67 comments

[ 3.5 ms ] story [ 21.3 ms ] thread
To sum up how I feel:

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

---------------------------

"The San Bernardino litigation was necessary, but in my view, it was also counterproductive," Comey said during his 20-minute speech. "It was necessary because we had to get into that phone. It was counterproductive because it made it very hard to have a complex conversation."

No.. you pushed for the conversation right after the terrorist shooting hoping the public would be scared enough to cave.

While I'm sympathetic to your point, that quote is always taken out of context: http://www.npr.org/2015/03/02/390245038/ben-franklins-famous...

> He was writing about a tax dispute between the Pennsylvania General Assembly and the family of the Penns, the proprietary family of the Pennsylvania colony who ruled it from afar. And the legislature was trying to tax the Penn family lands to pay for frontier defense during the French and Indian War. And the Penn family kept instructing the governor to veto. Franklin felt that this was a great affront to the ability of the legislature to govern. And so he actually meant purchase a little temporary safety very literally. The Penn family was trying to give a lump sum of money in exchange for the General Assembly's acknowledging that it did not have the authority to tax it.

> It is a quotation that defends the authority of a legislature to govern in the interests of collective security. It means, in context, not quite the opposite of what it's almost always quoted as saying but much closer to the opposite than to the thing that people think it means.

Thanks for the information and it's always good to have context.

I was going to say that the original meaning doesn't take anything away from the quote as currently used and the power of that meaning. But Wittes already said that too, in the article you linked:

> "... maybe it doesn't matter so much what Franklin was actually trying to say because the quotation means so much to us in terms of the tension between government power and individual liberties."

I also disagree with Wittes that this means "not quite the opposite... but closer to the opposite [than the usual usage today]."

Franklin was arguing that the state ought to have the right to tax in order to defend the territory on the public's behalf. The Penns were trying to offer a one-time fee in exchange for not being taxed going forward.

Thus, Franklin's implication seems to be: do not trade temporary security in exchange for long-term liberty.

And so, I think the quote's modern usage and its originally intended meaning are very much in alignment. Just as the Penns offered a short-term benefit to security in exchange for a longer-term loss to prospective liberty, the FBI here is offering a short-term benefit (of debatable potential) to security by disallowing encryption or having master keys/backdoors, in exchange for a longer-term loss to prospective liberty.

It seems to me Wittes (and the NPR reporting) just isn't thinking about it deeply enough. It's not as simple as "oh, Franklin was original discussing a security matter and arguing for the state to provide security"... in fact, it is more nuanced and Franklin was saying that the state (and the public) should not accept, let alone advocate for, short-term security at the cost of long-term liberty and security.

The problem with using that quote is that it's usually employed as an argument from authority, implying that Ben Franklin was explicitly warning that personal liberty and government force were mutually opposed, when he actually wasn't. Its modern use comes dangerously close to being propaganda.
I have never taken this quote to mean that "personal liberty and government force were mutually opposed", per se.

Instead, it's meaning seems clear to me as such: don't trade short-term security/safety in exchange for a long-term decrease in liberty.

That seems to align with both the original meaning and the modern usage (despite NPR's reporting, which perhaps presents a false dichotomy).

Is maintaining smart phone encryption after the commission of a crime, when the Gov. otherwise has a lawful right to search and seize evidence used in the commission of a crime an essential liberty?

There is another famous quote from John Stuart Mill, "Your liberty to swing your fist ends where my nose begins."

For example, take the Constitutional Right to bear arms. Obviously we have limited individual liberty to bear arms for safety through both regulations and criminal statutes. I think that trade off can be pretty reasonable in some instances (say, no guns at the airport/on a plane) and since I don't mind sacrificing a little liberty for safety I don't think that trade off makes me undeserving of either liberty of safety, does it?

Please note, I am not trying to take a position other than public awareness and conversation about these things is always good; whereas, quotes about not deserving liberty or safety only serve censor an open conversation from a position of moral authority.

> Please note, I am not trying to take a position other than public awareness and conversation about these things is always good; whereas, quotes about not deserving liberty or safety only serve censor an open conversation from a position of moral authority.

I agree with you fully, there. And I'm not a personal advocate of such quotes per se (though I note their power, as you do as well). I was simply arguing that it may be a false dichotomy to claim that the original meaning of the quote is "nearer the opposite" of it's current usage. Oversimplifying matters and creating false dichotomies also "serve [to] censor an open conversation" through logical fallacy and through historical authority, in this case.

I think Franklin's quote is bombastic for dramatic effect, and that has its pluses and minuses. I think the real meaning is fairly simple and worthy of consideration, though: be very careful about trading short-term security at the cost of long-term freedom/liberty.

In consideration of that point, there is a meaningful debate here. We should examine whether backdoors or other means of foiling encryption would actually provide a net increase to security in practice, or whether they might have no real effect or even decrease security. If we believe means of foiling encryption actually increase security overall in practice, then we would have to debate the tradeoffs to freedom/liberty, the potential for governmental abuse, etc.

Given the government's track record of dramatic overreaching in the name of "security", I'm personally hesitant to take any of this lightly.

> Is maintaining smart phone encryption after the commission of a crime, when the Gov. otherwise has a lawful right to search and seize evidence used in the commission of a crime an essential liberty?

I would say NO. But, the issue is there's no way to only allow a backdoor to be used when/after someone commits a crime. As tech people we understand this, and history proves it. Apple had a person testify at the hearing who expressed this really well. She also brought up other points I hadn't considered.

Also, the FBI is missing non-encrypted communications in most of these cases! I know encryption by default is going to be a problem for them in the future, but they are acting like it's the reason the recent attacks went undetected - when it actually had nothing to do with it.

>there's no way to only allow a backdoor to be used when/after someone commits a crime.

Outside of the encryption debate, this concept rings true of most evidence. In other words in the streets nothing really prohibits an officer from illegally searching/seizing evidence of a crime and a prosecutor bringing charges, but the 4th Amendment is our protection only after the fact where illegally obtained evidence is subject to being suppressed from use at trial. Example, police illegally raid a house without a warrant, break open a safe and seize cocaine...all evidence of crimes including the illegally seized cocaine could be suppressed.

Is there a way to determine when the backdoor was accessed? If so, then the defendant is actually more protected because there would be digital record of the illegal search/seizure vs the street example above where officers can lie about the factual events regarding illegal searches and seizures (i.e. testimony the defendant was outside the house in plain view holding the cocaine, so a warrant wasn't required). If not and it can't be determined when LEO accessed the backdoor it is still similar to any other illegally obtained evidence.

>but they are acting like it's the reason the recent attacks went undetected - when it actually had nothing to do with it.

I thought they tried to limit their position to need for the follow up investigation, but if they framed it to the public the way you describe, I agree that is disingenuous.

Another example: The phrase "an armed society is a polite society" is born of the frontier.

The clearest (to me) boundary worth discussing here, is Apple as iCloud provider versus Apple as iPhone producer. Do we think of cryptography differently in these two contexts, or exactly the same?

I lean toward yes, it is an essential liberty. Society necessarily has to have protections built in that sometimes (often?) also protect criminals because we need strong civil liberty protections.

When I was arrested for drug trafficking (the charges were later dropped) I told the police "No, you can't have my iPhone password, not because there is incriminating evidence on the phone I don't want you to see but because there are messages, emails, and notes on that phone that reflect the contents of my mind and the contents of the minds of my closes friends, and I will not give you nor your colleges access to the contents of my mind."

They were unable to break the encryption on the phone, and my personal thoughts remained secure.

If law enforcement can't obtain enough evidence from meta data and other evidence to get to beyond reasonable doubt, then too bad.

I'm open to changing my opinion on this matter if someone can show me many examples of where serious crimes took place that wouldn't have happened if law enforcement had master keys to encryption.

Prove that someone knows the proper key to decrypt a given device. In some cases prove an encypted container actually exists. Suppose I set it up so that both data contained on the system and data I know is required to decrypt the data.

Suppose that I set it up that the part of the data required is set up to be destroyed if I merely don't log in every day. If you arrest me and by the time anyone thinks to speak to me all possibility of ever recovering the data is gone.

Have I destroyed evidence or not?

> Thus, Franklin's implication seems to be: do not trade temporary security in exchange for long-term liberty.

The key difference between what he meant in the quote and how the quote is used is that liberty refers not to individual liberty but the liberty of the state to impose on the individual to further collective security.

Usually, the quote is used to further the position that we shouldn't trade individual liberty for collective security. But under your reading, it's more about not trading long-term security for short-term security.

> The key difference between what he meant in the quote and how the quote is used is that liberty refers not to individual liberty but the liberty of the state to impose on the individual to further collective security.

He wasn't talking about "liberty of the state". He was talking about individual liberty, as protected and empowered by the state.

The debate is on (potentially) trading short-term security for long-term security and the individual liberty that security protects.

And so, in less bombastic terms, it seems Franklin's meaning is that trading a small measure of short-term safety at the cost of long-term security (from threats of any source-- external, domestic, or from the state itself) and liberty is a recipe for disaster. Franklin says here that being willing to trade short-term safety at the cost of longer-term security (and therefore liberty) is fretful and unwise and means you will ultimately forfeit actual liberty.

One can question whether or not such a trade-off truly exists with respect to the current encryption debate. But it seems fallacious to draw a dichotomy between this quote's original meaning and it's meaning as used in the debate today.

While we are discussing context, it is also good to consider your sources. The person quoted by NPR may have an agenda; consider the below.

It should well be noted that Benjamin Wittes, the person quoted in parent by NPR, is a noted proponent of increased national security at the cost of encryption.[1][2][3] While he is a Fellow at the Brookings Institute, which is generally considered non-partisan but liberal-leaning, Wittes and Brookings' stance on matters of national security have been quite pro-government / pro-"security", and he is also a member of the Hoover Institution's Task Force on National Security and Law. The Hoover Institution is generally regarded as right-leaning[4][5]. His positions are consistently in line with the FBI's, believing that end-to-end encryption with no backdoor is bad for national security and worth the tradeoff.

[1]: https://www.lawfareblog.com/encryption-living-will-think-you... , [2]: https://www.lawfareblog.com/quick-question-apple-hr [3]: https://www.lawfareblog.com/very-definition-digital-age-chut... [4]: http://www.csmonitor.com/1980/0327/032756.html , [5]: https://www.britannica.com/topic/Hoover-Institution-on-War-R...

To be clear, that quote regarding liberty and safety has been taken completely out of context. Benjamin Franklin was not saying what you think he was saying.

Please read the articles listed below.

For the record: I'm am a privacy advocate, but I really dislike people using and abusing history for personal political ends.

http://www.npr.org/2015/03/02/390245038/ben-franklins-famous...

https://www.lawfareblog.com/what-ben-franklin-really-said

Edit: Looks like rayneir beat me to the punch

I completely disagree with Wittes' take that there is any misappropriation of this quote or that it's meaning as commonly used in this discussion today differs greatly from it's original meaning. And please see comments above wherein Wittes' potential bias is highlighted, given his stated positions on these matters.

In the historical case, Franklin was making a simple argument: don't take the Penn's offer of a short-term increase in security at the cost of long-term liberty.

This reconciles perfectly well with the usage in this debate today: don't take the FBI's offer of a (supposed) increase in security (by weakening strong encryption) in exchange for a decrease in long-term liberty.

I'm very familiar with Wittes' position on encryption and national security issues, but I don't believe he is a biased party.

I find the quote most problematic in this situation because it frames liberty and security as a dichotomy, which any even rudimentary analysis would make clear that they are not opposing forces.

I agree they aren't opposing forces. And I also don't take Franklin's quote that way. Indeed, in the historical context, another way to put what he is saying is "don't trade short-term security for long-term security."

I think that is where the quote applies in this debate. Is accepting curtailing of encryption really an increase in security. If so, is it only short-term? What are the trade-offs to liberty and freedom further out? We should indeed be very cautious about any trade-off between short-term security vs long-term security and liberty.

My rights aren't really up for a talk. Encrypted speech is still speech, that really should be the end of the talk.
That's a very bold assumption.
Until the constitutional right to communicate unintelligibly is declared invalid, encryption will remain constitutional.

[snarky comment about opposing political party placed here.]

Hint: the Constitution is intended to make your life as a cop difficult. If you have a problem with this, I'm sure the FSB are hiring.
It's not encryption vs. safety. It's functioning software systems vs safety and there is actually no conflict because functioning systems are necessary for safety.

So really the FBI director should have phrased it as "lack of encryption vs. safety".

I'm on the "encryption is a right and essential to functioning software systems" train with you. But I don't want stick my head in the sand and pretend the other side doesn't have valid points.

If all network devices were trivially penetrated by government surveillance, a hypothetical terrorist plot with a WMD has chance A of being discovered. If network devices that are impenetrable to government surveillance are used, I'm not going to argue that the same plot doesn't have < A chance of being discovered (ceteris paribus).

I happen to believe that's a good and just tradeoff to preserve the values of a democratic society, but I accept that others might think otherwise.

The US (and France, and the UK, and everyone else grappling with this that cares to pretend to be a democracy) should absolutely have a thorough, resolute discussion about our options.

If alcohol prohibition was reinstated it would probably save about 88,000[0] lives a year in the US. Between 1995 and 2014, 3503[1] US Citizens worldwide were killed by terrorism. If congress wants to save lives it could be done in a much less constitutionally suspect way. This is why I suspect that saving lives is not the true reasoning.

[0]http://www.cdc.gov/alcohol/fact-sheets/alcohol-use.htm

[1]https://www.start.umd.edu/pubs/START_AmericanTerrorismDeaths...

The same point can be made about gun control, but there are definitely "true believers" who think that limiting access to guns is the most important political issue _because_ it would save lives. There are even people who are scared of mass shootings, which have killed ~700 people in 35 years[1] in the USA. I've seen blogs use that statistic as an argument for stricter gun control! There are people who are scared of flying, when 429 people died in 2013 from aviation accidents[2] (albeit overwhelmingly in GA, not commercial). Yet these same people happily drive to work every day, even though ~32,000 died in automobile accidents in 2014[3]!

Everyone knows that humans are terrible at estimating small risks of large dangers. The really scary thing is that humans are also by-and-large incapable of updating based on that knowledge.

[1]: http://www.motherjones.com/politics/2012/12/mass-shootings-m... [2]: http://www.ntsb.gov/investigations/data/Pages/AviationDataSt... [3]: https://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_i...

Prohibition was repealed because it was an abject failure. It did not make the public safer last time, and I very much doubt this time around would be any different.

The claim that reinstating prohibition would prevent all alcohol-related deaths is simply not based in reality.

And the current anti-terror programs are a resounding success?
I neither said not implied anything about the anti-terror programs. I solely wanted to address your claims about reinstating prohibition, lest someone support it based on that flawed analysis.
Prohibition stops 88,000 people from drinking themselves to death. But how many lives are lost due to the illegal alcohol trade? How many people die from drinking denatured alcohol, mouthwash and vanilla extract? Bootleg booze? Illegal distillery explosions?

If you want to know what kind of black market arises when you prohibit a popular drug, you have multiple examples from recent history to look to. Such as the drug war, and the last time we tried to 'save lives' with alcohol prohibition.

I used terrorism as my man of straw, but the same point applies to any other illegal activity that encrypted communications would help facilitate. That's not a consequence we as technical professionals can ignore if we want to win this debate.

The first step to making a convincing argument is acknowledging reality: the proliferation of hard encryption will alter the balance between individuals and the state.

Pretty sure not hiring pothead hackers is a bigger problem for the FBI than the encryption they keep whining about.
The FBI is living in the hole it dug for itself. Where was the "conversation" about warrantless wiretapping? I certainly don't remember it. What about the conversation about secret FISA courts?

Sorry our constitution is making your job harder. Feel free not to cash your paycheck next week if you think it's too hard for you.

I don't think it's that much harder, unfortunately. They just take a million or so of tax payer money and hire a firm to crack the target. I'm not sure they're too worried about the constitution, sadly. Why they need to have a 'discussion' about it, I'm not sure.
Quite right. There's a point where it's not really harder, just more expensive. And when it's other people's money...
I don't even understand why they care so much if they can't solve a case due to lack of access to electronic data. Just move on to the next case. Are they getting paid on commission based on how many cases are solved? If anyone asks why a specific case wasn't solved just point to the encryption and move on
I understand your point but imagine working in the FBI. How do you tell the victims of the crime that the people who harmed them is still out there because you can't get access to the last piece of evidence you need?

I'm not at all saying that encryption should be removed but I can definitely see how people who see the harm caused by crime every day could be a little upset about being unable to do anything about it.

> How do you tell the victims of the crime that the people who harmed them is still out there because you can't get access to the last piece of evidence you need?

If they had a solid case, they wouldn't need that one last piece of evidence.

Probably the same way the State Department tells the families of journalists detained by foreign governments that they are "working on it", but that it just not worth it, financially and politically, to unleash the full power of the Department of Defense to recover an individual.
Well it should be the victim or victim's family lobbying to amend the constitution in that case to make encryption illegal, not the investigators. They're agents of the government who are supposed to do their job with the current legal tools at their disposal. They are not supposed to be victim's advocates. In some cases there is no victim, like in drug possession cases.
I often wonder this myself. Perhaps they don't understand it, but when they adhere to a certain unspoken agenda everyone seems to get raises
Why no guff when SSL was introduced? Perhaps back then there were tons of vulnerabilities, backdoors or untrustworthy CAs, but can it still be the case now? The FBI would have us believe that some kinds of encryption are acceptable? If that's the case then they must already have a way to circumvent it.
Because SSL is intricately tied to the CA infrastructure and thus able to be meddled with when the government decides it has national security concerns?
For now, and only if the CA feels like taking an existential risk. Browsers requiring Certificate Transparency should make it impossible to subvert the CA system secretly, and subverting it openly kills a CA.
Subverting SSL/TLS kills a CA when noticed and reported. Hypothetically, if you're identifying targets through other means and diverting their connections at the backbone level before monkeying with them then you're not running that big of a risk, statistically speaking.

Especially not when the CA's alternative is Serious Legal Consequences of ignoring a NSL.

Browsers can enforce Certificate Transparency for certificates from a given CA; once they reach the point of enforcing it for all CAs, browsers will no longer trust a certificate issued surreptitiously and not logged in the CT logs.

And even before that point, any site using certificate and CA pinning can protect against the use of the "wrong" CA to issue a certificate for their site.

> Especially not when the CA's alternative is Serious Legal Consequences of ignoring a NSL.

I'd love to see the court case brought by a CA that refuses to kill their entire business. But in any case, eventually, a certificate issued secretly by a CA won't be trusted by any browser, NSL or no NSL.

Have you forgotten about export grade cryptography?
There was tons of guff. Do you not remember the "crypto wars" of the '90s? Export-grade ciphers? Server-gated crypto? The Clipper chip? Entire projects carefully developed only outside the US to avoid export restrictions?
At least he's asking for a talk instead of outright decreeing privacy the enemy of security
He's banking on the fact that most people don't care about privacy and are more easily swayed towards giving it up for vague promises of safety when scared by threats of terrorism.
Maybe the FBI should spend less time suing Apple and more time finding out where the wife of the Orlando shooter has disappeared to given she was proven to have assisted him with the crime and knew about it in advance.

The FBI might also do well to look into the mother of the San Bernardino shooters who lived with them in a house full of bombs and guns and yet somehow never had any idea what was going on.

These seem better leads than this constant obsession with searching everyone's phones.

How did the FBI come to know that the Orlando shooter's wife knew about it in advance?
Because she told them she did. Noor Mateen told the FBI she was with him when he bought ammunition and a holster and that she once drove him to the Pulse nightclub because he wanted to scope it out. She told federal agents she tried to talk her husband out of carrying out the attack against the nightclub.
Encryption does not confront safety. It is only FBI that wants us to think this way. Encryption IS safety against people in power holding too much power.

I have the right to have private conversations with my family, friends and coworkers, specially if I work from home using teleworking tools. I will fight to defend this right if necessary.

If someone believes anything I do is illegal I have no problem when they have a warrant, but massive surveillance is criminal.

It is a crime they had not paid for yet, like Hillary Clinton or all the financial dome they are used to do everything against the law with no consequences.

>Encryption does not confront safety. It is only FBI that wants us to think this way. Encryption IS safety against people in power holding too much power.

And also people NOT in power. From nosy spouses to "cyber-criminals", identity theft and so on...

Yeah, I include criminals in the power side too. In Italy Servia or Russia for example, the Mafia is part of the power structure.

In some places of Africa it is already very dangerous to communicate digitally because of digital surveillance tools developed by Israel,French or German companies.

> If someone believes anything I do is illegal I have no problem when they have a warrant

If the FBI gets a warrant, you're going to decrypt all your data for them? That's an atypical position.

The entire world today works efficiently because of encryption. The more encrypted things are, the easier and safer it is for us to communicate remotely. Encryption IS safety. Take it away and we're back to having to communicate important information in person, or risk our own security and safety.

Also, no matter what the government does to prevent the general public from encrypting stuff, aren't big-time criminals going to encrypt their communications anyway? So we're not solving any problems by having this discussion, are we?

Such debates are always a funny move.

It's like saying "let's have a national talk over encryption versus ethernal peace and harmony". Arguing for encryption in such a frame is determined to be a failure.

To me this feels more like the head of the KKK suggesting that we should have a national conversion about the proper place of blacks in society.
Fuck James Comey and fuck the FBI. I will continue to choose freedom over safety.
How about we have an honest conversation about how the government is eroding the Bill of Rights?
The FBI is the face of the larger government trying to control the people, which is hard to do when their communication is encrypted. They're playing off the fears of the sheeple and don't deserve our attention.
Encryption vs safety? This is carefully framed in a way that ignores the safety provided by proper encryption. This isn't "encryption vs safety", but actual safety of secure communication and personal data vs possible safety of solving a few more criminal cases.

As koenigdavidmj already mentioned, one of the key principles of a free society is that liberty and justice is more important than law enforcement convenience. It is better to let the guilty go free than infringing the rights of the innocent. The police will simply have to be more creative and find alternative ways to do their work.

Of course, the FBI and congress already knows this, as Susan Landau already explained this in her testimony before the House Judiciary Committee.

https://www.youtube.com/watch?v=g1GgnbN9oNw#t=12944

"There is danger from all men. The only maxim of a free government ought to be to trust no man living with power to endanger the public liberty." - John Adams, 1772