Security Experts Oppose Government Access to Encrypted Communication

An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.

A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.

3 Likes

If government wants access to the private keys of a specific person they’ll still be able to get it. They could just knock on someone’s door and demand they give up their private key, and if they don’t then they could force them to.

Encryption doesn’t solve the political problems. All it might do is make governments use forceful means to extract the information.

Encrypted communication makes the information secure but then as a result it makes the holder of the private key insecure.

The report is correct that in order to have information security then no one should be able to access it except the owner. The problem is it’s not practical to have that level of security without putting the owner in danger. It’s more of a security trade off unless the owners are completely anonymous.

The more the governments use forceful means the more the people will will speak out against the governments.

In order to communicate securely, I need to have the protection of the governments to protect me from the governments? And if it is a private party attacking me, the government won’t help because they can’t access my encrypted communication?

I have a private key to my personal private car, the nicer my car is the more “danger” I am put in of people trying to steal it. This doesn’t prevent people from buying nice cars.

1 Like

The dog was sick on my private key -oops!

1 Like

Thought I’d add this to the conversation - http://www.democracynow.org/2015/7/8/the_end_of_encryption_nsa_fbi

3 Likes

This is basically true. If your human rights are not protected by governments then governments can use encryption as an excuse to torture you, or kill people. Perhaps some security experts don’t care if people get killed or tortured over a private key because maybe they make money from patents or selling the technology. If they do care then they should put a disclaimer that it is not safe or practical for an ordinary person to protect a private key.

It’s not prudent to believe you can protect yourself from a government without the protection of a government. So it’s true that government is necessary to defend human rights. If you’re not physically safe then neither is your private key.

I realize now that a lot of posters are naive when it comes to this subject.

If a government wants information that you have then there is nothing you can do to protect yourself from them. There is no law to protect you, there is no defensive action you can take, you can’t do anything to stop them. The only thing which can protect you from being totally brutalized is another government stepping in and saying it violates your human rights and that is unlikely to happen.

If people start using encryption then government will simply start knocking on the doors of everyone who they know who uses encryption whenever they want the private keys. So in an investigation they’ll knock on your door and demand you give them your private key or else. How exactly does it make you safer?

The backdoors don’t make us safer but neither does handling private keys. So you’d have to split your private key up or let some professionals handle the majority of your split private key while you hold some percentage of it. Even under these circumstances it might not be completely safe but it’s at least safer than telling naive persons to hold their private keys on their personal computer so they can have the illusion of privacy.

Statists will have reached a new low if they start torturing people who have yet to be proven guilty. Guilty until proven innocent anyone?

Seriously, you would have to be suspected of committing some seriously bad deeds to bring out the finger nail removers.

For the rest of us, I doubt they will have the time or the inclination to do anything about it.

1 Like

If there is an investigation and they cannot see what you’re doing then they could claim you’re obstructing justice if you don’t give them your private key. If it’s a war then there isn’t any laws to protect you.

The current laws give governments the power to do practically anything during a war. Encryption is primarily a tool of warfare and intelligence agencies traditionally are set up to operate during warfare. You might actually be innocent and might not even have anything of value encrypted but it doesn’t change the fact that it would give the inquisitor the excuse to have fun breaking you.

And in the examples I gave it’s examples of governments being polite enough to knock on your door and ask you for your private key. If they don’t like you or aren’t so nice they could simply just kidnap you or people you care about until you give them what they want as ransom. There aren’t any rules to follow which is why it’s not enough to tell everyone to use encryption all the time with the assumption that people can even protect their private key.

A private key is something you have, something you know, or something you are. You can’t protect any of the three from a government. The best you can do is split a private key up into pieces and give the pieces to people who specialize in protecting private keys.

You can delete keys after use. What are they going to do then? Torture until death?

Yeah, oppressive regimes can do all sorts of crazy crap to violate individuals. So can other criminals. Encryption puts up another road block to them getting what they want.

1 Like

If there are people in prison for deleting the key are you going to donate to their legal fund? It’s easy to talk that way if you’re not the one being oppressed at the time but it doesn’t change the fact that governments can do whatever they want to anyone they want if they have the moral justification or legal pretext to do it.

It has to be known that it’s not easy to keep a private key safe. It should be known that most people who attempt to do so will fail either because of some error in how they store the key, or their hardware is compromised, or the random number generator compromised, or there could even be bugs inside their house monitoring their keystrokes.

Key security is not easy and just like passwords get stolen, computers get hacked, and physical wallets get stolen, so would private keys.

Probably the only way to keep private keys safe is to break them up. It’s sort of like with multi-sig where you cannot just give Mark Karpeles the one private key to a billion dollars. You have to break the private key up and distribute them among multiple trusted persons in different jurisdictions. None of them would control the whole key but each would have a fluctuating percentage of control of the key where through a democratic process they can vote on different actions. None of them have to know how much their votes are weighted either as it should be random.

That is one way I would secure the private key. It’s probably the only reasonable way to do it and it would be more like a jury. I don’t see how you could do it by just giving some individual a private key and telling them to guard it. Once the information it is guarding is worth beyond a certain amount of money or if a government wants the information then they wont be able to keep it safe.

To summarize the technologists are correct but they don’t explain how to realistically improve key security to a level where the encrypted information could be kept safe from unauthorized access. If it’s just what we have now then it’s a security against blanket surveillance but not against more targeted attacks. Widespread encryption protects against blanket surveillance but not against precisely targeted attacks.

What is behind this desire to monitor and control the entire population of the earth?

Maybe ‘The report from iron mountain’ was real after all…perpetual war or the entire edifice collapses.

2 Likes

You seem very intelligent @luckybit. I cannot argue with your statements, there are many aware of the atrocities governments have committed. But, as I have said “The more the governments use forceful means the more the people will will speak out against the governments.” This has happened in the past also. As I am sure you are aware, governments are not a permanent fixture, they are a constantly changing entity, it is only when we look to the future, as the governments do, that we can see a change.

The change of a installing a permanent encryption is what scares them, because it takes away their power. If they were to come banging on my door, i would probably give them my private key, why, because I have a family, if I was alone it would be different. There are many alone that have no fear of standing up, the more that stand up the more the World will become aware. It is then that changes will occur.

I take this as an invalid statement, for me, secure communication (encryption) is a human right. Governments using encryption as an excuse to torture or kill me is not my human rights being protected by governments.

EDITED: grammar

1 Like

If governments have access it is not secure. The best defense against a government is total anonymity. Security equals total anonymity.

Ubiquity is another good defense against government, because government, especially oppressive government, must be made up of a minority due their relationship morally, financially, and psychically as leaches upon honest society. A majority of leaches would kill any host over time, so they generally maintain a minority, but with majority support through sophism, fear, division, loyalty, and other ways of subverting peace, justice and non-violence.

Ubiquity of citizens streaming camera feeds from anywhere, means official costumed brutality more often is captured on video and the evidence is out of any local oppressor’s reach to censor. Ubiquity of firearms means that the use of violence to overtake citizens must be done in smaller groups at a time, and to fewer people, and with some hyped excuse that will at least convince some portion of society.

Ubiquity of encryption could mean that most personal computers don’t contain much useful unencrypted data because, well of course, most people’s personal data is securely and privately stored. Any encrypted data there doesn’t belong to that person anyway, so why would that be even of interest to anyone? The new reality might be that the data just isn’t there, so what is there to do? I’m sure someone could be forced to give a password by court order, say, but would there be any proof of what “should” be in the account, that it was the right account? You might have a safe one to hand over in mind. Are they going to kill you for that, and then explain that to your wife? “He didn’t tell us a password, so we killed him,” probably won’t go over great with the voters. I’m speaking of the US government here as I am most familiar, but, here, politicians don’t really want to be seen as illegitimate thieves and murderers by too many of their citizens, and they spend a lot of time trying to paint a pretty picture of their activities, along with the media.

One question I had, is it currently the case in the US that people are made to divulge username and password details for their own accounts based on court orders? I know that the companies who hold account information are, but is the targeted person themselves ever ordered to divulge their passwords. Could a search warrant be targeted at “the password inside John Doe’s head corresponding to his maidsafe network account”, as opposed to only being able to obtain the physical computer?

3 Likes

That’s just it. Encryption doesn’t take away the power from governments. It increases government power.

The government always had people who use secrecy and encryption as well as people who break codes. It’s more like a swinging pendulum. For example the Enigma machine was used by a government during WW2. Governments always used encryption and always had code breakers. The only difference is that different parts of the government are strengthened by encryption while other parts weakened by it.

Particularly law enforcement is weakened but special forces are strengthened. We simply don’t know which parts of the government will be strengthened or weakened but it’s not wise to assume encryption will weaken the government just like you cannot assume giving every American a gun would protect our rights.

You assume government cannot control the church, the media, public opinion through propaganda, ot shape the moral sentiments?

ISIS for example is a moral authority for the people who truly believe in it. Do you assume that a government cannot also be a religion or cult? Do you assume morality is objective and cannot be redefined by government propaganda?

Wide spread ubiquitous encryption at best would only change the form of government. Information warfare and propaganda influence the decisions of the masses, not reason, not facts.

Sorry, you are losing me here. Encryption is being handed to the public with an ease of use. It is irrelevant that “the government always had people who use secrecy and encryption”. Sure, the governments power increases because they can also use a strong encryption but the same goes for the public, an ease of use encryption give the public a lot more power which in turn decreases the governments power. If this is not the case why is this thread a topic?

1 Like

When we say encryption in this thread it’s referring to a valid encryption method that doesn’t contain an intentional back-door, right? So, special forces might be helped by being able to break through their G-encryption protocol, but are they going to use that protocol to protect their communication, knowing it has a back-door for outsiders to exploit? I think they will probably want a method that’s actually secure. So, real encryption will exist, but it will be hidden from most people. Not having well known valid encryption means privacy will only exist on the black market and for certain government actors and corporate insiders. Most average people will constantly be hacked and their privacy easily violated by thieves and ambitious cops alike, not knowing they are using intentionally corrupted security mechanisms, probably a bit like the present day.

Here I was trying to indicate that propaganda and other means are used to secure the majority’s acquiescence through deception. Changing perceptions of the morality of something is definitely a common drive for the criminal.

Governments are moral authorities to many, even though they may violate that claim. ISIS is a proxy force, I believe, run by those who cynically control their deluded followers with religion. [As an aside, my thoughts go to the billions of dollars spent by someone out of Turkey to build madrasas and NATO’s Operation Gladio, after thinking how parents want the best for their children overall, no matter what culture you might live in. It’s primarily only states and royalty that have the resources, and lack of moral restraint necessary to cynically pay for other children’s minds to be warped by manipulated religious sects, to later be used as pawns in their wars.]

I guess I assume that government is hard to distinguish from a religion or a cult, and that morality must be objective and universal to be valid. Propaganda can attempt to redefine anything to suit its purpose. For example, war is made noble by the propaganda redefining the morality of murder. Theft can be redefined as taxation and as a badge of honor, for another example. So I agree that governments try to bend morality to their favor, and sometimes wildly succeed in manipulating people.

You separate the “government” from the public. The government isn’t so easily separable. For example if weapons are given to some tribe in the middle east those weapons can find themselves being used on behalf of some government. It’s not so easy to create the distinction you’re creating.

What you’re saying is that law enforcement will be slowed down but the government is on both sides of the law. The government is both the organized crime and law enforcement. You’ll understand that if you look at less developed countries.

That was exactly my point. The US Navy created Tor. It was specifically created to help special forces. They don’t want backdoors because it impedes their ability to do what they do.

On the other hand law enforcement wants backdoors because strong encryption impedes their ability to investigate crime.

There is no good or bad guys. For the most part the general public will not benefit from strong encryption because ordinary people aren’t trained to make proper use of it, and aren’t special forces, so it would be less than useful to most people.

This doesn’t mean backdoors are good. It’s utterly stupid for the government to put in backdoors. At the same time we should not assume ubiquitous encryption is good either. It could lead to new forms of warfare because when law enforcement is rendered ineffective then it can escalate into a war. Look at countries where law enforcement is completely ineffective and what do you usually see in those countries? Do the civilians seem better off or are the civilians fighting in civil wars?

For people who aren’t civilians the strong encryption will be great. For people who are, it might not be so great. We have to wait and see what happens.

Morality isn’t objective, it’s subjective. As far as information warfare goes, that is ultimately the kind of warfare I’m talking about. All people’s minds are controlled by information and there is no objective morality which means there is usually a moral authority and that is usually the government.

Firstly there is no means to empirically verify this assertion. Secondly, it seems to me that the individual is still more secure than they would be otherwise.

It is the blanket investigation of the masses that tends to lead to singling out individuals. If blanket screening isn’t possible, then governments have little recourse in the matter - how do they know who to target? Only those that stick their heads up are eligible to have themselves smacked down.

2 Likes