Have no doubt about it, this marks the beginning of the end of online privacy. Now that even the U.S. govt is asking for the TLS Certificates there is no country that has the moral high ground on this issue.
I'm from India and when I heard that the Indian government was asking Blackberry for its encryption keys I thought "Hah these people are so ignorant! They don't even know how public key encryption works!!". In hindsight it doesn't look very foolish. In fact they're openly building a surveillance system called CMS which has no checks and balances even on paper. Unfortunately in a country like ours with has so many other pressing issues it isn't a big deal yet.
Recently some governments tried to orchestrate a power grab of the internet via the ITU but it was vetoed by the US. "Its better to let the US govt. have a monopoly on the internet", or so I thought. What with all their constitutional protections and all. Recent developments have shattered my hopes.
The NSA's worst case scenario has already happened. Other than some modest outrage on the internet nothing much has changed. In a sense it shows a tacit acceptance of mass surveillance by most of the public. Hence my opinion that recent events mark a turning point.
With noone having the moral high ground its quite likely that all world governments and corporations are soon going to come to an agreement on permanent mass surveillance . What then ?
It is exceedingly disturbing. I have no answers. The potential solutions will probably be even more disturbing. I can imagine there will be proposals for everyone having some cryptographic ID to use the internet so all data creation can be tracked to an individual. The end of privacy and freedom.
I wonder if we are going to reach a sort of singularity with regard to encroachment on privacy in western countries where we both take it for granted that privacy is a right, and live in societies where actual privacy is clearly trending somewhere just above zero.
I don't think this is really about cryptocurrency particularly. This is about electronic transfers generally. My read on this was that the government is basically saying "big transactions can't be in something we can't feasibly track."
Australia seems quite aggressive in this regard; also openly banning encryption.
I used to be up in arms about this stuff. Now I am older and mostly trust (for my threat model) off-the-shelf end to end encryption for basically anything I consider private.
But I also don't care about the privacy thing anymore. I kind of hope the people 10+ years younger than me still care about that stuff. Google reading/mining the dick jokes I've been sharing back and forth in a dying g-chat window for the last 10 years? Whatever. I'd still keep the conversation there just for intertia's sake; even though I also assume its adding to google's model about me.
I don't think, at least in countries culturally similar to the US (the one I know the most), any populous will embrace the idea of "let the experts of the government see everything so you can all be safe"; but, it also seems that we will just trend toward that and kinda pretend like its not happening.
Things like this are going to force a confrontation at some point. Either the existing programs for monitoring people are going to become progressively more useless as people switch to HTTPS for example, or the government will insist very forcefully to get access--getting private keys from certificate authorities, for example.
I share your concerns, though I don't necessarily agree that it's the last days of freedom on the internet. With peer to peer and encryption any number of secure platforms can and have been built that are impossible for third parties to spy on. However, just because we can build these, doesn't mean they'll get the critical mass required for use. People will still gravitate towards the cool/popular/easy-to-use systems like Facebook, GTalk, Google Hangouts, Skype, etc. Those systems will be increasingly subject to eavesdropping and a general lack of privacy.
The irony is that even if this bill went through and got every major internet company to provide backdoors for wiretapping, they'd only be catching the low hanging fruit.
The beginning of the end of privacy.
The beginning of the end of freedom of speech.
Who will control the conduit to the outside - NOT the individual.
This is the beginning of a worldwide MITM attack on all of society!
Tyranny comes slowly, like an aid to ones life until you are trapped by it and no longer have the ability to reject it. It gives you just enough riches to allow you to hang yourself, or to force you throw yourself at the feet of the tyrant.
Nothing good will come of this if it is allowed to be enforced unchallenged.
Just who is looking to the future for the benefit of the masses?
I feel sad that we're (and possibly always were?) in a world where what you've said is true.
The collective lack of discernment and the collective lack of outrage (with appropriate action) make it seem like humanity would, probably by the turn of this century, live in one of those dystopian societies that we know of only from science fiction.
I'm trying to hold on to hope that there will be a revolution - decentralized communications, strong encryption as defaults, privacy conscious people understanding how they're manipulated and using solutions that help them stay out of "bubbles" and in control of their privacy, etc.
Sorry to say that, but stuff like this has to happen at some point when people don't own their devices. Currently, nearly no one owns their phone and at least EU legislation is underway to ensure that it stays this way. The next step will be to reduce popular services (public administration, banking, medicine) to access through such controlled devices. Then we are locked in.
And you know what? Most people deserve to be locked in and subject to automatic surveillance. They will wake up when their phone creates a China-Style social score automatically, but then it will be far too late. It's a shame for those people that fought this development for years, though. But the "I have nothing to hide" crowd deserves to wake up in a world of cyber fascism.
I don't worry about stuff like this too much, or stuff about the UK wanting to do stupid stuff like ban all encryption. I believe the internet is going to become more private and more anonymous as time goes on. Eventually everyone will be using the equivalent of VPNs on machines/browsers that don't give out any identifying information unless a user extremely explicitly tells it to. Or perhaps something similar to Freenet will become much more popular. We're already seeing hardware (like the iPhone) coming encrypted from the manufacturer with seemingly no way for any government agency to decrypt it forcefully. Ad blockers and tracking blockers are more popular than ever. Firefox just today released an update to help prevent trackers.
It's just a matter of time - ISPs and governments and corporations will lose the ability to track their users outside of their specific platform, and many of the platforms we use today will be replaced with P2P alternatives that make tracking impossible and aren't "owned" by anyone. I am sure the governments of the world will be livid.
It's a politico-technological arms race. Governments make laws. People make technology that nullifies those laws. The government reacts and makes laws that circumvent the technology. People make even more technology to deal with the new laws. This can end in one of two ways:
1. Subversive technology becomes so ubiquitous and easy to use it's impossible to fight it. The government stops trying.
2. The government's control increases to the point of tyranny and people are no longer free.
I want the government to give up. Anything else will mean the destruction of the free internet and free computing we all enjoy today. I don't want a future where encryption is military use only because of laws that make it impossible to run code not signed by the government.
> But I'd at least like to see builders grappling with that balance.
There is no balance to be had. The internet contains the full spectrum of humanity. The very best and the very worst of humanity are both be found on the internet. The governments were oblivious for a while but now they want to narrow down the spectrum. As they impose laws and exercise control, the internet becomes safer but it also becomes less international and more regional. The flow of information is no longer free and unrestricted. The spectrum is narrowed down from both sides.
Sadly it will only get worse from here. I am happy to have enjoyed the internet while it was in its infancy, and I am sad that future generations will probably never experience it.
> Especially given recent prominent reporting around this:
Every article about encryption regulation is like this. Pedophiles and terrorists. Children in particular are the perfect political weapon. The exploitation of children provokes reactions in people that are so visceral they are ready to accept any law that would supposedly make it stop. Anything can be justified with these arguments and anyone who disagrees is labeled a pedophile apologist and instantly shunned.
A "tipping point" with respect to the public-at-large? I doubt it. I'd like it if it were, but I don't think enough people care. I expect (sadly) for the buzz about this story to have completely disappeared off the radar of mainstream media by next week, and to die down even online shortly afterwards - except among extreme civil libertarian types and people who always get worked up over this stuff.
On a personal level, however, I'd say the answer is "yes". It won't be an overnight thing, and I can't say I'm going to abandon Gmail, G+, Facebook, etc. completely, but I will be making changes in how I manage certain things. Probably the most significant will be using pushing for more use of encryption and services like Tor and I2P, both for myself and among my friends and acquaintances.
One of my goals is to start a new cypherpunk / crypto-anarchist meetup / group in the Raleigh / Durham area, and start doing things like offering sessions / classes to the public on "How to use Tor" and "How to use I2P" and "How to use PGP" etc. along with political advocacy.
This is a defining moment in history, one which will shape the digital environment in which we all operate for decades to come. By the time the last echoes have fades HTTP and SMTP will likely no longer exist, every last bit of every communication will be encrypted and the general public will be about as paranoid as the most tinfoil hat type of 2 years ago.
All it takes for that to be the case is a few more things to happen:
- someone leaks a substantial body of cleartext records on citizens
- ditto on some foreign head of state / politician / judge
- ditto on an American politician
The term 'plaintext' will be as antiquated as 'morse'. Still occasionally in use but not for anything that matters. Intelligence agencies will be reduced to traffic analysis and likely not even that with a vast chunk of the internet simply going dark, either as a mesh network or in some other decentralized fashion where there are no more supernodes such as Mae-East, Mae-West and Front 151.
The other alternative is not so much fun so I won't outline that here. There is a good reason why 'may you live in interesting times' is considered a curse.
The fall-out from this will affect every hacker, every start-up and likely every company operating at the moment with even a peripheral interface with the digital world, which is probably all of them.
Sounds like 1984 coming closer and closer each day.
I wonder however about the negative consequences to the tech industry, why would a company purchase a service they can not trust anymore due to weak encryption?
They government probably also will miss their target completely as criminals/ terrorists etc will simply choose other products and services.
It's such a pointless war on its own law-abiding citizens. It makes me sad.
People that really care about privacy, people who need to hide what they do will not be majorly impacted.
* The main threat is metadata anyways, not the data itself. Locating where you are (e.g. with millions of cameras and facial recognition) is a much worse threat.
* They will still use full disk encryption, free software, PGP or AES, etc. outside of the affected apps. That software won't stop to exist, nor the mathematics that powers it will stop working.
The sad part is that the people who will be disproportionally affected will be the common people who have nothing to hide anyways, and do not have the technical means, or the will, to protect themselves.
I personally think this will all go back somewhat. With which I mean, information about us being collected without our knowledge and everybody having all their data made available to big companies.
One reason for me to believe this, is that it's already getting somewhat creepy, even for the general public. When the new invigilation systems at china get demonized in public media, people will start to care about privacy a lot more. Which will open a lot of market space for companies focusing on privacy. Apple is one company I have in mind here. But, especially with articles about homomorphic encryption coming up more regularly and a lot of research on how to train ML systems with anonymization on end user devices (a blog post about Siri and differential privacy comes to mind) going on, I think companies will start to cater more to those needs of society. End-to-end encryption is already a standard feature in new messenger applications.
I'm honestly more concerned about the immediate effects today in the USA than what China can do with it. And with the slippery slope effect in the United States.
Today it is "think of the children" tomorrow it is "prevent terrorist attacks", eventually it is "citizen why do you have union organizing material on your iCloud uploads?"
And we've seen the big tech giants steadily morphing into quasi governmental agencies and we've been steadily giving up privacy rights over the decades. I don't think its a huge leap from where we are now to having Apple/Google/Amazon devices that are monitoring what we say AND reporting on suspicious activity. Particularly when combined with those companies wanting to own your private time and link all your accounts with them.
The logical end point, if you think it through, is scary for technology. There will be a battle for a time where legislators play cat and mouse with technology and privacy companies. But as each new hole appears, they'll invent new laws to close them off. This wouldn't be so bad except for the problem that encryption is math and short of making math illegal there will always be a hole. Factor in steganography and it just gets worse.
But this doesn't mean that technology wins. Rather, it makes the loss even worse, because it means the laws will ultimately have to be defined in reverse - rather than outlawing encryption, they will have to outlaw inability to decrypt. That is, it will be the end user's responsibility to ensure that authorities can decode data you transmit. Transmission of undecryptable data will be a crime, in and of itself.
Apart from the obvious dystopian consequences, this will impact progress in technology tremendously - suddenly it won't be possible to just invent a new data format or protocol any more. Doing so will put you at extreme risk of being interpreted as sending unauthorised encrypted data. So data formats will have to be registered - to send data in a new format you will first have to register a codec with the government and probably yourself have to be licensed. This will have a severe chilling effect on innovation. Software development, already dominated by tech behemoths, will become completely out of reach of small development teams simply because the regulatory burden is so high.
It's a depressing picture but given the trends of late I don't really see it going any other way. Only some extreme swing back towards individual rights over rights of the state will change its direction. But terrorism seems to have set in as a permanent tool for governments to grind away at individual rights.
Privacy first, freedom a distant third or fourth. As everything becomes HTTPS only due to cargo-culting by people applying business practices outside of context the re-centralization of the web will be complete. A handful of single points of failure (the TLS cert authorities that everyone groups up in) will exist for governments/public to pressure, for accidents to happen, and for money to corrupt.
I'm from India and when I heard that the Indian government was asking Blackberry for its encryption keys I thought "Hah these people are so ignorant! They don't even know how public key encryption works!!". In hindsight it doesn't look very foolish. In fact they're openly building a surveillance system called CMS which has no checks and balances even on paper. Unfortunately in a country like ours with has so many other pressing issues it isn't a big deal yet.
Recently some governments tried to orchestrate a power grab of the internet via the ITU but it was vetoed by the US. "Its better to let the US govt. have a monopoly on the internet", or so I thought. What with all their constitutional protections and all. Recent developments have shattered my hopes.
The NSA's worst case scenario has already happened. Other than some modest outrage on the internet nothing much has changed. In a sense it shows a tacit acceptance of mass surveillance by most of the public. Hence my opinion that recent events mark a turning point.
With noone having the moral high ground its quite likely that all world governments and corporations are soon going to come to an agreement on permanent mass surveillance . What then ?
reply