Banning End-to-End Encryption is Stupid

Sean Ewington

github.com/davidchisnall[^]:

Various lawmakers in different countries are proposing to require messaging services to provide a mechanism for law enforcement to decrypt end-to-end encrypted messages. This kind of legislation fundamentally misunderstands how easy it is for bad people to build their own end-to-end encryption layers on top of other messaging systems.

I'm not sure if writing code on GitHub to be run in a terminal is going to change policy makers' minds.

obermd

The first time this came up in the US under President Clinton a group of researchers challenged the NSA to decipher their transmission from the University of Hawaii to the University of California. They gave the NSA the exact start time as well as the starting and ending IP addresses. The NSA couldn't decipher it. Turns out they transmitted, in clear, data from the telescopes in Hawaii to their colleagues in California. Needless to say, this was one of the reasons the US stopped, at least for a while, the idiocy of trying to have the government be able to snoop on data transmissions.

maze3

So is US Post service exempt from this. What stopping me encrypting a letter, and communicating if both got the decryption. add in PO box, and some shady trench coats, shades and hat, I wonder how long before I would be investigated

trønderen

25-30 years ago, NSA tried to introduce an encryption chip called 'Clipper' to be included in every phone across the USA (this was before the cellular age). Encryption would be end-to-end, but noone tried to hide the fact that NSA had a backdoor, so they could eavesdrop on every phone conversation in the nation - but "of course" they would do that only under special circumstances of grave crime. Together with Clipper came a ban on any other kind of encryption. Clipper never was adopted. I think that was a pity. It would have given everyone the freedom to employ any end-to-end encryption without being detected. Or rather: If you were accused of using your own encryption, that would prove that NSA was eavesdropping your phone line, suggesting that you are a bad criminal. If that had happened to me, I guess I would have taken it to court, demanding a compensation for NSA ruining my reputation. Well, since I am not living in the US of A, it wouldn't happen to me, at least not in the US of A. Norwegian authorities are very eager to follow up demands made by US authorities, so chances are that if US of A had implemented it, we probably would have, too. In the early years of IP to the home, ISPs let you install SIP software on your PC to replace your old POTS line. There is a selection of SIP clients providing encryption on transmitted data/speech. After a few years, the SIP service was replaced by 'IP phones', which to the customer is a black box with a 1930-style analog phone socket. It uses the same IP line as your ordinary internet traffic, but on a separate channel that you cannot address from your PC. If you ask why you cannot have direct SIP access, you are told that it is 'for security reasons'. I read that as 'because the security services doesn't accept that phone conversations can be encrypted. Of course I can still install SIP software on my PC and connect to some privately managed SIP server. That would allow me encrypted connections to anyone else connected (directly or indirectly) to the same SIP server. Not to anyone else. Not to any old (but digital, of course) phone - not even unencrypted. The SIP network I would connect to would be a completely closed world, with no connection to neither POTS, the IP phone service delivered by various phone companies or any other eavesdroppable network. Maybe it never occurred to NSA and their buddies that those cruel criminals may have been using such a closed phone network for years. Maybe even today. SIP clients for Android are available; I guess they