Here is the bottom line -- if smartphones can not be securely encrypted there are a lot of things we can't use them for:
- Phones aren't going to replace credit cards
- You will need to type in all your passwords each time you use them
- Two Factor authentication will need to be done with a different device
- Healthkit and other medical records will need to be moved elsewhere
- Any profession where there are very serious consequences for leaked communication will no longer be able to do it through their smartphone (lawyers, doctors, executives.)
Basically losing or having your mobile phone stolen will be equal to a burglar pulling up to your house or office and driving away with every sensitive document and record in the back of a van.
No tech company wants to see the end of the mobile revolution. Forget the national interest side to this, anyone supporting broken encryption basically looks like a total moron.
Put a space (or is it two?) in front of each line item if you want to make a list on HN. HN interprets this as 'code block' and doesn't reflow the text.
HN wraps things separated by blank lines in <p> tags, so:
Line 1
Line 2
becomes:
<p>Line 1
Line 2</p>
which displays as:
Line 1 Line 2
If you want to make bullet lists on HN, you have to have a blank line separating each item.
Wrong Way:
* Item 1
* Item 2
* Item 3
(unless you're aiming for this:
<p>* Item 1
* Item 2
* Item 3</p>
)
Right Way:
* Item 1
* Item 2
* Item 3
HTML:
<p>* Item 1</p>
<p>* Item 2</p>
<p>* Item 3</p>
Renders as:
* Item 1
* Item 2
* Item 3
Some people use <pre> blocks (as I've been using above to show examples). This breaks on long lines, because there is no text wrapping (instead the element becomes horizontally scrollable). Like this:
If you are editing your HN post in something like Vim or Emacs, you could wrap the text to N columns (something like 50 should probably be decent):
- Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Nulla at lorem id eros
tincidunt tempus. Fusce maximus efficitur
tempus. Suspendisse auctor sem ligula, quis
iaculis ante aliquam vel. Suspendisse potenti.
Integer magna arcu, consequat laoreet nunc
nec, pulvinar consequat justo. Cras sed velit
sed odio ultrices ullamcorper. Suspendisse
semper, urna ac vehicula vestibulum, mauris
urna euismod velit, ac gravida mi purus sit
amet mi. Sed commodo, turpis vel iaculis
rutrum, justo nisi venenatis lacus, et pretium
purus erat vel risus. Duis vulputate elit at
orci auctor facilisis. Donec eu urna congue
risus dapibus porta. Donec efficitur vel lorem
sit amet fermentum. Suspendisse potenti.
Aenean dictum, lorem non tristique commodo,
nulla urna rutrum odio, sed sodales enim nisi
eu tellus. Vivamus efficitur dictum est at
laoreet. Sed ornare nulla in ante tincidunt,
ac sagittis mi varius.
But you have to remember to "manually"[1] wrap the text yourself.
[1] Manually in that something other than HN will have to wrap the text for you. You can either do it be hand, or put technology to work for you... just not HN technology.
Does anyone know why HN doesn't handle linebreaks correctly? I mean, I can't imagine that it's by accident, but I also can't imagine why anyone would do it on purpose.
If it did like HTML and completely ignored linebreaks as extraneous whitespace, that would at least be consistent; if it expanded single linebreaks to doubles, that would be enforcing a layout preference for inter-paragraph blank lines; but "ignore one linebreak, print two linebreaks normally" is just weird.
I guess ignoring single linebreaks prevents people from wrapping lines manually (happens surprisingly often on some forums), resulting in an annoying reading experience.
Assemblyman Jim Cooper represents Elk Grove a city of ~160K just South of Sacramento. Apple is the second largest employer in Elk Grove [1] and currently expanding their footprint there by several thousand jobs [2].
Hopefully there's a primary challenger or soon will be, I'll donate.
I don't really think this is a liberal/conservative issue. I'm what most Americans would call extremely liberal, and yet one of the very few legislators whose views consistently align with my own on matters of encryption and privacy is a tea-party libertarian Republican.
I think the proper political theory axis on which to hang this debate is libertarian-authoritarian, both of which exist in liberal and conservative thought.
Wow I really liked this article. It encapsulates my thoughts and validates some of my suspicions on private data trafficking quite well.
Thinking of Silicon Valley as the both the bad guy and the good in the fight for privacy is quite interesting. On the one hand these big companies fight for anti-surveillance measures and they fight against laws for weakening encryption. On the other hand, they fight against laws designed to curb dissemination of private information and general consumer protection. This dichotomy is really striking to me.
Same problem pretty much with the NY bill.
Buy a phone that is unlocked / decrypted at the time of sale.
The next step is for the user to login and encrypt. I don't see how this bill actually fixes that.
I guess this hinges on the definition of authorized when it comes to encrypting something I own. I hope I don't require authorization to do this.
A few questions I posed to the NY senator earlier this week:
1. Would you use such a phone knowing that the government / apple / seller of the phone could easily get into it.
2. Would it be legal for someone in the legal profession to use such a phone without being disbarred for negligence of the right to private communication?
3. If sold unlocked, and then later locked (i.e. every phone right now), where's the change?
4. Where's the 4th amendment fit in with this?
5. What should we do with old phones that don't support this? Dump them in the bay I guess?
6. Where are the technical experts that are telling you that this is actually feasible to do securely and safely? I'm looking hard, but only seeing negative responses from those that know what their talking about.
7. Who's responsible for fixing the broken device once the master key gets leaked? The manufacturer? The state of {CA/NY}?
8. the list goes on.
Although there is definitely cause for concern, these are just state-level legislative bodies. They couldn't prevent Californians and New Yorkers from buying out of state or international phones that aren't crippled with back doors.
It's a worrying trend, though. It seems every few months another law like this is proposed. Requires constant vigilance on our part.
I'm not so sure about that as the language of the bill states:
"(d) (1) ...that is not capable of being decrypted and unlocked
by its manufacturer or its operating system provider shall not
result in liability to the seller or lessor if the inability of the
manufacturer and operating system provider to decrypt and unlock the
smartphone is the result of actions taken by a person or entity other
than the manufacturer, the operating system provider, the seller, or
the lessor and those actions were unauthorized by the manufacturer,
the operating system provider, the seller, or the lessor."
Presumably the "those actions were unauthorized" could be construed as prohibiting a FDE option from being built into the OS and provided by the manufacturer and this in conjunction with signed kernels in phones, would present a very high barrier on the user to be able to obtain device encryption without key escrow as we understand it today.
This has been my understanding of what they really want, in particular when using the word "front door". That's key escrow. Not weakening encryption so that they can break it, but they want manufacturer or OS provider to have a copy of the keys used and in particular the law seems worded to burden the company to actually perform the decryption, not merely hand over the keys.
Addition: While I don't think either funded or unfunded mandate to do this decryption is OK; I think it's untenable for the company to hand over keys to just any government. With those keys, the government can not only decrypt, they can decrypt-modify-encrypt and thus frame dissidents or political enemies.
This is where the bill breaks down logically. A seller of an unlocked/decryptable device can say "you're not authorized to encrypt this" all they like. As a user though, I don't require their authorization to do what I like to a device I own.
A gun seller does not 'authorize' someone to use the gun to commit murder. Best buy, AT&T, etc. likewise do not authorize a user to encrypt their device. Nor should they. What I do with my device is none of their concern so long as I pay my bill.
For a long time gun owners have had the singular pleasure of having massively intrusive, incoherent regulations written by people with no technical understanding of the subject matter. It's nice to finally have some company.
No kidding. Even something as simple as keeping track of what one can do as you drive across country requires an app, or at least http://www.handgunlaw.us/. This is with a state issued carry license that has a patchwork of reciprocity. Literally what is legal in one place, is illegal in the next, and vis versa, just by crossing invisible lines.
Yes, I am not in favor of Federal regulation here, but that is somewhat off topic. Even still, I wanted to purposely point out information to those on HN who might not be familiar with the complexities of such a legal patchwork and what it results in.
I love having the "what makes an assault weapon an assault weapon" discussion with people - its usually a discussion that changes their views on how we regulate firearms. I fear encryption is going to go down this same road.
> people with no technical understanding of the subject matter
Hanlon's Razor is usually a good idea, but it should only be used when all else is equal. That is not the case here, as we know there are long-term (since the first crypto wars) attempts to restrict encryption.
Whoever wrote this bill has a very good understanding of the subject matter. What you call "incoherent" is a feature in the eyes of anyone trying to restrict crypto. Poorly-specified laws provide room to selectively enforce the law or reinterpret what it means.
Then the judicial system is tasked with case after case of having to discern the meaning of the law and how to interpret it legally within the confines of the state and federal constitutions.
I wish I had a dollar for every case I've reviewed where a judge had to interpret a poorly written(bad or ambiguous grammar) statute. Many of the judges got it wrong, probably intentionally in a few instances, and the decisions were later overturned, sometimes after the defendant had spent years in prison. And that's just the ones with happy endings.
It's not strictly a tangent. The GP pointed out that the tactic being tried here is "tried and true" and well understood by many. Although the GP should have gone further and said that we should all be against such tactics regardless of which side of any issue we should find ourselves on. It's a very underhanded, anti-democratic scheme.
I've also seen guns and gun control discussed many times on HN without flames. So I'm not quite sure it qualifies as a "classic flamewar topic" on HN even if it qualifies as such among the general population. I would also argue that the GP did, in a sense, have something new to say about it.
While fiatmoney may have been able to state the correlation better, there are parallels between the regulation of encryption and the regulation of firearms. And this goes beyond just that encryption is considered a munition within the regulatory framework of the U.S. government. There are lessons to be learned by studying the legal history there.
I've wondered for a while if you might make a case for a right to encrypt around the second amendment. If anything encryption seems more relevant today than gun ownership in terms of the second amendment's original reason for being. Nobody could stand up to a modern army with personal firearms, but encryption does allow an individual to limit the power of the government to surveil or persecute them.
This is a great point, and one that I've been meaning to write about either here or elsewhere ever since the issue starting coming up.
Scaring people into giving up their rights is a tactic that's been used by both the right and the left for decades.
I think there's a general point that can be made about understanding restrictions in general and about when and why we should support them, but I don't know exactly what the general point is without resorting to a thing that most people write off as a meaningless platitude (e.g., "Those who sacrifice liberty for security deserve neither.")
I'm going to riff a little bit here, if that's okay.
I think it's worth asking--at each moment that any basic liberty that's even talked about in the constitution comes up for discussion, regardless of how you personally interpret that liberty--who benefits from a reduction in that liberty?
It's perhaps easy to say, for some people, that reducing the number of firearms in circulation is a net benefit for "the people" as a whole.
But I don't think that's a correct answer to the context of my question above. If you view the constitution as a social contract between the citizens and the government, reducing freedoms of any kind is always to the advantage of the government and always to the disadvantage of the people, even if in the short run fewer people die from firearms-related deaths.
Similarly, I would suggest that in terms of privacy, there are people who are willing to sacrifice their own privacy (as well as mine) by outlawing certain encrypted devices because they think that will make us all safer from--something? Are we going to define certain phones and tablets and computers as Assault Devices and make them illegal if they have a pretty fruit logo? Or run an OS named after a cute robot?
The problem is that our government is made up of people. People who are trained just exactly the same ways that we are: by positive and negative responses to actions. People who learn by experience that doing a thing that makes their lives easier (removing freedoms) can be accomplished by stigmatizing the exercise of that freedom.
Voila. There you have all the explanation of why freedoms are in a constant fight against being reduced. It's not because of any conspiracy or because governments are bad by default, or anything nutbaggy like that. It's because the basic approach of human nature is to make your life a little easier. That's it.
Reducing freedoms make the lives of the people in government agencies easier. That's all there is to it.
My opinion comes from some odd experiences in my life. I'm from Texas, but I live in NYC. I like guns, but I also support abortion rights. I was trained as a classical violinist but write code for a living. I studied Aristotelian philosophy and categorical, deductive logic; I work on data with inductive methods.
I think that a lot of the disagreement between parties is manufactured, that people who care deeply about liberty in whatever form it takes: guns, abortions, free speech, privacy . . . whatever--people who care about these things have a lot more in common than they often realize.
I wish there was a better way for us to work together and understand that all freedoms live or die based on our group commitment to all freedoms, not just one or two that we happen to feel good about right now.
"Full-disk encrypted operating systems provide criminals an invaluable tool to prey on women, children, and threaten our freedoms while making the legal process of judicial court orders useless.”
For other actors in government, such as assembly members, full-disk encrypted operating systems increase freedoms - increase the freedom of having any political view while partaking in taboo activities, without their devices were monitored, without the threat of being blackmailed.
Truman stated that "we want no Gestapo or secret police. The FBI is tending in that direction. They are dabbling in sex-life scandals and plain blackmail.[1]
I saw that and I couldn't help rolling my eyes. By that logic, door locks also provide human traffickers the tools to involuntarily imprison innocent women and children. So clearly we need to outlaw locks on doors, everywhere.
I understand the point you're making, but the quote in full context is that it provides the tool while making the legal process of judicial court orders useless. The emphasis on the latter part is kind of where legally they have a point that there is a difference. You can order someone to just open a lock, bash down a door, or break in through a side window/thin wall. With even decently implemented encryption on a device, no such alternatives exist for law enforcement.
To be clear, I'm against the inclusion of backdoors/side-channels/key escrows for anyone on the basis that it threatens the security of everyone for the chance that law enforcement might glean something off a phone. But I do think its important to be realistic and acknowledge that there are situations in which encryption impedes the usual investigative process for law enforcement, and that many time sensitive cases may result in serious harm to individuals as a result.
I do believe that most people calling for backdoors do so in bad faith, but it's not difficult to imagine actual scenarios in which such complaints do impede an investigation. Coy reductio ad absurdum statements really don't help the discussion at large along in either direction.
Burying your secrets in a hole in the desert and never revealing the location makes the legal process of a judicial court order useless too. Should it be illegal to hide things really well?
I wonder if there has been a single actual case of that happening - of encryption having made court orders useless in a case of preying on women or children. I'm skeptical.
This is the game. There will never be a "Prohibiting Encryption and Preventing Privacy Act." It will always be a ostensible act of patriotism and protection. Combatting terrorists, child molesters, sex traffickers, drug cartels, money launderers, and other easy-to-demonize scary folk.
Includes leased phones, and any phone shipped to a California address. So any legit purchased phone basically would need to have a key escrow system in place by either the manufacturer or OS vendor, it wouldn't just be Apple and Google (as California companies) it includes Microsoft Windows Phones also. That sounds like it affects interstate commerce.
Also interesting, the language only says "smartphones" so this doesn't include devices that aren't smartphones. OK tablets and laptops aren't included then. But what is a smartphone? What about an iPod Touch? Only if the device has a GSM/LTE/CDMA radio in it is a smartphone?
22761. (a) For purposes of this section, the following terms have
the following meanings:
(1) (A) "Smartphone" means a cellular radio telephone or other
mobile voice communications handset device that includes all of the
following features:
(i) Utilizes a mobile operating system.
(ii) Possesses the capability to utilize mobile software
applications, access and browse the Internet, utilize text messaging,
utilize digital voice service, and send and receive email.
(iii) Has wireless network connectivity.
(iv) Is capable of operating on a long-term evolution network or
successor wireless data network communication standards.
(B) A "smartphone" does not include a radio cellular telephone
commonly referred to as a "feature" or "messaging" telephone, a
laptop, a tablet device, or a device that only has electronic reading
capability.
It seems like a tablet with a cellular radio could arguably fit that definition as well.
(iv) mean LTE or newer. That suggests NOT tablets, including iPod Touch like devices, because it must have all of the listed features.
It also, weirdly, suggests not anything 3.5G or lower. What? Why?
And in any case, Apple's end-to-end encrypted iMessage does not depend at all on such a cell network of any version. It does work on WiFi only just fine. So why are these devices exempt from terrorists and kiddie porn sickos and human traffickers?
If you're going to be serious about catching that, it seems like everything that does full disk encryption would be broadly included. Desktop and laptop computers, and tablets. Why does Layer 1 matter to this?
> It also, weirdly, suggests not anything 3.5G or lower. What? Why?
Maybe, but I think maybe not...
My 3G Nexus S "[i]s capable of operating on a long-term evolution network or successor wireless data network communication standards". This is because 3G LTE networks seem to also communicate with 3G, 2G, and 1G radios just fine.
> It seems like a tablet with a cellular radio could arguably fit that definition as well.
Strongly disagree, because:
> (1) (A) "Smartphone" means a cellular radio telephone or other mobile voice communications handset device...
and additionally:
> B) A "smartphone" does not include a radio cellular telephone commonly referred to as a "feature" or "messaging" telephone, a laptop, a tablet device, ...
Not only are tablets specifically excluded in the definition, "mobile voice communications handset device" would likely exclude them from the definition all by itself.
> It looks like nothing stops you from purchasing an encrypted phone on the second-hand market...
For reference, the ability to do this hinges on the Definition of "Sold in California" which is defined in -uh- CA Code 22761.(a).4 which reads:
'(4) "Sold in California," or any variation thereof, means that the smartphone is sold at retail from a location within the state, or the smartphone is sold and shipped to an end-use consumer at an address within the state. "Sold in California" does not include a smartphone that is resold in the state on the secondhand market or that is consigned and held as collateral on a loan.' [0]
Cryptography yields two components: encryption/decryption, and authentication. Break one of those, and they're both broken. And that's what really bothers me about all of these politicians who only fixate on the encryption part. They're oblivious to extreme risk introduced by breaking authentication.
While you raise a point, I am not sure that the law in a heavy regulation environment will be that specific. For example, in the area of ham radio encryption is strictly forbidden and has been for years and yet cryptographically secure authentication is still arguably acceptable as long as it does not "obscure the meaning of the communication". I wrote about this in 2004 while I was a student and posted on my blog in 2009 at https://rietta.com/blog/2009/08/17/authentication-without-en....
To my knowledge the idea has not taken hold as the ham radio hobby moves slowly and the need for strong authentication is not typically a felt need of most operators who want to chat broadly and make new friends. It's part of the ham radio culture as a hobby.
When the legislature wants to do something unpopular (or even stupid which is what this is), associate it with the "Evil Of The Era" and propose the bad legislation as the solution to said evil. These days, popular "Evils" are Human Trafficking, Child Porn, and "Terrorism". The first two evoke extreme emotion of crimes committed against the most innocent of victims, so they're the best choice in this scenario. In the 80s-90s it was anything to reduce "Crack Babies" or win "The War on Drugs".
It's an old trick -- when people talk about logical limits placed on the first amendment, you'll hear the phrase "Shouting Fire in a Crowded Theater". Most of those who utter it don't realize that this phrase originated as part of a ruling that had nothing to do with "fire" or a "crowded theater" but was made to curtail the dangerous speech of opposing the draft during World War I[1].
The bill says "...shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider."
It doesn't say how, and it doesn't give a time frame.
So: Provide an API to accept a key. Allow two key attempts per second. Start with key 0x0000..000, next try 0x000..0001. This is guaranteed to complete, you just have to be prepared to wait a while.
(Yes, I know that courts are unhappy with this kind of thing. But the bill is a crappy bill, in many regards).
That was contempt of court, though; in which he was ordered to do something, and by delivering the 4-point font basically failed to do as the court ordered.
The tactic suggested by the GP is similar, but distinct, and has a better chance of working because it isn't an attempt to circumvent the court itself. It's an attempt to have the law seen as vague and therefore void. Still, IMO, not likely to work, but it's not exactly like the Lavabit case.
Yeah, a better written bill would include "Within 48 hours" or "Within three seconds of a request from someone whose third cousin is a dog-catcher who can spell 'Lawful request'" (too much to hope for "Within heat-death of the known universe").
These two bills are actually clever probes, IMHO.
What are the chances they run afoul of interstate commerce provisions?
But hey, C compilers are tiny. It's no problem to put one on a phone.
I would:
- Comply. Rip encryption out of the OS. [keep reading!]
- Make a plug-in for the crypto. That probably already exists in the form of a library, but in any event it doesn't seem hard.
- Have a system update -- one that is fetched very, very early in system setup -- download and install that plugin. To avoid the possibility that downloads can be blocked, you release the source code and give existing phones, already in many hands, the ability to compile that code on the device (some handwaving here, but you can probably make that secure, for specifically that plugin, and maybe exactly that version of the source). You need a way to distribute bug fixes, but again you're dealing with source that's not part of the OS.
That source-level plugin isn't an operating system, and we're back in territory where the government has to ban specific software components, and maybe ban source code (which is going to be a really difficult 1st Amendment argument).
So the 2nd crypto war has move beyond mere fighting words. The long term battlefield is usually the court of public opinion, so I hope Silicon Valley recognizes this challenge to their power. Tech firms should have been attacking this rhetoric hard when it started, but accusing politicians of not understanding math/crypto has been a common response.
Do you want crypto to work? Or do you want to be forced to replace crypto with security theater? Is your business actually willing to actively protect a free internet? Or is it easier to assume this is "someone else's problem"?
I guess we will see which companies defend themselves, and which companies think being a collaborator is more profitable?
so basically there should be 2 components sold separately - "dumb GSM connectivity module" and "smart OS module" (iPod basically). The latter not having cell phone connectivity wouldn't be subject to that law and thus can have FDE/whatever. The GSM module can just attach to the "iPod" back like external battery.
I have a "mifi" device sittin in my coat pocket right now. Even better than attaching to the back, and readily available - it takes a sim card and creates a wifi hotspot for all your devices, and can optionally export a media library or network drive to all connected devices.
The "shall" wording is going to keep this in courts for years, even if it does pass.
Shall is the source of more litigation than any other single word in the English language. It can always be debated because no one knows if it reliably means "can", "must", "may", "might", "will", "should", "ought to", or "is allowed to".
All the above uses can be supported with evidence. Because language evolves.
It's killer word for any law or contract and guaranteed to be disputed.
I am not a lawyer, btw.
But if this somehow passes, it will get tossed because of the wording.
I haven't done any research or anything, but I can't imagine any reasonable person interpreting "shall" to mean "can", "might", "may", or "is allowed to".
Shall means "will" or "must". Like any uncommon word I'm sure it's frequently used incorrectly, and I recognize that language evolves, but I have difficulty believing those other uses have become prevalent enough to be considered valid.
Where the hell is Anonymous in all this? Shouldn't they be out there doxxing and haxxoring and whatever it is that they do to these kinds of people? I'd figure if someone stands up and says "Encryption should be illegal", they probably don't encrypt jack shit themselves, and they're probably easy targets. They might even take the hint and say "shit, I should have encrypted my internetz" and change their stance. Eh, doubtful.
Unfortunately, the vast majority of consumers don't understand what this means and will continue to purchase their phones from the local Apple/AT&T/Verizon/Sprint/TMobile Store.
Whenever someone brings up that argument, I ask them to let me see their phone, PC, etc. and all the data on it. The majority will ask why, to which I respond, "you have nothing to hide, right? So what's the deal with me seeing it?"
Someone needs to make a big deal about how this is bad for business because it allows the Chinese/Russians/French/Welsh/whoever to steal American Innovations(TM) and then write to whomever this person will be challenged by in upcoming elections with "x is anti American Business" talking points. Both sides can play "Won't someone think of the children?"
If you want to play that dirty, rather than make statements about it, ask rhetorical questions about why the people proposing this wants to give the Chinese and Russian an easier way of stealing silicon your secrets, and ask what they've got to hide.
I'm waiting on the day something like this gets proposed in all of the EU states, for the same BS reasons.
As a matter of fact, I'm certain that current leaders of the EU countries who publicly invited immigrants to their state (we all know the most prominent one), was considering this as a easy way to change the privacy laws - and be applauded for it.
- Phones aren't going to replace credit cards - You will need to type in all your passwords each time you use them - Two Factor authentication will need to be done with a different device - Healthkit and other medical records will need to be moved elsewhere - Any profession where there are very serious consequences for leaked communication will no longer be able to do it through their smartphone (lawyers, doctors, executives.)
Basically losing or having your mobile phone stolen will be equal to a burglar pulling up to your house or office and driving away with every sensitive document and record in the back of a van.
No tech company wants to see the end of the mobile revolution. Forget the national interest side to this, anyone supporting broken encryption basically looks like a total moron.