
U.S. can't ban encryption because it's a global phenomenon, Harvard study finds - chewymouse
http://www.dailydot.com/politics/worldwide-survey-of-encryption-products/
======
austerity
The mere fact that the encryption ban is being discussed and bringing it up
doesn't instantly end one's political career is frightening. Access to all
individual's communications is a level of trust reserved for closest family
members if that. And here government nonchalantly goes on to assume this level
of trust from every citizen. Yet everyone except a handful of techies is
completely oblivious to how monstrously perverted that is. The future looks
really dark right now.

~~~
tptacek
I hope it's obvious that I don't support crypto bans of any sort†.

But: I find this sentiment a little hard to understand.

The principle at play here goes way back into common law, and was most
famously articulated in the 1700s as "the public is entitled to every man's
evidence".

Access to all an individual's communications has been a privilege of the
judicial system for the whole life of this country, and for many centuries of
the country we came from. The founders didn't carve out a rule saying that
individuals had the right to conceal evidence, and, one by one, when they
assumed the reigns of government, their actions confirmed that they intended
no such rule.

The norm for centuries has been that if you're being investigated, and the
courts sanction that investigation, your documents and communications are fair
game. In fact, before 1967, it wasn't even the law of this country that the
government couldn't intercept and monitor your communications _by fiat,
without a warrant_. Forced to confront the abuses of wiretaps by unscrupulous
government agencies, Congress and the Supreme Court didn't choose to ban
wiretaps; instead, they systematized them.

When people discuss the need for backdoors in crypto, they're generally not
talking about the status quo. What they're worried about is 15 years from now,
where _all communications and storage technology is end-to-end encrypted_ ,
and no warrant or judicial order of any sort can retrieve evidence from them.
That's not a crazy worry: it's what's inevitably going to happen.

† ( _[http://cryptopals.com](http://cryptopals.com), &c_)

~~~
hobs
I think the big difference between the 1700s and today that seems
unacknowledged in your post is that most communication happened face to face
and was not documented for the government to intercept.

You and your wife could not be forced to testify against each other(Spousal
privilege), but your private sms conversation absolutely could be. (What was
possible as only a private conversation is now easily sent across the world,
and as a consequence is sniffed and stored by potentially many parties.)

This is not a surprise for anyone who understands that they are sent in plain
text, but from the context of people, those conversations would still be
considered private communications between spouses.

I am not saying the law gives a shit about the distinction, but persons
absolutely do. I hope you now understand the sentiment a bit more.

~~~
Grishnakh
Answer me this, because I really don't know:

Back in the 1700s, if you wrote a private letter (on paper/parchment, with a
feather ink pen as they had back then), in a foreign language, and the court
system wanted to use this as evidence, could the government compel you to
translate it?

Or, suppose you developed your own cipher (they had ciphers back then, I'm
sure). Could the government compel you to decipher the message back then?

The use of encryption really isn't much different from this.

~~~
pc2g4d
But with backdoored encrypted communications the government would have instant
access to ALL enciphered letters at once, regardless of the seeming guilt or
innocence of the sender or recipient.

To me that seems like the key difference. If all but face-to-face
communications are electronic, and no electronic communications can be
strongly encrypted, then the private sphere is greatly reduced and many things
once considered private become public.

But on the other side of things, with strong crypto many things once
considered public would become private.

There doesn't seem to be an easy way around this choice.

~~~
tptacek
Hold on. With status quo electronic communications in the 80s and most of the
90s, the government retained instant access to communications for
investigative purposes, and no serious objections were raised --- just as
nobody objects to the idea that the police, searching your house with a
warrant, get instant access to letters you've left on your desk.

Instantaneity can't be the fulcrum of this debate, because it's been the norm
since the beginning of English common law.

There has to be some other principle at stake that can argue against
decryption backdoors. And I think there are such principles! But I think it's
important that they be articulated carefully.

~~~
pc2g4d
Yes, in previous decades the government could access electronic communications
under the third party doctrine[1] that says the fourth amendment only applied
to "papers" held by the individual / in their home, not to communications
voluntarily placed in the hands of a third party. On the other hand, far less
of people's lives was conducted online. I expect that's why no real objections
were raised.

Because much intimate communication has moved from in-person/on-
telephone/other-instantaneous communications to asynchronous platforms hosted
by third parties, in effect much that was "private" is now effectively
"public". What once required a warrant now does not. Many things previously
subject to protections against unreasonable searches are no longer so
protected.

[1]:
[http://www.abajournal.com/magazine/article/the_data_question...](http://www.abajournal.com/magazine/article/the_data_question_should_the_third-
party_records_doctrine_be_revisited/)

------
spangry
The politicians and national security bureaucrats advocating this are idiots.
At least that's the charitable interpretation. The world is not static. Mass
surveillance leads to mass demand, and therefore mass markets, for privacy
products (e.g. VPNs, secure messaging). And a product will only be used by the
masses if it is easy to use.

Can't these people see that they're shooting themselves in the foot (assuming
their true goal is to intercept the communications of the
'terrorists/communists/lizard people' hiding under your bed)? Encryption is
hard. Properly implementing a system that incorporates it is even harder. I
doubt 99.9% of the aforementioned 'enemies of the week' have the technical
capability to do so (ok, maybe the commies do). But that's no problem now!
They can just buy a product off the shelf thanks to the new mass market you've
just created!

Now they're trying to stuff the genie back in the bottle by banning
encryption. Banning encryption? What does that even mean? How are you going to
enforce that? I suspect the answer to the latter is: "selectively".

It feels like we're only a few iterations of this arms race away from our
genius leaders pushing for telescreens to be installed in everyone's homes, to
ensure they don't use any of that 'godless, un-american encryption that only
evil lizard people use'.

After all, if you're doing nothing wrong you've got nothing to hide.

------
LinuxBender
I support a ban on encryption. /s

Any time something is banned, it becomes more prevalent and governments lose
any semblance of control that they may have had on a thing. Such a ban would
also force people to re-think security. There is a false sense of security if
a thing uses an encrypted transport, or has an encrypted disk. This only
partially hinders accessing data by people that are not supposed to have it. I
should not have to start documenting the ways to side-step current
implementations of encryption, right? This is the Hacker News, so most of you
should already know at least some of the methods.

OK, back to reality. A ban would legalize what is already being done. There
would be no more need for individuals to risk their own safety by breaking gag
orders, NSL's, court orders, et al. Everyone would be painfully aware of what
is being monitored.

BTW, I am being partially sarcastic here. The 3 letter agencies are nodding
their heads as they read this. A ban on encryption would be highly detrimental
to their operations. Such bans would be dead in the water or have their teeth
removed before seeing the light of day.

------
2close4comfort
Hey we banned liquor once too, which I am thinking was somewhat global at the
time. Don't underestimate the US! USA! USA!

~~~
Shivetya
People vastly underestimate the power of the US government to ban encryption
within its borders. It simply can stop the sale of all offending devices,
confiscate said devices, and even go after the profits from sale of the
devices both new and old. If pushed they could theoretically go after those
who run the companies.

It really depends on who is behind it and how much political power they have
relative to their next election prospects.

~~~
AnthonyMouse
You're talking like encryption is hardware. It's software. You can confiscate
eight billion copies but miss one and tomorrow there will be nine billion
more.

And it doesn't come from companies. Originally it comes from academics, but
nobody actually gets their copy of AES from Joan Daemen and Vincent Rijmen.
It's software on the internet. You can get it from Mozilla or Google. If you
can't get it from them then you can get it from anyone at CCC or Debian
servers in France or Brazil or your cousin in Russia or the Venezuelan
government that loves any excuse to stick it to the US.

But let's pretend they're willing to cut all the fiber and close all the
borders to keep encryption from crossing in from other countries. Your
proposal is that they're going to go house to house and search your attic for
the last of those t-shirts the EFF printed the last time this happened?

Now mind you, that doesn't mean banning encryption would have no effect. It
would mean that your bank and your doctor couldn't use it to protect your
finances and medical records, and they're the type of organization that could
be compelled to comply with such a thing.

~~~
chopin
>Your proposal is that they're going to go house to house and search your
attic for the last of those t-shirts the EFF printed the last time this
happened?

As every comms is under surveillance its vastly easier than that. You just
need to look for traffic you can't read. And then go after the sender. If you
make encrypted communication a criminal offense, that's an easy task.

~~~
AnthonyMouse
> You just need to look for traffic you can't read.

And what precisely is that supposed to mean?

If I send you a spreadsheet purporting to be "the latest numbers for the
current period" but the low bits of each field (which would reasonably be
statistically random) are really encrypted data, how do you propose an
observer can figure that out?

------
twoodfin
I do believe that the U.S. can't "ban encryption", any more than it could "ban
mathematics".

That doesn't mean the intelligence value to legally enforced backdoors in
popular US-created or US-marketed products isn't significant.

For one thing, your target might not be sophisticated or suspicious enough to
avoid these products, or they may be communicating with folks who aren't (for
example, if you're studying recruitment).

For another, requiring anyone desiring to hide their communication to eschew
popular products itself provides a signal that may be of interest. And a
diversity of smaller encrypted products may end up being more vulnerable to
subversion and exploitation, vs. widely used, deeply studied systems.

I am not arguing that this value is worth the massive privacy and civil
liberties tradeoff of giving the government access to products like iMessage.
But it's not, I think, as simple as saying, "the bad guys will just switch to
using other tools".

~~~
Grishnakh
They absolutely can ban encryption if they want. Just like they can ban
mathematics. What makes you think it's impossible?

It wouldn't immediately eliminate all encryption, but it'd be easy to go after
any corporations operating in the US and either force them to follow the ban
or throw their execs in jail. After that, they could put up a Great Firewall
and block downloads from foreign servers. They can use the Great Firewall to
snoop on internet traffic, doing deep packet inspection, and look for
unrecognized traffic, VPNs, encrypted emails, any markers of common
unauthorized encryption protocols, etc. They don't have to catch every single
person, they just have to catch some and then make an example out of them.

You're probably thinking that this is just too extreme. Has everyone forgotten
what life was like in East Germany under the Stasi? That lasted until the late
1980s!

Now of course, you can debate how unlikely this scenario is to play out, but
I'm just pointing out that it isn't impossible, not at all, and we've seen a
society much like this in the very recent past.

------
s_q_b
Trying to ban encryption is like trying to ban a triangle.

------
joesmo
The US government can backdoor all the products they want. The only thing they
will achieve is to destroy the tech sector in the US. That's no big deal
right? Who cares if no one outside the US trusts US companies because all
their software is backdoored? Of course, the tech sector will be only the
first to suffer. The rest will fall like dominoes.

And all for what? So the FBI can catch some people smoking weed and the NSA
can perv out to citizens' pics, that's what for.

------
newman314
What's sad/funny to me is that people are making a bigger deal about this
because Harvard study.

Encryption is like a knife. It's not good or bad. It just is. I find that
using that analogy helps a lot especially when talking to lay people. Banning
one/one kind of knife means a bad actor is just going to use something else.
Ergo, it isn't a fix.

------
perks
I often argue this point, however I wonder how other people on HN discuss this
issue with their non-technical "real politik" (actually just Political Science
majors) friends that suggest that prohibiting encryption for non-sanctioned
private entities (for example allowing bank transactions, online shopping, but
disallowing encrypted chat protocols, emails, etc) is not terribly detrimental
for the state barring "morality" concerns and our commitment to the principals
of democracy, free speech, and the like.

I often resort to, "You can't ban math!", but wonder if there are more
outlined resources for explaining this.

------
justaman
The thing about encryption, you can always roll your own if you are
advantageous enough.

------
such_a_casual
But if they ban encryption, there won't be any more bad guys.

------
fakhar50
i agree

------
Alupis
> a foundational principle of our judicial system

You are sorely misguided if you believe a foundational principle of our
judicial system is deliberate and systematic invasion of innocent citizens'
private communications.

> no data center any country can build will ever so much as recover a single
> emoji from a single IM

This is fine and how it should be. Historically there has been no way to
intercept communications on this level ever before - so why claim it's
suddenly necessary now? Especially since all of it has amounted to exactly
nothing thus far...

This analogy has been beaten to death - but the parallels are almost exact
when compared to Stasi Secret Police steaming open citizens hand-written
letters for inspection... As others have already mentioned, one of the driving
forces behind our nation was desire for private communications that the
government didn't have entitled and unrestricted access to.

~~~
tptacek
I'm not sure who you're arguing with, but I don't think it's me.

------
f3llowtraveler
Same reason no one can stop cryptocurrencies.

So far I don't see any reason why Bitcoin's exponential adoption rate would
suddenly grind to a halt.

~~~
venomsnake
Have you been hit in the knees with a wrench by government thugs? Just asking.

~~~
2close4comfort
Rubber hose crypto is an issue but one that can be solved.

