from Hacker News

Ask HN: Is banning end-to-end encryption feasible?

by mikepechadotcom on 11/9/20, 10:58 PM with 9 comments

More and more countries are planning to ban end-to end encryption, or at least forcing companies to backdoor it.

But is this even feasible? Does a E2E-encryption method/technology, which can have a backdoor exist? And if not, with which technology are governments planning to do it?

  • by dangerface on 11/10/20, 11:55 AM

    The law makers legitimately have no understanding of the technologies they are writing laws for or how the law will be enforced, this isn't a problem with the law its intentional.

    Laws aren't based on reality or whats feasible they are fantasies(beliefs) society would like to be real and so tries / pretends to enforce.

    From a practical point of view people want strong cryptography and trust government run agencies like nist to provide specifications for strong cryptography. In the past the government has bribed and manipulated these specifications to be weak to attacks that only the government know about. Everyone follows these specifications and writes in the backdoor for the government.

    The problem with this is that people are now wise to it and don't trust government specifications or organisations like the nsa who have been caught poisoning the well.

    A larger problem with this is that the gov cant use all that juciey data for its own purposes without revealing the backdoor that was in every encryption in use, kinda awkward.

    The new strategy is more blunt if you use encryption you are expected to create two keys for it one for your own use and one you send to the government.

    This is a nice position for the government to go from a position of absolute power but no way to use it to a new status quo where the population are expected to snitch on themselves and continuously present them selves to the government for arbitrary judgement.

    Now you may think to yourself well if the whole point is to stop people using encryption to do bad shit what stops them from just using encryption and not sending the government a key? That's a great question, fantastic! and one the law doesn't have to answer, the point is the gov want to peep and they can give them selves that right.

  • by LinuxBender on 11/9/20, 11:05 PM

    If the software is controlled, updated by someone other than you, then for sure they can back-door it. Proper E2E requires that you do something out-of-band from the software that it can't decode regardless of what the developers add. That is of course high friction and only a small number of people do this. For low friction E2E, there has to be some level of trust that a company won't back-door the software. Some people believe in solving this trust issue with legal agreements, but I dont ascribe to that. Governments can still force changes, provide immunity and use gag orders. There are also canaries, but I don't buy into that either, nor do corporate lawyers I have talked to, as well as other lawyers. [1]

    [1] - https://web.archive.org/web/20141027143819/https://github.co...

  • by speedgoose on 11/10/20, 9:30 PM

    Yes, you can make producing e2e encryption software illegal. Sure the maths will be on Wikipedia and an advanced user will always find a way to do e2e encryption, but you will not see a major legal social network offering e2e encryption without backdoors anymore.

  • by ffpip on 11/10/20, 10:56 AM

    I think it is possible to ban e2ee being used by the average human, but you can't outright ban it. It's math.

  • by segmondy on 11/10/20, 1:34 AM

    No, it's not possible. It can only be done at the hardware level.