There is also the aspect of organized crime using encrypted communication.
A recent example being EncroChat, with 6000+ suspects arrested (~200 high value targets).
I'm NOT saying we should dispose of encryption and privacy, but there needs to be modern solutions to modern problems.
Personally I can favour privacy intrusion, if and only if, there are checks and balances. E.g. any misuse of invasive technologies would result in whole government (senate, congress, president, supreme court) goes to prison for 25 years minimum w/o pardon.
> Personally I can favour privacy intrusion, if and only if, there are checks and balances.
There really isn't a possibility for "only specified individuals, under specific conditions, can bypass the encryption", because it will never last. And once it's broken, it's broken forever.
> E.g. any misuse of invasive technologies would result in whole government (senate, congress, president, supreme court) goes to prison for 25 years minimum w/o pardon.
You have to factor in misuse of the misuse legalisation too. It would certainly be tempting for some types to false flag a misuse.
It was a drastic example, but they are all responsible somehow for the laws. And something as serious (imho) as bypassing encryption and have insight into peoples communication/minds.. Well, it needs a huuge counterweight in case it goes wrong.
As corny as it sounds, with great power comes a lot of responsibility.
The problem is the slippery slope as things get (re)defined.
Terrorism used to mean people who planted bombs or caused mass murder to terrorize a population, today it means something very different. Racism used to mean something very specific, now it can be hurled at someone wanting immigration rules. Hate used to mean something, now it means strong disagreement.
Spying used to be about monitoring external threats, now it means anyone any law enforcement thinks needs monitoring for whatever reason. It’s expanded so much that just about every suspect in anything was “on the radar” but because so many are on such radar, they don’t have the processing power to deal with them.
G.W. and Obama were happy to redefine what torture was. Neither got in trouble and are happy to still work behind the scenes moving political machinery.
I cannot assume you're reasonable - especially when it's obvious that you have failed to google the subject or done even a modicum of good faith research.
I used to try to make the 'hoisted by your own petard' arguments to no avail. I think it's important to understand that the state allows and in fact in many ways encourages progressive dissent as a tool to curtail civil liberties.
Once civil liberties have been dismissed the progressives will no longer be needed and the dissent will no longer be tolerated. It will be a very different world.
I think the anti-Israel war-crime protestors found themselves rather surprised when they were no longer treated with kid gloves and treated rather harshly. I think principles are only principles when they have a cost, otherwise they're a fashion, so the the anti-Israel protestors are the progressives I most admire. I'm not brave enough to throw myself against the gears of the machine and have elected to operate in other ways.
Possibly because the illicit drug trade is using and abusing software developers that got caught up in it and are then threatened with violence if they don't continue to operate encrypted phone and chat services? Or the scenario of substance dependence where a software developer can't afford to pay for their substance dependence and provides services instead. For the illicit drug trade, the software developers and everyone using the apps are most likely just disposable pawns. The big bosses would have done the sums and figured out that having their own apps and ICT systems increases their profits, in part because of the frustration and distraction to law enforcement.
The thing that caught my eye in particular is how little the illicit drug trade is seemingly spending on their ICT.[1] The whole scheme of providing 600-odd "burner phones" for use by the illicit drug trade seemingly had revenue of AUD$1.5m every 24 months (assumed replacement cycle for hardware) plus some unstated amount of recurring support/chat app license revenue. This unstated amount is likely quite small given the alleged application developer was charged with an offence for receiving proceeds of crime to an amount <AUD$100k. When taking away the $1.2m in expenses to purchase phone hardware every 24 months, that leaves some amount just over AUD$150k per year to customise off-the-shelf phones with additional security features useful to the illicit drug trade and to develop and maintain a custom encrypted chat app. From that AUD$150k per year one has to take away expenses such as purchasing computers and test phones before arriving at a profit/salary.
I struggle to think of a reason why someone would voluntarily work for the illicit drug trade whilst being remunerated so poorly versus a typical Sydney-based app developer?
Quite possibly the best thing that has happened to the application developer is getting arrested _and_ importantly, also being charged with failing to cooperate with police.
> The whole scheme of providing 600-odd "burner phones" for use by the illicit drug trade seemingly had revenue of AUD$1.5m every 24 months
In today's Australian News:
Police have dismantled a criminal network in Sydney they allege sold $1.8 billion worth of cocaine in four months
The gang, dubbed 'The Commission', was allegedly involved in the distribution of more than 1.2 tonnes of cocaine across Sydney over a four-month period, which police say equated to about 6 million separate drug deals.
I have no knowledge of the gang relationship to the software developer here, whether in fact that developer ahd a drug dependance or not, they may well have been the sort that enjoys anti-normal activity and got a kick from having a secret unsuspected life.
The appeal to a gang of an "independant" secure comm network under their watch is "knowing" (there's the rub though, how certain can you be) that it was "clean" of LEO monitoring unlike, say, recent "secure criminal comms" popular in Australia that were actually developed and sold by five eyes agencies to entrap criminals with.
“Authorities in Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States worked with Europol and Eurojust, the European Union Agency for Criminal Justice Cooperation, to map the platform’s global infrastructure” [1].
Going to withhold judgement until we get more details on how they operated and marketed themselves.
A colleague and I have devised[0] a messaging system that is encrypted, and resists traffic analysis. This is of legitimate interest to people have have reason to fear the authorities in their areas ... people like journalists.
And freedom fighters. And "The Resistance".
And ordinary people like you and me who simply don't want the Government to sweep up all our communications, eventually break it, and then mine it for anything and everything.
And yet, if it's genuinely secure we are at risk of being arrested and charged with anything they can think of, because it might be used by "the bad guys."
So what do we do with our invention?
[0] Please don't respond with things like "Never roll your own crypto".[1]
[1] Nor with Schneier’s Law[2]: “any person can invent a security system so clever that she or he can’t think of how to break it.”
[2] It dates back even earlier[3]: "One of the most singular characteristics of the art of deciphering is the strong conviction possessed by every person, even moderately acquainted with it, that he is able to construct a cipher which nobody else can decipher. -- Charles Babbage, 1864
Added in edit: I genuinely don't understand what's triggering the downvotes here. Is it just that you don't believe me? I was kinda hoping to get some genuinely useful feedback.
I've been in your exact shoes, 20 years ago. I came to realize that any privacy technology is very quickly adopted to cover up unsavory things. For every legitimate case you'd see 10x of shit you wouldn't want to touch with a long pole, ever. Unfortunately, that's life.
Ultimately, your question is that of ethics, so the answer depends on you. It's only you who can decide if the benefits of providing journalists and freedom fighters (presumably those aligned with your world views) with secure messaging will balance out all the harm it will do when abused and misused.
One (sort-of) solution here is to provide a self-hosted version of the system only. This will still have the same ethical baggage attached to it, but it will be somewhat dampened by the fact that you aren't directly enabling and facilitating any shady stuff. Not promoting it and keeping it reserved for your circle is another workaround.
You can always open source it like signal. No one is trying to arrest those guys. Break it yes but not arrest them. They aren't marketing to criminals, anyone can use it. Actually those people you mention are already served by signal, so curious what additional value add you bring
> ... those people ... are already served by signal, so curious what additional value add you bring
Signal is centralised, and is susceptible to traffic analysis.
Our system uses standard, well-established existing cryptographic primitives in a novel way and is decentralised and, as I say, resists traffic analysis.
Start with a reality check. It's not "might". If it gets popular, this app will be used by criminals (in an objective way not politics-subjective) and you need to live with that idea. You'll be supporting people fighting for freedom as well as people planning murders for material gains. You don't get to choose and if it works correctly, you won't be able to tell them apart. You may end up running a 100% mafia-supported system. Are you ready for that?
(I'm suggesting that, because your message seems to be still very rose tinted...)
Its a very interesting problem and I suspect it will be very difficult to separate your ethical beliefs from your business model. However, if what you have, is genuinely novel and ‘works’, I think you need to decide on the vision of your business and are you primarily selling to consumers, companies or governments. The latter option may reduce the risks you describe.
I added a lot more in the previous thread from yesterday (didn't get on the front page but would be good to merge into this thread)[1]. In summary:
Australia has laws such as [2][3] (in the state of NSW) which prohibit possession of encrypted communications devices which are deemed to be purpose designed for use in the illicit drug trade or some other defined criminal purposes. The accused application developer/administrator is alleged to have specifically built the application for use in the illicit drug trade with no other reasonable reason for the application existing. Access to the application was by invitation only with allegedly 600-something installations out there, with these installations stated to be overwhelming associated with the illicit drug trade and criminal groups.
In addition to outlawing encrypted communications devices deemed to be designed only for use by criminal groups, Australia has multiple other laws that compel anyone able to assist with breaking into a computer system or messaging service to do so. In this case, it appears a warrant allowing the application to be backdoored was granted, and this backdoored app was then distributed to the 600-something devices allowing messages to be read. The accused application developer/administrator seemingly wasn't aware. Likely it won't be revealed what the exact method used was, but it could theoretically include black bag operations and compelling third parties to assist with access to data centres, servers, networks, etc.
Seemingly the primary concern for you is if at least one person using your code is in the illicit drug trade (even if 99.99% of the other users of the code are law abiding citizens), you could perhaps be compelled in at least Australia (but also a rapidly growing list of other countries) to insert a targeted backdoor into the code. A similar situation to the xz-utils backdoor but with a law-abiding developer being compelled to insert the backdoor themselves. Or alternatively, if you host the code on GitHub or on a rented server, Microsoft or a hosting provider is compelled to hand over the GitHub account or rented server to assist with attacking the target illicit drug trade user. With more and more countries copying this attack model, it'll seemingly wreck havoc on software supply chains and the software industry generally. Software will become increasingly nationalised and the Internet's global reach further dismantled. Possibly it will become quite difficult for software developers to take a holiday or attend a conference in a different country.
Possibly the best current defence against such supply chain attacks is something similar to Gentoo's package repository (monolithic Git repository) which ensures software cryptographic checksums are shared globally. For a supply chain attack to work, malicious software is required to be distributed to everyone at once, thus making the supply chain implant detectable and observable to everyone. Some of the more recent attempts at introducing Software Bill of Materials (SBOM) also try to achieve a similar objective. All of these have a single-point-of-failure aspect, which an alternative distributed ledger approach helps solve.
> genuinely don't understand what's triggering the downvotes here
This is an emerging story about a globally-coördinated takedown of an allegedly-criminal enterprise. Drawing equivalence between that and what you’re working on, and then pitching the latter as the protector of journalists, freedom fighters and presumably Bambi comes across as presumptuous. (Your comments 0 and 1 also partially undermine the notion that you’re genuinely seeking feedback.)
More directly: talk to a lawyer. This isn’t a quirk of Australian law, given it was a coördinated mission including America, Canada, Europe, Australia and even Iceland. My guess is this guy was knowingly receiving payment from criminals doing crimes generally considered as much. But we don’t yet know, so any advice rendered is specious.
TL;DR You may be getting downvoted because of the way your comment is written. Not its content.
> Your comments 0 and 1 also partially undermine the notion that you’re genuinely seeking feedback.
We're not asking for feedback about the cryptographic aspects. Almost every post like this triggers the "Don't roll your own crypto" response, but we have that covered. That's why I put points [0] and [1].
I'm genuinely seeking feedback on: Assuming that what we have actually works, and given the current tension between security and freedom, how should/could we proceed?
> pitching ... as the protector of journalists, freedom fighters and presumably Bambi comes across as presumptuous.
I honestly didn't read it like that. Thank you for the different perspective. Next time I'll keep that in mind.
reply