I beg to differ. As long as we have gentlemen like Pavel Durov getting arrested at French airports, it's definitively at technical question. A decentralized and distributed chat protocol with distributed devs and owners would make it impossible to arrest any one individual, and it would make it exceedingly hard to censor such a platform. But you are perhaps a fed? xD
Investigate steganography. Otherwise they will just make using particular applications servicws illegal and selectively enforce it. That's why this problem is not technical
If you need a specialized vacuum to collect shit from the floor, how about... not shitting on the floor in the first place.
> Investigate steganography. Otherwise they will just make using particular applications servicws illegal and selectively enforce it.
This isn't quite accurate. It's hard to ban things that are widely used.
Because of its design, it's very difficult to censor email. You could order some large provider to do it but then people could use a different one. You can get email for free from a provider in another jurisdiction. It's not that hard to start a new one. Trying to ban interoperability with mail servers in other countries would cut you off from the world. It creates a cost for a government that wants to do it, which is a deterrent, and even if they try it's hard to enforce.
That isn't what happens when everyone is using Facebook, because then a sufficiently major government can just order Facebook to do whatever authoritarian thing under threat of criminal penalties and there is no switching to another provider or operating your own Facebook server while still being able to communicate with the people using the existing system.
You want authoritarianism to have legal friction and technological friction against it. They're not alternatives to each other, they're checks and balances.
People keep repeating this defeatist drivel but it's just not true. It's still up in the air whether you can defeat a law using technical measures, but it is a thoroughly settled matter that you cannot legislate away mathematics.
We saw how laws completely failed to make encryption illegal in the 90s as open source encryption code spread rapidly on the internet. "Exporting" encryption software was illegal in many countries like USA and France but it became impossible to enforce those laws. A technical measure defeated the law.
Encryption is just maths. It is the law being unreasonable here, and it will be the law which will ultimately have to concede defeat. UK is the perfect example here - Online Safety Act's anti-E2EE clauses have been basically declared by Ofcom to be impossible to implement and they are not even trying anymore.
"I can still use GPG" isn't a win condition you seem to think it is. Authoritarian governments will be perfectly happy to let you continue using GPG as long as the remaining 99% of society continues using monitored/censored communication apps.
Conversely, as long as the people they actually want to target (dissidents, journalists, ...) use non-compromised E2EE it's not very useful for NSA/GCHQ etc to harvest info about all the cat videos everyone else is watching.
No disrespect intended, but "it's still technically possible" doesn't matter. We, as enigneers, tend to think in absolutes (after all, something either works or it doesn't). Politicians are perfectly happy with a law that is only 80% effective - they would argue that sometimes people break laws against murder, but that doesn't mean laws against murder should be thrown on the scrapheap.
Most people obey the law most of the time. Doing a technical end-run around the law (a) leaves you with very few people to talk to (b) makes you stick out like a sore thumb, at which point you're vulnerable to the $5 wrench.
Did you know that porn was quite severely censored in Norway up until the 90's? But suddenly, the censorship stopped. Why? Because of the distributed quality of the internet.
While the Norwegian state may still wish to continue censoring porn in Norway, they deemed the task too difficult and too invasive to continue, so they just dropped it entirely (except of course for certain extreme fringe cases).
I was personally shown clips by the Norwegian Board of Film Classification in the early 2000's showing both grey zone depictions, and clearly illegal depictions of film violence per the law. I am still traumatized from seeing some of that s*t. Legally btw, since they are a state authority tasked to categorize and censor such media, and also educate people with the right degrees. Yet in that meeting, when I asked them how they're handling censorship now, they kind of just threw their hands up in the air and told me directly that "We only give advice on cinema films these days. Look, we can't very well censor the entire internet without also using either extremely invasive or unfair strategies. If you really want some violent or pornographic movie, you're probably gonna get it no matter what we try to do."
So, the morale of this story is, make something ubiquitous enough, or hard enough to censor, and some states might just give up. If you build a truly decentralized system, good luck censoring it. And that was pretty much it for Norway. They had given up on the idea of preventing people from seeing violent or pornographic contents on the internet.
Within political science we speak about effective ways to participate politically. Sometimes that's not screaming slogans outside some government buildings. Sometimes that's simply building resilient and forward secure distributed systems.
Btw. as a side note, the bad guys are still taken. Instead of thought policing entire populations, they're now tending to the guys doing actual harm. The anti encryption bills are just smoke and mirrors to get you to give up essential liberties, so they get more control. It has little or nothing to do with protecting children and you know it.
> It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer.
I'd say it's actually worse than defeatist drivel, since it actively discourages an entirely feasible strategy of making bad laws difficult/impossible to enforce, and instead encourages people to squander their efforts and resources on fighting all-or-nothing political battles in the context of utterly dysfunctional institutions riddled with perverse incentives that no one at all in the modern world seems to be able to overcome.
The "political, not technical" argument is equivalent to telling people concerned about possible flooding that instead of building levees, they should focus all their efforts on trying to drain the ocean.
> it is a thoroughly settled matter that you cannot legislate away mathematics.
I don’t think this protects us. I view the “encryption is maths” position as referring to backdoor keys.
But this time they figured out client-side mandated spyware is a viable way of breaking e2e without contradicting mathematics.
I hate to get dystopian but we can all see where this is going; “Trusted Hardware” is mandated to run your Government ID app and Untrusted Hardware is illegal because it’s only for criminals and terrorists. Your Trusted Device performs client-side content scanning, it’s illegal to install an untrusted app, and all app developers are criminally liable to monitor for Harmful Content on their services.
This is what we are fighting against. They keep trying and they are getting closer to succeeding. And none of this is incompatible with mathematics; it’s a pure rubber-hose attack on the populace.
Its both, ultimately politics is not all-knowing and you can't stamp out all technical solutions.
Like, breaking encryption is just not possible if the encryption is set using a proper algorithm. Governments try, and they try to pass laws, but it's literally impossible. No amount of political will can change that. Ultimately I can write an encryption algorithm or use GPG or something and nobody on Earth, no matter how motivated or how rich, can read what I encrypted, provided I do not let out the key. If I just keep the password in my head, it's impossible.
So, until we invent technology to extract secrets from a human brain, you cannot universally break encryption. Its just not possible. Doesn't matter if 7 billion people worldwide vote for that. Doesn't matter if Elon Musk wants it. Doesn't matter if the FBI, CIA, and the NSA all work together.
It's not a technical problem. Chat Control wasn't about breaking encryption, it would bypass encryption with client-side scanning. It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it.
It's also not a technical problem because technical solutions (like GPG) already exist. The problem is political (stopping these authoritarian laws) or should that fail, social (convincing people to inconvenience themselves with alternative communication apps that aren't available on app stores)
> It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it.
That's the same 99% of the population whose motivations and priorities define the incentive structures applicable to politics. If 99% of the population don't care about your issue, you're not going to win the political fight without quite a lot of leverage attached to entirely unrelated issues.
So the choice is between creating impediments to the enforcement of this bad policy, and at minimum using technology to establish a frontier beyond which it can't reach -- one that is at least available to those motivated to seek it out -- or instead surrendering completely to politics controlling everything, with it being almost a certainty that the political process will be dominated by adverse interests.
> It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it.
It targets the 99% of the population who do not care about your absolutist stance on encryption, do not care about the technical reason you can't have simultaneous perfect encryption and a gov backdoor, and do not care about math.
They care that the world changed pretty much overnight, and they are tired of finding out that their children have been solicited for sex by strangers on the internet and platforms have done everything possible to NOT address that problem.
People are tired of being victimized, tired of not having some control over what their children are able to interact with, tired of being blamed for giving their kids access to the internet while their kids are required to use the internet for things like school
It's utter insanity to think parents wouldn't rather just cede some freedom to have a fighting chance of bringing up children the way they want, of being able to keep them safe from literal pedophiles. That's not apathy, that's a difference of priorities.
The entire history of human civilization is the story of ceding certain freedoms for some sort of stability. Parents will happily run government code on all their devices if it means the government strings up pedophiles every week.
The internet has been the single largest boon to pedophiles and people making and distributing child porn ever, and parents are tired of waiting for Google and Facebook to hem and haw about how they can't afford to fix it and wont even try.
If you want to stop things like Chat Control, give parents an alternative that doesn't take enormous effort to learn and understand, that actually works, that doesn't put the onus on them to magically be able to police every single HTTP request their child's devices make without even giving them the tools to do so. Stop blaming parents for not parenting hard enough. You have no idea how absurd this entire situation is for parents who aren't tech experts.
And no, child parental controls on devices right now are utterly unsophisticated, and utterly useless at stopping this. Parents will turn on as much tracking as they can, and STILL find out their kids figured out a fairly trivial way of bypassing it.
Stop ignoring the very real problems that modern parents are faced with.
I beg to differ. As long as we have gentlemen like Pavel Durov getting arrested at French airports, it's definitively at technical question. A decentralized and distributed chat protocol with distributed devs and owners would make it impossible to arrest any one individual, and it would make it exceedingly hard to censor such a platform. But you are perhaps a fed? xD
Investigate steganography. Otherwise they will just make using particular applications servicws illegal and selectively enforce it. That's why this problem is not technical
If you need a specialized vacuum to collect shit from the floor, how about... not shitting on the floor in the first place.
> Investigate steganography. Otherwise they will just make using particular applications servicws illegal and selectively enforce it.
This isn't quite accurate. It's hard to ban things that are widely used.
Because of its design, it's very difficult to censor email. You could order some large provider to do it but then people could use a different one. You can get email for free from a provider in another jurisdiction. It's not that hard to start a new one. Trying to ban interoperability with mail servers in other countries would cut you off from the world. It creates a cost for a government that wants to do it, which is a deterrent, and even if they try it's hard to enforce.
That isn't what happens when everyone is using Facebook, because then a sufficiently major government can just order Facebook to do whatever authoritarian thing under threat of criminal penalties and there is no switching to another provider or operating your own Facebook server while still being able to communicate with the people using the existing system.
You want authoritarianism to have legal friction and technological friction against it. They're not alternatives to each other, they're checks and balances.
People keep repeating this defeatist drivel but it's just not true. It's still up in the air whether you can defeat a law using technical measures, but it is a thoroughly settled matter that you cannot legislate away mathematics.
We saw how laws completely failed to make encryption illegal in the 90s as open source encryption code spread rapidly on the internet. "Exporting" encryption software was illegal in many countries like USA and France but it became impossible to enforce those laws. A technical measure defeated the law.
Encryption is just maths. It is the law being unreasonable here, and it will be the law which will ultimately have to concede defeat. UK is the perfect example here - Online Safety Act's anti-E2EE clauses have been basically declared by Ofcom to be impossible to implement and they are not even trying anymore.
"I can still use GPG" isn't a win condition you seem to think it is. Authoritarian governments will be perfectly happy to let you continue using GPG as long as the remaining 99% of society continues using monitored/censored communication apps.
Also you will be easily identified as problematic by your use of GPG/PGP.
VPN's provide privacy by blending your traffic with others. If you stand out...
Conversely, as long as the people they actually want to target (dissidents, journalists, ...) use non-compromised E2EE it's not very useful for NSA/GCHQ etc to harvest info about all the cat videos everyone else is watching.
3 replies →
No disrespect intended, but "it's still technically possible" doesn't matter. We, as enigneers, tend to think in absolutes (after all, something either works or it doesn't). Politicians are perfectly happy with a law that is only 80% effective - they would argue that sometimes people break laws against murder, but that doesn't mean laws against murder should be thrown on the scrapheap.
Most people obey the law most of the time. Doing a technical end-run around the law (a) leaves you with very few people to talk to (b) makes you stick out like a sore thumb, at which point you're vulnerable to the $5 wrench.
Here's a funny story for you.
Did you know that porn was quite severely censored in Norway up until the 90's? But suddenly, the censorship stopped. Why? Because of the distributed quality of the internet.
While the Norwegian state may still wish to continue censoring porn in Norway, they deemed the task too difficult and too invasive to continue, so they just dropped it entirely (except of course for certain extreme fringe cases).
I was personally shown clips by the Norwegian Board of Film Classification in the early 2000's showing both grey zone depictions, and clearly illegal depictions of film violence per the law. I am still traumatized from seeing some of that s*t. Legally btw, since they are a state authority tasked to categorize and censor such media, and also educate people with the right degrees. Yet in that meeting, when I asked them how they're handling censorship now, they kind of just threw their hands up in the air and told me directly that "We only give advice on cinema films these days. Look, we can't very well censor the entire internet without also using either extremely invasive or unfair strategies. If you really want some violent or pornographic movie, you're probably gonna get it no matter what we try to do."
So, the morale of this story is, make something ubiquitous enough, or hard enough to censor, and some states might just give up. If you build a truly decentralized system, good luck censoring it. And that was pretty much it for Norway. They had given up on the idea of preventing people from seeing violent or pornographic contents on the internet.
Within political science we speak about effective ways to participate politically. Sometimes that's not screaming slogans outside some government buildings. Sometimes that's simply building resilient and forward secure distributed systems.
Btw. as a side note, the bad guys are still taken. Instead of thought policing entire populations, they're now tending to the guys doing actual harm. The anti encryption bills are just smoke and mirrors to get you to give up essential liberties, so they get more control. It has little or nothing to do with protecting children and you know it.
> People keep repeating this defeatist drivel but it's just not true.
It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer.
> We saw how laws completely failed to make encryption illegal
In the USA free speech rights defeated that law.
> Encryption is just maths.
But nothing in those maths guarantee you the ability to use them legally.
> It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer.
I'd say it's actually worse than defeatist drivel, since it actively discourages an entirely feasible strategy of making bad laws difficult/impossible to enforce, and instead encourages people to squander their efforts and resources on fighting all-or-nothing political battles in the context of utterly dysfunctional institutions riddled with perverse incentives that no one at all in the modern world seems to be able to overcome.
The "political, not technical" argument is equivalent to telling people concerned about possible flooding that instead of building levees, they should focus all their efforts on trying to drain the ocean.
3 replies →
> it is a thoroughly settled matter that you cannot legislate away mathematics.
I don’t think this protects us. I view the “encryption is maths” position as referring to backdoor keys.
But this time they figured out client-side mandated spyware is a viable way of breaking e2e without contradicting mathematics.
I hate to get dystopian but we can all see where this is going; “Trusted Hardware” is mandated to run your Government ID app and Untrusted Hardware is illegal because it’s only for criminals and terrorists. Your Trusted Device performs client-side content scanning, it’s illegal to install an untrusted app, and all app developers are criminally liable to monitor for Harmful Content on their services.
This is what we are fighting against. They keep trying and they are getting closer to succeeding. And none of this is incompatible with mathematics; it’s a pure rubber-hose attack on the populace.
Its both, ultimately politics is not all-knowing and you can't stamp out all technical solutions.
Like, breaking encryption is just not possible if the encryption is set using a proper algorithm. Governments try, and they try to pass laws, but it's literally impossible. No amount of political will can change that. Ultimately I can write an encryption algorithm or use GPG or something and nobody on Earth, no matter how motivated or how rich, can read what I encrypted, provided I do not let out the key. If I just keep the password in my head, it's impossible.
So, until we invent technology to extract secrets from a human brain, you cannot universally break encryption. Its just not possible. Doesn't matter if 7 billion people worldwide vote for that. Doesn't matter if Elon Musk wants it. Doesn't matter if the FBI, CIA, and the NSA all work together.
It's not a technical problem. Chat Control wasn't about breaking encryption, it would bypass encryption with client-side scanning. It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it.
It's also not a technical problem because technical solutions (like GPG) already exist. The problem is political (stopping these authoritarian laws) or should that fail, social (convincing people to inconvenience themselves with alternative communication apps that aren't available on app stores)
> It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it.
That's the same 99% of the population whose motivations and priorities define the incentive structures applicable to politics. If 99% of the population don't care about your issue, you're not going to win the political fight without quite a lot of leverage attached to entirely unrelated issues.
So the choice is between creating impediments to the enforcement of this bad policy, and at minimum using technology to establish a frontier beyond which it can't reach -- one that is at least available to those motivated to seek it out -- or instead surrendering completely to politics controlling everything, with it being almost a certainty that the political process will be dominated by adverse interests.
9 replies →
> It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it.
It targets the 99% of the population who do not care about your absolutist stance on encryption, do not care about the technical reason you can't have simultaneous perfect encryption and a gov backdoor, and do not care about math.
They care that the world changed pretty much overnight, and they are tired of finding out that their children have been solicited for sex by strangers on the internet and platforms have done everything possible to NOT address that problem.
People are tired of being victimized, tired of not having some control over what their children are able to interact with, tired of being blamed for giving their kids access to the internet while their kids are required to use the internet for things like school
It's utter insanity to think parents wouldn't rather just cede some freedom to have a fighting chance of bringing up children the way they want, of being able to keep them safe from literal pedophiles. That's not apathy, that's a difference of priorities.
The entire history of human civilization is the story of ceding certain freedoms for some sort of stability. Parents will happily run government code on all their devices if it means the government strings up pedophiles every week.
The internet has been the single largest boon to pedophiles and people making and distributing child porn ever, and parents are tired of waiting for Google and Facebook to hem and haw about how they can't afford to fix it and wont even try.
If you want to stop things like Chat Control, give parents an alternative that doesn't take enormous effort to learn and understand, that actually works, that doesn't put the onus on them to magically be able to police every single HTTP request their child's devices make without even giving them the tools to do so. Stop blaming parents for not parenting hard enough. You have no idea how absurd this entire situation is for parents who aren't tech experts.
And no, child parental controls on devices right now are utterly unsophisticated, and utterly useless at stopping this. Parents will turn on as much tracking as they can, and STILL find out their kids figured out a fairly trivial way of bypassing it.
Stop ignoring the very real problems that modern parents are faced with.
4 replies →
I would like to introduce you to rubber hose cryptography.
That doesn't work well for mass surveillance of regular people.
1 reply →