Jimmy Wales and Former NSA Chief Ridicule Government Plans To Ban Encryption

Mickeycaskill writes: Jimmy Wales has said government leaders are "too late" to ban encryption which authorities say is thwarting attempts to protect the public from terrorism and other threats. The Wikipedia founder said any attempt would be "a moronic, very stupid thing to do" and predicted all major web traffic would be encrypted soon. Wikipedia itself has moved towards SSL encryption so all of its users' browsing habits cannot be spied on by intelligence agencies or governments. Indeed, he said the efforts by the likes of the NSA and GCHQ to spy on individuals have actually made it harder to implement mass-surveillance programs because of the public backlash against Edward Snowden's revelations and increased awareness of privacy. Wales also reiterated that his site would never co-operate with the Chinese government on the censorship of Wikipedia. "We've taken a strong stand that access to knowledge is a principle human right," he said. derekmead writes with news that Michael Hayden, the former head of the CIA and the NSA, thinks the US government should stop railing against encryption and should support strong crypto rather than asking for backdoors. The US is "better served by stronger encryption, rather than baking in weaker encryption," he said during a panel on Tuesday.

This is in the UK

Incase it wasn't obvious

Re:This is in the UK

[alex67500]

"Hello, My name is David Cameron, MP, and I'm the Prime Minister of the UK. Today I would like to put forward a bill to ban all forms of mathematical science and studies, because they are an essential building block of encryption, and that fuels unacceptable behaviours that we can't snoop on. Pretty Please."

The money quote

[squiggleslash]

Hayden said that losing the first Crypto War on the Clipper Chip did not stop the US government from obtaining the information it needed.

âoeIn retrospect, we mastered the problem we created by the lack of the Clipper Chip,â he said. âoeWe were able to do a whole bunch of other things. Some of the other things were metadata, and bulk collection and so on.â

So... "don't ban encryption, we don't need to!"

Re: The money quote

[WarJolt]

Exactly, just look for the person not leaking data to google and go after them.

if you're dumb enough terrorist to leave your location data on I hope the NSA has you covered.

Re:The money quote

The members of government that want to ban encryption simply do not understand the information enterprise. They were born and raised in a world where that was not a part of their day-to-day mindspace, so they fundamentally don't get it. They especially don't understand how important it is for ordinary commerce, and the economy as a whole.

Government is always about a decade or two behind current technological trends, and often passes laws that do great harm and no good because of this. Eventually (10-20 years too late) those laws usually get corrected. But in an age where technology progresses as fast as it does today, a 10-20 year lag can be extremely painful.

Re: The money quote

don't be a cunt.

Re:The money quote

[Impy+the+Impiuos+Imp]

I was under the impression the Supreme Court had already ruled you can encrypt as the encrypted message is protected speech, too.

That should be the case if not, but I do remember reading that. This was also why the government could get away wth banning export of encryption devices, but not the speech itself.

Re: The money quote

How did you know Google's new motto? The press conference hasn't even been given yet!

Re:The money quote

[AmiMoJo]

They are not proposing a ban outright, they are proposing to ban products that they can't circumvent.

Banks will be able to use encryption because they hand over financial records when asked. Shops will be able to use encryption because they need it and the purchase is logged elsewhere for the government to access anyway.

Facebook, Google and Apple will be banned from using encryption so that the government can simply tap a backbone or two and hoover everything up for later analysis. You won't be able to encrypt your phone unless (every) government (and criminal) is allowed to have a backdoor.

It's best not to straw man this argument. We need more direct arguments against their proposals to make sure that they don't happen, otherwise it looks like we didn't understand them and are thus easy to dismiss and crackpots or idiots.

same as guns

[slashmydots]

So making encryption illegal will stop terrorists from using encryption? You know, the same way that making terrorism illegal stops terrorism. What a joke. It's the same as guns. If you make guns illegal, criminals will still have them. That's why they're criminals. They don't follow laws.

Re: same as guns

Same as abortions. Wait, what?

Re: same as guns

[Coren22]

Sure, before abortions were legal, desperate women would use coat hangers, or go to the local witch doctor.

Re: same as guns

You're right, we should just do away with all laws. Criminals will be dealt with efficiently by citizens' guns -- no more need for police. Just like in the good old West.

But ... gun control in the old west was generally much stricter than it is today. Now why in the world would that be?

Re: same as guns

Cops are all racist murderers.

Only cops should have guns.

Re:same as guns

So making encryption illegal will stop terrorists from using encryption? You know, the same way that making terrorism illegal stops terrorism.

In a way it almost could. If encrypted communications are illegal, then any party encrypting their communications can be easily identified, apprehended, and arrested before anything unpleasant happens. You no longer need to care about what was in the communication, the existence of the communication becomes enough of a crime to pursue.

However this will just lead to a dramatic increase in use of steganography instead of encryption. Funny cat pics will have embedded text and amateur porn videos will have detailed plans etched into the frames.

So, end result, outlaw encryption and you catch a few criminals who didn't get the memo and some encryption fanatics. Anyone worth worrying about will already have a new plan in place, and then we get the politicians trying to find ways to make those illegal rather than do any actual data analysis or espionage.

Re:same as guns

[kbg]

No it's not the same as guns. Guns are physical objects, encryption is not. Encryption is nothing else than a few mathematical formulas. It is impossible to ban thoughts and speech however you can ban guns.

Re:same as guns

The essence of the gun-ban arguments is that the guns will be more difficult for criminals to get a hold of, which means fewer criminals will have them, which means fewer innocent people will die.

It is obviously quite dubious, since criminals that can't get guns will get other means of killing people. And anyway the numbers of lives that are (in theory) saved pale in comparison to the number of people that die from automobile accidents every day. The motivation is not actually saving lives (since there are far more impactful things that can be done for that), but rather, making the world less scary. This is not a good reason to deprive all the responsible gun owners of this effective means of self-defense.

Re: same as guns

You're right, we should just do away with all laws. Criminals will be dealt with efficiently by citizens' guns -- no more need for police. Just like in the good old West.

The point is that laws should be focused on the harmful activity rather than on banning the tools that criminals happen to use. If you make the tools illegal then you are just making good people who might use the tools for legitimate purposes criminals. Making it illegal to use encryption is like saying that it is illegal to lock on your door because it makes it harder to police to search your home.

Re: same as guns

Nice straw man fallacy. Nobody but you said that all laws should be repealed.

Your statement about "the old west" could use some supporting evidence, too.

Re: same as guns

[Chris+Mattern]

Gee, when I went to the local witch doctor, he just told me, "Ooh ee ooh aah aah, ting tang walla walla bing bang."

Re:same as guns

[fred911]

Um... tell that to Phil Zimmerman https://en.wikipedia.org/wiki/... .

Re: same as guns

But there would be a lot less of them. A LOT less. And, yes. Less is better.

Re: same as guns

Sure, until you realized it also meant a lot more dead women of prime child bearing years. a LOT more.

Re: same as guns

You just don't know. Nobody was keeping track. Many of them wound up being suicides. And the successful instances were almost never spoken of. So your claim is just wishful thinking.

Re:same as guns

Gun control actually works in a lot of other countries. Why is the USA so afraid of gun control? Have the terrorists won?

Re:same as guns

Indeed. In fact, a major flaw in that particular gun-ban argument is that even when guns are legally available people who obtain guns with the intention of committing crimes tend to do so through illegal channels anyway, so little would change for them if guns were banned other than a reduced risk of an armed victim. It's the whole only outlaws will have guns thing.

Re:same as guns

[0123456]

Gun control actually works in a lot of other countries.

[citation needed]

Hint: I'll save you some trouble, by pointing out that there's no correlation between gun ownership and crime rates, and the governments of some of those disarmed nations you love so much have killed millions of their people in the last century alone.

Re:same as guns

It is impossible to ban thoughts and speech however you can ban guns.

But the point here specifically is to stop people from killing other people, right?

After all, if only guns are banned, all I need to do is pick up an unbanned kitchen knife and stab you to death, and now my killing isn't a crime or illegal!

But "murder is already illegal!" you say? Well if murder is illegal, then what exactly is the problem with guns?

Clearly murderers are ignoring the laws against murdering right this very moment, which proves murderers will also ignore any gun laws and continue to murder with guns.

Your ban on guns did nothing at all to stop killing.

One has to wonder why you are trying to waste everyones time with another pointless law...

Re:same as guns

[Curunir_wolf]

No it's not the same as guns. Guns are physical objects, encryption is not. Encryption is nothing else than a few mathematical formulas. It is impossible to ban thoughts and speech however you can ban guns.

Right. Works as good as banning drugs, right?

Re: same as guns

Well, the poorer women did. The upper middle class and rich went to "specialists" or out of country.

Re:same as guns

[rock_climbing_guy]

I wish I could agree with you, but I think they actually could enforce a ban against encryption. If encryption is illegal, then Google, Microsoft, Apple, et al can be forced to stop using it. Then whatever small players are left who violate the ban will stick out like a sore thumb. They would then be arrested.

Re: same as guns

[Darinbob]

Did it work?

Re:same as guns

[kbg]

Drugs are not the same as guns. You don't get physically addicted to guns. You are comparing apples and oranges.

Re:same as guns

[david_thornley]

It's fairly easy to tell encrypted stuff from unencrypted stuff. It's hard to tell the difference between strong and weak encryption without actually trying to decrypt it.

Re:same as guns

[Curunir_wolf]

Drugs are not the same as guns. You don't get physically addicted to guns. You are comparing apples and oranges.

You said banning guns would be easier than encryption because guns are physical objects. When I pointed out drugs are physical objects, too, and bans fail, you move the goal post. So... you think the only people using illegal drugs are physically addicted?

I assume you, like most people, don't really want to ban guns, but just provide certain people with a monopoly on using them. More people have been killed by their own government than by any other cause.

Re: same as guns

So if someone kidnapped you, and you woke up to find yourself surgically grafted on to another person (A complete stranger), and you were told that this other person's organs aren't fully functional so he needs to be attached to you for 9 months in order to live. All of this was done completely against your will.

Are you saying you are morally obligated to remain surgically attached to this stranger for 9 months since forcing a removal would kill him?

Re:same as guns

[l0n3s0m3phr34k]

They'd have to arrest everyone pretty quickly, because without any encryption the entire planet's financial system would be compromised and collapse with maybe six months. Russian criminal gangs would OWN the banks overnight, it would be mass chaos. We wouldn't need Tyler Durden, with all financial transactions in the clear.

Re:same as guns

[kbg]

No you are confused. Guns, drugs and encryption are not the same things. Guns are objects designed to kill people, drug is a material designed to give you euphoria and are physically addictive, encryption is a mathematical concept. It is possible to ban or limit guns, it is very hard to ban drugs because once people get addicted their only purpose in life is to get more drugs, encryption is extremely hard to ban because it is a mathematical concept.

What is so hard to understand?

More people have been killed by their own government than by any other cause

And so what? It just means you have a bad government. If the government is trying to kill, you should move somewhere else. Trying to inflict more death by guns isn't the answer. If you are afraid the government will kill you, there is something wrong with your system or you.

Re:same as guns

[Curunir_wolf]

So you're one of those "ban guns" - except for the police, a bunch of bureaucrats, some government officials, approved security people for the wealthy, and other elites that need protection from the unwashed masses that are not allowed to have guns - people.

Re:same as guns

[Zero__Kelvin]

"No it's not the same as guns. Guns are physical objects"

Read my .sig

'nuff said?

In case not, allow me to elaborate. Encryption is performed with some kind of physical object. They won't outlaw the concept, since that is impossible. They will outlaw the tools. You see, it is the same thing as guns. You just haven't thought it through before posting.

Re:same as guns

[kbg]

In case not, allow me to elaborate. Encryption is performed with some kind of physical object. They won't outlaw the concept, since that is impossible. They will outlaw the tools. You see, it is the same thing as guns. You just haven't thought it through before posting.

No it is not the same thing, you just haven't thought it through before posting. Encryption is performed by a computing device. You can't ban computers as a whole, because computers are useful devices for a lot of things. Just like cars are dangerous devices but we don't ban cars because they are designed as transport and are useful in society. Guns are designed for only one thing to kill people, they are not useful for anything else. Now you might argue that you can use guns for hunting animals. Yes but then you don't need to own an assault rifle with a 100 round magazine. At most you should only be allowed to own a shotgun with a maximum magazine of 3 shots and a single shot rifle and with very strict rules about ownership.

Re:same as guns

[kbg]

No I think mostly only the police should be allowed to own guns. Security people should not, if they need guns for something they should call the police.

Re:same as guns

If encrypted communications were illegal, then everyone who ever buys anything online would be instantly hacked and their bank accounts drained. All internet-facing businesses would basically have to go offline because it would be too easy for people to hack them and steal all the info they have on their customers, including payment information, etc.

The first world, as we know it today, can no longer function without encryption.

Incidentally, computer hacking is already illegal, and we cannot today just find and arrest anyone who does it. It won't be so easy as you think to just locate and arrest any person who uses encryption. So apart from the economic catastrophe it would cause, the criminals would merrily encrypt with impunity.

The very ideal of an encryption-free world is ludicrous.
 

Re:same as guns

[Curunir_wolf]

No I think mostly only the police should be allowed to own guns. Security people should not, if they need guns for something they should call the police.

LOL. Okay, dude. You're naive, at best. You trust the police? Apparently you haven't been paying attention lately. The police, who are now using military surplus on people in the streets, that are never held accountable for excessive use of force? The police, which the courts have already established have NO obligation to protect anyone?

Here's a clue for you: this will never happen. Banning guns starts with the debate on who will actually have a monopoly on having guns. It will NOT be "just the police". There are many armed bureaucracies that will NOT give up their guns. The FBI and everyone under Homeland Security, sure. But also the Department of Education (did you know they have their own SWAT squads?), HUD, Health and Human Services, the Department of Agriculture (which also has their own SWAT teams, they use them for raiding illegal raw milk producing farmers, among other things), the State Department (of course), and Commerce (yep, armed). There are numerous state bureaucracies that also have armed teams, including Alcohol bureaus and DMVs. All these folks will NOT be willing to give up guns.

Most private security companies are run and often staffed by military veterans and retired police, and none of them are going to give up their guns. And the wealthy and the elites that hire them will make sure they never have to. Because, yes, your rulers do not want you to have guns, and that's the rulers in government and the rulers not in government. Do you think the banks are going to go along with having their money and assets transported around by unarmed guards? Your government cannot function without the banks, there is no way they will disarm the banks and their security folks. You're going to tell them "Well just call the cops." Good luck.

Of course, we're just getting started. There will be MANY groups clamoring to be part of the monopoly-allowed-to-have-guns, many of them with money and influence, not to mention the weapons manufacturers themselves. One of the few productive exports the US has left is weapons - you think they will give that up? Oh, then you get to try to figure out HOW those powerless, not wealthy, and non influential people will be disarmed, and WHO is going to disarm them. Break out the popcorn - it's going to be fun.

Re:same as guns

[Zero__Kelvin]

"No it is not the same thing, you just haven't thought it through before posting."

Let me begin by saying that you have shown yourself to be a complete idiot, and parroting my words isn't helping your case any. You see, I thought it through. I just understand computers much better than you do apparently. A gun is a barrel, plus a firing pin, etc. An encryption device is, for example, a general purpose computer + software that performs encryption. Barrels aren't banned. Firing pins aren't banned. Metal isn't banned. The banning is of the complete system. Computers aren't going to be banned. Software isn't going to be banned. The complete system will be banned (as there is no other way to do it.) See? No difference.

"Guns are designed for only one thing to kill people, they are not useful for anything else."

You are apparently thinking of the song "Saturday Night Special" by Lynard Skynard, and apparently you didn't get the memo that even they subsequently released "Give Us Back Our Guns." I have really bad news for you, but guns have many other purposes than killing people. Or did you think that all the police walking around you are planning on killing someone?

" Now you might argue that you can use computers for writing documents. Yes but then you don't need to own an encryption program!."

See how that works? For anything you write about guns, I can substitute the encryption machine analog.

"At most you should only be allowed to own a shotgun with a maximum magazine of 3 shots and a single shot rifle and with very strict rules about ownership."

Now you've transitioned into some gun control moron making an argument that is about gun control, when the topic is encryption. Nice attempt to hijack the thread though! Have a nice day ...

Re:same as guns

What a joke. It's the same as guns. If you make guns illegal, criminals will still have them. That's why they're criminals. They don't follow laws.

Actually there's evidence to suggest that criminals actually do follow (some) laws:

* http://www.armedwithreason.com/rebutting-the-criminals-dont-follow-laws-and-gun-control-only-hurts-law-abiding-citizens-argument-against-gun-control/

The main data point being Australia's gun restrictions in 1996. Canada is also right next to the US, and it has much fewer gun-related crimes: Detroit/Windsor is a prime example as the two cities are right next to each other.

Gun control does appear to work.

Re: same as guns

Through the use of a machine, guns can be fabricated using nothing more than mathematical algorithms and expressions as well.

We're just translating from one mediun to another.

Re: same as guns

Because guns are why this country exists apart separately from our bretheren across the pond.

Sometimes, diplomacy fails. Some folks just won't take no for an answer.

At that point, guns become very necessary.

I don't think the world quite grasps the math here. The number of homicides and accidents due to firearms, vs the total number of guns in circulation is laughable.

Death from a dozen other means have far greater inpact, but it isn't sensational to report on heart disease, cancer, car accidents, stroke, or pick a flavor of death here.

Saying guns are responsible for killing people is the same as saying Spoons are what make us fat :|

Re:same as guns

[Boronx]

Not if you arrest them for having them. How hard a concept is that?

Re:same as guns

[rtb61]

One thing about guns that is very similar to drugs, legal varieties of course. Want to reduce their use, then ensure the taxes on them reflect the harm they cause. User pays means the group that users those items, drugs or guns should pay for all the damages caused by those items, no more privatising the profits and socialising the losses. There should be sufficient tax placed upon guns and bullets to ensure that all the damage caused by their illicit, ignorant, clumsy, foolish use is paid for and not by people who do not have or use them. So somewhere upwards of 100% tax and this should apply to used guns as well.

Encryption of course is directly tied to the principle of freedom. A free person owns there privacy, a slave's privacy is owned by someone else. The more privacy you lose, the more a slave you become. Loss of privacy extends to physical sexual assaults (body search), where you are no longer private to your person but others are allowed to molest you, strip you naked and, sexually assault you and you whole family at will, exactly as they would for any other group of slaves.

Only a free person has privacy and a slave never does and that is a core social principle since time immemorial. So slave or free person, you decide who owns your private life, you or some one else, not just information but also your physical person.

Re: same as guns

There's about 300 years of history on the old west, go read it then. Also most of Africa, South America and much of Asia run that way currently too.

Re: same as guns

So, if she is raped, the pregnancy is against her will. Are you saying it is ok for her to abort in that case, but not in any other case? Because if so that undermines the whole "killing a fetus is murder" argument. If not then you are saying that it is ok to force people to support someone else's life against their will (not ok to rape, but ok to force the mother to deal with those additional consequences of rape even if she doesn't want to).

If it is ok to abort when raped, why in the world wouldn't it also be ok to abort when the condom breaks? Or when the woman comes to her senses after a really bad decision?

Your moral position is arbitrary, and as such you have no damn business forcing it on other people.

Re:same as guns

When the seconds count, the police are just minutes away.

Re:same as guns

Do you think the banks are going to go along with having their money and assets transported around by unarmed guards?

Yep. And when the criminals (armed with shotguns because that's all they could get) demanded the money the guards handed it over and lived to tell the police.

The police proceeded to hunt for the criminals and deal to them.

As in NZ, where the argument is whether cops should have a gun locked in the patrol car.

Re: same as guns

... says "Fuck me, fuck me, fuck me" ...

I've never met such a woman, where can I find one? Women rarely admit they like fucking, maybe they're worried about being slut-shamed.

... she wraps her body around yours, thrusts against you ...

She only does that when she's already proven how easy she is. Not complaining, but I've already done the difficult work, so I'm not gaining anything.

Re:same as guns

[goose-incarnated]

No it's not the same as guns. Guns are physical objects, encryption is not. Encryption is nothing else than a few mathematical formulas. It is impossible to ban thoughts and speech however you can ban guns.

Ah. The abstinence approach to guns... Why would you think abstinence works with guns? We've seen it not work with sex. What *did* work in reducing teenage pregnancies was sex education, not preaching abstinence.

Re:same as guns

[kbg]

A gun is a barrel, plus a firing pin, etc. An encryption device is, for example, a general purpose computer + software that performs encryption. Barrels aren't banned. Firing pins aren't banned. Metal isn't banned. The banning is of the complete system. Computers aren't going to be banned. Software isn't going to be banned. The complete system will be banned (as there is no other way to do it.) See? No difference.

Well you could try to do that but since encryption is just math, banning it realistically in any way or form is basically impossible. The difference is that guns are physical objects and that is a lot easier to handle or ban, guns are also a lot harder to create than software. To create encryption you only need a general purpose computer and the thoughts in your brain. To use encryption you only need to download it from somewhere. It's like the difference between a store selling physical counterfet copies of music discs and music piracy on the Internet. The first example is easy to monitor and regulate, the second is almost impossible.

" Now you might argue that you can use computers for writing documents. Yes but then you don't need to own an encryption program!."

See how that works? For anything you write about guns, I can substitute the encryption machine analog

Yes that is correct you don't need to own an encryption program to write documents, but you do need encryption to use the Internet. In the same way you do not need to own an assault rifle to hunt animals, but you do need one to kill a lot of people. In the former encryption is useful for society and doesn't harm people, in the second assault rifles aren't useful for society and harm people. You can substitue encryption for guns in a sentence but since they are not the same thing that doesn't always make sense.

Re:same as guns

[kbg]

Ah. The abstinence approach to guns... Why would you think abstinence works with guns? We've seen it not work with sex. What *did* work in reducing teenage pregnancies was sex education, not preaching abstinence.

That is because sex and guns are not the same things. Just like drugs, there is a chemical element to it that motivates you physically to have sex. You can't ban sex and expect it to just work, because your body (teenagers especially) is constantly pumping out hormones to make you want to have sex. If there was no chemical element to it, banning it would be really easy. In the same way totally banning all drugs isn't going to work in the long run.

I don't see why this is so hard to understand, just because you don't like it, banning or limiting guns is a possibilty.
Let's take a different object like cars. Could you ban cars? Yes you could. You could argue that cars are dangerous and some people even use cars to kill people. But would that make much sense? No, cars are not primarly designed to kill people, they are designed as transport. So usefulness of cars outweigh their detriment in society. Guns however only have a detriment.

Re:same as guns

[goose-incarnated]

Ah. The abstinence approach to guns... Why would you think abstinence works with guns? We've seen it not work with sex. What *did* work in reducing teenage pregnancies was sex education, not preaching abstinence.

That is because sex and guns are not the same things. Just like drugs, there is a chemical element to it that motivates you physically to have sex. You can't ban sex and expect it to just work, because your body (teenagers especially) is constantly pumping out hormones to make you want to have sex. If there was no chemical element to it, banning it would be really easy. In the same way totally banning all drugs isn't going to work in the long run.

I don't see why this is so hard to understand, just because you don't like it, banning or limiting guns is a possibilty.

What's hard to understand is the rationale that because 0.001% of $FOO owners are responsible, we need to take away $FOO from the other 99.99% of $FOO owners. It doesn't matter what $FOO actually is - when you propose that the state bans something that is responsibly used by 99.99% of owners you better have a damn good reason, especially when the numbers show that residential swimming pools have a death rate roughly 4-5 *TIMES* higher than residential fiream ownership.

If you've got a good reason for why you'd want to ban guns but not residential swimming pools when the death rate for guns is lower, I'd like to hear it.

Re:same as guns

[Zero__Kelvin]

"Yes that is correct you don't need to own an encryption program to write documents, but you do need encryption to use the Internet. "

Who the fuck told you that? The internet pre-dates SSL by quite some time. I am not even going to address what you wrote, since it is merely a re-hashing of your cluelessness. Since you clearly can't understand what I'm writing, have no idea what you are talking about, and refuse to learn anything it's time for this sound: Plonk

Re:same as guns

[TapeCutter]

It may no be a gun but encryption algorithms are classed as a "munition" by US/UK/AU. Exporting a controlled algorithm to a foreign country was tightly controlled up until the late 80's - early 90's when Phil Zimmerman released PGP and demonstrated that the export controls could be circumvented by a changing a #define in legally exportable code.

The horse has bolted, the global financial system depends on encryption for their bread and butter. Doesn't matter what a retired IRA supporter thinks.

Re:same as guns

[TapeCutter]

Drugs need not be addictive, eg: dope is generally considered to be non-addictive.

I agree the US has a gun 'problem', you are ~40X as likely to get murdered by a gunman in the US as you are in UK/AU. It's not just about the lack of regulation in the US, it's a cultural thing. Even when handguns were legal here in Oz and sold in hardware stores (yes, I am that old), most people held the same attitude as they do now - "only cowards and crooks need a gun for self defense". The vast majority of Aussies strongly support the current restrictions, and we like the fact that our prime minister can get on a city tram or go for an early morning jog without a small army of heavily armed spooks and bodyguards following him about.Yanks are different, they are more fearful of their own countrymen, and more often than not fear is what pulls the trigger.

Re:same as guns

[AmiMoJo]

So making encryption illegal will stop terrorists from using encryption?

Incredibly it seems that it will, at least for some subset of terrorists.

If you head over to Facebook or Twitter you can find lots of people and groups supporting terrorism and encouraging people to become terrorists, e.g. by joining IS or committing crimes. It seems crazy because surely they must know that it isn't safe, that their private Facebook messages are not really private, but actually the security services don't try too hard to catch people this way because they want the intel that Facebook chatter gives them. If you are going to join IS you probably don't care if MI5/the FBI has a file on you, and it's a fertile recruiting ground.

Often the security services do get wind of this stuff and manage to get the data with court orders. What they want is to ban Facebook from encrypting that data as it passed between the user and Facebook's servers, or between Facebook data centres. They want to use their existing backbone "full-take" taps to hoover it up without having to go to all the effort of getting a court order.

Re:same as guns

[kbg]

What's hard to understand is the rationale that because 0.001% of $FOO owners are responsible, we need to take away $FOO from the other 99.99% of $FOO owners. It doesn't matter what $FOO actually is - when you propose that the state bans something that is responsibly used by 99.99% of owners you better have a damn good reason, especially when the numbers show that residential swimming pools have a death rate roughly 4-5 *TIMES* higher than residential fiream ownership.

Yes it matters what $FOO actually is. It depends on what the thing is used for. Let's do a $FOO=Nuclear weapon, I would think most nuclear weapon owners would be responsible so why ban civilians owning nuclear weapons? What about $FOO=Sarin gas?. You can see your line of reasoning is ridiculous.

If you've got a good reason for why you'd want to ban guns but not residential swimming pools when the death rate for guns is lower, I'd like to hear it.

Because guns are designed to kill people, that's why. Swimming pools are not designed primarily to kill people, they actually have other purposes. But yes if swimming pools have a high death rate it also means we need more regulations for swimming pools and how they are designed and safety concerns for them, but that only means we need regulation for both swimming pools AND guns.

Re:same as guns

[kbg]

"Yes that is correct you don't need to own an encryption program to write documents, but you do need encryption to use the Internet. "

Who the fuck told you that? The internet pre-dates SSL by quite some time. I am not even going to address what you wrote, since it is merely a re-hashing of your cluelessness. Since you clearly can't understand what I'm writing, have no idea what you are talking about, and refuse to learn anything it's time for this sound: Plonk

And that is exactly why the old Interweb was totally unsafe. If you do any online shopping or handle critical documents you need encryption period. Don't let the plonk hit you on your way out.

Re:same as guns

[goose-incarnated]

What's hard to understand is the rationale that because 0.001% of $FOO owners are responsible, we need to take away $FOO from the other 99.99% of $FOO owners. It doesn't matter what $FOO actually is - when you propose that the state bans something that is responsibly used by 99.99% of owners you better have a damn good reason, especially when the numbers show that residential swimming pools have a death rate roughly 4-5 *TIMES* higher than residential fiream ownership.

Yes it matters what $FOO actually is. It depends on what the thing is used for. Let's do a $FOO=Nuclear weapon, I would think most nuclear weapon owners would be responsible so why ban civilians owning nuclear weapons? What about $FOO=Sarin gas?. You can see your line of reasoning is ridiculous.

Did you just equate a single firearm with a nuclear weapon?

If you've got a good reason for why you'd want to ban guns but not residential swimming pools when the death rate for guns is lower, I'd like to hear it.

Because guns are designed to kill people, that's why. Swimming pools are not designed primarily to kill people, they actually have other purposes. But yes if swimming pools have a high death rate it also means we need more regulations for swimming pools and how they are designed and safety concerns for them, but that only means we need regulation for both swimming pools AND guns.

The swimming pool death rate is 4x-5x higher than firearm death rate. There is no "IF" about it - both numbers are on the CDC website (different pages on the same website). If we restrict the stats to children only, then the swimming pool death rate is around 20x the firearm death rate.

Regardless of what $FOO is "designed for", if it is measured, in practice and over the course of decades, to be safer than swimming pools then what it is designed for is irrelevant - it may be designed for killing but if it isn't any more dangerous than a swimming pool then you can't really call it a killing machien, now can you? It kills far fewer people than innocuous equipment.

Re:same as guns

[kbg]

It may no be a gun but encryption algorithms are classed as a "munition" by US/UK/AU. Exporting a controlled algorithm to a foreign country was tightly controlled up until the late 80's - early 90's when Phil Zimmerman released PGP and demonstrated that the export controls could be circumvented by a changing a #define in legally exportable code.

The horse has bolted, the global financial system depends on encryption for their bread and butter. Doesn't matter what a retired IRA supporter thinks.

Yes and defining encryption as "munition" is beyond stupid. You might as well just ban math for all the good it will do.

Re: same as guns

There is a growing split between those Republicans and Libertarian Republicans. I'm not going to tell you how to do your politics, but if you keep pretending that they are exactly the same thing then one day you will be very unpleasantly surprised.

Re:same as guns

If you think all guns are objects designed to kill people then you don't really know anyone on the other side of the position. That isn't a healthy way to go about growing a society or deciding policy.

Re:same as guns

[kbg]

Did you just equate a single firearm with a nuclear weapon?

Yes because that exactly shows why your argument is stupid. Gun nuts like to say that the 2nd amendment gives them right to own *any* weapon with no limitations, even weapons created long after the amendment was written, but then when you ask about a nuclear weapon then of course that isn't in the list. But if the 2nd amendment doesn't have a clause about a nuclear weapon why can't I own one? You can then go down the list and ask about: attack helicopter, missile launcher, tank, land mines, rpg e.t.c

There are obviously some things that a civilian should not be allowed to own, even though most of them would be responsible because the danger is just too much and unnecessary.

The swimming pool death rate is 4x-5x higher than firearm death rate. There is no "IF" about it - both numbers are on the CDC website (different pages on the same website). If we restrict the stats to children only, then the swimming pool death rate is around 20x the firearm death rate.

Regardless of what $FOO is "designed for", if it is measured, in practice and over the course of decades, to be safer than swimming pools then what it is designed for is irrelevant - it may be designed for killing but if it isn't any more dangerous than a swimming pool then you can't really call it a killing machien, now can you? It kills far fewer people than innocuous equipment.

Death rate in swimming pools doesn't invalidate other claims. It's not like we can't put in any laws about guns because people die in swimming pools. No we can do something about all issues. Swimming pool death rate only shows that this is also a issue that can be lowered by having more monitoring and life guards at public swimming pools and other safety regulations for private swimming pools. I can tell you that in my some European countries there are regulations that require private swimming pools to be elevated at a height above the ground, this is so that small children don't fall into them. Swimming pools are useful in society, guns are not.

Re: same as guns

[Runaway1956]

LOL - I can't tell you where to find them. They're all around you. To experience that kind of thing, you've got to be in the right place, at the right time, and willing to play along with whatever her needs are. Halifax, Nova Scotia was memorable. I walked off the ship, gawking around. Someone walked up behind me, grabbed my elbow, and told me that I was coming home with her. Nice looking gal - 6 ft tall - lovely but unusual color from her African-Irish-Iroquois ancestry. Beauty. I told her that i wanted to hit the bars and get a few drinks first. She said that she had all the liquor I could want at her place. I let her drag me home, and holy SHIT, that woman was demanding!

Right place, at the right time. But, I swear, there's one near you right now!

Re:same as guns

Nah, I hear obscurity works pretty well as security.

Re:same as guns

"Swimming pools are useful in society, guns are not." Swimming pools are not useful in a way that cannot be replicated with activities that don't kill children with such a high rate. Anyone with a specific medical need for a pool could go to a supervised facility and probably on most counts should be in a supervised pool. Beyond specific medical needs a pool is a luxury for entertainment just like you view gun ownership.

Re:same as guns

Among all the nations, gun ownership doesn't seem to influence crime.
Among all the developed nation, gun ownership does seem to increase crime.
Among all the US states, gun ownership does seem to influence crime.
Among all the US cities, gun ownership seems to negatively influence crime.
Is it too much to say that we don't really understand it as well as we think we do?

Re:same as guns

[lucien86]

They want to drown the world under these laws..

Re: same as guns

Please, they only used rusty coat hangers.

Re:same as guns

[sad_]

talking about guns... how is encryption a bigger problem then guns and mass shootings?

Re:same as guns

Gun nuts like to say that the 2nd amendment gives them right to own *any* weapon with no limitations, even weapons created long after the amendment was written, but then when you ask about a nuclear weapon then of course that isn't in the list. But if the 2nd amendment doesn't have a clause about a nuclear weapon why can't I own one? You can then go down the list and ask about: attack helicopter, missile launcher, tank, land mines, rpg e.t.c

While I'm sure there exist gun nuts who espouse the virtues of personally-owned MIRV-tipped nuclear missiles, most of those engaged in serious dialogue defending second amendment rights do no such thing. You're pretty much in strawman territory with that claim. If you would simply read the relevant writings of the time by Jefferson, Madison, et al, then you would see that the intent was that the civilian militia (at the time, every able-bodied adult male citizen was automatically in the militia) should be equipped with personal arms analogous to the infantryman's standard issue; indeed the term "well regulated" in its contemporary meaning strongly implies (but clearly does not mandate) that such arms should be substantially similar equipment. Just to belabor the obvious, US infantry soldiers do not have personally issued ICBMs, Apaches, M1 tanks, etc.; they often do not even have grenades issued. Basically, the most dangerous thing you could own would be an M16 - plenty dangerous, but nothing like what's on your list; note that M203s and M249s are squad, not individual, weapons. Fully automatic weapons (e.g., the M16) have been strictly controlled in the US since 1934, effectively very close to being banned. Anything beyond that ban is obviously unconstitutional based on the original rationale behind the second amendment and its straightforward meaning.

Swimming pools are useful in society, guns are not.

Well, you're right about the swimming pools. But nobody's seriously trying to ban them outright, nor limit their depth to one meter, nor claiming that citizens only have a right to them as part of some organized government-approved group. Finally, there is no constitutional amendment explicitly affirming the right to "keep and fill swimming pools". So, perhaps the federal government could ban swimming pools outright through legislation or regulation alone in a constitutionally valid way; personal arms, not so much, at least not in any manner consistent with the constitution.

- T

Banning encryption?

[JustAnotherOldGuy]

Banning encryption seems like the War On Drugs...destined to be an utter failure.

I hate the way most media portrays users of encryption as probable criminals or as being "up to no good". They rarely see that encryption can be a good thing (and usually is, frankly).

But lets not get all "facty" and let reality get in the way of scaring the goobers. Besides, they're too busy posting every detail of their life on Facebook to worry about stuff like that.

Re:Banning encryption?

[zlives]

"destined to be an utter failure" depends what you are trying to accomplish.
I really think what they are trying to do is create a society where you don't have to hide what you are doing and everything is permissible and acceptable. i think that is a noble goal :)

Re:Banning encryption?

[93+Escort+Wagon]

I hate the way most media portrays users of encryption as probable criminals or as being "up to no good".

I have only seen quotes of government officials saying this - not reporters. However if a reporter says this, he obviously doesn't know what the little lock icon on his web browser means while he's doing online banking.

Re:Banning encryption?

Cool, better do away with money first, otherwise I'll grab your credit card transaction from literally thin air and use all of your credit. It's permissible and acceptable apparently. Those little details about commerce are usually the most overlooked when talking about encryption. VPN access into corporate networks and almost all teleworkers rely on encryption every day to keep their work and transactions safe.

You would think that we wouldn't be trying to emulate the authoritarian countries like Iran that ban encryption. You would also think that in the land of the free that anything goes as long as no harm comes of it. .

Re:Banning encryption?

[JustAnotherOldGuy]

I really think what they are trying to do is create a society where you don't have to hide what you are doing and everything is permissible and acceptable.

I sense...SARCASM. Let's check...

Sarcasm Detector activated.....scanning....scanning....sarcasm FOUND.

Scan finished.

Start another scan?

Re:Banning encryption?

... destined to be an utter failure.

As already mentioned, banning the tools will not make anyone safer. Just think how many people would be saved if vehicles were outlawed. We don't because that tool is so ubiquitous that that we tolerate the dangers and crimes arising from owning that tool.

The usual effect of passing some legislation is not reducing the number of criminals: It's making an example out of the people who get caught. When the chance of being caught is high (eg speed cameras), or the crime is difficult to conceal (eg. homicide), laws will change human behaviour (possibly to be smarter murderers). When one makes an example out of people using tool X (eg. prostitutes, recreational drugs, abortion clinics, gay porn), the politicians get the criminals they 'want', because human needs aren't going to change.

... media portrays users of encryption as probable criminals or as being "up to no good" ...

Because they've already decided the outcome. This is why 14 year-old brown male was denied his right to parental supervision, tortured into a 'confession' and dragged away in handcuffs last month: Because at least 3 adults decided that hacking some household appliances was intent to commit terrorism.

Similarly, using encryption, or in my country, owning a gun, is equated to criminal intent. It's the "if you've done nothing wrong" argument, which is really a demand to "prove you're innocent". The "I'm a patriot" and "please think of the children" propaganda is really saying "only sociopathic criminals will disagree".

Re:Banning encryption?

[zlives]

o yea of little utopian faith

Re:Banning encryption?

[JustAnotherOldGuy]

o yea of little utopian faith

I have to admit, my faith in anything and everything is at an all-time low these days. I doubt even the most sensitive scientific instruments could detect what little is left.

Re:Banning encryption?

A transparent society would be great, but people fucking each other over all the time kind of gets in the way of that.

The bottom line is, my communications are MY business, and nobody else's unless they have a damn good reason to suspect me of wrongdoing.

No, "we have to monitor everything in hopes of overhearing something incriminating" is not a damn good reason!

Re:Banning encryption?

[Zero__Kelvin]

"Banning encryption seems like the War On Drugs...destined to be an utter success for the power mongers bent on stealing our personal freedoms"

FTFY

"I hate the way most media portrays users of drugs as probable criminals or as being "up to no good".

See how that works?

Re:Banning encryption?

A transparent society would be great

No, it wouldn't. It would be hell on earth.

Re:Banning encryption?

[Boronx]

The reliability with which all american media takes the government line on any story is disheartening.

Re:Banning encryption?

I'm talking about a society where nobody judges, and people are able to be themselves, living honestly and openly. It would not be hell if people stopped judging and were truly accepting.

Think about it: why do you feel you need to hide things from other people?

Secrets are not a sign of a healthy society.

Re:Banning encryption?

[Steve+B]

Sounds like an interesting idea... for some other planet, with some other species besides humans (maybe something evolved from social-insect-type hive dwellers).

Re:Banning encryption?

[JazzLad]

Science makes faith detectors? Sounds like you have more faith in science than I do ...

;)

Re:Banning encryption?

[JustAnotherOldGuy]

Science makes faith detectors? Sounds like you have more faith in science than I do ...

All-time low = 0%.

Faith? Never had it, never will. Faith is for suckers. It's believing in something without any proof, and homie don' play dat way!

Re:Banning encryption?

[zlives]

o i think i have one of those and the dial is stuck on 11/0

Jimmy Wales wails whether web will wreck wankers

[JoeyRox]

Couldn't resist suggesting a new headline.

That'll be popular

[omnichad]

Break all ability to make payments or move money online.

At the very least, any cryptography with known security vulnerabilities (such as the NSA wants) would not be PCI compliant. But it's unlikely that any bank would use an older version of TLS or SSL for online banking either.

Re:That'll be popular

[rubycodez]

I just checked a bunch of big banks and credit card companies, plenty still support TLS 1 and 1.1 which will be pci non-compliant next June. chase, discover, BMO harris....

Re:That'll be popular

[omnichad]

Maybe I don't know much about mandatory PCI scanning, but for the organization site I handle PCI compliance for, I was forced to remove TLS 1.0 support to get a passing scan already.

Re:That'll be popular

You can thank Internet Explorer 8-10 for that. It's going to be a shitstorm come next June.

Re:That'll be popular

[rubycodez]

It depends which level of PCI compliance your organization was seeking at the time, earlier in the year you could get by with older

Re:That'll be popular

[AHuxley]

Re "Break all ability to make payments or move money online."
Most nations have versions of Australian Transaction Reports and Analysis Centre
https://en.wikipedia.org/wiki/...
Real time tracking of all banking. No paperwork needed.
The other option for all other nations is the setting of standard banking interconnect encryption is set at a tame level and the NSA and GCHQ can read it all in real time.

Re: That'll be popular

[omnichad]

The link you sent didn't say "all banking" - it said transactions of $10,000 or more are reported by the banks, not intercepted. Even the US has similar reporting requirements to the IRS.

This is about having a tamper-proof connection, safe against crime and anyone else. It's not just the NSA who would benefit from weak encryption.

Re: That'll be popular

[AHuxley]

re 'This is about having a tamper-proof connection, safe against crime and anyone else."
That is a huge issue. If a nation is too good with banking encryption it gets US diplomatic pressure until its banking system starts to report on every "international" account or movement of funds.
The issue about "safe against crime and anyone else" is that the US and UK military have so many generations of experts, staff at many shared bases globally that work with local staff on the the same export grade decryption systems that the more basic methods start to leak per decade.
Any faith, cult, political party, other nation, military, gov, well backed NGO with endless funding, the media can then go shopping for the same weak crypto backdoors for their own nationals now ex staff or former mil/gov staff. Its win win win for everyone with an interest in weak international crypto standards.
Contractors and groups can sell their experts to anyone as the crypto is weak and so many governments can only break weak networks.
Banking is just a small part of decades of tame crypto games.

Banning encryption

[Dunbal]

Wait - so if they ban encryption, presumably it means I won't be able to secure my Wifi because after all that uses encryption, so dear government, how do you expect to force me to be responsible for anything that originates from my IP? Surely I must enjoy the same protections as my ISP.

Re:Jimmy Wales wails whether web will wreck wanker

Wikipedia won't wait for Washington waterboarders

Give me some scissors

[FudRucker]

i got some credit cards i want to snip before that info bounces around the internets in the clear

Re:Give me some scissors

[Jason+Levine]

Don't worry, when a big company transmits your name/address/SSN/DOB in the clear with no encryption, some new credit cards will be opened in your name.

Re:Give me some scissors

[Darinbob]

We had the case not too long ago where the US did not allow exporting of certain encryption technologies. So business would actually use weak encryption with known vulnerabilities. Not quite plain text but pretty bad. Good encryption is of vital importance to commerce.

Re:Give me some scissors

i got some credit cards i want to snip before that info bounces around the internets in the clear

Because everybody knows that cutting a credit card in half prevents you from using it on Amazon...

Re:Jimmy Wales wails whether web will wreck wanker

[zlives]

clearly Jimmy needs to change his name

Please add this to the FAQ

This debate was settled years ago. It's a bad idea. Can someone please create a FAQ so that we can redirect misguided legislators and media drones?

Re:Please add this to the FAQ

[Jason+Levine]

The thing is most government security agencies aren't saying "ban all encryption" but are saying "just give us 'law enforcement only' backdoors into all encryption." They try to present this as some kind of reasonable compromise, but they ignore the giant, gaping hole they'd create. No backdoor can be totally secured as "law enforcement only." At some point, someone will figure out how to spoof their way in. And then that "wonderful-encryption-with-government-backdoors" will be worthless. Except the politicians prefer to ignore this problem and just shout "TERRORISTS COULD USE ENCRYPTION" louder and louder as if that's an argument against it. (Terrorists also breathe air. We should ban all air!)

Re:Please add this to the FAQ

Right now they're yelling "Terrorists are using Toyotas!"

Re:Please add this to the FAQ

[Zontar+The+Mindless]

I can't believe anybody is able to suggest "government-only backdoors" while keeping a straight face, in the wake of this recent epic FAIL based on exactly the same premise.

Re:Please add this to the FAQ

They try to present this as some kind of reasonable compromise, but they ignore the giant, gaping hole they'd create. No backdoor can be totally secured as "law enforcement only."

As someone who has worked in ISPs (which already backdoor your routers so they can be "helpful"), the backdoors are not only already there, they're already compromised by bad actors (much of the time). The joke is this: governments are already in mob-like bed with many of these other actors and fucking everyone over (and causing massive harm). I actually had fun screwing with this: on my last couple visits to Communist countries in Asia I'd log-in to my systems at home from within their jurisdictions then return to check logs at all the attacks and infections that occurred by putting my routers into their sphere or awareness...the thing is, they often used the same passwords or encryption keys that the supposedly super-secret, highly-careful, supposedly-competent ISPs do/keep secrete (which I know given I worked in fucking side of them).

OpenWRT it or get rid of it.

Re:Please add this to the FAQ

p.s. there is good news though: the passwords and keys actually used by the [often embezzler-appointed executives/management -run] companies we call the American ISPs are, at the very least, withheld from agents much of the time, instead being fetched and used non-transparently by systems which are triggered by the software they use...it still doesn't help when the damn things have passwords the equivalent to clink1234 however. x*D

Re:Please add this to the FAQ

Supposedly competent ISPs? Who supposes that?

Last time I checked, I could find the passwords for just about any router/ISP combination on the Internet with one Google query.

Is this guy for real? :)

North American needs stronger encryption. and more warrants for data collection/seizure. The only thing weak encryption does is support corruption within the criminal justice enforcement system. If a judge issues warrant for whatever material(s) do whatever you will with it. However that's with a warrant. Weak encryption just encourages NSA/DOJ/FBI and local PD. to piggy back bull- boogeyman terrorist/fear policies/practices inherited from the bush administration. I'm all for law enforcement. But there needs to be sufficient evidence and a judge needs to issue a warrant for said material.

Ban Cryptography on the internet?
This is parallelled only with the prospect of banning firearms in Texas.

I'm not sure if this guy is just the worlds largest troll.. or is actually serious..

Either way .. lulz

We shouldn't over or under estimate government

Can the government arrest, maim, or kill every paedophile, terrorist, cartel member, organized crime boss, and political opponent they don't like? Sure. Are they? No. These organizations perform there jobs out of self-interest. They utilize the information to gain the upper hand financially, politically, and so forth. We already know the NSA, CIA, and 'homeland' security utilize tactics to put away those that threaten there interests. One doesn't even need to be a threat to the nation and at the same time those who might be perceived as threats they do nothing with-or only do so for some positive publicity. That is they'll target those seen as a nuisance on society. Be it paedophiles, terrorists, or drug dealers. In all honesty it's unlikely any one of these is a real threat. However it certainly gets them lots of positive publicity by occasionally attacking people (regardless of any actual participation in said activities).

Does Tor work? It probably doesn't against adversaries like this purely because government organizations have the power and are in the position to maintain secret dealings that financially incentives large market players such as Intel and AMD to implement backdoors and keep critical core components proprietary.

It's not just the outlawing of encryption we need to worry about. It's outlawing the use of free software for which we can examine that are computers are dependent on. Things like Intel's management engine firmware- or the digital restrictions that the FCC is mandating be put in place *on all new devices* (that is the effects of the rules in practice- just because the FCC doesn't say that doesn't mean that isn't the result- we are already seeing manufacturers comply with these rules by locking down routers via firmware updates. See: www.savewifi.org or www.dearfcc.org and tell the FCC how you'll be negatively impacted by the rules).

Wales is a moron

Wales also reiterated that his site would never co-operate with the Chinese government on the censorship of Wikipedia. "We've taken a strong stand that access to knowledge is a principle human right," he said.

The Chinese don't have to force you to censor your site, Jimmy. All they have to do is infiltrate the editor pool and rewrite articles to reflect Chinese propaganda. Like its done now with certain political topics.

Re:Wales is a moron

Indeed. Well stated. That's definitely what happened with the Kazakh language Wikipedia, and Jimbo even gave $5,000 out of his own pocket as a "reward" to the government agent who was perpetrating the conversion of content to state-approved versions!

Obama is a colossal failure

Makes GWB seem like a genius!

Jail.

I smell the future where colloquially the likes of Jimmy Wales et al. are in prison with communication to others banned, and where governments only allow certain people to use the internet. Oh and taking it further, arrest and imprisonment and execution for anyone who speaks a non government approved language (most likely anything other than English). I suggest you toe the line and get off the internet to avoid being in a situation that will result in your death. One who believes they are safe behind a telephone network is delusional. I can hear it now, "...oh those three neutrons released by my fellow like neighbour after getting hit by a single neutron won't hit me and cause me to release my three neutrons...", tick tick boom! And diamond won't help you through the night.

Re:Jail.

Did that make sense in your head?

Re:Jail.

Yes.

it's technically impossible to ban encryption

The paper on the link below shows that data can be hidden in an image in a way that is perfectly undetectable without a key. This means that it's technically impossible to ban encryption without stopping people from sending images

The paper is here;

http://arxiv.org/pdf/1509.07106.pdf

Don't overestimate the impact of TLS encryption

so all of its users' browsing habits cannot be spied on by intelligence agencies or governments

Not only can they be spied upon by other means than listening to traffic, they can also be spied upon by listening to encrypted traffic. The traffic patterns for different pages and resources are unique. As far as research goes, recognizing encrypted traffic isn't even a new and exciting topic anymore.

The Streisand Effect and the NSA

Is it the Streisand Effect or the NSA Effect?

They are both extremely talented and dangerously annoying. Not too much of a stretch.

Prohibiting encryption is why ...

the First Amendment exists.

I don't see how it could be interpreted any other way.

In the US, at least, things should never be done to make it easier for law enforcement to convict people. The way things should work is that people are assumed innocent, and then the government shows otherwise, despite any and all obstacles to doing so. Law enforcement should have a tough job. It should be damn hard for them. Then when they do provide convincing evidence of guilt, it's actually convincing.

[citation needed]

[oneiros27]

I'm assuming that the intentionally vague title is just more slashdot trolling.

The UK government it talking about it -- the US government is requiring all government agencies to stop using HTTP, while ignoring the problems it might cause.

They're trying to get us to all go to HTTPS, but I'm planning on making everything available over FTP instead.

Is the URL encoded in browser SSL as well?

[Vegan+Cyclist]

I'm wondering if the URL encoded in a browser SSL connection as well?

I had a particularly anal landlord not long ago, and we relied on their wifi, and he didn't want anyone downloading torrents, and went so far as to block nearly every port, as well as blocking any URL containing 'torrent'. So of course a torrent file couldn't be downloaded, but searching Google for 'torrent' would result in no page loading, and even news sites like TorrentFreak.com came up blank. (Yes, a brilliant strategy. I wasn't actually trying to download torrents, but wanted to play some games like Diablo 3, which were also stymied by these port blocks. Ended up using wifi sharing on my mobile phone, which actually worked surprisingly well - only used about 30mb per hour.)

I don't recall 100% if this still blocked me with a HTTPS URL (I believe it did give it a try), but I even went so far as to try out a VPN service, and even THAT was blocked -- still couldn't load any pages containing the term 'Torrent', which really surprised me (and the game wouldn't load.) The router settings trumped my PC settings in this case.

If this is the case, then can't they still track a lot of your web-browsing habits by the URL you're visiting? (Just perhaps not the content of the page sent to you itself?)

Re:Is the URL encoded in browser SSL as well?

The URL is encrypted so no, they cannot see if you have 'torrent' in your URL or in the response body if you are correctly using TLS.

That is unless they are MITM-ing you. Pay attention to the certificates of the sites you are visiting.

Re: Is the URL encoded in browser SSL as well?

[ZeroWaiteState]

They can see the IP address you connect to, yes. As for the hostname of the HTTP endpoint, the answer is maybe. As for the path portion of the URL (the specific page) you are getting, the answer is no. However, some places use proxies to forceably MITM the connection, but that can usually be detected by a client if the user is sophisticated.

Re:Is the URL encoded in browser SSL as well?

[l0n3s0m3phr34k]

that's insane. I would be forced to move, because every few weeks I have to do weekend coverage from home and require a VPN back into HP's network. Was that in your rental contract, like "no VPNs"? Did the landlord come by and cut up all the wires too? I'm not joking, that's what my current apartment complex did several years ago...they decided to be an "AT&T Community" and somehow every cable in the complex got cut inside the various enclosures.

Re: Is the URL encoded in browser SSL as well?

[khellendros1984]

My work MITMs https. The browsers that the company installs include their CA certs, so detecting it takes manual effort ("hmmm, why is Google's cert issued by " SSL Decryption Authority"??"). If you install another browser without the certs, you'll get a nice warning screen saying that someone is doing something nasty, and it takes some effort to tell the browser to ignore the problem. So I'd assume that even an unsophisticated user would recognize that there's a problem...although they wouldn't know why it was a problem, what it meant, or what to do about it.

Re:Is the URL encoded in browser SSL as well?

[Vegan+Cyclist]

It was my partners rental suite, basement in a house, before we got a place together. Not worried about agreements, etc, they aren't renting any longer.

More interested in how secure and private HTTPS is - I have a feeling that there are aspects that are more public than we'd think... Anyone want to configure their router so that it blocks particular terms like this, and see what happens when you try it with an HTTPS URL? (I never asked how he did it, it might be something like a 'parental blocking' feature on the wifi router...but in theory that shouldn't stop a VPN or HTTPS browser connection, right?!)

encryption weaknesses

I have a question about why we seem to always pick the "one best" random number generator and/or the "one best" encryption algorithm. It seems to me that in both cases results could be layered such that the end result was at least as strong as the strongest link in the chain. I get that you can't just slop them together mindlessly or you could get situations where the cracking of the weak link provided maybe information about where you were in your random number generator. So layering encryption algorithms might not be feasible, but why not at least layer the random number generators?

Unless I'm out fo date, when the NSA pushed for a certain random number generator with certain parameters (Dual_EC_DRBG?), it's not currently known whether they were fixing a weakness known only to them or adding a weakness to reduce their search-space for cracking it. I have a guess, but we don't actually know, do we?

So is there any reason not to combine multiple random number generators. Eg if I have multiple random number generators A, B, C, .. each generating a sequence of numbers {a1, a2, a3, ..} in the range [0..N-1]. Wouldn't the sequence
    { (a1 + b1 + c1 + ..)%N , (a2 + b2 + c2)%N, ... }
have fewer artifacts than any of the A, B, C sequences it's made from?

As important as random number generation is, why not combine multiple of them as a practical defence against unkown (and perhaps very very well hidden) weaknesses in one or more of the random number generators out there?

Re:encryption weaknesses

[AHuxley]

Think back to ww2, the Soviet Union in the 1930's, France in the 1950-60's. The US and UK have always enjoyed total access to all other nations data by setting junk standards or allowing international crypto research standards to settle on weak standards for decades.
If a service is secure along the length of transmission, go for the encoding, decoding systems at one end TEMPEST.
If that is secure, ensure a nation picks a junk international standard that is weak by design.
Get to the OS developers, equipment makers over decades. Ensure only tame brands and tame products get international traction and marketing.
Ensure a flood of media and press about standards, the best designers and providers always reaches diplomats and governments. What they buy into from neutral nations or experts is then plain text junk.

Re:encryption weaknesses

Most random number generators and pseudo-random number generators are already layered. They have fast and slow pools and use secure hashing or encryption algorithms even on supposed random data input (e.g. from Intel chip function).

Layering encryption also makes sense, but it's not easy to do the right way and you need multiple passphrases or keys. If it's done on the basis of the same passphrase, it can create vulnerabilities.

It seems to me that in both cases results could be layered such that the end result was at least as strong as the strongest link in the chain.

Not necessarily, but some layered schemes have (conditional) proofs, e.g. TEMK.

Re:encryption weaknesses

Your categorical statements are probably not exactly correct. They had access to *some* Russki systems (e.g. IFF and telemetry), but totally pwnage would certainly have meant the SU would not have existed until 1990.

There is a reason for calling the Kremlin "the biggest Enigma of all".

The GOST and Fialka ciphers look quite strong, imo.

Re:encryption weaknesses

If people were not immersed into the mainstream-crypto-meme Bullshit, they would go for very simple and very effective solutions:

3DES+Courier

3DES used as a Secure Hash Code

Not using the funny shit from NIST or another gobbermint agency.

It is beyond me why we need a dedicated PRNG if we have secure hash functions. The only reason we "need" it is that the mainstream shitters talk it up.

But most IT pros are actually dumbasses without any original idea of their own.

Re:encryption weaknesses

Also, put Intel in the same bin as NIST...

And as soon as you have 128bit of truly random bits TR128 (which you can easily generated from random kepressing), do the following:

RAND[i] = 3DES_SECURE_HASH(TR128 +i)

3DES_SECURE_HASH(x) = 3DES(x,x)

3DES(key,value) = Triple DES (look up in wikipedia)

You can easily do this at very high speed and I bet it is more secure than the crapola from the mainstream.

Re:encryption weaknesses

[AHuxley]

AC In the 1920s GC&CS gave the UK great access to Soviet embassy/Trade Mission, traffic thanks to the work of Ernst Fetterlein.
https://en.wikipedia.org/wiki/...
Soviet "Mask" material was then worked on after the 1920's under John Tiltman https://en.wikipedia.org/wiki/....
The UK had all Russian systems under total collection into the 1940's . Correct use of one time pads made Russia very difficult in the early 1950's but Russia had so much traffic it reverted to fast advance systems that the NSA and GCHQ quickly got back into after the early 1950's.

Re:encryption weaknesses

[TapeCutter]

That a good idea if you don't trust any of them. BTW: You can generate real random numbers by plugging a bare wire into the mic socket and sampling the static (white noise, some of it is leftover microwaves from the big bang).

But UK gov isn't any smarter

[Lead+Butthead]

Government has done a lot of retarded things over the years. This will just be another one.

Re:But UK gov isn't any smarter

[MobSwatter]

Government has done a lot of retarded things over the years. This will just be another one.

Just when I thought they couldn't make the US look any more retarded. I'd say let them ban encryption, this will remove the necessity of the existence of their department with it's out of control budget and put the gap in technology development between the US and Russia over the top. What the hell, they're already 25+ years ahead of the US over there anyway. What the hell is up with this election thingy anyway, not one candidate directly appears to be owned, is the mafia getting all cloak and dagger or are the central banksters outing their tool of occupation of the US after running off with all the gold? Is mafia losing it's drive for 'theatre'? Oh Vinnie, say it ain't so!

Re:But UK gov isn't any smarter

[rawtatoor]

This would be my nine.. but I'm going to just personally insult this one. You shouldn't be here in my . You need to read your UID until you understand how stupid you really are numbnuts. And say hello to the 'yellow pill.'

Re:But UK gov isn't any smarter

[MobSwatter]

Ah, a supporter of big pharma, perhaps your choice was Obama? Sure, why don't you come a little closer with that 'yellow pill' of yours, I'd be glad to show you right where you can put it. Perhaps you should take a look at where all the surveillance started, some say that GCHQ is a subsidy of the NSA, but we were all aware of where this behavior started and know perfectly well where this will happen next.

Re:But UK gov isn't any smarter

[rawtatoor]

Kill another Grange supporter? Y or N. Why yes. I would have no reason for this if you weren't here. And you must be the 'peanut butter pill.' STFU ho. Try that shit to my face and you'll get your face dimpled ho. Try it again!

Re:But UK gov isn't any smarter

[MobSwatter]

Kill another Grange supporter? Y or N. Why yes. I would have no reason for this if you weren't here. And you must be the 'peanut butter pill.' STFU ho. Try that shit to my face and you'll get your face dimpled ho. Try it again!

There is no lesson in it for the dead, representation and democracy was proven out the window with JFK in '63 via the Biltmore gangsters backed by banksters. Ho? Heh, you must be jest for like the last 50 years or so, or you are really into theater. Perhaps you should find another reason, and maybe a moving van, or a lobotomy. Come on over and give me a dimple there sweetie if you feel you must, I'm here for you, I'm your huckleberry.

Evilness

Encryption doesn't kill people. People kill people.

Common sense

[bbasgen]

My opinion of Hayden just bumped up by quite a bit. It is common sense (not to mention historically rigorous and logically sound) to suggest we need strong encryption and that back doors are a terrible idea. But, what a victory to hear a public official take this position. So much more of this needs to be happening!

Re:Common sense

[AHuxley]

The US and UK hope they can induce the public to react in ways that expose privacy and anonymity at all levels.
A face to face meeting to exchange one time pads set up on a leaky computer network ;)
Using advance encryption from a web site thats always been under constant observation.
The software works but just been interested made all network connections by a person to that website interesting.
The public is been pushed to find, use or seek or consider different strong encryption. The very act of looking breaks anonymity for decades.
The privacy of a message aspect is just a tame OS or weakened hardware product away once a computer or network user is discovered.
The use of informants as gatekeepers over entire generations of emerging math and crypto or software release, hardware creation.
Building in back doors at a lower hardware level while the public gets told the big brand software and hight level OS is secure and can be tested by anyone.
Public and private sector partnerships to track all interest in emerging crypto. From educational, to start up to funding, open source to multi national. All considered, shaped, weakened, pushed, hyped or superseded.

Pointless - homemade secure encryption is trivial

Use any large, high entropy data file as a "key": xor it against the plaintext to encrypt, xor again to decrypt. Unbreakable and trivial to implement. Of course you need secure transmission of the key, but that is a one-time minor issue for a determined criminal/terrorist. Outlawing encryption is impossible. Anyone who suggests it is an idiot.

Doesn't matter

"Wikipedia itself has moved towards SSL encryption so all of its users' browsing habits cannot be spied on by intelligence agencies or governments"

Unless of course you've infiltrated a root CA or two, and so can execute a MITM attack on most web traffic regardless.

Terrorism?

Right, because since 2001, there have been billions of people killed in terrorist attacks....

Who cares what the US thinks?

Really... Who actually cares?

Re:Who cares what the US thinks?

Everyone. Especially the ones who claim not to.

Banning encryption

Duh as in dumb part 2
I believe every state in the union, now, has laws on their books REQUIRING encryption for certain types of communications involving: finance, confidential identification such as Soc Sec numbers and tax related info, and medical data. On the last, that comes under Federal regulation as well. Anyone heard of HIPPA?

What the hell

is Gen. Michael Hayden (Ret.) doing on the right side of this encryption issue? Isn't he a patriot?? Does he support terr'sts?! Who will think of the children?

Re: What the hell

he's confirming for us that the Governments aren't worried about encryption in reality.

If they own the software, drivers, hardware or even firmware that runs the system responsible for encrypting said data, they own the data already.

The huffing and puffing about some half-hearted attempt to ban strong encryption is merely a smokescreen to distract you from that fact.

Re:What the hell

[TapeCutter]

Does he support terr'sts?

Yes, the IRA to be specific.

Re: What the hell

[Fire_Wraith]

It's probably best to be clear that the ones most 'worried' about encryption are the FBI (and various other Federal Law Enforcement types). It may be telling that the FBI is so big on this, while the NSA seems less so. For all that people think of the NSA as the primary bad guys in all of this, the practical problem (as opposed to ethical/moral/etc) with NSA spying wasn't even the NSA having the information, it was what happens if/when the NSA gives that information to people like the FBI or DEA, who are very much interested in targeting American citizens.

Likely he's concluded that the benefits of strong encryption in protecting U.S. Government and private sector assets outweighs the potential lost intelligence monitoring capabilities. Part of this is because anyone overseas isn't going to bother using knowingly weaker stuff - Al Qaeda, ISIS, etc won't use stuff they know the FBI can backdoor, they'll get something from Russia or China, etc. Meanwhile, weaker crypto means our stuff is more likely getting read by those same Chinese/Russian/whoever intelligence services.

Meanwhile, the FBI doesn't care about that, because they're more interested in who they can go after domestically.

"wikipedia is not censored" is a conceit

[caviare]

Quoting directly from https://en.wikipedia.org/wiki/...: "Content will be removed if it is judged to violate Wikipedia policies (especially those on biographies of living persons and neutral point of view) or the laws of the United States".

In fact wikipedia is not censored according to the laws of China, but it is censored according to the laws of United States. Naturally this doesn't appeal to the Chinese government when it's available to Chinese citizens. No doubt if it wasn't censored according to the laws of United States then this wouldn't appeal to the United States government (or other governments with similar views to the US).

Re:"wikipedia is not censored" is a conceit

> Wikipedia is censored according to the laws of United States

The First Amendment has pretty strong protections, there are only a few exceptions:

Yelling fire without basis in a crowded place, etc.

Factually untrue, non-ironic libel versus non-public figures (politicians and pastors on TV need not apply)

Disclosing the precise location of american oil reserves carries life in Supermax

Discussing details of or imaging the zionist nuclear bomb factory at Dimona is prohibited in US felony law and offenders are handed over to the zionist entity. (Mordechai Vanunu was captured by the CIA on Mossad orders.) The Dimona reactor just doesn't exist, la-la-la, Saddam has WMD, Syria has WMD, Iran wants nukes, jews are the only democracy in Middle East and guardian angels of peace, those chosen nation la-la-la I can't hear you palestinians...

Facepalm

[fragMasterFlash]

Really? Are they going to start jailing kids for speaking Pig Latin and Ubbi Dubbi too?

This is yet another instance of ignorant fear mongers attempting to ban what they don't understand.

Evil Cometh

Now just email, but imagine if everyone was forced to use this technology: https://www.virtru.com/technology/

Jimmy Wales the naive gravure mag publisher.

> Wikipedia itself has moved towards SSL encryption so all of its users' browsing habits cannot be spied on by intelligence agencies or governments.

That sentence contains two unrelated statements, one true and one false, as follows:

> Wikipedia itself has moved towards SSL encryption

Probably true.

> all of its users' browsing habits cannot be spied on by intelligence agencies or governments.

False. Their server farms are very likely to be backdoored, possibly even in hardware and certainly in software. Furthermore, some of their people most certainly work for the NSA or one of its minions, willing or not. I can imagine Jimmy Wales doesn't know about that, but that would paint him in a very naive light.

My personal guess is that all TLS certificates issued to high profile sites like Wikipedia are doctored with some funny mathematical property, of which nobody but Unit 8200 and probably the NSA knows about, as of now. Unless you know the secret gematria, crypto looks solid from all angles, but when fed into a quantum bombe, voila, half of the iteration rounds disappear. I would guess all trusted cert. authority companies have trojan employees who are working for the NSA and those have installed ways to detour important cert generation requests to the NSA for applied magic.

Its simpler than that.

It''s simpler than that. Ask for more and settle for less. Ask for ban and settle for all the illegal stuff they are doing right now.

Not all of it's users.

"Wikipedia itself has moved towards SSL encryption so all of its users' browsing habits cannot be spied on by intelligence agencies or governments."

And when big government gets big time CA (with a national security letter if not cooperating) to sign their own certs for your domains? SSL/TLS only works as you envision it when you trust the chain of trust. How many CAs does your browser have?

This is a very flashy move, you probably won't see it done beyond a few select individuals since this sort of things can be detected (cert/public key pinning for one), and the CA publicly shamed.

Look at google's cert war:
https://googleonlinesecurity.blogspot.com/2015/09/improved-digital-certificate-security.html
https://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html
https://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html)

When you reach saturation on HTTPS with things like LetsEncrypt, you can be sure they will find a way to take a peek.

Re:Coren22 "security guru" wannabe fails security

Shut up, APK