Man in the Middle Attack – British Government has Sir Tim Berners Lee against it’s SSL Bumping plans
What is the UK Snoopers Charter?
The UK govt is proposing a bill, to allow a “man in the middle attack”, (a hacking attack) against every one of it’s 61 million citizens, via compromised routers at the ISP.
The Routers at your ISP, will issue a “fake certificate” and pretend to be the bank, your lawyer, Amazon etc. And the govt will pretend to be you, to your bank.
Why would the UK Govt do this?
SSL Bumping means the govt can bypass all encryption and read our de-encrypted emails. However this applies to all situations including medical data, client/lawyer correspondence, banking and financial transfers.
The ISP will store this data for a year.
What’s wrong with that?
- The ISP will become a honeytrap for hackers across the world.
- Celebrities data would be hacked – the Murdoch scandals would pale into insignifcance with this. We’d have to get Leveson ready for another enquiry.
- You could not secure or safeguard this volume of data.
- Our finance data would be unencrypted.
- Digital signatures would be challenged in court – the UK govt signed the document on your behalf.
- Non Repudiation – those wishing to get out of a contract could claim they did not sign the contract. This would be true – as the British Govt had signed the contract with a fake certificate.
Oh yes, lawyers across the world could cancel contracts with any British company… as it was signed by the govt, not the person you’d contacted with.
SSL Bumping is the most ludicrous idea I’ve heard of in a long while, and I’m delighted that Wales and Sir Tim Berners Lee are standing against this law.