50 comments

[ 4.8 ms ] story [ 110 ms ] thread
Agree with OP, but thought it was interesting how much the debate is being shaped by the general sentiment shifting against big tech and how unsympathetic major tech platforms have become in public policy discussions, particularly around this subject.

Liked this rundown of all the forces lined up on the other side. Debate doesn't seem to be driven by tech or really by policy, so much as pols trying to cut down an industry a notch (particularly as that industry's lobbying has largely been tone deaf):

https://www.axios.com/distrust-of-tech-could-be-encryptions-...

It seems like a sort of "power vacuum" [1] situation. If the government doesn't opt to take the power to read everyone's communications, FB & co will take that power by layering on encryption to shut the government out, while maintaining endpoint control such that they alone can extract message plaintext. The "debate" is just whatever these two sides have come up with to try and sell their preference to the public.

[1] https://en.wikipedia.org/wiki/Power_vacuum

> People can operate their own encryption, either by operating their own server technology or sending encrypted blobs over FB.

> Encryption technology can hide content, but won’t hide the parties to a communication without a lot of extra work

These two statements alone are reason enough why the whole encryption debate is pointless. The moment the government of a country makes it illegal for chatting apps to use encryption, the criminals are just going to roll their own crypto.

So it'll just end up taking away the privacy of regular citizens, and will undoubtedly be used to violate their rights.

Furthermore, I'm 100% that if enceyption is outlawed, in the case of WhatsApp, Facebook will just start analysing all your chats and using them for more targetted ads. Yay.

If encryption is outlawed I'm burning all my credit cards and buying everything cash. I am not accessing my bank accounts without encryption. Even if "only police get access to decrypt."
This is a needlessly hyperbolic comment that illustrates the, at times, silliness of this entire conversation even among technologists. EMV credit cards are essentially off-the-shelf ISO/IEC 7816 smart cards and would not function without encryption. Are you suggesting an encryption outlaw would trickle all the way down to how a credit card functions? Do we stop using Apple/Android Pay, both of which have several protocols in their inherent functionality that require encryption? Online purchases are not the only reason a credit card exists, but your position has widened from the government's debate here on social media/consumer uses to "all private encryption in the whole world," a typical webshit perspective. Banks have regulatory requirements for encryption set by governments in question, so all of the actions you'd take make absolutely zero sense even in the unlikely event of encryption being outlawed. You might as well get Ron Rivest to sign a jersey and burn it on TikTok.

"Outlawing encryption" is getting dangerously close to "coming for your guns," and it's amazing how even this audience doesn't sit down and go -- hm, is that really likely despite appointed officials beating a hobby horse? -- with the same fervor that a single word Mark Zuckerberg says before Congress gets 300 comments of suspicious and objective argument before the thread falls off the front page. To the -4 gray I go! Censure me for my nonconformity!

Food for thought: "the government is in the pocket of special interests, overturn Citizens United" and "the government just might outlaw encryption, donate to EFF" are mutually exclusive positions. Those special interests want and, occasionally, need encryption. So. Maybe think a bit, because one cannot believe both, and I'm wagering many here do.

Encrypted communication is essentially what allowed online banking and online sales to finally take off and created Amazon and eBay, among other businesses that could not have existed without it.

And outlawing encryption is what politicians are talking about. They do so all the time.

"The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." -- Prime Minister of Truth, AU

Agreed, and it's a shame Australia became a place that cannot be trusted to maintain valid encryption.
Also the laws of Australia: It's becoming illegal to use cash for any transaction over $10k.

The politicians are proposing to outlaw both encryption _and_ cash...

:sigh:

Yikes I had not even thought of that. How long till they install CT OS from Watch Dogs? I mean really that game is now about to be a documentary of the future. I hope not.
"The moment the government of a country makes it illegal for chatting apps to use encryption, the criminals are just going to roll their own crypto."

This is copied & pasted from anti-gun control arguments and is ignoring the excruciatingly obvious in exactly the same way.

Sure, criminals don't obey the law. But the reason prohibiting "regular citizens" from doing something helps stop criminals from doing that thing is because they will stand out more and have fewer excuses.

I'd rather arrest criminals for committing crimes and not for exercising their rights.
Assume a general ban on private encryption. This is de facto equivalent to a ban on transmitting random numbers also, since the two are indistinguishable to the government. Messages can be obfuscated steganographically of course so any kind of noisy data could potentially be an illegal message. Such a ban would amount to a mandate that all speech be thoroughly comprehensible to the government and without error.

The implications to liberty of such a policy are shocking. It is designed to be useless enough so as not to actually solve the problems that supposedly demand it, yet broad enough to be enforced against anybody selectively. A perpetual lever of fear.

Barr's proposals applying to social media are merely a restricted case of this scenario. Just like every other policy that purports to prevent crime/pedophilia/mass shootings/terror by criminalizing possession or use of tools, it is pure security theater which only binds people who are cooperative enough in the first place not to evade it. We must cultivate a common cultural recognition that these are tactics of control and not of protection.

Agreed but what's happening is that governments are waking to the idea that not only will communications over the wire be encrypted from platforms (such as signal, dare I say whatsa--- no I can't, but you get the point), data at rest will similarly be out of reach from platforms with technologies like zero knowledge proofs and homomorphic encryption. There will come a day, baring any tampering/legal obstacles where most companies simply won't be able to see the underlying data unless the user grants permission for the use. Even then users may not even need to grant permission to the entire object but elements of the object to facilitate an answer -- i.e. instead of granting access to an entire social security number, the system could simply ask via algorithm , do you have a valid social security number and is it yours and the answer comes back yes/no. To be quite honest, I don't see why governments couldn't join such a system but I guess if given a preference, they'd prefer to coerce the platforms rather than ask the users each and every time...just because that's the easy way doesn't mean it's the right way.
I think the phrase "warrantless encryption" should be outlawed. What is that even supposed to mean?
I think they mean just "encryption". The argument is over whether facebook can store encrypted messages. "Warrants" really have nothing to do with the discussion, afaik.
> I think the phrase "warrantless encryption" should be outlawed. What is that even supposed to mean?

I believe it means: encryption that does not have a built-in backdoor such that anyone with the backdoor key can break the encryption at will including, for example, law enforcement agents in possession of a wiretapping warrant.

At one point, the NSA heavily promoted a similar scheme ...

https://en.wikipedia.org/wiki/Clipper_chip

Encryption is a 2nd amendment issue. It's not a private expression, encryption algorithms are armaments that have always been used as such in warfare, and still are. And the Internet means that private citizens are routinely defending their intellectual property, monetary assets and reputation from organized crime and nation-state actors.

And we all get roped in to the tedious work of recognizing phishing emails, changing passwords, using 2FA and patching software that makes it possible to do business in the modern economy. When we fail to do so, our systems are then owned and used to make war and attack others.

Hence, we are all part of "a well regulated* militia [that is] necessary to the security of a free state."

* "well trained" in modern parlance

Exactly, yet the second amendment people are silent whenever one of their representatives calls for forced backdoors.
I am a staunch defender of the second amendment, to the point where I want the NFA repealed. I abhor backdoors in devices with equal vigor; the government has no business in my life on either front.
Republican Party? Mostly, but that's par for the course - they're the same way with family values as well, until Newt Gingrich or Donald Trump want to run for office. Libertarian Party and Constitution Party will be more consistent here.
I also stand with sibling post from big_chungus.

I'm a staunch supporter of both self-defense rights and of the ability to protect one's privacy.

Silent or noisy, makes no difference. Agents of the state yield only to force. Words are not an effective strategy. The state itself is a parasite that feeds on the blood of the people. Speaking to an agent of the state is about as useful as asking a mosquito not to bite you.
Oh stop it. The 2A supporters I know are strongly opposed to encryption backdoors, too. I should know, I’m one of them. And I’m plenty loud.
Because the idea of encryption as “arms” is ridiculous. Just because it’s used in warfare doesn’t make it “arms” protected by the Second Amendment. Food and fuel are used in warfare too.
The government has more power to restrict freedom to bear arms than freedom of speech. Encryption was subject to export regulation when it was treated like a military technology; Bernstein v. United States forced the State Department to loosen regulation by arguing encryption as free speech.
I hear what you're saying. But the enemy will poison the minds of gen pop with such messages. Divide and conquer is the one true strategy to the game.

Drawing these lines proverbially is akin to perforating our social fabric. Lots of small holes, that left untouched, provide the strength to maintain structure. But once enough of those dots are connected by tears, it's usually too late to rebuild without starting from scratch.

As citizens, we have the right to argue that BOTH angles apply. Whether one out weighs another is significantly less consequential in the heat of battle. Navigating the seas, making progress towards your goal, that should remain the focus when having discussions that often gets lost. IMHO at least

Your government.

Where I'm from, the police are using extra judicial coercion to shut down concerts by threatening venue owners with liquor licensing audits, because they don't like a rap group's song lyrics:

https://mobile.abc.net.au/news/2019-12-13/australian-drill-r...

Funny because the article mentions the coercion of NWA in the US as precedent.

>There's a long history of police butting heads with hip hop artists, according to Dr Rebecca Sheehan, who researches the link between social identity and music at Macquarie University.

>"The FBI issued a cease and desist order to NWA," she said. "When they refused to stop releasing their music, stop distributing it and refused to stop playing concerts, local metropolitan police around the United States get the idea to start shutting concerts down for them."

I’m not sure that’s true. The level of scrutiny required for the Second Amendment hasn’t been established by the Supreme Court.
They have a long history of use in warfare, but so do shoes. I don't really think one is fundamentally more military than the other.
It is illegal to compel speech in the United States. Forcing specific software implementations to cripple-ware the product is compelled speech. Full stop.
Yes-- That's why they want the big platforms and chat apps to voluntarily put backdoors in their cryptography.
No!! To that I say fuck off and freedom is more important. We must not compromise on this.
> Forcing specific software implementations to cripple-ware the product is compelled speech.

How is it so, in a way that complying with other warrants isn't? (I'm very much not sympathetic to the government's assertion of its rights here, but I'm not yet convinced by this argument against it.)

Fair question.

Warrants are mostly pertaining to searches as I understand it.

I don’t think there is instances of warrants in the US that has resulted in compelled speech?

To be clear gag orders and injunctions don’t count as compelled speech. That’s an order of absence of speech.

I'm not from the USA - however most communication software implementation are commercial systems - and don't have the same free speech constraints.

There's already ample historic precedence for requiring suppliers of goods and services to include side door access for law enforcement.

CALEA comes to mind - it requires communications system providers to include third party listening capabilities.

There are probably (not a lawyer) arguments that could be made that software is speech - and the difference between an "Information Service" vs "Communication Service".

Also, I do wonder how OSS communications software (XMMP etc) might differ under some aspects against commercial software - like Cisco Jabber (which is also XMMP).

Or OSS software written by a private company/startup. Or someone wanting to move their hobby OSS software into a startup.

* https://en.wikipedia.org/wiki/Communications_Assistance_for_...

> Even if he [AG Barr] makes that the law – and good luck ...

> You’d have to inspect every packet on the internet to make sure it wasn’t using strong encryption keys. You’d have to ban every kind of decentralized network.

> You’d essentially have to ban any communication that isn’t subject to automatic monitoring by the government. You would essentially have to ban privacy. You’d have to ban the open source movement.

Maybe not in this administration, but it's not even hard to think of scenarios after that in which such actions would be taken in a heartbeat.

Anyone who witnessed the brainless panic after 9/11 with open eyes should should viscerally feel that the civil rights that make the US the country that is hang by a very delicate thread.

All of the things needed for such a program would be done in a bipartisan manner, with members of Congress congratulating themselves for showing responsibility. It would be done to protect the children. Or the oil. Or to vanquish an Evil Empire. Or to stamp out terrorism. It would be done to protect us from nuclear, biological, or cyber annihilation. And it would happen to thunderous applause.

I agree with you. There was a really good episode of Blue Bloods about this issue. And the writers of Blue Bloods got it completely wrong. The problem is they portrayed the pro-encryption side of the argument negatively, and didn't do it any kind of justice. In the end the Police Commissioner guilted a tech executive to lend him "an engineer" to unlock a smartphone containing sensitive data.

That is how this argument is portrayed to the public. "Well if you aren't hiding anything then you have nothing to worry about!"

It's funny because you can you can usually tell a non-tech-savvy person who has had their identity compromised from a non-tech-savvy person who hasn't, simply because they have a healthy dose of paranoia. I feel like if more of society were trivially hacked (and embarrassed by it) that they would take the issue more seriously. But by then it could be too late.

Of course they got it "wrong". The writers aren't looking to challenge their audience, but rather playing to preconceived notions of the centralizing narrative. The struggle of the good guys stopping the bad criminals. If only the good guys could have more power, they could be more effective!

It would be hard to create a more robust system of government propaganda than primetime TV.

>That is how this argument is portrayed to the public. "Well if you aren't hiding anything then you have nothing to worry about!"

If government has nothing to hide why getting anything out of FOIA is nearly impossible?

The thing is that law and public acceptable change over time so

> Well if you aren't hiding anything then you have nothing to worry about!

Maybe I don't need to hide anything for now because what I'm doing is considered legal now, but it might change in the future. Once the cat is out of the bag, there's no putting it back in.

His point is not "this is so outrageous that the government won't dare do it". Rather, he's saying "it's such a monumental undertaking that costs so much and hurts so many entities that it's simply a pipe dream of a technically ignorant group of bureaucrats and cannot be done".
I thought that Cory Doctorow's YA book "Little Brother" did a very good job of illustrating this kind of scenario, and making the injustice feel viscerally real.
One important thing to keep in mind about users encrypting their own messages: those encrypted messages will be impossible to discern from random bits.

This means if I send the message "f734fca50971f301786eaf0ee0de900f" there is no way to tell if I'm breaking the law or not unless we also outlaw sending random bits.

Ah, you're right. We need to make sending out random bits a felony, that way if we see anyone doing it, we know they're a criminal. Good catch.
I like this. Encryption is a shared language between two parties, that only they can speak and understand.

Analogous would be the government saying no one is allowed to speak Chinese, because the government doesn't understand Chinese

wittgenstein thinks private languages are impossible (though not illegal)
i think the "warrentless encryption" alludes to encryption just because, and not for transactions that must be secure.

encryption is another thing itself. it doesnt need to be RSA, or SHA256.

emogis and emoticons, are encryption :-D.

l3375p34k is encryption.

euphemisms are encryption [dont talk that way my dog is sick].

even binary code could be considered encryption !

> You’d have to inspect every packet on the internet to make sure it wasn’t using strong encryption keys. You’d have to ban every kind of decentralized network.

Upfront bias: I’m against encryption backdoor. But the article is arguing against a straw man. Nobody is proposing to ban encryption. (That would be a first amendment issue.) They’re proposing to require companies to include encryption back doors in commercial products. That doesn’t regulate speech, it regulates the design of products.

“Speech” within the scope of the first amendment protects the communication of a message or idea. That is broad, but the thing that is protected is the communication of a message. Thus, the government cannot ban you from encrypted speech. But it can certainly ban Apple from making iPhones that contain encrypted communications features, for the same reason it can ban cars without seatbelts. While code can be speech, in that context the code isn’t communicating a message but rather providing functionality.