
Senators propose lawful access to encrypted data - Multicomp
http://www.androidauthority.com/lawful-access-to-encrypted-data-1132922
======
mistrial9
US Senators are at the executive top-of-the-food chain in a complicated social
game of "can / cannot" and "should / should not", so US Senators can propose
things that are not in the interest of individuals, despite being individuals
themselves. US Senators (mostly lawyers) decide that law is "good enough" to
be used to control technical behavior.

A major, major problem with locks and technical solutions is, that they keep
un-trained people out, trained people must jump through hoops, but the
implementors have special insight and resources in how to break it. Therefore,
the implementors get special powers that individuals do not have, trained or
not trained. Once again, US Senators believe that the implementors are "good
enough" to be useful, given that errors, omissions and yes, crime, will occur.

The end result is, from the point of view of the individual writing this, is
that implementors have special powers over individuals moving forward. This
may or may not be a bad deal. Historically, humans have victimized other
humans at astounding rates, including incentiving others to do the same,
sucessfully. So, do you an individual, or you a responsible organization
leader, believe that these particular implementors will be special over time
and not use this power to victimize others?

lastly, throw in the murkier sides of "legal" and "victimization" .. Famously,
most everything done in 1930s Germany was legal, at each step, encapsulated in
the derogatory term "little Eichmann"

edit- over time, technical solutions will break or be leaked, and then all the
"should / should not" is irrevocably out of the equation.. this last part is
often what is referred to by technical analysts.. the chain of responsibility
becomes un-fixably broken "when" not "if"

~~~
kyboren
> The end result is, from the point of view of the individual writing this, is
> that implementors have special powers over individuals moving forward. This
> may or may not be a bad deal. Historically, humans have victimized other
> humans at astounding rates, including incentiving others to do the same,
> sucessfully.

Giving some group "special powers over individuals" "may or may not be a bad
deal"?

    
    
      If men were angels, no government would be necessary. If angels were to govern men,
      neither external nor internal controls on government would be necessary.
      In framing a government which is to be administered by men over men, the great
      difficulty lies in this: you must first enable the government to control the governed;
      and in the next place oblige it to control itself. A dependence on the people is,
      no doubt, the primary control on the government; but experience has taught mankind
      the necessity of auxiliary precautions.
    

-James Madison, Federalist No. 51 [https://www.csus.edu/indiv/f/friedman/fa2019/govt1/schedule/...](https://www.csus.edu/indiv/f/friedman/fa2019/govt1/schedule/B/FED%2051.pdf)

------
the_snooze
"Keys Under Doormats" should be required reading for anyone wanting
exceptional access to encrypted data.
[https://www.schneier.com/academic/paperfiles/paper-keys-
unde...](https://www.schneier.com/academic/paperfiles/paper-keys-under-
doormats-CSAIL.pdf)

Even if you honestly wanted to implement this, the real elephant in the room
is how to manage multiple jurisdictions. For example, the US government and
its contractors routinely use off-the-shelf hardware and software. If China
happens to confiscate one such device, would we want to live in a world where
they too have exceptional access? If the implementation exists, you're kidding
yourself if you think only the US can require it.

------
unnouinceput
Apparently US government never learns. As Schneier puts it, it will become a
tool for criminal organizations in the end. I can't wait for this to become
the norm and absolutely everybody would be able to spy on everybody. Then
you'll have the equivalent of your nosy neighbor that sits on window, having
nothing else to do all day, and just watches what happens on the street. Then
you'll see how fast this law will go out of the window when the elected ones
will see none of their secrets are secrets anymore.

~~~
claudeganon
I agree with the general point, but the “elected ones” will keep using crypto
because laws don’t typically apply to the wealthy and powerful.

~~~
close04
How, would manufacturers make special edition phones or software especially
for the wealthy and powerful? It can't be just a switch or people would either
find a way to flip it to either close the backdoor on regular phones, or to
open one on those "special" editions.

And what's stopping anyone from simply downloading or buying the "worldwide"
version of software of devices which presumably have no known backdoors?

~~~
claudeganon
You don’t have to make special edition phones. You just side load encryption
apps, unless they’re going to lockdown all on-device testing of software.

Also, they already make “special phones” for people in government:

[https://en.m.wikipedia.org/wiki/Sectéra_Secure_Module](https://en.m.wikipedia.org/wiki/Sectéra_Secure_Module)

~~~
close04
You didn't address the point or at least your answer is parallel to your
original comment. What would "the wealthy and powerful" do that I can't? What
encryption will they have exclusive access to?

> the “elected ones” will keep using crypto because laws don’t typically apply
> to the wealthy and powerful.

Sectéra phones/modules never made it outside of mandated government use
because encryption (and security in general) only works if it's there on both
ends and people _want_ to use it. So pretty much the only option is with
software on top of your smartphone of choice (like POTUS and the hardened
Blackberry with encryption software on top). Already both presidents and
presidential candidates alike repeatedly bypassed security measures in the
interest of comfort and usability. In fewer words people want their iPhones
(Samsungs? whatever) and they don't want to only talk to people who also have
"the special phone", rather just a piece of software.

So I can't really see how "the wealthy and powerful" would have exclusive
access to that encryption and make any meaningful use of it. Good encryption
options are like backdoor keys: once they're out there sooner or later
everyone will have access to them.

~~~
ksaj
This is correct. An colleague of mine used to brag about his "black phone" to
the point of obnoxiousness. After one of his "look what I have!" spiels, I
asked him to initiate an encrypted call with me. He couldn't, of course,
because I don't have the same phone. Then I asked him who he knows that does
have one, and requires him to use more security with them than for every other
call he made every day.

Ah, Nobody. Sylvia wrote a catchy song about her back in the early 80's.

------
carbocation
The article’s title is “New US Bill would require makers of encrypted devices
to leave a backdoor” which reads much less like propaganda than the current HN
headline of “Senators propose lawful access to encrypted data.”

~~~
xigency
Does it? I’m not sure I see a material difference, but maybe it’s because I
know the context of US government snooping.

~~~
throwaway_pdp09
There's no material difference but a huge one in presentation, and also in
detail: the second says _what_ , the first says _how_.

------
golem14
This video:
[https://www.youtube.com/watch?v=TY6m6fS8bxU](https://www.youtube.com/watch?v=TY6m6fS8bxU)
about the "meshtastic" project is quite interesting. It allows communication
via spread spectrum LORA, which seems pretty hard to intercept.

Ironically, to use it, you currently need to pair the device with a smart
phone, but that's not essential.

Edit: [https://www.meshtastic.org/](https://www.meshtastic.org/)

------
miles
Will one of the moderators please change this title to its original "New US
Bill would require makers of encrypted devices to leave a backdoor"? The
current title ("Senators propose lawful access to encrypted data") is much
less clear.

------
mewse-hn
Should read "Senators propose weak encryption"

------
varispeed
When this happens people still will be able to transmit encrypted end to end
messages, just they will have to encrypt them themselves off platform. I
wonder how quickly this is going to be illegal and when algorithms to conceal
true message in a regular text that makes sense will be more widely available.
We are getting closer to thoughtcrime being a thing

------
shiado
If they can indict Assange for hacking conspiracy for a theoretical ability to
crack a hash of a password with an unknown and possibly infeasible number of
bits of entropy, the only lawful right the US government should have to
encrypted data is the infeasible suggestion that cracking properly used secure
cryptographic primitives is possible.

------
tankenmate
The one thing I haven't seen mentioned here is one of the motes that stopped
all this in the 90s, open source. And of course the only way to stop open
source is to have devices that can't run whatever the user wants.

------
scarface74
So today is HN thinking “we trust the government to regulate tech” or “we
don’t trust government to regulate tech”?

------
smeeth
I'm conflicted.

On one hand, I don't believe citizens should have the ability to protect
communications (or anything, really) from a lawful warrant. It is obvious that
the right to privacy is not a right to perfect forward secrecy. If there is a
tool that achieves this I'm not convinced it should be legal to use.

On the other hand I trip up over the whole "lawful warrant" thing because of
the long history of abuse.

Someone smarter than me should tell me what to think.

~~~
djoldman
> I don't believe citizens should have the ability to protect communications
> (or anything, really) from a lawful warrant.

Supposing there was a method to read thoughts or memories without physical
contact, would you allow police to do so as long as they had a warrant?

edit: typo

~~~
smeeth
Interesting question. I think this would probably be protected against by the
fifth amendment, would it not?

~~~
dane-pgp
What if the communication were stored on a digital device, embedded in a
person's skull, which they were able to interface their brain with?

That may sound like an unrealistic scenario, but there are already people with
medical implants that record digital data, and there has been a case of using
Fitbit data to help convict someone:

[https://www.nytimes.com/2018/10/03/us/fitbit-murder-
arrest.h...](https://www.nytimes.com/2018/10/03/us/fitbit-murder-arrest.html)

