Encryption existing is an important part of not being in a police state. It's the freedom to not have the gouvernment judge your every word, be it with an algorithm or by being able to look up your every word without a warrant in an investigation, without civil transparancy.
At the risk of putting words into other someone else's mouth, it's a shame that the level of education/awareness regarding the fundamentals of how society works is so lacking.
Without encryption, internet doesn't work. Without internet, banking and e-commerce doesn't work. Really, not a single user-identifying service can function without encryption.
Also, encryption is based on math and logic. You can't really prohibit people from using it, or having it in any sensible way. Meaning that if we live in a fantasy land where this became outlawed, you'd still have any two nodes using encryption should they wish to. I doubt terrorist have the necessary incentive to follow international laws.
In fact, a mathematically unbreakable encryption is simply generating random data (aka. a one-time pad https://en.wikipedia.org/wiki/One-time_pad), and having a copy of this data at each end of the communication. Want to transfer sensitive data across the border? Just xor your data with the random data, and take the random data with you across the border. If the microSD card didn't leave your butt-crack at any point, you can merrily download the xor-ed data through NSA's mainframe, and they can't do jack about it, even with quantum computing, or any imaginable alien technology.
To play devil's advocate, saying "but you can never ban encryption anyway" sets up a false dichotomy. You're right, there are open source projects that will survive no matter what you do. But you can certainly force or convince companies like Apple and Google to prevent those apps from being available in their stores, and you can force large companies like Facebook to give you a backdoor.
Sure, someone tech savvy can get around that, but not everyone. Just look at how many criminal cases end up finding emails explicitly talking about plans and crimes. So there are people nowadays not even using encryption when committing crimes. If you make encryption-by-default impossible, the amount of unencrypted messages will increase, and you'll have gained those.
Now whether that's good or bad is a separate discussion; I tend to think it's bad, but that's a more nuanced argument than "you can't ban it, so don't do anything about it".
Or someone who has a strong incentive to keep their communication hidden - like a terrorist or a drug enforcer. This leads to a situation where law abiding citizens are punished when their right to privacy is denied, while criminals aren't hindered. "When you outlaw X, X will only be used by outlaws"
My claim is that "criminals aren't hindered" is false. Sure, there are people that will get around it, but as I mentioned, there are plenty of criminals that don't use encryption and have been caught with incriminating emails, so that makes me think that if encryption was made more difficult, some criminals who use encryption now would stop.
You are right, there would be many petty criminals who would be caught because they'd talk about their crimes in plaintext. There would be a reduction in petty crime, while leaving major crime pretty much untouched. That sounds like a good thing... except it might not be in society's interest to eliminate petty crime, as Snowden explains here [1].
I think if you claim that major criminals' encryption usage would be unaffected by making it difficult to use, you need to support that at least as well as I've just argued for the opposite.
Considering some of the largest app markets are not run by US (or EU) based companies (e.g. China), the assumption of control is also a fallacy.
"If you make encryption-by-default impossible, the amount of unencrypted messages will increase, and you'll have gained those."
Requires you to monitor every message for every form of data, and assuming the false assumption that banning encryption increases the simplicity of finding messages, you would probably only find more things not related to what you are looking for. Only assuming you have control over all data channels, which even the US doesn't have.
On the other hand: This message is then flagged: bomb, truck, explode. While you could better be looking at other stuff like origins and communication contacts. These give a clearer view than the random words you will be picking up, even when they are encrypted.
Encryption or the use thereof doesn't threaten your life. Screwdrivers or the use thereof don't either, however if someone misuses the screwdriver and stabs you in the temple you will die.
Does this mean we should outlaw the use of screwdrivers ?
Even without having encryption in main stream applications, like WhatsApp, it's child's play to communicate secretly. There are so many open source applications that allow you to do this, it wouldn't even be a speed bump for criminals.
Targeting main stream applications only hurts main stream users. NYT should write an article about that.
You seem to be overlooking the obvious argument that if a small group of people use encryption, then you greatly reduce the number of messages that you need to flag. Furthermore, if someone on a Watch List starts using encryption then perhaps you have an imminent problem.
I'm not on the side of reading messages but you missed the real argument being made.
Typical HN. How about someone answering the argument that will really be made by governments instead of the pointless one the NSA, etc have already answered. You can downvote me but you don't get a downvote in governments around the world when they outlaw real encryption.
If only the government(s) could be trusted to not pass along confidential business information from foreign companies (or even perhaps local) to help the companies in their own country.
I have not seen them use that argument. If they used that it would be better than what they normally do; which is imply they don't understand what's going on. But even this argument is subject to the same problems; it implies they don't really know why we'd want/need encryption because it assumes that a government could create a back door only they could use.
I work for a Bank and we use encrypted external email all the time. We have to for regulatory reasons. I'm sure it's the same for defence contractors, and it's a prudent precaution for governments and many other businesses and in many parts of the world.
The ideal scenario for the NSA-types is "unbreakable" crypto with a built-in NSA-only escrow/backdoor and possibly a secondary backdoor for five eyes allies (with domestic traffic free of 5-eyes backdoor.)
Suspension of disbelief on security of escrow mechanism is a necessary pre-condition.
There should be a name for this fallacy. This is easy to say for any issue in isolation, but what is a voter to do when they only have two or three choices? When there are dozens of issues at any given time the chances of having a candidate that aligns with you on all of them is nil.
You can vote for either a) the representative on the one side who supports such laws or b) the representative on the other side who supports such laws or c) throw your vote away and let the majority of people who don't understand/care about this issue decide between (a) and (b).
Voting is not a solution to a problem like this and is generally very ineffective in the US.
Not in a gerrymandered district. It won't do you any good, even if you presuppose the existence of a pro-encryption candidate, which is a bad supposition.
> Typical HN. How about someone answering the argument that will really be made by governments instead of the pointless one the NSA, etc have already answered. You can downvote me but you don't get a downvote in governments around the world when they outlaw real encryption.
I was ready to up-vote your argument because I agree with the first two paragraphs but the snark turned me off from supporting you. Leave it out next time and I you'll make a more convincing argument.
The up-vote wasn't about giving you karma, it's about making your comment more visible. If you didn't care about visibility than you wouldn't be posting in the first place.
Encryption is important and is crucial to the security mechanisms that underly the whole internet. I don't think anybody is seriously advocating making encryption illegal. (Which makes your argument pointless.)
What does seem being argued for is to mandate adding a 'backdoor' for the government.
The counter argument to that is that adding a 'backdoor' makes the encryption pretty much worthless.
The weighing of risks of this and the importance for privacy versus the anti-terrorism fighting benefits is the only debate (not) happening.
Of course it doesn't, and that's not what I meant. I didn't mean wholesale outlaw, as in no one would be allowed to use it. Governments can mandate consumer communication technology, for example, like they are trying to do with Apple now.
I don't think that would be the case. If a couple of western Governments "ban encryption" it would probably just mean that they weaken the crypto (e.g. backdoor). The traffic of weakened crypto still looks the same as the traffic of strong crypto - I don't think it would make strong crypto any more noticeable.
Also remember that crypto would still be legal in the rest of the world (China is not going to backdoor their crypto for the NSA's benefit) so you would still have heaps of encrypted traffic moving across the internet. I doubt that such a measure would do anything but make mass surveillance of western populations easier.
A link to the NYT article now redirects readers to a separate, general article on the attacks, which does not contain the word “encrypt.” The original piece can be found on the Internet Archive.
"The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption."
Sure, if you think unproven hearsay in NYT that we all ought to take for granted is "reasonable". If the authorities believe it was the encryption to blame, then they should come out and say it outright - with details, of course. They shouldn't hide under the "anonymous officials" tag which "believe" it was encryption the culprit that stopped them from learning about the attacks, and nothing else. It could've been just some random cop's opinion, who heard it from someone else, who was also wrong about it.
Seriously, yes. "News" outlets for decades have printed "anonymous officials" and "inside government sources" with devastating opinions.. even worse is "So and so was CALLED XYZ by ... " this is like assigning a variable in programming, X=Y.. talk about programming the mass consciousness!
What's wrong with newspaper reporting hearsay, while describing it as hearsay?
NYT didn't seem to pass it as anything else than it is. What's your logic here? Should all anonymous sources be banned? Or only the sources with opinions that you don't like?
Probably sources that have a political bone to pick with no evidence should be banned.
Should the NYT report that a UFO passed over because some official told them so? No.
When you receive an anonymous tip, its your job as a journalist to try and confirm it, not report it directly.
Additionally, when a paper reports something with no evidence and screws up, they usually publish a retraction, not change the article and direct you to a new copy.
Because, with anonymous sources you can sway public opinion, saying pretty much anything you want without the possibility of being held accountable for it.
the NYT was instrumental in printing outright lies leading up to the Iraq war for instance, we absolutely should not trust unidentified sources from them when there is a clear political motive at play.
What's this "encryption technology"? It just sounds like another case of "a hacker named 4chan", meaning the media throwing around buzzwords like they know what they mean. Encryption is built into technologies, not something that stands on its own like a weapon. It's like saying, "the hacker used http to gain access to the server".
The best encryption is simply to communicate the old fashioned way. Just because they had some playstations and access to "whatsapp" does not mean the terrorist trusted electronic devices.
What is the deal with insidesources.com? Something feels a "little off" after browsing the rest of the site. It feels like a undercover PR machine for someone or some group. It also seems like they hate copy editors.
If you come to America, you should have to learn the AMERICAN Standard Code for Information Interchange. Speak the language. None of this Unicode i18n nonsense!
This! The generation of large primes needs to be banned. The government needs to work with chips manufacturers to insure that no computing device can generate large primes. This is the root of the issue. If large primes go away, so does encryption! We need to make sure our government understands this.
You could plan terrorist activity using postcards. Should we ban the Post Office? You could use phone calls from pay phones (where they still exist) and people used to do that all the time to plan crimes. You could go on vacation together and plan something. You could use voice or text chat in an online game to plan stuff. The people in charge of these organizations are not the suicide bombers; the head folks know full well what to use to avoid getting caught.
Your post seems to miss the fact that the mail, phone calls and popular chat services are already logged, and asking for encryption back-doors is just wanting that process to continue.
I have a friend who used to get erotic messages from her mathematician boyfriend steganographically encrypted on postcards. I had to show her how to decrypt them. It was pretty standard cryptanalysis once I guessed that the messages existed. Some of them were filthy.
Yep, that would make far more sense... For some reason I assumed it was an image encoded on the postcard. Rereading the original post, that's not what it says, is it...
What I found interesting is the method of communication was outlined in "Homeland" by Cory Doctorow (Or perhaps it was in "Little Brother"). I suppose we need to outlaw books now also.
I think this may be the most important thing in the article. If the conspirators really were communicating via in-game ephemera, the communication probably wasn't encrypted at all. If so, the hurdle that the security forces faced is not that they couldn't access the communication, but that they couldn't interpret it.
And that just shows how little a mandatory backdoor policy would help: being able to read something doesn't mean you can understand it. It's always possible for someone to come up with a communication scheme that you didn't anticipate or can't interpret, and you can't legislate away that capability.
So a backdoor policy doesn't trade privacy for safety -- instead it trades privacy for a chance at safety, and pretty much just safety from careless, unprepared attackers.
It reminded me of the "The Wire"'s Season 5 (I think), where Marlo Stanfield's guys were communicating with each other by sending photos of street maps, which would indicate meetup locations. It now seems easy to catch, but at that time (2008) it was still kind of a new thing to send data (like photos) instead of plain texts.
This issue brings up a larger point that many in the tech world have ignored for awhile. Now that end to end encryption is easily accessible by everyone, how do the authorities figure out beforehand when a terrorist attack will take place? The answer is not banning encryption technologies or giving authorities a 'key' as the FBI director has proposed. But now authorities have a very difficult problem on their hands. Encryption can't be contained, and the authorities need to figure out how to still catch the bad guys.
It's not like they were particularly good at stopping terrorism before encryption became widespread. The problem is that they think they can stop all terrorist attacks, which is impossible.
The right answer is intelligence gathering in the field, the old fashioned way. It's the only method that's compatible with freedom of expression and the 4th amendment.
That's interesting, I don't remember the jobs of law enforcement and intelligence ever having supposed to been easy. In fact, we nominally have plenty of safeguards meant to make their job difficult. That's the point. If they don't feel like devoting effort to get past barriers, then the case is not worthwhile to pursue.
Catching the bad guys is easier than ever, encryption or not.
It takes what it has always taken: good police work.
Encryption is like envelopes for the mail. They can be broken into with enough force, but their purpose it to shield the contents of the message from those handling it in transit. A post card offers no such protection.
So suppose the banned encryption (envelopes). Im sure the government would still reauire envelopes. As would anybody dealing with health records. Or banking, financial stuff has a legitimate need for secrecy. So they ned envelopes.
Pretty soon what you have is a class of people allowed to USE envelopes and a class of people not allowed it use them.
Like envelopes, encryption is an idea, not an inplementation. They may block you from using this tool or that tool, just like a government could make selling pre-made envelopes illegal - but the IDEA of encryption is simple just like the idea of an envelope. Anybody with paper, scissors, and glue can fashion their own envelope. Encyption is the same, one person can dream up an build their own encoder and you can never ban or prevent that idea from being used.
We really need to emphasize the envelope metaphor a lot more. It's much easier for non-technical propel to understand than any discussion of key/signing/etc.
The "smart" bad guys (most aren't, but some are) have been communicating covertly all the time. Avoiding electronic communictation entirely, using dead drops, trusted couriers, etc. You catch them by infiltrating their organizations, turning members into double-agents by bribery or blackmail, etc. the way it's always been done.
Increasingly we're seeing 'encryption' discussed in mainstream media as a tool that can only be used for nefarious ends. Kind of like how they talked about "cookies" in the late 90s and early 00s.
It's unfortunate that there's no way [without a lot of money] to launch a campaign that highlights the fact that most sensitive online transactions rely on encryption - banking, purchasing, etc - to protect you from The Bad People who want to steal your critical financial information.
That would also highlight that it's not just about keeping secrets from the government - in fact, that's the smallest fraction of it.
I wonder how true that is. For Christianity at least, most dominant theology takes the view that the things that exist in the world can be used for good or for ill and aren't inherently one or the other in and of themselves.
Surely you can see that they think the exact opposite. In order to do something like that, they have to convince themselves that they the good guys, and it has to be done to "purify the evil in the world" or something. The truth is that people are not inherently bad. Evil feeds on itself; if you insist on calling them bad, then you are falling into the same trap that they did. Hopefully you wouldn't act in such a heinous manner, but Western societies kill thousands of innocents all the time, and it is masked with the same rationalizations; if a drone strike kills someone, we define them as a bad guy.
> The truth is that people are not inherently bad.
I don't know about that. I'd argue that most people don't think of themselves as bad, but it doesn't make them not-bad. And humanity definitely has base instincts - if we didn't, we wouldn't need governments and police.
I disagree. I've never found a coherent absolute ethical framework. Not even "Don't kill people."
When anyone is arguing that something is bad, that person has to appeal an authority or belief. Often the reasoning leads to utilitarianism: "If we want society to continue, we should ban murder." But that's still an if/then statement. Beneath the if/then is an appeal that society is good or desired.
> And humanity definitely has base instincts - if we didn't, we wouldn't need governments and police.
This viewpoint becomes popular with Hobbes in the 1600s. I disagree with the term "base instincts," which negatively connotes those things. I'll change it to "randomness"; i.e. in a society of nondeterministic people, some will try to kill the others. Government and police try to reduce that kind of randomness. But from that same randomness we get music, science, justice. I'm speaking loosely of course.
I think of my American government as social contract, not as protective parent.
> I'll change it to "randomness"; i.e. in a society of nondeterministic people, some will try to kill the others.
I think "randomness" is even worse, because it makes it sound like these actions could be expected from anyone at anytime. Statistically, a small portion of the population is responsible for most of the violence, through repeat offenses. Also, in many situations there are clear warning signs (e.g. mentally ill with clear homicidal ideation, member of a gang). Are you really arguing that a dice roll is a good fundamental model for human behavior?
Nondeterminism (assuming humans are truly nondeterministic) doesn't really matter here, except for the fact that we don't have a way of precisely predicting people's behavior (and may never have one). If it turns out that humans are just complicated, deterministic machines that we can not feasibly predict, the reasons for which we have developed societal structures do not disappear.
> But from that same randomness we get music, science, justice.
I think it's pretty easy to distinguish between the first two and violence. I agree that the third is a bit trickier. If what you mean is that the exercise of both these and the dispositions-formerly-known-as-base-instincts are a result of allowing for a significant measure of personal freedom, I'll agree with you. But writing human behavior off as having no more structure than a random number generator ignores a lot of predictive and explanative power that we do actually have.
GP's point was that human's thoughts and intents are a lot different from randomness. It isn't likely that most people intend on running into pedestrians whenever they get in their car.
When someone drives a car into a farmers market there not exactly choosing there victims. In extreme cases you have things like people flying airplanes into someone's home.
Sure, they did not intend to crash, but choosing to risk others lives is considered a reasonable thing to do. Assuming your not overly blatant about it.
> it makes it sound like these actions could be expected from anyone at anytime
They can. A neurotypical person's brain could spontaneously generate a violent psychotic episode due to a stroke or adrenergic tumor or somesuch. Just like any area of the sky could spontaneously throw a lightning strike at you at any time. It's low probability, certainly, but murder is a low-probability event to begin with.
The important point is that a model with "non-deterministic" people in it has more predictive power, epidemiologically, than a model where it's impossible to become a murderer without "warning signs." It's not at all "writing human behavior off"; the fact that the model includes randomness can actually help you prevent murders more effectively, by leading you toward strategies to cope with unpredictable murders—e.g. building education toward methods of "de-escalation" for psychotic episodes, crimes of passion, etc. into your society—rather than simply trying to reinforce policing and social work.
> They can. A neurotypical person's brain could spontaneously generate a violent psychotic episode due to a stroke or adrenergic tumor or somesuch. Just like any area of the sky could spontaneously throw a lightning strike at you at any time. It's low probability, certainly, but murder is a low-probability event to begin with.
I think if we eliminated all murders except these, we would be in excellent shape. My point is these are not the ones worth focusing on, because we don't have good tools to deal with "random, history free, psychotic break."
> The important point is that a model with "non-deterministic" people in it has more predictive power, epidemiologically, than a model where it's impossible to become a murderer without "warning signs."
Well, if your probabilistic model has no "warning signs", then how does it provide any information at all? If you don't have a method of using information to differentiate the probabilities when given a person/group of people/location etc. then you have no predictive power at all, except for the average murder per capita.
> building education toward methods of "de-escalation" for psychotic episodes, crimes of passion, etc.
De-escalation of psychotic episodes is an impossibly hard thing to teach without protracted work with a mental health professional. In addition, I seriously doubt that there would be any effectiveness when taught to people who have not experienced psychosis. Teaching this to everybody would be inhibited not only by cost, but by the fact that there is not likely enough people in a society that would be good enough therapists to do this on a large scale.
Well if you want to get really pedantic, nothing is inherently anything because all meaning is constructed in our minds. Evil is a word humans use to categorize things, not a description of objective reality.
I would agree that most people don't think of themselves as bad, but since there's no objective 'bad', wether or not they're 'actually bad' is up to the observer. When a person is labeled as 'evil' it's not a description of them as a person but a description of what the describer thinks of them. Hitler wasn't evil because he killed millions of people, he was evil because the general consensus is that doing the stuff he did makes you an evil person.
If one loses sight of this and starts think of evil as objective reality, they're taking their biases and opinions as objective reality, and down that path lies ruin.
I would argue that, while "evil" cannot be defined in precise terms, you can definitely say that evil acts are unnatural acts that only humans are capable of. Why? Well for one because a natural foodchain is balanced and biased towards long term survival of all the species it involves and towards further creation of life. It's a little ironic that human beings are the only ones in the entire animal kingdom that can choose how to live, we are the only ones able to choose what are, our intellect transcending our DNA coding, yet we are also the only ones destroying our habitat and each other. Isn't that funny?
But back to Hitler, if you're trying to make the case that his evilness is subjective, I mean no offense but that's a really dumb argument. Hitler was in no small part evil because his actions were, on one hand irrational, fueling and amplifying his people's potential for hatred and destruction and on the other hand detrimental to the survival of our species and of Earth itself. And again, genocide is not natural. You see, in nature animals kill to eat, but that's to satisfy a basic necessity and not out of some wicked sense of justice and animals can definitely not kill on an industrial scale like we do. Whatever definition for "evil" you find, genocide on an industrial scale is pure evil by definition.
And if that doesn't sound objective enough, consider that culture is a part of who we are. We aren't DNA-coded to eat certain foods, or to live in a certain place, or in a certain way. Compared with rats, we can rely on the wisdom of our elders in order to survive. And we've survived this way for a long time. As an example, our rich culture, which includes preconceptions and taboos, is what prevents us to eat each other, or to have sex with our siblings, or to bring human sacrifices to our gods. Actually some preconceptions are more subtle and newer than others - for example the notion that children are fragile beings that need to be loved and protected, instead of someone's property, is pretty new, being popularized by Christianity.
So you know, if popular conception is that doing this or that is evil or toxic or taboo, there's a high probability that such judgments are correct, helping us to survive and thrive. Even with all the false positives (which tends to be the lack of tolerance towards people that are different from us), dismissing our heritage would not be wise. Plus usually the guidelines are simple, like being a murdering maniac counts as evil, though somebody should tell those jihadists.
You make a lot of excellent points but I think you might have misinterpreted my comment, because it doesn't seem like we disagree. You mention that evil cannot be defined in precise terms, and that's exactly what I'm talking about. It's not a property of things in reality that can be measured, it's a judgement about things made by people. The judgment may be very rational, but it can't be based wholly on objective reality. For that to be the case, it'd have to be based on a physical law or property rather than a moral principle, and I just don't see how that's possible. Your argument for why Hitler was evil is really solid, not because it's based in objective reality but because it's based the principle that the continued existence of the human race is a good thing. I'd say that's a solid enough principle that it may as well be objective reality. But technically speaking, it's still a subjective judgement that we're making about how things should be, rather than an objective observation of how they are.
This is a really pedantic, subtle and (I think) important distinction. If one sees good and evil as objective truth, they're reliant on the source of that truth for their moral judgement. This explains the jihadists you mention. It's not that they enjoy being murdering maniacs (although I'm sure some do), it's that their source of moral truth tells them that the infidels are evil and must be destroyed (or whatever), so they see what they're doing as a good thing.
Actually, that's an entirely subjective statement. While I think they're monsters, many people feel that western culture is immoral and downright evil. To people who have seen nothing but the West waging war in their region, these people may appear to be freedom fighters dying for a noble cause. Good and Evil are entirely a matter of perspective.
I'm not sure what you're trying to say or what you think the OP and GP are, but saying "the Paris attackers were bad" doesn't really add much so you might need to clarify.
The problem is that by calling them 'bad people' you imply that they committed the crime because they were 'bad people'. And that's the core of the problem. They were not 'bad people' before they committed the crime. They were just people in need of help. By focusing on how they were 'bad people' you make it seem like you haven't contributed to the problem and there is no other solution then to fight them (using violence) while in fact there are many things we could have done differently and many things we still can do to prevent these crimes from happening. The fact is that it's much easier to blame it on them for being 'bad people' then to look at the consequences of our own actions.
I am not blaming the victims at all. For example: You could call many people living in the hood 'bad people' because of the crimes they commit but are they really 'bad people' or do they eventually commit these crimes because of the situation they grow up in and the disadvantages they have had in life? By stating this, am I blaming the victims of armed robberies, of theft of murder? Of course I am not. I just think we should have a nuanced rational discussion about how we can prevent crimes instead of discussing about offenders and victims, bad people and good people.
That's fair, I think I see where you are coming from now. I do think, however, that we have to be careful not to remove personal responsibility from the equation. Circumstances can certainly motivate behaviour but we are still responsible for our actions. Suggesting otherwise seems compassionate on the surface, but it can also be incredibly disempowering and corrosive.
I agree with you both, but I think we can argue that people can have mitigating circumstances, and that you can (and should) try to understand why it is they do what they do, rather than "Any gun in the hands of a bad man is a bad thing. Any gun in the hands of a decent person is no threat to anybody — except bad people." Life isn't a comic book.
There was an article lately about interviews with captured ISIS fighters on the death row. (I can't find the link unfortunately, maybe anyone's got it?) The idea was that what some of them describe is basically being forced to join the movement because there's no other way for them to provide for their families - they just suddenly lived in the middle of a war, but they don't care about the ideology itself. Biased? Of course, and doesn't apply to the European attackers. But still something to think about.
They carried out a successful military action that furthered their goals. And they killed far fewer people than many of the military operations we have engaged in. They are only bad because they didn't follow our rules of war and weren't us. (We often defend our own who don't follow our rules of war; see all those defending torture of detainees.)
They are bad, we are bad. The only not bad involved in all of this is the little children who we both have hurt, and even then those children will grow up and become what the other side considers bad.
Unfortunately, it's without a hint of irony, as the same media companies deploy SSL/TLS on their websites for - at least - login and signup, taking payments, and more. I'm not sure if it's simply that no one has explained that SSL/TLS is encryption, and the nefarious things that could be done (stealing identity, credit cards) if certain communications aren't encrypted.
In the end, it's more education, isn't it? Most things are. But in some cases, like this, it's a race between general education and political (and spy agency) advantage-taking.
That's Snowden's greatest legacy - a few more people became educated, and the public frustration and pouting spy agencies are doing regarding encrypted communications are a bit more transparent than once they were.
I'm pretty sure they are trying to push for encryption with government backdoor access. SSL certificates are issued by centralized authorities that can easily provide access to governments (if they don't do so already). Not that I agree with what they're trying to do.
Having a CA's private keys only allows you to generate new signed certificates for a site, not decrypt traffic encrypted using an existing signed key pair. At best, it gives you the ability to spoof a website with a man-in-the-middle attack (e.g. you run a rogue wifi hotspot with a fake amazon.com that uses a private key you generated), although certificate-pinning would warn the user that Amazon's certificate had changed unexpectedly.
Funny how politicians twist reason to suit their own ends. Bad guys use guns, but apparently were not allowed to ban them because they'll somehow find a way to get them no matter what. So the solution is to legalise them.
However when it comes to encryption, bad guys use it so it needs to be banned!
Who are "they"? Many politicians are on the same side of each debate, wanting to restrict the rights of free people in the name of safety and security. I'm curious, do you see a distinction between the two issues? Sounds like you're on opposite sides for each of them.
I think the argument is that if bad guys didn't have guns, then there would be no reason for good guys to have guns except to fend off wildlife.
However, even if the bad guys didn't have encryption, we would still want good guys to have encryption to prevent the bad guys from intercepting private and sensitive communications.
>then there would be no reason for good guys to have guns except to fend off wildlife.
Ignoring the issues such as fending off bad guys (so what if they only have a knife, I'd rather bring a gun to a knife fight), hunting wild life, shooting for fun, owning collections, any many other reasons. Outright dismissing all of those is like just dismissing the need to protect private electronic communications.
But that arguing would clearly be flawed. I could thing of a lot of weapons that I would not want to see in the hands of everybody I meet on the street.
I think it is partially correct to say that about certain information based "tools" (like encryption or information in newspapers) but sometimes that is not true as well, for example with certain malware
Historically, though, the real threat is usually a state actor -- often one's own government -- that has been granted (or has seized) a monopoly on such tools. In particular, the modern notion that the state is the only rightful wielder of force has an unlimited downside.
Terrorism is pretty far down the list of things that frighten me.
The problem with having everybody possess potentially deathly tools is not terrorism, but crime in general. I, for myself, can think of a lot more crimes committed by normal people than the government.
The historical argument is of course not completely unreasonable, but there are also an awful lot of discrepancies when looking at states government today and 300 years ago. At least in Europe, where I live, the government can be trusted in a lot of issues --- especially it is highly likely that they _try_ to do what is best and are no "evil emperors".
At least in Europe, where I live, the government can be trusted in a lot of issues --- especially it is highly likely that they _try_ to do what is best and are no "evil emperors".
The Europeans are fond of reminding Americans that we think 200 years is a long time. So, how long ago was the Stasi disbanded, again?
You can not compare our situation to that of the DDR. If there is more surveillance going on than we currently know, it is certainly not as much as in that time -- a big chunk of the population were reporting to the "Ministerium für Staatssicherheit" directly, which was a well known fact.
I believe this is known as the "Special Pleading Fallacy."
Of course, you could play the "Slippery Slope Fallacy" card against my argument... but we're not dealing with logical entities, are we? We're dealing with often-irrational human beings and governments composed of them.
Funny how these guys twist reason to suit their own ends. Bad guys use guns, but apparently were not allowed to ban them because they'll somehow find a way to get them. So the best way is to legalise them.
However when it comes to encryption, bad guys use it so it needs to be banned!
The EU is still losing its mind over cookies. Every Euro site now has a big disclaimer about cookies. The hysteria, at least for Europeans, never ended. Which is amusing considering how much local storage HTML5 can do and how easily it is to track people via their unique browser fingerprints, even with cookies and no plugins enabled.
The reality is, of course, encryption was used in these attacks. These terrorists aren't stupid. That doesn't mean it needs to be banned the say way a randoms stabbing don't mean knives need to be banned. I think the people saying "No way, never no encryption has every been used for nefarious purposes" are just as bad as the other side. Having a sophisticated view of this stuff makes a lot more sense.
Encryption will be like the gun debate. It will flare up from time to time. Its an easy horse to beat because its too technical for the layperson to really have a good understanding of and clearly there are political elements that would love Clinton-era laws limiting key size and such. The reality is that this ship has long sailed away. The genie is long out of the bottle to control encryption like its 1993.
Yes. And (as someone pro-gun) the unconnected statistical arguments ("More people die from X every year..." and the hyperbolic arguments along the lines of, "You could kill someone with a knife, let's ban them!" are offensive to me.
Unfortunately, I'm already seeing similar hyperbolic arguments about cryptography - "let's outlaw math", etc.
As you implied, I'd like to see a rational discussion. Yes, cryptography can and will be used for nefarious purpose -- but it's used in much greater capacity for legitimate purposes. That's what needs to be emphasized - it's the only logical, supportable argument to make.
I know, it's hilarious and annoying to be honest. It shows how behind the EU really is.
Pretty much all the British digital policies are silly. I think the simple thing they seem to not understand is that the Internet is smarter and moves fast than policy.
To be fair, I bet a lot of agencies would be ok with just having the keys at all times so that they can do surveillance. You could still have encryption for logins, financial transactions, etc.
I don't think that's a good idea either, but there are people who would probably see that as a reasonable middle ground.
"Home and mobile working, including use of personal devices for work: ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users."
Quote from UK government advice to small business people, see
I suspect that GCHQ people want people using encryption but encryption that they have a feasible way of breaking if needed. Yes, I know, no way of stopping back-doors being used by other agencies/bad actors.
I read that unsubstantiated assertion in the print edition (I know, dinosaur. I like a morning paper) and called it out to my family. I'm saddened and amused at how the press is led around by the nose.
or ask Google, Apple, and Microsoft to automatically un-install the nefarious applications from all computers and phones... not sure what they would do about Linux ...
I've started seeing this like locking down all coffee houses just because it is a convenient place to meet and discuss things and some people happen to plan terrible acts in these places.
Countries fail to police immigration, promising us that it will go well and we'll all benefit. Then they demand our civil liberties so they can police the immigrants they invited. And our taxes have to rise to pay welfare to them. But don't worry; a few million more and we'll all be better off.
Howgh, my fellow native american or indigenous friend. I too grow weary of these pale face immigrants taking our land, genociding us, and telling us we'll all be better off.
Jim Bamford of Foreign Policy said encryption was part of the way this was done.
On the Diane Rehm Show, when asked what we know, he said "not much, but that encryption or anonymizers, like Tor, might have been used to hide their communications".
So they're already working to plant that narrative in listeners' heads.
"One key premise here seems to be that prior to the Snowden reporting, The Terrorists helpfully and stupidly used telephones and unencrypted emails to plot, so Western governments were able to track their plotting and disrupt at least large-scale attacks. That would come as a massive surprise to the victims of the attacks of 2002 in Bali, 2004 in Madrid, 2005 in London, 2008 in Mumbai, and April 2013 at the Boston Marathon."
It's even more absurd than that. The premise is that we can have a public worldwide debate that emphasizes how important encryption is to successfully carrying out terrorist attacks, convince the world to give up their privacy for the sake of safety, and after the majority of the protestors have been defeated by public awareness that encryption and terrorism go hand-in-hand, the terrorists will go back to using phone calls and unencrypted email.
If (almost) everyone who is not a terrorist were to give up encryption, then it would be much easier to track down/narrow down the terrorists if they keep using it, no?
Yes, measured data and unmarked compressed data have this same property, as do actual random data. But is does not look like 9 nines of false positive rate are a concern to those people.
You can set the entropy to any amount you want. You need to consider encryption methods that put in at least a bit of effort to hide themselves. It could select random phrases and pretend to be a spambot.
Well, where's the boundary between cryptography that hides itself and stenography? Is there one?
If you include stenography, yes, it's certainly not easily recognizable. I don't think good stenography can be recognized at all, but that's not my area and I've got people contradict me at this (without further info), thus I'm not sure.
There's not much of a boundary, but that wasn't exactly the point I meant to make. You can do something like encode as ASCII 0s and 1s and have low entropy without that hiding anything.
No because they're not using it in the first place. It's a totally unrelated issue, dear to some for reasons entirely their own. The fear of terrorism is just a convenient little button to press to get their cookie.
There is no truth being asserted in the premise causing the conclusion to be true. It's fairly clear that it was a statement from an original source, that source being trustworthy is where we would find (or not find) the information which would show the conclusion to be true, not the premise of the 'fantasy.'
Give it up. In 30+ years of learning English, the only times I've ever seen it used in that sense has been when someone is being a pedant on forums and illustrating the now rapidly outmoded meaning of the phrase.
Kind of like the TSA approved locks for your baggage. Those are very secure and can be opened only by the government officials, last I heard. The only downside is that those TSA master keys might become available to the third party somehow, but I don't see that happening anytime soon, since we can always trust the government to keep such information secure.
If there was some way to learn the identity of said terrorist simply by observing the origin and destination of an encrypted message, then perhaps. It would possible for them to coordinate and avoid this outcome. And there are still plenty of secure crypto systems out there so we wouldn't be able to decrypt their messages (unless quantum computers turn into an actual thing).
Not really, because the proposals aren't to go to no encryption but to go to government-backdoored encryption. To an observer you've still just a random stream of bits until someone tries to decrypt it with the backdoor key. Pretty easy to hide in unless we're monitoring every message.
And terrorists would be smart - they'd employ non-backdoored encryption, hide that in "legit" communications, and encrypt that with the proper back-doored government encryption. They'd appear to be a totally normal snapchat user, or whatever.
If we actually meant to give up all encryption, card-kiddies would destroy civilization in three weeks.
Surely you mean "the next Impact Team" (those behind the Ashley-Madison breaches) because Snowden actually went through painstaking lengths to not reveal stuff that would put the public at danger like that.
> It's even more absurd than that... after the majority of the protestors have been defeated by public awareness that encryption and terrorism go hand-in-hand, the terrorists will go back to using phone calls and unencrypted email.
I think you're straw-manning their position here.
The opponents of encryption aren't claiming terrorists will start using unencrypted communication, they're advocating for legally-mandated "back doors" to be built into supposedly-secure communication systems.
You're right, but I didn't mean only phone calls and unencrypted email. I considered adding "or their equivalent back-doored technologies," but I hoped it would be clear. Using a compromised technology is the equivalent of unencrypted email and phone calls to whoever has the key. All it does is draw attention to how important it is to communicate in secret. This will be the Streisand effect of crypto.
My thought is that if we implement a back door policy, the public will have communication links which are much easier to compromise by any party, while terrorists can still easily use encryption and/or steganography to secure their communications.
All the back doors accomplish in the end is harming the general public.
and it's pretty easy to see that this avenue of thought --- that we will put our efforts toward finding a way to ban encryption --- is totally ridiculous.
It's not just that federally-mandated backdoors increase the chance of compromise (although they certainly do). If the U.S. government can mandate that technology companies provide access through encryption, then so can other countries. Sovereignty is still a powerful concept under international law.
So imagine if Apple, upon condition of selling iPhones within China, must provide the Chinese government with a backdoor through Apple's encryption. Do you know how many federal employees use Apple technology? Including the President himself, who totes an iPad everywhere?
I don't think that federal intelligence and law enforcement officials calling for backdoors have fully thought through the consequences.
> I don't think that federal intelligence and law enforcement officials calling for backdoors have fully thought through the consequences
I think assuming that level of incompetence is a big claim.
It's simply much more likely that the actual plans/goals and the talking points and press releases about the plans/goals are mostly unrelated, as usual. You can infer that those calling for backdoors have decided that calling for backdoors is the best thing to say, inferring anything more requires more information.
I think largely politicians are very intelligent and competent. What they're not though, is open about their own thoughts. That's not their job. Their job is to reflect what their supporters (financially and votingly) want. If their supporters have wild nonsense ideas, they have to promote those ideas to keep their job. That's why they were elected. We don't choose politicians because they're smart and have good ideas. We choose them because they tell us our own foolish ideas back to us.
They key point here though is that their "supporters" are NOT the American public. They are private corporations and banks with their own agendas, usually contrary to the public's well being.
It's not fair to say incompetent; I didn't say that.
Instead, look at it this way: everyone has their area of responsibility. The head of the CIA is charged with providing the best possible situational awareness for the U.S. government. He's going to make proposals and requests that will help him do that.
He's not charged with balancing all possible consequences from his requests, and he's not going to do so.
> He's not charged with balancing all possible consequences from his requests, and he's not going to do so.
But ... that seems like quite a level of incompetence for someone trusted with the position of Head of the CIA?
By which I mean, not charging him with that responsibility is a mistake (in gov structure), but him actually not doing so is his own incompetence, is it not?
> You can infer that those calling for backdoors have decided that calling for backdoors is the best thing to say, inferring anything more requires more information.
How is calling for a really bad idea because it's the best thing to say different from the level of incompetence you say is too big to assume?
It sounds like the implication is that the politicians are smart enough to know that the backdoors are ultimately not going to happen but that calling for them is a way to appease voters who haven't followed this through to its logical conclusion.
edit: "not going to happen" could be read as "not going to be effective." I wouldn't actually be surprised if the US ended up passing some law restricting crypto to an approved list of backdoored schemes (surprised: no, dismayed: yes), forcing people into hiding their crypto in deniable ways. What some people don't seem to grasp is that no matter how much you outlaw certain math operations, whether or not the end users comply with those laws is ultimately up to them, and the terrorists simply won't comply.
I think assuming that level of _competence_, at least in fields other than diplomacy and public speaking, is a big claim. It's not reasonable to assume that every single ancient senator that's pushing for this is fully aware of the consequences, but it is reasonable to think they simply haven't thought any further than "I need to make it look like I'm doing something, or I'll look bad".
To a man with a hammer, everything looks like a nail. To a man who only has words, everything looks like a soapbox.
It would help conventional law enforcement. Most violent criminals probably don't put enough forethought into their spontaneous attacks to properly avoid notice by the NSA. Unfortunately the NSA doesn't seem to use their resources to secure the nation, and just ignores all the large scale violent crime that goes on daily.
It's largely outside of the NSA mandate to monitor the communications of US citizen criminals. It is not the fault of the NSA that Congress has not passed a law telling them to spy on domestic criminals.
I get that some of the controversy lately is about how well they stick to their mandate, but that doesn't change what the mandate is.
> Unfortunately the NSA doesn't seem to use their resources to secure the nation, and just ignores all the large scale violent crime that goes on daily.
The NSA is part of the Department of Defense charged with foreign signals intelligence for national security purposes, its not a law enforcement agency. (And many of the tools it uses would be flagrantly unconstitutional if used for domestic law enforcement.)
Generally, blurring of the military and law enforcement roles is not a healthy thing; it may be good for order, but rarely for liberty.
One of the reports on the Osama Bin Laden raid stated that he had a porn stash, I wondered at the time if this was for use as a starting point for steganographic communications.
Many regulations do. The real trick is giving even the terrorists reasons to behave.
It sounds impossible, of course, but that's just because we're not sure where these guys put their goals; some may be fighting for lack of another purpose in their life, while others may be motivated by personal loss or a thorough belief in the violent interpretation of Islam.
So what we really need to do is find a common thread among all the terrorists, and pull on it.
The State is far more efficient and effective at instilling terror than any loose organization of dissidents could ever hope to be.
Read pretty much anything Amnesty International publishes, or even the right history books and you'll have all the evidence you ever need as to why privacy is important even when you think it isn't.
Once bad things start happening it's too late to change your mind. They already have what they need.
They were not using encrypted channels for their operational control. The security forces had no trouble listening in on the calls and text messages being sent between the attackers and their command and control infrastructure.
The issue the security forces _did_ have was in identifying where the calls were originating. The actual content was not encrypted though.
I don't fully understand this line of thinking. To me, it's like saying "The belief that seat belts save lives might come as a surprise to these people who died in automobile accidents while wearing seat belts."
It may indeed be that this kind of signals intelligence isn't actually helpful, but I don't think this is a very good argument either way. If there was a massive disruption of planned terrorist attacks, it is not useless just because there wasn't a complete elimination of terrorist attacks.
Exactly. Same reason you have locks on your doors even though they are easy to defeat. Tech types want to believe that the government is always overreaching and everything is a slippery slope to some other loss of freedom. Mixed in with a bit of overcooked paranoia thinking the government has enough time and energy to track down everyone and whatever laws they are breaking by reading their emails.
If they actually did have enough time to enforce all broken laws by reading our emails then their unreasonable effectiveness may warrant the intrusion. If these capabilities only are able to thwart a small percent of lawless plots then perhaps the cost to our personal privacy and security is too high to justify.
Bad analogy. The sites I help run are often receiving 10k attacks per minute with fuzzers and known exploits. The internet provides anonymity unlike some guy standing at your front door. I have yet to have an army of bad guys trying to pick my lock 10k time per minute on my house. Backdoors into things are economy is based on SSL etc. are just plain irresponsible.
This is always the part of the anti-Snowden case that baffled me. Those who seem to think that he alerted terrorists to the most secure means of communication seem to assume that, prior to the Snowden leaks, they were communicating by yelling really loudly across the NSA buildings. It's like they simply forgot about the biggest reason it took so long to find Osama bin Laden: he was so security-concerned that he used couriers and relays (which, counter to the broad narrative about the terrorist shift to security, actually cannot be decrypted)
I understand what you're saying, and I agree. But I think it might be a little disingenuous to use Osama Bin Laden's crypto practices as an example. I believe this is the more interesting story of what really happened with Bin Laden?
>Pakistan secretly captures Bin Laden by bribing tribesmen. The US finds out by bribing Pakistani officials. Further bribes with foreign aid money get other Pakistani officials to issue a stand down order. The SEALS swoop in unopposed but somehow still lose a helicopter. They kill a captive Bin Laden as part of a deal to avoid exposing Saudi support for Al Qaeda. The media gets fed a cover story about the compound being a command center. Some doctor guy becomes a scapegoat and vaccination programs are derailed in all of Pakistan. The CIA fabricates documents from the compound and flirts with claiming credit for "enhanced interrogation" technique in the matter.
If you don't like that story then sure by all means stick with Story A: The CIA does brilliant investigative work. The commander-in-chief makes a gutsy call. The SEALs storm in and kill the bad guy in a firefight. He is buried at sea with full rituals. The 2012 presidential campaign starts a few days afterwards.
If you support Story A, then this would certainly make sense:
>It's like they simply forgot about the biggest reason it took so long to find Osama bin Laden: he was so security-concerned that he used couriers and relays (which, counter to the broad narrative about the terrorist shift to security, actually cannot be decrypted)
The only thing that lends credibility to the story in the post you're responding to is the person who's claiming it's the truth. Seymour Hersh [1] has enough of a track record that we shouldn't dismiss it out of hand. As far as evidence goes, I'm not sure the official story has been proven any more than Hersh's story has, so it's hard to know what to believe.
Thank you! Ok I remember when that story broke but I didn't read the details. Seymour Hersh is such a respected and renowned journalist who has a track record for revealing exactly this stuff. But the lack of openness in the sources is disquieting. But the story is so odious and so serious, I suspect there are no sources that could weather the storm regardless.
The other 'wild' claim I heard was that his compound was actually a prison, built especially to house him. Again no proof, but an interesting idea none the less.
To be fair, an ultra-secure compound that the owner/resident of doesn't ever leave for fear of his own safety can be indistinguishable from a luxury prison in terms of outcome, even if it wasn't intended that way.
I was just using it as an example of it long being on the mind of terrorists that they need to take extreme precautions to avoid their electronics being compromised. Snowden didn't alert them to the concept of decryption. Sorry if I implied anything more.
The most dangerous terrorists have probably already reverted to couriers with one-time pads. One-time pads are uncrackable, yet they were used extensively before modern cryptography was even invented. They're cumbersome and constrained but very effective. No amount of mass surveillance will alter their efficacy.
So I read the wiki on the One-time pad and there's something I'm a little stuck on. There's a statement (paraphrasing) that the OTP is immune to cryptanalysis (brute force) because any given key translates to all possible plain-text, and the viable words all have a-priori the same likelihood.
The thing I'm stuck on though, isn't it still possible to do semantic analysis on the various permutations. Basically reading permutations for cogent statements? So do some sort of a-posteriori analysis
Infeasible for a human to do, but assuming one could construct a significantly advanced parser (non-trivial of course), wouldn't it be possible to brute force still? What am I missing?
The key is the same size as the message. Each letter translates the corresponding letter and no others. You could make a key to translate the message to anything with the same number of letters.
Well no. What you are describing is basically searchig through all permissible permutations in a given search space, i.e. a thousand monkeys with typewriters. Fron time to time the system will produce something that is not gibberish, but there is no way of knowing if it is related to the true message at all.
No. What you described will work for a simple substitution cypher, but not for a one time pad. A one time pad is the same length as the message, and permutates every letter independently. Trying all keys will yield every possible plaintext. For example the phrase:
"The swallow flies at midnight"
May (with a one time pad) be encrypted into
"WD4oXOl8yO0QtD4sOf7ip0P7ScIia"
(which, incidentally, is indistinguishable from random noise)
If you just bruteforced that by xor'ing every character with every other possible character you could derive every possible message of that length, such as:
"garfield hate lasagna someday"
"men are cats why even bother?"
"pocket knives go to space yay"
etc ad infinitum
No measure of semantic analysis will help you here!
I'd like to add this scenario actually happened during the Cold War. Soviets were reusing one time pads and the US army decrypted some of the messages, among other things this lead to discovery of Soviet spies targeting the US nuclear weapon program https://en.wikipedia.org/wiki/Venona_project
I am out of my element here, but my understanding is that since the key is equal in length to the message, there is no way for you to know whether you are simply seeing a pattern in the key or a pattern in the message.
Imagine a one time pad made for encoding numbers that used a "MOD 10" operation on each digit.
In all cases, the patterns that you can discern may be from my message and may be from the key. As an analyst, you can't tell.
If this were English letters rather than numbers, and you know 'e' is very common, you still can't get anywhere because each 'e' is encoded with a unique character from the key.
This is a good description, but to add on to it:
If there is a pattern in the plaintext, it does not increase the probability that there is a pattern in the ciphertext. It is true that there may be patterns in the ciphertext, but they give you no information about if there is a pattern in the plaintext.
It doesn't seem very likely that anyone has broken a modern symmetric cipher like AES or ChaCha. If not, a small random key is just as good as a one time pad, and you can reuse it for as many messages as you want. The bigger risks are that you reveal the key or that your hardware is evil, but OTPs don't save you from either of those.
With public key crypto it's a lot more likely that something might be broken. But then again if you somehow solve the problem of swapping secret keys/OTPs with everyone you want to talk to, you don't need public key crypto.
This argument misses the point IMHO: the US government was investing astronomically large sums of money in an infrastructure that was fated to quickly become less and less effective. In doing so, they were even willing to violate basic constitutional rights.
I've always viewed this as a false choice. If you give up your freedom you won't get anything in return. You won't be safer and you won't be more prosperous. <insert Ben Franklin quote here>.
>A politic minister will study to lull us into security, by granting us the full extent of our petitions. The warm sunshine of influence would melt down the virtue, which the violence of the storm rendered more firm and unyielding. In a state of tranquillity, wealth and luxury, our descendants would forget the arts of war, and the noble activity and zeal which made their ancestors invincible. Every art of corruption would be employed to loosen the bond of union which renders our assistance formidable. When the spirit of liberty which now animates our hearts and gives success to our arms is extinct, our numbers will accelerate our ruin, and render us easier victims to tyranny. Ye abandoned minions of an infatuated ministry, if peradventure any should yet remain among us!—remember that a Warren and Montgomery are numbered among the dead. Contemplate the mangled bodies of our countrymen, and then say, What should be the reward of such sacrifices ? Bid us and our posterity bow the knee, supplicate the friendship, and plough, and sow, and reap, to glut the avarice of the men who have let loose on us the dogs of war to riot in our blood, and hunt us from the face of the earth? If ye love wealth better than liberty, the tranquillity of servitude, than the animating contest of freedom—go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains set lightly upon you, and may posterity forget that ye were our countrymen.
-Sam Adams, American Independence Speech, August 1, 1776.
Waiting for the day when it is insisted that only criminals/terrorists use end-to-end encryption.
I'm not surprised by liberals who want this and think government is mother/father (to be clear I am progressive) but I am REALLY surprised by conservatives that now want government monitoring every part of their citizen's lives.
311 comments
[ 0.15 ms ] story [ 584 ms ] threadWithout encryption, internet doesn't work. Without internet, banking and e-commerce doesn't work. Really, not a single user-identifying service can function without encryption.
Also, encryption is based on math and logic. You can't really prohibit people from using it, or having it in any sensible way. Meaning that if we live in a fantasy land where this became outlawed, you'd still have any two nodes using encryption should they wish to. I doubt terrorist have the necessary incentive to follow international laws.
In fact, a mathematically unbreakable encryption is simply generating random data (aka. a one-time pad https://en.wikipedia.org/wiki/One-time_pad), and having a copy of this data at each end of the communication. Want to transfer sensitive data across the border? Just xor your data with the random data, and take the random data with you across the border. If the microSD card didn't leave your butt-crack at any point, you can merrily download the xor-ed data through NSA's mainframe, and they can't do jack about it, even with quantum computing, or any imaginable alien technology.
Sure, someone tech savvy can get around that, but not everyone. Just look at how many criminal cases end up finding emails explicitly talking about plans and crimes. So there are people nowadays not even using encryption when committing crimes. If you make encryption-by-default impossible, the amount of unencrypted messages will increase, and you'll have gained those.
Now whether that's good or bad is a separate discussion; I tend to think it's bad, but that's a more nuanced argument than "you can't ban it, so don't do anything about it".
Or someone who has a strong incentive to keep their communication hidden - like a terrorist or a drug enforcer. This leads to a situation where law abiding citizens are punished when their right to privacy is denied, while criminals aren't hindered. "When you outlaw X, X will only be used by outlaws"
Criminals aren't perfect.
[1] - http://nindalf.com/OverconfidentArowana
See also http://www.bloombergview.com/articles/2015-10-20/shh-credit-..., http://www.bloombergview.com/articles/2015-08-18/bny-mellon-... and http://www.bloombergview.com/articles/2015-10-20/accidental-...
Clearly neither being really smart nor having a lot at stake will prevent someone from sending sensitive things over email.
As for terrorists, a short search turns up https://books.google.com/books?id=VqY4Wr3T5K4C&pg=PA410&lpg=....
I think if you claim that major criminals' encryption usage would be unaffected by making it difficult to use, you need to support that at least as well as I've just argued for the opposite.
"If you make encryption-by-default impossible, the amount of unencrypted messages will increase, and you'll have gained those." Requires you to monitor every message for every form of data, and assuming the false assumption that banning encryption increases the simplicity of finding messages, you would probably only find more things not related to what you are looking for. Only assuming you have control over all data channels, which even the US doesn't have.
On the other hand: This message is then flagged: bomb, truck, explode. While you could better be looking at other stuff like origins and communication contacts. These give a clearer view than the random words you will be picking up, even when they are encrypted.
Don't we assume the NSA is logging any US traffic anyway? Even if not, they could require a direct line into all messages sent via some apps.
Does this mean we should outlaw the use of screwdrivers ?
Targeting main stream applications only hurts main stream users. NYT should write an article about that.
I'm not on the side of reading messages but you missed the real argument being made.
Typical HN. How about someone answering the argument that will really be made by governments instead of the pointless one the NSA, etc have already answered. You can downvote me but you don't get a downvote in governments around the world when they outlaw real encryption.
Suspension of disbelief on security of escrow mechanism is a necessary pre-condition.
I'm pretty sure you can downvote them by voting for representatives that do not support such laws. At least if you're in some kind of democracy.
[1]: https://www.census.gov/content/dam/Census/library/publicatio...
Voting is not a solution to a problem like this and is generally very ineffective in the US.
I was ready to up-vote your argument because I agree with the first two paragraphs but the snark turned me off from supporting you. Leave it out next time and I you'll make a more convincing argument.
What does seem being argued for is to mandate adding a 'backdoor' for the government.
The counter argument to that is that adding a 'backdoor' makes the encryption pretty much worthless.
The weighing of risks of this and the importance for privacy versus the anti-terrorism fighting benefits is the only debate (not) happening.
Of course it doesn't, and that's not what I meant. I didn't mean wholesale outlaw, as in no one would be allowed to use it. Governments can mandate consumer communication technology, for example, like they are trying to do with Apple now.
http://betanews.com/2015/11/17/tim-cook-apple-wont-weaken-en...
Also remember that crypto would still be legal in the rest of the world (China is not going to backdoor their crypto for the NSA's benefit) so you would still have heaps of encrypted traffic moving across the internet. I doubt that such a measure would do anything but make mass surveillance of western populations easier.
"If you outlaw encryption, only outlaws will have encryption"
https://web.archive.org/web/20151115191248/http://www.nytime...
"The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption."
NYT didn't seem to pass it as anything else than it is. What's your logic here? Should all anonymous sources be banned? Or only the sources with opinions that you don't like?
Should the NYT report that a UFO passed over because some official told them so? No.
When you receive an anonymous tip, its your job as a journalist to try and confirm it, not report it directly.
Additionally, when a paper reports something with no evidence and screws up, they usually publish a retraction, not change the article and direct you to a new copy.
Here is the NY Times Standard and Ethics Statement, which describes the newspaper's "distaste" for anonymous sources:
http://www.nytco.com/who-we-are/culture/standards-and-ethics...
In fact, that's probably the reason it was pulled: a complaint was made to the NYT Public Editor about the piece's sources.
To me, it's transcendental.
He made it easier to understand unicode!
#BanLargePrimes
The implication is that it can be illegal in some cases to say "The government knows the factors of X" or even "The factors of X are Y and Z."
I'm kinda ashamed I haven't thought of that.
And that just shows how little a mandatory backdoor policy would help: being able to read something doesn't mean you can understand it. It's always possible for someone to come up with a communication scheme that you didn't anticipate or can't interpret, and you can't legislate away that capability.
So a backdoor policy doesn't trade privacy for safety -- instead it trades privacy for a chance at safety, and pretty much just safety from careless, unprepared attackers.
You make it sound like there was a point when broad surveillance helped against terrorism, but it never did.
Catching the bad guys is easier than ever, encryption or not.
Encryption is like envelopes for the mail. They can be broken into with enough force, but their purpose it to shield the contents of the message from those handling it in transit. A post card offers no such protection.
So suppose the banned encryption (envelopes). Im sure the government would still reauire envelopes. As would anybody dealing with health records. Or banking, financial stuff has a legitimate need for secrecy. So they ned envelopes.
Pretty soon what you have is a class of people allowed to USE envelopes and a class of people not allowed it use them.
Like envelopes, encryption is an idea, not an inplementation. They may block you from using this tool or that tool, just like a government could make selling pre-made envelopes illegal - but the IDEA of encryption is simple just like the idea of an envelope. Anybody with paper, scissors, and glue can fashion their own envelope. Encyption is the same, one person can dream up an build their own encoder and you can never ban or prevent that idea from being used.
"Why I Wrote PGP", by Philip Zimmermann
We really need to emphasize the envelope metaphor a lot more. It's much easier for non-technical propel to understand than any discussion of key/signing/etc.
It's unfortunate that there's no way [without a lot of money] to launch a campaign that highlights the fact that most sensitive online transactions rely on encryption - banking, purchasing, etc - to protect you from The Bad People who want to steal your critical financial information.
That would also highlight that it's not just about keeping secrets from the government - in fact, that's the smallest fraction of it.
I don't know about that. I'd argue that most people don't think of themselves as bad, but it doesn't make them not-bad. And humanity definitely has base instincts - if we didn't, we wouldn't need governments and police.
I disagree. I've never found a coherent absolute ethical framework. Not even "Don't kill people."
When anyone is arguing that something is bad, that person has to appeal an authority or belief. Often the reasoning leads to utilitarianism: "If we want society to continue, we should ban murder." But that's still an if/then statement. Beneath the if/then is an appeal that society is good or desired.
> And humanity definitely has base instincts - if we didn't, we wouldn't need governments and police.
This viewpoint becomes popular with Hobbes in the 1600s. I disagree with the term "base instincts," which negatively connotes those things. I'll change it to "randomness"; i.e. in a society of nondeterministic people, some will try to kill the others. Government and police try to reduce that kind of randomness. But from that same randomness we get music, science, justice. I'm speaking loosely of course.
I think of my American government as social contract, not as protective parent.
I think "randomness" is even worse, because it makes it sound like these actions could be expected from anyone at anytime. Statistically, a small portion of the population is responsible for most of the violence, through repeat offenses. Also, in many situations there are clear warning signs (e.g. mentally ill with clear homicidal ideation, member of a gang). Are you really arguing that a dice roll is a good fundamental model for human behavior?
Nondeterminism (assuming humans are truly nondeterministic) doesn't really matter here, except for the fact that we don't have a way of precisely predicting people's behavior (and may never have one). If it turns out that humans are just complicated, deterministic machines that we can not feasibly predict, the reasons for which we have developed societal structures do not disappear.
> But from that same randomness we get music, science, justice.
I think it's pretty easy to distinguish between the first two and violence. I agree that the third is a bit trickier. If what you mean is that the exercise of both these and the dispositions-formerly-known-as-base-instincts are a result of allowing for a significant measure of personal freedom, I'll agree with you. But writing human behavior off as having no more structure than a random number generator ignores a lot of predictive and explanative power that we do actually have.
#Pollution #Cars
Sure, they did not intend to crash, but choosing to risk others lives is considered a reasonable thing to do. Assuming your not overly blatant about it.
They can. A neurotypical person's brain could spontaneously generate a violent psychotic episode due to a stroke or adrenergic tumor or somesuch. Just like any area of the sky could spontaneously throw a lightning strike at you at any time. It's low probability, certainly, but murder is a low-probability event to begin with.
The important point is that a model with "non-deterministic" people in it has more predictive power, epidemiologically, than a model where it's impossible to become a murderer without "warning signs." It's not at all "writing human behavior off"; the fact that the model includes randomness can actually help you prevent murders more effectively, by leading you toward strategies to cope with unpredictable murders—e.g. building education toward methods of "de-escalation" for psychotic episodes, crimes of passion, etc. into your society—rather than simply trying to reinforce policing and social work.
I think if we eliminated all murders except these, we would be in excellent shape. My point is these are not the ones worth focusing on, because we don't have good tools to deal with "random, history free, psychotic break."
> The important point is that a model with "non-deterministic" people in it has more predictive power, epidemiologically, than a model where it's impossible to become a murderer without "warning signs."
Well, if your probabilistic model has no "warning signs", then how does it provide any information at all? If you don't have a method of using information to differentiate the probabilities when given a person/group of people/location etc. then you have no predictive power at all, except for the average murder per capita.
> building education toward methods of "de-escalation" for psychotic episodes, crimes of passion, etc.
De-escalation of psychotic episodes is an impossibly hard thing to teach without protracted work with a mental health professional. In addition, I seriously doubt that there would be any effectiveness when taught to people who have not experienced psychosis. Teaching this to everybody would be inhibited not only by cost, but by the fact that there is not likely enough people in a society that would be good enough therapists to do this on a large scale.
I would agree that most people don't think of themselves as bad, but since there's no objective 'bad', wether or not they're 'actually bad' is up to the observer. When a person is labeled as 'evil' it's not a description of them as a person but a description of what the describer thinks of them. Hitler wasn't evil because he killed millions of people, he was evil because the general consensus is that doing the stuff he did makes you an evil person.
If one loses sight of this and starts think of evil as objective reality, they're taking their biases and opinions as objective reality, and down that path lies ruin.
But back to Hitler, if you're trying to make the case that his evilness is subjective, I mean no offense but that's a really dumb argument. Hitler was in no small part evil because his actions were, on one hand irrational, fueling and amplifying his people's potential for hatred and destruction and on the other hand detrimental to the survival of our species and of Earth itself. And again, genocide is not natural. You see, in nature animals kill to eat, but that's to satisfy a basic necessity and not out of some wicked sense of justice and animals can definitely not kill on an industrial scale like we do. Whatever definition for "evil" you find, genocide on an industrial scale is pure evil by definition.
And if that doesn't sound objective enough, consider that culture is a part of who we are. We aren't DNA-coded to eat certain foods, or to live in a certain place, or in a certain way. Compared with rats, we can rely on the wisdom of our elders in order to survive. And we've survived this way for a long time. As an example, our rich culture, which includes preconceptions and taboos, is what prevents us to eat each other, or to have sex with our siblings, or to bring human sacrifices to our gods. Actually some preconceptions are more subtle and newer than others - for example the notion that children are fragile beings that need to be loved and protected, instead of someone's property, is pretty new, being popularized by Christianity.
So you know, if popular conception is that doing this or that is evil or toxic or taboo, there's a high probability that such judgments are correct, helping us to survive and thrive. Even with all the false positives (which tends to be the lack of tolerance towards people that are different from us), dismissing our heritage would not be wise. Plus usually the guidelines are simple, like being a murdering maniac counts as evil, though somebody should tell those jihadists.
This is a really pedantic, subtle and (I think) important distinction. If one sees good and evil as objective truth, they're reliant on the source of that truth for their moral judgement. This explains the jihadists you mention. It's not that they enjoy being murdering maniacs (although I'm sure some do), it's that their source of moral truth tells them that the infidels are evil and must be destroyed (or whatever), so they see what they're doing as a good thing.
They are bad, we are bad. The only not bad involved in all of this is the little children who we both have hurt, and even then those children will grow up and become what the other side considers bad.
In the end, it's more education, isn't it? Most things are. But in some cases, like this, it's a race between general education and political (and spy agency) advantage-taking.
That's Snowden's greatest legacy - a few more people became educated, and the public frustration and pouting spy agencies are doing regarding encrypted communications are a bit more transparent than once they were.
Google pins their public key fingerprints right into Chrome, and this feature is open:
https://hstspreload.appspot.com/
https://en.wikipedia.org/wiki/Certificate_signing_request
Edit: Ah, if you were talking about the CA's private keys, then the parent is correct.
However when it comes to encryption, bad guys use it so it needs to be banned!
It's like they have it completely backwards.
However, even if the bad guys didn't have encryption, we would still want good guys to have encryption to prevent the bad guys from intercepting private and sensitive communications.
Ignoring the issues such as fending off bad guys (so what if they only have a knife, I'd rather bring a gun to a knife fight), hunting wild life, shooting for fun, owning collections, any many other reasons. Outright dismissing all of those is like just dismissing the need to protect private electronic communications.
Terrorism is pretty far down the list of things that frighten me.
The Europeans are fond of reminding Americans that we think 200 years is a long time. So, how long ago was the Stasi disbanded, again?
Of course, you could play the "Slippery Slope Fallacy" card against my argument... but we're not dealing with logical entities, are we? We're dealing with often-irrational human beings and governments composed of them.
However when it comes to encryption, bad guys use it so it needs to be banned!
It's like they have it completely backwards.
The reality is, of course, encryption was used in these attacks. These terrorists aren't stupid. That doesn't mean it needs to be banned the say way a randoms stabbing don't mean knives need to be banned. I think the people saying "No way, never no encryption has every been used for nefarious purposes" are just as bad as the other side. Having a sophisticated view of this stuff makes a lot more sense.
Encryption will be like the gun debate. It will flare up from time to time. Its an easy horse to beat because its too technical for the layperson to really have a good understanding of and clearly there are political elements that would love Clinton-era laws limiting key size and such. The reality is that this ship has long sailed away. The genie is long out of the bottle to control encryption like its 1993.
Unfortunately, I'm already seeing similar hyperbolic arguments about cryptography - "let's outlaw math", etc.
As you implied, I'd like to see a rational discussion. Yes, cryptography can and will be used for nefarious purpose -- but it's used in much greater capacity for legitimate purposes. That's what needs to be emphasized - it's the only logical, supportable argument to make.
Pretty much all the British digital policies are silly. I think the simple thing they seem to not understand is that the Internet is smarter and moves fast than policy.
I don't think that's a good idea either, but there are people who would probably see that as a reasonable middle ground.
#FightForEncryption
Quote from UK government advice to small business people, see
https://www.gov.uk/government/uploads/system/uploads/attachm...
I suspect that GCHQ people want people using encryption but encryption that they have a feasible way of breaking if needed. Yes, I know, no way of stopping back-doors being used by other agencies/bad actors.
Said no terrorist or criminal. Once the cat has been let out of the bag there is no getting it in again.
https://news.ycombinator.com/item?id=10580586
https://web.archive.org/web/20151115191248/http://www.nytime...
On the Diane Rehm Show, when asked what we know, he said "not much, but that encryption or anonymizers, like Tor, might have been used to hide their communications".
So they're already working to plant that narrative in listeners' heads.
If you weren't aware, Bamford is actually one of the good guys in this debate. Don't make him say things he didn't say.
https://theintercept.com/2015/11/15/exploiting-emotions-abou...
Yes, measured data and unmarked compressed data have this same property, as do actual random data. But is does not look like 9 nines of false positive rate are a concern to those people.
If you include stenography, yes, it's certainly not easily recognizable. I don't think good stenography can be recognized at all, but that's not my area and I've got people contradict me at this (without further info), thus I'm not sure.
There is no truth being asserted in the premise causing the conclusion to be true. It's fairly clear that it was a statement from an original source, that source being trustworthy is where we would find (or not find) the information which would show the conclusion to be true, not the premise of the 'fantasy.'
"$noun did $verb which resulted in $result and $result is $something interest which begs the question $question."
The government would just have the private keys so they could decrypt traffic easily.
Someone posted a photo of master keys and Internet was, as usual, the Internet.
And terrorists would be smart - they'd employ non-backdoored encryption, hide that in "legit" communications, and encrypt that with the proper back-doored government encryption. They'd appear to be a totally normal snapchat user, or whatever.
If we actually meant to give up all encryption, card-kiddies would destroy civilization in three weeks.
...Unless you're intercepting and sniffing everything that's unencrypted. Then we're back to square one.
I think you're straw-manning their position here.
The opponents of encryption aren't claiming terrorists will start using unencrypted communication, they're advocating for legally-mandated "back doors" to be built into supposedly-secure communication systems.
Terrorisms won't use legally-mandated software for they illegal operations.
All the back doors accomplish in the end is harming the general public.
http://www.friendmosaic.com/images/example-mosaic.jpg
and it's pretty easy to see that this avenue of thought --- that we will put our efforts toward finding a way to ban encryption --- is totally ridiculous.
So imagine if Apple, upon condition of selling iPhones within China, must provide the Chinese government with a backdoor through Apple's encryption. Do you know how many federal employees use Apple technology? Including the President himself, who totes an iPad everywhere?
I don't think that federal intelligence and law enforcement officials calling for backdoors have fully thought through the consequences.
I think assuming that level of incompetence is a big claim.
It's simply much more likely that the actual plans/goals and the talking points and press releases about the plans/goals are mostly unrelated, as usual. You can infer that those calling for backdoors have decided that calling for backdoors is the best thing to say, inferring anything more requires more information.
Not really. Have you listened to the average member of Congress lately? Incompetence runs deep throughout all levels of government.
Instead, look at it this way: everyone has their area of responsibility. The head of the CIA is charged with providing the best possible situational awareness for the U.S. government. He's going to make proposals and requests that will help him do that.
He's not charged with balancing all possible consequences from his requests, and he's not going to do so.
But ... that seems like quite a level of incompetence for someone trusted with the position of Head of the CIA?
By which I mean, not charging him with that responsibility is a mistake (in gov structure), but him actually not doing so is his own incompetence, is it not?
How is calling for a really bad idea because it's the best thing to say different from the level of incompetence you say is too big to assume?
edit: "not going to happen" could be read as "not going to be effective." I wouldn't actually be surprised if the US ended up passing some law restricting crypto to an approved list of backdoored schemes (surprised: no, dismayed: yes), forcing people into hiding their crypto in deniable ways. What some people don't seem to grasp is that no matter how much you outlaw certain math operations, whether or not the end users comply with those laws is ultimately up to them, and the terrorists simply won't comply.
To a man with a hammer, everything looks like a nail. To a man who only has words, everything looks like a soapbox.
I get that some of the controversy lately is about how well they stick to their mandate, but that doesn't change what the mandate is.
The NSA is part of the Department of Defense charged with foreign signals intelligence for national security purposes, its not a law enforcement agency. (And many of the tools it uses would be flagrantly unconstitutional if used for domestic law enforcement.)
Generally, blurring of the military and law enforcement roles is not a healthy thing; it may be good for order, but rarely for liberty.
It sounds impossible, of course, but that's just because we're not sure where these guys put their goals; some may be fighting for lack of another purpose in their life, while others may be motivated by personal loss or a thorough belief in the violent interpretation of Islam.
So what we really need to do is find a common thread among all the terrorists, and pull on it.
Read pretty much anything Amnesty International publishes, or even the right history books and you'll have all the evidence you ever need as to why privacy is important even when you think it isn't.
Once bad things start happening it's too late to change your mind. They already have what they need.
http://www.nytimes.com/2008/12/09/world/asia/09mumbai.html?_...
The issue the security forces _did_ have was in identifying where the calls were originating. The actual content was not encrypted though.
It may indeed be that this kind of signals intelligence isn't actually helpful, but I don't think this is a very good argument either way. If there was a massive disruption of planned terrorist attacks, it is not useless just because there wasn't a complete elimination of terrorist attacks.
>Pakistan secretly captures Bin Laden by bribing tribesmen. The US finds out by bribing Pakistani officials. Further bribes with foreign aid money get other Pakistani officials to issue a stand down order. The SEALS swoop in unopposed but somehow still lose a helicopter. They kill a captive Bin Laden as part of a deal to avoid exposing Saudi support for Al Qaeda. The media gets fed a cover story about the compound being a command center. Some doctor guy becomes a scapegoat and vaccination programs are derailed in all of Pakistan. The CIA fabricates documents from the compound and flirts with claiming credit for "enhanced interrogation" technique in the matter.
If you don't like that story then sure by all means stick with Story A: The CIA does brilliant investigative work. The commander-in-chief makes a gutsy call. The SEALs storm in and kill the bad guy in a firefight. He is buried at sea with full rituals. The 2012 presidential campaign starts a few days afterwards.
If you support Story A, then this would certainly make sense:
>It's like they simply forgot about the biggest reason it took so long to find Osama bin Laden: he was so security-concerned that he used couriers and relays (which, counter to the broad narrative about the terrorist shift to security, actually cannot be decrypted)
##EDIT
Claims comes from a previous HN article about the Killing of Bin Laden: https://news.ycombinator.com/item?id=9520984
[1] https://en.wikipedia.org/wiki/Seymour_Hersh
https://en.wikipedia.org/wiki/One-time_pad
The thing I'm stuck on though, isn't it still possible to do semantic analysis on the various permutations. Basically reading permutations for cogent statements? So do some sort of a-posteriori analysis
Infeasible for a human to do, but assuming one could construct a significantly advanced parser (non-trivial of course), wouldn't it be possible to brute force still? What am I missing?
"The swallow flies at midnight"
May (with a one time pad) be encrypted into
"WD4oXOl8yO0QtD4sOf7ip0P7ScIia"
(which, incidentally, is indistinguishable from random noise)
If you just bruteforced that by xor'ing every character with every other possible character you could derive every possible message of that length, such as:
"garfield hate lasagna someday"
"men are cats why even bother?"
"pocket knives go to space yay"
etc ad infinitum
No measure of semantic analysis will help you here!
If you use the same one time pad to encode two or more different messages, then all the sorts of attack proposed here become plausible again.
The security provided by a one time pad relies entirely on the fact that it is only ever used once.
Computerphile recently showed how this was done.
Imagine a one time pad made for encoding numbers that used a "MOD 10" operation on each digit.
Then imagine the key is:
And the message is: The output is: Alternative messages: In all cases, the patterns that you can discern may be from my message and may be from the key. As an analyst, you can't tell.If this were English letters rather than numbers, and you know 'e' is very common, you still can't get anywhere because each 'e' is encoded with a unique character from the key.
With public key crypto it's a lot more likely that something might be broken. But then again if you somehow solve the problem of swapping secret keys/OTPs with everyone you want to talk to, you don't need public key crypto.
http://www.news.com.au/world/europe/islamic-state-tweeted-of...
If the priorities are Freedom > all, then encryption is a necessary tool.
If the priorities are Prosperity > Safety > Freedom > all, then society will run roughshod over freedom.
-Sam Adams, American Independence Speech, August 1, 1776.
https://en.wikisource.org/wiki/American_Independence
I'm not surprised by liberals who want this and think government is mother/father (to be clear I am progressive) but I am REALLY surprised by conservatives that now want government monitoring every part of their citizen's lives.