Code Specialists Oppose U.S. and British Access to Encrypted Communication

This debate seems like a manifestation of a problem with governments: They think they can legislate anything they want. Need access to some communications - green light for massive data collection. Some of it is encrypted - just mandate a back door. School shooting - new gun laws. Any problem activity - we'll just make it illegal. Something not getting done - we'll just mandate someone take care of it. They really don't know how to stay at a higher level, it's all micromanagement. Some things are just not possible, but they'll try to make it so with the stroke of a pen.

The way I see it, law enforcement has had it far too easy for far too long. The Snowden revalations finally turned over all the rocks and people saw that they have been <i>grossly</i> overstepping both ethical and legal boundaries, and encryption is finally getting the mindshare it desperately needs.<p>So to their petulant cries of being unable to read our communications anymore, I say: fuck &#x27;em. Time to <i>earn</i> your keep now, boys. You&#x27;re not going to destroy our Internet just so you can keep feeding the mass-surveillance beast.

Here&#x27;s the actual paper: <a href="http:&#x2F;&#x2F;dspace.mit.edu&#x2F;bitstream&#x2F;handle&#x2F;1721.1&#x2F;97690&#x2F;MIT-CSAIL-TR-2015-026.pdf" rel="nofollow">http:&#x2F;&#x2F;dspace.mit.edu&#x2F;bitstream&#x2F;handle&#x2F;1721.1&#x2F;97690&#x2F;MIT-CSAI...</a>

&gt; “Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,”<p>And there&#x27;s the nut. The concern of law enforcement is not protection of citizens, it&#x27;s ease of prosecution and resume building.<p>No one can claim credit for a general environment of ongoing secure communication, but cops and prosecutors can definitely claim credit for specific arrests and prosecutions, even if that general security environment is all but destroyed.<p>In fact, the more breaches, the more crimes, the more cops and prosecutors are needed. Job protection.

The headline belies the utter ridiculousness of the idea. Why would the United States and United Kingdom be singled out to have backdoor access to all communications? To hang onto the tattered remnants of their empires while keeping their own people in line despite their declining political legitimacy.

They can &quot;oppose&quot; all they want.<p>That&#x27;s why we have PGP, in open source.<p>And that&#x27;s why in the US we have:<p>&quot;Amendment IV<p>&quot;The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.&quot;<p>I know; I know: Various people working for the people are all wound up about <i>wanting to know</i> and <i>wanting to be sure</i>, wanting to be sure they know just what is in all those e-mail messages. Their thinking might go:<p>&quot;Those messages, they are sending lots of messages, are they planning something? Are those people up to something? Are we at threat? We want to know. Why do they encrypt their e-mail messages if they have nothing to hide?<p>&quot;If they have something to hide, then definitely for the good of everyone we should know about it and they shouldn&#x27;t use encryption. Else they might be planning something. If they have nothing to hide, then they shouldn&#x27;t mind our knowing and shouldn&#x27;t use encryption.<p>&quot;Yes, definitely we should have full access to all e-mail and other communications, computer hard disks, private conversations, private thoughts, etc.&quot;<p>That&#x27;s what some people working for the people think.<p>Sorry, guys, I&#x27;m one of the people you are working for, and you will just have to do your job without violating the Constitution. It&#x27;s an old story, as is encryption, and e-mail, the Internet do not fundamentally change the situation.

Despite the political element, there is a poor history of keeping these kind of keys&#x2F;methods secret. See the AACS encryption fiasco, the cable card hacking wars over the last decade, Clipper chip mentioned in the article, etc.

My favourite quote on this (from the UK perspective) from Ross Anderson (one of the co-authors): “A point I would like to make to the prime minister and his circle is: whoever put the prime minister up to this should get a complete bollocking. The proposals are wrong in principle and unworkable in practice.”<p>There is no quicker way of alienating people who understand complex things than by pretending that you know better and have thought of a brilliant solution.

Being HN I&#x27;m sure many of us have dreams about future computers that are seamless extensions of our bodies, doing more than we could ever imagine with a phone or a watch.<p>Do we also have nightmares about a hacker stealing a government&#x27;s back door key and giving us a heart attack in our sleep?

The attack on our ability to encrypt is in the end an attack on the right to private thought. Loosing this, while we merge with our digital creations, is an existential threat.

Perhaps governments need to apporach the problem from a different angle: <i>How can we limit the extent to which bad actors (e.g. terrorists, organisaed crime, etc.) can benefit from private&#x2F;secure communications technologies without compromising civil liberties and our citizens&#x27; right to privacy?</i><p>If anyone can solve that problem, surely it&#x27;s us - the technologists, the problem-solvers?

How is there no mention of CALEA[0] in this document? They even hint at it in the Executive Summary:<p>Indeed, in 1992, the FBI’s Advanced Telephony Unit warned that within three years Title III wiretaps would be useless: no more than 40% would be intelligible and that in the worst case all might be rendered useless [2]. The world did not “go dark.” On the contrary, law enforcement has much better and more effective surveillance capabilities now than it did then.<p>[0] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Communications_Assistance_for_Law_Enforcement_Act" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Communications_Assistance_for_...</a>

&quot;Michael S. Rogers, the director of the N.S.A., has proposed that technology companies be required to create a digital key that could unlock encrypted communications, but divide and secure the key into pieces so that no one person or government agency could use it alone.&quot;<p>Conveniently, Microsoft has a patent on just that. <a href="http:&#x2F;&#x2F;www.google.com&#x2F;patents&#x2F;US8891772" rel="nofollow">http:&#x2F;&#x2F;www.google.com&#x2F;patents&#x2F;US8891772</a><p>Michael S. Rogers should disclose any financial interest he may have in Microsoft. Or does he have something to hide?

Here&#x27;s the paper:<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9846414" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9846414</a>

They already ban encryption on ham radio... :(<p>Maybe somebody can start a pay to broadcast service using namecoin atomic name changes <a href="https:&#x2F;&#x2F;wiki.namecoin.info&#x2F;?title=Atomic_Name-Trading" rel="nofollow">https:&#x2F;&#x2F;wiki.namecoin.info&#x2F;?title=Atomic_Name-Trading</a> 1. Service announces public nmc pay to address. 2. People mail them a message as a name update transaction combined with payment to that address using snailmail. 3. They broadcast if the perceived risk of broadcasting is less than the value of fee provided.<p>This could be anonymous and encrypted if the source name coins are sufficiently anonymous.

Would it have killed them to link to the paper?

Can we stop the sharing of pay-walled content please, just pick another source?<p>ot: What do they (cameron and c&#x2F;o) think the best case scenario is for this folly? Disrupt a few mainstream services while pissing everyone off in the process whilst the real criminals move on to slightly more obscure services?

&gt; The costs to the developed countries’ soft power and to our moral authority would also be considerable.”<p>That moral authority undermined in part from the risk of secure government data being exposed, and government operations then being exposed.<p>Breakable encryption is definitely a double-edged sword.

How would they feel if China and Russia was given the same backdoors? What would they legislate then? It&#x27;s not as if internet traffic can be quarantined.

Right - and &quot;the government&quot; isn&#x27;t a single entity. Members can defect (ala: Snowden and others).