38 comments

[ 3.9 ms ] story [ 89.0 ms ] thread
> If you don’t understand how technology works — especially a technical subgenre as complex and dense as encryption and information security — then don’t write about it.

This is certainly one message to draw from the situation. But it's not the most constructive message -- it puts the burden on non-technical people, telling them what not to do. Even if non-technical people realize that there are scientific limits to technologies, that won't stop them from thinking about and writing on technology incorrectly.

I think the burden should fall on us techies -- I think there is something constructive we can do. I think we should strive to educate others on the roles and limits of technology. Even if we can't teach everyone the math, physics, electrical engineering, programming, and software engineering they would need to truly understand technology, we can explain the limitations of something like encryption with our blog posts, social media, and every day conversations.

It seems to me like this is already being done quite extensively. Maybe it's because I'm in the tech echo chamber, but I constantly see technologists trying to educate the outside world about the limitations. In a lot of cases (this one included), it seems to me like this is perceived by non-technologists as laziness (as TC suggests), stubbornness, or FUD-spreading.

This is just my impression (no guarantee it reflects wider reality), but I'm not sure how this is something that technologists can be expected to solve. There's no way to get the public to trust you when they know that you can do what you're saying is impossible, you're just not willing.

Also, his message easily generalizes to:

"If you don’t understand how something works — especially a complex and dense thing — then don’t write about it"

which of course is a totally ridiculous thing for a columnist to write (especially considering his implied standard for "understanding"). Of course this requirement is nothing he follows himself, writhing columns about broad sociological changes crammed into phrases like "sharing economy" and "we are all entrepreneurs".

The column doesn't even build any case for the accusation in its title!

There's a corollary to Clarke's famous law about technology and magic: "Any technology distinguishable from magic is insufficiently advanced." I'd say this is starting to become a serious problem.
It goes both ways. Technologists should also look in the mirror, and consider what we might not understand.

Since the OP is criticizing journalists' understanding of tech, we should ask how well we understand journalism. Inside the Collapse of The New Republic (http://www.newyorker.com/news/news-desk/inside-collapse-new-...)

Taking a Tire Iron to Techie Triumphalism (http://www.nytimes.com/2015/06/09/us/taking-a-tire-iron-to-t...) and associated HN discussion (https://news.ycombinator.com/item?id=9686577)

Not every solution takes the form of a startup. And there's always the lifehack of asking the working poor what they think, and listening to them. Maybe some of them have the vision we lack. – idlewords (https://news.ycombinator.com/item?id=8261431)

And this from MondayNote (http://www.mondaynote.com/2014/10/26/the-two-things-that-cou...):

One: Google’s disconnect from the outside world keeps growing. More than ever, it looks like an insulated community, nurturing its own vision of the digital world, with less and less concern for its users who also happen to be its customers. It looks like Google lives in its own space-time (which is not completely a figure of speech since the company maintains its own set of atomic clocks to synchronize its data centers across the world independently from official time sources).

You can actually feel it when hanging around its vast campus, where large luxury buses coming from San Francisco pour out scores of young people, mostly male (70%) mostly white (61%), produced by the same set of top universities (in that order: Stanford, UC Berkeley, Carnegie Mellon, MIT, UCLA…). They are pampered in the best possible way, with free food, on location dental care, etc. They see the world through the mirrored glass of their office, their computer screen and the reams of data that constitute their daily reality.

This does not work, for a very simple reason. The same argument the article states can be construed for literally every single topic, from tech to AI to agricolture to fishing to engineering to medical science and so on. So either every single human being is taught the whole of human knowledge, or one should simply realize there are things one should not have an opinion about and avoid spreading misinformation, which is far simpler.
I've been watching season 1 of "The Blacklist" in the background while working over the weekend. Aside from being yet more terror porn, one of the interesting subplots had a rogue unit surveilling the FBI. The implication was clear: these bad guys are so cool and awesome that they can run their own surveillance! Against us!

But really, not so much. If you really wanted to gather a whole bunch of secret data on what the government was doing? You wouldn't need to set up cameras and monitor everything. You wouldn't need some super-cool intercept site located in Virginia. The government has already done that for you. All you need to do is break in and scoop up data like every other subscriber is doing -- just like what happened with the recent breech at OPM. (Which, being the biggest heist in American intelligence history, is amazingly under-reported)

As this article points out, people seem to lose sight of the fact that by putting all of our eggs in one basket, we just make it easier for somebody to rob us of all of our eggs. Backdoors are a horrible idea. I agree with the author here that the reasoning displayed on these editorial pages is "breaktakingly stupid"

Aside from the fact that the security state is destroying the republic, there are some seriously ignorant people making broad decisions about a lot of things they should just stay away from.

It's strange that you mentioned this series. I've watched the first season and halfway through the second and I never seen a TV show stuffed with so much clichés. Seriously, it must be financed with some political adgenda behind. Everything you can think of is there, the Russian mafia, the Ukrainian bomber, the German neo-nazi group, some psychopath trying to do a chemical attack... Every episode is like this.

Anyway, to go back to the subject of the article, backdoors are always a stupid idea because there is no way to guarantee that the backdoor will not be used for other purpose. Recording so much data is also risky for the future. Who trusts their current government ? And who is going to trust the government they will have in 20 years ?.

If you have to fill 20/22 episodes of a spy show you do go through antagonists.
Well...its always going to be easy to say the leadership is stupid and backdoors are a horrible idea.

What's hard to answer is how do you stop the next Boston marathon bomber. No good answers to that, which is why we see all kinds of partial solutions, with all their well known consequences getting deployed.

Yes. It's hard.

But asking such questions without context is bullshit. We've had bombings and mass murders throughout our country's history. Hell, the country was founded on a tax revolt that ended up in a civil war (a huge chunk of folks weren't exactly happy with breaking with England)

So when I look at all that bloodshed and lives lost, I really have to ask myself if a 9-11 every day wouldn't be better than giving up the freedom to be secure in our persons and papers that all of those folks in times past died for.

So yes, there exists danger to the population for which a decrease in our way of life is not warranted. People will die. There will be much media coverage and yelling.

But the real question isn't about the loss of life. The real question is whether or not a system of government that is designed around free and informed people electing representatives can survive a sustained attack built around getting people angry and afraid.

You got me on that one. Perhaps single, 6 or 8-year presidential terms. Required rotation of the HoR with a 2 or 3 term limit? Going back to electing senators from state legislatures? Whatever the solution, it's going to involve a longer feedback loop between outrage and people voting. We also desperately need some group of people representing the system itself instead of the voters. That used to be the senate.

> What's hard to answer is how do you stop the next Boston marathon bomber.

Not only how do you stop the next Boston marathon bomber—that's relatively simple. What's hard is stopping the next Boston marathon bomber without doing more damage to our country than the next Boston marathon bomber would do. And that's hard, because despite the loss of life, the Boston Marathon bomber didn't actually do much damage to our country.

That's pretty high quality writing for tc, maybe I should start paying attention to them again
What is this in response to? I couldn't find it listed anywhere in the article.
TechCrunch is one to talk. Their writing might be more knowledgeable but is still characterized by magical thinking on tech when it comes to Big Names and Buzzwords.

The WaPo editorial board has taken a stance which large businesses that specialize in high tech products have already publicly opposed. In this particular disagreement, the technologists' position supports that of Valley firms, so TC can namecheck Diffie, Rivest and Schneier to argue their case.

Wake me up when TechCrunch starts echoing Schneier about the surveillance economy fueling the internet.

I'm trying to think of a good, sarcastic comment about privacy being too inconvenient on the internet, but quite honestly, they all sound too much like things I've heard people here say.

At the end of the day, unfortunately, commerce seems to be the prevailing decision maker. Sometimes I feel like it'd be great to see the money driven out of tech for that reason.

Doesn't Jeff Bezos own the Washington Post?
Yes but he is more concerned with ransacking its employee pensions.
(My wife was in the DC press corp for years covering Congress, serving in the White House Press Pool, and the Pentagon at various times.)

Unfortunately, the vast majority of the press has little understanding and even less background in the topics they cover. The article they write on Wednesday, they may have learned about on Tuesday, after being assigned it on Monday. This is why so many groups can get away with handling them something that is just slightly less promotional than a press release and get away with it. Combine that with tight publication schedules and the sheer amount that they have to publish (though mostly bloggers, less general journalists) and it's a recipe for disaster.

While my wife was still active in that space, I briefed her colleagues on technical matters regularly. I felt like I was helping educate at scale but at some point I realized that too many just didn't care. They wanted the "10 second sound bite" and move onto the next topic.

Note: If the reporter has a strong background in a subject - technology, medicine, etc - they become the exception rather than the rule as most of them can make more money as consultants than beat reporters. They are often subtly promoting their own books and lectures too.

More than once, my employer issued a press release for a product I wrote then a reporter published it verbatim with their own byline.

There is a market opportunity for someone who can find two journalists doing thatnat the same time with the same press release.

There is a Matt Taibbi talk somewhere, where he says he was on the presidential campaign trail with more or less the top reporters in the country when Bear Sterns collapsed, and his shock at realizing that none of them knew what that meant or what even the story was about.
How can any sane person advocate a "solution" like this after the OPM debacle?
And people are surprised that traditional Publishers have the same sort of level of understanding tech as Jen does in the IT Crowd?
Is there a term for the phenomenon where whenever the press covers a subject you are knowledgeable on, you can see clearly their reporting is terrible -- so inductively they are always reporting terribly?
The hackernews effect? That's pretty much the default reaction anytime a mainstream source is posted here.
I'm not sure there's a name for it but there is a tendency to see terrible reporting in your personal area and discard it. Only to read another article in a less-known subject and accept it unquestioningly.

It feels like it's a variation of bike shedding..

Perhaps it would be a better tack to explain to the Washington Post that, yes, technology is magic. However the kind of magic that has been used here is to wedge open Pandora's Box and pipe the output into the global economy, so unfortunately it doesn't respond reliably to demands.
You don't really have to have a deep understanding of the technology to understand that there can't be such a thing as a technology that can only be used by law enforcement personnel performing their legitimate function.
I can sympathize with the Washington Post.

There are two common uses for the word "impossible" that are relevant here. Solving the halting problem is impossible in the absolute sense. We have a proof.

But think about the (mind-blowing) discovery of asymmetric encryption. Before that, many things would have reasonably described using the word "impossible" in the sense of "nobody has any idea how to do that."

Do we have a proof that "golden key" thing is impossible in an absolute sense? If so, then it needs to be explained to non-technical people in a way that conveys that. If it's just that nobody knows how, then it's not actually impossible.

I think maybe people are interpreting the article as saying "if Google and Apple wanted to, they could do it this year" and of course that's incorrect. But I read it as them just lamenting that nobody even seems to be trying.

And I think their read on the lack of motivation is accurate. The people saying it's a bad idea from a technological perspective probably also think it's bad policy -- they wouldn't trust the government with a golden key even if it were possible.

So all the Washington Post can do is try and convince people that it's good policy. And it's fine to disagree with that, but it's unfair to call them stupid for thinking that there could possibly be a solution to the problem.

> But I read it as them just lamenting that nobody even seems to be trying.

No, I'm pretty sure it's an actual thing that they actually want Apple and Google to do. Like for real.

In an absolute sense, a golden key is already possible, and we have the cryptography necessary to do it. In a practical sense, a security system that has a golden key is necessarily more complicated than one without it, and have yet to demonstrate an ability to reliably construct a secure system even without a golden key. On another practical sense, we would need to construct an entire key management infrastructure so that it is possible for government agents with legitimate access to use the golden key, and this infrastructure itself would be a high value target.
Full Disclosure, I'm a co-author on the MIT paper that this article cites.

The posted article is talking about the following two op-eds by WaPo[1,2]. What's interesting here is that in [2] they call for a national academies study on the issue, the logic being that the state of encryption has changed. The academies have studied exceptional access in the past, and generally thought it was a terrible idea [3].

I'm personally not opposed to a new study, but the point of the paper we wrote was to argue that it's an even _worse_ idea than the last time exceptional access was considered. I'd be shocked if the academies changed their minds.

[1]https://www.washingtonpost.com/opinions/putting-the-digital-... [2]https://www.washingtonpost.com/opinions/compromise-needed-on... [3]http://www.nap.edu/catalog/5131/cryptographys-role-in-securi...