411 comments

[ 3.1 ms ] story [ 304 ms ] thread
> “[Technology can] empower individuals to do things they could have never dreamed of before, but also empower folks who are very dangerous to spread dangerous messages” President Barack Obama said today.

Behind every proposed restriction on speech is actually a fear of freedom of thought. As though there are some ideas or beliefs are so powerful, that mearly exposing an individual to those ideas can forever change their allegiance. It used to be communism and now it's terrorism. It's a very pessimistic and condescending view of the nature of humans that I personally don't believe to be true.

The "Snow Crash" theory of politics, if you will. ;)
In that vein, maybe politics is the snow crash.
There is also the mistaken belief that effective restriction of free thought is is possible through political/legal means. That strategy was ineffective against communism and remains ineffective today.
Yes, and as if a massive outrage cannot be planned and executed without using digital communication or perhaps using it but with pre-arranged 'innocuous' codes as a one-time pad.
Restriction of free thought has been extremely effective. Politically and economically the US is practically a monoculture. Encryption could only make it more so, through the chilling effect of forcing dissenters to think more than twice about what they communicate, who they communicate it with, and how they do it.

It makes mainstream dissent like Occupy very much harder - and that's not even thinking about how it would have influenced historical dissent like the Civil Rights or Anti-War Movements.

Commercially it also guarantees that the US has access to corporate secrets. If encryption is de facto illegal, how do you communicate commercially sensitive information?

The target is not so much thought as it is coordination.

Everybody may have dissident thoughts all day long. They're absolutely harmless as long as they can't coordinate.

The danger in that however is subtly disarming other rights.

Say it's 1960 instead of 2016, but digital technology has taken off 60 years sooner. The NAACP youth council coordinates over Facebook and e-mail lists instead, and the civil rights movement is under government scrutiny because of potential terrorist links. The Greensboro Four, Joseph McNei, Franklin McCain, Ezell Black Jr. and David Richmond are planning their sit in over Whatsapp, which an algorithm picks up. Someone at the NSA, sympathising with segregation, passes this on to someone in local law enforcement through non-official channels. Before the four even get to the Woolworth, they are detained by a police officer in a "routine" traffic stop. The sit in never happens for national security reasons.

The right to coordinate seems absolutely essential to the right to congregate. I do think that the civil rights movement is a good example of how righting an injustice could be stifled by preventing people coordinating. Other historical what-ifs like the labor movements, the salt march, or concrete examples like the various secret polices of communist dictatorships spring to mind too. You could have dissident thoughts all day long in east Berlin as well, as long as noone heard them.

In other words, it's not just this "one time" for this one "bad guy." The government wants a skeleton key. President Obama just said as much.

Crypto War II has begun.

His history (NSA and Snowden spring to mind) does not give me faith in governmental restraint.
Also targeting political enemies using the IRS.
(comment deleted)
I think he just needs to learn more about encryption.

It's not that nerds are being absolutists. It's that the technology is absolute, and nerds understand the technology.

I also predict that once he is out of office he will reverse himself on this issue.

I agree that he will reverse himself when out of office.

So many people speak the truth after they get out of office - that should tell us something.

I will bet you (or snowwrestler, or both with some share to each) $1,000 that Obama will make no statements reversing himself on this position within 5 years of him leaving office (Jan 20, 2022).

To be clear his position here isn't about the value of encryption in all cases. But the specific case of whether law enforcement should be able to access the data on a phone that they have physical possession of.

> To be clear his position here isn't about the value of encryption in all cases. But the specific case of whether law enforcement should be able to access the data on a phone that they have physical possession of.

These are the same thing; that's what makes encryption policy so hard. If you punch a hole in encryption for law enforcement, the hole is there for everyone.

Everybody currently or formerly in a senior position at the federal level believes that law enforcement should be able to access information on a seized phone. That's not controversial.

But at what cost? Shall we sacrifice the safety and security of everyone to meet this need for law enforcement? That's a harder question, and quite a few federal leaders have reversed themselves on it after leaving office (and a few in office).

So, I reject your bet because it relies on a false separation between what people like the President want, and what it costs to get that.

Yes, I think it's easy to be cynical about politicians or think they're ultra smart about everything, that there's always some kind of master plan behind everything.

It's much more likely that they truly do not understand the nature of encryption. They lack the expertise, and their top level advisors do as well. It's not complicated (strong encryption is super easy, regardless of laws), but they just can't accept the simple fact because it clashes with their political desires.

They lack the expertise, and their top level advisors do as well.

I wonder how often those advisers are chosen based on being yes-men rather than for being actual experts in the/a subject area.

Presidents too are essentially chosen that way
Does he mean you can't have an absolutist view of the 4th Amendment?
The 4th amendment is by its very nature a compromise between safety and privacy. Otherwise it would say people had a right to be free from search and seizure, not "unreasonable search and seizure." And it wouldn't say anything about warrants.
I am disappointed that he doesn't come out pro-encryption.

USA companies will end up losing business to foreign companies and organized crime (I include terrorists when I talk about organized crime) will have an easier time wounding both citizens and businesses via cyber attacks.

The funny thing is, one year ago he almost was. He spoke with President Xi in China about legislation Beijing was considering that would similarly handcuff tech companies [1]. He criticized Xi for this and pointed out that it would damage their economy.

I don't understand whether he continues to hold that view or not. Perhaps he does think it will hurt our economy but is worth the cost. Perhaps he thinks it is better for our security too. Of course he is wrong. I am so baffled that nobody has been able to explain this to him in a manner similar to the understanding Lindsey Graham was able to achieve.

Shouldn't the President have access to the best minds in technology? It's not as if any of us would refuse his phone call. Note I don't claim to be a best mind but I think I can talk through the issue to present understanding of the full tech side of the picture to a layperson, and at the same time be respectful of the challenges faced by the DOJ when trying to give justice to victims and security to the public. I think all of you on HN can, too.

[1] http://www.reuters.com/article/us-usa-obama-china-idUSKBN0LY...

Seems like that is picking and choosing a bit. If you read more about what he said it looks to be a bit less one sided or at least a little less worrying? http://techcrunch.com/2016/03/11/obama-says-we-dont-want-gov...

"I am way on the civil liberties side of this thing…I anguish a lot over the decisions we make in terms of how we keep this country safe, and I am not interested in overdrawing the values that have made us an exceptional and great nation simply for expediency. But the dangers are real."

Denial of reality and outright lies are alarming.

> "My conclusion so far is that you cannot take an absolutist view on this," he said. "So if your bargain is strong encryption, no matter what, that we can and should in fact create 'black boxes,' then that I think does not strike the kind of balance that we have lived with for 200, 300 years, and it's fetishizing our phones above every other value. And that can't be the right answer."

http://www.wired.com/2012/11/ff-the-manuscript/

> For more than 260 years, the contents of that page—and the details of this ritual—remained a secret. They were hidden in a coded manuscript, one of thousands produced by secret societies in the 18th and 19th centuries. At the peak of their power, these clandestine organizations, most notably the Freemasons, had hundreds of thousands of adherents, from colonial New York to imperial St. Petersburg. Dismissed today as fodder for conspiracy theorists and History Channel specials, they once served an important purpose: Their lodges were safe houses where freethinkers could explore everything from the laws of physics to the rights of man to the nature of God, all hidden from the oppressive, authoritarian eyes of church and state. But largely because they were so secretive, little is known about most of these organizations. Membership in all but the biggest died out over a century ago, and many of their encrypted texts have remained uncracked, dismissed by historians as impenetrable novelties.

Encryption was in the hands of people outside the government since before the US came into existence.

> it looks to be a bit less one sided

Yeah, it looks that way but where is the substance?

Why doesn't he openly discuss the pros and cons of both sides to finally reach a conclusion?

"But the dangers are real." is not a rational balancing of reasons. It is just a paranoid statement.

> "My conclusion so far is that you cannot take an absolutist view on this," he said. "So if your bargain is strong encryption, no matter what, that we can and should in fact create 'black boxes,' then that I think does not strike the kind of balance that we have lived with for 200, 300 years, and it's fetishizing our phones above every other value. And that can't be the right answer."

http://www.wired.com/2012/11/ff-the-manuscript/

> For more than 260 years, the contents of that page—and the details of this ritual—remained a secret. They were hidden in a coded manuscript, one of thousands produced by secret societies in the 18th and 19th centuries. At the peak of their power, these clandestine organizations, most notably the Freemasons, had hundreds of thousands of adherents, from colonial New York to imperial St. Petersburg. Dismissed today as fodder for conspiracy theorists and History Channel specials, they once served an important purpose: Their lodges were safe houses where freethinkers could explore everything from the laws of physics to the rights of man to the nature of God, all hidden from the oppressive, authoritarian eyes of church and state. But largely because they were so secretive, little is known about most of these organizations. Membership in all but the biggest died out over a century ago, and many of their encrypted texts have remained uncracked, dismissed by historians as impenetrable novelties.

Obama's claim should not be taken as anything other than a blatant lie he knows the majority of people are too ignorant to notice.

You seem to be making the bad-faith assumption that Obama is familiar enough with the history of strong encryption or Freemasonry that he'd know about the situation you describe.

Don't ascribe to malice, etc. (though of course when talking of the leader of a superpower, the ill effects of malice and ignorance may be indistinguishable enough to render the difference meaningless).

> (though of course when talking of the leader of a superpower, the ill effects of malice and ignorance may be indistinguishable enough to render the difference meaningless).

I was going to argue you with you until you added this. ;)

Malice and ignorance for someone in his position are identical in my world view. The man has a budget to hire the most intelligent people in the country to advise him.

Ignorance and/or incompetence in public interviews should be beyond the realm of a reasonable result.

That said, I realize not everyone feels that way.

I'm not surprised... He's been a disappointment from a civil liberties perspective.
Exactly. I know there's a whole bunch of love for how great a president Obama has been but looking at what the Obama administration has done, as you say, a civil liberties standpoint has been an absolute disappointment.

He flip-flopped on a number of issues almost immediately after entering office and has continue highly questionable programs like drone strikes.

What he's asking for in the article is the same old trope of backdoor crypto just worded differently. When are they going to get that NOBUS does not work?

He's been a disappointment from most progressive perspectives. Promised hope and change, and once elected promptly filled his cabinet with war hawks and wall street reps. Anyone who loves him should vote Hillary... she'll be exactly the same. Only difference being that Obama is a better lier.. when Hillary promises hope and change, her "fakeness" is obvious.
I find his attack on CryptoCurrency largely terrifying as well "If government can't access phones, 'everybody is walking around with a Swiss Bank account in their pocket'"

God forbid we lived in a world where people had privacy and THEIR own money?

Are you an anarchist? Because a Swiss Bank account is associated with circumventing taxes and money laundering, which I think is what he was getting at when he made the reference; not that you can't have your own money. If there is no effective way to tax or enforce that taxation then no Government could exist.
Prior to prohibition 1.0 where Congress banned alcohol sales in the country the US Federal government derived it's tax revenue from the sale of alcohol. The prohibitionists got Congress to enact an income tax to bring about the end of alcohol. It didn't quite work out well though, neither has prohibition 2.0 (our era).
I've seen this argument against crypto currencies before and I alway found it bizarre. Do you honestly believe that the government's ability to tax you is predicated on it's ability to see how much money you have in your bank account and the ability to take that money? Taxes existed long before electronic records of money.
One of the first income tax evasion prosecutions, follow the passing of the 16th amendment (making income tax permanent), relied almost entirely on bank deposit records. Centralized reporting requirements are pretty important to the IRS. I couldn't find the specific case, but this paper [0] covers the topic pretty thoroughly. If you are incredibly bored and end up reading it, you'll notice that in their investigations the IRS commonly skips a lot of things that would be labor intensive (like finding property held under a different name), and sticks to the prewrapped financial records from the banks.

So yeah, taxes existed before the internet - they used paper deposit slips.

[0] http://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?artic...

It started as an argument about terrorists (very few and rare) and now it comes out that it's about money and taxes (all US citizens) - thanks Obama!
There are other things that can be taxed that can't be stored on an iphone, like real estate.
Obama: "Look, just because we've abused every other piece of technology we have access to, doesn't mean we'll abuse this one too. Sure, our law enforcement officers aren't above straight up murdering people they don't like and trying to cover it up, but I'm sure they'll be much more respectful towards your phone. Now, if you don't break your own encryption, just wait a bit and Congress will do it for you."
He very often applies this tactic of trying to make the other side seem unreasonable.

This is the most important issue of our generation. You cannot have it both ways Mr. President. There is no middle ground. You either support the right to privacy or you do not. There are only two options and you have to pick one.

You could've said the same thing in 1789. Either you support the right of privacy (let police enter into peoples' homes without their consent) or you don't. Those are the only two options. No reasonable middle ground to be had in-between.
I think the argument here isn't that the government never has a right to access your private information with a warrant (or maybe it is and I'm misreading).

The argument is that if you support the right to keep your document private from everything except legitimate government access, you can't insist that manufacturers build in back doors to allow government access. There just isn't a technologically feasible way to build a backdoor that only government agencies with warrants can use.

Please consider signing the apple-privacy-petition if you are an American: https://petitions.whitehouse.gov/petition/apple-privacy-peti...
I'm sorry, but I absolutely have no faith in this petition site anymore...willing to change my mind given sufficient data but given history, it seems like window dressing.
Yes. Discuss the issue online. Make Facebook posts and YouTube videos. Talk about it with your friends.

CALL your representatives to let them know how you feel and why. Email them. It works, they do listen. There are bills being proposed in NY and CA that would force companies to insert back doors or face a penalty. The issue is now political at the highest level, and our President is spreading the misinformed view of fear, uncertainty and doubt. Given Trump's campaign success, we should all be very afraid at the effectiveness of this uninformed stance.

Signed and shared. Regardless of its efficacy, at least 100,000 people will declare their opposition.
Maybe he just wants people to feel how he felt when Hillary had her infamous "kitchen sink" strategy moment.
The problem here is encryption itself. You can't put the genie back in the bottle. I'm inclined to agree with him on the fact we need a compromise, before like he said something bad happens and a rushed solution is implemented that isn't optimal for either side.

However, I can't think of any of the government's proposed solutions as working. Someone who wants the security offered by encryption will just use a truly secure system, even if it means they buy the device or software on illegally or from a foreign country.

Where this is demand for true privacy, there will always be supply.

I don't see how any "compromise" can be anything but lose-lose.

Say you get Apple to agree to allow law-enforcement to have another data decryption key loaded onto every device that is protected by a device specific key that Apple will provide to law enforcement on request. In theory this sounds ok.

Until you realise that anyone intent on any ACTUAL wrong doing is going to also use their own software encryption to protect anything worth protecting.

All you have done now is reduced the protection of the average law abiding citizen by creating a possible attack vector (no matter how tanky Apple HQ security may be) and not at all enabled law enforcement to attack actual high value targets.

You could argue that high value targets are not the actual targets here.. but then why bother? Do you really need access to someones phone to prove they stole a car? Or shot up a bunch of people? No, good old fashioned police work is good enough for that. The only time I see the need for easy access to someones phone is criminal conspiracy and in that case it's highly unlikely they are going to be just relying on the devices full disk encryption.

The entire argument from law enforcement on this issue is a complete joke so far, they need to get with the times and retool for the threats of today.

The underwear drawer analogy highlights the schism here. On one hand, for people who don't think of their phone as "an extension of their brain" (to use a phrase I've seen here), it's puzzling to think we'd be on board with letting police search our most intimate places with a warrant, but not our phones. To those convinced that there is no way to allow reasonable access to law enforcement without allowing unlimited access to hackers, that position doesn't make sense.
My brain is not my underwear drawer. Sure, I'm going to be upset with you rummaging through my underwear drawer but there is a very good reason why regarding a phone as an "extension of the brain" should afford it much greater protection. Possibly even ultimate protection, that is in-accessible regardless of warrant.
My point is that if you see a phone just as a gadget, like I imagine Obama does, it is hard to see why it should get more protection than something really intimate like the inside of someone's house. That's the heart of why the two sides view this issue so differently.

Personally, I don't consider my phone any more private than my desk drawer. I don't put anything on my phone that I wouldn't write down on a piece of paper. I know some do, and they're entitled to their view, but I find Obama's underwear analogy pretty convincing because I think of a phone just as a gadget.

I'm sure you already know this argument, but it bears re-mentioning. It's not the things you directly store on your phone -- it's everything else. Your phone tracks where you go, what opinions you post about various things and when, the people you communicate with, your money, and your correspondence. Apple is making the case that your phone could basically turn into a traveling wiretap, listening to everything you say. I even saw a recent article that said folks are looking into using your phone to track when you have sex. The iPhone health app, if used, is about as personal as I could imagine anything being.

None of that bears on what sorts of extremely personal information you may or may not voluntarily choose to additionally put on your phone. In the aggregate, however, it's about as intimate as you can get.

I understand the "I don't put anything personal on my phone" statement. I feel the same way. But that doesn't mean that there aren't extremely personal and sensitive pieces of information on there -- information I would not want to be sharing with others without my consent.

The scale of this is the problem. A government mandated back door sets up a single point of failure for every phone in the world.

My other worry is that strong encryption already creates a black box. Obama is against the existence of black boxes, so the next logical step after government mandated back doors for phones is requiring that you share any encryption keys with the government.

But that's not the argument, and framing it as such is incredibly disingenuous on the part of Obama.

People aren't arguing whether government should have the right to search your phone. They have that right. I support them having that right (when under a lawful order).

The argument is whether manufacturers should be forced to weaken the security of their devices so that law enforcement can break in. In this, there is no difference between the physical and digital realms: we don't require safe manufacturers to build in government skeleton keys either.

Of course he will. If they didn't have his backing, they would not be putting up such a fight.
Here we go. I knew this sentiment had to be held at the highest level. Otherwise, the attorney general would not have pursued this case with such vigor.

Fortunately a few smart senators have gotten their heads around the issue already. Lindsey Graham changed his mind [1] and Mike Lee made great points too [2] in an oversight hearing this week. Dianne Feinstein is of course still clueless [3]

On balance, putting backdoors on encrypted devices is not the right way to maintain security. For Obama's understanding, I'll concede one circumstance under which I feel we ought to help unlock an iPhone.

In the incredibly movie-like scenario where the location of a nuclear weapon is hidden on an encrypted iPhone, then we should sick all our computers on decrypting that phone. I believe this is already done by the NSA program, Bullrun, revealed by Snowden.

[1] https://www.youtube.com/watch?v=uk4hYAwCdhU

[2] https://www.youtube.com/watch?v=XOZLEhTlr6E

[3] http://www.c-span.org/video/?406201-1/attorney-general-loret... (seek to 51:00)

It is fallacious to believe that because publicly available technology is being effectively used by terrorists and criminals, removing legal access to this technology will make terrorists and criminals ineffective.

Indeed, it may merely create an additional category of criminals (analogous to drug traffickers) whose product is the provision of effective communication channels.

This. Except the capital investment and distribution channels for strong crypto approach zero. So the fight would be infinitely harder. Thus, this is a wrong path.
Except let's consider that what's playing out now with Apple is not of this matter at all. What's playing out with Apple is a company with the means and capability to assist in a specific matter, refusing to do so on purely ideological grounds of questionable relevancy in a case where complying is pretty unquestionably the right thing to do.

That's an absolutist position. It is a refusal to consider context, and has needlessly signaled an escalation to government.

If you want to consider context, be sure to look at more of it. The subjects in question are dead, and cannot further harm anyone. The phone was set to upload information to icloud, and all such information has already been given to the authorities. There is nothing more to be gained from unlocking this phone, except a legal precedent.

Considering the context, this is a power play by the FBI, trying to apply an irrelevant law to further weaken privacy.

The phone in question had it's iCloud password reset by someone. It has not uploaded it's contents to iCloud, which is why this is happening.

And so again, context: we're not arguing about whether getting the data is right, we're having some bizarre proxy argument mediated via all-writs which is being framed as an encryption battle, when it is at best a battle over how much compensation Apple should receive for it's work.

> reset by someone

It's odd that you leave out that it was the county that reset that password, "at the FBI's request"[1].

> context

Why are you leaving out the last 20+ years of context? The FBI has been pushing for encryption backdoors for a long time. Even just last year Director Comey was insisting that they needed a "golden key" (aka backdoor) to encryption.

Yes, you're seeing a proxy argument at the moment, but it's by the FBI and anybody else who claims this has anything at all to do with the dead shooter in San Bernardino instead of the multi-decade fight over We The People using encryption.

[1] https://twitter.com/CountyWire/status/700887823482630144

Actually I didn't know about [1], since news articles were only covering "by someone" up till recently. It was just "a county employee".

But let's unpack then the argument being had: "oh the FBI could've just asked the cloud provider for data". What precisely, is the functional difference here, if we exclude the actual effort required to implement what is being asked for?

Encryption and the use thereof, is not the argument being had. It's whether it's right to grant access to the data at all, which Apple is claiming it isn't. Which is also patently absurd, especially in this case as it pertains to (1) a criminal matter, (2) a deceased person (who does not have a right to privacy) and (3) a phone owned by someone else (the county) who has okayed accessing it.

Apple is taking an absolutist position, and so are most of their supporters. If this were an apartment, no one would be asking questions. If it were a lockbox, the bank would've cut it open. But because this is a digital device, for some reason, everyone suddenly insists its "totally different" and that the FBI clearly "doesn't understand technology". Except for the pesky detail that the very specific help asked for pretty much only hinges on if it's undue burden to Apple or if compensation should be involved, because it's absolutely possible to do, but additionally this part of the court order (http://www.ndaa.org/pdf/SB-Shooter-Order-Compelling-Apple-As..., page 4, item 4):

If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.

Apple is free to do pretty much anything which would comply with the goal of accessing the device, provided it does actually access it. Until such a point as they propose something reasonable and the government rejects it, once again, the only defense they are actually using is "digital devices are magically different". Because no part of this order somehow rides its away automatically into "ban encryption". But boy have they (Apple) done a good job ensuring that's getting put back on the legislative agenda.

> I didn't know about

In that case, you might want to do more reading on the topic.

> What precisely, is the functional difference here

See the numerous other threads, as this has been explained many times.

> [many words restating the FBI's misleading framing of their order to Apple]

The FBI wants a backdoor into any crypto that gets in their way. To deny this is to deny not only the past 20 years rhetoric from the FBI and their current actions involving this case and the other phones they also want to unlock. If you think that such a backdoor can exist without breaking encryption, then you haven't been paying attention to how fast exploits spread.

Let me guess - you think that this is isolated to ONE phone? That the FBI isn't going to turn around and use this same order on every other phone in the future? Or are you calling Susan Landau a liar[1] and insisting that Apple can somehow keep a backdoor secret while maintaining a daily service to use that backdoor?

You seem to be going out of your way to try to blame Apple, while ignoring both the technical context and the FBI's actions and motives.

[1] https://www.youtube.com/watch?v=g1GgnbN9oNw#t=12944

(comment deleted)
Are you saying that Apple should unquestionably comply? Well, I don't think so, because I don't think there is convincing argument that the phone contains information to help the FBI in any way. This is an excellent excellent example of the FBI going father than anything reasonable, rebuffed by smart citizen holding their ground. While I might accept other opinions, it is therefore far from "unquestionable".
A man committed a mass murder, is dead, and the legal owners of the phone have okayed a search of it. If this were an apartment, a lockbox, or apparently even just his iCloud account, we would only need 2 of those to be fulfilled.

Since people keep complaining that they "totally should just get it from iCloud" it seems pretty obvious no one is actually not okay with the concept of a search.

One thing I love about watching the 2016 Crypto Wars: pro-encryption people using all of the pro-gun arguments. Here are my favorites:

1. Criminals will still use encryption / get guns. Only lawful people will be harmed.

2. Compromises will just lead to defeat for the pro-encryption / pro-gun side.

3. If we want to stand up for all of our other civil rights, we need the right to encrypt / bear arms.

4. Consequentialism: the number of people being harmed by encryption/guns is smaller than the number of people who would be harmed by living in a world without encryption/guns.

Personally, I think these are all solid arguments that work for both guns and encryption, but I'm generally more libertarian than many in the SF tech scene.

You're right to point out the similarities, but when you drag guns into this issue you lose some supporters.

It unnecessarily complicates the issue, even though I agree with you on the similarities. People will just find more ways to disagree on encryption and they won't have learned anything more about computer technology.

The obverse is also true - there are many in the firearms community that oppose access to effective encryption.
It's probably because they're arguments over a tool that's morally neutral.
They become pretty weak for encryption except #1. Moreover, there are real arguments for the inherit danger in owning a gun, statistically. It's a fact that you're more likely to commit suicide or someone gets killed because you own a gun.

You can't say the same about encryption because it's a tool, not a weapon. A gun is a weapon meant to kill.

> 2. Compromises will just lead to defeat for the pro-encryption / pro-gun side.

A compromise in encryption hurts everybody. The whole platform for electronic banking needs strong encryption, for example.

> Consequentialism: the number of people being harmed by encryption/guns is smaller than the number of people who would be harmed by living in a world without encryption/guns.

If you own a gun you are statistically more likely to get shot or killed.

If you use encryption, you are more likely to lose your own data.

It's much easier to blow away a LUKS header than an entire disk.

Prudent folk put their LUKS volumes on RAID10 arrays.

And they keep header backups.

> If you own a gun you are statistically more likely to get shot or killed.

Or is it that if you have reason to believe you might get shot or killed, you are more likely to buy a gun?

I don't have an account, but I just made one because I'm genuinely curious about whether you have a good source for this claim. The usual study referenced for this is deeply flawed; if I remember correctly it examines people who were shot and checks whether they owned a gun. Of course that study is completely invalid because of the selection bias involved. P(X owns a gun | X gets shot) is not the same as P(X gets shot | X owns a gun).

There is also data showing for example that "the higher a state's firearm ownership rate, the lower its firearm homicide rate" – see https://www.facebook.com/UnbiasedAmerica/photos/a.1301843271..., based on FBI data.

While agreeing with you that there are some statistically terrible high profile studies (such as failure to control for cases where the subject acquired a gun explicitly because they thought someone was planning to shoot them), I think it is still true that owning a gun causally increases your likelihood of being shot.

The biggest reason is suicide. If you don't own a gun, you are much less likely to intentionally shoot yourself. The second reason is accidental shootings. If there is no gun in your house, there is practically no chance that you will accidentally shoot yourself, or that your toddler will accidentally shoot you.

Of course, the question that's really being asked is whether an individual is at greater risk of being shot intentionally by someone else if they own a gun or not. This is where the data is much thinner. This seems like a solid review article: http://www.iansa.org/system/files/Risks%20and%20Benefits%20o...

Their conclusion at the bottom of page 4 and top of page 5 is even after "controlling for illicit drug use, fights, arrests, living alone, and whether or not the home was rented", that "Yes, owning a gun increases your risk of death by gunshot". Still, I'd be interested in seeing a study that breaks apart statistics for hand guns and long guns.

(Welcome to HN!)

It's about rights, not risk factors!

In case you didn't realize it, you're arguing for paternalistic authoritarianism.

I largely agree with you as far as rhetoric goes, but I think there are practical details of guns & encryption that matter in practice. First, guns are physical things where encryption is (largely) ideas. Second, the 'protection' offered by the two technologies differs. Guns offer a dis-incentive to mistreat the user, but do not directly restrict behavior when at rest. On the other hand, encryption prevents access even if the user is un-aware, but does not offer any method of 'active' defense (i.e. shooting at an aggressor).
Devil's advocate. Brandishing a firearm i.e. displaying but not drawing it could be considered an 'inactive' defense. Knowing someone owns an iPhone might dissuade one from attempting theft.
Brandishing a firearm is a crime.
It's also stupid. People who brandish firearms often get shot with them.
This is an extremely poor analogy. Displaying a weapon is absolutely not a defense. Firearms should never be used to threaten in this manner.
Even so, you cannot brandish a weapon at someone you don't know about, while encryption doesn't care.
> First, guns are physical things where encryption is (largely) ideas.

I don't see what this means for the topic at hand.

> Second, the 'protection' offered by the two technologies differs. Guns offer a dis-incentive to mistreat the user, but do not directly restrict behavior when at rest.

Same here. What's the significance? Would auto-firing guns be better?

On a practical level, it's more difficult to interdict and regulate non-physical things. There is a potential future where 3d printers are good enough and universal enough that guns are knowlege too - but that's not the situation today. How easy a thing is to regulate matters enormously to how actively you want to pursue it.

The difference is that guns require the user to engage others with the gun to be effective. This is how people pull guns on the police who are breaking into their houses and get shot, this is how people hurt themselves while practicing with their guns, etc. Even if everyone has the best of intentions, there is still potential for injury or death. Good intentions are not enough, perfect use of guns is also necessary.

Poor use of encryption, on the other hand, has the opposite effect. Poorly encrypted documents are simply insecure - bad but not injurious. On the other hand, correctly encrypted documents are simply in-accessible. While guns are objects that are fundamentally about affecting other things ("If you do X, I will shoot you"), encryption is fundamentally about affecting the thing that's encrypted.

I suppose I meant that the stakes are lower with encryption. If someone gets encryption and doesn't know how to use it, they simply incorrectly encrypt their stuff. If someone gets a gun and doesn't know how to use it, they may hurt themselves or others. incorrectly encrypted documents may hurt people, but it's not inherent to the encryption.

> Poorly encrypted documents are simply insecure - bad but not injurious.

Recipients of the numerous large scale security exploits we have had may state the "harm" in stronger terms than you did.

The only difference is that more people use encryption then guns.

And what affects me is most important, morals be damned. /s

Majority oppression is very effective. And that's why I think this will turn out differently than guns. My prediction: you won't have to register encryption keys, or keep it disabled, or pay the state some ridiculous amount for a permit that they illegally stonewall, or be prevented from using any encryption made after 1986.

Yeah, there's also the fact that you can't use a digital private key as a physical murder weapon in quite the same way.
You can use encryption to perpetrate terrible crimes.

That's the whole reason politicians talk about controlling it, e.g. with France.

And queue the arguments: it's just a tool, it's inevitable, etc.

---

Now that I think more about it, one difference is that a gun is more useful for survival, hunting, etc. A more "basic" need in a sense.

Replace "encryption" with any of cars, knives, food, rat poison, drain cleaner, plastic wrap, dogs, lasers, urine, syringes, air, water, concrete, VCRs ... to see why this is an inconsequential point.
Yeah I agree, I just think there's something a bit more visceral about shooting someone with a gun (or using any other physical weapon that shoots or cuts or stabs) rather than using encryption to set up a scenario that would cause harm in some way indirectly from the perpetrator.

I would think this is why there are those restrictions on guns that seem pretty weird when you talk about applying the same rules to encryption.

visceral

"relating to deep inward feelings rather than to the intellect"

Yeah, you hit it. Feelings > intellect

What do you think would happen if someone planted cryptolocker-inspired malware on a planes avionics suite and denies it's use to the flight crew? Especially one of the newer models which are exclusively fly-by-wire?
Ridiculous hypotheticals neither enlighten nor inform this discussion.
Why is that a ridiculous hypothetical, but "omg they'll decrypt everyone's phones" isn't?
Because one comes from Hollywood-style make believe, and the other comes straight from the government's spokespeople?
It's happened to power plants and hospitals. You might want to recalibrate your idea of what is realistic and what is hyperbolic.
Cryptolocker attacks have very little to do ideologically with encryption; it's a side show to the main event, the fact that networks are vulnerable to infiltration. Those attacks could happen with or without encryption in the malware, but could be reduced in frequency and severity by using strong systems with strong encryption on the victims' side.

The airplane bit is where the scenario goes completely off the rails wrt encryption's involvement, but again, using encryption and strong security on the airplane's systems would reduce or eliminate the risk.

Even in that ridiculous hypothetical, the encryption isn't doing anything, the malware couldn't simply delete the data.
Boeing would get extra million dollars in support contracts.
The really interesting thing about point 1 is that with encryption, there's really extremely little personal risk to being unlawful when it comes to encryption. That's why this is a losing game of chess for them. Encryption is just math, and you don't need anybody's permission to do math. You can take a system that the government has mandated be broken and you can do good encryption inside that system by layering it. And good people who simply want to be safe will do this. And so will terrorists. Outlaw good encryption and a whole sub-industry of deniable encryption tools will emerge. And they will have achieved nothing except that our companies won't be allowed to officially support strong encryption, so they'll be disadvantaged in the marketplace. It's a really backwards move.
If your hardware contains unflashable firmware with a back door to direct memory access, then there is no encryption you can trust to perform on the device itself. For example, your baseband processor in your mobile phone which is a binary blob, protected/signed so not to violate FCC regulations and disrupt networks.

Such firmware can be mandated from manufacturers without outlawing encryption directly but making it useless nevertheless.

The ability for any software to reliably recognize whether an encryption algorithm is being performed or not is not possible (not computable). It can always be hidden.
you don't need to detect encryption. with full memory access, you just take the plaintext.
My point is that you don't have to do the encryption on the device. You can send/store encrypted data via compromised devices and channels.
Yes. And you can obfuscate it. You can even encode it using packet timing, which is very hard to detect. It's also very inefficient, on the order of 1%, but that's enough for text over HD video. See True Names by Vernor Vinge.
You can't trust the device - it's compromised. So even if you use encryption with that compromised device the plain text still leaks.
Not if the encrypted text was created on a trusted device.

Consider that, as it is now, encrypted data on the Internet traverses numerous untrusted devices.

For an extreme example, see https://github.com/maqp/tfc-otp

> Consider that, as it is now, encrypted data on the Internet traverses numerous untrusted devices

And those untrusted devices leak considerable amounts of that data! You know that it doesn't matter how good the encryption is if one of the computers in the chain is full of malware.

I genuinely don't understand the point you're making, especially in reference to this parent: https://news.ycombinator.com/item?id=11271745

For your OTP example: I know what the cipher text is. I slurped that. I don't know what the key is, or the plain text is, until you decrypt it, at which point I know both because I have access to your memory because your computer is compromised.

My point is that compartmentalization allows secure communication through untrusted devices. It won't be convenient, but it's doable. There is no "computer". There are local networks of suitably isolated devices.

The device that decrypts can't send anything to the Internet, because it's behind receive-only optoisolators. The device that encrypts can't receive anything from the Internet, because it's behind send-only optoisolators. All intervening information processing may occur in your head. Or there may be other devices that are totally air-gapped, with all data transfer through single use flash storage. If you're using entirely untrusted devices, you move all crypto to such air-gapped devices.

It does help if these devices can be trusted, but that's not essential. You could, for example, do encryption manually with one-time pads. Or use that thing with decks of cards.

Maybe you claim that no trustable devices will be available. But that's unlikely. Consider how easy it is to obtain Afghani heroin in NYC. Also, if I were targeted by American adversaries, I could arguably trust devices backdoored by the Russians, or the North Koreans, etc. And vice versa.

Well, then you get proper hardware.
(comment deleted)
Where are you sourcing those "proper" cell phone radios which don't contain secret binary blobs? I want one too.
You nuke the radio, and use a standalone cell modem. The cell modem may be compromised, but it can't touch the device that's handling encryption.
Speaking of which, where is the flip phone with integrated 4G modem and wifi that can be used as a hotspot?
Why doesn't a cheapest Android smartphone with a 3G modem (say Alcatel 4009D) fit?

Because it's not 4G? Well, here's the real tradeoff: security, comfort, cheapness. Pick two.

Mostly because I believe the device can be more cheaply made if it does not have to run a full-featured OS such as Android. No browser, no color screen, just like my old Nokia candy bar phone; no GPU at all would be required.
> Such firmware can be mandated from manufacturers without outlawing encryption directly but making it useless nevertheless.

So the obvious first response to this is that it doesn't actually work. Have you seen the security of these vendors? Apple takes it more seriously than most because they're using it to maintain control over the App Store and yet people still root iPhones. Mandate it by law on vendors who don't even want to do it and it will be completely broken in two days. And completely broken against not only the user. Let's not forget the situation with wifi routers -- "only the manufacturer can issue updates" quickly turns into "security updates are not available from anyone anymore" with the consequent catastrophic nightmare following directly.

But let's pretend we're uninformed pedestrians who don't know that for a minute. How is this idea not even more outrageous than banning encryption to begin with?

> uninformed pedestrians

Using "pedestrians" as a pejorative is something I've not seen in a while. What century is this?

it is politically more palpable and "sounds" less outrageous to the public than outlawing encryption. which means it is more likely to make it into law and get support.
That's an oversimplification. While it's true that criminals will still get encryption, there's no corresponding harm to innocents like there is with widespread gun ownership (domestic violence, fights that escalate into shootings, child accidents, adult accidents, etc.) It is not as "solid" an argument for guns as it is for encryption.
> ...there's no corresponding harm to innocents like there is with widespread gun ownership...

That is also an oversimplification. Have you considered the possibility that encryption can be used in commission of a non-victemless crime? Let me direct your attention to the state's now second favorite goto: child porn. Privacy advocates are as familiar with that justification as gunrights advocates are with the waving of bloody shirts following school shootings.

The difference is that it is for all practical purposes impossible to actually ban strong encryption, because it is a virtual good; it is a mathematical concept, implemented in a lot of widely available open source code. At most you can legislate that stock computing devices (such as smartphones) contain no such strong encryption without government backdoors, and you would be able to catch the low hanging fruit of the criminals depending on that technology.

But you cannot prevent someone from using strong encryption using third party applications. How will you force a backdoor into, say, gnupg or dm-crypt? Outlaw that software? Any criminal worth his salt will use tools that are not backdoored, completely negating the gimped government-approved stock software.

Guns are physical items that require physical ammunition. It is a completely different situation. This discussion and comparison is also very strange for someone from Europe, where owning a gun is rare and completely undesirable for the vast majority.

I don't mind taking the conversation in a different direction, but I just want to make it clear that nothing you said has anything to do with what I said.

> ...for all practical purposes impossible to actually ban strong encryption...

They learned their lesson after the first attempt to do so. Just jumble those words up a little and you'll see the current strategy: actually ban practical encryption. The state doesn't care about gnupg, or any other software that requires more than an hour's worth reading to safely use - because 99% of people won't. So they only have to target the stuff that is easy to use or on by default... unless they can depend on corporate cooperation (Apple up until recently, Microsoft, AT&T, etc).

> Guns are physical items that require physical ammunition. It is a completely different situation.

One can very easily manufacture a firearm using the same equipment that one would use to produce common consumer products like garden hose nozzles. The schematics are all available online. The state doesn't ban the means of production, they ban the stuff that makes it accessible to the common folk - like retail sale of firearms. You see where I'm going with this right? The state doesn't ban math, they ban the stuff that makes the math accessible to the common folk.

> ...where owning a gun is rare and completely undesirable for the vast majority...

lol, unlike encryption software? I'm not talking about the kind that lets you buy crap online that the state can easily circumvent, I'm talking about to kind of crypto that only terrorists, pedos and anarchists want to use... and that the state can't break.

The kind of encryption that we use to safely buy stuff on-line (such as TLS for securing our HTTP connections) and the kind that security-aware people use to secure data (which includes criminals and anarchists, but also activists living under repressive regimes, healthcare professionals, lawyers, software developers, etc.) is quite similar from a mathematical standpoint. The underlying algorithms (such as AES, SHA-2, RSA, etc.) and mathematical concepts are often the same.

There is no practical difference in the kind of crypto a criminal uses and the kind you would use to store your passwords and scans of important documents.

Again... there is very little material difference between a garden hose nozzle and a 1911 handgun, just as there is very little mathematical difference between the functions powering TLS and PGP. But one is completely centralized and offers practically zero protection from government lawyers and NSLs, and the other offers protection from even determined state level adversaries. Guess which one is widely deployed and which one had to be published in a book and shipped over seas in order to circumvent munition export restrictions.
>Guns are physical items that require physical ammunition. It is a completely different situation.

However that will likely change soon with the rise of general-purpose 3d printers.

Exactly, because obviously 3d printed objects are not, in fact, physical objects that require physical ammunition and that can be treated like any other physical object, right? Right?!
You know that the majority of stuff you see on CSI is total crap... There are three identifying marks on spent shell casings:

Fingerprints: easily avoided.

Production facility/year: not really useful for criminal investigations.

Toolmarks from firing pin and extractor: oversold television crap, toolmark analysis is quickly sinking to the same level of reputation as bitemark analysis in the real world.

None of that matters for anything that doesn't eject spent shells, but nobody would choose to print a more easily produced revolver, derringer, liberator, muzzle loader - right? Right?!

I don't know what you are arguing here. A gun is a physical item, as is ammunition. You can stop somebody, search them, and find out if they have a gun and/or ammunition. You cannot do any such thing with encryption, as it is not a physical entity. Whether your gun is a regular gun, 3d printed or made of candy cane does not change the fact that it is a physical item. I don't care where it comes from or how you built it, as a physical item, it still follows a very different logic than virtual entities.
Ah, given the context my mind went right to ammunition microstamping.

Encryption software and 3d printed guns are simply implementations of ideas, both physically interact with the world and both can be observed. ABS plastic stock is to blank hard drive as printed gun is to c:/pgp.exe.

How could 3D printers lower the cost of guns or ammunition?
You missed the point. Widespread gun ownership among non-criminals has side effects that harm innocents. Not the case with encryption.

You could argue it makes it easier for people to become criminals, but even that is a weak comparison. Guns are a lot harder to come by in the UK (for example) than encryption software would be in a more regulated world.

You hid the point pretty well then, because those who engage in "domestic violence" and "fights that escalate into _blank_" are certainly not "non-criminals". So that leaves only accidents:

Widespread $PHYSICALOBJECT ownership among non-criminals has side effects that harm innocents. Not the case with $VIRTUALOBJECT.

You know that regardless of what you use for $PHYSICALOBJECT or $VIRTUALOBJECT that statement will be true right? You also did not state exclusivity among non-criminals, is that because you know that is impossible? If that is the case then you've hidden the point very well.

Your #2 is not specifically a pro-gun argument. Compromise on the death penalty, from an anti-death penalty advocate, means there will still be a death penalty. Compromise on prohibition, from a prohibitionist, means there will still be alcohol for sale. Compromise on allowing abortions, from someone thinks that abortion is murder, means there will still be murders. Compromise on slavery, from an abolitionist, means there will still be slaves. Compromise on the Taft-Hartley law, by Communist union officers forced to take an oath that they were not Communists and anti-Communist politicians, means that one of them can't get what they want.

In all cases, someone who compromised will view the compromise as a defeat.

Therefore, you can't really say it's a pro-gun argument per se, but that both are examples of a wide class of arguments.

I feel that holds for the rest of your points - they hold for nearly every argument, and aren't specifically pro-gun or pro-encryption.

For an example of #3, the US Supreme Court in Roe v. Wade says abortions are legal due to a right of privacy. Those who want to restrict or eliminate abortions view it as a right to life of the unborn, and believe the Court was incorrect in making their decision. Both sides base their arguments in civil rights.

Also, I think the comparison of cryptography to guns is not a good one.

If you want to think of cryptography as a munition, then it's much more like armor than it is to a gun. Bulletproof vests are sometimes used when committing a crime. There are also some laws against them.

And in the US, bulletproof vests are not, I believe, covered under the Second Amendment.

There's little risk your kid will get his hands on your encryption and do something immature that is also lethal; similarly there's little domestic violence you can commit in a rage with encryption.

A lack of faith in the absolute rationality of people is my argument against guns, and I include my own rationality there.

My argument for encryption is that tech is increasingly an extension of our minds, and we need to keep our mind private. I'm for encryption to the same degree that I'm against government use of a hypothetical mind scanner.

It is breaking encryption that is violent; that's the "gun" here, and it's one I'm against.

However, your premise is that it is possible to do something about guns.

However, consider the war on drugs, billions spent, agencies created, military style task force, severe penalties including life in prison just for possession.

So if that didn't keep drugs out of the hands of bad people, why would changing some regulations keep guns out of peoples hands? I don't see any regulations that have ever been proposed that would make any difference and if we went all in as in the war on drugs, but war on guns, the war on drugs sets a precedent that it won't be successful.

I'm not interested in a gun debate (besides, gun regulation works fairly well almost everywhere in the world, but drug regulation doesn't). This topic, however, is about encryption.
> gun regulation works fairly well almost everywhere in the world, but drug regulation doesn't

Problem is most of the countries with gun regulation where it has any form of success are also countries who didn't have guns to begin with.

Trying to impose that on a country with TONS of guns just isn't realistic. You can't even draw parallels between the two because the societies are far too different.

Be careful with the implications of that rhetoric. Breaking encryption isn't "violent", and often it's legitimate security research.
Well, people have in fact considered breaking out the Second Amendment to defend encryption...

https://xkcd.com/504/

This doesn't sound as crazy as it might at first glance, once you remember that strong encryption used to be treated as munition, and in some ways still is.

There is plenty of weaponry that is restricted despite the second amendment. The US public gets pretty antsy when smallarms get restricted, but they don't say much when states start banning civilian-owned things like tanks, landmines, maces, or even brass knuckles.

Hell, the US even invaded Iraq for the official reason that 'Iraq had weapons you weren't supposed to have' (chemical weapons). Yes, Iraq is not subject to the US constitution, but the concept of 'some weapons are okay, others are not' is still there.

> There is plenty of weaponry that is restricted despite the second amendment. The US public gets pretty antsy when smallarms get restricted, but they don't say much when states start banning civilian-owned things like tanks, landmines, maces, or even brass knuckles.

Those laws are violations of any honest reading of the Second Amendment (with the possible exception of tanks, if one thinks that the Second Amendment protects only man-portable weapons).

#3: Ironically, the pro-gun people that argue this never actually use this supposed right. You hear that the second amendment is the protector of the others, yet most of the rest of the US Bill of Rights get some significant erosions without so much as a peep of second-amendment reaction.

Perhaps they're waiting for the 3rd and 7th amendments to suffer like the others, so they can react to the complete set in one go? Certainly the 4th, 6th, and 8th amendments have taken quite a pounding in the past couple of decades...

1. The majority of the time, encryption is used for legal, positive reasons, like protecting your bank info or medical info. Guns, on the other hand, there's no argument for: just look at the data from the UK. Even the police are better off without guns.

2. This might be true for guns, but who cares?

3. In the age of tanks, machine guns, and grenades, consumer guns don't enable us to overthrow unjust governments as they did when the bill of rights was written. As such, they no longer play a role in protecting our civil rights. If anything, gun rights are frequently a talking point for Right-wing politicians who happily trample over all of our other civil liberties. As a political force, the pro-gun politics is actively harming our civil liberties.

4. Looking at the data, I don't see how your can argue this. In the US guns are used more in suicide or commission of a crime than in self-defense. In the UK, near-universal bans on guns have lead to a drastic decrease in gun deaths.

> The majority of the time, encryption is used for legal, positive reasons, like protecting your bank info or medical info. Guns, on the other hand, there's no argument for

Ummm, the vast, vast majority of the guns in the U.S. are used for legal, positive reasons like target shooting or self-defense. The number of murders per gun-year is incredibly low, effectively infinitesimal.

Focusing on murders really misses the point. Or rather misses the full picture. Something we rarely talk about but is the biggest gun problem in the US.

60ish percent of deaths by firearms are suicide. Owning a firearm is a risk factor for suicide. This is because many (most?) suicides are not carefully planned out and given considerable deliberation but are somewhat impulsive. Removing an easy means to commit suicide actually reduces suicide.

I'm neither pro or anti gun.

I'm very very opposed to a government which uses sticks as a means to prevent suicide. (criminalizing [gun, suicide implement] ownership)
Where did I say I wanted the government to criminalize gun ownership to prevent suicide? I didn't. I specifically said I don't have an opinion on the matter. I just said we shouldn't focus on murders being the biggest problem because they aren't, suicide is.
When a gun fires at a human, it is a suicide or a murder more often than it is self defense.

Ultimately, though, I do agree that these numbers are all negligible: there are more car deaths annually than there have been civilian gun deaths in the last ten years. The argument that is important to me is that gun rights simply aren't very relevant any more, and they are being used as a talking point for political forces who are causing a lot of harm to much more relevant rights.

Re: #4: I'm not disagreeing with your policy ideals, but I would say that the law enforcement environments in the US and UK are different.

There seems to be a general "unenforceableness" in the US. It's near-impossible to carry out a near-universal ban of anything-at-all in the US.

Individuals, groups and even state/local governments in the US tend to simply take matters into their own hands if there's a law they dislike.

re: 1. The majority of the time, guns are not used at all. Most of the rest of the time they're used for legal, positive reasons, like protecting your bank or recreation. Guns, there's just no way to prevent or collect them all (no way that's consistent with the US Bill of Rights, even if you toss out the Second Amendment). You really don't need much machinery to make an improvised gun, and with a little more tools and expertise, one can manufacture an automatic weapon.

>just look at the data from the UK. Even the police are better off without guns.

I'm more afraid of harm from police than I am from criminals with guns.

>2. This might be true for guns, but who cares?

Meh, it's not a great point but a lot of people in the US care, even if you don't agree with them.

>3. In the age of tanks, machine guns, and grenades, consumer guns don't enable us to overthrow unjust governments as they did when the bill of rights was written.

Tanks are literally useless. As the wars in the Middle East have nicely demonstrated, they do not magically enable victory, especially against an entranched/integrated guerrilla enemy. This is true for all sorts of high-tech military weaponry/machinery.

>As such, they no longer play a role in protecting our civil rights.

I disagree with the premise of your argument, so I also disagree with this point.

>If anything, gun rights are frequently a talking point for Right-wing politicians who happily trample over all of our other civil liberties. As a political force, the pro-gun politics is actively harming our civil liberties.

I can agree with that. There are a lot of authoritarians/fascists/logically challenged people on the pro-gun side; and a lot of politicians who use divisive issues to agitate the more excitable parts of the electorate. They do it for abortion and LGBT/civil rights as well. It's not great, but also not an argument for/against gun rights.

>4. Looking at the data, I don't see how your can argue this.

I don't see how the US gov't can effectively collect all of the guns in the US without some pretty draconian/authoritarian measures of exactly the type that pro-2A folks oppose in principle, and that most Americans agree with.

>In the US guns are used more in suicide

I don't want a government to try to prevent me or anyone else from suicide by trying to nerf the environment.

> or commission of a crime than in self-defense. In the UK, near-universal bans on guns have lead to a drastic decrease in gun deaths.

I admit the numbers are hard to argue with, even factoring in the violent crimes committed with other weapons and against the unarmed. OTOH, I've noted a disturbing trend of the UK to ban or attempt to ban or regulate the sale of other items which may sometimes be used as a weapon, mainly pointy things like kitchen cutlery. That's certainly not something I would support.

As an analogy, note that the US has attempted to prevent the distribution of illegal amphetamines by restricting the sale of so-called precursor chemicals. It hasn't prevented the distribution of methamphetamine, but it has prevented the retail sale of drain cleaner, cold medicine, and other household chemicals/items. It's a moderate inconvenience for a lot of people and the only discernible effect it's had on drugs distribution is to decrease the quality/safety of illegal drugs (through criminals using inferior methods to produce them). Gun culture is so ingrained in the US that I feel we'd see the same sort of things happening with guns if the gov't attempted to ban them.

It's entirely reasonable to argue that some of these arguments apply to encryption, but not to guns, as the actual arguments that are usually used are more complex.

Applying an argument to something physical vs. something digital or something that directly kills people vs. something that prevents access to information makes a lot of difference.

This comparison is just silly, the context and the implications of the 4 points are entirely different.
Comparing private speech to devices which convert a few ounces of finger pressure into deadly violence is... silly.
I guess then the next time someone (perhaps even yourself) argues "they're trying to take our guns away" you will point to the 2016 Crypto Wars to show them that they're wrong...
Clearly the logical solution is to torture Tim Cook. The answers in there somewhere....
"TELLS US THE RSA KEY, COOK!"
I wonder if reframing the debate a little might help everyone realize that what Apple is doing doesn't actually impede law enforcement, and that iCloud backups actually can help them (a lot).

This is simple:

1. Most people will not actually "go dark" because the consequence of going dark is you lose everything if you lose your password. That severe consequence for a relatively common human error is not a good fit for most people's personal records and photographic life memories.

The right fit for most people is

(a) unbreakable security on their physical devices so they don't have to worry about getting hacked if they lose them, plus

(b) cloud backup that can be recovered by a trusted custodian, so they don't have to worry if they lose their password.

And that is exactly what Apple is providing. Law enforcement will still be able to go after their backups.

2. As for the case where someone really does want to "go dark", weakening physical device security isn't going to stop them. They will simply use alternative encryption software. Law enforcement still can't get it. So why make everyone more vulnerable to the hacking of stolen devices?

Case in point: law enforcement did get access to the terrorist's last iCloud backup. And if he turned off backups with the conscious intention of going dark, then even if Apple made that impossible on the iPhone, he would have simply used a different solution (e.g. not use the phone for secret info or use a different, secure phone with open source software if necessary, etc.)

You're right it is simple. Why hasn't anyone been able to get that across to Obama?
I suspect a data breach or exploit of cloud storage or other service providers is more likely for most consumers than an attack on their device following theft or loss.

For both privacy and protection against criminals, cloud storage must become as impregnable as our physical devices. Do we truly lack the will or creativity to produce custodians who cannot recover our data without our permission?

> Do we truly lack the will or creativity to produce custodians who cannot recover our data without our permission?

It depends what you mean by permission. If you mean it's physically impossible, those exist, but then they can't help you if you forget your password so it's probably not the right option for most people.

Good points. Read the hearing transcripts. This is the position that Apple's specialist takes (but without as much details of Cloud backups) and pointed that they have helped in all ways other than the one thing it cannot do due by design. Thus they conclude the requests are to set a legal precedent.
Why did SXSW give yet another mic to this type of clown?

I guess hipster are now trying on establishment ring-kissing for fashion. Maybe next they can host a d-bait.

> "if technologically it is possible to make an impenetrable device or system, or the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?

Won't somebody think of the children!!!

In seriousness though, the government and the the FBI have already show themselves capable of infiltrating and bringing down child pornography rings that use strong encryption.

There are ways to do that without backdooring everyone's phones 'just in case'.

Here's full video of Obama's remarks at SXSW:

http://www.c-span.org/video/?406275-1/president-obama-remark...

And a transcript of the privacy related portion:

All of us value our privacy, and this is a society that is built on a Constitution and a Bill Of Rights and a healthy skepticism about overreaching government power. Before smartphones were invented and to this day, if there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear at your doorstep and say we have a warrant to search your home and can go into your bedroom and into your bedroom drawers to rifle through your underwear to see if there’s any evidence of wrongdoing.

And we agree on that because we recognize that just like all of our other rights, freedom of speech, freedom of religion, etc, that there are going to be some constraints imposed to ensure we are safe, secure and living in a civilized society.

Technology is evolving so rapidly that new questions are being asked, and I am of the view that there are very real reasons why we want to make sure the government can not just wily-nilly get into everyone’s iPhones or smartphones that are full of very personal information or very personal data.”

What makes it even more complicated is that we also want really strong encryption because part of us preventing terrorism or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitized, is that hackers, state or non-state, can’t get in there and mess around.

So we have two values, both of which are important.

And the question we now have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there is no key there, there’s no door at all? And how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available that even do simple things like tax enforcement? Because if you can’t crack that at all, and government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket. So there has to be some some concession to the need to be able to get to that information somehow.”

Now what folks who are on the encryption side will argue is any key whatsoever, even if it starts off as just being directed at one device, could end up being used on any device. That’s just the nature of these systems.That is a technical question. I am not a software engineer. It is, I think, technically true, but i think it it can be overstated.

So the question now becomes, we as a society, setting aside the specific case between the FBI and Apple, setting aside the commercial interests, the concerns about what the Chinese government could do with this even if we trust the US government, setting aside all these questions, we’re going to have to make some decisions about how we balance these respective risks. I’ve got a bunch of smart people sitting there talking about it, thinking about it. We have engaged the tech community aggressively to help solve this problem.

My conclusion so far is that you cannot take an absolutist view on this. So if your argument is strong encryption no matter what, and we can’t and shouldn’t make black boxes, that I do not think strikes the balances we’ve struck for 200 or 300 years and it’s fetishizing our phones above every other value. And that can’t be the right answer. I suspect the answer will come down to how can we make sure the encryption is as strong as possible, the key as strong as possible, it’s accessible by the smallest number of people possible, for a subset of issues that we agree are important. How we design that is not something I have the expertise to do.

I am way on t...

> You know, I haven’t flown commercial in a while. But my understanding is that it’s not great fun going through security. But we make the concession. It’s a big intrusion on our privacy, but we recognize it as important.

I cannot agree that I recognize the "security theater" conducted by the TSA as important or useful. [1] I will grant that it may have helped the airline industry continue to attract travelers during the fear-filled period immediately following 9/11. Was that worth infecting air travel with a self-perpetuating institutional virus?

Are we prepared accept the consequences of similarly infecting a vastly more significant industry?

[1] https://www.schneier.com/essays/archives/2009/11/beyond_secu...

I asked my stepdaughter for her opinion and basically:

"Allowing the government access to iphones will make them criminals" and "Obama says a lot of things"

I agree with that

If interviewed Obama I would ask him if he has to go through a TSA checkpoint when he boards AF1. I would ask him to reveal all top secret security information to me. I would ask him for the nuclear codes. I would ask him for an advanced copy of his schedule for the next 6 months. When he refused to answer I would ask him why he thinks his security is more important than mine.
Thank you for posting a transcript! It is valuable for me to see the arguments laid out in text.

The tone is so reasonable but there's a fair amount of manipulative scaremongering here. 1) child pornography 2) terrorists 3) wealthy tax evaders (?!)

theyll have to work a little harder to catch 1 and 2 without putting everyones communications into a dragnet. Not even sure what he's getting at with the talk about Swiss bank accounts. It's just nonsense.

It's the digital age. I am recorded on video at minimum, I would expect four times a day. I'm not a criminal. I'm commuting to work. The digital age has eroded the privacy that generations before us were able to take for granted. Does Obama want to eliminate the only guarantee to privacy that still exists in the digital age? The fourth amendment states: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." I wouldn't expect to be able to exercise that right, in any sense at all in the digital age, without encryption.
And the last big measure that was "just to stop terrorists" they started logging everyone's emails.