When this happens people still will be able to transmit encrypted end to end messages, just they will have to encrypt them themselves off platform. I wonder how quickly this is going to be illegal and when algorithms to conceal true message in a regular text that makes sense will be more widely available.
We are getting closer to thoughtcrime being a thing
Apparently US government never learns. As Schneier puts it, it will become a tool for criminal organizations in the end. I can't wait for this to become the norm and absolutely everybody would be able to spy on everybody. Then you'll have the equivalent of your nosy neighbor that sits on window, having nothing else to do all day, and just watches what happens on the street. Then you'll see how fast this law will go out of the window when the elected ones will see none of their secrets are secrets anymore.
How, would manufacturers make special edition phones or software especially for the wealthy and powerful? It can't be just a switch or people would either find a way to flip it to either close the backdoor on regular phones, or to open one on those "special" editions.
And what's stopping anyone from simply downloading or buying the "worldwide" version of software of devices which presumably have no known backdoors?
You didn't address the point or at least your answer is parallel to your original comment. What would "the wealthy and powerful" do that I can't? What encryption will they have exclusive access to?
> the “elected ones” will keep using crypto because laws don’t typically apply to the wealthy and powerful.
Sectéra phones/modules never made it outside of mandated government use because encryption (and security in general) only works if it's there on both ends and people want to use it. So pretty much the only option is with software on top of your smartphone of choice (like POTUS and the hardened Blackberry with encryption software on top). Already both presidents and presidential candidates alike repeatedly bypassed security measures in the interest of comfort and usability. In fewer words people want their iPhones (Samsungs? whatever) and they don't want to only talk to people who also have "the special phone", rather just a piece of software.
So I can't really see how "the wealthy and powerful" would have exclusive access to that encryption and make any meaningful use of it. Good encryption options are like backdoor keys: once they're out there sooner or later everyone will have access to them.
This is correct. An colleague of mine used to brag about his "black phone" to the point of obnoxiousness. After one of his "look what I have!" spiels, I asked him to initiate an encrypted call with me. He couldn't, of course, because I don't have the same phone. Then I asked him who he knows that does have one, and requires him to use more security with them than for every other call he made every day.
Ah, Nobody. Sylvia wrote a catchy song about her back in the early 80's.
On one hand, I don't believe citizens should have the ability to protect communications (or anything, really) from a lawful warrant. It is obvious that the right to privacy is not a right to perfect forward secrecy. If there is a tool that achieves this I'm not convinced it should be legal to use.
On the other hand I trip up over the whole "lawful warrant" thing because of the long history of abuse.
Someone smarter than me should tell me what to think.
The individual and the society are always in tension.
The truly nefarious are going to use things like one-time pads and couriers anyway.
I'd fall short of calling this "security theater" (like the TSA) but flawed crypto seems more along the lines of keeping honest people honest.
Once the flaws are inserted in the crypto, then it's only a matter of time until Bad Actors figure out how to exploit the flaws.
It's not the first time that harm has been done in the name of good. But the technically savvy need to get the word out: this is not a "solvable" problem, and the optimal choice is to let crypto be crypto, if the individual citizen matters at all.
What if everyone in the world, right now, could produce supersmallpox or craft a nuke (or, given sufficiently-advanced technology, do something else for which the same technology offers a poor defense compared to the offense)?
Wouldn't the only chance for survival entail a daily, warranted scan by the thought reader of everyone to ensure nobody was tempted to do it? (Or, better, omniscient surveillance.)
The point here being that the "1984" route is a valid (if not ultimately preferable) choice in this philosophical fork in the road.
(Also, rest unassured, I hate having this opinion.)
What if the communication were stored on a digital device, embedded in a person's skull, which they were able to interface their brain with?
That may sound like an unrealistic scenario, but there are already people with medical implants that record digital data, and there has been a case of using Fitbit data to help convict someone:
Interesting question yourself. I am not a lawyer, but: I think this would hinge on the definitions of "compelled" and "witness" in the fifth amendment. I think the courts would rule that being "a witness against himself" would require synthesizing thoughts into a statement then made under oath. I think searching thoughts would be considered a search.
It would be interesting to see how the courts would handle the fact that many thoughts are fleeting and not indicative of belief or intent.
Don't they already do that? Mics at long range, informants wearing wires, bugs in peoples houses, etc. Its not like whispering is a legally protected class of talking.
So then why do they need weak encryption? Just do the same thing to capture the data at the endpoints, or use those methods to get the user's passphrase.
You cannot rewind your speech to hear what you wispered two years ago or do a quick search to see everyone you have ever wispered to. Without secure encryption the collection and storage of data by the NSA will give them those capabilities on data. So in your scenario it would be like always having a mic pointed at you, always being followed by wired informants and having everything around you bugged.
Sure, if there's serious interest in you, there might well be high tech listening devices, lasers watching vibrations on glass windows, bugs, etc. But that's expensive, equipment, people in white vans, etc.
But what if the government can listen to every whisper in every ear? Dragnet surveillance could serious damage society. If this was available decades ago it might well be used to criminalize things like being gay.
Criminals will keep using real crypto, even if it’s illegal, because they’re criminals. The public will get bad crypto and fall further victim to crime and mass surveillance.
It’s a terrible idea and it’s pretty much as simple as that.
That's a real oversimplification and self-serving...
It's true that this is a horrible idea, but for different reasons. Criminals first of all don't necessarily use encryption, because apparently even these days they get the drop on terrorists because they don't use proper encryption. But also if, as you say, ONLY criminals are using true encryption, that makes it a hell of a lot easier to identify and survail them. The NSA's biggest problem is that they have so much data that they can't find anything useful anymore, and its not getting any better. It would help them A LOT if they knew that people who have something to hide, break the law and use encryption.
On the flip side, this opens the door to mass hacking by criminals and foreign entities, which is why this is a fucking terrible idea. Not to mention that it basically destroys privacy and fosters mind censorship, because people will be afraid to search for what they are looking for.
A warrant allows law enforcement to bypass laws against trespass and theft in order to get information. I has never allowed them to bypass the laws of physics.
If you say something to someone before they get a warrant, the warrant can't give it to them because you didn't write it down. If you write it down but then destroy it before the warrant is executed, the warrant can't give it to them because it no longer exists. If you write it down but keep it somewhere they don't know where it is, the warrant can't give it to them because they can't find it. If you write it down but it's encrypted, a warrant can't give it to them because they can't decrypt it. These are not different scenarios.
People like to make out as if encryption has changed things to make it harder, because now more things will be encrypted! But the things that are now being encrypted were historically never written down to begin with. If you made a phone call in 1970, your ordinary phone didn't automatically record it in case the government wanted to execute a warrant later. If you send a text message today and your phone records it but the record is encrypted, that isn't any worse for them than if it didn't keep a record -- it's better for them, because if they can get your passphrase then they can get access to it. Historically they had nothing.
Now they want even more, even if it it allows criminals and corrupt officials to ravage everybody and sets a profoundly dangerous precedent for totalitarian regimes, with the corresponding technical changes to popular infrastructure.
It is debatable if it is a crime (at least in the US - there were cases that said that upskirt photos, even of children, are protected by the 1st amendment) but even if it is then it is an instance of a victimless one.
The power of the government to issue warrants has never (in the US constitutional system) implied a limit on freedom so that people may only possess things (including forms of communication) that are practically amenable to discovery of meaning by way of search via a warrant.
It just means government can, with legally sufficient justification, seize something. It's their job, if they want to understand it, to find a way to do it. Restricting communication to means which are easily subject to correct interpretation when seized is a violation of the First Amendment right to free speech and also exposes people to security risks from threats other than the lawful government, since if it can be compromised by a lawful seizure by government it can be compromised by an unlawful seizure by any other party.
I don't think you should have been downvoted so much. It's smart to recognize an internal-to-self conflict and ask questions. I don't think 'Someone smarter than me should tell me what to think.' is a good endpoint though. Expert opinions are very important to the decision making process, but, I would suggest to never give blanket access to another over your own thoughts. It sucks to be wrong sometimes, but, just keep thinking and trying, and I think the journey will be beneficial.
( Sorry for how weird that all sounds, I wanted to respond, but I'm not sure how to best phrase my thoughts here )
All these lawful warrants are pretty cool until the administration issuing them gets compromised. The thing is this has already happened and criminals at the top are now looking for ways to cement their power and prevent any competition. I believe the anti encryption laws will be used against politicians who dare to change things.
All these laws are rarely good faith laws, but mostly are "rules" set by your older brother: he wants you to behave a certain way, but obviously has no intent to follow the same rules. So if we look at the proposed "law" thru this prism, we see "some senators deliver a message from the bigger players that those don't like that common folks can hide their communications and want to end this practice."
US Senators are at the executive top-of-the-food chain in a complicated social game of "can / cannot" and "should / should not", so US Senators can propose things that are not in the interest of individuals, despite being individuals themselves. US Senators (mostly lawyers) decide that law is "good enough" to be used to control technical behavior.
A major, major problem with locks and technical solutions is, that they keep un-trained people out, trained people must jump through hoops, but the implementors have special insight and resources in how to break it. Therefore, the implementors get special powers that individuals do not have, trained or not trained. Once again, US Senators believe that the implementors are "good enough" to be useful, given that errors, omissions and yes, crime, will occur.
The end result is, from the point of view of the individual writing this, is that implementors have special powers over individuals moving forward. This may or may not be a bad deal. Historically, humans have victimized other humans at astounding rates, including incentiving others to do the same, sucessfully. So, do you an individual, or you a responsible organization leader, believe that these particular implementors will be special over time and not use this power to victimize others?
lastly, throw in the murkier sides of "legal" and "victimization" .. Famously, most everything done in 1930s Germany was legal, at each step, encapsulated in the derogatory term "little Eichmann"
edit- over time, technical solutions will break or be leaked, and then all the "should / should not" is irrevocably out of the equation.. this last part is often what is referred to by technical analysts.. the chain of responsibility becomes un-fixably broken "when" not "if"
> The end result is, from the point of view of the individual writing this, is that implementors have special powers over individuals moving forward. This may or may not be a bad deal. Historically, humans have victimized other humans at astounding rates, including incentiving others to do the same, sucessfully.
Giving some group "special powers over individuals" "may or may not be a bad deal"?
If men were angels, no government would be necessary. If angels were to govern men,
neither external nor internal controls on government would be necessary.
In framing a government which is to be administered by men over men, the great
difficulty lies in this: you must first enable the government to control the governed;
and in the next place oblige it to control itself. A dependence on the people is,
no doubt, the primary control on the government; but experience has taught mankind
the necessity of auxiliary precautions.
The article’s title is “New US Bill would require makers of encrypted devices to leave a backdoor” which reads much less like propaganda than the current HN headline of “Senators propose lawful access to encrypted data.”
Both titles are accurate-but-biased representations of the same subject matter. I agree with your bias, but I think it's a mistake to identify one as propaganda and not the other.
This is something we should be biased about, and it's okay to embrace that.
Will one of the moderators please change this title to its original "New US Bill would require makers of encrypted devices to leave a backdoor"? The current title ("Senators propose lawful access to encrypted data") is much less clear.
This video: https://www.youtube.com/watch?v=TY6m6fS8bxU about the "meshtastic" project is quite interesting. It allows communication via spread spectrum LORA, which seems pretty hard to intercept.
Ironically, to use it, you currently need to pair the device with a smart phone, but that's not essential.
Even if you honestly wanted to implement this, the real elephant in the room is how to manage multiple jurisdictions. For example, the US government and its contractors routinely use off-the-shelf hardware and software. If China happens to confiscate one such device, would we want to live in a world where they too have exceptional access? If the implementation exists, you're kidding yourself if you think only the US can require it.
If they can indict Assange for hacking conspiracy for a theoretical ability to crack a hash of a password with an unknown and possibly infeasible number of bits of entropy, the only lawful right the US government should have to encrypted data is the infeasible suggestion that cracking properly used secure cryptographic primitives is possible.
The one thing I haven't seen mentioned here is one of the motes that stopped all this in the 90s, open source. And of course the only way to stop open source is to have devices that can't run whatever the user wants.
48 comments
[ 88.7 ms ] story [ 362 ms ] threadAnd what's stopping anyone from simply downloading or buying the "worldwide" version of software of devices which presumably have no known backdoors?
Also, they already make “special phones” for people in government:
https://en.m.wikipedia.org/wiki/Sectéra_Secure_Module
> the “elected ones” will keep using crypto because laws don’t typically apply to the wealthy and powerful.
Sectéra phones/modules never made it outside of mandated government use because encryption (and security in general) only works if it's there on both ends and people want to use it. So pretty much the only option is with software on top of your smartphone of choice (like POTUS and the hardened Blackberry with encryption software on top). Already both presidents and presidential candidates alike repeatedly bypassed security measures in the interest of comfort and usability. In fewer words people want their iPhones (Samsungs? whatever) and they don't want to only talk to people who also have "the special phone", rather just a piece of software.
So I can't really see how "the wealthy and powerful" would have exclusive access to that encryption and make any meaningful use of it. Good encryption options are like backdoor keys: once they're out there sooner or later everyone will have access to them.
Ah, Nobody. Sylvia wrote a catchy song about her back in the early 80's.
On one hand, I don't believe citizens should have the ability to protect communications (or anything, really) from a lawful warrant. It is obvious that the right to privacy is not a right to perfect forward secrecy. If there is a tool that achieves this I'm not convinced it should be legal to use.
On the other hand I trip up over the whole "lawful warrant" thing because of the long history of abuse.
Someone smarter than me should tell me what to think.
The truly nefarious are going to use things like one-time pads and couriers anyway.
I'd fall short of calling this "security theater" (like the TSA) but flawed crypto seems more along the lines of keeping honest people honest.
Once the flaws are inserted in the crypto, then it's only a matter of time until Bad Actors figure out how to exploit the flaws.
It's not the first time that harm has been done in the name of good. But the technically savvy need to get the word out: this is not a "solvable" problem, and the optimal choice is to let crypto be crypto, if the individual citizen matters at all.
There are no guarantees about the people going forward, and the data live on.
Supposing there was a method to read thoughts or memories without physical contact, would you allow police to do so as long as they had a warrant?
edit: typo
Wouldn't the only chance for survival entail a daily, warranted scan by the thought reader of everyone to ensure nobody was tempted to do it? (Or, better, omniscient surveillance.)
The point here being that the "1984" route is a valid (if not ultimately preferable) choice in this philosophical fork in the road.
(Also, rest unassured, I hate having this opinion.)
That may sound like an unrealistic scenario, but there are already people with medical implants that record digital data, and there has been a case of using Fitbit data to help convict someone:
https://www.nytimes.com/2018/10/03/us/fitbit-murder-arrest.h...
It would be interesting to see how the courts would handle the fact that many thoughts are fleeting and not indicative of belief or intent.
Seriously? Should the government have the right to know what I whisper into someone's ear?
But what if the government can listen to every whisper in every ear? Dragnet surveillance could serious damage society. If this was available decades ago it might well be used to criminalize things like being gay.
It’s a terrible idea and it’s pretty much as simple as that.
On the flip side, this opens the door to mass hacking by criminals and foreign entities, which is why this is a fucking terrible idea. Not to mention that it basically destroys privacy and fosters mind censorship, because people will be afraid to search for what they are looking for.
If you say something to someone before they get a warrant, the warrant can't give it to them because you didn't write it down. If you write it down but then destroy it before the warrant is executed, the warrant can't give it to them because it no longer exists. If you write it down but keep it somewhere they don't know where it is, the warrant can't give it to them because they can't find it. If you write it down but it's encrypted, a warrant can't give it to them because they can't decrypt it. These are not different scenarios.
People like to make out as if encryption has changed things to make it harder, because now more things will be encrypted! But the things that are now being encrypted were historically never written down to begin with. If you made a phone call in 1970, your ordinary phone didn't automatically record it in case the government wanted to execute a warrant later. If you send a text message today and your phone records it but the record is encrypted, that isn't any worse for them than if it didn't keep a record -- it's better for them, because if they can get your passphrase then they can get access to it. Historically they had nothing.
Now they want even more, even if it it allows criminals and corrupt officials to ravage everybody and sets a profoundly dangerous precedent for totalitarian regimes, with the corresponding technical changes to popular infrastructure.
It just means government can, with legally sufficient justification, seize something. It's their job, if they want to understand it, to find a way to do it. Restricting communication to means which are easily subject to correct interpretation when seized is a violation of the First Amendment right to free speech and also exposes people to security risks from threats other than the lawful government, since if it can be compromised by a lawful seizure by government it can be compromised by an unlawful seizure by any other party.
( Sorry for how weird that all sounds, I wanted to respond, but I'm not sure how to best phrase my thoughts here )
All these laws are rarely good faith laws, but mostly are "rules" set by your older brother: he wants you to behave a certain way, but obviously has no intent to follow the same rules. So if we look at the proposed "law" thru this prism, we see "some senators deliver a message from the bigger players that those don't like that common folks can hide their communications and want to end this practice."
A major, major problem with locks and technical solutions is, that they keep un-trained people out, trained people must jump through hoops, but the implementors have special insight and resources in how to break it. Therefore, the implementors get special powers that individuals do not have, trained or not trained. Once again, US Senators believe that the implementors are "good enough" to be useful, given that errors, omissions and yes, crime, will occur.
The end result is, from the point of view of the individual writing this, is that implementors have special powers over individuals moving forward. This may or may not be a bad deal. Historically, humans have victimized other humans at astounding rates, including incentiving others to do the same, sucessfully. So, do you an individual, or you a responsible organization leader, believe that these particular implementors will be special over time and not use this power to victimize others?
lastly, throw in the murkier sides of "legal" and "victimization" .. Famously, most everything done in 1930s Germany was legal, at each step, encapsulated in the derogatory term "little Eichmann"
edit- over time, technical solutions will break or be leaked, and then all the "should / should not" is irrevocably out of the equation.. this last part is often what is referred to by technical analysts.. the chain of responsibility becomes un-fixably broken "when" not "if"
Giving some group "special powers over individuals" "may or may not be a bad deal"?
-James Madison, Federalist No. 51 https://www.csus.edu/indiv/f/friedman/fa2019/govt1/schedule/...This is something we should be biased about, and it's okay to embrace that.
I submitted that particular title since I was on mobile and in a hurry, so I converted the URL of 'http://www.androidauthority.com/lawful-access-to-encrypted-d... with two words such that the title would be a grammatically correctish sentence.
No editorialization intended and if I had more time I would have opened a separate tab to load the article, then copy/pasted the article title.
Mods, feel free to correct the title as needed.
Ironically, to use it, you currently need to pair the device with a smart phone, but that's not essential.
Edit: https://www.meshtastic.org/
Even if you honestly wanted to implement this, the real elephant in the room is how to manage multiple jurisdictions. For example, the US government and its contractors routinely use off-the-shelf hardware and software. If China happens to confiscate one such device, would we want to live in a world where they too have exceptional access? If the implementation exists, you're kidding yourself if you think only the US can require it.