EU agreed to "ban" encryption

Sure but software can be used, and is used to facilitate physical crimes. (IE: Terrorism) Depending on the nature of digital crimes, you might feel differently if it affects you. What if your bank account could be stolen through a digital crime, and never recovered because of encryption. (strawman perhaps, but you see what I mean.)

1 Like

I wouldn’t want to pay the price of total surveillance every day of my life, from the cradle to the grave, on the off chance that one day I may be the victim of a digital crime.

5 Likes

That is a choice you can make because it affects only you. But what if the consequence affect more than yourself?

People using a chat program to plot a bombing, etc. This affects more than one person. What about then?

1 Like

These are no new plans and we can still use open source encryption. Also better then heise.de is netzpolitik.org (also German page). So at least for Librem 5 it shouldn’t change a lot.

But that doesn’t mean that this is not dangerous… in fact, it is very dangerous…

1 Like

That’s getting into pre-crime, which is even more dangerous territory.

Now if you’ve said … the bombing actually occurred and, say, one perp was splattered over the crime scene and hence there was no doubt of that person’s (theoretical) guilt but the authorities want to know, of the N people communicated with by the perp in the months leading up to the bombing, whether any of them were co-conspirators …

… still “no”.

We’ve kind of done that in the real life with the San Bernardino shooter, and the attempted legal action against Apple, which is kind of what started all this.

So the obvious conclusion is: if you are planning a mass casualty attack (in the future), don’t use a phone whose software has been compromised by the authorities.

2 Likes

I guess this is because no EU country is buying Crypto AG’s products anymore!

1 Like

I don’t know. Where I come from encryption is to keep things secret. There is this creeping insistence that for things to be private they need to be secure. I just don’t really agree with that.

I think if someone wants to encrypt everything they do, they totally should be allowed to. I don’t think their encryption should have a back door. But I don’t think the same privilege should be lent to criminals. Of course how that would be implemented is perhaps dangerous and so I don’t have an answer for it. I don’t think law enforcement and governments are necessary wrong for looking for a solution to the problem, but I understand the resistance we all have to the idea.

2 Likes

What is the difference of the situation where several people got together hundreds of years ago, to plot crimes and to commit those crimes, and people doing the same thing today? There was no routine electronic surveilance in previous generations, and society could be managed then. It’s not like humanity will collapse in to chaos if we can’t spy on everyone all of the time. We didn’t start trying to listen-in to everyone’s conversations all of the time until just the past twenty or years or so. And society did just fine up until then. We just need to respect everyone’s privacy and prosecute crimes that actually get committed, not the ones that might be committed if we don’t spy on everyone. Law enforcement has the ability to investigate anyone’s lives they want to investigate, if we give them a reason to investigate us. It’s not so much the privacy intrusions alone that violate our rights. It’s the routine searches of our private information without cause, and the cataloging and indexing of our actions/information that are so intrusive. I don’t care if the authorities have the ability to surveil me as long as they do not do it routinely and without cause. Any system that catelogues my information needs also, to require a permanent record of who accessed my information, and why. People in positions of authority should be fired and prosecuted for accessing private information without an official legitimate reason. The ability to have private conversations (encryption) needs to be protected and not subjected to suspicion for its own sake.

6 Likes

It is interesting that nobody can be sure whether targeted online advertising actually works or not. From that perspective, Purism has the right strategy of producing articles/videos that people read/watch and that tech sites will cover, rather than paying for targeted online advertising.

However, it is clear that companies that don’t think about PR at all simply don’t work. Look at how few pre-orders that the MNT Reform has gotten, when it does almost no PR. I consider most PR to be a waste, but I have to admit that Purism got orders because it does PR, which causes tech sites to cover the development of the Librem 5.

The real issue for me is whether all that data that has been collected for targeted online advertising will be used for more than just advertising and who gets access to that data. The next time that I apply for a job, will my future employer use that data to find out which political party I support, what type of people I associate with, what my medical costs will be, whether I am likely to get divorced, have children or have a crisis that may cause me to miss work? Will a government use that data to track me and monitor my political activity? Do I have to worry every time I decide to sign a petition or march in a protest that I am being added to a watch list or may not be able to ever get a government job?

Just to use some examples from my life, 25 years ago, I was a volunteer at a humanitarian organization that provided shelter to undocumented immigrants. I was told by the founder of the organization that the US government was likely to open a file on anyone who volunteered there and he showed me his own FOIA request that was 20 pages long. I helped cofound an anti-war student group in 2003, and later found out that the DoD had a program to track the activities of all the anti-war groups, and we had incidents that lead me to believe that our group was being spied on.

2 Likes

You remind me of the old story of the air ducts attached to the chimneys at the American embassy in China. No electronics involved at all but the air ducts were directed so Chinese agents could listen in next door. I also recall it was an old building hence the chimneys. Or it could just be an old story, or maybe I got the country wrong.

Yes, there are two types of advertising: 1: informative; and 2. branding.
With respect to the latter,

by the end of the nineteenth century women’s magazines, for example, were aimed at particular income groups and sought to foster a sense of the appropriate lifestyle that could
be attained through consumption (Leach 1993). Today, mass media transmit brands and logos that proclaim the wearers’ and users’ claim for status. Moreover, desire in this form of
consumption is inherently insatiable in that new limitless wants can be created by the constant and continuous cultural repackaging of human needs (Baudrillard 1988: 22). (Ingham, Capitalism: p.103)

Just a thought: In the good old days using paper and metal money only, once the money was stolen, it was stolen. No one could easily bring it back (and usually in most cases nobody - not even the police - really helped you, if we were not talking at least 6- or more digits that got amiss).

Same - at least thought to be so - about letters. Letters used to be said to be secure. The term Postage-secret (german Postgeheimnis) used to be a standard. Same as with doctors and lawyers.

Now - since we have gone digital, everything is traced. Everything is being observed by somebody. Now even encrypted information shall be opened and traced.

What i’d like to try to show is a tendency over time to go from very private - everybody cares itself, almost no problems and not much fuss to privacy almost forgotten. And even here among privacy-minded people there are thoughts - absolutely legitimate - that for crime-prevention and co those non-privacy-things might be a must.

Let’s remember the good old days with paper and metal money. We used to live with privacy. And that one in quite a nice and comfortable way without as much fuss as we see nowadays. Beware the tendency…

2 Likes

Thread title seems pretty misleading. EU doesn’t appear to have “agreed” at all these are merely draft proposals and there doesn’t seem to be much reason for thinking it’ll be accepted and implemented? Many aren’t after all.

Even if the European Council accepted the proposal without any amendments, the European Commission would then still need to enact legislation to that effect.

I’m definitely not saying this is a good thing or that it shouldn’t be fought, but at this stage it seems a little exaggerated.

2 Likes

So they were saying about ACTA. Those things must be snuffed out immediately, or they get out of control.

1 Like

I find it interesting that whenever the US does something like this people talk about how much better the EU is about privacy and how great GDPR is, but when the EU is the bad guy it’s the fault of “Five Eyes” and, inevitably, the US specifically.

On a very shallow, emotional level, sure, I don’t want the bad guys to have anything to hide behind. But when you consider that breaking encryption for them hurts the ability of innocent people to protect themselves, and even foregoing all emotional arguments and looking at it as a matter of principle where you’re trading privacy for security, I can’t agree that there would ever be a case where I would agree with a government mandating that encryption be broken.

1 Like

Indeed. Prosecuting criminals while not backdooring everyone on the planet is tricky. It is not possible to know in advance which people are the criminals - and I wonder whether we would want to live in a world where that is possible.

One observation that I would make though: Governments are keen to use fear in order to drive increased mass surveillance and other human rights abuses. Even with a successful terrorist mass casualty attack, your probability of dying remains very very low - there are far far greater risks to you where the government is happy to sit idly by and do nothing, or take relatively ineffective action. The terrorists aim to create fear that is disproportionate to reality and governments aim to use (at least, if not also create) the same thing.

So the question is … how low would that real probability have to go before you would say “no” to mass backdooring?

what most people don’t realize is that even if encryption would be broken and somebody could read/copy/store (in plain text) the conversation between two people talking about doing something horrible somewhere, for this method to be effective it would have to mean that whoever is investigating also has access to a slew of other information about the suspect in order to determine if what is said is merely a bluff/prank or simply some angry teenager venting or an actual threat.

does the level of information/knownledge/experience required for investigator(s) to posses about the mass population, in order for what i described above to be effective, NOT concern YOU ???

before 9/11 this whole thing about organized-international-terrorism thing wasn’t even that known about in the mass population, only after it happened in New-York that it started to be used by the military-intelligence-apparatus as a trojan-horse for invading other countries that were on the agenda …

are any of YOU a construction worker / construction engineer ? how does a tower like the WTC fall in a perfect-vertically-controlled manner just from heat from the fire at the higher levels of the building all the way down, floor after floor ? does this whole thing not ring any bells for you guys ?

In the current context where governments are unaccountable and able to conduct mass surveillance in secret, mandatory backdoors for governments seems out of the question for me. However, I might be convinced if there is true democratic oversight, where all requests by the government to use the backdoors have to be approved by a citizens’ board rather than a secretive, rubberstamping FISA court, and all decisions will be made public after 7 years, so people can check whether the government and citizens’ board are abusing their power.

Of course, if there are mandatory backdoors, there is a greater likelihood of devices being hacked, so there are tradeoffs.

7 years is too big a window for evil to spread. i’d give it 1 year at maximum for the whole process to start and 3 years for it to be completely and thoroughly finalized.

2 Likes

… and you know what they say about it being easier to ask for forgiveness than to ask for permission.

1 Like