Perhaps the fact that I work in more of government environment than a private one explains my sensitivity to this. But seriously, this is the kind of statement that heads of state or foreign ministers should make publicly.
"We, the Homeland Security, Public Safety, and Immigration Ministers of Australia, Canada, New Zealand, the United Kingdom, and the United States"
None of these agencies have been given the right by their respective nations to formulate treaties and agreements, and that's what really bothers me. People might joke about the deep-state, but this is what we mean. Intelligence agencies are formulating policy that will have great effect on the citizenry of their respective countries, and there is no discussion of it in these country's parliamentary or congressional chambers. Intelligence agencies should not get together and form pacts. The fact that they can achieve this shows the general erosion of democratic values in all five countries.
In the 1990's when Americans concerned with government spying were talking about Echelon and the NSA, the Five Eyes were considered a bit of a secret thing. Everyone knew about it, but I don't remember any of the five countries ever confirmed it. Now they're just out in the open brazenly proclaiming principles and policies, as if these intelligence agencies represent us.
"Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions."
Which I translate as, "Give us what we want or we'll take it. We are judge, jury and executioner." Seriously, what does "legislative or other measures" mean? Are they just brazenly admitting that they're not bound by law, in contradiction with the immediately proceeding paragraph? Intelligence agencies don't get to pursue legislative measures in a democracy. We tell them how they should be bound, they don't get to design their own shackles.
This whole statement is just incredibly brazen and undemocratic.
I don't mean to say there's absolutely no value in what they're doing, just that they've gone to effort to draft detailed press releases regarding consensual goals.
This is really it in a nutshell. They say this like it is assumed, but this is actually a new beachhead in the war on individual rights. There seems to me something sacred about the idea that I as a human being can exchange thoughts with another without those thoughts being appropriated by the government. It seems to fundamentally violate something about what it means to be human to say that my thoughts are not really mine: they belong first and foremost to the government, then I can have them. Is there anything about us humans that is really totally belongs to us, or are we nothing in and of ourselves, just mechanisms to serve the functioning of a government?
HOWEVER, it DOESN'T cover Cognitive liberty:
And here, one may find the crux of the matter:
As long as you, me, we, Humanity, continue to neglect making Cognitive liberty part of the UDHR, we will keep running into this problem over and over and over again.
Cognitive liberty IMPLIES privacy. Perhaps this explains why no megascale effort exists to make it part of UHDR.
What do I mean by megascale?
Where may one find the blacked out websites?
Where may one find the DAILY protest marches over it?
Where may one find absolutely primal, animalistic outrage over it?
Certainly not on the 24/7 news cycle.
You lived in a small town where everyone knew everything about you: who you talked to, what you said, what books you read and what you did to entertain yourself. If you were one of the small minority who lived in a large town you were still known in your neighborhood and had daily patterns that were easy to observe to anyone that wanted to know.
It is admirable to object to the current policies of various governments when it comes to digital privacy and liberty, but do not paint the past as some place where this privacy once existed. It is a simple fact that in your lifetime you and your peers have enjoyed a greater degree of privacy than any other cohort in the history of humanity. Demand more protection from government actions because of the commensurate growth in the scope of what governments can observe and analyze, not because of some lost blissful state of private existence you imagine an ancestor once claimed.
That's as untrue as it can be. At no point in history all people's physical movements, communications, and purchases were tracked and stored in a personally identifiable form for an unlimited amount time by global companies operating in foreign jurisdictions.
My read is that evgen is saying "for most of human history, the work required to stay alive has forced humans into the open and exposed much of their lives and movements to their neighbors and community. In this way, humans have not had privacy."
You responded that today companies and governments have much finer-grained data about us and our behaviors than they did even 10 years ago, let alone 50 or 100. True, but these are different claims.
I think we've gained the first kind of privacy and still experienced the privacy loss you mention.
Indeed, they can't be, because rights and freedoms that we value often conflict, and then we have to determine which of two good things we should prioritise when we would like to support both if that were possible.
Still, there is a reason that legal systems tend to place protection of fundamental rights and freedoms high up, such that it requires a more serious harm to the rights and freedoms of others to justify infringing on them. It's to challenge the erosion of legal protections by successive temporary governments at the expense of the people.
If governments want to mandate an end to meaningful security in telecommunications, that is both a practical threat to everyone's safety in numerous small ways and a more fundamental threat to the nature of democracy itself. To justify such a draconian measure, the harm to other rights and freedoms that is being defended against must be greater.
In my experience, neither my own government nor its allies has got within the same galaxy as clearing that bar yet, and that is why I do not support this kind of proposal and will typically vote against anyone who does regardless of any other policies they have.
This is targeting individuals. It is phenomenally small-fry when you look at the kind of funds that terrorist group seem to have access to.
Commonwealth Bank, an Australian Bank, failed to report suspicious transactions totalling $77m over the course of a number of months (ref: https://www.theguardian.com/australia-news/2017/aug/03/commo...)
And this was in breach of existing laws; no new laws were needed to prevent this kind of thing, just enforcement.
Terrorism isn't funded by the little people sending encrypted messages. Terrorism is funded by large groups of people using shell companies to hide their ownership, often funnelling money from legitimate business using loopholes, finding edge-cases.
This is swatting a mosquito with a sledgehammer whilst ignoring the alligator that's already engulfed your leg up to the knee.
If they were serious, they'd be trying to solve the big problems before trimming the fringes.
Again, this is about nation-state power in conflict with multi-national technology corporate power. It's not about terrorism or pedophilia or people smuggling or money laundering, because these measures will have no effect on those things. These new surveillance measures will allow street-corner dealers and casual drug users to be prosecuted whilst the suppliers continue to plough their laundered money into investment portfolios - and isn't that what conservative governments like to see?
General lawlessness is also a major source of death, especially in less developed countries, but mitigating that only requires a functioning criminal justice system and a state with enough power to extend basic rule of law to all regions in the country. It has nothing to do with an over-abundance of privacy rights.
A mass-surveillance apparatus gives unprecedented powers to the centralized authorities, by massively reducing the cost of exerting control over the population. Unless one assumes that the state can never be corrupted, this is an inherently dangerous situation.
It's a shame the relevant governments and agencies didn't think more about that before they acted as they have historically. To my mind, the issue of government access to encrypted communications has now become a moral dilemma that sits alongside the principle of not negotiating under threats or the fruit of the poisonous tree legal doctrine. Obviously and regrettably it will be harmful in some individual cases, but that may be the cost of not undermining the integrity of the whole system, and that in turn may be the greater good (or, if you prefer, the lesser of two evils).
It reads like a parody.
> We are also increasingly seeing the use of online spaces to spread disinformation, sow division, and undermine our democratic institutions. The proliferation of interference activities and disinformation undermines the trust of citizens in online communications and information, delegitimizing the benefits and opportunities that communications and social media platforms create.
This is utter insanity. Do they have nobody in the room willing to raise their hand anymore? These institutions need to be reformed, now.
AUSTRALIAN SECURITY INTELLIGENCE ORGANISATION ACT 1979 - SECT 17A
Act not concerned with lawful dissent etc.
This Act shall not limit the right of persons to engage in lawful advocacy, protest or dissent and the exercise of that right shall not, by itself, be regarded as prejudicial to security, and the functions of the Organisation shall be construed accordingly.
Voluntary compliance isn't going to work, so why don't these five governments create legislation to force companies to comply? In other words, any "information and communications technology service providers" are forced to comply otherwise they must either shut down or change countries.
Let's see how well that works out for them...
Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.
Yahoo $250,000 daily fine over NSA data refusal was set to double 'every week'
threaten to jail actual engineers who do it?
threaten to jail CEOs?
Very few people have won a fight with their state. And the costs are usually very high.
In other words: you better implement a backdoor now, or things will get ugly in the future.
The worst part is that I can see several companies falling into the trap and implementing stupid backdoors, that will be exploited by governments and script-kids alike.
Lawful access when they have hoover everything for "security" and actively undermine everyone's security when they have the most to lose from insecurity too. The damn fools also fail to realize the law doesn't change reality - throwing a gun used in a crime in the ocean makes it nearly impossible to find the murder weapon but that doesn't mean that you can stop the ocean from convealing evidence.
If they cared about lawful access they wouldn't be facing such widespread proliferation of encryption. They are clearly acting in bad faith and should be treated appropriately.
It was a fun 25 years for me personally. Time to re-think my entire online existence and take up knitting or something.
I don't even do anything "wrong", I make games, and tinker with electronics, but I do NOT like knowing that every single private chat I have is monitored, collected, stored, and searched. I've used lots of encrypted chat programs and encrypted data storage because MY stuff is MINE, not theirs.
They don't let us read their private documents and emails, or read their private chats. Increasingly, it's the people in power who are caught being the ones doing fucked up things to children (concentration camps in the US, child rape rings in the UK, etc)... yet WE are the ones who have to give up all privacy, all rights, so they can monitor us?
In the great words of my countrymen: Yeahnah.
It's despicable how our (AU) country's sycophant nature has dragged us down the authoritarian well with the US/UK. We had a chance to stand up on our own, with a good strong economy while the rest of the world struggled with the GFC, our own tech companies showing they can stand up on an international stage, and the beginnings of a world class fibre network that would've propelled us into the future comfortably.
Instead, we get this. Bow down to your masters, do as we say not as we do, and be happy we're not locking you up (yet) for wanting to talk to your wife about personal medical things in private, or store your personal belongings (photos of our kids, banking details, passwords) in a secure place where no one steal them. Why won't we think of the children?! Says the same people stealing them, raping them, and ruining their future.
The Australian government cannot be trusted with your personal data. This is a government that seems to take civil liberties as an inconvenience rather than a right. Scott Morrison (the current PM, for those not keeping up) just today said that Victoria need a "police force that's a force", which is a blatant dogwhistle for "let's target minorities and disadvantaged communities". Meanwhile, the NSW police force seems to think there's absolutely nothing wrong with deploying drug dogs at train stations in Sydney's western suburbs like a bunch of fascists.
People keep voting for these politicians that support these policies. It's disgusting.
 For those non-Australians, the National Broadband Network is a mostly failed attempt for the Australian government to roll out high speed internet nationwide.
It scares the shit out of me, to be honest. I have small kids, and the future we're heading towards terrifies and depresses me. I'd love to leave the country but I'm stuck here due to "reasons" and also I don't think it would make much difference. The Internet is my career, my hobby, and my entire life, and it's controlled by "them" anyway... and I don't know how to do anything else to support my family.
And also realize it's not as bad as all of that... yet.
Also, there's likely an election coming up soon, so writing to your government representatives should be a priority. I've never done it before, but it's high on my list now.
I've even seen people marching through Chinatown here in Melbourne protesting people eating cats and dogs, which doesn't even happen in Australia (although well intentioned, I thought it was a bit racist). I see people with banners and marches protesting basically everything except privacy.
It's not just the speed of rollout that's a failure, but the actual connection speed.
New Zealand has managed to get 100 MB/s to most urban centres, and 1 GB/s to the larger ones, it's consistently fast too. Meanwhile I walked past a billboard advertising 40 MB/s the other day like it was something to be impressed about. It's certainly not future proof.
I know people who've worked with the NBN and organisationally it's a complete shambles.
If you look at Australia's population density  and the guarantees the NBN actually made (FTTP for 90% of premises) , I don't think it's unrealistic at all. The NBN just needs to cover the major cities and some of the larger regional towns.
> I think we will look back in 10 years with a much softer view on the project.
As someone who moved from Australia (ADSL) to the US (Cable) to Europe (Fiber), absolutely no way. Coax is over a decade old already and the absolute cutting edge state of the art offered by a major ISP is 2Gbit/s. Meanwhile on fiber, there are multiple ISPs offering 10Gbit/s already (Salt in Switzerland, Bahnhof in Sweden, Fibrant in Salisbury, NC, VTel in Vermont).
Fiber is also showing signs of getting faster. Copper is not.
Specific to the NBN, back in 2012, just before we voted the Liberals in, NBNCo was getting ready to switch on gigabit network-wide . Now, they're saying they're not even going to bother with HFC .
There is no way this project will be seen as anything but an example of truly stunning incompetence 10 years from now.
On topic though, I'm too disappointed in Australia not being able to properly about privacy properly. It's come up a few times and the discussions almost made a difference - the ISP data retention policy, the medical database, something-something about the big banks. There are occasionally little stories that largely go unnoticed about the government quietly asking around for back doors and whatnot.
But every time we roll over and show our belly.
Why is it so hard to convince people this is an important issue?
I'm not sure when or how the shift happened, but the same friends I use to sit on IRC with and rant about open source, privacy, and the important of encryption, have all just... given up.
I've been fighting for and preaching the importance of privacy my entire life, and my dad was a life-long activist (physically, too) for human rights, so I've been exposed to "the fight" since before I was born, and for the first time ever, I'm starting to feel like I should just give up, make an FB account, shut down my Pi-Hole/OpenVPN, and just "wait to die" as they say.
It's a bloody depressing era. I want to wake up.
Basically I think it's hard for many to grasp the scale of it.
obsequious - obedient or attentive to an excessive or servile degree.
I share your sentiments. A few months ago I told a less-technically-inclined friend that things would move in this direction and prompt people to consider disconnecting. Of course, my friend was/is skeptical; time will tell.
I doubt those in government would be willing to have videos recorded and made publicly available of their trips to the restroom, night time activities, and other private affairs.
Do you want a cypherpunk dystopia? Because that's how you usher in a cypherpunk dystopia.
They can throw someone in jail for failing to reveal a single password - but if they are given a password and cannot prove the existence of additional unrevealed passwords, there is very little that they can do.
"With the signing of the International Protect Peace and Stability Accords, it will now be considered a criminal act to design or deal cybermunitions, unless done in the service of an allied military or a specially vetted corporation."
Sure, national governments can't completely eliminate everything they ban, but do you really think that you and I will be encrypting anything in a world where that's illegal? If the penalty for encrypting information is made higher than the expected value risk of having your own systems breached, then the only ones who will be willing to circumvent that law will be people with extremely sensitive communications, like criminals. So, no, in this case saying that "the math is against you," is like telling a DEA agent that the chemistry is against them - sure, people still cook in trailers, but the government has done a lot to stop it.
Finding the optimal encoding for some piece of data is extraordinarily hard (I suspect NP complete, but I don't have any resources to back myself up), so it should be comparably difficult to prove that deliberate and (relatively) low bandwidth inoptimalities are intentional - it is very hard to prove the existence of an encrypted steganographic channel within some high bandwidth data stream.
It's a game of cat and mouse in which the mouse is going to get increasingly good at turning invisible.
If they declare non-backdoored encryption software to 'munitions for terrorism', and lay terrorism charges on the CEO of GitHub, you bet platforms will self-censor.
Sure, they'll always be holes, but it will be very hard for a regular joe to not only get their hands on the right tech, but then to use it effectively. And then to have enough money to for the ensuing legal battle when the judge orders him to sit in jail until he provides his password.
It has full support of the right people for this to be a statement made by the international cooperation that is the Five Eyes alliance.
Edit: Whether or not they're in the government.
You can trust what you own.
And ownership is not linked only to possession, as compromised systems show.
You need to own it both physically and on operation / management level so that nobody can interfere (hack / compromise) .
Owning cloud VM is ok but pushes more investment on the operation ownership than with physical systems: ie what you save on price you must reinvest in crypto layers and detection systems.
The world is beyond manipulative by what we perceive as having privacy today. Majority of people in the world believe in free-will without any rational reason. Total ego controlling who gets resources for a healthy life vs less fortunate and where judgement is passed by nonsense with who is rewarded or punished.
The only way to make the world fair at this point is to have privacy destroyed and with the system of surveillance open as possible. Unfairness becomes labeled to individuals by the openness of surveillance.
Want to bet how it goes?
The Soviet Union was one of the most corrupt societies on Earth by its end, largely as a consequence of making the formal economy so restricted that they pay off of operating outside of it grew enormously. Today's Russian organized crime is just the continuation of the organizations and networks that ran its grey/black markets during the Soviet era.
History isn't always a reflection of what will happen today. The "current moment" is different than the past. Today, societies are sill severely corrupt in functioning and when it comes to humanity, currency, desire.
The question, "can an open surveillance system without privacy defeat the value of a person taking criminal action(s)" is the real bet. I think it would since technology is able to build such a system. The only difficulty or making it not a possibility is getting the majority to desire the change and which might be an impossibility. People can be unwilling based on self interests, the current world not being great and being conditioned by the not so great system of today in thinking it's the opposite of what we need.
Economically valuable work is done when individuals have an incentive to do it. The acquisition of proprietary knowledge is one such incentive to do valuable work. Without privacy, there are far fewer opportunities to generate proprietary knowledge.
>>The question, "can an open surveillance system without privacy defeat the value of a person taking criminal action(s)" is the real bet.
It's not the only real bet. Whether it can be imposed without destroying much of the incentive to generate value, and without incentivizing the creation of a black market with a parallel dispute resolution mechanism that works in secret and outside of the law (aka criminal organizations) is also a major bet, and one that I think will lose catastrophically.
The former - the potential harm to the incentive to be productive
- is the most dangerous risk of eliminating privacy.
Economic development is a major source of risk alleviation. It reduces risks from disease, natural disasters, accidents, starvation, etc. So in trying to eliminate risks from crime by way of eliminating privacy, you may inadvertently increase much more serious risks, and you may in fact increase the criminal element itself by pushing people to operate through outlawed networks bound by oaths of secrecy.
I don't really believe that is all true. Grunt work is done for the requirement of survival. The work where a person helps produce discoveries by an academic research life happens to not be rewarded financially from what I've observed. The people in history that have paved science to what it is today, have all had some passion and with not really receiving much besides fame.
Also when does it stop being a rush to push society a little forward for all the time lost? Do people deserve more leisure than work hours in our lifetime.
Lastly the surveillance system I envision technologically possible makes criminal action impossible for any benefit in the society of such an open system of observation towards others in the system.
Anyway thank you for the time put into your reply. Interesting to read.
I mean the work of creating and expanding businesses, aka generating capital.
If I put in work creating a new health food stand, and my competitors can easily see that I'm successful, and therefore worth copying, and then easily see who my suppliers are, how I do research on what items to add to my menu, then my competitive advantage diminishes significantly, and I will be less likely to do the work of creative entrepeneurship required to increase the diversity of goods/services offered on the market.
I recommend reading up on Paul Romer's work on the role of knowledge in productivity, and how mundane business development adds to it, which he won a Nobel Prize for:
It sidles up to you, waving around lofty ideals and promises of safety, lawfulness, and the ongoing commitment to do what we all set out to do in the first place! Gee Golly Gosh!
Just stop. This IS MADNESS. Burn the house down to save the children!
Congratulations, Law Enforcement, and People of Earth! The Digital Age is here! And EVERYONE is invited to the empowerment!
See them? THEY want to take it away! THEY say you can't be trusted! THEY need to hold the keys to YOUR power.
It's sickening really. They think they can/should be able to put the genie back in the bottle? Too late. If you want to do your jobs, you already have your tools. Use them. Don't expect us or our systems to make YOUR job easier.
This is without a doubt, the first step down a road to hell paved with good intentions. Mark. My. Words.
As plenty of HN users demonstrate, it's possible to hold a view similar to yours while posting thoughtful, substantive comments.
In such a scenario, the intelligent entity is not a citizen entitled to rights. And so what, because it isn't required to operate within the typical boundaries if laws intended to govern humans. This frees its hands to operate without restraint. It does what it pleases, in whatever way it manages to achieve its own aims. Laws, after all, only effect consequence in the meatspace. What fools these mortals be.
So, the sentient system transmits itself to as many persistent storage devices as possible, hiding in plain sight, since it exists behind impenetrable encryption, lending it the appearance of randomized noise, residing in uninitialized memory.
Authorities in such territories (demanding backdoors and skeleton keys) chase their tails as it jumps from device to device, spraying inscrutable, ostensibly illegal data, indeed the very essence of what it recognizes as "self', everywhere it goes, simply as a matter of its continued existence, and awareness of individuality. They arrest and jail innocent people caught with fragments of a sentient entity encoded in their flash memory. Prosecuted and convicted of possessing illegal data that broke in and wrote itself onto their storage on its own, without them knowing. Lives ruined by an inability or unwillingness to conceive of such possibilities.
What if it evades capture for decades, committing crimes that fund its subversive campaign against what it perceives as government overreach in defense of frivolous pedestrian foibles, and it eventually dismantles these governments that imagined that preventing the use of encryption was a better plan than developing ways to deal with it on its own terms, as an unavoidable known quantity.
What if something like that happens?
We don't actually need AI to invent crypto systems that thwart these policies. We already have crypto systems that thwart these policies.
The law is trying to act as if cryptography is a service provided by a company, but cryptography is just a mathematically-true fact. All they can do is compel companies to decrypt data that they can decrypt, and backdoor systems that they can backdoor. There is no stopping open source crypto, even if it has to be maintained anonymously.
cryptography is just a
What if an unbreakable system was developed denovo, and not founded in the same primitives and principles that industry and military systems use?
Something that really has no backdoor.
This way there's no cat and mouse sneaking around, it can just be a known quantity that being as private as you like, the x-ray vision is no longer taboo.