He wants to make his job easier, consequences be damned. It should be easy for the "good guys" to monitor and catch the "bad guys", give us back doors and unsecured communications with which to do our jobs.
He's too focused on his narrative to be able to understand the web of unintended consequences of what he's proposing. The same way law enforcement and lawmakers fail to see all of the unintended consequences of the drug war.
I found the question of whether he really doesn't understand the technical meaning of "back door" or is conscientiously trying to re-brand away from the negative connotations of the term particularly interesting. Maybe "side-door" would work?
It's so incredibly disingenuous. We're talking about a long established technical term with a precise meaning, but when world leaders are demanding it, they're uncomfortable using that term because it sounds like exactly what it is.
Saying it's "not a back door" is simply a lie, and I'm sure they or their advisors know it.
He can't see himself as the bad guy, or enabling the bad guys in the future by making the law enforcement apparatus all powerful.
Of course he'd fling the same accusation at us, from his point of view. What if there was a terrorist attack that could have been prevented if only they'd have been allowed to see through the encryption? I mean, let's be honest, on its own merits, that's not the worst argument in the world.
It's just that as an old-school true-blooded American patriot, I can't help but notice that "just giving them all the powerz" is not the way we do things around here, and there are reasons for that.
(Before reflexively downvoting because I dared sound a bit patriotic, consider why I feel compelled to wrap myself in the flag here....)
I'd warn him to beware of "What if..." worlds. In such places, anything is possible. Fearing the possible makes one paranoid and untrusting.
What if he is the terrorist and wants to more readily spy on the American people? Or a similar, more likely scenario, of what if the government has a spy from another country? Do we want them to have all of our information in their hands? If encryption is weakened they can more easily spy on our political leaders.
What about national security? Lowering encryption standards hurts national security. As an American patriot why would you want to hurt national security? For a bit of promised security? The current mass surveillance has prevented 0 attacks. Who is to say more surveillance would prevent any attacks? You can say for certain it would hurt national security (bad guys can use backdoors too) - but you cannot say for certain it would prevent any attacks. So it's a "lose/maybe-win" scenario. Not one in the countries best interests, if you ask me.
Of course the "what-if" argument falls flat on its face because we can always go further to create more safety, and if you first use that argument you need to justify why you stop just there.
E.g. why is terror getting this level of attention vs. child murder, which in terms of numbers of victims is a far bigger problem?
By the "what if" logic, these people ought to be prepared to go far in curtailing privacy to get at child abuse given the magnitude of the problem compared to terror.
We know how to profile the likely perpetrators very well too. The vast majority of such crimes are carried out by a few very specific groups of people, namely dads, brothers and other close male family members.
Surely if the - on average - few terror deaths are worth these types of sacrifices, the many hundred child murders and thousands upon thousands of abuse victims would justify far more extensive curtailment of privacy?
It quickly becomes very clear that the "what if" argument is rationalisation: if harm reduction was as important to them as they like to imply, they would not be spending their attention on terror.
What the "anti-terror crowd" need to be made to answer when they ask for more rights is what makes terrorism different, and why are they not spending their energy on the many problems that have far more serious effects.
My information comes from an extensive NSPCC survey, but I don't think the two contradict each other - the question is the exact definition of abuse that is being used and I should have looked it up and been more precise about that.
Without going back and digging up the exact NSPCC survey, the article you in to appears to take into account a much wider set of criteria, though it's hard to say since it doesn't state its definition either and I couldn't find its source. The wording does also seem to imply that it is looking at reported cases as opposed to use a survey, which would give different numbers.
In terms of type of abuse you consider, it will drastically shift the balance. E.g. for sexual abuse the numbers are completely dominated by male family members. Once you add in violence it shifts a lot, and other neglect will likely shift it further if for no other reason than simply because women are still more likely to be the primary carer.
Of course in any case it doesn't alter the main point.
I think he wants to deliberately undermine the ability of the majority people to have access to information security. The only groups that he wants to have information security are US government agencies and their allies (both national and corporate).
I find the idea that "the people behind implementing and pushing for these policies don't understand the obvious consequences" to be absurd. This push has been about power from the start.
> "Privacy, above all other things, including safety and freedom from terrorism, is not where we want to go," Steinbach said.
It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
>He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
You mean "Rubber Stamp Judicial Process"? Even if you didn't the mere fact that these backdoors (you can rename it all your want it's a BACKDOOR) exist make the whole system LESS secure. What a clown and this is the AD of the FBI's Counterterrorism Division??? Fuck....
>show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy
Wasn't FBI surveillance a thing during the Boston bombing? Since 9/11 have any attacks been prevented? If surveillance was a tool to prevent these attacks, why wasn't the surveillance authority (FBI) held directly responsible for the attacks?
Anyone who would advocate surveillance would first need to be criminally prosecuted for the Boston bombing because at the time they had the information and ignored it. With-holding information from the law about crime or potential crimes is illegal.
Surveillance was used, however, to identify and track the Boston Bombers, leading to death and capture, and parallel construction was used to create an unstoppable court case, leading to imprisonment and death sentencing.
But you are right - these tools are not used merely to detect and stop terrorist activity. It is also used to track and stop ideas, to give leads and to give extremely powerful intelligence to the FBI, CIA, DIA, NCTC, etc whenever it is needed for some purpose. To those in power these capabilities are extremely powerful.
The existence of these powers does not mean that they will be abused on a systematic level - though of course the potential is always there. One danger is that America's fight to remain relevant in a world that may be moving past it, it may turn ever more Fascistic. In this case, these are powers that would be extremely dangerous for the government to have.
But take a step back to think about this. As citizens we are worried about the use of these capabilities to thwart the public. They are so powerful and so complete that we fear being subjects of its application - viscerally.
To the extent that the good will and checks and balances have worked to keep the brunt of these capabilities aimed outside US borders there are people who do fear, and deserve to fear, the wrath of the US government - even those who might otherwise be innocents, bystanders, or casualties of the struggle for power.
My heart goes out to these people stuck in the middle and it beats faster at the thought of being one myself.
"Surveillance", if you count confiscated video footage from the crime scenes, may have been used to identify, but not to track.
Tamerlan died in a shootout after a police officer in Watertown noticed the stolen SUV and called it in. [edit: note there was some tracking of the hijacked SUV due to the owner's cooperation, but that's targeted tracking with cooperation, and not of the brothers themselves]
Tsarnaev was apprehended after an ordinary citizen noticed someone hiding on his boat and called it in.
The massive manhunt, whatever the intelligence apparatus contributed, the shutting down of Boston and suburbs... all accomplished pretty much nothing, other than conditioning people to get used to martial law, and an excuse to point guns at people[1] to cow them into submission.
And what evidence at trial was unlikely to have been available except by parallel construction? The defense strategy was to admit the acts but argue he was brainwashed by his brother and shouldn't receive a death sentence.
The hijacked ML350 was tracked, allegedly, but not with broad surveillance powers. They were able to track it after the driver escaped, because he cooperated, had left his iphone in the vehicle, and the vehicle had satellite navigation.
Lots of attacks have been claimed to have been prevented, though in many cases when the details for several of them came out they were attacks that may have been discussed but weren't particularly likely to have been executed, and/or plots that were largely driven by government agents.
Actually, I like this strategy and it probably works. It's a good strategy against pirated software too. If 90% of terrorist suppliers are really cia entrappers, terrorists are going to have a hard time coordinating anything that requires resources beyond 1 person. Entrapment requires lying. And if you have ready decided to lie to your own people, may as well use its full evil power on the adversary.
If you're justifying your program by spending its resources trying to goad people with mental handicaps and other lowest common denominator people into committing terrorism, what have you accomplished?
Any organization with a degree of security, one a nation would consider an adversary, is aware of the dangers agents pose with infiltration.
Nah. He's just nostalgic for the pre-Internet days when the FBI could listen on anyone's communications because phone companies were legally required to make their lines tappable.
They make going dark seem like some terrible unprecedented thing but electronic communication hasn't even been ubiquitous for that long. Before that there were no wire taps because there were no wires. The human race somehow managed to survive.
It's important to note that part of the reason they "need" technology to track terrorism is that technology enables terrorism. To say that we got along fine before technology and mass surveillance means we don't need mass surveillance is a flawed argument; it misses the fact that technology brings with it a big bag troubles and benefits.
But personally, I still think window of abuse for back doors is too large to be rationally allowed.
I wonder how we'll deal with this as technology progresses even further. In 10-20 years, it probably won't take much for a random nutjob to make an extremely deadly virus. And that are only baby steps in nanotechnology. Do we really want total privacy and anonymity in a world where a single person can easily wield such destructive powers?
Are you saying that because someonemight do something evil, we should all lose our right to privacy and anonymity to protect everyone from what the mad scientist might do?
Can you even show that taking my privacy away makes me markedly safer, because unless you can establish that first I'm not even listening.
I would wager that a substantial number (probably majority) of individuals on this site (SF/NYC dwellers, especially) would trade their right (Ok: not really, but everyone elses) to keep and bear arms for a bit of (false) security.
How much money do you have in the bank, and what is your bank account number? If anything can be hidden in the internet, then who decides which things can be hidden?
I can show you my balance and even give you the number in case you're so nice as to transfer me something. And I'll live happy knowing that if you try doing something funny, you can be tracked down and held responsible.
Yes, because giving up privacy and anonymity will only marginally slow down (if at all) the would be evildoers, at least those smart enough to not brag about their evil doings in Facebook.
In my home country, we have one of the more strict gun owning laws in the world. That does not prevent the criminals from getting guns at all - pretty much every random fucker can get his hand on a pistol, and organized gangs have gear that is often comparable with that of the army. But, on the other hand, it is pretty difficult for the average law abiding citizen to arm themselves for self protection.
The funny thing is, this strict control got really started in the late 60's and 70's, when student riots made for a moment seem like a coupe / civil war against the regime were at least thinkable. So, what are the real winners when the government outlaws technologies than short the gap between state power vs individual powers? It is not the criminal elements in society. They already are breaking the law and profiting from it. They will work around whatever restrictions get imposed and illegally import the gear they need from wherever it is available. It is you and me who get the shaft!
The point of gun control isn't to keep the guns from the hands of real criminals (much less gangs), it's to keep guns from the average not-really-law-abiding citizen, who gets drunk and shoots his ex-wife, or leaves his gun accessible to his kids (hello school shootings) or just gets mad at his boss (just happened around here, the guy had a hunting rifle).
Whether that justifies preventing people from arming themselves for self-defense is arguable, of course.
The point of gun control is to score points with some parts of the population while disarming the rest--anything else is just grandstanding used to justify the act.
Nonsense. A general restriction is not the same as declaring everyone guilty. Am I being declared guilty until proven innocent by not being allowed to own military weaponry? Nuclear weapons? Biological agents?
This doesn't mean the restrictions are OK in this case; as I wrote, it's arguable*
I guess it's a great thing we have the Second Amendment and associated judicial proceedings.
Whatever makes you happy. Not being from the US, my interest is purely academic. Our constitution has no such provision, and the population is under no urge to add it.
Are you saying that because there are idiots who drink and drive, all cars should be banned. But if there end up being criminals with cars that get away from the police on bikes... then it is somehow alright because it was never a goal to stop them in the first place?
I guess I feel even more strongly against letting a dumb law enforcement agency dictate what infosec is ok to have on my systems, thank you very much!
[Edit] Ok, I can see my argument was kind of dumb, comparing regulation with outright banning.
Frankly, thugs with guns are irrelevant. I'm not advocating to drop all privacy because there are some bad guys with ill intent, who may want to hurt you or me - as a society we've already decided it's not a big deal (otherwise you'd have much more resources poured into crime prevention). The question I'm asking is - in the quickly coming age of easily obtainable weapons of mass destruction, does the privacy arguments change? And how do you want to secure people from random evildoers utilizing such weapons? It's a genuine concern, and in case you think I'm just fearmongering, I suggest checking out the progress happening in biotechnology.
It was not my intention to fear monger. I was speaking by analogy, not sure if it was not clear or if you disagree with my argument.
What I am saying is this: in a world where weapons of mass destruction becomes more available, privacy/anonymity is mostly a non issue. I will say it outfront: I am skeptical of the evil genius in a basement, holding a day job while secretly moonlighting on his personal armageddon. Players willing and able to conduct this type of terrorist attacks will probably not rely on the same IT stack regular joes do.
Assuming they have the financial resources and personnel to pose a credible threat will know to not use their iphones. They will know to use vintage hardware, to download and compile their own Linux/OpenBSD from scratch, to get their crypto libraries from "rouge" countries outside of the sphere of influence of the US, etc. Those that do not, they will be busted early.
Those that pose the real threat then are the ones that you cannot stop by making technology harder to get. As long as there is demand, there will be supply. And they will have gear that is in the same ballpark as the forces that are supposed to stop them. Probably not as good as the best there is, because you can never outspend the guy with the printing press, but good enough to hold their own.
And then there is the cost. Not only the conspiracy theory cost that the government is going to turn fascist, but the very real cost of giving real criminals an edge over the public. They already are breaking the law, they wont care about using banned technology. If they can afford it, and if they can either profit from it or avoid being caught using it, they will get it in the black market.
You were not fearmongering; I was preempting in case someone accused me of doing so ;).
I agree with your analysis if applied to contemporary dangers. But I've been not-so-subtly hinting towards biotech for a reason - as it progresses and the "tools of the trade" become both cheap and possible to DIY, the "required financial resources and personnel" drop sharply. People brewing up dangerous viruses ten years from now in universities or hackerspaces, whether on purpose or by accident, don't seem like a big stretch of imagination. And I honestly wonder, how are we, as a society, planning to safeguard ourselves against that threats. We can barely handle the diseases that occur naturally. People don't realize how dangerous this stuff is, because - again, except from natural diseases - we've never had to deal with a self-replicating technology before.
I'm not saying we'll need to drop privacy and anonymity entirely, but I suspect that they will be affected by any good solution. I'd probably sleep safer if I knew that there's no easy way to anonymously obtain necessary ingredients. You'll never stop a very determined attacker, but they're not the problem - random nutjobs with an axe to grind are.
> I'd probably sleep safer if I knew that there's no easy way to anonymously obtain necessary ingredients
That is already the case for a lot of things, when it comes to chemistry anyway. Your random person couldn't get their hands on the things required to make various dangerous chemicals. Criminals, they can, sometimes, but with great effort and expense so it's usually aimed at chemicals that will make them money (drugs, typically) -- and the really advanced stuff is done by "legit" (kind of) labs, not a home chemist.
Of course, that's only as good as the stores following the protocols, and with the internet that can change somewhat, but even then it requires buying chemicals outside of the country and getting it through customs (which isn't perfect, but puts up enough of a barrier that regular people or average criminals don't risk it).
> A.k.a. "All people should be considered guilty until proven innocent."
Not really. Please re-read the comment I replied to. The point is, progress of technology brings new dangers and appropriate means of protection need to be created.
If anything, "watch everyone to have enough data available to be able to spot a criminal before he strikes". But my point actually is, some amount of watching will always be necessary, and advancements of technology seem to increase the need for that surveillance as the time goes.
> If anything, "watch everyone to have enough data available to be able to spot a criminal before he strikes".
A.k.a. "assume everyone is a criminal".
> But my point actually is, some amount of watching will always be necessary
Sure, if there's reasonable suspicion that the person being watched is a criminal, and there's a real warrant (not some rubber-stamp from FISA) authorizing said watching. Watching everyone because "well we don't know if this person's a criminal or not" is not only ineffective (as proven by the dearth of terrorist attacks actually prevented due to NSA surveillance) but unethical and - per the United States Constitution - illegal.
Of course, none of this would be an issue if law-abiding citizens were encouraged and given the resources to protect themselves against crime, be it physical (by practicing self-defense, armed or otherwise) or virtual (by encouraging the use of free/open software, and strong encryption).
That's a pretty extreme speculation. There has been only one non-state-actor use of WMDs, ever: The Aum cult sarin gas attack on the Tokyo subway. They could have done more damage with a simple bomb.
Actually two; the guys did a sarin attack twice. But I'm not worried about chemical weapons; they're not that dangerous. What worries me is biological attacks, which differ by having a self-replicating component that can amplify even the tiniest exposure to an international emergency.
Governments going completely insane on their people are relatively common. Everyone thinks it will not happen to them, until it does. That's a much greater risk than rogue individuals. To double the big risk to half the small one is bad risk management.
I agree if you express it not in terms of probability of event (rouge individuals pop up every day somewhere) but expected damage. There is only so much one man can do today, so it's right to focus on big risks and not small ones. But technology tends to change things, and I fear that upcoming biotech (and possibly pure nanotech in more distant future) will drastically change the equation, giving unprecedented power to rouge individuals with ill intent. The question is, how can we defend from that; how can we minimize the amount of damage one person can do?
How about traditional police investigation tactics? They have been and continue to be extremely effective, much more so than blanket comms survalience. If you compare today to a few hundred years ago, we've already expeeienced the kind of change in destructive access you fear, and yet it almost never happens.
The point is, you may want that money to be spent stopping that someone before he makes / releases it, and that seems to be at odds with privacy concerns.
Swinging to the other side, would you really want to allow an alphabet soup agency to make a virus or nanotech (a literal "bug") to infiltrate your body and monitor everything going on with you on the off chance that some nutjob does the same thing?
Honestly? Yes. Already some way to artificially boost the immune system would be a good thing, and in a world with advanced nano/biotech available this seems like a no-brainer. We need some sort of blanket protection not only from potential attackers, but from much more likely accidents.
i don't see how that argument makes sense. Yeah there were no wire taps, but there also weren't any wires for criminals to use to communicate. Criminal investigators have histroically been able to get at any place where there might be evidence, with a warrant. The historical maxim has been "the law is entitled to every man's evidence." You could put a lock on your desk drawer, but that can be easily bypassed with a warrant. There is protection against warrantless searches, but once due process is given, a court's power to compel the disclosure of evidence is almost unlimited.
An encrypted hard drive is a totally unprecedented thing in that regard.
> Then governments with enumerated powers would need some unprecedented powers to get into that unprecedented thing, right?
Only the federal government is limited to its enumerated powers. So at best your argument is that mandating backdoors requires state rather than federal action. State governments can do whatever they want unless it conflicts with a Constitutional right, and there is no right to have a place to stash evidence the government can't get to with adequate process.
The contents of your human memory are not protected as a general principle. For example, you can be compelled to testify against someone else. You can't be compelled to testify against yourself, but the premise of that protection isn't some general right not to disclose the contents of your memory, but a very specific right against forced confessions.
All that means is that you don't have to point to the Constitution to prove a right exists. The right still has to exist somewhere and be recognized.[1] The power of courts to access nearly all evidence with due process predates the Constitution and nothing about that document shows any intention to alter that practice.
[1] "Rights" are exceptions, not the rule. The rule is the will of democratically elected legislatures. Rights are exceptions to democracy and should be construed to swallow the rule.
Rights are expansive. There is no "precautionary principle" when it comes to rights. If a new thing is discovered, like strong encryption, I have a right to use it in conjunction with my other rights. If I can make a cheap personal rocket, I have a right to launch myself into orbit, as long as I'm not infringing on others' rights. The fact that such a rocket means anyone can build an ICBM doesn't put it outside of one's rights.
Governments have no inherent power to "inspect." You seem to think governments should have superior powers to individuals. While there is a philosophical argument for this, that doesn't mean it's always going to be true.
It's fallacious to use the concept of "enumerated powers" and "limited government" to argue that "rights" in the U.S. are, or were intended to be, structured the way you describe. "Limited government" concerns the allocation of power between the state and federal governments, not the relationship between those governments and individuals.
State governments are not ones of enumerated powers and they are not limited. They are successors to the British Parliament and inherited the powers of that institution including the general police power. Against that backdrop, "rights" are those specific restrictions on the exercise of that power that states have bound themselves to by the federal Constitution and their own constitutions. There is no room in that framework for an expansive conception of rights that all exist so long as you're "not infringing on others' rights."
A great concrete example is blue laws, which were widespread at the time of the founding and regulated everything from alcohol sales to food consumption. Some of those have been challenged, hundreds of years later and mostly unsuccessfully, on establishment clause grounds, but there is little doubt the states, as a general principle, have the right to regulate public morals.
But this has already happened and the judge in question 'compelled' the suspect to decrypt her laptop. I don't know if she ever did, whether there was any evidence that was germane to the case on it or whether she was held indefinitely but there is recourse for the authorities in these cases.
Eventually her husband provided the cops with the correct password[1]. The 5th Amendment prevents you from providing testimony that would incriminate yourself. In this case, though, she was being compelled to decrypt the laptop to produce evidence against someone else - Ms. Fricosu was granted immunity against any evidence collected from the laptop[2], so she didn't have any 5th Amendment grounds. In general, a Grand Jury has the right to subpoena any evidence from a third party that is relevant to a criminal investigation, and you can be held in contempt if you don't produce it. She had already admitted in a wiretapped conversation that there were documents relevant to the case on the laptop, the laptop was in her possession and that she refused to give them the passwords.
The use of crypto for information security predates the United States. It wasn't very good crypto back then, but it was around. People also had other ways to obscure information from the government: shorthands, code books, code phrases, foreign languages, argots, and cants (and physical seals, to discourage tampering with mail).
Indeed, I've found the infiltration of monarchical type behaviour to be surprisingly prevalent in the modern US oligarchical elite structure. I think people have forgotten that, throughout most of the history of our country the UK and EU oligarchy/aristocracy/monarchy have been the enemy of the US, and in the beltway rush to power many of them have become infatuated with the trappings of neo-feudalism, all without even realizing the magnitude of their error.
Make no mistake about it, the idea of national sovereignty worldwide is under attack, including the United States of America's, but no one really wants to admit or even entertain ideas of whom it might be, lest the truth be too upending.
What have ended up is a modern day star chamber.
"Finding its support from the king’s prerogative (sovereign power and privileges) and not bound by the common law, Star Chamber’s procedures gave it considerable advantages over the ordinary courts. It was less bound by rigid form; it did not depend upon juries either for indictment or for verdict; it could act upon the petition of an individual complainant or upon information received; it could put an accused person on oath to answer the petitioner’s bill and reply to detailed questions. On the other hand, its methods lacked the safeguards that common-law procedures provided for the liberty of the subject.” –Encyclopedia Britannica
> It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
If they could show that, credible evidence would have presented by now. ;)
But in all seriousness, the 1st & 4th amendment protections are the most vital freedoms we have and they should not be abridged outside of a direct link to harm. [e.g. Things like child porn, words designed to incite violent harm, violent prisoners shouldn't have privacy ]
So you have to be rational about it but yeah, mass surveillance and reducing self-defense tools to protect ourselves against criminals isn't "rational" behavior.
Criminals are going to do illegal things and we have the right to protect ourselves. If it inconvenience the government? So be it. I'm not going to bend over for any criminal who wants access to my financial data "because Terrorism".
Similarly, banning tools of self-defense [e.g. encryption for financial data, access keys] are simply guaranteeing the criminals will be the only ones to possess them.
I'm aware alot of people will be like "what about the 2nd"??
Yeah, that provides no protection against the government since they'll always have the ability to drop bombs on you. When you can afford a F-16 and the ability to pilot it for "self defense" purposes, let me know.
You cannot fight against an evil government with the 2nd amendment, but you can definitely resist it. An unarmed population is totally helpless, meanwhile.
Wouldn't the first act of an evil government be to outlaw civilian armaments and confiscate these guns? At that point, you'd be forced to either go to war(which you agree you would lose), or lose your weaponry. Perhaps the proliferation of guns would help the now criminal resistance acquire an arsenal, but I'm skeptical. European history is rife with examples of armed resistance forming from an unarmed populace.
I wouldn't call my ancestors 'helpless' considering their multiple armed rebellions and constant resistance after being conquered, or examples I'm less acutely aware of like the French or Polish resistance during WW2. It's also worth noting that while this resistance was very much detrimental to the hostile government, it was never the primary factor of its downfall.
> Wouldn't the first act of an evil government be to outlaw civilian armaments and confiscate these guns?
Historically this is exactly what happens.
Proponents of gun registries know this, want this. People who value their freedom have to fight a (so far, winning) battle to maintain their Constitutionally-protected rights.
If it comes to that, whether there's a legal right to have said guns is pretty much moot, because the people you're using those guns to resist aren't going to respect that right. If you're prepared to fight your government, you don't care whether it's allowing you to have the means to fight it.
Therefore the right to bear arms as a defense against tyranny is mostly empty words. The way to prevent tyranny is robust public institutions and a democratic culture. Weakly democratic states fall to autocrats all the time. There is no culture of democracy so the number of power holders a would-be autocrat has to cow is few. Democracy, real democracy, involves orders of magnitude more people, it's that much more difficult to overthrow.
Easier to already have a gun from when they were allowed, then to acquire a gun after they were banned.
Of course the later would never be hard in America, considering just how many guns there are that would not get swept up... But the first is still easier.
That's just wrong. Look at this list: http://en.wikipedia.org/wiki/List_of_revolutions_and_rebelli.... The unarmed revolutions (including some civil unrest but no large-scale deployment of firearms) are plenty and more successful than the alternative, which usually ends in a civil war.
And how many of those revolutions were against the homeland of a group that spends nearly $700 billion a year on defense? These are completely different circumstances.
People who make that argument about the second amendment always seem to forget that the U.S. military has been getting its ass kicked for more than a decade now by people mostly armed with Toyota pickups, AK-47s and IEDs.
Oh that's cute. The U.S. has essentially upgraded its military forces and gets to beta test it in the deserts of the middle east. Did you think 'Winning the hearts and minds of the people' was an actual mission? And the U.S. pulling that off while only losing ~5K troops just furthers how laughable your statement was
> People who make that argument about the second amendment always seem to forget that the U.S. military has been getting its ass kicked for more than a decade now by people mostly armed with Toyota pickups, AK-47s and IEDs.
People who make that argument seem to forget that if you decide to rebel, the 2nd amendment doesn't matter because you are a criminal and can bring guns over the border through Mexico or via other channels. The same is true of IEDs.
The "people" with AK-47s aren't getting them legally as common citizens.
That doesn't change the fact the majority of the US isn't going to rebel and that such "rebellions" in the US tend to look like this:
Self-defense is an interesting approach to privacy.
So far, we've been treating encryption as a matter of privacy (Fourth Amendment). But since the U.S. government has historically treated encryption as a weapon, perhaps we could also argue that encryption is a matter of the Second Amendment. It would be really interesting to get the NRA, Rand Paul, and Bernie Sanders to speak out in favor of encryption at the same time...
Of course, the flip side of this approach is that it's much easier to support restrictions on the possession, use, and export of weapons. "Export-grade" ciphers are still causing issues 20 years later.
And just for the hell of it, let's throw in the (nearly-never cited) 3rd Amendment.
It "places restrictions on the quartering of soldiers in private homes without the owner's consent". This explicitly was to prevent citizens from having to bear the capital costs associated with the government's own decisions, but it also appears to have been borne out of a fear of having a government agent be able to observe one's most private affairs.
For better or worse, the 3rd amendment doesn't come with the precedents of the 2nd or 4th. There is an argument to be made that by having a General of the US Military capable of monitoring me while sitting on my couch (in a realistic scenario via my cell phone or Xbone), that the military is overstepping its constitutional bounds with respect to my privacy. This would not apply so much to the FBI, but it might eventually were precedent to be pushed in the correct direction.
The part about "prevent[ing] citizens from having to bear the capital costs associated with the government's own decisions" is also interesting.
It could mean that if the Feds want to make their own jobs easier by trespassing on the private property (laptops, phones, etc.) of citizens, they'll have to get the owner's permission first.
Now that we've successfully reinterpreted the 2nd, 3rd, and 4th Amendments to support privacy, why not the 1st Amendment? Would you like to join the Church of Privacy and accept Ed Snowden as your Lord and Savior? According to our Holy Book, in order to reach salvation, you must vigorously resist the Devil's attempts to spy on your life. Oh, and the 5th already gives you the right to refuse to divulge encryption keys, at least on some interpretations.
People in mud huts in Afghanistan don't seem to be having trouble waging guerrilla warfare against the most powerful (and expensive) military on the planet.
F-16s don't occupy territory. F-16s don't police thoughts.
This "they have tanks, planes, and bombs, so your rights don't matter anyway- you don't need them" bullshit is a farce:
People police people. People occupy territory.
It would just so happen that people are exceptionally susceptible to small arms fire.
Privacy, in the context of the government, also means freedom to be left alone. I think that's quite an important freedom to have.
We really need to make stronger arguments for privacy. Too many people conflate real privacy (which I believe virtually nobody actually wants to give away, if they truly understand what giving it away means) with "sharing stuff on Facebook and Instagram".
One is an obvious choice, and the other (the government, or even companies through non-transparent trackers, knowing everything about you) is not, but is forced upon you.
Theyre tired of having to break laws to do their job. They want to spy on us and they want us to not only accept it but appreciate and like it. If you make it socially acceptable it will never be challenged again.
They'll chisel away at the protection laws piece by piece until they get what they want. I sometimes feel that we're screwed no matter how hard we try to fight.
Maybe not. If there is a force as strong as parts of government, it's other parts of government. Intelligence community is its own kingdom, with its own goals, but other areas of government run on a four year cycle and depend on public support. So if people will want restrictions in surveillance badly enough, politicians' pathetic pandering to public opinion could create a very powerful counter force.
Roller coaster. Everythings a roller coaster. We will win for a few years, they will win for a few years, then back to us. You'll have long stretches where we win (golden age) and back to them winning for a long period (dark age), but it will always bounce back one way or the other.
All you can really do is try to increase the worth of what you leave behind to your future progeny so that in times of dark ages they are high in the council but remain moral, and in the golden ages they use science to create awesome things and ignore hysteria and FUD. Unfortunately too much shift one way or the other in a genealogy tree makes the family lazy or a war mongrel so it's hard to pull off.
They will try to chisel away at rights (with some success), but if you think about what they are up against, they will always be playing wack-a-mole.
No matter how good the surveillance teams are, they will never completely control humanity nor know everything at all times. They simply aren't capable of it.
In addition, the wants are limitless but their budgets are constrained by what they can reasonably appropriate. As they make it harder to do business (by introducing security holes or ruining trust) the amount they can appropriate becomes less.
In addition, they become buried by an ever increasing amount of information that their inefficiency can't handle. I have no doubt some of the best and brightest in the world work for for secret agencies. But operationally they are still bureaucracies. Thus, they have no shortage of lazy and stupid people... many of whom are in leadership positions. In fact I believe these pleas for unconstitutional shortcut tools are the pleas of lazy and unimaginative people. People who don't want to be found probably have much more reason to worry if the special pleading ever stops. Because at that point there may be truly more competent people running the program.
12 years ago the US government employed convicted felon Adm. John Poindexter to promote the "Total Information Awareness" program, which crashed and burned upon being revealed to the public, but as we've seen in the intervening years the government decided to just go ahead with it anyway.
i think, if he meant surrounding, he'd have needed to use "with" or "in". "surrounding our rights with privacy" (which is grammatically correct but doesn't really make sense in this context).
I meant "surrendering" sorry, I JUST noticed this typo and went looking for the person who would point it out, thanks! Sorry for confusing you on an already confusing/inconsistent language.
There's nothing in the world that can provide "freedom from terrorism" which makes it even an even uglier lie. Even if it could, I'd still be against it though, because there are many ways to fight terrorism that don't involve sacrificing the freedom our ancestors bought with blood. The FBI needs leadership that understand how to operate within American principles.
Freedom from terrorism is only modern times bogyman. A hundred years ago, it was anarchists! 50 years ago, it was communists. In 50 years into the future, a new fooist will replace terrorists and the same fight will start all over again.
I think what society need is some government reforms that require lawmakers to do cost-benefit analyses with tests and proofs. If they want to ban encryption, they should be forced to provide evidence that it actually work, and that the cost to society is less than current methods to fight terrorism. It would also likely get rid of many current inefficient methods, like security theater at airports.
Proving a policy change's future effects is generally impossible. Congress does have panels of people who write reports on the possible/likely effects of legislation. Not sure how frequently they use them, though.
This. It boggles my mind how scared people are of terrorism, especially domestic terrorism. If you live in Pakistan, where suicide bombings happen all the time, I can understand being scared of terrorism. But in the US? Come on.
You know what I'm scared of? I have to drive two hours four days a week. I am much, much more likely to die in my car. Hell, I was more likely to die in my car while I was in the military. Most people know someone who either got injured or died in a car crash. It happens all the time. How many people know someone who died in a terrorist attack?
But we're surrendering our freedom for the latter, which is a ridiculous phantom bogeyman, while we vigorously defend our right to die on the roadways.
It may be a loaded question but his point stands, fear is not based on rationality or we would be spending tens of billions of dollars a year trying to prevent car accidents that is currently being spent "fighting terrorism".
NYC population is 8.4M. Auto fatality rate in U.S. is ~12/10,000/year since 2001. If NYC follows US, then ~10k die per year in auto accidents.
The term "loaded question" refers to questions which presume facts. For example, "why did you kill him?" Is loaded because it presumes that you did kill him. The question you are referring to is not loaded.
Yeah, similar experience here on 7/7 (although I fortuitously walked instead of getting the tube that day, I do know a bunch of people who were close). I wasn't far off the centre of Manchester when they did the Arndale either. All you can do, as you correctly point out, is shrug and carry on.
I was stuck in Boston airport for 6+ hours yesterday. The TVs at my gate were tuned to CNN endlessly discussing various terror topics, including some antagonist (Pamela Gellar) ranting.
That entire section of the airport (and I imagine many homes tuned to the same station) were absolutely saturated with a message of fear and us-vs-them. I think it's ridiculous, but I can easily see how for many people this is a pervasive issue. It might be the majority of the media they consume, in that they don't seek out much else or tune out the 24-hour media cycle or fearmongering or ratings attempts.
Even with high-profile, high-fear factor, violent events we're highly selective about what we freak out about. Last year a military installation shot down a commercial airplane, killing nearly 300 people. No military solution called for, no drastic measures taken, commercial flights are still flying over war zones today.
Why do we believe we should/could do something about all foreign and domestic crazy people (so called 'lone wolfs' like at Boston) and all crazy and motivated groups who hate the US because of our foreign policy in their region (and there are plenty of regions with negative perspectives) when we can't even prevent state actors from killing civilians?
The question I want to ask is, looking at the history of human society (especially in the 20th century), is it more reasonable to fear terrorists or totalitarian governments? Just in terms of absolute numbers of people killed, it seems that the latter wins by orders of magnitude [1,2,3,etc]. So assuming we want to prevent death and hardship (the precise reason this guy wants to restrict encryption), we should be focused on preventing the rise of totalitarianism. That means we should be extremely wary of all of this surveillance infrastructure that's springing up everywhere, and of any calls to make our communications even less secure than they already are. It's not that today's government is totalitarian or even has those tendencies, it's that we're making it easier for it to happen in the future, and that's a real danger in my opinion.
If we aren't willing to ban alcohol even though it is a major factor in many accidents, deaths, murders, domestic abuse cases, child abuse cases, and rapes... then why should we ban something that would help stop a far less dangerous problem?
I honestly think the qualifications for high-ranking national security folks in the United States includes things like "played with G.I. Joes a lot as a kid." These people are almost caricatures.
wow your second quote is hilarious. "We're not looking at going through a back door! We just want to access the content". it means the speaker was using that metaphor visually, and didn't know that the word backdoor doesn't really have that kind of a physical meaning. (You can tell the speaker has it wrong because they say, "going through a back door" - I just notice even the word 'back door' is written with a space whereas in computing we write it closed (joined) - https://www.google.com/search?q=wikipedia+back+door)
Do these guys seriously not realize that "the terrorists" will use end-to-end encryption whether it's legal or not? This literally makes no sense to me unless "the terrorists" is code for "the local weed dealer".
There is no need to sell anything. Even if suddenly the entire world banned crypto at the same time, they'll be plenty of mirrored OS projects floating around the torrent networks.
There's always a need for special purpose cryptosystems. Something that simplifies key management (e.g., for banks) will always be valuable, and it probably won't be sitting around on some random dude's hard drive.
Here in Germany, we have banking trojans wehich are able to thwart two factor authentication by SMS. This requires considerable skill in synchronizing between the hacked computer and the hacked smart phone. I am pretty sure these guys can come up with decent encryption implementations if these are not available as open source any more. And the latter is pretty unlikely. In the 90's all but the US people had strong encryption after all. Open source projects working on crypto where just moving off-shore.
A ban of end-to-end encryption will need to be enforceable. What will LEO do, if I come up with it? Bust my house? That's unthinkable in Europe. Enforceability also means that all communcations must go unencrypted. This merely would kill all online commercial activity.
It would make it much easier to avoid DRM, and to cheat in online games for sure. I'm guessing online gambling would be out the window. Also, I don't know if I would want to do any banking online.
Well that can "easily" be solved by giving you a private key to use for your banking and e-com usage. Then "they" can decrypt it with ease and you stay "safe".
That would be Hollywood terrorists, or media channel terrorists. Real terrorists are organized and will use whatever they need to further their goals. It's also known that terrorist groups are recruiting lots of engineers.
Moreover, organized crime groups, which in real life are much more serious problem, are quite adept with advanced technology. They set up their own radio communications networks and use aerial and submersible drones.
> Moreover, organized crime, which in real life is much more serious problem
Well, sure, in that terrorist organizations are, by definition, a subset of organized crime, so that the problem they pose must be strictly less than that of organized crime more generally.
Technically yes, but in practice people (and media) usually consider them as a separate group from organizations like mafias and drug cartels. I think treating terrorism as something "special" and therefore "more evil" is very harmful.
...get elected as politicians or use their cash for more productive uses such as regulatory capture.
> Moreover, organized crime...
...simply used their captured politicians to make their activities legal. Why use cloak-and-dagger tricks when it is cheaper and easier buy the organizations that get in your way?
Mayby I should have written "real-life amateur terrorists / organized crime". Crime professionals don't use drones for smuggling, they use them for enforcement.
The Arab world traditionally has had great mathematicians. I'm sure there is a bright young student in university right now who could write a good enough PGP implementation for the right price.
Oh for sure, but a majority of Persians during the Islamic Golden Age. I have no horse in that race, just a random fact I noticed while reading about each.
They probably do. Having only "the terrorists" using encryption would make them much easier to spot. Encrypted traffic from your IP could become probable cause for a search warrant.
Since you brought it up, I wonder if encryption and compression aren't both instances of a common mathematical phenomena. They seem very similar to each other.
No. You can have a general purpose encryption algorithm , but not a general compression algorithm. Encryption generally requires increasing data size. Compression requires decreasing data size and is not possible in the general case.
Of course they do: that's why simply running Tor qualifies you for extra attention from their side.
Remember that they decide who to murder using metadata. A world where only "evil people" used encription would be ideal: they would know who to bomb right away!
I imagine it wouldn't be too hard to take encrypted text and transform it into something indistinguishable from the already unintelligible spam emails that pass through global networks en masse every day.
I believe it may be incorrect because in my (limited) understanding, good encryption is indistinguishable from random sequences of characters.
How can you tell a string of random characters is simply random, or is an encrypted message, unless said encryption includes some kind of header or marker information?
I may simply be wrong but I'm curious about the answer too.
I was talking about a encrypted message vs. a non encrypted message, I wasn't taking into account random strings of text. But who would send random strings of text if not terrorists?
You might say it's indistinguishable in a theoretical sense, but how are you planning on accessing this random sequence of characters?
Using software?
Why are you in possession of random data on a hard drive? A prosecutor will be happy to spin theories about what it might be.
How do you hide the possession of software you use to acess it? If you manage that, how do you hide the forensic evidence of "file access in random data consistent with evidence of hidden data or a hidden filesystem", in your OS or on your storage device?
I very much want to live in a world where these tools are legal. Otherwise, in the same sense as "lying to the FBI", they will be used as a weapon by law enforcement when none other is handy.
I see your point, and agree about the kind of world that I want to live in, but if I may be allowed to play devils advocate for a moment:
Just spitballing here but what if the software decrypted something as a side effect of doing something else like watching a movie. After all, buggy software is everywhere, perhaps that is just a bug.
What if that random file was a test input for a software fuzzing test. Is that not a plausible enough excuse?
What if the system periodically accessed data files [that had random data] to verify their integrity, you never know when data corruption might sneak in after all.
I totally agree that anyone trying to plead this case in court would likely fail miserably but the though experiment is interesting.
>Just spitballing here but what if the software decrypted something as a side effect of doing something else like watching a movie.
DRM movies are already encrypted. The DMCA does not seem to include an exception for law enforcement or intelligence gathering.
We just need an easy DRM format that allows content producers to licence and make available for viewing (but not arbitrary copying) custom content for specific viewers.
Yeah, but most unencrypted data doesn't look like random noise. If you run a few statistics on a packet/file/whatever and it looks random, you can comfortably assume its probably encrypted.
> ... you can comfortably assume its probably encrypted.
Or compressed, so you'd need to be able to detect every compression format ever created. I imagine that any time somebody serializes a succinct data structure [0], you're going to have to add a signature for that as well. I'm not confident that even an organization with the resources of the NSA would be able to keep up with that, you'd have to make illegal the writing of data structure libraries. Of course, the optimistic bureaucrat would see this as an opportunity for the creation of another federal entity, like the patent office, where code can be submitted for registration and approval. The Department of Circumlocution™.
It isn't trivial actually. Detection would be a multipass process, the first pass would be a measurement of entropy, which would also flag compressed data (which would be very common). The second pass being magic number detection (file headers, can't be trusted). The third pass would likely be some sort of conformance test to every know compression format. The result of all this io intensive processing would not be a definitive answer.
If you want to get a taste of how difficult it would be to implement some method of detection, with a useful detection rate at scale, try to write some software that can detect localization encoding of strings on a binary stream. There is a reason why automatic translation of unknown localization doesn't really exist, there have been plenty of attempts, but nothing that results in a definitive answer.
I once wrote some software that would parse very poorly written csv files, it was one of the most frustrating projects I've ever done - and taught me the value of standards conformance. Basically, if the data source is non-cooperative, you aren't going to be able to reliably use the data.
I don't understand, who else than the government has the right to tap internet lines ? If there's nobody, encryption does not protect your privacy, since investigations require warrants.
The problem is that the more the government watches everybody, the more people will encrypt. The logical path would to forbid anybody to tap lines. Then, of course, encryption would not be necessary, since data would flow securely.
Also, as long as its the authorities, as long as data does not fall into the hand of private interests (which is a risk), I don't see what the government would do about this ability to spy on its people since government represent the interest of voters. Ideally of course, in reality there would be many abuses.
By the way I don't understand why the authorities benefit for using Tor.
> The logical path would to forbid anybody to tap lines. Then, of course, encryption would not be necessary, since data would flow securely.
Why does forbidding someone from tapping somehow make data more secure? Just because it's forbidden doesn't mean it won't happen.
> as long as data does not fall into the hands of private interests
This is a risk because it's impossible to prevent. Especially as wireless networks become more and more common. It's impossible for all practical purposes to prevent wireless signals from being collected.
Well internet infrastructures should be made secure and be considered as sensitive. That way it would be shielded from many small criminals.
> impossible to prevent
Well putting good encryption standards would mitigate this by a lot. And isn't the sector of mobile antennas a walled garden ?
Of course if nothing is regulated to give the government a chance to tap it, then consumers will always try to conceal their behaviors and criminals will never be caught.
On the other hand, if the government properly regulates how data infrastructures are kept safe from private interests and if it's properly audited and made public, it will gain the trust of consumers and it will make the FBI's job much easier.
I honestly doubt the government will really want to let everyone have the opportunity to get away with the law because the technology allows it. There are strategies to protect citizens from private interests while doing investigations.
The problem with tor is that the government can end up systematically crack if they want, so using stealth tools isn't the road that makes sense.
It boils down to trust. If trust goes down, it makes things much easier from criminals, since the FBI's job will be so much harder, since everyone effectively doesn't trust government.
Anyway, I'm not so knowledgeable about all that, but it's true that the law must evolve on technology. Guilty until proven otherwise should be the norm, and privacy matters, but if everybody is paranoiac like a criminal would and protects their data because nothing is regulated and because private companies always take a peek, then nothing will change.
> guilty until proven otherwise should be the norm
This is a scary statement to me. Why should it be assumed that I am guilty of something because I don't want my communication to be read? This amounts to saying that I have no right to privacy.
It seems that you're saying that I should just trust the government to not read my messages if I am innocent. However, I don't think it's fair to say that I only have the right to privacy if I trust the government to stay out of my communications because that's not really privacy at all.
"The authorities" created Tor, and it was created so that spies can report back securely. The more Tor traffic there is, the more secure are they from being caught.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
So they would argue that this doesn't apply once we eliminate paper as a medium.
Also, but, but, but... They're only collecting metadata, right?
I've cited this message by Franklin in the past but I've since learned that he was making the case for the legislation to have the power to tax wealthy landowners in order to fund the French and Indian war.
He's not saying this in anything like the context we tend to use it now.
"Of course the people don't want war. But after all, it's the leaders of the country who determine the policy, and it's always a simple matter to drag the people along whether it's a democracy, a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism, and exposing the country to greater danger."
Just playing devil's advocate since I agree with you, but...
I think he'd focus on that "...and no warrants shall issue, but upon probable cause..." bit. With end-to-end encryption, even upon demonstrating probable cause to a judge and having a warrant issued, he's still looking at ciphertext.
Fire this guy and dismantle the FBI. Does anyone remember why we fought the Revolutionary War, why we follow the Declaration of Independence and the Constitution?
This joker should lose his job. He does not represent the values of this country,
We fought the revolutionary war so that rich factory-owners could more freely sell their wares without paying taxes to fund the war against the French and Native Americans that they sent Ben Franklin to London to beg the king for.
Corporations weren't citizens in 1776. It only took us 100 years or so to fuck that piece of it up. Nothing in the original Constitution or Declaration requires capitalism.
Arguably, corporations were more powerful then than they are now. Wars were fought because of the British East India Company - in 1778, it had a private army of 67,000 soldiers, over 50% more than the total strength of the American militia at that time.
The British East India Company didn't just have its own standing army. It also (since 1765) held the legal right to collect taxes in Bengal. For a large portion of India, it was the government.
Corporations aren't citizens now. If you mean "corporations weren't considered 'persons' in the scope of the 14th Amendment" in 1776 (or even, say, when the Constitution was first adopted), that's true, but then neither was anyone else.
Corporations, of course, have been legal persons in the general sense since the corporate form was invented; that's the whole point of the form.
Yeah lets forget about taxation without representation, being forced to quarter troops in your home, being controlled from thousands of miles away, and the Boston Massacre. It was all corporations. Got it.
The Boston Massacre was mostly propaganda to unite a bunch of colonists that weren't all that convinced that the King was such a bad guy... and it didn't work out that well as propaganda goes; most colonists (i.e. more than 50%) weren't convinced that war with England was the right thing to do.
The stories behind the other cases you cite are similarly murky. The US has been manufacturing consent since before it was born.
The common people of the colonies were likely in a situation very similar to where ordinary citizens today are when deciding between Google/FB/etc. and the NSA. Distrustful of both sides, but more inclined to go with the weaker of them, because then they'd be less fucked over.
> Distrustful of both sides, but more inclined to go with the weaker of them
Well, globally weaker and more locally powerful. Strength probably wasn't the decision criteria at all for those who chose the rebel side, it was probably perceived accountability: the local governments that were represented by the signers and which revolted were all accountable to the local population, the British government was not.
This is a really shallow reading of the events that caused the war, and it's certainly not the entire story nor is it representative of modern academic thought. There were, remember, thirteen original colonies, and each of those colonies had different people in them with different needs. The causes of the uprising in Boston, for example, were not the same causes that drove Virginians to support the war.
> Does anyone remember why we fought the Revolutionary War, why we follow the Declaration of Independence and the Constitution?
I remember asking this question back in 2005, and getting a solid "No". so I left the country. I doubt it's somehow been magically remembered since then.
I do find it a pity security organisations like the FBI and NSA are interpreting their remit so narrowly focused on the "attack" side of the role, rather than the "defense" side. It's probably a consequence of the effect of bad publicity on the politicians who provide budget for such things, but I really wish they saw their role as preventative and defensive rather than data gathering. There's so much good could be done to improve the security of critical infrastructure if they put their minds to it.
Also, though I'm not surprised by the fact they're against encryption - They've been against it all through the court case against Phil Zimmerman for example - I am surprised how tone-deaf their arguments are beginning to sound. It's like they don't understand there's a real public debate happening around them.
This is a major theme in John Brunner's "The Shockwave Rider". "In the novel, data privacy is reserved for corporate entities and individuals who may then conceal wrongdoing; by contrast, normal citizens do not enjoy significant privacy."
And if Apple gave encryption keys to Russia or China I am guessing the USG would be OK with that? Or would that "betray their customers right to privacy"?
Obama actually denounced the Chinese government for pressuring companies into giving up encryption keys, that same week he had criticized U.S. companies for not giving up encryption keys. I was blown away by the immense cognitive dissonance. This was earlier this year, I'll have to see if I can dig up the article.
I use the Tor Browser Bundle to read my gmail. I figure it's helpful to those working for legitimate regime change, that I put encrypted traffic on the net.
It's a power grab, plain and simple. The FBI and CIA are probably happy that 9/11 and neverending terrorism occurred as it gave them the excuse to do it.
This seems so horribly wrong that I can't believe this was actually said in public. And the Washington Post apologist writing is very strikingly clear too.
As fweespeech says here also, criminals will encrypt regardless of what is going on. The people the FBI is "after" are going to encrpyt, so fighting to make public systems store data and hand to the FBI when desired is pointless.
If the FBI isn't mining normal citizens data for loose connections to stuff that is none of their business, then their is no need for them to have access to the systems they want.
The only argument that could be made is that criminals are stupid and may not use proper encryption on their own, therefore we should watch what everyone is doing so that we can catch these particularly dumb criminals.
The goal of the FBI in all their statements is to try and convince the public that "only criminals need encryption; everyone else should let us watch everything they do." 1984 anyone?
It is astounding how little most people in government understand how 'cybersecurity' works. Do they imagine it like how baby's think they're hiding when they can't see you?
There's literally no way to break down that idea without turning it into some kind of negation of rights.
For you to ever be 'free' from others doing [thing Z], everyone (you, them, everyone else) would have to be precluded from doing anything that might lead to [thing Z] - and suddenly no one can do [thing A], [thing B], [thing C]...
Not only that, but now all it takes is for someone to make a shaky argument for some action potentially leading to [thing Z], and suddenly you or anyone else can be accused of committing that action in pursuit of committing [thing Z], and/or get locked up because of it.
I'm as averse to getting blown up as the next guy, but that doesn't stop me from recognizing a loosely-defined slippery slope when I see one.
It'd be nice to see a world in which it's very rare/difficult for anyone to do certain things - but let's not pretend we can create a world completely 'free' of anything without sacrificing most of our inalienable rights.
I imagine there are people in US government whose solely job is making up terms like this. "Freedom", "Terrorism" are both deep inside people's mind, putting them together sends a powerful message, even though it's a total bullshit when you stop for a second to think of it.
324 comments
[ 186 ms ] story [ 1798 ms ] threadHe's too focused on his narrative to be able to understand the web of unintended consequences of what he's proposing. The same way law enforcement and lawmakers fail to see all of the unintended consequences of the drug war.
He clearly knows what it means, what he's asking for and he knows it sounds bad when it's called a back door.
Saying it's "not a back door" is simply a lie, and I'm sure they or their advisors know it.
Of course he'd fling the same accusation at us, from his point of view. What if there was a terrorist attack that could have been prevented if only they'd have been allowed to see through the encryption? I mean, let's be honest, on its own merits, that's not the worst argument in the world.
It's just that as an old-school true-blooded American patriot, I can't help but notice that "just giving them all the powerz" is not the way we do things around here, and there are reasons for that.
(Before reflexively downvoting because I dared sound a bit patriotic, consider why I feel compelled to wrap myself in the flag here....)
What if he is the terrorist and wants to more readily spy on the American people? Or a similar, more likely scenario, of what if the government has a spy from another country? Do we want them to have all of our information in their hands? If encryption is weakened they can more easily spy on our political leaders.
What about national security? Lowering encryption standards hurts national security. As an American patriot why would you want to hurt national security? For a bit of promised security? The current mass surveillance has prevented 0 attacks. Who is to say more surveillance would prevent any attacks? You can say for certain it would hurt national security (bad guys can use backdoors too) - but you cannot say for certain it would prevent any attacks. So it's a "lose/maybe-win" scenario. Not one in the countries best interests, if you ask me.
E.g. why is terror getting this level of attention vs. child murder, which in terms of numbers of victims is a far bigger problem?
By the "what if" logic, these people ought to be prepared to go far in curtailing privacy to get at child abuse given the magnitude of the problem compared to terror.
We know how to profile the likely perpetrators very well too. The vast majority of such crimes are carried out by a few very specific groups of people, namely dads, brothers and other close male family members.
Surely if the - on average - few terror deaths are worth these types of sacrifices, the many hundred child murders and thousands upon thousands of abuse victims would justify far more extensive curtailment of privacy?
It quickly becomes very clear that the "what if" argument is rationalisation: if harm reduction was as important to them as they like to imply, they would not be spending their attention on terror.
What the "anti-terror crowd" need to be made to answer when they ask for more rights is what makes terrorism different, and why are they not spending their energy on the many problems that have far more serious effects.
You're right about it being close family members, but the rest of your profile is wrong.
The majority of child abusers are female: http://www.safehorizon.org/page/child-abuse-facts-56.html
Without going back and digging up the exact NSPCC survey, the article you in to appears to take into account a much wider set of criteria, though it's hard to say since it doesn't state its definition either and I couldn't find its source. The wording does also seem to imply that it is looking at reported cases as opposed to use a survey, which would give different numbers.
In terms of type of abuse you consider, it will drastically shift the balance. E.g. for sexual abuse the numbers are completely dominated by male family members. Once you add in violence it shifts a lot, and other neglect will likely shift it further if for no other reason than simply because women are still more likely to be the primary carer.
Of course in any case it doesn't alter the main point.
I find the idea that "the people behind implementing and pushing for these policies don't understand the obvious consequences" to be absurd. This push has been about power from the start.
It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
>He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
You mean "Rubber Stamp Judicial Process"? Even if you didn't the mere fact that these backdoors (you can rename it all your want it's a BACKDOOR) exist make the whole system LESS secure. What a clown and this is the AD of the FBI's Counterterrorism Division??? Fuck....
Wasn't FBI surveillance a thing during the Boston bombing? Since 9/11 have any attacks been prevented? If surveillance was a tool to prevent these attacks, why wasn't the surveillance authority (FBI) held directly responsible for the attacks?
Anyone who would advocate surveillance would first need to be criminally prosecuted for the Boston bombing because at the time they had the information and ignored it. With-holding information from the law about crime or potential crimes is illegal.
But you are right - these tools are not used merely to detect and stop terrorist activity. It is also used to track and stop ideas, to give leads and to give extremely powerful intelligence to the FBI, CIA, DIA, NCTC, etc whenever it is needed for some purpose. To those in power these capabilities are extremely powerful.
The existence of these powers does not mean that they will be abused on a systematic level - though of course the potential is always there. One danger is that America's fight to remain relevant in a world that may be moving past it, it may turn ever more Fascistic. In this case, these are powers that would be extremely dangerous for the government to have.
But take a step back to think about this. As citizens we are worried about the use of these capabilities to thwart the public. They are so powerful and so complete that we fear being subjects of its application - viscerally.
To the extent that the good will and checks and balances have worked to keep the brunt of these capabilities aimed outside US borders there are people who do fear, and deserve to fear, the wrath of the US government - even those who might otherwise be innocents, bystanders, or casualties of the struggle for power.
My heart goes out to these people stuck in the middle and it beats faster at the thought of being one myself.
Tamerlan died in a shootout after a police officer in Watertown noticed the stolen SUV and called it in. [edit: note there was some tracking of the hijacked SUV due to the owner's cooperation, but that's targeted tracking with cooperation, and not of the brothers themselves]
Tsarnaev was apprehended after an ordinary citizen noticed someone hiding on his boat and called it in.
The massive manhunt, whatever the intelligence apparatus contributed, the shutting down of Boston and suburbs... all accomplished pretty much nothing, other than conditioning people to get used to martial law, and an excuse to point guns at people[1] to cow them into submission.
And what evidence at trial was unlikely to have been available except by parallel construction? The defense strategy was to admit the acts but argue he was brainwashed by his brother and shouldn't receive a death sentence.
[1] https://ajmacdonaldjr.files.wordpress.com/2013/04/martial-la...
Lots of attacks have been claimed to have been prevented, though in many cases when the details for several of them came out they were attacks that may have been discussed but weren't particularly likely to have been executed, and/or plots that were largely driven by government agents.
I know, that doesn't count and if anything it's basically entrapment, but hey... we have to justify the budget somehow.
Any organization with a degree of security, one a nation would consider an adversary, is aware of the dangers agents pose with infiltration.
http://www.democracynow.org/2015/3/19/how_the_fbi_created_a_...
http://www.npr.org/sections/thetwo-way/2013/12/08/249610501/...
But personally, I still think window of abuse for back doors is too large to be rationally allowed.
Can you even show that taking my privacy away makes me markedly safer, because unless you can establish that first I'm not even listening.
That's not a world I want to live in thanks.
A bit of malfeasance: nobody gets any rights.
In my home country, we have one of the more strict gun owning laws in the world. That does not prevent the criminals from getting guns at all - pretty much every random fucker can get his hand on a pistol, and organized gangs have gear that is often comparable with that of the army. But, on the other hand, it is pretty difficult for the average law abiding citizen to arm themselves for self protection.
The funny thing is, this strict control got really started in the late 60's and 70's, when student riots made for a moment seem like a coupe / civil war against the regime were at least thinkable. So, what are the real winners when the government outlaws technologies than short the gap between state power vs individual powers? It is not the criminal elements in society. They already are breaking the law and profiting from it. They will work around whatever restrictions get imposed and illegally import the gear they need from wherever it is available. It is you and me who get the shaft!
Whether that justifies preventing people from arming themselves for self-defense is arguable, of course.
Ah, so there we have it.
> it's to keep guns from the average not-really-law-abiding citizen
So guilty until proven innocent.
> Whether that justifies preventing people from arming themselves for self-defense is arguable, of course
I guess it's a great thing we have the Second Amendment and associated judicial proceedings.
Heller v. DC further enshrined the individual right to keep and bear arms. Specifically, semi-automatic handguns.
Stare decisis.
Nonsense. A general restriction is not the same as declaring everyone guilty. Am I being declared guilty until proven innocent by not being allowed to own military weaponry? Nuclear weapons? Biological agents?
This doesn't mean the restrictions are OK in this case; as I wrote, it's arguable*
I guess it's a great thing we have the Second Amendment and associated judicial proceedings.
Whatever makes you happy. Not being from the US, my interest is purely academic. Our constitution has no such provision, and the population is under no urge to add it.
Are you saying that because there are idiots who drink and drive, all cars should be banned. But if there end up being criminals with cars that get away from the police on bikes... then it is somehow alright because it was never a goal to stop them in the first place?
I guess I feel even more strongly against letting a dumb law enforcement agency dictate what infosec is ok to have on my systems, thank you very much!
[Edit] Ok, I can see my argument was kind of dumb, comparing regulation with outright banning.
What I am saying is this: in a world where weapons of mass destruction becomes more available, privacy/anonymity is mostly a non issue. I will say it outfront: I am skeptical of the evil genius in a basement, holding a day job while secretly moonlighting on his personal armageddon. Players willing and able to conduct this type of terrorist attacks will probably not rely on the same IT stack regular joes do.
Assuming they have the financial resources and personnel to pose a credible threat will know to not use their iphones. They will know to use vintage hardware, to download and compile their own Linux/OpenBSD from scratch, to get their crypto libraries from "rouge" countries outside of the sphere of influence of the US, etc. Those that do not, they will be busted early.
Those that pose the real threat then are the ones that you cannot stop by making technology harder to get. As long as there is demand, there will be supply. And they will have gear that is in the same ballpark as the forces that are supposed to stop them. Probably not as good as the best there is, because you can never outspend the guy with the printing press, but good enough to hold their own.
And then there is the cost. Not only the conspiracy theory cost that the government is going to turn fascist, but the very real cost of giving real criminals an edge over the public. They already are breaking the law, they wont care about using banned technology. If they can afford it, and if they can either profit from it or avoid being caught using it, they will get it in the black market.
I agree with your analysis if applied to contemporary dangers. But I've been not-so-subtly hinting towards biotech for a reason - as it progresses and the "tools of the trade" become both cheap and possible to DIY, the "required financial resources and personnel" drop sharply. People brewing up dangerous viruses ten years from now in universities or hackerspaces, whether on purpose or by accident, don't seem like a big stretch of imagination. And I honestly wonder, how are we, as a society, planning to safeguard ourselves against that threats. We can barely handle the diseases that occur naturally. People don't realize how dangerous this stuff is, because - again, except from natural diseases - we've never had to deal with a self-replicating technology before.
I'm not saying we'll need to drop privacy and anonymity entirely, but I suspect that they will be affected by any good solution. I'd probably sleep safer if I knew that there's no easy way to anonymously obtain necessary ingredients. You'll never stop a very determined attacker, but they're not the problem - random nutjobs with an axe to grind are.
That is already the case for a lot of things, when it comes to chemistry anyway. Your random person couldn't get their hands on the things required to make various dangerous chemicals. Criminals, they can, sometimes, but with great effort and expense so it's usually aimed at chemicals that will make them money (drugs, typically) -- and the really advanced stuff is done by "legit" (kind of) labs, not a home chemist.
Of course, that's only as good as the stores following the protocols, and with the internet that can change somewhat, but even then it requires buying chemicals outside of the country and getting it through customs (which isn't perfect, but puts up enough of a barrier that regular people or average criminals don't risk it).
Your advocacy of such a practice under such dubious rationale indicates - to me at least - that you don't really understand American principles.
Not really. Please re-read the comment I replied to. The point is, progress of technology brings new dangers and appropriate means of protection need to be created.
My point stands.
A.k.a. "assume everyone is a criminal".
> But my point actually is, some amount of watching will always be necessary
Sure, if there's reasonable suspicion that the person being watched is a criminal, and there's a real warrant (not some rubber-stamp from FISA) authorizing said watching. Watching everyone because "well we don't know if this person's a criminal or not" is not only ineffective (as proven by the dearth of terrorist attacks actually prevented due to NSA surveillance) but unethical and - per the United States Constitution - illegal.
Of course, none of this would be an issue if law-abiding citizens were encouraged and given the resources to protect themselves against crime, be it physical (by practicing self-defense, armed or otherwise) or virtual (by encouraging the use of free/open software, and strong encryption).
An encrypted hard drive is a totally unprecedented thing in that regard.
Then governments with enumerated powers would need some unprecedented powers to get into that unprecedented thing, right?
Only the federal government is limited to its enumerated powers. So at best your argument is that mandating backdoors requires state rather than federal action. State governments can do whatever they want unless it conflicts with a Constitutional right, and there is no right to have a place to stash evidence the government can't get to with adequate process.
Enumerated powers of government. Unenumerated rights of the people.
[1] "Rights" are exceptions, not the rule. The rule is the will of democratically elected legislatures. Rights are exceptions to democracy and should be construed to swallow the rule.
Governments have no inherent power to "inspect." You seem to think governments should have superior powers to individuals. While there is a philosophical argument for this, that doesn't mean it's always going to be true.
If code is speech, so is strong encryption.
State governments are not ones of enumerated powers and they are not limited. They are successors to the British Parliament and inherited the powers of that institution including the general police power. Against that backdrop, "rights" are those specific restrictions on the exercise of that power that states have bound themselves to by the federal Constitution and their own constitutions. There is no room in that framework for an expansive conception of rights that all exist so long as you're "not infringing on others' rights."
A great concrete example is blue laws, which were widespread at the time of the founding and regulated everything from alcohol sales to food consumption. Some of those have been challenged, hundreds of years later and mostly unsuccessfully, on establishment clause grounds, but there is little doubt the states, as a general principle, have the right to regulate public morals.
You must have a pretty rigorous definition of "public morals." I'd like to hear one that isn't a novelty, that accommodates gay marriage.
http://www.cnet.com/news/judge-americans-can-be-forced-to-de...
[1] http://www.denverpost.com/ci_20080656
[2] http://www.wired.com/images_blogs/threatlevel/2012/01/decryp... (p.9)
Make no mistake about it, the idea of national sovereignty worldwide is under attack, including the United States of America's, but no one really wants to admit or even entertain ideas of whom it might be, lest the truth be too upending.
What have ended up is a modern day star chamber.
"Finding its support from the king’s prerogative (sovereign power and privileges) and not bound by the common law, Star Chamber’s procedures gave it considerable advantages over the ordinary courts. It was less bound by rigid form; it did not depend upon juries either for indictment or for verdict; it could act upon the petition of an individual complainant or upon information received; it could put an accused person on oath to answer the petitioner’s bill and reply to detailed questions. On the other hand, its methods lacked the safeguards that common-law procedures provided for the liberty of the subject.” –Encyclopedia Britannica
If they could show that, credible evidence would have presented by now. ;)
But in all seriousness, the 1st & 4th amendment protections are the most vital freedoms we have and they should not be abridged outside of a direct link to harm. [e.g. Things like child porn, words designed to incite violent harm, violent prisoners shouldn't have privacy ]
So you have to be rational about it but yeah, mass surveillance and reducing self-defense tools to protect ourselves against criminals isn't "rational" behavior.
Criminals are going to do illegal things and we have the right to protect ourselves. If it inconvenience the government? So be it. I'm not going to bend over for any criminal who wants access to my financial data "because Terrorism".
Similarly, banning tools of self-defense [e.g. encryption for financial data, access keys] are simply guaranteeing the criminals will be the only ones to possess them.
I'm aware alot of people will be like "what about the 2nd"??
Yeah, that provides no protection against the government since they'll always have the ability to drop bombs on you. When you can afford a F-16 and the ability to pilot it for "self defense" purposes, let me know.
I wouldn't call my ancestors 'helpless' considering their multiple armed rebellions and constant resistance after being conquered, or examples I'm less acutely aware of like the French or Polish resistance during WW2. It's also worth noting that while this resistance was very much detrimental to the hostile government, it was never the primary factor of its downfall.
And now you know why gun registry laws regularly get torpedoed.
Hard to round up all the guns if you don't actually know who has what.
Historically this is exactly what happens.
Proponents of gun registries know this, want this. People who value their freedom have to fight a (so far, winning) battle to maintain their Constitutionally-protected rights.
Therefore the right to bear arms as a defense against tyranny is mostly empty words. The way to prevent tyranny is robust public institutions and a democratic culture. Weakly democratic states fall to autocrats all the time. There is no culture of democracy so the number of power holders a would-be autocrat has to cow is few. Democracy, real democracy, involves orders of magnitude more people, it's that much more difficult to overthrow.
Of course the later would never be hard in America, considering just how many guns there are that would not get swept up... But the first is still easier.
People who make that argument seem to forget that if you decide to rebel, the 2nd amendment doesn't matter because you are a criminal and can bring guns over the border through Mexico or via other channels. The same is true of IEDs.
The "people" with AK-47s aren't getting them legally as common citizens.
That doesn't change the fact the majority of the US isn't going to rebel and that such "rebellions" in the US tend to look like this:
http://en.wikipedia.org/wiki/Ludlow_Massacre
So far, we've been treating encryption as a matter of privacy (Fourth Amendment). But since the U.S. government has historically treated encryption as a weapon, perhaps we could also argue that encryption is a matter of the Second Amendment. It would be really interesting to get the NRA, Rand Paul, and Bernie Sanders to speak out in favor of encryption at the same time...
Of course, the flip side of this approach is that it's much easier to support restrictions on the possession, use, and export of weapons. "Export-grade" ciphers are still causing issues 20 years later.
It "places restrictions on the quartering of soldiers in private homes without the owner's consent". This explicitly was to prevent citizens from having to bear the capital costs associated with the government's own decisions, but it also appears to have been borne out of a fear of having a government agent be able to observe one's most private affairs.
For better or worse, the 3rd amendment doesn't come with the precedents of the 2nd or 4th. There is an argument to be made that by having a General of the US Military capable of monitoring me while sitting on my couch (in a realistic scenario via my cell phone or Xbone), that the military is overstepping its constitutional bounds with respect to my privacy. This would not apply so much to the FBI, but it might eventually were precedent to be pushed in the correct direction.
It could mean that if the Feds want to make their own jobs easier by trespassing on the private property (laptops, phones, etc.) of citizens, they'll have to get the owner's permission first.
Now that we've successfully reinterpreted the 2nd, 3rd, and 4th Amendments to support privacy, why not the 1st Amendment? Would you like to join the Church of Privacy and accept Ed Snowden as your Lord and Savior? According to our Holy Book, in order to reach salvation, you must vigorously resist the Devil's attempts to spy on your life. Oh, and the 5th already gives you the right to refuse to divulge encryption keys, at least on some interpretations.
People in mud huts in Afghanistan don't seem to be having trouble waging guerrilla warfare against the most powerful (and expensive) military on the planet.
F-16s don't occupy territory. F-16s don't police thoughts.
This "they have tanks, planes, and bombs, so your rights don't matter anyway- you don't need them" bullshit is a farce:
People police people. People occupy territory.
It would just so happen that people are exceptionally susceptible to small arms fire.
We really need to make stronger arguments for privacy. Too many people conflate real privacy (which I believe virtually nobody actually wants to give away, if they truly understand what giving it away means) with "sharing stuff on Facebook and Instagram".
One is an obvious choice, and the other (the government, or even companies through non-transparent trackers, knowing everything about you) is not, but is forced upon you.
http://en.wikipedia.org/wiki/Golden_Age is a good article (obviously) covering this philosophy...
All you can really do is try to increase the worth of what you leave behind to your future progeny so that in times of dark ages they are high in the council but remain moral, and in the golden ages they use science to create awesome things and ignore hysteria and FUD. Unfortunately too much shift one way or the other in a genealogy tree makes the family lazy or a war mongrel so it's hard to pull off.
No matter how good the surveillance teams are, they will never completely control humanity nor know everything at all times. They simply aren't capable of it.
In addition, the wants are limitless but their budgets are constrained by what they can reasonably appropriate. As they make it harder to do business (by introducing security holes or ruining trust) the amount they can appropriate becomes less.
In addition, they become buried by an ever increasing amount of information that their inefficiency can't handle. I have no doubt some of the best and brightest in the world work for for secret agencies. But operationally they are still bureaucracies. Thus, they have no shortage of lazy and stupid people... many of whom are in leadership positions. In fact I believe these pleas for unconstitutional shortcut tools are the pleas of lazy and unimaginative people. People who don't want to be found probably have much more reason to worry if the special pleading ever stops. Because at that point there may be truly more competent people running the program.
I think you meant surrendering, or did you really meant encircling? Not a native speaker, just trying to get a better grasp of the language.
so yes, surrendering is a safe guess.
I think what society need is some government reforms that require lawmakers to do cost-benefit analyses with tests and proofs. If they want to ban encryption, they should be forced to provide evidence that it actually work, and that the cost to society is less than current methods to fight terrorism. It would also likely get rid of many current inefficient methods, like security theater at airports.
You know what I'm scared of? I have to drive two hours four days a week. I am much, much more likely to die in my car. Hell, I was more likely to die in my car while I was in the military. Most people know someone who either got injured or died in a car crash. It happens all the time. How many people know someone who died in a terrorist attack?
But we're surrendering our freedom for the latter, which is a ridiculous phantom bogeyman, while we vigorously defend our right to die on the roadways.
You may not want to pose this question to a New Yorker.
I get your point, but it is a bit of a loaded question.
While we cannot say what exactly happened on 9/11, September Clues proves without a doubt what didn't happen on 9/11.
The term "loaded question" refers to questions which presume facts. For example, "why did you kill him?" Is loaded because it presumes that you did kill him. The question you are referring to is not loaded.
There were 294 motor vehicle fatalities in NYC in 2013.
The US has been averaging about ~32,000 motor vehicle deaths per year the last several years.
Your 12/10000 rate would indicate 360,000 people per year; that's off by a factor of ten.
* http://dmv.ny.gov/statistic/2013nyc.pdf
* http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in...
I still think the best response to terror is to shrug it off and get on with your life. Spent 7/7 sat at a pub in the sunshine.
That entire section of the airport (and I imagine many homes tuned to the same station) were absolutely saturated with a message of fear and us-vs-them. I think it's ridiculous, but I can easily see how for many people this is a pervasive issue. It might be the majority of the media they consume, in that they don't seek out much else or tune out the 24-hour media cycle or fearmongering or ratings attempts.
Why do we believe we should/could do something about all foreign and domestic crazy people (so called 'lone wolfs' like at Boston) and all crazy and motivated groups who hate the US because of our foreign policy in their region (and there are plenty of regions with negative perspectives) when we can't even prevent state actors from killing civilians?
Cryptoists. Or maybe I'm overly optimistic thinking crypto-users will first be targetted in 50 years time. Probably more like 5? Maybe 10?
1. https://en.wikipedia.org/wiki/The_Holocaust
2. https://en.wikipedia.org/wiki/Holodomor
3. https://en.wikipedia.org/wiki/Great_Leap_Forward
4. https://en.wikipedia.org/wiki/Joseph_Stalin#Calculating_the_...
the more you tighten your grip, the more star systems will slip through your fingers
It's like they just don't understand causality, at all.
That's called a "Cognitive Distortion": Polarized Thinking (or “Black and White” Thinking).
We don't have to choose between either privacy or safety !
The logo will be a semi-open padlock with a FBI agent holding a FISA court order.
A ban of end-to-end encryption will need to be enforceable. What will LEO do, if I come up with it? Bust my house? That's unthinkable in Europe. Enforceability also means that all communcations must go unencrypted. This merely would kill all online commercial activity.
Then you have the massive cost of re-issuing all the keys.
Moreover, organized crime groups, which in real life are much more serious problem, are quite adept with advanced technology. They set up their own radio communications networks and use aerial and submersible drones.
Well, sure, in that terrorist organizations are, by definition, a subset of organized crime, so that the problem they pose must be strictly less than that of organized crime more generally.
...get elected as politicians or use their cash for more productive uses such as regulatory capture.
> Moreover, organized crime...
...simply used their captured politicians to make their activities legal. Why use cloak-and-dagger tricks when it is cheaper and easier buy the organizations that get in your way?
Edit: https://www.youtube.com/watch?v=wgpytjlW5wU
Whoops, so did I.
http://en.wikipedia.org/wiki/Category:Medieval_Persian_mathe...
https://www.youtube.com/watch?v=aE6RtzwVdHI
Since you brought it up, I wonder if encryption and compression aren't both instances of a common mathematical phenomena. They seem very similar to each other.
We might as well say that not consenting to a search is probable cause for a search warrant.
Remember that they decide who to murder using metadata. A world where only "evil people" used encription would be ideal: they would know who to bomb right away!
Once you outlaw encryption all encrypted communications will be illegal and the people that use them terrorists.
This is how it begins.
I believe it may be incorrect because in my (limited) understanding, good encryption is indistinguishable from random sequences of characters.
How can you tell a string of random characters is simply random, or is an encrypted message, unless said encryption includes some kind of header or marker information?
I may simply be wrong but I'm curious about the answer too.
How much would you bet against "the bad guys" already using those as steganographic comms channels?
Using software?
Why are you in possession of random data on a hard drive? A prosecutor will be happy to spin theories about what it might be.
How do you hide the possession of software you use to acess it? If you manage that, how do you hide the forensic evidence of "file access in random data consistent with evidence of hidden data or a hidden filesystem", in your OS or on your storage device?
I very much want to live in a world where these tools are legal. Otherwise, in the same sense as "lying to the FBI", they will be used as a weapon by law enforcement when none other is handy.
Just spitballing here but what if the software decrypted something as a side effect of doing something else like watching a movie. After all, buggy software is everywhere, perhaps that is just a bug.
What if that random file was a test input for a software fuzzing test. Is that not a plausible enough excuse?
What if the system periodically accessed data files [that had random data] to verify their integrity, you never know when data corruption might sneak in after all.
I totally agree that anyone trying to plead this case in court would likely fail miserably but the though experiment is interesting.
DRM movies are already encrypted. The DMCA does not seem to include an exception for law enforcement or intelligence gathering.
We just need an easy DRM format that allows content producers to licence and make available for viewing (but not arbitrary copying) custom content for specific viewers.
No it isn't. Encrypted data is indecipherable from random noise.
Which makes it noticeably different from all other (plaintext) communication.
Or compressed, so you'd need to be able to detect every compression format ever created. I imagine that any time somebody serializes a succinct data structure [0], you're going to have to add a signature for that as well. I'm not confident that even an organization with the resources of the NSA would be able to keep up with that, you'd have to make illegal the writing of data structure libraries. Of course, the optimistic bureaucrat would see this as an opportunity for the creation of another federal entity, like the patent office, where code can be submitted for registration and approval. The Department of Circumlocution™.
[0] http://en.wikipedia.org/wiki/Succinct_data_structure
If you want to get a taste of how difficult it would be to implement some method of detection, with a useful detection rate at scale, try to write some software that can detect localization encoding of strings on a binary stream. There is a reason why automatic translation of unknown localization doesn't really exist, there have been plenty of attempts, but nothing that results in a definitive answer.
I once wrote some software that would parse very poorly written csv files, it was one of the most frustrating projects I've ever done - and taught me the value of standards conformance. Basically, if the data source is non-cooperative, you aren't going to be able to reliably use the data.
Encryption IS a national security concern.
When government agencies discourage encryption, or fail to report known software vulnerabilities, they're acting against national security interests.
I honestly don't know a single person that hasn't been caught up in at least two of the bigger breaches of the past few years alone.
The problem is that the more the government watches everybody, the more people will encrypt. The logical path would to forbid anybody to tap lines. Then, of course, encryption would not be necessary, since data would flow securely.
Also, as long as its the authorities, as long as data does not fall into the hand of private interests (which is a risk), I don't see what the government would do about this ability to spy on its people since government represent the interest of voters. Ideally of course, in reality there would be many abuses.
By the way I don't understand why the authorities benefit for using Tor.
Why does forbidding someone from tapping somehow make data more secure? Just because it's forbidden doesn't mean it won't happen.
> as long as data does not fall into the hands of private interests
This is a risk because it's impossible to prevent. Especially as wireless networks become more and more common. It's impossible for all practical purposes to prevent wireless signals from being collected.
> impossible to prevent
Well putting good encryption standards would mitigate this by a lot. And isn't the sector of mobile antennas a walled garden ?
Of course if nothing is regulated to give the government a chance to tap it, then consumers will always try to conceal their behaviors and criminals will never be caught.
On the other hand, if the government properly regulates how data infrastructures are kept safe from private interests and if it's properly audited and made public, it will gain the trust of consumers and it will make the FBI's job much easier.
I honestly doubt the government will really want to let everyone have the opportunity to get away with the law because the technology allows it. There are strategies to protect citizens from private interests while doing investigations.
The problem with tor is that the government can end up systematically crack if they want, so using stealth tools isn't the road that makes sense.
It boils down to trust. If trust goes down, it makes things much easier from criminals, since the FBI's job will be so much harder, since everyone effectively doesn't trust government.
Anyway, I'm not so knowledgeable about all that, but it's true that the law must evolve on technology. Guilty until proven otherwise should be the norm, and privacy matters, but if everybody is paranoiac like a criminal would and protects their data because nothing is regulated and because private companies always take a peek, then nothing will change.
This is a scary statement to me. Why should it be assumed that I am guilty of something because I don't want my communication to be read? This amounts to saying that I have no right to privacy.
It seems that you're saying that I should just trust the government to not read my messages if I am innocent. However, I don't think it's fair to say that I only have the right to privacy if I trust the government to stay out of my communications because that's not really privacy at all.
So they would argue that this doesn't apply once we eliminate paper as a medium.
Also, but, but, but... They're only collecting metadata, right?
-- Benjamin Franklin
Seems pretty straight forward to me ...
He's not saying this in anything like the context we tend to use it now.
http://www.npr.org/2015/03/02/390245038/ben-franklins-famous...
Those who would give up Liberty, to purchase Safety, deserve neither Liberty nor Safety.
Which completely changes the meaning even aside from context.
"Of course the people don't want war. But after all, it's the leaders of the country who determine the policy, and it's always a simple matter to drag the people along whether it's a democracy, a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism, and exposing the country to greater danger."
-- Herman Goering at the Nuremberg trials
For the skeptical, yes, this is a real quote: http://www.snopes.com/quotes/goering.asp
I think he'd focus on that "...and no warrants shall issue, but upon probable cause..." bit. With end-to-end encryption, even upon demonstrating probable cause to a judge and having a warrant issued, he's still looking at ciphertext.
This joker should lose his job. He does not represent the values of this country,
http://www.ribbonfarm.com/2011/06/08/a-brief-history-of-the-...
Arguably, corporations were more powerful then than they are now. Wars were fought because of the British East India Company - in 1778, it had a private army of 67,000 soldiers, over 50% more than the total strength of the American militia at that time.
http://en.wikipedia.org/wiki/Hudson%27s_Bay_Company
Corporations aren't citizens now. If you mean "corporations weren't considered 'persons' in the scope of the 14th Amendment" in 1776 (or even, say, when the Constitution was first adopted), that's true, but then neither was anyone else.
Corporations, of course, have been legal persons in the general sense since the corporate form was invented; that's the whole point of the form.
The stories behind the other cases you cite are similarly murky. The US has been manufacturing consent since before it was born.
http://en.wikipedia.org/wiki/Signing_of_the_United_States_De...
The common people of the colonies were likely in a situation very similar to where ordinary citizens today are when deciding between Google/FB/etc. and the NSA. Distrustful of both sides, but more inclined to go with the weaker of them, because then they'd be less fucked over.
Well, globally weaker and more locally powerful. Strength probably wasn't the decision criteria at all for those who chose the rebel side, it was probably perceived accountability: the local governments that were represented by the signers and which revolted were all accountable to the local population, the British government was not.
I remember asking this question back in 2005, and getting a solid "No". so I left the country. I doubt it's somehow been magically remembered since then.
[1] http://www.merriam-webster.com/dictionary/terrorism
Also, though I'm not surprised by the fact they're against encryption - They've been against it all through the court case against Phil Zimmerman for example - I am surprised how tone-deaf their arguments are beginning to sound. It's like they don't understand there's a real public debate happening around them.
I use the Tor Browser Bundle to read my gmail. I figure it's helpful to those working for legitimate regime change, that I put encrypted traffic on the net.
"It's for your own good."
If the FBI isn't mining normal citizens data for loose connections to stuff that is none of their business, then their is no need for them to have access to the systems they want.
The only argument that could be made is that criminals are stupid and may not use proper encryption on their own, therefore we should watch what everyone is doing so that we can catch these particularly dumb criminals.
The goal of the FBI in all their statements is to try and convince the public that "only criminals need encryption; everyone else should let us watch everything they do." 1984 anyone?
And I'm not interested in the FBI trying to create one.
It's scary how prescient Orwell was.
For you to ever be 'free' from others doing [thing Z], everyone (you, them, everyone else) would have to be precluded from doing anything that might lead to [thing Z] - and suddenly no one can do [thing A], [thing B], [thing C]...
Not only that, but now all it takes is for someone to make a shaky argument for some action potentially leading to [thing Z], and suddenly you or anyone else can be accused of committing that action in pursuit of committing [thing Z], and/or get locked up because of it.
I'm as averse to getting blown up as the next guy, but that doesn't stop me from recognizing a loosely-defined slippery slope when I see one.
It'd be nice to see a world in which it's very rare/difficult for anyone to do certain things - but let's not pretend we can create a world completely 'free' of anything without sacrificing most of our inalienable rights.
"America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves." - Lincoln