undefined | Better HN

story

0 pointsJudgeWapner6y ago0 comments

> Can you explain how this actually solves the main problems?

a lot of weight rests on those two words: "main problems". The main problems for the government are that criminal investigations are being impeded. By banning certain forms of encryption, they can criminally charge a suspect for merely refusing to decrypt data. And you can bet that the penalties will be stackable, allowing the government to use its discretion and perhaps charging someone with separate counts for each file he refuses (or is unable ...) to decrypt. I'm NAL, but I've also heard of the "forgone conclusion" doctrine, which somehow allows the constitution to fly out the window and allows the gov to imprison someone indefinitely until they decrypt the files. So, sadly, this ban does solve the main problems at considerable expense to citizens' liberties.

Conjecturing further:

- citizens would be allowed to encrypt, but they'd be required to keep a set of the keys used or else they could risk prosecution.

- There could be a government cloud server where you "securely" upload whatever keys you use (or, realistically, probably outsourced to companies like equifax which would then charge you a fee to do so),

- existing cloud providers would be required to detect when clients were using encryption-looking libraries/subroutines and store a copy of the keys into some registry.

- this could ultimately lead to "whitelist-only" software libraries, so that you cannot run anything on the cloud without building it with their dev environment so they can be sure you're not secretly encrypting things.

- going even further, this could lead to deep packet inspection that simply detects encrypted transactions and queries them against the gov key registry to "make sure" they are properly decryptable. Any failures to decrypt could trigger an investigation.

0 comments

nixpulvis6y ago

Ah yes, but then doesn't the problem boil down to proving that a random value is in fact an encrypted secret?

You arrest me, scan my file system and find something named "plan.txt" which is just a bunch of gibberish... what do you do?

EDIT: I'll argue that the "main problem" is that as long as real encryption schemes exist, this is impractical to enforce.

JudgeWapnerOP6y ago

In theory, yes that's a big part of the problem. In practice, however, once the gov charges you, you're effectively guilty-until-proven-innocent because your court-appointed public defender is likely not going to be trained or equipped to provide a logical defense, much less hire an expert witness in computer forensics. Plus the gov will approach you with a plea "deal" : you can plead guilty to one charge of illegal encrypted data, pay $20k and 2 years' probation, or else risk going to the slammer for decades on the stacked charges with a maximum sentence of 3 years per file, times the 10 files they were "unable to decrypt" on your system.

> arrest me, scan my file system and find something named "plan.txt" which is just a bunch of gibberish... what do you do?

well, start by scanning every executable binary on your system. If they find a custom-rolled program that doesn't impregnate the encrypted files with known headers (for contrast, openssl ads the prefix "Salted_" to any file it encrypts) they can allege that you're using a clandestine encryption scheme and that "plan.txt" is one of the files. So again, the burden of proof would be on you to explain what that file was for, which can come at tremendous legal cost.

1 more reply

j / k navigate · click thread line to collapse