[HN Gopher] Earn-IT threatens encryption and therefore user freedom
___________________________________________________________________
Earn-IT threatens encryption and therefore user freedom
Author : lelf
Score : 949 points
Date : 2022-03-11 01:02 UTC (1 days ago)
(HTM) web link (www.fsf.org)
(TXT) w3m dump (www.fsf.org)
| loup-vaillant wrote:
| I keep thinking that if encryption was an actual weapon, and keys
| actual ammunitions1, they would be _much_ easier to defend than
| they actually are. Funny that: cryptography is relatively
| harmless, making it all the more immoral to restrict it. But that
| same harmlessness make it that much harder to defend. I mean,
| just _try_ to take away nukes from a nuclear capable nation, or
| guns from a Texan village. Maybe you can, but the costs of doing
| so tend to give pause.
|
| [1]:
| https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
| noisy_boy wrote:
| I have said this before: this is a losing battle for individuals
| striving to protect the freedom, if we just try to do it
| individually. People bringing this get paid to do this during
| office time (and maybe after office time too by lobbyists) so
| they will keep at this; my protests require me to do it by taking
| time out of the limited time I have left after office.
|
| Fight fire with fire, fund EFF so that we have our own well
| stocked army. To be clear, I'm not trivialising or belittling the
| impact of individual effort, just that it takes too much to be
| sustainable. And yes, individual and organized efforts are not
| mutually exclusive.
| [deleted]
| EVa5I7bHFq9mnYK wrote:
| Thanks for reminding. Sent 0.026 btc to EFF.
| nidble wrote:
| Also EFF has always been among the charities available in
| Humble Bundle.
| usrbinbash wrote:
| Everytime someone invokes an argument how taking something away
| by law prevents some form of crime, my answer is a simple fact:
|
| Criminals, by definition, don't follow the law.
|
| Now, in some cases, that isn't a problem: Guns are an obvious
| example, because they take resources and knowledge to
| manufacture, and are physical objects that can be tracked. Taking
| these away by law works.
|
| But encryption isn't a physical object or something that needs to
| be manufactured. It's math and algorithms. It can be copied
| infinitely. So, if the law takes that away, law abiding people
| will no longer have access to the benefits, while criminals will
| just ... well, as criminals by definition do, ignore the law, and
| still use encryption.
| shabier wrote:
| Spot on. Criminals will not be affected by these new laws.
| Perhaps this one is just a precursor of another law
| rhn_mk1 wrote:
| That's oversimplifying it. Banning encryption is a form of
| censorship (because words don't need to be manufactured), and
| censorship, as far, as I can tell, does have an effect.
|
| For example, criminals who abuse children to produce
| pornography aren't going to follow laws against having child
| pornography. Does it follow that laws against the posession of
| child pornography have no effect in curbing abuse?
|
| I think they do. Being seen with child pornography is a huge
| red flag indicating that you might be an abuser. Plus, the
| demand is lower. I see no reason this couldn't apply to
| encryption too.
| usrbinbash wrote:
| Difference: There are perfectly legal reasons to generate
| encrypted traffic;
|
| All payment processing (ATMs, credit cards, online shops)
| generate encrypted traffic. Sending legal documents,
| technical data, company internals, contracts, etc. generated
| encrypted traffic. Sending sensible personal information like
| medical, indurance or financial records generates encrypted
| traffic.
|
| Most of these cannot be sent unencrypted, without breaking
| fundamental processes in our society.
|
| And there simply is no reliable way to differentiate between
| encryption used for legal or illegal reasons.
| CJefferson wrote:
| I don't see why, hypothetically, they can't all be sent
| with encryption that the government has a secret key to
| decrypt.
|
| The world worked using mail, then phones, for many decades.
| These were treated as "mostly secure", but could be tapped.
| The world basically worked fine.
| usrbinbash wrote:
| > I don't see why, hypothetically, they can't all be sent
| with encryption that the government has a secret key to
| decrypt.
|
| Because it's too risky, simple as that.
|
| Let's say there is a single, super-secret-key, for
| government use only, that can decrypt any encrypted
| message on the planet.
|
| What happens if this key is leaked? What if it's found
| out? What if the implementation of that key turns out to
| be buggy and is cracked? Remember, once there is such a
| key, it won't just be some criminals in
| godknowswherecountry trying to get it, it will be state-
| level actors with unlimited funds, resources and
| manpower.
|
| If a single one of them gets their hands on this key,
| even ONCE, it's game over. Our modern society relies on
| encryption. If this key gets out, the results could be
| catastrophic; eg. Airplane navigational data manipulated
| in flight, stock market data manipulated in transit,
| financial transfers wide open for everyone to read and
| manipulate at will, control data for electrical grids,
| hydroelectric dams, nuclear power plants out in the
| open...it would be anarchy.
| CJefferson wrote:
| I feel there is already a similar problem with the
| internet in general -- there exist keys which could be
| used to sign a HTTPS certificate for any website. If you
| work your way up the heirachy there are some very high-
| value keys, and the same kind of problems you describe
| would occur. However, we all just seem to live with that.
|
| Something similar could be set up with, with a collection
| of keys. I'm not saying it's a good idea, but we already
| base the security of the internet on a small number of
| top-level encryption keys.
| usrbinbash wrote:
| Difference 1: These certificates are used for the purpose
| of _Authentication_ , not _Encryption_. If they get
| compromised, bad actors can impersonate certain entities
| for some time, but they cannot decrypt any prior recorded
| traffic to these entities.
|
| Difference 2: If something happens to these keys, the CA
| can simply revoke the validity of the public key. This is
| a major pain in the _ for everyone involved, especially
| since all downstream certs needs to be re-issued and
| signed, but it's manageable. A built-in key that is
| somehow algorithmically included in every encryption
| mechanism, cannot easily be changed when it's leaked.
|
| Difference 3: There is no single "highest Certificate
| Authority", so there is no single key to compromise the
| whole system.
|
| Difference 4: These keys are ordinary asymmetric keys.
| They are not built-in backdoors into the system.
| rhn_mk1 wrote:
| I'm not seeing there is no difference, I'm saying that the
| methds to curb it are the same.
|
| Pretending that you don't understand the argument of the
| other side ("it won't work because only criminals") won't
| get you any closer to a dialogue with those who say it.
| CJefferson wrote:
| By that argument, why have laws against stealing (criminals
| will just take stuff), or grevious bodily harm (criminals will
| just hit people), or verbal abuse (criminals will just keep
| shouting at people).
|
| I don't buy this argument at all -- if we ban encryption,
| except for government sanctioned encryption, it will be the
| easiest thing in the world to detect if anyone tries sending it
| over the open internet.
| usrbinbash wrote:
| > it will be the easiest thing in the world to detect if
| anyone tries sending it over the open internet.
|
| And how shall "goverment sanctioned encryption" be
| distinguished from "non sanctioned encryption"? The point of
| (good) encryption is to make the result look like
| stochastically random bytes.
| CJefferson wrote:
| If government can demand the keys, they can take them and
| decrypt it.
|
| You could claim you are sending packets of random bytes for
| no reason to a friend, but I doubt any jury would believe
| you.
| usrbinbash wrote:
| > If government can demand the keys, they can take them
| and decrypt it.
|
| The question isn't how its decrypted, the question is how
| to determine WHICH traffic to decrypt in order to inspect
| it.
| dchftcs wrote:
| Poor analogy.
|
| Stealing is the actual bad behaviour, stealing itself is bad
| for society, anyone who steals should be punished.
|
| Substitute "encryption" for "stealing" then you know why
| you're wrong.
| cobbzilla wrote:
| "..because they take resources and knowledge to manufacture,
| and are physical objects that can be tracked. Taking these away
| by law works."
|
| Sorry but it doesn't even work for physical objects. Guns are
| completely illegal in some cities (NYC, SF and Chicago, unless
| you have connections), so I suppose there's no gun crime there,
| right? Or, research compliance rates when states have
| retroactively made certain firearms illegal and asked for
| citizens to turn them in or face the risk of criminal charges.
|
| The War on Drugs has also been highly ineffective at preventing
| motivated individuals from obtaining certain physical objects.
| usrbinbash wrote:
| > so I suppose there's no gun crime there, right?
|
| https://en.wikipedia.org/wiki/List_of_countries_by_firearm-r.
| ..
|
| It works when implemented country-wide. Countries like
| Germany have much stricter gun laws, and as a result lower
| gun violence.
|
| Obviously, the method doesn't work, when someone who wants a
| gun can just drive a couple hours and get one at some gun
| show without even leaving the country.
| ipnon wrote:
| Good point, but guns are legal in NYC. If you have a
| dangerous job like a security guard, you can get an open
| carry permit. If you have no special circumstances, you can
| own a gun in your home. The gun can be transported to other
| destinations like a shooting range, your business, or other
| homes, as long as the gun is locked in a container during
| transit. Until recently you could only carry the gun between
| your home and a shooting ranges within the city, but the law
| was expanded due to a current lawsuit against the City.
|
| edit: Most gun crimes in the city are done with illegal guns,
| 74% of which come from out of state.
| https://www.vox.com/policy-and-
| politics/2016/10/26/13418208/...
| ghoward wrote:
| I've written my senators, and I encourage everyone to do the
| same.
|
| Also, I have a website that you can point politicians to:
| https://everyoneneedsencryption.gavinhoward.com/ .
|
| Suggestions welcome on how to improve that site.
| StreamBright wrote:
| Step1: Ban naming legislation. The number 1 reason why people go
| along with these is naming. Patriot Act, Eliminating Abusive and
| Rampant Neglect of Interactive Technologies, etc.
| car_analogy wrote:
| Have our rights deteriorated so much, that so many words must be
| expended to justify not wanting to live in a panopticon?
| vitiral wrote:
| I feel like they missed the primary point which is that E2E
| encryption is the primary thing protecting everyone from
| hackers/criminals/other-governments. Without it the criminals
| WILL have access to your systems and data and then you can
| basically say goodbye to anything being valuable at all.
|
| Locking your door at night is a poor metaphor. A criminal can
| literally infiltrate and search through every unsecured computer
| connected to the internet in a matter of minutes and using almost
| no resources and with little risk. This drastically diverges from
| physical assets.
|
| Making encryption illegal will ensure that only criminals use it,
| thus making only criminals safe online.
| raxxorrax wrote:
| That and I think it is pretty safe to say that the reasons most
| constitutions specifically prohibit governments to access these
| kind of private correspondance are quite obvious too.
| seanw444 wrote:
| > Making crypto illegal will ensure that only criminals have
| the ability to use it.
|
| The right to bear digital arms.
| indigochill wrote:
| This is an interesting angle I'd not heard before, as
| cryptography had at least at some point been classified as
| munitions (maybe still is, I haven't been watching that).
|
| "Okay, in that case, the constitution says you can't infringe
| my right to it."
|
| Although I would fear going down that path would lead to them
| saying, "Well, we already infringe on access to certain kinds
| of munitions, so you can still have encryption, but only the
| stuff we have a backdoor to." which has been on the agenda
| before.
| brightball wrote:
| The munitions angle for cryptography didn't prevent us from
| having it, but it did prevent us from EXPORTING it
| globally. At least if I remember the debate correctly.
| anonporridge wrote:
| Interesting bit of history, PGP was publicly released by
| Phil Zimmermann. The US government went after him with
| criminal charges for violating munitions export laws.
|
| He won because he published his source code in a printed
| book, and was able to effectively argue that his act was
| protected under the first amendment right to free speech.
|
| https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_
| i...
| [deleted]
| anonporridge wrote:
| We already have it. The first amendment.
|
| > Congress shall make no law...abridging the freedom of
| speech...
|
| Cryptographic communication is speech.
| epicide wrote:
| This makes me wonder how one would even _prove_ that
| something were encrypted.
|
| Do encrypted files/data universally follow any sort of
| pattern? If not, then how would they be discernible from
| transmitting random bits? Will that be illegal, too?
|
| Note that I'm not talking about any specific existing
| encryption algorithms or protocols. I am positing that
| someone could devise a new one that outputs data that is
| indistinguishable from noise (without breaking the
| cipher/keys).
| anonporridge wrote:
| You could encode encrypted data in cat pictures and post
| them on Instagram.
|
| It's likely completely impossible to actually ban
| encryption in a world overwhelmed with information flow.
|
| Therefore, an encryption ban will only effect law abiding
| citizens and will give criminals a massively asymmetric
| weapon of power and influence.
| butivene wrote:
| > I feel like they missed the primary point which is that E2E
| encryption is the primary thing protecting everyone from
| hackers/criminals/other-governments.
|
| Implementing a backdoor securely which only allows some
| government agencies to snoop in the decrypted data could
| technically be possible but I never happened to see a secure
| implementation of such a scheme - probably every cryptographer
| of name would refrain from contributing to insecurity.
|
| So, IF a backdoor would be implemented securely, that would
| increase the power of the current government over all the
| people, including the opposition. If the US would go ahead with
| such legislation, countries like Hungary and Poland would
| follow soon, in which the new tool would be welcomed to
| suppress opinions diverting from the governments ideology,
| undermining freedom of speech further and increasing the
| "chilling effect".
|
| In the mean-time, terrorists (etc.) would switch to
| steganography and add an undetectable layer of encryption on
| top.
| Beltiras wrote:
| In that case everyone should become a criminal.
| nobody9999 wrote:
| >In that case everyone should become a criminal.
|
| While it is somewhat hyperbolic, *Three Felonies a Day"[0][1]
| seems relevant here.
|
| [0] https://www.amazon.com/Three-Felonies-Day-Target-
| Innocent/dp...
|
| [1] https://www.c-span.org/video/?289272-1/three-felonies-day
| Beltiras wrote:
| In my opinion it's the duty of an enlightened citizen to
| break unjust laws. Civil disobedience is the only thing
| that will right a wrong like that.
| nobody9999 wrote:
| >In my opinion it's the duty of an enlightened citizen to
| break unjust laws. Civil disobedience is the only thing
| that will right a wrong like that.
|
| You won't get an argument about that from me. I was
| merely pointing out that the legal landscape is _already_
| filled with land mines.
|
| Which is why (among other things) you should never talk
| to the police[0].
|
| [0] https://www.youtube.com/watch?v=hpUx-WFXT9k
| heavyset_go wrote:
| Our security doesn't matter to them, the only security they
| value is their security from the rest of us. This bill grants
| them just that.
| matheusmoreira wrote:
| Completely agree. Encryption is subversive. It has the power
| to defeat governments, judges, armies. They can't tolerate
| mere citizens being in possession of such technology. They
| are tempted by the complete visibility and control afforded
| by the digital world of the 21st century, but encryption is
| already denying them information and they can't stand it.
| godelski wrote:
| Which is strange because our security is their security. If
| we don't have security then we are more vulnerable to foreign
| influences. We are more vulnerable to foreign attacks. You
| can't have your cake and eat it too. Either everyone has
| security or no one does, including politicians and elites.
| minton wrote:
| I don't know if that's entirely true. There are politicians
| against the second amendment but yet they have armed
| security guards.
| anonporridge wrote:
| You underestimate the unrelenting desire of people in power
| to have their cake and eat it too.
| wesapien wrote:
| Missing the point is part of their strategy in passing this.
| They don't make these decisions without input from people who
| actually understand these things. They will play the tech
| illiterate boomer as part of the strategy. They're creating
| "rules for thee not for me". They will selectively choose who
| can and can't use things they see as a threat to their
| hegemony.
| roenxi wrote:
| The FSF isn't the EFF. The FSF is supposed to advocate why the
| stupid law is an affront to user freedom and the EFF is meant
| to be advocating why the stupid law makes people vulnerable to
| criminals.
|
| The FSF has a complicated and niche advocacy position, they
| should stay focused. If they don't advocate software user
| freedom, nobody will. In this case, there are already lots of
| people against encryption restrictions.
| strofcon wrote:
| Seems to me that banning encryption would thoroughly limit
| software freedoms. Ie:can't use anything secure, thus can't
| freely choose your toolset.
| roenxi wrote:
| That is probably why the FSF has published an article with
| the title "EARN-IT threatens encryption and therefore user
| freedom".
|
| But the point that the FSF needs to focus on is that EARN-
| IT is bad _because it limits user freedom_. The fact that
| users may choose to use that freedom to protect themselves
| from criminals isn 't the issue. There might be an obvious
| and compelling reason users need freedom or there might not
| be. The FSF doesn't need to care and should be against the
| bill regardless.
|
| Much like how the FSF doesn't care about whether the GPL is
| economic or not - they think software projects should all
| be licensed under it (or an equivalently free license). The
| point isn't whether freedom is good or necessary. That is
| taken as a priori truth. The point the FSF advocates is
| whether users have it.
| CrazyPyroLinux wrote:
| Exactly. Per the famous
| https://www.gnu.org/philosophy/right-to-read.en.html
| A4ET8a8uTh0 wrote:
| I am starting to wonder if this bill is why CNN published an
| article on FB allowing some violence posts, but not others
| riling up people like me, who likes rules applied consistently
| and without favoritism.
| tyler33 wrote:
| You are right, in fact EARN-IT is very good for criminals
| JumpCrisscross wrote:
| > _Without it the criminals WILL have access to your systems
| and data_
|
| Replacing criminals and state overreach with foreign
| adversaries may be more salient.
|
| Our encryption debate came of age after the Cold War. The
| boogeymen of that era have been surpassed. We have new ones,
| and they're more sinister than thieves and more tangible than a
| your government turning on you.
| dehrmann wrote:
| > Replacing criminals and state overreach with foreign
| adversaries may be more salient.
|
| Or if you're in the US, depending on your audience, Donald
| Trump or Joe Biden.
| pessimizer wrote:
| On what occasion have any of these new cyberattacking
| boogeymen-on-steroids done anything to anyone?
|
| I'm going to continue to worry about criminal fraud and my
| own government, rather than ghosts with foreign names.
| JumpCrisscross wrote:
| > _what occasion have any of these new cyberattacking
| boogeymen-on-steroids done anything to anyone?_
|
| One of them is invading its neighbor.
|
| > _I 'm going to continue to worry about criminal fraud and
| my own government_
|
| That's fine and these are things to worry about. But if the
| argument wants staying power, it needs to be adaptable.
| Lascaille wrote:
| Uh, Colonial Pipeline? HSE Ireland? Stuxnet?
|
| Take your pick, it isn't like there's a shortage!
| adastra22 wrote:
| > Replacing criminals and state overreach with foreign
| adversaries may be more salient.
|
| For you and me, certainly. For the members of Congress you
| need to convince of this? They ARE the state. Outside of a
| few ideological libertarians, protecting the people from the
| state is not on their agenda.
| olliej wrote:
| Those would be the same ones demanding christian based
| laws?
| [deleted]
| JumpCrisscross wrote:
| > _For the members of Congress you need to convince of
| this? They ARE the state_
|
| We agree in a limited sense. (There are lots of politicians
| who genuinely believe in curtailing state power.)
|
| Arguments about state overreach won't convince a power-
| hungry vote chaser. Talk about foreign adversaries will.
| inter_netuser wrote:
| What's lots, and how much does it cost to change their
| opinion?
| danuker wrote:
| How much do they want to be friends with the 3-letter
| agencies affected by their decisions?
| parineum wrote:
| >Locking your door at night is a poor metaphor.
|
| It is a poor metaphor because locks prevent invasion not enable
| privacy.
|
| Banning encryption is such an attack on privacy that it's
| closer to banning clothes and easing concerns by making looking
| at naked people illegal.
|
| Encryption is the fundamental unit of network privacy.
| heavyset_go wrote:
| If you want to stick with the house metaphor, then curtains,
| blinds, fences and doors would fit the comparison.
| inter_netuser wrote:
| Just ban walls in washrooms.
|
| You have nothing to hide there, do you, citizen?
| parineum wrote:
| I considered writing that it's more like building your
| house out of glass.
|
| The important point I'm trying to convey is that banning
| encryption is so extreme that it makes invasion of privacy
| something that someone can accidentally do. You have to try
| not to look, similar to if a person was nude in front of
| you against their will.
| fsflover wrote:
| > Banning encryption is such an attack on privacy that it's
| closer to banning clothes and easing concerns by making
| looking at naked people illegal.
|
| This is completely missing the point of why one needs
| privacy. Lack of it harms journalism and activism, making the
| government too powerful and not accountable. If only
| activists and journalists will try to have the privacy, it
| will be much easier to target them. Everyone should have
| privacy to protect them. It's sort of like freedom of speech
| is necessary not just for journalists, but for everyone, even
| if you have nothing to say.
| docmars wrote:
| The right to privacy, and protections against unreasonable
| search and seizure are enshrined in the U.S. Constitution
| after all!
| vegetablepotpie wrote:
| Yes, and the government has created convenient carve outs
| for its self. For example in Carroll v. United States,
| the judicial branch surrendered its authority to
| authorize searches to the executive branch. For searches
| of your vehicle, all the police need is probable cause.
| The police, of course, determine if they have probable
| cause. So this makes the 4th amendment irrelevant in
| these circumstances.
|
| Throughout US history, there is a march towards ignoring
| citizens rights, through political, judicial, and
| bureaucratic maneuvering. The constitution is a piece of
| paper. There are people who's full time job is to
| separate your understanding of your rights from what is
| written in that document. When they're clever enough,
| they will allow state violence to be imposed on you with
| no repercussions.
| nybble41 wrote:
| > For example in Carroll v. United States, the judicial
| branch surrendered its authority to authorize searches to
| the executive branch.
|
| The judicial branch can choose not to enforce the
| Constitution, contrary to its duty and purpose, but what
| they can't do--what _no_ branch of the government can do
| without amending the Constitution--is legally authorize
| any agent of the government to perform a search or seize
| property (i.e. issue a warrant--whether they use that
| term or not) without "probable cause, supported by Oath
| or affirmation, and particularly describing the place to
| be searched, and the persons or things to be seized." The
| text is perfectly clear and permits no exceptions or
| "carve outs". I doubt the intent was for the police to
| issue their own warrants, but even if the judiciary
| grants them that power they still have to fulfill the
| requirements.
|
| Of course if you're just saying that what they can get
| away with in practice and what the Constitution actually
| allows are two different things, I agree. There are
| rights, constitutional and otherwise--and then there is
| power. Every time they do this, however, it undermines
| whatever legitimacy or respect they might have otherwise
| had. Any thug can steal your stuff or invade your privacy
| and have a chance at getting away with it. To the extent
| a government wants its actions to be seen as _legitimate_
| it can 't afford to ignore that "piece of paper" it was
| founded on.
|
| > The police, of course, determine if they have probable
| cause.
|
| What counts as "probable cause" is indeed the weakest
| part of the 4th Amendment. At the very least, if a given
| "cause" does not lead to the target's _conviction_ in a
| majority of cases, of a crime sufficient to justify the
| search, then you cannot reasonably consider it
| "probable". Unfortunately that can only be observed in
| retrospect. It would have been better to require full
| compensation to the victim for any search or seizure
| which does not lead to their conviction, ensuring that
| the incentives are properly aligned.
| fsflover wrote:
| > The police, of course, determine if they have probable
| cause. So this makes the 4th amendment irrelevant in
| these circumstances.
|
| Can't you go to the court if you disagree that they had a
| probable cause?
| xhkkffbf wrote:
| Unreasonable search and seizure is written out explicitly
| but privacy is not.
| delusional wrote:
| I think that's a pretty good metaphor. I have been stuck on
| the parallels between locks and encryption for a while. This
| kinda cleared that up.
| dskloet wrote:
| You can't have security without privacy.
| boredumb wrote:
| "Making encryption illegal will ensure that only criminals use
| it, thus making only criminals safe online."
|
| Uptown NYC has a tragically similar problem with fire arms.
| anonporridge wrote:
| "Making dealing drugs illegal will ensure that only criminals
| can profit off dealing drugs, thus making only criminals
| rich."
|
| We can play this game all day with many forms of abolition
| for any good or service that has a relatively inelastic
| demand and/or is impossible to effectively enforce.
| CrazyPyroLinux wrote:
| Ok, lets do that. "War on Drugs" has been disastrous.
| anonporridge wrote:
| 100% agree.
| gjsman-1000 wrote:
| I don't feel the FSF's statement benefits the movement against
| this bill as much as the EFF or ACLU or Fight for the Future
| statements.
|
| The FSF is stuck in the 80s on everything - whether it be dealing
| with Stallman or specifying acceptable ways to load firmware, and
| has failed to accomplish almost anything since GPLv3 in 2006. And
| after recent events, I'd almost consider dismissing them from
| involvement in the movement.
| mjevans wrote:
| EFF https://www.eff.org/deeplinks/2022/02/its-back-senators-
| want...
|
| ACLU https://www.aclu.org/press-releases/aclu-afp-comment-earn-
| it...
| encryptluks2 wrote:
| I don't think you understand or appreciate the work that FSF
| does and the comment about Stallman is irrelevant in this
| regards. I don't see you advocating for MIT to be closed down.
| gjsman-1000 wrote:
| Since 2006, what have they accomplished?
|
| Bug fixes, sure. They managed to alienate a bunch of people
| from gcc, which was fun. Their anti-DRM campaign is over a
| decade old and is running on fumes with no accomplishments.
|
| This is the same organization that when Windows 8 came out,
| they protested outside Microsoft stores and handed out copies
| of GNU Trisquel - an OS with only FOSS code back in 2012,
| which to this day runs on very few systems and likely caused
| everyone who got copies to look on open source as a buggy
| flop and actively undermined the cause.
|
| I could go on.
| encryptluks2 wrote:
| Yes, we should all give up and just adopt Microsoft Linux
| cause clearly whatever company is able to buy adoption is
| the best choice.
| galangalalgol wrote:
| could you explain your firmware comment?
| gjsman-1000 wrote:
| You can ask @marcan42 who is porting Linux to Apple Silicon
| for more information.
|
| https://mobile.twitter.com/marcan42/status/10406262109994311.
| ..
| User23 wrote:
| That thread is pretty persuasive, but I don't know if he's
| attacking a straw-man. Sadly, as seen in some comments
| here, more than a few people have an irrational animosity
| towards the FSF. Can anyone present a steel-man of the FSF
| position?
| jart wrote:
| Free software has never been about demanding corporations
| open source their intellectual property. For example,
| Stallman didn't bring a bunch of protesters to Digital
| Equipment Corporation and the Bell System to beg that
| they relicense PDP and UNIX as GPL. What Stallman did was
| create an entirely new operating system that is not UNIX
| which let freedom loving people use UNIX while escaping
| the restrictions that were imposed upon users of UNIX.
|
| Richard Stallman wrote at length in the past about how he
| feels it's ethical to use non-free systems to build free
| systems if there's no viable alternative. But you can
| only do that if there's a clean division between what
| you're doing and what the hardware vendors are doing.
| Unfortunately it's messy in the embedded world. These
| makers don't abstract the products they build like Intel
| does. They rely on legal means instead to secure their
| advantage. While many corporations might view an
| agreement to access those bits under restrictive terms as
| a good thing, it can lead an open source dev to feel like
| the proprietary stuff, which they intend to decouple
| themselves from and ultimately escape, is instead being
| rubbed in their faces. No one wants to be constantly
| reminded of all the freedom they don't have.
|
| So in other words, it's just a compromise. I'm sure if
| they could find someone willing to manufacture a truly
| libre phone, they would have used them instead. I think
| the FSF has a good understanding of the open source
| developer's needs / wants / desires and this compromise
| is perfectly in keeping with that. Perhaps one day
| they'll attain the obvious end game of a libre phone,
| which would be a ham radio that looks like iphone with
| unfettered access to ss7. It will be anarchy.
| https://youtu.be/eXnvTwRBrgc
| ddaalluu2 wrote:
| How would you ever secure a server without encryption? How would
| "they" (corrupt politicians) ever hide their corruption without
| encryption. Oh no wait it's of course not them who are abusing
| it, ever. It's only "them" as in the others that are criminals.
| It's not like they are not humans, no they are of course better
| humans who never error, who never steal, who are always honest
| and straightforward.
|
| Never mind NSA and the likes still recording every little data
| fragment we transmit. That's fair and just, because they're the
| good guys. They would of course never spy into my sex video chat
| with my girlfriend.
|
| It's the age of struggle of the rulers vs the oppressed. Ideally
| it wouldn't be like this, but ultimately that's what it is.
|
| Less privacy is never the better option.
|
| I wonder how we can ... change ... I know: end to end encryption
| and encryption in general should be a basic human right in the
| information age.
|
| It opens the bigger question, do we need to be ruled at all. I
| say yes we need rules but do we need oppression, censorship and
| removal of privacy?
|
| Isn't that what all the western propagandists accuse Russia/Putin
| of, correctly I might add?
| nonrandomstring wrote:
| The difference between hackers and our enemies is that we value
| reason, logic and consistency whereas the political classes deal
| in emotion, and expedient affect (truth and consistency are
| irrelevant). Trump and Putin use the same play-book, and other
| leaders are learning from them [1]
|
| Many comments here declare voting as irrelevant and ineffectual.
| This leaves a sense of learned helplessness in challenging
| dangerous political forces.
|
| But hackers seem to be overlooking important ideas that we should
| know better about. Voting may not work on the individual level,
| but it works at scale, and we are really good at scaling things.
| Emotion is a much more powerful tool than reason, and influence
| is really just social engineering at scale. We are good at social
| engineering. Modern propaganda is as much technical craft as a
| creative one. We are great at both.
|
| The British Saatchi campaign is a flop, almost a laughable
| example of how disconnected from people they really are. What
| makes information war interesting is that highly polished short
| documentaries and video clips are not expensive or difficult to
| produce. The EFF already tried their hand with "The
| Corruptibles", which I think was very promising.
|
| The EFF are wasting their time writing blog posts that preach to
| the choir and only a handful of regular readers will see. I know
| because that's what I do, and as a writer I am realising that I
| speak almost entirely to those whose minds don't need changing.
|
| What's needed is a fight with the politicians on their own ground
| with funny, viral, highly emotive, slickly produced influence
| materials that show how ridiculous any attack on E2E technologies
| really is at this time in history. I think the EFF could better
| use their resources this way.
|
| [1] read about Vladislav Surkov and the tactics of
| discombobulation.
| IncRnd wrote:
| This particular article (not the subject) looked suspicious to
| me, since I didn't see it contain a link to the EARN-IT bill. I
| respect that it was created by the FSF, but they really should
| link to the bill's text.
|
| The bill's text is here. [1] I don't think it does anything that
| is stated in the article. It's stated purpose is to create a
| commission that will create recommendations that nobody will have
| to follow. It actually says that. Then, in Section 5, (7)(A) it
| explicitly says that it won't affect end-to-end encryption - it
| says that companies won't need to stop using E2EE and there won't
| be any liability created for using E2EE.
|
| In general, I am against regulation, but this bill doesn't do
| what the article claims it will do. Yes, it is absolutely
| politicking, but it doesn't seem to do much of anything outside
| of wasting time and resources.
|
| [1] https://www.congress.gov/bill/117th-congress/senate-
| bill/353...
| cherioo wrote:
| My interpretation is, the bill will remove liability shield for
| "online publisher" for CSAM. This then effectively means that
| no online platform may use end to end encryption to protect
| their user, for fear of liability.
|
| Individual user, and those who own the content of their
| website, are free to use E2E if they choose to, whatever
| benefit that still gives.
|
| Anticipation of this law feels like why Apple went through its
| CSAM debacle. Expect to see more content scanning after this
| passes. The CSAM DB Apple was said to be using will likely be
| "best practice" in how online service may get liability shield
| back.
|
| I too don't like how HN, FSF, EFF jumps straight to "encryption
| ban". It spells fear that too much nuance will weaken their
| argument.
| alibero wrote:
| The part of the bill that mentions E2EE (Section 5) is an
| amendment to the Communications Act of 1934, namely the famous
| Section 230 which contains: "No provider or user of an
| interactive computer service shall be treated as the publisher
| or speaker of any information provided by another information
| content provider."
|
| So the EARN-IT act would seem to me to modify Section 230 to
| not apply in cases of child sexual exploitation law,
| importantly "any charge in a criminal prosecution brought
| against a provider of an interactive computer service under
| State law regarding the advertisement, promotion, presentation,
| distribution, or solicitation of child sexual abuse material".
| However despite this amendment, using E2EE would not "serve as
| an independent basis for liability of a provider", whatever
| that means.
|
| This seems more notable to me than the whole "creating a
| committee to create best practices" sections but I could be
| misreading or misinterpreting the bill honestly, I'm no expert.
| IncRnd wrote:
| In this case, your quote is only one third of the content.
| You are not quoting the first sentence or the last part,
| which is why the quote doesn't make sense.
|
| Your quote should read the following, where I've italicized
| the two parts you left out, _" NO EFFECT ON CHILD SEXUAL
| EXPLOITATION LAW.--Nothing in this section (other than
| subsection (c)(2)(A)) shall be construed to impair or limit--
| _ any charge in a criminal prosecution brought against a
| provider of an interactive computer service under State law
| regarding the advertisement, promotion, presentation,
| distribution, or solicitation of child sexual abuse material,
| _as defined in section 2256(8) of title 18, United States
| Code; "_
| alibero wrote:
| Yes, I skipped or paraphrased those parts of the bill to
| keep things short in a way that I thought made sense. But I
| think the message is unchanged with the full text. Namely
| that Section 230 would be amended to also state:
|
| "NO EFFECT ON CHILD SEXUAL EXPLOITATION LAW. Nothing in
| this section [NB Section 230] (other than subsection
| (c)(2)(A)) shall be construed to impair or limit ... any
| charge in a criminal prosecution brought against a provider
| of an interactive computer service under State law
| regarding the advertisement, promotion, presentation,
| distribution, or solicitation of child sexual abuse
| material, as defined in section 2256(8) of title 18, United
| States Code;"
|
| And so Section 230 protections to content providers would
| cease to apply* in cases of child secual exploitation law,
| I think.
|
| * EDIT: Except for those points that would be added to
| Section 230 specifically regarding E2EE
| IncRnd wrote:
| Good point. For this, I read the wording as Section 230
| will not "impair or limit" child exploitation laws, not
| that Section 230 will cease to apply.
| spacexsucks wrote:
| Fund EFF, FSF amd ACLU
| laerus wrote:
| Lawmakers losing touch with reality day by day. Technology has
| left these old crooks in the last century and they can't cope
| with things they don't even understand.
| DethNinja wrote:
| Have you ever considered the following possibility:
|
| Perhaps Lawmakers belong a different class than you and that
| they are fully aware of what they are doing. Perhaps they
| actually want to rule over you by removing your rights one by
| one.
| olliej wrote:
| It's even better when you say: hey remember those videos of
| Russian police stopping people and demanding that they get to
| search peoples messages? If EARN IT had passed then the Russian
| government could just remotely search everyone's message history.
| The arguments about "only legal" access fail miserably. (This is
| before we consider the copious examples of illegal searches by
| the US government)
| 2143 wrote:
| I'm not even a US/UK/EU citizen.
|
| Is there any way I can contribute?
|
| Or do I just sit and watch the world burn as policymakers
| elsewhere indirectly make policies that might inadvertently
| affect people far far away as well?
| beej71 wrote:
| Donate to the EFF:
| https://www.eff.org/deeplinks/2020/01/congress-must-stop-gra...
| buck4roo wrote:
| EFF really failed to connect the dots here.
|
| I don't see how, from a plain reading of the bill's text, one
| can argue what their letter claims.
|
| Can someone connect these dots?
| 2143 wrote:
| I'm just worried that in the rare event that I travel to the
| west will somebody be like "Well, here's the foreigner who
| funded to sabotage what our government wanted! Go away!" and
| get myself banned from entering <Western-country>.
|
| Off-topic: Happy to see your reply here, Beej. I love the
| books you have authored :)
| skoskie wrote:
| On behalf of one of those countries, I'm sorry.
| 2143 wrote:
| Ah don't be it's not your fault.
| throwawayffffas wrote:
| Learn cryptography, write cryptographic software, it's really
| important that people out of the US do so. Because if a bill
| like this passes we will need software without backdoors.
| [deleted]
| heavyset_go wrote:
| There are groups that are trying to counter it that you can
| donate to and/or work with. The media, including social media,
| likes "This person from ____ is worried about how ____ will
| impact Americans and the rest of the world" narratives, if you
| feel like writing or reaching out to journalists that report on
| these topics.
| EVa5I7bHFq9mnYK wrote:
| Why don't those congresspersons start with setting up public web
| cameras in their offices and allow public access to all their
| emails and conversation recordings?
| mattl wrote:
| nathias wrote:
| I have a feeling in 10 years I will be a criminal in the whole
| anglosphere.
| alfiedotwtf wrote:
| How is the banning encryption NOT a First Amendment issue like it
| used to be in the 90s?
|
| I can't see a US court preventing free speech, so why prevent
| someone digital free speech?
| akomtu wrote:
| I've just read Orwell's 1984 (finally). There is an episode
| there: "Winston covered his face with his hands. 'Smith! Prisoner
| 6079!' yelled the telescreen, 'Uncover your face! No faces
| covered in the cells!" The Big Brother wants to see expressions
| on your face at all times, and encryption lets you cover it when
| you have ungood thoughts.
| userbinator wrote:
| Devil's advocate: encryption is also what's stopping users with
| locked-down devices (increasingly common and hard to avoid) from
| having freedom to run and/or modify the software they use.
|
| It's a tough situation. Encryption can be used for good or bad
| (and even the definition of what's "good" or "bad" encryption
| varies depending on who you ask). Unfortunately, I see it
| increasingly being used to oppress users, in the form of DRM and
| other "security" features.
|
| Perhaps classifying encryption as munitions makes the most sense,
| if you support 2A rights.
|
| On the other hand, it's just maths. Maths which anyone can
| theoretically do.
|
| I don't know if there is a good solution to this problem.
| Sniffnoy wrote:
| What does any of this have to do with the EARN-IT act? This all
| appears to be just claims about possible uses of encryption
| with no particular relation to the subject of the article. If
| these other uses of encryption you're discussing wouldn't be
| affected by the EARN-IT act, then they aren't relevant here.
| userbinator wrote:
| I'm saying that "the war on encryption" isn't all one-sided.
| Sniffnoy wrote:
| The article is about the EARN-IT act specifically. If your
| points only relate to the war on encryption in general, and
| not the EARN-IT act specifically, then they do not bear on
| the article.
| [deleted]
| matheusmoreira wrote:
| The same cryptography that protects us from them will also
| protect them from us. The key issue is who owns the keys to the
| machine.
|
| We'll never be truly free until we can literally manufacture
| our own free chips at home just like we can make our own free
| software at home. There should be no big chip manufacturing
| company they can target with regulation or make agreements
| with. It's either this or eventually free computers will no
| longer exist. Just like the radio situation where your software
| has to be approved by some government agency to make sure it
| won't cause interference.
| heavyset_go wrote:
| I'd imagine that companies would get licenses to use encryption
| in limited and restricted circumstances, such as for DRM or
| basic system security. The user won't be able to use strong
| encryption, but only backdoored or weak encryption to keep the
| average attacker out.
| baash05 wrote:
| But I'd assume that license wouldn't be an easy thing to get.
| So it would be rich companies getting it.
|
| It would price innovation out of the market.
|
| Also, not sure what you mean by weak encryption. An average
| attacker now has access to decrypting tools out of the box
| (with a few Linux distros) so wep isn't stopping anyone
| really. Even noobs can be trained to crack with an hour of
| youtube.
| parineum wrote:
| > but only backdoored or weak encryption to keep the average
| attacker out.
|
| I realize this is likely not your argument but the only thing
| that does is delay the access to data, not prevent it.
|
| Private keys will eventually leak, if not publicly, through
| nation state espionage.
|
| Weak encryption prevents the average attacker today but not
| the average attacker in the future.
| noone1954 wrote:
| Throw away account (does not do much good with modern AI and ML).
| But here goes.
|
| I am a US citizen (never left the country) and I always vote
| Republican. Down-vote away!
|
| The FBI came to my house in October 2021. Two special agents (one
| of which I knew from prior IT Security engagements) and a 'Threat
| Assessment' Police Officer from the local police department.
|
| They asked me if I was an Islamic extremist/terrorist. I am not.
| I am not religious at all. I am an IT security practitioner and
| amateur cryptographer.
|
| I once used Tor for remote network security assessments and to
| maintain my privacy. I ran Tor hidden services (as experiments)
| and posted code showing best practices on how to do this without
| revealing the clear-net IP address. I no longer do this. I
| believe that is one reason I was targeted.
|
| I have written one-time pad software and other cryptographic
| tools that may be used to evade IP/Cellular network meta-data
| analysis and tracking. I believe this is another reason I was
| targeted.
|
| The agents told me that I was considered a threat and an
| extremist because someone had used my home network to search for
| Islamic extremist videos. I have not done this. And, to my
| knowledge, none of my family members have done this either.
|
| I am not sure why this happened. I may never know. But I do know
| that true end to end encryption is critical to maintaining our
| security and privacy (assuming end devices are not compromised
| already). That is a big assumption IMPO.
|
| Now, I also encourage people to not use Tor. I feel it is backed-
| doored and mostly controlled by Nation State actors to identify
| 'interesting' subjects via meta-data analysis alone.
|
| That's my story. I hope you all do well.
| [deleted]
| rz2k wrote:
| I know this isn't the point of your post, but what does your
| party affiliation mean in this context? I have known people
| from both parties who believed their party affiliation was
| central to their anti-authoritarian stance, and people from
| both parties who thought that their preferred form of good
| government would control people.
|
| Do you think your party loyalty made you a more likely target,
| or should have made you a less likely target?
|
| That said, I use Tor for _anything_ medical related. The NSA
| might wonder why I am licking my paws so much, or why I keep
| worrying about foxtails in my ears, but they haven 't knocked
| on my door yet.
| Buttons840 wrote:
| Why do you go out of your way to protect medical information?
| If the government cared enough to get your medical
| information illegally, couldn't they just get it from your
| doctors? And if they did decide you were an "enemy", what
| good would knowing your medical information do?
| rz2k wrote:
| It's mostly a matter of principle since I assume internet
| searches to be closer to a postcard than a letter. I could
| write about some health-related thing that is potentially
| embarrassing in a postcard, because I doubt the post office
| cares, or that my mail carrier reads postcards, but I'd
| probably prefer to put it in a letter delivered inside an
| envelope.
|
| It seems like better practice to learn which sources tell
| mainstream, reliable information about things like
| bordetella vaccines and regular nail clipping, _before_ I
| get really emotional about an anal gland that needs to be
| expressed or before my person finds a weird lump on my
| front leg.
|
| More seriously, back to human medicine, I am disappointed
| that so many reputable medical information sources with
| read-only information prevent Tor network users from
| accessing their information even though malicious Tor users
| aren't able to add misinformation.
| quinnjh wrote:
| Poster maybe isnt trying to hide health info from state
| level actors, rather limiting the layers of collections
| identifying them as "possible customer for __ treatments"
|
| ..hopefully they posted from tor and arent about to get a
| ton of popups now about "do you have foxtail in your ears"
| mint2 wrote:
| Why was your political affiliation relevant to that story?
| Peppering that non-sequitur in might mean you're more focused
| on politics as teams than is warranted or justified.
| LMYahooTFY wrote:
| Did they ever present you with evidence of anything? From what
| I've heard it's quite possible to identify Tor traffic if
| you're determined enough. Perhaps they were pressuring you
| because they thought you were running a relay/node?
| brightball wrote:
| Maxmind API's will identify Tor traffic pretty reliably fwiw.
|
| I tried Tor one time years ago when I was testing Maxmind. It
| always seemed like if you were using it you'd become an exit
| node by default (I could be completely wrong on this, I
| haven't looked into deeply). Just gave me the impression that
| my IP address would suddenly be associated with whatever
| anyone else was doing and that seemed...bad.
|
| Totally understand that there are plenty of perfectly valid
| uses of Tor but you don't really hear much about those.
| miloignis wrote:
| Exit nodes are specifically set up and run, you do not
| become one by default. Using the Tor browser doesn't even
| make you a relay node:
| https://support.torproject.org/tbb/tbb-33/
| brightball wrote:
| That's good to know.
| mjevans wrote:
| More plausibly, someone used extremely weak WiFi cryptography
| to access the Internet through your ISP. Even if you have a
| password on such services, between routers with
| vulnerabilities, backward compatible connectivity (E.G. for
| your old game consoles / appliances), and maybe even passwords
| guest devices have shared with the cloud; it really could be
| anyone who was ever near your connectivity.
|
| I am sorry that these things happened to you, and this
| highlights how the rights of the accused to face their
| accusers, with legal representation present as well as to not
| be discriminated against before adjudication of those charges
| should be the standard and only procedures. Maybe for some
| highly important things these accusations might initially be
| under seal; but there should still be a defense present to
| advocate for the accused.
| sweetbitter wrote:
| >Now, I also encourage people to not use Tor. I feel it is
| backed-doored and mostly controlled by Nation State actors to
| identify 'interesting' subjects via meta-data analysis alone.
|
| No, you should encourage them to use it as much as possible to
| increase the anonymity set. Tor is not 'backdoored' (it is Free
| Software) and it is incredibly unlikely for most relays even to
| be malicious. Rather, Tor has a defined threat model and in the
| interest of offering high performance with low latency at a low
| cost, eschews the so-called 'Anonymity Trilemma' and it is thus
| possible to trace connections through the network if you can
| monitor the entry stream as well as the exit stream. There are
| a large number of entities who control various parts of the
| physical infrastructure between each link of your Tor circuit,
| from your router, to your ISP, to the local internet exchange
| point, and every other hop along the way to a destination. If
| an adversary controls even one of these entities in between you
| and your chosen guard relay, and between your chosen exit relay
| and the destination (including even the destination logs), it
| may be possible to perform correlation attacks to confirm
| whether or not a particular user connected to a given host
| (something which is easier to do if the stream is more
| 'distinct' from other streams, as well).
|
| Tor is a tool which serves to significantly increase the cost
| of undermining user privacy, and while it is true that it
| should not be treated as some end-all-be-all of internet
| privacy, I fail to understand why it should be discarded,
| rather than treated as just one of a number of tools in the
| toolkit. For example, if you are attempting to make it more
| difficult for these global adversaries to trace you, you may
| consider physical indirection (driving around), adding a layer
| of wireless relays before the connection to the Internet
| backbone, exclusion of relays in countries which your own
| nation can more easily influence in your torrc file, inducing
| dummy traffic in some capacity, preferring anonymity over
| pseudonymity, and a myriad of other techniques.
| asimpletune wrote:
| Banning encryption is basically banning certain maths. In a way,
| it's an affront on free speech, because it is explicitly saying
| speech must be done in a way that can always be eavesdropped.
|
| An analogy I use to explain to people who don't have a technical
| background is, "Imagine if we made it law that every pen ever
| made was required to be chained to a special clipboard that makes
| a carbon copy of whatever the pen writes." Even when explained
| like that, it's clear how such a system could be bypassed and
| would only harm innocent users, but even worse is just how
| ridiculous it all seems, since this would all be because we can't
| subpoena a pen. Hopefully it's made clear that despite the
| subpoena being lawful, it simply doesn't make sense, and
| attaching this fictitious clipboard doesn't really help make it
| make _more_ sense, since it seems even more ridiculous once it 's
| made clear that you _can 't_ subpoena a pen. It's no difference
| than saying you _can 't_ subpoena math, and that's OK.
|
| I hope as we progress technologically, every day users will
| understand encryption to the point where they can form their own
| analogies as to what a ban on encryption would even imply.
| DarkCrusader2 wrote:
| Similar analogy would be, anything you say to anyone should be
| recorded, which can be subpoenaed.
|
| EDIT: What happens when I send someone an email in a made-up
| language which only we both know?
| anonporridge wrote:
| Another analogy I like, is that it's akin to banning people
| from inventing new languages that nobody else understands. It's
| like adults banning a form of piglatin their kids made up just
| because they can't decipher what the kids are saying to each
| other.
|
| Cryptography is just a special kind of speech/language that is
| theoretically impossible to understand without the consensual
| invitation of the speakers.
| morebortplates wrote:
| >Banning encryption is basically banning certain maths.
|
| https://en.m.wikipedia.org/wiki/Illegal_number
| Cthulhu_ wrote:
| How many protests are in the form of e.g. bank and payment
| information? I mean if the argument for breaking encryption is
| terrorists, then the argument against it would be criminals
| stealing your banking info.
| xhrpost wrote:
| Where can I find more detailed information on how Earn-IT changes
| encryption law? I just skimmed the Wikipedia article but it
| doesn't seem to insist that this act changes encryption law. Just
| that "best practices" that would provide "guidance" to sites
| might include backdoors.
|
| I'm all for encryption rights, but if I'm going to call my
| congressional rep, I want to know what I'm talking about, and the
| FSF link really doesn't explain what's going on.
| wmf wrote:
| The bill is written in an intentionally obtuse way so that they
| can say they're not banning anything; they're just giving
| "requirements". But the only way to meet the bill's
| requirements is to eliminate E2EE.
| buck4roo wrote:
| This comment is written in an intentionally "hand wavey" way
| so that they can say nothing substantive about the proposed
| bill text, but maintain an air of alarmism.
| c1ccccc1 wrote:
| The act says that a commission will be formed, and describes
| how members of the commission should be chosen. The commission
| chooses what the exact best practices will be.
|
| Full bill here: https://www.congress.gov/bill/117th-
| congress/senate-bill/353...
| r283492 wrote:
| The government arguments against encryption are so ridiculous,
| but we need articulate explanations like this to help refute
| them.
|
| They remind me of things like: if you don't vote to ban driving,
| you must want children to die. After all, driving a leading cause
| of death among children.
| matheusmoreira wrote:
| It's gotten to the point that children or terrorists being
| mentioned at any point makes me automatically reject any
| argument.
|
| Children in particular are the perfect political weapon. It's
| political suicide to challenge any claims because you end up
| looking like a pedophile.
| zivkovicp wrote:
| Just enjoy what little online freedom you have while it's here.
| It doesn't matter if this bill passes or not, the fact that 99%
| of the general population just don't think about or care about
| this sort of thing means that we will eventually lose this war.
|
| Politicians also don't know a damn thing about it, but the
| incentives are very strong for them to insert more gov. into
| everyone's life, so that is what will inevitably happen.
|
| Sorry about being the party pooper, especially on a Friday, so
| just enjoy your PGP, E2E encryption, Tor, Btc, etc. while you
| still can (the more you do, the better our chances of keeping
| them for longer).
| progforlyfe wrote:
| The fact that this kind of idiocy even makes its way to law
| makers frightens me greatly (whether it passes or not). We're
| going to be in a world of hurt
| sycren wrote:
| Could it be suggested that banning end-to-end encryption may put
| citizens, businesses,institutions & infrastructure at risk from
| hostile nations (Russia in this instance), who may seek this as a
| potential attack vector?
|
| Therefore we position EARN-IT as a national security threat over
| individual privacy.
| Archelaos wrote:
| How serious should we really take such initiatives? Since the
| 1990s, the topic has popped up regularly, but apparently by
| people with little technical expertise or economic imagination.
| Regardless of how less these people value free speech, any state
| with a market economy, i.e. in which economic activities are
| based on the initiatives of its citizens, must protect the
| secrecy of communications between its citizens simply for
| economic reasons. Otherwise, the country's economy would be
| fundamentally exposed to foreign powers, putting national
| security at the highest risk: financial transactions could be
| more easily manipulated, trade secretes more easily stolen, etc.
| ultim8k wrote:
| I will still use strong open source encryption. I don't give a
| crap about laws other than the laws of physics. For me, I don't
| need a law to tell me how to be a good and ethical person. I know
| it already.
| jinseokim wrote:
| Look Russia and see what happens. They are actively monitoring
| and censoring 140M citizens. Fortunately Russians are using
| Signal/Telegram[1] to avoid those censorship.
|
| This is not a tradeoff between just privacy and child safety.
| This is the matter of freedom and democracy.
|
| [1]: I would say Telegram is available option for privacy but
| Telegram has pretty much possibility to be attacked than
| Signal...
| escapedmoose wrote:
| I wrote to my representatives on both political sides, and all
| insisted that it "won't affect encryption." Either I don't
| understand enough about EARN-IT, or they don't understand enough
| about encryption, because that doesn't make much sense from what
| I've read.
| qwerty456127 wrote:
| It's not even necessary to emphasize on user freedom. The safety
| aspect is more important to emphasize. Unencrypted or weakly
| encrypted communication is a severe threat to every (even very
| lawful and perfectly conventional) user safety and even national
| security. Limiting encryption is a gravely mistake for any nation
| in the modern word context. Only incompetent or malevolent
| policymakers can lobby it. Sure, universal right for strong
| encryption has its downsides but the opposite is not possible to
| afford anymore.
| pico303 wrote:
| I don't understand why folks don't just point out any back doors
| in these services will be abused or hacked eventually. Do our
| leaders want their own personal correspondence---to their big
| donors, bankers, brokers, interns, mistresses, drug dealers, coup
| instigators---available to the FBI or the media too?
| inkeddeveloper wrote:
| At this point, they don't care. Plenty of politicians have had
| criminal investigations and have had zero consequences. Hell,
| one man won a reelection while he was in jail. Matt Gaetz is
| still walking around free even.
| matheusmoreira wrote:
| Leaders are "special". These bans are for people like us, not
| for them. I'm sure everyone in the government will be using
| effective encryption. They just don't want the masses using it
| against them because then it's subversive.
| roscoebeezie wrote:
| It's entirely possible I don't understand how technology works,
| but I don't understand how some sort of government encryption
| backdoor of various protocols would work.
|
| Software, devices, protocols etc are not just used in a single
| country. They are used worldwide. If a backdoor needs to be
| supported for a several dozen governments, each with various
| levels of security practices, there's no way it stays secret
| for long. It's only a matter of time before a country or state
| like Georgia gets it's old poorly configured IT infrastructure
| hacked and the attackers now have access to some backdoor keys.
| How do governments revoke old keys and create new ones across
| all applicable devices? It'd be pretty hard to do that without
| going to companies and saying "fix" or "get me that" with some
| type of warrant or court order. That is kinda like what we have
| now which is mostly limited user information located in the
| cloud somewhere.
|
| I think the larger issue is that there is a coordinated push to
| get complete government access to everything. This is happening
| at a time where dystopian surveillance is not only quickly
| becoming possible, but also profitable. The government has the
| right to pretty much everything legally, but the potential for
| misuse in situations where the government gets access
| everything is really high. The ability for citizens to combat
| that misuse is reduced the more government gets.
|
| This is my understanding of things. Let me know how I'm wrong.
| wmf wrote:
| It's not really about backdoors; they just want everything to
| go through servers which will archive unencrypted copies of
| everything so that it can be subpoenaed later.
| charcircuit wrote:
| >Are you "hiding" when you lock the door of your home every day,
| just because the government is not permitted to enter it without
| a warrant
|
| If this is your reason then I would say you are trying to hide.
|
| >Is it "hiding" to seal the envelope of the card you're sending
| your Valentine?
|
| Yes, the point is to keep it a surprise.
|
| >helps protect queer youth from intolerant violence (at home and
| abroad, as in Ghana).
|
| E2EE doesn't prevent a parent from taking their phone and seeing
| their messages. These kids aren't communicating to their friends
| over their parent's IRC server. Most parents aren't technical and
| wouldn't even know how to MITM even an unencrypted messaging app.
|
| >helping victims out of these relationships by enabling them to
| contact friends for help
|
| Again most people don't know how to MITM this traffic. Especially
| if you are using mobile data.
|
| Even in regard to whistleblowers they only need anonymity. They
| want to do the opposite of hiding their messages. They want the
| opposite. For as many people as possible to see their messages.
| happytoexplain wrote:
| They are comparing to the word "hide" in the context
| authorities use it, e.g. "nothing to hide". They are not
| drawing comparisons using the word generically, and they make
| this explicit. Your two assertions seem to ignore this (i.e. it
| seems like you're "playing word games").
| charcircuit wrote:
| At least with locking your door because you are afraid the
| government is going to break in to your house without a
| warrant is the same. If someone is doing this either they
| have done something illegal, e.g. "have something to hide",
| or they are have a mental issue where they have problems with
| trust and are overly paranoid.
| detcader wrote:
| What is an example of a right that you think people should
| have (by law), which constrains the government in some way?
| charcircuit wrote:
| The right to not be randomly murdered by the government.
| judge2020 wrote:
| Everyone has something to hide from public view, at least
| in the sense that you don't want anyone (government or
| civilian burglar) being able to steal your stuff or know
| what sort of stuff you have on your hard drive. And by
| everyone, I include regular people who might have a regular
| desktop or laptop without disk encryption.
| charcircuit wrote:
| >Everyone has something to hide from public view
|
| But we aren't talking about making something public. We
| are only talking about a case where the government
| already has a warrant.
| pdonis wrote:
| No, we're not. We're talking about the EARN-IT act, which
| wants to legally require all website owners to report all
| kinds of things to law enforcement, without any probable
| cause that anyone has commmitted a crime and without any
| kind of warrant.
| charcircuit wrote:
| We were on a tangent. E2EE isn't even banned by the bill
| so it's all somewhat off topic to talk about.
| pdonis wrote:
| _> E2EE isn 't even banned by the bill_
|
| Not explicitly, no. But it is not feasible for
| applications to comply with the provisions of the bill
| while still supporting E2EE, so the bill's effect will be
| to largely eliminate the use of E2EE.
| cgriswald wrote:
| There's literally no difference. None. This was tried
| before with special locks that 'only the TSA had the keys
| to open'. The keys were posted online for anyone to make
| their own. It's also been tried commercially with various
| DRM and failed.
|
| There is no such thing as a 'government only, and only
| with a warrant' backdoor. There is either private or not
| private.
| charcircuit wrote:
| The problem with TSA keys is that they are all the same,
| can easily be cloned, and couldn't be rotated.
|
| It is possible to design a system where judges have their
| own hardware keys. Hardware keys can not be cloned
| assuming strong tamper protection. If a hardware key gets
| stolen it can be revoked as being valid and a judge can
| be issued a new one.
|
| DRM is different because the client ultimately has to
| have the keys to decrypt the content they have been
| permitted access to.
| baash05 wrote:
| Shot in the dark here? Which Government are you talking
| about? Saudi? Where being gay is a death sentence? No?
| How about the US where being Japanese was illegal?
| China's got the most people, perhaps we take a wold wide
| vote to see? Biggest land mass? Millionaires per
| population (the 1%)?
|
| Who would control the creation of the keys? I mean which
| tech vender would control access to my android phones
| encryption? My phone was made in China, and the chips
| inside it were made in China. They also have the most
| people, so it seems fair they control the keys.
| heavyset_go wrote:
| > _Most parents aren 't technical and wouldn't even know how to
| MITM even an unencrypted messaging app._
|
| Give it a couple of weeks and someone will have put together
| surveillance and parental control system for it.
| charcircuit wrote:
| >Give it a couple of weeks and someone will have put together
| surveillance and parental control system for it.
|
| ????? CSGO chat is unencrypted. It's been more than a few
| weeks since source games have been out. Show me this parental
| control system you theorize would have been created.
| detcader wrote:
| > Even in regard to whistleblowers they only need anonymity.
| They want to do the opposite of hiding their messages. They
| want the opposite. For as many people as possible to see their
| messages.
|
| This website is freeeeeeeee
| c1ccccc1 wrote:
| Even if most people don't have the technical chops spy on
| traffic themselves, I can imagine a world where there are
| companies that provide such things as products / services.
| (Probably there are already a few companies like this, I
| haven't checked.) For example one might be able buy a gizmo
| with an antenna that listens in on people's wifi and mobile
| connections. If end to end encryption was banned, I'm guessing
| that spying on that non-encrypted traffic would take about $50
| and an afternoon of setup, and would not require any special
| skills.
| charcircuit wrote:
| Thankfully with the mass adoption of HTTPS most messages are
| going to be encrypted over the person's network you are
| using.
| NotEvil wrote:
| And with the law. We whould have a backdoor in tls. And
| HTTPS will be meaningless
| charcircuit wrote:
| No we wouldn't. This law doesn't even ban E2EE. E2EE
| eliminates any liability of transferring the messages.
| c1ccccc1 wrote:
| It's possible that the commission will require ISPs to
| block non-backdoored TLS. But I'd consider that to be
| more of a worst-case scenario, rather than something
| that's particularly likely to happen. More likely outcome
| is companies that store user messages on their servers
| won't be allowed to provide end to end encryption, and
| would be forced to store the messages on their servers in
| plaintext, or using backdoored encryption. The bill
| allows for differing requirements for different kinds of
| services, so hopefully ISPs would not have much of a
| change from the current situation.
|
| Of course, even just that scenario is bad enough. It
| would mean that the police, the FBI, the NSA, people at
| the messaging company, and hackers who breach the
| company's security would all be able to read those
| messages.
| c1ccccc1 wrote:
| True, and definitely a good thing.
| tjpnz wrote:
| >I'm guessing that spying on that non-encrypted traffic would
| take about $50 and an afternoon of setup, and would not
| require any special skills.
|
| I could see it even becoming a feature in consumer grade
| network equipment. A bit like HDCP circumvention in video
| capture boxes or region free playback in optical media
| players. All you'll have to do is shop around.
| galoisscobi wrote:
| Wrote to Dianne Feinstein of CA about being against Earn-IT act
| and got a letter back about how Earn IT act would prevent child
| sexual abuse material online. Sigh.
|
| As disappointed as I was in the response, I'm glad that EFF makes
| it really easy to reach out to reps. Took me less than a minute
| to send out my stance against the Earn IT act to my
| representatives https://act.eff.org/action/stop-the-earn-it-act-
| to-save-our-....
| int_19h wrote:
| Feinstein has always been anti-encryption and pro-three-letter-
| agencies.
| BLKNSLVR wrote:
| This is a crtl-C ctrl-V of my own previous commentary:
|
| I'm working on the wording of this that I intend to use in any
| such discussion of fake attempts at "think of the children":
|
| Whenever a politician invokes "think of the children", ask them
| about their funding of Child Protection Services.
|
| Any political action that's said to be under the umbrella of
| "think of the children" that doesn't provide massive amounts of
| additional funding into Child Protection Services (boots on the
| ground, education programs, etc), is hiding something, and
| actively working against helping children because it's
| distracting from the actual efforts that Child Protection
| Services are providing as well as spending money on entirely
| "something else".
| jimhefferon wrote:
| Yes, I had the same experience with Patrick Leahey. Usually he
| is pretty reasonable, but here completely he (or his office)
| missed the mark.
| ddaalluu2 wrote:
| Ah yes the old child abuse argument, because it would never
| happen without crypto. We only have how many 1000 years of
| proof otherwise.
|
| The thing is mothers really believe that. When I told a
| friend's wife that there should be no regulation on what people
| can post online she replied with "even child abuse". And I was
| caught unprepared. Of course I don't want children or any other
| people to be abused but outlawing crypto is not the solution to
| that problem.
|
| Of course I'm aware that you're aware.
| throw0101a wrote:
| > _Wrote to Dianne Feinstein of CA about being against Earn-IT
| act and got a letter back about how Earn IT act would prevent
| child sexual abuse material online. Sigh._
|
| This is a decades-old response, along with terrorists, drug
| dealers, and organized crime:
|
| *
| https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
|
| Of course if people are willing to do one illegal activity
| (CP), what's to stop them from doing a second illegal activity
| (strong crypto) to protect themselves against detection of the
| first activity?
|
| We've been here before: if the US (or any other jurisdiction)
| limits strong crypto, it will simply be offshored:
|
| * https://wiki.debian.org/non-US
|
| If you're older than ~40 and were on the Internet in the 1990s,
| this probably isn't your first rodeo:
|
| * https://en.wikipedia.org/wiki/Crypto_Wars
| matheusmoreira wrote:
| Do politicians even read these letters?
| beej71 wrote:
| No. But staffers do.
|
| Some interesting stuff here:
|
| https://www.wired.com/story/opengov-report-congress-
| constitu...
| thrtythreeforty wrote:
| They almost certainly do not. However they do count them
| (well, maybe the intern counts them, but they are counted).
| And if the counts get big enough, they do start paying
| attention.
| ShroudedNight wrote:
| > And if the counts get big enough, they do start paying
| attention.
|
| This is a while back, now, but I vaguely remember a Reddit
| AMA by people working for US federal politicians where they
| indicated that "big enough" is often as few as two for the
| right type of correspondence (bespoke letters and / or
| letters to the editors of voter-relevant newspapers,
| especially if the politician get specifically called out)
|
| Things may well have changed in the interim, but given how
| often engagement begins and ends at signing on to a form
| letter, I wouldn't be surprised if this was still the case
| today.
| CameronNemo wrote:
| Wrote to a state legislator regarding a specific bill.
|
| They voted opposite of what I requested, then wrote back
| giving a synopsis of the bill and mentioning it passed
| without even mentioning their vote against the bill.
| inter_netuser wrote:
| That's because voting literally doesn't matter. At all:
| https://represent.us/americas-corruption-problem/
|
| There is nothing you can do if you live in a "safe"
| district.
|
| If you live in a contested district, donate to their
| opponent, and send them a copy of the check, so that they
| can see it before they read the letter.
| morpheuskafka wrote:
| One time they sent back a letter assuming I opposed a
| position that I actually supported. In fact, I think the
| senator supported it too, but probably only got letters
| from people opposing it.
| vharuck wrote:
| Depends on the politician. A few years ago, I wrote emails to
| my US House representative and one of my senators. They
| didn't come from a template. I wrote a few short paragraphs
| stating my wish, my reasons, and a bit of praise for
| something they recently did.
|
| The representative sent back an obvious copy-paste. Could've
| been the response to any email about the topic, and sounded
| like a campaign pitch.
|
| The senator (or at least a staffer) replied with reasoning. I
| didn't agree with the reasoning or conclusion, but somebody
| definitely read my email and responded specifically to it. I
| appreciated the respect they showed that way.
| meowfly wrote:
| The EFF sent me a letter encouraging me to contact my
| congressman to support a bill that would prevent federal
| funding of anti-encryption technologies by the FBI.
| (https://act.eff.org/action/speak-up-for-strong-encryption-
| ru...)
|
| My representative called me to talk about it. He told me he
| hadn't seen the bill but he agrees that isn't where the FBI
| should be spending their energy. It seems like the bill never
| got off the ground.
|
| My guess is the prewritten letters are probably less
| considered.
| Mezzie wrote:
| I'll go one further: I _have child porn of myself online_ and I
| don 't support the Earn-IT Act. Then again, having my online
| presence wiped out after 7.5 years at the age of 12 when COPPA
| went into effect made me really cynical.
|
| As did the fact that nobody listened to the few of us who were
| children online back then. It's always based on these weird,
| interesting hypotheticals.
|
| (This isn't to minimize child abuse or trafficking, of course.)
|
| Edit: Also I'll say as someone who's been online for almost 30
| years (age 4 to now almost 34) that the harassment and sexual
| abuse I received/was subject to were at their highest levels
| from the ages of 14 to 25.
| monksy wrote:
| This is the copy/paste response I got from Duckworth: (Which is
| disappointing)
|
| Thank you for contacting me about S. 3538, Eliminating Abusive
| and Rampant Neglect of Interactive Technologies (EARN IT) Act
| of 2022. I appreciate you taking the time to make me aware of
| your concerns on this important matter.
|
| The EARN IT Act would establish a National Commission on Online
| Child Sexual Exploitation Prevention, which would be
| responsible for developing recommended best practices for
| providers of interactive computer services, such as email or
| cloud storage providers or social media services like Facebook
| or WhatsApp. These best practices would pertain to how best to
| prevent, reduce or respond to the online sexual exploitation of
| children, in particular the proliferation of online child
| sexual abuse material (CSAM).
|
| This bill would also amend Section 230 of the Communications
| Decency Act of 1996. Section 230 in its current form creates a
| so-called "safe harbor" for providers of interactive computer
| services from legal or civil liability for the content posted
| on their sites. For example, if a user posts defamatory
| information on Twitter that individual may be sued and held
| liable, but Twitter as a company may not be held liable. The
| EARN IT Act would require these service providers to earn that
| safe harbor by complying with the recommended best practices
| developed by the Commission. Senator Lindsey Graham of South
| Carolina introduced the bipartisan EARN IT Act on January 31,
| 2022, and it was referred to the Senate Judiciary Committee.
|
| The proliferation of child sexual abuse material has a
| devastating effect on its victims, their families and their
| communities. Like you, I believe there is no place in society
| for this material. However, some internet privacy advocates
| have expressed concern that the EARN IT Act may unintentionally
| drive CSAM purveyors into the dark net, where these horrific
| criminals would become more difficult to track, identify and
| ultimately build a case that is required for a successful
| prosecution. Please know that I will keep your thoughts in mind
| should a majority of the Judiciary Committee decide to
| favorably report S. 3538 to the full Senate for consideration.
|
| Thank you again for contacting me on this important issue. If
| you would like more information on my work in the Senate,
| please visit my website at www.duckworth.senate.gov. You can
| access my voting record and see what I am doing to address
| today's most important issues. I hope that you will continue to
| share your views and opinions with me and let me know whenever
| I may be of assistance to you.
|
| Sincerely,
|
| Tammy Duckworth United States Senator
| brightball wrote:
| I'm so torn on this.
|
| I 100% support and demand E2E encryption be legal and
| available for anyone to use whenever they want to.
|
| On the other hand, I also completely agree with the need to
| fix Section 230. The stories I've heard about providers
| essentially turning a blind eye to taking down things like
| revenge porn after victims have won in court is a huge
| problem. There's an entire Darknet Diaries episode on Kik
| that goes into just how bad the problem really is.
|
| Want to smear somebody? Just post a business review on Google
| or Yelp. The person and the business will be fairly helpless
| to get it taken down. One place I worked years ago saw a
| review posted about the business accusing one of the
| Director's of an affair. The review remained up for over 6
| months because of the complete lack of accountability.
|
| Something absolutely has to be done to combat that type of
| harassment because it's slanted way to far in favor of the
| harassers right now. If service providers have no
| responsibility to take this stuff down it's never going to
| get any better.
| clsec wrote:
| Yep, I wanted to blow my top when she sent me the same
| response. We really need to get rid of Feinstein!
| jrnichols wrote:
| I sadly cannot say that I am surprised at the reply. "won't
| someone think of the children?" has been a convenient political
| go-to for so many years now.
|
| seeing it with Earn-IT and also the "don't say gay" bill.
|
| everyone thinks that they are "protecting the children."
| savant_penguin wrote:
| Every time one of those moronic bills show up I wonder if they
| know they are making the entire US banking system and online
| marketplaces vulnerable to Chinese and Russian hacking.
|
| And what is that for? Some false promise of security? People who
| commit real crimes will just use illegal tools and would rather
| be prosecuted for """illegal use of real encryption""" than for
| whatever they are doing
|
| Meanwhile people who actually need it for legitimate reasons are
| endangered by this law
___________________________________________________________________
(page generated 2022-03-12 23:02 UTC)