Who favors unbreakable commercial encryption?

Governments may be the main threat to big tech companies’ current approach to encryption, but there is another, more surprising threat: their own business interests. The techno-libertarians’ absolutist rejection of lawful access has never been tenable in a commercial context. Barr lambasted Silicon Valley for claiming that government access to consumer devices was never acceptable, even for a purpose as critical as stopping terror attacks, while insisting that its companies had to have access to all their customers’ devices for the purpose of sending them security updates (and, in Apple’s case, promotional copies of unwanted U2 albums). What’s more, Big Tech’s best customers—that is, businesses—don’t want unbreakable end-to-end communications direct to the end user. That encrypted pipe makes it impossible to find and stop malware as it comes in and stolen intellectual property as it goes out. It also thwarts a host of regulatory compliance mandates. So, pace the absolutists, tech companies have found ways to ensure that their business customers can compromise end-to-end security.

And there is this:

…I believe the tech companies are slowly losing the battle over encryption. They’ve been able to bottle up legislation in the United States, where the tech lobby represents a domestic industry producing millions of jobs and trillions in personal wealth. But they have not been strong enough to stop the Justice Department from campaigning for lawful access. And now the department is unabashedly encouraging other countries to keep circling the tech industry, biting off more and more in the form of law enforcement mandates. That’s a lot easier in countries where Silicon Valley is seen as an alien and often hostile force, casually destroying domestic industries and mores.

The Justice Department has learned from its time on the receiving end of such an indirect approach to tech regulation. It has struggled for 30 years against a European campaign to use privacy regulation to prevent tech companies from giving the U.S. government easy access to personal data. But as the tide of opinion turned against U.S. tech companies around the world, the EU was able to impose billions in fines on them in the name of privacy. Soon it really didn’t matter that these companies’ data practices weren’t regulated at home. They had to comply with Europe’s General Data Protection Regulation. And once they accepted that, their will to lobby against similar legislation in the United States was broken. That’s why California—and perhaps the federal government—is inching closer to enacting a privacy law that resembles Europe’s.

Here is the full Stewart Baker post, interesting throughout.

Comments

It doesn't matter what big companies are doing, they're lagging indicators. FOSS will establish the security of the future and slowly drag commercial services towards them, like it has for decades. Web 3.0 (distributed services) are already well into the early market share race between several competing standards. They're not all anonymized, but they're all secure by design.

Dear President Trump and Attorney General Barr,

Leave my encryption the h*ll alone! Your unreasonable search and seizure is an affront to what our country was founded on.

A Concerned American

Definitely believe that that you said. Your favourite justification appeared
to be on the net the easiest thing to remember
of. I say to you, I certainly get irked whilst other people think about concerns that they plainly do not
realize about. You controlled to hit the nail upon the top and also outlined out the entire thing
with no need side-effects , folks can take a signal.

Will likely be back to get more. Thanks

Respond

Add Comment

Respond

Add Comment

I wish you were right, but FOSS vs FANG isn't going well so far. What do you think the ratio open source encrypted emails per day is to Facebook Messages or Gmail messages?

Respond

Add Comment

Respond

Add Comment

His bio is kind of relevant:

Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Baker used to be a contractor at the Volokh website. He is indeed a longtime cheerleader for an unrestrained surveillance state.

'a longtime cheerleader for an unrestrained surveillance state'

Yep, he truly is, and one of the enduring blemishes on the Volokh Conspiracy.

He wrote this 25 years ago, when Clinton was our president, and the Clipper Chip was the preferred method to ensure this - 'Opponents of key escrow encryption usually begin by talking about government invading the privacy of American citizens. None of us likes the idea of the government intruding willy-nilly on communications that are meant to be private.' https://www.wired.com/1994/06/nsa-clipper/

Which really makes you wonder, who is more credible, Baker or Snowden, when it comes to long term and extremely well funded efforts involving the American government intruding on communications that are meant to be private? Without caring about breaking American law, one should add.

I'm not sure that's a qualification for being a blemish; many, if not most of the Volokh posters have a reputation for being... uhhh... LINOs?

The Volokh Conspiracy, with the truly glaring exception of Baker, is generally admirably dedicated to the 1st Amendment and what it protects - such as truly anonymous speech, as enjoyed by the authors of the Federalist Papers.

And any site as closely linked to the Federalist Society as this site is to the Mercatus Center (not to mention the wonderful synergy that goes on behind the curtains) need never worry about about a reputation for being called what one assumes is 'liberals in name only.'

(And seriously, though one can treasure the reliable entertainment provided by the hilarious ignorance of MR commenters calling Prof. Cowen a leftist, has anybody ever considered Volokh a liberal?)

Though on further reflection, the L in LINO probably means libertarian. Defending the 1st Amendment is not a political position, however, regardless of how hard various partisans attempt to make it so.

I like how 75% of your post is based on a bad assumption that you acknowledge. "Should I delete all this? Nah... It's a sunk cost."

Defending the First Amendment becomes a political issue when you fail to defend it when discussing, for example, gay wedding cakes.

To be fair, this seems more a contributor issue than a Volokh issue, which unfortunately is a common problem with blogs that feature multiple contributors.

Nonetheless it seems there are certain issues that override their alleged mission, not to mention the infection of Stage 4 TDS in contributors such as David Post which cast doubt on their ability to mount an impartial and consistent defense of 1A.

Of course this is not unexpected given that the blog used to be hosted by the Washington Post (of all places) and is currently featured at Reason, a popular subscription for anyone who wishes to be taken seriously as a useful idiot for leftist agendae.

Like Cowen, however, I will grant that Volokh et al., as academics, need only worry about remaining in polite society when discussing their views instead of their paychecks and thus are less exposed to what we'll call Kristol-French Syndrome.

"Should I delete all this? Nah... It's a sunk cost."

Except the point at the end remains the same regardless of what word one uses - RINO, DINO, LINO, etc. makes no difference when it comes to respecting and defending the 1st Amendment.

'Defending the First Amendment becomes a political issue when you fail to defend it when discussing, for example, gay wedding cakes.'

Oddly, that issue was already decided in 1968, in Newman v. Piggie Park Enterprises, Inc - https://en.wikipedia.org/wiki/Newman_v._Piggie_Park_Enterprises,_Inc., 'The plaintiffs argued that Piggie Park's exclusion of African-Americans constituted a violation of Title II. The defendant, Bessinger, denied the discrimination, denied that the restaurants were public accommodations in the meaning of the Act (as it did not involve interstate commerce), and argued that the Civil Rights Act violated his freedom of religion as "his religious beliefs compel him to oppose any integration of the races whatever."'

Of course, you might argue that such a case is a half century old, but that same religious thinking is still held by some Americans, as seen in this article from May 2019 - '“I understand Theresa saying that, simply because we’re not Atlanta. Things are different here than they are 50 miles down the road,” he told the AJC. “I don’t know how they would take it if we selected a black administrator. She might have been right.”

Then, he delivered an unprompted opinion on interracial marriage, which he said makes his “blood boil.”

“I’m a Christian and my Christian beliefs are you don’t do interracial marriage. That’s the way I was brought up and that’s the way I believe,” he said. “I have black friends, I hired black people. But when it comes to all this stuff you see on TV, when you see blacks and whites together, it makes my blood boil because that’s just not the way a Christian is supposed to live.” ' https://www.washingtonpost.com/politics/2019/05/08/mayor-reportedly-said-her-city-isnt-ready-black-leader-council-member-went-further/

Really, these issues were decided more than 50 years ago, and a sincere religious belief in racism - or opposing marriage you do not consider decently Christian - does not entitle one to break the law.

All the religious freedom arguments concerning same sex marriage violating someone's religious principles are a boringly unimaginative replay of all the failed arguments against interracial marriage after Loving v Virginia.

'a popular subscription for anyone who wishes to be taken seriously as a useful idiot for leftist agendae'

Truly, the reliable entertainment value of the MR comments section continues, with calling Reason 'leftist.'

"Leftist" is not the same as being a useful idiot for leftists, the fact that both are enemical to the right notwithstanding.

All the same, a viewing of the front page of Reason today cloaks the point in ambiguity. TDS truly is infectious.

To your other point, you might recall that 1A does in fact guarantee freedom of religion (and not simply the freedom of worship that the left continues to insist upon). Of course you among others continue to dictate what is and is not conscientious objection and unsurprisingly it always lines up with your own personal beliefs, or lack thereof where applicable.

I guess some amendments, or clauses thereof, are more equal than others, a point Volokh and his buddies, in spite of your flowering praise of their principled stance, advocate on the regular. Useful idiots.

'the fact that both are enemical to the right notwithstanding'

Libertarians are not unconditional friends of either the left or right, which is why they are called libertarians.

'you might recall that 1A does in fact guarantee freedom of religion'

Well, let us quote the text - 'Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” Free exercise of religion does not entitle one to break the law, a standard that has been true for a couple of centuries at this point.

'Of course you among others continue to dictate what is and is not conscientious objection'

Absolutely not - those who conscientiously object do so, one assumes, with full awareness that when they are breaking the law, that is their intent. And of course, as demonstrated in the 1960s, breaking unjust laws is a fine way to create the necessary political environment to ensure that laws are changed.

'I guess some amendments, or clauses thereof, are more equal than others'

Which is an opinion that is completely protected by the 1st Amendment, though oddly enough, only by one clause (two, if you wish to consider this place an extension of the 'press'). But if you can work in an angle how Volokh should also be talking about the right of the people peaceably to assemble when talking about libel, have fun.

Interestingly, you completely ignore the fact that the exercise of religion clause does not free one from following anti-discrimination law, which has been settled American jurisprudence for more than a half century. After all, one of the main reasons that Loving v Virginia removed any racial impediment to people marrying was due to a judge writing this absolutely 1st Amendment unacceptable justification for upholding Virginia's miscegenation laws - 'This prompted the county court judge in the case, Leon M. Bazile (1890–1967), to issue a ruling on the long-pending motion to vacate. Echoing Johann Friedrich Blumenbach's 18th-century interpretation of race, Bazile wrote: 'Almighty God created the races white, black, yellow, malay and red, and he placed them on separate continents. And but for the interference with his arrangement there would be no cause for such marriages. The fact that he separated the races shows that he did not intend for the races to mix.' Obviously, a Virginia Commonwealth judge appealing to the authority of God as a basis for deciding a case involving who can and who cannot legally marry is simply wrong. That is, the American Constitution trumps whatever a judge may believe God intended.

Or maybe you are aware of how boringly similar all the religious justification arguments for ignoring anti-discrimination laws involving marriage, whether interracial or same-sex, truly are.

A law that prevents the free exercise of a religion is an unconstitutional law. I'm impressed that you can go so far as to quote the actual text of 1A and yet miss this simple fact. But as I said for many people, even libertarians, some laws are more equal than others.

I should note here also that, your moral posturing aside, the idea that a person ought not to be forced to serve another person in violation of his religious beliefs, or really for any reason, is on a careful reading a very libertarian principle. Of course the reason no self-respecting libertarian would follow this argument to its logical end is perhaps why the alt-right is filled with people who were libertarian a decade ago, or more generally why people just plain hate libertarians. For people who allegedly stick to their principles they don't seem to mind giving them up as needed to avoid being perceived as uncouth, which in this climate generally entails punching right.

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

Supermajorities in the US, France, UK, and Germany favor it, to answer the question.

"Nearly two-thirds of US and European consumers do not believe government-mandated encryption backdoors will protect them from terrorists"

https://finance.yahoo.com/news/venafi-survey-global-consumers-not-121200599.html

Seems kind of silly to worry about encrypted communications when your borders are wide open for anyone to come in no questions asked.

Anyway I look at this issue it seems existential at heart...control communication and you control just about everything...who is running the show?...government or silicon valley?...i can see no long term scenario where government allows silicon valley to run the show

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

> I believe the tech companies are slowly losing the battle over encryption.

It's not the tech companies that are losing when encryption is compromised by back-doors, it's the end-users.

Respond

Add Comment

Article conflates one thing after another. End-to-end encryption gets lumped in with content moderation gets lumped in with GDPR. Each of those items really deserve their own discussion but instead the points from one are used to attack the strawman from the other. This is very sloppy arguing.

Indeed. This is one of those articles where you know less after reading it than before.

There is no downside to encrypted communication. If the government wants access they can get a warrant to look at the server, or even hook into the server side to see what is going on.

Conflating European privacy laws with device encryption is just silly. And conflating device system file access to being able to read encrypted data files is even more silly.

Giving the government a back door is opening up insecurities that would cause untold damage, including foreign disruption of communication.

These are complex issues, and there will always be instances where having a locked door prevents intervention. Not having locked doors will cause far more damage than a few isolated events.

'where you know less after reading it than before'

Assuming you have no idea who Baker is.

If you do, it is about par for the course of a man who has seemingly dedicated his professional life to making the lives of eavesdroppers as easy as possible.

For the greater good, naturally.

Respond

Add Comment

Respond

Add Comment

+1. He says content moderation is what will destroy e2e encryption but they aren't related. You use e2e for point to point communication like a text message where the recipient is specifically targeted and not meant for anybody else. Content moderation is a whole 'nother matter. It is used with centralized services like a Facebook page, or Twitter where the content is broadly distributed and anybody and everybody could be the recipient. The gentleman that wrote this is ex-NSA and ex-DHS but these details seem to elude him. It bugs me that this is typical of the kinds of discussion that decision-makers have in DC.

The problem arises when the e2e communications are transmitted over a closed network. Facebook is not going to let you transmit over Messenger without seeing the content of the message, regardless of what they tell you about their security and privacy features. Or Gmail for that matter, made worse by the unveiling of Google's quantum computer that puts the future of any encryption anywhere in doubt.

Of course our communications are increasingly taking place over closed networks and it's clear that the companies that control these (such as Twitter, which famously can't stop ISIS from using their platform but is consistently on the ball about shadowbanning and suspending right-wing accounts) have no problem "moderating" their traffic.

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

I wonder how are they supposed to do that. Today the protocols are generally using forward-secrecy algorithms to ensure that regardless of any key being compromised in the future, the communication remains safe. Applications have been gradually implementing 'automatic shredding' of old messages. And all of this is part of free software protocols, libraries, applications. Are we going the China way of forbidding people to use it?

That's been the plan for the many decades old Crypto Wars waged by the US government. Remember PGP or the Clipper Chip?

What absolutely makes this futile is open source software as you mentioned but also the top cryptographers/mathematicians/computer scientists don't work for the government anymore so try as they might but this knowledge cannot exactly be contained.

https://en.wikipedia.org/wiki/Crypto_Wars

Respond

Add Comment

Respond

Add Comment

Like most issues involving tech, it's impossible to distinguish the good guys from the bad guys, which is to say their motivations and intentions. From net neutrality to privacy, what competing interests say and what they actually mean are wrapped in jargon and obfuscation. As my college professor advised his students, doubt everything. But if everybody doubts everything, there can be trust, no cooperation, no progress. I suppose to a Straussian, that's music to the ears. We live in a world in which people don't trust the NYT but trust Trump, a world in which people don't trust their neighbors but trust what they read or see on the internet, a world in which people trust autonomous cars, autonomous weapons systems, and autonomous aircraft but don't trust science. Confusion, ambiguity, euphemisms, jargon, and evasion came to be seen as a "destroyer of life, of hope", clarity a virtue. This is not a virtuous time.

Everyone has a conflict of interest. NSA wants to read our stuff and support public data protection. Commercial companies want access but invariably lose data from insider errors or theft. User's like intelligent search but fear using their credit card on line.

My solution is an autonomous process in our counterfeit proof ATM chips or in our handhelds This process will obey whatever security protocol the user need for the application. A search contract and a purchase contract can have different security protocols and keys. The user selects and the SecureID executes, autonomously.

SecureID is a software/hardware layering with biometrics. If I have data tat needs FOSS encryption, my SecureiD can supply and remember the keys, it knows the basic key set up but does not handle data directly. The cudID knows about commercial purchases, e mail, it cn handle personID for entry and exit into buildings..

Bascially SecureID handles simple exchange contracts of a great variety. Not programs, really, but different security protocol, like exchanging digital assets without double spending. The contracts are proofed, down loadable. A simple software machine, like a very simple, limited size spreadsheet that runs under the biometricaly secure layer.

Respond

Add Comment

Respond

Add Comment

Respond

Add Comment

'I believe the tech companies are slowly losing the battle over encryption.'

They were never the ones fighting the battle for encryption in the first place.

Oddly, these people are still fighting that battle, against any number of opponents - the Bundesamt für Sicherheit in der Informationstechnik. But then, what would the German government care about the NSA listening in on the Chancellor's phone calls, right?

Respond

Add Comment

Politicians that don't understand math seek to make it illegal in the name of national security. Don't want Muslim terrorists or white nationalists using that math now you hear!

Respond

Add Comment

"What’s more, Big Tech’s best customers—that is, businesses—don’t want unbreakable end-to-end communications direct to the end user. That encrypted pipe makes it impossible to find and stop malware as it comes in and stolen intellectual property as it goes out."

A very bad paragraph. As others have noted, secure communications have no bearing on what's being marshalled for transmission, nor what is separately securely saved.

Respond

Add Comment

In fact existing messaging apps which promise "secure end-to-end communications" are anything but.

And while it would be easy to build a truly secure communications app--it would have some interesting characteristics which most users would not like. For example, if you were to log out of one device and log into another, all your old messages would necessarily be lost--as the new device was not the original receiving endpoint in all your end-to-end secure communications.

I'm not sure that's true. Didn't BlackBerry have both secure cloud repositories and end to end encryption?

Respond

Add Comment

Respond

Add Comment

To make the best case for this article:

A few years ago there was a botnet created out of insecure web cameras. It was a failure of security that allow the botnet to be created. But the way the botnet was shut down was that it was re-hacked by good guys.

So you could argue that things should not really be secure, because good guy hackers.

But isn't that just not looking back far enough? In a secure system that botnet would not have been created. Those webcams would be securely communicating with their owner's phones, etc.

Respond

Add Comment

And of course an insecure system faces endless bad guy hack, good guy hack, cycles.

Good for the NSA maybe, but not you or me.

Respond

Add Comment

The framing on that is terrible - it's not a government from consumer tradeoff. There simply isn't a way to create backdoors that only the 'good guys' get to use.

Allowing government channels into encrypted communications simply means allowing anyone with enough know-how access. Writing secure software is hard enough without intentionally weakening it.

And one guy's good guy is another guy's bad guy.

Respond

Add Comment

Respond

Add Comment

Alex and Tyler apparently have no friends in the comp sci department(*).

* - see also 1:1 name/email

Respond

Add Comment

Is the idea to have one back door per nation-state or do they all share the same keys?

The NSA will eventually share its keys with other nations. One way or the other.

The US is utterly incapable of keeping secrets, and other Western countries are surely no better. Giving the NSA a backdoor to read your messages means letting the Russians and Chinese read them too. This is not a fixable problem.

Respond

Add Comment

Respond

Add Comment

And the American Founders were wrong about the 4th Amendment too!

Respond

Add Comment

..and, in Apple’s case, promotional copies of lousy U2 albums)

Respond

Add Comment

Stewart Baker - and by extension, Tyler Cowan - should not write about topics they don't understand. In this case, it's clear that they don't understand encryption and computer systems. There's so much wrong in his article I didn't bother to finish it. Stick to economics, where if you don't understand something you can at least fake it to non-economists.

Respond

Add Comment

> Barr lambasted Silicon Valley for claiming that government access to consumer devices was never acceptable, even for a purpose as critical as stopping terror attacks, while insisting that its companies had to have access to all their customers’ devices for the purpose of sending them security updates (and, in Apple’s case, promotional copies of unwanted U2 albums).

This is the kind of comparison that the aphorism "not even wrong" was made for.

Respond

Add Comment

It doesn't take tech companies to bring us encryption, nor can they take it away. Open source projects usually do a better job, and put the code in so many hands that taking it away will be harder even than gun control.

The harder challenge for people who want to go on sharing suppressed information is to steer clear of people and businesses that have installed surveillance products such as Siri or Alexa. Those are even stupider than Internet-of-Things devices, and anyone who uses either is just asking to be given a China-like social credit score, and punished by Google.

Respond

Add Comment

Oh, big surprise that Baker is on the side of jackbooted authoritarians.

Respond

Add Comment

Respond

Add Comment