As computers continue to permeate every aspect of our lives, society, and critical infrastructure, it is much more important to ensure that they are secure from everybody — even at the cost of law-enforcement access — than it is to allow access at the cost of security. Barr is wrong, it kind of is like these systems are protecting nuclear launch codes.
Bruce Schneier
July 24, 2019
Attorney General William Barr on Encryption Policy
[Creating, or even allowing, a process by which the government can get access to all your communication and personal documents fails The Jews in the Attic Test.
“Nuclear launch codes” indeed!—Joe]
Creating, or even allowing, a process by which the government can get access to all your communication and personal documents fails The Jews in the Attic Test.
Best quote ever. The tapeworm in society was pretty great, but the above is better.
Allowing anyone, the government or private tech, to have unfettered access to your communications is an outrage. For the government, this is a violation of the first amendment. For private tech there are no violations – they are free to do whatever they want with your communications so long as you agree to vague and coercive licenses.
Unfortunately, we routinely give private tech full access to all our communications. With that kind of access is trivial to run classification algorithms to determine who you are. Aggregating the analysis across multiple platforms gives an even better analysis. This already gives the government access to the same communications should the companies agree to do so.
We are already screwed and we don’t realize it. It will just get worse from here. The state can be dangerous because of the power of life and death. Private tech is just as dangerous, perhaps more, because they too have the power of life and death over you – they just don’t use messy lethal means.
End to end encryption would be a good start, but ultimately fixing this will require more direct action.
The government’s notion that it could mandate back doors — even ignoring the Constitutional issues involved — was exposed as a pipe dream about 40 years ago. Ever since PGP it has been obvious to anyone with a room temperature IQ that this can’t be done, and that wishing it or legislating it won’t make any difference.
However, people have to choose to use it.
How can you use encryption with social media?
Private messages? How can you trust the recipient not to disclose the message?
I don’t really social media much, but I could see, for instance, needing a key to decode messages posted to a private Facebook group.
For the other … that comes down to trust of the other person. Including both the person proper, and how well they maintain the security on the computer used to read the message (eg deliberate vs inadvertent release)
I suppose you could PGP-encrypt your message and post that on Facebook. That would be fun.
My main answer is “I don’t use those things”, partly because I don’t feel like wasting my time and partly/mostly because I don’t trust the purveyors further than I can throw them.
For confidential communication, PGP-encrypted email works great. I suppose another option would be encrypted IP voice calls (not Skype, that isn’t done properly), but I don’t use those. Silent Circle used to offer products for this
What the hell, Barr? Get your ass back to investigating the FISA courts and the Democrat misuse of such.