Topic: US Politicians Want to Ban End-to-End Encryption [serious discussion] (Read 215 times)

Well yeah, that's the real issue.

Companies use KYC as a way to extort their customers. It's not fair to a customer to say that they're not going to be collecting KYC information, then when they get a big win (gambling companies), cash out a great crypto trade (margin companies - bitmex), they badger them with tons of different requests for information that they may not want to give, cant give, or etc.

I assume that there is a good amount of laws relating to the fact that you're unable to seize customer funds if you are to implement some sort of policy that may bar them from using your site. But then again, we're in the wild west of crypto where regulation still isn't fully there and companies can seem to do whatever they feel like.

I don't necessarily have a problem with the KYC law itself either. It's not the governments abusing it, the platforms are. When they freeze your funds unless you provide documents, the KYC law basically lets them take your money if you don't send the necessary documents. If they consider it's not enough, you've lost everything.

There probably needs to be a lawsuit though and then things would change. What I meant by all that wall of text is that through all these laws and measures they're just slowly taking more and more little pieces of our freedom and privacy. I am anti-terrorism and anti-illicit activity, but I think there are way better ways to stop them than being able to read our texts.

While I do think that KYC laws are a bit annoying at times, and yes they do contribute the surveilance state, I think they're one of the 'better' ones out of the things that 'big brother' does to us. KYC laws don't typically bother me as much because the government is pretty straightforward about them and companies display them.

For instance - it's pretty easy to be able to tell if a certain website is only allowed to US customers and if they want the customers to be verified. You're able to avoid these. This is not me saying that I agree with the law, it's me saying that these are not the worst ways government abuses its power.

I have a problem when the government goes ahead and places restrictions that we don't know about in the background, or searches through our messages (by banning encrypted messages) and so on and so forth. KYC is bad as well, but at least they display it.

There's always going to be a way out for the terrorists, child porn traffickers and all the other criminals. Meanwhile, we, the legit ones, are being scammed thanks to KYC laws being abused by stupid websites and apps. When will proper action against THESE guys be taken? They basically allowed a law companies can abuse of and they're calling us criminals for using Bitcoin. What?

First we've seen Bitcoin concerns due to "a large part of transactions being used in illegal activities" which was and still is a false idea to begin with, and now they're using child porn as an excuse to stop end-to-end encryption? You could as well stop me from abusing my wife by forcing the installation of security cameras all around my house, it's the same shit. Privacy? None.

Govs are pushing the limits imo. Like come on, if we put together all these measures they're taking "against crimes", it's ridiculous and turns into exactly what I feared years ago: we're heading towards total control.

Because the same excuse can be used in any scenario:
- Need to buy Bitcoin? You need to share your ID to make sure you're not a terrorist.
- Need to talk with someone? Let us read your chat logs to make sure you're not sending someone child porn.
- Need to browse the Internet? Let us see what you're browsing to make sure you're not buying drugs.
- Need to take a photo? Let us see these photos to make sure you don't own some child porn.

And the list could go through hundreds of examples. Where does this end? Well, it doesn't. It only gets worse, actually.

As I keep saying, our privacy is in danger. It's getting shrank down as days go by, and they're taking steps so slow we don't even notice them.

I can't feel safe knowing the government is spying on my texts, listening to my calls and looking at what I'm browsing. At this point, it gets pretty scary because these are like actions a communist country would take. Is North Korea our idol or?

Well here's the thing about privacy and right to privacy activists -- people don't like them. It isn't hard to sell people on the fact that government should be able to ensure that their citizens are safe, that''s simple -- you show them a couple videos of 9/11 and some other horrid terrorist attacks across the country and then you tell them that all of this could've been stopped if the good guys were able to look at the bad guys texts. The next line they use is probably something along the lines of -- well you have nothing to hide right?

It takes a lot to sit down with an everyday person and tell them -- the government shouldn't be able to look through everything that you do online, you should be able to have privacy, and for the majority of people i guess they have NOTHING TO HIDE, but no one wants any of their dirty laundry having the potential to be aired. No one should have to fight for privacy, as we all have a right to privacy. But that's a much harder thing to convice people of, cause they don't understand WHY things should be private.

So the push for total State surveillance (police State) doesn't end in China. The most stupid part these politicians never get is that such laws wouldn't stop the practice, people would do clever things like encrypting twice (strong then weak), more stenography etc. This can only benefit attackers who are would love to harvest everyone's data.

This wouldn't stop any terrorists and terrorists would not follow any laws anyway. Yet it would aid THEM to collect info on individuals to better plan their attacks. Ironic isn't? But that's the problem with politicians, in their ignorance they always cause more harm than good.

Oh and as a side effect things like bitcoin would become illegal, because only terrorists use it right?...

Maybe a right to privacy movement is needed, at this rate even thinking against the State will become a felony.

The sad thing about using this angle, is that it works. The American people (and most people in the world) are always worried about irrational things. The chance of a terrorist attack happening is slim to none, statistically, but that doesn't stop people from  spending billions of dollars a year in ensuring that every single safety feature is present. They way they present it to people who don't agree with them is -- if you don't support this, and a terrorist attack happens, the blood is on your hands. And that's a pretty simple way to make people follow your path, and to get voters to agree with you as well.

Crazy, eh?

You're right. 'Stopping terrorism' is just an excuse, as is this latest angle. Indeed, 'stopping terrorism' has been the excuse for the dramatic ramping up of surveillance activities since 9/11, starting in the immediate aftermath with the Patriot Act which basically destroyed privacy overnight. https://cyber.harvard.edu/privacy/Introduction%20to%20Module%20V.htm

And yet we - or at least many of us - routinely sign it away by clicking our consent to website terms and conditions or else just by using tools such as Facebook and Google.

In the past, even the recent past, surveillance by the government was largely so that they could control us and see what we were doing. That's all changed now with the monetisation of surveillance - indeed surveillance capitalism is Facebook's entire business model. But they are all at it, Google, Amazon, and everyone else.

As crypto moves towards the mainstream, there will be increasing pressure to remove e2e encryption and to mould crypto into something that governments deem acceptable. So is the emasculation of crypto inevitable? I would say no. I think our best chance of avoiding this outcome is the sheer money involved, and the global nature of bitcoin and the huge commerical advantage that things like smart contracts such as Ethereum can provide. Whilst individual governments can 'ban' bitcoin and other cryptos, to do so would put them at a huge disadvantage against anyone who does adopt it. Basically the choice for governments and corporations is to adopt crypto or get left behind by your competitors. So for this simple reason I think that government attempts to wrest control of the direction of crypto will ultimately fail.

Pretty sure this article was just summarized from BitcoinNews (or some site like that) as I saw it pop up on my Google News timeline and all that.

I personally don't want to see companies forced to end the process of end to end encryption. I'm a privacy advocate (like many on here) and don't think that the government should be able to parse through what I say to other people online just for the shit of it. Plus, there's no evidence that this sort of mass surveilance of the American people (and foreign entities) even helps at all to stop terrorism or other sorts of crime.

We all have a right to privacy, and the government has a right to fuck off from trying to stop us from having that.

They just want to be able to dig up dirt on people, and say that they're doing it to help us when it doesn't help us at all.

You will rarely see me post here since there are better forums for that, and I find almost all political discussions disgusting, but this topic is sufficiently important and at least somewhat related to the "crypto" part of cryptocurrencies.


I dare say, this would-be law is evil. First of all there are dozens of childporn dark net and clear net sites that they are scared of visiting, even for the purpose of taking it down. Second this is going to eliminate people's privacy and everyone's messages will be able to be seen by hacker creeps.

But the more important, relevant-to-this-forum third reason is that passing a ban on encryption shows that these lawmakers do not understand how it works and this has negative consequences for anyone who has secret data to keep safe.

What do I mean by this?

End-to-end encryption, or any encrypted communications channel like HTTPS, works by relying on a shared secret to scramble the content of whatever message is being sent. This shared secret is generated by both parties without having to send it across a communications channel, eliminating eavesdropping. HTTPS has nothing to do with this discussion, I just raised as a comparison point. It's not used in the E2E encryption that's targeted by this law.

I'm just going to assume that the end-to-end encryption system used is OpenPGP at this point because I haven't heard of other systems used for this purpose. You wonder that you hear a lot of sites talking about how you should be using end-to-end encryption but for some reason, they never talk details about it.

OpenPGP uses RSA keys, and derives shared secrets, specifically session keys, from RSA keys and RSA is the weakest part of the whole OpenPGP pipeline. You are more likely to see cryptographically weakened RSA public keys being used to defeat encryption than other parts of OpenPGP.

How likely is the NSA to break OpenPGP?

It depends on how quickly they can factor large numbers i.e. guess IDEA ciphers, the whole purpose of number theory, or whether they can bypass factoring entirely. Brute forcing is infeasible - but only if the keys are big enough. Most keys are 2048 or 4096 bits which can't be broken in the present.

But there's also a whole list of other attacks they could try against OpenPGP implementations like bugging the random number generator:


Or keyboard, memory or disk cache (or even your monitor's radiation) snooping: https://www.iusmentis.com/technology/encryption/pgp/pgpattackfaq/practicalattacks/#whatpassiveattacks

All this assuming OpenPGP is the end-to-end encryption method. It might not be the encryption system used in all or even any E2E encrypted programs but strong cryptographic algorithms cannot be exported from the US anyway so it's usually the case that US politicians are dismayed about realistically unbreakable ciphers. So under the disguise of "regulatory compliance" we can expect them to try to introduce a flaw in OpenPGP, because they did exactly that in SSL (re: FREAK vulnerability) which ended up shooting themselves in the foot as J. Random Hacker could by then cheaply buy computing resources to break them and, uh, their own websites:


So, you guys here are using 4096 or at least 2048 bits for your RSA public keys. Imagine if you were forced to use merely 512 bits for your keys (by virtue of using a messaging app made by a company forced to comply), that would be a disaster. That's what these politicians want but they don't realize the disaster part. And if this law gets into effect, it's safe to assume processing power has advanced far enough to allow anyone to break these keys right now.

Now, with such a weakness, the NSA's not going to go out and brute force everyone's or some random person's public key. They will only go after specific people who are most likely very far away from this forum. But as I said above, what's stopping anyone else from brute forcing your keys and causing a general ruckus to the public?