
‘Five Eyes’ Nations Quietly Demand Government Access to Encrypted Data - aaronharnly
https://www.nytimes.com/2018/09/04/us/politics/government-access-encrypted-data.html
======
motohagiography
Of course they are going to ask, and legislators will weigh the political
cost/benefit to it.

My impression from the previous crypto wars and the skirmishes that have
followed is, as technologists, we take a very tactical view of technology, and
underestimate the intentions of people who understand power and politics the
way we understand information systems.

The way we see the security of a system, they see the sovereignty of a state.
Just as incompleteness in our code can yield system level compromises,
incompleteness in their ability to apply their rules to their territories and
domains also yields compromises that makes the whole system untrustworthy.

I don't agree with what I perceive as their Hobbes-ean need for total control,
where I think the localized, depth first absolute authority of a state becomes
malignant when it is applied breadth first and in totality to all aspects of
life, but you can sympathize with the urge without agreeing with it.

They should be mindful that post-Snowden, no matter how large the field we
live in, people have seen the walls and bars at the perimeter, and that broad
perception is likely a greater source of instability than any gaps in the
ability of the state to enforce them.

Viewed this way, the 5Eyes statement seems unwise.

~~~
3pt14159
The apparently Hobbesian view that you have over FVEY's desire to decrypt data
is misguided. Most people that work in politics or intelligence in liberal
states aren't in it for the power. They are either curious, desire a life of
excitement, or want to bring positive change to society.

They want to decrypt data because they want to protect people from threats.
I'm not saying we should allow them to, but ascribing malintent is misguided.

Edit:

Before the reflexive downvotes ask yourself: Who is asking for the ability to
decrypt? These people are making half or less what they could make in the
private sector.

~~~
majewsky
My perspective is that it's all ass-covering. When the next terrorist attack
comes, they want to be able to say that they did everything they could to
prevent it.

~~~
vinceguidry
If ass-covering is the goal, then the plan there is to loudly ask for
information while quietly ensuring that they won't get it, then when the next
attack occurs they'll have an easy scapegoat.

If they actually get the information then the next attack will make them look
worse.

------
ben_w
Ultimately these governments can break security at any level. It’s not just
the encryption or the apps — if they require the OS manufacturers to cooperate
with them, they can record all user input and output. Likewise hardware
manufacturers.

It’s not just phones or computers, either — The UK was well known for having
high CCTV density well before the proliferation of low-cost digital cameras;
By my estimate is now well within government spending limits to put _all_
movement under surveillance by putting cameras on every corner which combine
ANPR and facial recognition to cover pedestrians and cyclists as well as
motorists; and laser diodes are so cheap every window, never mind person, can
be surveilled with laser microscopes.

This is also cheap enough for criminals to do it. I recently got (fake) scam
blackmail emails demanding bitcoin under the threat that they had used my
webcam to record me watching porn (duct tape over my webcam says they didn’t),
but imagine a local crime gang doing that with a drone pointing at your
window.

We have to change a lot of stuff in out society very quickly to keep us all
safe. We need a world where none of us _need_ secrets, because very soon we
won’t have the ability to keep them. We also need the ability to survive
_ourselves_ breaking the law, because the law was created with the (at the
time reasonable) belief that only important violations would be brought to the
attention of the authorities, because most of us can’t get through the day
without violating several [1], and because even though current state-of-the-
art A.I. can’t automatically enforce all those laws, we should assume that is
coming.

But not just what, also how fast it changes and how slow we react: How long
ago was it demonstrated that keys can be duplicated from a single image taken
by a telephoto lens? And how many keys have been made safe against it since?
The only thing keeping us safe is that even the bad actors aren’t keeping up
with the tech. That isn’t good, because it means that whoever does use it will
look, what’s the phrase, “indistinguishable from magic”.

[1] [https://mises.org/library/decriminalize-average-
man](https://mises.org/library/decriminalize-average-man)

~~~
oliwarner
The UK already has very serious ANPR coverage. I haven't been on a motorway
without it in the last few years —many A roads too— but it goes much deeper
than that. I'm in the middle of nowhere and a dinky little B-road near me has
a 4×2 grid of ANPR cameras monitoring traffic on both directions.

Most interestingly are the justifications for these things. Widespread ANPR
means it's easy to find people who are driving their cars without MOT, VED and
insurance. People without those are liabilities to us all, so we don't want
them on the road, right?

It's just a happy coincidence that the security services also get to monitor
more and more movement in the country.

I wish they'd fund health and social care with as much enthusiasm.

~~~
WorkLifeBalance
Every petrol (gas) station has ANPR; which makes sense, you can't get too far
before you have to fill up.

~~~
bloak
If you're on the run, you've probably changed your number plate. If you're
just an opposition politician being monitored, then where you buy petrol
probably doesn't reveal very much about your activities. And you're probably
using a card to pay for the petrol anyway.

~~~
josephg
Sure; but it raises the bar for criminals. Ie, it makes being an effective
criminal require more knowledge and more work. And that makes a huge
difference in practice. How many criminals actually have good enough opsec to
change the license plates on their car? I bet it’s well under 20%. And I know
that an 80% solution kills me as an engineer, but I bet law enforcement sees
an 80% solution as a massive win.

Us technologists should know how much this stuff matters from the huge effect
good design has on product adoption. (Or dark patterns on user behaviour).
This is the same effect in action - changing defaults changes the behaviour of
the majority.

Another example: People say that “if you make guns illegal only criminals will
have guns”. Yet here in Australia very few crimes are committed using
firearms. This is the same effect in action. (I’m not arguing for gun control
- just that these laws have an effect)

And with that in mind, I think the reason why we’re finally seeing a big push
from the 5 eyes is because finally, _finally_ one of the big chat platforms
(WhatsApp) has rolled out end to end encryption. That lowered the bar far
enough that privacy from the government is becoming the default.

One implication of this way of thinking is that it changes where the battle
lines are. To win, the government doesn’t need to make end to end encryption
impossible. They just need to make end to end encryption a bit difficult and
non-obvious. Doing that will probably push the % of criminals who use proper
encryption back into single digit percentages. After all, if you can research
and understand the implications of application and messaging security, you can
probably make a better living working at an IT desk somewhere than you can
from stealing cars. Law enforcement would probably see that as a huge win,
even if all us techies can keep sideloading Signal or whatever.

Personally I don’t consider that good enough - I want a society where everyone
has privacy. Not just those who have opted in to it.

~~~
ben_w
> After all, if you can research and understand the implications of
> application and messaging security, you can probably make a better living
> working at an IT desk somewhere than you can from stealing cars

I doubt that. I think the main thing keeping cars safe from the 1% or so who
don’t care about the law or ethics of theft is that it’s almost impossible to
get away with it. Those with the relevant skill and the willingness to be
criminals probably just take an easier approach, like card skimming.

This belief is based on how much second hand cars are worth and therefore how
few cars a thief would need to steal each month for a very big salary.

~~~
bloak
I think you can get away with it, if you know what you're doing, but a stolen
car is worth a lot less than the same car sold second-hand legitimately.
Probably you either have to sell it to someone who knows it's stolen, knows
not to take it anywhere near a legitimate service centre, and is prepared to
forfeit it if stopped by the police, or you break it up and sell the parts, or
you have a way of smuggling it out of the country to somewhere where they
don't care about where cars came from.

~~~
josephg
Right; and this was my point in the first place. The police don't have to make
it _impossible_ to get away with stealing a car. They just need to make it
difficult and awkward. Thats still enough to massively disincentivized car
theft - which in turn has resulted in far fewer cars being stolen.

Likewise if they ban end-to-end encrypted chat apps from the app stores, I bet
that would decimate the number of people who used them. Even if anyone _could_
just get an android phone and sideload signal, in practice adoption would
still fall low enough to make law enforcement happy. Even amongst criminals.

------
aneutron
It feels weird to read stuff like this, really.

What they want is to be able to wiretap people, without them knowing. Because
if encryption is what's bothering them, you can get a warrant, seize the phone
and/or computer, and make the owner unlock it / give you the keys, by law.

It is perfectly logical and lawful. However, if unwarranted (in the sense of
without a warrant) wiretapping is involved, then yes, encryption "hinders the
law enforcement". Except it doesn't. Because as mentioned earlier, just get a
warrant, and make the owner unlock / give you the key, by law.

It doesn't hinder the law enforcement, it hinders the intelligence agencies
work and makes it less invisible. And I kind of think that's a good thing too.

~~~
wereHamster
> […] make the owner unlock / give you the key, by law.

That only works if you can threaten to put the owner into jail for not
complying. If you're trying to spy on communication between two people outside
your jurisdiction, you're out of luck.

(that doesn't mean I support the US governments attempt to undermine secure
communication)

~~~
jowsie
Refusing to provide your passwords is itself a crime in the UK, not to mention
obstructing an investigation and god knows what else they decide to stick you
with for trying to have some privacy. I believe the idea is to threaten you
with more jail time than you would receive for the crime you possibly
committed.

~~~
wereHamster
> […] a crime in the UK

I don't think somebody living outside of UK cares. The threat only wors if
that person lives in UK jurisdiction. Not everybody does.

~~~
mirimir
It seems to work in the US. There's a man in Philadelphia, who's been jailed
for years. He's charged with contempt of court. because he claims to have
forgotten the FDE key for his macOS box. Which investigators believe is loaded
with child porn. And so he periodically sees the judge, who extends his
sentence for contempt. There's apparently no limit under current US law.

------
arminiusreturns
Let's not kid ourselves. Surveillance moves like this are about control, not
security, and especially not about national security. If anything, moves like
this actually weaken national security by forcing bad standards and backdoors
on people.

The 1946 USUK act that officially created the five-eyes in the first place
post-Atlantic treaty needs to be completely re-evaluated and potentially
scrapped.

------
mirimir
As I see it, any system that can be compromised to pwn malefactors - even the
most conceivably horrible terrorists and criminals - cannot be trusted. And
notwithstanding all the slander and conspiracy theory, Tor is perhaps the only
working example of a compromise-resistant system. Unless it actually is
backdoored, anyway.

Obviously, the Five Eyes don't see it that way. But I gotta wonder how
commonly Tor is used among TLAs, and how the debate goes, if it is. Because
this would destroy Tor. Unless operators were totally anonymous, and relays
only stayed up until targeted.

~~~
jedberg
I thought it was decided that tor was already compromised, because the five
eyes intelligence apparatus already controls more than 50% of the exit nodes,
giving them almost complete insight into where all the traffic originates?

~~~
DownGoat
They rely on Tor themselves, they have a strong incentive to disclose/patch
any major flaws in the protocol. They might exploit smaller flaws for a single
operation, but they probably have more to earn from a healthy Tor network.

~~~
mirimir
That's the dogma. But do we really know that?

~~~
DownGoat
We as in the public can probably never be 100% sure of that, but looking at
where the project started, and the current state of anonymous networks there
is no real alternative. They are definitely using Tor to make attribution
harder when running operations, there are no real alternatives. They benefit
from Tor being open and used by everyone else, it is much easier for them to
hide in the noise of all other traffic then.

~~~
mirimir
Yes, I do agree. However, some say that's just the cover story, and that Tor
overall is a honeypot. Or at least, that Tor is a honeypot for all users
_except_ US government operatives. There's no way to be sure, right?

As far as alternatives go, maybe they have something like Tor (onion routing)
or I2P (mix networking) that user covert channels. It could even be running on
government-controlled Tor relays. Or maybe installed as hidden malware.

That seems unlikely, of course. But remember when allegations about ENIGMA
were totally conspiracy theory.

~~~
snowwrestler
If Tor is just a honeypot, then when does it pay off? There are tons of
illegal activities going over Tor right now, including truly awful stuff like
terrorist attack plotting and recent pictures of child abuse. If Tor is
surveillable, why isn't that surveillance being used to catch and prosecute
those people? What are they waiting for?

I will say (while acknowledging that I can't prove this) that I have friends
who work in national defense and law enforcement, for whom Tor is an
impediment. I've never heard them talk about a magic decrypt button; quite the
opposite. So if Tor can be decrypted, it is a capability that is closely held
and rarely used.

~~~
mirimir
There _is_ lots of horrible stuff on Tor .onion sites, yes. But there was a
lot more of it a few years ago. Given general technical cluelessness, even
among assholes, much of it was hosted by a few services. Such as Freedom
Hosting. But it and some newer ones were compromised, run for a while as
honeypots, and then taken down. There aren't really that many independent
.onion sites with technically competent operators. Some of the hard-core child
porn sites, perhaps, and some of the persistent dark markets. But who knows
which of _them_ are honeypots? I mean, PlayPen ran as a honeypot for months,
with no interruption in the sharing of child porn, plus infecting users with
phone-home malware.

It's not that there's a "magic decrypt button" for Tor. However, it's very
likely that the NSA and GHCQ, at least, have some capability to identify Tor
.onion sites and users. But they arguably don't want to reveal capabilities,
and so are very careful about disclosing information. To some extent, that
happens under programs like the DEA's SOPA. But on the other hand, recall that
the NSA was cagey about revealing intercepts that could have prevented the
9/11 attacks. Or that charges against the Weathermen were dropped in 1973,
after the (then unnamed) NSA got squirrelly about its intercepts being
introduced as evidence.

Overall, I'm relatively confident that Tor isn't fundamentally backdoored. But
there's no way to know what's going on with any .onion sites that you access.
They could be FBI honeypots. Or Russian honeypots. Or independent criminal
honeypots. You gotta treat them all as radioactive. As sources of malware and
worse. That means at least using Whonix, running on a Linux host machine. And
better yet, a dedicated host, used only for Tor and other iffy stuff.

------
mactavish88
Surely the final solution to this problem is a community-based one - one that
decentralises the tech giants?

I'm still struggling to figure out why a cohesive, widespread, community-
driven solution hasn't emerged yet. Anybody have any ideas as to why?

~~~
ohthehugemanate
Technologically, it's end to end encryption, with forward secrecy. Done. We
have lots of commercial and non commercial products that do this, from PGP to
Signal. Even WhatsApp does it.

Eventually, the elderly, uninformed US government is going to pass a law
requiring a back door. And two things will happen:

\- someone nefarious will get the private key, and do something nefarious with
it. (Hopefully no one will die)

\- offshore private messaging will become a thing.

There's a market for bith insecure-but-endorsed and secure-but-illegal, to be
sure. And the 5 eyes will probably fight for decades to squash private
messaging.

For a worst case scenario, see the war on drugs for an example of how this
could go.

~~~
jstanley
> Eventually, the elderly, uninformed US government is going to pass a law
> requiring a back door.

Eventually, the elederly, uninformed governments are going to die off, to be
replaced with younger governments. Still uninformed, but hopefully less
tyrannical.

> offshore private messaging will become a thing.

This won't have to happen. Just because the law says there has to be a
backdoor doesn't mean open source software developers will comply. Develop
your software anonymously, release it anonymously, and run it wherever you
want. It doesn't need to be a service provided by a company in a foreign land,
it can just be software you run on your own computer.

~~~
cyphar
> Still uninformed, but hopefully less tyrannical.

I don't think this is a reasonable thing to just hope for. Historically,
governments have always had tyrannical streaks and I don't think it makes much
sense to simply assert that "this time it'll be different". It probably won't.

~~~
jstanley
I think policy just lags social acceptance.

It never used to be legal to be homosexual, for example, then it became
socially acceptable, and then a generation of politicians had to die off, and
then it became legal.

------
mmxi
I think this is quite similar to ad-blocking. If ads would have stayed small
instead of becoming assholes, nobody would have adblockers. And if the
intelligence agencys wouldn't spy on anyone but only with a court-order,
encryption wouldn't be that interesting as well.

~~~
mirimir
Not really. Before the 80s brought ubiquitous personal computers, and academic
cryptography became a thing, the NSA and its friends had pretty much a
monopoly on strong encryption. That is, encryption was implemented by
dedicated hardware. There weren't that many manufacturers, and they were under
intense pressure to only sell strong encryption to the NSA and friends, and
sell backdoored stuff to everyone else.

So anyway, we went through this in the 90s (the Clipper Chip). That died down,
in part because terrorists and criminals weren't really using much encryption.
But now we have iPhones with strong encryption, and TLAs and LEOs are
seriously freaked.

------
fixermark
This seems like a pretty empty threat. The government already has the
authority to demand lawful access. "Lawful" includes a warrant. If the
government wants to show up with a warrant, I expect companies to aid the
government in gaining access to legally-relevant data. If they want help in a
broad-spectrum fishing expedition, the US at least has no clear affirmative
authority and a small pile of legal precedent based upon the Fourth Amendment
that says they in fact lack that authority.

The fact they had the technological capability previously to act without
Constitutional authority is irrelevant. Show up with a warrant or go pound
sand.

~~~
natch
Whether they get a warrant or not is orthogonal to the question of whether
they ultimately succeed in breaking security for virtually everyone and
everything.

In other words this notion of “get a warrant or pound sand” ignores that even
with a robust legal warrant-requiring regime, they still would need to require
back doors (key escrow, effectively the same thing) that would screw up
security royally in order to get what they want.

------
code4tee
Simply put, actions like this reaffirm that encryption works. Use it.

------
willfiveash
I would refer people to these two posts about this subject:

[https://www.schneier.com/blog/archives/2018/09/five-
eyes_int...](https://www.schneier.com/blog/archives/2018/09/five-
eyes_intel.html)

[https://boingboing.net/2018/09/04/illegal-
math.html](https://boingboing.net/2018/09/04/illegal-math.html)

Basically, crypto backdoors are a very bad idea.

------
crummy
Maybe this is a stupid question, but if the tech industry claims that you
can't make a backdoor safe, how do they keep safe their update mechanisms?
Aren't they basically backdoors-by-design?

~~~
Canada
In a sense they are, but they send the same updates to everyone whereas a
backdoor needs to allow malicious actions to be taken against specific targets
only. If vendors are forced to abuse updates in this way then users are going
to demand a certificate transparency-like system to stop the abuse.

~~~
ENOTTY
> they send the same updates to everyone

Google's staggered updates to Chrome are updates sent to specific targeted
users. The iOS App Store (and Google Play store, I believe) has an opt-in beta
program that also sends betas to specific targeted users.

> If vendors are forced to abuse updates in this way then users are going to
> demand a certificate transparency-like system to stop the abuse.

But yes, leveraging users' trust in the update system is a risk that needs to
be factored into the debate.

~~~
Canada
Right, I'm not suggesting that it's even remotely possible for millions of
systems to be updated at the same instant, just that outside of some special
circumstances like beta channels (yes Google Play supports this) the huge
numbers of devices are offered the same updates.

If trust is lost in the update mechanisms then something will be done to
restore it. That would likely be large developers like Apple, Microsoft and
Google deploying a technical solution to prevent themselves from sending
different updates to different devices without loudly warning the user and
automatically reporting the attack to the world. That would please users and
reduce compliance costs. Really, the major operating systems should just do it
now to prevent this from becoming a problem in the first place.

------
forapurpose
> part of an escalating war between government officials and Silicon Valley
> over access to people’s private data

Who is missing from that competition?

I'm purposely misconstruing the meaning, but it makes an ironic point.
Remember that most of these tech companies make money by collecting and using
the same data they claim to protect, and some provide it to the government.

------
JTbane
Legislators don't seem to understand that backdoored crypto is bad crypto.

If I write a chat app that uses strong encryption, with the keys stored on
each user's device, there are no legal grounds for me to modify any part of my
app if the government wants access.

------
leptoniscool
It's likely the 'Five Eyes' already have access to all or most data from the
level of telecom equipment. This is probably why they banned Huawei and ZTE.

------
fosco
What can we do about it?

------
arkadiyt
Previous discussion:
[https://news.ycombinator.com/item?id=17898498](https://news.ycombinator.com/item?id=17898498)

~~~
dang
Yes. Normally we'd mark this one as a dupe of that one, but it seems to be
taking this story a while to ripple through the system as people become aware
that that document was published and try to figure out what it means. Since
the NYT article does contain some new information as well as more background,
we'll leave it up.

------
macawfish
Fascism.

~~~
dang
Please don't post like this. Even if you're right, an unsubstantive single-
word comment is not the thing to post—and certainly not that word, which leads
to the nether regions of the internet barrel.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
vikiomega9
As an aside, I recently came across the argument that programs like Five Eyes
were designed because of mass infiltration of immigrants/others who are not
designed for Western ideas/government and that it's the price that people pay
for relegation of their freedoms. So I might have been living under a rock but
this argument is on the alt-right for what it's worth but I'm not entirely
sure how to process it. In the sense that there's far too much irony and the
lack of a unified framework of laws that work towards humanity maybe? (Sorry
for the incoherent thought but I had to get this off my chest)

~~~
lozenge
That doesn't really make sense to me. Five eyes, and intelligence agencies,
collect information that has nothing to do with people in their countries. For
example the US tapping Merkel's phone or bugging the Copenhagen climate talks.
It is done to gain diplomatic, military and economic advantage. You can sample
them on Wikileaks.

~~~
vikiomega9
Isn't PRISM and other related programs part of Five eyes? I guess my point was
more that as the US moves away from it's War on Terror the next natural target
is on ideology

~~~
tumetab1
Not really since that target probably doesn't support the selling of more guns
to the USA agencies.

