[PASSED] Right To Secure Digital Communication

by **Greater Cesnica** » Sat Jan 16, 2021 10:26 pm

Category: Civil Rights
Strength: Significant
Proposal Link: https://www.nationstates.net/page=UN_vi ... 1612933360

The General Assembly,

Believing that access to encryption and other secure communication methods in the digital age yields numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby:

Defines for the purposes of this resolution:
Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by rendering unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
A secure communication method as a relay, protocol, or standard other than an encryption method intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties,
Prohibits member states from:
Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to Article 3, or
Acting to reduce the strength of any encryption method or secure communication method, or
Requiring the usage of insecure encryption methods, technologies, or standards, or
Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
Requiring third parties to implement methods that would grant an unauthorized party access to secure, private communications between authorized parties,
Permits member states to restrict user access to secure communication methods provided that:
These secure communication methods were originally intended for government or military use, and that
A significant detriment upon the strength or reliability of such secure communication methods can be foreseen or observed as a result of removing restrictions on user access to those outside the government or military,
Clarifies that:
Encryption methods may not be banned or restricted under any circumstances,
The foreseen or observed detriment upon the strength or reliability of secure communication methods required by Article 3(b) to restrict user access to secure communication methods originally intended for government or military use must be sufficient enough to render such secure communication methods either:
Incapable of protecting the privacy and integrity of communications using this secure communication method, or
Unreliable to the extent that communications using this secure communication method are unlikely to reach their intended recipient(s), and that
Member states shall not use any form of coercion in order to bypass any prohibition under Article 2.

by **Greater Cesnica** » Sat Jan 16, 2021 10:26 pm

The General Assembly,

Believing that access to secure communication methods yields numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Acknowledging that while the specific targeting of private communications pertaining to certain individuals may be justified in the interest protecting the general public; the practice of mass surveillance cannot be justified by this Assembly; as such measures constitute an unacceptable incursion upon civil liberties,

Therefore seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols, secure data exchanges; and also seeking to prevent the execution of mass surveillance,

Hereby,

Defines:
Mass surveillance as the indiscriminate execution of surveillance upon a large or limitless group of individuals irrespective of any specific suspicion of wrongdoing, and
Encryption as any methodology which utilizes ciphers to protect the integrity of private communications and restrict access to authorized parties; thus denying access to unauthorized parties,
Prohibits member states from carrying out:
Mass surveillance upon any group or population of people for any reason,
Bans or restrictions upon user access to any encryption method or other form of secure communication, and any prohibitions upon the implementation of encryption methods or other forms of secure communications,
Actions taken to reduce the efficacy of existing or future encryption methods or other forms of secure communication,
Mandates requiring the usage of insecure encryption methods, technologies, or standards,
Mandates requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised means of secure communication, and
Mandates requiring the creation of means to allow an unauthorized party from accessing to secure, private communication between authorized parties.

Draft created.

Adopted 1(a)(i) format, decided not to cover surveillance in this proposal, reworded clauses for clarity, strength changed to Mild.

Expanded and clarified definition of encryption.

Defined "secure communication method" for clarity, and amended 2(b) so that "efficacy" now reads "strength".

Amended 2(d) and 2(e) to close potentially abuse-permitting loopholes.

Cleaned up definition 1(b), clarified definition 1(a).

The General Assembly,

Believing that access to secure communication methods yield numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby,

Defines for the purposes of this resolution:
Encryption as any methodology which utilizes ciphers to protect the integrity of communications or any other digital data by scrambling unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be restored to its original state by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
A secure communication method as a system, protocol, or standard other than encryption intended for communication or otherwise transmitting data and information between two or more digital devices that prevents the interception of this data or information by any unauthorized parties, and
Prohibits member states from:
Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to clause 3 of this resolution,
Acting to reduce the strength of any encryption method or secure communication method,
Requiring the usage of insecure encryption methods, technologies, or standards,
Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
Requiring the implementation of methods to grant an unauthorized party access to secure, private communications between authorized parties,
Permits member states to restrict user access to certain secure communication methods provided that:
These secure communication methods were originally intended for government or military use, and that
A significant detriment upon the strength or reliability of such secure communication methods can be observed as a result of removing restrictions on user access to those outside the government or military.

Added clause 3, which permits member states to restrict user access to certain secure communication methods, but not encryption methods. Furthermore, in order to restrict user access both conditions outlined in clause 3 must be fulfilled, hence why I used and instead of or. I've also clarified 2(b), and decided to upgrade the strength to Significant.

The General Assembly,

Believing that access to secure communication methods yield numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby,

Defines for the purposes of this resolution:
Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by scrambling unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be unscrambled and rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
A secure communication method as a system, protocol, or standard other than encryption intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties, and
Prohibits member states from:
Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to clause 3 of this resolution,
Acting to reduce the strength of any encryption method or secure communication method,
Requiring the usage of insecure encryption methods, technologies, or standards,
Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
Requiring the implementation of methods to grant an unauthorized party access to secure, private communications between authorized parties,
Permits member states to restrict user access to certain secure communication methods provided that:
These secure communication methods were originally intended for government or military use, and that
A significant detriment upon the strength or reliability of such secure communication methods can be observed as a result of removing restrictions on user access to those outside the government or military.

Amended 1(a) and 1(b) to clarify function and intent.

The General Assembly,

Believing that access to secure communication methods in the digital age yield numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby,

Defines for the purposes of this resolution:
Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by rendering unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
A secure communication method as a system, protocol, or standard other than encryption intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties, and
Prohibits member states from:
Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to clause 3 of this resolution,
Acting to reduce the strength of any encryption method or secure communication method,
Requiring the usage of insecure encryption methods, technologies, or standards,
Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
Requiring the implementation of methods to grant an unauthorized party access to secure, private communications between authorized parties,
Permits member states to restrict user access to certain secure communication methods provided that:
These secure communication methods were originally intended for government or military use, and that
A significant detriment upon the strength or reliability of such secure communication methods can be observed as a result of removing restrictions on user access to those outside the government or military.

Further clarifications on definitions and preamble.

The General Assembly,

Believing that access to secure communication methods in the digital age yield numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby,

Defines for the purposes of this resolution:
Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by rendering unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
A secure communication method as a system, protocol, or standard other than encryption intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties, and
Prohibits member states from:
Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to clause 3 of this resolution, or
Acting to reduce the strength of any encryption method or secure communication method, or
Requiring the usage of insecure encryption methods, technologies, or standards, or
Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
Requiring third parties to implement methods that would grant an unauthorized party access to secure, private communications between authorized parties, and
Permits member states to restrict user access to certain secure communication methods provided that:
These secure communication methods were originally intended for government or military use, and that
A significant detriment upon the strength or reliability of such secure communication methods can be observed as a result of removing restrictions on user access to those outside the government or military.

Added 'or' at the end of 2(a)-2(d), and rewrote 2(e) for clarity.

The General Assembly,

Believing that access to secure communication methods in the digital age yield numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby,

Defines for the purposes of this resolution:
Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by rendering unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
A secure communication method as a relay, protocol, or standard other than an encryption method intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties,
Prohibits member states from:
Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to clause 3 of this resolution, or
Acting to reduce the strength of any encryption method or secure communication method, or
Requiring the usage of insecure encryption methods, technologies, or standards, or
Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
Requiring third parties to implement methods that would grant an unauthorized party access to secure, private communications between authorized parties,
Permits member states to restrict user access to certain secure communication methods provided that:
These secure communication methods were originally intended for government or military use, and that
A significant detriment upon the strength or reliability of such secure communication methods can be foreseen or observed as a result of removing restrictions on user access to those outside the government or military.

Replaced 'system' with 'relay' for more specific application in 1(b), replaced 'observed' with 'foreseen or observed' in 3(b).

The General Assembly,

Believing that access to secure communication methods in the digital age yields numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby:

Defines for the purposes of this resolution:
Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by rendering unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
A secure communication method as a relay, protocol, or standard other than an encryption method intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties,
Prohibits member states from:
Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to clause 3 of this resolution, or
Acting to reduce the strength of any encryption method or secure communication method, or
Requiring the usage of insecure encryption methods, technologies, or standards, or
Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
Requiring third parties to implement methods that would grant an unauthorized party access to secure, private communications between authorized parties,
Permits member states to restrict user access to secure communication methods provided that:
These secure communication methods were originally intended for government or military use, and that
A significant detriment upon the strength or reliability of such secure communication methods can be foreseen or observed as a result of removing restrictions on user access to those outside the government or military,
Clarifies that:
Encryption methods may not be banned or restricted under any circumstances, and that
The foreseen or observed detriment upon the strength or reliability of secure communication methods required by Article 3(b) to restrict user access to secure communication methods originally intended for government or military use must be sufficient enough to render such secure communication methods either:
Incapable of protecting the privacy and integrity of communications using this secure communication method, or
Unreliable to the extent that communications using this secure communication method are unlikely to reach their intended recipient(s).

Added clarification clause which ensures that encryption methods cannot be banned or restricted under any circumstances, and that also defines the extent of 'significant detriment' required to justify restricting user access to secure communication methods originally intended for government or military use.

[box]The General Assembly,

Believing that access to secure communication methods in the digital age yields numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby:

Defines for the purposes of this resolution:
1. Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by rendering unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
2. A secure communication method as a relay, protocol, or standard other than an encryption method intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties,
Prohibits member states from:
1. Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to Article 3, or
2. Acting to reduce the strength of any encryption method or secure communication method, or
3. Requiring the usage of insecure encryption methods, technologies, or standards, or
4. Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
5. Requiring third parties to implement methods that would grant an unauthorized party access to secure, private communications between authorized parties,
Permits member states to restrict user access to secure communication methods provided that:
1. These secure communication methods were originally intended for government or military use, and that
2. A significant detriment upon the strength or reliability of such secure communication methods can be foreseen or observed as a result of removing restrictions on user access to those outside the government or military,
Clarifies that:
1. Encryption methods may not be banned or restricted under any circumstances,
2. The foreseen or observed detriment upon the strength or reliability of secure communication methods required by Article 3(b) to restrict user access to secure communication methods originally intended for government or military use must be sufficient enough to render such secure communication methods either:
  1. Incapable of protecting the privacy and integrity of communications using this secure communication method, or
  2. Unreliable to the extent that communications using this secure communication method are unlikely to reach their intended recipient(s), and that
3. Member states shall not use any form of coercion in order to bypass any prohibition under Article 2.

Prevented member states from using coercion to bypass Article 2.

by **Honeydewistania** » Sat Jan 16, 2021 10:29 pm

For ANY reason? Not even if they're confirmed terrorists etc?

Also, Digital Network Defence (which I'm trying to repeal but I'm taking far too long on a replacement, lol) says:

Reserves the right of member nations to monitor networks for digital security threats, should national law allow them to do so.

Lastly, clauses 4-6 are grammatically incorrect. Make them a separate article

by **Greater Cesnica** » Sat Jan 16, 2021 10:34 pm

Honeydewistania wrote:For ANY reason? Not even if they're confirmed terrorists etc?

Also, Digital Network Defence (which I'm trying to repeal but I'm taking far too long on a replacement, lol) says:

Reserves the right of member nations to monitor networks for digital security threats, should national law allow them to do so.

Lastly, clauses 4-6 are grammatically incorrect. Make them a separate article

Mass surveillance is indiscriminate. It occurs irrespective of any suspicion or confirmation of any criminal activity or undertaking. If nations manage to confirm that a large group of people are indeed terrorists, then surveillance would be legal, as that surveillance would no longer be indiscriminate.

As for Digital Network Defence, thank you for letting me know about that. I will keep in mind not to submit this until that is repealed.

I shall work on clauses 4-6 now.

by **Imperium Anglorum** » Sat Jan 16, 2021 10:37 pm

Draw a distinction between monitoring and other things. Put that distinction in the preamble.

by **Imperium Anglorum** » Sat Jan 16, 2021 10:41 pm

Also please use a standard 1(a)(i) format to number the operative clauses. The mandates clauses shouldn't be nested under 'Prohibits'.

by **Greater Cesnica** » Sat Jan 16, 2021 10:58 pm

Imperium Anglorum wrote:Also please use a standard 1(a)(i) format to number the operative clauses. The mandates clauses shouldn't be nested under 'Prohibits'.

Adopted standard 1(a)(i) format, and I also reworded those clauses. Also as discussed I've opted to not cover surveillance in this proposal. This also means I've changed the strength to Mild.

by **Greater Cesnica** » Sun Jan 17, 2021 7:25 am

Also, I presume now that this draft in its current form is not in contradiction with GA #378 "Digital Network Defense".

by **Imperium Anglorum** » Sun Jan 17, 2021 3:15 pm

Your definition of encrypted is too difficult.

For most computer users, they put a password on a computer. The computer is encrypted under your definition because the computer uses a cipher (SHA-1 or something similar) to protect the password and restrict access to the computer... even though everything that is saved to the SSD thereof isn't actually encrypted by, say, FileVault.

by **Greater Cesnica** » Sun Jan 17, 2021 4:37 pm

Imperium Anglorum wrote:The computer is encrypted under your definition because the computer uses a cipher (SHA-1 or something similar) to protect the password and restrict access to the computer... even though everything that is saved to the SSD thereof isn't actually encrypted by, say, FileVault.

That is what I had in mind when I added the bit about backdoors. I don't believe companies like, say, Apple, should be coerced into implementing a backdoor access for the government to access locked iPhones. Same thing goes for Microsoft, whom I don't want being coerced into installing backdoors into their Windows operating systems to allow the government to access locked desktops.

by **Honeydewistania** » Sun Jan 17, 2021 4:41 pm

Nations that ban or restrict encryption sound like only a small group of fringe psychotic dictatorships who want to ban everything, so I'm not sure if this is needed. The backdoor one seems like the only one more governments would use but I don't see why requiring backdoors should be banned. What about terrorists?

by **Greater Cesnica** » Sun Jan 17, 2021 4:51 pm

Honeydewistania wrote:Nations that ban or restrict encryption sound like only a small group of fringe psychotic dictatorships who want to ban everything, so I'm not sure if this is needed. The backdoor one seems like the only one more governments would use but I don't see why requiring backdoors should be banned. What about terrorists?

The FBI got into Syed Rizwan Farook's (one of the two perpetrators of the San Bernardino attacks) iPhone without backdoor access, as Apple had refused to acquiesce. Therefore I believe that such restrictions on requiring backdoor access are perfectly reasonable. Also, I know that this isn't necessarily pertinent to the NS world, but here's a list of just a few IRL countries that have either restricted or prohibited encryption in a meaningful capacity, in one way or another:

The United Kingdom
France
Brazil
Germany
Finland
Russia
The People's Republic of China
Pakistan
India
Australia
New Zealand
Japan

A map of nations by restrictions can be found here: https://www.gp-digital.org/world-map-of-encryption/

by **Tinfect** » Sun Jan 17, 2021 5:10 pm

Greater Cesnica wrote:Prohibits member states from:
Banning or restricting user access to any encryption method or other form of secure communication,

"The Imperium, like any reasonable Member-State, maintains security methods and protocols separate from civilian networks and technologies. This provision would prevent any such basic military or intelligence security measures. I assure you that absolutely no Member-State with information systems is in compliance with this measure, and doing so would effectively abolish Member-States' ability to defend against information attacks."

Greater Cesnica wrote:Acting to reduce the efficacy of existing or future encryption methods or other forms of secure communication,

"And this measure could prevent Member-States from making any such attacks themselves, or, potentially, from developing more advanced systems at all, wherein security is dependent on the difficulty of calculation or similar.

This legislation is poorly considered and deeply harmful to Member-States, and certainly there is little benefit to similar legislation were the flaws corrected. The Imperium is opposed."

by **Imperium Anglorum** » Sun Jan 17, 2021 5:47 pm

Greater Cesnica wrote:
Imperium Anglorum wrote:The computer is encrypted under your definition because the computer uses a cipher (SHA-1 or something similar) to protect the password and restrict access to the computer... even though everything that is saved to the SSD thereof isn't actually encrypted by, say, FileVault.

That is what I had in mind when I added the bit about backdoors. I don't believe companies like, say, Apple, should be coerced into implementing a backdoor access for the government to access locked iPhones. Same thing goes for Microsoft, whom I don't want being coerced into installing backdoors into their Windows operating systems to allow the government to access locked desktops.

I don't think you understand my point. It's not actually encrypted. I'll try to explain this less technically, assuming the computer is a pre-T2 Mac with removable storage and FileVault disabled (modern Macs are all automatically encrypted by their T2 chips).

Boot the computer.
Enter your password.
Save a text document, say, called 'top_secret_secrets.txt' to Desktop.
Take out the storage.
Mount the storage on another computer.
Navigate to /Users/USER_NAME/Desktop/.
Open 'top_secret_secrets.txt' on that desktop.

While there is a password associated with booting, logging in, and executing actions directly in the operating system, that password doesn't actually pass through to the storage layer. All you need to do to recover (or copy) the data is to mount the storage on another computer because it's stored in plaintext. No password is required to do anything. This 'vulnerability', if it could be called that, is present on all Windows computers (without buying third party software). macOS has had optional home folder encryption since 2003 and optional full-disc encryption since 2011. Modern Macs have a storage layer encryption enabled by default. Many Linux distributions allow for similar encryption schemes without cost.

Your definition applies to computers merely with a password whose contents are not actually encrypted. It does not actually capture what encryption is and how it actually works.

by **Greater Cesnica** » Sun Jan 17, 2021 5:58 pm

Tinfect wrote:"The Imperium, like any reasonable Member-State, maintains security methods and protocols separate from civilian networks and technologies. This provision would prevent any such basic military or intelligence security measures. I assure you that absolutely no Member-State with information systems is in compliance with this measure, and doing so would effectively abolish Member-States' ability to defend against information attacks."

OOC: Having access to encryption protocols and standards does not compromise military information security. You are aware that the United States military, for instance, utilizes AES-256 bit encryption for classified information, right? Are you also aware that such encryption is publicly available for use in the United States? Do you honestly believe that the United States military would permit the general public to use the same grade of encryption that it uses for top-secret information if it compromised national security?

Tinfect wrote:"And this measure could prevent Member-States from making any such attacks themselves, or, potentially, from developing more advanced systems at all, wherein security is dependent on the difficulty of calculation or similar.

How? I would like you to justify your reasoning here, as I fail to comprehend how you deduced this conclusion. Nothing prevents a member state from developing more advanced systems whatsoever.

by **Greater Cesnica** » Sun Jan 17, 2021 6:37 pm

Imperium Anglorum wrote:
Greater Cesnica wrote:That is what I had in mind when I added the bit about backdoors. I don't believe companies like, say, Apple, should be coerced into implementing a backdoor access for the government to access locked iPhones. Same thing goes for Microsoft, whom I don't want being coerced into installing backdoors into their Windows operating systems to allow the government to access locked desktops.

I don't think you understand my point. It's not actually encrypted. I'll try to explain this less technically, assuming the computer is a pre-T2 Mac with removable storage and FileVault disabled (modern Macs are all automatically encrypted by their T2 chips).

Boot the computer.
Enter your password.
Save a text document, say, called 'top_secret_secrets.txt' to Desktop.
Take out the storage.
Mount the storage on another computer.
Navigate to /Users/USER_NAME/Desktop/.
Open 'top_secret_secrets.txt' on that desktop.

While there is a password associated with booting, logging in, and executing actions directly in the operating system, that password doesn't actually pass through to the storage layer. All you need to do to recover (or copy) the data is to mount the storage on another computer because it's stored in plaintext. No password is required to do anything. This 'vulnerability', if it could be called that, is present on all Windows computers (without buying third party software). macOS has had optional home folder encryption since 2003 and optional full-disc encryption since 2011. Modern Macs have a storage layer encryption enabled by default. Many Linux distributions allow for similar encryption schemes without cost.

Your definition applies to computers merely with a password whose contents are not actually encrypted. It does not actually capture what encryption is and how it actually works.

Alright, so should i just expand the definition of encryption to include the role of decryption keys and plaintext? Since the focus of the resolution is primarily securing communication between devices, whether that be file transfers or chat messages.

by **Tinfect** » Sun Jan 17, 2021 11:34 pm

Greater Cesnica wrote:OOC: Having access to encryption protocols and standards does not compromise military information security. You are aware that the United States military, for instance, utilizes AES-256 bit encryption for classified information, right? Are you also aware that such encryption is publicly available for use in the United States? Do you honestly believe that the United States military would permit the general public to use the same grade of encryption that it uses for top-secret information if it compromised national security?

OOC:
Now now, I understand it may be hard to tell, but, if you look very very closely, you will find that the Imperium of Tinfect, the fascist space dictatorship where any and all data must pass through a wholly government-controlled central archive, is not the United States of America.

The point, which you've apparently missed, is the "any [...] other form of secure communication," bit. The Imperium has a rigorous information and communication security regime, and there are a variety of systems, networks, and protocols reserved for, say, higher-level government operations, the military, or Imperial Intelligence. This clause would effectively require Member-States to open up all such systems to civilian use, regardless of context. I assure you, the United States has special secure networks used for passing around information that would be dangerous if present on insecure systems, which would similarly be adversely effected were they mandated to be flung upon to civilian information traffic.

Greater Cesnica wrote:How? I would like you to justify your reasoning here, as I fail to comprehend how you deduced this conclusion. Nothing prevents a member state from developing more advanced systems whatsoever.

IC:
"Ambassador, I am sure you understand that much of encryption is merely asking a question that is mathematically unreasonable to answer. The Imperium, being a dramatically more advanced civilization than your own, would very likely find it trivial to break encryption methods that are, to you, virtually impenetrable, by simple virtual of dramatically superior processing ability. Any advancement in processing ability, produces an equal reduction in the efficacy of extant encryption methods."

by **Greater Cesnica** » Mon Jan 18, 2021 6:19 am

Tinfect wrote:OOC:
Now now, I understand it may be hard to tell, but, if you look very very closely, you will find that the Imperium of Tinfect, the fascist space dictatorship where any and all data must pass through a wholly government-controlled central archive, is not the United States of America.

The point, which you've apparently missed, is the "any [...] other form of secure communication," bit. The Imperium has a rigorous information and communication security regime, and there are a variety of systems, networks, and protocols reserved for, say, higher-level government operations, the military, or Imperial Intelligence. This clause would effectively require Member-States to open up all such systems to civilian use, regardless of context. I assure you, the United States has special secure networks used for passing around information that would be dangerous if present on insecure systems, which would similarly be adversely effected were they mandated to be flung upon to civilian information traffic.

OOC: From a technical standpoint, the problem you are describing simply does not exist. Secure communication methods, whether they be through E2EE, relays like Tor, identity networks, obfuscated-node P2P networks; all of them have one thing in common- users having access to them does not impede on the security of others users.

Just because I can access the dark web via the Tor relay does not compromise the security of a website owner hosting their website via a .onion domain. Just because we have access to 5G networks does not compromise the various high-level applications that the U.S military performs with 5G. If your fascist space dictatorship feels the need to descend to the absolute depths of tyranny, so be it. Just know that restricting secure communication protocols to the state does nothing. A truly secure communication method would ensure the integrity and privacy of all of its users, regardless of whether they are civilians or members of the government/military.

Also, I would have presumed by now that you would have caught on to the central spirit of this resolution- to oppose incursions on civil liberties and to curb government power. Something that your ~~government~~ nation would, of course, naturally oppose.

IC: "Any advancement in processing ability, produces an equal reduction in the efficacy of extant encryption methods."

OOC: Your point is moot. Encryption methods evolve over time, technology and knowledge increases. Advancements in processing ability tend to be matched by advancements in encryption methods.

by **Greater Cesnica** » Mon Jan 18, 2021 6:53 am

I've expanded and clarified the definition of encryption:

1. Defines encryption as any methodology which utilizes ciphers to protect the integrity of communications by scrambling unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be restored to its original state by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and

by **Tinfect** » Mon Jan 18, 2021 7:52 am

OOC:
God forbid we try to keep things IC and vaguely civil for once, huh?

Greater Cesnica wrote:OOC: From a technical standpoint, the problem you are describing simply does not exist. Secure communication methods, whether they be through E2EE, relays like Tor, identity networks, obfuscated-node P2P networks; all of them have one thing in common- users having access to them does not impede on the security of others users.

You do not define the term 'secure communication methods'. That's the point, if you intend for 'secure communication method', to be interpreted solely as data-security methods, such as encryption, define it.
As it written, as the Civil Oversight representative up there read it in-character, it would appear to cover secure, Military/Intelligence/Government networks and systems that are accessible only via particular methods or otherwise isolated for security reasons, as virtually any government, real or fictional has; the best way to protect a computer, is to not hook it up to anything it doesn't strictly need to be hooked up to.

'Any other form of secure communication', could very well include anything from the office network of the local DMV to a military channel that would be best not clogged up with 40 terabytes of pirated porn. There are a variety of very legitimate methods to restrict user access to such things; this isn't even the Imperium making an unreasonable demand. Fuck's sake, I'm trying to help.

Greater Cesnica wrote:If your fascist space dictatorship feels the need to descend to the absolute depths of tyranny, so be it. [...] Also, I would have presumed by now that you would have caught on to the central spirit of this resolution- to oppose incursions on civil liberties and to curb government power. Something that your ~~government~~ nation would, of course, naturally oppose.

It would be greatly appreciated if you would refrain from insinuating that the positions of the fictional space dictatorship I run in a video game, remotely represent my actual positions. You've decided to take this OOC, stick to it.
The Imperium has been here a long time, and has a record in the GA that I highly suspect you would be surprised by if you think so little of my RP already.

Greater Cesnica wrote:OOC: Your point is moot. Encryption methods evolve over time, technology and knowledge increases. Advancements in processing ability tend to be matched by advancements in encryption methods.

Here, read your own draft.

Acting to reduce the efficacy of existing or future encryption methods or other forms of secure communication,

'Existing or future', is the important bit here. Consider the case of 56-Bit encryption; formerly considered modern and secure, now considered utter crap that can be broken in just over 2 days, as of '98, simply because computers have gotten fast enough to render it a virtually trivial problem. This clause could very well prohibit any and all advancements in processing because some obsolete method would be rendered yet-weaker as a result. This even applies for future ones; a 256-bit encryption would be even more impossible for a Commodore 64 to break than a modern computer, but were we somehow gifted with the foresight see what the future would hold, under this draft, we'd still be using Commodores, because Windows XP is slightly more able to break it. That is a problem.

by **Greater Cesnica** » Wed Jan 20, 2021 12:19 pm

Tinfect wrote:OOC:
God forbid we try to keep things IC and vaguely civil for once, huh?

Greater Cesnica wrote:OOC: From a technical standpoint, the problem you are describing simply does not exist. Secure communication methods, whether they be through E2EE, relays like Tor, identity networks, obfuscated-node P2P networks; all of them have one thing in common- users having access to them does not impede on the security of others users.

You do not define the term 'secure communication methods'. That's the point, if you intend for 'secure communication method', to be interpreted solely as data-security methods, such as encryption, define it.
As it written, as the Civil Oversight representative up there read it in-character, it would appear to cover secure, Military/Intelligence/Government networks and systems that are accessible only via particular methods or otherwise isolated for security reasons, as virtually any government, real or fictional has; the best way to protect a computer, is to not hook it up to anything it doesn't strictly need to be hooked up to.

'Any other form of secure communication', could very well include anything from the office network of the local DMV to a military channel that would be best not clogged up with 40 terabytes of pirated porn. There are a variety of very legitimate methods to restrict user access to such things; this isn't even the Imperium making an unreasonable demand. Fuck's sake, I'm trying to help.

Greater Cesnica wrote:If your fascist space dictatorship feels the need to descend to the absolute depths of tyranny, so be it. [...] Also, I would have presumed by now that you would have caught on to the central spirit of this resolution- to oppose incursions on civil liberties and to curb government power. Something that your ~~government~~ nation would, of course, naturally oppose.

It would be greatly appreciated if you would refrain from insinuating that the positions of the fictional space dictatorship I run in a video game, remotely represent my actual positions. You've decided to take this OOC, stick to it.
The Imperium has been here a long time, and has a record in the GA that I highly suspect you would be surprised by if you think so little of my RP already.

Greater Cesnica wrote:OOC: Your point is moot. Encryption methods evolve over time, technology and knowledge increases. Advancements in processing ability tend to be matched by advancements in encryption methods.

Here, read your own draft.

Acting to reduce the efficacy of existing or future encryption methods or other forms of secure communication,

'Existing or future', is the important bit here. Consider the case of 56-Bit encryption; formerly considered modern and secure, now considered utter crap that can be broken in just over 2 days, as of '98, simply because computers have gotten fast enough to render it a virtually trivial problem. This clause could very well prohibit any and all advancements in processing because some obsolete method would be rendered yet-weaker as a result. This even applies for future ones; a 256-bit encryption would be even more impossible for a Commodore 64 to break than a modern computer, but were we somehow gifted with the foresight see what the future would hold, under this draft, we'd still be using Commodores, because Windows XP is slightly more able to break it. That is a problem.

So I've defined 'secure communication method' now. As for your point about about 2(b), I've changed 'efficacy' to 'strength'. Should solve the problem.

by **Greater Cesnica** » Wed Jan 20, 2021 6:47 pm

I've also closed loopholes in 2(d) and 2(e) as pointed out here: https://forums.europeians.com/index.php ... t-10277215

by **Imperium Anglorum** » Wed Jan 20, 2021 9:07 pm

Europeia's Vinage (if I recall correctly, it's been a long time since I was last deputy minister there,) drafting centre and WA voting threads are citizens-only views.

by **Greater Cesnica** » Wed Jan 20, 2021 9:11 pm

Imperium Anglorum wrote:Europeia's Vinage (if I recall correctly, it's been a long time since I was last deputy minister there,) drafting centre and WA voting threads are citizens-only views.

Oof, oh well. Essentially Maowi found loopholes in 2(d) and 2(e) that could allow states to partially bypass the prohibitions clause, and where nations could require the implementation of existing methods to grant unauthorized parties access to secure, private communications between authorized parties, respectively. So i fixed them up.

by **Honeydewistania** » Thu Jan 21, 2021 6:17 am

What nations would be doing any of the five things prohibited by this resolution?

[PASSED] Right To Secure Digital Communication

[PASSED] Right To Secure Digital Communication

Who is online