There’s been an increasing call in recent weeks and months for encryption to have government ‘backdoors’ put into them. This is a bad idea. No really, it’s an incredibly bad idea. Even if we took the assumption that it is a push that’s made with only the purest of intentions, and the government universal key is kept 100% safe and secure and never leaked or misused, it’s still a really, unbelievably, stupid idea.

  • lemonflavoured@kbin.social
    link
    fedilink
    arrow-up
    41
    ·
    1 year ago

    There’s an irony in the British government going on about this all the time, while at the same time fighting in court to prevent their WhatsApp messages being turned over to the Covind inquiry because of privacy concerns.

    More generally, I think it’s a symptom of governments not being at all as tech savvy as they like to think they are.

    • tal@kbin.social
      link
      fedilink
      arrow-up
      22
      ·
      1 year ago

      The UK also has RIPA, under which it can compel a user to hand over passwords to encrypted material. For those of us in the US, that’s prohibited by the Fifth Amendment.

      • HelixDab@kbin.social
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        As far as the US goes, that’s incorrect. The issue is a 1A issue, not a 5A issue.

        tl;dr - you are required to provide keys, combinations, fingerprints, etc. when there’s a warrant. You might not be required to provide passwords.

        Let’s say cops have a search warrant for your house, and you have a safe in your house that they think the evidence of the crime they’re investigating is hidden in. But it’s locked. You are obligated to unlock that safe for them, whether it’s a physical key, a combination, or a fingerprint. If you refuse, you can be compelled, and can be held in contempt of court and held in jail until you comply. (Or course, in the case of a physical safe, refusing the provide the key would mean that they’d hire a security expert to destroy the safe in order to retrieve the contents. But that’s not possible with encrypted data.)

        The problem is that a password is both a key and speech. I can be compelled to provide a key, but I can’t be compelled to engage in certain speech. So far, courts have been divided on what a password is, and I don’t believe that the question has been addressed by SCOTUS yet. (Although, knowing SCOTUS, I wouldn’t expect them to be tech-savvy enough to make a good ruling.) In some cases, people that have been under court orders to provide passwords have been held in jail on contempt charges until they’ve divulged the password, even when they say that they’ve forgotten the password in question.

        Keep in mind that the people that this is often applied to are not usually people you’d want to be friends with; most of that cases I’ve seen in the news involve people that are accused of having child pornography, either uploading or downloading it, or terrorism. But obvs. revoking rights to deal with exceptionally scummy people also means that those rights get revoked for everyone else…

        • elscallr@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          (Although, knowing SCOTUS, I wouldn’t expect them to be tech-savvy enough to make a good ruling.)

          Honestly the current SCOTUS has largely been finding in line with those things explicitly and literally within the US Constitution. I could see them considering being required to provide a password being required to provide evidence against yourself, which is a Fifth Amendment violation, or compelling speech in violation of the First, like you said. It’s not impossible it violates both, and I’d expect to see that argument made in the decision.

          • HelixDab@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            If we extend this thought experiment to a physical key, then that argument falls apart. A physical key is ‘real or physical evidence’, while a password (and apparently combinations?) ends up being considered ‘testimonial’, despite both serving the same function. While I may not be required to provide testimony against myself, I can be compelled to provide real of physical evidence. If, for instance, I have committed tax fraud, and my accountant has already told the IRS as much, but I have the only copies of the tax documents encrypted, I can be compelled to decrypt them, because the ‘testimonial’ value of the password is negligible since the gov’t already knows that I have the fraudulent documents. But if they can’t already demonstrate that they know what–roughly–the real evidence that’s encrypted is, then no password for cops.

            This seems inconsistent to me, since a password and a physical key serve the same function.

        • tal@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          As far as the US goes, that’s incorrect. The issue is a 1A issue, not a 5A issue.

          No, it’s a Fifth Amendment issue. The Wikipedia article I linked to discusses it. Being compelled to provide a password runs into some of the same problems that compelling self-incriminating testimony does.

          search

          You’re confusing the Fourth Amendment – which deals with searches – and the Fifth Amendment. You’re right that it’s not an issue of protection against illegal searches, which is what one might assume to be the case, but not correct as to the actual rationale that it runs into.

  • AnonymousLlama@kbin.social
    link
    fedilink
    arrow-up
    19
    ·
    1 year ago

    Always the same awful takes from governments when it comes to encryption, just give us access to everyone’s data so we can monitor for terrorism. As if that access will stay in the right hand.

    • Godofthemachine@kbin.social
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      Don’t forget the ‘think of the children’ crowd who simultaneously pass policies that make kids starve. Whenever you hear those two justifications given for why a policy needs to be implemented you have to read it at least twice as hard, because they’re often used as cover to pass some of the most draconian shit.

  • Ronno@kbin.social
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    Well, yeah, we know. But the governments around the world apparently don’t really care. They want to have control. If only they would realize that this will also hurt them and make them more vulnerable than for the normal citizen. Backdoor in communication would also apply to them, meaning that their communication can also be hacked. Imagine the dirt people could find to blackmail politicians…

    • lemonflavoured@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Backdoor in communication would also apply to them, meaning that their communication can also be hacked.

      I doubt it, actually. There’s nothing to stop a government legislating to ban consumer use of E2E encryption while still allowing it for banks or government communications, say.

      • clb92@kbin.social
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Well, most government employees are also regular people once they’re not at work, and they would be using the backdoored encryption for their personal communication. With the backdoored encryption it would be even easier than before to compromise a couple of them and leverage their access to get into the government systems. That’s already a very widely used technique.

    • kjr@kbin.socialOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      @Ronno No really, if I understood well the proposal is not that every channel will have a backdoor. Probably that is a request only for citizens, and maybe most companies, but I don’t think that it will apply to banks, finance institutions or to the state.
      Or maybe I misunderstood something… I’m not sure.

      • Ronno@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        This is a lose lose type of situation. Less privacy for thee is also less privacy for politicians, they are also citizens themselves. Lets say that they include a backdoor in messaging apps, their private messages are then also vulnerable

  • xuxebiko@kbin.social
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    Agree. I come from a country (India) where the current ruling government has gone out of its way to misuse laws meant to counter terrorism (UAPA) and used it against activists, lawyers, professors, and students merely for dissenting and peacefully protesting. People have been & are being jailed for years without charges just because the Modi regime wants to muzzle them.

    Don’t trust any government because the best govt can be replaced by a dictatorship and then where’ll you be. Every law should be examined for how it can be misused (because it will be) and safeguards put in place to prevent it.

  • aeternum@kbin.social
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Nah, it’s a great idea. As we know, the bad guys would NEVER use a backdoor put in place for the good guys. So it’s fine.

  • TechyShishy@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Quis custodiet ipsos custodes?

    Great article, and spot on about why backdoors in algorithms can’t functionally happen large scale.

    One important thing to note that’s touched lightly on in the article though, is that services absolutely can have backdoors. That includes things like SMS messages, which go through various cell phone companies servers, and email, which is stored on your email provider’s servers, as well as common chat apps like Discord. So, if you have to send something sensitive via an uncontrolled channel like that, encrypt it first (using separate encryption tools).

  • djquadratic@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Lol I feel frustrated that this has to be said at all. Isn’t it obvious that a back door of any kind is basically a flare gun inviting hackers to gain access? Politicians are so silly