92 comments

[ 2.1 ms ] story [ 155 ms ] thread
(comment deleted)
Oh really? What about weapons-armed civilians then?
(comment deleted)
Pick up that can.
For what it's worth, quite a few citizens consider other armed citizens a red flag, 2nd Amendment be damned.
Maybe this is just false security, but I at least feel comfortable knowing apple and I are on the same side in this fight.
Those who voted for Trump - did you know you were going to get this?

I think Trump's stance on Apple was pretty indicative of where things are headed.

> Those who voted for Trump - did you know you were going to get this?

Of course we did, we know this next 4 years are going to be largely terrible and he will be a horrendous president. However sometimes before you can rebuild you need to burn the existing structure to the ground first. We're tired of the status quo and want significant change in how we're represented. Sometimes you have to endure a little pain before things get better.

EDIT: I think the next round of house, senate and presidental campaigns/elections will be vastly different (for the better) than the last 20 years.

>think the next round of house, senate and presidental campaigns/elections will be vastly different (for the better) than the last 20 years.

Oh? How do you see this happening? Both parties are still here, alas.

> Both parties are still here, alas.

That is arguable. The RNC is in shambles, Trump came in and annihilated everyone in that party. Sure they are technically still here, but let's not say things are going according to plan.

Same for the DNC, they cheated their own party to put Hillary at the front of the pack in what looked like a freebie election and lost. Roasting Bernie, getting debate questions fed to her ahead of time, and they still lost. It looks bad they cheated their own party, but looks worse they cheated and still lost.

> we know this next 4 years are going to be largely terrible and he will be a horrendous president.

I heard the EXACT same thing said about President Obama. The results were debatable.

> EDIT: I think the next round of house, senate and presidental campaigns/elections will be vastly different (for the better) than the last 20 years.

You're projecting. Plenty of Americans are very happy with the way the elections went and suspect more republicans taking power in the midterm elections. Historically republicans do better in midterm elections.

> Plenty of Americans are very happy with the way the elections went

I wasnt talking about Americans, both political parties were embarrassed and horrified at how the elections went. It's those people who are going to try harder. The Republican party is in shambles, and the DNC is embarrassed they lost what looked like a gimmie election by putting their weakest candidate in front.

I'm not surprised by this.

I also wouldn't have been surprised if a Clinton appointee had said this, either. Remember that her husband was trying to mandate key escrow and she herself, on the campaign trail, said that she wanted to monitor everything possible to prevent terror attacks.

i voted for trump because hacker news told me the universe would unravel when he won. i'm still here, but apparently i'll be wearing a leash soon.
I'm not sure what Trump has to do with this, since the government has been fighting/arguing against the populace having strong encryption for awhile.
The title of this post was changed, but the title originally pointed out that the author of this article is Trump's pick for director of the CIA.
Down voted. I don't think this is a constructive question. Encryption wasn't even a minor policy stance of the 4 most major parties' nominees for president.

It's not very reasonable to <strike>blame</strike> pointedly question voters for actions their candidate didn't take a stance on.

[edit], thought better of using the word 'blame'. It's not an accurate characterization, but didn't want to erase the history of having initially chosen that word either.

I suspected (disclaimer, didn't vote, because has no right to, but supported Trump since the first dilbert articles).

But I thought that in the long run the identity politics and social justice gone berserk are the greater danger.

And breaking the spine of Apple, while probably wrong would have given me great satisfaction.

I'm going to go out on a limb here. I think he's right.

It's a red flag, not the only red flag. Like, if you use strong encryption, have associated with known drug traffickers, and served time in prison on a felony charge, someone might want to keep an eye on you. It's one of many factors that may or may not be worth considering. The use of strong encryption alone should not be considered bad.

I think that is a more accurate characterization. There are lots of things which can indicate you're trouble. One or even two of them is probably not an issue, once you get to three or four it starts to be harder to explain away.
This argument is similar to the "nothing to hide" argument. People shouldn't be flagged just for wanting privacy.
Not really. I'm saying that it's one of many factors, some typically benign (like "gun owner"), and some not benign ("has a brother fighting for IS in Syria"). To do a better job at intelligence, our government needs to look at these holistically.

My argument also extends to things like the TSA. We all like to complain about having to wait in line for security at the airport. Why can't they do better threat assessment? Well, it needs a holistic approach. Why should I, chrissnell, an officer in the Army Reserve, with no criminal record whatsoever, be subjected anything more than a magnetometer at the airport? If the TSA would look at my profile holistically, they would see that I am not a significant threat and that should mean that I would be able to go on my way without interference.

Why should anybody be subject to anything more than a magnetometer?

Locked doors stop boxcutters.

> chrissnell, an officer in the Army Reserve,

thats a red flag. you've got specialized training in weapons and tactics. maybe they should "keep an eye on you" ?

That depends entirely on their estimate of whether "specialized training in weapons and tactics" is a signal for or against being a potential person of interest.

This is a domain of probability, there are rigorous ways to deal with that. Bringing up "nothing to hide" isn't a rational response. Whether or not something constitutes a good signal does not depend on rhetorics! Math doesn't care about what some celebrity said at some point.

Especially in light of the fact that George Washington was a colonel in the VA Militia before renouncing his allegiance to the king and joining the Continental Army.
This program exists, it's called "Trusted Traveler". The most important thing is that it is opt in. If you want to trade some of your privacy for a more efficient time at the airport, you are free to apply.

The elephant in this particular room is that if the government has enough information about you to make these sort of decisions holistically, it also has enough information to effect many, many abuses. History teaches us that trusting an organization like this to "do the right thing" is a fools game.

> someone might want to keep an eye on you

what good will that do if the suspect is using encryption. thats the whole point!

"red flag" has a pretty strong connotation of "worth consideration all on its own".

Like in your example, I bet recent association with known drug traffickers is so much of a stronger signal that looking at encryption or felony history is basically worthless. Associating with known criminals is worthy of the label 'red flag'.

I imagine that if criminals know that a product has a backdoor they'll start meeting in person, then what?
Is locking your door a red flag?
Probably not, but hand delivering/receiving packages in secret probably is.
Locking my door no. But building 4 meter concrete fence with barbed wire and armed guards around my house probably is.

Is encryption door lock(which in the real world are trivial to bypass in case of valid warrant) or Bond villain's lair?

Encryption is red flag because so few people are using it.

"so few" people are using online banking ? Or are most of them just connecting via unencrypted telnet sessions ?
Any encryption that relies on CA certificates whose issuers can be coerced by the government is not secure by default if you want to protect yourself from said government.
Is not speeding a red flag if the flow of traffic is going faster than the speed limit?
How about surfing in incognito/private mode? is that a red flag?
And how about using outgoing VPN from your office? If you are and IT security chief and see somebody doing it - what will you think?
Indeed. People are forgetting we have a whole piece of math - called probability theory - for dealing exactly with that stuff. It can tell you whether or not doing X is an evidence for you being Y (or evidence against it).

The important thing is - probability theory doesn't depend on rhetorics. Someone speaking the "nothing to hide" argument, or someone else finding arguments against it convincing, doesn't suddenly invalidate Bayes' theorem! Trying to argue from principle is a mistake because reality doesn't listen to principles. The only relevant question is whether encryption/Tor/whatever is or is not currently an evidence for/against being an evildoer, and how strong that evidence is.

Those considerations do include things like loss of utility because of false positives / false negatives, too. So for instance, it may be so that evildoers are more likely to use encryption than general population, but there's so much normal people using encryption that you can't get evidence for being evil out of just noticing that a person uses encryption (the same considerations explain why so much of what TSA is doing is security theater).

I agree with you in general. My issue with this line of thinking for policy decisions, is that I personally believe relying solely on objective probability theory to associate people with _______, without looking at the larger picture, and then building policies from that, could exacerbate the reason the association is being payed attention to in the first place.

Let's say theoretically, that people who wear red shirts are objectively more likely to commit a crime. Policies are made such that people with red shirts are targeted for extra policing. People with red shirts who are not criminals feel discriminated and overly watched, and because of that, generate a resentment against society and (I admit this is a jump), ultimately end up with a higher disposition towards committing crimes. And then it just goes on ad infinitum.

So in some situations, I would argue that society benefits from ignoring these objective probabilities entirely, if there's evidence that taking action based on them could cause downstream negative consequences.

I've seen this argument brought up in discussions about racial profiling, and... I think this may be a real - and in some situations significant - phenomenon. I currently have no idea how to model it in a way that could plug into the probability calculations. I need to think about this some more.

I say in some situations, because the typical case is that if something (e.g. wearing red shirts) is likely to attract attention you don't want, you'll tend to avoid doing that thing (you'll stop wearing red shirts in order for the police to leave you alone). So there's a negative feedback loop. But I can see how this loop can fail in case of things one can't (easily) change - like skin color, cultural background, religion, etc. This leads me to believe that just looking for probability-based signals may be a good thing in case of guns and encryption, but a bad thing in case of race and religion.

(comment deleted)
"The only relevant question is whether encryption/Tor/whatever is or is not currently an evidence for/against being an evildoer, and how strong that evidence is."

I think we need to be careful not to argue law from probability theory. While as you've pointed out many things will not actually be predictive of "being a terrorist" (whatever that means) there will be things that _are_ predictive. But we mustn't let the predictive nature of the information be in and of itself justification for obtaining it. There needs to be respect for constitutional limits on the reach of government, regardless of what the math says.

I agree. How you use the information once you have it is not the same as how you obtain it in the first place. I was addressing the use of information, and I do agree that obtaining those signals has a separate set of considerations to take into account.

But unless there are strong reasons to do otherwise - for example, what 'wakkaflokka pointed out in a parallel comment may potentially be such a reason - I do think we should derive rigorous conclusions from the data we already have based on math, and not on rhetoric.

There's certainly a valid argument for, "smells like a duck, walks like a duck, sounds like a duck.... maybe it's a duck, ok?"

It's super clear that we're on the cusp of a total informational transformation in the West in terms of how life is lived, and a consequence is that there are deluges of personal data.... and a lawful, diligent and trustworthy law enforcement or spy officer will want to use that to do their jobs better. Unlike many in the tech world, I don't buy into either left or right anarchism: I think the office of the State is a valid one.

So we have to start looking to the future and how to properly safeguard rights in the Information Age.

I feel that the gun debate and the encryption debate have a shared argument: in a world where X is outlawed, only the outlaws will have X.
No. Not really. And frankly, it scares me that this is even confusing to people.
Can you please elaborate?
You can't kill people with encryption. In fact, encrypted communications has saved many lives.
The same can be argued pertaining to guns. Guns have saved many lives.

Guns and encryption are amoral. How and what they are used for determines if they are "good" or "bad".

EDIT: Encryption may have been used by bad people to secretly carry out bad things with the end result of people dying (because the "good people" couldn't decrypt their communications). We all want only the "good" people to have guns and encryption. Who gets to define "good"?

I don't want "only the 'good' people to have guns and encryption". I feel they are different:

Guns are used for two reasons: target practice (sport), and shooting to kill (hunt/attack/defend).

Encryption is used to keep communications secret.

We can have lengthy debates on the various uses of guns, but staying on topic, I find nothing wrong with people keeping communication secret. Sure, it'd be EASIER if the bad guys had to communication openly, but the "bad" isn't the communication, it's the bad things they DO.

I find nothing morally wrong with all people, including bad guys, being able to communicate in secret.

(The obvious retort is that there's nothing wrong with having guns, because it's the SHOOTING that might be bad, not the possession. Communication, however, exists for many reason, while guns exist for few, so I don't see the comparison as terribly valuable).

The only problem with those arguments is because people use them as rhetorics instead of looking at them in a mathematical way.

Guns can be used to do bad things, like threatening and killing people[0]. They can be used for good things like providing pleasure to people who use them for sports or target practice. The question you want to ask is pretty much utilitarian - how much good vs bad comes from having guns widely available? If there isn't that much good, and by banning guns you can reduce the bad significantly, then it's worth to ban guns. If banning guns doesn't actually remove that much bad, but removes the good, it's not worth banning it. The question is really about estimating the difference between good and bad in those two situations.

So in case of guns, the estimates are not too clear. In case of encryption, it seems that having it available provides high amount of good (e-commerce, banking, privacy) and some amounts of bad (criminals harder to spy on by law enforcement). Banning encryption pretty much kills the entire good side, while does very little to the bad side (encryption algorithms are already open source anyway, so at best it'll affect the opportunistic simple criminals). Thus - by the same principle as with guns - it seems clear[1] that banning encryption will make the lives of good people worse.

--

[0] - let's ignore the issue of legitimate use of violence/threat of violence by governments for now to simplify the point.

[1] - if you agree with my estimates; however I believe arguing estimates by models and hard data is easier and more robust of a task than arguing positions based on rhetorics.

That does make the optimum amount of regulation on encryption way lower than the optimum amount of regulation on guns. Ideally, for encryption it's no regulation at all.

I do agree. But keep in mind that the people comparing those two are just saying that if you defend no regulations for gun, you must also defend no regulation for encryption.

> Communication, however, exists for many reason, while guns exist for few, so I don't see the comparison as terribly valuable

Encryption exists ensure the privacy of private communications. It is therefore morally superior to a gun which is used only for shooting and the convincing of others that you are able to shoot.

Encryption exists to limit or prevent the open dissemination of data. It is therefore morally inferior to a gun which is used prevent harm.

These are word games. The things a thing can be used for have no bearing on the morality of the thing it is used for.

Agreed. Furthermore, your toddler can't accidentally kill themselves or others by playing on your keyboard and sending out encrypted reply-alls.
You can't kill a person with encryption. The history of military ciphers indicates that encryption is rather important to operational security, which is in turn crucial if you want to kill one hell of a lot of people.

Want to torpedo a passenger ship with your submarine? Better make sure the captain of said ship doesn't know you're coming. And that means all your communications traffic with those who are helping you to track the ship must be encrypted.

Encryption has no inherent morality. It is just a tool. Whether it is used for good or evil is entirely dependent on the hand that wields it.

That you probably are not in favor of strong gun rights, doesn't mean the situations don't have similarities.
Would it surprise you to learn that I am a gun owner?
Just keep in mind that governments that take powers never give it back.
Not unless some pressure is applied.
Do any examples come to mind?
Marijuana legalization is a step in that direction that I previously thought would never happen in my lifetime.
And it will continue to be a red flag until and unless it becomes common among individuals to communicate that way. Really, more individual education is the only practical way to de-stigmatize strong encryption in the eyes of authority; it can't be wrong if everyone's doing it, but if everyone isn't, it looks suspicious.
Just like keeping the curtains drawn on your house is a red flag...
Funnily enough in The Netherlands there's an aversion to curtains, to the point where people decorate the interior of their houses next to the window as some sort of diorama.

(Just so people don't think I'm just making this up: https://stuffdutchpeoplelike.com/2010/11/24/no-8-not-owning-... )

In Norway (and probably a few other places!) there's a sect called the Læstadians after the founder, Something-or-the-other Læstadius (19th-century Swedish preacher)

Anyway, for some reason they have an aversion to curtains, too - it is commonly said to stem from one of the significant preachers who, during a sermon, exclaimed 'One does not need curtains to go to heaven!'

The point he was trying to make was that one didn't need to be well heeled (19th century northern Norway not being anybody's idea of a well-off community!) to make it past the pearly gates; however, this has since been taken to mean that 'Curtains will not get you to heaven!' - and, hence, being useless.

This is probably apocryphical; however, it is an anecdote lots of Norwegians have heard, and sadly, I do not know any Læstadians I can ask to verify it...

For anyone confused about the date of this article, it was co-authored by the incoming CIA director Mike Pompeo at the beginning of this year.
Yes, I attempted to provide this context in the original title, "Incoming CIA Director: Strong encryption in personal communications is a red flag," but it's been changed to the title of the editorial.

The main reason this seemed to be of interest to the HN community is the following: "Forcing terrorists into encrypted channels, however, impedes their operational effectiveness by constraining the amount of data they can send and complicating transmission protocols, a phenomenon known in military parlance as virtual attrition. Moreover, the use of strong encryption in personal communications may itself be a red flag."

good luck putting a red flag on the 1 billion WhatsApp users
Dear WhatsApp-

Per [whatever law they pass], please stop providing server capacity for any versions of your software that are not compatible with [unintentionally ironic name for surveillance system].

Thanks.

Trump wins largely due to poorly secured communications of his opponent. I think HRC getting hacked actually pushed this issue forward. If it can happen to someone this powerful, and it is now so easy to secure email & texts, most Americans probably are. That means; hopefully, it doesnt matter if it is flagged as security is hopefully on a mainstream trajectory
This, along with Sessions who sided with the FBI in the San Bernadino case, makes me very worried about the future of online privacy and communications encryption.

Can somebody please allay my fears. Besides the EFF, where can I donate to have most impact in terms of preventing the requirement of government backdoors in consumer hardware or software?

The ACLU is a pretty good place to donate to as well.
>> "America is in a long war against a resilient enemy capable of striking the homeland, but U.S. intelligence capabilities are falling short of meeting the threat."

>> "Reasonable warrantless searches are compatible with the Fourth Amendment. So are searches of data shared with third parties, such as social-media posts—a highly valuable surveillance window, since people undergoing radicalization are prone to showcase their zealotry online."

This type of rhetoric really concerns me. Especially because the author tries to distance himself from beliefs that he clearly espouses by structuring his opinions into factual statements ("America is in a long war...").

He says straight out that a) Social Media is a great tool for spying on people, b) that basically we should have 'thought police' ("people undergoing radicalization" ought to be spied (with the implication that they should be sanctioned)).

No kidding. I expect gov to keep me reasonably safe, and not absolutely safe.
I also expect to be kept safe from the government; overbearing surveillance isn't going to do that for me.
Depends on the medium, I think. If you post it just to your friends in a protected way with a reasonable expectation of privacy, then it feels wrong for the government to do dragnet surveillance on that. On the other hand, if you start tweeting about your plans to commit an act of terror, how is that any different than going to the city center and shouting it?
So what you are saying is, we need microphones on every street corner running natural language processing and speech recognition software to identify and record any threats someone may make?
No, but I'm talking about a situation where you'd be surrounded by people. And what is Twitter if not a giant megaphone?
And this discussion is about setting up systems to automatically monitor/record everything spoken through that megaphone.

It's much more than the people around you taking it upon themselves to report your threats.

I think this is more a reflection of using a digital medium to speak. Everything is inherently kept around anyway
The difference is, if you announced those plans on a city street, you'd only face government reaction if a citizen reported you or a police officer overhead.

That's different from the federal government having power to eavesdrop on all street corners at all times. The fears over these powers aren't based in a desire to keep the government in the dark, they're a reaction to the massive scope, and the notion that everyone is suspicious all the time.

This motivated me to sign up for ProtonMail. Now I want to send Mike Pompeo a congratulatory email! He seems like a decent guy. Does anyone know where to send an encrypted email to the incoming cia director?
I love the idea of ProtonMail (and other encrypted email services). I keep getting the hankering to switch to one. But then I realize how convenient and integrated Gmail is. It's really weighing my privacy vs. convenience, but I am getting close to the point where I'm ready to move it all over.

  -----BEGIN PGP MESSAGE-----
  Version: GnuPG v2

  jA0ECQMCX9WYuCpLunPh0p8B8UjjI5k5Eb409Ldvw7lYYR/vVDk6FBYhIqJRDdto
  NWnCEfK4EuPgx1d7+Peh4f042QsFJt3n2cHoOGJYy7Iw+5nnvaGms9kDp3xEZ8s1
  4h7eJW0mRxZgtXnY4InnwMLVqER1kMcKGhk8xm+8kwYP4MpZBd1QfCwfiWxhChhX
  2kuH2TezknR6/yVOjiDAjkGprotHbKCjGyKVBq0gO7k=
  =au89
  -----END PGP MESSAGE-----
(comment deleted)
One of the authors(Mike Pompeo) is going to be appointed as head of the CIA. I suppose it's natural for him to want to expand surveillance, since it helps him do his job. I hope Trump speaks with Snowden at some point, which seems somewhat more likely given how a whistleblowing organization helped his campaign. I don't really like these surveillance programs.

The one good thing he said was he wants better congressional oversight. It helps him cover his ass, but I suppose it also lets concerned congressmen get more information. I don't know how much information the intelligence committee currently gets, or if the people on that committee are for or against increased surveillance.

I don't mind this guy on the CIA; I'd be more concerned about who's going to head the NSA.

The argument at the top of this article DEEPLY confuses the issue of mass surveillance, which I think is a very bad way to start an article titled “Time for a Rigorous National Debate about Surveillance”.

The article begins by invoking the spectral boogyman of terrorism, and doubles down on the concept that the United States can somehow be at war with a tactic.

The article refuses to admit that mass surveillance, as disclosed by the Snowden Documents, revealed that the capabilities of ubiquitous espionage were not developed and are not primarily used for a ‘war on a tactic’.

What the disclosures and investigative journalism clarified is that mass surveillance is about power and control writ large, with surveillance capabilities having been build long before terrorism became relevant and used at that time for the same power and control purposes that it is used today.

Specifically, the disclosures revealed that the intelligence is used to understand populations and how information moves through them - this helps with propaganda operations in various settings. They also revealed that the espionage was used to aide US diplomats by giving them negotiating leverage in international meetings, and was used to support domestic industries by stealing relevant market information from overseas competitors.

This slight of hand - equivocating public safety with national security - is a common tactic. There is a very specific definition of national security, defined by National Security Presidential Directive-1 (http://fas.org/irp/offdocs/nspd/nspd-1.htm): "National security includes the defense of the United States of America, protection of our constitutional system of government, and the advancement of United States interests around the globe. National security also depends on America's opportunity to prosper in the world economy.”

As the homeland is the safest place on Earth, the typical invocation of "national security" refers to the other components: a prospering economy, overseas access and interests, and protection of the current global political system for which America sits on top.

Mass Surveillance helps America to maintain it’s edge as a leading world power.

It is not about boogymen and terrorism, or about defeating certain kinds of tactics.

The article is completely ingenuous.

Rigorous debate and the Trump Administration? Surely you jest WSJ.