151 comments

[ 5.0 ms ] story [ 223 ms ] thread
I'm an African. I've lived through fantastically corrupt, despotic, authoritarian rule riddled with nepotism and kleptocracy. I find GOP politics to be disturbingly familiar. And it reeks of regulatory and state capture.
(comment deleted)
I don't really think it is that cut and dry.

Case in point, a similar bill (as I understand it) - The EARN IT Act was spearheaded by the same people as this bill, plus Dianne Feinstein (Democraft of CA):

"The EARN IT Act was introduced by Sen. Lindsey Graham (Republican of South Carolina) and Sen. Richard Blumenthal (Democrat of Connecticut), along with Sen. Josh Hawley (Republican of Missouri) and Sen. Dianne Feinstein (Democrat of California) on March 5."

https://www.theverge.com/interface/2020/3/12/21174815/earn-i...

Also:

https://www.wsws.org/en/articles/2020/03/17/earn-m17.html

Feinstein is widely despised by progressives for, among other things, being a hawk. That she would also be anti-freedom here is not a huge surprise.
Of course, nothing is ever black and white. I did not mean to imply all of the GOP is terrible and the other side is good. I am merely stating, looking from afar, it's the GOP politics that seems most familiar, in general.
Both parties push that. This case happened during clinton for example https://en.wikipedia.org/wiki/Bernstein_v._United_States

This is the real problem with america. Not that one party is evil but that both parties are, there is no choice.

While both parties are certainly beholden to big donors, I think the equivalency argument ends there.

When it comes to issues of money in politics (e.g. campaign finance), issues of government transparency (e.g. financial disclosures), or environmental protection, the differences are night and day.

You do have a point about civil liberties though. Both parties have become pretty extreme (on opposite sides of the ideological spectrum) about where to draw the line between acceptable/unacceptable discourse. I fear that the Dems have become too toothless to take on big tech companies due to the vast sums they receive from said companies. Nevertheless, anti-cryptography legislation still seems to be the GOP's play these days. The Dems of the 1990s are hardly equivalent to the Dems of 2020, especially with an ascendant activist wing running more and more of the show.

Democrats increased the spying powers and war budget of a President they genuinely believed to be a Russian puppet.
Well, there is also the possibility was that they were exaggerating the degree to which they actually believed he was a puppet.
Democrats impeached a President over something they didn't really believe was true.
Well, your idea was that they were acting erratically and irrationally, my proposition is that they may just be putting on a show. Neither alternative is particularly flattering.
They didn't impeach him over "suspicion of being a Russian puppet". They impeached him because he attempted to abuse his power to coerce a foreign government to investigate his political rivals. Note, even the withholding of the funds was illegal because Congress had approved it. This is without the shakedown tactics that he employed on top of it. Let's not rewrite history so quickly.
Democrats paid foreign spies to generate fake evidence, then used that fake evidence to start an investigation into political rivals during an election year which included but was not limited to wiretapping top level campaign officials. The Ukraine investigation was in direct response to the Russia investigation, they are tightly coupled. They clearly do not have a legitimate problem with his behavior, since they had done the same thing themselves. Additionally, it's not clear they believed the claims in the articles of impeachment any more than the claims made during the Russia investigation. This is not an endorsement of Trump or anything he has ever done.
"Republicans" in this case is not the entire GOP, but rather only three politicians who also happen to be Republicans. There are probably plenty of other Republicans who would support this, and plenty who would not. And probably plenty of Democrats who would support it, and plenty who won't.

Hopefully the won't category will be much larger than the will category, but I doubt the support will be exactly along party lines.

We've all been shown recently how law enforcement only protects certain segments of society. This will only get worse with draconian surveillance.
I think politicians must win prizes or something for showing who is the stupidest:

> The bill also allows the attorney general to create a competition with a prize for anyone who can come up with a way to access encrypted data while protecting privacy and security. Security experts have long noted that this is an impossible request.

Why they're at in, why don't they push a bill for permanent rainbows.

Also, the article states "The proposed legislation stops short of requiring tech companies to create a backdoor", so if end-to-end encryption is still available, this legislation does nothing. And if lawmakers try to ban end-to-end encryption, well then "banning math" should be the name of this legislation (yes, I realize politicians have tried to do that before). Sure, large companies may comply and average joes may get less E2E encryption, but anyone who knows anything about tech will be able to get access to E2E encrypted messengers.

>"a prize for anyone who can come up with a way to access encrypted data while protecting privacy and security."

A prize for a cake that can be eaten but will never be consumed.

I think nanobots could accomplish this. The end result might be unexpected though...
Each time you want an encrypted session you need to make a request to the government third party key signing service that, with your public key, the public counterparty's key and a government generated key for your session, a new key for the session is produced.

It's possible but potentially expensive and has issues with who gets keys on international communication. And it's also dumb.

Serious question (about practicality, not ethics): people always say that it's impossible to provide government access to encrypted data without opening a huge security hole for hackers to exploit. Why couldn't an encryption scheme be used that, for decryption, requires either a) the user's private key (a usual), or b) some sort of combination of private keys of all the relevant government entities required to authorize accessing the user's data? So that something like the combination of a judicial private key and an fbi private key were required to access the data?

Of course the data would still be hackable if a bad actor were to get their hands on both of those keys, but security could be increased by, for example, increasing the number of parties needed to authorize the access.

(Please don't critique the ethical premise here - I make no claim that this is the "right" thing to do, just that it could be plausible)

That's exactly it, it's very possible, but all the eggs would be in one basket.

Scheme: multiple copies of symmetric key followed by symmetrically encrypted body (pgp-style). One copy of the symmetric key is secured by user's private key, another is wrapped in an onion of all required "side" keys.

The issue is that the government-held keys only need to be exposed once, and then someone has a key to all of everything, everywhere.

They mentioned having multiple keys with different government organizations. What if there are 12 keys and you need 6 keys to decrypt the data. The user has 6 keys. The company that created the device or service has 2 keys, the judicial branch has 2 keys, and the executive branch has 2 keys. All of the non-user keys are required to be in different systems. The compromise of any one system still requires cooperation from the non-user groups to decrypt. You couple that with some system that allows the data to be decrypted and reencrypted with new keys in the case of a breech of keys. You can add as many keys to this scenario as you want until you feel like a breech of the necessary number of keys is not going to happen. Are we sure a system along these lines is impossible?
Unfortunately, each key will be poorly protected, because each group will rationalize that "it would be impossible for someone to get all those keys" while someone gets all the keys.

The US government couldn't even keep the most sensitive information about its personnel secret, see the OPM breach: https://en.wikipedia.org/wiki/Office_of_Personnel_Management... The Inspector General had warned Congress of "persistent deficiencies in OPM's information system security program" and nothing was done. This resulted in some really sensitive data being exfiltrated, probably some good blackmail info. The US government has not done a great job even protecting its own employees.

The biggest problem here, though, is incentives. A government cannot be sued, or suffer any other negative impact, if it accidentally loses keys that lead to others' death, blackmail, or job loss. Too bad, so sad. If tomorrow it becomes illegal or unacceptable to do something that today is legal, a government can retroactively punish those who engaged in it. In short, the government has no strong incentive to protect the keys, only you do.

It sounds like we have already moved from this is an impossible request to this is a difficult and impractical request. Setting up a government competition with a prize to solve a hard problem seems reasonable.
> It sounds like we have already moved from this is an impossible request to this is a difficult and impractical request.

I am not sure how you got this from conversation above. Still sounds impossible to me.

Problem as stated is, that if skeleton keys are broken, then everything everywhere gets broken.

The fact that government has bad initiatives to keep keys secret, just means it will be easier for bad actors to steal them. But that is just a side argument.

>I am not sure how you got this from conversation above. Still sounds impossible to me.

When discussing encryption, many people say that this is an impossible problem to solve because of math. This conversation has shifted to being a problem about incentives. Math is impossible to change. Incentives are changeable. If the only problems here are the specifics of the scheme and the incentives of people involved, those are solvable.

>Problem as stated is, that if skeleton keys are broken, then everything everywhere gets broken.

Which is why you build redundancy into the system that would require multiple independent breaches and a system to reencrypt data in the event of a breach.

Attacker can record encrypted data before getting the masterkey.

During usage, all pieces of master key will have to be brought together into one place (phisical or virtual), so eventually still only one breach is needed.

If I encypt data using encryption without backdoor, then to illegitimately get clear text requires effort X, and it gives access to 1 persons data. If whole country encrypts data using backdoored scheme, then effort Y will give access to data of 100 000 000 people. It would seem that security of the backdoor should be 100mil times stronger then that of usual crypto.

> When discussing encryption, many people say that this is an impossible problem to solve because of math. This conversation has shifted to being a problem about incentives. > Math is impossible to change. Incentives are changeable. If the only problems here are the specifics of the scheme and the incentives of people involved, those are solvable.

It's still a math problem in the end.

Today if you want to break into someones encrypted data, you either have to break encryption algorithm (which is hard and by hard I mean even stuff we consider insecure like 3ple DES are still not broken) or you have to break each data individually.

With skeleton keys that changes. Suddenly all the world secrets are one* key away. That is the big difference. Doesn't matter how you do it, it fundamentally changes the equation

And you open up HUGE attack vector, by enabling bad actors to bribe/coerce people with access to skeleton keys.

* Doesn't matter if you split it up, have different org have parts of keys etc.

In the real world, impractical is the same as impossible.

It's easy to enable a third party to read encrypted data, simply give them the key. That is not and never has been the problem.

The problem is ensuring that only authorized uses occur. There is no algorithm that can determine good guys from bad guys. Keys are notoriously hard to keep secret. Any mechanism that tries to transmit them now adds a third party, and we have enough problems trying to keep things secure when they're only two parties. Storing them securely is highly improbable to occur in practice. We cannot even store simple data securely. The OMB breach showed that employees were unwilling to apply basic security practices to protect data about themselves... why would they securely store data when they won't be hurt? Splitting them helps a little, but it doesn't solve the fundamental problem.

And this ignores the fundamental problem that groups like terrorists can simply use a different algorithm. When somebody says please think of the terrorist children, they assume that somehow they will use the bad encryption everyone else is stuck with. If someone is willing to violate one law, they will be willing to violate another.

It would be interesting to take something like that to an extreme. Have approximately every adult in the country receive a key share, with 90% of the shares required to reconstruct the key.
Computer viruses.
Modern security involves generating a key for every session and this could be dicey with a master key.
Yeah, that's the symmetric key in this scheme, I should have said session key.
> Of course the data would still be hackable if a bad actor were to get their hands on both of those keys, but security could be increased by, for example, increasing the number of parties needed to authorize the access.

Not "if", "when". It will happen, and as soon as it does, everyone's privacy (for previously encrypted content) is gone forever. It is impossible for me (and I think a lot of other people) to imagine the government can keep those keys secret for a reasonable period of time, nonetheless forever.

> So that something like the combination of a judicial private key and an fbi private key were required to access the data?

Because, eventually, they'll leak. Security and intelligence agencies have lost keys and hacking tools and top security documents.

And when they leak, the surface for what you can exfiltrate before the keys are rolled over will be _everything_. If you can roll over the key.

Microsoft leaked their Secure Boot key once, and it wasn't possible for them to fix that on all of their devices. Whilst that isn't a particularly concerning leak, that changes if what it was protecting becomes someone's personal information.

To protect against a leak that compromises everyone, everywhere, you'd want the government keys to be unique per site and company. Which would also incidentally make securing those keys harder and lead to more leaks.

And that's before you question whether the people with access to the keys are actually trustworthy and won't do what law enforcement have done in the past, like stalk their ex.

It's a no-win situation.

> Because, eventually, they'll leak.

All of them will leak? Seems like if each key is in possession of a different party, and you need all keys to decrypt, and at least a few are air-gapped only available for warrant holders via manual retrieval... the probability would be vanishingly small.

I agree it's impossible in theory, but in reality nobody has put out significant resources and made an honest effort to try, imo.

I bet I could come up with an encryption scheme that allows decryption for warrant holders only, but the scheme to decrypt will be very onerous for the warrant holder and will require manual retrieval of air-gapped asymmetric keys and lengthy background checks to establish trust (i.e. is this person who they say they are and did the judge really grant a warrant, etc.).

And I bet I'd not use it.

You can add whatever extra bureaucratic processes you want, but you're still making my encrypted data less secure.

There was that government OPN hack not so long ago with all that gov PII. And consider the tempting target these keys will make for state actors.
To clarify, it was the United States Office of Personnel Management (OPM).

But I agree, it's a perfect example of why we can't trust even the most security-trusted people in the US government with skeleton keys to all of our data.

Didn't someone walk out of the NSA with a USB stick filled with classified documents and viruses?
> All of them will leak? Seems like if each key is in possession of a different party, and you need all keys to decrypt, and at least a few are air-gapped only available for warrant holders via manual retrieval... the probability would be vanishingly small.

There are always tons of assumptions we make when we say these things.

We assume that the computer used to generate the keys was never connected to the internet, has not already been compromised at the time of key (re)generation, there are no backups of the computer, the engineer that performs the key generation is extremely trustworthy, the room this is done in is perfectly isolated from surveillance, etc. If you start calculating these probabilities and multiply them together, you start observing them moving further and further from 100%.

> but in reality nobody has put out significant resources and made an honest effort to try

These just seem like No True Scotsman fallacies. If anyone comes up with evidence of an effort, are you going to move your goalposts?

IMHO, the incentives don't exist. Law enforcement can't even secure their own technology and vendors (eg. BlueLeaks, OPM hack). The tech companies tasked with this project only see it as a cost center and see it as a potential massive risk to their brand if this system is misused. During the Snowden leaks, there were accusations of NSA contractors using the search system to spy on family members, dating partners, etc.

Human behavior is too predictable to naïvely assume that we can increase security while increasing the number of keys/people who have access to a massive tranche of data.

> Seems like if each key is in possession of a different party,

The nature of the federal executive is a problem here: keys spread among federal agencies are functionally in the hands of one party.

> I bet I could come up with an encryption scheme that allows decryption for warrant holders only, but the scheme to decrypt will be very onerous for the warrant holder and will require manual retrieval of air-gapped asymmetric keys and lengthy background checks to establish trust (i.e. is this person who they say they are and did the judge really grant a warrant, etc.).

Whilst in theory ideas like these work, they don't in practice.

When security is tightened, and oversight is made more difficult, we regularly see the players involved skirting the system because they're human and don't think that they're really doing anything wrong.

Stuxnet was a while ago, but pierced an air-gapped network through a means that... Shouldn't have been possible. It was possible because of the failure of the humans involved. A factor that can't be removed.

You would find keys being surreptitiously shared over insecure shares, and getting caught up in other data leaks. Two or more departments sharing keys between employees to save some time and effort. Or forgetting to shred a key securely once it has been accessed. It doesn't take long until everyone in the department ends up with a key - and then each of those is a weak point.

The NSA has had repeated problems with their processes being avoided and ignored by employees skirting oversight to stalk their ex's, by doing things like listening to their phone calls - which supposedly required a warrant. [0]

You can't trust the people involved.

Now, there's a very, very simple way to avoid all of these problems. Secure the data to the fewest number of people required. Placing the responsibility of keeping the keys secure with the direct stakeholders.

An end-to-end encrypted chat still has the possibility of keys being leaked. But only the people who will be directly impacted are involved. You don't need a large and complicated scheme, and it is dead simple to implement, comparatively. You only have to trust the people involved, not swathes of departments.

[0] https://en.wikipedia.org/wiki/LOVEINT

> All of them will leak?

You say that like there isn't form. The keys used by every DRM scheme has leaked. Every one. It was not from lack of trying, not because they didn't have access to the best and the brightest. HDMI was actually pretty good.

The problem is not just technology. It's also humans. Create a big enough prize for obtaining a single thing, and it will leak. Every man has his price.

When the prize is the ability to read every communication of every USA citizen, politician and corporation, if you aren't thinking about what sort resources nations like China and Russia can throw it at, you aren't thinking hard enough.

The problem is the only way this is trustworthy is if you require signoff from either 4 or all 5 of the permanent members of the UN Security council. That's the only existing agency I would trust to be sufficiently adversarial to ensure reasonable privacy.
What if each person got to choose 5 trusted friends?
Can i choose /dev/null as my 5 friends?
The 5 friends probably have to be distinct, but you might get away with using symlinks.
Algorithmically speaking, Shamir's Secret Sharing seems of interest to your "combination of private keys" option.

https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing

https://cs.jhu.edu/~sdoshi/crypto/papers/shamirturing.pdf

I agree with the sibling commentators though that it just isn't strong enough to withstand a threat model of "people motivated to get the master key to vast amounts of encrypted communication". Even if such a scheme couldn't be cracked algorithmically, it wouldn't hold up against the relentless social engineering efforts that would be thrown at it.

Important to remember the government itself might be the worst actor. Trump busy doing favours for Saudi Arabia who murder & hack up a reporter. Imagine the favours if he had access to those keys via his corrupt DOJ. Terrifying.
Encryption keys do not have to give "all or nothing" access to encrypted material. With homomorphic encryption and related primitives, you can shape things in a much more finer grained manner and only expose carefully crafted partial information. This can accomplish what you are hoping for with your threshold cryptography example without relying on some sort of combined trust built from multiple authorized parties.

For instance, with functional encryption, you are able to distribute or derive keys that have a very specific functional purpose and leaks no other information. Basically it allows you to derive a "function key" that basically computes f(x) for you given an encryption of x. As long as the crypto is strong, no other information about x is exposed (only info about f(x) is revealed).

With the right system architecture, this would allow the government to perform a very specific, pre-defined query to check for illegal content without exposing any additional information about the encrypted data.

Another approach you could use is based on zero-knowledge proofs and verifiable computation. Essentially a government could come along and ask you to provide a proof that your encrypted data does not contain malicious content. Given a program that can check for what they are looking for, you can provide them a zero-knowledge proof that convinces them that you correctly ran their provided algorithm on the suspect data and that the algorithm did not identify any malicious content. In this process, no other bits of information are exposed or handed to the government other than the data is not malicious.

All of this presupposes you can create an algorithm that can "check" if something is illegal. That seems impossible if you have to define the algorithm before the crime is comitted, and honestly still pretty difficult even if you know what specificly you are looking for.
It's why the antivirus industry exists despite continuously failing. They're pretty much fighting that impossible battle every day.
Key fragments are managed by which governments? And it would differ from the U.N. Security Council, how? Probably it would be Five Eyes rather than the WWII surviving super powers? But back then they were more on the same page than today, so in 10 years or 50 years, the one key to rule them all countries likely don't still get along either. I think it just devolves into an espionage race to acquire all the fragments. Or breaking the code.
> Why couldn't an encryption scheme be used that, for decryption, requires either a) the user's private key (a usual), or b) some sort of combination of private keys of all the relevant government entities required to authorize accessing the user's data?

It maybe be technically possible to make such a scheme, but due to the unitary executive, keys split among N government agencies have the same essential practical security as 1 key held by one counterparty, and one counterparty that has no particular interest in the security of your data. So this fails the “preserves security” aspect for the same reason that any system that enables government access must.

It's been tried before. It was cracked so badly they never tried it again.
There is an even more advanced solution: homomorphic encryption lets you operate over fully-encrypted, undecryptable data, and compute new derived data from it that -- if decrypted with the same key -- is as if the computation was done over the decrypted version to begin with. This can be used to create 'blind' machine learning computer vision models that can detect objects in encrypted data but still can't actually 'see' what's going on.
I thought that was in the realm of theoretically possible but 1e-10 x as efficient?
Others have correctly pointed out the threat presented by key loss. I would like to add that I don't trust the government to properly follow the law once they have the keys. If law enforcement, the justice department, or intelligence agencies hold the key then the only things stopping abuse are administrative controls. That's not acceptable to me as we have seen repeated bypass of administrative controls from all 3 of these groups. The only acceptable solution would be to have the data holders control the keys and process law enforcement requests for data, and then you still have to worry about key loss or theft of keys by intelligence agencies.

A far simpler solution to this problem would be to change the law to mandate disclosure of encryption keys / passwords if served with a warrant. I don't agree with this either, but at least it's more elegant than what is being proposed.

What if someone throws away the keys or forgets their password?
What if the house with all the evidence burns down and all of it is unusable ashes?
Can you do that at the press of a button ahead of time?
What if the government goes pursuing old crimes (or divine something that points to you) and you don't remember the password?
You could show that they accessed a device or used a service immediately prior to being subject to litigation (through network logs for example). A judge would not believe the person didn't remember the password in this case. If they destroyed the keys after receiving a request for data then that would be destruction of evidence which is already punishable. If the data is held by a third party then the third party could perform a password reset.
How long does it take for cases to be brought to trial?

Could you argue the stress of going through the legal system made you forget your twenty word password?

A lot of attacks on cryptosystems involve things such as being able to encrypt whatever you want with the private key, being able to generate lots of messages encrypted with the private key, or being able to observe the errors that occur when decrypting a slightly wrong encrypted message.

By allowing anyone to encrypt a file to the government's private key, you're vastly increasing the chances that one of these attacks goes from infeasable to easily doable.

Right now, if someone were to find a chosen plaintext attack on AES, they could find someone who will encrypt things with their key, get them to encrypt the chosen plaintext, and then break other things that person had encrypted.

If we used the proposed system, then the chosen plaintext attack would allow me to encrypt the plaintext on my own, and then use it to break everything in the world that was encrypted.

Looking at the current political environment where entities that were supposed to act as independent organizations are now all controlled by people actively doing as the president instructs them, how long before some one from each of those organizations with a key are all sitting in a room decrypting the private communications of political enemies?
(comment deleted)
> Security experts have long noted that this is an impossible request.

You know, this could be a total political cover move. Pass some bill that makes it seem like tech companies will open comms to law enforcement, but make sure it doesn't actually work. Then, you can campaign on being tough on crime in November, and if somebody ever brings up the topic later, you can blame the biased big-tech firms for not wanting to work with Republicans.

So encryption tech can't deliver permanent rainbows, but the politicians get them anyway.

Throw lots of dirt at a wall and see what sticks.
Legislators don't have to show up to court to defend their dumb laws, so there's no requirement that their statute have any semblance of coherence.

Government attorneys show up to court after some poor citizen spends a ton of money on legal fees to challenge a bad faith law. Worse yet, some bad faith laws are crafted in such a way that no (living) person has standing to bring it to court to challenge the statute.

On “banning math” and that “politicians have tried to do that before”: I suspect you are referring at least in part to what the Australian Prime Minister said in 2017:

> The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.

This particular statement was widely lampooned in tech circles at the time as obvious nonsense. Yet it’s actually perfectly sound: legislation is all about restricting you from doing things that are possible. (Now some of the other stuff Mr. Turnbull said at that time was drivel; he seemed to be under the impression that it was possible to allow law enforcement to access end-to-end encrypted content without it comprising a backdoor, which the industry as a whole considers axiomatically false.)

It’s the government’s prerogative to ban mathematics. And indeed they already have in various areas due to copyright and possibly patent laws (c.f. illegal numbers). Now I personally think they would be unwise to ban any form of encryption, but realise that they’re quite at liberty to not just try to ban it.

The only laws that can't be broken are the laws of physics.
But can punish a person for doing an act that is perfectly legit under the laws of physics
Of course. If you drop a large weight on someone from a great height, that's generally seen as a problem. ;)
It’s a stupid statement because he’s using imprecision of the English language to try to make some sly commentary on his institutions relative power while also exposing the _exact_ point tech/science makes. While he has the power to make the _practice_ of mathematics law illegal, the law of mathematics that defines encryption will still exist, in the same places his man-made law touches.
Indiana also tried legislating 3 as the value for Pi. The bill giving various values for Pi from 3 to 3.2 to 4 made it to the senate for ratification before it was quashed.

So I propose a trade: any time Australians want to mock politicians we’ll refer to the Indiana Pi bill, any time North Americans want to mock politicians they can refer to “the laws of this country not the laws of mathematics”.

Noting that this was not about banning the possible but making the impossible mandatory.

(comment deleted)
Exactly, it's not like the police isn't abusing physical access to goods, or "lawful" access to phone conversations or citizens databases.

How else will police fund their new cars [1] or arrest the new boyfriend of their ex [2] ?

My point is that the government sees no problem at all with the potential for large scale abuse of government access, just like they don't have any serious safeguards against abuse of existing ones, for example, holding physical keys (for example, would you consider using emergency keys for entering a girls' dormitory and forcing everyone in the hallway to "check for lockdown laws being upheld" a perfectly legal precaution. And if they do it for such absurdly juvenile things, what hope is there for them to do better under pressure ?)

[1] https://www.aclu.org/issues/criminal-law-reform/reforming-po... [2] https://psmag.com/news/stalker-cop-police-protection-danger-...

> This particular statement was widely lampooned in tech circles at the time as obvious nonsense. Yet it’s actually perfectly sound: legislation is all about restricting you from doing things that are possible.

Quite. I guess it also makes perfect sense to ban water from flowing down hills. It's possible, after all ...

The reality is some of their laws have already been torn apart. Australia used to have one of the strongest censorship regimes of any democracy. They gave only up after passing the silly things when then banned computer violent games, in an age where everybody bought them from an overseas online store. I think the kids must have blinked in disbelief at the stupidity of their elders, then returned to their game pads.

Then there are laws I really would like to work - like the anti spam laws. I'll lay odds the head of the Federal Police gets spam addressed to him every day. I hope for his sake it's blocked by technology, because it sure as hell isn't stopped by any of the laws they passed or his police force.

People aren't lampooning the idea the government can't ban whatever they want. They are laughing that in an age when encryption algorithms are form the core of ecommerce, are published on Wikipedia, thousands of web sites and government standards, the government is claiming banning them will have any more effect than passing a law saying π is 3.

It was an absurd statement. Moreover, Turnbull knew that, and didn't appear care. Which means it was pure bullshit. I'm guessing it was dog whistle to the crazy right that had sway in the party at time.

"Sure, large companies may comply and average joes may get less E2E encryption, but anyone who knows anything about tech will be able to get access to E2E encrypted messengers."

We are all lazy. I can use gpg, but how often am I going to do that? The NSA won't have access to the recipes that my brother sends to me, but aside from that, they'll get everything.

To bad for them, though. They'd be better off with the recipes than the rest of it.

Anyone committing a serious enough crime to "justify" breaking encryption would be very motivated to not get caught.
Yes, though the intelligence of criminals varies wildly. One person might organize drug deals over speakerphone in a Starbucks while another might torrent movies only over a clean laptop connected to a public access point with a long-range wifi antenna.
If a criminal is that unsophisticated, there should be other ways to catch them? Mind you, there are better ways to tackle drugs than a Law & Order approach.
How many of these sophisticated and non-lazy criminals are there?

If you have a lot of sophisticated and non-lazy criminals, my guess is that there is something very wrong. I'd like to know more about these characters and what kinds of crimes they are committing.

> The bill also allows the attorney general to create a competition with a prize for anyone who can come up with a way to access encrypted data while protecting privacy and security. Security experts have long noted that this is an impossible request.

Well, with current encryption techniques this is impossible, but depending on what is meant by 'access', there are certainly ways of encrypting data in such a way that it maintains privacy while still being able to question if the data contains knowledge of certain things.

For example, you can have a child pornography machine learning detector that operates over completely encrypted data via homomorphic machine learning. You can also use zero-knowledge proofs to ask a properly stored piece of data whether or not it contains a particular fact, without actually having to read the data. Depending on what is meant by 'access', this is a reasonable request.

Requiring homomorphic encryption of encrypted data channels while government overreach perhaps, seems like something that can satisfy both a desire to have encrypted, unencryptable data, while still being able to examine the data in flight.

Have you been circulating subversive documents which embarrass our wise and honourable government?
Don't attribute to stupidity that which can be explained by malice. It's only stupid if you accept their ostensible rationale, but it makes perfect sense if they're trying to pry open the data of the average citizen, not some mythical terrorist.
Here is the senate page on the Bill https://www.judiciary.senate.gov/press/rep/releases/graham-c...

> Bad actors exploit warrant-proof encryption to shield dangerous and illegal activity —including terrorism, child sexual abuse, and international drug trafficking — from authorities.

Bad actors also exploit warrant proof use of their voice to send sound waves directly at other bad actors ears to shield dangerous and illegal activity —including terrorism, child sexual abuse, and international drug trafficking — from authorities.

I realize that end-to-end vs speaking verbally is a bit of a leap but bills like this make it seem like they don’t want US citizens to have a voice.

If they get such a law enacted, then people who really care about end to end encryption will simply "opt out".

There are so many open source crypto tools out there with no backdoors that anyone savvy enough to find them and use them will do so.

Of course the average user probably wouldn't care enough to do that, but maybe a few privacy scandals could change all that.

I agree, but I also think that, if successful, the law could have the knock-on effect of criminalizing all unsanctioned (read functional) crypto tools.

edit: *leading to arguments like "Oh, you have Signal on your phone, only criminals use Signal."

Can't companies already be compelled to push updates to select devices adding a decrypted sidechannel to "e2e encrypted" apps, effectively providing a wiretap when a warrant is in hand?

There's no need to weaken the encryption at all when end-users don't actually control the software they run day-to-day. Just replace the software while they're asleep.

> Can't companies already be compelled to push updates to select devices

Nope. Can you link to an example?

Lavabit shut its doors to not comply with such requests.
I do not have a current link because the software was acquired bty AT&T and intentionally does not have a public name any more, but all phones used to have CarrierIQ. In debug mode, it could intercept any facet of code execution, network communication (pre-tls), log all finger movements, log phone movement and velocity. To put into debug mode, the phone just needs to receive a http header when it checks in for updates. It will log all the data, upload it and disable debug on a follow up header. The software can be installed over the air with no user interaction or notification. This was supposed to move to the firmware module to avoid users rooting the phone and removing it, but I honestly have no idea if or how that progressed.
That may be the case in Australia at least. From [0]:

"if an agency were undertaking an investigation into an act of terrorism and a provider was capable of removing encryption from the device of a terrorism suspect without weakening other devices in the market then the provider could be compelled under a technical assistance notice to provide help to the agency by removing the electronic protection"

As for the US, I wouldn't be surprised if the government has sought to achieve something like this using the All Writs Act[1]. However, in the recent case of Facebook helping the FBI with a targeted use of a vulnerability[2], it seems that they cooperated voluntarily, even paying a third party contractor to help.

[0] https://www.computerworld.com/article/3460071/encryption-has...

[1] https://en.wikipedia.org/wiki/All_Writs_Act#Application_to_e...

[2] https://gizmodo.com/report-facebook-helped-the-fbi-exploit-v...

Part of the point of end-to-end encryption is that you explicitly don't trust these companies. Would anyone be willing to trust them if they went around pushing malware on a whim?
So... the legislators seem to be targeting "warrant-proof" encryption. Now... correct me if I'm wrong, but law enforcement can use due process to obtain access to a suspect's phone, and that phone will then decrypt the communication for them, right (even if the service provides true end-to-end encryption, which most don't)? So what's the problem?
Often not if the phone is password protected, though increasingly popular biometrics provide no such protections. The idea is that providing a password is equivalent to providing testimony and is thus protected. The law on this is not fully settled yet and varies by jurisdiction.
Are there issues with removing that protection from providing passwords? Intuitively, it feels to me like if police can compel an individual to let them search a house with a warrant, the same should be true of a computer (there may be incriminating evidence on it, but there may be incriminating evidence in the house, too, so I don't see this as being any more or less self-incriminating than textbook warrants). Moreover, if this didn't introduce glaring problems I'm overlooking, it would be a great way to cut out the legs from the "let's just backdoor everything" agenda.

The key thing being the law enforcement agent has to present their warrant to the suspect.

Searching your phone might be more like searching your mind, as phone usage is almost an extension of your mind: containing notes, photos, messages, etc. That it's protected with a password which would require compelling self incriminating speech for makes it even more troublesome to acquire.
I've seen that argument while reading up on the current state supreme court cases, but I disagree that it's more like searching your mind than searching ahouse is. To mirror your examples, a house may have handwritten notes, photos, and voicemail messages (well, if it still has a landline) all of which can potentially contain incriminating evidence. Yet we compel people to grant entry to an officer with a search warrant.

As to the protection afforded by a password, a house is protected with a lock and ordinarily someone cannot compel you to grant them access, which is what the warrant is for, stating that they have reason to believe there is evidence on the premises.

If we want to say, "But unlocking a door doesn't require speech while telling someone your password does" then fine, silently punch that password into the device.

Mainly I'm looking for problems with this in the vein of "If we install backdoors into our software, that compromises security for everyone and grants unprecedented surveillance power to the government". A hand-delivered court-issued warrant to the owner of an individual device seems like a promising compromise to let law enforcement get on with investigating specific crimes without broadly crippling everyone's security in the process.

Slightly tongue-in-cheek: what if the password itself is an admission of a crime?
t3H_b0dIE$-R_unD3r-T3h_p4Ti0
What if you "forgot"? Do you imprison someone for forgetting their password?
They do and has been done before.
Creating a barrier to entry makes it harder for the government to use it for prosecuting frivolous crimes.
Law enforcement is very capable of getting into phones. They have always managed to do it in the end but want a backdoor from the manufacturer as it is expensive and inconvenient for them.
Luckily they seem to have no concept of timing. Why they think they can get away with something like this when trust of the police and authorities is so low is beyond me.
They're hoping we're distracted by the virus / riots / rhetoric of spooky criminals.
How often will this stupidity come up? Looks like some never learn.
A criminal could use a service provider which isn't located in the U.S. or peer-to-peer communications. Only stupid criminals and the general public will be hit by this.

Is this a last ditch effort for a Law & Order Bill prior to the election?

I suspect so. Never mind that it wouldn't really work – politics is a game where scammers get away with impunity.
What's the tally on support? Otherwise it's difficult to know whether this bill is symbolic or serious.
Sometimes I wonder if politicians are trying to get us to not vote for them.

Like, what problem is this solving? Are there tons of criminals that are running wild, and if only we had their secret correspondence we could catch them?

And is social media not already some huge gift to law enforcement? Forget about tapping an encrypted line, just follow them on twitter.

The original "warrant proof" evidence was just saying something. Whoever was within 30 feet heard you, but otherwise, it was just gone.
Exactly. Encrypted phones are "warrant proof" in the same way that past spoken conversations, or suspects' brains are "warrant proof".

If memory-enhancing brain implants are developed in the future, it will be interesting to see whether data stored on them will be subject to subpoenas.

They can't catch domestic terrorists who are in the USAF using their existing overreaching surveillance on non-encrypted traffic.

How does breaking encryption get them closer?

https://www.washingtonpost.com/nation/2020/06/17/boogaloo-st...

Easy: it's a bad faith argument.

Most of the stories I've read about terrorists and mass shooters report that they were using bog standard instant messaging, unencrypted e-mail, and social media. Most of these people are not highly technical and do not practice good opsec. Hell Dread Pirate Roberts was pretty technical and still got busted because of bad/lazy opsec, not (as far as anyone knows) because encryption or Tor were broken.

The child porn thing is a bad faith argument too. Child sexual abuse is under-investigated and under-prosecuted already even when the information is there or when actual reports are made. (Adult rape is under-prosecuted too.) They don't do enough to go after child predators using existing tools, so why would more tools matter?

There are some bad fallacies on their part too.

Large amounts of child porn detected equals platform being used on similar scale for producing it / distributing new content / grooming. By playing with equivalence, you can push for tougher policy.

It is under-prosecuted for frankly embarrassing reasons. Tech companies can't submit it on the spot. They have to wait for them to come to them, and have to delete it if they take too long.

GOV: Is it true that your servers hold encrypted data.

AWS: Yes.

GOV: Decrypt it, please.

AWS: Lol all we have is the public keys, bruh.

GOV: Use the public key to decrypt, please.

AWS: Uhh...

"If passed, the act would require tech companies to help investigators access encrypted data if that assistance would help carry out a warrant."

Isn't that already required? If someone shows up with a warrant (presumably signed by a judge and listing the particular things being searched), then basically you need to do everything you can to help them (as you should). Subpoenas are a little different and there's more room to argue about them, but are also important in general. Regardless, if it's encrypted and you don't have the key, then it's a dead end and that's the way things go.

So what is this law really doing? My guess is that it's actually asking tech companies to do something in advance of any specific criminal act, that would somehow preserve private information or prepare it so that it's easier to comply with hypothetical warrants that might be issued in the future against anyone on the platform. That's really a different kind of thing than just assisting in carrying out a warrant.

Handing over data, with a warrant, seems fair. The question is if a law makes it illegal to keep data that you can't decrypt.
It's much worse than the article describes. From the press release:

"Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina) and U.S. Senators Tom Cotton (R-Arkansas) and Marsha Blackburn (R-Tennessee) today introduced the Lawful Access to Encrypted Data Act, a bill to bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior."

https://www.judiciary.senate.gov/press/rep/releases/graham-c...

I haven't read the exact text, but to me 'ending the use of “warrant-proof” encrypted technology' means banning end-to-end encryption, not just "requiring the assistance" of technology companies.

And according to Eric Geller, who is one of the main cybersec reporters at Politico, it DOES require backdoors:

https://twitter.com/ericgeller/status/1275813434123186177

"shall ensure the manufacturer has the ability to provide the assistance"

> Isn't that already required? If someone shows up with a warrant (presumably signed by a judge and listing the particular things being searched), then basically you need to do everything you can to help them

Only to a certain extent if the warrant is being served on the company, i.e. for access to data that they are storing. This sounds like it adds hardware manufacturers who aren’t a party to the warrant, and would also likely require cloud providers to give technical assistance (rather than merely hand over data). The main idea probably being to force Apple to develop a reliable way to break iPhone passcodes (something law enforcement has been unsuccessfully trying to get for years).

> My guess is that it's actually asking tech companies to do something in advance of any specific criminal act

That’s right. From the press release:

> In addition, it allows the Attorney General to issue directives to service providers and device manufacturers to report on their ability to comply with court orders, including timelines for implementation.

In the worst case, this would effectively prohibit un-backdoored encryption capabilities in devices and cloud services in the US.

Sometimes I imagine a secret meeting that happened some decades ago between Republicans and Democrats, dividing up the Bill of Rights.

"Well, we have to at least look like we're fighting for them. If we all just agree to protect the Bill of Rights, then we aren't really working for them. How about Democrats get 4, 5, 7, 8, and 9; and Republicans get 1, 2, 3, 6, and 10?"

"Hey, why do we get the Third Amendment?"

"It was our idea."

(This comment is not meant to be taken literally and I'm sure that others will have a different mapping between Amendment numbers and parties.)

Basically everything is neatly divided between the two political tribes now. If one says they're for X, the other is automatically against X. It's become comically predictable.

The people endlessly fight amongst themselves as the rich get richer.

Divide and rule.

We in tech have to stop thinking that these politicians don't understand or know what they're proposing. Or that they would change their minds "if only we could explain it right". It's not a problem of information.

The fact of the matter is some parties (by which I mean groups, not political parties) have an abiding interest in keeping strong encryption and privacy out of the hands of the population at large. Banning E2E encryption either outright, or through the backdoor (EARN IT act) from major Internet platforms will accomplish this. Therefore, arguments like "You can't ban math" or "The real criminals will just move to platforms that use E2E encryption" don't work.

What's worse, they try and pass these laws using Think of the Children[1]. It's tested, and effective. It works because it's an emotional appeal and most voters are emotional creatures (including me, and you). Like a popular Internet meme says "You can't reason someone out of an opinion they didn't reason themselves into."

Fortunately we can (honestly) use Think of the Children to fight back. Literally every child in the US uses the Internet to chat with their friends and send pictures, write their journal, do their homework, get their grades, and communicate with their doctors or therapists. Weakening encryption therefore endangers every child, risking exposing their innermost thoughts and conversations to the worst sort of people online.

We have to start couching this issue in terms that regular people understand.

"Would you lock your backyard gate, where your children play, with a TSA lock?"

"What if your pediatrician's office told you their doors and file cabinets have a TSA lock on them? Anyone can just buy a key on Amazon, walk in, and rifle through everything they have."

I honestly worry about a future where my children have no privacy. Where any online predator can potentially access everything they say, send, post, or do online. That makes me anxious and frankly, a little angry.

1. https://en.wikipedia.org/wiki/Think_of_the_children

Think of the minority children.

Think of the LGBT children who may want to speak to a safe and established community / therapist confidentially about problems in an abusive household which rejects them for what they are.

Think about all the children who may need counselling during the COVID-19 outbreak who do not need secrecy from family but can't physically attend and don't want strangers peeking in.

By adding minority you unfortunately just made it into a partisan vs a bipartisan issue.
(comment deleted)
You can make it work the other way too.

"Think of the children that want to embrace $RELIGION but happen to live in a den of $DEITYless liberals."

"Think of the children afraid to express conservative views online because of a lack of privacy protections."

While think of the children is a factor, I think without an ongoing moral panic or any evidence of rising crimes against children it doesn’t have the political base needed to spur action one way or another. The political push for backdooring encryption is coming from law enforcement not concerned parents. No need for Congress to look for wide public buy in to pass something like EARN IT or this, what supporters need is to convince people to not care. And the argument that does that is “nothing to hide, nothing to fear”.
(comment deleted)
As the Wikipedia article demonstrates, 'think of the children' is not usually a motivating factor, it is a way of stymieing criticism by implying the opponent is sociopathic and doesn't care about children. It is similar to accusing someone of racism or sexism, in an effort to shut them down. These tactics are all very effective in our currently sociopolitical climate.

Unfortunately, it is almost impossible to use this tactic to advocate in favor of something (rather than against it).

I wish I had a suggestion for how to parry the accusation, but I don't.

I think we have to go on the offensive. We can use Think of the Children to promote legislation that mandates strong encryption on online platforms. It can also prohibit any legislation that tries to incentivize companies to weaken encryption, like the EARN IT act. Maybe the latter will require a constitutional amendment, I'm not sure.

Without a law like this, we're just going to keep fighting the same battle every 4-6 years. They only have to win once, we have to win every time. It's not a fair fight.

I strongly favor end-to-end encryption, but I just don't see 'think of the children' working as an effective message in favor of anything.

I happen to believe that it was protected by the first, fourth, and ninth amendments, but I am not sure it is possible to erect permanent legal bulwarks against ever-expanding federal powers. As an example, the second amendment specifically enumerates gun rights, yet it is under constant assault. The only way I can see to protect this type of individual liberty would be to radically de-scope the federal government, but I don't think that's going to happen.

Again, I really wish I could be more optimistic, but I just don't see any realistic hope.

Do these dolts not realize that their supporters also use encrypted platforms (like signal and telegram) to communicate, especially things that are considered fringe or dissident. One might expect such cluelessness from someone like Lindsey Graham, who is a neocon's neocon, but from Tom Cotton, who is on the Right-wing's preferred side on immigration? Especially, when that position is the sort of position that can get you fired these days?

Madness. I wonder what would happen if the NRA started defending encryption as a second amendment issue, as encryption technology has historically fallen under munitions export control legislation.