US Government Continues Encryption War

Humans are mortal. It doesn&#x27;t matter if you are a dictator or a janitor - you will die anyway. But the institutions, the system, the culture - will stay for much much longer.<p>Those who build a centralized system that can control every aspect of humans life just don&#x27;t realize they are building Hell on Earth.<p>Decentralization and fairfull consensus between every acting party, no matter how much power they have - this is the only way to build a great culture and a system.<p>Unfortunately, we are still too far from this. Too much people are still trying to build this ugly human pyramid of subordination, just like in a primal tribe or mafia organization.

If anyone is curious why some senator called Graham seems to be popping up in every bill that poses a threat to the internet, its because he sponsors or co-sponsors most of them. On congress.gov you can get a nice listing of everything he&#x27;s done recently [1]. In summary, he either sponsored or co-sponsored this encryption act, the EARN-IT act (more anti-encryption), the OCPA (make websites liable for moderation errors), and another seperate law to amend section 230.<p>He has also co-sponsored legislation in support of privacy of personal identifiable information, but not for the general population or anything just US Federal judges [2].<p>[1] <a href="https:&#x2F;&#x2F;www.congress.gov&#x2F;member&#x2F;lindsey-graham&#x2F;G000359" rel="nofollow">https:&#x2F;&#x2F;www.congress.gov&#x2F;member&#x2F;lindsey-graham&#x2F;G000359</a><p>[2] <a href="https:&#x2F;&#x2F;www.congress.gov&#x2F;bill&#x2F;116th-congress&#x2F;senate-bill&#x2F;4711?s=4&amp;r=2" rel="nofollow">https:&#x2F;&#x2F;www.congress.gov&#x2F;bill&#x2F;116th-congress&#x2F;senate-bill&#x2F;471...</a>

&gt; Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications.<p>I am very confused by this statement from Barr.<p>Protecting consumer data is protecting a business&#x27; operations.<p>If user data is properly encrypted, then a dataleak is necessarily less of a liability. You cannot lose what you do not have access to. Protecting the customer, protects the business.

&gt; Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications.<p>Do &quot;large business enterprises&quot; use exclusively &quot;customized encryption&quot;, or do they use the same encryption &quot;consumer products&quot; use? In my experience, it&#x27;s the later. The biggest example is TLS: for instance, <i>every</i> business which uses Microsoft Office 365 relies on the same TLS used by &quot;consumer products&quot;. The same applies to full disk encryption (BitLocker and&#x2F;or LUKS), smart phones (large business do use smart phones, and they are the same smart phones everyone else uses), email, and so on.<p>As a personal example, the software we develop at work is used by &quot;large business enterprises&quot;. When we added encryption to it, we didn&#x27;t use &quot;customized encryption&quot;; we used standard TLS.

&gt; “warrant-proof” encryption<p>Like “warrant-proof” rooms and houses that, even with a valid warrant, won&#x27;t record conversations and send them to the police.<p>And just like encryption, those “warrant-proof” protections can be circumvented by planting physical or software bugs on target houses or computers.<p>They&#x27;re not complaining that law enforcement can&#x27;t subvert privacy protections - they&#x27;re complaining that they&#x27;re not <i>already subverted, ahead of time, for everyone.</i>

As a matter of strategy, I doubt that developers aren&#x27;t already downloading key cryptographic libraries out there in order to host them outside the USA. I think news like this might also encourage more people to program encrypted messaging and file transfer applications. I mean, who in here hasn&#x27;t at least made a small cryptographic test with widely known libraries? The irony is that the more technology like this is outlawed, the more valuable it becomes to those who might find it useful, the flipside being that the less encrypted traffic there is, the easier it becomes to find those who use it. The only antidote to that, is more encrytped traffic.

You can’t ban algorithms and ideas in practice. The output of an algorithm doesn’t prove that a particular algorithm has been used. Even then, anyone can modify and code algorithms.<p>You can force companies to put backdoors in their encryption products, but the governments already do that (even though using them may not be convenient for them). Further, this will push crypto in the hands of people, and to outside US, to outside cloud, push for decentralization, which the US government doesn’t like.<p>The security by and large lies in end points. Back-door in hardware, operating systems etc for access to key material seems to be the focus of the governments.<p>It’s a golden age for intelligence agencies; they probably want a handle on the cloud.

The US constitution should be amended with a right to encryption, making laws such as this one impossible. This is the only long-term way out of this mess.

The right to bear arms should cover encryption.

I am amused by the fact the country where guns are legal and used by many bad people doesn&#x27;t ban it. But they are trying to ban encryption used by every people that used internet.<p>What a time!

Interesting read thanks for bringing the topic to attention.<p>I seriously doubt governments lack the surveillance tools and require more access with backdoors or breaking encryption. For example AES encryption calls CPU instructions to hardware that exists only by a few companies. DNS is either through a handful of public cache servers or captured at the OS level. The network backbone is by a handful of companies world wide. Of course the US is world leader of breaking privacy but this is theater

I wonder if they&#x27;ve done any polling to figure out the level of surveillance they can impose without triggering a brain drain.<p>I expect there is a phase-change somewhere before &quot;all my communications are monitored in real time&quot;.

&gt; Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina) and U.S. Senators Tom Cotton (R-Arkansas) and Marsha Blackburn (R-Tennessee) today introduced the Lawful Access to Encrypted Data Act<p>Lindsey Graham is a turtle.

I find three things about the encryption debate really weird.<p>#1 Split brain<p>The &quot;same&quot; government that gave us Tor (onion routing) wants to take it away. So at least some of the players understand the practical need for encryption. I&#x27;d rather those pro and con insiders fight it out, instead of fighting by proxy thru us citizens and consumers.<p>#2 Fishing expeditions<p>What possible value does unlocking, decryption have <i>after the fact</i>?<p>Does the FBI really need to unlock a spree shooter&#x27;s iPhone? Why? What could they possibly learn? They already have all the meta data like FOAF, location, purchases. What more are they looking for? To better establish guilt?<p>And any one already under surveillance has already had their entire life rootkitted. So again no need for after the fact unlocking.<p>#3 Trusting trust, time boxed secrecy<p>I&#x27;ve had many, many fruitless conversations about computer security (wrt election integrity) with non-tech policy makers. I have yet to figure out how to convey the understanding that backdoors and security thru obscurity is no security at all.<p>The best policy compromise proposal that I can imagine, and I&#x27;m spitballing here, is formalizing some kind of temporal privacy.<p>Using voting and secret ballots as an example:<p>I absolutely do not want any one any where to know anyone&#x27;s votes during an election. I don&#x27;t even want precounts, so that pols and admins can preview tabulations. But I also don&#x27;t care at all if someone knows how I voted <i>after</i> the election is certified. (Sure, there&#x27;s still some risk of coercion and vote buying. But there are easier attack vectors for which we have no mitigation, so it&#x27;s comparatively minor.)<p>So instead of trying to protect all secrets for all time, I think all the players might be able to chill a bit if we time boxed most secrets.<p>(I have other proposals for protecting personal privacy, like with medical records.)

You can&#x27;t make &#x27;deals&#x27; with mathematics. As you can&#x27;t make &#x27;deals&#x27; with physics.

It&#x27;s a real shame that far too many people&#x27;s opinions can be made by simply arguing the four horsemen of the infocalypse[0]. These are the same types of arguments used by certain groups to promulgate their own agendas at the cost of individual liberties.<p>0: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Four_Horsemen_of_the_Infocalypse" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Four_Horsemen_of_the_Infocalyp...</a>

I dont feel particularly strongly one way or another on the encryption debate but everyone always points at the fact that crimes like child exploitation have existed for forever or that bad actors will just move to encrypted platforms. That ignores the fact that 1. things like Facebook are still relatively new and greatly enable these bad actors and 2. as the times article presents these platforms report a shit ton of this stuff so while I am sure there are plenty of bad actors moving to say signal there are plenty of others who aren&#x27;t.<p>It will be interesting to see how things play out though since section 230 reform seems pretty bi partisan. While that doesnt necessarily mean the reform needs to address encryption I would be surprised if it doesn&#x27;t

Speaking of spying on the populace, does anyone know why Palantir stock is on a tear for the past couple of days? There&#x27;s nothing publicly known that would cause this. Is the new administration planning to tighten the bolts &#x2F; expand the police state?

encryption for me but not for thee

I wonder whether we&#x27;re going to get a temporary break from this encryption surveillance ratchet with Biden as president, or if it&#x27;ll continue regardless. This seems to be one of Barr&#x27;s pet issues, and he&#x27;s about to be shown the door. Still, opposition to encryption rights has historically not been partisan, so I&#x27;m not optimistic.

Perhaps we&#x27;re using the wrong metaphor - lock your doors. Congress wants to ban door locks to your home, your car, your gun safe?