[HN Gopher] The Belgian government has removed 'backdoor require...
___________________________________________________________________
The Belgian government has removed 'backdoor requirement' from new
law
Author : Sami_Lehtinen
Score : 407 points
Date : 2021-12-21 13:50 UTC (9 hours ago)
(HTM) web link (tutanota.com)
(TXT) w3m dump (tutanota.com)
| sebow wrote:
| nopcode wrote:
| I wish we would just come up with a strong, transparant legal
| decryption framework already. We moved our lives completely
| digital before e2e encryption came around, claiming that we
| cannot go without e2ee is false.
|
| The "new law" is actually an update of an existing law and it
| would've forced "apps" (e.g. WhatsApp) to provide the same kind
| of text logs on request like the telcos have been doing for call
| log/SMS/location.
| vorpalhex wrote:
| It took governments a while to catch up, and now they have. In
| the arms race between privacy and surveillance, E2E is the next
| shield against the weapon of mass surveillance.
|
| Governments have always had warrant requirements, until they
| decided they didn't need them. If you want my data, get a
| warrant.
|
| The US had it's own top secret database breached.. because they
| used a discount contractor. I choose to keep my data in higher
| regard.
|
| Bulk SMS/location is also a horrible failure of justice and it
| harms innocent people so that a few criminals may be caught.
| This is backwards.
|
| It is better that a criminal go unpunished than for a single
| innocent person to be harmed wrongfully by the government.
| nopcode wrote:
| > It is better that a criminal go unpunished than for a
| single innocent person to be harmed wrongfully by the
| government.
|
| That really depends on the number of criminals and the total
| harm they cause to our society versus the harm caused by the
| government.
|
| We've been having "liberty versus security" debates for
| centuries and the balance is always changing.
| vorpalhex wrote:
| Tomorrow, we decide to re-instate the death penalty for
| people who commit murder.
|
| Our very well trained seers (who are always right) tell us
| that this will reduce murder by 90%.. but 1/20 people we
| execute will be innocent of the crime.
|
| Do we take the bargain?
| 1337shadow wrote:
| That's a really interesting ethical question. It's what
| the right wight asks: most immigrants are fine, but 1/20
| will be radicalized, even commit terrorism acts such as
| mass murder, do we take the bargain? French president
| Francois Hollande testified in court that he knew and
| took the bargain, then, we had Bataclan, Samuel Paty, and
| so on (please don't make me do the exhaustive list).
|
| Now the question is, what would make one decide to apply
| whatever answer they give here, but not there? Definitely
| food for thought!
| michaelt wrote:
| The USA has secret courts that are happy to issue secret
| warrants to spy on _every single customer_ of a major telco.
|
| Your "legal decryption framework" will be abused precisely the
| same way - it would be laughably naive to expect anything else.
| xchip wrote:
| Thanks!
| 1337shadow wrote:
| Just to make it clear: the law wasn't "banning encryption" as
| many people here seem to think, quoting the article:
|
| > the proposed passage that would have forced companies to
| decrypt encrypted data upon request by the authorities got
| removed from the draft law.
|
| Please, let's have a minute of silence for all the victims of the
| criminals that won't get caught because the state can't decrypt
| the necessary evidence. And for their future victims, I will pray
| for them not to be you, nor any of your relatives, because I have
| been in that position and it is not good.
| champagnois wrote:
| We see new technologies emerge that make our day jobs easier as
| they get more and more automated.
|
| I understand the desire of people in gov agencies to have more
| access to backdoors than they currently have, but think for a
| moment the risks that such powers pose to the public when the
| government itself turns authoritarian.
|
| Unthinkable in our current climate, maybe. To the left and
| right of you -- at the NSA or FBI -- everyone is a non-partisan
| patriot who wants a color blind utopia of freedom and
| democracy.
|
| I would argue two points: (1) That an apparratus has already
| been built that is beyond the wildest dreams of prior
| authoritarian states. (2) Democracies are historically rare and
| notoriously short lived. They do not last.
|
| With points (1) & (2), we can conclude thus that the powers of
| such government agencies WILL one day be used by an
| authoritarian regime. It is a question of when, not if. Let us
| not build the authoritarian tools so as to not tempt a future
| would-be tyrant.
|
| The condition upon which God hath given liberty to man is
| eternal vigilance...
| 1337shadow wrote:
| I disagree, I only master French democracy, and of that one I
| can say it is irreversible. As such, I disagree with your
| conclusion, even more so when it boils down to "let's leave
| some criminals running around just in case one day our
| democracy turns into an authoritarian regime like in scifi".
|
| I am affected by the damage caused in the present reality,
| not by hypothetical damage in an highly unlikely reality, as
| such, I base my political opinion on facts that happen in the
| present, factual reality.
| champagnois wrote:
| I admire your enthusiasm and conviction. I do not doubt
| that you and your pro-democracy patriotic brothers and
| sisters at what ever group are probably the right people
| for the job, currently.
|
| In the United States presently, I am concerned about the
| health of democracy itself. I assume authoritarian forces
| from abroad (RU / NK / CN / Iran / others) are abusing our
| open social media networks to radicalize the public. The
| infection here is to a point where a very small minority of
| people even understand there is an infection -- most people
| don't look at problems from this sort of meta perspective,
| and they instead hail from either side of the divide, and
| are begging for a one-party takeover of the system.
|
| I do not see the 1337 folks doing much to fix this. Going
| to hack some routers, spoof some DNS, send people firmware
| viruses, break their servers, collect information? That
| doesn't fix it. Authoritarian attacks on the American mind
| are mostly succeeding and this is blatantly evidenced by
| the radicalism that is becoming so popular in our politics.
|
| If it can happen here, it can happen in France. I'm
| wondering if the only remedy is a government firewall of
| social media / comment sections / etc to keep conversations
| limited to real citizens, rather than foreign information
| warriors.
|
| But hey, what do I know?
| 1337shadow wrote:
| If a foreigner has an argument I believe we want to ear
| it, maybe we refutate it, maybe it improves our
| understanding.
|
| It is happening here in France, the woke totalitarism has
| penetrated our universities, we're removing statues too,
| and soon will also be burning books just like on the
| other side of the Atlantic ... Unless next elections put
| a stop to that.
| champagnois wrote:
| Western governments have not yet fully acknowledged the
| fact that the strategy of seducing totalitarian regimes
| like Russia and China with peaceful economic progress has
| failed. The awakening on this is extremely slow.
|
| Our 1337 have been, on the whole, too arrogant to
| acknowledge that the status quo of how they operate to
| preserve democracy has failed in that it is not enough
| and Democracy is currently receding and morale is at an
| all-time low.
|
| If the civilization we were born to love and defend is to
| survive, then it must adapt to the current threats and
| quickly. Our adversaries are back and more powerful than
| they ever were. It is time we end the drunken holiday of
| the 1990s and bring back the creativity of McCarthyism
| and such.
| 1337shadow wrote:
| McCarthyism was after people with an opinion, I don't
| believe that's a good thing and that it's going to happen
| again in western countries.
|
| The current threat here is a rise of criminality, having
| more evidence would secure more people, this bill was
| actually a try to "adapt to the current threats".
| mellavora wrote:
| What specifically would prevent McCarthyism from
| happening again?
| 1337shadow wrote:
| It's like if you're asking "what would prevent us from
| burning heretics alive again" or "what would prevent us
| from going back into the middle age again", or even "what
| would prevent us from buying slaves again". I'm not an
| expert of McCarthyism, I'm not even American and as such
| have not studied it a lot (barely read a wikipedia
| article about it and a couple of movies), I'd be more
| confortable answering "what would prevent us from going
| back into nazism"? Because I could there build an answer
| based on the current state construct and history.
|
| But, I wouldn't construct my answer about "one thing
| specifically", instead, on a whole context of things,
| such as: evolution, experience, education...
|
| It's a vague but extremely interesting question, I'm
| sorry I'm too tired to disgress as much as I'd love to
| but I suppose my answer would boil down to "we've made a
| long road since McCarthyism, we've learned to appreciate
| confronting ideas", it would be constructed about exactly
| why it's important to study history, keep a memory, and
| keep debating so that every single argument can be
| studied and refutated by anyone.
|
| Again, I'm not fearing hypothetical realities that look
| like scifi, but instead, I'm trying to solve problems we
| actually have right here in our shared present reality,
| such as criminality. It's fine if you don't want to help
| me, that doesn't make you a criminal, but it would be
| great if someone like you with your talent would like to
| help.
| champagnois wrote:
| I do not really disagree with you. McCarthyism was before
| my time and I admit to having no understanding of it.
|
| I meant to say we should be creative in dealing with the
| ways in which totalitarian systems infiltrate our society
| and weaponize our public.
|
| Currently, we do not seemingly have a strong defense
| against what is happening.
|
| I know a bit about what our side does, and I also know
| what their side does and how they do it.
|
| 1337 folks are not enough and they only know half of what
| is going on.
| 1337shadow wrote:
| But are you really off-topic or are you actually much
| deeply in topic?
|
| After all, why wouldn't it be the case here: making our
| own states weaker because "we the public will not
| negociate our privacy!" ? Is the public in question,
| strongly expressing their opinion here, really going to
| benefit from having a weaker state ? Is there no limit
| about how weak we want our state ? At what point does it
| starts benefiting forces which are hostile to our
| civilisation ? Has it even started already ? I think I
| figured your answer to that last one!
|
| What makes our state weaker is not this public, it's
| whatever forces weaponizing this public against our
| states, and indeed I'm aware about them, but the public
| is in the middle, we must win with arguments, by talking
| about reality, I beleive that's how we can wake up and
| face reality and actually debate solutions instead of
| hiding behind distopian scifi scenarios like we are doing
| here.
| champagnois wrote:
| For the record, I apologize for turning this chat from
| "law enforcement" to "winning versus the east" ... I
| acknowledge this is all off topic.
| 1337shadow wrote:
| I see it's off topic but I appreciate discussing with
| you, because I don't think I understand your position
| correctly but I'm trying to!
| champagnois wrote:
| Regardless, if you've been truthful, then we are extended
| family in some way.
|
| Vive la France! Vive la liberte!
| 1337shadow wrote:
| I'm always truthful _unless_ I 'm saying something so
| stupid that I'm expecting nobody to take it seriously ...
| which is pretty french, irony is a bet you take on your
| audience's intelligence, that does not always go as
| planned as you might notice in a comment ...
|
| Long live Canada! Or Quebec whatever side you're on xD
| trasz wrote:
| You could start with explaining what exactly do you mean
| by "totalitarian", and how comes you don't consider
| totalitarian the country with world's highest
| incarceration rate, world's largest army, and world's
| largest civilian death toll.
| NikolaeVarius wrote:
| Yep, I'm fine with this.
| 1337shadow wrote:
| Meanwhile, Belgium has a thriving terrorist community.
| darkwizard42 wrote:
| You keep making this point across the thread about actual
| harm being invoked. The tools available to governments
| today should be sufficient to stop a number of crimes. Yet
| time and time again we see that increased surveillance
| doesn't really correlate to the elimination of crime.
|
| Why not push this energy into making your government
| agencies more efficient with what resources they have? The
| UK has tons of CC TVs in public -- still seems to have a
| high issue with shoplifting, pickpocketing, and other crime
| in public places.
|
| Doesn't it alarm you to keep giving an inefficient
| potentially malicious actor more tools it can abuse?
| 1337shadow wrote:
| CC TVs are taken down.
|
| When a 15 years old dealer does not take it down on his
| own:
|
| https://www.letelegramme.fr/bretagne/a-vannes-le-dealer-
| de-1...
|
| Then it's the mafia taking them all down:
|
| https://www.leparisien.fr/seine-et-
| marne-77/chelles-77500/ch...
|
| But it's actually pretty common:
|
| https://twitter.com/alliancepolice/status/145008668020403
| 814...
|
| https://www.lyonmag.com/article/118297/bron-ils-scient-
| le-ma...
|
| https://www.francebleu.fr/infos/faits-divers-
| justice/dijon-i...
|
| But that's fine because they are "defending our privacy"
| ?
|
| Or, do you want to try to make another suggestion ?
|
| Meanwhile, criminality is thriving and we are powerless
| against it. Maybe we should try planting more trees and
| developing more socio cultural activities ?
|
| Anyway, shouldn't you be against CCTVs because "if the
| state can see them streams then it means a hacker can see
| them too" ? I mean, I think that's the whole point being
| made here against this bill.
| blowfish721 wrote:
| The problem with banning encryption or e2e encryption is
| that it doesn't solve anything. Criminals/terrorists will
| move to a chat app/service that offers e2e encryption no
| matter if it's legal or not. It just means that the major
| players such as facebook, microsoft, google, apple etc
| can't offer it so the only one left hanging is the law
| abiding masses.
| 1337shadow wrote:
| But there is never going to be a silver bullet, it's
| always going to be a cat and mouse chase, does that mean
| we should quit playing at all?
| xboxnolifes wrote:
| If the "forced companies to decrypt encrypted data upon
| request" required companies to store all encrypted
| transmissions _and_ have some way to decrypt it, it 's
| effectively the same thing as banning encryption. It's a forced
| backdoor. Though, I'm not familiar enough with this law to know
| if this was the intent.
| 1337shadow wrote:
| It's not "all encrypted transmissions" that were at stake
| here.
| NineStarPoint wrote:
| All electronic communication means essentially any words
| going over the internet. All transmissions would have to be
| stored in a form where they could be decrypted by someone
| other than the end users. The law wasn't saying "You have
| to be able to flip a switch on a person, and all things
| they send from that point on must be able to be decrypted",
| it was saying "All communication must be able to be
| decrypted whenever the government asks you for it." All
| information being stored in a way that is meant to be
| decrypted for government use means the encryption is
| inherently untrustworthy.
| 1337shadow wrote:
| The law was _maybe_ saying that, but that doesn 't change
| what _I_ 'm saying. Which boils down to "I disagree with
| the response we have given, we should have been
| negociating rather than just saying no". Should I go
| ahead with a disclamer that says which open source
| encryption products used by governments that I'm involved
| into? Not sure, my point is: we have their attention, why
| use it to just say no when we could negociate and make
| outdoors security a feature _in addition too_ online
| security.
| ashtonkem wrote:
| Be wary of whether or not you and the state share the same
| definition of "criminal" and "victim".
| 1337shadow wrote:
| A democratic state is elected by the majority, as such, the
| state should share the same definition as the majority.
| That's the deal we're taking when we decide to live in a
| democracy: that we will abide by the law of the majority.
| This doesn't mean we have to agree: it means we have to
| convince the majority if we want a change.
|
| But a state that can't defend the majority because of an open
| letter signed by a hundred crypto anarchists seems pretty bad
| to have indeed!
| ttybird2 wrote:
| _" A democratic state is elected by the majority, as such,
| the state should share the same definition as the
| majority."_
|
| Despite that * They often don't do what the majority wants
| or is best for them.
|
| * In most european states the government doesn't actually
| have >50% of the votes.
|
| * There are things that are moral that the majority wants
| to be illegal (such as homosexual relationships until a few
| years ago).
|
| * The retraction of this requirement actually serves the
| interests of the majority.
| 1337shadow wrote:
| > They often don't do what the majority wants or is best
| for them.
|
| "The majority" doesn't want exactly the same things, they
| agreed on some thing or two that was prioritary and
| deserved the vote.
|
| > * In most european states the government doesn't
| actually have >50% of the votes.
|
| Really? How is that?
|
| > There are things that are moral that the majority wants
| to be illegal (such as homosexual relationships until a
| few years ago).
|
| That is simply not true, the majority just wants that
| puberty blockers don't be provided to children.
|
| Didn't understand your last point sorry (non native)
| vorpalhex wrote:
| In many countries, it was illegal to practice
| homosexuality. It was a crime to cross dress. In some
| countries it still is.
|
| Should we allow the imprisonment of these people merely
| because the laws say so?
| 1337shadow wrote:
| Well of course I'm engaged against shit countries like
| that, so obviously my answer is no: I do not want our
| companies to comply with them. But I want our companies
| to comply with us, and make, not only online security,
| but also outdoors security, a feature.
| vorpalhex wrote:
| You seem to agree there is some moral underpinning of the
| law - that simply because the law exists does not make
| the law moral.
|
| One of the hot topics currently is Anti-money laundering
| laws, AML. This is why large transactions are reported to
| government agencies, why you need proof of identity to do
| banking, etc.
|
| The flip side is that this makes it hard for refugees to
| get bank accounts. It means large donations to activists
| are recorded by the government. It means the government
| knows in great detail how you spend your money and that
| data is shared widely.
|
| Yet money laundering still persists. It is still a major
| problem. We have paid a great price and the problem is no
| better for it.
|
| Should we continue giving up more? Should we surrender
| even more to try and stop it?
|
| What if money laundering can't be solved? Money
| laundering has existed from ancient cultures to now. It
| has never been crushed. Some crimes are intractable - we
| can reduce but never prevent them.
|
| We can't go whole hog on security. Nobody can make you
| safe. Danger is an innate part of life that can only be
| partially controlled.
| 1337shadow wrote:
| For me there's a lot of contradiction within your own
| comment, but don't worry, I'll give you more than merely
| talk about its own contradictions.
|
| > We can't go whole hog on security. Nobody can make you
| safe. Danger is an innate part of life that can only be
| partially controlled.
|
| We can improve our security, the state has to make us
| safer, it is possible because danger can be partially
| controlled, which is exactly what you say.
|
| You also that laundering has never been crushed, and can
| only be reduced. I also agree with that, and because we
| can reduce it: it is our moral duty to do what we can to
| reduce it, giving up "because we can't crush it" is not
| an option for a person of honor.
|
| If this was just a quick trick to get me to tell my
| opinion about refugees in general, let me cut it short:
| https://news.ycombinator.com/item?id=29640944 And let me
| add to that: we can't keep on taking 400k a year in our
| little 67m inhabitants country, we already have enough
| troubble with those we have here (please don't ask me for
| solid evidence, or if you do, please do so in a dedicated
| comment)
|
| Anyway, very interesting comment indeed, I'll gladly
| discuss off-topic as I already have:
| https://news.ycombinator.com/item?id=29640299
|
| Of course, I could just burry it by calling it a
| _syllogism_ , "cheese has holes, holes are air and not
| cheese, as such, the more cheese you have the less cheese
| you have", but as you have figured, I'd rather face the
| game and risk myself than hide, in the worst case I will
| have learned something which is positive for my own
| development, more than whatever shame it can bring on me:
| it's a basic cost/benefit analysis.
|
| As a matter of fact, I found your comment so interesting
| that I've been discussing it with left leaning friends I
| met back when I was into AML, who are still active in it,
| the discussion being over I'm back to reply (an hour ago,
| I'm proof reading myself for once).
|
| First things first: AML's impact is _transversal_ , it
| has a lot more impact than you might think. It's the
| basic tool we have against _corruption_. And because it
| prevents crimes, "I will not take this shady deal
| because it won't bring me useful money", it's impossible
| to prove that crimes would have happened without it.
| While you can still measure it's impact on corruption,
| you'll say it's very hard to measure corruption, fine,
| that's true.
|
| But it turns out there is actually a lot of documentation
| about crimes that AML targets, the O'Mecanismo series
| describes what enormous corruption systems it fights, but
| you can read about how useful it is against THB
| (Trafficking in Human Beings) in the OSCE paper
| https://www.osce.org/files/f/documents/5/8/121125.pdf or
| the Arachnys case study if you're more into videos
| https://www.arachnys.com/webinar-identifying-human-
| trafficki...
|
| Mind you, there's more I want to disagree on in your
| comment. You're saying it "makes it hard for refugees to
| get bank accounts", I don't see this, at least, not in
| France which takes 400k so-called "refugees" per year,
| which is the equivalent of a city like Paris every 5
| years, which corresponds to the president mandate.
|
| I will just quote the law here: "Every person living in
| France, without a bank account, has the right to the
| opening of such an account in the bank of his choice or
| in our service", this is article L.312-1 of the Monetary
| and financial code of law. Even they can't, indeed, open
| a "normal" bank account, because they have burnt their
| own papers, say, because they are wanted by the police
| and want to go incognito, they can still open a "Livret
| A" where the minimal deposit and withdrawal is 1.5EUR
| https://www.ouest-france.fr/monde/migrants/demandeurs-d-
| asil...
|
| Then, the state (we, tax payers) even gives them
| 426EUR/month, or, ~850EUR/month if they are old enough,
| as stated by left leaning media:
| https://www.liberation.fr/checknews/2019/12/01/est-il-
| vrai-q...
|
| I'd like to conclude by "sorry", I'm sorry that it's a
| problem for your friends making "large donations" to be
| inspected by the state, but that's how it's going to be
| because we know now for a fact that it does happen that
| "activists" turn out to actually be human traffickers, a
| traffik that is worth ~10 billion USD per year, well, not
| all of them of course, there are also true activists, but
| these are in bed with the traffickers who tell them
| exactly when a boat leaves the coast, who knows if they
| don't get their share ?
| https://www.cnews.fr/monde/2021-03-15/migrants-un-
| rapport-po...
|
| And of course ... perdon my french! And thank you for the
| respectful discussion, always appreciated!
| [deleted]
| vasco wrote:
| If you wrote "think of the children" it'd have been less
| characters.
| 1337shadow wrote:
| I think this reply was meant for another comment?
| ashtonkem wrote:
| > A democratic state is elected by the majority, as such,
| the state should share the same definition as the majority.
|
| This is trivially falsifiable. Weed is still a federal
| felony, despite 60% support for recreational & medical use,
| and another 31% support for medical alone[0]. In fact
| opposition for legalization is now a trivial 8% of the
| population, which is basically nobody. There isn't even a
| party with majority support for keeping weed illegal
| anymore.
|
| If democratically elected states were guaranteed to
| eventually share the same definition as the majority, weed
| would have been legalized years ago for medical use. And
| yet, here we are.
|
| 0 - https://www.pewresearch.org/fact-
| tank/2021/04/16/americans-o...
| nopcode wrote:
| It is explicitly banning e2e encrypted services or devices.
| 1337shadow wrote:
| What makes you think that?
| ttybird2 wrote:
| We talked about this already
| https://news.ycombinator.com/item?id=29639005
| nopcode wrote:
| Because I read the draft. > ... it is
| prohibited to provide a device or service that hinders the
| following: ... eavesdropping and recording of non-public
| communications.
| 1337shadow wrote:
| "by the state"! Which can also, have a cryptographic key,
| not with 123password
| thecopy wrote:
| ... for now.
|
| I am very pleased to see that the _current_ administration came
| to their senses and listened to reason. However, this is a fight
| i am afraid we will always have to fight over and over again
| unless right to encryption is codified in EU constitution or a
| similar document.
| snarf21 wrote:
| Agreed, I think we need to change the narrative to get the
| politicians to "get it". Instead of all the talk about
| protecting us from __________ (random evil), we need to
| highlight the consequence of these plans. We need journalists
| to ask politicians to hand over their unlocked phones with the
| "promise" that they won't share anything they learn. That is
| what these backdoors would enable. We need to make them
| understand the downside because all "save the kids" will always
| have public support.
| hellojesus wrote:
| I don't think encryption backdoors will ever be enforceable,
| even if it becomes a legal requirement. What's to stop someone
| from just doing it anyway if we use protocols that allow for
| plausible deniability?
| trompetenaccoun wrote:
| Even constitutions only offer very limited protection. There
| was a recent case in Germany where the government simply
| ignored the ruling of the supreme court (Federal Constitutional
| Court). And keep in mind that this is the government with
| leading influence on the EU. I don't know about everywhere else
| but at least in Europe rule of law isn't as strong as people
| assume.
| throw10920 wrote:
| The US constitution also offers limited protection - it's
| subject to interpretation by judges, and re-interpretation by
| a growing body of people who think that it "needs to be
| updated" and "is a living document" and "is not absolute".
| Your fight for your rights will never end, as evil people
| will _always_ be elected to office. Just because your
| officials are not literally Hitler doesn 't mean that they
| won't be trying to infringe upon your rights.
| wbsss4412 wrote:
| It's normal for interpretation to change over time as the
| society within which we live changes.
|
| You'd likely be disappointed by the 18th century
| interpretation of the first amendment, for example.
| netcan wrote:
| If it's a "fight over and over" situation, the ratcheting
| dynamics are important.
|
| IE, "we" need to walk away from a win with something more than
| "status quo defended." Otherwise, the situation is "hold ground
| until we fail."
| prof-dr-ir wrote:
| Article 7 of the Charter of Fundamental Rights, which was
| adopted with the Lisbon treaty, reads (in its entirety):
|
| "Everyone has the right to respect for his or her private and
| family life, home and communications."
|
| On the short term a change to the treaties of the Union is not
| realistic, in my opinion. So I am afraid we might be stuck with
| having "to fight over and over again", using the above as a
| foundation. I guess I think of it as educating the politicians.
|
| Fortunately the pro-privacy voices in the EU seem loud enough.
| For example, in this case the Belgian national privacy
| authority had already complained about the proposed law. And
| Germany seems to have adopted the right to encryption in its
| latest coalition agreement.
| 1337shadow wrote:
| > I guess I think of it as educating the politicians.
|
| What about the other way around? What makes you think it's
| not police hackers who value privacy just like us, and who
| strive to protect us, who requested this to politicians? That
| seems more likely.
| mytailorisrich wrote:
| Yes, but this article of the Charter (and other laws) does
| not prevent lawful interception.
|
| This is the crux of the issue: the so-called "pro-privacy"
| camp wants _absolute_ privacy of communications.
|
| Law enforcement and intelligence services are not against
| privacy, they are against systems that provide _absolute_
| privacy because these systems prevent even lawful
| interception.
|
| Voice calls on your smartphone are private but may be
| lawfully intercepted. This is so because mobile networks are
| in the hands a few licensed and heavily policed operators. On
| the other hands, we've reached a point where it is simple to
| develop and publish software apps that allow anyone to
| communicate in a way that is impossible to intercept as far
| as we know.
|
| This is not a simple issue. There is a valid concern but at
| the same time the potential ways to address it (e.g.
| backdoors, etc) are not very satisfactory.
| vasco wrote:
| There's no such thing as kind of private. Either you cannot
| decrypt private citizen communications or you can. And if
| you can for any reason you also can for no reason at all.
| buran77 wrote:
| The problem with "lawful"-whatever is that the lower the
| apparent impact on the target, the wider the net that is
| thrown. So the tool ends up having an outsized impact on
| the innocent rather than the guilty. Unlike the lawful use
| of a firearm by law enforcement officers, lawful decryption
| of data when an innocent person is targeted is a "safe",
| "victimless" abuse.
|
| Imagine the uproar if a person being shot and killed during
| a court approved raid turns out to be completely innocent.
| Now imagine the silence when the same person just has their
| private chats or nude pics decrypted and seen by
| investigators.
| GekkePrutser wrote:
| Exactly.. That argument died when dragnet surveillance
| and secret courts were introduced.
| tata71 wrote:
| We're still here, fighting.
|
| The right to a private home is the most basic right a
| creature is compelled to protect.
| matheusmoreira wrote:
| It should be as hard as humanly possible for them to
| intercept anything. They cannot be trusted with that power.
| They should have to literally move mountains in order to do
| it.
| [deleted]
| bitcharmer wrote:
| Came to say this. It's only temporary victory, sadly.
|
| The efforts to ban encryption won't stop here.
| randomNumber7 wrote:
| > The efforts to ban encryption won't stop here.
|
| How is this supposed to work? Can't the bad guys just send
| each other encryped emails anyway? Or hack together some
| peer-to-peer messenger?
| jhgb wrote:
| Time for all companies to stop providing online services in
| Belgium, then.
| ben_w wrote:
| Right after winning a battle is the worst possible time to
| give up.
| scrollaway wrote:
| The above applies to every single country in the planet.
| Time for all companies to stop providing online services
| anywhere period?
|
| We need actual workable ideas, not empty statements. It
| _is_ frustrating that this fight doesn 't end. If you have
| real suggestions, I'd like to hear them.
| jhgb wrote:
| Well I'm not aware of any such efforts in my country. I
| thought the comment above about "the current
| administration" was about Belgium.
| scrollaway wrote:
| Which country is that? You probably haven't dug deep. If
| you live anywhere in north america, the EEA, china,
| russia, india or australia, then I'm aware of such
| efforts and I don't exactly follow this closely. I just
| live in Belgium...
| jhgb wrote:
| I'm Czech. I'm _really_ not aware of any "efforts to ban
| encryption", and given our history with the StB
| (https://en.wikipedia.org/wiki/StB), local population
| _really_ wouldn 't react well to that. I just don't see
| any possible parliament composition willing to pass a law
| along any such lines.
| scrollaway wrote:
| You're affected by EU-wide encryption-related laws and
| discussions. The EU is less insane than the US on that
| front, but issues like this still appear once in a while,
| and have to regularly be defeated...
| jhgb wrote:
| As I said, the chances of anything like this being
| adopted on a national level are virtually zero. Good luck
| to any such directive coming from Brussels. Hell, I
| wonder if this couldn't trigger yet another
| constitutional amendment like the last one if it comes to
| that.
| ben_w wrote:
| Encryption is necessary for the entire modern economy, but also
| worthless when keystrokes can be remote-sensed, faces and other
| biometrics generated by the same AI that scan for them, and
| displays can be Van Eck phreaked.
|
| Our near-term future has both unbreakable encryption and
| omniscient surveillance in the hands of low-budget and non-
| technical people, and in a fight between the two, surveillance
| wins.
|
| I don't know where the world goes from here, but I'm confident
| the status quo won't be for much longer.
| eitland wrote:
| Everytime something good happens someone have to come up with
| something to make our efforts seem hopeless.
|
| I'll say our efforts are not without hope for now.
| bnjms wrote:
| Is Van Eck phreaking really a concern since moving from CRT?
| I know there is a paper showing it was possible for CRT but
| it seems impossible now. It would be easier to install a
| custom cable to wirelessly send the display currently.
| Kerbonut wrote:
| https://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf
|
| Electromagnetic Eavesdropping Risks of Flat-Panel Displays
| IG_Semmelweiss wrote:
| Faces and biometrics are finding a formidable opponent in one
| of the positive externalities of COVID:
|
| Masking.
|
| Masking has effectively been normalized in the western world
| thanks to COVID. Masking is a huge win for a free society.
| Before COVID, it was actually illegal to hide your face in
| some US States and many countries [1]
|
| Mask + sunglasses, and you should be effectively anonymous in
| public.
|
| https://en.wikipedia.org/wiki/Anti-mask_law
| frabbit wrote:
| It's interesting how the most apparently compelling
| arguments that were made against people wearing masks turn
| out to be false in practice. I can think of two categories:
|
| 1) the claim that the wearing of masks would impede law
| enforcement, including the passing of statues especially
| against masks on demonstrations
|
| 2) the claim that Muslim women wearing full religious head
| coverings could not be tolerated in public spaces because
| it was obvious that it would make it impossible to judge
| the mood or other psychologically important signals
| normally exchanged in public
|
| None of this seems to have been true. Sure, there probably
| is some small validity to some aspects of those claims, but
| they seem to have been hugely exaggerated.
| stef25 wrote:
| Finally someone brings this up. Here in Belgium the rules
| around Islamic headdress were addresses by a law that says
| nobody can cover their face in public except during
| carnival and when riding a motorbike (full face helmet),
| thereby avoiding any explicit references to religion
| (unlike in France where it caused a sh*tstorm)
|
| I was waiting for the anti mask crowd to challenge mask
| wearing in court by citing this law.
|
| No idea if it's been amended or not. But it definitely used
| to be illegal to cover one's face.
| jjulius wrote:
| >Mask + sunglasses, and you should be effectively anonymous
| in public.
|
| Until you start looking at things such as height + weight +
| gait.
| scohesc wrote:
| Would something like gait be easy to fake - just being
| aware of how you walk... Putting a thumbtack in your
| right foot, or something along those lines?
| xboxnolifes wrote:
| Yeah, I feel like people either overlook or underestimate
| the uniqueness of a person's gait. I feel the only issue
| with it is collecting the information on it, as it
| requires more than just a picture.
| stef25 wrote:
| Still a bit more difficult to implement than facial
| recognition, which is now trivial to set up with AWS
| Rekognition. Even Photoprism does a great job.
| ben_w wrote:
| Facial recognition for bucketing photos is much easier
| than for biometric security. Both might still be easy
| these days (I wouldn't know, I am not as in the loop for
| AI as I'd like to be), but the former was good enough at
| least a decade before people seriously used the latter.
| jack_pp wrote:
| Except remote sensing keystrokes isn't as scalable as mass
| intercepting unencrypted network traffic
| 1337shadow wrote:
| But you don't _need_ that, you 'd only get too much
| information you don't need. You need to intercept _suspect_
| network traffic only, otherwise you 're most likely to fail
| to find anything useful at all.
| BrazzVuvuzela wrote:
| Quantity has a quality all of it's own. Wiretaps against a
| specific individuals is a lot different than dragnets
| covering an entire nation.
| danuker wrote:
| Indeed, you would need a rootkit in each target, logging
| and transmitting the keys. Something like a proprietary
| instant messaging client or keyboard application.
| angelbar wrote:
| 19870213 wrote:
| Remote sensing in this case is listening to the
| individual sound a key makes when pressed by the victim,
| and wear on the keys means that frequently used keys
| (such as 'e' or the space bar) would make a slightly
| different sound than the other keys, as does the
| hand/finger position used to press a key.
| mtgx wrote:
| AdrianB1 wrote:
| They fought against a law and changed one article. "They fought"
| but there were many others in that fight. The article is very
| poorly worded, I guess they contributed to a change in the law
| but not repealed the law (like the title suggests) and they were
| not the major contributor. They need a better writer.
| HanaShiratori wrote:
| Well tutanota is a small company with around two handful
| employees afaik, I'd assume their budget for maintaining their
| blog is very limited. Obviously they use their own media
| channels to portrait themselves as positive as possible,
| nothing wrong with that in my eyes. It's not that they were
| spreading any lies or so
| [deleted]
| BlueTemplar wrote:
| Meanwhile there's a high likelihood that there's a backdoor in
| the Intel processors (and maybe now also AMD ones ?) that was put
| there by the NSA... and hardy anyone seems to care ?
|
| https://blog.invisiblethings.org/2015/10/27/x86_harmful.html
| themitigating wrote:
| This seems to be talking about bugs that could be exploited. If
| there was evidence for a backdoor then it would be global news.
|
| You might believe there's a backdoor but unless you can prove
| it what do you want people to do?
| generalizations wrote:
| > bugs that could be exploited
|
| That's how you hide a backdoor in open source software.
| smoldesu wrote:
| Those MINIX cores have been a subject of scrutiny for many
| years, just not by the people who you'd encounter in your day-
| to-day. There are definitely people who care, but they've
| basically started waving the white flag at this point. Pretty
| much every modern CPU (as well as the software running on it)
| has some degree of government oversight/intervention, trying to
| circumvent it is a hobbyist effort, and an often unsuccessful
| one at that.
| 1337shadow wrote:
| cr3ative wrote:
| This can't possibly be a good faith comment.
| 1337shadow wrote:
| Because we should all think like you? Not me, I'm dissident
| from your mainstream ideologies, but have been fighting on
| your side for ~15 years ;)
| najqh wrote:
| I disagree with him, but he makes a solid point, and many
| people think like him.
|
| HN is enough of an echo chamber as it is, don't make it
| worse.
| ben_w wrote:
| The article says:
|
| """The main criticism was that it is simply impossible to
| rule out that a backdoor - once it is built - is abused by
| criminals or undemocratic regimes. A lowering of the
| security level would immediately affect all users - and not
| just those who are the subject of a judicial
| investigation."""
|
| The comment says:
|
| > I'm glad you're keeping safe dealers, pedophiles, and
| other criminals as well as their lawyers.
|
| This does not look like a solid point to me; it looks like
| rhetoric.
| 1337shadow wrote:
| Citing two different passages from the article:
|
| > This draft included a passage that would have forced
| companies such as WhatsApp and Signal to decrypt their
| encrypted chats upon request by the authorities for
| criminal investigation.
|
| > Belgian intellectuals like Professor Bart Preneel said
| that "by putting a backdoor into Whatsapp, you would make
| it less safe for everyone".
|
| This does not look like a solid point to me; it looks
| like rhetoric. Anyway:
|
| > a backdoor - once it is built - is abused by criminals
| or undemocratic regimes.
|
| If they can get their hands on a governmental private
| key, which is unlikely.
| throwaway675309 wrote:
| Just by virtue of providing the possibility of keys to
| the "Proverbial kingdom" and centralizing location of
| those keys gives far greater incentive for hackers or
| state actors to find new ways to gain access to these
| tools for decryption.
| 1337shadow wrote:
| Yes, but we can always revoke them and generate new ones?
| ben_w wrote:
| What economic damage can be done in the interval between
| a private key being accessed by a criminal and the key
| being revoked?
|
| Depends on the systems connected to the private key of
| course, but billions per incident are certainly possible
| in some cases.
|
| Even if this is just private chat on messenger platforms
| rather than 2FA or HTTPS, imagine how blackmailers would
| respond to getting all the nudes, the drunk confessions,
| the adultery, from 30 minutes access to all of the 10th
| most popular chat app in your country.
| piaste wrote:
| > If they can get their hands on a governmental private
| key, which is unlikely.
|
| But those private keys aren't going to be created by the
| government. They will be created by Facebook, Signal,
| Telegram etc., who will then hand over one of them to my
| government, one to yours, and one to each and every
| government that makes a similar law, from Argentina to
| Zimbabwe. And they could just as easily hand over another
| to <insert billionaire or other non-governmental figure
| you dislike here>.
| 1337shadow wrote:
| Ahah! Exactly, you have figured what _I_ would have
| requested to specify in this bill!
| ben_w wrote:
| > If they can get their hands on a governmental private
| key, which is unlikely.
|
| Why do you believe this is unlikely?
| 1337shadow wrote:
| Because I know how state security works.
| ben_w wrote:
| I see.
|
| Then perhaps you can explain why so much stuff leaks
| from, say, the USA government?
|
| Not just the stuff from government employees or
| contractors like Snowden and Manning who appear to be
| motivated by whistleblowing, but also the actual double
| agents working for the Soviets in the Cold War, and the
| apparently accidental leaks of NSA spyware:
| https://en.wikipedia.org/wiki/EternalBlue
| ttybird2 wrote:
| Isn't this what happened with some european "digital
| covid certificates"? Not really unlikely.
| 1337shadow wrote:
| Not afaik, people have just been sending screenshots of
| their QR codes to each others, and the people
| "validating" just have to "scan and see Valid".
| natch wrote:
| The NSA leaked its own hacking tools to the internet.
| Oops.
|
| The US government gave... gave, not leaked, not
| accidental, deliberately outright gave.. the identities
| and other personal information of people who had worked
| with the US in Afghanistan to none other than the
| Taliban. Because the Taliban pinkie promised not to
| slaughter them. Too bad, the Taliban didn't keep its
| word.
|
| Let's not be naive about the government's ability or
| interest in keeping things private.
| 1337shadow wrote:
| Who's the problem here? The government or the talibans?
| Sorry it's not really clear what you mean.
| mrkentutbabi wrote:
| What is your reasoning?
| 1337shadow wrote:
| That this reduces security for honest citizen, because it
| makes it harder to find evidence against criminals.
| inglor_cz wrote:
| Having right to an attorney also makes it harder to convict
| criminals, but the trade-off is still worth it.
|
| A world without strong crypto is a world where all kinds of
| records and communications are mercilessly exploited by
| entire armies of bad actors, some of which may sit ten
| timezones away from you. It is like having your home or
| business open to the entire 8 billion people out there.
| alpaca128 wrote:
| Police can't even catch terrorists before an attack despite
| getting warnings from foreign countries and having the
| suspects on a list. What makes you think that they'll gain
| anything from an encryption ban when law enforcement is
| already complaining today about their inability to make
| sense of the surveillance data they're basically drowning
| in.
| nopcode wrote:
| This is mainly to catch drug cartels.
| 1337shadow wrote:
| It's not even an "encryption ban law", that's fake news.
|
| > the proposed passage that would have forced companies
| to decrypt encrypted data upon request by the authorities
| got removed from the draft law.
| piaste wrote:
| Secure E2E encryption makes companies unable to decrypt
| encrypted data upon request.
|
| Therefore, a law forcing them to decrypt encrypted data
| upon request necessarily makes it illegal to implement
| secure E2E encryption. QED.
|
| (If the law only allowed them to share with the
| government data that was _already_ decryptable by third
| parties, that would be a different matter. That 's what
| happened to Tutanota in Germany: the tribunal ruled that
| they had to allow the police to access messages sent as
| cleartext, but they could not be required to put a
| backdoor in their E2E clients.)
| nopcode wrote:
| "E2E encryption ban" != "encryption ban"
| alpaca128 wrote:
| I think it's clear we're talking about effective, secure
| encryption, and that means E2E. Faulty implementations
| are technically an exception, but I don't think you can
| argue with that in good faith.
| piaste wrote:
| Semantics. E2E is necessary against a wide array of
| threat models and is a fundamental part of what can be
| considered 'pretty good privacy' by 2021 standards (pun
| intended).
|
| If a government, possessing a working set of quantum
| computers, chose to ban post-quantum crypto algos only,
| by the same semantics it could be argued that it would
| not be a general "encryption ban" either.
| MaKey wrote:
| Well, criminals would still use encryption even if it was
| banned because they are...criminals.
| 1337shadow wrote:
| Not if we catch them before they learn the lesson!
| unionpivo wrote:
| sure you catch a few, then everyone gets wise, but law
| will be on the books
| AdrianB1 wrote:
| It is not a zero sum game.
| adgjlsfhk1 wrote:
| I personally like being able to connect to a bank online
| without criminals being able to hack the connection.
| 1337shadow wrote:
| This is what they are talking about:
|
| > a passage that would have forced companies such as
| WhatsApp and Signal to decrypt their encrypted chats upon
| request by the authorities for criminal investigation.
| inglor_cz wrote:
| That is done with backdoors.
|
| The bad property of backdoors is that they can be
| discovered and used by other people, not just the ones
| that have the correct badges.
|
| I definitely do not want the Russians, the Chinese or
| that infamous Israeli private corporation to read my
| messages at will.
| 1337shadow wrote:
| And you'd rather have criminals that we can't catch
| because evidence is encrypted running around in the same
| streets as your children? Nobody's saying this law was a
| silver bullet.
| ttybird2 wrote:
| _" evidence is encrypted running around in the same
| streets as your children?"_
|
| What?
| adgjlsfhk1 wrote:
| yes.
| piaste wrote:
| For one, the kind of psychotic violent criminals that
| might assault random children in the streets are unlikely
| to get caught thanks specifically to cyber-surveillance.
|
| I am perfectly comfortable with having my children run
| around in the same streets as people selling drugs or
| stolen credit card numbers online.
|
| But to address your point less literally - "it might make
| it easier to catch criminals" is an _extraordinarily_
| weak justification for compromising the privacy of
| BILLIONS of citizens (WhatsApp, sadly, runs most of the
| personal communications in vast swathes of the world).
| inglor_cz wrote:
| Most crimes leave a lot more evidence than just
| communication; physical illicit stuff, suspicious money
| transfers, blood, witnesses.
|
| The only exception I can think of is distribution of
| child porn. Everything else has a massive real world
| trace that can be used to convict the perps.
| yibg wrote:
| I think you need some data to support your argument here.
| How many criminals go unpunished because information can't
| be decrypted? What is the real cost to society because of
| lack of backdoors?
| bmcn2020 wrote:
| What makes you think it will only be used against
| criminals?
| 1337shadow wrote:
| Because there are so many of them we don't have time to
| bother honest citizen, except on the road but that's for
| the money :)
| ttybird2 wrote:
| More like they ignore dangerous criminals in order to
| focus on inconvenient "honest" citizens.
| adgjlsfhk1 wrote:
| you're assuming people working at the NSA would rather
| catch criminals than look at people's nudes. That
| assumption, unfortunately has been proven incorrect.
| piaste wrote:
| > Because there are so many of them we don't have time to
| bother honest citizens
|
| Can I come and live on your planet? It sounds very nice.
| Bjartr wrote:
| Is the bottleneck on improving security a lack of evidence?
| angryfeller wrote:
| Let's give up all our rights and live like cattle in a field,
| sure...
| krono wrote:
| Would it also be acceptable for the state to dictate how we
| store our bananas at home (pedophiles eat them too), what font
| we use in our greetings cards (terrorists also send birthday
| cards), or with which hand you are to wipe your arse (even Ted
| Bundy pooped)?
|
| Citizens should not be treated or approached as enemies of the
| state by default.
| charcircuit wrote:
| >Citizens should not be treated or approached as enemies of
| the state by default.
|
| They aren't under these types of laws. Typically the
| government would need to get a warrant first before this is
| possible. You don't have to let them be able to read your
| messages by default.
| krono wrote:
| That's a fair point. The nature of encryption complicates
| this slightly though.
|
| If the purpose of encryption is to make data unreadable,
| but a back-door exists that allows anyone with access to it
| to bypass the encryption, can the data ever really be
| considered unreadable?
| charcircuit wrote:
| >but a back-door exists that allows anyone with access to
| it to bypass the encryption
|
| The trick is you don't do that. Ideally you would only
| want people with a valid warrant would be able to also
| decrypt the message (bypass the encryption). So the
| problem is that you want to design a system where this is
| possible. Perhaps it takes the cooperation of someone
| from the government and someone from within the company
| to verify the warrant. Perhaps you have a list of people
| who need to cryptographically sign the warrant.
| krono wrote:
| It must in no way be possible for any of these companies
| to ever run a non-verified decryption mechanism on any
| single server, computer, or other type of device.
|
| There are so many moving parts to manage, infinite
| possibilities for abuse, and it would require an absolute
| massive amount of trust in companies with numerous
| convictions for abuse of precisely that.
| 1337shadow wrote:
| I disagree, I believe that we can still have encryption
| and catch criminals based on encrypted communications.
| AdrianB1 wrote:
| Don't laugh about bananas, there are already several
| regulations for it.
|
| https://www.europarl.europa.eu/unitedkingdom/en/news-and-
| pre...
| 1337shadow wrote:
| Let's legalize guns and drugs then! and party!
| krono wrote:
| Guns exist solely to hurt or kill, there isn't much else
| you can do with them that's legal.
|
| Drugs, I believe some of them probably should be legal.
| 1337shadow wrote:
| Actually, shooting is a sport that isn't meant to hurt or
| kill. Drugs are great for society, doesn't matter how
| much they hurt and kill.
| krono wrote:
| That's precisely why both are available in a highly
| regulated fashion rather than completely outlawed.
| 1337shadow wrote:
| That's exactly why the law was _not_ outlawing encryption
| _at all_ :
|
| > the proposed passage that would have forced companies
| to decrypt encrypted data upon request by the authorities
| got removed from the draft law.
|
| I guess the article is pretty confusing.
| krono wrote:
| This disproportionately affects all encrypted data.
|
| Also, I imagine a lot of non-nefarious encryption is done
| to hide data from the same entities that would be in
| control of the proposed back-door.
| ttybird2 wrote:
| It is outlawing end-to-end encryption instead.
| 1337shadow wrote:
| What makes you think that?
| ttybird2 wrote:
| This: _" > the proposed passage that would have forced
| companies to decrypt encrypted data upon request by the
| authorities"_
| 1337shadow wrote:
| This is not against encryption, this is about decryption
| of encrypted data upon request by the authorities.
| psyc wrote:
| Here is the Wikipedia article. The answer is in the very
| short intro.
|
| https://en.wikipedia.org/wiki/End-to-end_encryption
|
| You're very active in this thread and making quite
| strongly opinionated statements. Probably worth a quick
| read.
| 1337shadow wrote:
| > End-to-end encryption is a system of communication
| where the only people who can read the messages are the
| people communicating.
|
| That is not a technical explanation.
|
| We can still have encryption on both ends of a
| communication, and at the same time have suspects using
| two keys instead of one to encrypt. We can encrypt a
| message for multiple users with GPG, why couldn't we
| here? As far as I understand E2EE still works, except
| that users suspected of a felony would also have the
| state key in their encryption, that doesn't mean removing
| other keys!! Which we should definitely _not_ do because
| we do _not_ want to compromise the privacy of innocent
| people!!
| ben_w wrote:
| I recall China fought a war against the British
| specifically because the latter wanted to sell a drug
| which was _terrible_ for society to the former.
| 1337shadow wrote:
| Yes, I'm sorry I thought my second sentence was so stupid
| it would not be taken seriously...
| mellavora wrote:
| Except that shooting sports have been in the Olympics
| longer than just about any other sport.
|
| It is a great form of meditation; for an analogy I refer
| the curious to "Zen and the Art of Archery"
|
| And many of my friends are hunters. This is a nice way to
| put food on the table. Esp with deer populations not
| having much other control on them since we got rid of
| most of the other large predators.
| angelbar wrote:
| wnoise wrote:
| If you're going to attempt a reductio ad absurdam, the end
| position actually needs to be absurd. For drugs, I would
| assume legalization is the median position in this forum.
| Guns are more complicated, but there are definitely a lot
| of posters that think they should be legal.
| 1337shadow wrote:
| Just make sure that all your drug users do actually
| dismantle their guns before they take any! People are
| responsible as we all know, especially in our modern
| society where we value our own individuality above
| society, ie. "I can use drugs safely every once or twice
| a year, as such I want it easier for me to get some, and
| that's why I'm asking to make it legal for everybody, no
| matter the disaster we know drugs cause on a society".
| It's indeed exactly the same, "I want to hide my messages
| with my mom from my government so I will fight to prevent
| the government from being able to decrypt any message at
| all no matter the basis of the court order, no matter how
| many children have been raped or killed, I value my own
| freedom above security of society".
|
| Basically, "the victims don't matter as long as I'm
| fine".
| ttybird2 wrote:
| _" Basically, "the victims don't matter as long as I'm
| fine"."_
|
| The victims here are these that get arrested for the
| victimless crime of taking drugs. A society is less
| secure if anyone who takes drugs runs the risk of being
| arrested.
|
| Also loving the unrelated "think of the children"
| argument.
| 1337shadow wrote:
| Why would you be arrested for taking drugs? Because
| you're driving on drugs perhaps?
|
| The "think of the children" argument is based on personal
| experience, mind you, I sincerely hope for you that you
| will never understand the relation, ever.
| ttybird2 wrote:
| _" Why would you be arrested for taking drugs?"_
|
| Because it's illegal?
|
| _" The "think of the children" argument is based on
| personal experience, mind you, I sincerely hope for you
| that you will never understand the relation, ever."_
|
| 1: I doubt it
|
| 2: You too, I hope that you (or your children!) will
| never be prosecuted for a victimless crime.
| 1337shadow wrote:
| If you take drugs at your home and don't cause any
| incident, there is absolutely 0 chance that you get
| arrested. The idea is not to have a camera in everyone's
| home to send the police every time someone takes a drug,
| the idea is to punish people who get caught taking drugs
| because they are causing incidents, such as car
| accidents, or highly risking to, such as driving after
| consuming drugs.
|
| Same with this law: if you're not seriously suspected of
| any felony then the state will not be able to request
| decryption of your data.
|
| I'm sorry to say my children and myself have suffered
| from a criminal that took years to catch, I hope we will
| fully recover one day but sincerely doubt it, but I'm
| glad this makes you laugh at least that makes two people
| laughing about it.
| ttybird2 wrote:
| _" The idea is not to have a camera in everyone's home"_
|
| The funny thing is that this is basically what this and
| any other anti-e2ee regulation is about.
|
| _" If you take drugs at your home and don't cause any
| incident, there is absolutely 0 chance that you get
| arrested."_
|
| Yet it is still illegal and people are still being
| arrested for ordering drugs and producing their own, how
| curious.
|
| _" my children and myself have suffered from a criminal
| that took years to catch"_
|
| Did that criminal use drugs or end-to-end-encryption?
|
| Responding to your edit:
|
| _" Same with this law: if you're not seriously suspected
| of any felony then the state will not be able to request
| decryption of your data."_
|
| We both know that this is simply not true.
|
| _" but I'm glad this makes you laugh at least that makes
| two people laughing about it."_
|
| Not laughting, and if it is true I hope that you recover.
| I am just (hopefully understandably) a sceptic when it
| comes to anecdotes in this sort of arguments.
| 1337shadow wrote:
| > The funny thing is that this is basically what this and
| any other anti-e2ee regulation is about.
|
| Because you refuse to understand that we only want
| suspect communications, not all of them, and also that we
| don't want to break encryption to acheive that because
| the person might as well be innocent.
|
| > Yet it is still illegal and people are still being
| arrested for ordering drugs and producing their own, how
| curious.
|
| You won't until there is a problem that alerts the
| authority.
|
| > Did that criminal use drugs or end-to-end-encryption?
|
| Yes and yes, add much more.
|
| > We both know that this is simply not true.
|
| I disagree.
|
| Anyway, I've been prosecuted on wrong basis myself, and
| got out winner, I'm not affraid this is going to change.
| I trust my state, my police, my judges, who are
| independent and who will have to issue a mandate based on
| serious suspicious before they read my communications.
|
| Because, that's how present reality works.
| skinkestek wrote:
| Agree! Legalize drugs and strong crypto and guns.
|
| Earlier I was against legalizing drugs but I have come to
| my senses there too, but the last 80 or so years has proven
| that there is only one group that benefits from drugs being
| illegal in the long run: the criminals.
|
| As for guns, yes just like with insurance we pay, but
| compared to the alternative it is a small cost.
| rpmisms wrote:
| ...yes. As long as neither of those things are used to harm
| another person, this should be legal.
| 1337shadow wrote:
| Actually, they kind of are. I mean, if you have a gun and
| use it to shoot cans in your backyard, or that you take
| drugs and stay home, or go out but don't drive, don't
| attract attention on you, don't cause any problem, are
| you even going to be arrested? You have no idea how busy
| the police is with actual criminals.
|
| I'm not saying we shouldn't do illegal things that don't
| harm others, I'm saying we should catch criminals who
| actually do harm.
| rpmisms wrote:
| > I mean, if you have a gun and use it to shoot cans in
| your backyard
|
| Most of Europe will send you straight to jail. Several
| states in the US will as well. It's disgusting.
| C19is20 wrote:
| ...currently wondering how many people have started replies to
| this, and then thought "aaaaah, fuck it" and deleted them.
| ...more than once.
| tiku wrote:
| You probably also believe crypto is used by those people
| exclusively..
| 1337shadow wrote:
| What makes you think that exactly? I believe these people
| cause damage, often irreversible, and that crypto protects
| them. A proper cost/benefit study has not been taken here
| IMHO!
| raxxorrax wrote:
| You compromise liberties of non-criminals. We have taken a
| while to understand that it is better to let someone guilty
| unpunished than it is to punish an innocent. I don't want
| to reiterate the reasoning behind this here.
|
| It would be two or three steps back if we just ignore this
| awareness here additionally to all the constitutions that
| forbid surveillance in the first place.
|
| Aside from the chilling effects from surveillance and state
| abuse, there are just no real arguments for surveillance.
| Sexual crime happens mostly in the circle of the victims,
| mass surveillance is a completely incompetent approach to
| the problem space.
| 1337shadow wrote:
| > it is better to let someone guilty unpunished than it
| is to punish an innocent
|
| Which is exactly what the law was for: to make it easier
| for enforcement to get more evidence.
|
| This has nothing to do with mass surveillance:
|
| > This draft included a passage that would have forced
| companies such as WhatsApp and Signal to decrypt their
| encrypted chats upon request by the authorities for
| criminal investigation.
|
| As such, I don't understand your point at all, sorry.
| alpaca128 wrote:
| Encryption protects everyone. Banning encryption is futile,
| make it illegal and the next day I'll transmit messages
| using steganography and other tricks. It would be about as
| effective as the war on drugs - the only winners would be
| the criminals making money from it.
| charcircuit wrote:
| >Banning encryption is futile
|
| Stop clasifying these kinds of laws as banning
| encryption.
|
| We should be striving for designing cryptographic systems
| which allow for governments to be conditionally able to
| decrypt messages.
|
| From what I understand these laws typically apply to
| messaging platforms and not you just plainly transmitting
| a message to someone.
| ttybird2 wrote:
| _" We should be striving for designing cryptographic
| systems which allow for governments to be conditionally
| able to decrypt messages."_
|
| No, we really shouldn't.
| alpaca128 wrote:
| > systems which allow for governments to be conditionally
| able to decrypt messages
|
| Make a backdoor for the government and all organized
| crime will also have a backdoor and it'll turn any
| encryption into a security-by-obscurity model. It would
| be just like those TSA locks which now anyone can open
| because all the universal keys are public. And such
| powers will be abused by the government & police as well.
| It's inevitable, that's very clear from what already
| happens with current surveillance laws.
|
| Backdoor means broken encryption, period.
| ninjanomnom wrote:
| This has been discussed in many ways before but I'd like
| to try to phrase it my own way.
|
| When police get a warrant to search your home, after they
| are done you can get a new lock and recover anything
| taken as evidence eventually.
|
| When an investigation gets permission to surveil you,
| it's a temporary affair and records can be stripped of
| irrelevant personal data before any sort of release or
| duplication.
|
| Even in the best case scenario, encryption is used in
| cases where incidental damage cannot be recovered from
| like above. Encryption is an attempt to restrict an
| easily accessible, indefinite lifetime, and infinitely
| duplicatable piece of information to only be meaningful
| to intended owners.
|
| Let's imagine a very generous scenario, a chat program
| has encrypted chat such that every message can be
| unlocked with either the participants' keys or a unique
| key per message stored and kept safe by the service
| owner. Law enforcement can request chat logs and the
| service can return them the keys needed to read the
| requested logs from the interval specified.
|
| Similar to the second scenario above it is possible after
| the investigation to cleanse the records law enforcement
| has, but in this case they are not the primary or
| secondary source of that information and cannot ensure
| that all records are permanently safe from outside
| parties. Anyone can easily get copies of the encrypted
| versions of communication done over the internet with
| minimal effort, this means someone can hold on to
| encrypted information in massive dumps and await
| inevitable breaches in company security that
| retroactively reveal all previous communication.
|
| This is the best case scenario, it completely ignores
| things such as how any investigation is one day
| inevitably going to be a malicious actor. I don't mean
| whatever group of people are in charge right now going
| bad, I mean how all countries/groups inevitably change
| over time for better or worse. If a bad actor is in a
| position of power for even a moment, they can
| retroactively spy on you at all points in the past you
| use a weakened encryption. Imagine an extreme vegan
| political group making eating meat a crime punishable by
| death even if in the past. Your chat logs about going for
| burgers are easily accessible. Or similarly a retroactive
| law against abortion.
|
| In the case of well encrypted chat, only the participants
| have control over the keys and if you want to be sure
| something is gone you can discard the key. This is no
| longer the case for encryption with a backdoor.
| 1337shadow wrote:
| Thanks, I understand your arguments and have held them
| for ~15 years, I have changed my mind: I don't believe
| "any investigation is one day inevitably going to be a
| malicious actor", that could happen with any kind of
| evidence anyway, encrypted evidence is no exception, I
| also don't believe about retroactive laws like that, and
| I do want something to be done about the thriving
| criminality, because I don't want protection from what
| could happen if reality became scifi, I want protection
| from the threats we are actually facing in the present
| reality. That said, your comment reflects an above
| standard kindness which I deeply appreciate.
| 1337shadow wrote:
| Yes you will, but most criminals won't, that's my point.
| It's exactly like legalizing guns.
| dragonsky67 wrote:
| I'm amazed that people always seem to link restriction on
| encryption and guns.
|
| Encryption has a legitimate use in normal society, guns
| (apart from sport) are a tool applicable to a specific
| subset of society, easy to misuse or accidently use with
| extreme consequences.
|
| I know (personally) of a number of cases where people
| have been killed accidently by guns, and more where
| anger/emotion has caused things to get out of control.
| This is not something that happens with encryption.
|
| Simply said, they are not the same thing, stop trying to
| confound the issue.
| MitPitt wrote:
| Umbrellas also protect them from rain, should we ban those?
| 1337shadow wrote:
| Unban guns while you're at it, they are useful too.
| MitPitt wrote:
| They are, thankfully they are legal in my country
| 1337shadow wrote:
| siwyd wrote:
| Wouldn't a company such as WhatsApp (Facebook) drop the Belgian
| user base in a heartbeat if they would actually be confronted
| with a law like this? My guess is they would much rather lose a
| few million users than having to deal with the bad publicity and
| the intrusive technical challenges that come with a requirement
| such as this.
| nopcode wrote:
| Belgium isn't as small as people think. Both in total GDP and
| GDP per capita it is around top 20 country globally.
|
| Facebook isn't allowed to track non-Facebook users in Belgium.
| As a response, all Facebook pages are now behind a login wall
| in Belgium.
|
| Lootboxes (random rewards in videogames) are not allowed in
| Belgium, games no longer provide "random" drops (EA, Valve,
| ...)
| siwyd wrote:
| I totally agree that it's probably worthwhile to implement
| some country specific logic for a user base of that size and
| ad revenue per user. But specifically with regards to this, I
| really can't imagine they would agree to do this. Suppose
| they do, it's probably not a bad guess that they would lose
| more users globally due to the bad publicity it would
| generate than they would lose by cutting off Belgium.
|
| On the technical front, your examples are good and valid, but
| they seem like features that are pretty straight forward to
| feature flag per country. Something like disabling end-to-end
| encryption looks a lot more intrusive to me (without being a
| subject matter, feel free to correct me). Whatever WhatsApp
| built, they built it to enable end-to-end encryption on a
| global scale, to enable anyone from around the globe to send
| an encrypted message around the globe. Poking a hole in that
| seems non-trivial.
| nopcode wrote:
| As a Belgian I guesstimate that WhatsApp has more than 80%
| of IM market share here.
|
| > it's probably not a bad guess that they would lose more
| users globally due to the bad publicity it would generate
| than they would lose by cutting off Belgium.
|
| But this is what all the tech companies do in China.
|
| I don't think its hard to "defend" complying with the
| Belgian government that faces a terrorist network and drug
| cartel problem bigger than any other 1st world country (in
| relative terms).
|
| > Poking a hole in that seems non-trivial.
|
| They operated without E2E for many years though. I doubt
| that non-encrypted chat is even revoked. And even if they
| pulled, there's many alternatives available. It's not like
| Belgium is worried about Meta's revenue.
| siwyd wrote:
| Meta doesn't operate in China though, for not wanting to
| comply with their requirements of state-controlled
| censorship. I could see them applying similar reasoning
| here on principle (my god, I just used 'Meta' and
| 'principle' in the same sentence, I must be high).
| Another tech company might jump in that hole of course.
|
| With regards to E2E, I wonder how it would work when you
| want to chat with someone outside Belgium though. If I'm
| the person outside Belgium, I wouldn't want E2E to be
| disabled just like that. And if WhatsApp can only be used
| between Belgians, that's quite a hinderance.
|
| Belgium doesn't care about Meta revenue and rightly so,
| but if a law would be the reason that Meta pulls the plug
| on Belgium, that seems like a cause for a possible
| serious political backlash.
___________________________________________________________________
(page generated 2021-12-21 23:01 UTC)