver Dowden issued a Public Interest Intervention Notice (PIIN) indicating he may intervene in the sale on national security grounds.

    The disptach of the PIIN has kicked-off a further degree of scrutiny, with the Competition and Markets Authority (CMA) instructed to include any potential national security concerns in its upcoming report on the merger. These would be obtained via consultation with relevant third parties, and come as an addition to its existing focus on jurisdictional and competition issues.

    Depending on the outcome of the review, Dowden can choose to clear the transaction, impose certain conditions, or refer the it to a more intensive “phase two” investigation.

    Continue reading
  • When 4GB is just not quite enough

    Microsoft is to drag veteran code wrangler Visual Studio kicking and screaming into the modern world with a 64-bit version.

    It has been a while coming. Visual Studio dates back to the last century and started out life as Visual Studio 97 (replete with the likes of J++) before version 6.0 turned up to round out the 1990s. Microsoft stuck with naming by year thereafter (aside from a brief dalliance with slapping everything with the .NET moniker at the start of this century).

    Which brings us to Visual Studio 2022 and one of the larger overhauls for the suite, not least of which is the long-awaited move to a 64-bit application.

    Continue reading
  • Environment variables full of secrets uploaded to attacker server

    Codecov, makers of a code coverage tool used by over 29,000 customers, has warned that a compromised script may have stolen credentials over a period of two months, before it was discovered a few weeks ago.

    Code coverage measures how much of an application’s code is the subject of unit tests, the idea being that the higher the percentage, the more reliable the application is likely to be. It is a useful but imperfect metric, since it does not take into account the quality of the tests.

    Codecov is a cloud-based tool which integrates with GitHub, GitLab, Atlassian Bitbucket, or any Git-based repository. Developers run tests using their own CI (Continuous Integration) tool and then upload the results to Codecov using a tool called Bash Uploader. Codecov then generates a report which is accessed on its site. Source code itself is not stored on Codecov’s site, but the tool does require read access to a repository in order to display code alongside reports on demand.

    Continue reading
  • Rounded corners are nice, but what you really want is Linux 5.10, right?

    Windows Insiders have been given a bit of Linux love with the arrival of a freshly updated kernel and an all-important clock fix.

    Having yanked the Windows Subsystem for Linux (WSL) 2 out of the usual Windows servicing cadence, Microsoft's engineers have been able to update WSL 2 without requiring a full-on OS patch.

    The original 4.19 branch was updated to 5.4.72 in February. The kernel has now been brought considerably more up to date with the 5.10.16.3 version.

    Continue reading
  • Plus Pwn2Own faces fire and update Chrome immediately

    In Brief The former systems administrator for the FIN7 card-slurping gang has been sentenced to 10 years in a US prison.

    Fedir Hladyr, 35, pled guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking last year, and on Friday was sentenced for his role in the theft and resale of over than 20 million customer card records from over 6,500 point-of-sale terminals across the US using the malware dubbed Carbanak.

    Hladyr set up a front company, Combi Security, to cover his actions as he funneled the purloined data around the criminal underworld. He managed the encrypted comms network the gang used, ran the server farms used to spread and exploit malware, and coordinated individual attacks.

    Continue reading
  • Glimmer of hope on the semiconductor front – for the car industry anyway

    Japanese chipmaker Renesas has said it will restore full production capacity at its N3 Naka plant by the middle of next month following a blaze in March that destroyed equipment and contaminated the clean room.

    Renesas, which accounts for a third of all automotive semiconductor sales globally, said it expects to be at half-capacity by the end of April. CEO Hidetoshi Shibata confirmed in a press conference the company plans to install new fire suppression equipment to prevent any future fires.

    Operations at the Naka N3 clean room resumed on 9 April. According to a notice from Renesas, the company had to rely on over 1,600 workers each day (both internal and from third parties) to rebuild and decontaminate the clean room, illustrating both the scale of destruction and difficulty in restoration.

    Continue reading
  • Nobody caught – er, held us responsible, says Chinese firm

    Huawei was able to snoop on the Dutch prime minister's phone calls and track down Chinese dissidents because it was included in the core of the Netherlands' mobile networks, an explosive news report has claimed.

    Dutch national daily Volkskrant (behind a pay wall) reported over the weekend that mobile operator KPN, which used Huawei-supplied equipment in the core of its network, discovered the full extent of the Chinese company's doings in 2010 after it commissioned Capgemini to write an outsourcing risk analysis report .

    Not only could the prime minister be eavesdropped on by Huawei, along with millions of other customers, said KPN as it quoted the report, but it could also identify people being snooped on by the Dutch state as well.

    Continue reading
  • NASA’s JPL lab speaks to The Reg

    NASA's Ingenuity today hovered in the skies of Mars making the equipment the first human-made helicopter to take flight on another planet.

    Amid cheers in the control room, engineers confirmed the diminutive helicopter had spun up its rotors, taken off, landed, and spun everything down, leaving the stage set for further tests. An image from the helicopter's onboard navigation camera showing its shadow on the surface of Mars was swiftly followed by another sequence from the Perseverance rover showing the helicopter hovering.

    Continue reading
  • 'Eskom should pay the pending dues for the Oracle software that they use'

    Oracle has pulled the plug on support for software described as "quite essential" to "crucial operations" at South African energy firm Eskom as part of an ongoing licensing dispute.

    Eskom spokesman Sikonathi Mantshantsha said Big Red had withdrawn support for multiple software systems after the electricity provider failed to have the courts compel Oracle to continue while the dispute was settled. Eskom had also offered to pay what it thought it owed upfront until the figure was agreed in court.

    Mantshantsha confirmed that Oracle had withdrawn some of its technical support services. "Eskom has contingency plans in place to reduce the risk of disruption resulting from the dispute with Oracle," he said.

    Continue reading