• phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    233
    arrow-down
    2
    ·
    2 months ago

    The US Govt 5 years ago: e2e encryption is for terrorists. The govt should have backdoors.

    The US Govt now: Oh fuck, our back door got breached, everyone quick use e2e encryption asap!

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        46
        ·
        2 months ago

        I laughed so much at that. Encryption is literally just long complicated numbers combined with other long complicated numbers using mathematical formulae. You can’t ban maths.

        If I remember correctly, there’s also a law in Australia where they can force tech companies to introduce backdoors in their systems and encryption algorithms, and the company must not tell anyone about it. AFAIK they haven’t tried to actually use that power yet, but it made the (already relatively stagnant) tech market in Australia even worse. Working in tech is the main reason I left Australia for the USA - there’s just so many more opportunities and significantly higher paying jobs for software developers in Silicon Valley.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          2 months ago

          You can try, and in the US, we have export restrictions on cryptography (ITAR restrictions), so certain products cannot be exported. But you can print out the algorithm and carry it on a plane though, so I’m not sure what the point is…

        • rottingleaf@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          3
          ·
          2 months ago

          I laughed so much at that. Encryption is literally just long complicated numbers combined with other long complicated numbers using mathematical formulae. You can’t ban maths.

          Now laugh at banning chemistry and physics (guns and explosives and narcotics). Take a laugh at banning murder too - how do you ban every action leading to someone’s death?

          and the company must not tell anyone about it

          Any “must not tell” law is crap. Unless you signed some NDA knowing full well what it is about.

          Any kind of “national secret disclosure” punishment when you didn’t sign anything to get that national secret is the same.

          It’s an order given to a free person, not a voluntarily taken obligation.

          That said, you can’t fight force with words.

    • theherk@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      ·
      2 months ago

      Different parts of the government. Both existed then and now. There has for a long time been a substantial portion of the government, especially defense and intelligence, that rely on encrypted comms and storage.

        • elucubra@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          18
          ·
          2 months ago

          I have never understood why electronic communications are not protected as physical mail

          • JackbyDev@programming.dev
            link
            fedilink
            English
            arrow-up
            10
            ·
            2 months ago

            Because physical mail can be easily opened with a warrant. Encryption can be nigh impossible to break. The idea of a vault that cannot be opened no matter how hard you try is something that scares law makers.

          • Astronauticaldb@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 months ago

            Lobbying as well as developmental issues I would assume. I’m no real developer just yet but I’d imagine creating robust security protocols is time-consuming and thinking of every possible vulnerability is not entirely worth it.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              2 months ago

              No, security is pretty easy and has been for decades. PGP has been a thing since 1991, and other encryption schemes were a thing long before. ProtonMail uses PGP and SMTP, the latter of which predates PGP by about a decade (though modern SMPT with extensions wasn’t a thing until 1995).

              So at least for email, there’s little technical reason why we couldn’t all use top of the line security. It’s slightly more annoying because you need to trade keys, but email services could totally make it pretty easy (e.g. send the PGP key with the first email, and the email service sends it with an encrypted reply and stores them for later use).

              The reason we don’t is because servers wouldn’t be able to read our email. The legitimate use case here is searching (Tuta solves this by searching on the client, ProtonMail stores unencrypted subject lines), and 20 years ago, that would’ve been a hardship with people moving to web services. Today, phones can store emails, so it’s not an issue anymore, so it probably comes down to being able to sell your data.

              Many to many encryption is more complicated (e.g. Lemmy or Discord), so I understand why chat took a while to be end to end encrypted (Matrix can do this, for example), but there are plenty of FOSS examples today, and pretty much every device has encryption acceleration in the CPU, so there’s no technical reason why it’s impractical today.

              The reason it’s not uniquitous today is because data is really valuable, both to police and advertisers.

          • ayyy@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            2
            ·
            2 months ago

            Because the USA has been a broken fascist husk ever since the red scare and has been in slow decline ever since.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      14
      ·
      2 months ago

      More like 23 years ago when the Patriot Act was signed, and every time it has been re-authorized/renamed since. Every President since Bush Jr. is complicit, and I’m getting most of them in the previous 70-ish years (or more) wish they could’ve had that bill as well.

  • Maeve@kbin.earth
    link
    fedilink
    arrow-up
    184
    arrow-down
    3
    ·
    2 months ago

    Oh gee, forcing companies to leave backdoors for the government might compromise security, everyone. Who’d have thunk it? 🤦

    • rottingleaf@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      2 months ago

      They knew, they were putting backdoors when they needed them.

      Now the new administration will take half of the blame in public opinion (that’s how this works) and also half of the profits, so they won’t investigate too strictly those who’ve done such things.

      But also words don’t cost anything. They can afford to say the obvious after the deed has been done.

  • circuitfarmer@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    120
    arrow-down
    5
    ·
    2 months ago

    It’s probably also good practice to assume that not all encrypted apps are created equal, too. Google’s RCS messaging, for example, says “end-to-end encrypted”, which sounds like it would be a direct and equal competitor to something like Signal. But Google regularly makes money off of your personal data. It does not behoove a company like Google to protect your data.

    Start assuming every corporation is evil. At worst you lose some time getting educated on options.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      38
      arrow-down
      4
      ·
      2 months ago

      End to end is end to end. Its either “the devices sign the messages with keys that never leave the the device so no 3rd party can ever compromise them” or it’s not.

      Signal is a more trustworthy org, but google isn’t going to fuck around with this service to make money. They make their money off you by keeping you in the google ecosystem and data harvesting elsewhere.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          7
          ·
          edit-2
          2 months ago

          Thats a different tech. End to end is cut and dry how it works. If you do anything to data mine it, it’s not end to end anymore.

          Only the users involved in end to end can access the data in that chat. Everyone else sees encrypted data, i.e noise. If there are any backdoors or any methods to pull data out, you can’t bill it as end to end.

          • circuitfarmer@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            13
            arrow-down
            1
            ·
            2 months ago

            You are suggesting that “end-to-end” is some kind of legally codified phrase. It just isn’t. If Google were to steal data from a system claiming to be end-to-end encrypted, no one would be surprised.

            I think your point is: if that were the case, the messages wouldn’t have been end-to-end encrypted, by definition. Which is fine. I’m saying we shouldn’t trust a giant corporation making money off of selling personal data that it actually is end-to-end encrypted.

            By the same token, don’t trust Microsoft when they say Windows is secure.