
DOJ plans to strike against encryption while the Techlash iron is hot - erwan
https://cyberlaw.stanford.edu/blog/2020/02/doj-plans-strike-against-encryption-while-techlash-iron-hot
======
btilly
Why does this say that the DOJ has been pushing for this since 2016?

They have been pushing for some variation on this since basically forever. I
first became aware of it back under Clinton with the
[https://en.wikipedia.org/wiki/Clipper_chip](https://en.wikipedia.org/wiki/Clipper_chip).
And the debate has been essentially the same since.

Law enforcement wants to be able to break security, and promises that their
super secret, super safe system will provide everyone else protection from
evildoers while letting law enforcement find the bad guys. Cryptographers have
maintained that when you create a back door, it is a question of time until it
is found and publicized.

And the back door doesn't even have to be found to be abused. Because it will
be made available to law enforcement and the courts. Which are surprisingly
easy for third parties to subvert. And which are happy to build programs for
themselves that break the rules that they are supposed to follow. (Snowden
anyone?)

Success has gone to both sides. But on the balance, the cryptographers have
been right.

~~~
gist
> Cryptographers have maintained that when you create a back door, it is a
> question of time until it is found and publicized.

Why would it not be possible to create a system that required several manual
and offline steps in order to break the encryption?

For example (and perhaps similar to offline cold storage of bitcoin) why
couldn't a system be designed whereby 3 or more people in geographically
diverse areas were in a position to agree that a request for information was
legitimate (by court order) and thereby produce what is needed to unlock
certain information? So one person would not have the key or access.

After all right now you have a case where a single person (the owner) is able
to unlock information. The feeling is a back door can be hacked. What if it's
not a back door though?

~~~
feanaro
Apart from what others said, there is also the following problem. People won't
like this and will start encrypting traffic with non-compromised algorithms.
Given that properly encrypted traffic appears random, how would you enforce
the requirement that everyone uses the state-sanctioned, compromised
algorithm? In order to check and enforce, you'd have to turn this into an
online, warrantless, dragnet-style system, the very thing you were trying to
avoid. A contradiction.

It's not feasible to ban people from using their own encryption unless you
plan on severely restricting their freedom.

~~~
cvwright
Law enforcement likes to talk about big, scary threats like terrorism, because
those make the public more likely to accept their position.

The article below argues that the real use case for breaking encryption is to
catch everyday criminals, not to go after shadowy Bond villains. Would the
public still go for it, if they looked at it this way? Probably not...

The Encryption Debate Isn't About Stopping Terrorists, It's About Solving
Crime [https://www.lawfareblog.com/encryption-debate-isnt-about-
sto...](https://www.lawfareblog.com/encryption-debate-isnt-about-stopping-
terrorists-its-about-solving-crime)

Edit: And most everyday criminals are not technologically savvy. Half of them
probably have a hard time using Telegram safely.

------
caleb-allen
A small anecdote.

A few years ago in an undergrad business class, we were having some discussion
and the topic of encryption came up during one of my presentations. A student
asked a question related to the ethics of encryption (I don't recall exactly
what), and I was clearly confused by the question.

To clear up confusion, the professor asked those who thought encryption was
"bad" to raise their hand, and at least 60% of the class raised their hands.

It was pretty jarring to me, and makes me pessimistic about the outcome of a
DOJ campaign to demonize and regulate encryption

~~~
westmeal
It sounds like a majority of the students had no idea what encryption was and
because the authority figure (the professor) asked them whether or not it was
bad they just went with it? I'm having trouble understanding why people would
say mathematical functions are bad.

~~~
slg
Encryption allows data to be locked away from the government including law
enforcement and prosecutors in a way that was nearly impossible for the
average citizen a few decades ago. Warrants can't break encryption like they
could doors or locks. As much of life moves to the digital world and becomes
encrypted, that can be a drastic change in how the justice system works. Pro-
encryption people need to keep this in mind when talking to anti-encryption
folks. Criminals being able to hide evidence is a serious concern for the
average person.

~~~
JoshTriplett
> Criminals being able to hide evidence is a serious concern for the average
> person.

 _Suspects_. _Alleged_ criminals. Until convicted, they're not criminals. The
government does not have an unlimited right to collect all information; they
have a limited, judicially controlled right to _try_ to collect information.

One key detail: strong encryption does not prevent investigations from
targeted collection of information, such as through physical surveillance,
bugs, etc. There are many tools available to law enforcement, those tools are
just less _convenient_. Framing it that way helps: in order to make
investigations more _convenient_ , the DOJ wants to prevent anyone from using
secure communications.

~~~
slg
>Suspects. Alleged criminals. Until convicted, they're not criminals.

And even after they are convicted, they and their associates are still
protected by encryption. Encryption protects everyone equally. That is viewed
as a positive by pro-encryption people and a negative by anti-encryption
people.

>The government does not have an unlimited right to collect all information;
they have a limited, judicially controlled right to try to collect
information.

This the point of warrants. The problem of massive warrantless collection of
data by the government is a bigger and separate issue. I personally think
encryption is a valuable tool to address the symptom of that problem, but it
does nothing to actually fix problem of a corrupt and/or authoritarian
government. One of my personal annoyances with the tech community is that we
have a tendency to try to work around any governmental problems as if that
solves the issue while making no attempt at fixing the root cause.

~~~
JoshTriplett
> One of my personal annoyances with the tech community is that we have a
> tendency to try to work around any governmental problems as if that solves
> the issue while making no attempt at fixing the root cause.

Agreed. We need to produce technical solutions, _and_ effect policy solutions,
_and_ get a lot better at PR and rhetoric.

------
bcrosby95
> the “techlash” by Congress and the public “in the wake of myriad privacy
> scandals” and the 2016 election

This just makes my head explode. Because tech companies tend to be poor at
privacy, let's use that logic to make it so the government can invade your
privacy anytime they want?

~~~
orblivion
This is a world where (at least it seems to me) the same people are against
net neutrality legislation but want the government to regulate Facebook. By
the time you get into the nuances of why the tech companies support encryption
in some cases, you've lost the PR game.

------
whytaka
Questions to the public should be phrased: “Do you want Chinese style
surveillance to be advanced in the United States?”

~~~
dchyrdvh
+1. This is something tech bros don't seem to get, while politicians get very
well: the majority is driven by emotions and has small cognitive ability, but
they vote and thus arguments to win their vote must be trivial emotionally
charged ideas. A politician says "encryption is a tool of criminals!" and
those who start arguing in the rational plane have already lost; instead, the
answer should be "lack of encryption enables Chinese style totalitarian
communism!" \- no need to explain the details, just push their "scary
communism" button and let the public contemplate on the "crime vs communism"
topic.

~~~
A4ET8a8uTh0
Agreed. I wish I did not have to agree, but framing has proven to be very
important.

------
addicted
Isn’t the tech lash for the complete opposite reasons? The fact that too many
people have too much of our data? Why would people (outside of effective
propaganda, which would be true even without the tech lash) support something
that makes their problems worse?

~~~
riazrizvi
Exactly. But for the people that want that data, for the people who will pay
for it, FUD is a great political tool, and this issue is too subtle for most
people to get. I've tried to explain to my family, how the abdication of
private behavior logs to some companies is creating economic/political
inequality that may forever destroy norms of fairness & competitiveness that
we enjoy, but they just don't get it...

For example, _a friend_ worked at a proprietary hedge fund of a major US bank
that was looking into the private accounts of their customers to drive trading
decisions. Other investors can't compete against that, stock market investment
is no longer fair. And you've broken a fundamental component of the economy, a
fair & transparent investment system.

------
makerofspoons
So terrorists will use one-time pads and other strong encryption and everyone
else will have their information exposed on a massive scale when the backdoors
inevitably are exploited.

~~~
ColanR
I look forward to the day when one time pads are the norm for general
encryption.

A scifi novel I read, "A Deepness in the Sky" described how the pads
themselves were a valuable item of trade. I don't think it's farfetched to
imagine purchasing OTP data to use with internet browsing, the way we buy
yubikeys to use with passwords. It would be a far simpler encryption scheme
than those we currently use, and that simplicity would make it easier to catch
bugs like heartbleed in the future.

How hard would it be to extend the ssl protocol to allow the use of OTP pads,
where available?

~~~
MarcScott
One Time Pads are perfect, except for the rather crucial problem of key
exchange. You have to meet your intended recipient irl at some point to
exchange pads, and I don't fancy meeting up with every sysadmin who's server I
want to access some HTML files from.

~~~
ColanR
That's the point of my second paragraph. The pads would be an item of trade.
You buy an 'OTP yubikey' with 2GB of otp data for each of the top 50 websites,
plug it in, and you're good for a month. The website spends 10k on a petabyte
of otp data.

~~~
brokenmachine
So you can only securely access the top 50 websites, and need to go in person
to buy the key.

That sounds like a beyond ridiculous system. We can do better.

------
newfeatureok
I was talking to a layperson about encryption and privacy and they were very
much against both interestingly. They compared encryption to wearing a mask in
public and said if people don't want to be noticed (w.r.t privacy and
encryption) they shouldn't be "participating" (it was unclear what they meant
by this).

Just goes to show you how the average person thinks about these things. I have
to admit I wouldn't like it if people wore masks in public in a way where I
couldn't recall their face, but I don't think that's necessarily the same as
encryption, but I guess I see the comparison.

~~~
alistairSH
Ask them if they'd be ok with the mailman reading all their ingoing and
outgoing mail. If they say "Yes", at least they're being consistent.

~~~
function_seven
Dangerous analogy to offer in an argument. The easy reply: "The Government can
get a warrant to read my mail today. All I'm asking is for the same capability
online, so they can get warrants to read pedophile and terrorist messages"

~~~
HuangYuSan
And isn't that a valid point to make?

~~~
function_seven
Yeah. But I disagree with the larger position it argues for. Like all "real
world" analogies applied to digital concepts, there's a sort of impedance
mismatch.

In the real world, resources are naturally constrained. It's usually
impossible to read everyone's mail in real time and retroactively pull up the
contents of a letter sent 3 years ago. This limitation vanishes with online
communications. Encrypted messages can be stored indefinitely and later
decrypted.

The super safe backdoor we build today could very easily be used by a
tyrannical regime a decade from now to get dirt on everyone. We can dream up
all sorts of technical solutions that allow for a backdoor, but make it really
hard to abuse, but at the bottom, those solutions rely on the government
obeying their own law.

------
jliptzin
I guess it comes down to who are you more afraid of? Terrorists and pedophiles
or law enforcement with unlimited power and resources to spy on you and
imprison you. Of course it's a false choice anyway, if encryption is
legislated away the bad guys will very easily continue to encrypt their
communications anyway, after all you can communicate with someone by shooting
a wall in a game of halo if you want to.

------
jMyles
We tried to respond thoughtfully to each of the strange arguments made by the
DoJ regarding the need for encryption backdoors to protect children:

[https://blog.nucypher.com/todays-kids-need-end-to-end-
encryp...](https://blog.nucypher.com/todays-kids-need-end-to-end-encryption/)

It's difficult at this point to think that the DoJ is arguing in good faith.

~~~
munchbunny
> It's difficult at this point to think that the DoJ is arguing in good faith.

I think people in the tech industry, and especially people working on security
or privacy, have known this for over a decade. Unfortunately, the public
doesn't pay enough attention to the issue. And why would they? They have
enough things to worry about, why pay attention to one of the things that is
currently working?

It's unfortunate that we're not that good at PR.

------
coldcode
You first DOJ. These folks want back doors so they can read everyone's
traffic, but once you put a back door in an encryption standard, it affects
everyone.

~~~
behringer
My favorite interview over the last few weeks is from NPR when a guy in law
enforcement said that police don't even use that type of encryption (that
normal people use) as if he forgot that his police radio, payroll, camera
footage, information storage, are all most certainly protected via encryption.

~~~
Klonoar
I found this exchange amusing as well, for a slightly different reason. The
gist of his point was that "who needs this level of encryption, other than
maybe the military?".

Substitute guns instead of encryption and see how that fits.

------
shuckles
Interesting to read in context of the fact that public sentiment surveys
suggest there is no “techlash” at all.

~~~
zadkey
I agree. It kind of feels like the media is pushing a "techlash" narrative
where there is none.

------
pirate_dev
This is genuinely threatening to too many interests in the US, will not pass.
Much smoke, but no heat, just like the last few times its been proposed. They
will not get a master key to everything lol, nobody trusts DOJ like this. The
people in power have dirt to hide too, just like you and me.

------
hurricanetc
This will just push people to open source applications and peer to peer
networking. Basically, devolve back to the early days of the internet with
regard to person to person communications.

How is the DoJ going to force Signal or even Telegram to add a back door?

~~~
throwaway373438
Well, during the Cold War the feds declared encryption to be "Auxiliary
Military Equipment," listed on the USML [1]. It was illegal -- prison time
illegal -- to ship software which could encrypt communications outside the USA
up until 1992 [2].

I'm old enough to remember the tail end of this and it was absolutely absurd,
yet still very real. I remember Zimmermann being investigated by the feds [3].
Zimmermann was smart to tie publishing PGP to the First Amendment. Something
like Signal in those days may well have resulted in charges and a conviction.

Never underestimate the potential for folly when it comes to government
regulation.

[1]
[https://en.wikipedia.org/wiki/United_States_Munitions_List](https://en.wikipedia.org/wiki/United_States_Munitions_List)

[2]
[https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States)

[3]
[https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_i...](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation)

~~~
ColanR
I wonder if encryption could be tied to the Second Amendment as well. I'd be
interested in the legal theory discussing that.

Many of the arguments I've seen here defending encryption are basically the
same as those defending guns.

------
mullingitover
Encryption keeps the government out of things it shouldn't be snooping on, and
also keeps other governments out of those things. If key escrow is mandated,
it would be cracked to high heavens by parties unfriendly to the US within a
year or two,tops, mark my words. Then what?

------
LaineHerron
Shouldn't the US government be pushing good encryption? I wonder what sort of
world we would be living in if the NSA had spent 1/2 as much time over the
last 10 years trying to protect Americans from hacking as they do trying to
spy on Americans.

~~~
choward
Exactly. I can't believe I'm supposed to pay for taxes for this. The
government is supposed to be for the people, not control the people. I don't
remember ever having voted on or agreeing to be spied on for no reason.

------
scott_laroque
Privacy is extremely important, especially as also our democratic governments
cannot be trusted always, at least this is the impression I get when reading
the interview with the UN Special Rapporteur on Torture concerning the Assange
case: [https://www.republik.ch/2020/01/31/nils-melzer-about-
wikilea...](https://www.republik.ch/2020/01/31/nils-melzer-about-wikileaks-
founder-julian-assange)

------
mindslight
MITM-as-a-business has been nothing but a slow motion train wreck destroying
individual liberty. FAANG may bicker with the DOJ/NSA (and Ma Bell) about who
is in control of all the surveillance data, but none of them are fighting for
_we the people_. They're all just jockeying over who gets to rule.

The sane response to corporate totalitarianism is most certainly not
government totalitarianism. Sadly with how the two political salesteams frame
a false division merely over different flavors of authoritarianism, this has a
good chance of working.

As always, the true answer is trustable software running under the control of
users ourselves. Unfortunately, we will have to see how bad things get before
most people are driven away from all of these centralized attractive
nuisances.

~~~
Ididntdothis
Very true. Nobody cares for the individual citizen. It’s just a power struggle
by large players on the backs of the little guy.

------
Ididntdothis
Are there any concrete proposals on the table that can be looked at?

This feels to me like one of the typical debates where people are shooting at
each other but nobody understands what they really are talking about.

~~~
wyldfire
I think you're mistaken.

Virtually any proposal that the government might offer will be a key escrow.
We already know it's bad and why it's bad, because it's been debated for
decades. I don't think there are any more novel solutions that should
revitalize the argument.

The problem isn't that there aren't enough oversight mechanisms or checks to
prevent abuse. The problem is that the design has unfixable security defects.

~~~
Ididntdothis
You say “might offer”. Have they offered anything?

~~~
SpicyLemonZest
"Offer" is perhaps an overly positive term. The DOJ has issued a number of
speeches, letters, etc. insisting that tech companies must build a backdoor to
let the government decrypt messages as required.

~~~
Ididntdothis
I know but I have never heard any details especially how they want to keep the
backdoor secret. Cracking the backdoor would be such a high value target that
a lot of people would spend insane amounts of money and energy on it.

~~~
JoshTriplett
Do not under any circumstances let the discussion move from "whether" to
"how". Reject the premise of the question. Such a system _cannot_ be built;
the requirements are broken. Treat it as though someone asked you to build a
system that solves the halting problem, or factors products of large primes in
linear time: the correct direct response is patient explanation of
impossibility, and the correct indirect response is good PR from real security
experts who understand how to do good PR.

~~~
Ididntdothis
I don’t think it’s right to reject something outright. You should always give
people the opportunity to show what they have. Then take a look at it and
decide whether it’s good. A strong indicator for a scam is that they won’t
show anything when asked for details. Then things should get rejected.

~~~
JoshTriplett
I'm not suggesting a refusal to listen to the question. I'm observing that
it's dangerous to accept the premise of a question that may move the
goalposts, without first noticing the implicit premise or differing
definition, and explaining why the premise or definition is faulty. Accepting
the faulty premise moves the line to "so you just need to come up with the
right technology", which then moves to "what's the most secure system you can
build while still having a backdoor". The right answer to that is not "here's
what we could hypothetically build", it's "by definition we cannot build a
secure system with a backdoor, and _also_ here are all the additional problems
that a backdoor would introduce".

By all means, fully listen to proposals, in order to understand the
misconceptions and better address them. Or, in some cases, it's useful to
listen to proposals to anticipate upcoming security threats and build a more
robust security model. For instance, the potential threat of compromising CAs
led to the invention of Certificate Transparency, which almost completely
eliminates that possibility.

We also need to get a _lot_ better at rhetoric and PR.

~~~
Ididntdothis
"so you just need to come up with the right technology"

That line is not OK. If somebody wants something and you say you are not able
to do it then it should be on them to prove you wrong.

Reminds me of work BS. You say “it can’t be done in the timeframe”. VP
response: “you are just not working hard enough”. It’s a nice way to
manipulate the conversation.

Technologists definitely should get better at messaging and arguing with bad
faith actors.

------
portmanteur
Is this news or is this a blog post? I understand it's very informed, and I
don't necessarily mind opinionated journalism, but this seems to be
speculating as to the motives of the FBI.

To me, this seems like only one very passionate side of an important debate. A
big question I have is, "how likely is this legislation to actually become
law?" UK and Australia passed similar laws, sure, but they also banned guns
and that's not gonna happen here.

~~~
sjy
It’s a blog post, as stated in the URL and at the top of the page.

------
mondoshawan
Sorry, did I miss something? WTF is the "techlash"?

------
upofadown
OK, so how have things been going for the UK and Australia? Has anything
concrete actually happened as result of the legislation that has helped law
enforcement get access to encrypted communications?

In other words; does legislation actually make a difference in practice? Or is
it just some sort of pointless political signalling?

------
Accujack
I think the term "techlash" is an attempt to shape opinion on the existence,
source, nature and of the problem being discussed.

Really, the issue is "corplash", or backlash against large corporations
abusing privacy... and even then, it's really not the corporations' fault,
it's the fault of the US government for not making what they're doing illegal.

Corporations are actually obligated to make money for their shareholders. A
corporation does not have the free will to choose a moral course over those
obligations, especially in the US.

Corporate officers have to seek out and take advantage of every opportunity to
make money available to them or otherwise they may well lose their jobs or
even be sued.

Since it's not illegal to make money off of invading privacy, corporations are
obligated to try provided doing so won't negatively impact their profits.

Calling it "techlash" implies that somehow tech is at fault, or even large
tech corporations, but in truth the US Government is at fault for not updating
privacy laws for the computer age. The term directs anger away from the real
culprits.

------
plmu
Real criminals won't use such platforms anymore, but use custom end-to-end
encryption. They'll find people to make them something, if need be by using
steganography.

This will only hit innocent people or low-level criminals, the real bad actors
will find ways around it.

------
pmoriarty
People eager to give others power over them don't really appreciate what it's
like to live under a totalitarian state.

The older I get the less hope I see of people learning anything from history.
Perhaps we really are doomed to repeat it.

------
hnick
I'm guessing this is cryptographically impossible but are there any schemes
that allow 2 different keys to decrypt to two different messages for
deniability? Perhaps a key containing a seed number to adjust the algorithm?

~~~
_cairn
This is a neat idea but I also have no idea if theoretically feasible or not.

------
shmerl
So there is a "techlash" against privacy abuse now, and DOJ thinks it's a good
idea to push even further privacy breach by fighting encryption? How stupid is
that?

Hopefully they'll get even a stronger push back.

~~~
Accujack
I think the term "techlash" in the blog is an attempt to shape opinion on the
source of the problem.

Really, the issue is "corplash", or backlash against large corporations
abusing privacy... and even then, it's really not the corporations' fault,
it's the fault of the US government for not making what they're doing illegal.

------
cdransf
As soon as law enforcement is granted any exceptional access they’ll go on to
claim they need more access and less oversight.

As soon as they’re granted such access it will become an irreversible status
quo.

------
misiti3780
Seriously question, how are they going to stop me from downloading signal from
source, building it locally, and installing it on my and everyone i knows cell
phones?

~~~
sjy
Why would they try to stop you, when they could just order Apple or Google to
push out a backdoored update to the OS?

~~~
clnhlzmn
Would Apple or Google be able to get a backdoor to Signal? Edit: nevermind, I
think I understand what you're suggesting.

~~~
choward
The obvious example that comes to mind is a simple keylogger.

------
larrrydavid
If legislation was passed, couldn't Apple essentially move it's HQ to a
different country where there are now laws against encryption?

------
djzeratul
Fantastic, the party that is all about personal freedoms is waging a war
against personal freedom. We have come full circle.

------
dropoutcoder
If you were forced to design an exceptional access system that minimized
abuses and risks of compromise, how would you do it?

~~~
JoshTriplett
Leave whatever jurisdiction was attempting to force me to build something
unethical, and after being safely out of that jurisdiction, disclose
absolutely everything I can about the attempted coercion.

~~~
dropoutcoder
In that case you would not be forced, at least in a more extreme application
of the word.

Regarding ethics, my opinion is that it’s unethical to offer strong E2EE to
the masses at scale, without considering the needs of LE.

~~~
CKN23-ARIN
LE in which jurisdiction(s)? If the E2EE is widely used, the "needs" of local
LE will be varied and often contradictory.

~~~
JoshTriplett
This is one of many excellent arguments against such backdoors. The US would
like backdoors into everyone's communications, and doesn't want anyone else to
have them. China would like backdoors into everyone's communications, and
doesn't want anyone else to have them. Every country and jurisdiction would
like backdoors into everyone's communications, and doesn't want anyone else to
have them.

~~~
dropoutcoder
In America, our govt

------
paulie_a
Their attempts will make no difference. I will use encryption and they can't
do Jack shit about it

------
afrcnc
I might be ok with this, but not while incompetents like Trump are at the
wheel.

~~~
cpitman
Which previous administration would you be ok with passing these laws?

~~~
afrcnc
Roosevelt

~~~
cpitman
If Roosevelt enabled/required these back doors, what would stop all future
administrations, including the current one, from doing what they want? IE, why
is it any different for a past administration to make these changes compared
to the current administration? Expansions of executive power tend to be
permanent.

------
dropoutcoder
I find it interesting that the hn world is largely unified in beliefs about
the trade-offs of exceptional access that aren’t necessarily true. Perhaps
this is a cultural top-down tribal mentality borne of an adversarial
arrangement between the billionaire oligarchs behind the startup scene and the
government which serves to offer counterbalance against unchecked power.

I personally find it reprehensible that large trillion dollar tech corps wash
their hands of responsibility for the safety of citizens by offering strong
encryption to the masses.

I’m personally okay with secret police, but such things work better in secret.
The calculus has indeed changed. Checks and balances within such secret
societies do need to exist. I’m hopeful that tech geniuses will help to solve
the problems regarding technical and social trade offs and risks behind
exceptional access, instead of conforming to the often strict libertarian
mentality of the sv community.

~~~
isthisserious
> I’m personally okay with secret police

What? Why are you ok with secret police? Where has this idea ever worked?

> I find it interesting that the hn world is largely unified in beliefs about
> the trade-offs of exceptional access that aren’t necessarily true.

Which trade-offs are you suggesting aren't true? The base claim is that back
door access makes security weaker. Do you disagree?

~~~
dropoutcoder
Yes, it’s serious (in response to your handle). I don’t think it’s necessary
to create a throwaway to respond and is also against hn policy.

I’ve been downvoted to oblivion simply for stating my view; also not
necessary.

Secret police worked when criminals were put away with parallel
reconstruction, for instance. (This being borne of limitations with the
anachronistic constitutional notions of civil liberties in the rapidly
evolving digital age). I’m all for reducing abuses of surveillance systems,
but frankly it’s tech oligarchs who own us, not as much the nsa.

“You can’t stop math.” Not true, strictly anyway. You can ban tech oligarchs
from using unbreakable E2EE which slows it down and reduces the proliferation
of digital entropy.

Backdoors are an antiquated way of implementing exceptional access. The proper
way is to provide third party access that is truly exceptional (living up to
the name), and not based on flaws that a malicious actor or rogue nation can
break. Instead of E2EE, how about building E2E2EE. Doesn’t need to be
measurably weaker.

Sorry on my phone, response isn’t nuanced.

~~~
inetknght
> _I’ve been downvoted to oblivion simply for stating my view; also not
> necessary._

I personally downvoted because I believe your statement is wrong in fact and
problematic in opinion.

> _Secret police worked when criminals were put away with parallel
> reconstruction, for instance._

Parallel construction is a morally dubious method of hiding illegal and
unconstitutional activity on law enforcement's part. What crime was truly
committed to warrant law enforcement's action is therefore hidden.

Using the idea of parallel construction to support secret police is likewise
dubious.

> _“You can’t stop math.” Not true, strictly anyway. You can ban tech
> oligarchs from using unbreakable E2EE which slows it down and reduces the
> proliferation of digital entropy._

When you outlaw guns, only outlaws will have guns.

It's illegal for citizens to download and distribute music and movies too, but
illegality doesn't stop them from doing it. You _might_ block tech oligarchs
from using it, but you won't be able to block citizens from using it.

Likewise when you outlaw math, only outlaws will have math. Banning tech
oligarchs from using unbreakable E2EE won't undo the fact that that encryption
has already been created and disseminated in open source repositories.

> _The proper way is to provide third party access that is truly exceptional
> (living up to the name), and not based on flaws that a malicious actor or
> rogue nation can break. Instead of E2EE, how about building E2E2EE. Doesn’t
> need to be measurably weaker._

I have yet to see even a _single_ idea which isn't open to abuse by _someone_
, whether it's law enforcement or citizens. And, frankly, the constitution's
goals are fairly clear: citizens have rights and law enforcement is
prohibited.

~~~
dropoutcoder
Thanks for responding. Which part was factually inaccurate?

~~~
inetknght
> _Secret police worked when criminals were put away with parallel
> reconstruction, for instance._

It wasn't the secret police which worked. It was the parallel construction.

> _“You can’t stop math.” Not true, strictly anyway._

You can't stop math.

> _Backdoors are an antiquated way of implementing exceptional access. The
> proper way is to provide third party access that is truly exceptional
> (living up to the name), and not based on flaws that a malicious actor or
> rogue nation can break._

This statement is a fantasy. There is no way to provide third party access
that is "truly exceptional" that a malicious actor or rogue nation can't
break.

> _Instead of E2EE, how about building E2E2EE. Doesn’t need to be measurably
> weaker._

Anything weaker than E2EE is measurably weaker than E2EE. E2E2EE is measurably
weaker than E2E2EE.

~~~
dropoutcoder
It was the secret police with pr

You can stop math. Legally stop fb from using E2EE. You’ve stopped math. You
haven’t stopped some people from using it. But you’ve prevented common people
from having default usage of that math.

Disagree. Don’t use key escrow. Find a better way. Two parties or three
parties; three doesn’t have to be significantly more susceptible than two

Apologies on the wording. Significantly weaker, not measurably. My mistake.

~~~
inetknght
> _You can stop math. Legally stop fb from using E2EE. You’ve stopped math.
> You haven’t stopped some people from using it. But you’ve prevented common
> people from having default usage of that math._

No, you haven't "stopped math". You've enacted a law and stopped Facebook from
using end-to-end encryption.

Math is universal. Math is something that should never be outlawed. Math is a
fundamental right, an irrevocable truth based solely in fact. You can sooner
stop alcoholism by outlawing alcohol than you can stop encryption by outlawing
math. The idea of outlawing math would put us hundreds of years behind today;
to enact a truth based on the church's "do this because I tell you it's true"
instead of "understand this for yourself, I cannot tell you what is true".
Outlawing math is dangerous and I cannot believe you are trying to make such
an argument in good faith.

> _Find a better way._

I do not believe there is a better way. You don't understand the math behind
it. Instead of even trying to understand the math which is already widely
understood by many, you instead want to make that math illegal and create your
own. You don't even want to spend the mental effort to do that much: you
demand others to do it for you.

> _Two parties or three parties; three doesn’t have to be significantly more
> susceptible than two_

This is factually false. The third party is a moving party which changes every
moment. You _can not_ meet that and still be "secure". It is antithetical to
the very notion of encryption.

~~~
dropoutcoder
Semantics aside, if FB isn’t allowed to use the math behind E2EE, they’ve
effectively been stopped from using math. Just trying to avoid getting into
the weeds.

Similarly to you questioning my faith in the matter, you’re ignoring my
argument, ostensibly not in good faith, either. I’m suggesting to build a
better mousetrap. It may not be perfect but might help maintain and improve
civility in society.

Alcoholism and alcohol aren’t really a great analogy.

I understand math better than you may realize. You said that you don’t believe
there’s a better way. You’ve effectively conceded that the existing key escrow
solutions with the known risks are the best that can be done. I’m suggesting
to do better. Find a better compromise.

Three party access in current incarnations may have flaws but the statement
isn’t factually false. It’s simply undiscovered.

Conflating ideals with beliefs can be tricky..

------
komali2
Conspiracy theory: The NSA hamfistedly contributed to various leaks in the
same way the CIA gave guns to terrorists, i.e. by providing various groups
with the tools they'd need to break into American companies.

Now they can capitalize on it - "see, tech companies can't be trusted with
your data. Trust us instead."

------
scarface74
I’ve posted plenty of times on HN about the danger of the government being
overly involved in tech and the last thing you should want if you value your
liberty is more government involvement.

I’ve also warned that giving government more power to “protect” people from
big tech would come back to bite the very people who for some strange reason
trust government.

Every time I’ve been downvoted to oblivion.

Now the chickens are coming home to roost.....

~~~
Goronmon
So, you can't trust the government to oversee the tech companies.

You can't trust companies to protect privacy.

You can't trust voters/users to make good decisions on voting for the
government or choosing the "right" companies to support.

That doesn't leave a lot of options, unfortunately.

~~~
scarface74
It’s called free will.

You can logout of Facebook

You can not use Google and use an ad ad blocker.

You can buy online from some place besides Amazon

You can not buy a mobile phone running an operating system written by an ad
company.

What you can’t easily do is change your government.

~~~
mindslight
I'm all for protecting oneself in the framework of anarcho-capitalism, as it
the default state of nature. But most people agree it is the government's
place to prevent aggression between members of society. And pervasive
surveillance is aggression.

Suggestions of individual actions are worthwhile, and it behooves everyone to
take all of the personal steps they can to protect themselves. But the
existence of individual actions culminating in a hypothetical path to opting
out does not justify harm being done when people fail to live up to them.

~~~
scarface74
So generically, who should I be more worried about having my information and
having more power? Google to advertise to me better or the government who can
take my stuff based on a vague suspicion via civil forfeiture and has the
power to send me to jail?

More personally, as a Black guy living in the mostly White burbs in the south
- ie looking suspicious for living my life - who should I worry more about big
tech (that indirectly provides for my livelihood) or the “justice system”?

~~~
mindslight
> _who should I be more worried about having my information and having more
> power_

Wu. Constructing a "lesser evil" choice is simply a way of justifying evil.

> _Google to advertise to me better_

It's not mere "advertising". Google's surveillance trove will be exploited for
economic gain in unenumerable ways. Sort individuals into classes, market a
message of safety, and discriminate to keep the undesirables away - it's the
age old playbook. The results of this paradigm will eventually be sold
directly to the de jure government, as Experian et al currently do, making the
distinction moot.

> _big tech (that indirectly provides for my livelihood)_

So you've chosen to align yourself with a more-distant oppressive power,
hoping that doing so will buy you power to defend against a closer oppressor.
Sure that may be prudent, but it is not morally right nor is it sustainable.
And backfitting from "what is" to "what should be" is never a good idea.

Less abstractly, yes the US government is corrupt and generally pushes garbage
like this EARN act. But that isn't an intrinsic argument against anti-
totalitarian regulation akin to the GDPR. Rather the lack of the action on the
latter is better seen as further evidence of said corruption.

~~~
scarface74
_Constructing a "lesser evil" choice is simply a way of justifying evil._

On the scale of “lesser evil” the government being able to arrest, harass,
violate civil liberties and lock someone up is off the charts compared to what
big tech can do.

 _Sure that may be prudent, but it is not morally right nor is it sustainable.
And backfitting from "what is" to "what should be" is never a good idea._

So I should be more worried about what you consider is “morally right” instead
of putting myself in a position where I can afford a competent lawyer -
instead of an overworked public defender - to keep me or my family from being
railroaded by the criminal justice system?

 _But that isn 't an intrinsic argument against anti-totalitarian regulation
akin to the GDPR. Rather the lack of the action on the latter is better seen
as further evidence of said corruption._

You realize that you want to give the government more power that in my parents
lifetime (who are still alive) has said that interracial marriage should be
illegal, segregation should be legal and even as recently as the 80s has had
laws making it crime punishable by jail time for adults of the same gender to
have sex?

As far as big tech vs the government, big tech has never discriminated against
me when trying to get a job. I feel the same way about tech vs the government
that Muhammad Ali felt about going to the Vietnam War. I’ll leave it for the
readers to search for what he said.

~~~
mindslight
Your comment comes from a perspective of having been abused. While I respect
your struggle, stressed analysis is not good when trying to foresee where the
next source of abuse will come from.

The commercial surveillance industry is not currently engaging in abuse on the
scale the government has previously committed, but the government is not
presently doing so either! Yet we are rightly concerned with setups that make
such things possible - for example I presume you don't just chuckle at white
supremacy protestors for being on the wrong side of history, but view them as
a threat that could gain momentum any time.

The commercial surveillance industry is currently poised with a more invasive
scope into everyone's personal life than a government could ever have,
operates autocratically, and actively resists the desires of its targets to
opt out (eg Do Not Track). That last bit puts them deeper into the domain of
wielding governmental power than a straightforward monopoly. Trusting the
people controlling these companies to be benevolent is a setup for failure.

> _You realize that you want to give the government more power_

I don't see something like the GDPR as giving the government more power, but
rather just shifting it around. Government and corporate power are merging
regardless (hence this thread), and it's better to have the result under
democratic control than fully autocratic. The real solution is of course for
people to shift to using software that they control (and hence can actually
_represent them_ ), but unfortunately that seems a long ways off, or at least
unevenly distributed.

~~~
scarface74
You realize that the government is trying to get the right to have backdoors
to allow for surveillance.

As far as what the government is presently doing. The “war on drugs” is
presently more focused on minorities while drugs are treated as a “disease” in
rural America.

Presently, my son had four or five keys on his key ring that looked alike and
he fumbled through them trying to get in our house. I made him a different
color key so the overzealous neighbors who look at him strangely wouldn’t
harass him (or call the police) for breaking into his own house.

So yeah, I have a good reason to be worried about the government wanting more
power to surveil people and to have a back door for encryption.

~~~
mindslight
Yes, I do realize. I do not think this is a good thing. I think the government
is currently doing plenty of terrible things. It has done bad things to me
personally. The magnitude of those bad things would have been from three times
to infinitely worse if I were Black.

You keep repeating these assertions as if we're not on the same page. We are
on the same page here.

Where we diverge is that you're taking this indictment, and extrapolating it
to an indictment of _all_ government regulation.

I'm actually predisposed to this point of view as well, with regulatory
capture and all, but the fact of the matter is that the synergy of government
and corporate power _is going to happen regardless_ of which rights we attempt
to obtain for us individuals. And so we might as well try to reserve an
ability to opt out of commercial surveillance as part of their bargain.

Commercial surveillance eventually feeds right into that _same_ government
which has abused you and your family, while being much more agile than blunt
government programs. As far as I'm aware, there is no law which requires
Experian, Lexisnexis, etc to pass their surveillance data to all levels of
government, including the local cops that you're rightly worried about. They
do so because it is profitable, and because power generally coalesces.

