from Hacker News

DOJ – International Statement: End-to-End Encryption and Public Safety

by grubles on 10/11/20, 5:06 PM with 20 comments

• by seibelj on 10/11/20, 7:41 PM

  "We recognize that strong encryption is vital to the functioning of society. That said, we demand access to all encrypted communication because - Just Think of The Children."

• by jlgaddis on 10/11/20, 9:18 PM

  From the Cypherpunks FAQ (1994-09-10) [0]:

    8.3.4. "How will privacy and anonymity be attacked?"
  
    ...
  
    - like so many other "computer hacker" items, as a tool for
      the "Four Horsemen": drug-dealers, money-launderers,
      terrorists, and pedophiles.
  
    ...
  

  See also "Four Horsemen of the Infocalypse" [1], "Crypto Wars" [2].

  --

  [0]: http://groups.csail.mit.edu/mac/classes/6.805/articles/crypt...

  [1]: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...

  [2]: https://en.wikipedia.org/wiki/Crypto_Wars

• by hprotagonist on 10/11/20, 8:32 PM

  as was flagged to death earlier this week: DOJ is 100% capable of embedding humans deep within criminal enterprises that pose genuine security risks to the federal government. Combine that with regular old-fashioned things like those novel legal devices called "search warrants", and FBI does just fine at getting inside secure comms without fundamentally lying about the nature of mathematics at the same time.

• by trunnell on 10/11/20, 8:40 PM

  Maybe we need to advocate for changes to US law such that citizens maintain their expectation of privacy when sending messages through third parties. Then it would be like it used to be when law enforcement needed a warrant to obtain an individual’s communications, which is then served to that individual rather than to a third party communications provider.

  Also, it seems like it’s time to remind everyone that only totalitarian governments want to read everyone’s mail all the time to look for crimes. Our bill of rights expressly forbids this. I really don’t understand why the DOJ would write a letter like this that to me, a layman, reads like it is plainly in violation of the 4th amendment.

• by bradknowles on 10/11/20, 5:57 PM

  I call bullshit.

  The US DoJ might say they want end-to-end encryption, but only so long as it doesn’t interfere in any way, shape, or form of whatever they want to do to people in their prosecutions and persecutions.

• by asdfasgasdgasdg on 10/11/20, 8:12 PM

  How do they envision this working and yet protecting communication in oppressive regimes? Facebook can't very well offer the US the ability to pierce the encryption veil then beg innocence to the Kremlin when it wants access.

  Of course, decentralized open source solutions in this space will always dominate. The oppressive governments can attack big tech economically. The Kremlin can shut facebook down in Russia if they won't give a back door. Whereas volunteer devs with no expectation of profit are immune to that kind of attack. Even better if there is no defined server to block.

  I say this as someone who is not generally super enthusiastic about open source, not decentralized tech, nor is anti- big tech. This just seems like an area where big tech cos cannot compete efficiently.

  Maybe they just think that Facebook should not be operating in countries with lots of corruption or oppression? And maybe they have a point. Maybe it is not possible to run an ethical communication business in a place that criminalizes what we value as protected speech.

  Anyway, I doubt they will be able to accomplish this goal by asking nicely. They will need to pass a law and then there will need to be a fight about whether the law is constitutional.

• by kirillzubovsky on 10/11/20, 8:11 PM

  I don't understand it. Their conclusion says "we challenge the assertion that safety cannot be protected without compromise," which the way I read it means something along the lines of "we believe it is possible to protect public safety without compromising privacy." But the rest of the letter seems to imply they want to find a way to in fact compromise that privacy.

• by play2computers on 10/11/20, 9:59 PM

  I wonder if there would be a way to make an argument that would appeal to the public just the same: We can't add backdoors to encryption because it would endanger our children!

• by adam791 on 10/11/20, 11:39 PM

  Check out Sam Harris’s podcast “The Worst Epidemic”. It’s hard to listen to, but gives another perspective about this issue. Also it has some ideas about where encryption is perhaps more benign (e.g. WhatsApp) and where its introduction would increase exploitation of children (e.g. Facebook Messenger).

• by Kednicma on 10/11/20, 7:37 PM

  It's too bad none of these fascists are elected; we can't simply vote them out of office.

  Edit: Use your words; your downvotes just tell me that you support nepotism and corruption in bureaucracies.

• by ios14 on 10/11/20, 7:52 PM

  What are the odds that big tech and big brother are in bed creating a huge dog and pony show to counter the post-Snowden “going dark” reality?

  Given: The public knows about mass surveillance. Big tech deploys supposedly unbreakable end to end encryption. The public feels more safe and protected from Big Brother yet again.

  Theory: Meanwhile, behind the scenes, government and big tech have, in secret, the ability to recover such encrypted comms. The DOJ initiative would then be part of an elaborate psyop to further deceive people into believing that FB “has their back”.

  I’m going to guess that third parties have extensively reverse engineered apps such as fb messenger to ensure that it is essentially impossible for the above to be the case, since E2EE occurs at the endpoints.

  Can an encryption expert weigh in here?

  Edit: this also raises general concerns I have about trusting an App Store to install what is supposed to be installed, and not a backdoor’ed version of an app. Something like: Let the reverse engineers have an unmodified app, while distributing alternate versions to other unsuspecting users.