No points to tap.
No point in tapping the data.
If they want to capture conversations it's time to go back to the proper old ways of actually spying on high-value targets.
The legal approach is correct and easy for the public to understand. Explained correctly it is also popular. The government used to have to do things like get a warrant and investigate specific crimes. They couldn't listen to everyone's phone conversations all the time and they shouldn't be able to do this on the Internet either. Digital dragnets are illegal and unconstitutional.
The technical approach is also correct. If you're building something that makes it harder for criminals inside the government to commit more crimes, you're doing work that is profound and in the best interests of society. Anyone with passion and technical skill can participate in this work. It's the right thing to do.
Both efforts help each other. Keep the government in line and accountable to the people. Make it harder for people inside the government to do the wrong thing. All approaches deserve support and should leverage each other's work. They should cooperate with law-abiding, constitutionally empowered government authorities as well. There are good guys in the government too.
But the main place where law and tech come together is enforcement. For law to work at all, it has to be enforced relatively evenly. Technology may make a law's enforcement impossible or easy, but it does not make it more or less "right" in the abstract.
And legal is about what recourse we can seek afterwards, when we understand we've messed up the implementation and security had failed.
Relying on legal protections alone is absurd. Relying on technology without any legal recourse for failures maybe somewhat less so, but still not suitable for this "real" world we live in. Not without reconsidering our approaches and attitudes to way too many things.
Not at all. Legal rules are about what we "should" do, what's right and what's wrong. However, legal rules need to be enforced to be effective. If you create a legal rule that's impossible to enforce and everyone flouts it, not only does your rule not get enforced, but it also creates doubt in the entire legal system.
So legal rules ought to consult with what's possible and impossible, but they should not be dictated by them.
An easy target is saying the government is too powerful. That would be a mistake. If Facebook were more powerful than the government, we would no be in any better hands.
The problems with the US government are that it does not work for the people.
It would be painfully short-sighted to say this debacle goes to show the gov and private companies are not too involved with one another. This will be handled with some deal that will deepen the coupling and citizens will not have a say. That’s how most things in our lives get handles. Without regard for us, that is.
Private interests have eroded our state of civility. Citizens voices mean nothing and that is all that’s going on here.
We need our government back. Nothing else is going to solve this, unless of course we can actually address the technical issue that you raised. That would be nice.
A government that was our government would simply not step over this line. It’s possible; not easy, but possible.
Id say it would be better to decentralize governments so that you dont have any great accumulation of power anywhere, and by bringing government closer to communities you automatically bring back power to the people.
A country that's going to mandate backdoors/access to such communications, are going to outlaw communication methods they can't backdoor.
Say Apple makes a federated end-to-end encrypted messenger app, the government will still go to Apple and say "let us read all the messages, otherwise you can't sell your devices". THAT is the problem, and it can't be solved by more technology and shouting "BLOCKCHAIN!"
If a largish group of users could create end-to-end encryption not with a single company but with "readily available materials", then stopping it could be harder.
So it's a combination of state dictate and the practical ability of users to defy that. This isn't saying I'm optimistic, I'm rather pessimistic on any ability of a wide home-grown encrypted-messaging milieu to appear - if few are aiming for this, those few can easily be picked-off. But I don't think we should just give up on any part of this.
It's too late for that, every machine, every browser, every user is using encryption software all the time.
"It's too late to criminalize possession of drugs. Half the country takes pharmaceuticals!"
It's trivial when you can pass arbitrary legislation.
Back in the 90s we had to deal with US gov restrictions on encryption export. Software companies and organisations fell into line. It was a big deal when 128-bit keyed Netscape became available globally in 1997, per State Dept approval, but even then the full-strength server-side SSL was still restricted to 'approved' entities.
And even 56-bit server SSL was only exportable with us.gov key escrow.
I used to use Apache with the 40-bit SSL option. Pathetic strength but no-one was going to risk jail-time by breaking laws.
I did at that time, it was just another law to ignore.
This isn't meatspace, the dynamics are quite different.
Well, then clearly it would quickly become ubiquitous. I mean, if a war on encryption that was just like the war on drugs were to be launched, why my local stream bed might "place burned passwords here" on the tin-can that currently reads "used needles here." (put there by the other homeless people).
You're forgetting that the average user doesn't care enough to sacrifice ease of use for greater political benefit.
At least in the US, if a US citizen is part of a potentially incriminating conversation, the government's going to have a hard time forcing a court to force the citizen to decrypt the conversation.
Lawyers, correct me if I'm wrong, but it seems like a conversation wouldn't be subject to the vagaries of "combination to a safe"-production loopholes.
Or, ofc, get people to adopt insecure protocols. That we know (or have good suspicion) they've tried.
They most certainly do not have cause to demand access to swaths of comms no matter whose comms they're after and most assuredly when that access actually entails enabling access to all of the comms.
I posit there is no authority that should be able to demand this as a matter of the right to human existence. Law, order, society and government should not have ultimate authority on private communications no matter what the tech is capable of. We, as humans in a modern world, can speak and if desired do so in private. This is our right as individuals and if encryption helps us accomplish and enforce that right then so be it.
If they have probable cause then they need to beat feet or beat heads but either way they need to get to work. And by work I do not mean trying to impose a different reality than the one that we currently have - where math is fact, compute is cheap and source is open.
What's it going to be? 100 go free or six lines from everyone?
What are the building blocks for encryption?
1) An cryptographic algorithm
2) Some form of key generation
3) A software implementation of 1) and 2)
4) A binary distribution of 3)
5) A computer that executes 4)
In practice, chances are those 5 are all rigged. They are rigged because you have so far trusted:
- That there are no tricks in the algorithm or its practical implementation
- That there are no tricks in the key generation algorithm or its practical implementation
- Hundreds of contributors to the software implementation of those algorithms
- The guy that compiled the software into binary form and distributed it
- The compiler used to compile the software and all the libraries and dependencies the software has
- Hardware manufacturers
So, common sense tells me that because you have trusted so many people, in practice, it is very unlikely you can have end-to-end encryption or any real ambition to have privacy.
This does not even consider more aspects, like your operating system, your sources of entropy, etc.
Other than that, it's doable.
Spam protection and censorship (necessary for mobile app stores) can be distributed as opt-out blacklists. If it gets to be a huge problem then a "enter this password to add me" type thing could work too.
I've been compiling a bunch of ideas as such for fully P2P decentralized/encrypted chat, but I'm stuck at the two issues I mentioned earlier.
Nobody has a 100% open smartphone stack from the baseband up to the application.
It's just mildly more difficult than a subpoena to Facebook asking for all messages.
So it's definitely covered by a different legal regime, to set aside the technical bits.
I don't know what government is doing snooping on facebook messenger. I would be blindsided if real crime was happening that way.
People moved onto other messengers like WhatsApp for those purposes.
Heck people use snapchat expiring messages to relay info on illicit activities.
It is not farfetched at all people are using FB messenger, signal, anything for that purpose.
Law enforcement and government are addicted to power to an unhealthy degree. Convincing people to voluntarily give up power is rarely successful.
You seem to believe majority support is enough to make something happen. It is not.
The Public Option has 75% popular support. Medicare-For-All has 59% popular support.
Yet we have neither.
I didn't live in the past, but my reading of it leads me to believe that, at least through US history, it seemed that the public consciousness in the past has had very real skepticism of authority.
Perhaps that is the opposite today in many parts of the developed world. For example, a German guy recently looked me dead in the eye, smiled, and said sincerely: "But why would anybody not trust their government?"
So we have two seemingly popular things that haven't happened and one that has happened but was not so popular (but it turns out that it was more popular than was suspected by anyone beforehand). I'm afraid that is politics. If it helps, I am not a fan of Brexit but will have to live with it anyway.
There is no conspiracy and I don't think that it is fair to accuse your police and government of being arseholes (to put words in your mouth!) Sometimes we simply have to accept that our personal will does not always dovetail with that of the majority - that is how democracy works. To be fair though, there is also nothing wrong with getting a good rant in on HN.
If you feel really strongly about healthcare, why not emigrate to the UK? Our NHS is bloody amazing and only costs: https://www.gov.uk/national-insurance/how-much-you-pay - roughly 12% of your salary. There is a lower band and an upper band so it is not 12% of everything you earn and it also covers unemployment payments and other things.
That's true. But said acceptance doesn't need to translate to acceptance of the laws that the misguided majority enacts - you can sabotage those instead, Underground Railroad style.
You've clearly never dealt with either in the US for a protracted period of time.
Yes, they very much are. Their response to them breaking the law and/or making a mistake is "Fuck off, sue us."
> If you feel really strongly about healthcare, why not emigrate to the UK? Our NHS is bloody amazing and only costs: https://www.gov.uk/national-insurance/how-much-you-pay - roughly 12% of your salary. There is a lower band and an upper band so it is not 12% of everything you earn and it also covers unemployment payments and other things.
A) You are moving the goal posts from the original discussion.
B) I was born here. I'm not leaving just because I don't win every battle.
> Brexit was decided on an embarrassingly close vote: 51.9%
> The four most recent readings - taken by BMG Research and Survation between November and January - have, on average, once the 8% who said "don't know" are left to one side, put Remain on 52% and Leave on 48%.
Now that it isn't being influenced by an outside party, it is no longer narrowly winning.
To be honest, I don't think people should cry they have a mandate from the people with less than a 55% majority.
My original point about Brexit being very close still stands and I would suggest that your Remain on 52% and Leave on 48% are still very close given the sheer pain of the separation that has become apparent since the original vote (you try listening to the news here - its bloody boring.) If you had waved say 60% Remain, I might take notice.
Can I ask what 55 is? (for instance, in India 66 is a special percentage required for some bills).
It is a bit nuanced but there are several forms of fund raising and such that require a 55% majority to pass.
We have other things that require a 2/3rds majority as well.
I get paid better over here, and the weather in the UK is shit.
This sounds like a highly irresponsible tactic if your actual goal is to help people.
There is no reason to believe that the state will afford the kind of changes you're describing, and even if it does, no reason to believe that it will obey the new laws in question.
While you are busy keeping yourself safe by staying within the lines of a tyrannical coloring book, real people are suffering the consequences of surveillance.
Even if this were possible: why constrain the internet, whose constituency is international and impetus is mathematical, to the confines of some ridiculous tantrum-throwing government and its childish ideas of control? What's the benefit?
Changing the law means nothing if it gets changed back the following decade.
Technical solutions tend to be more permanent.
Your solution is equivalent to saying "why are we focused so much on pretecting ourselves from hackers? We should instead change society such that nobody even WANTS to be a hacker!"
Umm... Signal is open-source, so unless they outlaw encryption across the board, the worst-case scenario is someone just has to fork it.
Users should be given the option to use peer to peer strong encryption with friends they whitelist.
This is a good best practice and SHOULD be used everywhere.
It does not prevent any attacker, government or otherwise, from making client implementations do things like:
* add in third party key distribution (backdoor the conversation)
* send a 'backup' of keys or other details to a central server
* directly man in the middle by only establishing a "secure" connection to a middle server
* compromise the situation in other ways; E.G. using a flawed "random" source
Would this, or could this, fall under compelled speech? Especially if an employee is using the product themselves?
What technical solution is going to protect the human being from the indignity of security personnel presuming the right to going through your personal papers and thoughts? And this is already in effect in US airports with no pushback.
It is this denial by many about what is happening at home and the absence of mainstream protests and push back that has allowed the the rise of surveillance capitalism, the NSA, secret courts, secret orders, secret processes and brazen surveillance demands by governments.
The worse it becomes the more the need to posture and distract by seeking to hold others accountable for the very things you are neck deep in.
Article on Reddit: "Delete Facebook! Fuck Zuckerberg."
Makes sense, as these are the respective target audiences of the two communities.
Sarah Jeong mocks white racists, no ban, fine.
Candace Owens copy/pastes Sarah Jeong's tweets, gets banned, not fine.
A world in which Alex Jones gets banned but ISIS does not is total insanity.
To reiterate, I don't want any of the above to be banned/censored. However, in an world in which the above facts exist, I am suggesting I do not understand what the rules are at all. It seems random and arbitrary.
We need to build our own p2p and e2e secure chat client like whatsapp which works on every platform.
Sure, it's possible - skype was exactly this before except for the e2e part.
Why we techies can't? Let's make a group and dissect the problem in our free time. Who is up for it?