Encryption Is Not a Crime
218 comments
·April 17, 2025i5heu
Retr0id
It's also, unfortunately, not literally/universally true. There are plenty of jurisdictions and contexts in which it is a crime.
xnickb
A friend of mine had to swear on a holy book to not use VPN upon returning to their country of origin.
jvanderbot
This would make me nervous, but also optimistic that it's difficult to detect? Otherwise why use hell as a deterrent?
markhahn
Which were you thinking of?
I can imagine Iran has some effort to discourage use of VPNs, though of course everyone does.
I thought China simply made it easy to stay within the Great Firewall, and moderately difficult to get out.
Retr0id
There's a decent overview here: https://www.gp-digital.org/world-map-of-encryption/
arnonejoe
I don’t understand this. If you live in the US and use a service like ProtonMail, has a crime been committed? Are there any examples here in the US or anywhere else of arrests/prosecutions being made over encryption? I’ve never heard of any??
gruez
He's probably talking about authoritarian regimes like China or whatever.
Retr0id
I don't live in the US
RIMR
There are places that are not the United States.
roenxi
Also, I've heard it said that people have a tendency to subconsciously flush "not" and remember that sort of statement as "encryption is a crime". It is slightly better to put things positively (eg, "Encryption is the reasonable default").
stronglikedan
It makes sense in this context, as it operates on the idea that it could be a crime: "Contrary to what some policymakers seem to believe, whether naively or maliciously, encryption is not a crime."
netfortius
The "is a right" hasn't worked in years. I'm a lot of areas. . I rather agree with the more specific and up to date "is not a crime".
OhMeadhbh
Claiming a right is not the same as exercising the right, though typically the claim precedes the exercise. Also, are you suggesting you don't have the right to use encrypted communications? (assuming you're not in France, where the "right" to encrypted communications has never been explicitly recognized.)
giantg2
I generally agree. My first thought was that if I encrypt your data without your permission, that would be a crime (eg ransomware).
OhMeadhbh
I think you also have to delete the original information before it becomes a crime. Though monkeying around on someone elses' machine(s) without permission is criminal behaviour in most jurisdictions I've looked at.
kgwxd
"Speech is not a crime"
OhMeadhbh
Not all speech is non-criminal, at least in the US. Inciting speech has always been subject to prior-restraint and fraudulent commercial speech has always subjected the speaker to legal peril.
01HNNWZ0MV43FF
I wish Americans still believed in American freedoms
Encryption is free association and free speech. Talking to someone about what I like without eavesdroppers
Transitioning gender is also free speech, freedom of expression. Presenting how I like and not how some wannabe king wants me to
hilbert42
"I wish Americans still believed in American freedoms"
Yeah, as someone who's viewed America from the outside for decades tragically it's no longer the country I once knew.
giantg2
I think this is a perception formed by media biases. Pretty much any right or freedom evaluated on an individual basis will show that rights and freedoms have expanded (at least up to a few months ago). Many of the negative things being done today have been done in one form or another for a generation or two. I'm not saying that they're right or shouldn't change, just that the perspective of eroding freedoms or right is generally not true outside of business regulations.
clarionbell
The big issue right now is that they can't seem to agree on what those freedoms even mean.
OhMeadhbh
It probably was never the country you once knew. The view of "american freedoms" is radically different depending on the viewer's position in the socioeconomic hierarchy.
jack_h
> I wish Americans still believed in American freedoms
I wish people understood the American system at a philosophical level. What you call "American freedoms" are largely based off of negative rights, i.e. John Locke. Our bill of rights use specific language like "Congress shall make no law", "shall not be infringed", "shall not be violated". It's inherently freedom from state action.
Over the past 100 years a different interpretation of rights has emerged, so called positive rights as exemplified in FDRs second bill of rights; e.g. "the right to a good education" or "the right to earn enough to provide adequate food and clothing and recreation". This requires state action to facilitate freedoms for its citizens.
Unfortunately these systems are incompatible. I think a lot of the friction we are seeing in modern times can partially be traced to this contradiction.
hilbert42
"Unfortunately these systems are incompatible. I think a lot of the friction we are seeing in modern times can partially be traced to this contradiction."
I'm pretty certain you're correct but I won't attempt to justify it detail here as we have to bring out the political philosophy texts on mass.
In the light of the English Civil War many thought about politics and freedoms Locke being one, his contemporary [almost] Thomas Hobbes with a different position—the Leviathan. Rights, freedoms and social contract theory was still raging nearly a century later with Rousseau whingeing about man being born free but everywhere he's in chains—opening line of the Social Contract. And there's still no universally agreed consensus.
Over the centuries political philosophy has covered almost every conceivable interpretation/position about the rights and powers of the State versus individual freedoms, so it's not for the want of options/choices. Dichotomies still remain because the citizenry is composed of people with wide range of political beliefs many of which are incompatible (this has always been the situation).
We shouldn't expect a consensus.
marcosdumay
I'm not sure the US population ever really believed in fundamental freedoms.
They had an apartheid up to 60 years ago. There are living people from that time, and you can't believe in any human right and have an apartheid at the same time.
hilbert42
"They had an apartheid up to 60 years ago."
For many of us outside the US there's a dichotomy here. The North won the bitterly contested Civil War and freed the slaves but never really afforded them true freedoms. Why?
The perception from the outside is that conscience over slavery per se drove the North to war and not concern for the fact that slaves were actually people who were suffering enslavement and or unfairly treated.
Edit: Given the Civil War why was the Civil Rights Movement 100 years later necessary?
cjbgkagh
People believe in logical inconsistencies all of the time, it’s practically the default. Also there is no such thing as perfect freedom, it’s best thought of as an optimization problem with many dimensions.
As an example, the civil rights act necessarily curtails the freedom of association.
kube-system
This is too many words to convince someone who already doesn’t believe this.
Put more simply: the modern internet doesn’t work without encryption, it is a fundamental part of the technology. Without it, anyone could log into any of your accounts, take your money, messages, photos, anything.
gruez
>Put more simply: the modern internet doesn’t work without encryption, it is a fundamental part of the technology. Without it, anyone could log into any of your accounts, take your money, messages, photos, anything.
I'm pretty pro encryption, but even this is pretty dishonest. Phones (ie. PSTN, not iPhones) aren't "encrypted" by any means, but there's plenty of sensitive information sent over it. Lawyers fax each other important documents, and doctors fax each other medical recorcds. There was (is?) even telephone banking where you could do basic transactions over the phone. Even today, some banks/brokerages require you to phone in to do certain high risk operations (eg. high value transfers or account resets). All of this happens without encryption. While that's less security that I'd like, it's safe to say that "anyone could log into any of your accounts, take your money, messages, photos, anything" isn't true either.
kube-system
I’m not saying every layer of the onion is individually encrypted. But there are plenty of layers that are.
There is plenty of encryption used when you send any sort of message from an iPhone, even SMS. You can’t even turn the dang thing on and unlock it without encryption. Then when you send it, it’ll be encrypted by the radio before transmission. Then in transit it may or may not be encrypted at various points.
And POTS is not the internet.
My overall point is that encryption is used all of the time when people use the internet for routine tasks that they expect to work, and would not work in a modern reasonable way without it.
People use these technical implementations details to muddy the water of this conversation and demonize encryption, when the reality is that everyone uses it literally all the time for almost everything.
gruez
>There is plenty of encryption used when you send any sort of message from an iPhone, even SMS. You can’t even turn the dang thing on and unlock it without encryption. Then when you send it, it’ll be encrypted by the radio before transmission. Then in transit it may or may not be encrypted at various points.
If your argument for encryption is "we need encryption because if it's banned overnight all our phones will turn into bricks!", then yeah sure I guess it's true. But even the diehard encryption opponents aren't arguing for this. My point is that you can very much have no encryption, but not "anyone could log into any of your accounts, take your money ...".
OhMeadhbh
Another aspect is traditionally the administrative burden for state actors to receive permission to eavesdrop on POTS technology is relatively high. Or at least it was before the Patriot Act. I would argue it is still higher than eavesdropping on modern digital communications (IPCMS, Email, web browsing, etc.)
nradov
Allowance for using faxes to send protected health information (PHI) as defined under HIPAA was essentially grandfathered in for practical reasons, not because it is at all a secure enough communications system for sensitive data. If faxing medical records had been banned then the healthcare system would have come to a halt, which would have been worse then the privacy risk. But if fax was invented as something new today it would never be allowed for PHI.
It's only recently that more secure alternatives to faxing have become practical, like DirectTrust Secure Direct Messaging.
HDThoreaun
1. How often are people saying their bank login on their phone calls?
2. Is there a way for phone call man in the middlers to get that info without wasting a ton of time listening to calls? With internet MITM it is very easy to set up a program that scrapes unencrypted login info.
gruez
>1. How often are people saying their bank login on their phone calls?
Have you ever called into a bank or brokerage? Most ask "security questions", often ones that you can't even choose, like your address or how many accounts you have with them. It's arguably far worse than speaking your password into the phone.
>2. Is there a way for phone call man in the middlers to get that info without wasting a ton of time listening to calls?
Automated speech recognition has been around for decades. Even before that signals intelligence agencies have shown that widespread wiretapping/eavesdropping is possible and effective.
123pie123
>Put more simply: the modern internet doesn’t work without encryption
being pandantic that should read - the modern usage of the internet..
the internet does work ok without encryption, has it has done from a long time ago
kube-system
That’s exactly the pedantry that muddies the water and confuses people on this issue. Colloquially, it is a distinction without a difference. The internet as normal people know it does not work without encryption.
123pie123
I do agree, it depends on the context, eg talking to my family vs this forum
This site is not full of "normal people" and it shouldn't confuse people/ muddy the water if being dicussed here
cjs_ac
End-to-encryption is a good thing, and so is this website providing information about how to use it.
But this particular article represents a particular pathology surrounding freedom. Freedom is supposed to be about doing what you want. It's not about making florid speeches about how free you supposedly are. If you want to use end-to-end encryption, just use it, and maybe offer advice to others on how to use it.
There are some politicians who have decided that only bad people use encryption. Going up to one of these politicians and trying to explain that you use encryption but you're actually a good person won't convince them that encryption's okay, it'll just convince them that you're a bad person. Politics is one of those things that attracts people who just want to find the shortest route to a decision about who are the good people and who are the bad people, and keeping secrets isn't something that those sorts of people like other people doing.
Unless you have evidence that the government is rounding up people just for using encryption, all this sort of advocacy does is to draw attention to you having something to hide, and therefore probably being some sort of wrong'un. If the government is rounding up people for using encryption, that's a specific threat you need to respond to, and starting a public campaign is not the right response.
loftsy
Something is a crime if society determines that it should be so. Nothing more.
Clearly the pressure on government to write these laws is coming from somewhere. You should engage with the arguments the other side makes.
ziddoap
>You should engage with the arguments the other side makes.
The arguments are "Protect the children.", "Catch terrorists.", "Catch criminals.".
Those arguments have been engaged with for decades. They are purely emotional arguments. Anyone who still pushes those arguments forth is most likely doing so with ulterior motives and cannot be reasonably "engaged" with.
1970-01-01
Let's not ignore the full history here. That is a bad faith argument. It was a crime to use expensive encryption 30 years ago, but a lot of decisions were made to allow it. Today, every single one of those old caveats about child porn, drugs, money laundering, terrorism, (both domestic and international) and criminal acts in general all have stories where weaker encryption would have saved hundreds and hundreds of lives. We have to recognize this or we're just arguing past each other.
https://fedsoc.org/commentary/publications/encryption-techno...
ziddoap
>where weaker encryption would have saved hundreds and hundreds of lives.
Can you do the same thing, but in the other direction? How many people would have been harmed if weaker/no encryption was the standard?
OhMeadhbh
A bit of a nit-pick. 30 years ago was 1995. It was not a crime to use PGP in the US in 1995. What PKZ was charged with was exporting the encryption technology (or allowing it to export itself by putting the code on an anonymous FTP server.) The Bernstein case was similar in that it was the export of the machine-readable code the government objected to, not it's domestic distribution. The right for researchers to publish text describing algorithms had earlier been recognized by the court (which is why Martin Gardner could describe the RSA cryptosystem in Scientific American in 1977.)
palmotea
>> You should engage with the arguments the other side makes.
> The arguments are "Protect the children.", "Catch terrorists.", "Catch criminals.".
> Those arguments have been engaged with for decades. They are purely emotional arguments. Anyone who still pushes those arguments forth is most likely doing so with ulterior motives and cannot be reasonably "engaged" with.
Oh come on. Why do you think a "purely emotional arguments" are illegitimate? Are you some galaxy brain, coldly observing humanity from some ivory tower constructed of pure software?
Nearly all positions people take are, at their core, "emotional." And the disagreements that result in "arguments" are often really about differing values and priorities. You might value your "freedom" more than anything and are willing to tolerate a lot of bad stuff to preserve strong encryption, some other guy might be so bothered by child sexual abuse that he wants to give it no encrypted corner to hide in. You're both being emotional.
lucianbr
Those are both reasoned arguments. The emotional argument would be "some guy is so bothered by sexual abuse he wants to ban lightbulbs because once he heard about a lightbulb in the context of an abuse". The "solution" is not really a solution, but the emotional person does not really care about solutions, he's too emotional to think straight.
At least that is how I see the word used.
ziddoap
>Are you some galaxy brain, coldly observing humanity from some ivory tower constructed of pure software?
I just think arguments based on appeals to emotion are very often fallacious. But sure, I guess that means I'm a... whatever you just said.
HDThoreaun
For what its worth the anti-encryption/anti-privacy laws have caught terrorists in the UK. My company provides data storage for their dragnet and handles various requests and Ive seen first hand 4 different instances where the UK gov watching everyones internet activity led to terrorists being caught.
kashunstva
> anti-encryption/anti-privacy laws have caught terrorists
This is undoubtedly so; but much turns on the trust in government. In this U.S., the president, himself a documented profligate liar, just invited an equally untrustworthy unelected person into the halls of government to vacuum up whatever data he pleased. Maybe trust in the UK government is higher.
hilbert42
Low hanging fruit. The smart ones likely aren't being caught now.
Moreover, it's only a matter of time until the criminal fraternity all catch up and are on the same wavelength. That's when all but the dumbest know exactly what not to do or say on the net.
The Internet is still comparatively young and like everyone else those who've evil intent are still learning exactly how it works. I'd bet money that it won't be long before a 'bestseller tome' of definitive what-not-to-dos cirulates amongst this mob.
The question is at what level will law enforcement's catch have to fall before it has to turn to other methods.
rdm_blackhole
This number by itself means nothing as the other variables are unknown.
How many terrorists were not caught by these systems? How many would have actually done these actions instead of just talking about it? How many could have been caught with just standard police work?
Without knowing these variables then there is no way to say if these systems are particularly good at catching terrorists.
cess11
That same government can use that same dragnet in the suppression of accountability for the war crimes and atrocities it is engaged in.
nickslaughter02
> Clearly the pressure on government to write these laws is coming from somewhere
Software surveillance vendors.
> Chat control: EU Ombudsman criticises revolving door between Europol and chat control tech lobbyist Thorn
> Breyer welcomes the outcome: “When a former Europol employee sells their internal knowledge and contacts for the purpose of lobbying personally known EU Commission staff, this is exactly what must be prevented. Since the revelation of ‘Chatcontrol-Gate,’ we know that the EU’s chat control proposal is ultimately a product of lobbying by an international surveillance-industrial complex. To ensure this never happens again, the surveillance lobbying swamp must be drained.”
https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-c...
markhahn
The problem is LEOs (and associated industry) claiming that enforcement is impossible without the ability to obtain cleartext.
This is a lie: obtaining cleartext just makes enforcement vastly easier and more scalable. If crims have encrypted mobile phones, you can still point a microphone at them.
Scalability is the big issue.
OhMeadhbh
Honestly, I had always assumed LEO wanted access to decrypted message content so they could sell it to advertisers. I mean sure, you could catch a criminal or two, but with all that non-criminal data, just imagine how much off-the-books revenue you could accrue by selling it to the AdWords guys.
freehorse
The other side being, for instance, the surveillance lobby that pushes for chat control laws in the EU? The "arguments the other side makes" are pretty clear at this point, and nothing to do with the "think about the kids" really, not sure engaging with them is the point.
geocar
> Something is a crime if society determines that it should be so. Nothing more.
According to The New Oxford Companion to Law, the term crime does not, in modern criminal law, have any simple and universally accepted definition.
Society also determined it was ok to use a firehose on black people, so I think the best we can say is that the term Crime has nothing to do with Morality, and people who conflate the two need to be looked at with suspicion.
> You should engage with the arguments the other side makes.
I don't. I think most arguments about crime require one-side to act in bad-faith. After all: The author doesn't actually mean that Encryption isn't illegal in some jurisdictions, they mean that it shouldn't be. You know this. I know this. And yet you really think someone needs your tautological definition of crime? I don't believe you.
ivl
The arguments are mostly that they dislike what can be accomplished via math. “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia” isn't exactly an 'argument' so much as an insistence.
The article does address the flaws in some of their arguments (encryption inconveniences law enforcement, think of the children) by pointing out that the average person and children are kept save from criminal elements by encryption.
mathieuh
The arguments from the other side are of the "think of the children" and "tough on crime" variety. They are purely emotional and if you try to dispute them they just respond with "so you don't care about children?". It's like trying to argue with a religious person on matters of faith, you're just not very likely to convince them.
*edited to add "on matters of faith"
voidUpdate
"Think of the children" is used so often when talking about LGBT issues, often not thinking at all about the LGBT children
9rx
"Think of the children" really means "Think of my children". Nobody gives a shit about someone else's children.
gosub100
Kind of impossible when they meet In secret courts and have privileged access to Congress.
elric
If we had trustworthy governments, or trustworthy police agencies, then maybe mandated backdoors wouldn't be all that bad. But if anything, recent events that clearly demonstrated that governments are not trustworthy, even if one is trustworthy today it couldn't become an evil regime tomorrow, and handing all your power over literally anything to such an organization does not seem wise.
socalgal2
It doesn't seem like trustworthy governments is the issue. You can't have backdoors period because they'll be leaked / discovered and used by bad actors.
elric
That too. But even if the government was perfect and trustworthy and free of leaks, that can still all go out the window as soon as a less trustworthy government is elected.
TehCorwiz
I have yet to see a case against someone that hinged on some data that was encrypted. Almost every tale from some cell needing to be cracked has ended in a fart because they got the information anyway using old-fashioned police investigation.
We went from Patriot Act to literally disappearing people without due process in only 23 years. Imagine if they could also decrypt your phone and plant evidence in advance.
rdm_blackhole
I am against it as a matter of principle.
Even if you trust someone with your life and you know this person is never going to betray you and will always have your best interests at heart, that doesn't mean that they automatically get a free pass to view and inspect everything I do every minute of every day until I die.
Unfortunately, that is what these governments want.
bitbasher
The problem is the average person doesn't care very much or understand it.
If you ask anyone if privacy matters they will of course say yes. If you ask them why they use software with telemetry or websites with Google Analytics they will simply shrug.
If you ask them if it's alright for the NSA to collect and analyze data from everyone they will say yes and they have nothing to hide.
People don't know what privacy is. They don't know what they are fighting for or where the fight is taking place.
If you take that and then add encryption to the mix... and you have politicians and agency plants talking about "saving the children from online pedos" by banning these "encryption apps and technology"....
1970-01-01
>People don't know what privacy is.
You nailed the problem. Privacy is the tension between freedom and overwatch. Perfect privacy would yield zero justice, while zero privacy yields big brother/1984 overwatch. A healthy balance must exist for society to thrive.
flessner
"Secrecy of correspondence" is a longstanding legal principle in many countries (e.g. in Germany since the unification in 1871, in the US there was a supreme court ruling in 1877)
The only way to guarantee secrecy is through encryption, preferably e2e.
mohi-kalantari
It’s honestly annoying how often experts speak up about this, and still nothing changes. We’re stuck in the same cycle—fear gets in the way, and in the end, it’s our privacy and security that suffer. If anything, this should be a sign to invest in stronger encryption and better law enforcement tactics that don’t mess with the tools keeping us safe online.
candiddevmike
Imagine how much more successful and productive humanity would be if we weren't constantly being told to fear our neighbors.
OhMeadhbh
Also... we're throwing around words like "crime" and "terror" and talking about shadowy quasi-governmental organizations encroaching on civil rights to privacy. I offer this commentary from the Eurythmics' score to Michael Radford's 1984 film "1984" to serve as background music for our discussions.
kubb
There's an abstract argument template that I've noticed floating around. It goes like this:
1. There's a thing T in the world, and that thing has negative outcomes X, Y, Z, and positive outcomes A, B, C.
2. Some people believe that Y and Z are so bad, that they want to partly compromise C to diminish them.
3. However that will never work! And they'll definitely also take B if we let them mess with C.
4. Besides, C is so important, that we should accept Y and Z to have it.
fenaer
Are you saying that this template is what the article is presenting?
If so I don't believe it applies, in particular because you have stated that only a partial compromise on C is needed to prevent Y and Z.
There is no "partial compromise" on encryption, so this argument is flawed. There is no way to have encryption that "only the good guys" can break. It is either secure, or it is not.
kubb
C isn't encryption :(
chupasaurus
My favorite version of it is "Let's ban air because terrorists breathe".
marcosdumay
I've usually seen it phrased as "let's ban wheels|cars so bank robbers can't escape!".
But well, even that rebuttal is getting tiresome. It's the same people that keep pushing for banning air again and again. They control all the communication channels, so nobody can ever rebut them in a forum that matters, they control the governments, and they are still not popular enough to make that thing pass. Yet, they keep pushing for it.
I don't think we'll solve this by talking about this. We need to talk about systemic corruption instead. (But then, they control the communication channels...)
chupasaurus
From my experience this kind of problems are avoided to be solved simply because the difficulty of them is crystal clear and usually there are no champions who are willing to push it to the very end.
kubb
I love strawmen, but I've seen way too many in my time.
pyfon
Guantanamo Bay was a thing though. Remember you are not banning all air.
And of course the definition of terrorist is will vary based on what politicians want. US recently sent some "Terrorists" to a gulag for example.
chupasaurus
> Remember you are not banning all air.
Nope, it's about exactly that. This policy would work only for law-abiding citizens which terrorists are not, that's the point.
Added: The current gulag expeditions in US nor Guantanamo have nothing to do with US citizens, which is a big difference from GGP's comment.
huslage
That's a template, yes. But why is it bad?
chupasaurus
Because only the first part adds something to the discussion. Starts with the the problem, then goes about only one of the possible solutions (which usually is the low-hanging one), states why it's bad and ends with refuting the existence of a problem.
jmclnx
Seems to be geared towards Apple, but informative nevertheless.
To me, the only sure end-end encryption is gnupg, where you personally create the keys and distribute.
ajsnigrutin
Not a crime, but somehow our dear EU overloads try every year or so to make it a crime in any way possible (eg. chat control).
If we want to play in a world with full transparency, let's start with the politicians!
_Algernon_
And also apply it equally to ecommerce and homebanking.
Lets see how happy the voters are when they have to start walking to their Bank again every week, can't order their latest temu toxic waste product anymore and their GDP drops in half.
zwnow
And like always they claim its to protect our children... Who could possibly argue against protecting children?
ajsnigrutin
Why do you need encryption? Are you sending pedo photos? Are you a pedo? Looks guys, here's a pedo who wants encryption not to get caught!
/s
Also 's/pedo/terrorist/', or {russian|chinese|iranian|north korean} spy or any "bad guy of the day".
candiddevmike
The same people who want to make encryption a crime (like Trump 45[0]) are using signal to discuss sensitive information without an audit trail. It's absolutely rules for thee.
0 - https://www.politico.com/story/2019/06/27/trump-officials-we...
rdm_blackhole
Same with Chat Control. LEO and EU Mps would be exempted from being surveilled because their lives and communications need to be private since they are very important but yours, god no!
And people wonder why democracy is out of style. With democrats such as these, you don't need tyrants.
jaxn
I believe encryption is the most important 2nd Amendment issue of our time, but I never see it framed that way.
15155
Because SF-dwelling tech bros demand free speech but can perform the necessary mental gymnastics to overlook the right to manufacture and possess technology that has existed for over a century.
See also: the ACLU.
I do not like these framings of "not a" because it always sounds so suspicious like "we are not a cult".
It puts the idea into the world that it could be a crime and maybe that it is the status quo.
Much better IMHO is something like "Encryption is a fundamental right.", "Encryption protects everyone.", "Without encryption there is no democracy." and so on.
Maybe "Don’t let them take your right to privacy."