[api]

This is all true, but I think encryption backdoors are more possible than people think.

The target here is not nerds able to pull code from GitHub or run open source or enterprise software. The target here is consumer stuff by companies like Apple and Google. The government doesn't want it to be easy to do end-to-end encryption.

For the average user, easy equals possible. The average user has neither the time nor the expertise to roll their own solution or run nerd tools. Look at how PGP/GPG's complexity and absolutely horrible UX (even for technical users!) has prevented e-mail encryption from ever taking off.

This reminds me of what a government guy told me about crypto export controls. Yes, they know that crypto export controls won't stop nerds using GitHub. What they want to do is to stop IBM, Google, Apple, Cisco, Juniper, etc. from selling ready-made polished crypto products to blacklisted countries.

In both cases I think the target is large corporations not individuals and the goal is to make crypto hard and keep it out of the hands of the average user or less-technical foreign organization.

That being said I still don't think it'll work. Just pointing out the thinking that's going on here.

[short_sells_poo]

> That being said I still don't think it'll work. Just pointing out the thinking that's going on here.

The problem is that this either shows a stunning amount of ignorance or deliberate malice.

Let's just go back and consider that the government does not want the average user to have strong encryption. What is the play here? The average user is almost by definition not the bad guy, unless we consider the population at large to be criminals by default. Is the government trying to dragnet the entire population and keep everyone under the thumb for minor infractions? Because that's the only feasible target here. Barr can froth at the mouth, mad as the dickens, it won't prevent Bad Guys from using strong encryption. So his only feasible target is the (mostly) law abiding population.

The other point, preventing the likes of Google, IBM, Apple, et. al. of selling devices with strong encryption to blacklisted countries again shows either ignorance or malice. As parent wrote, encryption is just math. Are the government agencies so shockingly uninformerd that they think that in absence of secure IDevices, north korea will be forced to use backdoored technology?

The spread of physical goods can be controlled (to some degree), but the spread of information can at best be slowed down, but not stopped. Doubly so if there are already existing methods of secure communications that the government cannot efficiently crack.

The only conclusion I can come to is that they are well aware that they cannot catch any serious Bad Guy using mandated backdoors. Serious Bad Guys will use strong encryption anyway, they will cover their tracks and won't care what is legal or illegal (in the US). Furthermore, against targets like these, there are already time proven methods of infiltration, social engineering and good old fashioned bribery.

This only leaves the option of taking secure communications away from the population at large, perhaps because the government feels threatened from too many people being able to share ideas? I was never one for tinfoil hattery, so my hope is that I'm wrong.

[ewzimm]

This idea represents the best possible compromise to the situation outlined here. I think we should all be crypto hardliners in the sense that we refuse to allow laws against certain kinds of math, but at the same time, we may have to compromise on government access to keys once they have been handed over to a third party.

If you have not handed your private keys over to anyone, they should be yours alone, but once you have uploaded your private keys to a coroprate cloud server, you may have to accept that law enforcement will be able to get warrant access.

This won't solve the problem for law enforcement, but it will make it easier to catch lazy people while preserving the option for full security for those who want to control their own data.

[awakeasleep]

The scenario you described accomplishes both goals.

By banning 'the masses' from using encrypted communications, it'll sort the haystack and everyone who continues to do so can be profiled, plus they're already involved in illegal behavior.

[dewaine]

You better believe I would start streaming random data all over the internet just to be an asshole

[inetknght]

Then, in the US, you have obstruction of justice and/or interference with police/peace/public officer.

[dewaine]

I think it's more of a protest, or am I not allowed to email myself numbers?

[inetknght]

You are, up until the point where it's cost a law enforcement officer time to determine that either the numbers are intended to waste their time or that the numbers are a hidden/unbackdoored encryption. Then you're GG SOL

[dewaine]

You literally cannot prove it either way, you can't prove it's not enciphered data, you can't prove it's not random garbage, that's the point. You can say that 'we could develop a safe backdoored system that will allow only lawful decryption in the event of emergency' in the same way you can say 'we can launch probes made of candy to distant planets that will build cities and plant potatoes for us'. It's a fantasy. The keys will leak, criminals etc will still blend into the crowd.

[adamc]

How so? Couldn't we come up with a way of disguising encrpyted message streams so that they did not stand out? It would be more expensive, and given enough analysis they could probably detect them anyway, but it strikes me as an arms race.