
G7 Comes Out in Favor of Encryption Backdoors - hsnewman
https://www.schneier.com/blog/archives/2019/04/g7_comes_out_in.html
======
deogeo
If intelligence agencies really want access to someone's data, they can plant
bugs, or spy on them as they type in the password, or compel them with jail
time. This isn't about access - it's about cheap, covert access, and in bulk.
It's not enough for them to metaphorically break into your house and go
through your stuff - they want you to remain unaware of it. Only not just your
house, but everyone's.

~~~
Mirioron
And not just once, but all the time, in real-time.

~~~
squarefoot
A good reason to support Coreboot, Libreboot and similar projects since most
of us already run hardware that can be exploited remotely, probably by design.
[https://www.eff.org/it/node/95854](https://www.eff.org/it/node/95854)

------
Mirioron
I think the only way lawmakers will learn that weakening encryption is a
terrible thing to do is if one country does it and their banking system gets
crushed by it. Or something else as disastrous would have to happen for them
to learn.

~~~
ianlevesque
Like we’ve learned from all the other private sector security breaches?

~~~
Mirioron
But those weren't due to the actions of the lawmakers. They won't learn from
that.

------
thestartup
What about developing a three-party system where the third party doesn't have
any "master key" (to prevent a single key from compromising the encryption
system), and perhaps the third party has something akin to a "slow hash" that
is time consuming to decrypt (to prevent bulk real-time decryption by NSA,
etc.) but still allows LEO access when truly needed? Maybe the third party's
encryption would, in this sense, be much more difficult to decrypt, so that
the three-party system would not be significantly weaker than the two-party
system?

There is already unbreakable encryption publicly available for those who wish
to use it. I personally feel that it's irresponsible to deploy unbreakable
two-party systems at any national/global scale.

~~~
acct1771
Why would you be trying to enable this?

~~~
thestartup
As stated, in my opinion, it's irresponsible to deploy unbreakable two-party
encryption at a national/global level. IMO, authorities should have a way to
decrypt the encryption used by the masses, when needed.

Further, it's clear that policy makers will typically push for such a
mechanism. If such three-party systems are to be deployed, it would further
your privacy cause to help to develop such a system, if your efforts to push
back without compromise do not bear fruit.

~~~
deogeo
Is it also irresponsible to allow cars and houses without always-listening
microphones planted in them?

~~~
thestartup
Not relevant to the topic.

~~~
deogeo
Why not? People could say anything to each-other in private - shouldn't the
authorities have a way of finding out what was said, when needed? How does the
medium of communication change things?

~~~
thestartup
The topic is about encryption, not microphones.

~~~
deogeo
The topic is government access to private communications - encryption is an
implementation detail.

~~~
thestartup
No, the name of the G7 document is "Combating the use of the internet for
terrorist and violent extremist purposes". Scanning the PDF, there doesn't
appear to be any discussion about microphones placed in vehicles or
residences.

~~~
BubRoss
Encryption keeps communication private, talking to someone directly keeps
communication private. The analogy is extremely simple, it seems like you are
intentionally trying to ignore it.

Do you think the government should be able to listen and see all of your
communication?

~~~
thestartup
> Encryption keeps communication private, talking to someone directly keeps
> communication private. The analogy is extremely simple, it seems like you
> are intentionally trying to ignore it.

The analogy breaks down when considering that direct communication in a
confined private space is not the same thing at all as creating virtual
private / untraceable spaces on a global encrypted communication network, as
it pertains to natsec.

> Do you think the government should be able to listen and see all of your
> communication?

It depends on context. Confined private spaces aren't the same thing as remote
communications through the internet or airwaves. Globally deployed mass
2-party strong encryption meant to entirely lock out the ABC's at scale isn't
the same thing as not stopping those who seek to use already-available 2-party
strong encryption tools. Designing a system that still allows an "in case of
emergency break glass" mechanism to stop terrorism/acts of horror is a good,
responsible policy.

FWIW, I completely disagree with the actions of Edward Snowden. He should be
executed.

It would be something if the NSA really is fighting to give privacy back to
the people (stolen by corporate and entrenched government interests) while
still being able to protect us. What a tough challenge that must be, to secure
our comms while still having a way to perform sigint. God bless patriots who
can see the bigger picture.

~~~
BubRoss
You are conflating untraceable and private. You keep saying two things are
different without explaining why you think they are fundamentally different.

What do you think about the fact that the US literally has a right to privacy
in their constitution?

Finally, let's see if you are consistent in your beliefs. Upload an archive of
all your emails and chat logs to a public server so that anyone can read them,
since having your communication intercepted does not seem to bother you.

~~~
thestartup
> You are conflating untraceable and private. You keep saying two things are
> different without explaining why you think they are fundamentally different.

The differences are obvious. Encryption isn't the same as microphone placement
or privacy expectations in a home or vehicle. The article had nothing to do
with microphones, homes, or vehicles. It was about data centers and
encryption.

> What do you think about the fact that the US literally has a right to
> privacy in their constitution?

Again, the discussion is about encryption standards, not constitutional
privacy. As I recall, constitutional privacy in terms of the internet, etc,
have been explored by policy makers in detail.

> Finally, let's see if you are consistent in your beliefs. Upload an archive
> of all your emails and chat logs to a public server so that anyone can read
> them, since having your communication intercepted does not seem to bother
> you.

Your proposed litmus test has nothing to do with my implied or stated beliefs,
at all. Frankly, that you're even proposing such a thing is concerning to me.

~~~
BubRoss
The difference between us is that I explained why I said what I said while all
you have done is repeated your position with no deeper explanation, which I'm
guessing is because you don't have a deeper explanation, just an emotional
belief.

If you think that people should not have private communication on the
internet, prove that you aren't a hypocrite and upload an archive of your
emails and chat logs. If that bothers you, maybe your hypocracy and poorly
thought out position on encryption should bother you.

------
simonblack
Clipper was a disaster (what? 30 years ago?) but we continually have idiot
governments still persisting in trying to make square wheels.

