Governments of the World Agree: Encryption Must Die! 221
Lauren Weinstein writes: Finally! There's something that apparently virtually all governments around the world can actually agree upon. Unfortunately, it's on par conceptually with handing out hydrogen bombs as lottery prizes. If the drumbeat isn't actually coordinated, it might as well be. Around the world, in testimony before national legislatures and in countless interviews with media, government officials and their surrogates are proclaiming the immediate need to "do something" about encryption that law enforcement and other government agencies can't read on demand.
Apropos: This IT World story (and the New York Times piece it draws from — also published today) about a newly disclosed NSA program through which the agency is "reportedly intercepting Internet communications from U.S. residents without getting court-ordered warrants."
That will only waste bandwidth (Score:5, Insightful)
as people start to use steganographic methods.
Nations fear it, but they fear each other more... (Score:5, Informative)
Yes, blocking encryption might make it easy to catch low hanging fruit, but it will win a battle or two and lose the war. ISIS and Al Qaeda do quite well in communications with just old fashioned courier services.
Lets say that the US signs a treaty with other nations (treaties override the US constitution as per precedent) banning all forms of crypto completely except say, Clipper 2.0 and SkipJack 2.0. The bad guys who wind up not caring that their private keys get sucked out and used against them will get nailed at first.
However, the real bad guys will just start going back to tried and true methods which worked perfectly to coordinate criminal activity for centuries before computers and portable devices came along. Yes, location monitoring might help with HUMINT, but as Iraq and ISIS has shown, extremely low tech means have gotten a group of insurgents armed with little more than pickup trucks, AKs and insane levels of brutality to actually form a caliphate which Europe officially recognizes as a sovereign nation and trading partner.
Then, there is the distrust factor. If only key escrow remains, who owns the master keys? If China does, US interests would be destroyed, like the solar panel industry. Eventually nations will keep encryption just so they are not vulnerable to other nations.
Finally, there is the DRM factor. If cryptography is banned, how can console makers keep selling $300 worth of crap for an eight-hour playing game and make money? How do they protect 5k video streams from pirates? Outlaw encryption in the US, China will have it. DRM requires strong crypto, and the big companies know it.
Re:Nations fear it, but they fear each other more. (Score:5, Insightful)
"bad guys" will continue to use home made encryption and not give a fuck what governments say.
Re: (Score:3)
Indeed. The parent comment is an interesting exploration of what would happen if encryption vanished overnight, but that simply won't happen. Crypto is out of the bag, and it's not going to go away. Bad guys won't obey the laws.
Re: (Score:3)
Any be extension, anyone not obeying the law is a bad guy. It's just another law to use against citizens they don't like, i.e. the ones who care about privacy. Encrypted files found on your computer, planted or real, will be evidence of terrorism. Naturally the laws will be anti-terror laws, not just regular criminal laws, and so by definition anyone who violates them is a terrorist.
Re: (Score:3)
They are actually okay with just the bad guys using it because they can have the computing power and attack vectors to break small amounts of encryption (and they'll be able to narrow down who the bad guys are). It's only when everyone uses that it becomes a problem for surveillance.
Re: (Score:2)
But... to use key escrow, I presume you have to go to some trouble to get the key from escrow and apply it to specific people. unless of course the escrow is a ruse for just decrypting everything.
Re:Nations fear it, but they fear each other more. (Score:4, Insightful)
The "trouble" is minimal. The encryption is identifiable by its public keys, especially when the "keys" are nailed to the motherboard by programls like "Trusted Computing" and held by Microsoft in their "escrow", with no policy of resisting any requests whatsoever. Examine the pratices and policy of that technology carefully: it's not aimed at protecting users, it's aimed at both DRM and at making documents _traceable_ to specific sources.
Re: (Score:3)
Escrow is soo 1990's. With perfect forward secrecy, there is no single key to escrow. Even if I would cooperate, there is no way I would be able to help someone decrypt my intercepted old TextSecure messages or Redphone calls.
Re: (Score:3)
Which points to exactly what the surveillance is all about, nothing to do with terrorist and everything to do with crushing political activism, silencing the voice of the people under the threat of anything they say could be used to destroy them and their families. Just as the US Federal government under that slimey POS Uncle Tom surveilled, attacked and persecuted via false prosecution out of existence, the occupy wall street movement.
Nothing at all to do with crime and everything to do with again silen
what is 'encrypted' data? (Score:5, Interesting)
Re: (Score:3, Funny)
Probably. It might be time for everybody to code up scripts that send out lots of /dev/random here and there ever way.
Re: (Score:3)
Some judge and a jury who have absolutely no clue and ignore expert testimonies will put you into prison, whether you have used encryption or not. Because they don't like your face.
You wrongly assume that your lawmakers care about false positives.
Re: (Score:3)
Using encryption while black? Boy, you lucky they brought you in alive.
Re: (Score:2)
how do you know that something is encrypted? I send send any number of things over the Internet that might appear to be encrypted objects. You going to bust everyone who sends data over the net in a format you aren't familiar with?
Data, encrypted or not, usually have headers describing the contents. And encrypted data typically looks random (tip : if you suspect a file is encrypted, compress it with a good compressor like PAQ, if you can't reduce its size, it likely is). This should be enough to know if data are encrypted or not in almost all cases that don't involve steganography.
Re: (Score:2)
"bad guys" will continue to use home made encryption and not give a fuck what governments say.
Heh Heh.
"You SHOULD roll your own encryption, and you can't be too careful so don't forget to make your own PRNG too." -- Well Funded Intelligence Agency
I made that up. But you know it's true.
Re: (Score:2)
Re: (Score:2)
Why doing so complicated and tricky as to build your own crypto? The source code of GnuPG, TextSecure, TrueCrypt and other well-known crypto programs are widely available. One only has to take the old version without the backdoor, or rip out the backdoor. There will be underground developers enough who will do that.
Re: (Score:3, Insightful)
Felons, by law, can't have guns. Felons kill other felons with guns in the inner city all the time.
Drugs, by law, are illegal. Criminals (by virtue of using drugs) continue to use illegal drugs and overdose on illegal drugs.
I don't think they're embracing any particular fallacy by saying something along the lines of "People who do not currently recognize the authority of [x] will continue to disregard the fiats passed by authority [x]."
Re:Nations fear it, but they fear each other more. (Score:4, Funny)
Felons kill other felons with guns in the inner city all the time.
Clearly, the problem is that there is such a thing as an "inner city" in the first place. Get rid of those, and no one will ever die by being shot in "the inner city".
Re: (Score:2)
Oh, most guns used by felons are "stolen". Why not make it illegal to not secure your guns, the same way it's illegal to leave the keys in your (running) car.
Re: (Score:2)
Re:Nations fear it, but they fear each other more. (Score:5, Funny)
ISIS and Al Qaeda do quite well in communications with just old fashioned courier services.
I thought they used smoke signals:
No smoke: wazzuuup! Takin' the day off.
1 Big puff of smoke: Yep - new detonator design works.
2 Big puffs of smoke: Ali who got sick the other day, is feeling okay again.
3 Big puffs of smoke: That new recruit seems very proficient in mixing the chemicals.
4 Big puffs of smoke: Wtf... who else is making bombs?!?
Big puffs of smoke everywhere: Sh** we're being bombed!
Re: (Score:2)
Yes, blocking encryption might make it easy to catch low hanging fruit, but it will win a battle or two and lose the war. ISIS and Al Qaeda do quite well in communications with just old fashioned courier services.
isis and al qaeda? you're watching way too much television, son.
If cryptography is banned, how can console makers keep selling $300 worth of crap for an eight-hour playing game and make money?
read tfa. this is about some complete morons' desire to make ciphered communication between users transparent to agencies, which is suicidal.
Re:Nations fear it, but they fear each other more. (Score:5, Informative)
> treaties override the US constitution as per precedent ...
No. Only in certain very limited cases.
http://en.wikipedia.org/wiki/R... [wikipedia.org]
From that article: "No agreement with a foreign nation can confer power on the Congress, or on any other branch of Government, which is free from the restraints of the Constitution."
And,
"The concept that the Bill of Rights and other constitutional protections against arbitrary government are inoperative when they become inconvenient or when expediency dictates otherwise is a very dangerous doctrine and if allowed to flourish would destroy the benefit of a written Constitution and undermine the basis of our government."
Re: (Score:3)
ISIS and Al Qaeda aren't the threats anti-encryption movement is intended to fight. As economy fares worse and worse, people are getting tired of watching the fat cats get richer while they're facing ever more severe austerity and insecurity. We're headed for another age of revolution, and the top
Re: (Score:3)
This isn't about organised bad guys at this stage. It's about control over normal individuals.
NSA methods of collecting data en masse and parsing it automatically for certain elements is becoming hugely widespread after Snowden's revelations, as you can only fight that kind of fire with similar fire on state level.
And wide;y used encryption used encryption cripples NSA-style methods, as automatic parsing becomes unfeasible in light of computational/subversive power needed to crack the encryption.
Re: (Score:3)
(treaties override the US constitution as per precedent)
Wrong. [cornell.edu]
I often wonder what possesses people to make blatantly inaccurate statements, such as yours here, on Slashdot. So help me out. Did you just make that up and assume it's true because it made sense to you, are you deliberately misinforming people, or are you some sort of crank?
Re: (Score:2)
(...) but as Iraq and ISIS has shown, extremely low tech means have gotten a group of insurgents armed with little more than pickup trucks, AKs and insane levels of brutality to actually form a caliphate which Europe officially recognizes as a sovereign nation and trading partner.
You're going to have to provide sources for this as it's a rather plain accusation of supporting terrorism. As an European, I'm not pleased at all of someone spewing bullshit about Europe recognizing ISIS as anything more than a bunch of backward barbarian.
Re: (Score:2)
[...] a group of insurgents armed with little more than pickup trucks, AKs and insane levels of brutality to actually form a caliphate which Europe officially recognizes as a sovereign nation and trading partner.
Do you have any proof for this statement (that Europe recognizes ISIS)?
If not: Stop spreading such BS.
Re:Nations fear it, but they fear each other more. (Score:4, Informative)
Europe does not recognise IS, either as a sovereign nation or a trading partner. For one thing, "Europe" is not an entity. Do you mean each individual nation in Europe? The European Union? The European Economic Area? The European Free Trade Association?
For another, no individual state and no European organisation has recognised IS.
Re:That will only waste bandwidth (Score:5, Insightful)
We went through this crap in the 80s, then the 90s, then again around 2000. It's just plain ridiculous, causes problems, and never works. Trying to "regulate" cryptography is like trying to regulate what a pencil is capable of writing.
Re: (Score:3)
If they ban it then the real bad guys will just use double secret cryptography.
Re: (Score:2)
No, they should limit people to single secret cryptopgraphy.
Re: (Score:3)
Trying to "regulate" cryptography is like trying to regulate what a pencil is capable of writing.
Yeah, and we go through this every decade because people like you keep giving them ideas. Sheesh.
Re: That will only waste bandwidth (Score:3, Informative)
And notice how penmanship is no longer a required skill in school?
Re:That will only waste bandwidth (Score:5, Insightful)
Demonizing is the real ploy. They know it can't really be regulated, but if they get the public to vilify encryption users as criminals, mission accomplished! So far these methods are enjoying a small measure of success.
Re: (Score:3)
It's really hard to vilify encryption users when everyone is a encryption user. Sign on to anything recently? Bam. You're now an villainous encryption user.
The pen is mightier than the (BANNED) (Score:3)
Re: (Score:2)
The point is that by changing the laws they can use a $5 wrench to get your passwords rather than a 5 billion dollar super computer.
Re: (Score:2)
But they'll continue raising the specter of fear in order to justify funding for the $5 billion supercomputer anyway.
Re: (Score:2)
However, with the right protocols like perfect forward secrecy they can't even do that. They can use the $5 wrench but you will be unable to produce any usefull data whatever they do.
Re: That will only waste bandwidth (Score:4, Interesting)
No, only most of it is. The people who think they have some kind of right to read everything everybody writes without any kind of oversight and especially without the person knowing about it are bad and getting worse.
Most of us here know the rules. You manage your keys and let nobody else manage them for you. Keep your key backups offline. Don't reuse keys. If you must use cloud storage, encrypt your own stuff with keys they don't have before data leaves your network. Always have your providers in a position where they literally can't hand over your data. Saying they won't isn't enough, they must be unable to comply.
This is what all the demonization of encryption is all about. They don't want simple precautions becoming widespread among non tech types.
And yes, this stuff is planned and orchestrated. Soon we can expect a high profile terror attack that could allegedly have been stopped were it not for encryption, or perhaps a high profile kidnapping of a victim of the proper age, race, etc. calculated to generate maximum sympathy and if only law enforcement hadn't had their hands tied...
It's kind of like how the whole 'cloud computing' nonsense came about suddenly with all the high priced IT consultancy people telling CEOs that things that are in no way proper in their own organizations are somehow ok when you throw it on the Internet. You know, bad to non-existent security, no accountability for uptime, etc. It's the perfect way to do industrial espionage among other things, and too many companies fall for it. You'd almost think this was also an organized effort, wouldn't you?
Re: (Score:2)
As I see the issue is still "if you have something to hide, you encrypt", making you "half-criminal". It is still not on by default and there is no working and easy-to-use authorative chains of use, usually it's just peer-to-peer "one layer" data encryption. I would go as far as to say "encryption never works".
No, you skipped right over the real problem.
If "encrypting" makes you a "half-criminal", then we are living in Orwell's "1984". You seem to think that is a small thing but in fact that comes very close to the dividing line between slavery and freedom.
Proper encryption DOES work, and that's why the Statists loathe it so much. Secrets mean they cannot control your life to the extent they would wish.
If encryption did not work, government would have no reason to fear it. In fact, if it SEEMED to work,
Major Corollary (Score:2)
If you trust Government to regulate your encryption, you are a fool. I really don't know a better, more polite, or more subtle way to say it and still be honest. For decades now the U.S. government has consistently PROVED in is untrustworthy in this regard.
Find a goo
Re:That will only waste bandwidth (Score:5, Interesting)
I don't know why this is necessary. If you've done nothing wrong, you have nothing to hide.
On a completely unrelated note, please enjoy this funny cat video, as well as this image macro, poorly composited with entirely random jpeg compression artifacts around the lettering.
Re: (Score:2, Funny)
The NSA seems to be hiding a lot - maybe they have done something wrong?
Re: (Score:2)
Yes, otherwise I can't stand the stench. :-)
Re: That will only waste bandwidth (Score:2, Funny)
Exactly. Being herbivores, they're unable to consume bandwidth.
Re: (Score:3, Funny)
Answer: Byte by Byte...
Re: (Score:2)
Well... no. A double-dose of idiocy doesn't balance things out.
Encryption users agree: (Score:5, Insightful)
Governments of the world must die!
Re: (Score:2)
Re:Encryption users agree: (Score:5, Insightful)
I thought that was EXACTLY what we currently had right now.....?
Re: (Score:2)
Of course not. They have to go too.
Re: (Score:2)
Governments of the world must die!
As an avid user of encryption without a point (I run a lot of encryption on the net noise just cuz I can), I love it when government get all in a panty-twist about it. Raise the awareness, make more people understand it's usefulness. Get the hell out of my communications.
Re: Encryption users agree: (Score:5, Insightful)
Corporate fascism is what you have, there is nothing even remotely close to socialism in the US, it is merely the ultra-nationalist right that paints the moderate right as leftists which is skewing your perceptions.
Re: (Score:3)
At least corporations care about the people unlike the government.
Corporations are made good by the free market so there is no incentive to take away your encryption. Infact corporations love encryption because they secure stuff.
Government on the otherhand interest is to invade peoples' lives and take away encryption.
Re: (Score:2)
Wow. You were able to say that with a straight face? Corporations only "care" about people insofar as those people are handing them money. If you stop handing them money, they stop caring about you. This care is entirely limited to the handing over of money. If the product/service causes you a lot of problems, the corporation doesn't care - until it becomes a threat to them getting money and then they care a lot.
Actually, come to think o
Re: (Score:2)
On a side note, what people call "socialism" in the US is the standard in the EU and overall fairly pleasant. There are worse things than having guaranteed holidays, retirement funds and universal health care.
Re: (Score:2)
"there is nothing even remotely close to socialism in the US"
The Alaska Permanent Fund Dividend, which puts every long-term resident of Alaska on the dole.
Come on, (Score:2)
Why is this on Slashdot? (Score:3, Insightful)
The main link for this article is to what amounts to an opinion piece on some person's blog - it's completely unsourced, and really isn't news at all. The part about the NSA monitoring domestic internet communications without a warrant is probably a story, but it's tacked on to this blog post for no reason.
Re:Why is this on Slashdot? (Score:4, Interesting)
Re: (Score:2)
Because its their own site and they can post whatever they want?
Re: (Score:2, Informative)
Why don't you google "some person" and find out if they are credible.
I know, having to do this kind of work oneself can be distasteful, so let me help you out here.
Lauren Weinstein [wikipedia.org]
Re:Why is this on Slashdot? (Score:5, Funny)
Here's a concept...
Why don't you google "some person" and find out if they are credible.
I know, having to do this kind of work oneself can be distasteful, so let me help you out here.
Lauren Weinstein [wikipedia.org]
First: What the fuck is a "Technologist?" Personally, I reffer to myself as a Pornomancer, but what that means outside of my secret closet in the basement, I'm not sure.
Secondly: Since when did having a 4 line wikipedia entry mean you were a notable person? This guy has a bigger article: http://en.wikipedia.org/wiki/J... [wikipedia.org]
Re: (Score:2)
Re: (Score:3)
You're right, you should question who is saying this. Lauren has been around forever, editor of the Privacy Digest and frequent contributor to the Risks Digest. He has street cred in the world of privacy activism. Personally I don't always agree with what he has to say (I find him somewhat alarmist) but he's certainly earned my respect over
Re: (Score:2, Insightful)
You mean you want the editors of this site to do their jobs? In the good old days I recall a link to goatse making it to the front page.
Re: (Score:3)
The part about the NSA monitoring domestic internet communications without a warrant is probably a story,
It would be. But the actual story is about the NSA monitoring international traffic, not domestic. Skip the bait, go to the NYT link.
Re: (Score:2)
Sometimes I wonder whether the US has a similar troll-farm like Russia has. Where people get paid to post inane comments instead rational thought.
If you actually aren't such a troll, it might be a good idea to read up on who the person is, and read up on the issue at hand.
People of the World Agree: Governments Must Die! (Score:2)
Finally! There's something that apparently virtually all people around the world can actually agree upon. Unfortunately, it's on par conceptually with handing out hydrogen bombs as lottery prizes. If the drumbeat isn't actually coordinated, it might as well be.
Re: (Score:2)
How do you figure? In the U.S. the people routinely split the power so they can battle it out to a standstill. Often, on purpose.
Meanwhile, where not voting is legal, it's quite common and few think less of the non-voters.
So how about copy protection? (Score:4, Interesting)
Copy protection often uses a form of encryption. Do they want this to be banned as well?
Re:So how about copy protection? (Score:5, Insightful)
Copy protection often uses a form of encryption. Do they want this to be banned as well?
Clearly not - the government is fine with encryption that's trivially broken, they only want to control strong encryption.
And by the way... (Score:2)
In case you thought something happened, it didn't [theguardian.com]. All that showboating you saw in congress was exactly that.
WHY IS IT... (Score:5, Insightful)
"ohh no, encryption is terrism"
"clearing your browser history is destroying evimadence"
"don't video me while I'm beating this black man"
"the fourth amendment is a obsolete holdover from the 19th century"
Put on your big girl pants and do you fucking job by the book you shifty slackers.
Re: (Score:3)
Because it is always easier to _blame_ some inanimate object or process then to actually _do_ something about it.
No one really cares in holding then accountable and responsible. :-/
Re: (Score:2)
cyber-criminals will love that (Score:3)
Put your money where your mouth is? (Score:2)
Unencrypt everything. Come governments show some integrity? Wait that is risky and would let those who do harm exploit you? Then why don't let others do the same?
Another thing governments all agree on (Score:4, Insightful)
Encryption (without back doors) for use by governments is absolutely essential to national security.
Open Source manditory ! (Score:4, Insightful)
If encryption is outlawed, the no binary computer code should be allowed with out the source code.
And a testsuite should be provided to ensure it is operating correctly.
All computer hardware should have schematics, timing charts, and a complete service manual.
All mechanical devices should include a blueprint and shop manual.
All politicians finances, meetings, votes, lobbying activities, should be transparent, wether in office or campaining !
And DNA can NO be copyrighted, we all share the same codebase !
People are not created equally (physical or mental ), but we want to be treated equally by our social laws !
If governments can read it.... (Score:3)
No matter how benign or well intentioned the governments might be (and I don't allege that they are, but even if they were)... they cannot stop absolutely everyone who is intent on disregarding the law from doing so before they have potentially caused damage or done real harm.
Utilizing encryption that the government cannot break is no more of an announcement that one might be doing something illegal than wearing clothes in public is necessarily an announcement that there is something somehow physically wrong with a person's body (leaving aside the notion that there might be something wrong, my point is only that it is not a remotely infallible conclusion from the premise).
Re: (Score:2)
Even if there weren't... even if the government was 100% benign and did not have an iota of corruption, they cannot possibly catch everyone who might try to break the law before they have caused any real harm,
My comparison of encryption to clothes was deliberate... nudists notwithstanding, we wear generally clothes to cover our bodies because there are parts of our bodies that are private and we do typically not wish others to see... In other words, we have something to hide.
But having something to hi
Re: (Score:2)
Inteeligent citizens of the word agree... (Score:2)
Time for the governments to die.
Really, the government is supposed to fear its citizens, not the other way around...
I've Said It Many times (Score:2)
Then ... could? (Score:2)
If encryption, a mathematical method to protect information, can't be used because the user "could" be using it to hide illegal things
If they hate encryption so much.. (Score:2)
Maybe the internet services and banks should not use it exclusive for em.
Banning Encryption (Score:2)
Jura rapelcgvba vf onaarq, bayl pevzvanyf jvyy unir rapelcgvba.
Re: (Score:2)
Oh, please, CaptainDork, let us keep a certain politeness on Slashdot. That's MISTER (or MISS) Anonymous Cowardly Bastard(ess) to you.
Tsk, tsk, tsk. Have a good day, Sir.
Re: (Score:2)
Caitlyn!
Re:Encryption is a WEAPON (Score:5, Insightful)
Encryption is a SHIELD.
It protects people from spies, fraudsters, and other 3 letter criminals.
Re: (Score:3)
Re: (Score:2)
Okay, fine. In that case, it's protected by the Second Amendment and government [or at least the US Government] can fuck right off!
Re: (Score:2)
hidden by the new CONservative rulers here
Meanwhile the top modded and most visible post in this story is an anti-LEO spiel [slashdot.org] that would be groupthink approved on any libtard site you care to name.
Re: (Score:2)
Re: (Score:2)
Then they'll want it back
They'll vote themselves an exemption to the law. Just like Congress permits its members to engage in insider trading.