A pretty good article I think everyone ought to read in an attempt to change the narrative against it. What do you all think?
What would you say to someone who claims that encryption is illegal when it is hiding a crime?
Assume I know there’s something illegal happening and I have a suspect. However, I can’t get any concrete evidence on it due to the encryption. Even with a warrant, I can confiscate their equipment and I won’t get any data to prove the case.
The authorities can be allowed to brute force a door. However, they cannot brute force an encrypted hard drive or encrypted messages. Isn’t that a problem?
Well, it isn’t. The actual crime is what’s illegal.
You may still give the information that made this person stand out to the authorities. If the only evidence of a crime is digital data on the criminal’s device, it isn’t really a crime.
CGP Grey has discussed this in the past:
We all ideally want police to crack digital locks sometimes. But at our current level on the tech tree, digital locks that cannot be opened are a thing that exists. And because they are made of math, something a skilled coder can build at home, trying to ban digital locks for everyone is pretty close to trying to ban an idea. Good luck with that.
But even were it possible to successfully ban perfect digital locks in a country, remember: On the Internet, there is no such thing as distance. Even if your government is a Xanadu bureaucracy of the Seraphim Incorruptible, there are demons elsewhere.
There is no way to build a digital lock that only angels can open and demons cannot. Anyone saying otherwise is either ignorant of the mathematics, or less of an angel than they appear.
I can answer this question. But I know its a lot more nuances than what I could say and the discussion we could have here as having it all in writing is not as fruitful as it would be to have a discussion on this verbally. Please consider making a video on this topic. Or please consider this an honorary SR question for your next recording if you don’t mind. Thanks!
This is probably something that everyone agrees on. This is why I don’t get why the blog post says “Encryption Is Not a Crime”. I think that the laws that are coming out aren’t trying to make encryption illegal. It is a weird way to phrase and respond to things. The blog post is just written in a wrong way.
A crime is a crime whether there’s proof or not. Conviction is a different question. That’s when you need the evidence.
Angels and demons? The phrasing of this so horrible that no legislator would ever take is seriously. The people who propose these laws aren’t necessarily assuming that the key is only for the good guys and it is 100% secure and impossible to crack. The privacy people’s defence saying that giving the decryption key to the government is the same as publishing the key on the darknet is unreasonable. That’s not the case. The key would need to be compromised and while it is technically possible, it doesn’t mean that is is likely.
Encryption is not about hiding crimes. It is about protecting what you want to be kept private. For anyone or any state to natually and by default assume that one is using encryption to hide instead of to protect does not understand the true reason for why it exists and that’s how they continue to have a false and inaccurate and a non sensicle bias against anyone wanting encryption. To those I ask, why don’t you share all your financial credentials that keeps all your money yours? Please share that so I can make that mine. This is akin to saying I have nothing to hide so I don’t need privacy. This argument has been many times answered and debunked before so please read up on this more for more detailed exposition on it. EFF, Techlore, Privacy Gides, The New Oil, Naomi Brockwell have all answered this.
They can still brute force. Whether or not it will work is another question. But no one is stopping authorities to do that. Furthermore, this level of forcing someone to open up their privacy will require explicit court warrants and depending on jurisdiction will also force the person of interest to cooperate of face jail time. This all depends on jurisdiction and the accusation of crime.
Any lawyer will tell you a crime is only a crime if it can be proven in court. That’s literally how we classify as what’s criminal. Innocent until proven guilty.
I think you’re misunderstanding the intention with which it was written and all that it is trying to say and you’re trying to personally relate to what you know of this subject matter and that’s why you think what you think (which is not wrong.. just not fully right either in this context).
There is very little difference in practicality when it comes to making encryption illegal or even simply underminding encryption. If the State wants a backdoor only for the good guys, it does not work. That’s not true encryption. It cannot only be for the good guys. So, even if the government is not trying to outlaw encryption, undermining it will have the same effect nonetheless.
So is your supposed understanding and explanation of the matter in the comments in this thread. Again, please don’t take it personally but I hope you do learn why and what and how - about it all to see why you may not be fully right with your current thinking on the matter.
Yes, that’s exactly the assumption these people have. These politicians are not technical people nor a part of the privacy or the tech industry. They do not know or understand in full how tech works. So yes, that’s exactly what they think and how they think it will work.
It’s not the same but its enough of a break in the tech itself that it may as well be because such tech is considered comprimised by any privacy or security expert. Encryption is for all or is for none. It cannot be that most have it 100% and only a select few alledged criminals don’t. By this logic, anyone can be suspected of criminal acticity and hence lose your right to safety and privacy and ecnryption.
If it is made available only for the good guys, it will be leaked. It is inevitable. Such a piece of tech that can compromise encryption is far too important for all nation states and any country would pay any price for it. It is not safe and secure if encryption is broken or is only broken for the good guys to have access to select things. It’s not how the technology works nor is how any entity or agency would work - as much as they would like you to believe otherwise. No one should trust any government agency with such an important piece of technology.
Much has been written on it all. Please read up on what EFF says and what Signal’s president says on this. I have posted and others have posted many articles obver the years on here. But you can also Google it yourself. The latest one I can remember is from Signal’s president on FT.com which I did in fact post here sharing what she wrote.
I agree that encryption itself is not a crime. However, encryption is a problem when it is hiding a crime and continuously enabling it to happen.
Brute-forcing is not reasonable. It is always harder to do that than encrypting, that’s why they’re pushing for a different way. What’s your suggestion to fix this problem?
I couldn’t care less about what a lawyer would say. A lawyer’s job is not to tell the truth or to be moral. It is to attack or defend a suspect. The fact that you’re even suggesting something like this is completely ridiculous. If someone kills a person, that’s a crime, whether there’s evidence or not. Conviction is a different case. That’s when evidence matters.
Of course only the tech or the privacy people understand this. Other people could never understand this because are just a bunch of dummies! 
The emails in Gmail are encrypted. Only you and Google can get access to them. That doesn’t mean that there’s zero encryption or that it’s compromised.
Same thing goes for your Signal messages. Any kind of encryption can be broken. That’s why Signal implements precautions like rotating the key. What if the government does the encryption protection the right way? Imagine a government user being added to every Signal chat as a group member. Those Signal messages would still be encrypted just as strongly as if your granny joined the group instead of the government.
1 Like
Fix the systemic issues at the core of society where people don’t have to or need to resort to criminal activities.
I think you completely missed the point of what I said there. Doesn’t matter if a crime has been committed, it is only a crime legally speaking if it is proven in court. You can still personally consider a crime but until it is proven in court, legally it isn’t anything.
This is completely false. I don’t think you know what you’re talking about. Again, please read up on all this more and get back with specificity so we can discuss when we both have a shared understanding of what’s what and how with tech. This is not how encryption works or is thought of in the first place.
This cannot happen. There is no right way for any government agency to do it. Even if they open source the project and the app or tool, unless you compile the code to build the app and then install it to make sure it is doing what it is supposed to do, what you’re suggesting is not possible. Again, like I said, it’s not how tech works. I think you’re being too naive and cavalier with how you think it could work should all things work well. It cannot and does not. If you break encryption even for 1 person, it is broken for all people.
No, they would not be still equally as encrypted. Please research more on all that I suggest and recommend. I have also given you the places to find info on this.
–
If you come back after reading up more on it, I’ll be happy to discuss this further. If not - you do you but I have nothing else to say on the matter but just that what you currently know or understand is not accurate nor right.
Good luck with that! I think based on the history of many centuries has proven that this problem is not something that will be solved any time soon. There needs to be a safety net to deal with the crime.
And you have missed the point of what I said. I disagreed with the definition of someone claiming that a crime is only a crime if there is evidence. I have checked the definition of the word “crime” in Oxford and the Merriam-Webster dictionaries. There’s no mention of evidence. I don’t know why we’re even discussing something like a definition of a word. It is not matter of an opinion.
The only arguments you provided is just your opinion that I’m wrong, there’s nothing concrete. I am not going to start doing research just because you disagree a bunch of times.
Maybe you should do some research yourself and see what the word “encryption” means. Your definition of a simple word like “crime” didn’t match the general public’s, so I have doubts that you and I are talking about the same thing when we talk about encryption.
I did say legally speaking. You did not consider all of what I wrote and how I explained it.
I only suggested you do this because simple research will explain why you’re thinking is flawed here. It’s not about be disagreeing. I really don’t care if you agree with me. I only want you to know the truth about it and how encryption and privacy works. Others who have read the same things I have will also disagree, but no one other than me is engaging with you here to help you understand it better.
Yeah, we are not. Hence my original suggestion of reading up on it. That’s literally what I have said in all my comments.
This is not a legal forum but here’s a legal definition from Juristopedia. No mention of evidence either. I don’t know where you’re getting your definitions but after I checked 4 different sources to define “crime”, I could not find your twisted definition.
Crime is a socially constructed legal concept that refers to conduct which is prohibited by law, punishable by the state, and recognised as threatening, harmful, or otherwise endangering to the property, health, safety, and moral welfare of individuals or the public.
Here’s another definition from Cornell Law Shool:
A crime is behavior that is punishable as a public offense . The elements of a crime generally come from statutes , but may also be supplied by the common law in states where the criminal common law still carries force.
No mention about evidence.
This kind of arrogance on the forum makes me sick. The only way for me to be right is to agree with you? The reason is that I am the one who doesn’t understand? The only way to correct this is for me to keep doing research until I agree with you? You merely a prophet who is trying to show me the light?
I think this is the only time we will agree: we are not talking about the same thing. After hearing your definition of simple word like “crime” I do not have the energy to discuss something like encryption with you. Who knows what kind of twisted definition you have concocted in your head for a topic like that.
Plus, so far I have checked and provided four different sources that define the word “crime”. You haven’t done anything even remotely like that for any of the ideas what I have presented about encryption. It is impossible to discuss anything when you aren’t being concrete. Saying “naah, wrong, go read about it” is not an argument. It is a childish play.
I read your proposed solution and had a few questions about it.
1.) How would you like to see this implemented? Specifically, how many government employees would you need to effectively manage this? Etc.
2.) What potential problems do “you” anticipate arising from the solution you’re proposing?
3.) Couldn’t this inadvertently provide a back door for threat actors? Just like salt-typhoon? How are these government employees supposed to be added? How would this system allow the government to simply join and leave chats (are you suggesting that the company Signal itself would add these individuals to the chat)? Furthermore, do these government employees only have “read access” to the messages in your version of said solution?
4.) Are you asking if, by law, the only way to access that chat would be with a warrant, based on suspicion of criminal actions?
@anon52464727 This is actually completely true. Gmail email are encrypted.
Default encryption at rest | Documentation | Google Cloud)%20algorithm%2C%20AES%2D256
Google and you the user are the only one with access to them. @hulksmack is right.
Google is extremely secure and private. But just not private to Google. They do not sell your data or share it. As, the data they keep are their profits. They don’t want other companies having it. Google instead give out only short descriptions to advertisers.
As in
- Male
- 20-25
- Married or not married
- Kids
- Likes surfing
Google does not disclose personal information to third parties. However, it does collect such information to create profiles. To then get the right advertising to the consumer.
Third-party cookies and other techniques bypass Google and collect personal information about you, which is then linked to Google’s data. While Google doesn’t sell this personal information, it lacks control over the third-party cookies and technology responsible for collecting it.
2 Likes
I wouldn’t give the decryption keys to the police directly. I would aim to provide some sort of a standard for an API that could be used to request certain types of data and I would impose strict limitations on the people who can do that to reduce the possibility of abuse as much as possible.
Reduced security. This could probably be done for services where the company has access to the data. For services like Signal this would make things harder for Signal, the security would suffer.
The Signal chat group thing was merely making fun of the other person saying that encryption is not encryption if someone from the government has access to it. Disregard that part, it’s just a caricature illustrating that technically it is not true what the other person said 
I would vote on not giving the government a way to monitor everything 24/7. I would lean towards giving a standardised way to request for certain type of data quickly that could possibly go through some API that the company owns. The company would still have control of the data, so the security risks would be lower than just giving the government decryption keys to the whole internet.
1 Like
In my mind and with my thinking on the matter, if encryption is not E2E, it may as well not exist. We’re talking about privacy and security here. I see little to no purpose of non E2EE especially when it comes to emails and messages or any correspondence. And if Google does have access to your account in that they technically have the capacity to view your data as you do, then I don’t see the point of having encryption if it is not E2EE.
Do you not see the irony and the contradiction in this statement itself?
Also, different jurisdictions define “sell” differently - as even sharing access to your data through or by a proxy Google may make to keep it “private” but it’s still selling.
This topic is not this simplistic and straight forward.
@anon24541166 Thanks for your questions. It feels refreshing to discuss something more concrete.
I just wanted to note that I personally don’t like what many legislators are proposing. I also don’t like the way the blog post is written. I respect PrivacyGuides and I think their team is doing great work. However, I think that these kind of articles are not going to fly in the way they’re written.
Using expressions like “encryption is a protective shield” or “war against encryption” sounds like they’re coming from an extremist who is fear mongering. I know, kind of like what the legislators are doing when they say stuff like “fight terrorists” or “protect the children”. Now it feels like both sides are trying to use fear to force people to a specific direction.
Plus, I don’t get the whole thing about encryption being a crime. I haven’t heard anyone saying that, so I’m not sure who the author of the blog post is addressing.
I think the government’s intent is not to make encryption illegal. They want access to data when investigating criminal activities. When they go to Google or Facebook, they can just ask them to provide the data. When they go to Signal, they are told this is impossible. This is a problem for them, so they want a way to access it. I think the government wants any company or a developer to keep track of certain data for 1-2 years so that it can be requested by the authorities with a warrant. This is not saying they are trying to destroy encryption. Of course, in cases like Signal, end-to-end encryption would be compromised because the developer/company would get access to the data.
2 Likes
There was literally a SC case about this exact thing. They were trying to make it illegal. One of the lawyers who is now with EFF was the one who defended and won and encryption remained legal in the US ever since.
This is what I mean by when I say, please read up on it a little because some things are just not how you’re explaining here.
I love the double emphasis: “my mind”, “my thinking” 
@basenote Are you really trying to tell us that you don’t see the point of having encryption when it is not end-to-end? Would you rather let Google store everything in plaintext on their servers? Would you not encrypt the traffic in transit?
1 Like