Of course they are going to ask, and legislators will weigh the political cost/benefit to it.

My impression from the previous crypto wars and the skirmishes that have followed is, as technologists, we take a very tactical view of technology, and underestimate the intentions of people who understand power and politics the way we understand information systems.

The way we see the security of a system, they see the sovereignty of a state. Just as incompleteness in our code can yield system level compromises, incompleteness in their ability to apply their rules to their territories and domains also yields compromises that makes the whole system untrustworthy.

I don't agree with what I perceive as their Hobbes-ean need for total control, where I think the localized, depth first absolute authority of a state becomes malignant when it is applied breadth first and in totality to all aspects of life, but you can sympathize with the urge without agreeing with it.

They should be mindful that post-Snowden, no matter how large the field we live in, people have seen the walls and bars at the perimeter, and that broad perception is likely a greater source of instability than any gaps in the ability of the state to enforce them.

Viewed this way, the 5Eyes statement seems unwise.

Ultimately these governments can break security at any level. It’s not just the encryption or the apps — if they require the OS manufacturers to cooperate with them, they can record all user input and output. Likewise hardware manufacturers.

It’s not just phones or computers, either — The UK was well known for having high CCTV density well before the proliferation of low-cost digital cameras; By my estimate is now well within government spending limits to put all movement under surveillance by putting cameras on every corner which combine ANPR and facial recognition to cover pedestrians and cyclists as well as motorists; and laser diodes are so cheap every window, never mind person, can be surveilled with laser microscopes.

This is also cheap enough for criminals to do it. I recently got (fake) scam blackmail emails demanding bitcoin under the threat that they had used my webcam to record me watching porn (duct tape over my webcam says they didn’t), but imagine a local crime gang doing that with a drone pointing at your window.

We have to change a lot of stuff in out society very quickly to keep us all safe. We need a world where none of us need secrets, because very soon we won’t have the ability to keep them. We also need the ability to survive ourselves breaking the law, because the law was created with the (at the time reasonable) belief that only important violations would be brought to the attention of the authorities, because most of us can’t get through the day without violating several [1], and because even though current state-of-the-art A.I. can’t automatically enforce all those laws, we should assume that is coming.

But not just what, also how fast it changes and how slow we react: How long ago was it demonstrated that keys can be duplicated from a single image taken by a telephoto lens? And how many keys have been made safe against it since? The only thing keeping us safe is that even the bad actors aren’t keeping up with the tech. That isn’t good, because it means that whoever does use it will look, what’s the phrase, “indistinguishable from magic”.

[1] https://mises.org/library/decriminalize-average-man

It feels weird to read stuff like this, really.

What they want is to be able to wiretap people, without them knowing. Because if encryption is what's bothering them, you can get a warrant, seize the phone and/or computer, and make the owner unlock it / give you the keys, by law.

It is perfectly logical and lawful. However, if unwarranted (in the sense of without a warrant) wiretapping is involved, then yes, encryption "hinders the law enforcement". Except it doesn't. Because as mentioned earlier, just get a warrant, and make the owner unlock / give you the key, by law.

It doesn't hinder the law enforcement, it hinders the intelligence agencies work and makes it less invisible. And I kind of think that's a good thing too.

Let's not kid ourselves. Surveillance moves like this are about control, not security, and especially not about national security. If anything, moves like this actually weaken national security by forcing bad standards and backdoors on people.

The 1946 USUK act that officially created the five-eyes in the first place post-Atlantic treaty needs to be completely re-evaluated and potentially scrapped.

As I see it, any system that can be compromised to pwn malefactors - even the most conceivably horrible terrorists and criminals - cannot be trusted. And notwithstanding all the slander and conspiracy theory, Tor is perhaps the only working example of a compromise-resistant system. Unless it actually is backdoored, anyway.

Obviously, the Five Eyes don't see it that way. But I gotta wonder how commonly Tor is used among TLAs, and how the debate goes, if it is. Because this would destroy Tor. Unless operators were totally anonymous, and relays only stayed up until targeted.

Surely the final solution to this problem is a community-based one - one that decentralises the tech giants?

I'm still struggling to figure out why a cohesive, widespread, community-driven solution hasn't emerged yet. Anybody have any ideas as to why?

I think this is quite similar to ad-blocking. If ads would have stayed small instead of becoming assholes, nobody would have adblockers. And if the intelligence agencys wouldn't spy on anyone but only with a court-order, encryption wouldn't be that interesting as well.

This seems like a pretty empty threat. The government already has the authority to demand lawful access. "Lawful" includes a warrant. If the government wants to show up with a warrant, I expect companies to aid the government in gaining access to legally-relevant data. If they want help in a broad-spectrum fishing expedition, the US at least has no clear affirmative authority and a small pile of legal precedent based upon the Fourth Amendment that says they in fact lack that authority.

The fact they had the technological capability previously to act without Constitutional authority is irrelevant. Show up with a warrant or go pound sand.

Simply put, actions like this reaffirm that encryption works. Use it.

undefined

I would refer people to these two posts about this subject:

https://www.schneier.com/blog/archives/2018/09/five-eyes_int...

https://boingboing.net/2018/09/04/illegal-math.html

Basically, crypto backdoors are a very bad idea.

Maybe this is a stupid question, but if the tech industry claims that you can't make a backdoor safe, how do they keep safe their update mechanisms? Aren't they basically backdoors-by-design?

undefined

> part of an escalating war between government officials and Silicon Valley over access to people’s private data

Who is missing from that competition?

I'm purposely misconstruing the meaning, but it makes an ironic point. Remember that most of these tech companies make money by collecting and using the same data they claim to protect, and some provide it to the government.

Legislators don't seem to understand that backdoored crypto is bad crypto.

If I write a chat app that uses strong encryption, with the keys stored on each user's device, there are no legal grounds for me to modify any part of my app if the government wants access.

It's likely the 'Five Eyes' already have access to all or most data from the level of telecom equipment. This is probably why they banned Huawei and ZTE.

What can we do about it?

Previous discussion: https://news.ycombinator.com/item?id=17898498

Fascism.

As an aside, I recently came across the argument that programs like Five Eyes were designed because of mass infiltration of immigrants/others who are not designed for Western ideas/government and that it's the price that people pay for relegation of their freedoms. So I might have been living under a rock but this argument is on the alt-right for what it's worth but I'm not entirely sure how to process it. In the sense that there's far too much irony and the lack of a unified framework of laws that work towards humanity maybe? (Sorry for the incoherent thought but I had to get this off my chest)