Barr seems intelligent despite all the news and politics we have going on right now. I agree with Schneier’s assessment about have a policy discussion.
Let’s pretend the Big Tech companies build something robust and unbreakable (impossible) for the US govt. Now the EU and former English colonies want the same.
Now Syria wants the same access and full history of anyone in Syria. China would like the same for Hong Kong.
It’s slippery slope that goes down hill very fast. The line between criminal investigations and persecution are blurred.
That's just the nature of the beast. As long as strong encryption without a backdoor is physically possible, people will use it online regardless of legality. The thought that we could regulate that effectively is laughable. Even if you take down every single project, it's already out there. Heck, it's built into Java, which is installed on "over 2 billion devices" or whatever... It's also built into pretty much every decent programming language out there (Rust, nim, go, crystal, others). Mirrors of old versions of those are everywhere, and tons of people already have them installed. This would be as pointless as deciding to censor all .pdf files. Hell even WinZip has AES built into it. This would require significantly more oppressive censorship and monitoring than even China is capable of.
And that's not even touching on SSH and HTTPS and GDPR complications.
If we don't laugh at and discredit the idiots pushing this, people are going to take them seriously and we will have to deal with the consequences.
Regarding companies (like facebook) that collude with the gov to bypass encryption with MITM snooping, we need to continue to expose them, and major players like Google and Apple need to actively disobey any orders from the gov, and send an army of lawyers at it, and I think that's what will happen.
A government doesn't need to launch an all-out war on encryption to get its way.
They only need to lean on relatively few people - the humans who live in the US and who run Facebook, Apple, etc. to put back-doors in their services. Or worse, they put back-doors in their services while denying that they have done so.
The fact that strong encryption still exists will be of little use if it's not what the bulk of people actually use.
There is also the possibility that using less secure communications hardware and software could be exposing individuals and companies to criminal and civil liabilities due to other legal requirements. In the US this is already the situation with regards to handling classified information.
Despite all of the rhetoric and public statements, the legal burden and actual enforcement seems to be going very much the opposite direction in the US and EU. There is good reason to suspect that the monitoring (and centralized censorship) infrastructure built up in other nations could end up producing the opposite desired goals in the long term.
This is seriously wrong, and that word "laughable" is a key-word for others who share you larger assumptions.
Let's assume that protocol enforcement is heaped upon those who can do nothing about it, not "laughing" techies with time and skills; .. until it is. Common access to network infrastructure is clearly being monitored and more and more requirements and restrictions are added each year, not less, in a dizzying number of ways. The ability to find a transaction from a "regulated IP address" used by those who do not have the skills or background to understand what is happening, only increases each year.
This cavalier analysis is counter-productive to someone who wants to a) stay our of the security swamp and b) live life somewhat un-monitored with individual choices.
You're missing my point. People should be laughing at Barr, in his face, in his inner circle, every day for this. If we don't facilitate that on the outside, how the hell will it happen on the inside. So laughable as in a call to action, not laughable is in negligible.
It's more complicated than that. Let's say the US adds back doors. What is to stop China, Russia, or some other nation state from using it in the US to intercept the communications of lawmakers, CEOs, and others? These are policy implications worth raising and discussing. Do many realize implications like this?
Exactly. An actual strong encryption backdoor would be impractical and/or would be immediately broken and leaked / dead on arrival (the entire crypto community would be motivated, on a personal level, to undermine this). The thing we have to worry about is players like Facebook allowing MITM snooping on behalf of the government without having an actual backdoor, as they have already agreed to do. I think Apple and others would sooner disobey a court order and throw lawyers and money at the problem than snoop for the gov, though, which would be a very good thing. We need to keep pressure on Facebook and keep exposing companies that give in to requests like this.
> What is to stop China, Russia, or some other nation state from using it in the US to intercept the communications of lawmakers,
Because NSA can't legally "spy" on US citizens, they would be happy to allow UK, or say NZ, to access those backdoors and record everything US citizens do. Then they just have to find a loophole in how to access that information later. Granted they can probably just redefine what "searching" and "access" means, which do already, but this would open even more loopholes and possibilities.
It's sometimes useful to think of these government agencies not as working for the US citizens but as adversaries who work against our interests.
> Because NSA can't legally "spy" on US citizens, they would be happy to allow UK, or say NZ, to access those backdoors and record everything US citizens do.
This is, modulo using the hypothetical backdoors under general discussion, pretty much exactly what the "Five Eyes" member states (which set includes .nz and .uk) are doing for one another already.
> Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications.
It is AG Barr's suggestion (as far as I can tell from the quote above) that these are not regular consumers so they should get "the real thing". Everyone else would get the "inspectable encryption" version.
I think most of us around here on HN and "tech people" in general understand that particular set of issues around encryption backdoors.
It seems to me that certain lawmakers and people like Barr either don't put the time in to understand or are willfully ignorant to further their own goals.
Let’s pretend the Big Tech companies build something robust and unbreakable (impossible) for the US govt. Now the EU and former English colonies want the same.
Now Syria wants the same access and full history of anyone in Syria. China would like the same for Hong Kong.
It’s slippery slope that goes down hill very fast. The line between criminal investigations and persecution are blurred.