Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
UK is spending £500k on a PR campaign demonising end-to-end encryption (theregister.com)
518 points by FinnKuhn on Jan 20, 2022 | hide | past | favorite | 108 comments


*This is the same government-party which make extensive use of such technology https://www.google.com/search?q=tory+party+whatsapp+groups+e...

*You might start to think they dont practice what they preach, we know they like to party https://www.bbc.co.uk/news/uk-politics-59577129

*If they dont actually belive in the thing they promote, hmmm i wonder who is getting these contracts https://www.theguardian.com/politics/2021/mar/28/high-court-...


Oh don't worry they will still have access to their signal.gov.uk -- national security is too important!


As Sir Humphrey says in Yes, Minister:

The Official Secrets Act is not to protect secrets, it is to protect officials.

[1] https://anilnetto.com/governance/accountability/come-on-guys...

This one doesn't have that quote, but I couldn't stop laughing when watching it:

[2] https://www.youtube.com/watch?v=r-s-Y4xA9pk


YM/YPM aged so well!


Amazingly, "The Thick of It" is filmed only 20 years later, but feels like many generations apart.


Thanks. Worth checking out?


Fantastic series, full of pragmatic cynicism like YM but completely completely different world.


Watched their little ad, the text goes scrambled and the scary subwoofer comes on. "Don't give them a place to hide, oh please, let us constantly monitor every reasonably accessible message in our entire society at the hardware level because some marginal percentage of the people out there are gross predators".

Five eyes, burgers and lies; at it again.


It's funny, just a modicum of common sense should tell them that the biggest problem is the government themselves. There have been a number (to understate it) of high profile cases of "gross predators" in Britain who were allowed to operate freely with the government fully aware of what they were doing and turning a blind eye to it or even protecting them.

It's not that breaking encryption could not solve any crimes or help people (on the contrary it clearly could and if we had a perfect benevolent government that was immune to corruption and incompetence we may well want them to have a crypto backdoor). The problem is that governments have clearly and repeatedly demonstrated, by their actions, that they have no intention of using powers like this to help the common person or to better society. They use powers like this to protect and enrich the government and its friends.


This is not surprising at all, as a nation that is second only to China for its density of CCTV surveillance in public places would hate that anyone have the capacity to elude constant monitoring/"oversight".


CCTV has become almost entirely useless when anyone planning on committing some crime just wears a hoodie and face mask. Tracking via the internet and peoples phones is so much more effective.


wouldn't criminals just start leaving their phones at home then?


Not impossible this completely backfires. With trust in the UK government, police and state institutions at pretty much an all time low. Them demonising it will quite possibly result in more people really wanting it.

Kinda like when they poured their entire propaganda machine into staying in the EU.


Tech, law enforcement, and media, folks aside, people will collectively shrug and move on. To most, it's all abstract fights about other people's problems, like most banking regulations are to me, no matter how much they might impact me. See James Comey/FBI vs Apple, Apple iCloud CSAM scanning, etc. etc. etc.


Wow, these guys actually made a pro-surveillance campaign with the slogan "no place to hide". I guess they should also use the URL of miniluv.gov.uk if they're already going all in.


An interesting viewpoint from the UK's privacy and data protection regulator:

https://www.bbc.co.uk/news/technology-60072191

Stephen Bonner, the ICO's executive director for innovation and technology, said end-to-end encryption helped keep children safe online by not allowing "criminals and abusers to send them harmful content or access their pictures or location".

"The discussion on end-to-end encryption use is too unbalanced to make a wise and informed choice. There is too much focus on the costs without also weighing up the significant benefits," he said.


That means it's working. The more noise they make, the better. This technology should be ubiquitous.

The Streisand effect also means that lots of people will discover end to end encryption because of their attempt to discredit it.


Which could indicate the gov has already broken TLS's trusted model. It's known a CA was breached some years back by a state, why would it be so far fetched to say CA's haven't been required to hand over private keys and are prevented from speaking about it?

I would not be surprised in the slightest that the government has subpoenaed a UK based CA or has a UK controlled CA of their own.

Having access to end private keys or being able to sign your own valid cert from a well known entity in the trusted list, to just operating your own all means the user is (almost) none the wiser TLS communication is opened wide to a state actor.


> It's known a CA was breached some years back by a state

Last time I bothered to check over a third of all CAs were directly owned by some arm of a government (national telecom, postal services, etc).

Certificate Transparency is the solution to this problem. To be trusted by browsers the malicious CA has to publicly publish that they generated a cert for facebook.com.


Certificate transparency doesn't solve this issue fully.


Not surely, but they should be vetted and government CAs should be made exempt in my opinion until the user explicitly allows them. Otherwise the chain of trust is compromised. It will never be perfect, but government ambitions will get more specific if a newer generation takes hold in politics.


It sure does. Use a browser or other web client that does not trust certificates unless they appear in CT logs. A rouge CA then has to lie publicly by putting the false cert into the log, which in turn gets flagged and they don't get to be a CA anymore.


I think this is mostly because Facebook is going to go E2E now. I can understand why Facebook wants to do this, as it's starting to get risky with stuff like Jan 6th and other violent political demonstrations in the US maybe starting to happen more. If they go E2E they don't have to deal with the risk of having to "pick a side".



Government power is inherently corrupt. Everyone wants their government to step in and implement their pet preference, and very few people are willing to say: the less a government does, the better.

Edit: apparently I'm blocked from replying below, so: Saying that people who disagree aren't knowledgeable is the biggest thing making politics so hateful today. Small government works great. The smaller the better. For me, that's no dumb abortion laws or carbon taxes.


> apparently I'm blocked from replying below

There are some rules on replying, I think. Timing, maybe, whether you're replying to someone who replied to you, maybe. I haven't worked them all out. But I will say that if the reply link does not show below the post, clicking on the timestamp link will take you to the post by itself, and on that page there will be a reply link. At least, every time I've needed to use it myself for that reason.


> and very few people are willing to say: the less a government does, the better.

A lot of people are saying that, and in most cases just out themselves as loud and not very knowledgeable people.

Governments exist for a bunch of reasons. Many things are only possible or can only work well if done centrally and without a profit motive (like most things infrastructure and utility, healthcare to name a few). Yes, people want their governments to do things said people want. What's the problem that? If i want more bike lanes in my city, you can bet your ass I'll petition and lobby the mayor for that. Who else could do it? A benevolent rich person? As if.

Same goes for many many many other things. Banning single use plastics? Carbon tax? Giving incentives so that energy generation and transportation switch to less carbon intensive ( nuclear, renewables, EVs, rail electrification) energy? Creating good public transit so that less people need polluting and space wasting vehicles? Etc etc etc.

The US libertarian "small government" dream simply doesn't work. And the best part is that state governments that ostensibly follow that dogma are still able to force their nonsense pet preferences ( like abortions in Texas) or ask for federal help when disaster strikes ( the recent Kentucky natural disasters). Off the top of my head i can't think of other places in developed countries that went so far on the "the less a government does, the better" thing, that's why I'm only giving them as examples.


Of course the only argument they could come up with is "think of the children". Never mind that the UK has a huge problem with child abuse being swept under the rug. All in all I don't think people will be falling for it; in the end the fact that decided to produce propaganda against it means that E2EE is working.


It's either child abuse, organized crime or terrorism.


How does this compare to postal secrecy laws? Post has a special place in law, right? Opening someone's post without a warrant is potentially a serious crime, right?

I'd be happy with something equivalent for encryption: private and protected by default, court warrant can force user to disclose. If it's gone, well...

Clearly, this isn't what's proposed here.


To be fair, 500k is basically nothing


Can I have it please? I feel like I could put it to good use


What would you do with it?


Replace my income for a few years so I could spend 100% of my effort turning my side project into the real deal.


Go for it. This isn't a bad startup pitch.


Just about anything is better than putting up shitty propaganda.


pay off my mortgage, and my spouse's student loans for a start.


If anything, it’s a cheap distraction from lockdown Christmas parties.


If we're being fair, it's 500k too much.


Judging by this video, you would think so.


just enough to trigger a Streisand effect?


> Your mobile banking app uses E2EE;

I highly doubt it. Unless the other "end" is the bank in which case this is just transport encryption.

> online chats with HMRC are protected through E2EE

Are they? Why is the other end in this context.

Sounds like ybe author doesn't even know what E2EE is.


Naw mate, you're the one that's mistaken.

Or name me a single one that doesn't use at least https.

With chat apps it's a different story, because the end isn't the server in that case - but in the context of banking https is enough for e2ee


The government is scared of encryption being used against them, but I think we should also be just as scared of companies using encryption against us. Sadly, there doesn't seem to be much of a PR campaign against that.


Disgusting


No place to hide? Could mean the same for the victims of child abuse.


> Your mobile banking app uses E2EE; online chats with HMRC are protected through E2EE; you'd no more have an unsecured web chat with the taxman's helpdesk than read out your P60 in the middle of a shopping centre.

The Register is only showing an example of #3, but leaves #1 and #2 unaddressed:

1. Your Identity (who everyone is)

2. Your Conversations (with whom, when)

3. Your Content (what was said)

Does the UK government have the ability to identify #1 and #2 for E2EE connections, and they desire #3 (content)?

Is the UK government only able to identify #2, and they desire #1 (identities) and #3 (content)? If so, which is more important to them: Identity, or Content?

I suspect they are much more desperate for Identity and Connections, than they necessarily are for Content, and that their attempt to overreach and backdoor all encryption could be shutdown by offering them #1 and #2 but not #3.

This is obviously unpalatable to consider to "perfect anonymity is the only way" adherents, but it's probably time to consider discussing it, when the alternative is a government backdooring or banning all encryption. It's too bad The Register didn't take that chance, but we could at any time.


> when the alternative is a government backdooring or banning all encryption.

That is not the alternative because the mathematics of encryption is already very widely known. In the scenario where all encryption is outlawed, there will be a black market for encryption tools designed for criminals (this already exists today) and society will not be significantly safer. Or alternatively, open source encryption software development will continue happen outside the UK/USA/AU.

Banning encryption will only make inept criminals (those who don't have the resources or aren't smart enough to buy the encryption tools) easier to catch and the general public unsafe. If the police are having trouble catching inept criminals to the point that they want to make the general public unsafe, the issue here isn't the encryption.


What does a ban on encryption even look like? If they see unidentifiable traffic in your ISP logs you're illegally using encryption? What would be allowed and what wouldn't? Is devising a code with the recipient in the real-world and using that in a messaging tool considered E2EE and therefore banned? Do both endpoints have to be in the UK to be covered by this law?

I can't get my head round how they think this could be implemented without insane amounts of money and a rule book like war and peace.


Indeed, that is one of the more practical problems with any kind of approach like this. But the general point is that even if you could hypothetically "ban encryption" it still wouldn't achieve the goals the politicians pushing this crap are claiming to want to achieve.

I mean, even if you hypothetically made it impossible for computers to carry out encryption (bake into CPUs some heuristic for what encryption looks like and block it or something), folks could be taught to use ElsieFour[1] which is probably secure enough to make things about as hard as they are today. I'm sure if this hypothetical ban actually happened folks would find ways of making it easy to do ChaCha20 by hand.

And as evidence that history repeats, you can always tattoo a Perl program that implements AES on your arm like some hackers in the US did in the 90s.

[1]: https://eprint.iacr.org/2017/339


...and then there's also steganography, in which every piece of communication can actually be interpreted in an entirely different way.


Are cases of child exploitation really prevented by the interception of unencrypted chat messages in practice? In the case where chat messages are used retrospectively in court, E2EE does not prevent that, provided that one of the parties did not erase their history.


Currently messaging providers like WhatsApp and Facebook Messenger have an obligation to scan images against centralized hash databases of known child abuse imagery. End to end encryption unburdens the providers because they don't know what the message content is.

This type of reporting catches people who are not just consumers, but are actively sharing and trading - in theory the people who might be directly abusing or trafficking children to produce content and may lead to organized rings. Given the direct evidence and the fact they find a ton more when they raid the house - they are slam dunk cases for the police.

I don't have any hard numbers, but as you suggest I believe the vast majority of cases where they are communicating directly with children are self or parent reported. These cases of course wouldn't go away with end-to-end encryption.


My first thought was that this is using an emotional subject with a secret intent of a power grab. I could be wrong but I am curious about the actual numbers around CSAM on encrypted networks, and if there's other enforcement avenues.


> I am curious about the actual numbers around CSAM on encrypted networks, and if there's other enforcement avenues.

I'd be also curious to see the budget breakdowns for the different detect-deter-deny-disrupt activities going on, and the effectiveness of each. Like is intercepting encrypted communications addressing production and materially stopping abuse from happening, more effectively than tracing victims, social work, etc (I don't have a good sense of options available). Or is it just a low hanging fruit that catches a few criminals, but provides an important pretext for broader snooping like you say. They would have a much more compelling case (in any e event I disagree with violating innocent peoples privacy to prevent crime) if they explained why this was the best option.


I am sure there is plenty. I am also sure it is mostly all sting operations and bait.


This UK government is a bunch of maniacs. Too much alcohol got them on one.


They're really hellbent on destroying their financial sector at any cost.


They can spend as much as they want - we are still going to build it


It's not lobbying to prevent people from working on it. It's lubing up the masses for an eventual ban on encryption, or the power to demand access to, and the creation of, backdoors. This doesn't need to mean HTTPS traffic is banned, but would give them the power to jail you for refusing to unlock your phone for them, or ensuring no tech firm with a local presence can keep their data from you.

Australia codified it semi-recently, and we are quite often the 5 Eyes beta testers -- early access Orwellianism.


That’s peanuts in the marketing world.


Only £500k? Pikers! In the US the government would spend at least half a billion!


They've spent lots of money on an expensive PR firm from the old school, and what they came up with is "No Place To Hide".

This can be easily undone with the following meme...

1. Take whatever advert they create with the tag line "No Place To Hide".

2. Change the image to Ann Frank.

3. Profit.

* BONUS: Add the text "If you have nothing to hide, you have nothing to worry about".


  2. Change the image to Ann Frank
Except for, perhaps, the posters purchased outside of Parliament. Directly across the street they should put up a billboard showing the logos of all the Cayman Islands banks.


I'd make it more generic and relevant to everyone... a home bathroom, a kids bedroom, a psychiatrists office, all the places where every day people expect privacy.


Compared to the Anne Frank example, I think for all of these examples people easily deflate the urgency by saying things like: I have nothing to hide.


On the other hand, Ann Frank was already breaking the laws of her time. And if you're ready to break the law, you can just as well break the encryption laws.


That works fine for the mafia or some other profitable criminal organization.

Does Ann Frank, a teenage girl, know how to set up end to end encryption if it isn't already the default?

Is every target of tomorrow's witch hunt going to know they should have broken the law to encrypt their communications today?

End to end encryption needs to be ubiquitous because no one without it is safe.


Yes.

But, privacy is not just important against (traditional) tyranny of the state.

Maybe change the image to be a bathroom to get the mesage across.


It is, when the criminals get to read your private data.

Somehow people don't want that, and only consider politicians criminals in all other aspects, except this.


Interesting algorithm HN has for ordering comments.


> Change the image to Ann Frank.

4chan is not real life. Sure, you will get truly epic lulz but in reality it will only be used against to add another label to go along with the pedophile one.


I agree that any good PR firm could use the meme to its advantage.

I put about a 10% probability that the slogan was chosen because it is so bad and easily subverted.

A backlash to a backlash is worth a few extra days of free coverage.

RE: 4chan. I think you might be projecting. I actually think the Anne Frank thing would cut through in the real world.


Comparisons to Nazi war crimes not backfiring or having a net positive effect are very rare.


I think I see what you're getting at [1].

I think that in this case the image is effective as a counter to the argument being presented in the campaign.

- It shows that there are other categories of people who have legitimate reasons to want privacy and not to trust the authority of their country.

- It does it in a way that would not require explanation to anyone familiar with Anne Frank (including lots of people from UK).

[1] https://en.wikipedia.org/wiki/Godwin's_law


Change the image to Prince Andrew.


Good idea in theory, but maybe not Ann Frank please? It's not right to use her image that way.


Anne Frank has entered the "public" life, for better or worse. Her image use in the parent comment is perfectly fine. Personally, I think the various versions and censoring of her diary are way worse.


Her fate is why we need tools like end to end encryption


[flagged]


No, that's where you're at with your inability to see the difference.


The unfortunate truth about e2ee is that most people do not understand what it really means, and what real drawbacks it has, like difficulties in multidevice sync, establishing identify of a chat partner, etc.

Users expect e2ee to magically work just like non-encrypted service, but with encryption, pointing to other services that do that, not realising that it is a security theater more often than not.


I'm fairly confident that the UK isn't campaigning against encryption to make multi device sync work better


I remember when cellphones came out and the problems we had when a phone would go into a zone where it was halfway between towers.

The technicals do make things more complex but these are solvable problems that different developers will attack in different ways.


Yes, by introducing the security theater. When was the last time you checked your Signal contact's fingerprints? Oh, you trust singal? That's ironiс, considering the fact that server operator is the main adversary in the e2ee threat model.


If that's true then why are the Tories and Blairites trying so hard to ban it?


I'll be the devil's advocate. I can see a need to encrypt privileged communications, like with your lawyer, your health care provider, etc, but chats, for example? Can someone please change my mind?

And by the way, I find arguments of the type "are you ok to have transparent walls at the bathrooom" quite unconvincing. Bathrooms are not protected with encryption, the analogy is very weak. Or, "If you have nothing to hide, can you share with me your bank account password"? Well, no, the communication with my bank is encrypted, and I seriously doubt the Government wants me to put it out in the clear (oh, and also, banks are so heavily regulated, e.g. Anti-Money-Laundering, that if the Government wants to find anything about anything, they probably already can, regardless of how encrypted your communication with the bank is).


Why would you want to encrypt your communication?

An easy example is you are going to China for business. You share some trade secrets in private and by tomorrow some factory is producing your new part.

Another example. You live in a cheap apartment. Your landlord wiresharks all communication over your internet connection and steals your private pictures

Why would you want to hide information from your government?

Maybe you are a journalist with a story on someone in power.

You could have been raped by a high powered government employee

You could be part of a minority who is being made into a villian in the current political climate.

You have rights for a reason. You need to make a case why we should give up those rights.


I see it more as a 'why not?' kind of issue. Why can't I encrypt my own communications? Why does the government need to see what I talk about and to whom? Criminals aren't going to avoid encryption technology just because the government says so, which means the law only really applies to law abiding citizens. I want the government to explain why they need this power without invoking the criminal scare tactic since we already know it isn't relevant.


Same reason governments got rid of gun rights in most countries: to protect themselves from the people.


> I can see a need to encrypt privileged communications, like with your lawyer, your health care provider, etc, but chats, for example? Can someone please change my mind?

Most normal people share those kind of legal or health conversations with their parents/partners/close friends as well. If you were spying on an opposition politician (say) or social activist, being able to read their personal private chats with their mother or husband would probably tell you just as much as reading their "professional" chats or medical chats - perhaps more, since you'd know what they were actually worrying about.

> I seriously doubt the Government wants me to put it out in the clear (oh, and also, banks are so heavily regulated, e.g. Anti-Money-Laundering, that if the Government wants to find anything about anything, they probably already can, regardless of how encrypted your communication with the bank is).

You've contradicted yourself. The Government absolutely does want a backdoor that lets them read your communications with your bank, the AML laws are proof of that.


I absolutely consider plenty of conversations with friends and loved ones absolutely private.

What your argument misses is that end-to-end encryption has a very important role - keeping information safe from hacks of the messaging platform. If a messaging service is hacked, and the database dumped, I’d prefer that what they get was encrypted by keys on my device, not keys that are able to be stolen by the hack (or not being encrypted at rest at all). Extremely personal, private and intimate conversations, photos and videos have been leaked that way. End to end encryption prevents that.

Secondly, it protects my messages from being able to be snooped on by bad actors at the messaging service (like a nosy sysadmin). Somebody could easily be physically stalked using information gleaned in this scenario, or a bad actor could use the information gathered from reading their messages to groom a minor for example! I’ve read stories of cyber-stalking happening in this way, like a Google Hangouts SRE who was reading a woman’s messages, messaging her inappropriately, and when she would block him, unblocking himself through the backend (luckily he was eventually found out and fired). End to end encryption would help from these people being able to see messages or steal photos an pod images.

There are even more scenarios and circumstances when it’s important. So I’d say your comment is not as much a ‘devil’s advocate view’ as a ‘haven’t thought hard enough about possible threats’ view.


Perhaps I can convince you with a more philosophical argument.

Private communication is essential for freedom of speech. I may not speak freely with my friends or family if I believe that those conversations are easily accessible by the government. It's not that these conversations are inherently bad either; rather, I believe that people have a tendency to self-censor themselves depending on their audience. When the audience consists of an entity that has overwhelming influence on your life, I believe the potential for self-censorship is enormous.

Historically, many of the world’s greatest ideas were first discussed in private. Bold ideas were discussed in discreet locations, free from the threat of eavesdroppers out of fear of government recourse. Nowadays, technology has enabled people to communicate instantaneously with one another from thousands of miles away. Encryption enhances that capability by further allowing that communication to be private, fostering freedom of speech and the discussion of new ideas. It is really quite amazing when you think about it!


I consider communication with my parents, friends and coworkers to be privileged communication.


Because I could be talking about something that gets me in trouble, depending on where I am. There are plenty of things that are reasonable to discuss with friends, but not not reasonable to be made public. There is no such thing as a person with nothing to hide; only those that don't know what they need to hide.

And that's ignoring the fact that these entities pushing to ban e2e encryption on chat programs include many of the same ones that pushed to ban secure encryption all together, outside of their own uses, of course. So, if they get this, it's just one step on the way to ban secure encryption everywhere, which would be catastrophic.


>but chats, for example? Can someone please change my mind?

your chat may be pretty legal in the country you're residing at the moment of the chat. Few days or years later you may be flying over/into the country where the content of that chat is illegal. Say, you're trying to come into US, and in the chat you discussed that time you smoked a weed back in your home country where it is legal.


I wish people would argue in good faith in these types of discussions about responsible use of encryption.

No one is arguing that we should remove E2EE between you and your bank. With cryptographic systems we can choose what parties can see the plain text. For different situations the people who should be able to decrypt and the requirements needed to be able to decrypt may be different. I feel like this is a challenging discussion to have because there's people on both sides who lack information / knowledge leading them to make poor arguments.


> I wish people would argue in good faith in these types of discussions about responsible use of encryption.

You are assuming people are not arguing in good faith. That is, in itself, a kind of bad-faith arguing, suggesting that people who disagree with you simply don't understand and would change their minds if they did.

In good faith, and with understanding and acceptance of potential consequences, I will continue to say that using encryption is always responsible, the responsible use of encryption is "yes, always", and any two or more (or one or more) people have the right to keep communications exclusively and nigh-unbreakably between themselves. My answer to that will not change, regardless of the people communicating or the content of the communication. If you want the contents of that communication, get it from one of the people communicating.

> No one is arguing that we should remove E2EE between you and your bank.

Many people are arguing that; I've seen people say that it wouldn't matter for the purposes of securing financial transactions if the government has access.


>Many people are arguing that

By removing encryption you leave the connection open to man in the middle attacks. That is something neither side wants.

>securing financial transactions if the government has access

This is just adding another person (end) who can decrypt the message. It's still E2EE.

>You are assuming people are not arguing in good faith

They are at least arguing from a point of misunderstanding what the other side wants or what is possible to satisfy the other side's needs.

There exist plenty of people who think that allowing the government to decrypt messages between two people using a chat app when they have a warrant would require a plaintext copy of the message stored on the chat app's company's servers.


> By removing encryption

People regularly suggest breaking the encryption between you and your bank, not removing it. Breaking it is worse, because it lets people think they're getting the expected properties of encryption but they're not.

(Also, I get the impression that there's a certain subset of one side who would unthinkingly say "sure, remove it, if that's the price we'd have to pay to get rid of XYZ".)

In general, it's not societally feasible to have real encryption that's only usable for certain purposes, and fake encryption with backdoors that's usable for other purposes. There's no "special web" that's only used by banks and "important things", and that's a good thing. As far as I can tell, most of the people suggesting backdoored encryption are suggesting that banks and the rest of the web would use it too.

> This is just adding another person (end) who can decrypt the message. It's still E2EE.

You know exactly what people are expecting when they say "end to end encryption", and it is emphatically not that. If you'd like to argue in good faith, don't try to redefine terms other people are using in good faith, or make people use contract-level precision to define them adversarially. People should not have to explicitly say "end to end with only the ends that are mutually desired by both parties" and a dozen other caveats just to guard against such misinterpretations.

> They are at least arguing from a point of misunderstanding what the other side wants or what is possible to satisfy the other side's needs.

That's still giving too little credit to what you see as "the other side".

Even if there's no plaintext sitting around on a server, and even if the backdoor doesn't inevitably have its keys misused or stolen, and even if all the theoretically possible but unlikely things that proponents of backdoors would like to suggest are true, I am still arguing that people can and should use real encryption without backdoors, and have actually private communication as they see fit.

> what is possible to satisfy the other side's needs

It's appropriate to use any and all valid counterarguments to dismantle an argument at every layer, not just the weakest set of counterarguments that might possibly refute the other side. That includes the "this won't actually solve the problems you wish it would solve" considerations, and the practical implementation considerations, and the requirements-based considerations, all of which apply independently. All of those arguments are important, and different arguments may convince different people.

But it's absolutely possible to argue purely at a requirements level, in terms of what's possible to satisfy the other side's needs. That alone is sufficient to show that the two sides don't have common ground. It seems like the fundamental crux of the argument from "the other side" demands some form of backdoor mechanism that provides third-party access to otherwise private communications, and won't settle for anything less. Regardless of implementation considerations, and regardless of what you might think that would prevent, anything satisfying that property is unacceptable. If there something other than that, some lesser thing that does not compromise private communication and the use of real encryption, that would satisfy "the other side", then that'd be incredibly valuable to know, but I've seen no evidence of people on "the other side" accepting anything less, only evidence of people being talked out of this demand and people not yet talked out of this demand.

Conversely, I'm happy to get down to the crux of my own position, at a "what is possible" level: actual private communication, with no backdoors, no less than that will suffice. Private communication and real functioning encryption is a massive societal good. People arguing in good faith aren't ignoring the bad things the other side presents (apart from refuting whether backdoors would actually help), they're just saying "nope, even if that were true that doesn't outweigh the massive societal good".


This post seems like it was argued in good faith, there were a couple of examples given besides the banking one. I think the issue here is that while cryptography can allow for many different sets of parties to read a given piece of plain text, the only reasonable set of parties who should be able to read a text chat between myself and my friend is {me, my friend}. Just as we have no obligation to notify the cops of what we're saying when we have a private conversation in person. (Even if we give it to the cops in a sealed envelope, and the cops pinky promise not to open the envelope unless they can get a warrant.)


There is no “responsible use of encryption”, there is only “irresponsible use of clear text protocols”. This is a another meme to make it seem like encryption is dangerous. Reject!!

Encrypted communications between humans should be a basic human right. You are arguing that it is not. That some contexts don’t deserve encryption. They all do, no exception. Nobody has the right to demand access to encrypted communications except the peers involved in the establishment of the channel.

The safety argument has and will always be a red herring to take fundamental rights away.


>You are arguing that it is not. That some contexts don’t deserve encryption.

Personally I believe that it is worth considering as a society whether adding a mechanism for a message to also be decrypted by law enforcement if they have a warrant would be beneficial or not.

I am not saying that encryption should be removed. I am suggesting we use more cryptography to replicate what we had before, but with extra benefits like removing third parties from being able to easily see or tamper with your messages.


How can I change your opinion on this? I think you are saying it should be removed. There is no magic back door that grants these powers. There is only secure communications or tyranny. Any compromised system that is proposed cannot be secure.

It was and never was about protecting people, it was always about controlling people. Reject the tyranny.


I am not talking about a back door.

From Wikipedia: A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment.

What I am suggesting could be a possibility would not be a secret (covert), nor would it be bypassing encryption. A mechanism for government access with a warrant would be a part of the public design of the system. A simple implementation would be to give all judges a hardware key that could decrypt a key. Chat clients could encrypt a key with the judges public key and have the chat app store it on a server. Law enforcement can access this encrypted key via a warrant and have a judge decrypt it. Now in the actual system you would want it to be more complicated such as being able to handle when a hardware key is stolen.

I personally don't have a strong opinion on this, but I do think it's worth discussing.

>How can I change your opinion on this?

If you wanted to win me over to your side you would need to explain what is so bad with reading someone's messages after getting a warrant. >99% of people won't have their messages read. The most likely reason someone would oppose this is that they would be revealing incriminating evidence. Personally, I don't support this reason as it lets us collect more evidence to ensure we are giving a proper judgment to someone. The next likely reason is people who are obsessed with privacy and couldn't stand that what they ate for dinner the other night could potentially also be revealed to law enforcement. I understand this is a valid concern, but personally I think it's a trade off worth making.


It is a back door and copy pasting Wikipedia doesn’t make it not. Key escrow, public key replacement and message escrow are all backdoors, covert or not. They are all unacceptable.

I’m from the privacy argument, and will except nothing less that complete confidentially between peers. Anything except this position I perceive as an attack and will defend my position with my life.

The other point is “nothing to hide”. Reality is we all have something to hide, and given enough scrutiny we all fall.

“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.” — Cardinal Richelieu

There can be no compromise in this argument. There are many jurisdictions on the planet that would love to use this back door to start rounding people up.

An real world example might be 2 gay men communicating in a private messenger about a rendezvous - somewhere that they are not accepted. Law of their land is that it is illegal. Your back door just cost them their lives.

You might live somewhere where law enforcement is not a risk to your life, but many do, and this kind of thinking leads to tyranny and death.


>It is a back door and copy pasting Wikipedia doesn’t make it not.

What is your definition of a back door. All of the common ones I see involve secrecy of it's existence.

>Reality is we all have something to hide, and given enough scrutiny we all fall.

I believe that if society is more understanding and accepting this will be less of a problem. With all of this information out there things could be normalized instead of forced to be secret.

>Law of their land is that it is illegal. Your back door just cost them their lives.

Personally, I believe that we should be trying to change laws, not helping people break the law. If it's illegal to be gay either stop it or accept the realization that you are going to die. My "back door" didn't cost me their lives, them breaking the law did.

Of course not everyone will agree with my point of view especially in extreme cases that relate to people being killed for breaking the law.


Got it, arbitrary laws are more important than humanity. Cops are all good, the law is always just and one should just stop and accept the state wants one dead for how they were born.

Enough.


That is not possible if some people believe that government is infallible. That is a wrong axiom to take. On the contrary, I think the UK had government officials involved here. Handling of political dissent also is not optimal in many states and it tends to get worse the last 1-2 decades. To fight for safety and against terror while living in the safest time in history. It will never be enough for some and those people need clear red lines. Most constitutions have those, but careless lawyers found some ways to ignore those so that they mostly become meaningless.

If you have a bad conscience of neglecting your children, maybe start spending time with them instead of endangering secure communications. Most cases of child abuse isn't inflicted by strangers, even less so through the internet.

There is a measurable effect that mass surveillance has on many people and it already has a significant negative effect on trust towards state institutions. Self inflicted mostly.

No dialogue shall be had, encryption is a technology that is available to all. Maybe we should restrict governments because they have to provide transparency.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: