Thoughts on arguing end-to-end crypto and surveillance
Many Western governors are pushing for laws mandating all private communication can be secretly read and analyzed for them.The latest attack targets the one technology that still enables some privacy on a massively surveilled internet: end-to-end encryption. As hackers or IT people we can not afford to lament that the public doesn’t understand the significance of end-to-end crypto or privacy if we don’t appreciate its value for societies at home and abroad ourselves.
Responding to the renewed surveillance attacks with quick technical or narrow economic counter arguments is not going to work. An appropriate response needs to consider the political history and context of the current crypto and surveillance debates. Moreover, to stem the never-ending waves of new secret agency laws a re-framing of the common security debates is crucial to avoid the never-ending succession of new powers for government.
Let me start by rejecting the idea that governmental surveillance attacks have anything to do with fighting ruthless killers (“terrorists”) however often this claim is repeated in broadcast media. This is not to disregard the power of repetition, see the endlessly repeated claims of the existence of “Weapons of mass destruction” as a pretext for the Iraq war, or the fact that advertisements work. But despite endless repetition, governmental surveillance attacks don’t have anything to do with fighting terrorists. To turn it around, and i think the burden ought to be on the framers, where is the hard evidence that mass surveillance of civilians has significant effect, if any, on preventing terrorist attacks against civilians? And even if surveillance would prevent a few attacks how would it compare to the dangers of more government power?
The “fight terrorists with surveillance” discussion framing is seriously flawed also for another reason. Within it you are always going to lose the argument against more surveillance. If not now then after the next terror event. Because proponents can always argue they were right: if no attack happens it proves surveillance works and we need more of it. If an attack happens it also proves we need more surveillance. In this framed logic there can never be any rolling back of government powers.
The way out is to unframe the discussion and discuss the political and historical contexts of “terror attacks” and “expanding surveillance” separately. Let’s start with surveillance. If fighting terrorism is a red herring what are the motivations and politics of expanding government surveillance?
Governors worry about their power base
Governors of all kinds worry that people decide to change things in ways which endanger the power their associated networks hold. And they are particularly afraid today because they know there are many reasons why people want to change things in more fundamental ways. As much as people have lost trust in governors, governors have lost trust into people to keep them and their ilk in power.
The fear of governors seems justified if you look at the example of Spain in 2015: big parts of Spain’s social movements associate with a very new party on the block: Podemos. It aims to win the election in December and currently is leading the polls against the two parties which have governed Spain since 1975. It could actually happen despite the German chancellor Merkel supporting the Spanish president Rajoy who just introduced draconian laws against protesters and is generally sending his troops everywhere to avert the decline of his power network. Having to resort to direct repression is a sign of lost political power and in the case of Spain, panic. If you remember that Spain is a major EU country it’s understandable that many other governors in the West are worried something similar might happen to them soon.
Governors are always afraid they could lose their sight and grip over what people in their constituency are up to. Today it is not enough to have buddies in broadcast media which frame the discussion and interpretation of events to the governor’s liking. You also need to understand and contain, if possible, wider internet discussions before they can effect change you don’t want. Governors learned from Hannah Arendt that private discussions form the basis for public opinions which in turn structure and determine governmental power. If that weren’t the case how could feminist and really any social struggle have succeeded? It certainly never was the broadcast media or governors who first talked about and demanded rights for women or other oppressed groups.
How to contain decentralized communication?
New realities are co-created in a more decentralized manner and quicker than ever. Communication platforms grew in the last decade because of the interests of people to communicate and connect with one another. Maybe that’s due to a lost sense of community in disintegrating city neighborhoods which make people use “social media”. But in any case, Youtube, Twitter, Gmail, Facebook and IOS/Android app platforms became big because they facilitated decentralized communication and sharing between people. This presents a problem to governors because web communications are harder to contain in acceptable ways.
For a typical broadcast media discussion format you can send allied experts and construct “position” and “opposition” and thus frame the discussion. For example, it’s acceptable to discuss the virtues and dangers of “press freedom”, how to deal with “islamist militants” or how to “defend our values and rights”. Western Governors find it much less acceptable to link the Hebdo killing of or the rise of the “Islamic State” to the recent Western wars in Iraq, Libya and Syria, or to the everyday killing of civilians through Western drones and torture. Governors can’t yet directly contain such unacceptable linking activities and they are worried about it. For the time being, they try to frame it as irrelevant and repeat the “we are being attacked by ruthless killers” on broadcast media some more. It still kind of works but it’s unclear for how long.
What helps to contain discussions is to implant “You are being watched!” into the minds of people discussing the future of their governance. Putting up some public examples of punishment for unacceptable dissent refines the message into “Watch your words (and internet links!)” … also known as internalized or self-censorship. That’s not just effective for governors in Saudi Arabia but for their Western allies as well. The recent US sentencing of journalist Barret Brown to 48 months of prison for posting a link to some leaked data on an IRC channel can be seen as an example of a public punishment with chilling effects.
Arguments and national tactics against crypto attacks
Governors have long realized they can exploit central communication platform ownership to tap into most private communications. But to their apparent shock, many IT companies in the Post-Snowden era are implementing decentralized encryption because they in turn want to assure users that they can’t surveil their private messages. As a reaction, governors are conspiring to prevent decentralized encryption reaching the masses which would see them losing their current in-depth access to private communication. Psychologically speaking, losing power is always harder to accept than not having it in the first place.
A response to the crypto attacks which I consider optimistic, if not shallow, is “it’s not technically feasible to regulate or ban end-to-end crypto”. It underestimates the ability of governors to write laws which will drastically change the playing field even if in an incremental manner. To begin with, why shouldn’t it be possible to prevent companies from distributing apps which incorporate decentralized encryption? Google and Apple already employ their own regulation on what kind of apps are distributed through their stores. Another regulation on decentralized-crypto apps can probably be added by the governors in the US. And that would prevent decentralized encryption reaching the masses at least in the short term.
As to government access to end-to-end encryption, it’s true that backdooring crypto would make people more vulnerable against all kind of exploiting attacks, not just governmental ones. Governors might frame this dillema by claiming that security against physical attacks is more important than security against someone reading your messages. Such an argument already incorporates the flawed “it’s all about anti-terror” framing. The increased vulnerability of everyone’s devices is a bit of a tricky issue for governors given they couldn’t protect their own data against Snowden. If neccessary, governors will try to make concessions. Some applications such as online banking could be allowed to use non-backdoored crypto. They have all the banking data already, anyway. They probably will want to exempt governmental communication itself as well. With that we’d end up with a complete reversal of the democratic principle: public governments to act in secret and private communication to be constantly surveilled.
Western Governors have learned from the last Cryptowars battles. They know full well that they can only break private communication encryption if they outlaw it in a synchronized international manner. Otherwise they would have a harder time to overcome national arguments like “companies are going to leave the country if you ban decentral encryption”. Therefore, we need to fend off attacks on decentralized crypto in at least some Western countries to make such commercial arguments useful. Concretely, US companies like Google and Apple will more strongly resist if the EU does not also illegalize decentralized crypto.
It is as crucial to prevent EU crypto regulations as it was two decades ago. During the crypto battles in the 1990ties I studied with the deeply inspiring Prof. Andreas Pfitzmann who consulted the German government on crypto regulation. Along with other colleagues and groups he tirelessly worked and finally turned the tides and prevented Germany and thus the EU from introducing government backdoors to crypto algorithms. This in turn lead France and then the US to drop their plans and eventually relax crypto export regulations to keep their companies competitive. Today, we are back to square zero and must again convince some EU governments or parliaments to refrain from crypto banning laws. It’s a fight we better not lose.
Lastly, I’d like to be clear if maybe controversial on the dreadful Anti-Terror topic: If the Western governments want to stop killers from targetting western individuals they first need to stop ruthlessly killing and terrorizing individuals from abroad. Nothing else will bring more physical security against terrorist attacks. It reminds me of the 2500 year old question from the chinese politician and philosopher Confucius: “The way out is via the door. Why is it that no one will use this method?”
metaprogramming and politics 
Loose, or lose? Anyhow, great writeup Holger. They’re learning, just like we are. They’re starting to see that the harder they squeeze us, the more oozes out between their fingers. So, what do they do? Get the media to push mk ultra mind numbing propaganda even harder. It’s deafening. The UN world government is bilderbergs jackboot. The good thing is, the more we’re squeezed, the less we have to lose.. empowering, no? 🙂 Peace thru crypto.
ken Code (@kenCode_de)
January 24, 2015 at 9:31 pm
Thanks, it’s indeed “lose”! One thing i left out, btw, is whether the rest of the five eyes (Canada, Australia, NZ) are already in-line with banning decentralied crypto. I kind of assume so but don’t know.
holger krekel
January 24, 2015 at 9:41 pm
Well, if they can’t control it, then they’ll certainly try, either via an outright ban, or getting us to demand it’s ban. I see the msm pushing the latter. The bigger and more propagated the lie, the easier it is for the masses to accept it as truth. ..i think Stalin said that.
ken Code (@kenCode_de)
January 25, 2015 at 7:45 am
This seems bulletproof: “if no attack happens it proves surveillance works and we need more of it. If an attack happens it also proves we need more surveillance.” In the past, I have asked surveillance enthusiasts, “how many people will mass surveillance save? 10? 50?” The most common response is that we need as much surveillance as possible in order to save more lives. So, better to start with your argument and put the burden on surveillance enthusiasts.
I wish I could learn some very succinct arguments related to the relationships among copyright, DRM, surveillance, cryptography and P2P apps. Maybe once more people become familiar with the idea of a DApp, it will be easier.
exapted (@exapted)
January 25, 2015 at 3:39 am
[…] https://holgerkrekel.net/2015/01/24/thoughts-on-arguing-end-to-end-crypto-and-surveillance/ […]
1p – Thoughts on arguing end-to-end crypto and surveillance – Exploding Ads
January 25, 2015 at 10:13 am
It seems that you have little idea about what Podemos is. Most of its “leaders” (despite they claim decentralisation) are from Madrid, very little representative of the broad Spain. They have no known past other than appearing on TV. These are media people, boosted by main media corporations broadcasting them all the time. They don’t have any political program, and when they show some parts of some would-be, next week they change it. Completely different statistics about intention of vote appear on media, about them. The other political forces, landowners, barely try to fight it.
The discourses of Podemos are full of demagogy and indefinition, trying just to catch the votes of the “haters”, a blind vote, of those who only know that they don’t want to vote for the *known* parties. So much media spam, promise of change, indefinition and people ready to vote the unknown (“It can’t be worse of what we know”), is a good field to abuse by the current people in power (media owners, big corporations, etc.).
This phenomena happens regularly in spain: UPyD, Ciutadans/Ciudadanos, now Podemos, … It’s rooted in the main concepts of “not left not right” of Falangism, and the demagogical populism of Lerroux (this of early 20th century).
Don’t be blind: the good guys are not those with undefined programs, in main media all the time, with no known past of activism.
Podemos also claims decentralisation in the organisation, but they end up choosing leaders. They have several groups caring on different topics, and they have so different opinions in all respects that the main clause is “let’s make it look as if we are united, or we won’t get votes”. The tactic is to get all the votes, and “then we will see”. A very usual thing in Spain.
This Podemos seems to be the empowering of this group by people-already-in-power, to catch blind voters with all the spread hopes of change “to something better”, and avoid the continuous independence of conquered territories like the Catalans (as these yes want a clear decentralisation). The same kind political fight happened in the end of the 19th century by the lose of Cuba, and the other colonies conquered in past centuries, while Madrid tried to keep all tied together and under rule. All to keep on with the united great empire of Spain, with theater illusion over the citizens.
Spain has a long tradition of hopeless parties. There is no current magic solution to this, like this magic “vote Podemos and all will be good”. It’s the result of centuries of illiteracy and undemocratic governments until very very recently. And the dictatorship wasn’t solved by pushing out the dictator; it was just an accomodation of the power class to the “new democratic trends of Europe”, with a transition that never judged the dictatorship genocides, crimes, or anything alike. It’s all under the carpet and even now this topic cannot be touched at all. All criminals of the dictatorship genocides keep on being respectable men of state, as if all were the result of normal democratic politics.
Viric
January 25, 2015 at 12:38 pm
Please read the original paragraph that the author wrote about Podemos and stop spreading bullshit. It is also very common in Spain that many people fail at basic reading comprehension skills.
Juanlu001
January 25, 2015 at 2:39 pm
Thanks for your critical views on Podemos, I appreciate it.
First of all, I didn’t mean to endorse Podemos as I am generally skeptical of parties. And i admit that i don’t yet have in-depth views of Podemos, i am only looking at it from a distance. Leaving the question of what politics Podemos really represents aside, I for now maintain the claim that the PP/PPOE party networks must be horrified at the prospect of a new party winning the election. My gov/surveillance article here does not really focus on the particulars of Podemos so i hope the main points about the relation of “surveillance” and “governors beeing worried” are not compromised. In the end, it’s not about party politics so much but how government actions are shaped to respond to the what i perceive as the crisis of capitalism.
holger krekel
January 25, 2015 at 2:40 pm
You make some fair points about Podemos in general, although I was going to object about lumping them in with UPyD or Ciudadanos… Until I read the thing about conquered territories (big lunacy flag). Regional nationalist parties that mushroomed in the 20th century, in local power since the late 70s, are also seeing in dismay how large chunks of their voter base –who were disgruntled with the main parties in power in Madrid- are flocking to Podemos, another “centralist” party in their view. All of which seems to prove Mr Krekel right in how Podemos scares the status quo parties, althought they hardly seem to be the answer to anything and the whole example has nothing to do with the wrongness of encryption banning.
JotaEle
January 25, 2015 at 4:10 pm
Regional nationalist parties in the conquered and subjugated territories that mushroomed after abolition of Inquisition, start of early democracy, and end of dictatorships. That surprising phenomena.
“flocking to Podemos” sounds right though.
Viric
January 25, 2015 at 4:22 pm
Right, that podemos paragraph wasn’t about encryption banning but about understanding why governors are interested to surveill. How I view Podemos in detail is not very important for the argument i am trying to make as long as it’s true that Mr. Rajoy and his power networks are scared of the rise of a new party so quick.
holger krekel
January 25, 2015 at 6:54 pm
It is true that Podemos headquarters is in Madrid. Although the “Mover ficha” manifesto (where Podemos started) has only half of the signatures from Madrid. Going further Podemos results in the euro elections show people from every region voting for Podemos. Therefore it represents more than Spain.
The have no (big) past… in politics. Again you can read the signatures from the “Mover ficha” manifesto and see that they have an active past. Some of them have wikipedia pages where you can see what they have done.
It is true that they now appear on TV, and since the movement was formed on 2014, you might know them only from TV during the last year. In TV you see what media can “sell” and it seems that advertisements in between Pablo’s debates are selling well.
Their program (Electoral manifesto) is the second link in his site, on the top header. I had some problems with his site right now, perhaps you had problems too and you couldn’t read their programme.
Their discourse is of “change” and “positiveness”, that is confronted with “fear” by “scaremongers”. That’s the political landscape almost everywhere. The party is based a lot on the image of Pablo. Although it’s a common marketing practice for political parties. While I don’t like it I don’t see anything different from any big party in their marketing decisions.
They have secretaries, like communist parties. Not a president. The local group representatives and secretaries are open elections and you can do that online: https://participa.podemos.info
Right now PP and PSOE (the 2 biggest political parties) are trying to scare voters from Podemos. They are together against someone that might kick them out the power they have. They’re scared and you can see that in what exactly do they address: Podemos.
I don’t like that Podemos uses the image of Pablo a lot. It should be more about the ideas and less about the person. Again, it is quite common in Spanish voters to look for a saviour. Podemos uses that in their advance.
You can hit them hard on their politics, but remember to read their electoral manifesto.
graffic
January 25, 2015 at 7:46 pm
The post seems to me pretty off base. If I understand correctly, fighting terrorism would be just an excuse, then why else would the government want to ban encryption? to avert grassroots organisatons like Podemos in Spain perhaps? Seriously it comes across as rather paranoid. I also don’t like the suggestion that the terror attacks happened because “we had it coming”, with our use of “terror”, “torture”, “drones”, and selling them Coca-cola. It all sounds as if we were still protesting against the Vietnam war and as if nothing had changed since then. That hardly helps your argument.
I am a strong opposer of the encryption ban myself. IMHO they (the governments) want easy solutions to difficult problems such as terrorism in a globalised world. They want the terror threat gone asap. They asked their police departments what they would need to be more effective and they said “If only they wouldn’t use encryption”. In my view, banning encryption would probably have the ill effects that you describe, yes they might even collect and use private information unfairly but in my view that would be only a plus, not the real reason. And as you, I don’t think the terror attacks would necessarily stop. The whole idea is as if they were to ban private use of cars to avoid roadside deaths. Private use of encryption is a basic right and we cannot call ourselves free without it.
JotaEle
January 25, 2015 at 4:54 pm
The point i am trying to make is that governors push for surveillance the more they are afraid of what their constituency is up to. I used the rise of Podemos as an example for what governors are afraid of. Twenty years ago, a shift of a few percent in elections was considered a big deal. Nowadays, and i think that’s partly because of economies in crisis, new parties can be constructed quickly and stand a chance to get landslide victories. I am not saying this is a good or a bad thing but it’s something governors from long-standing governing parties are afraid about. And those are the ones who are expanding surveillance for the past 20 years which I followed.
As to Vietnam I indeed think that not much has changed in principle. The West and particularly the US is intervening (or even starting wars) in many places, it has prisons like Guatanamo where, if some secret body classifies you as a “enemy combatant”, you have no rights and are subject to kidnapping and torture. Drones kill people based on cell phone data including all bystanders. Seeing all this, it’s not too surprising that people want to retailiate violently. Claiming that terror attacks are motivated just by … being barbaric or evil is a comparatively hand-wavy explanation, wouldn’t you agree? Craig Murray has written a similar post about this (https://www.craigmurray.org.uk/archives/2015/01/inevitable-payback/ ), there are many others.
holger krekel
January 25, 2015 at 9:24 pm
I agree with you nearly 100% on the encryption banning thing but not on the causes of terror issue which we might discuss at length when it becomes on-topic. My point is that your bias on one matter debases your arguments on the other and that might needlessly put off some people like me who do not share such bias. I just wanted to respectfully call your attention to it.
JotaEle
January 26, 2015 at 12:01 pm
I think Jota may have a point — if we have two possible explanations for politicians wanting to ban encryption — no 1 being “we genuinely believe it will help stop terrorism”, no 2 being “we are lying about the terrorism thing, actually we just want to be able to pry into people’s private lives in order to control them and maintain power”… well, even if no. 2 might be partially true and some subconscious level, and therefore be a contributing factor, I tend to think that number one stays convincing. There’s no point in imagining evil motives in your enemies if naive ones will do. The politicians believe it will help because that’s what the spies and the police forces are telling them.
Instead, you can move the question up one level — if that’s what the spies and the police are telling politicians, do they genuinely believe it? And are they right?
I think it’s quite likely that the spies and the police *do* genuinely believe more surveillance will prevent terrorism or crime. It’s up to us to make the argument that it won’t be effective, and more importantly that the price is not worth paying.
by analogy with the US torture report: you shouldn’t use torture, partially because it doesn’t yield very good intelligence, but more importantly because it’s morally abhorrent, it’s not a strategy we are willing to resort to.
Harry P
February 10, 2015 at 2:44 pm
When discussing the issue of attacks against individuals in Western cities i insist it’s necessary to look at the root contexts in which they are happening. And for me that means discussing causes and relations to Western day-in-day-out military actions in many countries around the world. Just today there was this heartbreaking story about the 13yo which you might have seen: http://www.theguardian.com/world/2015/feb/10/drones-dream-yemeni-teenager-mohammed-tuaiman-death-cia-strike . There are many stories like this as you probably know.
My main point is that we need to disentangle the discussion about “terror and surveillance” and look more honestly and openly at causes and effects. I am fine with also focusing on particular aspects sometimes like you suggested but personally refrain from implicitly agreeing to the “surveillance against terror” storyline.
For those of you who understand german (or can make sense of google translate), my article about cryptowars in the EU was published here on monday: http://www.heise.de/tp/artikel/44/44086/1.html in which i focus more on the positions of european governments and do not discuss terror/war topics actually. It’s a magazine, however, which publishes critical views on western military actions, e.g. here: http://www.heise.de/tp/artikel/43/43771/1.html
holger krekel
February 10, 2015 at 7:14 pm
I think that’s absolutely a valid discussion, but I wonder if it’s in danger of being a red herring when discussing the idea of banning crypto?
“we need to ban crypto to stop terrorism”
“actually, if you really want to stop terrorism, you probably want to alter your foreign policy”
“”
And then you’re in danger of someone saying, well, if foreign policy is a given, because it’s not going to change overnight, then maybe banning encryption is a good idea, given the circumstances?
no — banning encryption is a bad idea, no matter what the current foreign policy climate is. let’s explain why.
Harry P
February 11, 2015 at 5:37 pm
Fair points. Discussing the effects of trying to identity suspicious behaviour based on mass surveillance data is valid in itself, agreed. FWIW I usually try to adapt my communication to paticular audiences. I use my blog posts to make points which might not fit everybody, though. When i write articles for newspapers i typically constrain myself a bit more. I do aim to be consistent with my basic views there as well. And that, in the crypto context, means for me to not accept the “surveillance helps against terror” premise.
holger krekel
February 12, 2015 at 10:55 am
(that little third reply is meant to say “enter long digression about interventionism, neocons, etc etc”)
Harry P
February 11, 2015 at 5:42 pm
There seems like a line, to me, from Whatsapp’s announcement of end to end encryption for their Android users, and Cameron’s announcement, with the Paris attacks being the first convenient reason to make such an announcement.
It would be interesting if you wrote more about your experience in the 1990s. The battles won are quickly forgotten.
pfctdayelise
January 25, 2015 at 9:37 pm
You bring up very good arguments. I also read an article on heise [1] today from Franz Rieger. So, what you think should we practically do? Organize more key-signing parties and start an Avaaz campaign?
I am too young to remember the original Crypto-Wars but what I have read from them is that the better argument won – so that seems like a good starting point here as well. But I actually don’t know how to bring the arguments to the people who decide upon the laws. And even if, how can I make sure they don’t just ignore what I have to say?
The best argument that I found against the “crypto-ban stops terrorism” argument is that an organized small group (“terrorists”) can much easier create ways to communicate secretly, no matter what the laws are, then an yet unorganized large group (the public).
[1] http://www.heise.de/newsticker/meldung/Kommentar-Die-Crypto-Wars-3-0-sind-ein-Kampf-um-den-Erhalt-der-Demokratie-2525998.html
Der Mor
January 26, 2015 at 6:07 am
That is a good argument but IMHO it just goes half of the way. Sure, crypto-ban does not stop terrorists, drug dealers, paedophiles and tax evaders, anyone would agree, but it sure makes it a bit more difficult for them. Why should we leave it easier? My example above is banning private cars. Such a ban would no doubt reduce road casualties and but all you have to oppose is that at some point some person will get run over by a bus anyway. My point instead would be is it worthwhile? Does the benefit of having private cars not outweight the -always terrible- toll in car accidents which on the other hand we are constantly striving to reduce by other different means?
JotaEle
January 26, 2015 at 12:21 pm
I see what you mean. Thanks for pointing it out.
Der Mor
January 26, 2015 at 6:49 pm