RT @majin_lei: They want backdoors into our lives. That means police can access the most private convos, pictures, etc. please vote and please pay attention. DO NOT LET LAW ENFORCEMENT HAVE FULL ACCESS TO YOUR LIFE https://t.co/nnidzldv2I
Backdoors render encryption untrustworthy. Full stop.
Cryptography as a concept, theory, etc. is not new and there is no preventing it and it's march forward to new, better, and more secure solutions. It is NOT the responsibility of application creators to weaken their systems and potentially compromise user data for the state.
Will it hinder potential investigations? Sure will, in the same way the 4th amendment does. In the same way allowing people to remain silent and demand a lawyer and respecting that action does.
Also... how does this collide with HIPAA and things like that? If I implement encryption standards for a product that I market as HIPAA compliant, but the scheme used allows for government access. And then that access is exploited (BECAUSE OF COURSE IT WILL) am I now on the hook for that HIPAA violation or is the government... hahaha just kidding it will be me.
If you are worried about this stuff for your own personal communications (business dealings, legal matters, etc.) I highly encourage you to use PGP. It's a a bit cumbersome to get set up as a non-tech person but as long as your private key is secure, risk is extremely low.
[Football meme format] Had me in the first paragraph, not gonna lie. [/meme]
But then they immediately belie everything in the second paragraph onwards. Not only is it hypocritical and an overreach, it violates the Second Amendment!
Encryption has long been considered a tool of war -the US gov't has blocked the export of crypto algos in the past for exactly this reason- and thus legally mandated backdoors are an infringement. Personal firearms may not be as effective as they once were against a tyrannical government, but encryption damn well is.
Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.
I like this sentiment. It's a shame that the rest of this doesn't match. Also, I am skeptical about how much weakening encryption like they want to do would actually help reduce childhood sexual exploitation, and isn't just the thin end of the wedge in making it palatable to most people.
(puts on tin foil hat)
This isn’t about the children. This is about restoring the ability to tap phone lines. Once upon a time the phreaks showed us how the feds tapped your lines. Check out AT&T’s operation greenstar. Now the feds want to tap our instant messages just like in the good old days. Can’t abide people having conversations without carnivore analysis.
(removes tin foil hat)
Protecting children is the most noble of causes. I can’t imagine how horrific it is to be on a task force catching predators like that. Takes a carnivore to catch a predator I suppose.
Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety
This is pretty close to as newspeak as you can get. You can only get a "backdoor" in end to end encryption by making such encryption less safe for the public. Say goodbye to secure online banking, credit card transactions, private communication, etc. All of those will be much, much easier to break into- and we will be the ones suffering the consequences.
I really don't know why this issue is coming up suddenly. It was no r/tech today too.
I remember when people, conservatives included, were uncomfortable with the fact that companies were constantly logging and ultimately able to read your private conversations, whether they be emails or instant messages on some website with direct message capabilities. This was something we sort of accepted was a thing, but people generally weren't happy about it.
Now these platforms are able to provide messaging that even they can't read, and there are a few conservatives here complaining about that. They're even ironically crowing about "Big Tech". I thought the issue with Big Tech was that they can so easily cooperate with government without you knowing. And now we're complaining about "big tech" not reading your data?
The right should be universally against anything that bans encryption. Ultimately you're banning math. It's useless to try to ban math.
I like it how attacks against privacy are no longer considered as security issues, and now even police backdoored encryption is already considered by some as "not secure" only insofar as somebody else could use the backdoor.
Wake up guys, Google and the FBI are not your friends either, and it's not good either that they have access to all your data.
I would really like to ask each and every one of those people how they want to prevent criminals from using custom-made tools. I mean seriously, DH or RSA are literally a couple of lines of python. Any software developer can make an encrypted messenger app over the weekend with little effort.
The real goal is to spy on general population, not prevent any crimes.
If Priti Patel really “cared about the children” (TM) she would probably ask Prince Andrew to cooperate with the ongoing child abuse allegations that he is hiding from.
And in return the US might extradite the woman who killed teenager Harry Dunn...
2 groups of teenagers/children she can protect immediately.
Instead she has some vague goals which will be used to spy on everybody for no reason. (See the “patriot act” in the US)
Hear me out. I used to be in the camp of "encrypt everything". I understand the need for encryption, but does Facebook really NEED to have end-to-end encryption??? That would shut off any monitoring that Facebook does. Why is that a good thing? If your some whistleblower, for god sakes don't use Facebook. I'm in the camp that any social media site that children use should have good monitoring.
Some sort of law needs to be in place to force social media sites to monitor it effectively AND ALSO the law does not interfere with legitimate secure messaging apps like Signal, etc.
Edit: The best way to handle this is for social media tech companies to not flex their "encryption skills" as a marketing point. That would make it so there's no need for the government to forcefully intervene.
> does Facebook really NEED to have end-to-end encryption
Messenger is currently the defacto universal IM tool. It's the instant messenger most of your friend, your parents, and probably your grandparents have.
So, yes, securing it is a good idea.
I agree that securing communications is important. You can still keep it secure if Facebook is the only entity that is able to unlock and decrypt communications. With end-to-end encryption, Facebook can't even decrypt it, and only the end-users can see the conversation.
I totally get where you're coming from. How would you handle an anonymous encrypted channel of communication to children? I'm not asking rhetorically. I'm genuinely curious of other ways to handle this. Do we just let this fall on the parents to educate, monitor, or forbid their children to use social media? I'm all for that, but we can't expect everyone to do that. To me it seems like a no-brainer for Facebook to just monitor it and help law enforcement.
Nope. I'm am 100% against any sort of ban on encryption or requirement that Facebook have backdoors.
There's a whole lot of bullshit you can try to justify with this "think of the children" crap.
Remember when we, as conservatives, would rightly complain that Big Tech was making it easy for government to spy? Remember when we were creeped out that Google scans your email, even if just to target ads? Kind of astounding to flip on this.
I definitely remember all the encryption arguments over the years. Me and many others all thought that encrypting everything was the way to go. We can't let the government get it's hands on the data, etc, etc... I'm not advocating backdoors or the government creeping on our emails. I just want reasonable monitoring from the company to keep it safe, and for companies to comply with lawful requests from law enforcement. Privacy specific apps need not do this because privacy is their purpose.
I did flip on this recently. This solution seemed like a nice middle ground... I could change my position. But for right now, that's where I'm at. Cheers.
In the statement they mention end-to-end encryption impacts public safety in two ways, and one of them is:
>By precluding the ability of law enforcement agencies to access content in limited circumstances where necessary and proportionate to investigate serious crimes and protect national security, where there is lawful authority to do so.
Right there they mention "lawful authority to do so". They aren't looking for a fire hose of data where they can poke around whenever they want. Facebook can securely store transcripts, and when law enforcement has a reason to request a transcript, they would request a warrant. Thanks to our rights, warrants aren't given willy nilly.
the ability of law enforcement agencies to access content in limited circumstances where necessary and proportionate to investigate serious crimes and protect national security, where there is lawful authority to do so
"Hello, sir. This is an issue of national security, and this is my do-whatever I-want-and-get-away-with-it badge. I don't like the way you look, so I have lawful authority to use the backdoor into your digital life."
Sad but true, just look at government overreach in every single possible area from requesting smart speaker data to using bulk data capture in public places. Once they can access your messages they will for whatever the hell they feel like with zero accountability and zero oversight.
You are about 20 years too late. The government doesn't need to pass any new laws - they can just ask you for the password, and lock you up if you do not provide them with evidence that will lead to your conviction.
Unfortunately no one gave a damn about privacy until they needed an excuse to hate Theresa May.
I agree that forcing one person at a time to remove their encryption or face arrest is terrible. But at least the focus of the government's attention would know he is being targetted.
This proposed law would force apple / google to remove everybody's encryption and the government will just go on massive fishing expeditions to find as many "criminals" as they want.
Not OP but reading the article, it makes it pretty clear they want a backdoor into any end-to-end encryption for what the governments call improved public safety.
Issue is hackers find that backdoor and then the fun begins.
We, the undersigned, support hard rocks, which play a crucial role in building heavy buildings and protecting things due to the fact that they are hard.
Particular implementations of rocks, however, pose significant challenges to public safety by being hard as rock. We propose to make them soft so that they aren’t hard. This compromise is critical to save the children. We have not considered how this proposal would negatively affect buildings or uses of rocks due to not being able to read anything we write.
> We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security.
Backdoored isn't strong or secure
8.3.4. "How will privacy and anonymity be attacked?"
- like so many other "computer hacker" items, as a tool for
the "Four Horsemen": drug-dealers, money-launderers,
terrorists, and pedophiles.
See also "Four Horsemen of the Infocalypse" , "Crypto Wars" .
as was flagged to death earlier this week: DOJ is 100% capable of embedding humans deep within criminal enterprises that pose genuine security risks to the federal government. Combine that with regular old-fashioned things like those novel legal devices called "search warrants", and FBI does just fine at getting inside secure comms without fundamentally lying about the nature of mathematics at the same time.
Maybe we need to advocate for changes to US law such that citizens maintain their expectation of privacy when sending messages through third parties. Then it would be like it used to be when law enforcement needed a warrant to obtain an individual’s communications, which is then served to that individual rather than to a third party communications provider.
Also, it seems like it’s time to remind everyone that only totalitarian governments want to read everyone’s mail all the time to look for crimes. Our bill of rights expressly forbids this. I really don’t understand why the DOJ would write a letter like this that to me, a layman, reads like it is plainly in violation of the 4th amendment.
How do they envision this working and yet protecting communication in oppressive regimes? Facebook can't very well offer the US the ability to pierce the encryption veil then beg innocence to the Kremlin when it wants access.
Of course, decentralized open source solutions in this space will always dominate. The oppressive governments can attack big tech economically. The Kremlin can shut facebook down in Russia if they won't give a back door. Whereas volunteer devs with no expectation of profit are immune to that kind of attack. Even better if there is no defined server to block.
I say this as someone who is not generally super enthusiastic about open source, not decentralized tech, nor is anti- big tech. This just seems like an area where big tech cos cannot compete efficiently.
Maybe they just think that Facebook should not be operating in countries with lots of corruption or oppression? And maybe they have a point. Maybe it is not possible to run an ethical communication business in a place that criminalizes what we value as protected speech.
Anyway, I doubt they will be able to accomplish this goal by asking nicely. They will need to pass a law and then there will need to be a fight about whether the law is constitutional.
I don't understand it. Their conclusion says "we challenge the assertion that safety cannot be protected without compromise," which the way I read it means something along the lines of "we believe it is possible to protect public safety without compromising privacy." But the rest of the letter seems to imply they want to find a way to in fact compromise that privacy.
Check out Sam Harris’s podcast “The Worst Epidemic”. It’s hard to listen to, but gives another perspective about this issue. Also it has some ideas about where encryption is perhaps more benign (e.g. WhatsApp) and where its introduction would increase exploitation of children (e.g. Facebook Messenger).
Yep, they are gonna use "child porn" as their trojan horse excuse to pass legislation to put back doors in all encryption or face arrest. You can bet the trusted apps will move offshore, doubt Telegram who is already offshore will ever concede to this. Also, an attempt to gain access to cryptos as well.
What are the odds that big tech and big brother are in bed creating a huge dog and pony show to counter the post-Snowden “going dark” reality?
Given: The public knows about mass surveillance. Big tech deploys supposedly unbreakable end to end encryption. The public feels more safe and protected from Big Brother yet again.
Theory: Meanwhile, behind the scenes, government and big tech have, in secret, the ability to recover such encrypted comms. The DOJ initiative would then be part of an elaborate psyop to further deceive people into believing that FB “has their back”.
I’m going to guess that third parties have extensively reverse engineered apps such as fb messenger to ensure that it is essentially impossible for the above to be the case, since E2EE occurs at the endpoints.
Can an encryption expert weigh in here?
Edit: this also raises general concerns I have about trusting an App Store to install what is supposed to be installed, and not a backdoor’ed version of an app. Something like: Let the reverse engineers have an unmodified app, while distributing alternate versions to other unsuspecting users.