Hacker News new | past | comments | ask | show | jobs | submit login
Why Are We Fighting the Crypto Wars Again? (medium.com)
238 points by steven on Mar 11, 2016 | hide | past | web | favorite | 86 comments



The premise of the crypto wars are that we don't really have a right to encryption.

Shouldn't we stop pussyfooting around this issue and instead demand that encryption is a fundamental right just as freedom of speech is a fundamental right?

Since everything we say and do today involves computers and the Internet, we can't have free speech, privacy, liberty, or personal security without encryption.

We should assert that right. We should have the right to use encryption for our communications and to secure our documents at rest, and never be compelled to reveal a key or passphrase. Doesn't this sound like something that would have been in the Bill of Rights if it were written today?

We can still mention all the other reasons why encryption is good and beneficial, but always starting our conversations with the words: encryption is a fundamental right.


Yes, we should assert that right. And there is no reason not to go after a constitutional amendment to clarify the right. It should not be necessary, I believe it is already covered. But the equal rights amendment should not have been necessary, either. In fact, the federalists thought the bill of rights was unnecessary. It was the Anti-Federalists that drove the first 10 Amendments.


I agree with your main point, but the equal rights amendment was never passed. Due to the broadening of interpretation of the fourteenth amendment over time, it has not been necessary.


The right to encryption falls under Article 19 of The Universal Declaration of Human Rights:

"Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."


That's not clear enough. I agree that you can't have those things without private communication but not everyone does.


But why does that private communication have to be digital? Does "it would be really annoying not to have this" rise to the level of a fundamental right?

Does this right to expression apply to data at rest?


This way of approaching human rights as a set of legalistic technicalities nauseates me.


The widespread dragnet of data collection currently used is a clear violation of the 4th Amendment of the Bill of Rights.

> "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

This should be amended to include data but from a legal standpoint it should stand that information/communications that are stored/accessed locally on a personal computer fall under 'effects'.

Backdooring into your computer without prior authorization and/or the justification backed by a warrant is illegal and a violation of the rights of US citizens.


This also falls under Section 2 of the Charter of Rights and Freedoms of Canada: https://en.wikipedia.org/wiki/Canadian_Charter_of_Rights_and...


It appears to be more about being allowed to communicate, than being allowed to do so privately.


Is there some restriction on what language in which you're allowed to communicate? Encryption is just a language.

To say I don't have a right to use encryption is to say I don't have a right to speak things that other can't understand. And I see: it's not my fault you don't understand.

If you want access to encrypted information, break the encryption. Outsmart me. Don't make it illegal for me to outsmart you.


The line of reasoning, is, IMO:

You have the right to communicate freely -> encryption is just a form of (ostensibly garbled) communication -> you have the right to use encryption freely.

Nothing in that clause says the communication must be understandable or even interpretable by all people.


You could argue that freedom to communicate covers the use of encryption. If encryption was outlawed however, it wouldn't be the right for individuals to use it that would be outlawed, it would be the right for companies to sell products with strong encryption, or to do so without backdoors. That in turn would deny many the use of crypto, but it would not deny them the freedom to communicate.

I don't think outlawing maths or outlawing companies from making an iPhone that they themselves can't break into is even remotely possible. The conclusion from that is that what we have can't really be a war on crypto, it must simply be the noise of people who realized they already lost.


As far as international rights go, but what happens if this is in conflict with federal law?


Fundamental rights are not a whitelist of approved behaviours. Just because there's no official document sitting in archive saying we have the right to encryption doesn't mean it's not a fundamental right.


Amendment 9 - Ratified 12/15/1791.

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.


It means that right is protected by law. That is a whitelist.


In the US its always been a contentious issue - are human rights limited to a list? We have a bill that enumerates some of them. Its very creation was seen as a problem by some, since that would imply no others exist. And that's what's happened through history.

Freedom of the press and of speech should have been extended to electronic communications. But they have, so far, not been.


If we frame this as a right to privacy, we already have a lot lof legal precedent. Roe v. Wade comes readily to mind.


The right exists.. It's called the "right to private corespondence. There was discussion about putting it into the first amendment, but it never happened.


    > demand that encryption is a fundamental right just as
    > freedom of speech is a fundamental right
Is it though? Most human rights prevent law enforcement from random trespass in to your home to look through your things, which is arguably a human right too. But these are specifically overruled by a warrant.

Why should the content of your electronic data be more protected than the content of the paperwork (bank records, health records, etc) in your home?


Not sure if you're open to hearing an answer to your "why should" question, which may have been rhetorical.

The electronic data is a lot richer and more personal than just documents. It's more like an extension of your brain, than an extension of your home.

It also features live incoming personal and private data from friends, family, and other contacts who may be put in danger if their information (location, for example) is exposed to unsavory people. (Note, governments can and do sometimes have unsavory people working alongside the good people.)

To the extent that encryption protects all this information, yes it should be considered as much a right as the right to have private thoughts, which seems to be fairly widely accepted.


It certainly does. Whether or not that's a substantial enough difference is going to be one for the courts - I note in the US that cops can't search your phone (but can search your wallet) on a routine stop for exactly the reasons you outline.

I guess my point was that it doesn't seem prima facie to me that your electronic data is more privileged than your non-electronic data is all, and your non-electronic data is certainly subject to warrant


The use of a warrant and the use of encryption should be completely orthogonal. It has nothing to do with "privilege" of electronic information. It's simply about the format in which information is stored.


Except that using encryption can directly affect the ability to execute the warrant, similarly to how you would use a shredder on physical documents.

The files are in a state which is extremely difficult to work with, for the express purpose of preventing their access even with a warrant. Is that obstruction of justice? It would be with a shredder or a safe wired to burn papers if forced open.


Is there another example where math has been made illegal?


Yup, whenever it threatens the power of the priesthood / bureaucracy. The Roman Catholic Inquisition condemning Galileo for heliocentrism comes to mind.


Recently I heard that this was more based on /how/ he went about talking about it, more than just that he claimed it.


Freedom of speech isn't the freedom to commit criminal acts, though.

In a very real sense, crypto is such a freedom.

I don't think that's something that governments can accept, in the long term.


It is also the freedom not to have your bank account looted. Or are you also planning to give up things like online banking?

The reality is the more you pass the keys to this sort of thing around the greater the risks.

EDIT:

Since I'm rate limited...

You do realize the Freedom of Speech was literally created to enable political dissent that used to involve criminal acts?

http://www.lectlaw.com/files/con01.htm

> The inhabitants of the North American colonies did not have a legal right to express opposition to the British government that ruled them. Nonetheless, throughout the late 1700s, these early Americans did voice their discontent with the Crown. For example, they strongly denounced the British parliament's enactment of a series of taxes to pay off a large national debt that England had incurred in its Seven Years War with France. In newspaper articles, pamphlets and through boycotts, the colonists raised what would become their battle cry: "No taxation without representation!" And in 1773, the people of the Massachusetts Bay Colony demonstrated their outrage at the tax on tea in a dramatic act of civil disobedience: the Boston Tea Party.

> The colonies' most celebrated seditious libel prosecution was that of John Peter Zenger in 1735. Zenger, publisher of the 'New York Weekly Journal', had printed a series of scathing criticisms of New York's colonial governor. Although the law was against Zenger, a jury found him not guilty -- in effect, nullifying the law and expressing both the jurors' contempt for British rule and their support for a free and unfettered press. After Zenger's acquittal, the British authorities abandoned seditious libel prosecutions in the colonies, having concluded that such prosecutions were no longer an effective tool of repression.


>You do realize the Freedom of Speech was literally created to enable political dissent that used to involve criminal acts?

key word: used to.

The people, via the vehicle of the government, collectively decided to make those acts legal, thus giving people the freedom to commit legal, non-criminal acts of speech, which were 1. legal, and 2. not illegal.

It is trivially easy for anyone not emotionally invested in failing to understand it, to understand how this is different from giving people the freedom to commit acts that everybody agrees are illegal, should be illegal, and should stay illegal, just because apple has figured out how to engineer a product 100% immune to government scrutiny.


> It is trivially easy for anyone not emotionally invested in failing to understand it, to understand how this is different from giving people the freedom to commit acts that everybody agrees are illegal, should be illegal, and should stay illegal, just because apple has figured out how to engineer a product 100% immune to government scrutiny.

I could have, and did have, devices 100% immune to government scrutiny before the iPhone existed. So, you go ahead and believe that if you want. It isn't true in any real sense beyond popular history that isn't rooted in reality.

Similarly, encryption doesn't give you the ability to commit those acts. I have the ability to commit those acts without encryption. Your logic can be used to ban everything from guns to crowbars to cars.

You can't simply ban tools because you feel people use them criminally. That works literally 0 times because the criminals are simply going to keep using the tools anyway.

> The people, via the vehicle of the government, collectively decided to make those acts legal, thus giving people the freedom to commit legal, non-criminal acts of speech, which were 1. legal, and 2. not illegal.

Yes. That doesn't change the principle was based upon the right to rebel via speech against the Government. That principle hasn't changed since the founding. Removing the ability to communicate privately removes the ability to dissent privately.

You are a very short term thinker and operate under the assumption it'll be used solely in truly important and critical criminal investigations. That is not the case historically with this sort of power. This power also provides you with essentially nothing in return for giving up that ability to act privately.

France had the power to stop the terrorist attacks and has everything the people in power in the US ask for, they failed [despite being warned by a friendly government about some of the attackers].

What exactly do you expect to get out of this?


Nothing you've said is an argument against anything that I said.

If you think that it is, then you think I've said something I haven't said.


Substituting a straw man doesn't undercut parent's point.

Right to true encryption is tantamount to right to perfect privacy, including privacy for committing crimes. This has been the current situation if true crypto was properly used for a while but we seem to be moving into a world beyond that - where such crypto is available to anyone who purchases a mobile phone and configures a few options.

I believe (and I would assume you do to) that widespread encryption is the preferable choice over key escrow, but let's not pretend that ready accessible consumer hard encryption doesn't fundamentally alter the balance between government and its citizens (including in some morally questionable ways).


> I believe (and I would assume you do to) that widespread encryption is the preferable choice over key escrow, but let's not pretend that ready accessible consumer hard encryption doesn't fundamentally alter the balance between government and its citizens (including in some morally questionable ways).

It has existed for centuries. Ease of access isn't some magical balance of power altering problem.

People can break encryption through various attacks [Keyloggers, observing people entering their keycodes, etc]. The government should have to go that route too, just like they do to break into literally everything else. They hire a professional.

Encryption isn't some magical shield and is breakable without attacking it directly.

http://www.wired.com/2012/11/ff-the-manuscript/

> For more than 260 years, the contents of that page—and the details of this ritual—remained a secret. They were hidden in a coded manuscript, one of thousands produced by secret societies in the 18th and 19th centuries. At the peak of their power, these clandestine organizations, most notably the Freemasons, had hundreds of thousands of adherents, from colonial New York to imperial St. Petersburg. Dismissed today as fodder for conspiracy theorists and History Channel specials, they once served an important purpose: Their lodges were safe houses where freethinkers could explore everything from the laws of physics to the rights of man to the nature of God, all hidden from the oppressive, authoritarian eyes of church and state. But largely because they were so secretive, little is known about most of these organizations. Membership in all but the biggest died out over a century ago, and many of their encrypted texts have remained uncracked, dismissed by historians as impenetrable novelties.


> Ease of access isn't some magical balance of power altering problem. [...] People can break encryption through various attacks [Keyloggers, observing people entering their keycodes, etc].

This is where we disagree. What you've enumerated are attacks of convenience against a cryptographic implementation, not cryptography itself. And this is exactly what ease of access dramatically shifts.

The real twist isn't that Apple is suddenly providing quality encryption. We've had unbreakable encryption since the first one-time pad. IMHO, the FBI et al. didn't care because a statistically relevant number of people didn't use it. The twist is that Apple suddenly packaged that up into a consumer device with a quality implementation and all the hard details handled. And the FBI et al. do care because a very statistically relevant number of people use iPhones.

So yes, ease of access is a balance altering change. Because really, I don't think the government cares if hard encryption exists: it cares if lots of people use it.


> What you've enumerated are attacks of convenience against a cryptographic implementation

That is how you break into vaults, fyi.

https://www.youtube.com/watch?v=qw_4HQMS-pk


The difference is that it's impossible to make a perfectly secure vault (correct me if I'm wrong). But... physics.

You can encrypt something that will need hypothetical quantum computers / processing until the heat death of the universe to decrypt without the key.


You can make a vault that destroys the contents and is perfectly secure except for the implementation. That is basically the iPhone "problem" the FBI are complaining about.

http://www.telegraph.co.uk/news/uknews/defence/8017041/MI6-Q...

> When forty spectators assembled for an outdoor trial, they reported that the safe seemed to be “on the point of explosion” and the gas issuing out of holes in the bottom of the safe meant it was “lifted some inches off the ground” forcing observes to retire to a “place of safety behind the building.”

Nothing really prevents you from having a safe that after N failed attempts from destroying the contents with explosives.


> Nothing really prevents you from having a safe that after N failed attempts from destroying the contents with explosives.

I would hope that a number of laws prohibit my carrying on my person a small safe filled with explosives and a known-effective trigger. Hypothetically, we could create such a safe.

Practically, however, we could not create one that would be as easily and broadly used as an iPhone. Therefore, the nature of the social question presented by a perfectly secure (for all intents and purposes, or at least a future iteration that is) mass market device is fairly novel.


We will fight this battle over and over every few years until we lose, just like every battle for our civil rights.


This may be an unpopular take but I think it has some merit.

Cryptography is not the answer to surveillance. It has its place but that place is not to keep everyone's data secret _and_ irretrievable as plaintext except by its holder (never mind owner), if they retain the key.

The answer will be legal and political.

I cannot see the endgame where all data is forever gone, with the exception where people proactively plaintext their data for future generations.

Let's say instead of iPhone contacts or chat conversations we begin keeping tax records, transactions, commerce, etc. secret, except for the person or entity encrypting the data (who may or may not be the owner). What if the heirs need that data or third parties, lawfully? What about discovery in court cases? What if someone comes up with malware which encrypts your data and you have no backup?

How do we reconcile wanting data to be available (free) with also wanting everything encrypted for posteriority --do we just forgo that treasure trove of data?

I'm not saying don't encrypt on transmission, or even at rest, simply (or complicatedly) that we have a way to data once it's lawfully determined it can be should be made available to second and third parties, including the public.


"What if the heirs need that data or third parties, lawfully?"

Law states that banks have to give a notice to heirs when the original owner dies.

"What about discovery in court cases? What if someone comes up with malware which encrypts your data and you have no backup?"

Then you lose all your data. How is that a problem? You ask the bank-government for new credentials. And you learn to make copies for the next time. Not the end of the world.

It's not really that different from loosing your keys, maybe you will have to destroy your old lock and buy a new one.


I'm not sure I understand your point. Without encryption, legal and political constructs protecting privacy are nigh unenforceable.

Similarly, most records of importance to my heirs or a court case aren't solely held by me. Purchases are recorded by at least myself and the vendor, potentially with an intermediary like my CC or bank.

My tax records are retained by both myself and the IRS. In the case of a gov't case against me, they have those records. In the case of heirs needing access, they can petition the government if I failed to provide other access for some reason.

The malware example, this already happens. It can happen with or without cryptography being legal or pervasive.

> How do we reconcile wanting data to be available (free) with also wanting everything encrypted for posteriority --do we just forgo that treasure trove of data?

Who wants everything encrypted? I cannot think of a single person that's not at a very extreme ideological position that would argue for that.


> ...simply (or complicatedly) that we have a way to data once it's lawfully determined it can be should be made available to second and third parties, including the public.

Fine, you show me a way we can do that that does not necessarily entail that the "bad guys" (which explicitly includes law enforcement, unless and until its aims shift from "winning cases" to the actual pursuit of, you know, "justice") can access it, too, and maybe we can meaningfully have that discussion.

But, as long as my choices are "keeping everyone out" or "risking the bad guys getting in," I don't see much difficulty in picking my camp.


That's the big problem. How do we address that? Basically society has to grow up. People and organizations and government will have to learn how to "respect" what's marked off, unless as defined by law, others have access to that data (access to which was available in the analog world -but which does not always match up 1:1 digitally).

It basically amounts to the same "respect" we observe when we don't break through people's windows (even though it's trivial) or how "super users" don't [typically] abuse personal data at companies, etc.


I don't see irretrievable data as being significantly different than data that never existed to begin with, the only real difference is the belief that something valuable is hidden behind encryption. If and until the encrypted data is made plain, there's no telling what it contains, it could be tax records, transactions, commerce, or it could be a copy of the 1987 American action comedy film "Ishtar".

In the case of tax records (and ignoring that government would have a copy of said records), consider a dispute with the government who claims that a deceased person didn't pay taxes while the heirs claim taxes were paid (obviously a contrived example). If the "proof" is unavailable because the deceased encrypted it, then the result is the same as if the encrypted data never existed. The heirs could say that any random noise is encrypted data that provides proof of payment, but without any way to decrypt (and, arguably, to authenticate it) that random noise into actionable data, any claims the encrypted data contains the necessary "proof" is meaningless.

In other words, it's not the fault of encryption that the heirs have to deal with this beef from the government, but rather the fault of the deceased who encrypted things valuable to the heirs without a way for the heirs to access it (via sharing a key or explicit, chosen key escrow with a third party, etc). We like to say the answer will be legal and political, and it definitely has legal and political influences and impact, but given that the encryption is unbreakable, or the value of the dispute isn't worth the effort to undertake breaking it, we won't be able to legislate math to, uh, "not work".

Even if the government is the trusted entity of last resort and maintains a "legal" way to access encrypted content, there's nothing stopping the deceased in the above contrived example to have encrypted it using an unsanctioned algorithm or not have shared the key with the government, or whathaveyou. Then they die. Not only is the data inaccessible, but the responsible party is dead, and unable to have legal retribution rendered unto them for breaking the law. In this respect, the data is just as good as not having ever existed (which may very well have been the reason the now deceased encrypted it in the first place).


I understand your point. Mine is that if it were to become ubiquitous as Apple and others foresee it, it won't be just a few people or the paranoid or the ones who want things to remain hidden, but it will also encompass all the others who had no intention to keep things from others.

As personal computing continues the migration towards mobile devices and away from PCs, most people's personal data will be on systems where there is no way to get around a lost key. I'm actually interested to see how Apple plans to manage the accidental lockouts and data destruction when all of a person's information is on their mobile computing devices.

There won't be any "oh, let me take it to the Genius Bar" solution.


Totally agree. Encrypting data then discard the key is no different than burning the data in physical media in the old days.


Thats a fine argument for why you might choose to make your data available. But the question is whether the government shall limit by force my ability to use, or contract with another private party to provide me with non-backdoored encryption.

If you want data available for posterity or for your heirs, you should be able to make it so. Why compel me to do the same if I don't want those things?


Because the trend is for it to become ubiquitous, the standard.

We have enough issues with backward compatibility with old antiquated data formats. Imagine the scenario ten years from now when someone wants to look through historic documents and there is no way to retrieve them.

People do not make good contingency plans. Life events. Now data will go with people to their graves. No way to recover it.

Grandma had you videos and pictures on her mobile computing device, we have no way to get them back....


People do not make good contingency plans. Life events. Now data will go with people to their graves. No way to recover it.

So this is no different than data that goes to people's graves that isn't encrypted. People never made good contingency plans, they don't make good contingency plans, and they will continue to not make good contingency plans. The availability of encryption doesn't change that.

Grandma had you videos and pictures on her mobile computing device, we have no way to get them back....

"Think of the grandmas!"


Agreed, but I really feel like this time, the public vaguely understands and has more of a stake in it than before. Now, keep in mind, this is just as important to the day-to-day user as it was in the cypherpunk days, but now, everyone has a device in their hands that they can touch, and know is related to this. The public knows how precious its data is, now.

The last time this fight occurred... the last two times this fight occurred, actually, no one in the public had any clue what we were all talking about.


> ... no one in the public had any clue what we were all talking about.

Unfortunately, most of them still don't.

You're right that "everyone has a device in their hands that they can touch, and know is related to this" but most of them still don't understand the significance of it -- if they are even aware of it at all!

My girlfriend is, I think, fairly representative of the "younger generation", for example. She's 21, not really that "techy" (despite having an iPad and iPhone), and is constantly using Facebook, Snapchat, and probably a handful of other apps that I've never even heard of. The first she became aware of any of this was after Tim Cook's "A Message to Our Customers". That evening, she was sitting on the couch on her phone and asked me, "Did you see this message thing from Apple?" My initial response was, "How did you hear about it?". "It's all over Facebook."

She knows, now, that it's an important issue to me. I've explained it to her as much as she cared to listen and she's seen and asked about the multitude of EFF stickers on my laptops (after seeing someone on TV with some of the same stickers).

She doesn't really care that much, though, and, as far as I know, pretty much none of her friends (all within a couple years of her age) do either. As long as they get what they want, they're content.

It doesn't affect them directly and so it gets none of their attention. Most of them have other, more important (to them) things that do affect them directly and, because of that, are much more relevant to their daily lives.


> I really feel like this time, the public vaguely > understands and has more of a stake in it than before.

Black people are literally shot dead, on camera, for no reason by the police and no-one gives a shit. People (mostly, but not exclusively, black ones) have their lives effectively ended by drug policy - policy that's only now being tweaked around the edges with limited leniency towards users of 1 specific drug. You seriously think there'll be any meaningful, effective outcry when encryption is banned?

Suck it up; it's coming. I reckon a)4 years, b) the next big terrorist attack to hit a major western country or c) any attack to hit any country where encryption provides any protection at all to the alleged attackers, whichever comes first.


An interesting thing about this is that successfully organizing in any fashion (violent or peaceful) against something like police shooting people for no damn reason pretty much requires encryption. So encryption is needed to effectively fight... well... anything that the government is doing.

I'll continue using open source software(developed out of the US if necessary) that uses proper encryption with no known backdoors and hope that is good enough.


> just like every battle for our civil rights

Eh. Only if you look at the past 15 years perhaps. But I think over the past 60 years it's been quite the opposite. We fought for civil liberties until we won, for the most part.


Very much agreed. If you look back even further, the past 500 years, what you will see is the systematic expansion of rights and freedom.


Claiming that history is a progression of civil rights losses is a monumentally myopic statement. Recent tumultuous fights over the application and scope of law as it comes to new technology is not an indication of the trend. Human rights and freedoms have progressed hugely in the past centuries.


I think the parent post was meant more in terms of decades than centuries.


Or until we win, since there's no point assuming the worst for everyone involving rights and democracy. Given it a few decades, and all the people who hate on encryption and rights (most of whom seem to be fairly old and out of touch) will be gone.


The desire of others to stick their nose in your business will never go away. Long term, you can't argue with math, and the busybodies will lose on encryption. But as a smart man said in a different context, in the long run we're all dead, so fighting now is important for those of us who care about our privacy now.

The other important point is that since the 90s, the snoops have been getting steadily better in spite of crypto becoming more widely used. Or at least that's true of the NSA; in the Apple case, it seems to me that the FBI is saying that they suck at tradecraft. Whether or not that's true is a different question.


There's one solution to the latter. Shut down the agencies. Then distribute whatever systems they've been working on so they can be defended against.

It'd be unpopular for some (imagine if a more liberal party actually shut down the NSA or GCHQ, and then open sourced everything), but it'd certainly make an impact.


Good fences make good neighbors, and encryption is the only way to reliably create barriers around data and devices. Encryption deserves to be every bit as normalized as other social technologies like private property or personal space. http://www.meltingasphalt.com/border-stories/


OT: The point of that poem was that they were not good neighbors. The neighbor is indifferent to the narrator except in expressing that sentiment and in the task of building a wall between them.

EDIT:

Poem text, "Mending Wall" by Robert Frost, for those not familiar with it:

https://www.poets.org/poetsorg/poem/mending-wall


That's correct. But in this case the indifferent neighbor who insisted on putting up walls and gates was an overreaching federal government.

Now they want to be able to ignore the boundaries when it suits them. They naturally will be encrypting their own data.

John Perry Barlow:

"Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

"We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.

"Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.

"You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions.

"You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don't exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.

"Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.

"We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.

"We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.

"Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.

"Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest, and the commonweal, our governance will emerge. Our identities may be distributed across many of your jurisdictions. The only law that all our constituent cultures would generally recognize is the Golden Rule. We hope we will be able to build our particular solutions on that basis. But we cannot accept the solutions you are attempting to impose.

"In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.

"You are terrified of your own children, since they are natives in a world where you will always be immigrants. Because you fear them, you entrust your bureaucracies with the parental responsibilities you are too cowardly to confront yourselves. In our world, all the sentiments and expressions of humanity, from the debasing to the angelic, are parts of a seamless whole, the global conversation of bits. We cannot separate the air that chokes from the air upon which wings beat.

"In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media.

"Your increasingly obsolete information industries would perpetuate themselves by proposing laws, in America and elsewhere, that claim to own speech itself throughout the world. These laws would declare ideas to be another industrial product, no more noble than pig iron. In our world, whatever the human mind may create can be reproduced and distributed infinitely at no cost. The global conveyance of thought no longer requires your factories to accomplish.

"These increasingly hostile and colonial measures place us in the same position as those previous lovers of freedom and self-determination who had to reject the authorities of distant, uninformed powers. We must declare our virtual selves immune to your sovereignty, even as we continue to consent to your rule over our bodies. We will spread ourselves across the Planet so that no one can arrest our thoughts.

"We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before.

Davos, Switzerland February 8, 1996"


It consistently entertains me how Robert Frost was able to become one of the most quoted people of all time by getting people to quote the opposite of the meaning of his poems, just like "The Road Not Taken." Of course, this proverb is older than his application and was meant to be taken literally, but this illustrates something fundamentally important to poetry and any metaphorical language, which is that it can be interpreted in more ways than there are interpreters. It can be used to justify anything at all because of the loose connection between concept and reality.

"Border Stories" here seems to be a perfect example of the misuse of metaphor which is so rampant in modern political arguments. The argument is interesting and intelligent, but it seems unable to follow its own premise to its conclusion, that a healthy border of skepticism is necessary to maintain healthy ideas.

The flaw I see is that skepticism needs to be applied more rigorously to internally generated arguments than external ones. External arguments are naturally put into questionable territory unless they come from a trusted source. But we're biased to follow our own internal arguments because the process that led to their formation has already passed our internal filters.

I think the author is on to something when it comes to the origin of xenophobia, but connecting health to the origin doesn't necessarily mean that the conditions that created it are relevant to any specific implementation of the idea, particularly modern nation-states. Understanding how borders affect people requires a more detailed analysis of power dynamics. Otherwise, there's no real evidence that this metaphor would be beneficial to implement for the reasons stated.

At least since the Monroe Doctrine, the US has considered the entire Western Hemisphere to be its sphere of influence. You could of course argue that this has extended to the entire Eastern Hemisphere as well. There are few borders that limit the reach of US agencies which focus on exerting control on foreign nations. From the perspective of a collection of powers which aspire to hegemony, the borders which exist aren't meant to allow mutual self-development by various nations but to facilitate control by the dominant power. The stronger the borders are, the more effectively this power can be exerted in a "Divide and Conquer" strategy.

But there's a cost to applying pressure, and the more strongly this pressure is applied, the stronger the response becomes. As people lose their power, their desire to retaliate grows. If the border from their perspective only increases foreign influence and control on their lives, it doesn't make any kind of good neighbors, only disempowered and angry ones ready to fight back.


We're fighting 'the crypto wars' again because we've become complacent and content in the belief that a few experts have solved everything for us by providing a few systems. We didn't bother to fight before, we sat back and got lazy.

It's not a tech thing, cryptography has been in use since before the Roman Empire. But in recent decades, everyone only speaks of it in terms of tech. And we assume only a few tech wizards are smart enough to make it work.

For years, the standard line has been "never write your own crypto, use something written by the experts". So only a few algorithms are actually in use. That makes them big high-value targets. But almost everything that the experts have written or recommended has been backdoored, rainbow tabled, compromised, or worked around, and what hasn't, the government can demand to be broken.

Most websites used to store passwords as MD5 hashes (if not plaintext) because that was the standard recommendation. Minor changes in hardware to lead to rainbow tables that rendered that world-wide obsolete instantaneously for everyone. That was a mess. But what if only one site had used MD5? Even if it had been worth attacking, the results wouldn't have been nearly as bad. Flash was present in 98% of browsers, which made it a huge target for crackers, with constant zero-day exploits. It is now on life support and we know that we don't want something like that again. Something that everyone uses is an easy and valuable target.

Perhaps we should flip conventional wisdom on its head and go back to writing our own crypto. Maybe layer it with the stuff from the experts, so they can cover our weaknesses, but probably best not to trust them entirely. If there were thousands or millions of different crypto algorithms in use instead of just a few, they might not individually be stronger, but collectively, it would be harder to attack them. Mix that with steganography and codes, and the possibilities could be exponentially greater than if everyone is just using plaintext passed through the same standard government-approved cipher.

We need to be less lazy.


Because the government correctly perceives unbreakable crypto as an assault on its sovereignty.

Sovereignty is the principle that the government can do whatever it decides to do. Stuff like the 10A doesn't infringe on sovereignty because that's the government itself deciding that it shouldn't do certain things. Like if the goverment decided to, it could kick your door in, find your private diary, and read everything you've written in it. Our government has regulations moderating the use of that power, because it has decided that in most circumstances it shouldn't do that. But if the government has good reason to suspect that you're using your diary to, say, make plans for murdering people? Then the government can go right ahead and break your door down and read your diary and see if you're doing that.

(unbreakable) Crypto is different. Crypto is an infinitely high, infinitely deep wall around your house that the government can never breach, no matter how justified the government decides it is in breaching that wall. Crypto is the government sending combined might of the entire US army, navy, air force, and national guard to breach your wall, and failing. Are you within your wall engaging in acts of political speech? The government cannot stop you. Are you within your wall raping your child slaves? The government cannot stop you. Are you within your wall building a nuclear weapon that you plan to use to blow up everyone outside your wall? The government cannot stop you.

Within the cryptographic envelope, government can't govern. This isn't something the government can tolerate, because governments that can't govern aren't governments, they're just a bunch of people with opinions. So yes, the government will continue to fight these battles, because for the government these battles are an existential concern.


PKI is a silver bullet.

The weakness of the chain are human beings. For the same reasons the young coders are still making SQL injections, people keep bad practices for security.

Our human brain cannot store too much stress and secrets. So every human make shortcuts.

They forgot to check public keys and identity during key signing parties or accept to put in their ring of trusts people refusing to justify their identities.

PKI à la PGP like bitcoin is weak to local majority attack.

And human are still the weak point. Just target the vulnerable to take down the ring of trust.

Information technology requires better education. Not more expertise. Just the basics.


"Our human brain cannot store too much stress and secrets. So every human make shortcuts."

Well put. Russians used to say some of the best info came from just before or after a secure phone went encrypted. People couldn't let themselves wait or double-check even that much.

Economics and productivity do even more damage. People griped that B3/A1 secure systems didnt have development pace or features for price paid vs insecure competition. Plus insecure did lock-in nicely. Result: almost no investment into secure alternatives to crud we're locked into.

Defence, Comp Sci, and what's left of high assurance commercial are still cranking out useful stuff at least.


Personally, I have avoided technology products built in US because there's a chance they might be backdoored. I'm sure others have done the same.


How do you reconcile that with the fact most electronic components are made in China? To me the odds of something coming out of China being backdoored are a lot higher than well...anywhere else. Where do you get your gear?


Truthfully the truly privacy conscious are going to have to start joining the open hardware + open software movement.

Edit: AFAIK it isn't yet established enough to setup a full range of your average first world consumer's products though.


The Chinese don't send drones to kill people in other countries. At least not yet.


So you trust China not to backdoor their products?


Because the ratchet hasn't 'clicked' yet. So if this round gets won by the good guys you can certainly expect another one.


Here's the thing on this - I think this will be ultimately what happens too. Apple will likely proceed to build future iPhones with extreme privacy in mind and eventually reach a point where they have a product they have prepared that once it reaches consumer hands, it has few if any backdoors (yes even current iPhones do to some extent) once the device 'pairs' with their identity and they consciously encrypt it using open source standards - it's on the consumer to comply with any government warrants, not the manufacturer. (also it wouldnt hurt if they dreamt up something a little less err 'logical' than a 4-6 digit passcode as a fallback that can be brute forced with enough attempts) I don't doubt apple will spend a lot of money, time, and resources fighting this over the next few years and will probably be muscled into opening the San Bernardino shooter's phone along with any currently available iPhones.


Some day, only governments and criminals will have access to strong encryption.


And the difference is..?


Government has a lot of paperwork.


Just like guns.


Bitcoin and other forms of non-standard currency depend on crypto.

1. The central banking system feels threatened by competition.

2. Government is afraid that people will use it to launder funds and dodge taxes.

3. Law enforcement, Homeland Security, and the NSA are afraid of losing the ability to effectively search and seize electronic assets; despite the fact that their current practices are a clear violation of the 4th Amendment.


If you care about this and are an American citizen, please consider signing the apple-privacy-petition: https://petitions.whitehouse.gov/petition/apple-privacy-peti...


Why do people still make these things?


Forcing Apple to exploit a backdoor they created in an existing product is qualitatively different from forcing them to create and include a backdoor in new products, and claiming the two are equal is dishonest.

The former places no constraints on what products anyone is allowed to make and sell.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: