23 comments

[ 4.8 ms ] story [ 62.7 ms ] thread
I call bullshit.

The US DoJ might say they want end-to-end encryption, but only so long as it doesn’t interfere in any way, shape, or form of whatever they want to do to people in their prosecutions and persecutions.

It's too bad none of these fascists are elected; we can't simply vote them out of office.

Edit: Use your words; your downvotes just tell me that you support nepotism and corruption in bureaucracies.

They’re chosen by elected officials.
Please, use more words: How do we vote them out of office? How do we recall them or call for votes of no-confidence? You seem to think appointments by elected officials are themselves elections, but there's several hundred years of constitutional democratic history suggesting otherwise.
Once voted in they can pretty much do whatever they like for 2-5 years. All part of the current system of enslavement.
"We recognize that strong encryption is vital to the functioning of society. That said, we demand access to all encrypted communication because - Just Think of The Children."
Privacy is the best defense of children against groomers, so it is a one-sided perspective to begin with. That people are able to communicate in confidentially in private is a fact governments must come to terms with quickly.
What are the odds that big tech and big brother are in bed creating a huge dog and pony show to counter the post-Snowden “going dark” reality?

Given: The public knows about mass surveillance. Big tech deploys supposedly unbreakable end to end encryption. The public feels more safe and protected from Big Brother yet again.

Theory: Meanwhile, behind the scenes, government and big tech have, in secret, the ability to recover such encrypted comms. The DOJ initiative would then be part of an elaborate psyop to further deceive people into believing that FB “has their back”.

I’m going to guess that third parties have extensively reverse engineered apps such as fb messenger to ensure that it is essentially impossible for the above to be the case, since E2EE occurs at the endpoints.

Can an encryption expert weigh in here?

Edit: this also raises general concerns I have about trusting an App Store to install what is supposed to be installed, and not a backdoor’ed version of an app. Something like: Let the reverse engineers have an unmodified app, while distributing alternate versions to other unsuspecting users.

Also, odds that the govt has secret radically advanced quantum computing tech and does have a QC to recover using Shor’s? (Yea, probably unlikely as it would takes millions of qubits to achieve this..)

How long before lattice based crypto is sufficiently vetted for wide deployment?

Are downvotes on both of my comments warranted? Such a theory is worth exploring, yes?

Edit: this comment was downvoted almost instantly as well.

Censorship is alive and well, even here.
I don't understand it. Their conclusion says "we challenge the assertion that safety cannot be protected without compromise," which the way I read it means something along the lines of "we believe it is possible to protect public safety without compromising privacy." But the rest of the letter seems to imply they want to find a way to in fact compromise that privacy.
They should send patches to Signal and Matrix. We do not know how to implement an encryption-based communication system in the way they request.
Then they should explain explicitly how this can be made to happen. As sibling says, patches welcome.
Yep, they are gonna use "child porn" as their trojan horse excuse to pass legislation to put back doors in all encryption or face arrest. You can bet the trusted apps will move offshore, doubt Telegram who is already offshore will ever concede to this. Also, an attempt to gain access to cryptos as well.
How do they envision this working and yet protecting communication in oppressive regimes? Facebook can't very well offer the US the ability to pierce the encryption veil then beg innocence to the Kremlin when it wants access.

Of course, decentralized open source solutions in this space will always dominate. The oppressive governments can attack big tech economically. The Kremlin can shut facebook down in Russia if they won't give a back door. Whereas volunteer devs with no expectation of profit are immune to that kind of attack. Even better if there is no defined server to block.

I say this as someone who is not generally super enthusiastic about open source, not decentralized tech, nor is anti- big tech. This just seems like an area where big tech cos cannot compete efficiently.

Maybe they just think that Facebook should not be operating in countries with lots of corruption or oppression? And maybe they have a point. Maybe it is not possible to run an ethical communication business in a place that criminalizes what we value as protected speech.

Anyway, I doubt they will be able to accomplish this goal by asking nicely. They will need to pass a law and then there will need to be a fight about whether the law is constitutional.

Exactly. This is an impossibility.

A “lawful request” is determined by whatever state has jurisdiction. As they say, encryption is vital to human rights activists in China or democracy supporters in Belarus, however it would be destroyed because these countries can indeed make “lawful requests” for the information.

For thousands of years, humans have been allowed to communicate privately with each other. We should not regress that. Criminals will always exist and we should do our best to identify and bring them to justice, but not at the expense of free society.

as was flagged to death earlier this week: DOJ is 100% capable of embedding humans deep within criminal enterprises that pose genuine security risks to the federal government. Combine that with regular old-fashioned things like those novel legal devices called "search warrants", and FBI does just fine at getting inside secure comms without fundamentally lying about the nature of mathematics at the same time.
Maybe we need to advocate for changes to US law such that citizens maintain their expectation of privacy when sending messages through third parties. Then it would be like it used to be when law enforcement needed a warrant to obtain an individual’s communications, which is then served to that individual rather than to a third party communications provider.

Also, it seems like it’s time to remind everyone that only totalitarian governments want to read everyone’s mail all the time to look for crimes. Our bill of rights expressly forbids this. I really don’t understand why the DOJ would write a letter like this that to me, a layman, reads like it is plainly in violation of the 4th amendment.

From the Cypherpunks FAQ (1994-09-10) [0]:

  8.3.4. "How will privacy and anonymity be attacked?"

  ...

  - like so many other "computer hacker" items, as a tool for
    the "Four Horsemen": drug-dealers, money-launderers,
    terrorists, and pedophiles.

  ...
See also "Four Horsemen of the Infocalypse" [1], "Crypto Wars" [2].

--

[0]: http://groups.csail.mit.edu/mac/classes/6.805/articles/crypt...

[1]: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...

[2]: https://en.wikipedia.org/wiki/Crypto_Wars

I wonder if there would be a way to make an argument that would appeal to the public just the same: We can't add backdoors to encryption because it would endanger our children!
Check out Sam Harris’s podcast “The Worst Epidemic”. It’s hard to listen to, but gives another perspective about this issue. Also it has some ideas about where encryption is perhaps more benign (e.g. WhatsApp) and where its introduction would increase exploitation of children (e.g. Facebook Messenger).