Encryption Ban: U.S., UK, Australia Try to Change How Math Works (Again)

Three of the Five Eyes are yet again attacking end-to-end encryption. As if passing new laws somehow stops criminals from breaking existing ones.

Yet again, they’re asking for backdoors in the encryption schemes. As if they can somehow change the intrinsic nature of math.

It’s déjà vu time. In today’s SB Blogwatch, we’ve seen it all before.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Zuckerbot.

Same **** Different Day

What’s the craic? Ryan Mac and Joseph Bernstein report—“Barr Will Ask Zuckerberg To Halt Plans For End-To-End Encryption”:

 Attorney General Bill Barr, along with officials from the United Kingdom and Australia, is set to publish an open letter to [the] Facebook CEO … asking the company to delay plans for end-to-end encryption across its messaging services until it can guarantee the added privacy does not reduce public safety. [It] raises concerns that Facebook’s plan … will prevent law enforcement agencies from finding illegal activity conducted through Facebook, including child sexual exploitation, terrorism, and election meddling.

The letter calls on Facebook to prioritize public safety in designing its encryption by enabling law enforcement to gain access to illegal content … and by consulting with governments ahead of time to ensure the changes will allow this access. … In a three paragraph statement, Facebook said it strongly opposes government attempts to build backdoors.

O RLY? Lorenzo Franceschi-Bicchierai wins the understated-headline-of-the-year award, with “AHHHHHHHHHHHHHHHHHHHH”:

 Stop me if you’ve heard this before. The US government wants a major tech company to stop the deployment of strong, end-to-end encryption.

The bad news for Barr is that Facebook’s services are largely already encrypted end-to-end. … So, in other words, Barr wants Facebook to put a backdoor in WhatsApp, Facebook Messenger, and Instagram direct messages.

The arguments … are also more or less the same and boil down to “won’t anyone think of the children?” [It] totally ignores the fact that there already are tools for law enforcement to get around encryption—when necessary, legitimate, and authorized by a judge. Namely, cops hack devices all the time to compromise messages’ endpoints, allowing them to intercept and read the messages.

So, dear Bill, what’s different now? … The onus is on you to justify backdoors, something that no respectable technologists believes can be done safely. Just shouting ‘child exploitation’ or ‘terrorism’ [isn’t] enough.

But something must be done. The EFF’s Andrew Crocker and Joe Mullin call it, “An All-Out Attack on Encryption”:

 This is a staggering attempt to undermine the security and privacy of communications tools used by billions of people. Facebook should not comply.

Law enforcement and national security agencies in these three countries are asking for nothing less than access to every conversation that crosses every digital device. [It] focuses on the challenges of investigating the most serious crimes committed using digital tools … but it ignores the severe risks that introducing encryption backdoors would create.

The Department of Justice and its partners in the UK and Australia claim to support “strong encryption,” but the unfettered access to encrypted data described in this letter is incompatible with how encryption actually works.

You can say that again. Adrian Kennard explains that math “does not work like that”:

 I don’t know how many times we have to try and explain. … You cannot make a way to decrypt something only when there is a valid warrant issued by a judge. Maths does not understand judges or law.

The system only works if there are flaws and back-doors, and no matter how you try, these will be exploited by criminals. Simple as that.

But but but … The children! AnthonyMouse thinks of them:

Not having privacy can lead to [even more] severe harms. … If the bad guys break into a system that allows them to effectively wiretap everybody, now they can snoop around and find blackmail targets.

Results: Rape, financing child sex trafficking, facilitating an act of terrorism. Or any of the less visceral but nonetheless … significant consequences.

And that’s just blackmail. What about the suicides of people who get doxxed? Or the people in violent relationships whose abuser is in law enforcement or in a criminal enterprise that has compromised the surveillance apparatus? Or the mental health epidemic which results when people know their communication is exposed to people they don’t trust to see their true selves and then self-censor into performance-art conformists?

Privacy is about keeping perverts in law enforcement from reading the sexting that should only be between you and your spouse, but it’s also about keeping the country and the people safe from terrorists and foreign powers, keeping victims safe from abusers and allowing people to satisfy the human need to be themselves in communications with people they trust.

Privacy isn’t a trade off against security, it’s a necessary component of having security.

Wait. Pause.? David A. Gatwood opines, “That’s not the way the Constitution works”:

 The whole point of the first amendment is that the government doesn’t get to decide that a form of expression — in this case, software — is illegal unless the creator can prove that it cannot be used to cause harm. Rather, the onus is on the government to prove [it].

The only reasonable response from Facebook would be a single-character email containing the middle finger unicode symbol.

Anyway, Jake Williams—@MalwareJake—doesn’t trust the competence of the guv’mint:

 Any time someone says “don’t do end to end encryption, we can keep the data safe,” just remind them of Shadow Brokers. We still don’t even know how the Shadow Brokers stole the data they leaked (which included ETERNALBLUE, fueling WannaCry & NotPetya).

If DOJ and NSA don’t know how the Shadow Brokers got the highly classified data out of one of the most tightly controlled networks on the planet, the idea that they can protect backdoors to your communications is laughable. My kid understands this. Why doesn’t Barr?

But Red Neck worries that one of these things is not like the other:

 Lets get this right: The privacy nuts don’t want governments having access to their precious data, but don’t mind entrusting it to someone like Zuckerberg, a character with a questionable history, on an unregulated platform. Rethink required.

And nehumanuscrede sees the Morissette-irony:

 Zuckerberg just can’t win.

Option A) Don’t do anything to preserve privacy for users of their apps -> Get yelled at

Option B) Get tired of Option A and decide to protect user privacy … with EtE encryption -> Get yelled at.

Anyway, it won’t work. As tw04 points out:

 The argument doesn’t even make sense. It makes the horrible assumption that pedophiles will continue using a service they know to be insecure.

That’s literally a provably false assumption. The second they realize it’s insecure … they’ll switch to something else.

And [it] assumes that there are no criminal programmers and thus they have no ability to just write their own tools if there isn’t something sitting on the shelf. We know with 100% certainty this is also a false assumption.

Meanwhile, Chris Daw QC—@crimlawuk should maybe ask Alexa or Siri:

 If the authorities need to have the ability to invade privacy online, purely because a fraction of 1 percent of people are involved in child abuse … why don’t they need cameras and microphones in every home for the same reason?

And Finally:

Dance, Marky-boy, dance!

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: DonkeyHotey (cc:by)

Richi Jennings

Featured eBook
Identifying Web Attack Indicators

Identifying Web Attack Indicators

Attackers are always looking for ways into web and mobile applications. The 2019 Verizon Data Breach Investigation Report listed web applications the number ONE vector attackers use when breaching organizations. In this paper, we examine malicious web request patterns for four of the most common web attack methods and show how to gain the context and ... Read More
Signal Sciences

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 169 posts and counting.See all posts by richi

One thought on “Encryption Ban: U.S., UK, Australia Try to Change How Math Works (Again)

Comments are closed.