Hacker News new | past | comments | ask | show | jobs | submit login
The Next Front in the New Crypto Wars: WhatsApp (eff.org)
318 points by panarky on Mar 13, 2016 | hide | past | web | favorite | 207 comments

If the government wins any of these court battles, it's only a matter of time until one-way encryption is outlawed. It follows logically that if criminals/terrorists can't use iPhones to securely communicate, then they'll just move on to the next convenient encryption app. The government will continue to order companies to break their one-way encryption until the government realizes they're playing musical chairs and then they'll issue an executive order to ban one-way encryption outright. The precedent allowing them to do so, will be all of these initial court battles vs Apple, whatsapp, and whoever else gets defeated. In the wake of these events regular people, like you and me, will be harmed by hackers and commercial companies exploiting this new world without one-way encryption.

FBI Director James Comey already went before Congress and was rejected. I'd say the possibility of him succeeding in the future is even lower, given the way this case has played out. He effectively tried to make an end-run around the legislature by going through the courts with an extremely old law. The powers in Congress did not appreciate this at all and had a lot of very pointed questions for him at his last hearing before the House Judiciary Committee[0].

[0] http://qz.com/628745/i-have-no-idea-the-fbi-director-at-the-...

What are we to make of these sorts of comments from Obama and Feinstein? It seems like there is strong backing by certain political interests to make it impossible for the average phone user to encrypt their own devices in such a way that the providers cannot access certain data. This dove-tails nicely with what some consider a war on general computing...



The Obama Administration simply will not throw their own (the FBI) under the bus. Fortunately for us the Democrats do not control congress so Obama is unlikely to get his wish here.

The Republicans aren't necessarily better, but they are anti-Obama which helps on this issue.

Not really. The Republicans were for pervasive surveillance and for the national security state for a long time before Obama, and they remain that way now. They may use details of the present controversy to take partisan political shots at the Obama Administration, but, as a party, there's probably more support for government power in this area in the Republican Party than in the Democratic Party.

Not all the Republicans. Cruz has actively opposed the surveillance state:


I was talking the parties as parties (and, particular, as parties-in-government rather than parties-in-the-electorate). But id be cautious about drawing conclusions about Cruz: he is a first term Senator who has spent his whole time in office in the Congressional majority with the opposing party in the White House -- members of either party seem more opposed to the surveillance state (and expansive executive powers generally) when they are in the legislative majority and the other party controls the executive.

That's even true, though perhaps less so, without the legislative majority. A lot of Democrats who don't look like solid opponents of surveillance now would if you considered only their relationship cord during the George W. Bush administration.

He's an outlier, if not an extremist (seen from the standpoint of the average Republican politician).

Cruz is 2nd in the polls behind Trump. Obviously quite a few Republicans support him.

Aren't you confusing republican politicians with republican voters here?

Anti-Obama and (for I'd assume a good number) anti-encryption (in the form of pro-FBI)

Might not be a popular opinion but i think the US is always at its best when its divided. Given current political situation, nothing getting passed is preferable to all alternatives.

Nor is Obama's position that of the larger Democrat party.

> FBI Director James Comey already went before Congress and was rejected. I'd say the possibility of him succeeding in the future is even lower, given the way this case has played out.

All it will take is a large-scale "terrorist attack". That event will be exploited to the hilt the same way 9/11 was.

Anyone have any insights into why the commonly used guns argument is not good enough for encryption? If we ban guns(encryption), only the criminals will have it.

The only thing I can think of is that the majority of people who advocate for encryption are anti-gun, and don't want to give strength to that argument?

The recent issues over encryption has actually changed my thinking on guns. I'm not 'pro gun', don't own guns, and want nothing to do with them personally.

But as I think about my stance on the legality of encryption it sounds pretty similar to the argument for guns. Still don't want one, but it's harder for me to be dismissive of a point when I turn around and use the same point for another issue.

Contrary to encryption you don't need guns to safely communicate over the Internet, say with your bank. So I'd argue that strong encryption is a lot more important than guns.

Sure, you don't personally need guns, but you do need physical safety at each end of the communication. Physical safety is provided by people with guns.

Those people can be policemen.

Police response times will never be low enough to be physically preventative outside of special areas (airports, stadiums, high traffic areas). It doesn't take that long to mug somebody.

Police violence is more of a way to discourage wrongdoing on the part of rational actors. Irrational actors (terrorists, mentally ill, drug-addled, enraged, desperate) probably won't be affected short of an oppressive police state.

Police has no requirement to protect. Also, there are people who live in areas where the police response time is 1+ hours even for the most drastic issues.

Just like with encryption, it might be the state actors you want to be protected from. So that argument is totally nosense.

If you buy that argument you could also argue that govermnets should be trusted as a holder of cryptogrphic keys.

You can communicate with your bank safely, you'll just be limited in ways to do so. Just like without guns, you can still defend yourself from a home intruder, but you are limited. To my knowledge, there is not a right to be able to communicate securely using the internet.

You can communicate with the bank with guns.

Probably wouldn't end well for you though.

Ironically, I had this same thought today while listening to a This American Life on Shay's Rebellion [1].

The right to keep and bear arms has more bearing on access to encryption than any other recognized right.

[1] https://en.m.wikipedia.org/wiki/Shays%27_Rebellion

Er, no, the right to choose how and with whom you communicate -- which is what encryption is about -- is not closely related to the RKBA, but it is related to (and, in fact, the whole point of) the rights to speech, press, and assembly in the First Amendment. Even insofar as encryption is a metaphorical defensive weapon that safeguard against government tyranny, which makes it loosely analogous to the RKBA, it's still more connected to the first Amendment expression rights, which were considered important for exactly that purpose.

Correct me if I'm mistaken, but case law has held that the First Amendment does not provide a right to privacy. It provides a right to self-controlled conducting of ones business. It provides the right to communicate with others whatever subject one desires (x09 F9?). But it doesn't state that the government can't know these things -- only that it cannot act on many of them. Which, sounds familiar to metadata / automated search positions expressed in Congressional testimony?

The 2nd - 6th on the other hand, watered down though they may be by subsequent court opinions, do directly deal on the relationship between things that an individual may possess which the government would seek to take from them for its own ends.

To me, the second set strikes far closer to the intent of privacy. Privacy is not some passive manner of communication. Privacy is fundamentally a weapon whose very existence challenges and bounds the desires of the state. Because privacy is fundamentally unknown.

Let's not pretend we're talking about encrypting just "the good messages". We're talking about encrypting child pornography, chemical formulas and processes for explosives, copywritten media, white/black/hispanic/asian supremacist propaganda, firearm schemics, computer viruses, and explicit pictures of ex-relationship partners.

The state has a reasonable interest in wanting some of this suppressed. But you have to make an all-or-nothing choice on whether it should be able to do that... or not.

This isn't about expression: it's about how we as individuals and citizens relate to our government and it to us.

Encryption may be necessary for privacy, but it's an aspect of manner of communication.

And time, place, and manner restrictions on expression are limited by the First Amendment (case law gives them slightly less protection than content-based restrictions, intermediate rather than strict scrutiny.)

And encryption restrictions that permit it for certain uses and not for you others are, arguably, content-based restrictions.

The content-based encryption argument is interesting, but I doubt we'll see any "certain use" laws. The problem/benefit of encryption is that if it's well designed then you have no idea what its contents are - mooting any content based restrictions.

We'll see how it goes though. I doubt the courts will be thrilled to do anything that circumscribes their own power.

the argument isn't only criminals -- it's criminals, and the government.

basically, the private law-abiding citizen is the only one left out of the power loop. everyone else is armed to the teeth.

for those of you who are pro-crypto but anti-gun, the government considers crypto a weapon, plain and simple. they don't share your divided sensibilities. it's real easy -- they want to take both away from the populace, a little bit at a time. and of course the oldest trick in the book is divide and conquer. they know you don't want to apply the same arguments to both fights because of your feelings on firearms, and they are taking advantage of it.

that uneasy feeling you get when you consider a world without private access to crypto is the same uneasy feeling gun owners get when you talk about taking away their access to firearms.

This is a very good point.

As someone who has been anti-gun and pro-encryption, I'm now wondering how I reconcile these two stances that are at conflict with each other.

The one major difference that I see is that it's really hard to kill someone with encrypted data.

If one were to side with the government, it could be argued that encryption is even more dangerous than guns, because it can be used on a scale that would allow larger numbers of terrorists to organized without the threat of the government being able to track their plans. In that sense, encryption could be argued to lead to more deaths (or at least more horrific ones, see 9/11) than individual gun owners.

To be clear, I am both pro-encryption and "pro-gun". However, spinning the argument to present encryption as a more immediate threat can be done, and quite easily considering the fact that not many people understand it. The argument could even work on pro-gun people!

Maybe you're having trouble reconciling them because they are irreconcilable. It sounds to me like you're awfully close to a "decide what I want first and rationalize it later" style of pondering, or perhaps have crossed that line already.

> "decide what I want first and rationalize it later"

Incidentally, this is Jim Jefferies point[1] about guns: guns are fun, people enjoy having them and shooting, so they rationalize with evil governements threats from centuries ago.

[1]: https://www.youtube.com/watch?v=0rR9IaXH1M0

You didn't reconcile it. Guns were foreign and unfamiliar to you so your fear them. Encryption is familiar to and understood by you so you are okay with it.

They are just tools. They can be used or abused.

You are not as rational as you think you are.

Guns are not, fundamentally, a tool for ensuring one's privacy.

The original intent of the right to bear arms was to enable protection against an intrusive government. It's very similar to crypto in that sense.

If having guns worked like that, then the USA, with all it's guns, has nothing to fear from the government banning crypto, since you can all just overthrow the government with all your guns, right?

So, today, your guns are basically useless against the government, because the government has ways of overcoming that obstacle.

However, strong crypto and privacy are not useless today. I would bet that strong crypto has done more to protect, for example, Snowden, than guns.

In other words, crypto is the new guns - they are currently a tool that is useful for protection against a rogue government (at least in theory).

Well. Thank you. Your sarcastic reply helped me justify my pro-encryption and anti-gun stance :)

and as the original intent went, it made sense. but owning a gun doesn't really protect one from a modern intrusive government, but it does raise the risk of gun related death to those around you by a significant margin

> but it does raise the risk of gun related death to those around you by a significant margin

Needs citation.

Unless, of course, you mean having access to a gun increases your chances of successfully committing suicide, which is fairly well established... but I think that this is rather different, at least in terms of connotation, than what you said. My impression was that you were implying that having a gun in the house makes you significantly more likely to be the victim of an accidental shooting, which while technically true, really isn't worth worrying about compared to, say, car accidents (or even airplane accidents) accidental gun deaths are very rare.

That's what is interesting to me in this whole gun debate. The majority of gun deaths are intentionally self-inflicted.

Interestingly, it seems to me that the people who support gun ownership more often than not oppose physician-assisted suicide, and vis-a-vis.

If you accept my assertion that the gun debate is actually about suicide, "From my cold, dead hands" takes on a whole new meaning.

> “Bringing a gun into the home substantially increases the risk for suicide for all family members and the risk for women being murdered in the home,”

> “Impulsiveness may be a catalyst in using a firearm to commit suicide and may also play a role in firearm-related homicide.”


I grew up with guns in the home, but these guns were for hunting / bear protection, not "self defense" and were stored unloaded and locked. I support the right to own guns but I find the willfully ignorant, cavalier and dismissive attitudes that many pro-gun advocates have towards the risks of gun ownership to be a shame.

> My impression was that you were implying that having a gun in the house makes you significantly more likely to be the victim of an accidental shooting, which while technically true, really isn't worth worrying about compared to, say, car accidents (or even airplane accidents) accidental gun deaths are very rare.

Are you sure about the airplane accidents part? Do you have data to back it up? I know that traffic fatalities in the US are about even with gun fatalities overall [1], but if you can show that accidental gun deaths attributable to gun ownership at home are roughly equal to deaths from plane crashes, I'd be very interested in seeing that.

[1] https://en.wikipedia.org/wiki/List_of_countries_by_traffic-r... https://en.wikipedia.org/wiki/List_of_countries_by_firearm-r...


"Firearm— In 2013, 33,636 persons died from firearm injuries in the United States ( Tables 18 and 19), accounting for 17.4% of all injury deaths in that year. The age-adjusted death rate from firearm injuries (all intents) did not change significantly in 2013 from 2012. The two major component causes of firearm injury deaths in 2013 were suicide (63.0%) and homicide (33.3%). The age-adjusted death rate for firearm homicide decreased 5.3%, from 3.8 in 2012 to 3.6 in 2013. The rate for firearm suicide did not change significantly."

so, that gives us 96.3% of all gun deaths as either suicide or homicide, leaving 3.7% unknown. 3.7% of 33,636 gives us 1,245... okay, uh, so if all of those are accidental deaths, then I'm wrong, as planes aren't nearly that dangerous.

http://library.med.utah.edu/WebPath/TUTORIAL/GUNS/GUNSTAT.ht... - claims 600 accidental gun deaths a year even this page (which reads as very anti-gun to me) claims a similar number:


But, even if the lower ~600 number is right, that puts it in the neighborhood of total airplane deaths globally... so it looks like I was wrong, accidental gun deaths are not rare compared to airplane accidents.

also see


which apparently only gives me stats from 2013, NVDRS States: AK, CO, GA, KY, MA, MD, NC, NJ, NM, OH, OK, OR, RI, SC, UT, VA, WI

but it has a fascinating table of accidental gun deaths.

However, I'd still say that this doesn't detract much from my general argument that the gun control debate becomes more interesting (and, I think, makes more sense) if you understand that Americans use guns more often on themselves than on other people.

> owning a gun doesn't really protect one from a modern intrusive government

At an individual level it doesn't. At a population level there is an argument that it makes a guerrilla civil war potentially winnable by the rebels, which has a deterrent effect on extreme totalitarianism.

Theoretically it would if the American populous, heavily armed as we are, had any chance whatsoever against the military. We don't, so the point is moot.

> Theoretically it would if the American populous, heavily armed as we are, had any chance whatsoever against the military. We don't, so the point is moot.

You're imagining construction workers and commercial airline pilots and physics professors against professional soldiers. Imagine 500 professional soldiers with the backing of 5000 construction workers and commercial airline pilots and physics professors take over the military base where those 500 soldiers were already a quarter of the garrison, because the 5000 already had their own small arms and knew how to use them.

Then they have tanks and planes and nuclear weapons and popular support and the same dynamic plays out at ten other military bases.

Democracies are stable because if you have enough people behind you then you can vote the bums out before you have to fight them militarily. But authoritarian "democracy" where you have a central government imposing controversial laws with only 51% national support and significantly less than that in specific regions is more than a little unstable.

This is unknown. The entirety of the military would probably not be unified in an all-out Civil War II. Furthermore it is not relevant considering police state abuse is more rampant than ever, which is a good enough "logical" reason, which again is also not important considering it's a fundamental right at its base level.

The point about the military split being unknown is fair. However, I think police state abuse is a red herring, since people don't actually use guns to combat that: http://www.hsph.harvard.edu/hicrc/firearms-research/gun-thre...

I also disagree, conceptually, with the idea of fundamental rights: http://sonyaellenmann.com/2015/11/human-rights-are-not-innat...

By this logic, if there was one section of the gov't that had extremely advanced crypto cracking capabilities, then keeping crypto legal for normal citizens should also be a "moot point".

However, citizens would probably still want to keep their data private from all kinds of other eavesdroppers just like they want guns to protect themselves from threats less capable than the military.

I would agree with this if guns were mostly used to protect people from threats less capable than the military. In practice, they're not: http://www.hsph.harvard.edu/hicrc/firearms-research/gun-thre...

>but owning a gun doesn't really protect one from a modern intrusive government

The fact that the government outscaled civilians RE: military power doesn't make it a useless law. Think abusive law enforcement at the local/state level.

I'm not sure how armed citizenry helps with law enforcement.

People are shot and killed by law enforcement. Sometimes they're shot and killed very quickly, within 30 seconds of an officer arriving on scene.

People who are thought to be armed are often shot and killed by US police. Notice the "thought" there, many people are shot even though they don't have a weapon because law enforcement thinks the person has a gun.

Do you have any examples where an interaction between a citizen and a cop is made better by the presence of a gun on the citizen?

(I guess the strongest challenge to my argument is the presence of MalcolmX)

>Do you have any examples where an interaction between a citizen and a cop is made better by the presence of a gun on the citizen?

Better thought: Do you think a completely unarmed populace is a better idea given how bad police abuse their power?

>Better thought: Do you think a completely unarmed populace is a better idea given how bad police abuse their power?

Well, yes, I do.

The US is heavily armed. The US has a lot of poorly trained, unskilled, abusive police officers.

Gun ownership hasn't made US police any better. If anything it's made them far more lethal - one reason given (by both pro- and anti- gun advocates) for the shocking numbers of people shot and killed by US police each year is the presence of guns in the population.

When a police officer abuses their power I can grind through it, or I can pull a gun and get shot. In most cases getting shot is the worse outcome.

I think it dies give some protection. Sure when swat comes to your house, guns will not save you. However in a extrem case were masses of people feel threatened by government and their is real civil unrest, the cost for the govemnet to put this down by force will be massivly higher.

In that sense its the same as encryption, it all boils down to an argument of economics.

When the NSA wants to hack you, you are fucked. When the FBI wants to arrest you, you are fucked. Only in mass can either of these measures have a large impact on government policy. Both things stop the goverment from some actions that they might take.

I agree that guns have larger everyday danger effect then encryption. However Im not convinced that, its sufficantly good argument outlaw guns.

> However in a extrem case were masses of people feel threatened by government and their is real civil unrest, the cost for the govemnet to put this down by force will be massivly higher.

It didn't seem to stop them at Waco. Since they're getting army surplus from actual warzones I'm not sure the civilians can put up much resistance.

Sorry... personal pet peeve of mine, and definitely a dead horse... but that did not happen "at Waco."

Because Waco was cheap? That the worst example ever.

Has any study shown this as a causation, or only a correlation?

Yes they are. Indeed that was one of their main reasons for being legalized by the Americans.

encryption don't kill.

No great insight here, and however insane I find many US state gun laws, the encryption debate is more worrying by far. As a non-US citizen there isn't many ways US gun laws can affect me. However the encryption debate has far broader consequences and will change things for the rest of the world - but we don't get a say.

Well, my perception of the gun lobby is that a big part of the effort is centralized. At least that's my impression after reading the nytimes article.

I don't have any insight into the gun lobby so I can't tell whether it is any accurate.


I fear the gun argument is further weakened by the fact that civilians can't have big anti-aircraft guns in their backyard pointed towards the sky. I bet I can't operate a decent early warning radar in my backyard without running afoul of some zoning ordinance or another.

Your perception is wrong. The gun lobby is crazyily grassroots. The NRA is demonized, but their spending in lobbying is low (their income is relatively low and they have a lot of other elements such as training and certification) and less than the gun control lobby since Bloomberg (and some silicon Valley VCs) began to lobby.

There is only one reason the NRA has influence: members and sympathizers will vote on thier recommendations, they have a lot of members and the NRA will always endorse the most sympathetic candidate to thier cause regardless of party affiliation.

The pro encryption lobby could emulate this. Lobby groups like the eff need more members and crucially need members to vote for who they recommend regardless of the candidates other views ie. vote for Trump if he said he was pro encryption.

The problem is that guns are tangible. I can have a gun, and then have the gun taken away or banned by the government. This is easy for anyone to understand.

Encryption isn't so tangible. If certain forms of encryption were banned, we'd still have our computers and phones, and to the average end user, they'd be no different in their perception.

Which is almost certainly why gun owners fight so much more vehemently for their rights than the opposition does, and for better or worse, there are people who very much espouse and believe in the "cold dead hands" mantra.

I'm a gun rights supporter, not so much because I give two hoots about guns, but because I see the fourth and second amendments as an overall proxy for the health of the bill of rights.

If the government wants to ban guns, or privacy, the remedy there is through amending the constitution, not simply pretending it doesn't exist, but we've allowed the government so much discretion and deference on matters like these, especially on guns, because we (as a people) don't particularly love them, and because the argument has historically been presented as "you don't want these bad people to have these loopholes", where bad people is interchangeably terrorists, gun owners, communists, or whatever the evil of the day tends to be.

> Lobby groups like the eff need more members and crucially need members to vote for who they recommend

EFF is a 501(c)(3) organization and is forbidden to endorse or oppose political candidates. That is different from NRA.


They could easily spin off an entity to handle that, like the NRA does with NRA-IL. Maybe they should, or maybe another group should.

The federal government once classified encryption as a weapon, maybe we have 2nd amendments rights to it.

I think they should do something like that. The EFF fights political battles all the time, but can't recommend a "best" candidate for the issues they care about?

Because they aren't doing that is probably the reason why privacy/data protection is such a neglected issue during elections, and if it does get brought up is mainly from the perspective of "what other rights should Americans give away freely so the government can protect you".

The only reason it's been brought-up now is because of Apple, and even that is mostly spun in the government's favor in the media.

That's interesting. They've come pretty close to that line in the past...


You can certainly buy anti-aircraft guns (there are collectors of these things), but good luck getting your hands on the ammunition required to turn one from an unusual outdoor sculpture into a weapon.

Insights? None, because I don't think what you said is accurate at all. That's exactly what we're thinking - only outlaws will have it.

I don't know a single gun owner that wouldn't also be an advocate for encryption.

> Anyone have any insights into why the commonly used guns argument is not good enough for encryption? If we ban guns(encryption), only the criminals will have it.

Guns are defense against guns in a way that encryption is not defense against encryption, so the notion that we are depriving non-criminals of an important defense against encryption-toting criminals carries less weight.

The whole world is flooded with fiction about using guns to stop bad people with guns. The narrative around crypto is tiny by comparison.

Fiction? This exact thing happened in my very liberal city in the last day:


Gun and encryption are two completely different beast.

With guns you can execute a crime, with encryption you cannot.

It is true that you can plan a crime with the use of encryption, but we don't punish on intentions but only on facts.

It is not illegal to plan how to kill someone, while it is illegal to actually kill somebody or to try to do it.

> With guns you can execute a crime, with encryption you cannot.

What about the ransomware that encrypts your data and makes you pay money to have it decrypted?

With both guns and crypto, I think we're all better off to focus on keeping the tool legal and selectively outlawing certain human behaviors that use the tool.

Even by walking on the grass in front of the White House you commit a crime... Are we going to ban walking ?

This is a legal problem, not a technical one, we should stop to find technicalities...

> we don't punish on intentions but only on facts.

Yes we do. Murder vs Manslaughter, "Intent to commit murder", "killing in self defense", theft and fraud are all crimes where someone's intentions are very important.

Quite there, however "Intent to commit murder" is when you actually try to kill somehow, you did make some actions to actually try to kill.

Didn't get the connection with "killing in self defense".

It is true that theft and fraud are all crimes where the intentions are important, however it applies after the crime is already been confirmed.

That we don't punish intentions but only fact is a major cornerstone of the western jurisdictional system; in my opinion is actually weird that we are discussing this.

Please note that the common definition of intents is different from the legal one.

> Didn't get the connection with "killing in self defense".

If a reasonable person, in your situtioan, thought that their life was in danger, they can kill someone in self defence. This is less about "intention", but about "what's inside your head", but hose are very similar.

> It is true that theft and fraud are all crimes where the intentions are important, however it applies after the crime is already been confirmed.

Not always. Some countries say "theft" is only when you intend to permanently deprive someone of something. So if I find your wallet on the street, and pick it up in order to bring it to the police station, then I amn't guilty of stealing your wallet. Because I didn't intend to when I picked it up.

If you use encryption to tell someone to kill, you have executed a crime using encryption.

Even if you send a letter, and then the letter is burned.

Anyway we are not going to ban paper, matches, lighters, and the mail services.

You are thinking more like a technician than like a lawyer...

Are we going to ban metal, drill presses, 3D printers and sulfur?

This argument is "not good enough" for encryption because it is also not good enough for guns. Cliches are not persuasive arguments in a court of law.

If you think gun related jurisprudence is the way to rescue encryption try ITAR. Munitions = Arms = 2nd Ammendment

I have never understood why the USA anti-gun lobby doesn't go after ammunition rather than guns. Just ban ammunition and a gun just becomes a not so dangerous club.

Ah yes, "Let's use semantics to infringe on unalienable rights, that'll show those Framers!"

Well unless the anti-gun lobby can change the constitution they need to find some way around it. I was not suggesting that this should be done, just asking why not?

The right to "keep and bear arms" pretty clearly implies the right to use arms (guns) in the way they were intended to be used, which means access to the ammunition as well. No one in their right mind believes the Second Amendment was written with the idea that militiamen would use their guns primarily as clubs.

It's not done partly because the "anti-gun lobby" knows it would be a fruitless endeavor, and partly because most gun control advocates don't actually want to render guns useless by any means possible.

I was under the impression that certain types of ammunition are able to be banned without any constitutional issues arising [1].

If you wanted to be really clever you could still allow ammunition, but limit the materials the bullet could be made from or limit the powder load. Attacking ammunition has got to be a more workable strategy than trying to restrict gun ownership without consitutional change.

1. https://en.wikipedia.org/wiki/Teflon-coated_bullet

Sure, but I think a strategy like that only avoids constitutional issues because it's not a general attack on the efficacy of firearms. Anything that has the effect of making guns less effective en masse would probably run afoul of the Second Amendment.

Banning armor-piecing bullets certainly makes firearms much less effective - after all this is why the law was brought in as it made guns too effective against the authorities (the infamous “cop killer bullets”). Why has this law [1] not fallen afoul of the second amendment?

1. https://www.law.cornell.edu/uscode/text/18/921#a_17

Because all of the other kinds of bullets still kill people perfectly well, thank you, and that's all the Second Amendment requires.

Not if the bullets come out of the barrel at less than 10 feet per second. Just make a law limiting the bullet’s velocity to below the skin piercing speed. You have your arms, but you can't do much with it beyond killing flies.

Admittedly, I'm not a constitutional scholar, but the Second Amendment was written at a time when the fledgling country wanted to ensure a distributed defense against potential threats like Spain and England, and Native American tribes. My naive reading of it leads me to believe that the part where the bullets can kill people is kind of non-negotiable.

My understanding is the second amendment has been “interpreted” quite a bit over the years - after all the original intent of the law was that people could own arms (i.e. military grade weapons), not just handguns and the like.

I interpret the first amendment to mean we have a right to make sounds come out of our mouths. The content of those sounds, however, is not protected. Since there are an infinite number of combinations of sounds, banning political statements does not impact that right. You are still free to make infinite sounds. The amendment also does not cover the right to record that sound or to write thoughts down on paper. And while the amendment does preserve the right to petition the government for grievances, it does not specify what form that petition must take or for the government to act on such grievances. Therefore, a law which requires all such grievances to be voiced at lowest point of the Atlantic Ocean is constitutional as well.

Thank you for this. This guy is either a supporter of Nanny States or has a massive lack of understanding of basic U.S. constitutional law.

Or maybe he is asking a question.

>Not if the bullets come out of the barrel at less than 10 feet per second. Just make a law limiting the bullet’s velocity to below the skin piercing speed. You have your arms, but you can't do much with it beyond killing flies.

Not much of a question. Although this is clearly hyperbole, I think the implication that our rights be "nerfed" through loopholes is unconstitutional.

>Why has this law not fallen afoul of the second amendment?

In many people's eyes, it has.

When did the supreme court rule this law was unconstitutional?

He said nothing about it being ruled unconstitutional. I assume what parent is trying to say is that the restriction on their 2nd amendment rights (which is what this law is-- a restriction of a right) is, in many people's opinion, contrary to the intended purpose of the 2nd amendment. Now, there is a difference between restricting of a right and a ban of a right, but it becomes a very fine line.

There are already a large number of restrictions on the ownership of arms. Try to go and buy any true arms (military grade weapons) and see how far you get. The intended purpose of the second amendment was gutted long ago.

My question is why have the anti-gun lobby not gone after ammunition. So far I have not had one good response answering this question.

Because without ammunition there are no guns, without guns there is no second amendment. If you believe restricting "true arms" has been effective, why do you think it is necessary to restrict ammunition?

I make my own. Its pretty easy. And cheap. Which is amazing, considering that mass production should have put it at a price point that can't be beat.

You seem to be really keen about this. If your goal is to make the world a safer place, and not only taking away other people's rights try mandating locking or safes for all but the first one or two guns in a house instead.

Around here you are required to have a weapons safe to store almost any kind of weapon at home. This limits the risk of more guns getting into criminals hands as well as the risk of children toying around with them.

BTW another nice touch around here is you are required to have a reason for having a gun. That either means hunting, target practice or serving in the police or military. Reasons tends to be understood leniently (ie no one cares if you don't go hunting for a few years), except for handguns that requires the local chapter of a target shooting club to vouch for you.

I almost think you could get a good chunk of NRA behind something in these directions if you could somehow make sure it wouldn't be used for racketeering. After all NRA doesn't exactly look like raging bloodthirsty madmen, do they? Just like we aren't very fond of criminals just because we want to keep our encryption?

I am actually not really that keen on it other than as how to tackle an issue like gun control. If you are in favor of gun control why not go for the weak point (the ammunition) rather than the strong point (the second amendment). It is like the anti-gun lobby is not trying to win and are just in a culture war with the NRA.

Other people, way more skilled in law than me has already answered you multiple times on this.

When you go on and on about this it is borderline trolling IMO.

The problem with trying to tax ammunition out of existence is this has previously been found to be constitutional invalid.

My idea is to not try to get rid of ammunition by banning or taxing, but just degrade it's killing power via regulation to the point that it is harmless. You could still buy arms and ammunition, but you would not be able to kill anyone.

At the level of simple firearms, arms are arms. You're going to have to argue 2A regardless.

I don't understand this response. Why wouldn't banning the sale of ammunition and ammunition components not work to stop most of the bad problems of guns? A gun is still arms even if it does not have ammunition so this avoids the constitutional problems, but it makes them much safer.

I should add that I am not arguing for the banning of ammunition, just why has this not been used as an attack vector on the gun lobby?

Because it wouldn't work. You're purposefully trying to work around the intent of things. Judges tend to take ill view of cute things like that.

Besides, ok you ban the sale of ammunition. Now are you going to ban reloaders and selling of ammunition components too? How far are you willing to go down that rabbit hole? Noting that it isn't that hard to make ammunition are you going to ban the knowledge of that as well? It would be pretty easy for a lawyer to point out the whole idea is an end run around the spirit of owning armaments. For that reason alone its not any better of an idea than trying to ban guns outright.

I thought a lot of laws were cute intents to work around the constitution.

Any such law would work its way up the legal chain until it got to the supreme court (assuming they chose to take it up the case). As the federal law on armor piercing bullets shows [1] there does not seem to be anything stopping congress passing a law regulating or banning ammunition. Instead of just limiting the ban to armour piercing it could be extended to a ban on ammunition that can pierce the skin.

If you are able to ban ammunition you could certainly ban the sale of the components to make ammunition. Sure there might be some individuals that choose to break these laws, but it would be pretty effective.

Ultimately the choice to do something like this would be politically, not constitutionally constrained. If you oppose the widespread availability of guns [2] why not try to think around the problem rather than bashing your head against the constitutional rock?

1. https://en.wikipedia.org/wiki/Teflon-coated_bullet

2. I am actually not personally opposed to gun ownership.

> I thought a lot of laws were cute intents to work around the constitution.

And this is why judges exist: to go "hey, that law is trying to work around the Constitution and therefore is unconstitutional." And I say this as someone very much in favor of gun control. But it must be approached legally, not with the mindset that the law is some kind of computer program executed by idiot minds.

I understand this, but working around one interpretation of the constitution is the aim of many laws if not most.

The bans of armor piercing bullets have their own reasoning behind them. Banning all bullets would ensure any arguments presented would amount to banning of armaments.

It would be akin to banning cars by banning the sale of wheels. You will be hard pressed to say your intent is to stop people getting run over by stopping wheels from running people over. It is patently obvious your goal is to stop cars from being used. Even if you ban wheels with spikes on them that obviously only ever get used to destroy other cars, that doesn't mean that it is ok to ban all wheels using the same logic.

You'll probably want to ask a lawyer the legal situations behind your proposal. They'll be better able to elaborate. But in talking to some lawyer friends in the past, they note judges are really good at sniffing out attempts to work around the spirit or intent of a law.

I think you might have missed the point of my question. I am not suggesting banning ammunition, but asking why legislating their killing power be restricted as an approach to gun-control has not been tried. It appears that it is constitutional to limit the killing power of ammunition (i.e the armor piercing bullets) - what interests me is how far this approach can be taken and still be constitutional.

I will say once again I am not personally in favor of gun control, just asking why the anti-gun lobby is not trying to go after the weak point in the regulation of guns (the ammunition) rather than the strong (the second amendment).

I'll try to make it simpler. How do you propose a ban on ammunition? Walk me through the legislative and judicial processes.

On the flip side, my first argument 2A, so now the burden is back on you.

Well if I was asked to draw up the law (unlikely since I am not a lawyer) I would just follow the current law on armor-piecing bullets [1], but add a clause that limited the powder load to ensure that the bullet’s muzzle velocity could not exceed 10 feet per second. Probably equally effective would be to limit the weight and/or density of the bullet such that bullets could only be made out of aerogel [2]. Once you attack the weak underbelly of the ammunition the fun you could have is almost limitless.

1. https://www.law.cornell.edu/uscode/text/18/921#a_17

2. https://en.wikipedia.org/wiki/Aerogel

Your argument fails intermediate scrutiny, which is the minimal level of scrutiny a constitutionally enumerated right must be held to.

In brief, strict scrutiny is the most stringent level of scrutiny, and rational basis the least stringent. Operating a vehicle on public roads is decidedly a right, but not a constitutionally enumerated one, so it is only held to rational basis. Rational basis scrutiny allows a right to be curtailed it, on a rational level, the curtilage is related to a legitimate government interest.

When strict scrutiny is applied, it means that a much more stringent justification must be met. Not only must it further a legitimate government interest, but it must also be the least restrictive possible means of doing so, and not fundamentally burden the right.

Banning teflon coated bullets does not fundamentally infringe the right, and is narrowly tailored enough that it survives the least restrictive means test. Banning all ammunition cripples the right, fundamentally, and is nowhere near tailored enough to survive heightened levels of scrutiny.

>Banning teflon coated bullets does not fundamentally infringe the right, and is narrowly tailored enough that it survives the least restrictive means test. Banning all ammunition cripples the right, fundamentally, and is nowhere near tailored enough to survive heightened levels of scrutiny.

Just to nit pick it is not teflon coated bullets that are banned (at the federal level), but bullets made of certain hardened materials that are banned. The teflon is there just to stop the gun barrel being damaged.

I am not suggesting banning all ammunition (as a tactic), but degrading the killing power of bullets by legislating what they can be made from and how fast they can leave the muzzle. How much could the killing power of bullets be degraded before the law would be considered an infringement on the second amendment?

In the words of Alan Gura, the attorney who successfully argued in D.C. v Heller (the pivotal modern firearms case) -- because banning bullets is a backdoor ban on firearms. Firearms without bullets are no longer firearms, they are simply bludgeons.

Sure that is the aim, but is it unconstitutional? How much can you degrade the killing power of a bullet before it becomes unconstitutional?

I don't know. How much can you impede the ability for minorities to vote before it becomes unconstitutional? How much torture can you get away with before it becomes unconstitutionally cruel and unusual? How much can you restrict the abortion rights of women before it runs afoul of the constitution and pre-existing precedent?

It's people asking questions like that, and failing to respect the spirit of the constitution that explains exactly how we've become a nation in which federal power is effectively unrestrained by the constitution.

Endorsing gun control means being an enemy to the bill of rights. Wiggling past scrutiny by playing legislative "I'm not touching you" games as you're doing weakens the whole of protections to the citizenry. Whatever semantic games you like playing against the second amendment sets precedent for those same games to be played by the other side for speech, privacy, abortion and marriage rights. It is the failure of the left to respect some rights, paired with the failure of the right to respect the others that has gotten us where we are.

Just because the government doesn't like a right doesn't mean they get to ignore it. Because people like you let them selectively ignore the rights you don't like is what gives them the power to ignore the rights you do. If you want to be constitutional (and you should), you can ban bullets by repealing the second amendment, or amending the constitution to state that bullets aren't protected by it.

I think you missed my statements several times that I am not a supporter of gun control, but asking why those that are in favour of gun control don't go after ammunition rather than guns.

As for the second amendment it has basically been totally gutted long ago since people have no access to true arms.

Doing so would be a good way to start a civil war.

Yes, but one fought with clubs not bullets :)

I know people with hundreds of thousands of rounds of reloading supplies, some with as much ammo.. They're not unique.

We've been making "modern" repeating firearms and ammunition for over 100 years - it's foolish to think that with modern precision technology being so cheaply available that the people would be unable to craft ammunition at home.

Not really. In any real civil war, some police forces would side with the rebels. That's already happened in connection with Public Lands issues in the Southwest. Also, at least some National Guard armories would be liberated. It could get very messy.

"they'll issue an executive order to ban one-way encryption outright"

I want to point out the reasons for which that's impossible -- that the executive can't issue an EO that applies to the citizenry at large, and that there aren't any agencies that specifically regulate software companies, but as I can't find a loophole that hasn't been leveraged to render my arguments moot, I can't even convince myself that it couldn't be done.

That said, on paper, executive orders are only applicable within the executive branch. E.g., the president can issue an order that commands his agency chiefs to interpret a law a certain way, or compel them to issue internal commands to change an action that they are otherwise charged with doing, but laws to which the citizenry must comply need be done via Congress.

Plus the impossibility of controlling apps, software and frameworks outside the US. All it takes is one person in one country building correct encryption and everyone uses that for illegal activities everywhere. It's not a matter of blocking holes in a dike; there is no dike.

I don't recognize your use of "one-way encryption". Did you mean something like end-to-end encryption?

Looks like it means that the encryption cannot be reverse-engineered: http://help.penzu.com/pro/what-is-one-way-encryption/

> One way encryption is a mathematical function that takes a variable-length input string and converts it into a fixed-length binary sequence.

So, a hash function and not encryption? Got it.

Sarcasm aside, we really need to start using the correct terms.


    | \`- Hash Functions
    |  `- Secret-Key Cryptography
    |    |\
    |     \`- Secret-Key Encryption
    |      `- Secret-Key Authentication
       `- Public-Key Cryptography
          \`- Public-Key Encryption
           `- Public-Key Authentication
Hashing is NOT encryption.

"One-way encryption" is a terrible term - they mean "encryption that the encryptor cannot decrypt upon demand."

So, asymmetric cryptography.

If you have good hashing, you can build encryption, though.

And if you have a good block cipher you can build a hash function.

Encryption is a reversible, keyed transformation of a message. If you cannot reverse it, it is not encryption. Calling it encryption just introduces confusion.

I concur.

I thought that was just called encryption.

Right. With decent end-to-end encryption, third parties can't circumvent without compromising devices or software. Systems where providers can secretly push compromised software aren't secure. Obviously. There are many eyes on the GnuPG code, for example. But even with Apple and Facebook, PR and financial consequences for backdoors would arguably be huge. Consider how much global business US providers have already lost, just over suspicion raised by Snowden's stuff.

One time pad perhaps

Would there be a first amendment (freedom of speech) argument against such an outlawing? If you are not allowed to say things which the government doesn't understand, then your speech isn't free.

The actual text of the Constitution is "Congress shall make no law ... abridging the freedom of speech", so I guess a first amendment argument comes down to the interpretation of "abridge" -- I would certainly think outlawing speech of a certain nature, i.e. encrypted speech, or authenticated speech, would be abridging that freedom. But I really don't really know how far removed the courts have taken the law from the original text.

If the government succeeds in this case, it'll be George Orwell's 1984 everywhere. A constant monitoring will be done on everyone irrespective of who they are. The terrorists will move on to another stream of communication (I think ISIS already has their own app), and only the innocent citizens will be left to be monitored by the FBI.

This is the slippery slope fallacy: the current Apple court battle is so limited in scope that it cannot possibly create precedent for such broadranging actions, and those it might speak to would be subject to court oversight (i.e. you would require a separate writ for another phone, which would be equally subject to court challenge - it would not be a rubber stamp process, it would not be able to demand substantially different actions yet cite precedent).

Unless there is a current lawsuit where an affirmative ruling would imply a general order to introduce backdoored encryption in an entire line of products, then it is not "a matter of time" - and thus is also the classic slippery slope fallacy - decision A does not decide decisions B, C and D without further consideration.

It won't be outlawed as long as public will be against it. It will be a political suicide for opponents of encryption. But only if public will be against it. Time will tell.

Obama might outlaw it on his way out...

In the United States, the President doesn't pass laws. Obama has taken executive power to extremes during his term, but he can't do that.

Did the Congress authorize all that uncostitutional surveillance for example? I thought it was a secret court interpreting the law in secret on behalf of the executive power. So "passing laws" in such context is not a far fetched claim.

That wouldn't require Obama to wait until just before leaving office. Anything done in secret has already been implemented. What the FBI is asking for could likely be done by the NSA already. The Feds want a publicly known law or ruling they can use as a club over private companies, so they don't have to break any more encryption; they want it all handed to them. And they're too shortsighted and pigheaded to see/admit the folly of what they're asking.

What would be the point for him to make a mess on his way out? Just to be nasty?

Further the agenda of his political donors and pave the way for the successor. Or make it difficult for an adversarial successor to pass opposite laws.

No sophisticated actor will use an app. Sophisticated actors being those who are unwilling to let Eve choose the encryption algorithm.


> The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

Just in case anyone was wondering if this was terrorism related, it is not. I suppose next is OpenWhisperSystems / Signal, etc.

I'm glad I've stuck with GnuPG for anything truly sensitive.

GnuPG is great, but it is not for real-time messaging. Real-time messaging protocol should have forward secrecy, which OpenPGP can't have because it is not an interactive protocol.

Related: http://www.thoughtcrime.org/blog/gpg-and-me/

I'm aware but I don't need real time messaging for secure communication. It is really limited to things like security flaws, financial information, and things of that nature.

Can anyone point me to where WhatsApp app is actually confirming they are implementing E2E encryption and how?

I couldn't find anything on the oficial web/blog, the single mention on security is this FAQ[1] which is about server/device encryption.

A friend also told me E2E is only available for US users but unfortunatelly I can't confirm this because of the lack of communication from WhatsApp.

[1] https://www.whatsapp.com/faq/en/general/21864047

Edit: fixed typos

I've never seen any official confirmation, but Wired reported that it had been enabled between Android devices: http://www.wired.com/2014/11/whatsapp-encrypted-messaging/. The implementations is reportedly based on TextSecure/Signal. Moxie says WhatsApp "is implementing" which is certainly distinct from "has implemented."

If the FBI wasn't locked in a stand-off with WhatsApp because of the encryption, I would have reason to doubt it exists. However...

In any case, my family uses WhatsApp pretty heavily, and I love reading about their engineering, so I'm happy to hear that this encryption exists and is flustering a far-overreaching government. Now let's hope Apple et al prevail, because I like my non-backdoored encrypted messaging.

Agree, "is implementing" could last forever or have a very limited scope by design. I think I am going to assume there is no E2E encryption until a proper confirmation from WhatsApp.

Yeah, that and it's almost irrelevant since it's only Android-to-Android.

Why is almost irrelevant?

WhatsApp does not give an indication of what software the remote party runs, as far as I know. You'd have to trust the third party in order to rely on the encryption.

Nothing you say makes it even close to 'irelevant'. Even badly thought out end to end encryption message app is importend when rolled out to 300 million people.

No. Actually, I would say fake encryption is even dangerous. WhatsApp might not always run end-to-end encryption for compatibility issues, there isn't even a visual indication for encrypted connections, there is no way to verify keys (if at all, they are verified by WhatsApp servers), so leaving a lot of room for all kind of man-in-the-middle attacks. The encryption itself isn't documented, and at the same time WhatsApp had added an option for (likely insecure) cloud backups. Yes, WhatsApp does fake security. But people believe it's secure. Now more than ever.

But those cases are only saying that companies can't comply to disclosure requests. That doesn't say if the encryption itself is weak or if the user has to completely trust that company. Just like the Apple case, where a 4-6 digit PIN is basically protected by Apple's secret firmware and its signing infrastructure.

There is nothing worse than a messenger that is commonly called secure but actually isn't (like the current implementation at WhatsApp). Cryptocat already had a massive disaster related to this problematic. Known as the chat program for activists in danger, it had a mathematical bug that made it nearly as weak as cleartext. Another one: As long as people aren't always explicitly using Secure Chats, Telegram isn't more secure than WhatsApp and doesn't use any end-to-end encryption. Still hyped for its security. While secure clients can definitely exist, most of the famous everyday solutions are just FUD and bullshit.

I have never said that WhatsApp is secure. You seem to have completly missed the point. For people that are above avg in their security need should of course investigate and find the best tool for the job. That has always been true.

Listen to what Im saying. End to end encryption, however badly imemented, rolled out to 300 million people is a extremly big deal.

Just for the fact that it counteracts the belief that only suspect people use encryption. Also even badly implemented end to end encryption stops lazy dragnet survailance. The policy or the FBI simple do not have the ability to MITM billions of messages every day.

Remember that most texting was essentially done in cleartext before this.

All computer code can be rephrased in common written (english, perhaps) language. I'm not talking about pseudocode, I mean an actual translation layer from, say, C to english phrasing that specifically describes the computer code to be written.

And at that point it's just speech. I don't mean "like speech", or "something sophisticated people should recognize as speech", or "code is speech" ... I mean, it's just plain old speech. Just very boring, long-winded (and extremely precise) descriptions of computer source code.

So perhaps there will be some pain and perhaps there will be some years before it finally gets to the supreme court, but in the end, it's just speech.

Will they change the 1A ? Would they ?

The source code for PGP 5 was made legally available outside the US in a similar method though without translating it.


Not every country has the USA's "Free speech über alles" interpretation of "right to free speech"

No one can stop me and my peers from sending meaningless garbage data to each other.

So, if it simply looks encrypted, but acctually contains randomized meaningless shit, how can anyone prevent me from bahaving in this manner, and claim that I've done harm?

I've paid for the service, and I can spam it with trash as I see fit.

This is unfortunately not true in many places. In the UK you can be thrown in prison for failing to decrypt any data in your possession. This means someone can encrypt garbage on a USB drive and slip it in your pocket and make you rot in prison for years.

In the US, you will be held in contempt for failing to decrypt data when ordered if they can show that you "probably" have access to it and it's relevant to the charges against you. This also means prison for many years for failure to decrypt, even if you can't.

Not until they change the 5th amendment.

I don't know what the accepted jurisprudence is on this, but there are interpretations of the 5th amendment saying that the protection only extends to the authorities being unable to legally compel you to reveal that you can decrypt the data (and, by extension, that you have some level of knowledge of or responsibility for it). That is, if they can somehow prove that the data is yours, a court can order you to decrypt it.

Randomized data does not have padding.

If cases like this go in the US Gov's favour, it'll further damage the US tech industry. It's already illegal for EU orgs to use US tech companies for personal data!

Please stop calling it crypto wars. Calling something a "war" justifies wartime measures, just as it happens with terrorism, drugs and things like that.

What does "undue burden" mean? Wouldn't it be very simple for WhatsApp to remove the encryption in the app? (Anyone can write an unencrypted app.) Could they be forced to do that?

IMO that would be awful.

It is not that simple if you want to stay compatible with clients that are not updated yet and are not capable of receiving unencrypted messages. You also have a risk of breaking something, so you need to test compatibility of all versions etc. The company promised security for all other users, so it probably wants to remove security only for one specific user, otherwise it faces popularity loss. The cost of properly removing encryption from an established network protocol used almost constantly over time is really high.

The 'undue burden' is bot just the time to do it. Apple clearly argues this in their testemony before the justice commity and Im sure WhatsApp feels the same. The burde is the breaking of user expectation and trust in the security and trust of the companies products.

I find it disturbing how the intelligence and law enforcement community seem to think there is some kind of natural right for them to snoop on people.

In case of the good old phone system, the very way that worked maked wiretapping very easy. The same was true for physical mail (one major reason why most states created and held on to the monopoly on mail for so long).

With email and IM this is - again due to the way this works - a lot more difficult. Artificially restricting encryption just so they can keep on doing things the way they're used to is a bad idea, and kind of naive, too.

You're correct to point out that this debate is about a change in the staus quo: law enforcement used to be able to access the dominant communications system with a lawful order, proper crypto removes that capability.

It is inevitable that this change, lwft unchecked, will increase citizen privacy AND decrease law enforcement effectiveness. The HN community is very aware of these privacy benefits, but skeptical about the security costs. I wonder how far security must slip before those costs become apparent.

Until that happens, we basically have two camps of experts talking past eachother. The tech community sees the privacy cost, the law enforcement sees the security cost. Both back up their claims with "trust us, this is what we do for a living." This makes it very difficult to create a policy solution.

Actually the availabitly of data has massivly increased. They have access to far more thing then they ever had.

We have few ways to hide metadata and those are of major imprtance. Investigating crime is now far easier the it was at any time beore 1995 and the world did go to shit then.

A part of me wonders if I should believe this, and the story about the Apple case. Or maybe it is all just a conspiracy to gain our trust.

If the USG can force Apple/Whatsapp to decrypt some communication, what prevents the PRC from doing the same? Will we see Tim Cook arrested the next time he goes to China?

What stops them now?

I don't understand why people think this is an issue. While you could certainly imagine the PRC being emboldened, it's not like their history of human rights abuses has kept them in check. The only thing which does is how much they love trade with the west, but it would be entertaining the amount of blowback making a move against Foxconn would create (also worth considering: China, land of fake electronics components and seizing memory cards at the border, is where all your iPhones are being made...)

Don't you think that if they see Apple handing over iPhone contents to USG, they will now feel entitled to do the same in China?

The important aspect of this and the Apple scenario is that the encryption requires a benevolent third party. Encryption that relies on Eve...well, she has three faces.

Here the local drug dealers encourage use of a app called Wickr. Does anyone know how the encryption compares to WhatsApp?



Don't use Wickr.

Proprietary crypto + an interesting target for NSA because of its popularity among ISIS = probably snake oil and at the very least makes you a target

"Career criminals recommend it" isn't a good indicator of security. Two things to consider:

1. Confidential informants exist

2. Being a high-risk individual doesn't make you a domain expert

Ask your drug dealers to explain why RSA encryption with PKCS1v1.5 padding is bad. If they can't, disregard their opinion on cryptography and privacy technology.

Yeah, I knew a dispensary owner who told me all about Telegram* and how it was "really secure" and how the feds couldn't get any of his messages. He was happy to switch to Signal once I told him a little more.

> telegraph


corrected, thanks

The hi-tech application, known as Wickr, is the latest in the long list of tools the death cult is using to lure Australian jihadis to join their bloody campaign.

Sure doesn't help when this is how the media describes a text messaging app.

Thanks a lot for the detailed answer.

I will be sure the take the discussion on RSA encryption with PKCS1v1.5 padding the next time I see those guys. Probably without mentioning ISIS..

I can almost guarantee their response will be, "WTF? Stop making words up, mate."

The only reason the government "gave up" in the previous crypto war was because they decided to find ways to break or weaken crypto to their needs. I don't think this time will be any different, one way or another they will get access to our data.

They have done a shitty job at it. Snowden revealed much but non of the real horror stories have turned out to be true.

Modern standards like SHA3 are designed far better and in a way that make it way harder for anybody to build in a backdoor.

This is one of the few areas we dont have to worry to much about.

What we need to worry about is addoption of good defaults by the large majority.

There are alternatives to one way encryptions. Think of steganography and communication between the parties being indirect.

Please stop calling it crypto wars..

But headlines love it!

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact