Here we go again. Seven major governments call for tech companies to weaken encryption—just like the last time, and the time before that, and the time before that, and …
And, just like previous times, their hook to catch our attention is child abuse. In other words: Vile, awful, terrible people exist—which is why we can’t have nice things.
Or so say the US, the UK, Canada, Australia, New Zealand, India, and Japan. They want to outlaw strong encryption.
But guess what: Criminals don’t obey laws! Amazing, but true. In this week’s Security Blogwatch, we once again facepalm at political stupidity.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The voice of reason.
Irresistible force meets immovable object
What’s the craic? Catalin Cimpanu reports—Another Five Eyes meeting, another call for encryption backdoors:
Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement [again] calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications. … Representatives from the seven governments argue that the way E2EE encryption is currently supported on today’s major tech platforms prohibits law enforcement from investigating crime.
E2EE … allows a safe haven for criminal activity and puts the safety of “highly vulnerable members of our societies like sexually exploited children” in danger, officials argued. … Pressure has been mounting in recent years as western governments seek to reach intelligence-gathering parity with China.
But I’m not sure it’s a competition. Simon Sharwood says they want us to bake backdoors into everything:
The Five Eyes security alliance … frames the issue as a matter of public safety. [It] quotes statistics about the extent of child exploitation activity online and asserts that if law enforcement agencies can be allowed to view encrypted communications, it will enhance public safety.
The statement does not express entirely new sentiments. The very fact the seven nations felt the need to issue it is surely notable.
Won’t somebody think of the children? Here’s their self-contradictory communiqué—End-To-End Encryption and Public Safety:
We … support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. [But] we do not support counter-productive and dangerous approaches that would materially weaken or limit security.
Particular implementations of encryption technology … pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. … One in three internet users is a child. … Measures to increase privacy – including end-to-end encryption – should not come at the expense of children’s safety.
Data protection, respect for privacy and the importance of encryption as technology changes and global Internet standards are developed remain at the forefront of each state’s legal framework. [We] strive to work with industry to collaborate on mutually agreeable solutions.
Good luck with that. Tim Cushing cuts to the chase—Countries Band Together To Complain About Facebook:
The world’s law enforcement agencies are back at it, advocating for the demise of end-to-end encryption. … Again, the international law enforcement community is asking for weaker encryption—and namechecking Facebook as the cause of and potential solution to all the world’s child porn problems.
At best, it’s completely disingenuous. Almost immediately following [the] assertion that [they] have no intention of pursuing counterproductive/dangerous approaches, [they] list the counterproductive/dangerous ways they’d like encryption to be broken.
Weakened encryption that allows Facebook to intercept users’ messages does nothing for the millions of Facebook users who’ve never trafficked in illegal content. The company can either give users security and privacy, or it can give these governments what they want. … The middle ground that governments think the private sector should nerd towards simply doesn’t exist.
We’ve heard all the arguments, both for and against, countless times already. But AcidFnTonic’s is a new one on your humble blogwatcher:
This is a grab at being able to “understand” instead of just being able to “search.” … Encryption is just me arranging my life in a way that “once searched” is not easily understandable.
[But] once broken encryption is required, other encryption will be prohibited. Since randomness looks like encryption, this is basically a rule that you are not allowed to be random.
It is an end-run around the concept of guilty until proven innocent. Random is resistance.
Random numbers to become illegal? An adventurous skeptical i slightly misquotes the King of Hearts:
“He must have meant some mischief, or he would have signed his name like an honest man.”
And this Anonymous Coward is suitably scathing:
We still have idiots everywhere who’ve convinced themselves that requiring criminals to announce their presence to their enemies is the best solution. This just in: Criminals intentionally don’t follow laws.
In other news: Politicians in five different countries have signed agreements mandating by law that water be dry so that they don’t have to hire people to mop up the wet parts.
Any other unintended consequences of weakened encryption? Here’s bagofbeans:
The tradeoff is that the secret services … will be able to covertly play with the bank balances (etc.) of anybody in the world. Frameups will be trivial, because chains of custody will become unsecurable.
I wonder if courts will accept that all electronic evidence must be regarded as tainted by default?
Of course, experience shows that keeping skeleton keys secure is impossible. Scary Devil Monastery thinks this thought experiment:
If the FBI tries to cast a dragnet for drugs, gun running and CP, they will instantly find evidence of such in the computers of every US politician the mob, Russia and/or China do not like. … This, in a nutshell, is why even China isn’t inserting hardware backdoors in the hardware over which they have control – they know that rather than gain a weapon they’d have it held to their own throats.
But but but … the children! Won’t somebody think of them? Dr AntiSol wishes the sheeple would wake:
You’re falling into their trap, where they make you think what they say they want is somehow reasonable, useful, or indeed possible. The truth is that it’s all just bull****.
It’s not about stopping crime or saving the children, that’s just the lie you’ve swallowed. They want mass surveillance, and widespread encryption makes that hard.
Meanwhile, fred911 repeats the lessons of history:
What they don’t understand is [they] can’t legislate the rules of math. …. This type of governmental posturing isn’t any different than Clinton with his “Clipper initiative.”
The math is the math and we can thank Zimmerman for standing up for the right of people to … encrypt data.
The moral of the story?
They’re not giving up. So if you use end-to-end encryption, listen to the wind blow (but I can still hear you saying you would never break the chain).
You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or firstname.lastname@example.org. Ask your doctor before reading. Your mileage may vary. E&OE. 30.