Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption Rights Community: Protecting Our Rights To Strongly Encrypt

Posted by samzenpus on from the of-a-like-mind dept.

Lauren Weinstein writes: Around the world, dictatorships and democracies alike are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand. Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by government spokesmen of "aiding" terrorism by not making their users' communications available to law enforcement on demand. Increasingly, governments that have proven incapable of protecting their own systems from data thefts are calling for easily abused, technologically impractical government "backdoors" in commercial encryption that would put all private communications at extreme risk of attacks. This new G+ community will discuss means and methods to protect our rights related to encrypted communications, unfettered by government efforts to undermine our privacy in this context.

26 of 140 comments (clear)

  1. Don't worry about it by Sigvatr · · Score: 3, Insightful

    I can't imagine any scenarios where any government could practically restrict encryption at all.

    1. Re:Don't worry about it by w1zz4 · · Score: 4, Informative

      You cannot restrict it, but you can make it "Illegal to use", like in Cuba.

    2. Re:Don't worry about it by gweihir · · Score: 2

      Or like France. Turns out private use of strong encryption is politely ignored by the authorities in France, possibly because they would have a riot on their hands if they did enforce the ban. And commercial users can get a license.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Don't worry about it by AHuxley · · Score: 2

      The ability of the UK and US to track any networked message removes all anonymity and then allows privacy be worked on.
      A person, brand, company, project can create, compile, sell, offer, use all the encryption it wants.
      A US or UK telco or network interconnect will always be able to track the message from its origin to the destination.
      With a loss of anonymity, privacy is then very easy remove per user or site.
      US and UK network ready devices, networks, tame computer systems are all law enforcement friendly so the layer the user encryption was created on will always be obtainable as designed and sold.
      Plain text, voice, images, a log of network use are just waiting on most big brand US computer systems as designed and sold.
      The ability of law enforcement to collect plain text as entered or when decrypted on a normal user system ensures privacy is never a problem once tasked.
      How a user opts to use a network between two computer systems compromised by design is not really an issue.
      The other plus for a lot of popularized encryption is that it stands out for a US/UK collect it all system.
      Encryption is just the easy way to find a user and then use a waiting trap door or back door in the office, home, network or commercial system or hardware.
      The US and UK will not restrict encryption. The more users feeling they need to find and turn on junk encryption just makes the task of finding people of interest on networks more easy.
      Thats why number stations and one time pads worked well in the past. Its kind of hard to find who listened to an international broadcast.
      But with the direct use of any encryption between two sites that task is now very easy.
      With anonymity gone, plain text is just a network request to a law enforcement friendly OS.
      Wise Western governments should fund, offer grants to all encryption products, experts they can find. Create front companies and fund tame academics.
      It makes finding interesting people so much more easy on all networks when they use known encryption everytime.
      Restricted encryption historically was a tool to drive people onto the tame encryption over generations.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Don't worry about it by K.+S.+Kyosuke · · Score: 2

      Strong encryption use just makes a message stand out.

      Unless it's also steganographically encoded in a fashionable selfie. (Finally, a meaningful use for selfies!)

      --
      Ezekiel 23:20
    5. Re:Don't worry about it by K.+S.+Kyosuke · · Score: 2

      You can't really do that, unless you remove the very ability of the communication channel to transfer some information.

      --
      Ezekiel 23:20
    6. Re:Don't worry about it by Anonymous Coward · · Score: 5, Insightful

      They could simply reprogram the internet to block encrypted trafic.

      Good idea - those "e-commerce" and "online banking" fads were just about done anyway.

    7. Re:Don't worry about it by AHuxley · · Score: 2

      Think of the work that went into detecting the use of virtual encrypted disks over time. All that matters is the detection or wider public understanding that the message cannot be detected over a network.
      With detection comes the origin of the message, destination, method used and ability to trap door, back door to get the message before any steganography.

      --
      Domestic spying is now "Benign Information Gathering"
    8. Re:Don't worry about it by Jason+Levine · · Score: 3, Insightful

      If there's one thing the government fears most of all (and no, it's not a group of citizens upset with their actions) it's a riot from companies that lobby them. Block all encrypted traffic and every online retailer (including lots of big name, big lobbying companies) would find themselves unable to conduct business online. Block encryption and banks wouldn't be able to fulfill transactions online. Block encryption and health care companies couldn't show you medical information online. All of these sectors would send lobbyists on a "Seek and Destroy" mission should any such bill ever be seriously considered.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    9. Re:Don't worry about it by AmiMoJo · · Score: 4, Insightful

      Strong encryption use just makes a message stand out.

      Years ago when Bittorrent first started encrypting traffic there were loud complaints from GCHQ and MI5 about how it was making their lives much more difficult. Previously encrypted traffic stood out and helped them, but suddenly the (bit)torrent of encrypted data was making it difficult to separate interesting traffic from pirated music and TV shows.

      I'm sure they have upped their game since then, but the basic principal is sound. If everyone starts to encrypt everything all the time it becomes much harder to figure out what is interesting. It also makes them waste resources trying to store or decrypt data that turns out to be worthless. Fortunately for us more and more apps implement encryption by default.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    10. Re:Don't worry about it by cfalcon · · Score: 2

      This would fail for technical reasons. You could transform any piece of encrypted text into a larger piece of text that appears unencrypted, and this would happen just about immediately.

  2. Slight correction by reboot246 · · Score: 5, Insightful

    The first sentence in the summary needs a slight correction.

    It reads, "Around the world, dictatorships and democracies alike are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand."

    It should say, "Around the world, dictatorships and democracies with governments wanting to become dictatorships are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand."

    1. Re:Slight correction by lkcl · · Score: 3, Interesting

      It should say, "Around the world, dictatorships and democracies with governments wanting to become dictatorships are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand."

      about six or seven years ago i used to go a lot further than that, but at the time people disregarded what i said as being completely outrageous. times change.... let me reiterate it by way of parallel example.

      this sentence "Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by government spokesmen of "aiding" terrorism"

      should read "Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by terrorist spokesmen...."

      i believe it was joseph goebbels, hitler's right-hand man, who said that the way for a government to get what it wanted was to terrorise people by making them think that they were no longer safe in their own homes. that if they didn't cecede power to the goverment then someone who was beyond the ability of the government to control would possibly kill them in their own beds, or on their way to work, or would kill their children on the way to school.

      this strategy is one that governments today are fully aware of (they saw how effective it was for stalin and hitler and mussolini after all), and they are quite happy to copy it. unfortunately, when people fully trust their governments and cecede all power to them, historically we've seen how quickly things can flip to become very very dangerous. the problem is that i don't see how, when power is ever so slowly eroded in small incremental steps, it is possible to reverse that situation for people's benefit, without a very large event occurring (such as a bloody riot or a civil war). maybe it's possible now, peacefully, with the internet the way it is, and with organisations like avaaz, al jazeera, 38degrees and more: i don't really know. should we have faith in people and the way the internet works, now?

  3. If no secrets should be kept from the gov't.... by mark-t · · Score: 4, Insightful
    ... And one who has done nothing wrong should have nothing to hide, then why do government workers wear clothing while working? After all, clothes cover up the body, and if you wear them then you are keeping something hidden fom those around you. Is there something wrong with their bodies that they feel they should cover them up?

    The question is, of course, rhetorical. One generally wears clothes around other people not because there anything (necessarily) wrong with what is underneath the clothing, but because they cover something that most people consider private.

    --
    File under 'M' for 'Manic ranting'
    1. Re:If no secrets should be kept from the gov't.... by Anonymous Coward · · Score: 3, Insightful

      Within the physical world there are always ways to bypass locks if you have enough time, resources and lawyers. The government doesn't need lawyers and their time and resources are quite substantial. In this case no matter how much you want to lock something up they have a blowtorch, dynamite, nitroglycerin, or nukes to make sure they can bust it open.

      Encryption is different because they don't have enough force to break the lock. These are sociopaths that are used to getting their way and having the upper-hand in every situation so it scares them that they can't beat this. They've been handed an impossible problem and now they're throwing a hissy-fit demanding that impossible problems are illegal.

      Watching the gymnastics going on right now is quite revealing. They're going to quite some lengths to make sure they can have access. Ask yourself one question: They're throwing so much at this one lock, so how many locks have they already broken? All the things we thought were safe from prying eyes probably aren't.

      I just hope their uber spy center doesn't get hacked or the whole world is hosed.

    2. Re:If no secrets should be kept from the gov't.... by Anonymous Coward · · Score: 2, Insightful

      > And one who has done nothing wrong should have nothing to hide,

      Privacy is essential for creativity, otherwise a chilling effect of self censure takes place. Take a look at the old Soviet block in Eastern Europe - generations of broken people, stunted to the emotional level of development of children that expect the state to care for them. They have no political ideas, no activism.

  4. Baffling.... by Dega704 · · Score: 4, Insightful

    Lets pretend for a moment that government-mandated backdoors don't violate our 4 amendment rights eight ways till Friday and really will be only accessible to government agencies. (Background sniggering) Stay with me guys. Let's say their birthday wish is granted and all of the big tech companies implement backdoor decryption that only they can access.

    Do they really think a single @#$%ing terrorist or criminal with half a brain is actually going to use those services instead of other alternatives? Maybe the next part of their amazingly forward-thinking plan is to convince Richard Stallman to bend a knee and put a backdoor in GnuPG.

    1. Re:Baffling.... by Obfuscant · · Score: 2

      Let's say their birthday wish is granted and all of the big tech companies implement backdoor decryption that only they can access.

      (Outright laughter.) You haven't been paying attention. There is no wish left to grant. It's already done.

      One of those two major corporations listed in the summary provides system encryption for their users to protect their data. They also can undo that encryption whenever they want to. A friend's Mac Book was set up to encrypt his data, and to make a long story short, when his employer needed access to it the local Mac store was able to turn off the encryption for them. Whatever safeguards they currently have now to limit who can get the encryption removed are just policy writ on paper. The technical fact is that users of those products who think their data is safe because it is encrypted are living a pipe dream.

      Maybe the next part of their amazingly forward-thinking plan is to convince Richard Stallman to bend a knee and put a backdoor in GnuPG.

      I have discovered an algorithm which can be used to decrypt any content protected by assymetrical key encryption, but the margins of this posting not large enough to record it here.

    2. Re:Baffling.... by mlts · · Score: 2

      It may not be much assurance, but one of the head devs of BitLocker did state that there are no backdoors in it. Does that mean there are? Game theory might apply:

      If there are none, life goes on.
      If there is one, it will get discovered, BitLocker tossed out the window by every company in the world, replaced with something that is vetted like TrueCrypt or its descendants.

      Plus there are levels of law enforcement. Interpol/FBI is one thing. The local HOA trying to be nosy and use a civil action to get into someone's machine because they think someone had five guests when the limit is four... not so much. If there were a backdoor, the hand wouldn't be tipped unless it was a high value target.

      As for a recovering a MacBook's data, there are a number of variables involved. If someone (the previous employer) had access to an admin user, they could easily slip in a recovery key. Then, even though the key can't be used at boot time, the MacBook can be booted via target mode and the drive mounted on another Mac using diskutil.

      If the MacBook was completely independent and wasn't compromised via the network, it seems quite dubious that someone's employer could seize their computer, take it to a local Mac store, and a magic button be pressed to decrypt it. If this were so, there would be a hue and cry from MacRumors to CNN about this.

      Not to say this impossible, but it falls along the lines of improbable.

  5. It's not about strength, it's about Free Speech by Anonymous Coward · · Score: 2, Interesting

    This isn't about strong encryption. This is about encryption. This is about talking in code. This is about art that is too subtle for anyone but those who hold sufficient intellectual keys to understand. This is about telling twins that the weird childhood language they developed is criminal because the feds don't have a decoder ring for it yet. This is about Holmes zone of lawlessness in his handwritten journals stored in his some, leveraging fourth ammendment protections to more efficiently kill more people. This is about liberty having a price. This is about the good aspects of democracy requiring an unfettered conversation of free speech to achieve the best ends for its constituents.

    Jesus Christ, they can fscking implant passive radar reflecting bugs in usb ports and cables, and cut through buggy ass closed source firmwares like a hot knife through butter. This is Orwellian theatre. This is a bad joke. This is about entrapment, temptation, sin, and religious blackmail throughout the ages past and the ages to come. Wake up folks, read between the lines. The new normal is colorblind gender-neutral corruption. But who knows, maybe with a few more decades of progress towards eradicating widespread casual spousal abuse, maybe we can get to work on sane understandings of cybersecurity for the masses. But they aren't ready to understand yet.

  6. Let's discuss privacy on ... by CaptainDork · · Score: 2

    ... fucking G+.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Let's discuss privacy on ... by 93+Escort+Wagon · · Score: 2

      It's security through obscurity!

      --
      #DeleteChrome
  7. A privacy oriented group hosted at Google! by chihowa · · Score: 2, Insightful

    The last sentence of the summary was awesomely qualified:

    This new G+ community will discuss means and methods to protect our rights related to encrypted communications, unfettered by government efforts to undermine our privacy in this context.

    They had to really stretch that sentence to get around the irony of hosting a privacy advocacy group on Google's servers!

    --
    If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  8. The right to NOT encrypt by Anonymous Coward · · Score: 3, Insightful

    What about the right to NOT ENCRYPT everything and still have privacy? The right to expect your spook agency to work to protect your privacy right from spying by foreign countries?

    No just foreign countries too. Why should the existing government be able to spy on every up coming politician, political campaign group, journalist, MP, congressman? How is it any of the governments business to watch the communications of its citizens and opponents?

    This "you are all terrorists" ergo we spy on you, and "we are all good" ergo we spy in secret with secret laws and secret interpretations of words, how is this defendable?

  9. G+? No. by Foresto · · Score: 5, Insightful

    You had me until you said you plan to use Google+. Bye bye.

  10. Same old same old.... by erp_consultant · · Score: 5, Insightful

    This is the same tired argument used by the government to "protect us" against "terrorists". And thus the birth of the TSA and Homeland Security. Another bloated bureaucracy that has been an abject failure by every measure. Billions of taxpayer dollars wasted every year and the "war on terror" is no closer to being won than the day it started. Kind of like the war on poverty, but that's another topic for another day.

    I don't trust the government having this information and I sure don't trust them to secure it. Just ask the 21.5 million people that had their personal information stolen from government servers recently at the Office of Personnel Management (OPM). Vulnerabilities on those systems were known since 2007 and yet nothing was done to fix it. As usual, the initial breach was downplayed and otherwise covered up.

    So by my count the government:

    a) ignored reports that the data was vulnerable
    b) did nothing to protect it
    c) lied about the true scope of the attack and
    d) tried to cover it up after the fact.

    And I'm supposed to trust these clowns to have encryption back doors so they can snoop around with my private data? Not bloody likely.