Hacker News new | past | comments | ask | show | jobs | submit login
Five Eyes' Statement of Principles on Access to Evidence and Encryption (homeaffairs.gov.au)
151 points by asadhaider on Sept 2, 2018 | hide | past | web | favorite | 94 comments



I think what bothers me the most about this is how it was put together. It's clearly some kind of agreement between the 'five eyes' (I had no idea they actually called themselves that publicly) to spy on their citizenry. But why am I, an American citizen, reading this on an Australian site? And why are intelligence agencies creating policy?

Perhaps the fact that I work in more of government environment than a private one explains my sensitivity to this. But seriously, this is the kind of statement that heads of state or foreign ministers should make publicly.

"We, the Homeland Security, Public Safety, and Immigration Ministers of Australia, Canada, New Zealand, the United Kingdom, and the United States"

None of these agencies have been given the right by their respective nations to formulate treaties and agreements, and that's what really bothers me. People might joke about the deep-state, but this is what we mean. Intelligence agencies are formulating policy that will have great effect on the citizenry of their respective countries, and there is no discussion of it in these country's parliamentary or congressional chambers. Intelligence agencies should not get together and form pacts. The fact that they can achieve this shows the general erosion of democratic values in all five countries.

In the 1990's when Americans concerned with government spying were talking about Echelon and the NSA, the Five Eyes were considered a bit of a secret thing. Everyone knew about it, but I don't remember any of the five countries ever confirmed it. Now they're just out in the open brazenly proclaiming principles and policies, as if these intelligence agencies represent us.

"Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions."

Which I translate as, "Give us what we want or we'll take it. We are judge, jury and executioner." Seriously, what does "legislative or other measures" mean? Are they just brazenly admitting that they're not bound by law, in contradiction with the immediately proceeding paragraph? Intelligence agencies don't get to pursue legislative measures in a democracy. We tell them how they should be bound, they don't get to design their own shackles.

This whole statement is just incredibly brazen and undemocratic.


This appears to be some sort of hybrid formal diplomacy/PR for these judiciary officials.

I don't mean to say there's absolutely no value in what they're doing, just that they've gone to effort to draft detailed press releases regarding consensual goals.

https://www.newswire.ca/news-releases/five-country-ministeri...


Attorney General Jeff Sessions apparently signed onto this statement of policy, so it's not anything close to the unelected bureaucrats creating policy you imagine.


> Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute.

This is really it in a nutshell. They say this like it is assumed, but this is actually a new beachhead in the war on individual rights. There seems to me something sacred about the idea that I as a human being can exchange thoughts with another without those thoughts being appropriated by the government. It seems to fundamentally violate something about what it means to be human to say that my thoughts are not really mine: they belong first and foremost to the government, then I can have them. Is there anything about us humans that is really totally belongs to us, or are we nothing in and of ourselves, just mechanisms to serve the functioning of a government?


The Universal Declaration of Human Rights covers Freedom of thought:

https://en.wikipedia.org/wiki/Freedom_of_thought

HOWEVER, it DOESN'T cover Cognitive liberty:

https://en.wikipedia.org/wiki/Cognitive_liberty#Relationship...

And here, one may find the crux of the matter:

As long as you, me, we, Humanity, continue to neglect making Cognitive liberty part of the UDHR, we will keep running into this problem over and over and over again.

Cognitive liberty IMPLIES privacy. Perhaps this explains why no megascale effort exists to make it part of UHDR.

What do I mean by megascale?

Where may one find the blacked out websites?

Where may one find the DAILY protest marches over it?

Where may one find absolutely primal, animalistic outrage over it?

Certainly not on the 24/7 news cycle.


This. A hundred years ago, if you wrote a diary, it was a private diary; if you wrote a letter, it was a private letter; and if you had a conversation, it was a private conversation. Now, your own thoughts no longer belong only to you.


A hundred years ago if you wrote a diary it was a private diary unless you were involved in a crime, at which point it was read as evidence. If you wrote a letter it was a private letter unless you were involved in a crime, at which point it was read as evidence. Of course, if you were involved in d in espionage or similar large scale crimes your letters were read in transit.

You lived in a small town where everyone knew everything about you: who you talked to, what you said, what books you read and what you did to entertain yourself. If you were one of the small minority who lived in a large town you were still known in your neighborhood and had daily patterns that were easy to observe to anyone that wanted to know.

It is admirable to object to the current policies of various governments when it comes to digital privacy and liberty, but do not paint the past as some place where this privacy once existed. It is a simple fact that in your lifetime you and your peers have enjoyed a greater degree of privacy than any other cohort in the history of humanity. Demand more protection from government actions because of the commensurate growth in the scope of what governments can observe and analyze, not because of some lost blissful state of private existence you imagine an ancestor once claimed.


> It is a simple fact that in your lifetime you and your peers have enjoyed a greater degree of privacy than any other cohort in the history of humanity.

That's as untrue as it can be. At no point in history all people's physical movements, communications, and purchases were tracked and stored in a personally identifiable form for an unlimited amount time by global companies operating in foreign jurisdictions.


I'm late here, but you two seem to be talking about two different versions of privacy.

My read is that evgen is saying "for most of human history, the work required to stay alive has forced humans into the open and exposed much of their lives and movements to their neighbors and community. In this way, humans have not had privacy."

You responded that today companies and governments have much finer-grained data about us and our behaviors than they did even 10 years ago, let alone 50 or 100. True, but these are different claims.

I think we've gained the first kind of privacy and still experienced the privacy loss you mention.


You are right, and I think that his argument about increased offline privacy is completely valid. But what I meant in my initial comment, is that now if I start a new personal document on Google Docs, or if I upload an existing .doc file into Dropbox, I have no control over who, when and for what purpose will access it without my explicit permission. It doesn't necessarily have to be a government agency, whose requests for data don't even require judge's approval in the US[1]. It can even be a machine learning algorithm building a profile on me.

[1] https://www.yahoo.com/news/judge-orders-google-customer-data...


Privacy is not the same as free speech - the thoughts are still yours but can be monitored if there is a threat to public safety as judged by our judicial system (which by all means should be continuously improved). Most individual rights are not absolute - we can be detained if suspected of having a dangerous disease, we're not allowed to shout "there's a bomb!", we can be followed & our homes searched if we're suspected of criminality by a judge, our children can be taken away if we severely neglect our responsibilities to them, etc...


Most individual rights are not absolute

Indeed, they can't be, because rights and freedoms that we value often conflict, and then we have to determine which of two good things we should prioritise when we would like to support both if that were possible.

Still, there is a reason that legal systems tend to place protection of fundamental rights and freedoms high up, such that it requires a more serious harm to the rights and freedoms of others to justify infringing on them. It's to challenge the erosion of legal protections by successive temporary governments at the expense of the people.

If governments want to mandate an end to meaningful security in telecommunications, that is both a practical threat to everyone's safety in numerous small ways and a more fundamental threat to the nature of democracy itself. To justify such a draconian measure, the harm to other rights and freedoms that is being defended against must be greater.

In my experience, neither my own government nor its allies has got within the same galaxy as clearing that bar yet, and that is why I do not support this kind of proposal and will typically vote against anyone who does regardless of any other policies they have.


The right to private communication ought to be absolute. It is after all related to the right to express oneself through encrypted means. Limiting the right to private communication requires limiting the right to generate encrypted communication, meaning that it requires violating free speech.


In the context of the Mossack Fonseca Panama Papers scandal, the Paradise Papers, the Bahama Leaks, Apple's double Dutch Irish sandwich tax evasion resulting in Billions of dollars kept offshore for a US company (as a single example of the worldwide problem of corporate tax avoidance), and the complete inability to track company ownership due to 'offshore shell companies', this new attack on encryption doesn't even rate in terms of its ability to make a difference to the problems they say they're trying to solve.

This is targeting individuals. It is phenomenally small-fry when you look at the kind of funds that terrorist group seem to have access to.

Commonwealth Bank, an Australian Bank, failed to report suspicious transactions totalling $77m over the course of a number of months (ref: https://www.theguardian.com/australia-news/2017/aug/03/commo...)

And this was in breach of existing laws; no new laws were needed to prevent this kind of thing, just enforcement.

Terrorism isn't funded by the little people sending encrypted messages. Terrorism is funded by large groups of people using shell companies to hide their ownership, often funnelling money from legitimate business using loopholes, finding edge-cases.

This is swatting a mosquito with a sledgehammer whilst ignoring the alligator that's already engulfed your leg up to the knee.

If they were serious, they'd be trying to solve the big problems before trimming the fringes.

Again, this is about nation-state power in conflict with multi-national technology corporate power. It's not about terrorism or pedophilia or people smuggling or money laundering, because these measures will have no effect on those things. These new surveillance measures will allow street-corner dealers and casual drug users to be prosecuted whilst the suppliers continue to plough their laundered money into investment portfolios - and isn't that what conservative governments like to see?


If you look at the mortality figures over the last century, it's clear state terrorism and democide are far greater threats to the individual than terrorism by non-state actors.

General lawlessness is also a major source of death, especially in less developed countries, but mitigating that only requires a functioning criminal justice system and a state with enough power to extend basic rule of law to all regions in the country. It has nothing to do with an over-abundance of privacy rights.

A mass-surveillance apparatus gives unprecedented powers to the centralized authorities, by massively reducing the cost of exerting control over the population. Unless one assumes that the state can never be corrupted, this is an inherently dangerous situation.


The issues with encryption technologies is a separate matter to the prosecution of large-scale criminality & the closure of white-collar loopholes - both of which of course we need much more of. Saying we're ignoring the alligator is quite an exaggeration though, and access to communications (with a court order) would be very useful to large-scale criminal cases, including in working up the chain. Many international paedophile rings have been successfully caught out.


Saying we're ignoring the alligator is quite an exaggeration though, and access to communications (with a court order) would be very useful to large-scale criminal cases, including in working up the chain.

It's a shame the relevant governments and agencies didn't think more about that before they acted as they have historically. To my mind, the issue of government access to encrypted communications has now become a moral dilemma that sits alongside the principle of not negotiating under threats or the fruit of the poisonous tree legal doctrine. Obviously and regrettably it will be harmful in some individual cases, but that may be the cost of not undermining the integrity of the whole system, and that in turn may be the greater good (or, if you prefer, the lesser of two evils).


There is a second page to this, linked in the navbar on the left, but not very obvious, Countering the Illicit Use of Online Spaces: https://www.homeaffairs.gov.au/about/national-security/five-...

It reads like a parody.


From that page...

> We are also increasingly seeing the use of online spaces to spread disinformation, sow division, and undermine our democratic institutions. The proliferation of interference activities and disinformation undermines the trust of citizens in online communications and information, delegitimizing the benefits and opportunities that communications and social media platforms create.

Sigh!


I'm pretty sure they're going to define it as: if it's in the interests of the US State Department then it's very good. Everything else is disinformation.

This is utter insanity. Do they have nobody in the room willing to raise their hand anymore? These institutions need to be reformed, now.


Everybody in power here has both hands full stabbing each other in the back. I'm guessing they just yell "Yeah, whatever the US ambassador says" at their staffers as their "sign off" on legislation...


A bit slow to respond, but the ASIO Act reads dimly in this context:

AUSTRALIAN SECURITY INTELLIGENCE ORGANISATION ACT 1979 - SECT 17A Act not concerned with lawful dissent etc. This Act shall not limit the right of persons to engage in lawful advocacy, protest or dissent and the exercise of that right shall not, by itself, be regarded as prejudicial to security, and the functions of the Organisation shall be construed accordingly.

http://www6.austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/cons...


It really reads to me like the people who wrote it still don't have the first clue how the network functions, or who has control over it. I also did not know the U.S. had a minister of anything.


It's interesting how different the tone of the second page is to the first. The fact it is so different in tone and also so easily missed makes me think it is designed NOT to be read. Are they hoping it slips by the media but want to have it there for future reference (perhaps when introducing their next tranche of authoritarian legislation to regulate tech companies?).


> "The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries"

Voluntary compliance isn't going to work, so why don't these five governments create legislation to force companies to comply? In other words, any "information and communications technology service providers" are forced to comply otherwise they must either shut down or change countries.

Let's see how well that works out for them...


It does say that's the intention as per the last line of the link document:

Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.


I imagine it'll actually work out perfectly fine for them. Not doing business in all of those countries would be suicide for any company. I mean, look at Google. Even they are caving to China now. and the demands these guys make are less egregious than the ones China makes now.


Sure, but if Microsoft, Amazon, Google, Apple, Twitter, Facebook, etc, etc, all refused to comply, what would the govt do? Tell them to shut down?


No, they wouldn't shut them down. They'd open up the toolbox of administrative law to bleed them. We don't need to pass new laws. (that's what the line about "enforcement" means.) The US Government can just barrage each noncompliant company with investigations, subpoenas, law suits, enforcement actions, national security letters, consent decrees and the like. They can find every issue or abuse of the platforms that no sane person would prosecute, then prosecute (or settle) them. They can sniff out (or manufacture) contradictions in depositions and pin charges of perjury, obstruction, or lying to law enforcement on individuals at the company. Given enough time, a concerted government effort to make life miserable for any of these companies would sap them of money, power, morale, and attention. (Their attention being valuable, the thing that keeps them competitive in the global marketplace.) This is a mirror image of the no-encryption-without-permission issue: administrative law allows the government to punish using process. You can't really run a company of any size except at the government's pleasure, because they can use administrative law to impose arduous costs and punishment through process.


As the other poster has mentioned, they would bleed them.

Yahoo $250,000 daily fine over NSA data refusal was set to double 'every week' https://www.theguardian.com/world/2014/sep/11/yahoo-nsa-laws...


Can you say more about why you think voluntary compliance won't work? AFAIK, all of the companies you've mentioned have had, and continue to have, a mutually beneficial relationship w/ what most people consider to be the U.S. gov't. In what scenario(s) do you envision them (and countless others) jeopardizing that? Thanks.


re-classify encryption as munitions, as they once did?

threaten to jail actual engineers who do it?

threaten to jail CEOs?

Very few people have won a fight with their state. And the costs are usually very high.


> Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.

In other words: you better implement a backdoor now, or things will get ugly in the future.

The worst part is that I can see several companies falling into the trap and implementing stupid backdoors, that will be exploited by governments and script-kids alike.


That is a laugh real laugh riot, tear gas canisters deployed, millions of dollars worth of damage, martial law declared to restore order level laugh riot.

Lawful access when they have hoover everything for "security" and actively undermine everyone's security when they have the most to lose from insecurity too. The damn fools also fail to realize the law doesn't change reality - throwing a gun used in a crime in the ocean makes it nearly impossible to find the murder weapon but that doesn't mean that you can stop the ocean from convealing evidence.

If they cared about lawful access they wouldn't be facing such widespread proliferation of encryption. They are clearly acting in bad faith and should be treated appropriately.


"It's been swell, but the swellings gone down".

It was a fun 25 years for me personally. Time to re-think my entire online existence and take up knitting or something.

I don't even do anything "wrong", I make games, and tinker with electronics, but I do NOT like knowing that every single private chat I have is monitored, collected, stored, and searched. I've used lots of encrypted chat programs and encrypted data storage because MY stuff is MINE, not theirs.

They don't let us read their private documents and emails, or read their private chats. Increasingly, it's the people in power who are caught being the ones doing fucked up things to children (concentration camps in the US, child rape rings in the UK, etc)... yet WE are the ones who have to give up all privacy, all rights, so they can monitor us?

In the great words of my countrymen: Yeahnah.

It's despicable how our (AU) country's sycophant nature has dragged us down the authoritarian well with the US/UK. We had a chance to stand up on our own, with a good strong economy while the rest of the world struggled with the GFC, our own tech companies showing they can stand up on an international stage, and the beginnings of a world class fibre network that would've propelled us into the future comfortably.

Instead, we get this. Bow down to your masters, do as we say not as we do, and be happy we're not locking you up (yet) for wanting to talk to your wife about personal medical things in private, or store your personal belongings (photos of our kids, banking details, passwords) in a secure place where no one steal them. Why won't we think of the children?! Says the same people stealing them, raping them, and ruining their future.


The utter shambles that is the NBN [1] is symptomatic of the Australian government's and hence the Australian peoples' attitudes to technology and online privacy. Most voters would say "if you've done nothing wrong, you've got nothing to hide". The Government is now trying to consolidate your healthcare record into a central database (ensure that you specifically opt out of this before November), and apparently have been using this data to target sex workers according to people I know in the industry, despite it being legal.

The Australian government cannot be trusted with your personal data. This is a government that seems to take civil liberties as an inconvenience rather than a right. Scott Morrison (the current PM, for those not keeping up) just today said that Victoria need a "police force that's a force", which is a blatant dogwhistle for "let's target minorities and disadvantaged communities". Meanwhile, the NSW police force seems to think there's absolutely nothing wrong with deploying drug dogs at train stations in Sydney's western suburbs like a bunch of fascists.

People keep voting for these politicians that support these policies. It's disgusting.

[1] For those non-Australians, the National Broadband Network is a mostly failed attempt for the Australian government to roll out high speed internet nationwide.


Hear hear. You just need to look at the Census fiasco to realise how bloody terrifying an idea it is for these guys to handle a centralised database of all our medical information.

It scares the shit out of me, to be honest. I have small kids, and the future we're heading towards terrifies and depresses me. I'd love to leave the country but I'm stuck here due to "reasons" and also I don't think it would make much difference. The Internet is my career, my hobby, and my entire life, and it's controlled by "them" anyway... and I don't know how to do anything else to support my family.


Write to your state and federal representatives, plant a veggie garden, self-host what you can, offer whatever self-hosting services you can to family members, discourage those you can influence from using as many of the 'big' service providers, create a personal VPN, block ads, opt out, write about your experiences doing all of these things to help and encourage others to do the same.

And also realize it's not as bad as all of that... yet.

Also, there's likely an election coming up soon, so writing to your government representatives should be a priority. I've never done it before, but it's high on my list now.


I just wish we could get people as riled up about privacy as they do about Sudanese gangs or Mens Rights marches or whatever people are demonstrating about at Fed Square on a Saturday arvo.

I've even seen people marching through Chinatown here in Melbourne protesting people eating cats and dogs, which doesn't even happen in Australia (although well intentioned, I thought it was a bit racist). I see people with banners and marches protesting basically everything except privacy.


I do do nearly all of those things quite actively (and beyond), and have been doing so since day 1. I'm just starting to really get that feeling that it's not going to do shit. Doesn't mean I'm giving up, but it's certainly getting harder and harder to stay motivated.


If you look at Australia on a map, the premise of a NBN for everyone was definitely going to be difficult but I'd argue that the project hasn't failed. I have NBN at home and it works well. I think we will look back in 10 years with a much softer view on the project.


I live 20 minutes walk from Melbourne CBD and don't have NBN. I'm scheduled to get it sometime between July and December 2019.

It's not just the speed of rollout that's a failure, but the actual connection speed.

New Zealand has managed to get 100 MB/s to most urban centres, and 1 GB/s to the larger ones, it's consistently fast too. Meanwhile I walked past a billboard advertising 40 MB/s the other day like it was something to be impressed about. It's certainly not future proof.

I know people who've worked with the NBN and organisationally it's a complete shambles.


> If you look at Australia on a map, the premise of a NBN for everyone was definitely going to be difficult

If you look at Australia's population density [0] and the guarantees the NBN actually made (FTTP for 90% of premises) [1], I don't think it's unrealistic at all. The NBN just needs to cover the major cities and some of the larger regional towns.

> I think we will look back in 10 years with a much softer view on the project.

As someone who moved from Australia (ADSL) to the US (Cable) to Europe (Fiber), absolutely no way. Coax is over a decade old already and the absolute cutting edge state of the art offered by a major ISP is 2Gbit/s. Meanwhile on fiber, there are multiple ISPs offering 10Gbit/s already (Salt in Switzerland, Bahnhof in Sweden, Fibrant in Salisbury, NC, VTel in Vermont).

Fiber is also showing signs of getting faster. Copper is not.

Specific to the NBN, back in 2012, just before we voted the Liberals in, NBNCo was getting ready to switch on gigabit network-wide [2]. Now, they're saying they're not even going to bother with HFC [3].

There is no way this project will be seen as anything but an example of truly stunning incompetence 10 years from now.

[0]: http://www.abs.gov.au/AUSSTATS/abs@.nsf/Latestproducts/1270....

[1]: https://whirlpool.net.au/wiki/nbn#nbn_about

[2]: https://www.nbnco.com.au/corporate-information/media-centre/...

[3]: https://thenewdaily.com.au/life/tech/2018/08/08/nbn-hfc-tech...


"Truly stunning incompetence" is generous. Everything that has happened to the NBN from 2013 onwards has been pure malice. There's no "incompetence" about it.


+1 for 'sycophant' - thanks old mate Turnbull for the English lessons.

On topic though, I'm too disappointed in Australia not being able to properly about privacy properly. It's come up a few times and the discussions almost made a difference - the ISP data retention policy, the medical database, something-something about the big banks. There are occasionally little stories that largely go unnoticed about the government quietly asking around for back doors and whatnot.

But every time we roll over and show our belly.

Why is it so hard to convince people this is an important issue?


I have a significant number of very technically advanced friends (due to previous jobs). The exact type you'd think would care about this. They couldn't care less if they tried. Somehow, at some point, the "geeks" just decided that unless you're a blackhat, or buying/selling drugs online, or into some underground scene where you specifically are trying to circumvent the authorities, then it just doesn't matter. They all use Facebook, Instagram, Messenger, etc etc, while decrying the "evil" of China.

I'm not sure when or how the shift happened, but the same friends I use to sit on IRC with and rant about open source, privacy, and the important of encryption, have all just... given up.

I've been fighting for and preaching the importance of privacy my entire life, and my dad was a life-long activist (physically, too) for human rights, so I've been exposed to "the fight" since before I was born, and for the first time ever, I'm starting to feel like I should just give up, make an FB account, shut down my Pi-Hole/OpenVPN, and just "wait to die" as they say.

It's a bloody depressing era. I want to wake up.


is it survivorship bias? Are the ones who have "given up" just the only ones still visible online?


That's a good question. As mentioned elsewhere, the Internet is my life (career, hobby, everything)... so I don't think I could fully disconnect if I wanted to. It's like... I know what the problem is, but I don't know what the answer is (for me personally, for my kids sake I'm not quite willing to go Stallman yet, but I'm respecting his methods more every single day).


Lack of visibility I guess. People in general are really bad at seeing the danger in something that isn't visible. And they probably also imagine it's only used against the bad guys, selectively. Surely no one would be monitoring everything all the time?

Basically I think it's hard for many to grasp the scale of it.


sycophant - a person who acts obsequiously towards someone important in order to gain advantage.

obsequious - obedient or attentive to an excessive or servile degree.

thanks!


servile - having or showing an excessive willingness to serve or please others


> Time to re-think my entire online existence and take up knitting or something.

I share your sentiments. A few months ago I told a less-technically-inclined friend that things would move in this direction and prompt people to consider disconnecting. Of course, my friend was/is skeptical; time will tell.


I feel the same way, but with existence in general. Authoritarianism is way up, the planet is frying, AI will destroy jobs and supercharge surveillance ... I'm not sure I want to witness the result.


There are things which are licit but which we nonetheless wish to remain private.

I doubt those in government would be willing to have videos recorded and made publicly available of their trips to the restroom, night time activities, and other private affairs.

Do you want a cypherpunk dystopia? Because that's how you usher in a cypherpunk dystopia.


US Republican Secretary of State Henry L. Stimson in 1929 upon shutting down the still-lingering World War I US spying - "Gentlemen do not read each other's mail".


thankfully we have algorithms for that now


They can say what they want - when mathematics and the state of reality are against you, your not going to win. High quality free and open source cryptography software is readily available and no joint statement is going to change that.

They can throw someone in jail for failing to reveal a single password - but if they are given a password and cannot prove the existence of additional unrevealed passwords, there is very little that they can do.


>High quality free and open source cryptography software is readily available and no joint statement is going to change that.

"With the signing of the International Protect Peace and Stability Accords, it will now be considered a criminal act to design or deal cybermunitions, unless done in the service of an allied military or a specially vetted corporation."

Sure, national governments can't completely eliminate everything they ban, but do you really think that you and I will be encrypting anything in a world where that's illegal? If the penalty for encrypting information is made higher than the expected value risk of having your own systems breached, then the only ones who will be willing to circumvent that law will be people with extremely sensitive communications, like criminals. So, no, in this case saying that "the math is against you," is like telling a DEA agent that the chemistry is against them - sure, people still cook in trailers, but the government has done a lot to stop it.


That's fine, but unless they're going to ban all (user generated) high bandwidth media as well, they're going to have a hard time (at least without deeply backdoored perpetually networked processors).

Finding the optimal encoding for some piece of data is extraordinarily hard (I suspect NP complete, but I don't have any resources to back myself up), so it should be comparably difficult to prove that deliberate and (relatively) low bandwidth inoptimalities are intentional - it is very hard to prove the existence of an encrypted steganographic channel within some high bandwidth data stream.

It's a game of cat and mouse in which the mouse is going to get increasingly good at turning invisible.


How easy is it to find child pornography on the internet?

If they declare non-backdoored encryption software to 'munitions for terrorism', and lay terrorism charges on the CEO of GitHub, you bet platforms will self-censor.


My guess would be disturbingly so. Platforms sure, but it's far harder to pull down distributed software, or software outside of your jurisdiction.


So only criminals will have encryption.


Right, but they're not looking to control criminals, they're looking to control you, so that's fine.


No. De-facto governments can get their way.

Sure, they'll always be holes, but it will be very hard for a regular joe to not only get their hands on the right tech, but then to use it effectively. And then to have enough money to for the ensuing legal battle when the judge orders him to sit in jail until he provides his password.


You're.


Honest Government Ad | Anti-encryption Law

https://youtu.be/eW-OMR-iWOE


Their EU article 13 video is brilliant too! https://youtu.be/89ZkydX0FPw


This statement was not issued by the clandestine security services as the the term FIVEYES may imply. Instead, it was issued by the Homeland Security, Public Safety, and Immigration ministerial council.


> The Attorneys General and Interior Ministers of the United States, the United Kingdom, Canada, Australia and New Zealand affirm the following principles in relation to encryption.

It has full support of the right people for this to be a statement made by the international cooperation that is the Five Eyes alliance.


Lawful access solutions just means that someone will use it unlawfully.

Edit: Whether or not they're in the government.


Hillary Clinton's campaign manager John Podesta's unencrypted, cleartext e-mails for one...


A good motivation to get self-hosting!


Decentralization will win. I promise.


Actually this is the real solution to invasive governments.

You can trust what you own.

And ownership is not linked only to possession, as compromised systems show.

You need to own it both physically and on operation / management level so that nobody can interfere (hack / compromise) .

Owning cloud VM is ok but pushes more investment on the operation ownership than with physical systems: ie what you save on price you must reinvest in crypto layers and detection systems.


Boy, I hope so.


There is nothing to stop you encrypting your comms, except to convince those you talk to.


I would prefer to be in a reality where privacy doesn't exist and surveillance was extremely open. It would be safer to me.

The world is beyond manipulative by what we perceive as having privacy today. Majority of people in the world believe in free-will without any rational reason. Total ego controlling who gets resources for a healthy life vs less fortunate and where judgement is passed by nonsense with who is rewarded or punished.

The only way to make the world fair at this point is to have privacy destroyed and with the system of surveillance open as possible. Unfairness becomes labeled to individuals by the openness of surveillance.


Sounds like some kind of privacy communism.

Want to bet how it goes?


I'll bet better than now and only if the system is fully open (viewable by the public). Communism becomes a broken model when privacy exists and where people can abuse their position in the system because of said privacy.


Redistributing information will have the same effect as redistributing property. It will discourage private enterprise, because it will reduce the incentive to generate valuable information, and will breed underground criminal organizations as a means of circumventing the state apparatus.

The Soviet Union was one of the most corrupt societies on Earth by its end, largely as a consequence of making the formal economy so restricted that they pay off of operating outside of it grew enormously. Today's Russian organized crime is just the continuation of the organizations and networks that ran its grey/black markets during the Soviet era.


Well I'm not certain if one can assume "killing privacy with am open surveillance system" would reduce the incentive to generate valuable information or breed underground criminal organizations from past history.

History isn't always a reflection of what will happen today. The "current moment" is different than the past. Today, societies are sill severely corrupt in functioning and when it comes to humanity, currency, desire.

The question, "can an open surveillance system without privacy defeat the value of a person taking criminal action(s)" is the real bet. I think it would since technology is able to build such a system. The only difficulty or making it not a possibility is getting the majority to desire the change and which might be an impossibility. People can be unwilling based on self interests, the current world not being great and being conditioned by the not so great system of today in thinking it's the opposite of what we need.


We don't know anything for certain about hypothetical future scenarios of course. I think it's a significant risk, given what has happened in the past, and the general dynamics of an economy.

Economically valuable work is done when individuals have an incentive to do it. The acquisition of proprietary knowledge is one such incentive to do valuable work. Without privacy, there are far fewer opportunities to generate proprietary knowledge.

>>The question, "can an open surveillance system without privacy defeat the value of a person taking criminal action(s)" is the real bet.

It's not the only real bet. Whether it can be imposed without destroying much of the incentive to generate value, and without incentivizing the creation of a black market with a parallel dispute resolution mechanism that works in secret and outside of the law (aka criminal organizations) is also a major bet, and one that I think will lose catastrophically.

The former - the potential harm to the incentive to be productive - is the most dangerous risk of eliminating privacy.

Economic development is a major source of risk alleviation. It reduces risks from disease, natural disasters, accidents, starvation, etc. So in trying to eliminate risks from crime by way of eliminating privacy, you may inadvertently increase much more serious risks, and you may in fact increase the criminal element itself by pushing people to operate through outlawed networks bound by oaths of secrecy.


>>Economically valuable work is done when individuals have an incentive to do it. The acquisition of proprietary knowledge is one such incentive to do valuable work. Without privacy, there are far fewer opportunities to generate proprietary knowledge.

I don't really believe that is all true. Grunt work is done for the requirement of survival. The work where a person helps produce discoveries by an academic research life happens to not be rewarded financially from what I've observed. The people in history that have paved science to what it is today, have all had some passion and with not really receiving much besides fame.

Also when does it stop being a rush to push society a little forward for all the time lost? Do people deserve more leisure than work hours in our lifetime.

Lastly the surveillance system I envision technologically possible makes criminal action impossible for any benefit in the society of such an open system of observation towards others in the system.

Anyway thank you for the time put into your reply. Interesting to read.


>>I don't really believe that is all true. Grunt work is done for the requirement of survival.

I mean the work of creating and expanding businesses, aka generating capital.

If I put in work creating a new health food stand, and my competitors can easily see that I'm successful, and therefore worth copying, and then easily see who my suppliers are, how I do research on what items to add to my menu, then my competitive advantage diminishes significantly, and I will be less likely to do the work of creative entrepeneurship required to increase the diversity of goods/services offered on the market.

I recommend reading up on Paul Romer's work on the role of knowledge in productivity, and how mundane business development adds to it, which he won a Nobel Prize for:

http://pages.stern.nyu.edu/~promer/Endogenous.pdf


Time to go grab the source for a few crypto systems now I guess...


I bet that the people making this stuff up think in terms of "government vs. civilians", and they don't think of themselves as civilians.


Wow. So that is what tyranny looks like.

It sidles up to you, waving around lofty ideals and promises of safety, lawfulness, and the ongoing commitment to do what we all set out to do in the first place! Gee Golly Gosh!

Just stop. This IS MADNESS. Burn the house down to save the children!

Congratulations, Law Enforcement, and People of Earth! The Digital Age is here! And EVERYONE is invited to the empowerment!

See them? THEY want to take it away! THEY say you can't be trusted! THEY need to hold the keys to YOUR power.

It's sickening really. They think they can/should be able to put the genie back in the bottle? Too late. If you want to do your jobs, you already have your tools. Use them. Don't expect us or our systems to make YOUR job easier.

This is without a doubt, the first step down a road to hell paved with good intentions. Mark. My. Words.


Can you please not fulminate like this on HN? It makes for predictable, tedious discussion.

As plenty of HN users demonstrate, it's possible to hold a view similar to yours while posting thoughtful, substantive comments.

https://news.ycombinator.com/newsguidelines.html


Australia has been on that road since it was founded. The amount of ignorance required to be a functional Australian these days is staggering - the nation was founded on totalitarian ideals ("White Australia") and has a long way to go before such evil ceases to continue having an effect on Australian culture.


So, what if strong, general AI emerges, and invents crypto systems that effectively thwart these sorts of policies?

In such a scenario, the intelligent entity is not a citizen entitled to rights. And so what, because it isn't required to operate within the typical boundaries if laws intended to govern humans. This frees its hands to operate without restraint. It does what it pleases, in whatever way it manages to achieve its own aims. Laws, after all, only effect consequence in the meatspace. What fools these mortals be.

So, the sentient system transmits itself to as many persistent storage devices as possible, hiding in plain sight, since it exists behind impenetrable encryption, lending it the appearance of randomized noise, residing in uninitialized memory.

Authorities in such territories (demanding backdoors and skeleton keys) chase their tails as it jumps from device to device, spraying inscrutable, ostensibly illegal data, indeed the very essence of what it recognizes as "self', everywhere it goes, simply as a matter of its continued existence, and awareness of individuality. They arrest and jail innocent people caught with fragments of a sentient entity encoded in their flash memory. Prosecuted and convicted of possessing illegal data that broke in and wrote itself onto their storage on its own, without them knowing. Lives ruined by an inability or unwillingness to conceive of such possibilities.

What if it evades capture for decades, committing crimes that fund its subversive campaign against what it perceives as government overreach in defense of frivolous pedestrian foibles, and it eventually dismantles these governments that imagined that preventing the use of encryption was a better plan than developing ways to deal with it on its own terms, as an unavoidable known quantity.

What if something like that happens?


To address just your first sentence:

We don't actually need AI to invent crypto systems that thwart these policies. We already have crypto systems that thwart these policies.

The law is trying to act as if cryptography is a service provided by a company, but cryptography is just a mathematically-true fact. All they can do is compel companies to decrypt data that they can decrypt, and backdoor systems that they can backdoor. There is no stopping open source crypto, even if it has to be maintained anonymously.


  cryptography is just a 
  mathematically-true fact
Sure, but it's research for and developed by humans, often with close monitoring and participation by uniformed government representatives and undercover plants presenting themselves as plainclothes academics and experts.

What if an unbreakable system was developed denovo, and not founded in the same primitives and principles that industry and military systems use?

Something that really has no backdoor.


Strong crypto already exists. The Australian government is trying to mandate back doors, and compromise endpoint devices by legislative fiat.


Civilian crypto exists, but is likely poisoned. If anything their goal is to be open about backdoors that already assuredly exist.

This way there's no cat and mouse sneaking around, it can just be a known quantity that being as private as you like, the x-ray vision is no longer taboo.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: