I do not like these framings of "not a" because it always sounds so suspicious like "we are not a cult".
It puts the idea into the world that it could be a crime and maybe that it is the status quo.
Much better IMHO is something like "Encryption is a fundamental right.", "Encryption protects everyone.", "Without encryption there is no democracy." and so on.
Maybe "Don’t let them take your right to privacy."
Also, I've heard it said that people have a tendency to subconsciously flush "not" and remember that sort of statement as "encryption is a crime". It is slightly better to put things positively (eg, "Encryption is the reasonable default").
It makes sense in this context, as it operates on the idea that it could be a crime: "Contrary to what some policymakers seem to believe, whether naively or maliciously, encryption is not a crime."
This is too many words to convince someone who already doesn’t believe this.
Put more simply: the modern internet doesn’t work without encryption, it is a fundamental part of the technology. Without it, anyone could log into any of your accounts, take your money, messages, photos, anything.
>Put more simply: the modern internet doesn’t work without encryption, it is a fundamental part of the technology. Without it, anyone could log into any of your accounts, take your money, messages, photos, anything.
I'm pretty pro encryption, but even this is pretty dishonest. Phones (ie. PSTN, not iPhones) aren't "encrypted" by any means, but there's plenty of sensitive information sent over it. Lawyers fax each other important documents, and doctors fax each other medical recorcds. There was (is?) even telephone banking where you could do basic transactions over the phone. Even today, some banks/brokerages require you to phone in to do certain high risk operations (eg. high value transfers or account resets). All of this happens without encryption. While that's less security that I'd like, it's safe to say that "anyone could log into any of your accounts, take your money, messages, photos, anything" isn't true either.
End-to-encryption is a good thing, and so is this website providing information about how to use it.
But this particular article represents a particular pathology surrounding freedom. Freedom is supposed to be about doing what you want. It's not about making florid speeches about how free you supposedly are. If you want to use end-to-end encryption, just use it, and maybe offer advice to others on how to use it.
There are some politicians who have decided that only bad people use encryption. Going up to one of these politicians and trying to explain that you use encryption but you're actually a good person won't convince them that encryption's okay, it'll just convince them that you're a bad person. Politics is one of those things that attracts people who just want to find the shortest route to a decision about who are the good people and who are the bad people, and keeping secrets isn't something that those sorts of people like other people doing.
Unless you have evidence that the government is rounding up people just for using encryption, all this sort of advocacy does is to draw attention to you having something to hide, and therefore probably being some sort of wrong'un. If the government is rounding up people for using encryption, that's a specific threat you need to respond to, and starting a public campaign is not the right response.
>You should engage with the arguments the other side makes.
The arguments are "Protect the children.", "Catch terrorists.", "Catch criminals.".
Those arguments have been engaged with for decades. They are purely emotional arguments. Anyone who still pushes those arguments forth is most likely doing so with ulterior motives and cannot be reasonably "engaged" with.
If we had trustworthy governments, or trustworthy police agencies, then maybe mandated backdoors wouldn't be all that bad. But if anything, recent events that clearly demonstrated that governments are not trustworthy, even if one is trustworthy today it couldn't become an evil regime tomorrow, and handing all your power over literally anything to such an organization does not seem wise.
It doesn't seem like trustworthy governments is the issue. You can't have backdoors period because they'll be leaked / discovered and used by bad actors.
I have yet to see a case against someone that hinged on some data that was encrypted. Almost every tale from some cell needing to be cracked has ended in a fart because they got the information anyway using old-fashioned police investigation.
We went from Patriot Act to literally disappearing people without due process in only 23 years. Imagine if they could also decrypt your phone and plant evidence in advance.
Even if you trust someone with your life and you know this person is never going to betray you and will always have your best interests at heart, that doesn't mean that they automatically get a free pass to view and inspect everything I do every minute of every day until I die.
Unfortunately, that is what these governments want.
And also apply it equally to ecommerce and homebanking.
Lets see how happy the voters are when they have to start walking to their Bank again every week, can't order their latest temu toxic waste product anymore and their GDP drops in half.
The same people who want to make encryption a crime (like Trump 45[0]) are using signal to discuss sensitive information without an audit trail. It's absolutely rules for thee.
The problem is the average person doesn't care very much or understand it.
If you ask anyone if privacy matters they will of course say yes. If you ask them why they use software with telemetry or websites with Google Analytics they will simply shrug.
If you ask them if it's alright for the NSA to collect and analyze data from everyone they will say yes and they have nothing to hide.
People don't know what privacy is. They don't know what they are fighting for or where the fight is taking place.
If you take that and then add encryption to the mix... and you have politicians and agency plants talking about "saving the children from online pedos" by banning these "encryption apps and technology"....
You nailed the problem. Privacy is the tension between freedom and overwatch. Perfect privacy would yield zero justice, while zero privacy yields big brother/1984 overwatch. A healthy balance must exist for society to thrive.
"Secrecy of correspondence" is a longstanding legal principle in many countries (e.g. in Germany since the unification in 1871, in the US there was a supreme court ruling in 1877)
The only way to guarantee secrecy is through encryption, preferably e2e.
It’s honestly annoying how often experts speak up about this, and still nothing changes. We’re stuck in the same cycle—fear gets in the way, and in the end, it’s our privacy and security that suffer. If anything, this should be a sign to invest in stronger encryption and better law enforcement tactics that don’t mess with the tools keeping us safe online.
Also... we're throwing around words like "crime" and "terror" and talking about shadowy quasi-governmental organizations encroaching on civil rights to privacy. I offer this commentary from the Eurythmics' score to Michael Radford's 1984 film "1984" to serve as background music for our discussions.
There's an abstract argument template that I've noticed floating around. It goes like this:
1. There's a thing T in the world, and that thing has negative outcomes X, Y, Z, and positive outcomes A, B, C.
2. Some people believe that Y and Z are so bad, that they want to partly compromise C to diminish them.
3. However that will never work! And they'll definitely also take B if we let them mess with C.
4. Besides, C is so important, that we should accept Y and Z to have it.
I've heard it many times before. Reading this post feels like watching a rerun of Friends.
Are you saying that this template is what the article is presenting?
If so I don't believe it applies, in particular because you have stated that only a partial compromise on C is needed to prevent Y and Z.
There is no "partial compromise" on encryption, so this argument is flawed. There is no way to have encryption that "only the good guys" can break. It is either secure, or it is not.
Because SF-dwelling tech bros demand free speech but can perform the necessary mental gymnastics to overlook the right to manufacture and possess technology that has existed for over a century.
As a software engineer who specialized in cryptography in the 1990s and didn't work for the NSA (working for RSADSI, Bell Canada and Certicom) I feel I have an informed vantage point from which to offer notes.
a) This seems like a decent introduction to the subject of cryptographic regulation in the last 30 years. It's far from exhaustive, however. I do appreciate the collected references from diverse points in the last several decades.
b) I would have mentioned "Sink Clipper" and the ACLU "dotRights" campaigns. Neither are especially easy to find in the increasingly enshittified google cache, but Le Monde Diplomatique has this article, complete with a link to Sink Clipper poster (I think from the mind of Kurt Stammberger) that no collection of CypherPunk oriented ephemera from the era can be without: https://mondediplo.com/openpage/selling-your-secrets
c) Herb Lin presented a very nice paper back in the day comparing PROPOSED encryption regulation with ACTUAL encryption regulation. I think the thesis was through the 90s, proposed regulation was increasingly draconian (clipper, etc.) but actual regulation was liberalizing (effective deregulation of open-source tools.) I found Herb's page at Stanford and heartily recommend it if for no other reason than it's sheer volume of written material: https://herblin.stanford.edu/recent-publications/recent-publ...
e) Making the web "secure" or "private" is like putting lipstick on a pig. Modern web technology is designed to de-anonymize and collect identifying information to enable targeted ad delivery. Thought I generally respect Moxie Marlinspike and have no great beef with Signal, there has been a concerted effort to exploit its device sharing protocol and your carrier and national governments can easily extract traffic analysis info from people using it. Were I to add one sentence to this guide, it would be "While these tools are better than nothing, they are far from perfect."
f) The guide seems to conflate encryption with privacy. Encryption technology can enable privacy, but you're not going to get privacy from encryption technology unless you pair it with well reasoned policy (for organizations) and operational guidelines (for both organizations and individuals.)
The extreme example is to say "nothing stops a participant in an encrypted communication from sharing the un-encrypted plaintext after it's recovered." People earnestly trying to maintain message security probably know not to do that, but when talking about exchanging keys and figuring out which keys or organizations you should trust, it's easy for even the well-informed to make privacy-eroding decisions.
So... I think this article is a good jumping off point, covering material I would call "required, but not sufficient." I would just view it as the beginning of a deep-dive instead of the end.
[+] [-] i5heu|10 months ago|reply
It puts the idea into the world that it could be a crime and maybe that it is the status quo.
Much better IMHO is something like "Encryption is a fundamental right.", "Encryption protects everyone.", "Without encryption there is no democracy." and so on.
Maybe "Don’t let them take your right to privacy."
[+] [-] Retr0id|10 months ago|reply
[+] [-] roenxi|10 months ago|reply
[+] [-] stronglikedan|10 months ago|reply
[+] [-] netfortius|10 months ago|reply
[+] [-] giantg2|10 months ago|reply
[+] [-] kgwxd|10 months ago|reply
[+] [-] 01HNNWZ0MV43FF|10 months ago|reply
Encryption is free association and free speech. Talking to someone about what I like without eavesdroppers
Transitioning gender is also free speech, freedom of expression. Presenting how I like and not how some wannabe king wants me to
[+] [-] kube-system|10 months ago|reply
Put more simply: the modern internet doesn’t work without encryption, it is a fundamental part of the technology. Without it, anyone could log into any of your accounts, take your money, messages, photos, anything.
[+] [-] gruez|10 months ago|reply
I'm pretty pro encryption, but even this is pretty dishonest. Phones (ie. PSTN, not iPhones) aren't "encrypted" by any means, but there's plenty of sensitive information sent over it. Lawyers fax each other important documents, and doctors fax each other medical recorcds. There was (is?) even telephone banking where you could do basic transactions over the phone. Even today, some banks/brokerages require you to phone in to do certain high risk operations (eg. high value transfers or account resets). All of this happens without encryption. While that's less security that I'd like, it's safe to say that "anyone could log into any of your accounts, take your money, messages, photos, anything" isn't true either.
[+] [-] 123pie123|10 months ago|reply
being pandantic that should read - the modern usage of the internet..
the internet does work ok without encryption, has it has done from a long time ago
[+] [-] cjs_ac|10 months ago|reply
But this particular article represents a particular pathology surrounding freedom. Freedom is supposed to be about doing what you want. It's not about making florid speeches about how free you supposedly are. If you want to use end-to-end encryption, just use it, and maybe offer advice to others on how to use it.
There are some politicians who have decided that only bad people use encryption. Going up to one of these politicians and trying to explain that you use encryption but you're actually a good person won't convince them that encryption's okay, it'll just convince them that you're a bad person. Politics is one of those things that attracts people who just want to find the shortest route to a decision about who are the good people and who are the bad people, and keeping secrets isn't something that those sorts of people like other people doing.
Unless you have evidence that the government is rounding up people just for using encryption, all this sort of advocacy does is to draw attention to you having something to hide, and therefore probably being some sort of wrong'un. If the government is rounding up people for using encryption, that's a specific threat you need to respond to, and starting a public campaign is not the right response.
[+] [-] loftsy|10 months ago|reply
Clearly the pressure on government to write these laws is coming from somewhere. You should engage with the arguments the other side makes.
[+] [-] ziddoap|10 months ago|reply
The arguments are "Protect the children.", "Catch terrorists.", "Catch criminals.".
Those arguments have been engaged with for decades. They are purely emotional arguments. Anyone who still pushes those arguments forth is most likely doing so with ulterior motives and cannot be reasonably "engaged" with.
[+] [-] elric|10 months ago|reply
[+] [-] socalgal2|10 months ago|reply
https://www.youtube.com/watch?v=VPBH1eW28mo
[+] [-] TehCorwiz|10 months ago|reply
We went from Patriot Act to literally disappearing people without due process in only 23 years. Imagine if they could also decrypt your phone and plant evidence in advance.
[+] [-] rdm_blackhole|10 months ago|reply
Even if you trust someone with your life and you know this person is never going to betray you and will always have your best interests at heart, that doesn't mean that they automatically get a free pass to view and inspect everything I do every minute of every day until I die.
Unfortunately, that is what these governments want.
[+] [-] ajsnigrutin|10 months ago|reply
If we want to play in a world with full transparency, let's start with the politicians!
[+] [-] _Algernon_|10 months ago|reply
Lets see how happy the voters are when they have to start walking to their Bank again every week, can't order their latest temu toxic waste product anymore and their GDP drops in half.
[+] [-] zwnow|10 months ago|reply
[+] [-] candiddevmike|10 months ago|reply
0 - https://www.politico.com/story/2019/06/27/trump-officials-we...
[+] [-] bitbasher|10 months ago|reply
If you ask anyone if privacy matters they will of course say yes. If you ask them why they use software with telemetry or websites with Google Analytics they will simply shrug.
If you ask them if it's alright for the NSA to collect and analyze data from everyone they will say yes and they have nothing to hide.
People don't know what privacy is. They don't know what they are fighting for or where the fight is taking place.
If you take that and then add encryption to the mix... and you have politicians and agency plants talking about "saving the children from online pedos" by banning these "encryption apps and technology"....
[+] [-] 1970-01-01|10 months ago|reply
You nailed the problem. Privacy is the tension between freedom and overwatch. Perfect privacy would yield zero justice, while zero privacy yields big brother/1984 overwatch. A healthy balance must exist for society to thrive.
[+] [-] flessner|10 months ago|reply
The only way to guarantee secrecy is through encryption, preferably e2e.
[+] [-] mohi-kalantari|10 months ago|reply
[+] [-] candiddevmike|10 months ago|reply
[+] [-] OhMeadhbh|10 months ago|reply
https://youtu.be/IcTP7YWPayU
[+] [-] jagger27|10 months ago|reply
As long as we preserve the knowledge of one-time pads, they will not take this power from us.
[+] [-] kubb|10 months ago|reply
[+] [-] fenaer|10 months ago|reply
If so I don't believe it applies, in particular because you have stated that only a partial compromise on C is needed to prevent Y and Z.
There is no "partial compromise" on encryption, so this argument is flawed. There is no way to have encryption that "only the good guys" can break. It is either secure, or it is not.
[+] [-] chupasaurus|10 months ago|reply
[+] [-] huslage|10 months ago|reply
[+] [-] jmclnx|10 months ago|reply
To me, the only sure end-end encryption is gnupg, where you personally create the keys and distribute.
[+] [-] jaxn|10 months ago|reply
[+] [-] 15155|10 months ago|reply
See also: the ACLU.
[+] [-] SirMaster|10 months ago|reply
[+] [-] DarkWiiPlayer|10 months ago|reply
And yet it seems like every last politician without literally a single exception thinks that they it does work that way.
[+] [-] EGreg|10 months ago|reply
https://community.qbix.com/t/the-global-war-on-end-to-end-en...
[+] [-] OhMeadhbh|10 months ago|reply
a) This seems like a decent introduction to the subject of cryptographic regulation in the last 30 years. It's far from exhaustive, however. I do appreciate the collected references from diverse points in the last several decades.
b) I would have mentioned "Sink Clipper" and the ACLU "dotRights" campaigns. Neither are especially easy to find in the increasingly enshittified google cache, but Le Monde Diplomatique has this article, complete with a link to Sink Clipper poster (I think from the mind of Kurt Stammberger) that no collection of CypherPunk oriented ephemera from the era can be without: https://mondediplo.com/openpage/selling-your-secrets
The ACLU dotRights.org site seems to have receded into history, but some of it's content is still available at the archive. For example: https://web.archive.org/web/20100126102126/http://dotrights....
c) Herb Lin presented a very nice paper back in the day comparing PROPOSED encryption regulation with ACTUAL encryption regulation. I think the thesis was through the 90s, proposed regulation was increasingly draconian (clipper, etc.) but actual regulation was liberalizing (effective deregulation of open-source tools.) I found Herb's page at Stanford and heartily recommend it if for no other reason than it's sheer volume of written material: https://herblin.stanford.edu/recent-publications/recent-publ...
d) I was a little surprised the wired article linked to at the beginning of the piece didn't have that issue's front cover, which was sort of a cultural touchstone at the time. But you can see it here: https://pluralistic.net/2022/03/27/the-best-defense-against-... - and this one: https://www.reddit.com/r/Bitcoin/comments/1cgpktp/31_years_a... (dang, look at those non-receding hairlines!)
e) Making the web "secure" or "private" is like putting lipstick on a pig. Modern web technology is designed to de-anonymize and collect identifying information to enable targeted ad delivery. Thought I generally respect Moxie Marlinspike and have no great beef with Signal, there has been a concerted effort to exploit its device sharing protocol and your carrier and national governments can easily extract traffic analysis info from people using it. Were I to add one sentence to this guide, it would be "While these tools are better than nothing, they are far from perfect."
f) The guide seems to conflate encryption with privacy. Encryption technology can enable privacy, but you're not going to get privacy from encryption technology unless you pair it with well reasoned policy (for organizations) and operational guidelines (for both organizations and individuals.)
The extreme example is to say "nothing stops a participant in an encrypted communication from sharing the un-encrypted plaintext after it's recovered." People earnestly trying to maintain message security probably know not to do that, but when talking about exchanging keys and figuring out which keys or organizations you should trust, it's easy for even the well-informed to make privacy-eroding decisions.
So... I think this article is a good jumping off point, covering material I would call "required, but not sufficient." I would just view it as the beginning of a deep-dive instead of the end.
[+] [-] jdhxhchdyrjh456|10 months ago|reply
[deleted]
[+] [-] unknown|10 months ago|reply
[deleted]
[+] [-] jigletgooner|10 months ago|reply
[deleted]