Demonizing Strong Encryption: Welcome To The Crypto Wars 2.0
from the paedophiles,-murderers-and-terrorists dept
Recently Techdirt wrote about the extraordinary tirade by the new GCHQ boss, Robert Hannigan, which boiled down to: "however much we spy and censor online today, it's still not enough." It was so full of wrong-headed and dangerous ideas that it was hard to capture it all in one post. Here's one thing we didn't have room for last time:
Isis also differs from its predecessors in the security of its communications. This presents an even greater challenge to agencies such as GCHQ. Terrorists have always found ways of hiding their operations. But today mobile technology and smartphones have increased the options available exponentially. Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are "Snowden approved". There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.
Leaving aside the rather pathetic dig at Snowden at the end there, and the unsubstantiated statement that terrorists have benefited from his leaks, the key message here is that strong encryption is now used routinely by the wrong people, and that it presents an "even greater challenge" to the world's security services. If that lament sounds familiar, it's because suddenly, over the last few weeks, it has become the persistent refrain of law enforcement agencies in both the US and UK.
First we had the FBI Director James Comey talking about his agency's fears about things "going dark" because of encryption; then we heard from NYPD Commissioner Bill Bratton about how encryption "does a terrible disservice to the public"; a couple of weeks later, former NSA General Counsel Stewart Baker suggested the reason Blackberry had failed was because it used "too much encryption".
Now it seems that the baton has been passed to the UK. The day after Hannigan led the way with his piece in the Financial Times, the head of London's Metropolitan Police added his voice to the chorus of disapproval, as the London Evening Standard reports:
London's police chief today warns society against letting parts of the internet become a "dark and ungoverned" space populated by paedophiles, murderers and terrorists.
What's particularly interesting is that as part of his visit to New York to make this speech, Hogan-Howe was also planning to meet all the senior US officials who had just voiced their concerns about encryption in precisely the same terms:
In a call for action, Met Commissioner Sir Bernard Hogan-Howe says encryption on computers and mobile phones is frustrating police investigations, meaning parts of the web are becoming "anarchic places".Sir Bernard has spent several days in talks with New York and Washington police chiefs about the threat of terrorism and what he calls "the challenges and opportunities" of technology. Today he was meeting FBI director James Comey.
It's hard not to see this as part of a concerted and organized counter-attack against growing calls to rein in US and UK surveillance in the wake of Snowden's revelations. The common line on both sides of the Atlantic is that encryption has gone too far -- that "the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require". The clear implication is that only "paedophiles, murderers and terrorists" would want strong crypto, and that for law-abiding citizens with nothing to hide, crypto with backdoors is good enough.
He was also telling law enforcement experts behind closed doors at the New York police department that the internet is now a safe haven for criminality, adding: "Privacy is important but in my view the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require."
But it isn't, of course. Law-abiding citizens with nothing to hide have a perfect right to real privacy online, just as they have a right to use doors, walls and curtains to screen off their private lives from the world's gaze. As Techdirt has noted before, placing backdoors in nominally secure systems simply makes them completely insecure, since there is no way to stop the bad people from using them too. Moreover, weakening crypto would not only make the Internet vastly less secure for billions of users, it would also undermine millions of online businesses and thus the economies with which they are now so deeply intertwined.
We can expect more of these blatant attempts to demonize strong cryptography, and to paint its mere use as a sure sign of terrorism and depravity. But we have been here before. During the 1990s the US government tried to introduce backdoors into secure communications using the Clipper chip. Civil society won those first Crypto Wars; now it needs to gird its loins to fight and win Crypto Wars 2.0.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bernard hogan-howe, crypto wars, demonized, encryption, james comey, mobile encryption, robert hannigan, stewart baker
Companies: apple, google
Reader Comments
Subscribe: RSS
View by: Time | Thread
Who the hell are they?
And who are they to say what anyone else "reasonably requires"? But I know what they mean: they mean that nobody except criminals would "reasonably require" privacy against governments, despite the entirety of history showing us why this assertion is laughable.
[ link to this | view in chronology ]
Re: Who the hell are they?
Mmm, there was a time when peasants were only allowed to have the bible read aloud to them in church. What genuine domestic user would require a BOOK! Information is for gatekeepers!
[ link to this | view in chronology ]
Re: Re: Who the hell are they?
[ link to this | view in chronology ]
Re: Re: Who the hell are they?
Well, in their defense, books were copied by hand and the town only had one. Had to safeguard it with someone who wasn't likely to destroy it.
[ link to this | view in chronology ]
Re: Re: Re: Who the hell are they?
Well, that was over 500 years ago. The Printing Press and the Church are still both around and going strong.
[ link to this | view in chronology ]
Re: Re: Re: Re: Who the hell are they?
your logic entails: since the printing press had no effect on anything, then the internet will have no effect on anything, so we might as well stop using it.
just as a point of order, going against the MPAA is not the kind of law breaking they are concerned about. large scale drug trafficking and human trafficking, which kills tens of thousands a year each year worldwide, are more in the ballpark.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Who the hell are they?
What I said is that it utterly and completely failed to fulfill the priests' doom-and-gloom predictions, just as each new technology that the copyright interests say is going to wipe them out ends up doing nothing of the sort.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Who the hell are they?
You must have missed the whole DHS panty raid thing.
[ link to this | view in chronology ]
Re: Who the hell are they?
[ link to this | view in chronology ]
Re: Who the hell are they?
I would consider reasonable to mean something that's as far from easily breakable via brute force with equipment available to the "bad guys". Since the equipment increases in power and sophistication each year, and flaws deliberately or inadvertently introduced by vendors requires extra protection, we may have very different ideas of what's reasonable now, let alone just a few years hence.
As for "domestic user", well my data needs to be secured against theft, and if I work from home I need access to strong VPN security on my end as well as my office, not to mention my bank or anything else sensitive or vulnerable in transit. This applies doubly to any portable devices that may commonly be used on public networks, or more easily lost or stolen.
When all we have is vague platitudes that don't take into account the way things are used for legitimate purposes, I hope he'll understand us being less willing to swallow proclamations about what we "need"
[ link to this | view in chronology ]
UK and US Governments listen up...
You escalated this by illegally retaining all of this data and lying about it publicly.
You have violated our right to privacy, our right to be secure in our person and communications.
You started this, don't be surprised when we *GASP* don't trust that you have our best interests at heart and take steps to limit what you can illegally steal, spy on, retain about ourselves.
That doesn't make us pedophiles, terrorists, criminals at all.
It makes us Citizens of our respective nations who have been molested by our Governments, violated by our nations intelligence communities, our rights abrogated by persons whose only interest is to control every aspect of the public as is humanly possible to maintain control by their representative governments.
In the United States, those elected official comprise only 0.00016988% of the population of the country.
Why do we allow so few to damage so many?
[ link to this | view in chronology ]
Terrorist Pedophiles
[ link to this | view in chronology ]
Re: Terrorist Pedophiles
[ link to this | view in chronology ]
Re: Re: Terrorist Pedophiles
[ link to this | view in chronology ]
Re: Re: Terrorist Pedophiles
Rule #4 - Doubletap
Substitute pedophile for zombie, though grouping them together like that does a dis-service to zombies everywhere.
[ link to this | view in chronology ]
Re: Re: Re: Terrorist Pedophiles
Go ahead and give me a generalized argument for why you should be able to kill people that you want to kill.
I'm listening...
[ link to this | view in chronology ]
Re: Re: Re: Re: Terrorist Pedophiles
Go ahead and tell me that it's not good to do that when someone molests a child, goes to prison, gets out and then molests your child or a nephew or niece, or best friend's child.
Then what do you think? Still okay to let that inhuman fucker live? Hell no. For something like this, you get one and only one chance. Don't be that pedophile, or die.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Terrorist Pedophiles
Yes there are some paedophiles that need to be locked up indefinitely, but to actually make the decision to take their life away makes you just as bad as them.
The OP was simply making the point that politicians band around the terms paedophile and terrorist way to often.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Terrorist Pedophiles
He's got a point.
If granting due process to pedophiles stops file-sharers being double-tapped, fair enough, right?
[ link to this | view in chronology ]
Really, these people should be kicked out of their jobs.
[ link to this | view in chronology ]
Almost every month a high-profile politician turns out to be caring about kids too much yet they are never arrested.
[ link to this | view in chronology ]
Re:
But law enforcement is too weak and too cowardly to take on the Catholic church. They'd prefer to spend enormous resources going after one pedophile here or an isolated ring of a few there rather than going after the biggest club of pedophiles on the planet.
So let's not have any whining from the FBI about how hard it will be to track pedophiles. It's not. Just go to Boston or St. Louis or any other major city, find the leaders of the Catholic church, and you'll be on the right track.
[ link to this | view in chronology ]
Re: Terrorist Pedophiles
You can go to jail for forgetting your password, so what's the deal?
Oh, the law does not work as well as the government expected, in spite of civil libertarians warning that it was never well thought out.
Did the government not contemplate in the 1990s that any smart criminal would use multilayered encryption, steganography and deniable encryption regardless of the go to jail card?
Only a handful of stupid criminals have been sentenced for failing to disclose their encryption keys, and surprise the members of IS are likely outside the writ of UK's police.
However, the UK police is far from clean, and organized crime has penetrated the institutions from top to bottom including the CPS.
[ link to this | view in chronology ]
Too much or too little encryption?
As I recall the start of the decline in their market share coincided with all and sundry governments demanding backdoor access, making them a liability to businesses.
[ link to this | view in chronology ]
Fuck all those guys to hell and back again .. with a six fisted baton.
It's like the same play book as entertainment mafioso - we can't make money *if* ... (same baton, same deal)
Imagine having to create and explore new means and methods of getting their respective jobs done as opposed to duct taping your face to their wall of ass.
They have ZERO right to drive your respective privacy into the ground. None. At all.
Boo! Terrorism, pedophiles and drugs. .. Fuck you.
[ link to this | view in chronology ]
Off course that only works if you actually understand that you're not an infallible spy yourself.
[ link to this | view in chronology ]
25th Anniversary of Fall of the Berlin Wall
[ link to this | view in chronology ]
I'm sick of it. My business is none of your goddamn business.
Stop trying to justify "at all costs" for your endless bullshit unwinnable wars.
[ link to this | view in chronology ]
Sorry Glynn but this exact statement and the way it is worded is a part of the whole problem and is part of the fallacy that the people you are trying to say are in the wrong are using.
The correct phrase should be "EVERYBODY has a right to privacy online"
And whether you or others like it or not that everybody includes criminals, politicians, soldiers, parents, children, and even terrorists and even peadophiles. Since until due process is applied and those people are actually convicted and tried of a crime they are and still retain the same rights as everybody! In fact The right to privacy doesn't get extinguished after they are even convicted, nor should it.
[ link to this | view in chronology ]
Re:
Criminals, politicians.
Just thought you should know.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
ie - politicians = super-stupid criminals.
[ link to this | view in chronology ]
Re: Terrorist Pedophiles
Pedophilia has no more to do with encryption than carjacking has to do with computers.
A pedophile abusing a child can't hide his physical abuse by encrypting his act.
The only nexus between pedophiles and encryption is there because the law has made possession and distribution of depictions of certain crimes a serious crime.
In the UK, there doesn't even have to be an actual crime or an actual child in order for the depiction to be illegal.
[ link to this | view in chronology ]
Re: Re: Terrorist Pedophiles
Same in the US. Even cartoons can count.
[ link to this | view in chronology ]
Re: Re: Re: Terrorist Pedophiles
Same in the US. Even cartoons can count."
And if there is no sexual activity (read: only nudity) try getting a conviction. Look at Robert Marplethorpe (tried and acquitted) and Jock Sturgis (never charged with anything).
[ link to this | view in chronology ]
Re: Re: Re: Re: Terrorist Pedophiles
A conviction is not necessary, vigilantes will take matters into their own hands and they don't care about innocence or guilt.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Terrorist Pedophiles
[ link to this | view in chronology ]
Re: Re: Re: Re: Terrorist Pedophiles
This has been done. The rule is that if the purpose of the work is to cause sexual excitement and the work involves characters that are claimed to be or portrayed as underage, it's child porn. Whether or not the work is a photograph or whether or not children (or even actual people) were ever involved in the generation of the work isn't the relevant criteria.
[ link to this | view in chronology ]
how do they know?
[ link to this | view in chronology ]
Re: Who the hell are they?
The bad guys are already inside the system.
The UK police is notorious for its corruption and lack of willingness to clamp down on abuse by its own.
Scotland Yard corruption: leaked report claims police were bribed to DESTROY evidence and SLEPT with criminals
The police is corrupt and can't even clean its own house.
[ link to this | view in chronology ]
Same argument is used for gun control
This is the same argument used for gun control. Just like with making guns illegal and only criminals will have guns; making encryption illegal will guarantee only criminals/terrorists have encryption. So while the rest of us are left exposed, the criminals/terrorists will be free to do as they please. They are criminals after all.
[ link to this | view in chronology ]
Companies have a choice, they can buddy up with what the spy agencies want and lose their profit and reputation or they can boost their encryption in an attempt to show their customers they are concerned with customer concerns, thus improving their damaged brand image. Those major corporations housed in the US are starting out damaged, whether they had anything to do with allowing access or not, simply by where their home office is.
[ link to this | view in chronology ]
Mainstream encryption can be sabotaged as much as agencies like. But the unsabotaged stuff will always still remain discoverable. The only real people to "blame" are mathematicians for opening this Pandora's box (and no I do not think they should be blamed - if they weren't going to discover uncrackable encryption, somebody else would have, probably under an authoritarian regime).
As long as this is true, bad actors will use unsabotaged encryption.
You can't turn back the clock on science.
[ link to this | view in chronology ]
a potential crinimal/ terrorist can be found by other methods.
not just by the data on his phone.
it would be naive to think that facebook ,or twitter is not being used to monitor extremeist groups .
I think the average iphone,android phone is less than secure ,there seems to be vunerabiltys discovered in ssl, webrowsers, etc
every month.eg heartbleed .
[ link to this | view in chronology ]
- Encryption makes communications unreadable except by the respective parties
- Therefore, Bad Guys will use it to communicate outside the purview of law enforcement
- Therefore, we should break strong encryption so that all communications are vulnerable to a third party's reading
The third point is presented as "so the Good Guys can catch the Bad Guys", but those Good Guys might want to try coming back when they've created a crypto backdoor that only they can exploit.
[ link to this | view in chronology ]
Re:
it is designed to block *anyone* from accessing the information. ergo, any crime conducted over that network will be unprosecutable.
your argument is: because my (very inflated btw--not the one in US or worldwide human rights law) conception of privacy will be damaged by breaking strong encryption, law enforcement has to end.
you *are* saying that.
you can say it, but saying it in the name of law or human rights is facile nonsense, because your overt logic is that we have to give up the rule of law entirely to satisfy your notion of privacy--a notion that is only itself guaranteed by the rule of law you have just thrown out the window.
[ link to this | view in chronology ]
Re: Re:
No, my argument is: breaking strong cryptography does not enable only the Good Guys to read everyone's communications. It enables everyone to read everyone's communications. That is not a world I want to live in. But please tell me how that equates to "giving up the rule of law entirely".
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
you *are* saying that."
That is not even remotely close to being accurate.
[ link to this | view in chronology ]
why, just look at what the Tor developers say in response to Operation Onymous: they are full of praise for the innovative methods used to track down clearly illegal activity and make clear that Tor is not meant to be used to by pass such efforts:
https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous
and in the real world, actually they pretty much come out and say exactly what this article is mocking: they believe law itself is "illegal," and so are justified in developing tools to bypass it entirely.
[ link to this | view in chronology ]
I certainly worry more about my government than I do about them, as of late...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Who the hell are they?
If the interception is only about drugs and sex, it should clearly be limited to that, but you haven't read well, have you?
This is from the GCHQ website:
"• In the interests of national security
• In the interests of the economic well-being of the UK
• In support of the prevention or detection of serious crime."
Also the infamous key disclosure mmandate under RIPA is so broad that it can be used in cases of "...for the purpose of securing the effective exercise or proper performance by any public authority of any statutory power or statutory duty," or "for the purpose of preventing or detecting crime;" or "the interests of the economic well-being of the United Kingdom".
Nothing limits the exercise of that power to drug or sex crimes.
The mandate is so laughably broad that investigation of any crime can result in a disclosure order.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Who the hell are they?
I am sick and tired of the police state sustaining itself through new laws banning adults from smoking, drinking or inhaling what they want.
Most drug and sex crimes are victimless acts, and to the extend that there is violence, threats of violence or exploitation of minors, other laws should be sufficient.
Most of what nowadays is categorized as 'crimes' are in fact without a victim.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Re: Re: Terrorist Pedophiles
if they pass the Miller test.
But child pornography laws require an actual child.
In the UK, there doesn't have to be a showing of obscenity.
Mere depictions of child like figures engaged in sex can therefore be prosecuted under UK law without a showing of obscenity.
[ link to this | view in chronology ]
Clear evidence for how nuts they are
But not GCHQ.
[ link to this | view in chronology ]
Onwards
[ link to this | view in chronology ]
Looks like someone's showing their cards a bit
[ link to this | view in chronology ]
Re: Re: Re: Re: Terrorist Pedophiles
Why not death for rape of a woman?
Fortunately such a punishment for a nonlethal crime violates the Eighth Amendment.
Advocating capital punishment for any other crime than murder is evil.
Not even Texas or the red states had such laws.
[ link to this | view in chronology ]
moar thoughts on CW's 2.0
I always wondered how they could make it so the file wouldn't go through those countries they didn't want it to. Looking back at it looks like the Obamacare website of today e.g. a giant fiasco fascia with scrambled nonsense full of fascists trying to profit off your UN HEALTH as a number one policy underneath. What hospitals do, You or I would go to prison for a LONG TIME.
I remember pgp CTK version (cyber templar knights) with those big keys. And whispers of the big keys aren't more secure. Right. Honestly $100 isn't MOAR than $10 cuzz math kills in in in Commie Corps.
Then back to programming again with crypto++
more little utils like apocalypso.
obscure packers like AIN. uuencode, uudecode
portable email with crypto plugins
operating your own mail servers and port knocking
... SPA
Back to programming again... Now really anyone who puts a little time / thought into it can make their own crypto.
But what I worry about more today, is the CHIPS/ doping/manufacture/chain of custody. The 3D printers aren't doing CHIPS yet as far as I know. So truly nobody has clean trusted chips.
There's so much crypto out there, it's pointless to call this a war 2.0, more like an agenda to to break their oath and unleash their unremorseful psychopathy upon the monetary systems of the planet.
It is what's leading to WW3.
The day the bastards broke their oath to defend the US Constitution was the day, this country was put on the path down the toilet. Now it's so sick, it isn't even growing.
These bastards are turning the lights out on the human race!
Nobody believes what those oath breaking scum the AG, the NSA, the CIA, the PENTAGON, the WHITEHOUSE, the FBI say. They're infested with ISRAEL. until that and the oath breakers are expunged from the system, this will be a downward spiral
[ link to this | view in chronology ]
You forgot drug dealers. You can't have the Four Horsemen of the Apocalypse, without drug dealers.
[ link to this | view in chronology ]