Hacker News new | past | comments | ask | show | jobs | submit login
Bill Proposed to Outlaw End to End Encryption (senate.gov)
91 points by WA9ACE 13 days ago | hide | past | favorite | 25 comments

Proposed bills almost never go anywhere [1], so barring something highly unusual, it's best to wait for a state change with more signal, a.k.a. significant new information (SNI) [2].

[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...

[2] https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

Australia passed an assistance and access law a couple of years ago that forces messaging providers to provide access to E2E encrypted messages. But of course Signal and WhatsApp can’t do it because of the nature of the encryption.

In a completely dystopic move towards a surveillance state the government in Oz has been on tech companies’ cases to give them back door access.

Better not to be complacent. These things start as just winning easy political points but erode digital citizen rights over time as we normalize surveillance states.

The consequences of the bill were widely misreported. From the day it was passed it had strong exceptions. Have a look at section 317ZG: http://www5.austlii.edu.au/au/legis/cth/consol_act/ta1997214...

You need to keep in mind that the tech media in Australia is just as rabid for clicks as the mainstream media, if not more rabid.

What the bill requires is that companies give targeted assistance where they can do so without compromising anybody else's security.

For example removing or weakening E2E encryption is absolutely not permitted by this bill, let alone required.

What might be permitted, for example, is adding a hard-coded list of account IDs to an app and if a user is in this list, the app sends plaintext to law enforcement. This would not impact anybody save the people who have been targeted.

Yes, I'm certainly not suggesting that we need to wait for this to become law. Just for something with more signal in it.

>Incentivizes technical innovation.

>Directs the Attorney General to create a prize competition to award participants who create a lawful access solution in an encrypted environment, while maximizing privacy and security.

Is this a joke?

>This type of “warrant-proof” encryption adds little to the security of the communications of the ordinary user

>"It adds so little but we actually need to remove it because we can't see it"

It'd be funny except for the senate.gov URL

I think what they mean to say is “ordinary users don't need crypto for everyday conversations”. Which leads to “if you got nothing to hide...”.

> while providing law enforcement the tools needed to protect the public from everyday violent crime

uhh.. I'm thinking joke too. Nothing improves protection against _everyday_ violent crime, like... removing end to end encryption??

"Incentivizes architecting sturdy and secure buildings using only toothpicks as foundations."

The hilarious part is the widespread demand for encrypted communication happened because of privacy invasions by the government.

The Streisand Effect for communication.

The funny thing is, the government spying on citizens without a warrant is what popularized this technology with consumers to begin with. So, are we really going to trust them to get a warrant next time?

Does this mean we could no longer use WhatsApp, FaceTime, Signal, and other simple peer-to-peer projects ? Export of cryptography was written for the Cold War but still affects developers today. It wouldn't be a surprise if that is the case since Daniel Bernstein already took a case against US Dept Justice.


We're becoming more Orwellian day by day.

And our children's children will wake up in a world that looks like communist China. Where every move we make is monitored, every interaction is scored, and every associate we have implicates us.

Computers are a fantastic gift, but they're being used to turn us into cattle.

> every move we make is monitored, every interaction is scored, and every associate we have implicates us

If Snowden is telling the truth, and he seems very credible, we're basically there already. E2E encryption is among the most promising ways to retain our Fourth Amendment right (to have protection against unreasonable searches). Taking away E2EE is akin to taking away our fourth amendment right.

I don't want terrorism or other criminal activity, and I'm sorry if this makes some security roles more difficult, but the bill of rights must still be honored. I hope this argued well and goes to the supreme court if necessary.

“A society grows great when old men plant trees in whose shade they know they shall never sit”

The average age of US Senators is 61.8 years, nearly the oldest in U.S. history. Our policy-makers are seniors who won't be around to suffer under the consequences of their bad policy.

Oh don't worry folks, it only applies to "terrorists and other bad actors".

God how terrifying, luckily its just 3 arch republicans proposing it, Graham, Cotton, Blackburn.

God knows though during the next national security crises all democrats will be onboard.

> God knows though during the next national security crises all democrats will be onboard.

Not if Pelosi leaves/is supplanted, which I think could happen in the next congress. She's the major Dem arm-twister on intelligence issues; there are several others who are likeminded, but she's the power center.

And a lot of the younger Dems are far less impressed with the intelligence/natsec boogie-man presentations and more aware of privacy/security issues.

This is inevitable whether this bill passes or not. There's simply too many political points to score here and little downsides as far as the government is actually concerned.

Unless it says that credit card companies are not liable for fraud due to intercepted encryption, I would think they would be some of the strongest opponents of this.

I haven't read the bill, but these kinds of things generally get amended at some point with all kinds of exceptions of which I am sure defense contractors, finance, and maybe health care will be exempt.

It's not in the bill system at "congress.gov" yet.

It's not S.4051, but no bill text or summary yet.

[1] https://www.congress.gov/bill/116th-congress/senate-bill/405...

So is this broad enough to make https illegal?

That is almost certainly already compromised. If the NSA cannot create arbitrary certs trusted by your browser, I'd be utterly shocked.

There have been several cert-vendor compromises publicized over the years - how many weren't publicized/discovered, and now many were not compromises, but rather subversions?

And this is the same government that HN users consistently want to “regulate tech”.....

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact