Saturday, November 7, 2020

US Government Continues Encryption War

Wars can be fought in the real world but there is also a virtual battlefield - and it is just as harmful. The Lawful Access to Encrypted Data Act is the latest attempt to access people's encrypted data and it serves as another reinforcement.

This type of “warrant-proof” encryption adds little to the security of the communications of the ordinary user, but it is a serious benefit for those who use the internet for illicit purposes.

This statement is plainly false. Encryption has as much benefit, if not more, for ordinary users. Encryption is used in every website that has the padlock sign (HTTPS), in every iPhone app since 2016, in every Android app since 2018 and in almost every modern application - and for good reason. Encryption helps protect sensitive information (such as that shared with your bank, or any time you use a password on a website). It may also help protect files which are not in use (at rest), or in the event the server is accessed by an unauthorised person (such as a criminal attempting to siphon off important data).

In 2016, Bruce Schneier wrote an article on the value of encryption clearly outlining why encryption is needed. Schneier went on to say that when the US Government was previously fighting cryptography, he wondered if they were aware how much they relied on it themselves. No-one is above the law, so if you ban strong encryption, the FBI should not use it either. Attorney General Barr, gives the impression that the government, along with certain large companies, should have an exception to the law. Barr recognises that there are some things that are secret, but he doesn't recognise that regular citizens might also want to enjoy privacy as well.

“We are not talking about protecting the nation’s nuclear launch codes,” Barr told the International Conference on Cyber Security at Fordham University.
“Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications."

Somehow, because your average Joe does not have government level secrets, he is no longer entitled to encryption. We are all humans, and we all need privacy. By taking away encryption, you are taking away privacy online.

This act is aimed at Section 230, which ensures that no interactive computer service provider shall be treated as the publisher or speaker of content published by their users - an essential part of the survival of all search engines, social media platforms and video sharing sites. Without it, the internet would become a self-censored platform – one that is more concerned with fending off lawsuits than providing a medium for ideas and innovation as it originally was.

It is easy to sympathise with an act that is being pushed through on the grounds that terrorists, paedophiles and drug-dealers all use encryption. Reading the New York Times' reporting on online images of  sexual abuse would leave some wondering why this sort of Act has not been passed already. Equally, if no-one had encryption then it would certainly be easier to catch above mentioned crooks and fellons.

Encryption, however, did not create these problems; these crimes were around long before it came into existence. In addition, those who partake in illicit activity will always find loopholes and ways to do so, such as using products or encryption tools that don't have backdoors. Criminals do not obey laws by definition. Furthermore, many innocent people use similar encryption to these criminals, but only to protect privacy, not hide any illegalities and yet they could still be subject to some kind of prosecution. It is assumed the use or possession of non-backdoored software would also become an offence if too many people used that instead. Statistically, it's agreed there are many more innocent people in society than criminals; those innocent people would be punished as a result of the bad actions of a few.

It is not feasible for a government to make a law of this sort that can apply outside of it's own country. Governments around the world would almost certainly disagree on which countries should be allowed access to the backdoor. As a result, this backdoor would most certainly lead to every unauthorised party having access, as the key to decrypt the data would be discovered by third parties, this would result in completely broken encryption for all. In federated networks, such as Matrix, it's not even possible to add a backdoor to every homeserver. Federation decentralises trust, which means that the person deploying the server isn't necessarily the same entity who makes the client software or server software. Matrix has even written a thorough article on how to combat this sort of abuse without backdoors.

Weakening encryption will only result in criminals using strong encryption anyway, without fighting any of the problems that the the law claims to solve. There is no easy solution, and it is down to politicians to provide one. Yes, encryption can be used by people with bad intentions, but it is also used by so many ordinary people who would never think to use it in a malicious way. Nearly every tool in life can be used for nefarious purposes, but does not mean it should be unavailable for legitimate non-criminal uses. You could hit someone with a hammer, but it doesn't mean hammers should be made out of foam, because if they were, people would just use knives instead. Weakening encryption will not solve these issues, and that's probably because they were not the the focus of the Act. Instead, it seems that this law seeks to criminalises strong encryption that does not have backdoors, even though the government knows full well that this will not stop criminals. The US Government should stop devising new ways to breach its citizens privacy, and focus on combating the issues that this Act fails to.

In 1988, Timothy May predicted that “the State will of course try to slow or halt the spread of [encryption], citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration”. He was spot on.

Cover artwork by Zan



from Hacker News https://ift.tt/3k7QYy6

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.