Law in the Internet Society

View   r3  >  r2  ...
YiShinLaiSecondEssay 3 - 03 Feb 2020 - Main.YiShinLai
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

End-to-end Encryption: The Way Forward

Changed:
<
<
-- By YiShinLai - 07 Dec 2019
>
>
-- By YiShinLai - 03 Feb 2020
 
Changed:
<
<
When Phil Zimmerman first made available to the masses Pretty Good Privacy, an end-to-end encryption program, in 1991, he seemed to have been ahead of his time. Internet, in most countries, were in its infancy stage and e-commerce as we know it today was virtually non-existent. Internet privacy was therefore virtually unheard of. Those times, people had to queue up at a bank in order to cash their pay checks in. They had to buy their groceries at their local grocer with cold-hard cash. The concept of privacy (and indeed life) then was simple. As long as nobody was tailing you, you were safe. Closing the doors and shutting the curtains to your house literally meant shutting out the world.
>
>
When Phil Zimmerman first made available to the masses Pretty Good Privacy (PGP), an end-to-end encryption program, in 1991, he seemed to have been ahead of his time. Internet, in most countries, was in its infancy stage. E-commerce was virtually non-existent, and internet privacy was not thought about, much less talked about.
 
Changed:
<
<
As the number of users of the Internet exploded throughout the latter half of the 20th century and into the 21st century, privacy was no longer confined to one’s four walls. Information flowed in and out of the house through Internet cables linked to bigger ones built by telecommunication companies. Spying no longer involved physically tailing someone. Looking at what was flowing through the cables drew the attention of commercial technology companies ready to monetize the data. For Governments, it meant control over its citizens.
>
>

Encryption and Hacking

 
Changed:
<
<

Hacking as a solution to encryption

>
>
Mr Zimmerman’s PGP stemmed from his desire to protect Internet users from Government surveillance and interference. Internet to him was of the people, and for the people. His creation therefore made it significantly more difficult for the Government to intercept messages and transactions on the Internet. This was, however, not to say that it was impossible. In cases that warrant special attention, governmental agencies and private companies like the NSA and NSO respectively have been able to get past the encryption without actually cracking any code.
 
Changed:
<
<
Mr Zimmerman’s foresight into the future was a thorn to any Government’s intent to surveil its citizens and those whom they had an interest in. Instead of being able to instantly intercept every message or transaction a person does on the Internet with a click of a mouse, it was significantly more difficult to find out what a person was doing behind a computer with end-to-end encryption. This was, however, not to say that it was technically impossible. With sufficient resources, Governments were still able to hack into the source, i.e. the device used by their target, by doing something called “man-in-the-middle attack” which is essentially impersonating a message recipient so that messages are encrypted to their public key instead of the one the sender intended. In cases that warrant special attention, Government agencies will attempt to crack the encryption itself.
>
>
But the ability to hack into devices or decrypt an encrypted message involves significant resources and is limited by costs. Such targeted and focused actions are not scalable. It would take too much resources for Governments to hack into everyone’s computer or phone. But because Governments view internet surveillance as a form of social control, any impediment to it must be overcome. This encourages Governments to eliminate end-to-end encryption by first attempting to eliminate the people behind them. When that failed, as in Mr Zimmermann’s case, they looked to legislating laws to either disallow the use of end-to-end encryption or for a backdoor to be created that only the Governments may enter.
 
Changed:
<
<
But chief amongst the multi-faceted concerns of the Governments wanting to know more, if not everything, about its citizens is the issue of cost. Hacking into devices and decrypting an encrypted message involves significant resources, and such targeting and focused actions are not scalable. You sure can do it for 100 people, maybe even for 1000, but not millions. In short, it would take too much for Governments to use technology to battle technology. This conundrum has led Governments to take the easier option. Eliminate end-to-end encryption by first eliminating the people behind them. When that did not quite achieve the desired effect since the technology was already out on the Internet (and it was politically difficult to make people “disappear”), the Government worked to put into legislation laws that either disallow the use of end-to-end encryption or for a backdoor to be created so that only the Governments may enter for supposedly “virtuous and holy” reasons.
>
>

Law enforcement versus individual privacy

 
Changed:
<
<

Encryption legislation: Law enforcement at the expense of individual privacy

>
>
Any reliance on such legislation to access an individual’s electronic privacy is always centered on it being in the public’s interest. How would you like child sex predators, murderers or would-be rapist to prowl the internet unmonitored, asks Big Brother. Instead of learning from how the “Clipper Chipset” proposal spectacularly flopped after companies and individuals started to boycott the device for its gross infringement on privacy through “backdoors”, it is somewhat surprising that the deputy attorney-general Rosen announced that the Government was looking to revive the enactment of a similar program (though technically different) in July 2019, and recently reiterated his plan to do so after a shooting at a naval base in Florida.
 
Changed:
<
<
Such a “solution”, as the Government terms it, has been consistently argued by them to be in the public’s interest. How would you like child sex predators, murderers or would-be rapist to prowl the Internet unmonitored, asks Big Brother. This rhetoric, started during the Clinton Administration cumulated in an attempt to affix the Clipper chipset, invented by the National Security Agency, onto telecommunication devices supposedly to help encrypt voice and data messages, which sounds good, only to be told that a backdoor was available to the Government. Instead of learning from how that proposal spectacularly flopped after companies and individuals started to boycott the chipset for its gross infringement on privacy, it is somewhat surprising that deputy attorney-general, Jeffery A. Rosen, had in July 2019, renewed calls that the Government was looking to revive the enactment of a similar program. This time, the Government knows that it has to repackage the idea out of fear that rights groups will come with spears ready to hunt. Under the guise of “attempting to control the wide powers” of big technology companies such as Google, Facebook and Apple, the Government intends to force, or in Mr Rosen’s words “cooperate with” big tech companies such as, to either hand over the keys through a Court order or to provide a backdoor to encrypted devices or data.
>
>
The competing interests between law enforcement and individual privacy have always been a difficult question with no easy answer. The Government argues that having data delivered to its doorstep on a silver platter unencrypted will help solve, prevent and predict crimes. But why the need to help them encroach on our privacy, which is akin to shooting ourselves in the foot, when the Government is clearly aware that it has some way to hack into one’s electronic device to obtain unencrypted information? Afterall, the Snowden leaks showed that the NSA had the ability to infiltrate a target’s laptop to read encrypted data through the control of its operating system.
 
Changed:
<
<
This puts into sharp focus the competing interests: one of law enforcement versus individual privacy. The Government argues that having data delivered to its doorstep unencrypted will have solve, prevent and predict crimes. This, in my view, is a complete fallacy. Remember how we had alluded (above) to the Government’s ability to hack into one’s computer to obtain the necessary information, and that it is all down to cost? There is therefore no reason why the Government, or its affiliates (think NSA), cannot do those if there was a real need to. Not only did the Snowden leaks show that NSA had the ability to infiltrate a target’s laptop to reading encrypted data through the control of its operating system, a more obvious example was when the Government declared that “a contractor” managed to break the passcode to the iPhone of the San Bernardino shooter after attempts to harangue Apple to give up its backdoor failed.
>
>
What the Government is really trying to do, in my opinion, is to keep banging on the gates of privacy, hoping that one day the gates burst free. Once encryption is tossed aside voluntarily by the people, the Government can start surveilling the entire population without impunity since cost is no longer an issue and political push-back will not be a worry. By controlling information, the Government will be fully equipped to perpetuate the rule of the ruling party, as in the case of China and Russia.
 

Using encryption to protect our privacy by increasing the cost of our data

Changed:
<
<
What then do all these mean for us and our privacy? One way to protect our privacy from tech companies and the Government is for us to make it as costly as possible for them to get our data. Only when it no longer makes economic sense for profit-driven companies to collect them will they hopefully give up spying on us. While there are many things we can do, at the very basic level, we should start by encrypting all our online interactions.

More applications, similar to those we regularly use, must come with end-to-end encryption. Alternatives to services that regulate social life has to offer the same (or better) user experience. It has to acclimatize to a style of use which is consistent with the current ecosystem of technology In recent times, some applications with end-to-end encryption have started to spring up and are fast gaining popularity. They range from messaging apps such as Wicker and Signal, to search engines such as DuckDuckGo? , and web browsers such as Tor (which can automatically change your public IP and the Internet circuit every 10 seconds literally making it seem like you are serving the Internet from all over the world). While these big technology companies, like the Government, may still be able to get into your phone if they want to, it is more assuring that they are, at the very least made to work for it.

Not using applications with no end-to-end encryption and moving to applications which has it (and no backdoors) would hopefully send a clear signal to the tech companies that what we want is for our data to be protected. If done at a sufficient scale, it will force big tech companies to re-think how data is being collected, and fundamentally re-shape their business models. Indeed, applications like WhatsApp? and Google Duo have incorporated end-to-end encryption not because they want to (since it would hurt their revenue not being able to spy on you) but because they see people starting to move out to other applications such as Telegram which offers encryption. However, such a shift requires a significant volume of users acting in tandem. It would require a collective awareness as to how our data is being pilfered every time we are on the Internet, and a realization that such a practice is inherently harmful to us, something not everyone cares about.

>
>
Tech companies, like the Government, are constantly working to chip away at our privacy. Encrypting all our online interactions so as to make it as costly as possible for them to get our data is one way to stop the onslaught. If done at a sufficient scale, it will force tech companies to re-think how data is being collected, and hopefully force them to fundamentally re-shape their business models. Indeed, applications like WhatsApp? and Google Duo have incorporated end-to-end encryption not because they want to but because they see people starting to move out to other applications such as Telegram which offers encryption.
 

Changing the mindset of the masses to start using encryption

Changed:
<
<
How then do we change the mindset of the masses? In some parts of the world, perhaps re-education camps may be the answer. There, the “right way of thinking” will constantly be imbued into the psyche of people who “cannot think for themselves” through indoctrination, repetition, and discipline, with the hope that they can change. But what about a society where its people pride itself on being able to supposedly weigh the advantages and disadvantage before choosing what is best for themselves? Education do not seem to work since we still down bottles of Coca-Cola knowing full well that the high amount of sugar is unhealthy for us. We still smoke cigarettes knowing it will cause lung cancer. We still drink alcohol knowing it will cause kidney failure. Maybe governmental action through legislation? No, since individual privacy has never been the Government’s priority, and not when the relationship between Facebook and the White House cannot be described better than with the word cozy.

For the love of. For the love of his children, a father stops smoking. For the love of life, we stop consuming excessive sugar. What inherently is most important to you when it comes to privacy? For the love of being able to use the Internet for exactly the purpose you want to without being distracted by advertisements. For the love of saving time by not having to watch ads before a YouTube? video starts. For the love of exchanging information freely with another person without fearing being spied on. What is your for-the-love-of on the Internet? Because that may be taken away from you soon if you do not start protecting it.

This draft is almost 1600 words long. No draft longer than 1000 words is passable.

The way to cut the draft by more than 30% is to begin from your idea. The history of modern crypto that you give here is not well-sourced and therefore not surprisingly contains many moderately important inaccuracies. At least Steven Levy's Crypto with probably also a look at Glyn Moody's The Rebel Code would help. "The Government" is not really a protagonist: understanding the relevant players within the US government, let alone on the global stage, is a more complex task.

>
>
How then do we convince the masses that they should shift to using encrypted services? First, we need to constantly remind each other of the perils of state/commercial surveillance by keeping the discussion on its harm going. The Snowden leaks and the Cambridge Analytica scandal are good reference points. We need to find ways to drive home the point that if we do not take steps to protect our own privacy, the Government will not do that on our behalf. We need to constantly remind ourselves that if we choose to do nothing, we may one day end up becoming like China, where the Government is able to engage in propaganda and censorship with ease because it has unfettered control over the Internet.
 
Changed:
<
<
So you can source more, and reduce the part of the essay that concerns the history of crypto, while also making your points about law enforcement and national security parties seeking to weaken civil society's crypto more succinct. I am your primary reader, and I know this story. What I don't know is what you think about it, which is what I want to learn. That's not easy in this draft. The next one must be less than 1000 words, the preponderance of which should be about your idea, whatever that is, emerging from the sum of our common knowledge.
>
>
Second, alternatives to services that regulate social life similar to those we regularly use now must come with end-to-end encryption, and offer the same (or better) user experience so as to facilitate the shift. It has to acclimatize to a style of use which is consistent with the current ecosystem of technology. Messaging apps such as Wicker and Signal, as well as search engines such as DuckDuckGo? , and web browsers such as Tor, have gained popularity but more can be done to market them. To accelerate the shift, we need the equivalent of an encrypted form of Facebook and Instagram which seem to be lacking in the market.
 
Changed:
<
<
>
>
Third, we need to look within and ask ourselves what inherently is important to us when it comes to privacy. Do we want someone to always be able to see or know what exactly we do, where exactly we are, who exactly we meet, and what exactly we say? If the answer is no, then if we do not take steps to protect what is ours now, we should not be surprised if it is one day taken away.
 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

Revision 3r3 - 03 Feb 2020 - 14:56:32 - YiShinLai
Revision 2r2 - 12 Jan 2020 - 12:10:07 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM