Get Ready For The Political Fight Against Encryption

from the it's-coming dept

Among our many commenters here, we have one “regular” critic who presents himself as being actively involved in “policy circles” in Washington DC, and who was clearly active in the SOPA/PIPA efforts in trying to write those bills and get them passed. This individual provided enough information (along with plenty of insults in our direction) in the comments to make it clear that they were heavily involved — if at a low level — in those efforts. As the debate over this bills wore on and people kept pointing out how encryption would make them all moot in the long run, the commenter declared a few times his (or her?) next target: outlawing encryption. This is, of course, laughable. But if someone who is actually connected to that world thinks that it’s a viable idea, then you know that it’s only a matter of time until someone actually makes a hamfisted attempt at doing something like trying to outlaw VPNs. That this would go against the very same governments’ efforts on “internet freedom” is generally ignored. Cognitive dissonance is strong with this crowd.

That said, with countries like the UK proposing legislation to snoop on all communications — including encrypted ones — the folks over at TorrentFreak are right to be wondering how long it will be until someone tries to ban VPNs. Some more authoritarian countries have tried to effectively do so already (without much luck), but as our anonymous commenter suggested above, this idea is at least being considered by plenty of so-called democracies as well.

Thankfully, there would be plenty of powerful forces to fight back against any such attempt. Beyond regular internet users speaking out (ala the SOPA/ACTA protests), you’d also have plenty of companies who rely on encryption and VPNs for their efforts to keep people and data safe. Considering Congress is already suggesting that it should get involved in forcing companies to better protect data, it would be ironic (though, not surprising) to then find them also trying to outlaw encryption/VPNs, not realizing that the two things are diametrically opposed to one another.

In the end, I don’t see how a war against encryption or VPNs could actually succeed, but it won’t mean that efforts in that direction won’t be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Get Ready For The Political Fight Against Encryption”

Subscribe: RSS Leave a comment
Hephaestus (profile) says:

This years goal, make encryption online illegal.

So a committee of high ranking Label and studio executives, and senators get together and propose the following law …

“No one may use encryption online.”

Then the complaints begin rolling in.
– The DOD can not function with out encryption.
– The banking industry can not function with out encryption.
– Trading houses can not function with out encryption.
– Businesses have corporate secrets to that can not be sent via un-encrypted communications.
– Medical insurance companies begin complaining due to HIPAA.
– The theater industry complains because all the new films go out encrypted to the to Christie Digital Systems projectors.
– The credit card companies begin comlaining about identity theft.

In the end the same thing that happened in Pakistan will happen here in the US and any law like this will fail.

CaptainKremmen says:

Oh it's not just the UK..

Unfortunately it’s not just the UK proposing to snoop on all internet communication, including encryption. The NSA is building a rather large data centre over there in the US to basically do exactly the same thing.

Of course both countries know that, at present, they cannot decrypt most of the encrypted data they gather. However they want to store it so that it can be decrypted in future, when computing power makes it viable.

In the UK though it is already illegal to refuse to turn over encryption keys/passwords when requested to do so by a member of the police or security forces. Refusal can result in up to five years imprisonment.

Jay (profile) says:

Campaign finance

In the end, I don’t see how a war against encryption or VPNs could actually succeed, but it won’t mean that efforts in that direction won’t be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.

This is the problem… They don’t care. Most of the current batch of politicians don’t care about anything but their partisan politics with SOPA being anathema to the conversation. Even with CISPA passing, all of the supporters of that legislation effectively showed that they would pass anything so long as they had the votes for it. We, the people don’t have the money to fight for our rights at every turn. Sure, the law would fail on execution. But how do we get politicians to understand the dire consequences without a $5000 check saying “You must vote as we tell you to or we’ll use the money against you!”

This is why the attacks on our public financing system through decisions such as Citizens United need to be amended.

We’ll continue to have the federal government, whether it’s the executive branch with new definitions of privacy or relaxing restrictions on information, the legislative branch with their cluelessness, or the judicial branch with their poor rulings, so long as people don’t understand how to take corporations out of government .

Hell, I would argue that all of the companies in the TPP are the ones donating to Obama’s campaign, hence the secrecy involved. Think about this for one moment… If these companies get what they want, the president is subservient to these companies and not to the people.

That’s much more scary than anything in the laws.

Anonymous Coward of Esteemed Trolling (profile) says:


yeah… already happened.


The Julian Assange Show: Cypherpunks, Part 1 (E8, p.1)
The Julian Assange Show: Cypherpunks, Part 2 (E8, p.2)

Cyber threats, hacker attacks and laws officially aiming to tackle internet piracy, but in fact infringing people’s rights to online privacy. It’s an increasingly topical subject – and the world’s most famous whistleblower is aiming to get to the heart of it. In the latest edition of his interview program here on RT, Julian Assange gets together with activists from the Cypherpunk movement – Andy M?ller-Maguhn, Jeremie Zimmermann, and Jacob Appelbaum.

blaktron (profile) says:


The best part about this is that it cant scale. While it might be enough to beat even 2048 RSA in realtime (defeating CA based encryption), but encryption and decryption scale at different rates. the effort taken to encrypt something at 4096 bytes vs 2048 bytes is a little more than double, where the effort needed to decrypt it forcefully vs 2048 is ^2 (squared).

So while the rest of the computer industry move along with moores law doubling every 18 months, the NSA will have to exponentially increase their computing power every 18 months, which wont be possible without an incredible amount of money and time, and will eventually plain fizzle out.

anonymous says:


all the UK are doing in effect, is putting on paper something they have been doing for years. MI5 existed long before it received legal recognition in the statute books. don’t forget project echelon, which has been in existence well before the internet became commonplace. all communications both military and civilian are already subject to scrutiny. the only difference now is the rules for requesting interception are being slackened so that it is more difficult to follow the chain of command when lodging a complaint against unlawful interception….I couls go on but space is precious.

Anonymous Coward says:

You can have both

I’m hesitant to call it impossible. On a different internet, using different technologies with different protocols etc. it might be possible. However to implement this would involve tearing down the internet and redeveloping it from scratch, and even that’s not a guarantee that encryption, in some form, won’t turn out to be necessary.

Anonymous Coward says:


“At this morning’s Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: “It will.””


Anonymous Coward of Esteemed Trolling (profile) says:


Do you think that the US only spies on the US ? really ?
Do you know where your encrypted email goes en-route ? IF it gets to the destination at all.
US spies on Britons from UK soil
An investigative report has accused the U.S. government of using a controversial spy station in Yorkshire, Britain to ?subvert and destroy democracy?.
But America wouldn’t do it when your encrypted traffic already bounces through their interceptors ?
They also would never give access to the UK officials.

Video: relevant
Jacob Appelbaum, Dmitry Kleiner: Resisting the Surveillance State and its network effects

No one would sell encryption cracking technology to other governments.(or the UK)
Countries don’t already intercept ALL internet activity crossing their borders.
Yeah… that’s why Tunisia bought that tech and Syria also has it, it doesn’t exist.

Former Tunisian Regime Goes Beyond Spying On Internet Traffic… To Rewriting Emails & More

Finally some MOARRRR videos , Highly related.

How governments have tried to block Tor

The smoking gun of UK encryption cracking may not be there… but IF they can, they WILL, that is certain.

“BACKDOOR’s” in propriety software encryption !
Who needs to do impossible math and crack it anyway !

wallow-T says:

Guys, I’m surprised you don’t see how obvious this is.

One doesn’t need to ban VPNs. One just needs to outlaw VPNs which don’t log, and which do not surrender log data to government/Copyright Industry on simple demand. It becomes easy enough for the Copyright Industry to see which VPN service is being used for P2P sharing, and which does not comply with request for user information (including the Paypal or Credit Card info).

For VPNs outside of the local jurisdiction, SOPA techniques — especially a do-not-serve order against Paypal & credit card companies — will cut down all but the most hard core users.

Mike Masnick (profile) says:


I knew they wanted to have access to communications data, but where on Earth did you hear they were trying to see encrypted data? Please give me a source or clarification on how they plan on reading encrypted information.

In the link I highlighted above:

At this morning’s Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: “It will.”

Anonymous Coward of Esteemed Trolling (profile) says:


Yeah….The math will win.
They will still try, and record fucking everything in the process.

If they filter all encrypted traffic out ( the ones without their backdoors in ) ?
They won’t need, to be able to crack it.

But encryption via non encrypted protocols is a completely different story, then they need to scan and decide what is just gobbledegook and what is actual encryption.
encrypted or just nonsense ?

Shane C (profile) says:

Technically speaking, there's currently a way to implament this now

Unfortunately I’m the barer of bad news here, so I’ll start off with saying explicitly that I DO NOT CONDONE ANY PART OF WHAT I’M ABOUT TO EXPLAIN. I’ve been trying for the past few months to get the main stream media to pick up the story, alas with no luck.

A technique that is nicely called “HTTPS Snooping” (or more accurately called Man-In-The-Middle-Attack, is available from companies like Cisco, and Websense. These solutions are currently deployed at companies that are snooping on their employees.

Most companies fear malware, and corporate espionage, and thus justify snooping on private communications of their employees. More respectable companies limit what they can see to things like GMail, and unknown addresses. Less respectable companies (like I’ve ran across) snoop all traffic, including banking, and health care. Would you really want your fellow employees to know your bank account balance, or what medications you’re currently taking? How about your boss?

All of this happens by terminating the HTTPS connection at at a border, or firewall system. The traffic is then decrypted, scanned, re-encrypted and transferred to the end user. All of this works because the end user’s system is told to accept the local certificate from the firewall system. The User doesn’t recognize that anything is going on, because to their browser, the certificate is valid, and it’s encrypted. So to them, everything is working perfectly, and they have no clue that their traffic is being snooped on. When they transmit back (say their login/password information) all of their communications simply reverse the process. The information is encrypted with the local firewall certificate, transmitted to that firewall, decrypted, scanned, and re-encrypted for the end system using the official certificate from that site.

Right now, these systems are deployed on large, paranoid corporate networks. However, it scales very simply. All an ISP would have to do is deploy a larger system (or array of systems) to do the same thing. They could convince their end users to use this system, by telling them to “Install This Network Acceleration Software,” that would install their local certificate, and proxy all the traffic through their systems.

With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks. Then the local ISP wouldn’t have to require people to install their own local certificate. They could simply pass the certificate down just like normal, and everyone’s system would accept it because it was officially signed.

I’ll leave the full ramifications of this process, and the problems with certificate based encryption up to others to discuss. I’ll simply say this breaks the Internet, and how it was designed.

If you want a more technical in-depth discussion, this was a recent topic on /. ( including me describing my own run in with these systems.

Anonymous Coward says:

Strong encryption promotes free speech. Anything the government does to weaken that encryption will have a chilling effect on speech. We are guaranteed the right to be secure in our papers and property, when will this be extended to the digital age? I don’t use paper anymore, I use bits. The government has no right to EVER impose restrictions on my private communications. To those who say there isn’t a reasonable expectation of privacy, as is heard in so many of these cases, I say that’s why I use encryption, to ensure privacy.

Coyote says:

Whoever that commentaro was is a pure and simple fool if he thinks that’ll solve anything whatsoever. Then again, he did also try and push SOPA/PIPA through, so you know, stupid is as stupid does.

Seriously, good luck trying to get encryption outlawed. It’s be like gathering together a bunch of cavemen to take down a herd of T-Rexes.

Anonymous Coward says:

Technically speaking, there's currently a way to implament this now

> With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks.

If any CA is found to be doing that (and it is very easy to find with add-ons like Certificate Patrol), they will be removed from the lists of trusted certificates of all the major browsers.

Anonymous Coward says:

Technically speaking, there's currently a way to implament this now

Basically what you’re saying is that the certificate authority model is broken.
I agree, can we have something better? (a distributed system of certificates or something, idk)

This wouldn’t affect corporate networks (just ban encryption & only start encrypting when it leaves the company network). Using corporate computers is inherently unsafe whatever you do, they could have installed keyloggers on their machines.

Jeffrey Nonken (profile) says:

We’re going to protect your data by forcing you to do everything in plain text. Then we’ll collect all the data into a centralized database with a single point of failure (and all passwords stored and transmitted in plain text).

This will keep all your data safe. We promise! We also promise not to abuse your data. Cross our hearts and hope to die.

We’re from the government, and we’re here to help.

Anonymous Coward says:

This a great example of a lack understanding real work technology use

What we should all be frightened of is the utter lack any understanding for modern technology and it’s current use by anyone that would argue for “outlawing encryption”.
Really?… what about those regulations governing the use of encryption for exchanging financial information? … what now?

Seems to me like there’d need to be heavy investment in many industries to deal with not being able to encrypt but having a requirement for “security”… I personally can’t fathom solutions without without encryption for some of those financial data requirements…
As much as I have a distaste for the way some large companies heft their weight politically, this might be a “good” time to see that happen…

… we’ll probably see someone trying to sneak in some kind of “any form of encryption must allow for bypass by ‘The Government'” law..

Anonymous Coward says:

Technically speaking, there's currently a way to implament this now

Worth noting in this regard is the currently-open question of who, exactly, signed Flame with Microsoft’s software certificate. Either (a) it was Microsoft, at the behest of the feds, or (b) it was someone else, who has figured out how to pull that off without the cooperation of the certificate holder. If that “someone else” is a major government, then we’re pretty screwed.

Hephaestus (profile) says:


There are all sorts of issues with laws against encryption and special exemptions.

There is no way to tell what is and what is not authorized encryption without redesigning how the internet works. If something is encrypted, it is basically just unintelligible noise and no amount of packet level inspection will change that.

There are several hundred standards and best practices from pretty much every industry on how thing should be encrypted. A sure fire way to piss of every industry on earth is to force them to spend billions to apply for an exemption, check that they are compliant, and/or redo their current encryption systems.

Between industry and impossibility lay the dreams of big content.

AC Cobra says:

God I hope you're right.

I’ve been saying since early in the PIPA debate that banning encryption will be the next step. I hate to say it, but I think it’s a lot more likely than people think. First of all, it would only apply to private citizens, and the use of encryption would be detected at the ISP account level. Attempt to use encryption=get knocked off the net. Corporations and the government would still use it, but a license to do so would be spendy to deter individuals claiming to be a small business.

I am totally against it. I think it would be huge step backward for both civil liberties and personal security to ban encryption. But I wouldn’t put it past our politicians to do just that.

Anonymous Coward says:

Re: God I hope you're right.

Cobra, you’re about right in your assessment. I’d forecast it to work like CCW permits in some states. You need a permit and you need to explain why you need such a permit. The gun nuts grumble about it, but there’s no Second Amendment issue. The freeloaders will also piss and moan, but there are no First Amendment issues either.

Chilly8 says:

The original ACTA was going to ban or restrict encryption and other privacy tools.

I am far more worried about a Santorum Administration outlawing encryption than anyone else. Santorum advocates an internet porn filter, like that proposed in Australia, and including making circumvention of the filter illegal, which would effectively outlaw VPNs.

And Santorum may well run in 2016.

Lawrence D'Oliveiro says:

?Clipper? Chip Redux, Anybody?

In the early days of the Internet, the Clinton administration tried to, not exactly outlaw encryption, but bring it under control by trying to mandate the use of the Clipper chip. This used an algorithm with a ?key-escrow? feature (effectively a built-in backdoor)?a master key that the Feds could use to decrypt anything encrypted with this chip.

Back then, law enforcement was worried about the increasing popularity of powerful open-source encryption tools like PGP. Given that encryption is even cheaper, more powerful and more easily available nowadays than back then, what?s the bet we?ll see somebody trying to resurrect this idea as some sort of ?compromise??

btr1701 (profile) says:

Oh it's not just the UK..

> In the UK though it is already illegal to
> refuse to turn over encryption keys/passwords
> when requested to do so by a member of the
> police or security forces. Refusal can result
> in up to five years imprisonment.

So when they’ve arrested you on murder, rape, terrorism, whatever, and you know the evidence needed to convict you is on your laptop and they’re threatening you with five years in prison for not giving over the key… you’re still better off taking the nickel, than giving them the evidence and going down for 20-30 years.

Mike (profile) says:

Define Encryption

So how would you define encryption anyway?

If I used EBCDIC instead of ascii to encode my characters in an email is that encrypted?

How about compression techniques? Are those encryption?

Basically anything that one person can’t make sense out of but that another person can is “encrypted”. So if this website was in chinese, it’d be encrypted from me as I can’t read (or speak chinese).

Obviously some “encryption” algorithms (such as chinese) are more well known than others and the “decryption” algorithm is also widely known, but does that make it less encryption?

My point is that I’m not sure how the government could distinguish between what they call unencrypted data, and encrypted data. (Which is not to say they wouldn’t try).

Blah... says:

God I hope you're right.

I think you overestimate the amount of processing power ISP’s have to evaluate every piece of data that comes through their system. It’s one thing to just build channels for data, which is what ISP’s do, but to subsequently process all that data to check it for encryption is a monumental task that no reasonable private company is going to want to undertake.

Not Going to Happen says:

God I hope you're right.

As I stated to your friend… It’s an extremely monumental task to scan all data that comes through an ISP for encryption. The outlawing of encryption would be trivial to circumvent because it amounts to a law against thought which is nearly unenforceable.

Here… I made this in two weeks in Visual Studio. It will encrypt files and text with up to 128 byte keys in a data-dependent fashion such that each byte encrypted influences the encryption of every subsequent byte:

Here’s a description of the algorithm:

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...