[azurelogic]

I'm by no means going to support government attempts to ban encryption, but assuming 100% virtuous purposes (e.g.: counter-terrorism efforts), I can understand why they think this will work. I mean, they think that passing laws on guns and drugs will stop those things.

The fundamental problem is that the government and the public do not understand that powerful encryption will exist forever now. The cat is out of the bag, and the bag has disintegrated. You can't ban the ideas, and you can't stop them from being implemented in the shadows. Even worse for them, there's nothing physical to find. You can't train a dog to sniff out encrypted data. Banning it now only hurts honest uses, like protecting financial transactions and medical records.

[halostatue]

Thing is, gun control laws work. See Scotland after Dunblane, Australia after Port Arthur. See Canada’s per-capita murder rate and gun death rate in comparison to those of the U.S., where gun control laws are essentially nonexistent.

Passing the right laws on drugs (abuse) works (see Portugal). Prohibition doesn’t, but treatment does. (And, the truth is that the drug laws in the U.S. are working; they just aren’t working for the citizenry, but the police state. This is by design, and there’s a not-insignificant marginalization/targeting of minorities by design in these laws, too.)

Encryption is…rather more subtle to deal with, because you cannot weaken it for one purpose without weakening it for all purposes, because math and physics. Better that they work on laws that target actions and behaviours rather than technologies. Then again, any time I see a politician talking about terrorism, I recognize that they are attempting to increase their own power at the expense of those without power to begin with.

[azurelogic]

I agree about "right" drug laws, but many of the countries supporting this idea are not "right" drug law kind of places.

As for guns, they trot out "terrorism" as the reason for wanting to get rid of encryption. Well, gun laws have yet to stop terrorism. If they couldn't find a gun, they made a bomb, or they used an airplane, etc.

[halostatue]

Strong gun laws have, in fact, stopped most mass killings in places that have them. Not entirely, obviously (the mass attack on the Bataclan theatre and elsewhere in Paris in 2015), but these are exceptions.

In the U.S., there have been more than one mass shooting every month in 2017 even under the most ridiculous definition (4+ people killed, indiscriminately, in a public place; this would not include someone who killed 5 people in a targeted manner). Using a looser definition (4+ people killed or injured), there have been almost 7 per week in the U.S.

There have been far fewer than that in Canada. In Toronto, there have been 26 murders total, and perhaps two “mass shootings” by either definition. The main mass shooting story in Canada this year is the terrorist attack on the mosque in Quebec. In the U.S.? Too many to say that there’s a main one (although the attack on the Congressional baseball game will probably be the one that gets talked about).

Source: http://www.cnn.com/2017/06/15/health/mass-shootings-in-2017-...

[jahnu]

> passing laws on guns and drugs will stop those things.

Problematic comparison. Politics aside, gun laws can definitely achieve publicly desired outcomes. E.g. handgun ban in Australia. Drug laws mean your paracetamol won't poison you.

Encryption laws where you want to have your cake and eat it are a very different matter.

[azurelogic]

Gun regulations and drug bans do not stop the worst of the worst from getting their hands on those things. They will literally manufacture their own guns and drugs if they have to (see marijuana grow ops and this Vice article on cartel gun makers https://motherboard.vice.com/en_us/article/78xa99/the-cartel...). Banning encryption will not stop the underbelly of society from using it either. They'll just hire some black hats to build it for them.

[s_dev]

>I'm by no means going to support government attempts to ban encryption

I don't think Rudd, Murdoch or May think encryption ban is possible or even effective at counter terrorism. It's about controlling behaviour.

People behave differently if they think they might be being watched. Self censorship is better than any encryption ban.

[azurelogic]

I doubt that. They very much want to read people's email, etc. At a minimum, they want to do it to find terrorists. The maximum is just corrupt without bound.

[knodi123]

> You can't train a dog to sniff out encrypted data

?? But you can easily train a computer to. I mean, it's expensive as hell, but if all encryption is either back-doored, banned, or weaker than a newspaper cryptogram, then yeah... sure. Encrypted data is easy to find - it's the data you can't read.

[arghwhat]

No you can't.

The data you can't read is not only encrypted data. Most unencrypted data will be data you can't read, due to there being absurd amounts of file formats and protocols. How do you intend to be able to validate that the content of all, say, CAD and 3D model files is not malicious? How will you deal with new codecs? New network protocols?

Encrypted data is, unless the protocol is severely broken, almost indistinguishable from random data, which without context and knowledge of all file formats and protocols in the world, is indistinguishable from most real, unencrypted data. And not only that, you can hide information in almost any data type. Encrypted content can be hidden in a perfectly normal looking picture or video just fine. Look up steganography.

Encrypted communication cannot be detected in any sane manner.

[knodi123]

> Most unencrypted data will be data you can't read, due to there being absurd amounts of file formats and protocols

Well I sure couldn't read it, but the NSA could.

> How will you deal with new codecs? New network protocols?

With a massive staff and constant influx of money. I did say it would be expensive. Still, I think it's within the reach of state-level actors.

> Encrypted data is, unless the protocol is severely broken, almost indistinguishable from random data, which without context and knowledge of all file formats and protocols in the world, is indistinguishable from most real, unencrypted data.

Sure- context is a critical tool. I don't know why you stipulated "without context", though.

> Encrypted content can be hidden in a perfectly normal looking picture or video just fine. Look up steganography.

UNencrypted data can be hidden in the same way. I know what steganography is, and sure, the art of hiding data is a great way to hide data. Separate issue, though.

> Encrypted communication cannot be detected in any sane manner.

I think the facilities and manpower for detecting unauthorized use of encryption would indeed be insane, from several perspectives. And it would require a bunch of legislative support, too. But WITH legislative support, mandated back doors, ISPs that are cooperative, shitloads of manpower and money.... Yeah, I think it would be possible to detect encrypted traffic. Could a person who hadn't already attracted the attention of the "agencies" choose to hide small amounts of data in an innocuous file? Sure, but they could glue an SD card to a homing pigeon, too. I'm thinking more of PGP, SSL, VPNs, WhatsApp and the like.

[arghwhat]

No amount of staff will be able to predict file formats and protocols before they are designed, and unless file formats and protocols are permitted prior to being "understood" by this hypothetical internet filtering agency, then no new formats or protocols can be formed, or even updated. However, permitting them prior to being understood also mean that arbitrary traffic will be permitted, as long as the formats and protocols mutate faster than they are implemented by the bad guys (the state-level actors you describe).

The only scenario where I can think of a setup where a filtering agency would be able to block "dangerous content", while still permitting legit use, would be one where each and every file format and protocol creation/update would require applying for a permit to the respective agencies in every country where the format is to be used. The absurd bureaucracy this would entail, such as the time it takes for the agency to write some form of verification, would kill most, if not all, innovation. The only innovation I could imagine still living in such an environment would be circumvention efforts.

Furthermore, steganography is not a separate issue. In the hypothetical scenario where this is both possible and the resources for this exercise are present, the entire exercise becomes moot once you realize that you can encode anything as a jpeg or video file with a minimal overhead. Applications would just all implement protocols that exchange JPEG's or MP4's with a small overhead, leading to no traffic being stopped as "unreadable".

And before you ask: Detecting such measures is not possible in the general case.

[allenz]

It's not that easy because computers can't read most data. How would a computer know whether an image/video file contains an encrypted message?

https://en.wikipedia.org/wiki/Steganography

[knodi123]

Steganography is a separate issue. The art of hiding data is a great tool for hiding data, encrypted or non.

[WJW]

That assumes you are aware of every file format ever and can also spare the resources to search through every file. Otherwise, the inside of a large compressed file has about as much entropy as an encrypted one.

[QAPereo]

History would seem to suggest that it will be trivial for people with bad intentions to sway public opinion against encryption as they did in the past against things like cannabis, or the many books which have been banned. All it will take his associating encryption strongly with the despised group and that will be that for decades. I want to believe otherwise but it's happened with issues much simpler and much easier to understand than encrypted data.

[azurelogic]

I don't disagree that they could succeed with this method of attack. The problem is that it doesn't solve any problems. Encryption is a thing that humanity knows about. It's not going away. We're not going to stop knowing how to make guns, knives, drugs, or anything else that has been banned. And encryption just requires some computers. They're ubiquitous now. Encryption is baked into so many things that it would be impossible to stop as a concept.