Preaching totalitarian propaganda is much easier and more glamorous than eg actually prosecuting murders (and other injustice) committed by local police departments.
Your point certainly stands, but this is misunderstanding e2e encryption to a point.
Reasonably secure open source solutions exist at large for encrypted messaging, and people who really want to keep their communications hidden will simple not adhere to these regulations.
Meanwhile, we'd be weakening domestic standards for all "law abiding" citizens/entities. A back door is never just a back door for the person who put it there.
Public safety requires that the authorities be able to get all the information they want (or so believes the FBI chief). But echoing the founding fathers, the rest of us might wonder: Who's going to keep us safe from the FBI?
It's a reasonable question. And it has an answer: The same crypto / infosec community that's keeping us safe right now.
If governments are going to demand some sort of "exceptional access", then that's just one more constraint that our systems have to satisfy. Figuring out how to do that, while maintaining security for the rest of the users, is the million-dollar question.
I understand that after the Crypto Wars of the 1990's, the tech community has been super resistant to working on any sort of technology that allows for any sort of compromise. But I fear that if we don't -- if security has to be all-or-nothing -- then eventually we're going to wind up with some horrible mandate for backdoors or key escrow or something worse.
There is no such thing as a "compromise" on an issue of individual rights. Every "proposal" on this topic can only be another tooth on the ratchet of [democratic] totalitarianism.
Computers exist, and form a natural extension of the mind. To constrain what individuals may compute is to deny the inalienable right to think. If every computer is mandated to be an agent of the state (as such "proposals" inherently imply), then the Individual is left completely computationless (ie nearly powerless) against the state-computer.
This rekindled expectation of prying into individuals' private data is entirely due to the past decade of naive adoption of "web 2.0" untrustworthy computing, fueled by the profits from commercial surveillance. As technologists, we need to move off and repudiate this broken centralizing model (for us and the plebs), not be looking for ways to further enshrine it.
Luckily, math does not quite care about opinions of the FBI chief. Encryption is a done deal. This genie is not going back to the bottle. Now it is just going to be an arms race between building a better mouse and building a better mouse trap.
The thing I find funny is that they aren't acknowledging the fact that they used to solve crimes before cell phones existed. What did they do back then? Hell, even phone calls could be made rather anonymously. They have way more metadata to pour over these days than they did in the past.
Their truly sick desire to undermine the privacy and security of ordinary citizens is just that.... They won't solve more crimes by breaking encryption.
> The thing I find funny is that they aren't acknowledging the fact that they used to solve crimes before cell phones existed. What did they do back then?
I'm not a big fan of government surveillance, but I find this argument problematic. Crime was different before the Internet and cell phones. Criminals learned to use the new tech with the rest of us. For example, not that long ago if the FBI had a person followed and his land line monitored, they could know who that person was in contact with. Today, that person might be exchanging messages over an encrypted app, on an encrypted phone, and there's no way of telling who with.
I'm with you about the fact that privacy of ordinary citizens is being undermined, and that through technology, invasive surveillance became so cheap and easy to deploy, that it's everywhere.
But let's not confuse state level surveillance of the whole population with targeted surveillance approved in a legitimate proceeding by an independent judge in an independent court against an actual criminal. Citizens typically want to allow the latter, while preventing the former. Governments tend say they're doing the latter, while doing both. So "public safety" arguments might be used to promote anti-democratic surveillance of a population, but can also be legitimate concerns of a law enforcement agency trying to investigate actual crimes.
>But let's not confuse state level surveillance of the whole population with targeted surveillance approved by an independent judge in an independent court against an actual criminal
A judge and court who rarely, if ever, deny such requests.
You're right, the system is not fair, and it's FAR from being perfect. The "innocent until proven guilty" part bothers the heck out of me. But the story doesn't end with me or you. Recall that there are actual criminals in the world and "the system" is trying to balance public safety with the rights of the individual. It's tricky, and is just becoming trickier.
I don't know how to solve it, but the answer can't be stripping our law enforcement officers completely of the right to investigate what a person did or is doing.
>Governments tend say they're doing the latter, while doing both.
Which is exactly why their powers need to be severely limited. In a fantasy world of rainbows and lollipops where the government are the "good guys" with only pure good in their hearts they could be trusted with limitless powers to pursue the "bad guys". In the actual world that exists, the government is made up of regular people - people who lie, cheat, steal, and do all sorts of things for their own purposes. If history has taught us anything, it should be that power corrupts. Far better that we live in a world where a small percentage of crimes go unsolved than a police state with ubiquitous tracking, surveillance and real-time monitoring where its an absolutely certainty that we all suffer the consequences.
I agree. It's a matter of balance between the two. Especially when you don't know which "end" of the judicial system you might face, if any.
You might be accused of a crime and then you'll be rooting for the rights of the accused or individual rights in general, or you might be the victim of a crime, in which case you might feel like supporting broader police powers.
Let's not forget that criminals can also exploit a backdoor, so creating them jeopardizes public safety.
Furthermore, if IT vendors agreed to create those backdoors, criminals are not forced to use those products and can still rely on homebrew or foreign tools.
Later, the situation might escalate where these tools utilization is prohibited (e.g. VPN, Tor), as we see in some countries, but that shouldn't stop criminals from using them while making the public vulnerable.
And the authorities are equally likely to commit a crime as the man on the street, a fact they generally don't acknowledge and certainly don't design their own systems for.
You cannot create safety by concentrating power and authority, you create it by limiting the effects of those two.
> Today, that person might be exchanging messages over an encrypted app, on an encrypted phone, and there's no way of telling who with.
Yes there is. That's the point of iamcasen: they have way more metadata to analyze. They can know who talked with who, when, for how long, etc.... All that information is present on the providers' servers, which is presumably available to the FBI in an investigation. Only the content remains unknown.
> “We’re not interested in the millions of devices of everyday citizens,” he [Comey] said in New York at Fordham University’s International Conference on Cyber Security. “We’re interested in those devices that have been used to plan or execute terrorist or criminal activities.”
Oh so they only want to know about the bad people? That's a relief.
I know you're trying to be snarky, but he's responding to a very real accusation from our community.
Every time this question comes up, half of us freak out and scream that the FBI is trying to grab all of our deepest darkest secrets.
I'm not inclined to trust them very far on this issue either, but I still think we should take it as a good sign that Wray is aware of our concerns and that he publicly acknowledges their validity.
>but he's responding to a very real accusation from our community.
No he isn't. His whole point is that the FBI can't know for sure which of us is a terrorist or "bad guy" unless they can sift through all of our data and all of our devices to find out. Given the history of the US government classifying every sort of activist, from quaker to environmentalist as "terrorists", his argument should be tremendously unpersuasive to everyone who thinks it through.
> we should take it as a good sign that Wray is aware of our concerns and that he publicly acknowledges their validity.
This statement is not acknowledging our concerns' validity, but brushing them aside with the tired old "nothing to hide" fallacy.
They are indeed interested in "the millions of devices of everyday citizens", because in their warped power-craving worldview, every one of those citizens could actually be a "sleeper threat" committing precrime. If they really are not interested, then why are they continuing to saber-rattle for criminalizing those millions' activities?
The stupidity of the statement is beyond question. "Give us access to all and trust us to leave the 'innocents' alone. Umm, see J. Edgar Hoover's history for the damage an unrestrained senior official can do behind the scenes."
> Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge.
So if 7,775 is "more than half," a conservative estimate of how many phone's they're attempting to crack per year (so far) is about 10,000?
> “We’re not interested in the millions of devices of everyday citizens,” he said in New York at Fordham University’s International Conference on Cyber Security. “We’re interested in those devices that have been used to plan or execute terrorist or criminal activities.”
How many thousands of terrorist cellphones do you really think they've seized in 2017? Maybe a dozen? This is the FBI, remember, so it's only counting phones seized on U.S. soil (goodness knows what the CIA's tally is, but that's a whole separate issue.) I haven't been on the lookout for "authorities append would-be terrorist" stories, and those definitely appear from time to time, but they're not a daily occurrence.
Terrorism isn't a significant factor in this issue, as a question of the FBI's day-to-day operations. It's just a word that surveillance hawks have discovered gets results. I'm sure the ~9,999 non-terrorist phones they're trying to crack were owned by some pretty terrible people, but if the FBI were saying "give us a backdoor into all your devices so it'll be easier for us to go after online-poker rings and weed dealers," they'd be laughed out of the room.
31 comments
[ 5.3 ms ] story [ 65.3 ms ] threadReasonably secure open source solutions exist at large for encrypted messaging, and people who really want to keep their communications hidden will simple not adhere to these regulations.
Meanwhile, we'd be weakening domestic standards for all "law abiding" citizens/entities. A back door is never just a back door for the person who put it there.
It's a reasonable question. And it has an answer: The same crypto / infosec community that's keeping us safe right now.
If governments are going to demand some sort of "exceptional access", then that's just one more constraint that our systems have to satisfy. Figuring out how to do that, while maintaining security for the rest of the users, is the million-dollar question.
I understand that after the Crypto Wars of the 1990's, the tech community has been super resistant to working on any sort of technology that allows for any sort of compromise. But I fear that if we don't -- if security has to be all-or-nothing -- then eventually we're going to wind up with some horrible mandate for backdoors or key escrow or something worse.
There is no such thing as a "compromise" on an issue of individual rights. Every "proposal" on this topic can only be another tooth on the ratchet of [democratic] totalitarianism.
Computers exist, and form a natural extension of the mind. To constrain what individuals may compute is to deny the inalienable right to think. If every computer is mandated to be an agent of the state (as such "proposals" inherently imply), then the Individual is left completely computationless (ie nearly powerless) against the state-computer.
This rekindled expectation of prying into individuals' private data is entirely due to the past decade of naive adoption of "web 2.0" untrustworthy computing, fueled by the profits from commercial surveillance. As technologists, we need to move off and repudiate this broken centralizing model (for us and the plebs), not be looking for ways to further enshrine it.
If we don't give them a way to get what they need without also breaking everyone else, then we're really not going to like the outcome.
Their truly sick desire to undermine the privacy and security of ordinary citizens is just that.... They won't solve more crimes by breaking encryption.
I'm not a big fan of government surveillance, but I find this argument problematic. Crime was different before the Internet and cell phones. Criminals learned to use the new tech with the rest of us. For example, not that long ago if the FBI had a person followed and his land line monitored, they could know who that person was in contact with. Today, that person might be exchanging messages over an encrypted app, on an encrypted phone, and there's no way of telling who with.
I'm with you about the fact that privacy of ordinary citizens is being undermined, and that through technology, invasive surveillance became so cheap and easy to deploy, that it's everywhere.
But let's not confuse state level surveillance of the whole population with targeted surveillance approved in a legitimate proceeding by an independent judge in an independent court against an actual criminal. Citizens typically want to allow the latter, while preventing the former. Governments tend say they're doing the latter, while doing both. So "public safety" arguments might be used to promote anti-democratic surveillance of a population, but can also be legitimate concerns of a law enforcement agency trying to investigate actual crimes.
A judge and court who rarely, if ever, deny such requests.
Innocent until proven guilty?
I don't know how to solve it, but the answer can't be stripping our law enforcement officers completely of the right to investigate what a person did or is doing.
Oh they are far from stripped.
https://theintercept.com/series/the-fbis-secret-rules/
Which is exactly why their powers need to be severely limited. In a fantasy world of rainbows and lollipops where the government are the "good guys" with only pure good in their hearts they could be trusted with limitless powers to pursue the "bad guys". In the actual world that exists, the government is made up of regular people - people who lie, cheat, steal, and do all sorts of things for their own purposes. If history has taught us anything, it should be that power corrupts. Far better that we live in a world where a small percentage of crimes go unsolved than a police state with ubiquitous tracking, surveillance and real-time monitoring where its an absolutely certainty that we all suffer the consequences.
You might be accused of a crime and then you'll be rooting for the rights of the accused or individual rights in general, or you might be the victim of a crime, in which case you might feel like supporting broader police powers.
You cannot create safety by concentrating power and authority, you create it by limiting the effects of those two.
Yes there is. That's the point of iamcasen: they have way more metadata to analyze. They can know who talked with who, when, for how long, etc.... All that information is present on the providers' servers, which is presumably available to the FBI in an investigation. Only the content remains unknown.
Oh so they only want to know about the bad people? That's a relief.
Every time this question comes up, half of us freak out and scream that the FBI is trying to grab all of our deepest darkest secrets.
I'm not inclined to trust them very far on this issue either, but I still think we should take it as a good sign that Wray is aware of our concerns and that he publicly acknowledges their validity.
No he isn't. His whole point is that the FBI can't know for sure which of us is a terrorist or "bad guy" unless they can sift through all of our data and all of our devices to find out. Given the history of the US government classifying every sort of activist, from quaker to environmentalist as "terrorists", his argument should be tremendously unpersuasive to everyone who thinks it through.
http://abcnews.go.com/News/Blotter/fbi-spied-peta-greenpeace...
This statement is not acknowledging our concerns' validity, but brushing them aside with the tired old "nothing to hide" fallacy.
They are indeed interested in "the millions of devices of everyday citizens", because in their warped power-craving worldview, every one of those citizens could actually be a "sleeper threat" committing precrime. If they really are not interested, then why are they continuing to saber-rattle for criminalizing those millions' activities?
So if 7,775 is "more than half," a conservative estimate of how many phone's they're attempting to crack per year (so far) is about 10,000?
> “We’re not interested in the millions of devices of everyday citizens,” he said in New York at Fordham University’s International Conference on Cyber Security. “We’re interested in those devices that have been used to plan or execute terrorist or criminal activities.”
How many thousands of terrorist cellphones do you really think they've seized in 2017? Maybe a dozen? This is the FBI, remember, so it's only counting phones seized on U.S. soil (goodness knows what the CIA's tally is, but that's a whole separate issue.) I haven't been on the lookout for "authorities append would-be terrorist" stories, and those definitely appear from time to time, but they're not a daily occurrence.
Terrorism isn't a significant factor in this issue, as a question of the FBI's day-to-day operations. It's just a word that surveillance hawks have discovered gets results. I'm sure the ~9,999 non-terrorist phones they're trying to crack were owned by some pretty terrible people, but if the FBI were saying "give us a backdoor into all your devices so it'll be easier for us to go after online-poker rings and weed dealers," they'd be laughed out of the room.
Lack of time travel as well.
Torturing suspects leads to more confessions, and thus convictions, so that's a problem too.
Hell, the fact that they need a warrant to ransack your house is also an impediment.
Looks like this has been solved: https://www.theatlantic.com/national/archive/2014/04/sheriff...