Encryption Rights Community: Protecting Our Rights To Strongly Encrypt 140
Lauren Weinstein writes: Around the world, dictatorships and democracies alike are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand. Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by government spokesmen of "aiding" terrorism by not making their users' communications available to law enforcement on demand. Increasingly, governments that have proven incapable of protecting their own systems from data thefts are calling for easily abused, technologically impractical government "backdoors" in commercial encryption that would put all private communications at extreme risk of attacks. This new G+ community will discuss means and methods to protect our rights related to encrypted communications, unfettered by government efforts to undermine our privacy in this context.
Don't worry about it (Score:3, Insightful)
Re:Don't worry about it (Score:4, Informative)
Re: (Score:3)
Or like France. Turns out private use of strong encryption is politely ignored by the authorities in France, possibly because they would have a riot on their hands if they did enforce the ban. And commercial users can get a license.
Re: (Score:2)
Who is sending any messages and where makes for easy traditional police work at a local level. France has a lot of police and funding so long term undercover work is not a problem. Any regional or local groups can be turned or watched as they form and communicate using any encryption.
The only problem for France is that its vastly improved
Re: (Score:3)
Strong encryption use just makes a message stand out.
Unless it's also steganographically encoded in a fashionable selfie. (Finally, a meaningful use for selfies!)
Re: (Score:3)
With detection comes the origin of the message, destination, method used and ability to trap door, back door to get the message before any steganography.
Re: (Score:2)
Re: (Score:1)
Re:Don't worry about it (Score:5, Insightful)
Strong encryption use just makes a message stand out.
Years ago when Bittorrent first started encrypting traffic there were loud complaints from GCHQ and MI5 about how it was making their lives much more difficult. Previously encrypted traffic stood out and helped them, but suddenly the (bit)torrent of encrypted data was making it difficult to separate interesting traffic from pirated music and TV shows.
I'm sure they have upped their game since then, but the basic principal is sound. If everyone starts to encrypt everything all the time it becomes much harder to figure out what is interesting. It also makes them waste resources trying to store or decrypt data that turns out to be worthless. Fortunately for us more and more apps implement encryption by default.
Re: (Score:2)
It's too late. I think we already won this one.
Re: (Score:1)
I can't imagine any scenarios where any government could practically restrict encryption at all.
Oh? What about the British philosophy? If you don't divulge your encryption keys when law enforcement demands, you go to prison for five years. You will be sent to prison for refusing to give up encryption keys, regardless of whether you have them or not and regardless of if the data is actually encrypted, instead of just random data.
Re: (Score:2)
End to end encryption where keys are disposed when the message is decrypted at the endpoint. Like TextSecure and SMSSecure use. Even if they start torturing me I just can't help them decrypt any messages they intercepted, and access to my phone is useless as well after the messages are deleted.
Re: Don't worry about it (Score:2)
So everyone using SSL goes to jail? And if not, could I not simply transfer my encrypted file over SSL and you'd never be able to tell its not just normal SSL traffic?
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
A person, brand, company, project can create, compile, sell, offer, use all the encryption it wants.
A US or UK telco or network interconnect will always be able to track the message from its origin to the destination.
With a loss of anonymity, privacy is then very easy remove per user or site.
US and UK network ready devices, networks, tame computer systems are all law enforcement frien
Re: (Score:2)
A US or UK telco or network interconnect will always be able to track the message from its origin to the destination.
Unless some kind of oniony or multi-hop routing is involved, I presume.
Thats why number stations and one time pads worked well in the past. Its kind of hard to find who listened to an international broadcast. But with the direct use of any encryption between two sites that task is now very easy.
In a way, I picture that a limited form of this should also be possible. (But probably less efficient then some kind of a store-and-forward system? Or maybe the two could get combined?)
Re: (Score:2)
What is the first hop from an average home computer, out of an office network, a cafe with wifi?
The everyday, average real time use of a destination or origin is trackable on most national networks.
A public telco, private network or telco? The layers of communications can request oniony or multi-hop but that physical network entry and exit point is a bit more fixed in most nations.
Re: (Score:2)
What is the first hop from an average home computer, out of an office network, a cafe with wifi? The everyday, average real time use of a destination or origin is trackable on most national networks.
I wasn't talking as of real-time communication as much as of some kind of mail service. If the hops are uncorrelated in time and transfer different data, tracking anything in a meshed network of nodes (I was even thinking of a hypercube) should be extremely difficult.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re:Don't worry about it (Score:5, Insightful)
They could simply reprogram the internet to block encrypted trafic.
Good idea - those "e-commerce" and "online banking" fads were just about done anyway.
Re: (Score:1)
You are thinking like an engineer, you want a foolproof system with no false positives or negatives.
The government can just make it illegal to use cryptography and put a deterring punishment on it. Then a person can work full time (On taxpayers money) and look at traffic at random. If he finds someone using encryption they make an example out of it to deter others.
Re:Don't worry about it (Score:4, Insightful)
If there's one thing the government fears most of all (and no, it's not a group of citizens upset with their actions) it's a riot from companies that lobby them. Block all encrypted traffic and every online retailer (including lots of big name, big lobbying companies) would find themselves unable to conduct business online. Block encryption and banks wouldn't be able to fulfill transactions online. Block encryption and health care companies couldn't show you medical information online. All of these sectors would send lobbyists on a "Seek and Destroy" mission should any such bill ever be seriously considered.
Re: (Score:2)
Sorry, all the corporations will ask for with regards to encryption is an exemption for themselves, plus an incredibly onerous process for any new competitors to go through if they want to get an exemption. The corporations will not protect you.
Re: (Score:3)
This would fail for technical reasons. You could transform any piece of encrypted text into a larger piece of text that appears unencrypted, and this would happen just about immediately.
Re: (Score:1)
It can be easily done, and is done in big companies all the time:
1: Demand ISPs put in meta firewalls in place and MITM SSL. If the traffic can't be decrypted, it is blocked, the originating machine yanked from the net and the police notified.
2: Demand every Internet connected machine run DRM software that scans and looks for encryption software, with definitions updated in real time. Like an AV scanner, except for encryption programs. If the software sees it is tampered with, shut machine down, call c
You Gotta Fight For Your Right To (Score:1)
Parrrrrtaaaay!
on the internet (Score:2)
Comment removed (Score:5, Insightful)
Re: (Score:1)
FUCK the Government.
If you sit down and think hard about it, I mean really hard, outside your lame little sheeple box, Government is totally unnecessary.
Anyway, fuck em, bring the terrists on, i don't give a fuck, any chumpass terrist wanna come try and start shit up in my hood, bring it on bitches, i got a niner full of justice right here. So does just about every other American. :)
Flattened buildings? Fuck it, rebuild that shit.
Dead people? Fuck it, make babies
Least you don't have my privacy and i aint yo
Re: (Score:1)
Re: (Score:1)
Exactly, there is none of that stoning for adultery or rapists being in the clear if they marry their victim or slavery being ok in the "good book." I mean Christians are all upstanding and extremely moral people that are not in the least bit hypocritical, they also don't use their big-book-o-morality to influence any decisions or try to force their skewed world view onto others.
Oh, wait a minute...
Re:Slight correction (Score:4, Interesting)
It should say, "Around the world, dictatorships and democracies with governments wanting to become dictatorships are attempting to restrict access to strong encryption that governments cannot decrypt or bypass on demand."
about six or seven years ago i used to go a lot further than that, but at the time people disregarded what i said as being completely outrageous. times change.... let me reiterate it by way of parallel example.
this sentence "Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by government spokesmen of "aiding" terrorism"
should read "Firms providing strong encryption to protect their users — such as Google and Apple — are now being accused by terrorist spokesmen...."
i believe it was joseph goebbels, hitler's right-hand man, who said that the way for a government to get what it wanted was to terrorise people by making them think that they were no longer safe in their own homes. that if they didn't cecede power to the goverment then someone who was beyond the ability of the government to control would possibly kill them in their own beds, or on their way to work, or would kill their children on the way to school.
this strategy is one that governments today are fully aware of (they saw how effective it was for stalin and hitler and mussolini after all), and they are quite happy to copy it. unfortunately, when people fully trust their governments and cecede all power to them, historically we've seen how quickly things can flip to become very very dangerous. the problem is that i don't see how, when power is ever so slowly eroded in small incremental steps, it is possible to reverse that situation for people's benefit, without a very large event occurring (such as a bloody riot or a civil war). maybe it's possible now, peacefully, with the internet the way it is, and with organisations like avaaz, al jazeera, 38degrees and more: i don't really know. should we have faith in people and the way the internet works, now?
Re: (Score:1)
You seem to have run out of uppercase letters. Here, have some of mine:
THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG.
Re: (Score:2)
"...and democracies with governments wanting to become dictatorships..."
I know you feel you're being cleverly cynical, but name a democracy (or really ANY government) that doesn't have dictatorial tendencies?
That was the brilliance of the US Constitution; the framers assumed that government - as much as we need it in practical terms - was always looking to grow both in scope and power, and that the individuals attracted to that were likely themselves dangerous to the public good.
If no secrets should be kept from the gov't.... (Score:5, Insightful)
The question is, of course, rhetorical. One generally wears clothes around other people not because there anything (necessarily) wrong with what is underneath the clothing, but because they cover something that most people consider private.
Re: (Score:3, Insightful)
Within the physical world there are always ways to bypass locks if you have enough time, resources and lawyers. The government doesn't need lawyers and their time and resources are quite substantial. In this case no matter how much you want to lock something up they have a blowtorch, dynamite, nitroglycerin, or nukes to make sure they can bust it open.
Encryption is different because they don't have enough force to break the lock. These are sociopaths that are used to getting their way and having the upper-h
Re: (Score:2, Insightful)
> And one who has done nothing wrong should have nothing to hide,
Privacy is essential for creativity, otherwise a chilling effect of self censure takes place. Take a look at the old Soviet block in Eastern Europe - generations of broken people, stunted to the emotional level of development of children that expect the state to care for them. They have no political ideas, no activism.
Re: (Score:2)
There are things in this world that we want to hide even if we've done nothing wrong. I like responding to the "If you've got nothing to hide..." folks like this:
If you've got nothing to fear then you've got nothing to hide? Great. What's your bank account number, balance, and PIN? What's your real name, social security number, date of birth, and home address? Why won't you tell me this information? Do you have something to hide?!!!
Re: (Score:2)
There are things in this world that we want to hide even if we've done nothing wrong. I like responding to the "If you've got nothing to hide..." folks like this:
I generally reframe the statement to if you've got nothing to loose. People seem oblivious to the fact that these sorts of laws are a boon for organised crime and committing fraud on a massive scale.
Encryption represents the front line of the fight for maintaining freedom and the net is the battlefield.
Re: (Score:2)
Of course, even *IF* the government's claim of benevolent intention were completely trustworthy, giving them the keys to an otherwise secure encryption scheme is still a bad idea because if such a government government can read it, then so can somebody else with less benevolent intentions who doesn't care about breaking the law and is simply hoping they will not
Baffling.... (Score:5, Insightful)
Lets pretend for a moment that government-mandated backdoors don't violate our 4 amendment rights eight ways till Friday and really will be only accessible to government agencies. (Background sniggering) Stay with me guys. Let's say their birthday wish is granted and all of the big tech companies implement backdoor decryption that only they can access.
Do they really think a single @#$%ing terrorist or criminal with half a brain is actually going to use those services instead of other alternatives? Maybe the next part of their amazingly forward-thinking plan is to convince Richard Stallman to bend a knee and put a backdoor in GnuPG.
Re: (Score:1)
stallman doesn't have anything to do with gnupg.
Re: (Score:3)
Let's say their birthday wish is granted and all of the big tech companies implement backdoor decryption that only they can access.
(Outright laughter.) You haven't been paying attention. There is no wish left to grant. It's already done.
One of those two major corporations listed in the summary provides system encryption for their users to protect their data. They also can undo that encryption whenever they want to. A friend's Mac Book was set up to encrypt his data, and to make a long story short, when his employer needed access to it the local Mac store was able to turn off the encryption for them. Whatever safeguards they currently
Re: (Score:2)
Every connected device sold in the US has to be "wiretap" friendly by design over every generation of product.
Thats full logs, voice prints, plain text, images, voice, gps, call details, unique camera details per image, remote mic/camera on, network power on.
A city, state, county might have some well understood new private sector software packages that they show all their "cleared" staff.
The staff having seen that
Re: (Score:3)
It may not be much assurance, but one of the head devs of BitLocker did state that there are no backdoors in it. Does that mean there are? Game theory might apply:
If there are none, life goes on.
If there is one, it will get discovered, BitLocker tossed out the window by every company in the world, replaced with something that is vetted like TrueCrypt or its descendants.
Plus there are levels of law enforcement. Interpol/FBI is one thing. The local HOA trying to be nosy and use a civil action to get into
Re: (Score:2)
IIRC, Windows 8 and newer have this as a feature. However, I wind up using WS 2012 R2, where if one uses the MMC panel, BitLocker will ask you to store or print a recovery key. You can turn on BitLocker manually with "manage-bde -on x: -free" so it encrypts, then add protectors (passwords, recovery keys) later on.
Best recovery protection I've found is to copy the recovery key text, toss it in an offline PW manager, check to see if you can unlock the volume with the key, and go from there.
Of course, in an
Re: (Score:2)
I have discovered an algorithm which can be used to decrypt any content protected by assymetrical key encryption, but the margins of this posting not large enough to record it here.
Have you implemented it yet?
Re: (Score:2)
Didn't you read the post? Margin too small. That's an unambiguous and accepted reason in mathematics.
Re: (Score:2)
Re: (Score:2)
One of those two major corporations listed in the summary provides system encryption for their users to protect their data. They also can undo that encryption whenever they want to. A friend's Mac Book was set up to encrypt his data, and to make a long story short, when his employer needed access to it the local Mac store was able to turn off the encryption for them.
It works this way only if when you set up the encryption, you explicitly accept the option to generate a recovery key, and the option to store it with Apple.
Re: (Score:2)
Most terrorists and criminals don't have half a brain, so yes I fully believe they'd be able to spy on more of them. Doesn't mean they should be allowed to.
It's not about strength, it's about Free Speech (Score:2, Interesting)
This isn't about strong encryption. This is about encryption. This is about talking in code. This is about art that is too subtle for anyone but those who hold sufficient intellectual keys to understand. This is about telling twins that the weird childhood language they developed is criminal because the feds don't have a decoder ring for it yet. This is about Holmes zone of lawlessness in his handwritten journals stored in his some, leveraging fourth ammendment protections to more efficiently kill more
Re: (Score:2)
Man, you weren't kidding about talking in code.
Re: (Score:2)
Made perfect sense over here. Not sure what your issue with English is. It's a bit flowery, but it's coherent.
Let's discuss privacy on ... (Score:3)
... fucking G+.
Re: (Score:3)
It's security through obscurity!
Re: (Score:2)
The security works as tested by a few or many experts who found each other on the same mainstream networks and sites...
The obscurity part is entering the plain text, tracking the message and decoding.
Do that on a tame OS and tracked network and all that freedom for security jus makes the message stand out.
Decade in decade out, enjoy the
Re: (Score:1)
Re: (Score:2)
It's an open discussion group that anyone can join. Presumably a few NSA/GCHQ monitoring accounts have already signed up. It's not supposed to be secure or secret.
A privacy oriented group hosted at Google! (Score:3, Insightful)
The last sentence of the summary was awesomely qualified:
This new G+ community will discuss means and methods to protect our rights related to encrypted communications, unfettered by government efforts to undermine our privacy in this context.
They had to really stretch that sentence to get around the irony of hosting a privacy advocacy group on Google's servers!
The right to NOT encrypt (Score:3, Insightful)
What about the right to NOT ENCRYPT everything and still have privacy? The right to expect your spook agency to work to protect your privacy right from spying by foreign countries?
No just foreign countries too. Why should the existing government be able to spy on every up coming politician, political campaign group, journalist, MP, congressman? How is it any of the governments business to watch the communications of its citizens and opponents?
This "you are all terrorists" ergo we spy on you, and "we are all good" ergo we spy in secret with secret laws and secret interpretations of words, how is this defendable?
G+? No. (Score:5, Insightful)
You had me until you said you plan to use Google+. Bye bye.
Same old same old.... (Score:5, Insightful)
This is the same tired argument used by the government to "protect us" against "terrorists". And thus the birth of the TSA and Homeland Security. Another bloated bureaucracy that has been an abject failure by every measure. Billions of taxpayer dollars wasted every year and the "war on terror" is no closer to being won than the day it started. Kind of like the war on poverty, but that's another topic for another day.
I don't trust the government having this information and I sure don't trust them to secure it. Just ask the 21.5 million people that had their personal information stolen from government servers recently at the Office of Personnel Management (OPM). Vulnerabilities on those systems were known since 2007 and yet nothing was done to fix it. As usual, the initial breach was downplayed and otherwise covered up.
So by my count the government:
a) ignored reports that the data was vulnerable
b) did nothing to protect it
c) lied about the true scope of the attack and
d) tried to cover it up after the fact.
And I'm supposed to trust these clowns to have encryption back doors so they can snoop around with my private data? Not bloody likely.
Re: (Score:2)
And thus the birth of the TSA and Homeland Security. Another bloated bureaucracy that has been an abject failure by every measure.
Well, the US hasn't had another 9/11...were you hoping for a worldwide end to people using terror as a weapon?
Re: (Score:2)
Do you have any actual evidence that any post-9/11 security change prevented anything on the scale of the 9/11 attack? The Boston Marathon bombing suggests that having a lot of information doesn't prevent terrorism; Russia warned us specifically about those two, and they went ahead and bombed the end of the race.
Re: (Score:2)
If anyone wanted to launch a terror type attack there is bugger all the TSA or Homeland Security or anyone else could do to stop it. That is the nature of Guerrilla type tactics and one of the reasons they are so effective. The only way you could stop it is to screen every single person that came into the USA every day. Not to mention everyone that is already living here. It is an impossible task.
The fact that it has not happened does not provide evidence that one has been stopped. It may make you feel bett
Re: (Score:2)
A unique term found or created by internal security is very trackable and would be on a lot of powerful watch lists at much more higher security levels.
Vast accessible databases contain vast numbers of extra projects, terms, locations, ranks, support requests that might have existed in some form or never existed, soun
Merely attempting to control it is madness (Score:2)
First, suggesting that encryption is too strong merely says that it is "strong enough to be a problem"... thus advertises its potential effectiveness.
Second, the business community will not and cannot tolerate losing the ability to encrypt while also using the public internet synchronize their databases and handle communications.
Third, who are they actually trying to stop from using encryption? The corps respond to court orders quite readily so a bypass is not required. They're doing this because criminals,
Re: (Score:2)
All governments have understood since the 1950's that any US or UK network, hardware is a trap.
Longer, safer more traditional methods work just fine unless a one way message is needed and is worth the risk or everything related has been uncovered.
Cults, faiths and other groups have their own person to person methods and years of complex internal vetting.
Top corporate companies, private interests usually have contacts in their own g
Re: (Score:2)
... the banks aren't going to agree. So the entire thing is moot.
Re: (Score:2)
Most banks have everyday, normal accounts tracked federally down to the 100's of $ over time on any normal account.
Thats all been reported and fully accounted for as it has been for years. Other issues are usually never public as the banks talk of the confidence of investors.
More federal oversight on the same type of acc
Re: (Score:2)
yes, and their encryption isn't backdoored. Their datacenters are backdoored. their encryption is not.
What happens when wetware becomes feasible? (Score:2)
Further, such a system could theoretically be programmed to determine if you are under duress, and not permit access in such circumstances.
Even threatening to throw a person in jail if they don't surrender their password wouldn't help in such a case... all that they would accomplish is putting a person in jail and still not having access to whatever information they thought was worth putting someone in jail for, and keeping someone in jail
now it's worth it to... (Score:2)
That particular cat is out of the bag (Score:1)
If they could, they'd ban opaque envelopes and envelopes with adhesive seals.
Re: (Score:2)
I'm assuming this is a steganographic tour de force, meant to illustrate a method to hide even the existence of a message from our unwelcome network-snooping overlords, using either missing words or grammatical errors to cue the clued-in reader to the real message.
However, either:
a) I just can't crack the code, or :)
b) I'm giving you too much credit.
Anyone else want to take a crack at this?
Re: (Score:2)
I done me best when I was let. Thinking always if I go all goes. A hundred cares, a tithe of troubles and is there one who understands me? One in a thousand of years of the nights? All me life I have been lived among them but now they are becoming lothed to me. And I am lothing their little warm tricks. And lothing their mean cosy turns. And all the greedy gushes out through their small souls. And all the lazy leaks down over their brash bodies. How small it's all! And me letting on to meself always. And li
Re: (Score:2)
The very same loving, caring, and benevolent government, that provides our children with "free" public schools, is also the one with a Federal Department of Education having its own SWAT team.
Well, all those home-schoolers and private charter schools aren't gonna be assaulted by a military breach & clear team on their own!
SWAT - For The Children
Strat