Demonizing Strong Encryption: Welcome To The Crypto Wars 2.0

from the paedophiles,-murderers-and-terrorists dept

Recently Techdirt wrote about the extraordinary tirade by the new GCHQ boss, Robert Hannigan, which boiled down to: “however much we spy and censor online today, it’s still not enough.” It was so full of wrong-headed and dangerous ideas that it was hard to capture it all in one post. Here’s one thing we didn’t have room for last time:

Isis also differs from its predecessors in the security of its communications. This presents an even greater challenge to agencies such as GCHQ. Terrorists have always found ways of hiding their operations. But today mobile technology and smartphones have increased the options available exponentially. Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are “Snowden approved”. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.

Leaving aside the rather pathetic dig at Snowden at the end there, and the unsubstantiated statement that terrorists have benefited from his leaks, the key message here is that strong encryption is now used routinely by the wrong people, and that it presents an “even greater challenge” to the world’s security services. If that lament sounds familiar, it’s because suddenly, over the last few weeks, it has become the persistent refrain of law enforcement agencies in both the US and UK.

First we had the FBI Director James Comey talking about his agency’s fears about things “going dark” because of encryption; then we heard from NYPD Commissioner Bill Bratton about how encryption “does a terrible disservice to the public”; a couple of weeks later, former NSA General Counsel Stewart Baker suggested the reason Blackberry had failed was because it used “too much encryption”.

Now it seems that the baton has been passed to the UK. The day after Hannigan led the way with his piece in the Financial Times, the head of London’s Metropolitan Police added his voice to the chorus of disapproval, as the London Evening Standard reports:

London’s police chief today warns society against letting parts of the internet become a “dark and ungoverned” space populated by paedophiles, murderers and terrorists.

In a call for action, Met Commissioner Sir Bernard Hogan-Howe says encryption on computers and mobile phones is frustrating police investigations, meaning parts of the web are becoming “anarchic places”.

What’s particularly interesting is that as part of his visit to New York to make this speech, Hogan-Howe was also planning to meet all the senior US officials who had just voiced their concerns about encryption in precisely the same terms:

Sir Bernard has spent several days in talks with New York and Washington police chiefs about the threat of terrorism and what he calls “the challenges and opportunities” of technology. Today he was meeting FBI director James Comey.

He was also telling law enforcement experts behind closed doors at the New York police department that the internet is now a safe haven for criminality, adding: “Privacy is important but in my view the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require.”

It’s hard not to see this as part of a concerted and organized counter-attack against growing calls to rein in US and UK surveillance in the wake of Snowden’s revelations. The common line on both sides of the Atlantic is that encryption has gone too far — that “the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require”. The clear implication is that only “paedophiles, murderers and terrorists” would want strong crypto, and that for law-abiding citizens with nothing to hide, crypto with backdoors is good enough.

But it isn’t, of course. Law-abiding citizens with nothing to hide have a perfect right to real privacy online, just as they have a right to use doors, walls and curtains to screen off their private lives from the world’s gaze. As Techdirt has noted before, placing backdoors in nominally secure systems simply makes them completely insecure, since there is no way to stop the bad people from using them too. Moreover, weakening crypto would not only make the Internet vastly less secure for billions of users, it would also undermine millions of online businesses and thus the economies with which they are now so deeply intertwined.

We can expect more of these blatant attempts to demonize strong cryptography, and to paint its mere use as a sure sign of terrorism and depravity. But we have been here before. During the 1990s the US government tried to introduce backdoors into secure communications using the Clipper chip. Civil society won those first Crypto Wars; now it needs to gird its loins to fight and win Crypto Wars 2.0.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , , , , ,
Companies: apple, google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Demonizing Strong Encryption: Welcome To The Crypto Wars 2.0”

Subscribe: RSS Leave a comment
62 Comments
John Fenderson (profile) says:

Who the hell are they?

Leaving aside the idiocy which is the assertion that it’s possible to weaken security against some attackers (the government) without weakening it against all attackers, I find this statement simply offensive:

“Privacy is important but in my view the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require.”

And who are they to say what anyone else “reasonably requires”? But I know what they mean: they mean that nobody except criminals would “reasonably require” privacy against governments, despite the entirety of history showing us why this assertion is laughable.

PRMan (profile) says:

Re: Re: Who the hell are they?

“Mmm, there was a time when peasants were only allowed to have the bible read aloud to them in church. What genuine domestic user would require a BOOK! Information is for gatekeepers!”

Well, in their defense, books were copied by hand and the town only had one. Had to safeguard it with someone who wasn’t likely to destroy it.

Mason Wheeler (profile) says:

Re: Re: Re: Who the hell are they?

…and they liked it just fine that way. In fact, when Gutenberg invented the printing press, and the first thing he did with it was mass-produce a bunch of Bibles, the priests flipped out. “We must stamp out printing, or printing will stamp us out!” they said, showing that the MPAA’s reaction to disruptive new technology is far older than the MPAA.

Well, that was over 500 years ago. The Printing Press and the Church are still both around and going strong.

uRspqF7L (profile) says:

Re: Re: Re:2 Who the hell are they?

that is truly wonderful genius.

your logic entails: since the printing press had no effect on anything, then the internet will have no effect on anything, so we might as well stop using it.

just as a point of order, going against the MPAA is not the kind of law breaking they are concerned about. large scale drug trafficking and human trafficking, which kills tens of thousands a year each year worldwide, are more in the ballpark.

Mason Wheeler (profile) says:

Re: Re: Re:3 Who the hell are they?

Umm… I didn’t say it had no effect on anything. What kind of idiot could grow up in today’s world and even be capable of thinking such a thing?!?

What I said is that it utterly and completely failed to fulfill the priests’ doom-and-gloom predictions, just as each new technology that the copyright interests say is going to wipe them out ends up doing nothing of the sort.

Dave Howe (profile) says:

Re: Who the hell are they?

Or simpler still – most international companies need to treat governments at least reasonably equally. I am sure GCHQ and the NSA would be right behind the idea of all of cisco’s routers having hardcoded backdoors in them for their convenience, but less so if the US and UK governments were also using them, and the German and Chinese governments had keys too….

PaulT (profile) says:

Re: Who the hell are they?

Indeed. For a start, define “reasonable” and “domestic user”.

I would consider reasonable to mean something that’s as far from easily breakable via brute force with equipment available to the “bad guys”. Since the equipment increases in power and sophistication each year, and flaws deliberately or inadvertently introduced by vendors requires extra protection, we may have very different ideas of what’s reasonable now, let alone just a few years hence.

As for “domestic user”, well my data needs to be secured against theft, and if I work from home I need access to strong VPN security on my end as well as my office, not to mention my bank or anything else sensitive or vulnerable in transit. This applies doubly to any portable devices that may commonly be used on public networks, or more easily lost or stolen.

When all we have is vague platitudes that don’t take into account the way things are used for legitimate purposes, I hope he’ll understand us being less willing to swallow proclamations about what we “need”

DigDug says:

UK and US Governments listen up...

You started this by illegally intercepting all of our communications, data, browsing habits and what not.

You escalated this by illegally retaining all of this data and lying about it publicly.

You have violated our right to privacy, our right to be secure in our person and communications.

You started this, don’t be surprised when we *GASP* don’t trust that you have our best interests at heart and take steps to limit what you can illegally steal, spy on, retain about ourselves.

That doesn’t make us pedophiles, terrorists, criminals at all.

It makes us Citizens of our respective nations who have been molested by our Governments, violated by our nations intelligence communities, our rights abrogated by persons whose only interest is to control every aspect of the public as is humanly possible to maintain control by their representative governments.

In the United States, those elected official comprise only 0.00016988% of the population of the country.

Why do we allow so few to damage so many?

DigDug says:

Re: Re: Re:2 Terrorist Pedophiles

If someone sexually molests a child, which is the definition of pedophile, then yes, they deserve to be shot, doubletapped or even empty the 15 round extended clip into them for all I care.

Go ahead and tell me that it’s not good to do that when someone molests a child, goes to prison, gets out and then molests your child or a nephew or niece, or best friend’s child.

Then what do you think? Still okay to let that inhuman fucker live? Hell no. For something like this, you get one and only one chance. Don’t be that pedophile, or die.

Anonymous Coward says:

Re: Re: Re:3 Terrorist Pedophiles

But the majority of people labelled a paedophile have never actually molested a child. These people need psychological help/rehabilitation, to simply go around killing them for a label is just barbaric.

Yes there are some paedophiles that need to be locked up indefinitely, but to actually make the decision to take their life away makes you just as bad as them.

The OP was simply making the point that politicians band around the terms paedophile and terrorist way to often.

Ninja (profile) says:

I’m not seeing them calling for bans on gatherings (terrorists use those to discuss their stuff face to face), cars/trains/planes/ships/roads (terrorists use those to move around and move around their fireworks), snail mail (terrorists probably use it but probably speaking in codes) and so on. The proportions are what matters. How large is the percentage of the population that is actually using all those mentioned (and the Internet) for criminal activities? And from those criminal activities, how much of them can’t be traced with, you know, plain old investigative efforts? And I dare add another question to this: instead of meeting violence with violence wouldn’t other methods of dealing with terrorism other than war on anything and everything actually align the hearts of the people worldwide thus depriving these extremist morons of ears to listen to their distorted message?

Really, these people should be kicked out of their jobs.

Anonymous Coward says:

Re: Re:

If they were really so concerned about pedophiles, then they would have executed multiple search warrants on every Catholic archdiocese in the United States years ago. Their files document the systematic, institutionalized, condoned, sanctioned, supported abuse and rape of hundreds of thousands of children over decades — as we can see every time we get a glimpse at them, e.g., http://www.news-journal.com/news/nation/church-releases-abuse-records/article_17ef44a1-d904-518f-bbba-1d82d1eae33c.html

But law enforcement is too weak and too cowardly to take on the Catholic church. They’d prefer to spend enormous resources going after one pedophile here or an isolated ring of a few there rather than going after the biggest club of pedophiles on the planet.

So let’s not have any whining from the FBI about how hard it will be to track pedophiles. It’s not. Just go to Boston or St. Louis or any other major city, find the leaders of the Catholic church, and you’ll be on the right track.

Anonymous Coward says:

Terrorist Pedophiles

The UK already has a law granting police lawfull access to plaintext held by private users.

You can go to jail for forgetting your password, so what’s the deal?

Oh, the law does not work as well as the government expected, in spite of civil libertarians warning that it was never well thought out.

Did the government not contemplate in the 1990s that any smart criminal would use multilayered encryption, steganography and deniable encryption regardless of the go to jail card?

Only a handful of stupid criminals have been sentenced for failing to disclose their encryption keys, and surprise the members of IS are likely outside the writ of UK’s police.

However, the UK police is far from clean, and organized crime has penetrated the institutions from top to bottom including the CPS.

Rapnel (profile) says:

I’m sorry but when exactly did upholding the rule of law start and end with “we can’t protect you if we don’t have access to your private lives at a moments notice.”?

Fuck all those guys to hell and back again .. with a six fisted baton.

It’s like the same play book as entertainment mafioso – we can’t make money *if* … (same baton, same deal)

Imagine having to create and explore new means and methods of getting their respective jobs done as opposed to duct taping your face to their wall of ass.

They have ZERO right to drive your respective privacy into the ground. None. At all.

Boo! Terrorism, pedophiles and drugs. .. Fuck you.

G Thompson (profile) says:

Law-abiding citizens with nothing to hide have a perfect right to real privacy online

Sorry Glynn but this exact statement and the way it is worded is a part of the whole problem and is part of the fallacy that the people you are trying to say are in the wrong are using.

The correct phrase should be “EVERYBODY has a right to privacy online”

And whether you or others like it or not that everybody includes criminals, politicians, soldiers, parents, children, and even terrorists and even peadophiles. Since until due process is applied and those people are actually convicted and tried of a crime they are and still retain the same rights as everybody! In fact The right to privacy doesn’t get extinguished after they are even convicted, nor should it.

Anonymous Coward says:

Terrorist Pedophiles

Twenty years ago a few voices warned against the crimininalization of child pornography as a dangerous slippery slope, and see what it has got us on the civil liberties score card.

Pedophilia has no more to do with encryption than carjacking has to do with computers.

A pedophile abusing a child can’t hide his physical abuse by encrypting his act.

The only nexus between pedophiles and encryption is there because the law has made possession and distribution of depictions of certain crimes a serious crime.

In the UK, there doesn’t even have to be an actual crime or an actual child in order for the depiction to be illegal.

Anonymous Coward says:

Re: Re: Terrorist Pedophiles

“In the UK, there doesn’t even have to be an actual crime or an actual child in order for the depiction to be illegal

Same in the US. Even cartoons can count.”

And if there is no sexual activity (read: only nudity) try getting a conviction. Look at Robert Marplethorpe (tried and acquitted) and Jock Sturgis (never charged with anything).

Richard (profile) says:

Re: Re: Re: Terrorist Pedophiles

And if there is no sexual activity (read: only nudity) try getting a conviction. Look at Robert Marplethorpe (tried and acquitted) and Jock Sturgis (never charged with anything).

A conviction is not necessary, vigilantes will take matters into their own hands and they don’t care about innocence or guilt.

John Fenderson (profile) says:

Re: Re: Re: Terrorist Pedophiles

“And if there is no sexual activity (read: only nudity) try getting a conviction.”

This has been done. The rule is that if the purpose of the work is to cause sexual excitement and the work involves characters that are claimed to be or portrayed as underage, it’s child porn. Whether or not the work is a photograph or whether or not children (or even actual people) were ever involved in the generation of the work isn’t the relevant criteria.

Anonymous Coward says:

Who the hell are they?

I would consider reasonable to mean something that’s as far from easily breakable via brute force with equipment available to the “bad guys”.

The bad guys are already inside the system.

The UK police is notorious for its corruption and lack of willingness to clamp down on abuse by its own.

Scotland Yard corruption: leaked report claims police were bribed to DESTROY evidence and SLEPT with criminals

‘Corrupt’: The report alleges that criminals had free access to information held by the Metropolitan Police

The documents, leaked to the
Independent,
concludes that organised criminals were able to infiltrate Scotland Yard ‘at will’ and access confidential information from secure databases.

The report, written by a team led by Andy Hayman, the force’s former assistant commissioner, spoke to informants, used intelligence from intercepted telephone
conversations, interviewed officers and scoured old police files to reach its conclusions.

The Metropolitan Police today insisted that the force has ‘changed vastly’ since the report was completed. But a recently retired senior officer, speaking
anonymously to the newspaper, said that: ‘The Met is still every bit as corrupt as it was back then.’

Details of the report include a case in which a police statement from a sensitive witness was found in a nightclub controlled by a family of suspected gangsters.

Other records claim that a man on trial for drug trafficking was able to pay officers £15,000 to destroy two ‘crucial’ surveillance logs. His trial later
collapsed.

The police is corrupt and can’t even clean its own house.

Anonymous Coward says:

Same argument is used for gun control

the key message here is that strong encryption is now used routinely by the wrong people, and that it presents an “even greater challenge” to the world’s security services

This is the same argument used for gun control. Just like with making guns illegal and only criminals will have guns; making encryption illegal will guarantee only criminals/terrorists have encryption. So while the rest of us are left exposed, the criminals/terrorists will be free to do as they please. They are criminals after all.

Anonymous Coward says:

None of this would be happening had not the use of spying been contained within what was legal.

Companies have a choice, they can buddy up with what the spy agencies want and lose their profit and reputation or they can boost their encryption in an attempt to show their customers they are concerned with customer concerns, thus improving their damaged brand image. Those major corporations housed in the US are starting out damaged, whether they had anything to do with allowing access or not, simply by where their home office is.

jameshogg says:

Uninventing uncrackable encryption is like uninventing the nuclear bomb. You can’t do it.

Mainstream encryption can be sabotaged as much as agencies like. But the unsabotaged stuff will always still remain discoverable. The only real people to “blame” are mathematicians for opening this Pandora’s box (and no I do not think they should be blamed – if they weren’t going to discover uncrackable encryption, somebody else would have, probably under an authoritarian regime).

As long as this is true, bad actors will use unsabotaged encryption.

You can’t turn back the clock on science.

Anonymous Coward says:

Governments can get info from isps,phone companys ,dropbox, etc,
a potential crinimal/ terrorist can be found by other methods.
not just by the data on his phone.
it would be naive to think that facebook ,or twitter is not being used to monitor extremeist groups .
I think the average iphone,android phone is less than secure ,there seems to be vunerabiltys discovered in ssl, webrowsers, etc
every month.eg heartbleed .

Anonymous Coward says:

As it always was, the “argument” against (strong) encryption is facile nonsense.

– Encryption makes communications unreadable except by the respective parties
– Therefore, Bad Guys will use it to communicate outside the purview of law enforcement
– Therefore, we should break strong encryption so that all communications are vulnerable to a third party’s reading

The third point is presented as “so the Good Guys can catch the Bad Guys”, but those Good Guys might want to try coming back when they’ve created a crypto backdoor that only they can exploit.

uRspqF7L (profile) says:

Re: Re:

actually it’s completely valid, and the Tor people make that absolutely clear.

it is designed to block anyone from accessing the information. ergo, any crime conducted over that network will be unprosecutable.

your argument is: because my (very inflated btw–not the one in US or worldwide human rights law) conception of privacy will be damaged by breaking strong encryption, law enforcement has to end.

you are saying that.

you can say it, but saying it in the name of law or human rights is facile nonsense, because your overt logic is that we have to give up the rule of law entirely to satisfy your notion of privacy–a notion that is only itself guaranteed by the rule of law you have just thrown out the window.

Anonymous Coward says:

Re: Re: Re:

Law enforcement does not have to end. “Crimes conducted over that network” will not become “unprosecutable”, in the same way that bank robbers discussing their heist face-to-face in a Faraday cage will not render the robbery unprosecutable. (see some actual examples of crimes not solved by breaking cryptography)

No, my argument is: breaking strong cryptography does not enable only the Good Guys to read everyone’s communications. It enables everyone to read everyone’s communications. That is not a world I want to live in. But please tell me how that equates to “giving up the rule of law entirely”.

uRspqF7L (profile) says:

it is *definitely* not the case that strong encryption advocates and developers want to make law enforcement impossible.

why, just look at what the Tor developers say in response to Operation Onymous: they are full of praise for the innovative methods used to track down clearly illegal activity and make clear that Tor is not meant to be used to by pass such efforts:

https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous

and in the real world, actually they pretty much come out and say exactly what this article is mocking: they believe law itself is “illegal,” and so are justified in developing tools to bypass it entirely.

Anonymous Coward says:

Who the hell are they?

just as a point of order, going against the MPAA is not the kind of law breaking they are concerned about. large scale drug trafficking and human trafficking,
which kills tens of thousands a year each year worldwide, are more in the ballpark. 

If the interception is only about drugs and sex, it should clearly be limited to that, but you haven’t read well, have you?

This is from the GCHQ website:

“• In the interests of national security
• In the interests of the economic well-being of the UK
• In support of the prevention or detection of serious crime.”

Also the infamous key disclosure mmandate under RIPA is so broad that it can be used in cases of “…for the purpose of securing the effective exercise or proper performance by any public authority of any statutory power or statutory duty,” or “for the purpose of preventing or detecting crime;” or “the interests of the economic well-being of the United Kingdom”.

Nothing limits the exercise of that power to drug or sex crimes.

The mandate is so laughably broad that investigation of any crime can result in a disclosure order.

Anonymous Coward says:

Who the hell are they?

Let’s end the war on drugs and prostitution once and for all, and cut the law enforcement budget down to reasonable limits.

I am sick and tired of the police state sustaining itself through new laws banning adults from smoking, drinking or inhaling what they want.

Most drug and sex crimes are victimless acts, and to the extend that there is violence, threats of violence or exploitation of minors, other laws should be sufficient.

Most of what nowadays is categorized as ‘crimes’ are in fact without a victim.

Anonymous Coward says:

Terrorist Pedophiles

Cartoons in the US can only be prosecuted as obscenity.
if they pass the Miller test.

But child pornography laws require an actual child.

In the UK, there doesn’t have to be a showing of obscenity.

Mere depictions of child like figures engaged in sex can therefore be prosecuted under UK law without a showing of obscenity.

dungeonlight says:

Clear evidence for how nuts they are

Imagine you are an intelligence service boss in the post snowden era. You want EVERYTHING, but seriously: Wouldn’t you have the common sence and patience to be laid back and simply wait for the first universal quantum computer ? Of course, you would,as it only takes 8 years or so til this point is reached; we already can SEE it.

But not GCHQ.

Anonymous Coward says:

Terrorist Pedophiles

If someone sexually molests a child, which is the definition of pedophile, then yes, they deserve to be shot, doubletapped or even empty the 15 round extended
clip into them for all I care.

Why not death for rape of a woman?

Fortunately such a punishment for a nonlethal crime violates the Eighth Amendment.

Advocating capital punishment for any other crime than murder is evil.

Not even Texas or the red states had such laws.

rotten13 says:

moar thoughts on CW's 2.0

One of the first programs I wrote after add subtract multiply divide was a encryption program. Later I learned of PGP. I remember back when it was called a munition when you wanted to download it you had to agree. (unless you were smart an knew the path to the filename and had wget) I digress.

I always wondered how they could make it so the file wouldn’t go through those countries they didn’t want it to. Looking back at it looks like the Obamacare website of today e.g. a giant fiasco fascia with scrambled nonsense full of fascists trying to profit off your UN HEALTH as a number one policy underneath. What hospitals do, You or I would go to prison for a LONG TIME.

I remember pgp CTK version (cyber templar knights) with those big keys. And whispers of the big keys aren’t more secure. Right. Honestly $100 isn’t MOAR than $10 cuzz math kills in in in Commie Corps.

Then back to programming again with crypto++

more little utils like apocalypso.
obscure packers like AIN. uuencode, uudecode

portable email with crypto plugins

operating your own mail servers and port knocking

… SPA

Back to programming again… Now really anyone who puts a little time / thought into it can make their own crypto.

But what I worry about more today, is the CHIPS/ doping/manufacture/chain of custody. The 3D printers aren’t doing CHIPS yet as far as I know. So truly nobody has clean trusted chips.

There’s so much crypto out there, it’s pointless to call this a war 2.0, more like an agenda to to break their oath and unleash their unremorseful psychopathy upon the monetary systems of the planet.

It is what’s leading to WW3.

The day the bastards broke their oath to defend the US Constitution was the day, this country was put on the path down the toilet. Now it’s so sick, it isn’t even growing.

These bastards are turning the lights out on the human race!

Nobody believes what those oath breaking scum the AG, the NSA, the CIA, the PENTAGON, the WHITEHOUSE, the FBI say. They’re infested with ISRAEL. until that and the oath breakers are expunged from the system, this will be a downward spiral

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...