US Homeland Security voices desire to restrict encryption

There is a clear propaganda war arising: UK governments and US governments repeatedly start to call for legal restrictions on the use of encryption technology. The whole crypto-community needs to beat them to the curve. We need to ramp up common and sensible use of encryption before governments start biasing public opinion.

http://www.technologyreview.com/news/536951/white-house-and-department-of-homeland-security-want-a-way-around-encryption/

4 Likes

Worrying indeed.

After reading some of the leaked emails/documents from fony it would seem that this is not just the ABCs wanting it but also the media giants pushing very hard for it. Apparently they want encryption broken (for the public) as much as the spooks

2 Likes

We need an offensive strategy and permanent solution. Sponsorship in all of its forms needs to become illegal. You can’t have democracy and sponsorship. This bribery (money) is free speech crap is really part of a plan that goes back to the 70s to take us back to a plantation style extraction system because decades before DAOs and DAC they realized they were no longer even slightly value added, if they ever were, and we don’t need them, their money, their power or their prestige.

Effective crypto will lead to de-funding of the world’s intelligence agencies as these entities all of them will be made transparent and so will all the big firms. One thing that is so maddening is lets say they make a list of encryption tech they dont like, well its not going to stop bad actors from using it. They think they can end whistle blowing with it so their purpose is censorship. Bribery-money-spying-sponsorship these aren’t free speech but encryption and privacy are. Notice how some in the state dont want us to have privacy and want to dampen our activity by spying on us but they hypocritcally want to decieve by making the money of canpaign contributions secret. Money has no place in elections its censorship to begin with.

2 Likes

That’s key because don’t forget, many will read the headlines “Department of Homeland Security will setup shop in Silicon Valley, asks companies to stop encrypting”, and not question or read between the lines.

Government agencies have a backdoor in many encryption programs, so by drumming this public message and repeating it, most will think oh so if I encrypt no one except me can access my data. This is the honey pot. They are setting up a scenario that’s favorable to their ‘violate everyone’s privacy’ mission. Gov agencies might catch a few baddies, (sorry I should use the official CNN/Fox language, “terrorists”), but at the expense of everyone’s freedom, not to mention some false arrests and accusations.

3 Likes

So what are we going to do about it? Don’t we have open source encryption methods that are not under government control?

2 Likes

Yup. Governments are impotent here. They can make all the noise and bluster they like and those who want to use encryption will still do so.

You can’t put the encryption genie back in the bottle.

4 Likes

I’m wondering if they can combat encryption by stopping internet service providers from allowing non-whitelisted encrypted traffic. At the moment we don’t have a suitably viable option other than to use the “ISP version” of the internet.

Is this technically plausible?

Wouldn’t this be solved upon maidsafe’s release? Maidsafe pretty much acts as it’s own ISP network by using conventional routers and cellphones as inferstructure. So what if your ISP blocks traffick, just reroute with a few routers as a backbone and a few more tablets and laptops to fan it out. If ISPs try to side with government then make ISPs obsolete.

1 Like

Here in Sweden we are free to use any kind of encryption. And hopefully it will remain the case. It’s still worrying though since governments often parrot each other’s regulations. And it’s worrisome for the SAFE network since MaidSafe is located in the UK. I think the technology people use needs to be in accordance with laws and regulations. Otherwise it forces people to disobey the law, which increases conflict and friction in society.

I don’t think that can work. How do you white- and black-list? On protocol? Then we’ll just wrap encrypted traffic in a white-listed protocol. On content? Then the ISP will need to decrypt and review the contents of packets. It’s not a given that the meaning of contents of a packet are obvious. Any programmer can and not uncommonly does write custom messages/data structures for their own applications. To someone that doesn’t know to which application the data belongs the contents of a packet may just appear like random ones and zero’s, just like encrypted traffic. If you ban that, every new application sending messages over the internet would have to be validated by the authorities. This would hurt innovation and be extremely costly to the economy.

There’s simply always a workaround, you can even hide data inside pixel data of an image. Just first send a base image that is unmodified, and then add data bits to every pixel’s Red Green Blue values in another copy of the image and then send that as well. The receiver subtracts the base picture from the second version and what is left is the data containing the actual message. Your ISP’s software will only see two images being sent, and updating such software constantly to detect such known methods is a lot more work than figuring out a new trick.

Banning encryption is never going to work. I haven’t even touched here what a liability it is for your ISP to be able to decrypt all traffic for inspection.

5 Likes

If they wanted to really restrict encryption, could they for example only allow encrypted traffic between the end user and specific web domains or servers? (The aim being to stop some of the uses which they deem undesirable). I don’t think it’s feasible because it would hobble so many ‘legitimate’ use cases. They’d have to be idiots to try this - the backlash would be large I imagine.

I suppose physically stopping people from using encryption may be out of the question. Perhaps they’d have to resort to making it illegal to use certain types of encryption in specific circumstances. They must realise that people will continue to use encryption. So, perhaps the intended effect would be to enable anyone ‘of interest’ to be ‘legitimately’ investigated should they illegally use some encryption?

I guess we here realise many downsides of restricting the use of encryption. It could stop all sorts of mind-bogglingly beneficial advancements for society at the same time as fundamentally restricting us as individuals.

Anyway - I anticipate people will keep using encryption!

Thanks for you reassuring replies @Seneca, @Anders and @Blindsite2k

I’m not an expert on encryption, so don’t quote me on this (though I do study computer science specialized in low level (close to the hardware) programming), but common sense tells me that it’s in principle not possible to discern the difference between encrypted data and data you simply don’t know how to interpret.

Deep down all data is just strings of ones and zero’s. Meta data like file headers and file extensions of publicly know file formats can tell how the actual payload should be handled by the operating system/applications. To continue with the image file example, a file with a BMP header and extension can tell you that the data should be interpreted as 24 bits red, green and blue values, 8 bits for each colour of a pixel. But if you encounter content without meta data, or meta data that you don’t know the meaning of, then you may not be able to tell whether the ones and zero’s are encrypted.

So in order to ban encryption, the monitoring systems that would analyse all internet traffic would have to know how to interpret every message of every application that has ever been programmed, and then be able to determine whether that data is “normal” data or “suspicious” data which may contain hidden encrypted messages. That seems simply impossible to me.

I think you’re right.
They could still make it illegal to use certain cryptography, even if they are unable to discern for sure whether or not it is being used.
This could give them certain advantages / powers, when it comes to controlling or monitoring specific people or groups.

To illustrate how insincere the government and spooks are about this, one only needs to examine an extreme example of how it could work and keep essential security. Please note that while this would be absolutely stupid and relies on joe citizen believing and made to trust the government.

  1. All encryption is banned and (pixy dust here) blocked
  2. EXCEPT that essential services register with the government secure proxy service
  3. essential services get given keys by the government so that proxy talks to service servers encrypted
  4. joe citizen can only use encryption to the government secure proxy.
  5. The government of course can now snoop/check if baddie is communicating. eg getting finance.
  6. Now the baddie just keeps using their drop points, coded messages “eg milk means a nitrate” etc

In other words the real bad baddies will just bypass it as they always have done.

The spooks are not stupid, they know that the real bad baddies will just be bypassing all their efforts, so the question has to be asked WHO ARE THE SPOOKS WANTING TO snoop on??

Basically this will end up like the export restrictions on encryption that were in place early on. They will be defeated by the simple fact the government simply cannot control it.

1 Like

This is about protecting bad actors. What they are setting up is what the East German government used to have where every call outside the country and in was supervised and say something wrong and you could be arrested right there on the phone with call supervisor stating “stay where you are at until the authorities arrive.”

911 was utter bullshit and it was used to foist this crap on us, that was its purpose. The official story shows they were totally complicit. Bush Admin people would actually refer to themselves as revolutionaries, because in their opinion Americans were getting too free- rejection of Nixon’s BS etc…

What could start to roll back are real leaks that tie this to members of the Bush admin even better if it went all the way back to the Nixon admin and their subsequent imprisonment. Then we could get rid of the patriot act bullshit. And start to roll back this nonsense that the artificial scarcity state is protecting us instead of trying to foist artificial scarcity like austerity on us. Exposing the 2008 financial scam as the scam it was and linking it to state and corporate actors would do that same. The same for both Iraq Wars and the 70’s oil embargo. This is the sort of shit we get when we allow business to run government, these are people who will tell any lie necessary to sell the most increasingly compromised products they can, and they are worse at government than they are at business.

No it’s just mainly being developed in the UK. However anyone can download the code and upon release it’ll be everywhere. And so what if encryption puts people at odds with the law. Pirating music and movies puts people at odds with the law and no one cares. Hell when was the last time you saw someone have a real morale debate about downloading a picture off google images to post on Facebook becasue they didn’t have the nessisary copyright liscense? Seriously even if the Man can monitor everyone it’ll be a bitch to enforce the law and even a bigger one to prosecute everyone. Cops cost money, equipment costs money, lawyers cost money, food costs money, prisons cost money, everything costs bloody money and 50% or more of your population breaks the law and protests against the law it’ll cost you more to enforce said law than to change it.

And yet look at this:

Half a billion copyright URL removals per year and climbing!

http://www.google.com/transparencyreport/removals/copyright/?hl=en

Yet more reasons to host our own stuff and decentralize. It’s easy to have copyright removals if everything is on youtube. Not so easy if its on random sites no one has ever heard of or better yet several sites and is all over the place.

1 Like

You know I just had a thought, it is not practical at all to outlaw encryption. All linux distros use encryption and most web servers these days use Linux, at least the one’s worth their salt do. Seriously so much of our day to day internet usage depends on open source software that we don’t even realize it and so much of that relies on encryption. Encryption is not just about private communication. It’s about developing secure and quality software. And if there is a back door the government can peek through then there’s a safe bet that some hacker will be able to get through that same back door and compromise the code. And if there’s a security vunrebility like that knowing the open source community the software will be forked and the security hole willl be closed. That’s why we have encryption and why we KEEP encryption. And that’s also why open source is depended upon, because it’s more secure. The government is whining because they can’t snoop on us but it’s because we’re so secure that people depend on us.

1 Like

Without going all too technical, it does deserve being said that there are calculable measures (entropy) on given data; it in some sense tells you how much information is contained in that data. The aim of good encryption is to bring the entropy of your encrypted data as high as possible; i.e. make it be as close as possible to look like random data (where no information is present in)