Comment by cherryteastain
2 days ago
People keep repeating this defeatist drivel but it's just not true. It's still up in the air whether you can defeat a law using technical measures, but it is a thoroughly settled matter that you cannot legislate away mathematics.
We saw how laws completely failed to make encryption illegal in the 90s as open source encryption code spread rapidly on the internet. "Exporting" encryption software was illegal in many countries like USA and France but it became impossible to enforce those laws. A technical measure defeated the law.
Encryption is just maths. It is the law being unreasonable here, and it will be the law which will ultimately have to concede defeat. UK is the perfect example here - Online Safety Act's anti-E2EE clauses have been basically declared by Ofcom to be impossible to implement and they are not even trying anymore.
"I can still use GPG" isn't a win condition you seem to think it is. Authoritarian governments will be perfectly happy to let you continue using GPG as long as the remaining 99% of society continues using monitored/censored communication apps.
Also you will be easily identified as problematic by your use of GPG/PGP.
VPN's provide privacy by blending your traffic with others. If you stand out...
Conversely, as long as the people they actually want to target (dissidents, journalists, ...) use non-compromised E2EE it's not very useful for NSA/GCHQ etc to harvest info about all the cat videos everyone else is watching.
It won't help you with those specific cases no, but Chat Control would be the perfect tool to monitor and stop the spread of information between regular citizens who are trying to organize against the government, just look at China.
It's not your cat videos they're interested in. When people are protesting against the government it's vitally important that they're able to get information out as quickly as possible, to as many people as possible. If the government can slow that momentum down then opposition fizzles out. Chat Control would do a great job in service of that goal, it's large scale crowd control, not a targeted attack.
But it makes the people they want to target very easy to spot - just look at who doesn't watch cat videos. The absence of data is data itself.
1 reply →
No disrespect intended, but "it's still technically possible" doesn't matter. We, as enigneers, tend to think in absolutes (after all, something either works or it doesn't). Politicians are perfectly happy with a law that is only 80% effective - they would argue that sometimes people break laws against murder, but that doesn't mean laws against murder should be thrown on the scrapheap.
Most people obey the law most of the time. Doing a technical end-run around the law (a) leaves you with very few people to talk to (b) makes you stick out like a sore thumb, at which point you're vulnerable to the $5 wrench.
Here's a funny story for you.
Did you know that porn was quite severely censored in Norway up until the 90's? But suddenly, the censorship stopped. Why? Because of the distributed quality of the internet.
While the Norwegian state may still wish to continue censoring porn in Norway, they deemed the task too difficult and too invasive to continue, so they just dropped it entirely (except of course for certain extreme fringe cases).
I was personally shown clips by the Norwegian Board of Film Classification in the early 2000's showing both grey zone depictions, and clearly illegal depictions of film violence per the law. I am still traumatized from seeing some of that s*t. Legally btw, since they are a state authority tasked to categorize and censor such media, and also educate people with the right degrees. Yet in that meeting, when I asked them how they're handling censorship now, they kind of just threw their hands up in the air and told me directly that "We only give advice on cinema films these days. Look, we can't very well censor the entire internet without also using either extremely invasive or unfair strategies. If you really want some violent or pornographic movie, you're probably gonna get it no matter what we try to do."
So, the morale of this story is, make something ubiquitous enough, or hard enough to censor, and some states might just give up. If you build a truly decentralized system, good luck censoring it. And that was pretty much it for Norway. They had given up on the idea of preventing people from seeing violent or pornographic contents on the internet.
Within political science we speak about effective ways to participate politically. Sometimes that's not screaming slogans outside some government buildings. Sometimes that's simply building resilient and forward secure distributed systems.
Btw. as a side note, the bad guys are still taken. Instead of thought policing entire populations, they're now tending to the guys doing actual harm. The anti encryption bills are just smoke and mirrors to get you to give up essential liberties, so they get more control. It has little or nothing to do with protecting children and you know it.
> People keep repeating this defeatist drivel but it's just not true.
It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer.
> We saw how laws completely failed to make encryption illegal
In the USA free speech rights defeated that law.
> Encryption is just maths.
But nothing in those maths guarantee you the ability to use them legally.
> It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer.
I'd say it's actually worse than defeatist drivel, since it actively discourages an entirely feasible strategy of making bad laws difficult/impossible to enforce, and instead encourages people to squander their efforts and resources on fighting all-or-nothing political battles in the context of utterly dysfunctional institutions riddled with perverse incentives that no one at all in the modern world seems to be able to overcome.
The "political, not technical" argument is equivalent to telling people concerned about possible flooding that instead of building levees, they should focus all their efforts on trying to drain the ocean.
> entirely feasible strategy
Who will host the code? What App Store will you publish in?
2 replies →
> it is a thoroughly settled matter that you cannot legislate away mathematics.
I don’t think this protects us. I view the “encryption is maths” position as referring to backdoor keys.
But this time they figured out client-side mandated spyware is a viable way of breaking e2e without contradicting mathematics.
I hate to get dystopian but we can all see where this is going; “Trusted Hardware” is mandated to run your Government ID app and Untrusted Hardware is illegal because it’s only for criminals and terrorists. Your Trusted Device performs client-side content scanning, it’s illegal to install an untrusted app, and all app developers are criminally liable to monitor for Harmful Content on their services.
This is what we are fighting against. They keep trying and they are getting closer to succeeding. And none of this is incompatible with mathematics; it’s a pure rubber-hose attack on the populace.