Get Ready For The Political Fight Against Encryption

from the it's-coming dept

Among our many commenters here, we have one "regular" critic who presents himself as being actively involved in "policy circles" in Washington DC, and who was clearly active in the SOPA/PIPA efforts in trying to write those bills and get them passed. This individual provided enough information (along with plenty of insults in our direction) in the comments to make it clear that they were heavily involved -- if at a low level -- in those efforts. As the debate over this bills wore on and people kept pointing out how encryption would make them all moot in the long run, the commenter declared a few times his (or her?) next target: outlawing encryption. This is, of course, laughable. But if someone who is actually connected to that world thinks that it's a viable idea, then you know that it's only a matter of time until someone actually makes a hamfisted attempt at doing something like trying to outlaw VPNs. That this would go against the very same governments' efforts on "internet freedom" is generally ignored. Cognitive dissonance is strong with this crowd.

That said, with countries like the UK proposing legislation to snoop on all communications -- including encrypted ones -- the folks over at TorrentFreak are right to be wondering how long it will be until someone tries to ban VPNs. Some more authoritarian countries have tried to effectively do so already (without much luck), but as our anonymous commenter suggested above, this idea is at least being considered by plenty of so-called democracies as well.

Thankfully, there would be plenty of powerful forces to fight back against any such attempt. Beyond regular internet users speaking out (ala the SOPA/ACTA protests), you'd also have plenty of companies who rely on encryption and VPNs for their efforts to keep people and data safe. Considering Congress is already suggesting that it should get involved in forcing companies to better protect data, it would be ironic (though, not surprising) to then find them also trying to outlaw encryption/VPNs, not realizing that the two things are diametrically opposed to one another.

In the end, I don't see how a war against encryption or VPNs could actually succeed, but it won't mean that efforts in that direction won't be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Hephaestus (profile), Jun 22nd, 2012 @ 6:37am

    This years goal, make encryption online illegal.

    So a committee of high ranking Label and studio executives, and senators get together and propose the following law ...

    "No one may use encryption online."

    Then the complaints begin rolling in.
    - The DOD can not function with out encryption.
    - The banking industry can not function with out encryption.
    - Trading houses can not function with out encryption.
    - Businesses have corporate secrets to that can not be sent via un-encrypted communications.
    - Medical insurance companies begin complaining due to HIPAA.
    - The theater industry complains because all the new films go out encrypted to the to Christie Digital Systems projectors.
    - The credit card companies begin comlaining about identity theft.

    In the end the same thing that happened in Pakistan will happen here in the US and any law like this will fail.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Leigh Beadon (profile), Jun 22nd, 2012 @ 9:32am

      Re:

      Ooh nice - Heph you get to be "FIRST!" by a looooong distance :) We bumped this post back a bit this morning without noticing you'd already commented via crystal ball.

      (this note mostly left to alleviate anyone's confusion at the timestamp on this comment)

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Josh in CharlotteNC (profile), Jun 22nd, 2012 @ 11:03am

        Re: Re:

        Bet the trolls start saying that Heph now works for TD.

        On a serious note, we've actually been through all this before during the 90s and the fight over export controls on encryption. The government couldn't prevent the use of encryption then, and has much less of a chance now - nearly everything you do online now depends on it.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Anonymous Coward of Esteemed Trolling (profile), Jun 22nd, 2012 @ 11:32am

          Re: Re: Re:

          yeah... already happened.


          Videos-relevant

          The Julian Assange Show: Cypherpunks, Part 1 (E8, p.1)
          http://www.youtube.com/watch?v=eil_1j72LOA
          The Julian Assange Show: Cypherpunks, Part 2 (E8, p.2)
          http://www.youtube.com/watch?v=6DQghUChYtk


          Cyber threats, hacker attacks and laws officially aiming to tackle internet piracy, but in fact infringing people's rights to online privacy. It's an increasingly topical subject - and the world's most famous whistleblower is aiming to get to the heart of it. In the latest edition of his interview program here on RT, Julian Assange gets together with activists from the Cypherpunk movement - Andy Müller-Maguhn, Jeremie Zimmermann, and Jacob Appelbaum.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          Hephaestus (profile), Jun 22nd, 2012 @ 12:07pm

          Re: Re: Re:

          Bet the trolls start saying that Heph now works for TD.

          Oh noes ... The RIAA is going to start a permanent file on me!

          Thinking about it ... with one big label failing every 18 months or so, and 3 labels left, it would actually be a semi-permanent file.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Anonymous Coward of Esteemed Trolling (profile), Jun 22nd, 2012 @ 12:15pm

            Re: Re: Re: Re:

            I am impressed. You sure go to a lot of trouble to get "FIRST".


            Not sure, IF Time Traveler, or Mikes Puppeteer

             

            reply to this | link to this | view in chronology ]

      •  
        icon
        Hephaestus (profile), Jun 22nd, 2012 @ 11:53am

        Re: Re:

        Leigh, It said 20 some minutes to post via crystal ball ... myBad :)

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Mike Masnick (profile), Jun 22nd, 2012 @ 12:23pm

          Re: Re: Re:

          Leigh, It said 20 some minutes to post via crystal ball ... myBad :)


          Heh. Not your bad at all... You did exactly what you were supposed to... We just moved stuff around.

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 22nd, 2012 @ 12:43pm

      Re:

      So what? Then the government will just grant "special exceptions" for the organizations with the enough connections/money/power/critical importance.

      That way the critical infrastructure will still work, the well heeled won't be affected, and the little guys will be fair game, just like always.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Hephaestus (profile), Jun 22nd, 2012 @ 2:09pm

        Re: Re:

        There are all sorts of issues with laws against encryption and special exemptions.

        There is no way to tell what is and what is not authorized encryption without redesigning how the internet works. If something is encrypted, it is basically just unintelligible noise and no amount of packet level inspection will change that.

        There are several hundred standards and best practices from pretty much every industry on how thing should be encrypted. A sure fire way to piss of every industry on earth is to force them to spend billions to apply for an exemption, check that they are compliant, and/or redo their current encryption systems.

        Between industry and impossibility lay the dreams of big content.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 11:20am

    "...the UK proposing legislation to snoop on all communications -- including encrypted ones". I knew they wanted to have access to communications data, but where on Earth did you hear they were trying to see encrypted data? Please give me a source or clarification on how they plan on reading encrypted information.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Anonymous Coward of Esteemed Trolling (profile), Jun 22nd, 2012 @ 11:24am

      Re:

      NSA's New Data Center And Supercomputer Aim To Crack World's Strongest Encryption

      http://www.forbes.com/sites/andygreenberg/2012/03/16/nsas-new-data-center-and-ultra-fa st-supercomputer-aim-to-crack-worlds-strongest-crypto/


      There you go.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jun 22nd, 2012 @ 11:27am

        Re: Re:

        That is in the US. We are talking about the UK. I seriously doubt that the US is willing to let the UK government use its that facility, and I also doubt that the UK has anything comparable to that new datacenter.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        blaktron (profile), Jun 22nd, 2012 @ 11:41am

        Re: Re:

        The best part about this is that it cant scale. While it might be enough to beat even 2048 RSA in realtime (defeating CA based encryption), but encryption and decryption scale at different rates. the effort taken to encrypt something at 4096 bytes vs 2048 bytes is a little more than double, where the effort needed to decrypt it forcefully vs 2048 is ^2 (squared).

        So while the rest of the computer industry move along with moores law doubling every 18 months, the NSA will have to exponentially increase their computing power every 18 months, which wont be possible without an incredible amount of money and time, and will eventually plain fizzle out.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Anonymous Coward of Esteemed Trolling (profile), Jun 22nd, 2012 @ 12:25pm

          Re: Re: Re:

          Yeah....The math will win.
          They will still try, and record fucking everything in the process.

          protocols:
          If they filter all encrypted traffic out ( the ones without their backdoors in ) ?
          They won't need, to be able to crack it.


          But encryption via non encrypted protocols is a completely different story, then they need to scan and decide what is just gobbledegook and what is actual encryption.
          eg...vtoiujhmvdth789534ciuj4985mxjxla534780c5nm
          encrypted or just nonsense ?

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      anonymous, Jun 22nd, 2012 @ 11:46am

      Re:

      all the UK are doing in effect, is putting on paper something they have been doing for years. MI5 existed long before it received legal recognition in the statute books. don't forget project echelon, which has been in existence well before the internet became commonplace. all communications both military and civilian are already subject to scrutiny. the only difference now is the rules for requesting interception are being slackened so that it is more difficult to follow the chain of command when lodging a complaint against unlawful interception....I couls go on but space is precious.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      drew (profile), Jun 22nd, 2012 @ 11:48am

      Re:

      It's late here, I'm still at work and I'm afraid I really can't be arsed to find the link, but there was something on one of the bbc articles about it where a spokesperson was saying that they'd find away to work around https and encryption.
      Could have been bluff and horseshit mind...

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 22nd, 2012 @ 12:09pm

      Re:

      "At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will.""

      Source: https://www.privacyinternational.org/press-releases/draft-communications-bill-reveals-home-offices-m ass-surveillance-plans-going-ahead

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Jun 22nd, 2012 @ 12:24pm

      Re:

      I knew they wanted to have access to communications data, but where on Earth did you hear they were trying to see encrypted data? Please give me a source or clarification on how they plan on reading encrypted information.

      In the link I highlighted above:


      At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will."

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jun 22nd, 2012 @ 10:34pm

        Re: Re:

        Thank you. I've read through the draft of the Communications Data Bill, and (like everyone else I suppose) cannot find an details pertaining to HTTPS being stripped or anything else like that. It seems we are being kept entirely in the dark.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    CaptainKremmen, Jun 22nd, 2012 @ 11:23am

    Oh it's not just the UK..

    Unfortunately it's not just the UK proposing to snoop on all internet communication, including encryption. The NSA is building a rather large data centre over there in the US to basically do exactly the same thing.

    Of course both countries know that, at present, they cannot decrypt most of the encrypted data they gather. However they want to store it so that it can be decrypted in future, when computing power makes it viable.

    In the UK though it is already illegal to refuse to turn over encryption keys/passwords when requested to do so by a member of the police or security forces. Refusal can result in up to five years imprisonment.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      btr1701 (profile), Jun 22nd, 2012 @ 5:40pm

      Re: Oh it's not just the UK..

      > In the UK though it is already illegal to
      > refuse to turn over encryption keys/passwords
      > when requested to do so by a member of the
      > police or security forces. Refusal can result
      > in up to five years imprisonment.

      So when they've arrested you on murder, rape, terrorism, whatever, and you know the evidence needed to convict you is on your laptop and they're threatening you with five years in prison for not giving over the key... you're still better off taking the nickel, than giving them the evidence and going down for 20-30 years.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jun 22nd, 2012 @ 10:38pm

        Re: Re: Oh it's not just the UK..

        Exactly. That has been one of the many criticisms of the RIP Act (specifically part 3): if someone is accused of a serious crime, they can get a shorter sentence by not disclosing a passphrase. Just for clarification, the maximum sentence for failing to provide a key is only 2 years.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Jay (profile), Jun 22nd, 2012 @ 11:27am

    Campaign finance

    In the end, I don't see how a war against encryption or VPNs could actually succeed, but it won't mean that efforts in that direction won't be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.

    This is the problem... They don't care. Most of the current batch of politicians don't care about anything but their partisan politics with SOPA being anathema to the conversation. Even with CISPA passing, all of the supporters of that legislation effectively showed that they would pass anything so long as they had the votes for it. We, the people don't have the money to fight for our rights at every turn. Sure, the law would fail on execution. But how do we get politicians to understand the dire consequences without a $5000 check saying "You must vote as we tell you to or we'll use the money against you!"

    This is why the attacks on our public financing system through decisions such as Citizens United need to be amended.

    We'll continue to have the federal government, whether it's the executive branch with new definitions of privacy or relaxing restrictions on information, the legislative branch with their cluelessness, or the judicial branch with their poor rulings, so long as people don't understand how to take corporations out of government .

    Hell, I would argue that all of the companies in the TPP are the ones donating to Obama's campaign, hence the secrecy involved. Think about this for one moment... If these companies get what they want, the president is subservient to these companies and not to the people.

    That's much more scary than anything in the laws.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      AG Wright (profile), Jun 22nd, 2012 @ 11:34am

      Re: Campaign finance

      "But how do we get politicians to understand the dire consequences without a $5000 check saying "You must vote as we tell you to or we'll use the money against you!""

      That should be $50,000. $5,000 is small potatoes.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Comboman (profile), Jun 22nd, 2012 @ 11:35am

    DRM?

    DRM is one form of encryption I wouldn't mind seeing outlawed.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Brent (profile), Jun 22nd, 2012 @ 11:53am

      Re: DRM?

      obviously DRM would be exempted b/c the people making the anti-encryption law are the same ones who own all DRM content. The rules don't apply to them, they only apply to everyone else.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 22nd, 2012 @ 11:59am

      Re: DRM?

      Interesting idea, I wonder if this would include things like DVD encryption. While I doubt the entertainment industry would let it, I'd like to see the arguments the entertainment industry would come up with in order to protect its own use of encryption.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jun 22nd, 2012 @ 2:02pm

        Re: Re: DRM?

        Do they need an argument? The argument will be: We are 10 % of the US economy. We say banning encryption is bad. Now go do your duty!

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          btr1701 (profile), Jun 22nd, 2012 @ 5:42pm

          Re: Re: Re: DRM?

          More like:

          We are 10% of the US economy. We say banning *our* use of encryption is bad. Now go do your duty and just make it illegal for everyone else to use it!

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    AG Wright (profile), Jun 22nd, 2012 @ 11:36am

    Backdoors.

    What they really need to do is require back doors in all communications. Nobody will ever figure out what they are. Really. I mean it's never happened before has it?

    The above is sarcasm, just in case you can't tell.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 11:37am

    and exactly how is anyone supposed to educate politicians? you can only educate those that have the room and the desire. nuff said??

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Zakida Paul (profile), Jun 22nd, 2012 @ 11:38am

    Even the dumbest of the dumb would not be dumb enough to look to ban encryption or VPNs (or am I naive?). To do so would criminalise every business who use such techniques to allow remote working and protect their customers' data.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Robert (profile), Jun 22nd, 2012 @ 11:47am

    You can have both

    Let's face it, Congress is SO intelligent, especially their technology committee members, they think you can have both.

    You can totally protect user's data and not have encryption. Yup, totally possible, if you rely on sneaker-net with exploding briefcases.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 22nd, 2012 @ 12:04pm

      Re: You can have both

      I'm hesitant to call it impossible. On a different internet, using different technologies with different protocols etc. it might be possible. However to implement this would involve tearing down the internet and redeveloping it from scratch, and even that's not a guarantee that encryption, in some form, won't turn out to be necessary.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    weneedhelp (profile), Jun 22nd, 2012 @ 11:48am

    trying to outlaw VPNs

    Moot point. PCI compliance.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    RonKaminsky (profile), Jun 22nd, 2012 @ 12:09pm

    Steganography

    Even if they somehow manage to outlaw encryption, they cannot totally stop the flow of secret communication, because of the existence of steganography.

    Outlawing encryption would, however, slow down things a bit, because the data rate (bits of information/bits sent) for steganography is rather low.

    One also has sneakernet and ad-hoc mesh.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    wallow-T, Jun 22nd, 2012 @ 12:12pm

    Guys, I'm surprised you don't see how obvious this is.

    One doesn't need to ban VPNs. One just needs to outlaw VPNs which don't log, and which do not surrender log data to government/Copyright Industry on simple demand. It becomes easy enough for the Copyright Industry to see which VPN service is being used for P2P sharing, and which does not comply with request for user information (including the Paypal or Credit Card info).

    For VPNs outside of the local jurisdiction, SOPA techniques -- especially a do-not-serve order against Paypal & credit card companies -- will cut down all but the most hard core users.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 12:15pm

    This topic hardly deserves much effort on analysis. Any such laws won't be passed. Take away encryption = take away economy = no more taxes = no more govt.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Shane C (profile), Jun 22nd, 2012 @ 12:26pm

    Technically speaking, there's currently a way to implament this now

    Unfortunately I'm the barer of bad news here, so I'll start off with saying explicitly that I DO NOT CONDONE ANY PART OF WHAT I'M ABOUT TO EXPLAIN. I've been trying for the past few months to get the main stream media to pick up the story, alas with no luck.

    A technique that is nicely called "HTTPS Snooping" (or more accurately called Man-In-The-Middle-Attack http://en.wikipedia.org/wiki/Man-in-the-middle_attack), is available from companies like Cisco, and Websense. These solutions are currently deployed at companies that are snooping on their employees.

    Most companies fear malware, and corporate espionage, and thus justify snooping on private communications of their employees. More respectable companies limit what they can see to things like GMail, and unknown addresses. Less respectable companies (like I've ran across) snoop all traffic, including banking, and health care. Would you really want your fellow employees to know your bank account balance, or what medications you're currently taking? How about your boss?

    All of this happens by terminating the HTTPS connection at at a border, or firewall system. The traffic is then decrypted, scanned, re-encrypted and transferred to the end user. All of this works because the end user's system is told to accept the local certificate from the firewall system. The User doesn't recognize that anything is going on, because to their browser, the certificate is valid, and it's encrypted. So to them, everything is working perfectly, and they have no clue that their traffic is being snooped on. When they transmit back (say their login/password information) all of their communications simply reverse the process. The information is encrypted with the local firewall certificate, transmitted to that firewall, decrypted, scanned, and re-encrypted for the end system using the official certificate from that site.

    Right now, these systems are deployed on large, paranoid corporate networks. However, it scales very simply. All an ISP would have to do is deploy a larger system (or array of systems) to do the same thing. They could convince their end users to use this system, by telling them to "Install This Network Acceleration Software," that would install their local certificate, and proxy all the traffic through their systems.

    With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks. Then the local ISP wouldn't have to require people to install their own local certificate. They could simply pass the certificate down just like normal, and everyone's system would accept it because it was officially signed.

    I'll leave the full ramifications of this process, and the problems with certificate based encryption up to others to discuss. I'll simply say this breaks the Internet, and how it was designed.

    If you want a more technical in-depth discussion, this was a recent topic on /. (http://ask.slashdot.org/story/12/06/16/223208/ask-slashdot-whats-your-take-on-https-snooping) including me describing my own run in with these systems.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 22nd, 2012 @ 1:12pm

      Re: Technically speaking, there's currently a way to implament this now

      > With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks.

      If any CA is found to be doing that (and it is very easy to find with add-ons like Certificate Patrol), they will be removed from the lists of trusted certificates of all the major browsers.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 22nd, 2012 @ 1:26pm

      Re: Technically speaking, there's currently a way to implament this now

      Basically what you're saying is that the certificate authority model is broken.
      I agree, can we have something better? (a distributed system of certificates or something, idk)

      This wouldn't affect corporate networks (just ban encryption & only start encrypting when it leaves the company network). Using corporate computers is inherently unsafe whatever you do, they could have installed keyloggers on their machines.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 22nd, 2012 @ 2:07pm

      Re: Technically speaking, there's currently a way to implament this now

      Worth noting in this regard is the currently-open question of who, exactly, signed Flame with Microsoft's software certificate. Either (a) it was Microsoft, at the behest of the feds, or (b) it was someone else, who has figured out how to pull that off without the cooperation of the certificate holder. If that "someone else" is a major government, then we're pretty screwed.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 12:27pm

    I totally approve! Ban encryption, ban secure connections! The rate of people's data getting lost and leaked isn't high enough yet. Let's make hackers' job easier, so we can justify some new cybersecurity legislation, into which we can always sneak whatever stupid crap we want!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Gwiz (profile), Jun 22nd, 2012 @ 12:33pm

    Hsqr Zcaysqc Gr'q Dpgbyw

    K drbokn vsuo drsc yxo coowc kzzvsmklvo robo.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 1:04pm

    Strong encryption promotes free speech. Anything the government does to weaken that encryption will have a chilling effect on speech. We are guaranteed the right to be secure in our papers and property, when will this be extended to the digital age? I don't use paper anymore, I use bits. The government has no right to EVER impose restrictions on my private communications. To those who say there isn't a reasonable expectation of privacy, as is heard in so many of these cases, I say that's why I use encryption, to ensure privacy.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Coyote, Jun 22nd, 2012 @ 1:06pm

    Whoever that commentaro was is a pure and simple fool if he thinks that'll solve anything whatsoever. Then again, he did also try and push SOPA/PIPA through, so you know, stupid is as stupid does.

    Seriously, good luck trying to get encryption outlawed. It's be like gathering together a bunch of cavemen to take down a herd of T-Rexes.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 1:07pm

    Next they will outlaw whispering.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 1:07pm

    -----BEGIN PGP MESSAGE-----
    qANQR1DDDQQJAwKEkXjtezfRiKjSbwGcIjSbEk255Uj0LV1Rl9tvOU+AlEBUP1qI
    gNfP8YawTbj2SxrwmDSi ttYrwTAV4Ia/M1dlk0houUm3RAULLTbjHckT9orK0y8z
    FNEnZlR+4Xrs7ERu7V0rw/a52f0WQu2QRZhLFj8LrktsmzFFdQ==
    =H2fE
    -----END PGP MESSAGE-----
    techdirt.com

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 1:08pm

    If they ban encryption, it'll be easier to rip your dvds.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jeffrey Nonken (profile), Jun 22nd, 2012 @ 1:47pm

    We're going to protect your data by forcing you to do everything in plain text. Then we'll collect all the data into a centralized database with a single point of failure (and all passwords stored and transmitted in plain text).

    This will keep all your data safe. We promise! We also promise not to abuse your data. Cross our hearts and hope to die.

    We're from the government, and we're here to help.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 2:06pm

    This a great example of a lack understanding real work technology use

    What we should all be frightened of is the utter lack any understanding for modern technology and it's current use by anyone that would argue for "outlawing encryption".
    Really?... what about those regulations governing the use of encryption for exchanging financial information? ... what now?

    Seems to me like there'd need to be heavy investment in many industries to deal with not being able to encrypt but having a requirement for "security"... I personally can't fathom solutions without without encryption for some of those financial data requirements...
    As much as I have a distaste for the way some large companies heft their weight politically, this might be a "good" time to see that happen...

    ... we'll probably see someone trying to sneak in some kind of "any form of encryption must allow for bypass by 'The Government'" law..

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Jun 22nd, 2012 @ 2:28pm

      Re: This a great example of a lack understanding real work technology use

      ..what about those regulations governing the use of encryption for exchanging financial information?.

      And don't forget about medical information. I believe (not sure about this) that HIPPA requires some form of security (encryption) when sending medical records via the internet.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    A Guy (profile), Jun 22nd, 2012 @ 2:19pm

    DiHydrogenMonoxide

    This could be epic. After we get rid of encryption and VPNs, maybe congress should finally get around to banning DiHydrogenMonoxide.

    We should ban phosphorus while we're at it too. That stuff can be just as dangerous.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 2:36pm

    Fuck em it's already to late use Gnu/PGP.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    AB, Jun 22nd, 2012 @ 2:41pm

    And after getting rid of the locks on our computers they can move on to eliminating locks on automobiles, homes, diaries, and bank accounts. Welcome to the Soviet Union of America!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    AC Cobra, Jun 22nd, 2012 @ 2:43pm

    God I hope you're right.

    I've been saying since early in the PIPA debate that banning encryption will be the next step. I hate to say it, but I think it's a lot more likely than people think. First of all, it would only apply to private citizens, and the use of encryption would be detected at the ISP account level. Attempt to use encryption=get knocked off the net. Corporations and the government would still use it, but a license to do so would be spendy to deter individuals claiming to be a small business.

    I am totally against it. I think it would be huge step backward for both civil liberties and personal security to ban encryption. But I wouldn't put it past our politicians to do just that.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Chilly8, Jun 22nd, 2012 @ 4:34pm

      Re: God I hope you're right.

      Then you just ignore the law and do it without a licnece

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jun 25th, 2012 @ 12:06pm

        Re: Re: God I hope you're right.

        First of all, it would only apply to private citizens, and the use of encryption would be detected at the ISP account level. Attempt to use encryption=get knocked off the net.

        Then what?

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Blah..., Feb 2nd, 2014 @ 3:54am

          Re: Re: Re: God I hope you're right.

          I think you overestimate the amount of processing power ISP's have to evaluate every piece of data that comes through their system. It's one thing to just build channels for data, which is what ISP's do, but to subsequently process all that data to check it for encryption is a monumental task that no reasonable private company is going to want to undertake.

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 24th, 2012 @ 6:43pm

      Re: God I hope you're right.

      Cobra, you're about right in your assessment. I'd forecast it to work like CCW permits in some states. You need a permit and you need to explain why you need such a permit. The gun nuts grumble about it, but there's no Second Amendment issue. The freeloaders will also piss and moan, but there are no First Amendment issues either.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Not Going to Happen, Feb 2nd, 2014 @ 4:04am

      Re: God I hope you're right.

      As I stated to your friend... It's an extremely monumental task to scan all data that comes through an ISP for encryption. The outlawing of encryption would be trivial to circumvent because it amounts to a law against thought which is nearly unenforceable.

      Here... I made this in two weeks in Visual Studio. It will encrypt files and text with up to 128 byte keys in a data-dependent fashion such that each byte encrypted influences the encryption of every subsequent byte:

      http://www.mediafire.com/download/sxdituc4t3u4vhy/KOStreamEncryption.zip

      Here's a description of the algorithm: http://imageshack.com/a/img208/6293/z0xc.png

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Simon Vu (profile), Jun 22nd, 2012 @ 2:59pm

    Sooo... would rather hand over their data to terrorists while still fighting for "cybersecurity"?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2012 @ 3:15pm

    Has everyone forgotten about Phil Zimmerman and PGP, and the governments attempt ban it and put him in jail in the early 90's?

    It didn't work then and it won't work now. Encryption's no big deal any more. I can knock off an AES implementation in a handfull of hours.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Chilly8, Jun 22nd, 2012 @ 3:33pm

    The original ACTA was going to ban or restrict encryption and other privacy tools.

    I am far more worried about a Santorum Administration outlawing encryption than anyone else. Santorum advocates an internet porn filter, like that proposed in Australia, and including making circumvention of the filter illegal, which would effectively outlaw VPNs.

    And Santorum may well run in 2016.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Lawrence D'Oliveiro, Jun 22nd, 2012 @ 5:02pm

    “Clipper” Chip Redux, Anybody?

    In the early days of the Internet, the Clinton administration tried to, not exactly outlaw encryption, but bring it under control by trying to mandate the use of the Clipper chip. This used an algorithm with a “key-escrow” feature (effectively a built-in backdoor)—a master key that the Feds could use to decrypt anything encrypted with this chip.

    Back then, law enforcement was worried about the increasing popularity of powerful open-source encryption tools like PGP. Given that encryption is even cheaper, more powerful and more easily available nowadays than back then, what’s the bet we’ll see somebody trying to resurrect this idea as some sort of “compromise”?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Gene Poole, Jun 22nd, 2012 @ 7:00pm

    I'm pretty sure this has been attempted before. You cannot outlaw maths. Doesn't work.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Stephan Kinsella (profile), Jun 23rd, 2012 @ 5:38am

    Cryptabyte.com

    David Veksler's new project, Cryptabyte.com, looks promising--discussed in Jeff Tucker's article Cryptography for the Rest of Us http://lfb.org/today/cryptography-for-the-rest-of-us/

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Winski, Jun 23rd, 2012 @ 7:21pm

    Banning Encryption....

    Good luck with that...

    Since a number of states in the US and some other countries around the globe are already under fascist control, the effort does not surprise me... But, there is a line. IF it's crossed, revolution ensues.... Then ALL bets are off.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Mike (profile), Jun 24th, 2012 @ 5:58am

    Define Encryption

    So how would you define encryption anyway?

    If I used EBCDIC instead of ascii to encode my characters in an email is that encrypted?

    How about compression techniques? Are those encryption?

    Basically anything that one person can't make sense out of but that another person can is "encrypted". So if this website was in chinese, it'd be encrypted from me as I can't read (or speak chinese).

    Obviously some "encryption" algorithms (such as chinese) are more well known than others and the "decryption" algorithm is also widely known, but does that make it less encryption?

    My point is that I'm not sure how the government could distinguish between what they call unencrypted data, and encrypted data. (Which is not to say they wouldn't try).

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Jun 25th, 2012 @ 5:21am

    And after that they'll insert mandatory cavity searches in every airport. Seems nothing is crazy enough for the Police States out there. Pakistan sure backed out of its decision but they'll keep trying to find a way to make it go through.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This