I hope everyone read the recent Washington Post story about a decades-long scheme where an ostensibly private Swiss firm (Crypto AG) that dominated the worldwide market for encrypted communications was, in fact, controlled by US and German intelligence agencies and sold compromised equipment to governments around the world. This allowed Germany and the US to monitor sensitive communication from Iran and dozens of other counties. Even the employees of Crypto AG didn't realize that they were selling modern day Trojan horses. It's a fascinating story that validates the paranoia of conspiracy theorists. This particular scheme ended decades ago when general purpose computers could perform encryption/decryption functions negating the need for the hardware Crypto was selling. Perhaps in a few decades someone will leak more of the tricks that are being used instead today.
Why can't companies like Facebook and Apple provide secure End to End communication for US (and/or UK/Canada/etc.) citizens but key-escrowed communication for foreigners (eg, China, Iran, etc.)? All it would take is for Facebook and Apple to write software that determines the nationality of the user. That's a modest technical problem. The problem is primarily that Facebook and Apple actually want to provide secure communications for people who have no such right, and perhaps secondarily also that the government wants key-escrow for nationals who may have a "right" to privacy.
This solution would be unsatisfactory to Apple and Facebook because SOME of their customers (eg, citizens of Iran, China, Somalia) would be unhappy that their keys were being escrowed. And it would also be unsatisfactory to the governments because SOME of their suspects (eg, citizens of US, Canada, UK) would have keys that are NOT being escrowed. Both sides, government and corporations, aren't willing to settle for a 50% satisfactory solution, which is sad. They both want 100%.
Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. And most of you are unimaginative enough to figure out how to solve this problem. I could explain how it could be done, technically, but I don't want to argue about technical solutions, I want to argue about whether this approach is a useful and legal approach. Is it legal? Very probably. Is it useful? Probably for many situations. But both sides want it all and aren't willing to compromise.
How are you going to determine if I’m a local good old boy? If I turn on my VPN it looks like I’m German, when I’m actually in the USA.
Besides, you haven’t been paying attention, they want your information just as much as they want foreigners.
If you think these surveillance problems work, here you go. Yesterday’s news: (you’ll note the US was spying on there own people)
NSA spent $100M on phone surveillance program that prompted two unique FBI leads
You asked me "how" it would be done. I explicitly wrote I don't want to talk about "how it's done" because that would change the topic to a technical topic rather than a policy topic. The link you sent me was not a key escrow issue, so it's irrelevant to my point. (I get the impression that you don't even understand what key escrow is since you are diverting attention from the topic I raised.) But you admit you don't understand "how" nationality could be determined. Let's ignore how it's done and talk about whether it's a good idea to do this. Ask yourself if this method I've described, if it were possible, would be "legal" and "useful". I said it would be very probably legal and probably useful in many situations. You had nothing to say. I was right when I expected that responses to my message would try to address "how" this could be done rather than whether it's a good idea. As I said, corporations ignore this question because they want all their customers to get the same high grade encryption, while governments ignore this question because they want to be able to view everyone's traffic.
I never asked you how. But...
Yes, you did ask me "how". The very first word of your post was "How...". You opened your message by asking me "How am I going to determine if you are a good old boy? (ie, your citizenship)?" Your entire post was about how. In your follow up post your entire approach was about "how", saying it can't be done. You refuse to discuss the question at hand, which I raised, which is would it be a good idea if it were technically possible. And it seems to me that others are also attacking me by saying it wouldn't be possible. I'm perfectly capable of discussing how it would be done, but I first want to discuss whether it would be a good idea if it were possible. And nobody wants to have this conversation. Everyone's approach is "there is no technical solution so let's not think about whether it's a good idea."
Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore.
You'll ignore it because you're an idiot who's never heard of VPN.
I respect anyone with 5000 posts and I respect Vincent Price. But you are suggesting "determining nationality cannot be done." I can see you are mentioning VPN because you think nationality would be determined based on location. For a person with 5000 posts, some of which were pretty decent, I didn't realize you could be this naive. I never said nationality would be determined that way.
If Apple did this for one government, they would have to make it available to all governments. Do you think China would not want this, or do you think they don’t have enough leverage to demand it if it exists?
That's a good and useful question. You aren't falling into the red herring of "it can't be done so let's not consider it." It appears possible to actually have an intellectual conversation with you. I'm impressed. You, my friend, are a winner.
Even so, my friend, I think you missed something here. I specifically said to give key-escrowed algorithms to people who aren't from the US/Canada/UK, and I gave examples of China and Iran. In other words, give Apple the ability to read communications from users who are citizens of China and Iran so that their governments (or ours) can read their communications, probably with a court order. So what I'm proposing would make the governments of China and the US very happy, which is the ability to read the traffic of Chinese citizens with some approved process. The people of the US wouldn't care because THEIR data would NOT be escrowed. The only people who could be upset are the people of China and Iran, but they already live in states where the governments can tap their homes or their phones, so it's not going to be a big deal breaker for them anyway, because they are already being bugged by their own governments.
Technology companies should give a colossal GFY to such agencies & nation states by rolling out end to end encryption, and only announcing it after it’s in place and fully operational, and that includes fully encrypting iCloud.
Why can't companies like Facebook and Apple provide secure End to End communication for US (and/or UK/Canada/etc.) citizens but key-escrowed communication for foreigners (eg, China, Iran, etc.)?
I’ll give you the same answer that was used after 9/11: Because it won’t work after 9/11 people called for closer scrutiny of middle eastern people. Those of us who understood the problem said “If you do they will just start using blond haired blue eyed terrorists.” Lo and behold when the current administration started trying to do the former, the bad guys responded with the latter.
Try to limit spying to particular national or ethnic groups and soon people outside those groups will be brought in. Soon there will be spying on everyone all the time because everyone could possibly be a spy.
Secondly if you start trying to ghettoize some national and ethnic groups without evidence, just based on suspicion and association, well, it doesn’t end well. That was a lessen driven home to the world in the eqrly and middle part of the last century.
Make all the arguments against it you want to. Be outraged about the concept. Excoriate the government for thinking it will solve their problems. In the end, though, be prepared to see it come to pass. All it will take is another 9/11 style attack and the public will demand it. The public will gladly give up their freedom for the illusion of security and safety. We've given up so many of our freedoms already in the name of social homogeneity. The PC police have restricted our speech. The anti-gun cadre wants to eviscerate the 2nd amendment. We're closer to a surveillance society than ever before. Public facial recognition is on its way. The opposition can hold out only so long before the public forces the issue.
Interesting that we never hear about Russian or Chinese officials clamoring for backdoors, probably because they've already got them.
Er, except Russia and China do. They’ve banned types of encryption and tools such as VPNs. Old news.
As for PC police revoking your freedom of speech — what in the hell are you talking about? Are you confusing freedom of speech with accountability for saying shitty or stupid things to others? Because they’re very different concepts.
Long ago, encryption was limited to governments and military due to the extreme cost and complexity of hardware encryption devices (ie enigma). Spies had rudimentary encryption like substitution cyphers, which tripped up authorities but with enough effort, they could be cracked, This is what authorities want to go back to, but nowadays military grade encryption is a commodity available to the masses. The genie is out of the proverbial bottle. A rudimentary home written app can have the same level of security as the NSA. Once the big services like iMessage and Facebook messenger are forced into having a back door, Government and the military will write their own secure messaging applications to keep their communication secure, but so will the terrorists and criminals. What you will be left with is the ability of both governments and criminals to spy on innocent people while neither will be able to spy on the other.
As for PC police revoking your freedom of speech — what in the hell are you talking about? Are you confusing freedom of speech with accountability for saying shitty or stupid things to others? Because they’re very different concepts.
In the context of government there is no difference and LKrup is correct. There is far too much of the world of 1984 these days.
As for PC police revoking your freedom of speech — what in the hell are you talking about? Are you confusing freedom of speech with accountability for saying shitty or stupid things to others? Because they’re very different concepts.
In the context of government there is no difference and LKrup is correct. There is far too much of the world of 1984 these days.
What does that even mean? No, they’re not the same. In the US, the government cannot restrict your freedom of speech. Invoking “But PC police!” has absolutely nothing to do with that. What a culture considers rude or politically incorrect has no bearing on your right to not be imprisoned by the government for speech. You get that right? But please, if you have examples of people being muzzled or arrested by the government for speech, lay them out.
Let's pretend Apple does this. Since we're now firmly in imagination land, let's pretend Google, Facebook, and all the other major players also do this.
Great. Now what? What's to stop global terrorists using an encryption app that's not backdoored? This will end up a perpetual game of wack-a-mole where only the innocent lose out.
So, what's really the point? I can't help but feel that all this is not to spy on terrorists, but on us. Pretty sure MI5, the CIA, Mossad et al all know that terrorists will up their game, so what's the real reason for this? Is this nothing more than a Trojan horse?
Comments
I respect anyone with 5000 posts and I respect Vincent Price. But you are suggesting "determining nationality cannot be done." I can see you are mentioning VPN because you think nationality would be determined based on location. For a person with 5000 posts, some of which were pretty decent, I didn't realize you could be this naive. I never said nationality would be determined that way.
Even so, my friend, I think you missed something here. I specifically said to give key-escrowed algorithms to people who aren't from the US/Canada/UK, and I gave examples of China and Iran. In other words, give Apple the ability to read communications from users who are citizens of China and Iran so that their governments (or ours) can read their communications, probably with a court order. So what I'm proposing would make the governments of China and the US very happy, which is the ability to read the traffic of Chinese citizens with some approved process. The people of the US wouldn't care because THEIR data would NOT be escrowed. The only people who could be upset are the people of China and Iran, but they already live in states where the governments can tap their homes or their phones, so it's not going to be a big deal breaker for them anyway, because they are already being bugged by their own governments.
It is not possible to allow any government, or any entity, with a backdoor while maintaining integrity.
after 9/11 people called for closer scrutiny of middle eastern people. Those of us who understood the problem said “If you do they will just start using blond haired blue eyed terrorists.” Lo and behold when the current administration started trying to do the former, the bad guys responded with the latter.
https://www.engadget.com/2019/10/27/china-cryptography-law/
https://www.techdirt.com/articles/20200217/07315143935/russias-war-encryption-stumbles-forth-with-ban-tutanota.shtml
As for PC police revoking your freedom of speech — what in the hell are you talking about? Are you confusing freedom of speech with accountability for saying shitty or stupid things to others? Because they’re very different concepts.
Sod off.
Sincerely,
Me