I guess we'll be weighing in on the EU proposal as well as the 7-eyes one.
Most recently last weeks attack in Austria could have been avoided if the information the authorities received from a neighboring country of an attempt to purchase weapons by the attacker would have lead to actions. (I’ll try to find a link, apparently they had months to process and act)
So I think this makes the situation more unsafe in two ways - back doors will lead to all sorts of issues from leaking private communication to impersonation and authorities still don’t take responsibility and fix their processes so they can do their jobs.
"Fejzulai is also believed to have travelled to neighbouring Slovakia in July accompanied by another man, where he attempted to buy ammunition suited to the weapons he used in the attack, but the sale reportedly fell through after he failed to produce a firearms licence.
Slovakian authorities are said to have informed their Austrian counterparts at the time. The men travelled in a car registered in the name of the mother of an Islamist known to police."
Unfortunately no actions were taken, there seem to be communication issues within and across the ministries involved.
As long as this isn’t fixed, more data won’t help, quite to the contrary it might tie up resources even further.
China has the same goal as the Western powers have: to be able to keep spying on anyone they deem enemy of the state.
The difference is who they define as enemy of the state. In China, that includes pretty much anyone that criticises the Government, as well as what they see as hostile nations (probably the USA, maybe UK, which openly call China their enemies mostly without real provocation, and perhaps Japan due to its closeness to the US and its past of barbarities committed during the occupation of nearly half of the Chinese territory).
In most western democracies, the enemy would be terrorists (they claim) and, as we now know, pretty much any other Government, ally or not... and that's what we currently know, there is probably a much wider reach still that we may never know for sure... the Snowden leaks show that they will collect mass surveillance not only on foreign heads of state, but on their own populations without any restrictions, just in case they need it later. Given that, I am not even sure China actually has more surveillance in place than the USA and the UK, for example. It's a huge disappointment for anyone thinking the western world holds the moral ground, we who live here need to get our Governments understand we will not accept this!
Europe and some developing countries did not really react when it was revealed the US was mass-spying on its Government officials because they obviously are doing the same, they just didn't get caught in the same way yet. The people behind all this spying believe they are doing good as they're keeping world peace. I think they do the opposite: because other governments' counter-intelligence probably know more or less who is doing what against them, they're kept in a constant state of readiness for conflict. True world peace can only come when there's mutual trust between countries... While everyone spies on everyone else, we'll continue to live in a world on the brink of WW3. You think WW3 is impossible? Well, read about WW1 and how basically no one expected it at all. Circumstances today are even more heated than at the time WW1 broke out. Funnily enough, the only thing that's holding WW3 back is the nukes behind the big armies which make full-on conflict a very uncomfortable prospect indeed.
It's not easy, but it's the only thing that will work.
The problem with applying this is that the violation of privacy is not arbitrary, from the draft:
> Law enforcement and judicial authorities must be able to access data in a lawful and targeted manner
So this is framed as an matter of lawful and targeted intercept, not blanket bulk access, like pretty much all of the mass surveillance creep.
As is the case everywhere, they claim to want lawful access. In reality that's a minor point, what they really want is access to information without the knowledge of its owner. They're OK with needing approval or getting a warrant to read your email just as long as it's some 3rd party granting access so you won't know. Otherwise just get a warrant for Alice and Bob's email and compel them to decrypt it. No new laws or systems are actually required for that.
Of course nobody will ever examine the warrants or the approval process to ensure that "lawful access" is only granted when even the minimal evidentiary standards they require are met. And if they do someday examine those warrants, and find out that they are riddled with falsehoods and inaccuracies that resulted in unlawful spying, it will all be swept under the rug and nobody responsible will be held to legal account - as we have seen in the US.
Yet another reason they dont want to serve warrants directly on individuals. If people know it's happening they'll question it and make public anything corrupt in the process.
This means if not actively supporting a candidate or current representative who shares your views that you instead convince them your view is worthwhile. If not actively finding one who does. Then even once that is accomplished you likely will need to be involved in writing to other representatives as well and coordinating with similarly minded groups across your country.
Politics is all about the networking to get enough voices to be heard and for something as arcane as encryption; and yes it is arcane for most; will not have as many groups focused on it. So your work is cut out for yourself in finding such groups or forming one.
in the US we have EFF and others; I am found of cato but many here do not understand libertarians. the truly sad part is most people really would be happy living in a police state as long as you don't call it one. they don't recognize how they could be in one because their view of what a police state is very heavily influenced by the media and even hollywood. most of what hollywood presents is truly exaggerated dystopian types that are borderline absurd but in truth it is the slow chipping away if not giving away of rights that does the same
There doesn't appear to be an emotional argument the other way - I guess "so you're happy with random police officers browsing your nudes, then?".
It needs to be framed as an emotional argument, because that's what cuts through to the audience these days. Only HN is interested in logical discussions ;)
 Actually, not even police officers - there is always an escalation of government departments able to access data that was originally captured to prevent serious crime.
Your kids’ photos.
Many people don’t have nudes on their phones. Most people do have photos of their kids and know their kids have sensitive photos of themselves. “Think of the children” can be flipped if you can get the public suspicious of spooks.
I agree with your point, but I think a lot of people aren't actually too worried about the specific case of random police officers seeing their nude selfies.
It'll start out with "we only need to break your e2e encryption for serious crime cases", but in 10 years your local council will be breaking into your dm's to see if you used the right recycling bin.
The fear with this is that they will try and catch all messages and retroactively look for bad actors. And of course that the backdoors will be discovered and abused by bad actors.
that's a weak point, not a strength, in various scenarious
a) Agency XYZ files a motion to have a member of their legal team promoted to judge at the respective courts. Motion accepted, judge signs off on all requests
b) judge simply doesn't care for privacy, if it hinders the boys at work, signs off on it, gets appealed later, slap on the wrist, no consequences, learn from mistakes, rinse and repeat, obey formal obligations this time
c) Police and Attorneys construct evidence to construe threats, judge Joe Shmoe believes it, signs off on it
Besides, the whole system has been found to hinder investigation. The need for a warrant in night time emergencies is already relaxed in some countries, far as I know.
d) More over, the judge is bound by law, so you can trust as much confidence in the judge as you want. Once precedent is established at federal court level, because of your we can trust the judges, it will be a slippery sloapy down-wards spiral for more invasive access for less serious matters -- if it isn't already. This is effectively the federal judge signing off on all warrants, subject to veto by a lower judge, what can be escalated back up the chain due to the power of attorney. Vice-versa, the state attorney is bound by executive orders from the ministry -- as was surely the case after Snowden ("no evidence") -- which has been repeatedly red flagged by EU reports (that are otherwise quite benign).
The defense is the defense attorney. The precedent is frequently established because a single lawyer fails to make a case. Subsequent cases are only accepted on special occasion, otherwise declined due to precedent. Subsequently there is only limited control over a lower court's decision. The guideline cited in all commentaries on German constitutional law is, when the decision looks plain wrong. It is of course a little bit more involved in detail, but the principle is not a judge but one single judge gets to decide. Which lays a whole lot of preassure on them. Of course you get a second chance pretty much unconditionally, but that's a concern for later only if something was found, in which case the chances for an appeal on principle grounds are obviously against you. Eitherway a due notice remains at the secretion of the court (§101b (6) StPO), which may mean the judge presiding over the chamber, or the court, I'm not sure.
An ironic corralary is that, of course they will at least take a look, which has to sound but cynic in this scenario.
Wikipedia lists several points of criticizm against the new president of the Bundesverfassungsgericht (SCoG) https://en.wikipedia.org/wiki/Stephan_Harbarth
> The fear with this is that they will try and catch all messages and retroactively look for bad actors.
Said Stephan Harbarth was in parliament and worked on a law for collective mass surveillance, which was subsequently called by the supreme court, in which he later went on to lead. Which is incomprehensible, because I was under the impression chief justices needed to climb the ladder first (ref, probably: BVerfGG).
Very similar, good ol' Mr. Biden signed responsible in 1991 on the American bill that is equivalent to the act under discussion here: https://www.congress.gov/bill/102nd-congress/senate-bill/266 (see Title II, SubSection B: Electronic communication) not saying much at all.
This is entirely dystopic. The Bad Actors I have in mind are the good guys, I don't want to see the bad guys.
* Freedom of movement is clearly restricted for people on a jail sentence.
* We have secrecy of communication but also lawful interception.
But the term privacy is not very rigid. It can be taken and interpreted in various ways. It's certainly a good thing to mention it, but encryption needs to be mentioned explicitly, spelled out even.
There cannot be any room for interpretation: citizens have a right to encrypt their communication, end-to-end with their intended party.
People have a right to encrypt their communication, end-to-end with their intended participants, such that no one other than their intended participants can decrypt any aspect of their communication.
Let's give them a good fight.
Possibly the wrong goal.
How about "Let's win." instead? :)
Rights conflict. Every new right influences the others. It is easy to shorthand every problem to a human rights declaration. But just like the right to bear arms, that can have unintended consequences.
Do any of you have any insights into ways individuals can ensure they at least leave the culture less violent than they found it?
They also have vastly stricter gun regulation laws, and while ownership rates are high in some, the US is an extreme outlier and no other country comes even close.
Because nobody in any European country thinks they have a "right" to own a gun, most of them could if they wanted to, but they simply don't want to deal with the hassle that owning a properly regulated firearm entails.
As it should be, owning a deadly weapon is a lot of responsibility that not everybody is up for/actually wants. The importance of that responsibility gets completely lost when firearms are treated like cool toys that everybody should have and exist in abundance.
That's why headlines like "toddler shoots mother" or "dog shoots owner" don't exist in Europe, but are a sad somewhat regular thing out of the US. These toddlers and dogs didn't do that because they watched too much violent media, they did that because the actual owners of the guns where irresponsible individuals and never should have owned one in the first place.
This is fueled by movies and culture - have the gun in your possession and you’ll automatically win the fight - that was easy!
I’ve read countless comments from Americans that they have a gun to shoot intruders. Statistics telling you there’s a bigger chance someone else will get hurt be damned.
These ideas are have to be fueled by big money is my guess.
Also we humans really like our toys, so I can get that aspect of it. Wanna take my toy? Forget about it.
And the reason for that is simple - marketing.
Here in Switzerland I basically see no guns unless I go to the shooting club. There's none sold in the shops, there's none advertised in newspapers, tv or on the radio. And there is definitely no gun offered when opening a bank account.
Basically if you want a gun for whatever reason - usually for recreational shooting at the shooting club, then you have to go out and look for it.
In the US I have the feeling that they're marketed as a penis extension, and you're not a proper man unless you shoot things, with the view that you'd be quite happy to project a slug of lead into somebody else at high velocity to prove you're more of a man than they are.
To solve the problem in the US I think you need to ban the advertising - like cigarettes.
Caution: This weapon inflicts pain suffering and death to others. User may be incarcerated for murder if ever used. If in a situation of conflict, gun only increases likelihood of extreme violence - leave at home.
I think they have. I've also seen more gun stores opening, with provocative names.
I've no problem with firearms used responsibly for hunting or recreation, but in the very few cases I've seen someone open carrying a handgun (once at a very crowded national park, and once at a residential picnic area, both just this year) it was clear they didn't have a gun to defend themselves (if that were the case you don't need to show it off), but to threaten others. And for defending yourself against wild animals, bear spray is far more effective.
I figured that the US just seemed to get crazy around 2012 because I switched to primarily external news coverage of the U.S. when I moved abroad.
Actually, now that I think about it, I think I have seen TV ads for both Remington and Beneli shotguns in duck hunting and fishing shows in the U.S. But, I'm pretty sure I've never seen TV ads for pistols in the U.S., or long guns outside of hunting/fishing shows.
No. I've open carried. We do not do it to threaten people. There are many reasons to one chooses to open or conceal carry.
There have to be money involved.
It's an issue that won't be solved by banning weapons. Educating people (e.g. mandatory background checks, operation and safety training, and safe storage) and solving the underlying problems will work. I mean a lot cite defense from home invasions as the reason to own a gun. Why do people invade homes? If they had a reasonable income and comfortable life they wouldn't have a reason to.
This is only effective with a gun registry which gun owners will not accept.
> operation and safety training
Are you required to take civics to vote?
> safe storage
If you simply mean prosecution for being negligent, that's fine. If you mean it has to be in a safe unloaded, that defeats their use for self-defense in the home. It would likely be held unconstitutional.
Nobody believes the statistics are relevant to them. Statistics are about all those dumb other people; but I'm always the smart, responsible exception.
I think your claim about there being a higher chance of accidental injury vs. self defense is probably wrong. The issue is a little muddy, but there are only ~800 firearms accidental deaths per year (0.00024% of pop.) and about 50,000 self-defense uses per year (https://www.bjs.gov/content/pub/pdf/fv9311.pdf)
I'm also not convinced about movies. I bet other places have very similar mixes of actual watching and the same selection given the internet.
I still believe many people see guns as a solution to a problem and on top of that vastly overrate their own abilities in a pressure situation.
If you’ve not trained many many hours in a setting resembling this pressure to a high degree you really have no idea how you’ll react.
It seems really easy in movies!
Can’t speak for the source but first hit on google:
No. It's not automatic. But my wife has a much better chance against a 250lb 6ft man with one than without one.
I’d love to see stats on these scenarios... are they common?
I totally agree about the responsibility thing.
Concerning the "dog shoots owner" headlines, you should ignore that sort of thing. Those sorts of incidents are super rare. They hit headlines /because/ they're rare and therefore interesting.
Which is exactly why the regulation in the US does not work; Anybody who disagrees with their states particular laws can just cross into another state to get their fix there.
That why any proper regulation needs to happen on a federal level so individual states won't act as a loophole.
> Concerning the "dog shoots owner" headlines, you should ignore that sort of thing. Those sorts of incidents are super rare. They hit headlines /because/ they're rare and therefore interesting.
It's something that should be non-existent, I haven't seen it anywhere else in the world. But only a couple of days ago there was yet another example out of the US .
These are the kind of absurd situations that simply do not happen in any other place as other places lack the "firearm saturation" that enables this in the US. So something that should be improbable, still ends up being a regular thing.
If you mean purchase something you cannot buy in your state, that's not true. Interstate handgun purchases are completely banned and long guns can only be sold if the sale complies with both state laws.
Here in Sweden we’ve seen a horrible development regarding gun violence - easy to chalk up to “immigration” and “soft laws” but in my mind it’s a lot deeper - interesting enough this is at the same time we have a record amount of dollar millionaires in the country.
We used to work as a collective but our economic policies are turning more and more neoliberal and thus individual. This exacerbates the issue of creating a new “class” of citizens already left partly out of the loop of riches.
If we take care of each other in a better way as a collective there’s a chance to turn things around. It’s all about increasing the chance of a good outcome per individual. This is the secret to a lot of the success in northern Europe - if you’re born here chances are great that you’ll get an education and that you live a long and healthy life.
Regarding crime and violence specifically I’ve read a lot about the “group violence intervention” program and a lot of it is about cooperation and taking care of people in a humane way.
Here’s David Kennedy speaking in Sweden where this has been worked successfully:
In short - don’t be to afraid of taxes, and vote in a manner where money can be spent more wisely. Funneling tax money to havens by way of “entrepreneurs” seems less well spent... problem is that when such a system is set it will want to be conserved - looking at the US and it’s kinda dark over here as well.
All I can do is try to mold my children into caring human beings hoping to influence culture that way.
Stastistics about suspects are most commonly used in studies like these because the police, due to the seperation of powers, usually has no or at least less statistics of the actual results of charges.
That low resolution rate alone introduces a margin of error that is larger than the difference between immigrant and non-immigrant suspects. It is therefore possible that the much higher immigrant suspect rate is entirely a result of biases.
I’m not suggesting however that because they are immigrants they commit more crime.
Note most violence is committed by 2nd generation immigrants - so they’ve been born here. How’s that for a failure of society...
They are simply people on the outside living surrounded by people leading lives they cannot relate to.
We’ve made it terribly difficult to attain this norm life as well making it even more unrelatable.
As the (still very low) income inequality is rising in Sweden(https://nordregio.org/nordregio-magazine/issues/state-of-the...), it isn't surprising violence rises, too.
This has been 30-40 years in the making.
Yes - it is related, just as it is in the US.
If your goal is to prevent untimely, unwanted deaths there are oh so many other ways to apply your resources that will yield orders of magnitude more improvement per dollar / per minute.
People like to pay attention to it anyway for a few reasons. One is that we evolved to think specifically about interpersonal violence (~5-15% of prehistoric deaths, but way more than that for non-old people), which makes us good at luridly imagining interpersonal violence, and so comparatively we're bad at thinking about an early death due to diabetes and therefore bad at caring about it. Another reason is it's a hot-button red team/blue team political issue, so it's not so much about the issue per se but rather whether $OTHER_SIDE gets what it wants or not.
It sounds like somewhat of a stronger version than the US’s fifth amendment which says that you have a right to privacy unless it has to do with the crime currently being investigated. And come to think of it, encryption is unconstitutional as in because the government can subpoena or obtain a warrant to your information it may not be able to enforce it because of the encryption. So either the government has no right to subpoena or encryption is illegal.
Also, I guess I am storing all my keys at STL files that get 3D printed and destroyed upon first use. Hello protection from search warrants!
Courts have ruled, for example, that the police can compel a suspect to put their face or finger up to a phone to unlock it through biometric means, but a suspect cannot be compelled to divulge their PIN. That's why using biometrics, while convenient, is a bad idea.
No, you can't subpoena information from someone that doesn't have it. So the government can subpoena the cyphertext, but can't ask for the plaintext if the provider never had access to it.
That's the argument.
I prefer my conversations to be secret, not just private
We’ve been wargaming through all the various ways this could go horribly wrong (and have a few fun scenarii off the back of it - look for the GPT-3 example below), but on balance it feels a lot better than the Black Mirror episode where encryption is fatally weakened...
"Censorship", meaning: "malicious server or ISP silently blocks or withholds traffic from you" is a risk in Matrix today, completely independently of the reputation stuff being discussed here. The mitigation is to get rid of servers (and even ISPs), as per https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix/
"Censorship", meaning: "your server admin subscribed to a blocklist of child abuse content published by someone like iwf.org.uk" would stand out to users by the server publishing the names of the blocklists that their server admin has deployed. I'd call this server-side filtering or something instead, given the filters are visible. If the server admin withholds info about their filters, then you're back in the traditional sense of censorship from the prior paragraph.
There probably has been a recent surge of right-wing users and, the Matrix administrators, which probably lean left-wing, have seen that surge as a problem and have created the reputation system as a way to get rid of those users or, at least, to give them the hypothetical yellow badge. And if someone says "censorship", they will blame it on the "downvotes" those users got.
This proposal seems to address general abuse, spam, propaganda, filter bubbles, and so on. While these are worthy issues to tackle, the authors of the 7-eyes statement are not really interested in them.
What they say they want is for terrorism and child pornography to be detectable or meaningfully reduced. Do you think a relative reputation system will solve that problem?
So, just as in person you might stay away from a given political party / religious institute / youth club because your social graph has warned you that it might actually be a front for whatever obnoxiousness, the same approach can work online (or, conversely, could also be used to help hunt down abuse in the first place). It's then up to the authorities to investigate what's going on - which is quite possible through infiltration etc without having to go and blanket break encryption for the whole of society.
To be clear: this is still largely sci-fi, and we don't think this is a perfect solution, especially given this is a fundamental problem of the human species which nobody has yet solved. Our proposal doesn't solve lone wolf situations, for instance. So perhaps for that you need the ability to gather evidence from endpoints post hoc.
Unrelated: one particularly dark dystopian outcome we've been wargaming is: what if someone (not us!) used decentralised rep to seed a GPT-3 style bot to locate abusive communities, and then automated the process of infiltrating & investigating them... only to then end up ascending the ranks while preserving its cover and accidentally triggered some atrocity. So, um, let's not do that.)
I think you greatly overestimate the abilities of GPT-3. GPT-3's writable memory is short-term only – its long-term memory is read-only – so by the end of a conversation, it has permanently forgotten what the topic was at the beginning. Given its lack of writable long-term memory, it is completely incapable of succeeding at any tasks involving long-term planning, such as the infiltration and investigation of a social group.
Of course, you said "GPT 3 style bot", not GPT-3, but the AI you have in mind has significantly greater capabilities than GPT-3 has, so isn't fairly said to be "GPT 3 style" at all.
Good analogy, especially because governments themselves are living in the same walls (i.e. using the same apps) and this effort will hurt their own security.
I am in communities that don't use such tools and somehow there is no problem that would require any, but if that is the preference you have the option. I don't see further issues.
a: It's really not that hard to think of ways to solve backdoor problems with a mix of technical and social approaches. For example, having shared keys burned onto silicon, making physical access mandatory, and split between both the law enforcement and the company, so that both parties must knowingly engage.
b: Most software already practically backdoored already, and it's really not that big a deal. Microsoft can push whatever updates they want whenever they want. They already have the keys to the kingdom! Google doesn't store everything E2E encrypted. They also already have the keys to the kingdom! Things have mostly worked out regardless.
2) That a measure will be imperfect is not an argument that it will be ineffectual. In fact it's pretty obviously false; making abuse harder on mainstream platforms will make abuse less mainstream.
3) This is like arguing governments shouldn't be allowed to regulate weapons, because it would be hypocritical, given they own weapons themselves, and it might normalize other countries taking away their citizens' weapons, which might prevent them fighting back. That seems like an obviously bad argument.
4) Yes, your platform that makes oversight impossible is not compatible with regulations requiring oversight. That's not an accident, in either direction.
The idea later in the post seems not really honestly engaging with the topic, that it's not about ‘someone who believes birthday cake is undesirable’, but about networks which are systematically and in actuality doing things like trafficking children for sexual abuse, and that there is a moral imperative for governments to deal with this beyond just letting people choose not to engage.
1b - If it's already backdoored then there is no need for such an act, the problem is already solved.
2 - It's ineffective for it's stated goal because the stated goal is not the real goal. The goal is to enable a continued abuse of power, one which is already ongoing, and one which produces no actionable results or meaningful outcomes. Five eyes & co is upset that they're losing some of their toys.
3 - Who says governments should be able to regulate weapons? Likewise these days, who is to say they meaningfully can?
4 - Sex trafficking existed prior to encryption. The government failed to stop it then. I strongly suspect that even if the government gets it's way and breaks encryption, sex trafficking will continue exactly at the same rate. Most sex traffickers are not technology ept, nor do they need to be - the track record for capturing them is atrocious. Epstein anyone?
This is a bad faith argument. "Protecting children" and "stopping terrorists" are the siren's song of every government overreach basically since the dawn of time and yet the government remains terrible at solving either problem. I don't think encryption is really the issue preventing those things from getting resolved. I do think encryption is very inconvenient for a very snoop heavy government.
People in third world countries are poor, and may be desperate. A purely technical solution is not going to address this. Rather, we need ways to lift people out of poverty, and improve their standard of living. No one should ever have to live like that to survive.
I don't know if it is possible to stop child pornography (anyone anywhere in the world can create it and anyone anywhere can view it), but it should be able to reduce the amount of sex abuse in the world, if the government were to pursue prevention initiatives to stop it where ever possible.
You don't kill the cash cow.
This is a completely different context to having one copy (or a small number) of said low-bandwidth silicon held exclusively by an agency vested in keeping it exclusive, plus another copy held by the company themselves, such that both copies would need to be broken for security to be weakened.
> If it's already backdoored then there is no need for such an act, the problem is already solved.
Seriously? Microsoft having the ability to install a keylogger on any random person's machine is not the solution to finding networks of criminal activity.
> [government bad]
I'll debate the technicals but I'm not going to argue politics here.
+ TSA keys
+ OPM (all of it)
+ NSA's hacking tools
Were these incredible skilled sidechannel attacks? Movie esque infiltrations?
+ TSA accidentally published the keys
+ OPM was a master password from a contractor who was bribed for about the cost of an ipad
+ NSA hacking tools was.. an email trojan? A CD walked?
Do you really trust these people with anything?
Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...
This isn't politics, this is history. This is not the first time, nor the last time we've seen these moves. We know 5 eyes have had major incidents of internal abuse because we have their own documentation on it - and we have their own documentation that they decided to do nothing about it.
It requires external oversight for any organization to truly follow compliance, otherwise the incentives to cheat the system are overbearing. If they won't take us at our word, why would we take them at theirs?
My point isn't about how much you trust Microsoft, but that Microsoft has keys, which are more easily stolen and in many regards more valuable than the scheme I gave.
> TSA keys
Not remotely comparable. These were never designed to be secure in the sense we're talking here.
> OPM (all of it)
> NSA's hacking tools
Hence the scheme I gave, which isn't vulnerable in the same way.
We had security agencies that had the info but didn't act in case of Vienna. Encryption wasn't the issue here, this is an incontinent case of saving face at best, a deliberate attack against civil rights at worst.
> These were never designed to be secure in the sense we're talking here
Encryption today is a protection against access for a limited amount of time. It is an intrinsic rule about every encryption algorithm. It is fundamental property and widely known.
Making a political comment but then trying to shut down discussion of it by stating that you will not participate in political discussions is a double standard, though perhaps you were unaware that you were doing it.
I think what prompted me to react was mostly your `[government bad]` blurb. It felt like you got to state your political position and caricaturise the political position of the responder while avoiding further discussion. That felt wrong.
The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation. --Adolf Hitler
It's also a morally horrific line of argument. Like saying you shouldn't care about shooting civilians because bad people in the past have used human shields as a war tactic.
These are not imagined people being hurt, spun out of whole cloth.
It is a legitimate known translation, not a misquote from the Ralph Manheim translation of Mein Kampf (ISBN 0395078016 / year 1943), page 403. Other translations have similar wording on the page, although not in such a nice succint sentence.
Manheim was known to have gone into great effort to create an exact English equivalent of Hitler's work for Mein Kampf.
> It's also a morally horrific line of argument. Like saying you shouldn't care about shooting civilians because bad people in the past have used human shields as a war tactic.
The point of the quote is to show there are no limits curtailing liberties, not an absolute we shouldn't bother. The attempt to spin the quote into something else, probably because, you wish to "protect the children" is proving the point.
This is not even remotely how you used it. My argument is one where there are obvious checks and balances, where government power is clearly and significantly limited, and little is left exclusively to government trust.
Yet because I mentioned that there are actual people being actually raped, I get Godwin's Law'd. Not because I advocated for Chinese style state control. Not because I took away liberties that most people even care about, given most people are perfectly happy using Google services. But because I dared mention that real people are suffering.
This happens every time on HN, no matter how moderate my position. Anything even remotely compromising the Bottom Line (universal perfect cryptographic security) is Hitler.
I looked at your posting history, not much Hitler mentions in responses relating to those topics. This is hyperbolic.
> no matter how moderate my position
If your position was moderate then "Most software already practically backdoored already" would have been sufficient.
> Anything even remotely compromising the Bottom Line (universal perfect cryptographic security) is Hitler.
You're way too focused on Hitler. Pretend it's not Hitler, the point is still valid.
We live in a dangerous world. We cannot control everything. I don't mind a slight risk of terrorist attack on myself or my family (caveat lector: I am young), if that means greater freedom.
In my book this is the first step towards authoritarianism: ensure that the state survives at all costs. And being able to spy on the whole population to track outlaws and dissidents is part of this. There is an invisible barrier between what's legal and what's not. Crossing it isn't hard, look at extinction rebellion and other civil disobedience protestors. Yet, on the other side, your trusted options are very limited, and encryption is one of those. I'd argue that letting citizens communicate and organize privately is a vital component of democracy, even allowing citizens to seize control of the state if they deem it necessary. More so than U.S.A.'s "Second amendment", encryption is an arm citizens should legally be able to bear.
Now, it is obviously hypocritical to offer such a thing, as politicians certainly wouldn't want their texts to be snooped on, would they? Any bill that requests backdoors should request them from everyone.
And don't get me started on how governments recommend their own to use Matrix and Signal, the very apps they aim to backdoor, because they are secure. You can't both have your cake and eat it, too.
A useful thing to explain encryption backdoors is the TSA master keys: https://news.ycombinator.com/item?id=12177079
Their very existence made locks less secure (possibility of a key leak), and those are worthless against thieves now that master keys have leaked (you can 3D print them).
No we don't, but that's what the Politicians try to implement in our brains.
It is pretty stupid to try to jump a car on your bicycle without a landing ramp. Or play catch with lit M80s. And those weren't our dumbest ideas.
When I was a kid every 8-year-old pushed a lawn mower around once a week. And rode in the back of a pickup truck. Today I don't let my kids ride in the back of pickup trucks, and I'm nervous about the lawn mower. Or rather, I'm nervous about trusting my kid not to be careless with the mower.
But when I see the metal detector at the door of my kid's school I wince. Some dangers and some fears need to be met head on. For some people, those include riding in the back of pickup trucks. For some it is the school's metal detector. If only we could make those choices for ourselves and our children without forcing our fears onto our neighbors.
Yeah that's called life.
>Today I don't let my kids ride in the back of pickup trucks, and I'm nervous about the lawn mower.
That's because you already infected with fear. It's not your Children's fault that you don't trust them with a lawn mower..it's you and probably your society that is the problem.
>Some dangers and some fears need to be met head on.
Yes like wear a helmet on a Motorbike, but you need to dig much deeper, that a society needs a metal detector in schools.
And again the World IS much safer today...but remember the more you have the more you fear loosing it...it's the perfect setup to give up your freedom because you think you "win" some safety.
Lawn mowers are dangerous. But that doesn't mean they should be banned. As you wrote, that's life. The solution isn't to think they aren't dangerous. The solution is to recognize the danger, then act appropriately. We just all have different ideas of what's appropriate.
All that said, 8 might be a little young. I think I was around 10 when I started cutting the grass, but I don't really remember.
But i watched a documentary about the US, where Children's under 12 are not allow to play outside without supervision, they get picket up by the police and the parents got big problems.
Here, they run around the hole day in the forests with Swiss or Scout-knifes and lighters and some sausages in the backpack. It's just terrible to think that your children's are safe because they sit hole day in their rooms and play games.
So you close your mind (because everyone else is bad, and every Adult that speaks with my children is a pedo) then you buy a gun (even if the chance is much higher that exactly with that gun something bad happens) and your Children's needs to be under constant observation and they need to learn that one should trust no one, you life in constant fear and because of that you vote for trumps.
>if I had enough time to get back for lunch.
Exactly that was my biggest fear, to late for lunch meant grumpy Mum and Dad..and no roaming for the next two days.
Arguing whether the World has suddenly become more dangerous is counter-productive in that aspect. In the end, we keep becoming wiser, technology evolves, and the World changes because of it. It doesn't matter if things actually got more dangerous or if we just got more afraid of them; it's the outcome of our actions that we need to focus on.
There is something to be said in comparing encryption to what usually amounts to spinning blades connected to some kind of engine; abusing any of those technologies can result in outcomes that are undesirable from society's point of view, and potentially from the users' point of view as well. Because, you know, fingers and toes.
The main problem is that just as if you outlawed the sale of lawn-mowers without specific features, there's nothing stopping people from using their existing lawn-mowers (or even building their own ones)anyway, the current encryption technologies won't go away. There's nothing stopping anyone from saving existing tools, or the source-code of existing tools, and keep using then. The only difference would be that such encryption, and the protection it brings with it, would now be restricted to the very criminals that the outlawing of the tools meant to stop in the first place.
Edit: As for the outcome, keeping encryption from everyone but criminals is outright ridiculous. It might get to some of the businesses selling specialized solutions catering to the people law enforcement is after, but in the end it will just result in the baddies simply moving away from those platforms and onto other platforms that are out of reach of EU law-enforcement. That leaves us with everyone else having a big target painted on them because this time we know there's a backdoor in their product.
There are a lot of risky things we do all day anyway, like driving any car or walking close to road. Those things are still incredibly safe.
Perception of risk is not actual risk. Yes, everyone dies, but that's more of a biological fact than a statement about how safe this world is. If you're really worried about you and your family, watch what you eat and hit the gym a bit, because statistically it's going to be a heart attack that gets you.
Everyone. Everyone dies. That includes you and me. The question is not if but how and what you do with the time you have.
On any scale between a human lifespan and the whole of human history, now is a pretty safe time to be alive.
In other words, obesity comes from worse diets. The working classes are bombarded with corporate foods that contain way too much sugar, etc.
It afflicts the poor in relatively comfortable and safe nations.
These are diseases of overpopulation, loss of freedom and control over one's life and general lack of anything to live for in the future. Mouse utopia comes to mind.
It's true that obesity is an affliction related to poverty; but it is related to poverty in nations of relative wealth and comfort. Access to that cheap and terrible food relies upon a logistics system that is heavily resistent to famine and blight.
Those in poverty who are dying from obesity related diseases are not dying in work place accidents, and are not dying in war or from untreatible infections. They didn't die in a pandemic.
The opportunity to die of obesity related diseases is tied to the relative safety and comfort of the nations in which the late individuals were impoverished.
What you are more talking about is the Politicians overstate the chance of dangers and they do it on the most evocative of topics (ex: terrorism, CP, etc).
A high danger we're in is from the potential for our governments to entrench their own powers and encourage potential future totalitarianism for small benefits here and now.
by Franklin D. Roosevelt
For example, in the weeks leading up to the election, CNN ran a sidebar on the screen to continuously show current statistics on covid deaths, all day. The sidebar vanished on election day, and has not returned, even though covid death rates are worse than ever.
You mean cases? They usually go for the biggest number they can display rather than the most informative.
It is by definition. Their ambitions haven't changed the last 30 years.
Actually you can have your cake and eat it. What you can't do is eat your cake and have it :-P
Well, you got the point. In french, we'd say: "You can't both have butter and money for it" -- greedy butter sellers.
And in Hebrew it's "You can't eat the cake and leave it whole" or "you can't hold the rope from both edges".
1. Terrorism and trafficking of children will win the moral high ground.
2. App stores will be forced locale by locale to conform to these policies.
3. Most people will not notice or care.
4. This will be used by N-Eyes and totalitarian governments to quash dissent.
5. Meanwhile the tech crowd will create alternate app distribution mechanisms allowing those who care to communicate securely.
6. Those secure methods will be used by people with the most to lose. (e.g. the drivers of point 1)
Given this predictable series of events I see the primary question as: How do we prevent (4)? How can we make people secure by default again and make adoption easy in the face of app store capture.
> The term was coined by Timothy C. May in 1988. May referred to "child pornographers, terrorists, drug dealers, etc.". May used the phrase to express disdain for what he perceived as "Think of the children" argumentation by government officials and others seeking to justify limiting civilian use of cryptography tools. Connotations related to such argumentation continue to be attached to the phrase, and it is more commonly used by those who wish to deride various restrictions on Internet activity than by those who support such restrictions.
• By ensuring there is always an opposing power.
• By maintaining democracy, by which I mean the tenet of electing governments from the citizenry as well as by the citizenry, and specifically rather than any of the oligarchical forms.
• By maintaining the rule of law.
The consequences being, if all encryption is backdoored, then any encryption used by politicians is by definition eavesdroppable by their opponents and enemies. Since all politicians thrive in a web of mendacity and confidences, they have a strong incentive for strong encryption, and will eventually terminate/abandon legislation that weakens it.
Any politician that threatens otherwise is therefore a) grandstanding, and/or b) using the issue to leverage/negotiate something else.
• Any government seriously implementing such a plan is operating as an oligarchy rather than a democracy, and will have plans to defend themselves from the surveillance imposed on the citizens.
• The first instinct of every would-be oligarch is to undermine the machinery of democracy and compromise the rule of law.
c.f. Utopia (Australia, 2014) Season 4 Episode 4 "Mission Creeps", and probably at least one Jim Hacker moment.
8. Privacy activists will leave group 6 by attrition, further reinforcing justification by authorities for 7.
Privacy only works well when everyone has it.
In my view there is a good chance that (2) will not be EU law for the foreseeable future, although this does require some opposition work. I guess one can see it as education of the politicians (the commissioners in this case).
Educate the Comissioners? The president of the Comission is an ex home secretary ie. a lady with a policing mindset just like Theresa May, only allegedly corrupt. Somehow her phones were wiped clean when required as evidence in a recent investigation. The irony of this legislation is that it could expose her own doings.
The Comissioners were told to use Signal after Bezos' phone got trojaned through WhatsApp. Encryption is only good when it's for their own benefit.
As is always the case with these fights, the fundamental fact is that the war is asymmetric. We have to be right all of the time, they have to be right once. We have to break all encryption everywhere forever, they have to find one non-backdoor'd solution.
If you really hold the backdoor proponents' feet to the fire, they'll admit that yes, this is true, but at least with a backdoor you can catch some of the terrorists/child abusers/etc, some of the time (of course, you only get the dumb ones...), and we wouldn't want to let the perfect be the enemy of the good. But of course, saying you want to compromise all privacy in the developed world to catch a few dumb traffickers doesn't get votes.
You can also solve this with a webpage, this way it can be used on all devices.
The point is that creating a secure channel few users use is pretty trivial unless you outlaw crypto libraries. These laws can only take down apps/websites in mainstream use.
Even regular GPG-encrypted email using random rarely used email addresses will work quite fine.
Making an Apollo program requires a bit more than ctrl+v.
I hope that if we ever reach a steady state, it will be unbreakable privacy.
We need actual software like https://Matrix.org or https://qbix.com/platform to be good enough that people will install it. Like the Web Browser did killed AOL and MSN. Otherwise we will live with Facebook Google etc. and this is moot. But that is just the beginning.
Secondly, we need open source hardware. We are nowhere close to competing with Apple and Android. But as we have seen over the last 20 years - there is a war on general purpose computing and the closed systems have started to win. Just today I read that Android doesn’t let you take a screenshot of your own phone.
Third of all - the open distribution mechanisms you rely on today to not block you (eg web browsers) can be closed or ship updates with backdoors tomorrow to most users. Apple and Google together control most of the market. It isn’t hard to pressure them to do this.
Apple blocked blockchain dapps being distributed on iOS, unless they are made by an Apple developer whose app they can revoke. Amazon can yank your movies and books out of your hands.
Anything you think is secure (eg secure enclave) may not be. Trusted Computing Environments are made by two companies essentially.
In fact, I am surprised that more “stuxnet” attacks arent done in nuclear reactors across various countries. As self driving cars get hooked up to the net or delivery drones become ubiquitous we may see massive vulnerabilities that can be exploited all at once. Not just by state actors but anyone. Really scary stuff.
Sadly the same entities locking down the computing devices also start requiring uplinks to their servers and can push any updates. Regular people are at the mercy of corporations and the state.
Unless open source companies step up and build a decentralized hardware distribution infrastructure, with multiple actors (like VOIP relaced centralized telephone switchboard operators) all these arguments are moot. There is a handful of tech companies whose arms need to be twisted and that’s all.
To be honest ... I no longer think that end-to-end encryption is the right solution to human rights problems. If citizens are reduced to sneaking around and denying their activities to survive, their governmental system is way past due for fixing. This is like the “good slave owners” delaying the abolition of slavery. You’re solving the wrong problem.
I believe that crypto is needed to secure decentralized byzantine fault tolerant systems like Ethereum etc. to be TRUSTED, not to hide information. Signatures, not encryption, if you will. If anything, it is the government who doesn’t want encryption to be broken (eg of copyrighted DVD content etc.) and there is an inherent contradiction since anyone who consumes unencrypted content can reshare it.
What we really need is to decentralize the personal data in many places, and use zero-knowledge proofs for attestation, but that is different than encrypting and hiding information.
Many of the common tools (both hardware & software) that common people use are at the hands of few, who can abuse the users themselves or at the request of the Government.
> To be honest ... I no longer think that end-to-end encryption is the right solution to human rights problems. If citizens are reduced to sneaking around and denying their activities to survive, their governmental system is way past due for fixing. This is like the “good slave owners” delaying the abolition of slavery. You’re solving the wrong problem.
Not many seemed to care to click the link in that thread. If one did one would know that it was to a bug report and a fix was even posted in the same link. Screenshots work just fine.
The bug report was for not being able to screenshot in situations when it wasn't actually disabled.
The fundamental problem that the GP is referring to and that demonstrates the loss of control over one's own devices is that it _is_ possible for apps to disable making of screenshots to begin with.
I have written a far more extensive post just now on HN that fleshes out the overall argument against focusing on encryption - please read it here and we can discuss:
> No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
I mean wearing my programmer goggles it doesn't state privacy AND correspondence but OR, but still. Not having your personal conversations get intercepted is not too much to ask for, is it?
I mean I get it, if they have a reasonable suspicion they CAN intercept your communications (listening devices, intercepting the phone conversations), but this is not a right they can claim on anyone, and they shouldn't be able to force companies to allow them to listen in. Not arbitrarily anyway (see: Snowden revelations, where it was proven that the NSA just hoovers up anything and retroactively checks if there's anything wrong in there)
In other words, “encryption” needs to be listed there as a right, to remove any room for interpretation. Or explicitly listed as an example of a more general right, like the right to private speech (or whatever you want to call it).
And considering the retrieval would certainly be breaking at least a few laws, the people who are going to pull it off are going to be
- nation states
- large criminal organizations
- large corporations (corporate espionage)
So you arguably defeat the entire purpose of having encrypted data streams. Sure, the barrier of going and "stealing the keys" is still there, but given the track record large governments have at not leaking data, it is safe to say there would be little barrier aside from legal ramifications if caught.
It’s the same basic idea as an envelope, as in you need to open it to see what’s inside. However, opening it up inherently breaks the object so if you have it unbroken then it’s obvious that nobody has done so. XRay’s being an obvious risk.
That's true, you have to rely on Sony executives to tweet them out instead. https://m.slashdot.org/story/147470
"really locked" is using a wholy misused modifier. Neither are we talking about royal priviliges, nor the distinction to virtualized fantasy. The necessary capability of encryptian is effectivity. The effectivity of regular locks is indeed a matter of concern in the security industry to begin with, as lock picking sessions at Defcon make clear. But, if the fireman's axe shreds the frontdoor, at least there will be no denying that you have been literally hacked.
Now digitally, that's not true. You can keep collecting data without anyone knowing at an unprecedented scale.
But still what? The logic is perfectly correct; ~(a | b) = (~a & ~b)
The courts may not view the police, with a warrant, wanting to see your texts because they believe you're doing something illegal as a form of 'arbitrary' interference.
This new proposal sounds nutty to me, but I think that our various constitutions provide for the possibility of government access to private stuff given legitimacy, proportionality etc.
E2e encryption that is "safe from courts" isn't protected.
They can't do that to the entire public at once because it's not economical, but that's the point.
If cell phones had e2e encryptoions so the normal court-order landline eavesdropping disappeared from law enforcements' toolboxes - there is zero chance they would ever have been allowed in the hands of the public.
But they haven't. They can physically install a listening device at the location in the warrant and thereby record any conversations you make from there. That gives them the same capability they historically had with landlines.
For every phone, you can just slip an antenna under the case (or in the phone's body) and pick up the LCD switching interference – faint though it may be – and figure out what's on the screen from there. Or, you know, CCTV.
Encryption-for-the-masses merely protects from mass surveillance; anyone protecting themselves from targeted surveillance isn't going to suffer from an encryption ban.
Also, so long as metadata is available from cell towers, you can still use the most useful piece of data: that someone's phone was at a crime scene, even if the communication itself was encrypted. That will always be the case (unfortunately also in authoritarian regimes).
Counterpoint: yes it is.
The long story is that encrypted files alone are no use to anyone, so the courts have no more right to it than anyone else. The decrypted text is a different matter. It's supposed to be protected. So you are saying, eventually, if I may interpret it that way, that speech which is protected from the authorities including the courts is not in fact protected from the courts.
Oh, ok, that's not even illogic, just paradox.
Problematicly, if you consider the abstract danger of a key cypher pair a threat, the same goes for the legislatator court partnership. The courts aren't a threat as long as there's no legislation that opens them up to it. So, clearly, the legislation is key to the infringement. This means that legislation has to act in accordance with legislation, which is as difficult to understand for regular joe as function pointer semantics in C++. So it appears to say, simply, that legislation has to act...
That's you and me. Actually though, the law is accordingly a huge tower of abstraction. The moment you try to dereference "the law" it blows up into your face, a group of skilled experts has to drop into debugging mode and, eventually, has to decide if they want to have their access limited even in debugging mode. Well, the system was designed for the hypervisor kernel to access all areas, this seems to be a problem of the virtual OS handling the capabilities for userspace incorrectly.
Bug closed: won't fix.
> Everyone has the right to respect for his private and family life, his home and his correspondence.
unfortunately it also has exemptions for anything a government could reasonably use as justification to restrict this right:
> There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
Imagine that some unnamed corrupt government treats your telegram messages as correspondence, but not encryption keys. It then orders Telegram to release said keys (pinky promising not to do anything nefarious with them) because they aren't considered correspondence.
It so happens that there's no point in taking out a warrant against the man-in-the-middle, because he has no access to begin with.
You'll have to get a warrant against one of the ends.
What these proposals would end up doing is to force people to weaken protocols and start spying as a man-in-the-middle, just so that they can be targeted by a warrant.
This is just a little bit silly, I feel; and doesn't really help anyone. I don't think that authorities realize that that is what they're asking for. Usually when it gets explained to them, sooner or later they relent. And then a few years later someone replaces them, and it happens all over again.
So how decides when an attempt is just? Did the British think the American revolutionaries were just in declaring independence?
- Everyone has the right to respect for his private and family life, his home and his correspondence.
- There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
(I'm not feeling bright enough to comment but this seems extremely relevant)
Prevention of not just crime, but also disorder? The economic well-being of the country? Protection of health or morals?
I suppose it's better to pay lip service to Right to Privacy, instead of completely ignoring it altogether. But this is not a human right.
That sounds more like declaration of “human rights” by China than by EU
It is too easy for many politicians and security agencies to think that their master keys and backdoors won't ever fall into the wrong hands, that they're careful, etc. And if you point out the problem, they'll tell you they'll be even more careful.
Think about it from a non-techie perspective. I don't think most people even understand the concept that a message that goes from sender to recipient in WhatsApp can't be decrypted by Facebook, let alone by anyone else. I don't even know if there is a common analogue-world comparison you can draw, this is an utterly new concept for people who don't understand encryption.
Privacy is a human right in Europe. I don't think it's a pipe dream to give encryption some good PR, especially when it powers the internet, keeps your payments safe, protects you from bad guys, etc.
Pushing hard on the concept that Encryption == Privacy is very important. We should not call intentionally-backdoored crypto "Encryption", but something obviously bad such as "Open-Door Fake Encryption", or whatever actually speaks to people.
Don't assume that "we" are happy about that. You might be; others are not.
Unbreakable encryption should be available to everyone, and straightforward for everyone to use, and used by default rather than only for "sensitive" information. Unbreakable encryption should be so widely used that the thought never even occurs to anyone to associate it with wrongdoing. Communication using unbreakable encryption should simply be "communication".
I don't want to suggest everyone is happy with the status quo, but it's at least not one of the top items on everyone's agenda for change.
> Unbreakable encryption should be available to everyone, and straightforward for everyone to use, and used by default rather than only for "sensitive" information. Unbreakable encryption should be so widely used that the thought never even occurs to anyone to associate it with wrongdoing. Communication using unbreakable encryption should simply be "communication".
I agree with you - but I also doubt it will happen. Not because of some government conspiracy but because I don't for a second believe that people would choose "government can't tap a criminal's phone call or text messages even with a court order" as an acceptable drawback for the benefit "my own conversations are always secure". I really don't. I'd be happy to be proven wrong though. So I simply don't think there is any democratic pressure for it.
We need to very clearly and universally make the message clear: there's unbreakable encryption, and there's broken encryption, nothing in between. Anything that purports to be in between is either broken or soon will be.
Make sure the terrorists can't find and research targets.
Make sure child molesters can't get at your kids.
Make sure bank robbers can't get at banks.
Make sure organized crime can't spy on the police and thwart police actions. Etc etc.
If anyone calls me on a regular phone call, I'm always aware of this.. It's that nasty feeling of being spied on that's really the main reason I hate this so much. The government shouldn't have any reason to spy on me but spying on everyone is simply becoming the norm because they can.
"A policeman's job is only easy in a police state." — https://en.wikiquote.org/wiki/Touch_of_Evil
> as a genuinely terrifying prospect in plenty of TV shows.
Probably for a reason:
This is a genuine question because it's a counterintuitive notion to me since I find the lack of E2E encryption scary.
It's obviously even more scary (an existential threat) to authorities that are used to be able to do mass surveillance of messages in transit (Such as the NSA).
knives are scary
Having the higher-level source code just makes it a lot easier.
But if WhatsApp did this, it would probably be noticed pretty quickly by experts. But like I said above, Whatsapp's achilles heel isn't really the E2E encryption. It's the cloud backups.
If it was open source there is some chance a backdoor would be spotted (eq. by Linux distropackage msintainers), but not when a company is pushing obfuscated binary blobs preatty much directly to users.
And of course these stores could have secret functionality for shipping targeted updates.
But if it exists, this means that 1) none of the developers working on the store backend decided to leak info about it and 2) none of the targets have had an expert look at their device to find an unusual update that wasn't seen by anyone else.
Over time, the probability of either of those things happening would be going up…
It's hard enough to explain the easy, obvious stuff like tax brackets. You think people have a native understanding of encryption?
It’s easy. Tell people they’re speaking English to one other person who also speaks English at a dinner table. No one else in the world speaks English. You can look and sound like you’re talking about how excellent the food is, but really you’re saying how terrible it is... and no one on earth will ever know, other than the one person who understands you.
- In your example, the contents can be deduced from the "encrypted" data, without the key. Indeed, there is no key, but rather a complex dictionary transformation.
- A "backdoor" is merely teaching GCHQ to speak English. Sounds perfectly reasonable in your example.
I'd argue the exact problem is that politicians have the particular understanding of encryption that you just gave.
You need to communicate two things:
1) Why backdooring safe encryption irreversibly breaks it for everybody
2) Why that's a bad thing
1. Encrypt as normal.
2. Given a language model which can generate a choice of multiple possible next-symbols given what has already been written, use bytes from the cypher text to choose between the available options.
For example, using the predictive text options on my iPhone, and treating 0=left 1=right, the cypher text 011100 and the starting symbol “Hi”, I get:
“Hi I have heard from the other”
(Note: I’m fairly sure the iPhone predictive text system is personalised and therefore time-variable, but the general idea still applies if you are in full control of the system).
3. If the other party knows the model and the initial word, they can use an equivalent process to recover the cypher text and put that into the normal decryption routine.
If the government is just going to force specific companies to add backdoors, then the process above isn't really necessary, you just need a way to install a client that isn't backdoored. If, however, the government is banning the sending of encrypted messages, then you have to hope that a jury doesn't see your long pointless messages as strong evidence of using encryption.
To improve slightly upon the language model example given above, though, I suggest something like this:
Don't legal people routinely just take few word sentences and rewrite them into long paragraphs of aforementioned hereinafter notwithstanding including but not limited to senseless nonsense?
If I started writing long paragraphs of aforementioned hereinafter notwithstanding including but not limited to senseless nonsense, I’d be really obvious — at least to a human, not sure if current AI would notice me yet.
(Of course the public existence of software that does this could definitely make that excuse less convincing.)
You’d have to be very careful to seem “normal”, as carelessly doing that can change the entropy in a detectable way even for the least significant bits — the least significant bits saved in something like JPEG is not the sensor noise, it’s the smallest stuff that humans pay attention to.
Found this related question on Crypto Stackexchange: https://crypto.stackexchange.com/questions/32767/how-to-disg...
The question of interest is "how to generate sentences that allow the most dense insertion of data?".
The best two I saw were:
* Used a copy paste (with link) of tweets / jokes / song lyrics with trite comments around them.
* Used an html formatted email with images embedded. The images were fiddled to hold the bulk of the payload and the surrounding sentences were just to describe the image to give it authenticity.
The funniest was a dirty poem generator based on an oracled (to inject the payload) monte carlo sim. It ised historic dirty letters and all sorts of poem formats.
This was at a hackathon in Hampshire (uk) ~2014
I was born and raised in a country occupied by communist invaders, so I know very well how unbelievably horrific it was to live under continuous surveillance.
Despite the many Western fiction works, either movies or novels, which attempted to describe how life was in the Eastern Europe and Soviet Union, I have not seen any that succeeded to really convey how awful that was, because it is very difficult to imagine it when you have not experienced it.
After 1990 there was a short time when things seemed to be improving in the world, about the human rights, but that did not last for long.
After 2000, the Western countries began to resemble more and more every year with the communist countries they were formerly criticizing.
This sad evolution concerns not only the continuous attempts to restrict the basic human rights but also the continuous reduction in competition in the economy, by more and more mergers and acquisitions.
Despite what some say, the socialist economies were not really different from the capitalist economies, but they were identical to the extreme form of a capitalist economy, where, in the absence of regulation, everything is produced by monopolies. Now, with the exception of few domains where there is still vigorous competition, even the American economy is so much dominated by quasi-monopolies, that it resembles more to the old Russian economy than to the American economy of 30 years ago.
Twenty years ago, when I designed some electronics hardware, I could search the Internet for the datasheets and manuals of possible components and I had many possible choices for each of them.
Now, for many key components, I have only one possible source. Moreover, for many important components that I might use, I cannot really determine whether they could be used, because their technical documentation is provided only after signing an NDA and only if you intend to buy really large quantities.
Such changes were very gradual, so for those who did not live enough to span several decades of experience, the way things are done now may seem normal, but they are not and they are definitely worse than before. Now it is far more difficult to innovate.
Regarding surveillance and encryption, most Western people, who have not yet experienced the extreme abuses towards which the current legislation slowly evolves, are very naive and they do not understand how dangerous this really is.
The irony is that now the Western countries are trying to make lawful things that not even the communists had the courage to introduce in their laws.
Even in the communist constitution that was valid when I was a child there were constitutional rights for the secrecy both of the phone conversations and of the mail messages.
Obviously, like the NSA, the secret police did not care about what is lawful and what is not, so they intercepted any mail message or phone conversation they desired, but at least there was no doubt that their activities are illegal.
Fortunately, they did not have the technical abilities to intercept all the phone & mail communications, like today. Otherwise I would be still living in a communist country.
Because of my experience, no matter what abusive laws might be introduced in the future by corrupt politicians and no matter which would be the consequences, I would never recognize that any other human being has the right to command me to not encrypt any information that belongs to me. Equivalently with being against the interdiction of encryption, I would also never accept that any human being has the right to demand that I must answer to any question, if I do not want to answer.
Of course, if that question had been in the context of a legal investigation, refusing to answer some question may be considered as evidence supporting the supposition that the questioned person might have done something wrong. Therefore that person might be punished for what he/she is supposed to have been done, if being guilty is considered certain enough.
However, punishing the person just for refusing to answer a question, without any evidence strong enough that the person has committed any other crime, as it is frequent now in the USA, this is something that I consider to be an unacceptable abuse and a breach of the most basic human right.
It is doubtful that it will see something like encryption that allows speech and communication at a distance without government knowledge or control as a basic human right. After all, if some speech is so dangerous that it cannot be posted online, then we should make sure it is not spreading to who knows what kinds of people without government knowledge.
Of course it is, it's called freedom of opinion, simply some opinions are considered crimes by the EU law system.
Removing a post that incites someone to commit suicide or to kill someone can save the poster from being prosecuted.
Private communications are excempted though, unless they need to be used in a trial after a judge authorized it.
He was 4 years old.
If you read again what I wrote it's already there: free of opinion doesn't mean that all opinions are permitted, because some of them are crimes.
Anyway, if you know Berlin you should also know that there have been a spree of neo-nazi violence lately and the police is not doing much to stop it (I lived in Berlin for a few years)