
Illegal Math - colinprince
http://blog.prakashvenkat.com/illegal/
======
slg
>Various government agencies are crooning that they should be able to knock
down whichever doors they please because they're the government.

I think this analogy is apt but it actually works against the author's point.
Our government has legally been allowed to knock down whichever door it has
wanted to for centuries assuming it has received the proper warrants. An
encryption door cannot be knocked down. That is a very scary problem for the
government and law enforcement. Things like personal notes, journals,
communications all used to be accessible to the government through warrants.
Now that information is all locked away behind encryption. This is a huge
shift in the way governments fight crime. We need to recognize that fact in
order to have any productive debate with anti-encryption folks and we can't
just pretend the government is evil because they wanted to keep the status quo
of the physical world alive into the digital era.

~~~
TheOtherHobbes
>Our government has legally been allowed to knock down whichever door it has
wanted to for centuries assuming it has received the proper warrants.

But it hasn't been able to trawl for evidence mechanically and automatically.
Now it has the technology to do that.

The default has always been privacy, for practical reasons. Encryption simply
continues that tradition by continuing to make evidence gathering non-trivial.

~~~
rtpg
The mechanical and automatic nature of evidence gathering is a real
difference, and goes well to argue against NSA-style warrantless crawling.

I think for warrants, though, we're looking at a different beast. By their
nature they are targeted. And people have been compelled to provide passwords
in the court of law(See [0]). The right against self-incrimination is
relatively narrow, so as to not hinder the government's discoverability powers
too much.

I think the one thing about this, though, is that people can already be
compelled through legal means to unlock things. There is a reading of the
Apple case that they are being compelled to unlock something for which they
have the key.

Generally, it feels like outlawing encryption isn't necessary for the gov't to
pursue the discovery phase of an arrest. There are already a good amount of
legal means to compel people to unlock the doors.

[0]:[https://en.wikipedia.org/wiki/Key_disclosure_law#United_Stat...](https://en.wikipedia.org/wiki/Key_disclosure_law#United_States)

~~~
marklgr
> And people have been compelled to provide passwords in the court of law

You can have encrypted data that accept two different passwords, producing
different decrypted data of your choice. This is like the 2nd code that mute
the home security alarm when you are forced to do it, but still calls the
police.

~~~
rtpg
If you do that, and police have any evidence at all that you do this,then its
useless from a legal perspective.

The courts will demand for both passwords or you'll get some nice sentencing
for contempt of court.

Of course you could not tell anyone but that's a dangerous game.

------
jimworm
One of the problems with outlawing encryption is that it takes nothing to
prove the crime, and therefore it is impossible to prove one's innocence.

Would it be possible to outlaw the possession or transfer of data that appears
random? Nearly all data is random data, and nearly all processes randomize
data. All data could be "proven" to contain information under at least one
encryption scheme. It is the ultimate guilty until proven innocent argument.

If your credit card were erased with a magnet, could you now be prosecuted for
the possession of encrypted data, because it could be proven that using a
certain one-time pad it could be transformed into something meaningful to
humans?

It doesn't end there. All things could be interpreted as information. We would
have to start explaining the arrangement of books on a shelf, of spices in a
rack, colours of stitching in clothing. If encryption were illegal, we would
all be guilty all the time.

Fine, some would argue that random data isn't proof of guilt. What about the
means of encryption? Now all random data are one-time pad keys. Prepare to rot
in jail.

~~~
CJefferson
Except, the law is about "reasonable doubt", and has been dealing with this
kind of thing for hundreds of years. This isn't new magic.

By a similar argument, any phrase someone says to someone else might have been
code for "kill that guy". Except usually it's not, and unless there is
convincing evidence you did mean to kill that guy, you'll be set free.

Conversely, if you have previously agreed a code where "2+2=4" means "kill
that guy", and then you say "2+2=4", you can't argue in court that "Oh, I was
just saying a true statement of maths, how could that possibly be illegal?"

~~~
jimworm
You're talking about reasonable doubt on an order to murder, I'm talking about
reasonable doubt on the possession of encrypted data. Strongly encrypted data
looks random and the only way to tell the difference is to have the decryption
key. So is withholding the key sufficient for reasonable doubt? If it is, the
law is useless; if it isn't, any random data is evidence of guilt.

~~~
debacle
The law isn't cut and dry. That's a fantasy that a lot of people, especially
in tech, seem to have.

------
RockyMcNuts
Seems a little like saying, you burn some gas and your car goes, and if it
goes 80mph, that's just physics. You can't make it illegal to obey the laws of
physics?

Plants are just biology and burning things is just chemistry. You can't make
it illegal for a plant to grow and for a human burn it and inhale it, can you?

Well...if you pass a law that pi=3 it doesn't change the nature of the
universe, but it does regulate human transactions, and human behavior can be
and sure is regulated using some strange laws.

~~~
dingusoo
It's more like saying if you draw a picture of a car going 80mph, that's just
a drawing.

Doing physics or chemistry can directly harm people. Doing math or drawing
pictures can't.

~~~
programmer_dude
>Doing physics or chemistry can directly harm people. Doing math or drawing
pictures can't.

Like the article said analogies are no fun. I agree with your premise but not
with your conclusion.

You will perhaps agree that encryption has the potential to directly harm
people just as physics or chemistry?

~~~
CamperBob2
_Doing physics or chemistry can directly harm people. Doing math or drawing
pictures can 't._

This argument might have worked, up until the point when they criminalized
cartoon child pornography.

 _You will perhaps agree that encryption has the potential to directly harm
people just as physics or chemistry?_

No.

~~~
nekopa
From what I remember, the child pon drawing law was about people taking child
pon photography, and running it through a Photoshop filter to make it look
like a drawing. That way people were trying to get around the law. Also, it
was trivial to return the 'drawing' back into a photo by reversing the filter.

~~~
hutzlibu
Hm, but then this is something different, if you just have to reverse a
filter, then normal child porn laws apply, I would think.

------
bfstein
Disclaimer: I agree with the author on the encryption debate.

However, it's a slippery slope to say that encryption can't be illegal because
in is math, and math can't be illegal.

It's equivalent to say that making bombs is chemistry, and chemistry can't be
illegal. It's an oversimplification.

Presenting the practical consequences of a backdoor produces a far more sound
argument.

~~~
Johnny555
The difference is that math is an abstract concept with no physical
manifestation. I can encrypt something in my head, but I can't make a physical
bomb in my head.

Even when an encryption algorithm is implemented on a computer, it's still not
a physical object, it's just a mathematical algorithm.

A computer simulation of explosive chemical reaction is not going to get you
arrested, why should an encryption algorithm?

~~~
techdragon
A computer simulation of a nuclear explosion could be considered illegal to
possess under the "Born Secret" doctrine applied by the US government,
depending on the circumstances.

------
natch
Buried in the article below the clever though not original point that
encryption is not math, is a much more important point:

This debate should really be about whether or not people have the right to
have secrets.

If your answer is "no" then you ought to explain how you square that with the
fact that many of our everyday activities can be considered criminal in some
jurisdictions.

~~~
tptacek
I understand where the sentiment is coming from, but the point you are making
here is _incoherent_. Your argument is literally this: _people need encryption
so that they can conceal evidence of crimes_.

I think next time you pose this argument, you should remove the bit about how
your actions might be illegal in some jurisdiction or other. It isn't doing
the work for you that you think it is.

~~~
natch
Ugh, I have a bad typo in the first line, and unfortunately can no longer
edit: "not math" should have been "just math."

But that doesn't seem to be what you're remarking on.

I'm not sure what you see as the problem with my argument. Some people, if
private messages were read by people around them or by their local law
enforcement, could be sentenced to death, in certain jurisdictions. For
"crimes" like being Christian, Muslim, atheist, Gay, etc.

How is that a good thing?

How is it a bad thing that people want to protect themselves with encryption?

Or if you're saying you get the argument and I'm just doing a bad job of
making it, yes, maybe so, but maybe it's a hard side of the argument to take.
Any suggestions on how to put it better?

Or maybe you're saying it's entirely the wrong argument to make, tactically.
I'm still not sure why. Having not heard a reason for not making this
argument, I think it's good to make it because it seems to be discussed too
little.

~~~
AnimalMuppet
I don't speak for tptacek. But I think his point is that you're _making the
wrong argument_. You're arguing that people should be able to conceal the
evidence of crimes, because things that shouldn't be crimes are crimes in some
jurisdictions. If you remove the last part (which tptacek said wasn't doing
the work for you that you thought it was), then all you're left with is that
people should be able to conceal the evidence of crimes. That's... not a
convincing argument under current circumstances. Yes, there are people who are
being prosecuted for things that, morally, shouldn't be crimes. But the
current encryption battle is in the US, and most Americans perceive those
"shouldn't be crimes" situations to be in other countries "way over there
somewhere". They don't want murderers, rapists, and pedophiles in their
neighborhood to get away with crimes due to encryption, and they're more
worried about that then they are about homosexuals under ISIS. So it's a bad
argument, politically, because it reduces political support for encryption
rather than increases it.

Instead, you need to argue that _completely innocent people need encryption_ ,
and you need to explain _why_ they need it.

~~~
tptacek
You did a better job with that point than I did.

~~~
natch
Thanks to AnimalMuppet and thanks for confirming that this is what you meant.

I understand what you are saying, and it's a good point for the current case,
for a discussion with the general (non-techie) public. I'll keep that in mind.

Quoting AnimalMuppet:

>If you remove the last part ... then all you're left with is that people
should be able to conceal the evidence of crimes.

OK, that is precisely why I did NOT remove the last part, and it's precisely
why the last part is important. The part about other jurisdictions having
(sometimes) laws we might not all approve of.

So, what I think I'm getting from you (you two) is that most people will just
snip that last part off in their minds, and they'll be left with something
they would never agree with. OK, fair enough, and thanks for pointing it out.

Sometimes I think the general public wonders what the hell Apple's problem is,
and why would they place SUCH a high value on (what is perceived as simply)
privacy.

My point about other jurisdictions is also just my own speculation on what
kind of issues Apple is thinking about, in addition to the fundamental
insecurity of effectively having a back door. It may not be a large part of
their thinking, or maybe it is, I can see it both ways... On the one hand Tim
is a corporate man, and on the other hand he's also running a company that
goes out on limbs for corporate [edit: and social] responsibility.

------
aresant
I enjoyed the article's major theme of encryption as math - but the dedication
of the second & third paragraphs to disparaging analogies was distracting.

Educating HN and SV on this topic is throwing so many logs on the fire - I
literally haven't met anybody in tech that doesn't strongly support Apple /
encryption.

On the other hand analogies - like "locks, doors, and burritos" \- are the
only chance we have to sway the POPULAR opinion in this country which
currently sits 52% in favor of handing the govt the keys. (2)

And Donald Trump has recently shown with great effect what speaking like /
explaining thing simply (at a 3rd grade level in fact) can do to reach
Americans. (3)

And, as for "Illegal Math" in general, unfortunately there's prior art in this
department as well ;-) (4) (5)

(1) [http://www.people-
press.org/files/2016/02/2-22-2016-iPhone-r...](http://www.people-
press.org/files/2016/02/2-22-2016-iPhone-release.pdf)

(2) [http://www.people-
press.org/files/2016/02/2-22-2016-iPhone-r...](http://www.people-
press.org/files/2016/02/2-22-2016-iPhone-release.pdf)

(3) [http://www.politico.com/magazine/story/2015/08/donald-
trump-...](http://www.politico.com/magazine/story/2015/08/donald-trump-talks-
like-a-third-grader-121340)

(4)
[http://everything2.com/title/Copyrighting%2520a%2520number](http://everything2.com/title/Copyrighting%2520a%2520number)

(5) [http://mathbric.blogspot.com/2009/01/just-how-small-is-
small...](http://mathbric.blogspot.com/2009/01/just-how-small-is-smallest-
illegal_05.html)

------
kawsper
Poul-Henning Kamp (bsdphk) known from FreeBSD and Varnish, have speculated
that the future will bring certification for using cryptography, where
decryption keys will need be placed on government servers.

He says that to avoid this to happen the citizens need to demand access to
strong cryptography.

[0] He writes about it here (danish to english):
[https://translate.google.com/translate?sl=da&tl=en&js=y&prev...](https://translate.google.com/translate?sl=da&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.version2.dk%2Fblog%2Fagent-0x007-med-
licens-til-pgp-571048&edit-text=)

~~~
dingusoo
If this were ever to happen, the only people using secure (deniable)
cryptography would be be the bad actors. Everyone else would be screwed.

~~~
ajmurmann
You and I understand that, but how many politicians understand that? We
constantly ban stuff that's futile to ban and make things worse I the process.

------
Taniwha
Did the US supreme court (in 1877) not find?:

"No law of Congress can place in the hands of officials connected with the
Postal Service any authority to invade the secrecy of letters and such sealed
packages in the mail; and all regulations adopted as to mail matter of this
kind must be in subordination to the great principle embodied in the fourth
amendment of the Constitution."

(Ex parte Jackson, 96 U.S. 727, 733 (1877))

Why does this not also apply to newly invented forms of communication

------
gaur
Related:
[https://en.wikipedia.org/wiki/Illegal_number](https://en.wikipedia.org/wiki/Illegal_number)

> Any image file or an executable program can be regarded as simply a very
> large binary number. In certain jurisdictions, there are images that are
> illegal to possess, due to obscenity or secrecy/classified status, so the
> corresponding numbers could be illegal.

~~~
pussinboots
I'm more of a fan of illegal primes:
[https://en.wikipedia.org/wiki/Illegal_prime](https://en.wikipedia.org/wiki/Illegal_prime)

------
mehwoot
_Various government agencies are crooning that they should be able to knock
down whichever doors they please because they 're the government. Not really a
sound argument but… they're the government after all._

Various government agencies are crooning that they should be able to knock
down whichever doors they please because the interests of being able to have
somebody find out what people are doing under certain scenarios is preferable
to never being able to do it.

The fact you misrepresent the argument as simply "because they're the
government" means you either don't understand the opposing side or you're
willfully misrepresenting them. In either case, why would anyone who doesn't
already agree with you take what you said seriously?

------
samatman
Any time the "math cannot be illegal" argument is raised, it's time for a re-
reading of "What colour are your bits?":

[http://ansuz.sooke.bc.ca/entry/23](http://ansuz.sooke.bc.ca/entry/23)

~~~
milesftl
i have never seen this article, thanks for reposting it. This articulated a
bunch of things I have a very difficult time explaining to other non cs
people. very well put.

------
shirro
Mostly the maths just enables easy key distribution and makes encryption
viable for commerce and privacy. I don't see the public benefit in restricting
this. It seems more targeted at ordinary citizens than criminals or foreign
powers.

If all you want to do is bring down the government then you can distribute one
time pads on microsd cards and there is not much legislation can do to stop
that. Any governments planning to ban xor?

------
kenningrmd
Serious question: Even if a government makes encryption illegal, if I have the
source code to gpg then I can still encrypt anything I want right? In other
words, even if we lose secure access via SSL because of a master cipher,
nobody can make the gpg source code, for example, disappear entirely.

~~~
kelnos
Sure, but that same government can jail you for using it, or jail you for
refusing to turn over the passphrase to your encryption key.

------
mirimir
Well, encryption is already effectively illegal in the UK. Using unauthorized
VPNs is illegal in Saudi Arabia. And Iran, I believe. Tor and VPNs are
effectively illegal in China, although mostly they just block access.

So it will be interesting to see where the US goes on this. The lines are
being drawn.

------
tlrobinson
You can say things like "math cannot be illegal" all you want, but the people
with the guns and jails ultimately decide what's "illegal".

(To be clear, I am absolutely not in favor of putting any sort of restrictions
on the use of encryption)

------
pfarnsworth
The more things change...

This is a similar debate we had 20 years ago, when people were fighting
against the government who wanted to limit encryption to 56-bit DES. Stronger
algorithms were not allowed (and then they acquiesced and allowed stronger
keys to be used within the US only, unless you applied for special licenses).
But you could print out the same encryption algorithms as a book or even a
t-shirt and it would be totally legal and exportable. The government was
saying that they were protecting us, but really it did nothing.

It was ridiculous and we had a few years of relative peace on the encryption
front until this whole faux-terrorist debacle.

------
antxxxx
Whitfield Diffie and Martin Hellman did not invent public-private-key-
encryption. It was invented in secret by mathematicians working at GCHQ before
Diffie and Hellman but not publicly acknowledged until 1997 -
[https://en.wikipedia.org/wiki/James_H._Ellis](https://en.wikipedia.org/wiki/James_H._Ellis)

~~~
krylon
Well, technically yes. But a) the invention of asymmetric encryption at GHCQ
was kept secret, so Diffie and Hellman did not know about it; they invented it
independently, it happens from time to time. And b) AFAIK, GHCQ did not
develop asymmetric encryption into anything practically usable, they did come
up with the basic concept, but stopped there (again: AFAIK - I am happy to be
corrected if I have been misinformed there).

------
lr4444lr
"Encryption is math. Math cannot be illegal."

I wouldn't go so far as to say that the author made no interest points, but
statements like this are a perfect example of that STEM worker arrogance
stemming from the logical fallacy that just because you control systems which
masses of people don't understand but rely on heavily (and make good money
doing it in a secure comfortable job), that you have adequate knowledge to
make sweeping statements in other areas outside of engineering knowledge.

It isn't the math, but the activity of _applying_ that math in actual
communications which is subject to legal statutes and regulation, which I
don't pretend to be an expert on, but know enough of my own ignorance about
the theory and practice of the law (and having a number of attorneys in the
family to check my own tendency toward that aforementioned arrogance) to
understand that it isn't a simple freedom of expression or open knowledge
issue.

------
awinter-py
Everything is math.

Specific example: chemistry is physics & physics is math. Should all chemical
processes be protected on these grounds?

I agree with your conclusion that we should let people secure their own
information, but not because the process of securing information is an
algorithm derived from math research.

------
forrestthewoods
Analogies are stupid. It's perfectly constitutional for a law to be passed to
ban encryption. It'd be a stupid, terrible law with horrific consequences. But
there's nothing unconstitutional about bad laws. We have more than a few as
is.

------
munin
bad news, some math is already illegal:
[https://en.wikipedia.org/wiki/Born_secret](https://en.wikipedia.org/wiki/Born_secret)

------
thetruthseeker1
Even though the contents of iPhone is encrypted, the government agencies have
been able to get that out of iCloud with the help of Apple in the past. So it
is not entirely true that the whole encrypted content is off limits in all
cases. May be that is all that is needed. And may be we shouldn't need to do
anything more which I think is a valid argument. However, lets also not paint
the ones who request such a feature as "morons"

------
banku_brougham
What happens if the government succeeds? When manufacturers and software shops
are required to leave keys for the FBI, NSA, etc for all encrypted storage and
communication, what will happen to our technological world?

Has anyone written about the probable unintended consequences? I think it
could happen and I am concerned.

------
dinkumthinkum
This is sort of how I have always felt about the idea of "legal or exportable
levels of encryption." It seems a very strange thing. However, even though we
may be right that it lacks sense, I don't think the government is moved by
such an argument.

------
sphilipakis
Illegal Numbers - Numberphile
[https://www.youtube.com/watch?v=wo19Y4tw0l8](https://www.youtube.com/watch?v=wo19Y4tw0l8)

------
bcook
I equate encryption (right to privacy) with free-speech.

I could babble about the similarities, but smarter, better educated minds have
already done that.

------
hahagavkdr
Clearly the writer is not a mathematician. It is easy to see that math can be
illegal. It is enough to consider the obvious example of encryption in
violation of various export laws and we are done.

