
Attorney general: Americans should accept security risks of encryption backdoors - pseudolus
https://techcrunch.com/2019/07/23/william-barr-consumers-security-risks-backdoors/
======
rgbrenner
Barr is just the latest to advocate backdoors at the DOJ. Here's an incomplete
list:

Rosenstein: [https://www.justice.gov/opa/speech/deputy-attorney-
general-r...](https://www.justice.gov/opa/speech/deputy-attorney-general-
rosenstein-delivers-remarks-2017-north-american-international)

Sessions: [https://www.justice.gov/opa/speech/attorney-general-
sessions...](https://www.justice.gov/opa/speech/attorney-general-sessions-
delivers-remarks-association-state-criminal-investigative)

Comey: [https://www.theguardian.com/technology/2015/jul/08/fbi-
chief...](https://www.theguardian.com/technology/2015/jul/08/fbi-chief-
backdoor-access-encryption-isis)

Comey engaged in a long running campaign on this from at least 2014, until he
was fired.

Lynch: [https://www.networkworld.com/article/3040224/attorney-
genera...](https://www.networkworld.com/article/3040224/attorney-general-
doesn-t-budge-on-apple-and-encryption-in-rsa-talk.html)

Holder: [https://www.washingtonpost.com/news/the-
switch/wp/2014/09/30...](https://www.washingtonpost.com/news/the-
switch/wp/2014/09/30/holder-urges-tech-companies-to-leave-device-backdoors-
open-for-police/?utm_term=.7b88f6d106d3)

Let's all hope they continue to fail.

~~~
domnomnom
It’s almost as if access to high levels of intelligence has an influence on
ones perspective.

Not that I’m taking a position on things either way really. The likes of apple
should be able to do what they please — just not be surprised when they find
the government installing the backdoors themselves.

~~~
rgbrenner
I can't tell if you're for or against backdoors with that statement. Either
way, I disagree. I don't think those for or against it are dumb people.

They're just in a different position... In the DOJ, encryption gets in the way
of their job--catching criminals... while the penalties for a backdoor fall on
others (those responsible for the data). There's no downside to them
personally (and very little for the DOJ itself) for getting a backdoor.

The opposite is true for those not in the DOJ... the protection for our data
is compromised.. and in exchange, the DOJ is able to prosecute some criminal
we've never known, met, or had any contact with.

To those in the DOJ who deal with criminals everyday, their ability to
prosecute criminals is of the upmost importance to them personally... and for
the rest of us, unless we're a victim of a crime, there's only downsides to a
backdoor.

~~~
magduf
>There's no downside to them personally (and very little for the DOJ itself)
for getting a backdoor.

There is if the people in the DOJ suffer from identity theft and get their
bank accounts cleaned out because some nefarious people exploited the
backdoors.

~~~
grimjack00
Except legislation requiring backdoors will either exempt systems used by
government workers of a certain level, or provide much higher penalties if
those workers experience a breach.

~~~
magduf
That only works if the government is going to set up its own bank for use by
government employees.

------
pavel_lishin
> _But law enforcement says encryption thwarts their access to communications
> they claim they need to prosecute criminals._

I think I have more to fear from the government than I do from the types of
criminals that encryption backdoors would thwart.

~~~
ChrisCinelli
It is fair to assume that the general public knows very little about how many
dreadful criminal activities they were able to avoid because they could tap
into some conversations early on: massive shootings, terroristic activities,
nuclear weapon programs of countries that should not be trusted with them,
drugs that may have killed users and mere stupidity that may have started new
wars.

I think that the only way agencies were able to keep postponing the end of the
Patriot act and related laws (
[https://en.wikipedia.org/wiki/Patriot_Act](https://en.wikipedia.org/wiki/Patriot_Act)
) is presenting massive evidence to the congress of the tragedies they were
able to avoid with the power granted by those laws.

Somebody that was publicly martyred by a country of great power makes more
noise than a war that was avoided.

Weakening strong cryptography is not the solution but I think we sometimes
grossly underestimate the other face of the coin.

~~~
icebraining
Cryptography and secure messaging systems are not all under US jurisdiction.
If access to backdoors alone has kept multiple massive criminal activities
from being executed, then surely we should see some being successfully
executed by the groups not using backdoored encryption.

The fact that we don't suggests either that (1) backdoors aren't that
essential to thwart them or (2) there are no such regular massive attacks.

Further, as people like the US Attorney General helps to publicize those
backdoors, more criminals will choose alternative messaging systems (fewer of
which are backdoored), making the US less safe.

~~~
ChrisCinelli
That is why I wrote "Weakening strong cryptography is not the solution."

------
apo
> The risk, he [Barr] said, was acceptable because “we are talking about
> consumer products and services such as messaging, smart phones, e-mail, and
> voice and data applications,” and “not talking about protecting the nation’s
> nuclear launch codes.”

Two things about this odd quote, which dances on the edge of the Orwellian
"nothing to hide" argument:

1\. I'd put the odds that current president has in fact stored the nuclear
launch codes on a "consumer product" at 50:50. He's shown a shocking disregard
and disdain for protocol. The way in which diplomacy is carried out through
Twitter suggests he's not capable of evaluating the threats posed his uses of
consumer-grade technology.

2\. Barr assumes a threat model involving petty criminals. The real threat is
the US federal government, which has demonstrated repeated disregard, under
multiple administrations, for search and seizure boundaries set by the
Constitution.

~~~
vermilingua
I highly doubt that any president has any authority over the storage medium of
nuclear launch codes.

~~~
packet_nerd
It's not hard to imagine him snapping a picture with his phone.. you know,
just in case.

~~~
dx034
Aren't they sealed? As soon as the Secret service would detect codes to be
unsealed, they'd probably have to be replaced immediately.

------
I_am_neo
“Some argue that, to achieve at best a slight incremental improvement in
security, it is worth imposing a massive cost on society in the form of
degraded safety,” he (U.S. attorney general William Barr) said

Benjamin Franklin once said: "Those who would give up essential Liberty, to
purchase a little temporary Safety, deserve neither Liberty nor Safety."

~~~
anbop
That’s not a logical argument by Franklin, it’s his opinion. There’s no
axiomatic reason why Ben Franklin’s opinion is more correct than anyone
else’s, even William Barr’s.

~~~
tbirrell
Benjamin Franklin is a Founding Father and has been generally accepted as an
authority for more than 200 years, especially on the subject of freedoms and
rights. He was a renown political theorist, politician, civic activist,
statesman, and diplomat in his own day, not to mention the fact his reputation
has stood the test of time.

William Barr is none of these thing.

~~~
EpicEng
So... Appeal to authority then?

~~~
noja
Can you call it that though?

One is a person with a well-earned a reputation, the other.. well you get the
point.

~~~
EpicEng
>Can you call it that though? >One is a person with a well-earned a
reputation, the other.. well you get the point.

Yes

>An argument from authority, also called an appeal to authority, or argumentum
ad verecundiam, is a form of defeasible argument in which a claimed
authority's support is used as evidence for an argument's conclusion

You're not defending the point logically; you're only supporting argument is
that someone with a good reputation supports it as well.

~~~
kryogen1c
> You're not defending the point logically;

He absolutely is

The annoying thing about "logical fallacies" is that if anyone season argument
they disagree with that resembles a "fallacy", that quote it and act like
theyve won.

He is not saying that everything Benjamin Franklin has ever said is true.
Obviously. However, if a well renowned and respected Authority has an opinion
that some evil schmuck disagrees with, it provides evidence as to who is more
likely to be correct. That's not what an appeal to Authority is

~~~
EpicEng
>He absolutely is

Show me where that happened.

>The annoying thing about "logical fallacies" is that if anyone season
argument they disagree with that resembles a "fallacy", that quote it and act
like theyve won.

That is annoying and I agree, but that's not what's going on here.

>He is not saying that everything Benjamin Franklin has ever said is true.

No one said he was.

>However, if a well renowned and respected Authority has an opinion that some
evil schmuck disagrees with, it provides evidence as to who is more likely to
be correct.

No it doesn't. It absolutely _does not_. Reputation isn't irrelevant in so far
as it lends credibility to a person's statements, but the discussion doesn't
stop there. If you're going to defend a quote then defend it. Saying "this is
true because X is trustworthy and Y is an 'evil schmuck'" is not an argument.

If this is not a prime example of Appeal to Authority then show me why it's
not and provide an example. You're just throwing out your opinions as if they
were fact.

~~~
tbirrell
This is not an example of Appeal to Authority because Ben Franklin is an
accepted authority. If all parties agree on the reliability of an authority in
the given context it becomes a valid inductive argument. Otherwise every
Citation or Source or Bibliography would be a "logical fallacy". An Appeal to
Authority would be if the quote was attributed to someone like James Polk.
Sure he was president, but he has no authority on this sort of subject.

~~~
EpicEng
>This is not an example of Appeal to Authority because Ben Franklin is an
accepted authority.

...huh?

>If all parties agree on the reliability of an authority in the given context
it becomes a valid inductive argument.

No, it doesn't. Why do you believe that? How do you feel about quantum
mechanics? Do you realize that Einstein fought tooth and nail against it for
years?

>Otherwise every Citation or Source or Bibliography would be a "logical
fallacy".

Citations link to works, not authorities. A citation may link to, say, an
academic paper which provides evidence to support its assertions. No one is
linking to random comments made by so-called authorities, that would never be
accepted (unless the citation was to literally show that a quote is
legitimate, i.e., made by the person claimed to have made it.)

~~~
anbop
But given a hypothetical question like “What play should a football team run
when they are on 2nd down and 3 with 2:19 in the 3rd Quarter while leading by
3 points” — wouldn’t a professional NFL coach’s opinion be given more credence
than mine? Einstein may have been wrong on quantum mechanics but if you had
1000 physics question it would be hard to think of a better person to ask.

~~~
EpicEng
You're proving my point. When examining an argument you should do so based on
the merits of said argument. That's literally the basis of Appeal to
Authority. It doesn't get more clear cut than this.

I'd also like to point out you have yet to provide a single fact in support of
anything you're saying.

~~~
anbop
I’m not the person you’ve been talking to earlier

~~~
EpicEng
Sorry, lost track. Doesn't change my point though.

------
mortenjorck
In a perverse way, this is progress: At least the false premise of "we can
have both secure encryption and key escrow" has finally been dropped and Barr
is making the more blunt assertion that the need for eavesdropping outweighs
all other needs in cybersecurity.

------
LinuxBender
This will be a taboo and unpopular option. My theory is that these discussions
are theater. More often than not people store and access their data from their
cell phones. Between CarrierIQ and OTA updates/access, there is no such things
as end-to-end encryption on a cell phone. People get really upset when I bring
this up. I suspect it is a matter of denial and not providing links to public
documents, which will never exist. I would suggest that very few people have
the patience to implement proper OpSec with their own data.

You don't even need "backdoors" in encryption. Existing lawful-intercept on
Slack, Discord, Facebook, Google and all the wireless carriers will net just
about anything you could ever want to know.

~~~
rank0
Is there somewhere I could read some more on this point?

I was under the impression that iMessage was end-end encrypted. So unless
Apple has a secret backdoor built into their systems, nobody should be able to
access those messages correct? Wireless carriers are just sending my encrypted
messages over their networks.

What am I missing?

Do you believe my cell service provider could decrypt my HTTPS connections to
my bank?

~~~
mjevans
It doesn't matter if the apps try to be secure. If any point in the
communication holds the key-data in memory and is not on a //user// trusted
device then the key is compromised.

Since cellphones have a BMC that isn't user owned, which does have access to
the full system memory (rather than being an isolated peripheral modem), and
since OTA firmware updates can be pushed by the "infrastructure" (including
fake 'towers' setup by TLAs, criminal hackers of other sorts, and hobbyists)
containing code to compromise and silently ex-filtrate any data (including
those keys, or even just the conversation directly); it is an inherently
insecure environment.

~~~
passivepinetree
What should the average security-conscious person do then? Resort to one-time
pads? Is there any way to be truly secure, or should we just stop trying?

~~~
mjevans
If we want secure tools for democracy then that's going to mean a completely
open and thus verifiable (audit-able) platform.

This needs to be from the PCB traces, all of the component tolerances, all of
the chips, all of the firmware (even the ROMs that are actually baked in ROMs
on the chips), the bootloader, OS, and entire userland.

This is required not just for the host system but also the human interfaces
and peripherals.

I hope we will be able to reach that point with a RISKV system at some point;
but the various proprietary interfaces that require licences for
implementation/etc might make this problematic. I am for standards, preferably
completely free, but FRAND and non-restrictive on meeting the above goals
might be good enough. The platform has to be fully open-book, but some of that
book can be covered by reproduction limitations for a limited time. (I'd
prefer standard patent duration at most, as this stuff NEEDS to become the
digital version of paper at some point; and within my lifetime would be nice.)

------
Zhenya
Mr. Barr,

Unfortunately such a mechanism requires that we trust the government. That
trust was broken with the Revelations from Snowden.

For now, the average citizen fears the government more than criminals and this
is the easy calculation folks are making and will continue to make at the
ballot box.

-An American

~~~
mjevans
More clearly phrased:

Snowden provided evidence (to the fourth estate) proving that trust has been
already been broken.

------
acomjean
Ah, the clipper chip from the 1990s debate over again. They didn't get it then
and the world is still ok (kinda, but encryption seems to be low on the list
of pressing problems)

The only place they seem to have gotten their way is anti-counterfitting thats
injected into scanner silicon.

" From the moment Diffie and Hellman published their findings in 1976, the
National Security Agency's crypto monopoly was effectively terminated. In
short order, three M.I.T. mathematicians -- Ronald L. Rivest, Adi Shamir and
Leonard M. Adleman -- developed a system with which to put the Diffie and
Hellman findings into practice. It was known by their initials, RSA. It seemed
capable of creating codes that even the N.S.A. could not break. They formed a
company to sell their new system; it was only a matter of time before
thousands and then millions of people began using strong encryption.

That was the National Security Agency's greatest nightmare. Every company,
every citizen now had routine access to the sorts of cryptographic
technology.....

The genie was out of the bottle. Next question: Could the genie be made to
wear a leash and collar? Enter the Clipper chip."

[1] [https://www.nytimes.com/1994/06/12/magazine/battle-of-the-
cl...](https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipper-
chip.html)

~~~
zerocrates
Interesting to see RSA portrayed as a foe of the government and a thorn in the
NSA's side here, knowing what's been reported about their involvement with
"Project Bullrun."

Leash and collar indeed...

~~~
spopejoy
Right especially given their 20-year advance understanding of differential
cryptanalysis ...

My impression is the NSA of today is very different than that of the 70s and
80s.

------
pseudolus
So when the backdoor is hacked, as it inevitably will be, whom will I have
legal recourse against to recover damages? I'm assuming that any company
incorporating such a backdoor would be afforded some immunity against civil
lawsuits arising from successful hacks. Also if such compensation is
forthcoming won't I essentially be contributing towards it with my own tax
dollars?

------
ska
“Some argue that, to achieve at best a slight incremental improvement in
security, it is worth imposing a massive cost on society in the form of
degraded safety,”

And I expect some would argue that the "slight incremental" and "massive" are
incorrectly placed in that statement.

------
chuckgreenman
> The risk, he said, was acceptable because “we are talking about consumer
> products and services such as messaging, smart phones, e-mail, and voice and
> data applications,” and “not talking about protecting the nation’s nuclear
> launch codes.”

There's a good reason not to use encryption schemes that have backdoors, they
aren't safe and this pull quote betrays the fact that Barr knows that.

I'd be willing to wager that the government isn't going to use backdoor-able
encryption because the risk of failure is too great. While not being critical
to national security, safety in storing your medical, financial records and
your conversations with other is mission critical to citizens. Hopefully folks
on capital hill see that.

~~~
0xDEFC0DE
>While not being critical to national security, safety in storing your
medical, financial records and your conversations with other is mission
critical to citizens. Hopefully folks on capital hill see that.

They aren't going to see it. The government will just use the non-backdoored
version. If a company gets its data popped because of the backdoor, the
government will just blame the company, or it's acceptable losses because they
catch some bad guys.

Everyone should be super, super, super pessimistic that attempts like these
will be handled in the interests of citizens.

------
csours
I made this comment in a previous thread, but I think it applies here as well:

If you ask the government to do something impossible, such as provide COMPLETE
safety and security, they will try to do that. I think the news media bears
some responsibility in this regard, as they always blame or call out whatever
agency that fails to maintain safety and security, thus leading to severe
measures to try to mitigate the previous failure.

------
kevin_b_er
I'm afraid even Senator Ron Wyden misunderstands it. It isn't that we give
them the "power" to break encryption, its that we fundamentally weaken it. We
must build the encryption with tissue paper in order to let a person walk
through it.

~~~
gnode
Most discussion of backdoors these days is no longer about weakening the
encryption itself, but prohibiting its private use. It's about data retention,
key escrow, key disclosure and man-in-the-middle attacking everyone like
Kazakhstan is trying to do.

Cryptography technology is public knowledge now; there's no putting the cat
back in the bag, so now it's about making the non-government approved use of
it criminal / basis to assume guilt.

------
mullingitover
One could make a good case that strong encryption is a form of Arms (certainly
the US did, as "Auxiliary Military Equipment"[1]). So if encryption is a form
of Arms, then Barr should probably keep his mouth shut or else he's making a
case against the holy Second Amendment.

[1]
[https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States)

------
torified
Australia has already passed draconian secret mass-surveillance laws, and also
is part of five eyes so everyone (including American citizens) are subject to
draconian mass-surveillance which is shared with the US when their data goes
through any computer on Australian soil.

Australian Federal police are busy attacking journalists right now for
exposing a coverup of their soldiers murdering children.

Americans should fight this with everything they have.

Make no mistake, the "free" world is well on its way to becoming a
surveillance dystopia.

The nazis could only have dreamed about having the secret and unfettered
surveillance apparatus politicians have created, and they are targeting that
apparatus towards journalists and citizens.

It's not about terrorists or pedophiles, it's about you and I, and anyone else
who could potentially expose government or military incompetence/wrongdoing.

------
ryacko
Without encryption backdoors, how will you know if people are illegally using
high-strength encryption? Everything must be decrypted on demand to determine
if illegal cryptography is being used.

~~~
magduf
That doesn't seem hard: just make sure everything is plaintext (i.e., a known
and approved protocol, like FTP, telnet, HTTP/HTML, etc.), or make sure it's
an approved encryption protocol that has a built-in backdoor (and the data
within, again, being one of those approved protocols). Of course, people could
be hiding high-strength encryption within the backdoored protocol, but they
could do random checks for that.

Basically, the only way to really hide data is to either use steganography, or
to use an unapproved data-transfer protocol (and using unapproved protocols
can be banned).

------
exabrial
I've seen this posted several places. It's a bit of a clickbaity title because
it sounds like a quote. As far as I can tell, it can't be attributed to him.

The exact quote is:

"Some argue that, to achieve at best a slight incremental improvement in
security, it is worth imposing a massive cost on society in the form of
degraded safety"

I'm purely making a statement on the article title.

~~~
ska
If you follow the next few quotes from him in the article, the article title
sounds accurate.

~~~
exabrial
You completely missed my point. It's not a quote

~~~
ska
I don't think I did. The title is not a quote, but it seems to be a reasonable
summary of what he said, directly from more than one quote. What is it that
you are objecting to, you think the formatting of the title makes it look like
a direct quote? Fwiw, in that case I don't agree.

------
tzs
> The risk, he said, was acceptable because “we are talking about consumer
> products and services such as messaging, smart phones, e-mail, and voice and
> data applications,” and “not talking about protecting the nation’s nuclear
> launch codes.”

When the government stops caring about my race, where my ancestors came from,
my sexual orientation, my religion, my gender, my political leanings, and
probably a few more I'm forgetting, and puts robust steps in place to ensure
that it won't start caring about them again later, then _maybe_ I'll consider
entertaining the idea of allowing the government to peek at my messages.

------
commandlinefan
Study cryptography now, because at the rate we're going, even
teaching/studying it will be restricted in the near future.

~~~
ssully
Considering the export controls on cryptography in the not so distant past
[1], I think things have been worse for cryptography. This isn't to say I
don't think Barr's comments are alarming, but he is continuing a push by DOJ
that has been going for years now and has made little progress.

[1]:
[https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States)

------
ori_b
I really want someone who is testifying in congress to put this in terms that
affect the congressmen _personally_ , explaining to them that it will make it
easier for state actors to gain compromising information from their email
addresses and personal devices.

~~~
alluro2
I think government officials would obviously want to have access to non-
backdoor versions of software, so they can exchange their highly sophisticated
and ultimately important state business discussions on WhatsApp secure.

~~~
magduf
Government officials still have their bank accounts with privately-owned
institutions, which wouldn't have these non-backdoor versions.

------
clamprecht
I'd rather accept the security risks of not having encryption backdoors

------
harshreality
Passing over for a moment the (lack of) ability of the government to keep
secret the means of using the backdoor...

Most encryption software (including crypto libraries) is open source. Is he
proposing banning open source or just mandating that it only be distributed as
binaries by compromised companies?

Does he, and does anyone else proposing this, have the slightest notion what
banning good encryption would actually entail?

~~~
gattr
Banning open source software is probably not feasible (you can distribute the
code as a printed book after all). They would have to:

\- ban all Internet traffic that uses non-backdoored encryption (all ISPs
would be required to report it)

\- ban all amateur radio equipment, including all products one could use to
build a satellite dish (like aluminium foil?..); keep a fleet of radio-
direction-finding vans circling the streets

Eventually, maybe also ban general-purpose non-backdoored computers.

~~~
naveen99
Also ban hashing algorithms ?

Ban random data ?

And ban the universe from being quantum ?

------
nyxtom
Surveillance 2030: It is now illegal to own or operate your own home server
for the purposes of distributed communication

------
gumby
> “we are talking about consumer products and services such as messaging,
> smart phones, e-mail, and voice and data applications,” and “not talking
> about protecting the nation’s nuclear launch codes.”

Talk about putting the cart before the horse! The USA is made of people, not
hardware.

------
dclowd9901
Am I wrong to believe the government is, in fact, capable of cracking
encryption on individual bases, but not on _many_ cases? Isn't this what we
want? For the limits of encryption to keep mass snooping at bay?

In other words, I think the "ticking time bomb" scenario often used to justify
a backdoor is a fallacy. If the government really wanted or needed to, they
could easily decrypt or break into a device (rubber hose method comes to
mind).

Don't let fear rule your life, and convince others not to as well. That is our
job.

------
stunt
This is ultimately bad for people. It gives too much power to the government.
It is same as saying government can disable all guns remotely.

And also no matter how much regulation and monitoring there is a big risk from
government employees. It will be exploited by others.

And at the end of day, criminals are going to find a solution for themselves
when they have to and this will only leave people vulnerable. And usually
government itself will use a different tech for obvious reasons and leaves
this for citizens only.

------
kemiller2002
It is at least slightly ironic that the person saying this is from the very
same group a lot people are concerned with being protected from.

------
ga-vu
This is not what he said. You can read his speech here:
[https://www.justice.gov/opa/speech/attorney-general-
william-...](https://www.justice.gov/opa/speech/attorney-general-william-p-
barr-delivers-keynote-address-international-conference-cyber)

TC piece takes a way to harsh stance. He made some good points in there.

~~~
nybble41
This is exactly what he said. I've read Barr's speech, and if anything I think
the TC article went to easy on him.

------
FourierTformed
Are there any existing cryptographic algorithms which allow for two keys to
un-encrypt a piece of cipher text?

~~~
xyzzyz
Government generates a public/private key pair Gpub/Gpriv, and publishes the
public part. It also requires the following scheme to be used: if you want
encrypt a message M with a key P, you generate random key K, encrypt M with K
to obtain Enc_K(M), encrypt K with Gpub to obtain Enc_Gpub(K), and encrypt K
with P to obtain Enc_P(K), and then send this triple (Enc_K(M), Enc_Gpub(K),
Enc_P(K)). This way, either of the P or Gpriv can be used to decrypt M (you
just use it to first decrypt K, and then decrypt M). This scheme is as strong
as the scheme used for encryption is, and no cryptography is weakened by its
use, except of course a huge negative impact in case Gpriv leaks. With stakes
this high though, you could bring likelihood of leak to be very low, and you
could modify the scheme to mitigate the impact of the leak.

I don't like it as much as anyone else, but unfortunately I think this is
viable in practice. Of course, nothing stops you, a hacker, from using non-
backdoored encryption, but government is fine with that, as long as Google,
Apple, Facebook etc. are forced to use backdoors.

~~~
nybble41
> Of course, nothing stops you, a hacker, from using non-backdoored
> encryption, but government is fine with that, as long as Google, Apple,
> Facebook etc. are forced to use backdoors.

Which just goes to show that this isn't actually about catching hardened
criminals (who will just use non-backdoored encryption, either alone or
layered on top of the compromised channels) but rather about enabling
pervasive surveillance of ordinary citizens.

~~~
xyzzyz
Not necessarily. There is a middle ground between the two: common criminals
that simply use the tools that Google, Apple etc create to make security for
normal people easy. If it's effortless to enable full end to end encryption on
your phone, then not only will your grandpa enjoy benefits of it, but also a
cocaine dealer or a burglar trying to fence stolen goods.

But yes, I think that there are lower-hanging fruits available for pick up
here. I wish we lived in a reality where backdooring encryption was the best
available path to reduce crime.

~~~
nybble41
The lazy sort of criminal that relies on commonplace, corporate-controlled
communications apps would be caught using a traditional investigative approach
regardless of any end-to-end encryption. It's the more sophisticated ones that
they're using as justification for these backdoors—exactly the type that
_might_ be mildly inconvenienced _at most_ by backdoors in standard
communications services.

If what these criminals are doing is causing actual harm then there must be
sufficient offline physical evidence to track and convict them by without
direct access to their communications networks. Far from reducing crime, the
enforcement of compulsory backdoors would itself _be_ a crime committed by the
government against its own citizens on a massive scale.

------
siculars
Year is 2040. Candidate for Senate was linked to foreign agent for some
innocuous reason. FISA court grants warrant. Justice find nudes, because
obviously. Incumbent administration leaks to Twitter.

This is such a bad move the tragedy/comedy writes itself.

------
rotrux
Right because that wouldn't become a massive problem at the worst possible
time.

------
solotronics
Question.. if you make encryption illegal would that actually stop a
"criminal" from using it? This seems like making guns illegal, it only stops
law abiding citizens.

~~~
perl4ever
The advantage of making something illegal that a lot of law-abiding people
would otherwise use, is that, even though criminals by definition ignore the
law, law enforcement now knows anyone using that thing is a criminal. It has a
tremendous effect on how easy it is to identify the criminals.

------
droithomme
I'd just as soon not accept those risks, thanks.

------
techntoke
Explains why they always make electronic voting blackboxes instead of an open
source blockchain.

------
BubRoss
We will get access to all of Bob Barr's communications if this passes right?

~~~
atemerev
As we Russians bitterly say in such situations, "why shouldn't we trust our
comrade major?" ("Нет причин не доверять товарищу майору").

------
hnruss
Encrypted data that can be decrypted without the key is merely obfuscated.

------
maximente
are there any countries who aren't clamoring for backdoors/weakening
encryption/etc?

i'm interested in knowing the attitudes other governments have.

------
floki999
Gimme you house keys Billy, I promise, I’ll be good.

------
sirmike_
"fuck off", said the slightly above average, technically inclined American.

------
golemotron
He should accept the risk of giving everyone his house keys to show he's
serious.

~~~
pixelrevision
Or at least give them to the house over-site committee for safekeeping.

------
jimbob45
Would you trade another 9/11 for backdoors? Genuine question.

~~~
phil248
Declaring it a "genuine question" does not change the fact that you are
baiting people with a logical fallacy.

~~~
jimbob45
In all probability, some sort of 9/11 will happen again and this is the
question that will be asked.

