I'm not sure what you mean about the outdated, you might be writting to another post but:
> Anyway, what happens when messaging with ciphertext becomes illegal?
Those who have nefarious intentions don't really care what the legality is.. Also those who are not nefarious encrypted aren't identified because they're encrypted.. Thats why this argument seems very.. Moronic at best.
Generic response and not this law in particular - things have changed. Internet protocols were not defined with security in mind and look where it has led to. Cryptocurrencies were created in similar naive fashion, and look what kind of pathetic amoral shit they evolved into.
We didn't have PRISM, Guantanamo, war on terror creating and seeding terror, war on drugs creating whole drug empires and cartels, extroverty sociopath with most power in the world and so on.
some things are not possible anymore, some new are. I'll take at least some attempt to protect end user data over outright lying to my face and "we're above the law" any day.
Illegal strong encryption was, in fact, the law for many years. It was changed only when it was realized that the lack of robust security was harming the emerging "e-commerce" markets. Certainly it wasn't due to a concern about 4th and 5th amendment rights.
I thinks it totally different. At the end of the day, the law could reach the original Internet. It really wasn't much different than telephone lines. Encryption is where everything changes. I think everyone should be at least a little bit nervous about where these crypto technologies are taking us. Once criminals learn how to use this technology, there's probably no going back.
That's a good point that I hadn't realized. If this were to pass, they can get you on using encryption without actually charging you with any other crime. That's scary.
We do not live in the pre-digital era. We do now have the technology to make secure communication possible. The question is whether it should be legal. I think it is overwhelmingly the case that it should be.
Used You Broadband a few years ago. Awesome service. Had no problems whatsoever with the level of encryption of anything. This is most probably an outdated law requiring them to have this clause. I am pretty sure banking rules and regulations require a much stronger encryption. So the law is at odds with itself :/
What are actual laws you're thinking of that aren't attacks on end to end encryption? All of this is already highly illegal the difficulties are finding and prosecuting the criminals.
The motivation driving these laws is E2E encryption that if implemented correctly are uncrackable. Today, pretty much everything is encrypted but since the provider has the keys they can access the messages. E2E encryption shifts the keys to the user which means that the provider has no access to the content of the message. They are theoretically uncrackable without the user's secret and when it's Apple, Google, Facebook, et.al. implementing the system and not some 2 bit criminal operation it will be uncrackable in practice.
It seems to me that, for example, PGP is much more vulnerable to legislation than SSL, simply because of the latter's popularity. Not that I think either are currently particularly likely to be legislated.
Well, there had been laws treating encryption as weaponry, and forbidding it's export. So outlawing it for such uses, is not that far fetched. We've regressed a lot in a lot of areas since the nineties.
OTOH, VPNs are needed by companies of course, so they can't outlaw this kind of use. But it's not like they cannot poison usenet/tor et al, and catch guys this way. If they have their way, one can imagine a future that you're only allowed to VPN to a whitelist of addresses that you have declared beforehand for business use --or something of that kind.
Also, how about any "odd" pattern, like repeated high volume traffic, giving them "probable cause" to bust into your house and check for illegal downloads?
Pretty sure the government won't view it that way. It'll be called a loophole and crushed if it gets mainstream. This is the country where sending an HTML GET and receiving response 200 can be prosecuted under the CFAA.
We need a legal environment that explicitly protects encrypted communications, not one where they are are maybe tolerated on the fringe.
My point is that analogies from the real world do not extend very well to digital things, and you can end up with some extremely broad laws that are misused. We already have problems like DMCA because of that. Ultimately, it's very difficult to have consistent laws around encryption.
reply