Interestingly, this would also seem to have the potential to defeat encryption, since it directly accesses working memory.
This is why I have always been cautious about those who advocate personal cryptography as a privacy solution. We need clear laws, first and foremost, to reign them in. Otherwise, we are effectively saying that if they can get it (i.e. decrypt it), it is fair game. Cat-and-mouse is not a game we want to play with the NSA.
Except encryption provides a level of privacy that has never before been possible. Could you imagine a physical padlock that was unable to be cracked, cut, or circumvented in any way? It is easy to see how that would scare law enforcement. Imagine your job is to keep people safe. Now envision a kid strapped to a bomb inside a shack and the only thing preventing you from breaking in and saving that kid's life is that magical and unbreakable padlock. That is how many laypeople view encryption. It is hard to tell that person that you won't consider introducing any weakness into that lock.
The really interesting thing about point 1 is that with encryption, there's really extremely little personal risk to being unlawful when it comes to encryption. That's why this is a losing game of chess for them. Encryption is just math, and you don't need anybody's permission to do math. You can take a system that the government has mandated be broken and you can do good encryption inside that system by layering it. And good people who simply want to be safe will do this. And so will terrorists. Outlaw good encryption and a whole sub-industry of deniable encryption tools will emerge. And they will have achieved nothing except that our companies won't be allowed to officially support strong encryption, so they'll be disadvantaged in the marketplace. It's a really backwards move.
While I support the sentiment that privacy is important, comparing encryption to locks in this ghastly context is self-defeating.
Recall that there were more than one instance where critical evidence against a wealthy person, required for the prosecution to make a compelling case in court, was obtained by force with a police raid. At least one such instance happened in the US in 2019 and was well-publicized.
Now imagine a real-life security system that is absolutely, one hundred percent immune to unauthorized entry, even if it is attempted as a part of law enforcement raid.
It is possible to identify with the argument that everyone should have access to such an impenetrable lock. However, it’d be really hard to argue that widespread access to it wouldn’t create a radically new situation.
I don't think breaking encryption is a good idea, but I will say that until recently law enforcement could tap phones, rip open envelopes, and get a court order to break into your house and search it. There was never the level of privacy against law enforcement that encryption offers.
Pro: The government recognizes the value of a well-built encryption app and is using it.
Con: The government does this while still insisting that encryption should have a backdoor in it, thus creating the impression that Government officials deserve bulletproof encryption, but private citizens don't.
It would be interesting to see what happens to Signal if encryption legislation is ever enacted, and/or if it would continue to be used.
This idea of her's scares me. There is mathematically no way to allow the government access to encrypted documents without potentially allowing bad actors access to them. It's math, you can't just change math because you will it.
And even if you could somehow get encryption that maintains security and allows government investigation, there is no stoping people from just using software written outside the law.
And that is assuming that you don't consider the government itself or any person who works for it as a potential bad actor.
That whole idea is all sorts of bad. It makes law abiding citizens less safe while doing almost nothing for our security.
So really it wouldn’t be encryption so much as right to have secrets. Because whether I use EDCA or a really strongly in crackable safe, my right to privacy should be a thing?
It sounds like somewhat of a stronger version than the US’s fifth amendment which says that you have a right to privacy unless it has to do with the crime currently being investigated. And come to think of it, encryption is unconstitutional as in because the government can subpoena or obtain a warrant to your information it may not be able to enforce it because of the encryption. So either the government has no right to subpoena or encryption is illegal.
In free societies people have a right to privacy. The government should not have access to any information at all unless there's a good reason. Even then, their access should be as limited as possible. If that enables more crime, so be it. That's the price we pay for freedom.
Governments have proven again and again they won't respect these rights. So people will make subversive technology to defeat them. Cryptography has that kind of power. They'll have to increase their tyranny in order to stop it. Is there a limit to how tyrannical they're willing to become in order to control their subjects? We'll find out.
I think the point is to carve the division between tech-literate and common communications in stone -- to prevent privacy and security from ever going mainstream. If encryption is outlawed, people using it will be easy to identify and manipulate.
There is a certain romantic man against the world sort of idea where I support this kind of privacy. Some kind of 1984 like scenario.. I'm thinking like someone writes some particular brand fiction for his own enjoyment, somehow it becomes illegal and he's now a criminal for his private thoughts or the contents of his private writings. Or practicing an outlawed religion in private or something. The reality of the most recent cases regarding this stuff is you've got some fairly petty thefts, child porn, and similar crimes. An investigation reached the point where a computer was seized, they drew suspicion,crimes may have been observed and recorded, it's not like they were randomly going through customs or pulled over by a police officer and the contents of their computer were requested. Are there any cases of note where the suspect or defendant has some sort of cause to champion?
If we accept that this encrypted space is protected by the fifth amendment, then why won't we just regulate that encryption needs a "law enforcement access key" or make such encryption just illegal? You can make a very compelling case that it's not serving any public good if you can list off criminals and crimes that have gone free because of it. That would make the very use of encryption potentially becomes a crime regardless of the encrypted information content. Is that not the logical next step?
I'll assert what I've asserted many times, here and other places: if you're breaking the law for some ideological reason and keep encrypted electronic records of it, you're way better not going to court and not being on any police or prosecution's radar than just banking on the encryption holding. Pirating movies on bit torrent isn't exactly civil disobedience either, that would mean doing so openly and publicly.
My point is that encryption is good and bad, but we can't completely enable it to be utilized for criminal activity. There will be the need for a resolution to be reached on who gets access to this information, in what situations, and maybe even strict prosecution if the information is ever used incorrectly.
The way I see it is, we have a right to privacy. Government overreaches in years past have slowly chipped away at the legal protections of that privacy, and say that, for example, our emails are fair game without a warrant because they're sitting on someone else's server, so we obviously don't care to keep them private.
If we encrypt those messages end to end, they can't use that argument, because we're taking clear measures to keep them private even from the server owners. So it destroys a legal argument as well as letting us take back our own privacy and protecting it without relying purely upon an ever weakening legal protection.
That's why I do encrypt and advocate encrypting email, not to avoid NSA scrutiny. If one's life were to depend on avoiding such scrutiny, however, the advice in the article may be reasonable.
Memorizing an unbreakable password to an encrypted file is a lot more convenient that memorizing the entire file and then destroying the bits.
However legally, I believe it should have the same net effect, because using technology to augment our increasingly limited biological memory shouldn't eliminate the protection against the government accessing that memory to use against us.
Maybe I'm 10-100 years early on this, but I think time will tell.
The impulse to protect people from themselves is a dangerous one. In the article itself we see that in practice it is used to push inescapable spyware.
"But our spyware is better than their spyware!"
Google says they will protect you. But the truth is they are just concern trolling to shut down marginally worse competitors.
For kids and elderly that can't make decisions on their own it could be default -locked to some entity contractually bound to good ior. Locked with an administrator password. That would be a reasonable compromise.
Here's my biggest complaint with this debate - people are confusing literal with metaphorical. They make the analogy of the unbreakable safe. Encryption isn't that. You can still recover the physical phone and all of the storage chips on it.
That the patterns of bits in the chips make up some unrecognizable utterance is seemingly immaterial. I could write gibberish in my journal at home if I wanted to, and I think we'd all agree it would be ridiculous for the FBI to run around screaming about unbreakable ink
This is why I have always been cautious about those who advocate personal cryptography as a privacy solution. We need clear laws, first and foremost, to reign them in. Otherwise, we are effectively saying that if they can get it (i.e. decrypt it), it is fair game. Cat-and-mouse is not a game we want to play with the NSA.
reply