
More encryption means less privacy - zeveb
http://queue.acm.org/detail.cfm?id=2904894
======
forgotpwtomain
I think this point of view isn't just wrong it's _actively harmful_.

It completely ignores what happened - which is that various government
agencies skirted around constitutional law, subverted public discussion of the
matter [0] and have still not been brought into adequate compliance (Since
it's incredibly hard to demonstrate standing and not have the case squashed
[1]).

And after all this the author is saying the problem is that the users aren't
part of the political process? I would say until powers and programs employed
by government agencies are brought into accountability (let's not forget the
CIA monitoring the computers of it's own oversight committee [2]) and a
transparent debate is allowed to take place, there is precisely nothing better
to do and _encryption everywhere_ is precisely the correct populist and
democratic way to fight it.

>Just this past week Kazakhstan announced that a "state root certificate"
would have to be installed on all computers wanting to use SSL/TLS/HTTPS out
of the country.

Yes backwards nations like Kazakhstan might be implementing "state root
certificates" but this is just clearly demonstrative that the power is on the
side of the users in this debate. Isn't having these kinds of crazy measures
on ballot in Western countries precisely forcing the political process the
lack of which the author of this paper is criticizing?

[0]
[http://www.forbes.com/sites/andygreenberg/2013/06/06/watch-t...](http://www.forbes.com/sites/andygreenberg/2013/06/06/watch-
top-u-s-intelligence-officials-repeatedly-deny-nsa-spying-on-americans-over-
the-last-year-videos/#521129b121d3) [1]
[https://www.eff.org/cases/jewel](https://www.eff.org/cases/jewel) [2]
[https://theintercept.com/2014/03/05/congress-intelligence-
co...](https://theintercept.com/2014/03/05/congress-intelligence-community-
whos-overseeing/)

~~~
rocqua
I think a very important point was raised though.

Before crypto, basically all guarantees where conditional on a judge's say so.
With crypto this changes. The issue also comes up, in a clearer way, with
crypto currencies. There is no way to deal with fraud or mistaken tranfers in
bitcoin.

That loss of intervention hurts, and we gotta think about it. Even though no
government has given a satisfactory solution, that doesn't mean there isn't a
problem in need of solving.

~~~
Retric
Until very recently 99.99% of conversations where completely private and
society functioned just fine. Even with crypto everywhere the governments have
far more access to what people say and do than they had for thousands of
years.

People with power pretend if they just had more power everything would be
better. But, reality is if everything on a computer where private not much
would change.

~~~
dpark
> _Until very recently 99.99% of conversations where completely private and
> society functioned just fine._

In fairness, until very recently it was also extremely difficult for two
people to privately plot to murder hundreds. Technology has changed the
balances on a lot of scales.

To be clear, I'm not advocating for government back doors in encryption here.
But I am saying we should not pretend that encryption just puts things back
"the way they were". It most definitely does not.

~~~
woah
What are you talking about? There have been plenty on bombings and shootings
for hundreds of years.

~~~
dpark
200 years ago there were "plenty" of bombings and mass shootings orchestrated
by groups of 1 or 2 people that resulted in hundreds of lives lost? Can you
provide a few examples of this?

~~~
Retric
That's a rather artificial limitations, few modern plots are from 1 or 2
people with hundreds killed. Historical examples are generally things like
fires not bombings / mass shootings. As an example of the risks:
[https://en.wikipedia.org/wiki/Great_Fire_of_Meireki](https://en.wikipedia.org/wiki/Great_Fire_of_Meireki)
for example was extremely deadly, though estimates of ~100,000 dead where
probably exaggerated.

We have also forgotten a lot of this crap. EX: 40 to 81 people killed from a
time bomb in 1875.
[https://en.wikipedia.org/wiki/Alexander_Keith,_Jr](https://en.wikipedia.org/wiki/Alexander_Keith,_Jr).
Note, this was for insurance money not terrorists, but I don't think the dead
care.

Some historical examples where donations where probably accidental. The Delft
Explosion of 1654 killed 100-200 people. In 1769 ~3000 people where killed
when a depo @ Bastion of San Nazaro in Brescia was struck by lighting. A
lighting also sparked another detonation in 1856 killing ~4,000.

~~~
dpark
> _That 's a rather artificial limitations, few modern plots are from 1 or 2
> people with hundreds killed._

I've heard small conspiracies called out to justify mass surveillance. You
don't really need mass surveillance of your own citizens unless you are
concerned about very small conspiracies. Bigger conspiracies can be uncovered
with more traditional detective work.

Freak fires are also not a great example. An arsonist cannot cause hurricane
force winds to assist and push a fire through a city. This is effectively an
act of God. The time bomb is a better example, though again I would ask for
evidence that this was a fairly common event the way mass shootings and
similar terrorist attacks have sadly become.

~~~
Retric
200 years ago world population was 1/10th what it is today making most events
more common now. Something like 5% of everyone ever born is alive right now.

In terms of most kills by a single person one sniper is credited with ~700
kills and a mounted knight in plate was expedition to equal 100 peasants on
average so 200+ in exceptional cases seems reasonable especially considering
the Spanish conquest of South America where in the 1500's where ~300,000 vs
2000 and the 2000 won with minimal casualties.
[https://en.m.wikipedia.org/wiki/Spanish_conquest_of_the_Inca...](https://en.m.wikipedia.org/wiki/Spanish_conquest_of_the_Inca_Empire)

------
codemac
> _Slapping unbreakable crypto onto more and more packets is just going to
> make matters worse. The only way to retain any amount of electronic privacy
> is through political engagement._

While political engagement is an alternative to "slapping unbreakable crypto"
onto things, this article establishes no precedent for political engagement
actually helping!

I see the technical as political, direct action as engagement.

An article like this that's attempting to be a call to action, needs to
provide some positive reinforcement. I find myself failing to come up with big
wins, the examples I can think of are almost exclusively heartbreakingly
tragic (snowden, manning, swartz, Occupy, etc). When I think of political
engagement in the US, I think of pretty violent end cases for everyone
involved.

~~~
theandrewbailey
SOPA's defeat was a big win.

There is almost no political engagement from the technology sector, as
compared to others (like pharmaceuticals, finance, telecoms, entertainment).
If there had, the DMCA might not be so onerous, the CFAA would be gone, and
SOPA would never have gotten as far as it did.

~~~
TeMPOraL
I wonder. I've seen people on HN saying that Google is one of the biggest
lobbyist, so apparently tech sector is very much present in Washington. So
maybe it's not that there is no engagement, but that those who engage have
different goals in mind than your average HNer?

~~~
icebraining
Google (Alphabet) has been spending way more than previously, but the
"Internet" industry as a whole doesn't even reach the top 20:
[https://www.opensecrets.org/lobby/top.php?showYear=2015&inde...](https://www.opensecrets.org/lobby/top.php?showYear=2015&indexType=i)

------
mindslight
It sure makes for a nice contrarian opinion, but fighting politically vs
technically is a needless dichotomy. At least this post attempts to back up
this assertion, but it seems a quite handwavey to assume that because eg a
protocol contains key escrow, that governments aren't _still_ going to want to
preemptively read, archive, and datamine the cleartext.

Yes, all governments. Because governments, even democratic ones, fundamentally
desire power. The _best_ political argument we have is getting working strong
encryption into the hands of everybody and making them appreciate the security
it gives them. Presently, they have no choice about being personally
surveilled, so they might as well lobby for everyone else to be surveilled as
well.

As an aside, HTTPS is easy to coopt by network operators because it is a
terribly naive protocol:

\- fingerprintable, even going so far as to put the site name in the clear!

\- naming system that assumes unfettered Internet access

\- generally requires communication for every micro action

\- crypto keys are disconnected from naming, requiring binding together by
ambient third party

\- naming system based on specific servers inevitably leading to centralized
data silos that will be governmentally or economically coopted

(Yes, the problems are centered around naming. It's one of the 3^h2 hard
things in computer science, yet is easy to ignore when focused on the details
of transferring data)

~~~
cbsmith
> The problems are centered around naming.

What's that expression? "All problems in computer science are ultimately about
naming."

~~~
redbeard0x0a
There are only two hard things in Computer Science: cache invalidation and
naming things. -- Phil Karlton

Variant: There are only two hard things in Computer Science: cache
invalidation, naming things and off-by-one errors.

~~~
cbsmith
You can solve cache invalidation by doing naming right. ;-)

------
Semiapies
I'd honestly expect something this ridiculous and intellectually insulting to
have been said by an NSA official during an interview.

There no possible political engagement at this point. Agencies of major
governments can quite secretly and even illegally engage in mass surveillance,
_as they documentably have_. They can even spy on each others' citizens. The
only way you can force issues out into the open where they can be politically
engaged is by making secret surveillance impossible.

 _" Make sure the other side has an easier way out than destroying you."_

That only works when the other guy _isn 't_ already dedicated to destroying
every vestige of your privacy.

------
zyxley
The article seems to make the fundamental error of assuming that there is any
middle ground between "unbreakable crypto" and "effectively no crypto at all".

If crypto _can_ be broken, it _will_ be broken, whether that's by state actors
or by some kid in Mongolia who wants to make a quick buck by ransoming all
your files.

~~~
mike_hearn
Because it's not a fundamental error or indeed an error at all.

What you've just expressed is one of those fascinating pieces of mental junk
that clutters up social groups, a political desire that's so strongly held
you've managed to rationalise to yourself that it's a fact and not a personal
desire at all. But it's still not a fact.

It is trivial to use cryptography in ways that yield some sort of balance
between personal privacy and the needs of the state. In fact it's almost the
default:

• Client-to-server encryption with central message routing is "unbreakable"
against neighbours, friends, your employer (when not using their equipment)
and most importantly criminals, but is easily accessed by any police officer
who can serve a warrant on the provider.

• Disk encryption enforced by secure hardware like iOS, Android, BitLocker etc
can easily be given a backdoor by the manufacturers. It's only a few pages of
extra code at most.

And that's about it for "mainstream use of crypto up to about 3 years ago"
right? It's only since Apple and Facebook started refusing to unlock devices
and claiming (wrongly) they have end-to-end encrypted their service so they
can no longer comply with warrants that this situation has changed.

That's not even including other techniques like key escrow, the dual-EC RNG
that the NSA was pushing (with the interesting fillip that it's got a
cryptographically strong "unbreakable" backdoor!) and a whole host of other
tricks that aren't really used much (we think).

PHK's article even _spells this out for you_ \- Kazakhstan breaks the
supposedly unbreakable TLS by simply insisting everyone configure their
computer to allow them that ability, a feature well intended by the TLS
designers.

The truth is that there's a vast middle ground between "unbreakable crypto"
and "effectively no crypto at all" and it is in that middle ground the
virtually all services we use today sit. Enough crypto is used to keep out
ordinary criminals and snoops, but not enough is used to keep out determined
governments with jurisdiction. The point the author is making is that
attempting to pursue the ideal of unbreakable crypto (a) won't work and (b)
will actually end up making privacy worse for everyone.

~~~
nightcracker
If there is a backdoor, that backdoor can be used by anyone that has the key.
I do not trust a government to responsibly handle such a key, as it leaking
once results in total failure of security for everyone.

A backdoored crypto system is a broken crypto system.

~~~
mike_hearn
There are lots of examples of governments maintaining the integrity of keys
over the long term. The e-Passport system is an example of that. Another would
be that the NSA had the ultimate insider hack - literally a sysadmin who
dumped their entire internal wikis and document stores - and yet it appears
that no key material was compromised.

You can repeat "a backdoored system is no system" mantra to yourself if you
like, but there are a LOT of threats that aren't governments and those are the
ones people tend to care about the most.

~~~
aminok
Threats posed by government are much more profound than those posed by any
other type of organisation, because governments have much less effective
checks on their power.

------
skybrian
I'd put it a different way. Encryption and other forms of good security force
surveillance out of the shadows. Without it we wouldn't know what Kazakhstan
is doing.

If the law requires a warrant to access your GMail account, good security is
why law enforcement has to get a valid warrant and send it to Google to get
access.

Done right, it's not a substitute for politics. It enables politics. It allows
agreements on checks and balances to be enforced rather than letting state
hackers do what they like.

~~~
rocqua
We all like end to end encryption though. In fact, most people call it the
pinnacle of crypto done right.

And yet, it completely circumvents any warrants.

~~~
krapp
Where does it say that the government has the right to expect the evidence
obtained from a warrant to be useful?

If the government can't do their job effectively with the presence of strong,
pervasive encryption, that's their problem. The right of the people to be
"secure in their persons, houses, papers and effects" is non-negotiable (at
least in the US, barring a Constitutional amendment.)

They have the right to serve a warrant for my phone, and I have the right to
hand them an encrypted phone. There may be circumstances where, legally, the
government can demand a password, or pay for an exploit, and that's fair
enough. But I don't believe any government does or should have the right to
demand that encryption not exist, or that it should be fundamentally broken.

~~~
omginternets
>Where does it say that the government has the right to expect the evidence
obtained from a warrant to be useful? If the government can't do their job
effectively with the presence of strong, pervasive encryption, that's their
problem.

This is patently absurd.

US courts have, time and time again, upheld limits on the 4th amendment
pertaining to the risk that evidence might be destroyed. The textbook example
of this can be found in the so-called "motor vehicle exception". This
exception holds that because of the inherent mobility of automobiles, there is
exigent cause for a warrantless search, since evidence may trivially be
destroyed, obfuscated or hidden.

>The right of the people to be "secure in their persons, houses, papers and
effects" is non-negotiable (at least in the US, barring a Constitutional
amendment.)

The 4th amendment protects against _unreasonable_ search and seizure, not
_warrantless_ search and seizure. Granted, a warrant often (but not always)
renders a search/seizure reasonable, but a warrant granted absent probable
cause is invalid.

Further, there are other well-established cases in which warrants are not
required for searches and seizures. Three such examples are (1) Terry stops
(2) the "in hot pursuit" exception (3) the "plain view" exception [0].

Hell, the text even states it plain as day:

 _The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized._

The only mention of warrants is that they are only valid if issued based on
_probable cause, supported by oath or affirmation_ , and are specific.

>They have the right to serve a warrant for my phone, and I have the right to
hand them an encrypted phone. There may be circumstances where, legally, the
government can demand a password, or pay for an exploit, and that's fair
enough. But I don't believe any government does or should have the right to
demand that encryption not exist, or that it should be fundamentally broken.

I agree with one caveat: while I would hope that phone-decryption would be
subject to a warrant, it's unclear whether or not this is constitutionally
required. We may well see a "mobile electronics exception" appear. You and I
might not agree that it's a good idea, but _prima facie_ , there is a legal
basis for such a statute.

[0]
[http://nationalparalegal.edu/conLawCrimProc_Public/Protectio...](http://nationalparalegal.edu/conLawCrimProc_Public/ProtectionFromSearches&Seizures/ExToWarrantReq.asp)

------
SloopJon
This is a disappointingly defeatist perspective on the new crypto wars:
unbreakable encryption is why we can't have nice things. I would rephrase most
of his examples with the old saw: if you outlaw encryption, only outlaws will
have encryption.

Since Snowden we've increasingly realized that our own governments are the
adversaries, but hopefully incidents like the DNC hack will shift the
narrative from the terrorism bogeyman back to defense against black-hat
hackers.

~~~
jessaustin
Those hats might be a dingy shade of gray, but I appreciate their shedding
some light on our political process. The _DNC_ is the adversary of decent
citizens, in this case.

------
apeace
This is a fringe opinion, but I personally wish the U.S. would make all forms
of hacking and digital surveillance totally legal. Yes, legal, with no "I".

I think this would drastically change the technology landscape, putting more
impetus on vendors to provide (and prove) protections such as encryption, and
an impetus on users to select the vendors who are the best at doing so.

Hacking laws are a crutch that attempt to patch insecure systems with law
enforcement. And they risk being interpreted incorrectly--see interpretation
of CFAA in the Aaron Swartz case, where downloading files could have meant 35
years in prison.

I say let the CPUs interpret the bits, not the politicians. They cannot keep
up with changes in technology, will make many wrong decisions, and are
susceptible to corruption.

In a world where hacking is legal, encrypting everything would be the right
thing to do. It would be the only way to stop the government from spying on
us, and the only way for them to stop us from spying on them.

~~~
Taek
That would backfire very rapidly. We have trillions of dollars of
infrastructure that would last 3 days against a single competent hacker. There
was just an article recently on vulnerable hardcoded-password medical devices.
Electrical grids and construction equipment aren't much better. People's
webcams that they already own, phones that they already own, highly insecure
software is pervasive in everyone's every day life. It's inescapable.

The pressure you are talking about would be too great. Things would collapse
if it became legal to actively pursue hacking them.

~~~
EdHominem
So instead you want to wait until it gets worse? What's the end-game there?
With bailing wire and plucky determination the FBI and NSA defend us, forever
on guard against the one mistake that may bring it all crumbling down?

This "too big too risk" is precisely why we need this, and needed it twenty
years ago. And we need it now, so that we aren't in a worse spot next year,
etc.

To lessen the pain maybe for the first few years only "mostly harmless" hacks
with full disclosure could be made fully legal. We could ramp up slowly.

------
mordocai
All of the things the governments are trying to do won't (and shouldn't) work
though. We can work around their attempts.

If the government wants data, it should get it at rest not during
transmission. They can get a warrant to get the data store that your data is
residing on. If they can't get what they want because that is encrypted then
they can try to legislate all they want but it is pretty much impossible to
stop someone from encrypting something at rest, especially considering the
existence of the open source and open hardware movements.

------
fatdog
Encryption is political engagement. Loosely translated, TLS and PGP have
historically been computerese for "get a warrant."

Of course the deep state will use politicians to assert its power, and if
politicians do not work for us instead, people will use networks, technology,
and trade (or the alternatives) to defend their freedom.

It is a reasonable question to ask, how long does a typical nation really
maintain its territorial sovereignty, and which ones are outliers?

Kamp misinterprets the fact that because some states have begun to fight means
that they will win. It does mean, however, that crypto facilitates freedom,
and it forces the discussion in regard to the limits on elite powers. The
crypto genie is out of the bottle. It is on states to rethink how they engage,
not us.

------
theandrewbailey
Kinda clickbait-y, and ignores the fact that encrypted communications were
able to be used (with some effort) before Snowden, but his last point is
solid:

> The only way to retain any amount of electronic privacy is through political
> engagement.

~~~
bhhaskin
No its not. The reality is the biggest threat to privacy is due to political
engagement. Stronger encryption that no one can break is really the only
viable option.

~~~
venomsnake
You don't need to break the strong encryption, when you can break the kneecaps
of people using strong encryption.

~~~
hx87
Breaking kneecaps is expensive though. You can't just set up a ring of
roadblocks around a city that kneecaps everyone passing through as a matter of
course.

~~~
dragonwriter
> Breaking kneecaps is expensive though. You can't just set up a ring of
> roadblocks around a city that kneecaps everyone passing through as a matter
> of course.

Once you establish the _willingness_ to break kneecaps, the number of kneecaps
you actually need to break is fairly small.

~~~
hx87
That's true if determining whose kneecaps you need to break is either trivial
(e.g. open dissidents and protesters) or can be easily achieved using social
engineering (e.g. anonymous print pamphleteers). If doing so is a /technical/
rather than social task, and your technical cryptanalysis isn't up to par,
breaking kneecaps is much less powerful of a deterrent because your hit rate
will be very low. Breaking kneecaps to deter the use of encryption itself is
another matter though.

------
jkot
> _Kazakhstan announced that a "state root certificate" would have to be
> installed on all computers wanting to use SSL/TLS/HTTPS out of the country_

Devils advocate: Practically every country (national telecom) has its own root
certificate. Here is the list:

[https://mozillacaprogram.secure.force.com/CA/IncludedCACerti...](https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReport)

When Czech goverment started digitalization, it was very user unfriendly to
install Czech CA. I think Kazakhstan is just using force it has to speedup its
own application.

------
atemerev
Crypto is just bringing back real-life privacy options into digital space.

IRL, two people could go to some quiet place and have a private talk. If they
feel suspicious, they might have checked the place for not being bugged (hard,
but possible).

In the Internet, the default communication mode was public, which was
exploited by NSA and other surveillance organizations. But now, thanks to
usable crypto, two or more people can also have a private conversation, and if
suspicious, they can check for not being MITMed (also hard, but possible).

Therefore, crypto brings nothing new to expectations of privacy, and the
entire premise of this article is wrong.

Nice try, NSA.

~~~
Aelinsaar
Given the pitch in the article, I think they may be switching up for "Ministry
of Truth".

------
ffwd
Nobody really knows the correct answer and I think that's the reason
communication is failing between the government and the tech sector.

I think we have to realize that some transparency into private lives is needed
to have a proper society, and the anarcho-capitalists want full privacy from
the get go and then increasing transparency as needed for society, while
government is kind of hovering on the "we need transparency everywhere for any
arbitrary reason because we don't know when we'll need it", and this is a
difficult position to hold.

I think unfortunately if we are to have a government, we need to do the
latter, because the government can't intrude on privacy NOR punish people
without evidence or at least minimum cause, while in a completely private
anarcho-capitalist society the individuals who don't comply can be punished
indirectly with exclusion and isolation from society. Personally this seems
like a pretty crappy way to do things but that's a post for another time.

~~~
leshow
> I think we have to realize that some transparency into private lives is
> needed to have a proper society, and the anarcho-capitalists want full
> privacy from the get go

This is almost a non-sequitor. If your private life is transparent then it
ceases to be private. You're in fact advocating no private life. I strongly
disagree that this position would be good for society.

It's funny how you'd think you have to be an 'anarcho-capitalist' to want
privacy.

The rest of your comment is a strawman, whatever your feelings about 'anarcho-
capitalism' is irrelevant to having a right to privacy.

~~~
ffwd
> You're in fact advocating no private life. I strongly disagree that this
> position would be good for society.

No, I'm not advocating for anything per se, I'm just bringing up opposite
points of view. I don't have an easy answer either. Second, no privacy is what
has been the standard since governments started. There has been no technology
that has been able to make some aspect of reality 100% private, other than the
decay of physical objects over time, essentially erasing the evidence.

The fact that we can have permanent 100% private aspects of life is a brand
new thing, and thus must be discussed in that manner. That's why I brought up
the extreme of anarcho-capitalism - not to speak against it but as a
counterpoint to what we have now/what has been.

~~~
iamnothere
"No privacy" has certainly NOT been the standard. Before the information age,
people were more likely to communicate extremely private information in
person. Until the invention of microphones, this communication was most
certainly private if you could avoid eavesdroppers! Now, with everything from
TVs to phones to lampposts listening in, this type of communication carries
less of a privacy guarantee, but it's still one of the only methods to obtain
actual privacy under the right conditions.

So let's all go back to in-person conversations, right? It's not that easy.
Friends and loved ones no longer live as close as they once did, as technology
has allowed us to stay connected at greater distances. This means that our
options under the current state of the world are (a) keep sensitive
information away from our trusted confidantes until we see them in person,
whenever that is, or (b) get used to the idea that sensitive information could
be exposed. Either one of these options brings with it increased psychological
stress. This is a big reason why people want "unbreakable" security, and
there's nothing nefarious about it!

~~~
ffwd
> "No privacy" has certainly NOT been the standard. Before the information
> age, people were more likely to communicate extremely private information in
> person.

The first problem with this is that influence and power in society is
proportional to how many people a person has access to and is around in some
way. So yeah you could be private before but you couldn't do nearly the same
damage or have the same influence without having people around. Technology
empowers people across the world while at the same time potentially leaving no
trace. The second problem is that communications is one thing, but evidence
and 'data at rest' is another. Things like sexual abuse pictures, financial
logs like cryptocurrencies, gps coordinates of where you've been, app logs in
your phone and whatever else that may serve as evidence. In the old world, you
had no choice but to burn or bury that evidence, but that also eliminates
their usefulness to the criminal so there's a choice to be made by them before
they destroy it.

Basically in the old world you had physical items in a physical world,
observed by the people around you, and your only friend was physical
isolation, physical obfuscation (burying, using a safe, both of which aren't
100% private), or the decay/destruction of the physical items. Today you have
pristine copies at global scale with 100% privacy and this is far more
effective.

------
darawk
I don't totally understand this view. Government doesn't have a right to
ephemeral conversations that happen in physical space between two people. We
aren't required to record them in case some law enforcement officer might
request them.

Why is online discourse different? Just because the bits still exist in some
sense, why does that mean they need to be accessible?

~~~
sliverstorm
Government doesn't have a right to meticulous transcriptions of every verbal
conversation you've ever had. But, it does have a right to do its utmost to
figure out what was said. It has a right to search your file cabinet, or tap
your phone, or tail you with a detective, with a warrant of course.

~~~
EdHominem
Does it though? A _right_? Like your right to freedom of thought? That's big!
Would you think this if a judge hadn't ruled this way?

Because in our system it's not the judge who can make that call, it's you
(theoretically a citizen) who grants the government the authority to take
certain (constitutionally limited) actions as long as it serves the people.

If the government has a "right" to tap your phone they have the same right to
plant a microphone on you, and at that, they do have a right to every verbal
conversation you've had. Because they can get one from the other.

------
FungalRaincloud
I'm probably echoing others by saying this, but: I don't agree that there is
even correlation between more encryption and less privacy. Even if we were not
attempting to subvert injustices done to us by our own governments by
providing technical solutions, I believe wholeheartedly that many governments
would still be attempting to decrease our privacy in every possible way.
They're using increased encryption use as a scapegoat, but they have never had
a shortage of scapegoats. Not employing strong crypto wherever possible would
be irresponsible for the future of our privacy. Likewise, not engaging in
political activism to change laws that impact our privacy would also be
irresponsible. We need to do both, whenever possible and necessary.

~~~
michael_fine
Typically (in the US) it's been the executive branch that has tried to subvert
privacy (see COINTELPRO), and the judicial which has (sometimes) upheld it.
However, because crypto would actively impede the ability of the judicial
branch to use warrants, I imagine it would alienate our typical ally.

~~~
FungalRaincloud
That might be true, and that's a conversation we should definitely have, as we
decide how we will be governed in the future. But that alone does not mean
less crypto is preferable.

------
rdtsc
So what does he suggest? I think we are supposed to read between the lines,
but I am not sure what that is yet.

Is it just pointing out an interesting contradiction and we should enhance and
improve existing products, or there a message about moving back and reverting
to using weak encryption like before or treating it like "munitions" for
purposes of export control. So you you end up in prison just as long long for
using OpenSSL as for reselling grenade launchers.

Yeah I can see how PR is on government side here -- "look terrorists use this
and other horrible criminals, this needs to be stopped".

The answer usually is -- "Ah, but think of the human rights people from
<insert far away country>" or make a reference to some generalized principle
from the Constitution about freedom from search. Both of those lose in
comparison to an image of scary guy with a bomb under their arm.

So the answer is to operate at the same level of PR. Bring in issues people
can identify with: for companies and enterprises remind them of the Target
credit card breach, about the Sony hack and how embarrassing that is. Or for
private individuals talk about identity theft. Everyone has heard about that
how disruptive and upsetting that is. "We need stronger encryption to protect
you from criminals" kind of message.

(I am not the first one to think of this, I noticed Apple applied this in
their response to FBI. I just thought it was a great approach).

~~~
cbsmith
> So what does he suggest? I think we are supposed to read between the lines,
> but I am not sure what that is yet.

I think the larger implication of the essay is to consider addressing privacy
from a systemic/game theory perspective. The underlying threat isn't
technological, but in the response to technological capabilities. Encryption
is just another capability that provokes a response.

~~~
rdtsc
That's valid. I think they way it is presented it is easy to mis-read it. I
kind of hinted at finding a better way to respond to the problem in the PR
domain.

However,a technological solution can still help. For example, focusing on
plausible deniability, traffic hiding, dead man switches and so on. Technology
is just another approach and for some it might be easier to work with for some
and easier to disseminate.

~~~
cbsmith
I agree that by pointing out how technology can potentially make the problem
worse, the essay can easily be interpreted as a call to throw out the baby
with the bathwater.

Perhaps that _was_ the intended message, but I'd like to think it was
deliberately provocative to stimulate the right kind of thinking.

------
throw2016
This doesn't follow. All it shows that it increases transparency and a
goverment can't pretend to be a democracy while running a total surveillance
operation against public interest and funded by the public on the side.

Non democratic governments are not the benchmarks for democratic behavior by
definition. Governments in countries like Kazakstan and China have already
made it clear they are not interested in privacy and its for their citizens
and social structures to respond.

Countries like the US and UK claim to the defenders of democracy but are
running equally intensive surveillance operations on the side, and in this
case without outliers like Snowden we won't even know. So let this debate
happen in the open so citizens and the state can reach an acceptable consensus
on checks and balances.

It would also be a good idea to remove the emotional threats of terrorism that
are used to manipulate and manufacture outcomes from this debate. There is a
long history of government abuse of power that citizens cannot ignore. There
needs to be more accountability of US and UK relations with Saudi Arabia and
its 30 year funding of wahhabism globally. The effects of this and
geopolitical games cannout be brushed aside as they are fundamental to
terrorism today. Without terrorism there is essentially no debate and citizens
will not give up their rights for day-to-day law and order problems.

------
rietta
Mr. Camp has written about this topic before, see

More Encryption Is Not the Solution (2013)
[https://queue.acm.org/detail.cfm?id=2508864](https://queue.acm.org/detail.cfm?id=2508864)

[http://www.techrepublic.com/blog/it-security/escaping-the-
dr...](http://www.techrepublic.com/blog/it-security/escaping-the-dragnet-of-
surveillance-what-the-experts-say-about-encryption/)

"The recent exposure of the dragnet-style surveillance of Internet traffic has
provoked a number of responses that are variations of the general formula,
‘More encryption is the solution.' This is not the case. In fact, more
encryption will probably only make the privacy crisis worse than it already
is."

[https://lists.w3.org/Archives/Public/ietf-http-
wg/2013JulSep...](https://lists.w3.org/Archives/Public/ietf-http-
wg/2013JulSep/0933.html) Re: Mandatory encryption _is_ theater

" Correct, but if you make encrypt mandatory, they will have to break _all_
encryption, that's what the law tells them to.

As long as encryption only affects a minority of traffic and they can easier
go around (ie: FaceBook, Google etc. delivering the goods) they don't need to
render _all_ encryption transparent. "

------
infodroid
This reminds me of a 2013 blog post by Albert Wenger where he argues that
treating the problem of mass surveillance as a technical problem is futile:

 _We cannot and should not be living in digital fortresses any more than we
are living in physical fortresses at home. Our homes are safe from thieves and
from government not because they couldn’t get in if they wanted to but because
the law and its enforcement prevents them from doing so. All we have to do is
minimal physical security (lock the doors when you are out)...

Surveillance is a political and legal problem, not a technical problem. We
have to all become outraged and start a big and public online and offline
campaign to take back the law into the hands of the people and their
representatives and away from secret organizations “overseen” by secret courts
in a system that goes beyond Kafka’s worst nightmares._

[http://continuations.com/post/60444129080/disagreeing-
with-b...](http://continuations.com/post/60444129080/disagreeing-with-bruce-
schneier-more-crypto-is)

------
upofadown
>When Edward Snowden made it known to the world that pretty much all traffic
on the Internet was collected and searched by the NSA, GCHQ (the UK Government
Communications Headquarters) and various other countries' secret services as
well, the IT and networking communities were furious and felt betrayed.

That's not how I remember it. Among those communities it was pretty well known
that such surveillance was occurring. Knowing the scope of it caused a sense
of obligation; that we should finally get around to adding some privacy
protection to day to day internet traffic. Everyone knew that it was something
that had to be done sooner or later.

------
serge2k
> whatever you may feel about politicians, they do have the legitimacy and
> power to do so. They have the constitutions, legislative powers, courts of
> law, and police forces to make this happen.

Do they have the actual power?

As the article states, the reason for the all or nothing approach is that we
currently don't have any way to do a middle ground with TLS.

We have the technology, and it's already available anywhere. How do you
actually put that genie back in the bottle? Probably the best you can do is
heavy handed enforcement.

That also does nothing to deal with the fact that an organization like ISIS
are going to find ways to continue to use strong encryption.

------
homulilly
I think the author is completely wrong on the premise that more encryption has
meant less privacy. People are using more encryption because we already had no
or little privacy. It hasn't gotten worse, it was already this bad.

He is right on one count though, this isn't a technical problem and it cannot
be solved through a purely technical solution.

------
cJ0th
<rant>

everything means everything. lately i am starting to become really mad at high
schools and universities for teaching this "x implies y" mentality as a tool
to look at real world phenomenas. thanks to this kind of "education" everyone
constantly feels like s/he is discovering some Ultimate Truth™ and thus fails
at accounting for a chaotic, ever changing world. "cause and effect" may
exists but these pattern mostly happens on a scale for which human language is
just too clumsy.

stop writing and discussing these articles. if you really got nothing better
to do at any point in time, just stare out of the window for a while and relax
a bit.

</rant>

~~~
mark_edward
This is incoherent

------
mdip
The observations being made are correct in that what he's describing is
actually and actively happening. The spot where things stop working is in the
very last paragraph in that it very neatly wrecks the argument:

 _Slapping unbreakable crypto onto more and more packets is just going to make
matters worse. The only way to retain any amount of electronic privacy is
through political engagement._

The words "any _amount_ of electronic privacy" are where we have big problems.
When it comes to protecting privacy from the prying eyes of a hacker, the only
_amount_ of electronic privacy that is acceptable is _total_ privacy through
_unbreakable crypto_. This is the problem our politicians have a difficult
time grokking but most of us understand: what the _government_ is able to
break into (i.e. a lesser amount of privacy from _total_ ) is also able to be
broken into by a hacker. And, in fact, it becomes more easy if it is
government mandated since a hack only need to attack the specific method used
by the government to inspect those packets.

I agree that political engagement is necessary, but so too is _slapping
unbreakable crypto onto ore and more packets_. The political engagement needs
to come in the form of educating politicians on the realities of today's
internet-connected world. We either have solid, unbreakable encryption[0]
which necessarily includes protection for people performing financial and
otherwise sensitive operations over a public network or we have limited and
government-breakable encryption that offers _less_ security than "in the
clear" transmission[1].

[0] To the extent that such a thing is possible since this isn't a "set it and
it's done" sort of situation but an ever increasing arms race of privacy vs.
attacker. This includes such things as ensuring researchers are allowed to
test/expose and validate said technologies and not be hindered by legal
requirements that prevent them from notifying people of the dangers of broken
crypto.

[1] At least, potentially less. Assuming the "backdoor" method is used and
protected as well as TSA master keys, we now have a scenario where limited use
results in easy to identify "high value" traffic and less security because the
hacker need only attack the government for the masters. Even if a much more
"well thought out" method is used for providing government access, the
problems multiply since now we're not only having to create sufficiently
attack-resistant protocols but also manage sufficiently complicated escrow or
other processes to provide access. Complexity is the enemy of reliability.

------
carapace
Just out of curiosity, can anyone reading this say that their mind has been
changed, even a little bit?

------
Kenji
This argument is like saying that if you build a castle to protect yourself
from the attacker, you are responsible for the enemy's construction of
trebuchets that siege the castle. Yeah, the castle builders are at fault.
Nevermind that they protect so many innocent with their work.

Of course we need political involvement, but we _also_ need encryption
everywhere, literally everywhere.

~~~
phkamp
You should study the history of anti-ballistic-missile defense systems, and
you will find that for the longest time nobody wanted them, because that would
force the enemy to attack before they were completed.

Never build more formidable weapons _or_ defenses than you are willing to lay
your life down for.

~~~
hansjorg
You're describing a reluctant, cautious and rational adversary.

There never was any effective political opposition to "Star Wars" in the US.

------
Glyptodon
Yes, math is not like gravity and can be overturned by legislation. Really
now?

------
mtgx
I assume the author also believes that war is peace, freedom is slavery, and
ignorance is strength.

~~~
acuozzo
And I assume that you failed to read the article.

