Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This may be an unpopular take but I think it has some merit.

Cryptography is not the answer to surveillance. It has its place but that place is not to keep everyone's data secret _and_ irretrievable as plaintext except by its holder (never mind owner), if they retain the key.

The answer will be legal and political.

I cannot see the endgame where all data is forever gone, with the exception where people proactively plaintext their data for future generations.

Let's say instead of iPhone contacts or chat conversations we begin keeping tax records, transactions, commerce, etc. secret, except for the person or entity encrypting the data (who may or may not be the owner). What if the heirs need that data or third parties, lawfully? What about discovery in court cases? What if someone comes up with malware which encrypts your data and you have no backup?

How do we reconcile wanting data to be available (free) with also wanting everything encrypted for posteriority --do we just forgo that treasure trove of data?

I'm not saying don't encrypt on transmission, or even at rest, simply (or complicatedly) that we have a way to data once it's lawfully determined it can be should be made available to second and third parties, including the public.



"What if the heirs need that data or third parties, lawfully?"

Law states that banks have to give a notice to heirs when the original owner dies.

"What about discovery in court cases? What if someone comes up with malware which encrypts your data and you have no backup?"

Then you lose all your data. How is that a problem? You ask the bank-government for new credentials. And you learn to make copies for the next time. Not the end of the world.

It's not really that different from loosing your keys, maybe you will have to destroy your old lock and buy a new one.


I'm not sure I understand your point. Without encryption, legal and political constructs protecting privacy are nigh unenforceable.

Similarly, most records of importance to my heirs or a court case aren't solely held by me. Purchases are recorded by at least myself and the vendor, potentially with an intermediary like my CC or bank.

My tax records are retained by both myself and the IRS. In the case of a gov't case against me, they have those records. In the case of heirs needing access, they can petition the government if I failed to provide other access for some reason.

The malware example, this already happens. It can happen with or without cryptography being legal or pervasive.

> How do we reconcile wanting data to be available (free) with also wanting everything encrypted for posteriority --do we just forgo that treasure trove of data?

Who wants everything encrypted? I cannot think of a single person that's not at a very extreme ideological position that would argue for that.


> ...simply (or complicatedly) that we have a way to data once it's lawfully determined it can be should be made available to second and third parties, including the public.

Fine, you show me a way we can do that that does not necessarily entail that the "bad guys" (which explicitly includes law enforcement, unless and until its aims shift from "winning cases" to the actual pursuit of, you know, "justice") can access it, too, and maybe we can meaningfully have that discussion.

But, as long as my choices are "keeping everyone out" or "risking the bad guys getting in," I don't see much difficulty in picking my camp.


That's the big problem. How do we address that? Basically society has to grow up. People and organizations and government will have to learn how to "respect" what's marked off, unless as defined by law, others have access to that data (access to which was available in the analog world -but which does not always match up 1:1 digitally).

It basically amounts to the same "respect" we observe when we don't break through people's windows (even though it's trivial) or how "super users" don't [typically] abuse personal data at companies, etc.


I don't see irretrievable data as being significantly different than data that never existed to begin with, the only real difference is the belief that something valuable is hidden behind encryption. If and until the encrypted data is made plain, there's no telling what it contains, it could be tax records, transactions, commerce, or it could be a copy of the 1987 American action comedy film "Ishtar".

In the case of tax records (and ignoring that government would have a copy of said records), consider a dispute with the government who claims that a deceased person didn't pay taxes while the heirs claim taxes were paid (obviously a contrived example). If the "proof" is unavailable because the deceased encrypted it, then the result is the same as if the encrypted data never existed. The heirs could say that any random noise is encrypted data that provides proof of payment, but without any way to decrypt (and, arguably, to authenticate it) that random noise into actionable data, any claims the encrypted data contains the necessary "proof" is meaningless.

In other words, it's not the fault of encryption that the heirs have to deal with this beef from the government, but rather the fault of the deceased who encrypted things valuable to the heirs without a way for the heirs to access it (via sharing a key or explicit, chosen key escrow with a third party, etc). We like to say the answer will be legal and political, and it definitely has legal and political influences and impact, but given that the encryption is unbreakable, or the value of the dispute isn't worth the effort to undertake breaking it, we won't be able to legislate math to, uh, "not work".

Even if the government is the trusted entity of last resort and maintains a "legal" way to access encrypted content, there's nothing stopping the deceased in the above contrived example to have encrypted it using an unsanctioned algorithm or not have shared the key with the government, or whathaveyou. Then they die. Not only is the data inaccessible, but the responsible party is dead, and unable to have legal retribution rendered unto them for breaking the law. In this respect, the data is just as good as not having ever existed (which may very well have been the reason the now deceased encrypted it in the first place).


I understand your point. Mine is that if it were to become ubiquitous as Apple and others foresee it, it won't be just a few people or the paranoid or the ones who want things to remain hidden, but it will also encompass all the others who had no intention to keep things from others.

As personal computing continues the migration towards mobile devices and away from PCs, most people's personal data will be on systems where there is no way to get around a lost key. I'm actually interested to see how Apple plans to manage the accidental lockouts and data destruction when all of a person's information is on their mobile computing devices.

There won't be any "oh, let me take it to the Genius Bar" solution.


Totally agree. Encrypting data then discard the key is no different than burning the data in physical media in the old days.


Thats a fine argument for why you might choose to make your data available. But the question is whether the government shall limit by force my ability to use, or contract with another private party to provide me with non-backdoored encryption.

If you want data available for posterity or for your heirs, you should be able to make it so. Why compel me to do the same if I don't want those things?


Because the trend is for it to become ubiquitous, the standard.

We have enough issues with backward compatibility with old antiquated data formats. Imagine the scenario ten years from now when someone wants to look through historic documents and there is no way to retrieve them.

People do not make good contingency plans. Life events. Now data will go with people to their graves. No way to recover it.

Grandma had you videos and pictures on her mobile computing device, we have no way to get them back....


People do not make good contingency plans. Life events. Now data will go with people to their graves. No way to recover it.

So this is no different than data that goes to people's graves that isn't encrypted. People never made good contingency plans, they don't make good contingency plans, and they will continue to not make good contingency plans. The availability of encryption doesn't change that.

Grandma had you videos and pictures on her mobile computing device, we have no way to get them back....

"Think of the grandmas!"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: