
U.S. Senate staff can now use Signal - bshanks
http://www.zdnet.com/article/in-encryption-push-senate-approves-signal-for-encrypted-messaging/
======
AdmiralAsshat
Pro: The government recognizes the value of a well-built encryption app and is
using it.

Con: The government does this while still insisting that encryption should
have a backdoor in it, thus creating the impression that Government officials
deserve bulletproof encryption, but private citizens don't.

It would be interesting to see what happens to Signal if encryption
legislation is ever enacted, and/or if it would continue to be used.

~~~
trendia
Congress regularly makes rules that apply to every other government employee
except themselves.

* Have to use a government email for official business? Everyone else does but Congress

* Have to keep a record of all communications? Everyone else does but Congress

At least they passed a law that banned insider trading by Congress... but then
they repealed the most important parts just a year later! [0]

So, I'm sure we'll see Congress enact a law that requires that all software
have a backdoor, unless that software is used by a member of Congress, in
which case the penalty for having a backdoor is life imprisonment.

[0]
[http://www.npr.org/sections/itsallpolitics/2013/04/16/177496...](http://www.npr.org/sections/itsallpolitics/2013/04/16/177496734/how-
congress-quietly-overhauled-its-insider-trading-law)

~~~
throwawya73434
Happens the world over, mate. Over on the other side of the planet in India,
much fanfare and "nationalistic spirit" was expelled in banning funds from
foreign nations to NGOs (which may or may not be a bad thing).

Then they turned around and surreptitiously passed a law allowing foreign
funding for political parties (!). Such "nationalism" this. Similar stories
are to be found on things like corruption/transparency/Biometric ID laws.

Frankly this is democracy in its true self; the self-righteous religion
appears to share more and more in terms of theology with Communism and
erstwhile utopian systems. I can't wait to see this whole (world) system go
down the gutters, and when people open their eyes to this language game.

~~~
sametmax
This is not democracy. Not one country in the world implement democracy. Some
just enjoy a lot of freedom, and so they called themself democracy since it
makes them feel good. But I've yet to see a country where the people use their
power. Because that's what democracy is supposedly about : not just people
having power, but taking the _responsibility_ to use power, over and over on
the long run, to keep shaping their society.

Right now we delegate it at best to a group of people that are already
filtered by money or status, which is oligarchy. Not that I don't enjoy my
life in the oligarchy, but it's not democracy.

~~~
TeMPOraL
This is a bit no-true-scotsman-ich. There is no perfect democracy in the
world, and there will never be, because theoretical democracy is not a stable
state when real humans are involved.

------
mvid
I feel like everyone _except_ the government should be using Signal. Elected
government communications should always be open to public audit. Or am I being
naive?

~~~
woodruffw
Government communications should eventually be _made_ public, but they
probably shouldn't always be initially or immediately public.

Whistleblowing and legal affairs come to mind -- whistleblowers need to feel
secure in order to report misdeeds, and even elected officials have attorney
privileges.

Those certainly aren't the only cases, but they're two examples where open
probably isn't the right default for communications.

~~~
maxerickson
Short of mandating life recorders, there is reason to strike a balance between
publishing what they say and letting them work without obsessing over the
future publication of what they say.

~~~
fao_
Them obsessing about the future publication of their comments makes them think
more about what they say, and more about how the impact will affect the future
and their future career. It gives them a mooring post to understand how acting
in the interest of the people _relates to them_. IMO it is only really a good
thing.

~~~
jonwachob91
No it doesn't. It gives them the motivation to find ways of communicating off
the record.

~~~
fao_
That's like saying locks give burglars motivation to find ways of getting in,
other than doors. Sure it does, but that doesn't mean that we should suddenly
get rid of locks. Indeed, many of us take the opposite tack, and install
security alarms and cameras to intentionally lock down the rest of the house.

Governors, Politicians, etc. are _public servants_. They are not there for
their own good, they are there to follow the law, and the serve the interests
of their constituents, and only that. Therefore it stands to reason that any
communications they have with other officials, about official business, should
be recorded as it is a matter of public record. It stops "he said she said"
disputes. It helps us know about underhanded deals, unfair advantages, and
many of the other things that people do when given such powers with no
oversight.

------
xiphias
Zdnet is writing about security and publishing a PGP public key on an
unencrypted site

~~~
dredmorbius
PKI public key trust is not based on channel encryption.

There's nothing wrong with putting public keys on an unencrypted site, though
those _retrieving_ the key may want to consider that their access of it may be
visible.

------
tiff_seattle
Sounds like a good idea to me. It will demonstrate to lawmakers the advantages
and necessity of encryption.

------
m-p-3
I value both privacy and accountability. How do you make both happen in the
case of public workers, and if it can't be done, what's the proper balance?

~~~
dredmorbius
Key quorums and escrow are an option.

If a quorum of some m < n keys can be used to reconstruct a key, and those n
keys are distributed amongst a set of _generally_ trusted and coercion-
resistant entities, then the option exists for a quorum to be formed under
specific protocols which would make the relevant decrypting key available.

In the case of PKI, there's the added twist that the _sending_ party is
encrypting to the _recipient 's_ public key. If no self-encrypted copy is
retained, this means that an escrow policy on the _sender_ need not make
available any copies of messages sent -- say, a national legislator. The
method _would_ allow for accessing the messages _received_ , however.

(And if the received messages referenced the sent ones, you'd have that
content as well.)

Escrow could also be used for other purposes, such as allowing for key
recovery, by the authorised keyholder, on appeal to the escrow authorities.

Given the risks and challenges of key loss in a PKI crypto context, these are
options which might be worth considering.

------
i_r7al
For some reasons that gave me suspension that their encryption is not good
anymore since the politicians encourage their staff to use it.

------
vbezhenar
What software they were allowed to use before?

~~~
swiley
I'm sure they where allowed to use gpg.

------
raggi
Does this mean we can teach auditors to look beyond nist now too?

------
whatnotests
They should be banned from any and all encryption.

Who do they think they are?

What's good for the goose is good for the gander, as they say.

------
known
TL;DR Govt has a back door in Signal

------
ccrush
Here's an instance where I approve of backdoor in encryption. You want a
backdoor in encryption, government? Put it in your own fucking software. It's
"by the people, for the people"; not "against the peasants, not the elites."

~~~
snowwrestler
Backdoors are always a bad idea, because there is no way to guarantee that
they'll only be used as intended.

------
pasbesoin
OT: My recent "creepy" moment, with Signal.

Last year, I helped someone out, including dealing with their manipulative
friend. Whose name and number ended up in my Android contacts db.

The other week, Signal pops a message: X has joined Signal. Be the first to
send [them] a message.

Um...

~~~
nyolfen
you're complaining because someone in your contacts ended up as a suggested
friend in an app, after you granted the app access to your contacts?

~~~
pasbesoin
Yeah, I don't know that I have the right to complain. Nonetheless, it was a
"creepy" moment, for me.

