Ed Snowden: Governments Can't Make The Public 'Safer' By Undermining The Encryption Essential To The Public's Security
from the DOES-NOT-COMPUTE dept
With the DOJ uniting with the UK and Australian governments to decry the use of end-to-end encryption by messaging services, it's again time to remind people why encryption matters. The way these government entities see it, encryption mainly helps criminals. Apparently, it's simply not necessary for law-abiding citizens to have secure communications.
This is wrong on many levels, starting with the insistence there's a safe way to circumvent encryption. There isn't. But multiple government agencies claim tech companies are overstating the reality, when all they're actually doing is stating the obvious.
Someone who knows a thing or two about the importance of encrypted communications has written an op-ed for The Guardian. Ed Snowden's article points out why citizens should be alarmed governments are trying to make their personal communications less secure for the children or the greater good or whatever.
For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the US Intelligence Community’s Worldwide Threat Assessment – that’s higher than terrorism, higher than war. Your bank balance, the local hospital’s equipment, and the 2020 US presidential election, among many, many other things, all depend on computer safety.
And yet, in the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world’s information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe.
Encryption for communications encompasses far more than the idle chatter of social media users. Facebook is the target of the combined force of the US, UK, and Australian governments -- thanks to its plans to add end-to-end encryption to its Messenger service -- but other platforms and services providing encrypted communications will be next on the block if Facebook is deterred from offering this protection. Or worse, talked into creating a backdoor so either it -- or government agencies -- can spy on users' communications.
As Snowden points out, actual infrastructure is at stake. Encrypted communications are vital to the security of plenty of things even governments would like to see remain secure. And yet, they're willing to paint encryption as an accomplice to criminal acts, rather than the vital necessity it actually is.
If Facebook is willing to limit the amount of data it can harvest from its users by locking up Messenger so tight even it can't see the messages, providing encryption must not only be of value to users, but to Facebook itself. This cuts against the DOJ's ridiculous arguments that no one is demanding secure communications -- a statement that insinuates private companies are sticking it to the man just to stick it to the man.
These governments are claiming the introduction of encryption will make it impossible to investigate criminal acts. The one most frequently cited is the production and distribution of child porn. Recent cases make it clear encryption isn't preventing law enforcement agencies from tracking down criminals or shutting down their dark web services. The DOJ and others still have a wealth of investigative tools at their disposal. Private conversations that remain private doesn't change all that much. The history of criminal activity includes millions of conversations law enforcement agencies had no access to, and yet, they still managed to arrest and prosecute criminals.
This isn't about making anyone safer or preventing encrypted services from becoming ad hoc child porn servers. This is about what works easiest and best for governments.
The true explanation for why the US, UK and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power: E2EE gives control to individuals and the devices they use to send, receive and encrypt communications, not to the companies and carriers that route them. This, then, would require government surveillance to become more targeted and methodical, rather than indiscriminate and universal.
The "public safety" argument doesn't make sense. The public doesn't achieve a net "safety" gain when its private communications are compromised. But it makes sense to these governments, which have often considered the rights they promised to respect as inconveniences to be routed around or removed completely.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: chris wray, doj, ed snowden, encryption, fbi, going dark, william barr
Reader Comments
Subscribe: RSS
View by: Time | Thread
it's about power
` "The true explanation for why the US, UK and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power"
`
Bingo.
and this is a truth about government in general, not just this minor encryption issue.
the larger lesson is lost on most people.
[ link to this | view in thread ]
Reframe the issue
Imagine a campaign that calls for doing away with end-to-end encryption for banking, healthcare, business VPNs, and Cloud. That's the same end result, and people need to understand that calling for one is equivalent to calling for the other.
Of course the risk would be that somehow this patently ridiculous straw-man notion gains momentum in this bizarro world political climate.
[ link to this | view in thread ]
IN a world where people use apps and can shop online encryption is more important than ever,
its used by protestors and lawyers and human right,s activists and minority groups like the kurds .
the usa and australia do not ordinary people to have
the power of private messaging , and privacy .
Theres loads of ways to catch crinimal,s including monitoring web browsing
and sms messaging .
[ link to this | view in thread ]
One of the things that keeps amazing me about the call to end encryption because of child porn is that they keep skipping over the fact that child porn can't be kept private. If Bad Joe makes child porn and keeps it just on his home computer, there is no money to be made. He has to sell access to it to make money. That requires that it be available somewhere. No matter how careful Bad Joe is, that "somewhere" will become widely known and lead back to Bad Joe. Even with encryption, somebody will spill the beans about where/how they got access to the child porn that Bad Joe supplied and with some good old fashioned detective work, Bad Joe will be found and eventually incarcerated.
But, just being able to track everybody everywhere will not be as easy if encryption is in place and of course it will be (maybe) easier to track down Bad Joe because he has to roll his own encryption instead of public providers.
[ link to this | view in thread ]
Id like to highlight the last line of the final quote.
Surveillance and investigation is focused on "Third Party Records". To use a communications platform, you have to give those communications to that platform. E2EE denies the meaning of those communications to everyone but those on the endpoints, even if it still leaks large volumes of metadata. Surveillance and investigation can still be done absent the content of communications. Before we could just subpoena entire text conversations with a pen trace order, even when they got a wiretap, there was no guarantee of understanding of the content of communications they got, or if they did understand that information that they could prove the communication said what they thought it did. Coded speech is lost on a large portion of the US population if we take reactions to the President's use of coded mob language as genuine.
In the end though, properly assessing targeted surveillance and investigation takes people and money. And they are wasting a ton of it watching porn and creating fake terrorist plots. Actually allocating resources to assess threats and perform actual investigations with the thousand smaller pieces of evidence? That would cut into the time law enforcement is spending distributing Child Porn more efficently.
[ link to this | view in thread ]
Re:
You can go further with this idea. Why's the porn itself the problem? It should be the abuse that's the problem, and the porn is the evidence of that. So if it disappears, will the police still be able to catch abusers? Given that availibility of adult porn was correlated with decreased sexual crime, will child-abuse rates go up or down? Your comment suggests that making money is the primary goal of child porn, but I'm not aware of evidence.
I mean, it sucks to have embarrasing pictures of oneself online, or pictures of oneself being criminally victimized, but in the USA we can't do shit about the non-child-porn pictures we don't like. Nothing can be done about my (clothed) childhood pictures placed online without consent. A picture of an adult getting robbed or murdered could win a Pulitzer, and no discussion of being "re-victimized" will make it go away.
[ link to this | view in thread ]
There isn't a single government let alone a government agency, security or otherwise, yhat is in the dlightest bit interested in their people or their people's security, safety or wellbeing. Every government and sgency wants to know everything sbout everyone, everywhere. Why? Because it's so much easier tracking people who do nothing wrong than even finding out those who should be tracked because they may do something wrong! The travesty is the whole planet is being turned into one that surveils everyone EXCEPT those who should be and the majority of those who should be are those in high positions, wealthy and famous. They want to know all about us but want to keep all their dirty little wrong doings secret! They, just like the entertainment industries continuously cry 'wolf', continuously blame others when in actual fact they are the bigger perpetrators far!
[ link to this | view in thread ]
Re:
I'd imagine CP sharing via a website (dark or otherwise) that involves money transfers has to do a lot less about making money than it does costs of administration and using a buy-in as a filter as opposed to vetting.
You saw a similar evolution in piracy and file sharing. There is sneaker-net piracy where you see tape trading as a big thing. But to "buy in", you had to be sharing tapes to get tapes. If you were collecting and not sending tapes around, you choked off the market. In the DVD era, just burning another DVD became far easier, and so people would also sell copies outright. While I have no knowledge of the CP market at this time, I imagine The sharing and trading P2P and high-speed internet made video piracy feasible. Torrents and Private Trackers make Piracy harder to track. And in the early days the Buy in was the important bit. The buy in for private trackers was seeding content. You didn't have to necessarily bring with you a rare tape, now you had to help the data move for the tracker to remain healthy. But as time went on, a private tracker develops enough power users seeding that Ratio isn't necessarily required. Thats when you get private trackers who will charge for access, or charge to ignore those seeding limits. Its not just about making money, its also about the willingness to buy in, to contribute as a vetting mechanism. The person who pays is at risk as much as the person who seeds, if the wrong person finds out.
That vetting is, I would imagine even more important for CP distributors. You need to either provide new material, or pay for access, thereby putting you at risk if you tell the wrong person about it. So the money might not be at all about making a profit, or at least only partially about profit. Its about limiting the knowledge, by putting everyone on the hook.
[ link to this | view in thread ]
Re: Re:
Piracy existed long before that, it only requires that people can make their own copies. The music wanted a pirate tax on all recording media, and in some countries got it.
[ link to this | view in thread ]
It can work if you decide to imitate China...
[ link to this | view in thread ]
"Ed Snowden: Governments Can't Make The Public 'Safer' By Undermining The Encryption Essential To The Public's Security"
But they can make the public unsafer by undermining the encryption essential to...
Oooopsie.
[ link to this | view in thread ]
'We will protect the forest from fire by burning it all down.'
Making the public 'safer' by undermining encryption is rather like protecting privacy by mandating that every room must have a camera installed in it to spot anyone attempting to sneak in, with nothing more than a pinky promise that the ones with control over the cameras will never abuse that power or let anyone else access the feed.
The very techniques employed undermine and destroy what they claim they are trying to protect
[ link to this | view in thread ]
Re: Re: Re:
Yup - and I bet the artists didn't see a penny of it!
[ link to this | view in thread ]