cross-posted from: https://lemm.ee/post/56769139
cross-posted from: https://sopuli.xyz/post/23170564
Backdoors for ‘good guys’ don’t exist—this is a shortcut to mass exploitation.
😾
Correction. The worst surveillance law in the EU so far
TSA officers steal from passengers
This may seem unrelated but it gives a real life physical example on exactly why backdoors shouldn’t exist.
First off, fuck the NY post.
Secondly, no, it IS unrelated. An issue with the TSA is not an example of a backdoor. Both are bad things, but it ends there.
A law implementing a back door would be a far more ubiquitous concern than some one off sticky fingers in Florida.
Did the tsa use a backdoor to find out what people had in order to steal it? No. How tf is this dumb take supported.
The little red locks on luggage have a backdoor for the TSA, so yes, they literally used a backdoor to find out what people had and steal it. The reason I brought it up is because people sometimes have a hard time realizing the severity of something unless it’s grounded in the real physical world.
Also, chill the f out, man. Sheesh.
Red locks had nothing to do with that story. And they were caught and arrested. It is not related.
How do you think they open the bags?
You don’t need a tsa approved lock to open an unlocked bag. Nor a bag that is locked in any other fashion. Which is why this is a contrived connection.
Do you unlock your bags before pushing them through the scanner? I only do it if they ask me to and that only happens directly in front of me. But sure, let’s assume bags were fully unlocked and unattended, it’s still a case of representatives of a government organization (aka the good guys) with full access to a backdoor showing that they’re not to be trusted, which is the entire point I’m trying to make.
I don’t lock them to begin with. And I certainly wouldn’t purchase a tsa approved lock. Regardless, I was not subject to a law requiring that the non-tsa lock I was using to have a backdoor added. Which is why this is a bad comparison all around.
France is a police state in which citizens are all suspects. Cryptography was illegal until 1996 outside of government/military use and it’s one of the worst countries for any hobbyist who needs to use radio frequencies, fly stuff around or even mere street photography. This law will make it easier for the government to crackdown on anyone using encrypted messaging as a pretext to arrest them or put them under surveillance.
Note that the current interior minister and his predecessor both are vile fascist scum.
The government is not your friend, we are ruled by power tripping authoritarian rulers. They are using security and defense as a pretext to abolish your rights. You can solve the narcotraffic problem by simply legalizing drugs, they are going after encryption for something else, they want to control everything and everyone.
The eventual outcome of this sort of thing is more widespread use of steganographic data storage schemes. We already have plenty, such as ones that make your data look like unused LTS blocks of garbage and code blocks with multiple hidden partitions, so that you can open one block showing pedestrian data and the court unable to prove there are other hidden blocks.
These are technologies that already exist for those people who are really interested preserving their renegade data.
But if I own a business and I don’t want my rivals reading my accounting, and open crypto is illegal, I may go stegan whether or not I have secret slush funds.
But they’re not the good guys either
Ah yes, for the upcoming Ministry of Love.
not at all arguing this is okay, not even a little
but
If you are the French government, and you know what the French populace has a history of doing to the French government, it would be understandable to want to keep your eye on them, no?
again. It ain’t cool. But I’m honestly surprised they didn’t hop on the “intrusive surveillance” bandwagon sooner, like, as soon as mass surveillance became feasible, and have the privacy laws they do.
😂 a crosspost from privacy cross posted from Europa
So I’m going to get down voted to hell for this, but: this kind of legislation is a response to US tech companies absolutely refusing to compromise and meet non-US governments half-way.
The belief in an absolute, involute right to privacy at all costs is a very US ideal. In the rest of the world - and in Europe especially - this belief is tempered by a belief that law enforcement is critical to a just society, and that sometimes individual rights must be suspended for the good of society as a whole.
What Europe has been asking for is a mechanism to allow law enforcement to carry out lawful investigation of electronic communications in the same way they have been able to do with paper, bank records, and phone calls for a century. The idea that a tech company might get in the way of prosecuting someone for a serious crime is simply incompatible with law in a lot of places.
The rest of the world has been trying to find a solution to the for a while that respects the privacy of the general public but which doesn’t allow people to hide from the law. Tech has been refusing to compromise or even engage in this discussion, so now everyone is worse off.
I can invite someone over to my house and talk about anything I want with no risk of government meddling. Why should it be any different in online communication regardless of the country?
Continuing the analogy, government agencies can absolutely eavesdrop on in-person conversations unless you expend significant resources to prevent it. This is exactly what I believe will happen - organized crime will develop alternate methods the government can’t access while these backdoors are used to monitor less advanced criminals and normal people.
Spending significant resources to prevent it is exactly what encryption is. What the government wants is to completely eliminate online private communication. Continuing with the analogy: you want telescreens.
Huh? I don’t think you understand my comment. Except for the last line, you’re just further agreeing with me and I’m already agreeing with you.
I don’t agree with you.
I think you do, you just misread their comment.
Nope. I didn’t and I don’t.
So then you’re in favor of these government backdoors? Because your comment suggests the opposite.
No, I don’t agree that a want of privacy is an American thing.
It sounds like you haven’t observed the conversation.
And it’s not the tech companes so much as the Linux community who have pushed for e2e.
Considering how many abuses (pretty clear violations of the fourth amendment to the Constitution of the United States) have been carved out by SCOTUS during mob investigations and the International War on Terror, no, the people of the US want secure communication. The law enforcement state wants back doors and keep telling tech folk to nerd harder to make back doors not already known to industrial spies, enthusiast hackers and foreign agents.
You’re asking for three perpendicular lines on a plane. You’re asking for a mathematical impossibility.
And remember industrial spies includes the subsets of industries local and foreign, and political spies behind specific ideologies who do not like you and are against specifically your own personhood.
This is exactly the sort of argument I was talking about
- The forth amendment counts for less than the paper it is written on outside the bounds of the US
- Most of the rest of the world has laws requiring companies that operate in their jurisdiction - even if they aren’t based in that country - to prove access to law enforcement if requested
- If complying with the law is truly actually impossible, then don’t be surprised if a country turns around and says “ok, you can’t operate here”. Just because you are based in the US and have a different set of cultural values, doesn’t mean you get to ignore laws you don’t like
To illustrate the sort of compromise that could have been possible, imagine if Apple and Google had got together and proposed a scheme where, if presented with:
- A physical device
- An arrest warrant aledging involvement in one of a list of specific serious crimes (rape, murder, csam etc)
They would sign an update for that specific handset that provided access for law enforcement, so long as the nations pass and maintain laws that forbid it’s use outside of a prosecution. It’s not perfect for anyone - law enforcement would want more access, and it does compromise some people privacy - but it’s probably better than “no encryption for anyone”.
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say”
Snowden
And the things that are perfectly okay today might be the things you want to hide tomorrow. Abortions and pregnancies, thoughts about labor rights or climate, sexual orientation, …
As an American, I can vouch for this.
It is not different and both are done. If you’ve met people of that worldview (thieves, relatives of bureaucrats, bureaucrats themselves), they really have nothing to say directly, they talk in subtle (they think) hints and subtle (they think) threats.
I expect many people might read this and think “yep, fair enough, I have nothing to hide and nothing to say” and still not understand why either privacy or free speech are valuable.
The only thing that can stop a bad guy with access to my private phone data is a good guy with access to my private phone data. /s
Yeah. Also we don’t have good guys either, but, that sounds nice.
They only thing that can stop a bad guy with surveillance fetish is the same bad bad guy with suddenly found exhibitionism fetish. OK, that’s not new, see “Enemy of the state” movie.
Fuck me, that’s good
I’m stealing that
In the same vein, with my family I’ve been using the analogy of “Imagine that all law enforcement had a key to your home, and they could enter at any time and look through your things, but you wouldn’t even know it if they did, or if they took photos or recorded videos of your place to take with them. Their argument is that the only way to keep you and your stuff safe from the bad guys is for the good guys to have access. But because the good guys now have access, it’s also easier for the bad guys to get in, because now there’s all these extra keys to your home out there, which might fall into the hands of the bad guys.”
Not a perfect analogy, but it seems to make them consider the issue from a more personal angle. And for those that argue, “Well, I don’t have anything to hide.”, I usually counter with “Then why do you close your curtains/blinds when you change your clothes or get out of the shower?” With my dad who grew up during the World War II, it also helped to mention that a law like this, once on the books, will not be easy to overturn, and while he might be fine with our current regime having access to all his data, that might not be the case with future authorities.
Instead of extra keys, perhaps describe it as weaker locks. Would you consider the lock to which every cop had a key to be as strong and secure as a regular lock? And look at the USA for an instance of a new regime that can potentially use vast amounts of personal data to persecute and oppress anyone the fascists don’t like. Many people might have (naively) trusted the government with the surveillance Edward Snowden and others revealed, back when they did not perceive the US Government as an immediate threat to ordinary Americans. But the new regime quite clearly is ready to persecute and punish people for their political views, their race, their gender or their sexual orientation, and it now has all that data.
I’d combine both metaphors: police have keys and deadbolts are banned.
The “good guys” CAN get in, and the bad guys can easily break in.
I’m not the person you’re replying to, but “weaker locks” feels like something you can make allowances for or work around. “Extra keys” feels like the Damoclean threat that it is.
It feels like the UK and France are in a competition to see who can steamroller their peoples’ rights the fastest.
Isn’t Sweden trying something stupid too?
Yup, they are trying to put a backdoor into signal, even though their military advised against it.
Isn’t that the CIA app?
Although not in the same way, the US is leading the charge on that front.
France always tries to copy the US with a 10y delay so… Yeah 🤷
There’s been been bills at the EU level, but they’ve been defeated. I think individual countries introduced their own bills if they were supporters of the EU one.
Well, they gotta fight about something…
Signal, Tuta, Proton. And that Apple bullshit.
This push to know everything about everyone is outrageous, expected, and depressing.
Almost seems like they’re afraid of us or something
Luigi wasn’t talking with anyone. None of this would’ve helped them with him.
I think you’re falling into the trap of making a good faith argument when the people pushing to destroy encryption are not.
I don’t even really want to ask, but… what happened with Tuta? I know what happened with the other 3.
Tuta would also be required to implement a backdoor in their encryption if this law passes. In this post they’ve stated they will refuse to do so, because it’s not possible.
What happened with Signal?
Sweden wants a backdoor. I hope that idiocy is shot down fast.
Ah, I heard about that. I recognized Proton’s and Apple’s self-inflicted bullshit, so I was afraid that Signal might have done something stupid to themselves as well
