France is about to pass the worst surveillance law in the EU.
-
I can invite someone over to my house and talk about anything I want with no risk of government meddling. Why should it be any different in online communication regardless of the country?
-
Luigi wasn’t talking with anyone. None of this would’ve helped them with him.
-
Continuing the analogy, government agencies can absolutely eavesdrop on in-person conversations unless you expend significant resources to prevent it. This is exactly what I believe will happen - organized crime will develop alternate methods the government can't access while these backdoors are used to monitor less advanced criminals and normal people.
-
As an American, I can vouch for this.
-
I think you’re falling into the trap of making a good faith argument when the people pushing to destroy encryption are not.
-
Yup, they are trying to put a backdoor into signal, even though their military advised against it.
-
Although not in the same way, the US is leading the charge on that front.
-
Basically, all encryption multiplies some big prime numbers to get the key
No, not all encryption. First of all there's two main categories of encryption:
- asymmetrical
- symmetrical
The most widely used algorithms of asymmetrical encryption rely on the prime factorization problem or similar problems that are weak to quantum computers. So these ones will break. Symmetrical encryption will not break. I'm not saying all this to be a pedant; it's actually significant for the safety of our current communications. Well-designed schemes like TLS and the Signal protocol use a combination of both types because they have complementary strengths and weaknesses. In very broad strokes:
- asymmetrical encryption is used to initiate the communication because it can verify the identity of the other party
- an algorithm that is safe against eavesdropping is used to generate a key for symmetric encryption
- the symmetric key is used to encrypt the payload and it is thrown away after communication is over
This is crucial because it means that even if someone is storing your messages today to decrypt them in the future with a quantum computer they are unlikely to succeed if a sufficiently strong symmetric key is used. They will decrypt the initial messages of the handshake, see the messages used to negotiate the symmetric key, but they won't be able to derive the key because as we said, it's safe against eavesdropping.
So a lot of today's encrypted messages are safe. But in the future a quantum computer will be able to get the private key for the asymmetric encryption and perform a MitM attack or straight-up impersonate another entity. So we have to migrate to post-quantum algorithms before we get to that point.
For storage, only symmetric algorithms are used generally I believe, so that's already safe as is, assuming as always the choice of a strong algorithm and sufficiently long key.
-
I’d combine both metaphors: police have keys and deadbolts are banned.
The “good guys” CAN get in, and the bad guys can easily break in.
-
France is a police state in which citizens are all suspects. Cryptography was illegal until 1996 outside of government/military use and it's one of the worst countries for any hobbyist who needs to use radio frequencies, fly stuff around or even mere street photography. This law will make it easier for the government to crackdown on anyone using encrypted messaging as a pretext to arrest them or put them under surveillance.
Note that the current interior minister and his predecessor both are vile fascist scum.
-
It sounds like you haven't observed the conversation.
And it's not the tech companes so much as the Linux community who have pushed for e2e.
Considering how many abuses (pretty clear violations of the fourth amendment to the Constitution of the United States) have been carved out by SCOTUS during mob investigations and the International War on Terror, no, the people of the US want secure communication. The law enforcement state wants back doors and keep telling tech folk to nerd harder to make back doors not already known to industrial spies, enthusiast hackers and foreign agents.
You're asking for three perpendicular lines on a plane. You're asking for a mathematical impossibility.
And remember industrial spies includes the subsets of industries local and foreign, and political spies behind specific ideologies who do not like you and are against specifically your own personhood.
-
The eventual outcome of this sort of thing is more widespread use of steganographic data storage schemes. We already have plenty, such as ones that make your data look like unused LTS blocks of garbage and code blocks with multiple hidden partitions, so that you can open one block showing pedestrian data and the court unable to prove there are other hidden blocks.
These are technologies that already exist for those people who are really interested preserving their renegade data.
But if I own a business and I don't want my rivals reading my accounting, and open crypto is illegal, I may go stegan whether or not I have secret slush funds.
-
Spending significant resources to prevent it is exactly what encryption is. What the government wants is to completely eliminate online private communication. Continuing with the analogy: you want telescreens.
-
Huh? I don't think you understand my comment. You're just agreeing with me and I'm already agreeing with you.
-
It is not different and both are done. If you've met people of that worldview (thieves, relatives of bureaucrats, bureaucrats themselves), they really have nothing to say directly, they talk in subtle (they think) hints and subtle (they think) threats.
-
They only thing that can stop a bad guy with surveillance fetish is the same bad bad guy with suddenly found exhibitionism fetish. OK, that's not new, see "Enemy of the state movie". Doesn't work quite like that IRL, of course.
-
This is exactly the sort of argument I was talking about
- The forth amendment counts for less than the paper it is written on outside the bounds of the US
- Most of the rest of the world has laws requiring companies that operate in their jurisdiction - even if they aren't based in that country - to prove access to law enforcement if requested
- If complying with the law is truly actually impossible, then don't be surprised if a country turns around and says "ok, you can't operate here". Just because you are based in the US and have a different set of cultural values, doesn't mean you get to ignore laws you don't like
To illustrate the sort of compromise that could have been possible, imagine if Apple and Google had got together and proposed a scheme where, if presented with:
- A physical device
- An arrest warrant aledging involvement in one of a list of specific serious crimes (rape, murder, csam etc)
They would sign an update for that specific handset that provided access for law enforcement, so long as the nations pass and maintain laws that forbid it's use outside of a prosecution. It's not perfect for anyone - law enforcement would want more access, and it does compromise some people privacy - but it's probably better than "no encryption for anyone".
-
That's a comment I was hoping for, thanks
-
Correction. The worst surveillance law in the EU so far
