- cross-posted to:
- Technology@programming.dev
- cross-posted to:
- Technology@programming.dev
cross-posted from: https://programming.dev/post/37443248
Answer
Question no. 1425 (General part) from the Danish Parliament’s Legal Affairs Committee:
“Will the minister elaborate on the minister’s statement to TV2 on the 21st?”
August 2024, where the minister says: "We have to break with the totally mistaken notion that it is every man’s freedom to communicate on encrypted messaging services
(…)”?”
Answer:
We know that social media and encrypted services are unfortunately largely is used to facilitate many forms of crime. There are examples on how criminal gangs recruit completely through encrypted platforms young people to commit, among other things, serious crimes against persons. It is an expression of a cynicism that is almost completely incomprehensible.
We therefore need to look at how we can overcome this problem. Both in terms of what the services themselves do, but also what we from the authorities can do. It must not be the case that the criminals can hide behind encrypted services that authorities cannot access access to.
Therefore, we, as a government, will also strengthen the police’s capabilities in the area of decryption, of course under appropriate legal guarantees, as is also the case today. In addition, the Ministry of Justice has The Criminal Justice Committee has just started working on a terms of reference that will look at the challenges that technological developments present to the police investigation, including the use of encrypted messaging services.
I also note that steps have been taken within the EU towards a strengthened regulation of, among other things, digital information services and social media platforms.
For example, the European Commission has proposed a new Regulation on rules for preventing and combating sexual abuse of children. The proposed regulation contains rules on obligations for certain online services to minimize the risk of their services being misused for online child sexual abuse, and the services can, if necessary, be required to track down, report, remove and block access to material showing sexual abuse of children.
There is AI. Facebook doesn’t have to forward encrypted messages. The internet can be locked down to prevent encryptes messages.
How? I doubt you’re able to propose a solution that can’t be broken in 5 minutes, the only solution is to either accept it or block 100% of the internet, if you leave even a single write access allowed it can be used to communicate, and if it can be used to communicate, it can be used to send encrypted messages.
Single messages can be hidden in random conversations e.g. by typos or other patterns. But the AI will flag anything that could be used to send more than twitter messages.
If network access is only allowed for bootlocked phones, how would you send those messages but by typing them by hand?
So there will be 10 messages or more for one meaningful message.
That’s useful for activists but destroys any ability to organise a movement that needs to recruit followers.
That’s all it takes, cryptographic communication is a list of single messages, if you can pass one without being detected you’re done.
First of all that is impossible, TCP/IP is an open protocol, you can build your own small computer and connect it to a network. But let’s for a moment assume this was possible, you can encrypt/decrypt messages with an offline machine and send them to the online one by any number of means, e.g. Build a QR code and scan it with your phone.
A movement that needs to recruit followers won’t encrypt their messages since they need people to be able to read them. They could use public key encryption to ensure that people could send messages to them and they can sign messages, but encrypting the messages is pointless. You only encrypt messages when you trust the other party, otherwise anyone could intercept and encryption is pointless.
You are not a nuclear submarine. You want to communicate.
How, if all ports are blocked but for specific P2P connections?
Your phone is not yours. The excessive use of qr codes will be reported.
Exactly. Without movements there is no need for encryption.
My point was that if you can get one message past the AI scanner you can get any number of them in the same manner.
Port 80/443 would still need to be opened, TCP/IP can be used to do whatever you want.
What is an excessive use? I read a QR code daily when catching the bus to know how long it will take, I use qr codes to login on multiple services because it’s convenient and faster than typing my password, lots of ads and other things use qr codes. Plus, that was just one example of an easy way to do this, there are thousands of other ways, moving data between devices is one of the most common things one can do.
No, you’re missing the point, encryption is used between known members of a movement, not to recruit or contact the exterior, that would be impossible as no one outside of the movement would understand the messages.
Also there’s always need for encryption, you don’t want your bank details to be sent unencrypted, and if you’re allowing even one encrypted messages you’re fucked because any encrypted messages should be (by definition) completely indistinguishable from another similarly encrypted message, that’s the whole point of the thing.
That’s wrong. Facebook can allow one random url to pass, maybe 20 but not 200. There is no bandwith beyond secret twitter messages.
To preapproved subnets.
There are not. Even QR code readers can be required to scan the content. If it is random crpto bytes, ICE will be informed.
Why would they? Only clear messages that are encryted on their way between liscensed messenger services.
The Internet can’t be locked down to block shit.
Tell me what you do if only registered messenger services are allowed, that run on phones with intact boot loaders?
Then forbid any peer to peer connection that wasn’t requested by those services.
No VPNs, no unlicensed servers.
There can be a free internet in Africa but Europe can be locked down more than China if so desired.
You do know that cryptography predates computers right? Anything that can send text can be used to send encrypted messages, don’t believe me? Here you go:
There’s no way you will be able to read the message above unless I give you the key for it. How would they stop me from sending that?
Also, are they going to firewall my VPS? What about my personal server? What if we use text files on my personal server, using ssh keys to connect to it? There’s no way to block all cryptographed communication without blocking all communication.
If you can only send facebook messages, facebook can block anything with more than 5 random characters.
VPS - virtual private server? The server is behind a router. Of course it can be firewalled. It’s also on a host server so all your files can be read without you noticing.
Everything can be blocked by default and only AI monitored channels from official services can be accepted. Short messages can be hidden with crypto tricks but that is a very limited freedom for very few people.
Congrats, you now blocked people from sharing urls, setting their delivery address on areas where code has numbers, or prevented people from communicating in a different languages or using slangs since it’s impossible to keep track of all of that. Also are you blocking images too? Otherwise you can put text in the image in several different ways.
I also mentioned my home server, but in case you didn’t knew you can encrypt files on a VPS, sure there are attacks to access the contents when they’re being decrypted by the VPS, but there are lots of ways to have the server send the content encrypted and only decrypt it locally.
How would AI know the difference between “hey check this video <link to video>” and “hey check this video <link to video whose url has an encoded message>”? Or even “see you at the party tomorrow” and “see you at the party tomorrow” (i.e. the secret meeting will be tomorrow). Cryptography is so much more than just making your messages look like random characters, hell, using AI it’s very possible to have it write a text that uses all of the random letters on a gpg encrypted message in a specific way that others can decrypt, but since hose are still random characters it’s impossible to know there’s a message there.
They can check the url.
From where does the server get the content if every port is blocked but from licensed servers? You could contact them directly.
It doesn’t have to. People can still meet offline and share secrets. It’s enough to limit the amount of secret communication. It’s enough if people cannot share books and videos in secret.
And do what? The URL might be invalid because it was temporary, or it could be a valid url that has a message in it, it’s impossible to know if the random characters in a girl are random or have a meaning behind.
How do you think that would work? My server has an IP, I control the ports on that machine. Sure, my ISP could try to block me by putting me inside a LAN or something so I don’t have access to the internet IP, but packages have to make it from and to my computer, so a path must be established, and where there’s a path you can do all sort of fun stuff with it, such as reverse shells or proxies. At the end of the day you can’t block stuff unless you block everything.
You haven’t proposed any solution to the sharing of videos of books, hell, you can share pirated movies on Facebook if you want to without them knowing by taking a page from usenet and encoding the video in text and publishing it on several different pages and sharing an external file linking all of them together. Add an extra layer that uses AI to convert each post into something that sounds reasonable and no post in particular would raise any alarm, and even looking at all of them together nothing makes sense, unless you know the order and the key to decrypt it.
unless only licensed companies are allowed to have servers.
Usenet didn’t track who was reading those pages. One video can be shared, 10 exposes the people who are going to receive a visit from ICE.
One text can be shared, 100 will be detected. Facebook has data centers, while that layer has to run on a computer graphics card.
Remember the Windows 11 secure boot requirement. Soon most motherboards will require Windows. Only a selected few will have access to private AI.
It’s easier to prevent fascism now than to undo it once it is established. There will be no virtual nerd freedom oasis.
I’d not use them?
How exactly would you get that implemented?
At each router, store the allowed subnets of acceptable servers and dop any other connection. So P2P is blocked by default. But if a connection is needed, the messenger services get an API to unlock routes for channels that they control.
I think you are vastly overestimating what anyone can do.
All telecom providers can be required by law to implement it and Cisco and the other router suppliers can add that feature to their operating systems, if they not already have for countries like China.
The free internet can become a sandbox in a matter of weeks, maybe even days or hours.
The illusion of freedom is too valuable to be destroyed unnecessarily. But if people start to do serious protests I would expect the internet to go down like in Türkiye.