56 comments

[ 1.5 ms ] story [ 142 ms ] thread
Great Mr. Comey, so you won't mind providing a public feed of all of your personal audio / video / text communications, and your Internet traffic, right? I mean, if nobody needs privacy, I'm sure you'll be standing at the front of the line to surrender yours...
Senators Feinstein and Schumer would sooner race to the front of the line to turn in their guns...
Feinstein the hypocrite. She has a conceal carry permit yet many in CA are unable to get such.

I'm really done with her being one of CAs senators. Of the two, I don't like either, at least I can respect Boxer for not being the overwhelming hypocrite and self aggrandizer that Feinstein is.

I'm tired of being lectured on guns by people who have concealed carry permits and armed security. Sulzberger from the NY Times is another - he has the paper in full-throated support for gun control while at the same time he has a concealed carry permit hardly anyone in NYC can get.
It is rational for Sulzberger to call for more gun control, and to be the only one with a gun. After all, it makes him safer.

<insert major American city>'s economic elite are fearful because there are crazies that often have bones to pick with people that are high profile. By the nature of that profile, there's some nutjob that's likely sent them a few death threats. The more people other than their elite friends they can disarm, the safer it makes them. The greater the income inequality divide becomes, the worse it will probably get.

It's generally rational for people who campaign against bad policy to make use of those policies while they exist and are advantageous.

Mayday.us is a superpac designed to end superpacs. This is not hypocrisy. See also signatories to the nuclear non-proliferation treaty.

It's not hypocritical if you think Sulzberger intends to give up his permit after he gets the gun control he wants. Personally, I don't believe it for a second.

I don't blame him for wanting to be the only guy with a gun. I just don't think he should be allowed to arrange that through the government.

> Feinstein the hypocrite. She has a conceal carry permit yet many in CA are unable to get such.

This caught my attention (I love to catch a hypocrite), but I don't think it's actually true today.

Various sources indicate she did have a concealed carry permit, due to threats she received from the New World Liberation Front, but that she ditched the revolver she was carrying in her purse, thanks to the permit, at some point in the past (likely in 1982). Here's an article from left-wing biased source MediaMatters, which cites a 1982 WaPo article I couldn't verify (no LexisNexis access):

http://mediamatters.org/blog/2013/03/19/hannity-falsely-accu...

If you prefer sources from the other side, here's notorious right-wing blogger and floor-shitter Chuck C. Johnson reporting the same (with an entirely different spin):

http://dailycaller.com/2013/03/15/in-feinsteins-harvey-milk-...

And here's a post from TheHill, whose political bias (if any) I don't know:

http://thehill.com/blogs/blog-briefing-room/news/273989-fein...

TheHill's post doesn't mention a date, though.

Don't forget Schwarzenegger. Just three days ago on HN we discussed his Facebook stance on "climate change" and "pollution". And yet this clown commuted via private jet, sometimes daily, between LA and Sacramento.

Oh, sure, he bought "pollution credits" to offset that. I suppose those credits paid for giant flying bags attached to his jet engines. And then he sequestrated the captured CO2?

It doesn't get much more hypocritical than that. Gulfstream liberals put limousine liberals to shame. http://articles.latimes.com/2008/mar/07/local/me-arnold7

I think the techincal issue is guaranteeing the that the backdoor, whatever form it takes, can only be used in the service of a lawful court order.
Putting even the most secure and resilient backdoor should be considered a failure of freedom, privacy, and politics.

At the end of the day backdooring encryption does nothing but weaken everyone's security without actually helping intelligence agencies, at least in the face of serious actors.

Fine, agree to a global backdoor or all crypto with a handful of trusted key holders, how long until the algo or key is leaked, how long until a flaw in it's implementation is found, how long until some TSA agent is photographed with the password blinking on his screen in a news article.

All this will do for bad actors is ensure they assume whatever service provider isn't to be trusted in their implementation and just use a 3rd party process and/or open source tool chain to produce encrypted messages that will be routed over already encrypted networks. Great, your backdoor got you to a second layer of ciphertext that you still can't make heads or tails of, meanwhile you've weakened the security of literally every person on earth.

A backdoor is unacceptable, no matter it's perceived strength, value, or safety.

Encryption with a backdoor is not weak it's unencrypted. Anyone who says they want such a thing should surrender their band account credentials first so we can demo what will happen.
I understand the aversion to backdoors and am quite sympathetic to the view that all encrypted communication should be revealed only to the sender's intended recipient(s). However, the choice is not always ours to make.
How do you propose to remove that choice from me?
A backdoor like that does not exist. Sorry.
(comment deleted)
The same backdoor will be exploited by other countries and hackers. There's no such thing as a safe backdoor.
Well, sort of. You can have a backdoor as safe as the backdoor key holder.

The problem here is not a technical one; we don't between a "safe backdoor key holder" can really exist.

>>> FBI director James Comey has called on tech companies to stop "by defaut" end-to-end encryption -- so that the FBI can monitor communications again.

Note the "by default". That suggests the FBI isn't interested in spying on smart people. They only want to go after the dolts who cannot be bothered to enable encryption. Mr Comey obviously doesn't think much of his adversaries if he assumes they won't bother trying to hide.

Either that, or they want to spy on the population generally for purposes other than the prevention of crime. Which is it? Does be believe terrorists are not tech savvy, or does he not care about clever terrorists and instead wants to monitor the plebs? I doubt he has any coherent answer beyond beyond 'More data = good'.

Sorry, I'm having trouble following your argument. Are you suggesting by your quote that the FBI is saying such things so that only "non smart" people will listen to them, and turn off end-to-end encryption?
I believe the point they're going for is that if end-to-end encryption were off by default the majority of people would not turn it on, so to speak.

So the goal is to be able to passively collect more data, rather than actively track down criminals who would presumably take precautions to ensure their activity is suitably encrypted.

>criminals who would presumably take precautions

This strikes me as weak. Sure, some criminals would still enable it, but most criminals wouldn't. I've made the same arguments in greater detail here https://news.ycombinator.com/item?id=10580829 , and lower link to some criminal activity with hundreds of millions at stake that communicated over email.

He's not advocating that we un-invent the math that underpins crypto, so there is no way to prevent all crypto.

I interpret his words to talk specifically about people who choose not to add their own crypto layer on top of the OS / provider product layer. "opt-in" could mean the provider makes it available to the user, or (IMHO more likely) it could mean the average Joe that is unfamiliar with setting up a secure communication channel on their smart phone would not likely go through the hoops of learning to do just that.

I hypothesize the FBI wants to expand its credit card fraud division, and the way to accomplish that is make it possible for a thief to simply open his Wifi at Starbucks, run the right script and snatch unencrypted CC's out of the air.

The resulting influx of credit card theft would do wonders for the headcount and political importance of the credit card fraud investigation department...

I get your point. But, tangentially, I believe the Secret Service handles more of the credit card fraud stuff. There was just some discussion in the news the other day about the Secret Service being stretched too thin because of all the time they spent on investigating financial "cyber crime" vs. guarding the president and such.

Anyway, here's a couple links on what to report to which:

Secret Service: http://www.fraudaid.com/solution_center/jurisdictions/usfed-...

FBI: http://www.fraudaid.com/solution_center/jurisdictions/usfed-...

If apple disabled the end-to-end encryption in imessage, it wouldn't let the FBI spy on everybody's convos. The conversations would still be secure from device to apple via SSL.

It would just allow them to get a warrant and wiretap someone's convos.

I noted the "by defaut" and was surprised to see such a blatant spelling error in the first sentence of a Wired article.
I have a Wired magazine next to my toilet that has a picture of George Lucas and says "40 YEARS OF ILM" right on the cover
ILM stands for industrial light and magic, his special effects shop, and 40 years ago was when they started making special effects for star wars. it's not 'film'.
It's so stupid for the government to not realize that if they can slurp up data from unencrypted traffic to businesses, then so can foreign adversaries. How are they so sure that this power leans more to them than to foreign entities? That's an edge against both American businesses and consumers.
No thanks, I'd sooner ditch the FBI director.
The headline is misleading. Comey wants providers to control the keys, not the end users. Providers can be compelled if needed. In many cases, end users have 5th amendment protection.

EDIT: The headline on the Wired website is more accurate, the HN headline is sensationalized.

Your characterization of the protections users have is misleading. There has been no definitive nationwide court case which has settled the issue.

In one case, a citizen was protected from giving over the password to their phone, but was compelled under penalty of contempt of court to unlock the phone for investigators to analyze. In other cases, courts have compelled defendants to hand over the passwords.

Providers can be compelled, but that is because companies have no strong desire to protect the civil liberties of their customers (or in the case of social media -- their products), but _do_ have a strong desire to prevent financial punitive damages or legal defense fees from being incurred.

The FBI wants providers to be able to unlock data because that can be done without the notification to users that there is an investigation about them (which serves multiple purposes).

>There has been no definitive nationwide court case which has settled the issue.

You're right, there has been no supreme court case. Which is why I did not make a definitive statement. However, recent cases support 5th amendment protection more often than not.

[0]http://www.washingtonpost.com/news/volokh-conspiracy/wp-cont...

Are there any cases where the 5th amendment did not serve as protection where the forgone conclusion doctrine was not applied?

I thought the law was that you can be compelled to decrypt a document in your possession, provided that the fact that you are capable of doing so has been established (i.e. only when admitting that you are capable of decrypting something is sufficient to establish guilt do you have 5th amendment protection). Just as you can be compelled (under warrant) to open a safe for a search.
The old ways of controlling people are going to need an update. Once upon a time violence was a sufficient tool to inhibit or dissuade criminal activity. The new paradigm is that you cannot use violence and your knowledge of criminal activity to dissuade actions, instead one must remove the desire to perform them in the first place.

IMO this looks like: - Stop bombing/attacking/interfering in Islamic nations. - End the most grievous forms of poverty world (such as lack of opportunity) such that increasing numbers of people have nothing or little to gain by being criminal - Stop utilizing violence as a protected means, only allowed by some (ie the government). By universally outlawing violence, it becomes morally clear that no amount is valid.

How does one outlaw violence?
(comment deleted)
That, of course was the whole thrust of the comment. That removing the incentive to use violence is the most effect means to lessen / discontinue its use. Conversely there situations which basically leave little other choice than the use of violence (extreme poverty or abuse for example). Therefore by removing the sources of those things, we can stem much use of violence.
This is one of the most naive comments I've read.
You'd think in a democracy freedom would take precedent over control. But nope.
I'm guessing he's never heard of the pidgin OTR plugin which puts encryption keys back in the hands of even the least technical.
There is a tendency - especially among highly-technical crowds like HN - to assume ignorance or stupidity whenever a topic like this comes up. This is dangerous. Hanlon's Razor is a good heuristic when all else is equal, which is absolutely not the case with these attacks against encryption. All else is not equal.

James Comey has been attacking crypto since the first crypto wars 15+ years ago. There is no way he is ignorant of how crypto works or how easily available it is. His rhetoric is an attack on the power that Silicon Valley has been acquiring, and tech companies better start treating as an attack. This latest push is trying to paint tech companies as "being unreasonable" in the public eye, so legislation can be pushed outlawing encryption wherever it is inconvenient (finance can always have an exception carved out). It need not be effective - it's just another tool that can be selectively enforced.

So where are the "full-page ads" and other media blitz form tech companies countering these attacks? Where are the counterattacks accusing Comey of trying to undermine American Businesses Interests? Well, far too many of those businesses use surveillance as a business model, and actual security would undermine their interests as well. I hope they like the future they are creating.

For everybody else, the time to start fighting against these political attacks was "yesterday". Better late than never?

Wish I could upvote your response twice.
I expect USGOV to lose the keys argument, but not without extracting vast sums from Congress for projects that promise to work around the obstacle of strong encryption. I'm also hearing less and less about cues missed that could have prevented the recent CA attack, and hearing more and more about the encryption debate. Good PR and understandable given the thankless and impossible task DHS/FBI has of getting it right every time. One right/freedom I wish we had in the US was that our leaders could be free to admit imperfection and mistakes without Congress and the Press piling on.
I'll paraphrase here... "Stop encrypting so that we can break the law by spying on our own citizens."
Chief of Police encourages businesses to remove all locks from their doors in case police forces need to enter the building in the instance of an emergency such as a break-in.

Furthermore, all business owners are encouraged to stop locking their cash and recipes in a safe, as this prevents police from ensuring none of it has been stolen.

There's a very important difference that we "people-in-the-know" forget every time this topic comes up:

- When doors are locked and police want to go inside, they can still break the lock or the door. It will only take some time.

- When a safe is locked, it doesn't prevent it from being opened. It will only take some time.

What the FBI ultimately wants is not necessarily ban encryption, or give them an additional key; what they really want is breakable encryption so they can decrypt the content. Much like a lock is not unbreakable but is defined in terms of security by how much efforts it takes to break it, and much like a KDF is defined to take a given amount of time, they want to have breakable encryption -- ie, encryption that only takes, let's say 1 M$ to break (the figure is just to have clear ideas).

Of course, as we all know, if it takes 1 M$ to break, everybody with 1 M$ can break it (not only the "good guys"). This is further exacerbated by the fact that it's online (contrary to a physical lock, for which you need the appropriate tools and physical access to the lock).

So the equivalent is not "Comey wants us to remove all locks", it is "Comey would like us to use locks that can't resist a 1 M$ attack". That is still undesirable (we've grown extremely accustomed to almost-infinity $-resistant crypto), and looks very much like a call back to exports-grade crypto. If the quality of a crypto cipher doesn't decline too fast, I think I'd be happy that LEO could decrypt the messages provided they have all the required legal provisions.

I am guessing you missed the snark, either intentionally or not.
Oh I perfectly understood the snark, but it's not exactly correct. It's like mocking something over a trait that is not correct; a straw man, if you will.
A joke should always be EXACTLY correct.. otherwise it creates opportunity for ill-humored pedantry.
(comment deleted)
While were are at that, let's ban whispering and in-person conversations altogether. I bet a lot of bad deeds and terrorism acts are planned using these methods.
So after "109 messages with an overseas terrorist" which they can't decrypt, they don't bother to place that suspect under immediate surveillance?

So we're supposed to believe that this happens every day, their systems detect it, but because they don't know the contents of the messages they're unable to do anything...

Sounds to me like they should be working on their meta-data collection.

I think they see opt-in encryption as an important filtering signal they can use to determine who to target. The assumption they work under seems to be that law-abiding people won't need to use encryption. Either way, this is pretty disgusting.