Get Ready For The Political Fight Against Encryption
from the it's-coming dept
Among our many commenters here, we have one "regular" critic who presents himself as being actively involved in "policy circles" in Washington DC, and who was clearly active in the SOPA/PIPA efforts in trying to write those bills and get them passed. This individual provided enough information (along with plenty of insults in our direction) in the comments to make it clear that they were heavily involved -- if at a low level -- in those efforts. As the debate over this bills wore on and people kept pointing out how encryption would make them all moot in the long run, the commenter declared a few times his (or her?) next target: outlawing encryption. This is, of course, laughable. But if someone who is actually connected to that world thinks that it's a viable idea, then you know that it's only a matter of time until someone actually makes a hamfisted attempt at doing something like trying to outlaw VPNs. That this would go against the very same governments' efforts on "internet freedom" is generally ignored. Cognitive dissonance is strong with this crowd.That said, with countries like the UK proposing legislation to snoop on all communications -- including encrypted ones -- the folks over at TorrentFreak are right to be wondering how long it will be until someone tries to ban VPNs. Some more authoritarian countries have tried to effectively do so already (without much luck), but as our anonymous commenter suggested above, this idea is at least being considered by plenty of so-called democracies as well.
Thankfully, there would be plenty of powerful forces to fight back against any such attempt. Beyond regular internet users speaking out (ala the SOPA/ACTA protests), you'd also have plenty of companies who rely on encryption and VPNs for their efforts to keep people and data safe. Considering Congress is already suggesting that it should get involved in forcing companies to better protect data, it would be ironic (though, not surprising) to then find them also trying to outlaw encryption/VPNs, not realizing that the two things are diametrically opposed to one another.
In the end, I don't see how a war against encryption or VPNs could actually succeed, but it won't mean that efforts in that direction won't be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: acta, encryption, pipa, sopa, uk, vpn, washington
Reader Comments
Subscribe: RSS
View by: Time | Thread
So a committee of high ranking Label and studio executives, and senators get together and propose the following law ...
"No one may use encryption online."
Then the complaints begin rolling in.
- The DOD can not function with out encryption.
- The banking industry can not function with out encryption.
- Trading houses can not function with out encryption.
- Businesses have corporate secrets to that can not be sent via un-encrypted communications.
- Medical insurance companies begin complaining due to HIPAA.
- The theater industry complains because all the new films go out encrypted to the to Christie Digital Systems projectors.
- The credit card companies begin comlaining about identity theft.
In the end the same thing that happened in Pakistan will happen here in the US and any law like this will fail.
[ link to this | view in thread ]
Re:
(this note mostly left to alleviate anyone's confusion at the timestamp on this comment)
[ link to this | view in thread ]
Re: Re:
On a serious note, we've actually been through all this before during the 90s and the fight over export controls on encryption. The government couldn't prevent the use of encryption then, and has much less of a chance now - nearly everything you do online now depends on it.
[ link to this | view in thread ]
[ link to this | view in thread ]
Oh it's not just the UK..
Of course both countries know that, at present, they cannot decrypt most of the encrypted data they gather. However they want to store it so that it can be decrypted in future, when computing power makes it viable.
In the UK though it is already illegal to refuse to turn over encryption keys/passwords when requested to do so by a member of the police or security forces. Refusal can result in up to five years imprisonment.
[ link to this | view in thread ]
Re:
http://www.forbes.com/sites/andygreenberg/2012/03/16/nsas-new-data-center-and-ultra-fa st-supercomputer-aim-to-crack-worlds-strongest-crypto/
There you go.
[ link to this | view in thread ]
Campaign finance
This is the problem... They don't care. Most of the current batch of politicians don't care about anything but their partisan politics with SOPA being anathema to the conversation. Even with CISPA passing, all of the supporters of that legislation effectively showed that they would pass anything so long as they had the votes for it. We, the people don't have the money to fight for our rights at every turn. Sure, the law would fail on execution. But how do we get politicians to understand the dire consequences without a $5000 check saying "You must vote as we tell you to or we'll use the money against you!"
This is why the attacks on our public financing system through decisions such as Citizens United need to be amended.
We'll continue to have the federal government, whether it's the executive branch with new definitions of privacy or relaxing restrictions on information, the legislative branch with their cluelessness, or the judicial branch with their poor rulings, so long as people don't understand how to take corporations out of government .
Hell, I would argue that all of the companies in the TPP are the ones donating to Obama's campaign, hence the secrecy involved. Think about this for one moment... If these companies get what they want, the president is subservient to these companies and not to the people.
That's much more scary than anything in the laws.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
Videos-relevant
The Julian Assange Show: Cypherpunks, Part 1 (E8, p.1)
http://www.youtube.com/watch?v=eil_1j72LOA
The Julian Assange Show: Cypherpunks, Part 2 (E8, p.2)
http://www.youtube.com/watch?v=6DQghUChYtk
Cyber threats, hacker attacks and laws officially aiming to tackle internet piracy, but in fact infringing people's rights to online privacy. It's an increasingly topical subject - and the world's most famous whistleblower is aiming to get to the heart of it. In the latest edition of his interview program here on RT, Julian Assange gets together with activists from the Cypherpunk movement - Andy Müller-Maguhn, Jeremie Zimmermann, and Jacob Appelbaum.
[ link to this | view in thread ]
Re: Campaign finance
That should be $50,000. $5,000 is small potatoes.
[ link to this | view in thread ]
DRM?
[ link to this | view in thread ]
Backdoors.
The above is sarcasm, just in case you can't tell.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
So while the rest of the computer industry move along with moores law doubling every 18 months, the NSA will have to exponentially increase their computing power every 18 months, which wont be possible without an incredible amount of money and time, and will eventually plain fizzle out.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
You can have both
You can totally protect user's data and not have encryption. Yup, totally possible, if you rely on sneaker-net with exploding briefcases.
[ link to this | view in thread ]
trying to outlaw VPNs
[ link to this | view in thread ]
Re:
Could have been bluff and horseshit mind...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: DRM?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: DRM?
[ link to this | view in thread ]
Re: You can have both
[ link to this | view in thread ]
Re: Re: Re:
Oh noes ... The RIAA is going to start a permanent file on me!
Thinking about it ... with one big label failing every 18 months or so, and 3 labels left, it would actually be a semi-permanent file.
[ link to this | view in thread ]
Steganography
Outlawing encryption would, however, slow down things a bit, because the data rate (bits of information/bits sent) for steganography is rather low.
One also has sneakernet and ad-hoc mesh.
[ link to this | view in thread ]
Re:
Source: https://www.privacyinternational.org/press-releases/draft-communications-bill-reveals-home-offices-m ass-surveillance-plans-going-ahead
[ link to this | view in thread ]
Re: Re: Re:
Do you know where your encrypted email goes en-route ? IF it gets to the destination at all.
US spies on Britons from UK soil
An investigative report has accused the U.S. government of using a controversial spy station in Yorkshire, Britain to “subvert and destroy democracy”.
http://blog.alexanderhiggins.com/2012/02/27/spies-britons-uk-soil-86461/
But America wouldn't do it when your encrypted traffic already bounces through their interceptors ?
They also would never give access to the UK officials.
Video: relevant
Jacob Appelbaum, Dmitry Kleiner: Resisting the Surveillance State and its network effects
http://www.youtube.com/watch?v=Y3h46EbqhPo
No one would sell encryption cracking technology to other governments.(or the UK)
Countries don't already intercept ALL internet activity crossing their borders.
Yeah... that's why Tunisia bought that tech and Syria also has it, it doesn't exist.
Former Tunisian Regime Goes Beyond Spying On Internet Traffic... To Rewriting Emails & More
http://www.techdirt.com/articles/20111213/11181117066/former-tunisian-regime-goes-beyond-spyin g-internet-traffic-to-rewriting-emails-more.shtml
Finally some MOARRRR videos , Highly related.
How governments have tried to block Tor
http://www.youtube.com/watch?v=GwMr8Xl7JMQ
The smoking gun of UK encryption cracking may not be there... but IF they can, they WILL, that is certain.
"BACKDOOR's" in propriety software encryption !
Who needs to do impossible math and crack it anyway !
[ link to this | view in thread ]
One doesn't need to ban VPNs. One just needs to outlaw VPNs which don't log, and which do not surrender log data to government/Copyright Industry on simple demand. It becomes easy enough for the Copyright Industry to see which VPN service is being used for P2P sharing, and which does not comply with request for user information (including the Paypal or Credit Card info).
For VPNs outside of the local jurisdiction, SOPA techniques -- especially a do-not-serve order against Paypal & credit card companies -- will cut down all but the most hard core users.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re:
Not sure, IF Time Traveler, or Mikes Puppeteer
[ link to this | view in thread ]
Re: Re: Re:
Heh. Not your bad at all... You did exactly what you were supposed to... We just moved stuff around.
[ link to this | view in thread ]
Re:
In the link I highlighted above:
[ link to this | view in thread ]
Re: Re: Re:
They will still try, and record fucking everything in the process.
protocols:
If they filter all encrypted traffic out ( the ones without their backdoors in ) ?
They won't need, to be able to crack it.
But encryption via non encrypted protocols is a completely different story, then they need to scan and decide what is just gobbledegook and what is actual encryption.
eg...vtoiujhmvdth789534ciuj4985mxjxla534780c5nm
encrypted or just nonsense ?
[ link to this | view in thread ]
Technically speaking, there's currently a way to implament this now
A technique that is nicely called "HTTPS Snooping" (or more accurately called Man-In-The-Middle-Attack http://en.wikipedia.org/wiki/Man-in-the-middle_attack), is available from companies like Cisco, and Websense. These solutions are currently deployed at companies that are snooping on their employees.
Most companies fear malware, and corporate espionage, and thus justify snooping on private communications of their employees. More respectable companies limit what they can see to things like GMail, and unknown addresses. Less respectable companies (like I've ran across) snoop all traffic, including banking, and health care. Would you really want your fellow employees to know your bank account balance, or what medications you're currently taking? How about your boss?
All of this happens by terminating the HTTPS connection at at a border, or firewall system. The traffic is then decrypted, scanned, re-encrypted and transferred to the end user. All of this works because the end user's system is told to accept the local certificate from the firewall system. The User doesn't recognize that anything is going on, because to their browser, the certificate is valid, and it's encrypted. So to them, everything is working perfectly, and they have no clue that their traffic is being snooped on. When they transmit back (say their login/password information) all of their communications simply reverse the process. The information is encrypted with the local firewall certificate, transmitted to that firewall, decrypted, scanned, and re-encrypted for the end system using the official certificate from that site.
Right now, these systems are deployed on large, paranoid corporate networks. However, it scales very simply. All an ISP would have to do is deploy a larger system (or array of systems) to do the same thing. They could convince their end users to use this system, by telling them to "Install This Network Acceleration Software," that would install their local certificate, and proxy all the traffic through their systems.
With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks. Then the local ISP wouldn't have to require people to install their own local certificate. They could simply pass the certificate down just like normal, and everyone's system would accept it because it was officially signed.
I'll leave the full ramifications of this process, and the problems with certificate based encryption up to others to discuss. I'll simply say this breaks the Internet, and how it was designed.
If you want a more technical in-depth discussion, this was a recent topic on /. (http://ask.slashdot.org/story/12/06/16/223208/ask-slashdot-whats-your-take-on-https-snooping) including me describing my own run in with these systems.
[ link to this | view in thread ]
Re: Re:
That stinks !
enjoy the pun.
[ link to this | view in thread ]
[ link to this | view in thread ]
Hsqr Zcaysqc Gr'q Dpgbyw
[ link to this | view in thread ]
Re:
That way the critical infrastructure will still work, the well heeled won't be affected, and the little guys will be fair game, just like always.
[ link to this | view in thread ]
[ link to this | view in thread ]
Seriously, good luck trying to get encryption outlawed. It's be like gathering together a bunch of cavemen to take down a herd of T-Rexes.
[ link to this | view in thread ]
[ link to this | view in thread ]
qANQR1DDDQQJAwKEkXjtezfRiKjSbwGcIjSbEk255Uj0LV1Rl9tvOU+AlEBUP1qI
gNfP8YawTbj2SxrwmDSi ttYrwTAV4Ia/M1dlk0houUm3RAULLTbjHckT9orK0y8z
FNEnZlR+4Xrs7ERu7V0rw/a52f0WQu2QRZhLFj8LrktsmzFFdQ==
=H2fE
-----END PGP MESSAGE-----
techdirt.com
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Technically speaking, there's currently a way to implament this now
If any CA is found to be doing that (and it is very easy to find with add-ons like Certificate Patrol), they will be removed from the lists of trusted certificates of all the major browsers.
[ link to this | view in thread ]
Re: Technically speaking, there's currently a way to implament this now
I agree, can we have something better? (a distributed system of certificates or something, idk)
This wouldn't affect corporate networks (just ban encryption & only start encrypting when it leaves the company network). Using corporate computers is inherently unsafe whatever you do, they could have installed keyloggers on their machines.
[ link to this | view in thread ]
Re: Re: DRM?
[ link to this | view in thread ]
This will keep all your data safe. We promise! We also promise not to abuse your data. Cross our hearts and hope to die.
We're from the government, and we're here to help.
[ link to this | view in thread ]
Re: Re: DRM?
[ link to this | view in thread ]
This a great example of a lack understanding real work technology use
Really?... what about those regulations governing the use of encryption for exchanging financial information? ... what now?
Seems to me like there'd need to be heavy investment in many industries to deal with not being able to encrypt but having a requirement for "security"... I personally can't fathom solutions without without encryption for some of those financial data requirements...
As much as I have a distaste for the way some large companies heft their weight politically, this might be a "good" time to see that happen...
... we'll probably see someone trying to sneak in some kind of "any form of encryption must allow for bypass by 'The Government'" law..
[ link to this | view in thread ]
Re: Technically speaking, there's currently a way to implament this now
[ link to this | view in thread ]
Re: Re:
There is no way to tell what is and what is not authorized encryption without redesigning how the internet works. If something is encrypted, it is basically just unintelligible noise and no amount of packet level inspection will change that.
There are several hundred standards and best practices from pretty much every industry on how thing should be encrypted. A sure fire way to piss of every industry on earth is to force them to spend billions to apply for an exemption, check that they are compliant, and/or redo their current encryption systems.
Between industry and impossibility lay the dreams of big content.
[ link to this | view in thread ]
DiHydrogenMonoxide
We should ban phosphorus while we're at it too. That stuff can be just as dangerous.
[ link to this | view in thread ]
Re: This a great example of a lack understanding real work technology use
And don't forget about medical information. I believe (not sure about this) that HIPPA requires some form of security (encryption) when sending medical records via the internet.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
God I hope you're right.
I am totally against it. I think it would be huge step backward for both civil liberties and personal security to ban encryption. But I wouldn't put it past our politicians to do just that.
[ link to this | view in thread ]
[ link to this | view in thread ]
It didn't work then and it won't work now. Encryption's no big deal any more. I can knock off an AES implementation in a handfull of hours.
[ link to this | view in thread ]
Re: Hsqr Zcaysqc Gr'q Dpgbyw
[ link to this | view in thread ]
I am far more worried about a Santorum Administration outlawing encryption than anyone else. Santorum advocates an internet porn filter, like that proposed in Australia, and including making circumvention of the filter illegal, which would effectively outlaw VPNs.
And Santorum may well run in 2016.
[ link to this | view in thread ]
Re: God I hope you're right.
[ link to this | view in thread ]
“Clipper” Chip Redux, Anybody?
Back then, law enforcement was worried about the increasing popularity of powerful open-source encryption tools like PGP. Given that encryption is even cheaper, more powerful and more easily available nowadays than back then, what’s the bet we’ll see somebody trying to resurrect this idea as some sort of “compromise”?
[ link to this | view in thread ]
Re: Oh it's not just the UK..
> refuse to turn over encryption keys/passwords
> when requested to do so by a member of the
> police or security forces. Refusal can result
> in up to five years imprisonment.
So when they've arrested you on murder, rape, terrorism, whatever, and you know the evidence needed to convict you is on your laptop and they're threatening you with five years in prison for not giving over the key... you're still better off taking the nickel, than giving them the evidence and going down for 20-30 years.
[ link to this | view in thread ]
Re: Re: Re: DRM?
We are 10% of the US economy. We say banning *our* use of encryption is bad. Now go do your duty and just make it illegal for everyone else to use it!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Oh it's not just the UK..
[ link to this | view in thread ]
Re: Re: Re: Oh it's not just the UK..
[ link to this | view in thread ]
Cryptabyte.com
[ link to this | view in thread ]
Banning Encryption....
Since a number of states in the US and some other countries around the globe are already under fascist control, the effort does not surprise me... But, there is a line. IF it's crossed, revolution ensues.... Then ALL bets are off.
[ link to this | view in thread ]
Define Encryption
If I used EBCDIC instead of ascii to encode my characters in an email is that encrypted?
How about compression techniques? Are those encryption?
Basically anything that one person can't make sense out of but that another person can is "encrypted". So if this website was in chinese, it'd be encrypted from me as I can't read (or speak chinese).
Obviously some "encryption" algorithms (such as chinese) are more well known than others and the "decryption" algorithm is also widely known, but does that make it less encryption?
My point is that I'm not sure how the government could distinguish between what they call unencrypted data, and encrypted data. (Which is not to say they wouldn't try).
[ link to this | view in thread ]
Re: God I hope you're right.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: God I hope you're right.
Then what?
[ link to this | view in thread ]
Re: Re: Re: God I hope you're right.
[ link to this | view in thread ]
Re: God I hope you're right.
Here... I made this in two weeks in Visual Studio. It will encrypt files and text with up to 128 byte keys in a data-dependent fashion such that each byte encrypted influences the encryption of every subsequent byte:
http://www.mediafire.com/download/sxdituc4t3u4vhy/KOStreamEncryption.zip
Here's a description of the algorithm: http://imageshack.com/a/img208/6293/z0xc.png
[ link to this | view in thread ]