Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Businesses Encryption Government Privacy Your Rights Online

Encryption Rights Community: Protecting Our Rights To Strongly Encrypt 140

Lauren Weinstein writes: Around the world, dictatorships and democracies alike are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand. Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by government spokesmen of "aiding" terrorism by not making their users' communications available to law enforcement on demand. Increasingly, governments that have proven incapable of protecting their own systems from data thefts are calling for easily abused, technologically impractical government "backdoors" in commercial encryption that would put all private communications at extreme risk of attacks. This new G+ community will discuss means and methods to protect our rights related to encrypted communications, unfettered by government efforts to undermine our privacy in this context.
This discussion has been archived. No new comments can be posted.

Encryption Rights Community: Protecting Our Rights To Strongly Encrypt

Comments Filter:
  • by Sigvatr ( 1207234 ) on Monday July 13, 2015 @07:33PM (#50103691)
    I can't imagine any scenarios where any government could practically restrict encryption at all.
    • by w1zz4 ( 2943911 ) on Monday July 13, 2015 @07:45PM (#50103773)
      You cannot restrict it, but you can make it "Illegal to use", like in Cuba.
      • by gweihir ( 88907 )

        Or like France. Turns out private use of strong encryption is politely ignored by the authorities in France, possibly because they would have a riot on their hands if they did enforce the ban. And commercial users can get a license.

        • by AHuxley ( 892839 )
          Strong encryption use just makes a message stand out. All French networks can collect it all thanks to "free" help from the US and UK going back to the early 1970's.
          Who is sending any messages and where makes for easy traditional police work at a local level. France has a lot of police and funding so long term undercover work is not a problem. Any regional or local groups can be turned or watched as they form and communicate using any encryption.
          The only problem for France is that its vastly improved
          • Strong encryption use just makes a message stand out.

            Unless it's also steganographically encoded in a fashionable selfie. (Finally, a meaningful use for selfies!)

            • by AHuxley ( 892839 )
              Think of the work that went into detecting the use of virtual encrypted disks over time. All that matters is the detection or wider public understanding that the message cannot be detected over a network.
              With detection comes the origin of the message, destination, method used and ability to trap door, back door to get the message before any steganography.
              • Could you elaborate on that? That seemed a bit incomprehensible to me.
                • Basically, it's a fallacy of software level encryption. Even if a message is encrypted, you can still see where it's going and where it came from. If you hack into one of the two computers, you can read the message same as the user can. It's the same issue with encrypted drives: if you break into the computer while the person is using it, the encryption isn't in effect. If it was, the user couldn't access their own computer.
          • by AmiMoJo ( 196126 ) on Tuesday July 14, 2015 @06:44AM (#50106435) Homepage Journal

            Strong encryption use just makes a message stand out.

            Years ago when Bittorrent first started encrypting traffic there were loud complaints from GCHQ and MI5 about how it was making their lives much more difficult. Previously encrypted traffic stood out and helped them, but suddenly the (bit)torrent of encrypted data was making it difficult to separate interesting traffic from pirated music and TV shows.

            I'm sure they have upped their game since then, but the basic principal is sound. If everyone starts to encrypt everything all the time it becomes much harder to figure out what is interesting. It also makes them waste resources trying to store or decrypt data that turns out to be worthless. Fortunately for us more and more apps implement encryption by default.

      • It's too late. I think we already won this one.

    • by Anonymous Coward

      I can't imagine any scenarios where any government could practically restrict encryption at all.

      Oh? What about the British philosophy? If you don't divulge your encryption keys when law enforcement demands, you go to prison for five years. You will be sent to prison for refusing to give up encryption keys, regardless of whether you have them or not and regardless of if the data is actually encrypted, instead of just random data.

      • by johanw ( 1001493 )

        End to end encryption where keys are disposed when the message is decrypted at the endpoint. Like TextSecure and SMSSecure use. Even if they start torturing me I just can't help them decrypt any messages they intercepted, and access to my phone is useless as well after the messages are deleted.

    • by AHuxley ( 892839 )
      The ability of the UK and US to track any networked message removes all anonymity and then allows privacy be worked on.
      A person, brand, company, project can create, compile, sell, offer, use all the encryption it wants.
      A US or UK telco or network interconnect will always be able to track the message from its origin to the destination.
      With a loss of anonymity, privacy is then very easy remove per user or site.
      US and UK network ready devices, networks, tame computer systems are all law enforcement frien
      • A US or UK telco or network interconnect will always be able to track the message from its origin to the destination.

        Unless some kind of oniony or multi-hop routing is involved, I presume.

        Thats why number stations and one time pads worked well in the past. Its kind of hard to find who listened to an international broadcast. But with the direct use of any encryption between two sites that task is now very easy.

        In a way, I picture that a limited form of this should also be possible. (But probably less efficient then some kind of a store-and-forward system? Or maybe the two could get combined?)

        • by AHuxley ( 892839 )
          re "Unless some kind of oniony or multi-hop routing is involved, I presume."
          What is the first hop from an average home computer, out of an office network, a cafe with wifi?
          The everyday, average real time use of a destination or origin is trackable on most national networks.
          A public telco, private network or telco? The layers of communications can request oniony or multi-hop but that physical network entry and exit point is a bit more fixed in most nations.
          • What is the first hop from an average home computer, out of an office network, a cafe with wifi? The everyday, average real time use of a destination or origin is trackable on most national networks.

            I wasn't talking as of real-time communication as much as of some kind of mail service. If the hops are uncorrelated in time and transfer different data, tracking anything in a meshed network of nodes (I was even thinking of a hypercube) should be extremely difficult.

      • by camg188 ( 932324 )
        Seems easy enough to work around. For example, hiding an encrypted message in a photo posted on reddit.
    • They could simply reprogram the internet to block encrypted trafic. You do realize they control the internet, right? Yes of course the people would get upset if they lose their social media, but big corporations know how to be "team players" so that's not a risk.
      • You can't really do that, unless you remove the very ability of the communication channel to transfer some information.
      • by Anonymous Coward on Monday July 13, 2015 @09:44PM (#50104331)

        They could simply reprogram the internet to block encrypted trafic.

        Good idea - those "e-commerce" and "online banking" fads were just about done anyway.

      • by Jason Levine ( 196982 ) on Monday July 13, 2015 @11:29PM (#50104661) Homepage

        If there's one thing the government fears most of all (and no, it's not a group of citizens upset with their actions) it's a riot from companies that lobby them. Block all encrypted traffic and every online retailer (including lots of big name, big lobbying companies) would find themselves unable to conduct business online. Block encryption and banks wouldn't be able to fulfill transactions online. Block encryption and health care companies couldn't show you medical information online. All of these sectors would send lobbyists on a "Seek and Destroy" mission should any such bill ever be seriously considered.

        • Sorry, all the corporations will ask for with regards to encryption is an exemption for themselves, plus an incredibly onerous process for any new competitors to go through if they want to get an exemption. The corporations will not protect you.

      • by cfalcon ( 779563 )

        This would fail for technical reasons. You could transform any piece of encrypted text into a larger piece of text that appears unencrypted, and this would happen just about immediately.

    • by Anonymous Coward

      It can be easily done, and is done in big companies all the time:

      1: Demand ISPs put in meta firewalls in place and MITM SSL. If the traffic can't be decrypted, it is blocked, the originating machine yanked from the net and the police notified.

      2: Demand every Internet connected machine run DRM software that scans and looks for encryption software, with definitions updated in real time. Like an AV scanner, except for encryption programs. If the software sees it is tampered with, shut machine down, call c

  • by Anonymous Coward

    Parrrrrtaaaay!

  • it's on its own.
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Monday July 13, 2015 @07:54PM (#50103839)
    Comment removed based on user account deletion
    • by Anonymous Coward

      FUCK the Government.
      If you sit down and think hard about it, I mean really hard, outside your lame little sheeple box, Government is totally unnecessary.

      Anyway, fuck em, bring the terrists on, i don't give a fuck, any chumpass terrist wanna come try and start shit up in my hood, bring it on bitches, i got a niner full of justice right here. So does just about every other American.
      Flattened buildings? Fuck it, rebuild that shit.
      Dead people? Fuck it, make babies :)

      Least you don't have my privacy and i aint yo

    • by lkcl ( 517947 ) <lkcl@lkcl.net> on Monday July 13, 2015 @10:39PM (#50104495) Homepage

      It should say, "Around the world, dictatorships and democracies with governments wanting to become dictatorships are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand."

      about six or seven years ago i used to go a lot further than that, but at the time people disregarded what i said as being completely outrageous. times change.... let me reiterate it by way of parallel example.

      this sentence "Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by government spokesmen of "aiding" terrorism"

      should read "Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by terrorist spokesmen...."

      i believe it was joseph goebbels, hitler's right-hand man, who said that the way for a government to get what it wanted was to terrorise people by making them think that they were no longer safe in their own homes. that if they didn't cecede power to the goverment then someone who was beyond the ability of the government to control would possibly kill them in their own beds, or on their way to work, or would kill their children on the way to school.

      this strategy is one that governments today are fully aware of (they saw how effective it was for stalin and hitler and mussolini after all), and they are quite happy to copy it. unfortunately, when people fully trust their governments and cecede all power to them, historically we've seen how quickly things can flip to become very very dangerous. the problem is that i don't see how, when power is ever so slowly eroded in small incremental steps, it is possible to reverse that situation for people's benefit, without a very large event occurring (such as a bloody riot or a civil war). maybe it's possible now, peacefully, with the internet the way it is, and with organisations like avaaz, al jazeera, 38degrees and more: i don't really know. should we have faith in people and the way the internet works, now?

      • by Anonymous Coward

        You seem to have run out of uppercase letters. Here, have some of mine:

        THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG.

    • "...and democracies with governments wanting to become dictatorships..."

      I know you feel you're being cleverly cynical, but name a democracy (or really ANY government) that doesn't have dictatorial tendencies?

      That was the brilliance of the US Constitution; the framers assumed that government - as much as we need it in practical terms - was always looking to grow both in scope and power, and that the individuals attracted to that were likely themselves dangerous to the public good.

  • ... And one who has done nothing wrong should have nothing to hide, then why do government workers wear clothing while working? After all, clothes cover up the body, and if you wear them then you are keeping something hidden fom those around you. Is there something wrong with their bodies that they feel they should cover them up?

    The question is, of course, rhetorical. One generally wears clothes around other people not because there anything (necessarily) wrong with what is underneath the clothing, but because they cover something that most people consider private.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Within the physical world there are always ways to bypass locks if you have enough time, resources and lawyers. The government doesn't need lawyers and their time and resources are quite substantial. In this case no matter how much you want to lock something up they have a blowtorch, dynamite, nitroglycerin, or nukes to make sure they can bust it open.

      Encryption is different because they don't have enough force to break the lock. These are sociopaths that are used to getting their way and having the upper-h

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      > And one who has done nothing wrong should have nothing to hide,

      Privacy is essential for creativity, otherwise a chilling effect of self censure takes place. Take a look at the old Soviet block in Eastern Europe - generations of broken people, stunted to the emotional level of development of children that expect the state to care for them. They have no political ideas, no activism.

    • There are things in this world that we want to hide even if we've done nothing wrong. I like responding to the "If you've got nothing to hide..." folks like this:

      If you've got nothing to fear then you've got nothing to hide? Great. What's your bank account number, balance, and PIN? What's your real name, social security number, date of birth, and home address? Why won't you tell me this information? Do you have something to hide?!!!

      • by MrKaos ( 858439 )

        There are things in this world that we want to hide even if we've done nothing wrong. I like responding to the "If you've got nothing to hide..." folks like this:

        I generally reframe the statement to if you've got nothing to loose. People seem oblivious to the fact that these sorts of laws are a boon for organised crime and committing fraud on a massive scale.

        Encryption represents the front line of the fight for maintaining freedom and the net is the battlefield.

      • by mark-t ( 151149 )
        That's kind of my point... we hide some things from other people not because we have done anything wrong, but simply because they are private....

        Of course, even *IF* the government's claim of benevolent intention were completely trustworthy, giving them the keys to an otherwise secure encryption scheme is still a bad idea because if such a government government can read it, then so can somebody else with less benevolent intentions who doesn't care about breaking the law and is simply hoping they will not

  • Baffling.... (Score:5, Insightful)

    by Dega704 ( 1454673 ) on Monday July 13, 2015 @08:16PM (#50103947)

    Lets pretend for a moment that government-mandated backdoors don't violate our 4 amendment rights eight ways till Friday and really will be only accessible to government agencies. (Background sniggering) Stay with me guys. Let's say their birthday wish is granted and all of the big tech companies implement backdoor decryption that only they can access.

    Do they really think a single @#$%ing terrorist or criminal with half a brain is actually going to use those services instead of other alternatives? Maybe the next part of their amazingly forward-thinking plan is to convince Richard Stallman to bend a knee and put a backdoor in GnuPG.

    • by Anonymous Coward

      stallman doesn't have anything to do with gnupg.

    • Let's say their birthday wish is granted and all of the big tech companies implement backdoor decryption that only they can access.

      (Outright laughter.) You haven't been paying attention. There is no wish left to grant. It's already done.

      One of those two major corporations listed in the summary provides system encryption for their users to protect their data. They also can undo that encryption whenever they want to. A friend's Mac Book was set up to encrypt his data, and to make a long story short, when his employer needed access to it the local Mac store was able to turn off the encryption for them. Whatever safeguards they currently

      • by MrKaos ( 858439 )

        I have discovered an algorithm which can be used to decrypt any content protected by assymetrical key encryption, but the margins of this posting not large enough to record it here.

        Have you implemented it yet?

        • by cfalcon ( 779563 )

          Didn't you read the post? Margin too small. That's an unambiguous and accepted reason in mathematics.

        • Maybe but the GP has too small of a screen. I hear a 1'-2' length of rubber host is what is needed. It even works on symmetric key encryption.
      • by sribe ( 304414 )

        One of those two major corporations listed in the summary provides system encryption for their users to protect their data. They also can undo that encryption whenever they want to. A friend's Mac Book was set up to encrypt his data, and to make a long story short, when his employer needed access to it the local Mac store was able to turn off the encryption for them.

        It works this way only if when you set up the encryption, you explicitly accept the option to generate a recovery key, and the option to store it with Apple.

    • Most terrorists and criminals don't have half a brain, so yes I fully believe they'd be able to spy on more of them. Doesn't mean they should be allowed to.

  • by Anonymous Coward

    This isn't about strong encryption. This is about encryption. This is about talking in code. This is about art that is too subtle for anyone but those who hold sufficient intellectual keys to understand. This is about telling twins that the weird childhood language they developed is criminal because the feds don't have a decoder ring for it yet. This is about Holmes zone of lawlessness in his handwritten journals stored in his some, leveraging fourth ammendment protections to more efficiently kill more

  • by CaptainDork ( 3678879 ) on Monday July 13, 2015 @08:17PM (#50103953)

    ... fucking G+.

    • Comment removed based on user account deletion
    • by AmiMoJo ( 196126 )

      It's an open discussion group that anyone can join. Presumably a few NSA/GCHQ monitoring accounts have already signed up. It's not supposed to be secure or secret.

  • by chihowa ( 366380 ) on Monday July 13, 2015 @08:17PM (#50103957)

    The last sentence of the summary was awesomely qualified:

    This new G+ community will discuss means and methods to protect our rights related to encrypted communications, unfettered by government efforts to undermine our privacy in this context.

    They had to really stretch that sentence to get around the irony of hosting a privacy advocacy group on Google's servers!

  • by Anonymous Coward on Monday July 13, 2015 @08:34PM (#50104027)

    What about the right to NOT ENCRYPT everything and still have privacy? The right to expect your spook agency to work to protect your privacy right from spying by foreign countries?

    No just foreign countries too. Why should the existing government be able to spy on every up coming politician, political campaign group, journalist, MP, congressman? How is it any of the governments business to watch the communications of its citizens and opponents?

    This "you are all terrorists" ergo we spy on you, and "we are all good" ergo we spy in secret with secret laws and secret interpretations of words, how is this defendable?

  • G+? No. (Score:5, Insightful)

    by Foresto ( 127767 ) on Monday July 13, 2015 @08:39PM (#50104045) Homepage

    You had me until you said you plan to use Google+. Bye bye.

  • by erp_consultant ( 2614861 ) on Monday July 13, 2015 @09:13PM (#50104191)

    This is the same tired argument used by the government to "protect us" against "terrorists". And thus the birth of the TSA and Homeland Security. Another bloated bureaucracy that has been an abject failure by every measure. Billions of taxpayer dollars wasted every year and the "war on terror" is no closer to being won than the day it started. Kind of like the war on poverty, but that's another topic for another day.

    I don't trust the government having this information and I sure don't trust them to secure it. Just ask the 21.5 million people that had their personal information stolen from government servers recently at the Office of Personnel Management (OPM). Vulnerabilities on those systems were known since 2007 and yet nothing was done to fix it. As usual, the initial breach was downplayed and otherwise covered up.

    So by my count the government:

    a) ignored reports that the data was vulnerable
    b) did nothing to protect it
    c) lied about the true scope of the attack and
    d) tried to cover it up after the fact.

    And I'm supposed to trust these clowns to have encryption back doors so they can snoop around with my private data? Not bloody likely.

    • And thus the birth of the TSA and Homeland Security. Another bloated bureaucracy that has been an abject failure by every measure.

      Well, the US hasn't had another 9/11...were you hoping for a worldwide end to people using terror as a weapon?

      • Do you have any actual evidence that any post-9/11 security change prevented anything on the scale of the 9/11 attack? The Boston Marathon bombing suggests that having a lot of information doesn't prevent terrorism; Russia warned us specifically about those two, and they went ahead and bombed the end of the race.

      • If anyone wanted to launch a terror type attack there is bugger all the TSA or Homeland Security or anyone else could do to stop it. That is the nature of Guerrilla type tactics and one of the reasons they are so effective. The only way you could stop it is to screen every single person that came into the USA every day. Not to mention everyone that is already living here. It is an impossible task.

        The fact that it has not happened does not provide evidence that one has been stopped. It may make you feel bett

    • by AHuxley ( 892839 )
      Anything found on servers facing outside networks is usually altered to make tracking very, very easy. Anything interesting is changed to help track internal cleared staff "looking up" data.
      A unique term found or created by internal security is very trackable and would be on a lot of powerful watch lists at much more higher security levels.
      Vast accessible databases contain vast numbers of extra projects, terms, locations, ranks, support requests that might have existed in some form or never existed, soun
  • First, suggesting that encryption is too strong merely says that it is "strong enough to be a problem"... thus advertises its potential effectiveness.

    Second, the business community will not and cannot tolerate losing the ability to encrypt while also using the public internet synchronize their databases and handle communications.

    Third, who are they actually trying to stop from using encryption? The corps respond to court orders quite readily so a bypass is not required. They're doing this because criminals,

    • by AHuxley ( 892839 )
      Re "Third, who are they actually trying to stop from using encryption?"
      All governments have understood since the 1950's that any US or UK network, hardware is a trap.
      Longer, safer more traditional methods work just fine unless a one way message is needed and is worth the risk or everything related has been uncovered.
      Cults, faiths and other groups have their own person to person methods and years of complex internal vetting.
      Top corporate companies, private interests usually have contacts in their own g
      • ... the banks aren't going to agree. So the entire thing is moot.

        • by AHuxley ( 892839 )
          re "Second, the business community will not and cannot tolerate losing the ability to encrypt while also using the public internet synchronize their databases and handle communications."
          Most banks have everyday, normal accounts tracked federally down to the 100's of $ over time on any normal account.
          Thats all been reported and fully accounted for as it has been for years. Other issues are usually never public as the banks talk of the confidence of investors.
          More federal oversight on the same type of acc
  • ... And a computer can identify you strictly by your brainwaves?

    Further, such a system could theoretically be programmed to determine if you are under duress, and not permit access in such circumstances.

    Even threatening to throw a person in jail if they don't surrender their password wouldn't help in such a case... all that they would accomplish is putting a person in jail and still not having access to whatever information they thought was worth putting someone in jail for, and keeping someone in jail

  • ...buy an Enigma [slashdot.org].
  • If they could, they'd ban opaque envelopes and envelopes with adhesive seals.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...