A bit alarming to see the government embracing an end-to-end chat system with perfect forward secrecy, considering both the head of the FBI and the CIA have confirmed that the lack of a back door would impede the fight against ISIS.
Timing is everything; the narrower the bandwidth of the communications channel, the more important context becomes if you want to avoid falling victim to Poe's law.
It's not obvious that intent is sarcastic when it expresses a commonly held position, unless the sarcastic person is well known to have different views - not so easy to discern on a site like HN. To be obvious to the casual reader, you need to articulate a position which goes to absurd extremes, eg
A bit alarming to see the government embracing an end-to-end chat system with perfect forward secrecy, considering that it impede economic growth in our identity-theft and espionage industries.
Of course, that might not be recognizable as sarcasm in some countries where such activities are of greater strategic importance.
Recognizing sarcasm generally requires context on the author. You can make assumptions that lead to this looking like sarcasm or you can take it on face value; both are fairly likely to have some users that would write the comment.
I think it's kind of silly to use for that reason.
Why is that alarming? The FBI and CIA requests for backdoors are alarming. Unless you're positing that these apps may have secretly complied with CIA and FBI requests?
If anything, this is a really good thing, as the utility of publicly available comms are embraced by government entities, it should somewhat guarantee that us consumers will also have access to this.
>If anything, this is a really good thing, as the utility of publicly available comms are embraced by government entities, it should somewhat guarantee that us consumers will also have access to this.
I largely agree with you but a more cynical take would be that it allows the following argument to be advanced:
"If the 82nd Airborne uses it, then it is a weapon of war. Why should civilians have access to the same communication equipment as a soldier needs in a time of war."
That is, they associate the technology with combat and the military. Then, they use that association as a way to argue the technology is only inherently useful for those planning to engage in combat.
It also allows governments to advance the argument that if it useful for our soldiers then it should be denied to enemy soldiers and thus it should be tightly controlled (see night vision googles[0] or cryptography as a weapon[1]).
You would think that the constitution would have included a passage about peoples right to keep and bare armaments being necessary to ensure the country stayed free...
Nah. Lets redefine "arms" to mean "guns", assume for some reason the constitution needed to give the government freedom from itself, and ignore the whole thing as archaic and outdated.
Cryptography has always been used by militaries, and was legally considered a munition back in the 1990s. Since then, two courts have ruled that cryptographic source code is protected by the First Amendment.
The army also uses toilets. Why is it then that nobody argues toilets are weapons of war?
Because nobody achieves power by controlling the existence of toilets? There are people who will argue the sky is green if it fits their narrative — bending reality is what they will do, if we let them.
There's certainly a case here. If Barr goes forward with his nutty anti-encryption push, I hope the opposition uses this argument. Google lists definition #1 for "arms" as "weapons", and definition #2 of "weapons" as "a means of gaining an advantage or defending oneself in a conflict or contest."
I doubt any would argue that un-breakable (at least, theoretically) comms would provide no tactical advantage. If anyone would, I'd refer him to the second world war as a prominent example. This argument could help built a bi-partisan pro-cryptography group by pulling in support from the 2A crowd. I support cryptography remaining fully legal (even if classified as a munition or armament) for the same reason I support the 2A, practical security considerations aside.
The funny thing is, the basis for upholding the National Firearms Act restrictions on short barreled shotguns and rifles (challenged in the '30s) was that they weren't weapons of war.
Because they'll also want to encrypt soldiers communications back home, not just between each other. When the soldiers are talking to their friends and family. It isn't E2E if friends and family aren't using the same software.
It's the whole idea behind Tor. Interests sometimes align.
I'm not accusing them of advancing a consistent or defendable position, just that there is always a danger in the military adopting a technology. To add another example, what if signal has a flaw which allows a foreign adversary to read all signal messages and that this ends up harming US natural security. The government now has an incentive to regulate signal as "critical telecommunication infrastructure" necessary for the security of the US.
Now the government has an incentive to contribute to the open source project to ensure that its communications are secure.
You're right that it could "weaken" signal because more people are trying to attack it which means a flaw is more likely to be found. But it can also strengthen Signal because the need for it to be strong and improve faster is higher. More people looking at it (especially with a government interest) means there are more trying to patch those flaws as well.
Additionally, it can add to the popularity of Signal. Which again adds to both edges laid out above.
Honestly I can't see this as anything but good. It is __GOOD__ when the government's interests align with that of the public.
1. IF the government comes to rely heavily on the security of signal, THEN the government will want to make signal as secure as possible.
2. The approach the government may take to make signal stronger could be to regulate signal. For instance the government might require background checks on everyone authorized to push out signal updates.
3. Such regulation is likely to have the unintended effect of making signal less secure by causing the designers of signal to abandon the project.
Now this is a pessimistic take. An optimistic take could be that the tool the US government uses to strengthen signal is to fund developers and give out grants for security research on signal. As another poster pointed out the US government funds TOR.
This is against the interest of the DoD. It may be in the interest of other agencies, but not the DoD. The DoD's interest is that __all__ communications of their soldiers. Because it matters if a soldier texts their buddy back home "blah blah I'm taking a shit in this shack outside the base. You should see what it's like out here blah blah." That has security issues for them. Soldiers are going to text their buddies, significant others, and family by any means that they can. So your choice is 1) through a secure channel or 2) through an insecure channel. DoD is obviously in favor of option 1. Increased regulation, such as your suggesting, is counter productive and only encourages option 2.
> 3. ...
The code is open source. Moxie is also pretty adamant about keeping it open source. DoD also has an invested interest in keeping it open source.
> As another poster pointed out the US government funds TOR.
This user was me?
Since the conversation is exactly the same as the one we were having the other day on another thread I am literally going to reference that thread[0]. I think the pessimism comes from "anti-government" thinking, but also a lack of understanding how agencies work. You can probably tell from my chat history that I'm not super pro strong gov and pro privacy. But these agencies have differing agendas and this has to be understood. The intelligence community has a split incentive when it comes to Tor/Signal/encryption. The part that handles protecting their spies is pro Tor and wants other users on it because they don't want spies found because only spies connect to Tor nodes (or only spies/pedos/terrorists even). Conversely, those in charge of finding spies (or spies and pedos) don't like Tor (and that's why they'll claim that only spies/pedos/terrorists use Tor/encryption. It is pushing __their__ agenda).
It really comes down to "what agenda makes their life easier?" So it should be no surprise that a defense agency is... in favor of defense. It should also not be a surprise that agencies in charge of attacking (let's avoid debate about who they are attacking) is... anti defenses. Those that are in charge of protecting kings are pro castles because it is easier to defend your king behind a castle. Those in charge of killing kings are anti castle because it is harder to kill a king behind a castle. These people may work for the same king, but they don't really talk to each other that often.
I actually think the government will start taking a more pro encryption stance in the future (we've seen some of it already), especially as tensions rise. Those that worry about foreign interference have an incentive to protect everyone's communications from foreign adversaries. It is harder to manipulate those that you have no information on. Anti encryption sentiment comes from when we are in a stronger position and less worried about being attacked. Now as we're transitioning into a period where we're becoming more concerned about defense we have a much higher incentive (before it was ambivalence) to improve defenses.
Tor is designed to benefit from an arms race by spy agencies.
If your spy agency controls the vast majority of the Tor nodes, you can see what everybody is doing with Tor, and nobody else can. Whereas if somebody else's spy agency controls the vast majority of the Tor nodes, they get that power.
When you're both working hard to get more Tor nodes, the Tor network is made better for everybody and unless you achieve that vast majority control you get no benefit for your effort, still, never give up.
Suppose the Russians have 100 Tor nodes, the Americans have 100 Tor nodes, the Chinese have 100 Tor nodes and random good Samaritans run 100 more. Nobody can snoop on Tor, it works really well with 400 nodes. The Americans buy 200 more nodes. The Russians don't like that and nor do the Chinese! They each buy 200 more nodes too. Now there are 1000 Tor nodes, it works even better, and nothing changed for user security.
My interpretation is that he meant it's alarming to see the government suddenly openly suggesting an e2e messenger because it might hint to the agencies having discovered a hole in the Signal protocol.
I highly doubt that personally, but that's what I read from nimbius comment.
So then why would they want the military to use it for internal discussion? If the govt is aware of a hole, then other nations might be aware of the same or a different issue.
It does matter. Soldiers talk about sensitive stuff all the time. You don’t want schedules, personnel, whatever, leaking through inane conversations to people we’re at war with.
Unfortunately, classified comms of various classification levels spill over into publicly available channels all the time, both accidental and out of laziness, but also sometimes an immediate necessity.
Pointing out a contradiction of policy and interest between civilian and military who each have independent concerns and capability doesn't necessary imply sarcasm. I took nimbius to mean that it will be interesting (as in get your popcorn) to see who's influence in the halls of power win out when such a contradiction exists.
I see little conflict, there is little reason the military would observe restrictions in the battlefield. now they could limits its use only while deployed or simply run it under an exception only policy, as in you get to use it for this period of time and not otherwise.
there has always been separate rules applied to the people and government, the issue comes down to the simple matter elected officials should always be considered public while in office.
They do allow some unicode chars like: ⏩⏪⏫⏬ and ⏰, I guess they are validating up to some unicode code point. Because most emoji are not shown. I believe this chap: ◿, the lower right triangle, U+25FF, is the last one allowed.
> A bit alarming to see the government embracing an end-to-end chat system with perfect forward secrecy, considering both the head of the FBI and the CIA have confirmed that the lack of a back door would impede the fight against ISIS.
Why is it alarming? I don't think the FBI and CIA are advocating backdoors for government encryption. The fact that the military endorses it for their own operational security is weak evidence that Signal is more secure than other apps.
It should count. The DoD has different interests than FBI and CIA. It should make sense that DoD wants encryption, it makes their jobs easier. It should also make sense that the FBI and CIA don't want encryption, lack of makes their jobs easier.
Just because they're both government agencies doesn't mean they are colluding against the people. Different agencies have different agendas and prerogatives. It's also well known that agencies often fight over things and don't exactly work together well.
Why? Here's an analogy. People that are in charge of defending kings are pro castles (it helps them defend their kings). People that are in charge of killing kings are anti castles (it is easier to kill a king if they aren't in a castle).
Why is this a difficult concept to grasp? All agencies are pro "agenda that makes my agency's job easier".
Even just traffic analysis makes any kind of communication potentially leaky. Encryption matters, but it doesn't protect against everything. Even the lack of communication leaks information.
https://www.theguardian.com/technology/2015/jul/08/fbi-chief...