Get Ready For The Political Fight Against Encryption

from the it's-coming dept

Among our many commenters here, we have one "regular" critic who presents himself as being actively involved in "policy circles" in Washington DC, and who was clearly active in the SOPA/PIPA efforts in trying to write those bills and get them passed. This individual provided enough information (along with plenty of insults in our direction) in the comments to make it clear that they were heavily involved -- if at a low level -- in those efforts. As the debate over this bills wore on and people kept pointing out how encryption would make them all moot in the long run, the commenter declared a few times his (or her?) next target: outlawing encryption. This is, of course, laughable. But if someone who is actually connected to that world thinks that it's a viable idea, then you know that it's only a matter of time until someone actually makes a hamfisted attempt at doing something like trying to outlaw VPNs. That this would go against the very same governments' efforts on "internet freedom" is generally ignored. Cognitive dissonance is strong with this crowd.

That said, with countries like the UK proposing legislation to snoop on all communications -- including encrypted ones -- the folks over at TorrentFreak are right to be wondering how long it will be until someone tries to ban VPNs. Some more authoritarian countries have tried to effectively do so already (without much luck), but as our anonymous commenter suggested above, this idea is at least being considered by plenty of so-called democracies as well.

Thankfully, there would be plenty of powerful forces to fight back against any such attempt. Beyond regular internet users speaking out (ala the SOPA/ACTA protests), you'd also have plenty of companies who rely on encryption and VPNs for their efforts to keep people and data safe. Considering Congress is already suggesting that it should get involved in forcing companies to better protect data, it would be ironic (though, not surprising) to then find them also trying to outlaw encryption/VPNs, not realizing that the two things are diametrically opposed to one another.

In the end, I don't see how a war against encryption or VPNs could actually succeed, but it won't mean that efforts in that direction won't be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: acta, encryption, pipa, sopa, uk, vpn, washington


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Hephaestus (profile), 22 Jun 2012 @ 6:37am

    This years goal, make encryption online illegal.

    So a committee of high ranking Label and studio executives, and senators get together and propose the following law ...

    "No one may use encryption online."

    Then the complaints begin rolling in.
    - The DOD can not function with out encryption.
    - The banking industry can not function with out encryption.
    - Trading houses can not function with out encryption.
    - Businesses have corporate secrets to that can not be sent via un-encrypted communications.
    - Medical insurance companies begin complaining due to HIPAA.
    - The theater industry complains because all the new films go out encrypted to the to Christie Digital Systems projectors.
    - The credit card companies begin comlaining about identity theft.

    In the end the same thing that happened in Pakistan will happen here in the US and any law like this will fail.

    link to this | view in thread ]

  2. icon
    Leigh Beadon (profile), 22 Jun 2012 @ 9:32am

    Re:

    Ooh nice - Heph you get to be "FIRST!" by a looooong distance :) We bumped this post back a bit this morning without noticing you'd already commented via crystal ball.

    (this note mostly left to alleviate anyone's confusion at the timestamp on this comment)

    link to this | view in thread ]

  3. icon
    Josh in CharlotteNC (profile), 22 Jun 2012 @ 11:03am

    Re: Re:

    Bet the trolls start saying that Heph now works for TD.

    On a serious note, we've actually been through all this before during the 90s and the fight over export controls on encryption. The government couldn't prevent the use of encryption then, and has much less of a chance now - nearly everything you do online now depends on it.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 22 Jun 2012 @ 11:20am

    "...the UK proposing legislation to snoop on all communications -- including encrypted ones". I knew they wanted to have access to communications data, but where on Earth did you hear they were trying to see encrypted data? Please give me a source or clarification on how they plan on reading encrypted information.

    link to this | view in thread ]

  5. identicon
    CaptainKremmen, 22 Jun 2012 @ 11:23am

    Oh it's not just the UK..

    Unfortunately it's not just the UK proposing to snoop on all internet communication, including encryption. The NSA is building a rather large data centre over there in the US to basically do exactly the same thing.

    Of course both countries know that, at present, they cannot decrypt most of the encrypted data they gather. However they want to store it so that it can be decrypted in future, when computing power makes it viable.

    In the UK though it is already illegal to refuse to turn over encryption keys/passwords when requested to do so by a member of the police or security forces. Refusal can result in up to five years imprisonment.

    link to this | view in thread ]

  6. icon
    Anonymous Coward of Esteemed Trolling (profile), 22 Jun 2012 @ 11:24am

    Re:

    NSA's New Data Center And Supercomputer Aim To Crack World's Strongest Encryption

    http://www.forbes.com/sites/andygreenberg/2012/03/16/nsas-new-data-center-and-ultra-fa st-supercomputer-aim-to-crack-worlds-strongest-crypto/


    There you go.

    link to this | view in thread ]

  7. icon
    Jay (profile), 22 Jun 2012 @ 11:27am

    Campaign finance

    In the end, I don't see how a war against encryption or VPNs could actually succeed, but it won't mean that efforts in that direction won't be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.

    This is the problem... They don't care. Most of the current batch of politicians don't care about anything but their partisan politics with SOPA being anathema to the conversation. Even with CISPA passing, all of the supporters of that legislation effectively showed that they would pass anything so long as they had the votes for it. We, the people don't have the money to fight for our rights at every turn. Sure, the law would fail on execution. But how do we get politicians to understand the dire consequences without a $5000 check saying "You must vote as we tell you to or we'll use the money against you!"

    This is why the attacks on our public financing system through decisions such as Citizens United need to be amended.

    We'll continue to have the federal government, whether it's the executive branch with new definitions of privacy or relaxing restrictions on information, the legislative branch with their cluelessness, or the judicial branch with their poor rulings, so long as people don't understand how to take corporations out of government .

    Hell, I would argue that all of the companies in the TPP are the ones donating to Obama's campaign, hence the secrecy involved. Think about this for one moment... If these companies get what they want, the president is subservient to these companies and not to the people.

    That's much more scary than anything in the laws.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 22 Jun 2012 @ 11:27am

    Re: Re:

    That is in the US. We are talking about the UK. I seriously doubt that the US is willing to let the UK government use its that facility, and I also doubt that the UK has anything comparable to that new datacenter.

    link to this | view in thread ]

  9. icon
    Anonymous Coward of Esteemed Trolling (profile), 22 Jun 2012 @ 11:32am

    Re: Re: Re:

    yeah... already happened.


    Videos-relevant

    The Julian Assange Show: Cypherpunks, Part 1 (E8, p.1)
    http://www.youtube.com/watch?v=eil_1j72LOA
    The Julian Assange Show: Cypherpunks, Part 2 (E8, p.2)
    http://www.youtube.com/watch?v=6DQghUChYtk


    Cyber threats, hacker attacks and laws officially aiming to tackle internet piracy, but in fact infringing people's rights to online privacy. It's an increasingly topical subject - and the world's most famous whistleblower is aiming to get to the heart of it. In the latest edition of his interview program here on RT, Julian Assange gets together with activists from the Cypherpunk movement - Andy Müller-Maguhn, Jeremie Zimmermann, and Jacob Appelbaum.

    link to this | view in thread ]

  10. icon
    AG Wright (profile), 22 Jun 2012 @ 11:34am

    Re: Campaign finance

    "But how do we get politicians to understand the dire consequences without a $5000 check saying "You must vote as we tell you to or we'll use the money against you!""

    That should be $50,000. $5,000 is small potatoes.

    link to this | view in thread ]

  11. icon
    Comboman (profile), 22 Jun 2012 @ 11:35am

    DRM?

    DRM is one form of encryption I wouldn't mind seeing outlawed.

    link to this | view in thread ]

  12. icon
    AG Wright (profile), 22 Jun 2012 @ 11:36am

    Backdoors.

    What they really need to do is require back doors in all communications. Nobody will ever figure out what they are. Really. I mean it's never happened before has it?

    The above is sarcasm, just in case you can't tell.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 22 Jun 2012 @ 11:37am

    and exactly how is anyone supposed to educate politicians? you can only educate those that have the room and the desire. nuff said??

    link to this | view in thread ]

  14. icon
    Zakida Paul (profile), 22 Jun 2012 @ 11:38am

    Even the dumbest of the dumb would not be dumb enough to look to ban encryption or VPNs (or am I naive?). To do so would criminalise every business who use such techniques to allow remote working and protect their customers' data.

    link to this | view in thread ]

  15. icon
    blaktron (profile), 22 Jun 2012 @ 11:41am

    Re: Re:

    The best part about this is that it cant scale. While it might be enough to beat even 2048 RSA in realtime (defeating CA based encryption), but encryption and decryption scale at different rates. the effort taken to encrypt something at 4096 bytes vs 2048 bytes is a little more than double, where the effort needed to decrypt it forcefully vs 2048 is ^2 (squared).

    So while the rest of the computer industry move along with moores law doubling every 18 months, the NSA will have to exponentially increase their computing power every 18 months, which wont be possible without an incredible amount of money and time, and will eventually plain fizzle out.

    link to this | view in thread ]

  16. identicon
    anonymous, 22 Jun 2012 @ 11:46am

    Re:

    all the UK are doing in effect, is putting on paper something they have been doing for years. MI5 existed long before it received legal recognition in the statute books. don't forget project echelon, which has been in existence well before the internet became commonplace. all communications both military and civilian are already subject to scrutiny. the only difference now is the rules for requesting interception are being slackened so that it is more difficult to follow the chain of command when lodging a complaint against unlawful interception....I couls go on but space is precious.

    link to this | view in thread ]

  17. icon
    Robert (profile), 22 Jun 2012 @ 11:47am

    You can have both

    Let's face it, Congress is SO intelligent, especially their technology committee members, they think you can have both.

    You can totally protect user's data and not have encryption. Yup, totally possible, if you rely on sneaker-net with exploding briefcases.

    link to this | view in thread ]

  18. icon
    weneedhelp (profile), 22 Jun 2012 @ 11:48am

    trying to outlaw VPNs

    Moot point. PCI compliance.

    link to this | view in thread ]

  19. icon
    drew (profile), 22 Jun 2012 @ 11:48am

    Re:

    It's late here, I'm still at work and I'm afraid I really can't be arsed to find the link, but there was something on one of the bbc articles about it where a spokesperson was saying that they'd find away to work around https and encryption.
    Could have been bluff and horseshit mind...

    link to this | view in thread ]

  20. icon
    Brent (profile), 22 Jun 2012 @ 11:53am

    Re: DRM?

    obviously DRM would be exempted b/c the people making the anti-encryption law are the same ones who own all DRM content. The rules don't apply to them, they only apply to everyone else.

    link to this | view in thread ]

  21. icon
    Hephaestus (profile), 22 Jun 2012 @ 11:53am

    Re: Re:

    Leigh, It said 20 some minutes to post via crystal ball ... myBad :)

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 22 Jun 2012 @ 11:59am

    Re: DRM?

    Interesting idea, I wonder if this would include things like DVD encryption. While I doubt the entertainment industry would let it, I'd like to see the arguments the entertainment industry would come up with in order to protect its own use of encryption.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 22 Jun 2012 @ 12:04pm

    Re: You can have both

    I'm hesitant to call it impossible. On a different internet, using different technologies with different protocols etc. it might be possible. However to implement this would involve tearing down the internet and redeveloping it from scratch, and even that's not a guarantee that encryption, in some form, won't turn out to be necessary.

    link to this | view in thread ]

  24. icon
    Hephaestus (profile), 22 Jun 2012 @ 12:07pm

    Re: Re: Re:

    Bet the trolls start saying that Heph now works for TD.

    Oh noes ... The RIAA is going to start a permanent file on me!

    Thinking about it ... with one big label failing every 18 months or so, and 3 labels left, it would actually be a semi-permanent file.

    link to this | view in thread ]

  25. icon
    RonKaminsky (profile), 22 Jun 2012 @ 12:09pm

    Steganography

    Even if they somehow manage to outlaw encryption, they cannot totally stop the flow of secret communication, because of the existence of steganography.

    Outlawing encryption would, however, slow down things a bit, because the data rate (bits of information/bits sent) for steganography is rather low.

    One also has sneakernet and ad-hoc mesh.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 22 Jun 2012 @ 12:09pm

    Re:

    "At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will.""

    Source: https://www.privacyinternational.org/press-releases/draft-communications-bill-reveals-home-offices-m ass-surveillance-plans-going-ahead

    link to this | view in thread ]

  27. icon
    Anonymous Coward of Esteemed Trolling (profile), 22 Jun 2012 @ 12:09pm

    Re: Re: Re:

    Do you think that the US only spies on the US ? really ?
    Do you know where your encrypted email goes en-route ? IF it gets to the destination at all.
    US spies on Britons from UK soil
    An investigative report has accused the U.S. government of using a controversial spy station in Yorkshire, Britain to “subvert and destroy democracy”.
    http://blog.alexanderhiggins.com/2012/02/27/spies-britons-uk-soil-86461/
    But America wouldn't do it when your encrypted traffic already bounces through their interceptors ?
    They also would never give access to the UK officials.

    Video: relevant
    Jacob Appelbaum, Dmitry Kleiner: Resisting the Surveillance State and its network effects
    http://www.youtube.com/watch?v=Y3h46EbqhPo


    No one would sell encryption cracking technology to other governments.(or the UK)
    Countries don't already intercept ALL internet activity crossing their borders.
    Yeah... that's why Tunisia bought that tech and Syria also has it, it doesn't exist.

    Former Tunisian Regime Goes Beyond Spying On Internet Traffic... To Rewriting Emails & More
    http://www.techdirt.com/articles/20111213/11181117066/former-tunisian-regime-goes-beyond-spyin g-internet-traffic-to-rewriting-emails-more.shtml



    Finally some MOARRRR videos , Highly related.

    How governments have tried to block Tor
    http://www.youtube.com/watch?v=GwMr8Xl7JMQ

    The smoking gun of UK encryption cracking may not be there... but IF they can, they WILL, that is certain.

    "BACKDOOR's" in propriety software encryption !
    Who needs to do impossible math and crack it anyway !

    link to this | view in thread ]

  28. identicon
    wallow-T, 22 Jun 2012 @ 12:12pm

    Guys, I'm surprised you don't see how obvious this is.

    One doesn't need to ban VPNs. One just needs to outlaw VPNs which don't log, and which do not surrender log data to government/Copyright Industry on simple demand. It becomes easy enough for the Copyright Industry to see which VPN service is being used for P2P sharing, and which does not comply with request for user information (including the Paypal or Credit Card info).

    For VPNs outside of the local jurisdiction, SOPA techniques -- especially a do-not-serve order against Paypal & credit card companies -- will cut down all but the most hard core users.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 22 Jun 2012 @ 12:15pm

    This topic hardly deserves much effort on analysis. Any such laws won't be passed. Take away encryption = take away economy = no more taxes = no more govt.

    link to this | view in thread ]

  30. icon
    Anonymous Coward of Esteemed Trolling (profile), 22 Jun 2012 @ 12:15pm

    Re: Re: Re: Re:

    I am impressed. You sure go to a lot of trouble to get "FIRST".


    Not sure, IF Time Traveler, or Mikes Puppeteer

    link to this | view in thread ]

  31. icon
    Mike Masnick (profile), 22 Jun 2012 @ 12:23pm

    Re: Re: Re:

    Leigh, It said 20 some minutes to post via crystal ball ... myBad :)


    Heh. Not your bad at all... You did exactly what you were supposed to... We just moved stuff around.

    link to this | view in thread ]

  32. icon
    Mike Masnick (profile), 22 Jun 2012 @ 12:24pm

    Re:

    I knew they wanted to have access to communications data, but where on Earth did you hear they were trying to see encrypted data? Please give me a source or clarification on how they plan on reading encrypted information.

    In the link I highlighted above:


    At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will."

    link to this | view in thread ]

  33. icon
    Anonymous Coward of Esteemed Trolling (profile), 22 Jun 2012 @ 12:25pm

    Re: Re: Re:

    Yeah....The math will win.
    They will still try, and record fucking everything in the process.

    protocols:
    If they filter all encrypted traffic out ( the ones without their backdoors in ) ?
    They won't need, to be able to crack it.


    But encryption via non encrypted protocols is a completely different story, then they need to scan and decide what is just gobbledegook and what is actual encryption.
    eg...vtoiujhmvdth789534ciuj4985mxjxla534780c5nm
    encrypted or just nonsense ?

    link to this | view in thread ]

  34. icon
    Shane C (profile), 22 Jun 2012 @ 12:26pm

    Technically speaking, there's currently a way to implament this now

    Unfortunately I'm the barer of bad news here, so I'll start off with saying explicitly that I DO NOT CONDONE ANY PART OF WHAT I'M ABOUT TO EXPLAIN. I've been trying for the past few months to get the main stream media to pick up the story, alas with no luck.

    A technique that is nicely called "HTTPS Snooping" (or more accurately called Man-In-The-Middle-Attack http://en.wikipedia.org/wiki/Man-in-the-middle_attack), is available from companies like Cisco, and Websense. These solutions are currently deployed at companies that are snooping on their employees.

    Most companies fear malware, and corporate espionage, and thus justify snooping on private communications of their employees. More respectable companies limit what they can see to things like GMail, and unknown addresses. Less respectable companies (like I've ran across) snoop all traffic, including banking, and health care. Would you really want your fellow employees to know your bank account balance, or what medications you're currently taking? How about your boss?

    All of this happens by terminating the HTTPS connection at at a border, or firewall system. The traffic is then decrypted, scanned, re-encrypted and transferred to the end user. All of this works because the end user's system is told to accept the local certificate from the firewall system. The User doesn't recognize that anything is going on, because to their browser, the certificate is valid, and it's encrypted. So to them, everything is working perfectly, and they have no clue that their traffic is being snooped on. When they transmit back (say their login/password information) all of their communications simply reverse the process. The information is encrypted with the local firewall certificate, transmitted to that firewall, decrypted, scanned, and re-encrypted for the end system using the official certificate from that site.

    Right now, these systems are deployed on large, paranoid corporate networks. However, it scales very simply. All an ISP would have to do is deploy a larger system (or array of systems) to do the same thing. They could convince their end users to use this system, by telling them to "Install This Network Acceleration Software," that would install their local certificate, and proxy all the traffic through their systems.

    With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks. Then the local ISP wouldn't have to require people to install their own local certificate. They could simply pass the certificate down just like normal, and everyone's system would accept it because it was officially signed.

    I'll leave the full ramifications of this process, and the problems with certificate based encryption up to others to discuss. I'll simply say this breaks the Internet, and how it was designed.

    If you want a more technical in-depth discussion, this was a recent topic on /. (http://ask.slashdot.org/story/12/06/16/223208/ask-slashdot-whats-your-take-on-https-snooping) including me describing my own run in with these systems.

    link to this | view in thread ]

  35. icon
    Anonymous Coward of Esteemed Trolling (profile), 22 Jun 2012 @ 12:27pm

    Re: Re:

    Smells like someone in powers back door.
    That stinks !
    enjoy the pun.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 22 Jun 2012 @ 12:27pm

    I totally approve! Ban encryption, ban secure connections! The rate of people's data getting lost and leaked isn't high enough yet. Let's make hackers' job easier, so we can justify some new cybersecurity legislation, into which we can always sneak whatever stupid crap we want!

    link to this | view in thread ]

  37. icon
    Gwiz (profile), 22 Jun 2012 @ 12:33pm

    Hsqr Zcaysqc Gr'q Dpgbyw

    K drbokn vsuo drsc yxo coowc kzzvsmklvo robo.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 22 Jun 2012 @ 12:43pm

    Re:

    So what? Then the government will just grant "special exceptions" for the organizations with the enough connections/money/power/critical importance.

    That way the critical infrastructure will still work, the well heeled won't be affected, and the little guys will be fair game, just like always.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 22 Jun 2012 @ 1:04pm

    Strong encryption promotes free speech. Anything the government does to weaken that encryption will have a chilling effect on speech. We are guaranteed the right to be secure in our papers and property, when will this be extended to the digital age? I don't use paper anymore, I use bits. The government has no right to EVER impose restrictions on my private communications. To those who say there isn't a reasonable expectation of privacy, as is heard in so many of these cases, I say that's why I use encryption, to ensure privacy.

    link to this | view in thread ]

  40. identicon
    Coyote, 22 Jun 2012 @ 1:06pm

    Whoever that commentaro was is a pure and simple fool if he thinks that'll solve anything whatsoever. Then again, he did also try and push SOPA/PIPA through, so you know, stupid is as stupid does.

    Seriously, good luck trying to get encryption outlawed. It's be like gathering together a bunch of cavemen to take down a herd of T-Rexes.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 22 Jun 2012 @ 1:07pm

    Next they will outlaw whispering.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 22 Jun 2012 @ 1:07pm

    -----BEGIN PGP MESSAGE-----
    qANQR1DDDQQJAwKEkXjtezfRiKjSbwGcIjSbEk255Uj0LV1Rl9tvOU+AlEBUP1qI
    gNfP8YawTbj2SxrwmDSi ttYrwTAV4Ia/M1dlk0houUm3RAULLTbjHckT9orK0y8z
    FNEnZlR+4Xrs7ERu7V0rw/a52f0WQu2QRZhLFj8LrktsmzFFdQ==
    =H2fE
    -----END PGP MESSAGE-----
    techdirt.com

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 22 Jun 2012 @ 1:08pm

    If they ban encryption, it'll be easier to rip your dvds.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 22 Jun 2012 @ 1:12pm

    Re: Technically speaking, there's currently a way to implament this now

    > With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks.

    If any CA is found to be doing that (and it is very easy to find with add-ons like Certificate Patrol), they will be removed from the lists of trusted certificates of all the major browsers.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 22 Jun 2012 @ 1:26pm

    Re: Technically speaking, there's currently a way to implament this now

    Basically what you're saying is that the certificate authority model is broken.
    I agree, can we have something better? (a distributed system of certificates or something, idk)

    This wouldn't affect corporate networks (just ban encryption & only start encrypting when it leaves the company network). Using corporate computers is inherently unsafe whatever you do, they could have installed keyloggers on their machines.

    link to this | view in thread ]

  46. icon
    The eejit (profile), 22 Jun 2012 @ 1:26pm

    Re: Re: DRM?

    Whcih naturally means we're free to completely disregard said laws, as is our civic duty.

    link to this | view in thread ]

  47. icon
    Jeffrey Nonken (profile), 22 Jun 2012 @ 1:47pm

    We're going to protect your data by forcing you to do everything in plain text. Then we'll collect all the data into a centralized database with a single point of failure (and all passwords stored and transmitted in plain text).

    This will keep all your data safe. We promise! We also promise not to abuse your data. Cross our hearts and hope to die.

    We're from the government, and we're here to help.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 22 Jun 2012 @ 2:02pm

    Re: Re: DRM?

    Do they need an argument? The argument will be: We are 10 % of the US economy. We say banning encryption is bad. Now go do your duty!

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 22 Jun 2012 @ 2:06pm

    This a great example of a lack understanding real work technology use

    What we should all be frightened of is the utter lack any understanding for modern technology and it's current use by anyone that would argue for "outlawing encryption".
    Really?... what about those regulations governing the use of encryption for exchanging financial information? ... what now?

    Seems to me like there'd need to be heavy investment in many industries to deal with not being able to encrypt but having a requirement for "security"... I personally can't fathom solutions without without encryption for some of those financial data requirements...
    As much as I have a distaste for the way some large companies heft their weight politically, this might be a "good" time to see that happen...

    ... we'll probably see someone trying to sneak in some kind of "any form of encryption must allow for bypass by 'The Government'" law..

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 22 Jun 2012 @ 2:07pm

    Re: Technically speaking, there's currently a way to implament this now

    Worth noting in this regard is the currently-open question of who, exactly, signed Flame with Microsoft's software certificate. Either (a) it was Microsoft, at the behest of the feds, or (b) it was someone else, who has figured out how to pull that off without the cooperation of the certificate holder. If that "someone else" is a major government, then we're pretty screwed.

    link to this | view in thread ]

  51. icon
    Hephaestus (profile), 22 Jun 2012 @ 2:09pm

    Re: Re:

    There are all sorts of issues with laws against encryption and special exemptions.

    There is no way to tell what is and what is not authorized encryption without redesigning how the internet works. If something is encrypted, it is basically just unintelligible noise and no amount of packet level inspection will change that.

    There are several hundred standards and best practices from pretty much every industry on how thing should be encrypted. A sure fire way to piss of every industry on earth is to force them to spend billions to apply for an exemption, check that they are compliant, and/or redo their current encryption systems.

    Between industry and impossibility lay the dreams of big content.

    link to this | view in thread ]

  52. icon
    A Guy (profile), 22 Jun 2012 @ 2:19pm

    DiHydrogenMonoxide

    This could be epic. After we get rid of encryption and VPNs, maybe congress should finally get around to banning DiHydrogenMonoxide.

    We should ban phosphorus while we're at it too. That stuff can be just as dangerous.

    link to this | view in thread ]

  53. icon
    Gwiz (profile), 22 Jun 2012 @ 2:28pm

    Re: This a great example of a lack understanding real work technology use

    ..what about those regulations governing the use of encryption for exchanging financial information?.

    And don't forget about medical information. I believe (not sure about this) that HIPPA requires some form of security (encryption) when sending medical records via the internet.

    link to this | view in thread ]

  54. identicon
    Anonymous Coward, 22 Jun 2012 @ 2:36pm

    Fuck em it's already to late use Gnu/PGP.

    link to this | view in thread ]

  55. identicon
    AB, 22 Jun 2012 @ 2:41pm

    And after getting rid of the locks on our computers they can move on to eliminating locks on automobiles, homes, diaries, and bank accounts. Welcome to the Soviet Union of America!

    link to this | view in thread ]

  56. identicon
    AC Cobra, 22 Jun 2012 @ 2:43pm

    God I hope you're right.

    I've been saying since early in the PIPA debate that banning encryption will be the next step. I hate to say it, but I think it's a lot more likely than people think. First of all, it would only apply to private citizens, and the use of encryption would be detected at the ISP account level. Attempt to use encryption=get knocked off the net. Corporations and the government would still use it, but a license to do so would be spendy to deter individuals claiming to be a small business.

    I am totally against it. I think it would be huge step backward for both civil liberties and personal security to ban encryption. But I wouldn't put it past our politicians to do just that.

    link to this | view in thread ]

  57. icon
    Simon Vu (profile), 22 Jun 2012 @ 2:59pm

    Sooo... would rather hand over their data to terrorists while still fighting for "cybersecurity"?

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 22 Jun 2012 @ 3:15pm

    Has everyone forgotten about Phil Zimmerman and PGP, and the governments attempt ban it and put him in jail in the early 90's?

    It didn't work then and it won't work now. Encryption's no big deal any more. I can knock off an AES implementation in a handfull of hours.

    link to this | view in thread ]

  59. icon
    Simple Mind (profile), 22 Jun 2012 @ 3:21pm

    Re: Hsqr Zcaysqc Gr'q Dpgbyw

    Klatu verata nicto?

    link to this | view in thread ]

  60. identicon
    Chilly8, 22 Jun 2012 @ 3:33pm

    The original ACTA was going to ban or restrict encryption and other privacy tools.

    I am far more worried about a Santorum Administration outlawing encryption than anyone else. Santorum advocates an internet porn filter, like that proposed in Australia, and including making circumvention of the filter illegal, which would effectively outlaw VPNs.

    And Santorum may well run in 2016.

    link to this | view in thread ]

  61. identicon
    Chilly8, 22 Jun 2012 @ 4:34pm

    Re: God I hope you're right.

    Then you just ignore the law and do it without a licnece

    link to this | view in thread ]

  62. identicon
    Lawrence D'Oliveiro, 22 Jun 2012 @ 5:02pm

    “Clipper” Chip Redux, Anybody?

    In the early days of the Internet, the Clinton administration tried to, not exactly outlaw encryption, but bring it under control by trying to mandate the use of the Clipper chip. This used an algorithm with a “key-escrow” feature (effectively a built-in backdoor)—a master key that the Feds could use to decrypt anything encrypted with this chip.

    Back then, law enforcement was worried about the increasing popularity of powerful open-source encryption tools like PGP. Given that encryption is even cheaper, more powerful and more easily available nowadays than back then, what’s the bet we’ll see somebody trying to resurrect this idea as some sort of “compromise”?

    link to this | view in thread ]

  63. icon
    btr1701 (profile), 22 Jun 2012 @ 5:40pm

    Re: Oh it's not just the UK..

    > In the UK though it is already illegal to
    > refuse to turn over encryption keys/passwords
    > when requested to do so by a member of the
    > police or security forces. Refusal can result
    > in up to five years imprisonment.

    So when they've arrested you on murder, rape, terrorism, whatever, and you know the evidence needed to convict you is on your laptop and they're threatening you with five years in prison for not giving over the key... you're still better off taking the nickel, than giving them the evidence and going down for 20-30 years.

    link to this | view in thread ]

  64. icon
    btr1701 (profile), 22 Jun 2012 @ 5:42pm

    Re: Re: Re: DRM?

    More like:

    We are 10% of the US economy. We say banning *our* use of encryption is bad. Now go do your duty and just make it illegal for everyone else to use it!

    link to this | view in thread ]

  65. icon
    Chargone (profile), 22 Jun 2012 @ 6:31pm

    Re:

    far too many people are ignorant and/or stupid enough that they don't realise that's even an issue.

    link to this | view in thread ]

  66. identicon
    Gene Poole, 22 Jun 2012 @ 7:00pm

    I'm pretty sure this has been attempted before. You cannot outlaw maths. Doesn't work.

    link to this | view in thread ]

  67. identicon
    Anonymous Coward, 22 Jun 2012 @ 10:34pm

    Re: Re:

    Thank you. I've read through the draft of the Communications Data Bill, and (like everyone else I suppose) cannot find an details pertaining to HTTPS being stripped or anything else like that. It seems we are being kept entirely in the dark.

    link to this | view in thread ]

  68. identicon
    Anonymous Coward, 22 Jun 2012 @ 10:38pm

    Re: Re: Oh it's not just the UK..

    Exactly. That has been one of the many criticisms of the RIP Act (specifically part 3): if someone is accused of a serious crime, they can get a shorter sentence by not disclosing a passphrase. Just for clarification, the maximum sentence for failing to provide a key is only 2 years.

    link to this | view in thread ]

  69. identicon
    Chilly8, 23 Jun 2012 @ 2:21am

    Re: Re: Re: Oh it's not just the UK..

    In certain situations, I think the penalty goes to five years.

    link to this | view in thread ]

  70. icon
    Stephan Kinsella (profile), 23 Jun 2012 @ 5:38am

    Cryptabyte.com

    David Veksler's new project, Cryptabyte.com, looks promising--discussed in Jeff Tucker's article Cryptography for the Rest of Us http://lfb.org/today/cryptography-for-the-rest-of-us/

    link to this | view in thread ]

  71. identicon
    Winski, 23 Jun 2012 @ 7:21pm

    Banning Encryption....

    Good luck with that...

    Since a number of states in the US and some other countries around the globe are already under fascist control, the effort does not surprise me... But, there is a line. IF it's crossed, revolution ensues.... Then ALL bets are off.

    link to this | view in thread ]

  72. icon
    Mike (profile), 24 Jun 2012 @ 5:58am

    Define Encryption

    So how would you define encryption anyway?

    If I used EBCDIC instead of ascii to encode my characters in an email is that encrypted?

    How about compression techniques? Are those encryption?

    Basically anything that one person can't make sense out of but that another person can is "encrypted". So if this website was in chinese, it'd be encrypted from me as I can't read (or speak chinese).

    Obviously some "encryption" algorithms (such as chinese) are more well known than others and the "decryption" algorithm is also widely known, but does that make it less encryption?

    My point is that I'm not sure how the government could distinguish between what they call unencrypted data, and encrypted data. (Which is not to say they wouldn't try).

    link to this | view in thread ]

  73. identicon
    Anonymous Coward, 24 Jun 2012 @ 6:43pm

    Re: God I hope you're right.

    Cobra, you're about right in your assessment. I'd forecast it to work like CCW permits in some states. You need a permit and you need to explain why you need such a permit. The gun nuts grumble about it, but there's no Second Amendment issue. The freeloaders will also piss and moan, but there are no First Amendment issues either.

    link to this | view in thread ]

  74. icon
    Ninja (profile), 25 Jun 2012 @ 5:21am

    And after that they'll insert mandatory cavity searches in every airport. Seems nothing is crazy enough for the Police States out there. Pakistan sure backed out of its decision but they'll keep trying to find a way to make it go through.

    link to this | view in thread ]

  75. identicon
    Anonymous Coward, 25 Jun 2012 @ 12:06pm

    Re: Re: God I hope you're right.

    First of all, it would only apply to private citizens, and the use of encryption would be detected at the ISP account level. Attempt to use encryption=get knocked off the net.

    Then what?

    link to this | view in thread ]

  76. identicon
    Blah..., 2 Feb 2014 @ 3:54am

    Re: Re: Re: God I hope you're right.

    I think you overestimate the amount of processing power ISP's have to evaluate every piece of data that comes through their system. It's one thing to just build channels for data, which is what ISP's do, but to subsequently process all that data to check it for encryption is a monumental task that no reasonable private company is going to want to undertake.

    link to this | view in thread ]

  77. identicon
    Not Going to Happen, 2 Feb 2014 @ 4:04am

    Re: God I hope you're right.

    As I stated to your friend... It's an extremely monumental task to scan all data that comes through an ISP for encryption. The outlawing of encryption would be trivial to circumvent because it amounts to a law against thought which is nearly unenforceable.

    Here... I made this in two weeks in Visual Studio. It will encrypt files and text with up to 128 byte keys in a data-dependent fashion such that each byte encrypted influences the encryption of every subsequent byte:

    http://www.mediafire.com/download/sxdituc4t3u4vhy/KOStreamEncryption.zip

    Here's a description of the algorithm: http://imageshack.com/a/img208/6293/z0xc.png

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.