One thing I love about watching the 2016 Crypto Wars: pro-encryption people using all of the pro-gun arguments. Here are my favorites:
1. Criminals will still use encryption / get guns. Only lawful people will be harmed.
2. Compromises will just lead to defeat for the pro-encryption / pro-gun side.
3. If we want to stand up for all of our other civil rights, we need the right to encrypt / bear arms.
4. Consequentialism: the number of people being harmed by encryption/guns is smaller than the number of people who would be harmed by living in a world without encryption/guns.
Personally, I think these are all solid arguments that work for both guns and encryption, but I'm generally more libertarian than many in the SF tech scene.
There's little risk your kid will get his hands on your encryption and do something immature that is also lethal; similarly there's little domestic violence you can commit in a rage with encryption.
A lack of faith in the absolute rationality of people is my argument against guns, and I include my own rationality there.
My argument for encryption is that tech is increasingly an extension of our minds, and we need to keep our mind private. I'm for encryption to the same degree that I'm against government use of a hypothetical mind scanner.
It is breaking encryption that is violent; that's the "gun" here, and it's one I'm against.
However, your premise is that it is possible to do something about guns.
However, consider the war on drugs, billions spent, agencies created, military style task force, severe penalties including life in prison just for possession.
So if that didn't keep drugs out of the hands of bad people, why would changing some regulations keep guns out of peoples hands? I don't see any regulations that have ever been proposed that would make any difference and if we went all in as in the war on drugs, but war on guns, the war on drugs sets a precedent that it won't be successful.
I'm not interested in a gun debate (besides, gun regulation works fairly well almost everywhere in the world, but drug regulation doesn't). This topic, however, is about encryption.
> gun regulation works fairly well almost everywhere in the world, but drug regulation doesn't
Problem is most of the countries with gun regulation where it has any form of success are also countries who didn't have guns to begin with.
Trying to impose that on a country with TONS of guns just isn't realistic. You can't even draw parallels between the two because the societies are far too different.
Your #2 is not specifically a pro-gun argument. Compromise on the death penalty, from an anti-death penalty advocate, means there will still be a death penalty. Compromise on prohibition, from a prohibitionist, means there will still be alcohol for sale. Compromise on allowing abortions, from someone thinks that abortion is murder, means there will still be murders. Compromise on slavery, from an abolitionist, means there will still be slaves. Compromise on the Taft-Hartley law, by Communist union officers forced to take an oath that they were not Communists and anti-Communist politicians, means that one of them can't get what they want.
In all cases, someone who compromised will view the compromise as a defeat.
Therefore, you can't really say it's a pro-gun argument per se, but that both are examples of a wide class of arguments.
I feel that holds for the rest of your points - they hold for nearly every argument, and aren't specifically pro-gun or pro-encryption.
For an example of #3, the US Supreme Court in Roe v. Wade says abortions are legal due to a right of privacy. Those who want to restrict or eliminate abortions view it as a right to life of the unborn, and believe the Court was incorrect in making their decision. Both sides base their arguments in civil rights.
Also, I think the comparison of cryptography to guns is not a good one.
If you want to think of cryptography as a munition, then it's much more like armor than it is to a gun. Bulletproof vests are sometimes used when committing a crime. There are also some laws against them.
And in the US, bulletproof vests are not, I believe, covered under the Second Amendment.
The really interesting thing about point 1 is that with encryption, there's really extremely little personal risk to being unlawful when it comes to encryption. That's why this is a losing game of chess for them. Encryption is just math, and you don't need anybody's permission to do math. You can take a system that the government has mandated be broken and you can do good encryption inside that system by layering it. And good people who simply want to be safe will do this. And so will terrorists. Outlaw good encryption and a whole sub-industry of deniable encryption tools will emerge. And they will have achieved nothing except that our companies won't be allowed to officially support strong encryption, so they'll be disadvantaged in the marketplace. It's a really backwards move.
If your hardware contains unflashable firmware with a back door to direct memory access, then there is no encryption you can trust to perform on the device itself. For example, your baseband processor in your mobile phone which is a binary blob, protected/signed so not to violate FCC regulations and disrupt networks.
Such firmware can be mandated from manufacturers without outlawing encryption directly but making it useless nevertheless.
> Such firmware can be mandated from manufacturers without outlawing encryption directly but making it useless nevertheless.
So the obvious first response to this is that it doesn't actually work. Have you seen the security of these vendors? Apple takes it more seriously than most because they're using it to maintain control over the App Store and yet people still root iPhones. Mandate it by law on vendors who don't even want to do it and it will be completely broken in two days. And completely broken against not only the user. Let's not forget the situation with wifi routers -- "only the manufacturer can issue updates" quickly turns into "security updates are not available from anyone anymore" with the consequent catastrophic nightmare following directly.
But let's pretend we're uninformed pedestrians who don't know that for a minute. How is this idea not even more outrageous than banning encryption to begin with?
it is politically more palpable and "sounds" less outrageous to the public than outlawing encryption. which means it is more likely to make it into law and get support.
The ability for any software to reliably recognize whether an encryption algorithm is being performed or not is not possible (not computable). It can always be hidden.
Yes. And you can obfuscate it. You can even encode it using packet timing, which is very hard to detect. It's also very inefficient, on the order of 1%, but that's enough for text over HD video. See True Names by Vernor Vinge.
> Consider that, as it is now, encrypted data on the Internet traverses numerous untrusted devices
And those untrusted devices leak considerable amounts of that data! You know that it doesn't matter how good the encryption is if one of the computers in the chain is full of malware.
For your OTP example: I know what the cipher text is. I slurped that. I don't know what the key is, or the plain text is, until you decrypt it, at which point I know both because I have access to your memory because your computer is compromised.
My point is that compartmentalization allows secure communication through untrusted devices. It won't be convenient, but it's doable. There is no "computer". There are local networks of suitably isolated devices.
The device that decrypts can't send anything to the Internet, because it's behind receive-only optoisolators. The device that encrypts can't receive anything from the Internet, because it's behind send-only optoisolators. All intervening information processing may occur in your head. Or there may be other devices that are totally air-gapped, with all data transfer through single use flash storage. If you're using entirely untrusted devices, you move all crypto to such air-gapped devices.
It does help if these devices can be trusted, but that's not essential. You could, for example, do encryption manually with one-time pads. Or use that thing with decks of cards.
Maybe you claim that no trustable devices will be available. But that's unlikely. Consider how easy it is to obtain Afghani heroin in NYC. Also, if I were targeted by American adversaries, I could arguably trust devices backdoored by the Russians, or the North Koreans, etc. And vice versa.
Mostly because I believe the device can be more cheaply made if it does not have to run a full-featured OS such as Android. No browser, no color screen, just like my old Nokia candy bar phone; no GPU at all would be required.
1. The majority of the time, encryption is used for legal, positive reasons, like protecting your bank info or medical info. Guns, on the other hand, there's no argument for: just look at the data from the UK. Even the police are better off without guns.
2. This might be true for guns, but who cares?
3. In the age of tanks, machine guns, and grenades, consumer guns don't enable us to overthrow unjust governments as they did when the bill of rights was written. As such, they no longer play a role in protecting our civil rights. If anything, gun rights are frequently a talking point for Right-wing politicians who happily trample over all of our other civil liberties. As a political force, the pro-gun politics is actively harming our civil liberties.
4. Looking at the data, I don't see how your can argue this. In the US guns are used more in suicide or commission of a crime than in self-defense. In the UK, near-universal bans on guns have lead to a drastic decrease in gun deaths.
> The majority of the time, encryption is used for legal, positive reasons, like protecting your bank info or medical info. Guns, on the other hand, there's no argument for
Ummm, the vast, vast majority of the guns in the U.S. are used for legal, positive reasons like target shooting or self-defense. The number of murders per gun-year is incredibly low, effectively infinitesimal.
Focusing on murders really misses the point. Or rather misses the full picture. Something we rarely talk about but is the biggest gun problem in the US.
60ish percent of deaths by firearms are suicide. Owning a firearm is a risk factor for suicide. This is because many (most?) suicides are not carefully planned out and given considerable deliberation but are somewhat impulsive. Removing an easy means to commit suicide actually reduces suicide.
Where did I say I wanted the government to criminalize gun ownership to prevent suicide? I didn't. I specifically said I don't have an opinion on the matter. I just said we shouldn't focus on murders being the biggest problem because they aren't, suicide is.
When a gun fires at a human, it is a suicide or a murder more often than it is self defense.
Ultimately, though, I do agree that these numbers are all negligible: there are more car deaths annually than there have been civilian gun deaths in the last ten years. The argument that is important to me is that gun rights simply aren't very relevant any more, and they are being used as a talking point for political forces who are causing a lot of harm to much more relevant rights.
re: 1. The majority of the time, guns are not used at all. Most of the rest of the time they're used for legal, positive reasons, like protecting your bank or recreation. Guns, there's just no way to prevent or collect them all (no way that's consistent with the US Bill of Rights, even if you toss out the Second Amendment). You really don't need much machinery to make an improvised gun, and with a little more tools and expertise, one can manufacture an automatic weapon.
>just look at the data from the UK. Even the police are better off without guns.
I'm more afraid of harm from police than I am from criminals with guns.
>2. This might be true for guns, but who cares?
Meh, it's not a great point but a lot of people in the US care, even if you don't agree with them.
>3. In the age of tanks, machine guns, and grenades, consumer guns don't enable us to overthrow unjust governments as they did when the bill of rights was written.
Tanks are literally useless. As the wars in the Middle East have nicely demonstrated, they do not magically enable victory, especially against an entranched/integrated guerrilla enemy. This is true for all sorts of high-tech military weaponry/machinery.
>As such, they no longer play a role in protecting our civil rights.
I disagree with the premise of your argument, so I also disagree with this point.
>If anything, gun rights are frequently a talking point for Right-wing politicians who happily trample over all of our other civil liberties. As a political force, the pro-gun politics is actively harming our civil liberties.
I can agree with that. There are a lot of authoritarians/fascists/logically challenged people on the pro-gun side; and a lot of politicians who use divisive issues to agitate the more excitable parts of the electorate. They do it for abortion and LGBT/civil rights as well. It's not great, but also not an argument for/against gun rights.
>4. Looking at the data, I don't see how your can argue this.
I don't see how the US gov't can effectively collect all of the guns in the US without some pretty draconian/authoritarian measures of exactly the type that pro-2A folks oppose in principle, and that most Americans agree with.
>In the US guns are used more in suicide
I don't want a government to try to prevent me or anyone else from suicide by trying to nerf the environment.
> or commission of a crime than in self-defense. In the UK, near-universal bans on guns have lead to a drastic decrease in gun deaths.
I admit the numbers are hard to argue with, even factoring in the violent crimes committed with other weapons and against the unarmed. OTOH, I've noted a disturbing trend of the UK to ban or attempt to ban or regulate the sale of other items which may sometimes be used as a weapon, mainly pointy things like kitchen cutlery. That's certainly not something I would support.
As an analogy, note that the US has attempted to prevent the distribution of illegal amphetamines by restricting the sale of so-called precursor chemicals. It hasn't prevented the distribution of methamphetamine, but it has prevented the retail sale of drain cleaner, cold medicine, and other household chemicals/items. It's a moderate inconvenience for a lot of people and the only discernible effect it's had on drugs distribution is to decrease the quality/safety of illegal drugs (through criminals using inferior methods to produce them). Gun culture is so ingrained in the US that I feel we'd see the same sort of things happening with guns if the gov't attempted to ban them.
They become pretty weak for encryption except #1. Moreover, there are real arguments for the inherit danger in owning a gun, statistically. It's a fact that you're more likely to commit suicide or someone gets killed because you own a gun.
You can't say the same about encryption because it's a tool, not a weapon. A gun is a weapon meant to kill.
> 2. Compromises will just lead to defeat for the pro-encryption / pro-gun side.
A compromise in encryption hurts everybody. The whole platform for electronic banking needs strong encryption, for example.
> Consequentialism: the number of people being harmed by encryption/guns is smaller than the number of people who would be harmed by living in a world without encryption/guns.
If you own a gun you are statistically more likely to get shot or killed.
> If you own a gun you are statistically more likely to get shot or killed.
Or is it that if you have reason to believe you might get shot or killed, you are more likely to buy a gun?
I don't have an account, but I just made one because I'm genuinely curious about whether you have a good source for this claim. The usual study referenced for this is deeply flawed; if I remember correctly it examines people who were shot and checks whether they owned a gun. Of course that study is completely invalid because of the selection bias involved. P(X owns a gun | X gets shot) is not the same as P(X gets shot | X owns a gun).
While agreeing with you that there are some statistically terrible high profile studies (such as failure to control for cases where the subject acquired a gun explicitly because they thought someone was planning to shoot them), I think it is still true that owning a gun causally increases your likelihood of being shot.
The biggest reason is suicide. If you don't own a gun, you are much less likely to intentionally shoot yourself. The second reason is accidental shootings. If there is no gun in your house, there is practically no chance that you will accidentally shoot yourself, or that your toddler will accidentally shoot you.
Of course, the question that's really being asked is whether an individual is at greater risk of being shot intentionally by someone else if they own a gun or not. This is where the data is much thinner. This seems like a solid review article: http://www.iansa.org/system/files/Risks%20and%20Benefits%20o...
Their conclusion at the bottom of page 4 and top of page 5 is even after "controlling for illicit drug use, fights, arrests, living alone, and whether or not the home was rented", that "Yes, owning a gun increases your risk of death by gunshot". Still, I'd be interested in seeing a study that breaks apart statistics for hand guns and long guns.
That's an oversimplification. While it's true that criminals will still get encryption, there's no corresponding harm to innocents like there is with widespread gun ownership (domestic violence, fights that escalate into shootings, child accidents, adult accidents, etc.) It is not as "solid" an argument for guns as it is for encryption.
> ...there's no corresponding harm to innocents like there is with widespread gun ownership...
That is also an oversimplification. Have you considered the possibility that encryption can be used in commission of a non-victemless crime? Let me direct your attention to the state's now second favorite goto: child porn. Privacy advocates are as familiar with that justification as gunrights advocates are with the waving of bloody shirts following school shootings.
The difference is that it is for all practical purposes impossible to actually ban strong encryption, because it is a virtual good; it is a mathematical concept, implemented in a lot of widely available open source code. At most you can legislate that stock computing devices (such as smartphones) contain no such strong encryption without government backdoors, and you would be able to catch the low hanging fruit of the criminals depending on that technology.
But you cannot prevent someone from using strong encryption using third party applications. How will you force a backdoor into, say, gnupg or dm-crypt? Outlaw that software? Any criminal worth his salt will use tools that are not backdoored, completely negating the gimped government-approved stock software.
Guns are physical items that require physical ammunition. It is a completely different situation. This discussion and comparison is also very strange for someone from Europe, where owning a gun is rare and completely undesirable for the vast majority.
I don't mind taking the conversation in a different direction, but I just want to make it clear that nothing you said has anything to do with what I said.
> ...for all practical purposes impossible to actually ban strong encryption...
They learned their lesson after the first attempt to do so. Just jumble those words up a little and you'll see the current strategy: actually ban practical encryption. The state doesn't care about gnupg, or any other software that requires more than an hour's worth reading to safely use - because 99% of people won't. So they only have to target the stuff that is easy to use or on by default... unless they can depend on corporate cooperation (Apple up until recently, Microsoft, AT&T, etc).
> Guns are physical items that require physical ammunition. It is a completely different situation.
One can very easily manufacture a firearm using the same equipment that one would use to produce common consumer products like garden hose nozzles. The schematics are all available online. The state doesn't ban the means of production, they ban the stuff that makes it accessible to the common folk - like retail sale of firearms. You see where I'm going with this right? The state doesn't ban math, they ban the stuff that makes the math accessible to the common folk.
> ...where owning a gun is rare and completely undesirable for the vast majority...
lol, unlike encryption software? I'm not talking about the kind that lets you buy crap online that the state can easily circumvent, I'm talking about to kind of crypto that only terrorists, pedos and anarchists want to use... and that the state can't break.
The kind of encryption that we use to safely buy stuff on-line (such as TLS for securing our HTTP connections) and the kind that security-aware people use to secure data (which includes criminals and anarchists, but also activists living under repressive regimes, healthcare professionals, lawyers, software developers, etc.) is quite similar from a mathematical standpoint. The underlying algorithms (such as AES, SHA-2, RSA, etc.) and mathematical concepts are often the same.
There is no practical difference in the kind of crypto a criminal uses and the kind you would use to store your passwords and scans of important documents.
Again... there is very little material difference between a garden hose nozzle and a 1911 handgun, just as there is very little mathematical difference between the functions powering TLS and PGP. But one is completely centralized and offers practically zero protection from government lawyers and NSLs, and the other offers protection from even determined state level adversaries. Guess which one is widely deployed and which one had to be published in a book and shipped over seas in order to circumvent munition export restrictions.
Exactly, because obviously 3d printed objects are not, in fact, physical objects that require physical ammunition and that can be treated like any other physical object, right? Right?!
You know that the majority of stuff you see on CSI is total crap... There are three identifying marks on spent shell casings:
Fingerprints: easily avoided.
Production facility/year: not really useful for criminal investigations.
Toolmarks from firing pin and extractor: oversold television crap, toolmark analysis is quickly sinking to the same level of reputation as bitemark analysis in the real world.
None of that matters for anything that doesn't eject spent shells, but nobody would choose to print a more easily produced revolver, derringer, liberator, muzzle loader - right? Right?!
I don't know what you are arguing here. A gun is a physical item, as is ammunition. You can stop somebody, search them, and find out if they have a gun and/or ammunition. You cannot do any such thing with encryption, as it is not a physical entity. Whether your gun is a regular gun, 3d printed or made of candy cane does not change the fact that it is a physical item. I don't care where it comes from or how you built it, as a physical item, it still follows a very different logic than virtual entities.
Ah, given the context my mind went right to ammunition microstamping.
Encryption software and 3d printed guns are simply implementations of ideas, both physically interact with the world and both can be observed. ABS plastic stock is to blank hard drive as printed gun is to c:/pgp.exe.
You missed the point. Widespread gun ownership among non-criminals has side effects that harm innocents. Not the case with encryption.
You could argue it makes it easier for people to become criminals, but even that is a weak comparison. Guns are a lot harder to come by in the UK (for example) than encryption software would be in a more regulated world.
You hid the point pretty well then, because those who engage in "domestic violence" and "fights that escalate into _blank_" are certainly not "non-criminals". So that leaves only accidents:
Widespread $PHYSICALOBJECT ownership among non-criminals has side effects that harm innocents. Not the case with $VIRTUALOBJECT.
You know that regardless of what you use for $PHYSICALOBJECT or $VIRTUALOBJECT that statement will be true right? You also did not state exclusivity among non-criminals, is that because you know that is impossible? If that is the case then you've hidden the point very well.
I largely agree with you as far as rhetoric goes, but I think there are practical details of guns & encryption that matter in practice. First, guns are physical things where encryption is (largely) ideas. Second, the 'protection' offered by the two technologies differs. Guns offer a dis-incentive to mistreat the user, but do not directly restrict behavior when at rest. On the other hand, encryption prevents access even if the user is un-aware, but does not offer any method of 'active' defense (i.e. shooting at an aggressor).
Devil's advocate. Brandishing a firearm i.e. displaying but not drawing it could be considered an 'inactive' defense. Knowing someone owns an iPhone might dissuade one from attempting theft.
> First, guns are physical things where encryption is (largely) ideas.
I don't see what this means for the topic at hand.
> Second, the 'protection' offered by the two technologies differs. Guns offer a dis-incentive to mistreat the user, but do not directly restrict behavior when at rest.
Same here. What's the significance? Would auto-firing guns be better?
On a practical level, it's more difficult to interdict and regulate non-physical things. There is a potential future where 3d printers are good enough and universal enough that guns are knowlege too - but that's not the situation today. How easy a thing is to regulate matters enormously to how actively you want to pursue it.
The difference is that guns require the user to engage others with the gun to be effective. This is how people pull guns on the police who are breaking into their houses and get shot, this is how people hurt themselves while practicing with their guns, etc. Even if everyone has the best of intentions, there is still potential for injury or death. Good intentions are not enough, perfect use of guns is also necessary.
Poor use of encryption, on the other hand, has the opposite effect. Poorly encrypted documents are simply insecure - bad but not injurious. On the other hand, correctly encrypted documents are simply in-accessible. While guns are objects that are fundamentally about affecting other things ("If you do X, I will shoot you"), encryption is fundamentally about affecting the thing that's encrypted.
I suppose I meant that the stakes are lower with encryption. If someone gets encryption and doesn't know how to use it, they simply incorrectly encrypt their stuff. If someone gets a gun and doesn't know how to use it, they may hurt themselves or others. incorrectly encrypted documents may hurt people, but it's not inherent to the encryption.
This doesn't sound as crazy as it might at first glance, once you remember that strong encryption used to be treated as munition, and in some ways still is.
There is plenty of weaponry that is restricted despite the second amendment. The US public gets pretty antsy when smallarms get restricted, but they don't say much when states start banning civilian-owned things like tanks, landmines, maces, or even brass knuckles.
Hell, the US even invaded Iraq for the official reason that 'Iraq had weapons you weren't supposed to have' (chemical weapons). Yes, Iraq is not subject to the US constitution, but the concept of 'some weapons are okay, others are not' is still there.
> There is plenty of weaponry that is restricted despite the second amendment. The US public gets pretty antsy when smallarms get restricted, but they don't say much when states start banning civilian-owned things like tanks, landmines, maces, or even brass knuckles.
Those laws are violations of any honest reading of the Second Amendment (with the possible exception of tanks, if one thinks that the Second Amendment protects only man-portable weapons).
You're right to point out the similarities, but when you drag guns into this issue you lose some supporters.
It unnecessarily complicates the issue, even though I agree with you on the similarities. People will just find more ways to disagree on encryption and they won't have learned anything more about computer technology.
The only difference is that more people use encryption then guns.
And what affects me is most important, morals be damned. /s
Majority oppression is very effective. And that's why I think this will turn out differently than guns. My prediction: you won't have to register encryption keys, or keep it disabled, or pay the state some ridiculous amount for a permit that they illegally stonewall, or be prevented from using any encryption made after 1986.
Replace "encryption" with any of cars, knives, food, rat poison, drain cleaner, plastic wrap, dogs, lasers, urine, syringes, air, water, concrete, VCRs ... to see why this is an inconsequential point.
Yeah I agree, I just think there's something a bit more visceral about shooting someone with a gun (or using any other physical weapon that shoots or cuts or stabs) rather than using encryption to set up a scenario that would cause harm in some way indirectly from the perpetrator.
I would think this is why there are those restrictions on guns that seem pretty weird when you talk about applying the same rules to encryption.
What do you think would happen if someone planted cryptolocker-inspired malware on a planes avionics suite and denies it's use to the flight crew? Especially one of the newer models which are exclusively fly-by-wire?
Cryptolocker attacks have very little to do ideologically with encryption; it's a side show to the main event, the fact that networks are vulnerable to infiltration. Those attacks could happen with or without encryption in the malware, but could be reduced in frequency and severity by using strong systems with strong encryption on the victims' side.
The airplane bit is where the scenario goes completely off the rails wrt encryption's involvement, but again, using encryption and strong security on the airplane's systems would reduce or eliminate the risk.
I guess then the next time someone (perhaps even yourself) argues "they're trying to take our guns away" you will point to the 2016 Crypto Wars to show them that they're wrong...
It's entirely reasonable to argue that some of these arguments apply to encryption, but not to guns, as the actual arguments that are usually used are more complex.
Applying an argument to something physical vs. something digital or something that directly kills people vs. something that prevents access to information makes a lot of difference.
#3: Ironically, the pro-gun people that argue this never actually use this supposed right. You hear that the second amendment is the protector of the others, yet most of the rest of the US Bill of Rights get some significant erosions without so much as a peep of second-amendment reaction.
Perhaps they're waiting for the 3rd and 7th amendments to suffer like the others, so they can react to the complete set in one go? Certainly the 4th, 6th, and 8th amendments have taken quite a pounding in the past couple of decades...
The UK is fairly close to crossing a line which would require me to either stop working (and do everything under the radar), or leave the country.
It sounds like the US might be doing a similar thing soon.
What happens if all of the (semi-competent) developers suddenly either refuse to work or simply can't?
The whole situation is truly bonkers to me - there is no debate to be had at all. If you ban secure encryption I cannot stay in your country any more - it is the last warning sign I will accept, if I wait too much longer the borders will close before me.
It represents my elected government telling me that I cannot do a thing which I do every single day without fail. It's as if someone turns around and says to my grandmother 'knitting is banned'. That just isn't how it works.
The history of civilization is full of battles over technology between the people and the government. New technology arrives that disrupts government functions and the government had to go about banning and controlling it. It's a pretty regular thing. The mandarins cracked down on tech development in China leading to stagnation. The Ottomans banned the printing press. The Japanese shut out all outside influence for a few hundred years. Now we ban encryption. Go figure.
There seems to be a difference between your examples and encryption though. All of your examples were developments that created positive value. AFAICT encryption in itself doesn't create positive value, it only prevents negative value. If, for example, our letters couldn't be opened, encryption would only be a waste of resources.
It is an undisputed historical fact that ubiquitous strong encryption was the primary enabler in the explosion of online commerce. What are you even talking about?
Those were the two most relevant links from Googling "ecommerce encryption". Regardless, without the ability encrypt personal and payment data for ecommerce transactions, it would've never succeeded.
That's not true. Being able to programatically verify (via public private key) makes things like ssl/key authorities possible. That's a multi-billion dollar industry.
That just means you have a broken way of assigning value which gives zero credit to inventions which enable other inventions, or provide safety, or mitigate risk.
Do tools have value? If you make something with tools, it's not the tools themselves which made it.
How about this one: the invention of the concept of a written contract with authenticating signatures and seals, allowing business to take place. (Together with a legal system for enforcing contracts.) Courts and documents themselves don't produce tangible value.
Insurance doesn't product value, but it protects. It has monetary value, demonstrated by the fact that people make premium payments to maintain it. Many never collect a dime over the life of an insurance term.
All kinds of infrastructure is an indirect example.
It would be great to see large website blocking government IP addresses, even for a few days Why give access to people who are trying to attack the system?
Obviously no company would do this but holy shit would that make the point. Just imaging Amazon, Apple, Google; practically everyone requiring government based IP addresses to go through HTTP for authentication, purchasing, etc and how quickly all of their data gets spilled onto the internet.
I mean ultimately it would be a "dick move" anyway but it would drive the point home so quickly.
The problem is the people in charge usually aren't smart enough to understand WHY we need encryption AT ALL. The majority of them most likely don't know the difference between HTTP and HTTPS
Exactly. Moreover, it's not like there's an immediate cause-and-effect of "use plain HTTP, get owned immediately". Instead, their credit cards and personal info would hit the black market, get aggregated and sold months down the road.
And even when that DID happen, it's not like the fact that their bank account is drained and their identity stolen is immediately determined to be a cause of X transaction on Y date over Z website.
In other words, it is hard to connect plain HTTP to identity theft even for the more-savvy let alone the common government worker.
Is there some reason why the government wouldn't be able to license the use of unadulterated crypto for purposes it doesn't give a shit about, like you transmitting your credit card number to online retailers, while mandating some form of government access in situations where it does give a shit, such as being able to access the data stored on disk-encrypted cell phones?
Fair question. Sounds like you don't know much about encryption. I'll do my best.
Encryption is software-based and is as available to people connected to the internet as checking out a book from the library. Using encryption is free, and writing software that makes use of encryption is something anyone could teach themselves.
I think what you're getting at is, why can't we have some forms of encryption that have back doors for government, and other forms that have no back doors.
Think about computer viruses. They are designed to infiltrate your system, and any system that is like yours. If a virus targets Windows 7 and infects your computer, then it would be able to infect any Windows 7 machine. The same is true for bugs or vulnerabilities within legitimate software.
Say I run a WordPress site. The computer that serves my website runs WordPress 3.4, for example. Let's say a weakness is found in WordPress 3.4 that allows anyone using the username "jabberwocky" to log into my site and gain administrator privileges. This enables them to edit text and photos on my site. WordPress discovers this weakness and releases an upgrade to 3.5 which fixes the bug and no longer allows users to gain administrator status when logged in as "jabberwocky".
If I don't upgrade my site to 3.5, my system is still vulnerable. Further, everyone knows about the weakness in WordPress 3.4 because the 3.5 release notes explain the reason for the upgrade. My site becomes an instant target for any hackers. If my business were based on this website it could really hurt my reputation, profits etc. if someone were to gain control of my site.
What the government is asking Apple to do is allow them to login as "jabberwocky" whenever they have a warrant. By doing this, Apple enables anyone to login as "jabberwocky" so long as they have the special software which Apple is being asked to write. And, since the government is asking for this access permanently, Apple will never be allowed to modify this security weakness sufficiently so that it does not exist, because by court order it must exist.
The final point I would make is that since encryption is so readily available, any user can download software that makes use of encrypted communications in less than a minute with an internet connection. Compelling Apple to weaken their encryption system does nothing to provide the DOJ with access to data within these other communication programs. Some examples are Signal, wickr and Telegram. Senator Lindsey Graham makes this point at the end of his questioning of Attorney General Loretta Lynch [1]. I hope you'll give it a listen.
The answer to this question is why the US must resist the mass invasion of government into our private lives. For many other issues, people from around the world still answer the question "where would you go" with the US.
In the US we actually have a chance to push back on our rights and enshrine them constitutionally. For the US this must be the end goal of the discussion on the privacy and encryption discussion. Protecting and clarifying existing rights, 1st, 4th, 5th all apply here and the courts should uphold them in the face of the executive branch and commercial interests pushing invasion into normalcy.
If we fail to protect those rights and clarify their meaning in the 21st century the answer to the question "But where will you go" will be "there is no place to go".
The result of these kinds of policies is brain drain. The people you are trying to ban the actions of are both some of the most driven and outspoken in the world, and also some of the most economically desirable in the world. If you prevent them from investigating their pet projects in their homeland, they will simply go and do it in another country, because it's not an obstacle for them. There's a tonne of countries out there that would gladly roll out the red carpet for a tech exodus from the former commonwealth states.
You think the governments of Ukraine, Mexico, Hungary, and Argentina ask nicely when it comes to this?
Hungary is a borderline dictatorship. Ukraine is a war-torn mess, and then some. Mexico is one of the most corrupt countries, with little to no history of respecting individual rights. Argentina just nearly became a failed state on par with Venezuela (the verdict is not yet in on whether they've avoided that outcome).
Half of that list is terrible and entirely unrealistic. Silicon Valley developers are not going to Hungary and Mexico.
As a German I do know about what the Stasi did. The thing is that most Germans don't acknowledge the relationship between what was going on then and what is going on now.
I don't know a single (German) person outside of tech who thinks anything they (ordinarily) do online or on their smartphone could be used against them in one way or another.
Some may complain about the government but they didn't change their habits when it comes to using their smartphone or laptop. They don't realize that, for instance, every picture they add to facebook will train algorithms that could be used for all kind of purposes.
President Gauck doesn't think it is valid to compare the Stasi and the NSA
> Gauck wehrt sich gegen Vergleich der NSA mit der Stasi
Das erklärt auch, warum er in dem Interview jeden Vergleich zwischen den Methoden der Stasi und den Aktivitäten der NSA weit zurückweist. Die Stasi habe wie jeder Geheimdienst in einer Diktatur "Krieg gegen das eigene Volk geführt". Sie habe die Bürger bespitzelt, um diese Bespitzelungen gegen die Bürger zu richten. Davon könne aktuell nicht die Rede sein. "Hier sprechen wir von einer Gefahr für die Demokratie innerhalb der Demokratie."
And Chanchelor Merkel declared data the "raw material of the 21th century"
and urged Germans to rethink their position on privacy
> Bundeskanzlerin Angela Merkel hat Daten als "Rohstoffe des 21. Jahrhunderts" bezeichnet. "Hier müssen wir jetzt aufpassen, dass der Datenschutz nicht die Oberhand über die wirtschaftliche Verarbeitung gewinnt", sagte die CDU-Politikern am Montag in Berlin beim Verlegerkongress Publishers' Summit.
"Those who cannot learn from history are doomed to repeat it"
Thanks for elaborating. I feel somewhat foolish trying to tell a German about the Stasi. On the internet we assume everyone is an American - well unless you're the NSA watching in which case it's definitely not domestic surveillance ;-)
As a European of 30+ years, I am actually pretty optimistic in that there is, in all areas of politics, a certain point at which EU governments will refuse to follow the US down the rabbit hole.
Germany feels pretty strongly about privacy (albeit not absolute privacy), and I doubt that they will start passing laws just "because the US did it".
UK, I'll give you that. Then again, the UK is culturally closer to the US than to mainland Europe in many ways, this being one of them.
I'm a bit less optimistic. Take the recent seizure of Cock.li servers in Germany [1].
Regardless of what you think of the Cock.li service or its owner, the seizure of all the company's emails suggests that demands from police authorities or politicians take precedence over data privacy concerns - even in privacy-conscious Germany.
I hope / believe this is true. And then the EU will be the beneficiaries of being the countries best situated to provide technological devices and services without weakened security.
The two biggest political parties in the UK are both broadly pro-surveillance and see things like the ECHR as an annoyance. As elsewhere the majority of the public in the UK is disinterested. The vocal minority are ignored or outvoted.
Switzerland is also quite adamant in protecting privacy. And from what I hear a great place to start a business.
As for UK, from what I understand they have an open channel with US in terms of information exchange for anti-terrorism. Perhaps due to that it's expected from them to follow suit with US in legislation if they want to stay in the same terms. That would probably extend to a few other countries who are in such a privileged relationship.
IBM and Yahoo are sinking ships; becoming unionized to get job security there is the equivalent of lashing yourself to their mast, when you should just get in a lifeboat.
The problem with a boycott of that kind is that it would take too long to have consequences feeled by the general public. It’s not like we could block roads and disrupt public transportation. While the whole world is relied on computers a very small percentage of everyday work is mission critical to need a constant maintenance and care by developers. From the other hand it could hurt businesses which isn’t our goal since most of these guys are probably already on our side.
We should find something more targeted that could have a greater impact in a shorter timeframe.
I think they'd notice quite quickly if the whole of Google went offline for a week or so. Like literally, no search, no gmail, no maps, no anything. Now imagine if other large companies did the same, like Apple, Microsoft, Amazon, etc. Heck, want to make a real effect? Have a boycott which takes AWS offline for a few weeks, including everything hosted on it.
The consequences would become clear soon enough. Bonus points if the White House and Houses of Parliament sites were taken offline with it.
Sure, but as I said in my parent comment in such a case we're hurting corporations. Why would we want to do that? Google isn't our enemy here, they're probably in the same boat as we're. Of course they could willingly participate which would be a game-changer but I seriously doubt they'd go in such extreme measures because it could alienate them in the eyes of the state.
>Google isn't our enemy here, they're probably in the same boat as we're.
Google is the enemy. Like Apple, they're a PRISM participant, and while that doesn't necessarily mean they offer "direct and open access to all user data" like some believe, it still means they willingly collaborate with the NSA, because they're required and obligated to do so under the law. Any company subject to US law is also subject to NSLs, with which they can be forced to act as covert agents for the NSA.
We're all in the same boat, but that's because the enemy is us. The entirety of the United States' IT and electronics industries is the enemy, here, and the victim.
There is too much money & shareholder interest tied up in those companies for that to happen. You can't just shut down a money machine unless shareholders approve or you can show why this is the best thing for your shareholders and you're acting responsibly. I think you'd have trouble proving these things because this is a polarizing topic. If you ask most people outside of tech circles they don't really care that much.
With a good chunk of US developers it wouldn't take more than a few days before employers felt the pain and it had generated plenty of headlines.
Sure, employers would be wrongfully punished, but they'd all spend more money buying political decisions in favor of encryption (and spending money seems to be the only way to influence politicians in the US nowadays).
While I agree with the sentiment, I fear that for many software developers ensuring the continuity of their livelihood is more important — either by necessity or choice — than defending the right to privacy and the freedom to keep private records.
Supporting your children extends beyond giving them a genome and physical sustenance. Genes haven't been the primary avenue of change in our species for at least a hundred thousand years. The significant things we pass on to future generations are our cultures, our languages, our ideas, our ways of life.
Every moment we are building that inheritance.
If we want to give your children and theirs a world where their hearts and minds are nurtured, where they are able to live with integrity and human-heartedness, then we're going to have to make some uncomfortable changes.
I should note that I don't really have a strong opinion on the idea of a boycott. I'm just reacting to the feeling of impossibility that people always express whenever someone proposes a challenging idea. In my experience, that feeling is typically where we hide the simple solution to a problem.
Move to a cheaper house, save up six months expenses. If the issue isn't important enough to sacrifice your comfort for it, it won't go your way. Your children will grow up as subjects, rather than citizens.
That is exactly and precisely how it works. In a common law legal system like the UK everything is legal until it suddenly isn't because some act of legislation makes it so. There is no constitution to restrict what legislation the government may choose to enact. There is a body of EU law that has some bearing but much that is relevant here (e.g. Convention of Human Rights) either comes with or was enacted into UK law with 'except because crime or national security, think of the children' tagged onto every clause.
Over just the last few decades UK governments have banned all manner of things, all of which were things people were doing every day. Hunting, smoking, various types of porn and 'legal highs' are some that immediately come to mind, but there are plenty more.
You are responsible for protecting your family. That may mean you have to sell your home. Do you rather want to do that or sacrifice your families freedom?
Is that a fact? Or is it learned behavior? This sort of lazy, defeatist appeal to some rigid notion of human nature is a pernicious refrain in any discussion about real change.
The only thing you can say for sure about humans is that we possess a capacity for change and adaptation whose bounds have yet to be identified. But if you want to live in a box, then that's what you'll get.
If your home is under physical attack, you abandon your home as a refugee. Maybe some developers feel strongly enough to do the same when their livelihoods are under ideological attack.
> “[Technology can] empower individuals to do things they could have never dreamed of before, but also empower folks who are very dangerous to spread dangerous messages” President Barack Obama said today.
Behind every proposed restriction on speech is actually a fear of freedom of thought. As though there are some ideas or beliefs are so powerful, that mearly exposing an individual to those ideas can forever change their allegiance. It used to be communism and now it's terrorism. It's a very pessimistic and condescending view of the nature of humans that I personally don't believe to be true.
There is also the mistaken belief that effective restriction of free thought is is possible through political/legal means. That strategy was ineffective against communism and remains ineffective today.
Yes, and as if a massive outrage cannot be planned and executed without using digital communication or perhaps using it but with pre-arranged 'innocuous' codes as a one-time pad.
Restriction of free thought has been extremely effective. Politically and economically the US is practically a monoculture. Encryption could only make it more so, through the chilling effect of forcing dissenters to think more than twice about what they communicate, who they communicate it with, and how they do it.
It makes mainstream dissent like Occupy very much harder - and that's not even thinking about how it would have influenced historical dissent like the Civil Rights or Anti-War Movements.
Commercially it also guarantees that the US has access to corporate secrets. If encryption is de facto illegal, how do you communicate commercially sensitive information?
The danger in that however is subtly disarming other rights.
Say it's 1960 instead of 2016, but digital technology has taken off 60 years sooner. The NAACP youth council coordinates over Facebook and e-mail lists instead, and the civil rights movement is under government scrutiny because of potential terrorist links. The Greensboro Four, Joseph McNei, Franklin McCain, Ezell Black Jr. and David Richmond are planning their sit in over Whatsapp, which an algorithm picks up. Someone at the NSA, sympathising with segregation, passes this on to someone in local law enforcement through non-official channels. Before the four even get to the Woolworth, they are detained by a police officer in a "routine" traffic stop. The sit in never happens for national security reasons.
The right to coordinate seems absolutely essential to the right to congregate. I do think that the civil rights movement is a good example of how righting an injustice could be stifled by preventing people coordinating. Other historical what-ifs like the labor movements, the salt march, or concrete examples like the various secret polices of communist dictatorships spring to mind too. You could have dissident thoughts all day long in east Berlin as well, as long as noone heard them.
Obama: "Look, just because we've abused every other piece of technology we have access to, doesn't mean we'll abuse this one too. Sure, our law enforcement officers aren't above straight up murdering people they don't like and trying to cover it up, but I'm sure they'll be much more respectful towards your phone. Now, if you don't break your own encryption, just wait a bit and Congress will do it for you."
It needs to be pointed out more often that law enforcement still has all of the physical access methods that they've had for the past 200 years. If the government wants to break into your home or office, they can and will do so. No "technological advance" from Silicon Valley has made this type of investigation more difficult. This means that all of the investigative methods that were available 200 years ago are available now.
The government is demanding new powers: the power to search our communications. Perhaps the ability to conduct such searches will make their jobs easier, but keeping them from having this power does not make their jobs more difficult than the 200 year baseline. We are only asking them to do the same legwork that they've always done: look for suspicious behavior, track the purchase of dangerous materials, react to disasters and attacks when they happen, etc.
> keeping them from having this power does not make their jobs more difficult than the 200 year baseline.
I don't think that's entirely accurate. The problem is that the content they were looking for 200, 100, and even 20 years ago used to be physical. Now it's digital.
Previously when they searched your home, they'd be looking for physical evidence -- mail, letters, receipts, paraphernalia, what have you. Today, a lot of that information has moved to electronic devices, taking what was once safeguarded by your front door, and putting it behind a new electronic lock.
I'm not commenting specifically on what powers should or shouldn't be available to law enforcement, but I think it's pretty clear that the situation has changed from 200 years ago, and we should be making decisions in the current context.
Of the examples that you list above, I agree that communication (what would have previously happened with letters) has mainly moved to the net. To the extent that receipts have moved, the government has access (either directly or through a subpoena) to many forms of electronic records.
My original point was that in criminal cases, there is a treasure trove of physical evidence available to the government, and the value of this evidence has been under-weighted in discussions about encryption.
- If the suspect has dangerous equipment or substances at that location, then the government can gain access to and analyze those physical materials.
- If the suspect received deliveries to his address, then the government can get records from FexEx, UPS, USPS.
- If the suspect used a phone, the government can get access to carrier calls (I agree that this may not be possible for app-based calls).
- If the government finds credit cards used by the suspect (either by finding the physical card or by using the purchase history of any cars, residences, or other tools used by the suspect), then they can search the history of those cards.
It's more complicated than that, however. The amount of data contained in a phone is stunning. Communication logs, location logs, metadata - at no point in history was it so simple to obtain so much information from a single object. The standards for evidence collection need to be higher here.
> The government is demanding new powers: the power to search our communications.
That's not entirely accurate though. The United States has been allowed to search your mail and tap your phone if they have a warrant and there have been cases where it happened without a warrant.
They will, eventually, be shut out of the communications channel entirely due to encryption.
> The United States has been allowed to search your mail and tap your phone if they have a warrant and there have been cases where it happened without a warrant.
True. But the government never had a means to get the entire history of the bulk of your conversations. They could only install a wiretap after they suspected you of some crime, and even then it was a tedious process for them. Reading digital data is not tedious, it's instant. On balance, the idea of guaranteeing warranted access to encrypted data is a bad idea because it makes us less safe overall.
We put copies of everything into our phones these days. These are new powers that the government started to acquire when we all increased our PC and smart phone usage. We increased usage because we trusted the security systems designed by private companies. I did not start buying things online or banking online because the government kept those computer systems secure. I did it because the tech companies keep them secure. Data breaches cause customers to flee.
Tech companies have always been in an arms race against hackers and if we handcuff them in this manner they will not be able to fix weaknesses in their software as quickly as they do today. By definition of guaranteeing access to encrypted data, they will be required to maintain such weaknesses. It'd be catastrophic for our tech industry and my future as a software engineer.
>These are new powers that the government started to acquire
Why do people here persistently insist, even after being corrected, that the government's 228 year old authority to conduct warranted search and seizure is some kind of shadowy and scary "new power"?
The government has always had the right to look at your photos, listen to your calls, and read your mail, when you are legitimately suspected of a crime.
Nowadays all those things are on your phone, so the government has the right to search your phone, when you are legitimately suspected of a crime.
Nothing about this is in any way new, and it's grossly dishonest to continue to claim that it is.
>By definition of guaranteeing access to encrypted data, they will be required to maintain such weaknesses. It'd be catastrophic for our tech industry and my future as a software engineer.
Maybe it legitimately is the case that it's impossible for techies to ensure warranted government access without guaranteeing that same access to any and every hacker on Earth.
But the more I read these doomsday scenarios from people who are mystified by the one-sentence, 64-word text of the 4th amendment, the less I'm able to believe them.
I'm within my rights if I write a bunch of jibberish on a piece of paper which represents some secret coding of my personal thoughts, and I refuse to tell you how to decode it. The government can get a warrant allowing them to look at that piece of paper, but as far as I know, they have never had the ability to compel me to explain how to interpret it.
In my opinion, encrypted data should effectively be treated like secret thoughts you may or may not reveal to others or something you've hidden so well nobody will find it. They can analyze the ciphertext, and they can attempt to use surveillance techniques to get you to reveal your secret/key/hidingplace, but compelling you to help them get those things goes too far.
> Why do people here persistently insist, even after being corrected, that the government's 228 year old authority to conduct warranted search and seizure is some kind of shadowy and scary "new power"?
I'm not talking about the 228 year old law. I'm talking about the government's ability to collect information about conversations you had 10 years ago after a suspected crime which occurred, say, last week. This massive collection of data creates an imbalance between safety and potential data breaches and abuses.
> Nothing about this is in any way new, and it's grossly dishonest to continue to claim that it is.
Please read my comments carefully. You misunderstand my meaning
> But the more I read these doomsday scenarios from people who are mystified by the one-sentence, 64-word text of the 4th amendment, the less I'm able to believe them.
You can educate yourself and make up your own mind. You shouldn't believe or disbelieve a certain position based on the attitude of the person from whom you get your information. It's as unfortunate to miss the truth because of a terrible presenter (think of your worst science teacher) as it is to gulp down misinformation because it is presented in simple terms (think Trump). I've written tons of comments on HN about this issue with many citations. Here are detailed responses to Sam Harris [1] and President Obama [2]
To date, I feel the most compelling argument comes from Senator Lindsey Graham's position. He was initially very supportive of the DOJ's position, and publicly called for Apple to comply. Later, after researching the topic and questioning Attorney General Loretta Lynch, he found his view changed [3]
>I'm talking about the government's ability to collect information about conversations you had 10 years ago after a suspected crime which occurred, say, last week.
You know that people used to put a lot of their conversations onto paper, right?
If you kept your ten year old letters, and the government had cause to believe you'd committed a bunch of crimes (maybe you hadn't? you seem like an all right guy, the government probably just goofed, these things happen), it could go and search your ten year old conversations and see if they contained proof of you committing a bunch of crimes.
The fact that we uses electrons and binary math instead of paper and ink doesn't change anything at all.
>Here are detailed responses to Sam Harris [1] and President Obama [2]
I appreciate the effort but these read like the same doomsday scenarios where it's just treated as an inevitable given that providing a method of government access is directly equivalent to providing access to any and every hacker.
>there will be data breaches, people will be upset, they won't buy iPhones, and this industry will disappear from the US overnight
This is the kind of doomsaying I'm talking about. Most people don't buy iPhones for their disk encryption, they buy iPhones because they're shiny and have the apple logoand you can do facebook with them. The PSN breach didn't stop Sony from selling 35 million playstation 4s; an iPhone breach would inconvenience some people, be embarrassing for apple, and then everyone would continue on buying iPhones because the alternative is to not buy an iPhone, which most iPhone owners would consider about as acceptable as cutting off one of their own hands.
You are completely ignoring the singularly unique aspect of digital communications which enables unprecedented new powers, period:
Storage. History. Digital communications like email are stored, and can be stored FOREVER... with just a flip of a switch, a word, an order, a warrant...
One does not have a pile of previous analog telephone calls just waiting to be scooped up and analyzed retro-actively
Anyone can see that if I can run all your data backwards through retro-actively invented filters, I have a power that has no parallel in the analog world:
For example: they didn't stop the Boston Bombers, so they change the algorithms until when they run everything again, it lines up.
This is seriously scary stuff, and it's a double-edged sword. I feel that it goes too far in giving power to these wanna-be-omniscient agents.
I'm not comfortable having ANY human omniscient agents.
I don't give a rat's behind how "noble" or "sacred" their mission statement is... bad people will abuse such powers and they already are doing so...
They can get what is actually transmitted over the channel. They may have difficulty interpreting that data because of encryption, but that's always been the case -- encryption is older than electronics, and has been applied to sensitive data in every medium longer than the US has existed.
This idea that the government can regulate how you are permitted to communicate just so that it is convenient for them to interpret later if they have a legal basis for intercepting it is a novel claim of government power and, given that it cannot be exercised without creating the same convenience for both illegal government interception and third party interception, an absurd and dangerous one.
>They will, eventually, be shut out of the communications channel entirely due to encryption.
That's not entirely accurate though. Its an arms race between Cryptography and Cryptanalysis. We don't know what we don't know and there's still not enough transparency into the government's capabilities.
Fair. Realistically though they'll be shut out without company cooperation. As computing power and techniques improve both being able to use and break encryption will increase but breaking encryption, just because of how it works, always takes more power than the creation.
You are correct. I should have been more accurate and stated that the new power that the government is demanding is demanding in the Apple court case is the power to decrypt our records and communications with a warrant.
There are also government agents who are pushing for the right to decrypt everyone's communications and records without a warrant.
Interestingly, the government never "demanded" the right to search everyone's unencrypted communications. They just went out and did it.
You need to remember the difference between theory and practice.
In theory, yes. The technologies where available. But in practice, much has changed. In 2016, technically illiterate people are encrypting their files without even realizing it. Technology has changed what law enforcement can expect to encounter in practice.
(Also "decades ago"/"1996" ...Well now I feel old.)
Actually, in practice encryption was a big deal and widely used two decades ago, which is one of the reasons that there was a big controversy then over the government's last effort to regulate encryption (at the time, it was largely about it export, and for the convenience of the NSA rather than domestic law enforcement, but the debate was remarkably similar.)
Yes, technically illiterate people were using encryption without realizing it (or even knowing what encryption was) in the 1990s, both for files and other data at rest and for data in transit (e.g., via HTTPS.)
Certainly, the details of where and how encryption is commonly used has changed, but the substance of the debates over government encryption policies haven't changed much at all since the Clipper Chip and encryption-as-munition issues of the 1990s.
>The government is demanding new powers: the power to search our communications
This is an embarrassingly bad opinion and it's embarrassing for HN that it's at the top of the thread.
The constitution does not require a rewrite to the fourth amendment every time some nerd comes up with a new widget.
The government has always had the right to conduct warranted searches of communications, whether that was opening mail, wiretapping phones, or just good old-fashioned eavesdropping.
Strong unadulterated crypto threatens to take that existing, longstanding power away from the government. The government is hardly going to give up without a fight.
Here we go. I knew this sentiment had to be held at the highest level. Otherwise, the attorney general would not have pursued this case with such vigor.
Fortunately a few smart senators have gotten their heads around the issue already. Lindsey Graham changed his mind [1] and Mike Lee made great points too [2] in an oversight hearing this week. Dianne Feinstein is of course still clueless [3]
On balance, putting backdoors on encrypted devices is not the right way to maintain security. For Obama's understanding, I'll concede one circumstance under which I feel we ought to help unlock an iPhone.
In the incredibly movie-like scenario where the location of a nuclear weapon is hidden on an encrypted iPhone, then we should sick all our computers on decrypting that phone. I believe this is already done by the NSA program, Bullrun, revealed by Snowden.
It is fallacious to believe that because publicly available technology is being effectively used by terrorists and criminals, removing legal access to this technology will make terrorists and criminals ineffective.
Indeed, it may merely create an additional category of criminals (analogous to drug traffickers) whose product is the provision of effective communication channels.
This. Except the capital investment and distribution channels for strong crypto approach zero. So the fight would be infinitely harder. Thus, this is a wrong path.
Except let's consider that what's playing out now with Apple is not of this matter at all. What's playing out with Apple is a company with the means and capability to assist in a specific matter, refusing to do so on purely ideological grounds of questionable relevancy in a case where complying is pretty unquestionably the right thing to do.
That's an absolutist position. It is a refusal to consider context, and has needlessly signaled an escalation to government.
If you want to consider context, be sure to look at more of it. The subjects in question are dead, and cannot further harm anyone. The phone was set to upload information to icloud, and all such information has already been given to the authorities. There is nothing more to be gained from unlocking this phone, except a legal precedent.
Considering the context, this is a power play by the FBI, trying to apply an irrelevant law to further weaken privacy.
The phone in question had it's iCloud password reset by someone. It has not uploaded it's contents to iCloud, which is why this is happening.
And so again, context: we're not arguing about whether getting the data is right, we're having some bizarre proxy argument mediated via all-writs which is being framed as an encryption battle, when it is at best a battle over how much compensation Apple should receive for it's work.
It's odd that you leave out that it was the county that reset that password, "at the FBI's request"[1].
> context
Why are you leaving out the last 20+ years of context? The FBI has been pushing for encryption backdoors for a long time. Even just last year Director Comey was insisting that they needed a "golden key" (aka backdoor) to encryption.
Yes, you're seeing a proxy argument at the moment, but it's by the FBI and anybody else who claims this has anything at all to do with the dead shooter in San Bernardino instead of the multi-decade fight over We The People using encryption.
Actually I didn't know about [1], since news articles were only covering "by someone" up till recently. It was just "a county employee".
But let's unpack then the argument being had: "oh the FBI could've just asked the cloud provider for data". What precisely, is the functional difference here, if we exclude the actual effort required to implement what is being asked for?
Encryption and the use thereof, is not the argument being had. It's whether it's right to grant access to the data at all, which Apple is claiming it isn't. Which is also patently absurd, especially in this case as it pertains to (1) a criminal matter, (2) a deceased person (who does not have a right to privacy) and (3) a phone owned by someone else (the county) who has okayed accessing it.
Apple is taking an absolutist position, and so are most of their supporters. If this were an apartment, no one would be asking questions. If it were a lockbox, the bank would've cut it open. But because this is a digital device, for some reason, everyone suddenly insists its "totally different" and that the FBI clearly "doesn't understand technology". Except for the pesky detail that the very specific help asked for pretty much only hinges on if it's undue burden to Apple or if compensation should be involved, because it's absolutely possible to do, but additionally this part of the court order (http://www.ndaa.org/pdf/SB-Shooter-Order-Compelling-Apple-As..., page 4, item 4):
If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
Apple is free to do pretty much anything which would comply with the goal of accessing the device, provided it does actually access it. Until such a point as they propose something reasonable and the government rejects it, once again, the only defense they are actually using is "digital devices are magically different". Because no part of this order somehow rides its away automatically into "ban encryption". But boy have they (Apple) done a good job ensuring that's getting put back on the legislative agenda.
In that case, you might want to do more reading on the topic.
> What precisely, is the functional difference here
See the numerous other threads, as this has been explained many times.
> [many words restating the FBI's misleading framing of their order to Apple]
The FBI wants a backdoor into any crypto that gets in their way. To deny this is to deny not only the past 20 years rhetoric from the FBI and their current actions involving this case and the other phones they also want to unlock. If you think that such a backdoor can exist without breaking encryption, then you haven't been paying attention to how fast exploits spread.
Let me guess - you think that this is isolated to ONE phone? That the FBI isn't going to turn around and use this same order on every other phone in the future? Or are you calling Susan Landau a liar[1] and insisting that Apple can somehow keep a backdoor secret while maintaining a daily service to use that backdoor?
You seem to be going out of your way to try to blame Apple, while ignoring both the technical context and the FBI's actions and motives.
Are you saying that Apple should unquestionably comply? Well, I don't think so, because I don't think there is convincing argument that the phone contains information to help the FBI in any way. This is an excellent excellent example of the FBI going father than anything reasonable, rebuffed by smart citizen holding their ground. While I might accept other opinions, it is therefore far from "unquestionable".
A man committed a mass murder, is dead, and the legal owners of the phone have okayed a search of it. If this were an apartment, a lockbox, or apparently even just his iCloud account, we would only need 2 of those to be fulfilled.
Since people keep complaining that they "totally should just get it from iCloud" it seems pretty obvious no one is actually not okay with the concept of a search.
I wrote long comment in the other thread about Obama at SXSW that is currently on the front page [1]. I don't know if it's within HN rules to copy/paste that wholesale here or not. Anyway, it's been suggested that I create a github repo of the sources I've collected so far (I have about 40-50 relevant links to video excerpts, news articles, briefs, etc.). I will do that and post back here.
So far I haven't seen any running list of events maintained by any blog or website that actually links to primary sources. Most websites link to themselves and are full of editorialization. I think if you line the facts up in the right manner and link directly not just to the primary sources but also to the relevant sections of those sources, then the story, equation and solution presents itself. And I think a github repo is a great way to do that. I'd welcome any help reformatting my current summary [2] (which right now is behind and does not include sources from my comment from the other thread), such as adding dates to events, recategorizing items, or adding significant new events. I do not intend to link to every blog post about the issue, just events from major participants such as Apple, the DOJ, politicians, and other public figures.
When considering how the intelligence community could abuse their surveillance powers, most people focus on the coercive possibilities (blackmail). The real power, however, is not in controlling how someone makes decisions, but in controlling the options they have to choose from.
For a very good explanation of this, I recommend this[1] section from an older interview with Jacob Appelbaum about the time the CSE tried to recruit him.
I wasn't implying any sort of devious manipulation via blackmail.
I honestly think he just hasn't thought it through. You can call me an idiot, and people will call you a conspiracist. I've no idea which of us is right, but completely unselfishly, I really hope it is me, and my gut says it's me. Even if it is not me, the course going forward should be the same. We should educate each other about the facts of the current circumstances so we can all weigh the balancing factors in our own minds. Let us not rely on experts here and share our own knowledge in order to empower each other. We do not need to tell people how to think. We can give them the facts and let them make up their own minds.
I completely agree that education is most important.
As for the "manipulation"... generally speaking, nobody ever thinks of themselves as "evil". The well-meaning but simply misinformed or misguided can be just as poor an instructor as someone with malicious intent.
My point is mainly that the president (and other decision-making positions) has to rely on advisers. If those advisers are not providing the necessary, accurate information then they have de facto power over the decision making process. Unlike the coercive strategies, this shift in power can happen without intending it.
> If those advisers are not providing the necessary, accurate information then they have de facto power over the decision making process
Yes, but as it pertains to this particular issue, assuming there's no blackmail involved, if the public is informed and there's one political candidate who is for strong encryption, and another who is for backdoors, then we will vote in the man or woman who is for strong encryption. We may have lived with mandated backdoors for 4 or 8 years, but at some point we'll work our way out of that hole, so long as we stay vigilant and root our knowledge-sharing in facts.
Generally speaking, I agree completely that people can and do leave out facts in order to get what they want. Our government isn't free from this sort of manipulation, but I think we have a darned good system set up compared to some others. Lindsey Graham's change of heart on the encryption issue is evidence of that, as is much of the good work done by our government that often goes under-appreciated by the general public. This isn't the first time our government and people have argued over the proper interpretation of laws, and it won't be the last. Let's recall the successful civil rights movements of the past, remember that other countries still do not have some rights that have existed in the US since its founding, and look forward to winning many more. Free speech, women's right to vote, equal rights for all races. Our system isn't perfect but it has led to some really good things.
Yes, I think it's easy to be cynical about politicians or think they're ultra smart about everything, that there's always some kind of master plan behind everything.
It's much more likely that they truly do not understand the nature of encryption. They lack the expertise, and their top level advisors do as well. It's not complicated (strong encryption is super easy, regardless of laws), but they just can't accept the simple fact because it clashes with their political desires.
I will bet you (or snowwrestler, or both with some share to each) $1,000 that Obama will make no statements reversing himself on this position within 5 years of him leaving office (Jan 20, 2022).
To be clear his position here isn't about the value of encryption in all cases. But the specific case of whether law enforcement should be able to access the data on a phone that they have physical possession of.
> To be clear his position here isn't about the value of encryption in all cases. But the specific case of whether law enforcement should be able to access the data on a phone that they have physical possession of.
These are the same thing; that's what makes encryption policy so hard. If you punch a hole in encryption for law enforcement, the hole is there for everyone.
Everybody currently or formerly in a senior position at the federal level believes that law enforcement should be able to access information on a seized phone. That's not controversial.
But at what cost? Shall we sacrifice the safety and security of everyone to meet this need for law enforcement? That's a harder question, and quite a few federal leaders have reversed themselves on it after leaving office (and a few in office).
So, I reject your bet because it relies on a false separation between what people like the President want, and what it costs to get that.
I don't agree with Obama, but the comment you've written is (I'm sorry to say) absolutely terrible.
First, you've completely mischaracterized Obama's position. It's not as simple as, "Think of the children!" Obama is saying that encryption makes it practically impossible to prosecute some kinds of criminals. Of the examples he listed, one of them was child pornographers. Another was plotting terrorists. Now these examples are trotted out all the time, but that doesn't make them false. Robust encryption protects everyone's privacy, but it also means that some number of child pornographers and terrorists will get away with their crimes. Obama thinks the harms of those crimes outweigh the privacy protections. I don't agree with that, but it's not an unreasonable view to hold. And it's certainly not the view you claimed Obama had.
Second, it's absurd to think –even for a second– that Obama doesn't care about the lives of children in Iraq or Afghanistan or Syria or Libya. If coalition forces didn't care about innocents, they would have waged war like the Putin did in Chechnya: indiscriminate bombings, extrajudicial killings, and record-setting deployments of landmines. But that's not how coalition forces operate. The horrific stories you hear about are accidents, not deliberate. Due to incomplete information, poor decision-making, or just plain bad luck, soldiers sometimes kill innocents. When this happens, everyone agrees it's a tragedy, and everyone tries to prevent it from happening in the future. Sadly, militaries are incredibly blunt tools. The only way to completely avoid collateral damage is to never use them.
To make my point absolutely clear: In the case of drone strikes, children die because intel isn't always accurate and weapons aren't perfectly discriminating. Despite what you're trying to imply, if Obama could wage war with perfect intel and weaponry, he wouldn't harm a single innocent person.[1]
Lately, I've been seeing more of these drive-by misrepresentations on HN. I usually downvote and move on, but the situation only seems to be getting worse. I don't know of a good solution, as any reply takes far longer to write than three sentences of pandering.
1. A side note: The same can't be said for the leaders of the opposing forces (Abu Bakr al-Baghdadi and Ayman al-Zawahiri). They would use these hypothetical perfect weapons and intel to turn much of the world into a charnel house.
Obama thinks the harms of those crimes outweigh the privacy protections.
I think this is a silly argument. Forcing backdoors into people's phones will not stop any individual determined to maintain secrecy from using encryption. It will however allow government to spy on all individuals.
At the moment, the concern with encryption seems to be encrypted communication rather than encryption as a means of securing personal data.
Eventually, though, as technology advances allow smaller groups of people to inflict larger amounts of damage with fewer specialized resources, how do you imagine that society could be kept secure without surveillance (or something even more invasive)? It seems clear to me that the side arguing for unlimited encryption in communications will ultimately be on the wrong side of the issue, even if backdooring the iPhone isn't a good idea.
So you're advocating for an omnipresent Police State on the statistically insignificant threat of Domestic Terrorism? Which you presuppose will only get worse, despite the fact that Domestic Terrorism has declined from thousands of Bombings in the US in the 60's and 70's to the rare one off instances of the new millennium.
What is it you suppose causes terrorism? Is it not the expected retaliation by a citizenry on a government gone too far? Perhaps an unintended consequence of increasing government surveillance as you suggest is more acts of terrorism not less.
Look, I value my privacy too and I don't want to live in a police state, either. I don't think giving additional power over to our government at its current levels of incompetence and corruption is a good idea. But I think you (and I recognize that many/most of the people around here think the way you do) aren't being realistic about the threat of terrorism. Even if rates of terrorism are declining, I suspect they aren't going to be declining as quickly as the potential damage of terrorist attacks increases.
Regarding your question of the causes of terrorism, do you really believe that all terrorism is caused by government oppression or injustice? I doubt it. Even if it's the majority, there's always going to be plenty of unhappy people among the 7 billion on the planet. So I don't see you as having answered my challenge of imagining a stable secure society in a world where small groups can cause enormous damage. And I doubt that prevailing opinion will survive the first major terrorist attack that occurs. Note for your statistics: I'd count the number of major terrorist attacks to date as zero.
Fortunately, I also disagree with your assumption that a system of mass surveillance will necessarily result in a "police state" or at least the dystopian society that the term is intended to conjure.
a totalitarian state controlled by a political police force that secretly supervises the citizens' activities.
I'm sorry, how does the elimination of encryption so the government is able to increase its mass surveillance and aggregate all communication not fit the definition of a Police State?
You admit that most acts of terrorism are in response to oppresive governments and you admit that as technology has increased acts of terrorism in the country have fallen dramatically, and yet you posit that there will be more because you feel that way.
I get it that you're willing to exchange yours and every other persons privacy in the name of the Bogey man that is terrorism, but it won't make you safer
I anticipated the word games, which is why I wrote "or at least the dystopian society that the term is intended to conjure."
I did not admit that most terrorism is in response to oppressive governments nor did I posit that there will be an increased number of attacks. Re-read what I wrote.
Hopefully you're right that terrorism will forever remain a "boogey man." I doubt it will. Unfortunately, if and when there is a major terrorist attack, all of the people saying what you're saying will have lost credibility and the chances of us ending up in a police state, at least for a period of time, will be quite high.
Yes I know you decided to define the word and its intent as you saw fit, which is why I posted the definition...
I'm aware you do not want to accept that most acts of terror have been in retaliation to government oppression, I can list of dozens of organizations throughout modern history who's reason for terrorism was/is oppression. I'd be interested in knowing which groups and events have led you to believe other wise.
Logically if you state
> Note for your statistics: I'd count the number of major terrorist attacks to date as zero.
And you state
>Eventually, though, as technology advances allow smaller groups of people to inflict larger amounts of damage with fewer specialized resources, how do you imagine that society could be kept secure without surveillance.
One would conclude you believe there will be an increased number of attacks if any occur...
Why would a terrorist attack cause anyone for encryption to lose their credibility? Would a terrorist event prevent the need for encrypted financial transactions, encrypted messages containing proprietary information, encrypted emails in regards to internal corporate directives? I assume you understand the importance of encryption in transactions?
There are Unintended Consequences to implementing a Police State which aggregates all communication and outlaws encryption as you are advocating.
Living in a free society incurs a small percentage of risk. "I don't think giving additional power over to our government at its current levels of incompetence and corruption is a good idea." --> How do you think the government will ever change if there is no check to their power. A corrupt institution can freely monitor the communication of their opposition, if that is the case how can they ever be removed from power?
Your last question is a good one. How can we set up checks and balances so that the surveillance apparatus cannot be misused? This is particularly important in our democracy, where the whims of the people might favor misusing it from time to time. I have ideas. Not that anyone's asking me.
Have 'plotting terrorists' actually committed any crimes? The child porn argument is even more nefarious - why is one kind of .jpg on your hard drive acceptable and the other criminal? Sure the creation of those images is criminal, but the images themselves are just data. Data should not be criminal.
The right response is 'Sure.' (period). The analogy is a straw man. Whoever said it is 'just two ...etc.,? If you want to talk about intent then do it but you're in muddy water.
In the case of child porn, I think the bigger reason why it's such a serious crime is because that population will never have political support, and they're such an easy punching bag. They're the group nobody likes.
You say that the consumption of images increases the probability of more production, but I really doubt that's the explanation for why things are why they are. I don't know if there's a market for child porn, but if there isn't, that means that consumption of child porn doesn't provide material support for crime. On the other hand, when we buy goods supported by exploitation of both adults and children, sometimes fatal exploitation, we do provide material support to an economic process with a relation to crime.
While I'm okay with entertaining a discussion on my moral responsibilities as a market participant, as well as discussion about how global economy ought to work, I wouldn't be okay with criminal culpability because I bought cheap goods or electronics.
> To make my point absolutely clear: In the case of drone strikes, children die because intel isn't always accurate and weapons aren't perfectly discriminating. Despite what you're trying to imply, if Obama could wage war with perfect intel and weaponry, he wouldn't harm a single innocent person.
For all intents and purposes "Obama" and the people who serve under him don't care about killing children or innocent people in general. They don't even know who they are actually killing most of the time. It's not because technology is imperfect.
I love how you treat Putin one way and Obama another...
So the argument follows if you want perfect information; make everyone at birth wear an exploding neck tag with GPS and a cell phone that'll take your head clean off if you are ever thought of as a terrorist by the United States. No more war, no more collateral damage and yes, no more Edward Snowdon or Julian Assange.
If what we are after is perfect stability and no doors government can't unlock, why not aim to tag everyone up with a government controlled device, rather than doing it via mobile phones.
I wrote almost 400 words dispelling misrepresentations of Obama and bemoaning the extent to which HN users misrepresent opposing views... and your response is to misrepresent a thought experiment as if I was proposing some sort of mustache-twirling movie villain plan.
(sigh)
I'm not sure how I can make my point any better than you just did.
41 people murdered without trial or war and 1147 people killed who weren't targets and tens of thousands who now hate the United States, perpetuating a never ending cycle of violence.
So yeah, people do drive by and say stuff to make opposing points on discussion forums, the point was to ridicule your argument of "If Obama didn't have to murder loads of people he wouldn't". Maybe he thinks there is no alternative to 2800%+ collateral damage, do you?
You missed the point. Obama thinks that taking our privacy away will help him target the bad guys better.
So the argument is, "How many lives is your 'privacy' worth? Would you give some up to spare the 2800% collateral damage?"
Snark aside, this is, actually, the rational conversation that America and the world need to have. Like many difficult problems, it's sometimes helpful to start with a simpler version of the problem. So let's simplify it a bit to start. Let's assume for a moment that backdoors will lead to better capture ratios for terrorists- that is, a higher probability of stopping real terrorist attacks. Even if it's only the stupid copy-cat cell guys, let's assume for whatever reason that giving this access to law enforcement buys us X innocent, civilian saved lives per year, by perhaps some combination of thwarting attacks and better intel on targets.
What is X such that privacy invasion is acceptable?
> What is X such that privacy invasion is acceptable?
It's impossible to tell in your simplified scenario, because you haven't said what the "simplified" version of the downside of privacy invasion is. If you're someone whose job is to prevent terrorist attacks, obviously you're going to judge that the downside of privacy invasion is a lot less than the downside of terrorist attacks. But if you're someone who's concerned about the long-term consequences of giving up civil liberties, you're going to judge that the downside of giving the government backdoor access to everyone's data is a lot more than the downside of terrorist attacks.
One way to tackle this question is to look at history: how much damage has been done by terrorist attacks, child pornographers, etc., compared to the damage done by governments who were given too much power? I think the latter has done orders of magnitude more damage, which means we should be a lot more worried about privacy invasion than about terrorists. YMMV.
I originally attempted to leave the downside of privacy invasion unsimplified, and thus different people would have different opinions based on their view of this- in other words start a discussion, not look for a "right" answer that I am pretending to know (because I don't). But this is the way I think about it. Perhaps it's still too hard of a problem, but your second paragraph what I was after.
A second, more poignant way of looking at the problem is this (I'll do this one in first person, because it flat-out sucks): My friend just lost his family in a terrorist attack on an airplane. It seems likely (via whatever channels) that the attack could have been averted with more intel that was unavailable due to encryption. My friend knows that I'm against back-doors and government invasion of privacy. What do I tell him in consolation?
I think that questions like this allow us to empathize with the people who are responsible for making the decision. (Of course a counter-example is also possible: Ronald Drump has just used warrantless wiretaps to identify all of the Muslim sympathizers and has started rounding them up...)
> It seems likely (via whatever channels) that the attack could have been averted with more intel that was unavailable due to encryption.
If you don't mind answering, why does it seem likely? (You're welcome to answer that you don't want to talk further about the specific incident, or even say which specific incident it was.) I ask because my estimate of the prior probability of this actually being the case is quite low.
> My friend knows that I'm against back-doors and government invasion of privacy. What do I tell him in consolation?
Being against back-doors and government invasion of privacy doesn't preclude also being against terrorism. (I'm against both.) So you can still tell him that you're sorry he lost his family, and that you hope the people responsible are caught and punished.
In this hypothetical construct, the arrangements for the attack were coordinated via cell phones. We had the ability to be able to control this information but forfeited that ability due to concerns about privacy.
When I tell my friend I'm sorry he lost his family and I hope the people responsible are caught and punished, it will beg the retort that the situation could have been prevented. And people like me are the reason this wasn't prevented.
The hard part of the question is when you look someone in the eye and tell them that their horrible loss is necessary for a greater ideal. I think a lot of idealistic talk goes away when it gets real. (Especially if you have kids.) And my main point is that I can empathize with a candidate who espouses the "ideal" but when it gets real has misgivings.
Oh. I thought you were referring to an actual event.
> the arrangements for the attack were coordinated via cell phones. We had the ability to be able to control this information but forfeited that ability due to concerns about privacy.
Does your hypothetical take into account the future cost of giving up privacy? See below.
> their horrible loss is necessary for a greater ideal
No, it's not for an abstract "greater ideal". It's to avoid the highly concrete consequence of even more people dying when the government gets too powerful.
The problem is that, in situations like your hypothetical, the worse consequence is still in the future, while the bad consequence of avoiding it is in the present. So people are greatly tempted to convince themselves that the worse consequence won't actually come to pass. That's why I talked about looking at history: in historical scenarios that are similar to your hypothetical, we know not just the shorter term gain of giving the government more power--some particular bad thing got prevented--but the longer term cost--millions of people dying because the government got powerful enough that its screwups were catastrophic.
So, at the wake for my friend's family you are going to give a history lesson on big bad privacy-invading government; "freedom isn't free" or something. I have a hunch that won't play well. (Yes, the idea that our government will do horrific things down the line is abstract to most people. It's fitting a pattern of past behavior by bad governments to our current scenario. Most people don't actually believe that our government is engaging in world-criminal or war-crime behavior that needs to be stopped. The idea that it will turn on its own citizens is pretty far-fetched to them.)
We've probably gone on long enough in this thread, but my feeling is that if you want to get people to fear their government more than the terrorists, you have to make it as personal to them as the fear of terrorism already is. Until somebody can do that well we are all just preaching to the choir here.
And in order to have that conversation, we have to be ready to ask the other, uncomfortable one that I've been posing: "What is X such that privacy invasion is acceptable?" One planeload of people per decade? Per year?
We can ask it with a slightly different thought experiment. "OK the NSA surveillance data allowed us to thwart 5 plots last year; probably saved 200 lives. Turn it off, it's not worth it in the long run." If we replace 200 by X, what is X such that you, President pdonis, let the NSA program survive? How about President dhimes? President ady_ppp or President jkestner? I'm not asking for answers here, but just to consider this as a very real question faced by people who have to make these decisions, and that a whole lot of people would say X = 0 when it comes time to make that decision. I think Obama might be one of those.
NB I'm actually in pretty good agreement with you on the privacy debate, but I think that concrete questions like these need to be discussed.
> at the wake for my friend's family you are going to give a history lesson on big bad privacy-invading government
Why in the world would I want to do that at the wake? Do you insist on stating all of your personal beliefs to everyone on every occasion?
Anyway, I already suggested what to tell your friend, and it wasn't anything like this.
> my feeling is that if you want to get people to fear their government more than the terrorists, you have to make it as personal to them as the fear of terrorism already is.
Sure, that's easy: just describe what a Nazi or Soviet concentration camp was like, and ask, how would you like to live in one of those? The only reason that might seem less "personal" to people these days is that 9/11 happened more recently than WWII or the Cold War. But that's not a rational reason to fear terrorism more than excessive government power.
(For extra credit, you could describe how the Nazis came to power in Germany: they were voted in by a democratic election.)
> the NSA surveillance data allowed us to thwart 5 plots last year; probably saved 200 lives.
But the problem is that, while the President gets to see these numbers, we the people don't. They're secret. So the decision can't be made as a public decision where we can have a debate and then vote. It has to be made unilaterally by the very small number of people who actually have the relevant data.
Also, phrasing the question as "how large must X be for the program to survive" forecloses the possibility of finding other ways to save the same number of lives, without sacrificing everyone's privacy.
Why in the world would I want to do that at the wake?
That was your answer to the question I posed. You keep wanting removed conversations- that's the easy part. The hard part is what do you say when you have to look someone in the eye and explain yourself.
But the problem is that, while the President gets to see these numbers, we the people don't. They're secret. So the decision can't be made as a public decision where we can have a debate and then vote.
Precisely! That's why we have to be willing to discuss it also. Otherwise they have to make the determination and we all get to sit back and throw rocks at them. That's easy and cowardly for us, and not really good for them.
Also, phrasing the question as "how large must X be for the program to survive" forecloses the possibility of finding other ways to save the same number of lives, without sacrificing everyone's privacy.
No, nothing about this is mutually exclusive with (to?) working on better ways to keep us safe that help us keep our privacy. Of course, it would be difficult to regain that privacy, but I would definitely want sunset clauses built into any program or laws the I (as President dhimes) would sign off on.
It most certainly was not. I said you could tell your friend that you're sorry and you hope the people responsible are caught and punished. I said nothing about giving a speech at the wake on the dangers of giving up privacy. You said it wouldn't play well, which is of course true; but that's precisely why you don't want to have that discussion at a wake. You want to have it when there's no immediate issue at hand, so people can be reasonably objective.
> The hard part is what do you say when you have to look someone in the eye and explain yourself.
If your friend comes and asks you point blank why you're against giving up privacy, given what happened to his family, then you have to answer him, yes. But that is worlds different from making a speech, unprompted, at a wake.
If he asks you, your honest answer would have to be that, while you are sorry about his family and hope that the people responsible are caught and punished, you still believe that, in the long run, the dangers of excessive government power are greater than the dangers of terrorism. (That's assuming, of course, that you actually do believe that. But if not, what's the point of the hypothetical?) What else can you say? Your friend probably won't like it, but he's your friend; you've got to be honest with him.
> That's why we have to be willing to discuss it also.
You're missing the point. We can't discuss it because we don't know the facts. And we can't be told the facts because, if there is any benefit to the surveillance, making public how much benefit we get would destroy the benefit. That's why all of these activities are kept secret in the first place.
> Otherwise they have to make the determination and we all get to sit back and throw rocks at them.
We can, but nothing forces us to. Anyone who believes it's worth it for the government to do mass surveillance, and any other covert activities for that matter, has to also be willing to not criticize decisions made based on data that can't be made public. Otherwise they're just a hypocrite who wants the benefits without the costs. I would say that the main source of hypocrisy about that is not individual citizens, but the press.
And an issue with this question is that the government that's currently posing it stands to gain by softening the damage to privacy. I don't like that it has a horse in this race.
I must have written it poorly. I didn't mean for it to be aggressive nor patronizing. I meant it sincerely as a thought experiment. I extended to you the Principle of Charity in that you believe that Obama would actually reduce innocent casualties if he could- I am saying that he believes that more information will help him do so. I apologize if it didn't come across that way. I try to not be a web asshole- +1 for calling it out.
Ah, that's cool, I think disagree but an opening gambit of "You missed the point" felt very harsh to me.
I can see both sides of the debate on this but I do think trusting people with the keys to all the doors who believe drone strikes actually help Does not make sense. America and the west cause more terror than they receive.
> The horrific stories you hear about are accidents, not deliberate. Due to incomplete information, poor decision-making, or just plain bad luck, soldiers sometimes kill innocents.
Not true. Just one example: in 2011, Obama authorized the assassination of an American man and his 16-year-old (American) son[0] by separate drone strikes. The father's assassination was completely deliberate. The son was killed two weeks later, when he went looking for his father.
Both the father and the boy were American citizens. Neither was even in a country with which the US is at war (although that wouldn't have been sufficient reason to order the extra-judicial assassinations of these US citizens them even if they were)[1].
Rather than "everyone agreeing this was a tragedy", it was pretty quickly buried in the news. Most news outlets actually refused to even acknowledge that they were American (using the euphemistic epithet "US-born", as if implying that either one renounced his citizenship).
[1] Before anybody takes issue with the characterization of this man and boy as US citizens, arguing that Constitutional rights [should|do] apply to everyone: I certainly agree that the US should not be ordering extra-judicial assassinations of any civilian, American or not. But it's notable in this case, because it highlights the absurdity of the policy. If we can't expect US citizens to be protected against extra-judicial assassination by their own country's government, then what rights can they expect?
Officials in your article say they didn't know the son was there, and were targeting Ibrahim al-Banna. Sounds like an accident to me.
And it sure as hell wasn't buried in the news. It was a controversial event, on the front page of the NYT, and the Administration was forced to clarify specific policies on who they would target with drone strikes.
If theirs is a drive-by misrepresentation, yours is a sycophancy and an adulation.
The argument from bad people is a false one, largely because bad people are people and hence do everything that people in general do. As a result, it can be applied to anything. If it's a universally valid point for the prohibition of anything, then it is cognitively meaningless.
Nor is it all absurd to believe that a ruler is ambivalent over their subjects. Why would such a thing be absurd? The state and political power are not instrumentalist concepts. We must apply behavioral symmetry to all power elites.
(It's also amusing to see "incomplete information" brought up again. That's the same pseudohistory used to justify Iraq in retrospect.)
> I don't agree with that, but it's not an unreasonable view to hold.
Given that Obama chose not to conduct an independent investigation into 9/11 or prosecute the folks involved, it's actually a pretty unreasonable opinion to hold.
First, law enforcement catches and successfully prosecutes pedophiles all the time. It's called "good old fashioned police work" and it doesn't require violating our 1st, 4th, and 13th amendment rights.
Second, how on earth is Obama going to force me to stop using crypto, except to threaten me with violence for using it? Perhaps the government will start to license programmers, and prosecute those caught writing software without a license? (Don't laugh -- they already license hairdressers, marriages, and dogs.)
Of course he cares about the lives of children in those countries. At the same time, to call them just accidents, as us laymen use the term, is naive. Do you really think the US government went into these countries thinking they wouldn't kill any civilians? It is not an "oops, I didn't know I would kill civilians." It's an "oops, I didn't mean to kill civilians, but I knew I would. But, we decided it would be worth it."
taking actions that have some risk of killing or greviously harming others is not uncommon or monstrous. Well, at least if it is, then we should be much harsher to folks who drive cars.
I find his attack on CryptoCurrency largely terrifying as well "If government can't access phones, 'everybody is walking around with a Swiss Bank account in their pocket'"
God forbid we lived in a world where people had privacy and THEIR own money?
Are you an anarchist? Because a Swiss Bank account is associated with circumventing taxes and money laundering, which I think is what he was getting at when he made the reference; not that you can't have your own money. If there is no effective way to tax or enforce that taxation then no Government could exist.
I've seen this argument against crypto currencies before and I alway found it bizarre. Do you honestly believe that the government's ability to tax you is predicated on it's ability to see how much money you have in your bank account and the ability to take that money? Taxes existed long before electronic records of money.
One of the first income tax evasion prosecutions, follow the passing of the 16th amendment (making income tax permanent), relied almost entirely on bank deposit records. Centralized reporting requirements are pretty important to the IRS. I couldn't find the specific case, but this paper [0] covers the topic pretty thoroughly. If you are incredibly bored and end up reading it, you'll notice that in their investigations the IRS commonly skips a lot of things that would be labor intensive (like finding property held under a different name), and sticks to the prewrapped financial records from the banks.
So yeah, taxes existed before the internet - they used paper deposit slips.
Prior to prohibition 1.0 where Congress banned alcohol sales in the country the US Federal government derived it's tax revenue from the sale of alcohol. The prohibitionists got Congress to enact an income tax to bring about the end of alcohol. It didn't quite work out well though, neither has prohibition 2.0 (our era).
Doesn't the President speaking at SxSW kind of break the whole indie vibe of the event?
Maybe I'm being naive and that was gone a long time ago (I've never been), but typically tech or art-oriented events don't really care for politicians much.
I briefly peeked in on a talk Rick Perry gave at E3 2008 (promoting Texas to game developers), and the room was probably 95% empty. Tumbleweeds. Granted, I'm sure the President draws far bigger crowds, but it still strikes me as odd.
There hasn't been an "indie vibe" at sxsw for at years, my friend. Austin is a weird city, and not in that fun weird that made it so great in the 2000's.
Exactly. I know there's a whole bunch of love for how great a president Obama has been but looking at what the Obama administration has done, as you say, a civil liberties standpoint has been an absolute disappointment.
He flip-flopped on a number of issues almost immediately after entering office and has continue highly questionable programs like drone strikes.
What he's asking for in the article is the same old trope of backdoor crypto just worded differently. When are they going to get that NOBUS does not work?
He's been a disappointment from most progressive perspectives. Promised hope and change, and once elected promptly filled his cabinet with war hawks and wall street reps. Anyone who loves him should vote Hillary... she'll be exactly the same. Only difference being that Obama is a better lier.. when Hillary promises hope and change, her "fakeness" is obvious.
A lot of candidates' policies change when they become president. I feel like this is due to a few reasons but a big one may be that they are read into many secret programs (like the NSA one), which give them a new perspective on the "threats". From that the "Not on my watch" mindset kicks in.
Not excusing the government on the encryption debate. We absolutely need it. Just saying when you are given new, secret information that you didn't previously have, it's not unreasonable to change your policy.
I assume this is not a new phenomenon. So, why does every president do it? Does he not have advisers who know something about the security apparatus? Someone that might say "you know, there's a lot of bad stuff you don't fully understand, so maybe you should roll back the rhetoric a bit?"
Of course, campaigning on "I will increase the national security state" isn't a plank that will likely get a candidate elected.
Note, too, that I am just criticizing Obama here. Every president breaks campaign promises, because most campaign promises are nothing more than marketing.
There is an asymmetry. And they take historical legacy seriously.
If you spend trillions of dollars and erode fundamental freedoms to protect people in the aftermath of 9/11, the worst kind of objective case is you were maybe a bit misguided but your heart was in the right place and terrorism like 9/11 was unprecedented... Maybe it will cost too much, but nobody cares about the costs any more.
If you dismantle the security apparatus and there is any notable terrorism, you are history's goat. Plus don't forget how many people are paid through that system.
Plus, I find it difficult to really know where the public opinion is on this kind of stuff. The "no compromise" abortion position is becoming a bit more fringe and as such, politicians will say stuff to pander to the fringe but they typically don't act on it. Encryption and mass surveillance might be a big deal to "fringes"
Because Governance and Statecraft are difficult, and need every day tools. The Theory and rhethoric miss lot of nuance and complexity of the situation. I am happy that a Politician once becomes president changes some if not many of their policies. Yes, there is an element of accumulation of power in some instances, but over all, the forces are much larger than one person or one team. That is why I find all the election promises esp. during the primary phase to be so funny, and incredible.
I find it interesting that, as detailed in this article, Obama viewed his decision not to attack Syria as breaking with "the Washington playbook"; yet in the subject article of this thread, Obama is clearly playing straight out of "the Washington playbook" in supporting the government's ability to invade citizens' privacy.
> I assume this is not a new phenomenon. So, why does every president do it? Does he not have advisers who know something about the security apparatus? Someone that might say "you know, there's a lot of bad stuff you don't fully understand, so maybe you should roll back the rhetoric a bit?"
The issue I have with this point of view is evident in the current presidential race. The candidate who says unequivocally that encryption should be illegal, Snowden should be executed, and white hat hackers should be jailed, is the current front runner for the Republican party (Trump), a party which historically has considered the right to privacy an absolutely necessary one. Yet here we have him campaigning on a platform of totalitarianism when it comes to communications and privacy, and the people at large are eating it up.
It blows my mind that the very same people who hold the 2nd Amendment close to their hearts are willing to elect a man who wants to strip away their 4th and 5th Amendment rights.
Could be that. Or, it could be that they are flat out cynically lying to the public. Not sure which it is, but too much of it going on lately. If there is really a need, give us more information. Everything doesn't have to be top secret. I simply don't believe that.
I suspect tomschlick is correct (I've said similar things here before) but I also agree with you. I would feel so much better if he would come out and say, "When I was campaigning I said X- but now that I've learned more about it I'm breaking my promise and am going with !X."
The question really becomes: how long are we going to tolerate the US government acting in our names and with our resources in a way that most individual citizens disagree with?
Does anybody actually want to erode their own privacy or send their friends and relatives into armed combat? Even the people who ostensibly support these actions are just giving these agencies the benefit of the doubt that there is some great unspecified danger that us common folk can't be trusted with.
If these threats do exist, I think it's past time that we bear the responsibility for them together.
>A lot of candidates' policies change when they become president. I feel like this is due to a few reasons but a big one may be that they are read into many secret programs (like the NSA one), which give them a new perspective on the "threats". From that the "Not on my watch" mindset kicks in.
The folks in the military and at the NSA have long careers that outlast presidents, more likely they're pretty effective in manipulating politicians than there's some bigsecret that changes everyones perspective once they're in office.
He very often applies this tactic of trying to make the other side seem unreasonable.
This is the most important issue of our generation. You cannot have it both ways Mr. President. There is no middle ground. You either support the right to privacy or you do not. There are only two options and you have to pick one.
I'm sorry, but I absolutely have no faith in this petition site anymore...willing to change my mind given sufficient data but given history, it seems like window dressing.
Yes. Discuss the issue online. Make Facebook posts and YouTube videos. Talk about it with your friends.
CALL your representatives to let them know how you feel and why. Email them. It works, they do listen. There are bills being proposed in NY and CA that would force companies to insert back doors or face a penalty. The issue is now political at the highest level, and our President is spreading the misinformed view of fear, uncertainty and doubt. Given Trump's campaign success, we should all be very afraid at the effectiveness of this uninformed stance.
You could've said the same thing in 1789. Either you support the right of privacy (let police enter into peoples' homes without their consent) or you don't. Those are the only two options. No reasonable middle ground to be had in-between.
I think the argument here isn't that the government never has a right to access your private information with a warrant (or maybe it is and I'm misreading).
The argument is that if you support the right to keep your document private from everything except legitimate government access, you can't insist that manufacturers build in back doors to allow government access. There just isn't a technologically feasible way to build a backdoor that only government agencies with warrants can use.
Far as the argument, it's weak because none of the claims they made last time came true. If anything, the U.S. is spying on and locking up so many Americans they might need to cut back so they can stop putting dangerous people back on the street. Prosecution is so one-sided in FBI's favor that plea bargain rate is 97%. Prisons are simply too full. Plus, they got a conviction almost every time they ran into encryption per their own documents. They're not "going dark" or at any disadvantage. That's straight up lies given their publicly released documents.
Far as backdoors, Bruce Schneier shows how retarded Comey and Obama's side is with a simple counter:
" But the problem isn't that most encrypted communications platforms are securely encrypted, or even that some are -- the problem is that there exists at least one securely encrypted communications platform on the planet that ISIL can use.
Imagine that Comey got what he wanted. Imagine that iMessage and Facebook and Skype and everything else US-made had his backdoor. The ISIL operative would tell his potential recruit to use something else, something secure and non-US-made. Maybe an encryption program from Finland, or Switzerland, or Brazil. Maybe Mujahedeen Secrets. Maybe anything. "
My own counter is that even North Korea can't lock down all covert communications in their country. Dissidents routinely get us info with cheap cellphones using towers planted on other side of border. China, which is more U.S. lawmakers' style, has all kinds of covert communications, organized crime, and so on. So, Bruce's argument is supported by the evidence, other surveillance states show surveillance won't protect us at all, and U.S. government's behavior up to this point indicate it's a power grab for a tool of control rather than protection. They abuse everything else routinely.
>>Far as the argument, it's weak because none of the claims they made last time came true. If anything, the U.S. is spying on and locking up so many Americans they might need to cut back so they can stop putting dangerous people back on the street.
Most of the increase in prison occupancy is due to drug offenses and this has been dropping since 2008ish; not due to 'spying'
>>Prosecution is so one-sided in FBI's favor that plea bargain rate is 97%.
This is 97% of the 92% of cases that are not dismissed or dropped by the prosecution after charges are filed. So only about 89% of the cases brought by federal prosecutors are resolved by a plea bargain. This also covers cases that are not brought or investigated by the FBI at all. The vast majority of criminal cases brought by prosecutors are slam-dunks(after all, they wouldn't charge someone otherwise). You don't need to believe the FBI in any case. Most criminal cases around the world are resolved very quickly and with a high conviction rate for the prosecution.
Yes, they're not caused by spying. Im pointing out that the Feds have plenty tools as aimed at Americans with tons of convictions while publicly talk like they're powerless and going dark. They have more than enough power.
Re conviction rates
Im basing those claims off things like this piece:
I made a similar argument with Lavabit. Further analysis showed the situation was quite different from what warrantee search implied:
Physical: You usually received notice and could physically spot insertions of fake evidence or mishandling. Only one target.
Digital: They capabilities they ask for can be used invisibly on as many targets as they like. They allow undetectable insertion of forged evidence as well in many cases.
The FBI showed their true colors in Lavabit case where they acknowledged that getting the key or attaching their box could compromise ALL accounts. The FBI's argument? Do it then lie to customers that it didnt happen and their emails are still private. FBI said no harm to business that way. Judge agreed, too.
This is not isolated case. They abuse the other authorities similarly with coercion of affected parties and deception of US public. So, I fight backdoors or similar capabilities to avoid enabling tyrants.
A read-only, auditable search a 3rd party can restrict to just warranted targets woukd be a totally different discussion. They've usually rejected tgat stuff in favor of overreach and subversion. That's telling.
I'm glad Obama finally took a side. It's just unfortunate he took the wrong side. The truth is that he has always supported this side, though. Even before he got elected in 2008 and when he was campaigning on "ending warrantless mass surveillance", he still voted in the Senate for the Patriot Act extension.
On the encryption issue he has been cowardly hiding behind Comey and the DoJ "hey, it's not me saying that, it's the FBI. I do like strong encryption! In fact, some of my best friends use strong encryption."
So at least I'm glad that charade is over, so he openly admits that his "legacy" will be a president fighting to expand mass surveillance and to end strong encryption.
I didn't want to make this political, but time is running out and we can't afford to tiptoe around this anymore. As we speak Obama is working to legalize all the illegal NSA sharing with the DEA and FBI, and it's probably just a matter of time until local police departments have easy access to all of that data, too. We need to stop that NOW!
There's only one presidential candidate who actually has a track record voting against laws like the Patriot Act, FISA and CISA, beyond already promising to end mass surveillance (which anyone could do, just like Obama did) - and that's Bernie Sanders. If you care about not seeing your country turn into a police state (which is what will happen when NSA sharing with civil agencies gets legalized), then go vote for him in the primaries and tell all of your friends and family to do so.
This may be the last chance you get to stop encryption backdoors in the US and turn back the mass surveillance capabilities in a more significant way. I can't imagine what the US would look like after another 8 years with a president or presidents that are even more hawkish than Obama was on these issues.
But my guess it will look a lot more like China. The DoJ is already using the rhetoric that "Apple has been helping China unlock its phones this way, anyway, so why doesn't it help the US, too?" First off, that's false, and second you can see they don't want to make any distinction between China and US anymore on this issue. To them, what China is doing is the "ideal" that they strive for. There needs to be someone to change that culture in the government from top to bottom, and do it soon.
I am disappointed in my president. Of all of his flaws, I think the worst is when he presumes to know both sides of an argument, sets up a straw man, then beats it down. He does this with far too great a regularity.
I believe its very clear, if it hasn't been before, that both major U.S. political parties are not in alignment with those of us in the tech community that understand the issues. At the rate we're going, encryption itself will be regulated before too long. What a Charlie Foxtrot.
I read this morning that some scientists wrote to the Department of Justice asking them to use RICO to investigate climate deniers. RICO, for those of you who don't know, is a draconian law passed in order to deal with large crime syndicates. We were told at the time that vast new powers were needed if the government had a chance against organized crime.
This is relevant because over and over again, we see encroachment on our liberties in terms of "Well, what if there was a ticking nuclear bomb", we adjust the legal system, then find those adjustments being used for political purposes. The same thing will happen with prying in your phone.
I know in my heart that we have crossed the line into a system that's unsustainable over the long run. I fear that this trend is accelerating. It certainly would be nice if we had some governmental body that was concerned with the proper structure and limits on governmental powers. I don't see anybody like that, however. Just a lot of rationalization.
I wonder if reframing the debate a little might help everyone realize that what Apple is doing doesn't actually impede law enforcement, and that iCloud backups actually can help them (a lot).
This is simple:
1. Most people will not actually "go dark" because the consequence of going dark is you lose everything if you lose your password. That severe consequence for a relatively common human error is not a good fit for most people's personal records and photographic life memories.
The right fit for most people is
(a) unbreakable security on their physical devices so they don't have to worry about getting hacked if they lose them, plus
(b) cloud backup that can be recovered by a trusted custodian, so they don't have to worry if they lose their password.
And that is exactly what Apple is providing. Law enforcement will still be able to go after their backups.
2. As for the case where someone really does want to "go dark", weakening physical device security isn't going to stop them. They will simply use alternative encryption software. Law enforcement still can't get it. So why make everyone more vulnerable to the hacking of stolen devices?
Case in point: law enforcement did get access to the terrorist's last iCloud backup. And if he turned off backups with the conscious intention of going dark, then even if Apple made that impossible on the iPhone, he would have simply used a different solution (e.g. not use the phone for secret info or use a different, secure phone with open source software if necessary, etc.)
Good points. Read the hearing transcripts. This is the position that Apple's specialist takes (but without as much details of Cloud backups) and pointed that they have helped in all ways other than the one thing it cannot do due by design. Thus they conclude the requests are to set a legal precedent.
I suspect a data breach or exploit of cloud storage or other service providers is more likely for most consumers than an attack on their device following theft or loss.
For both privacy and protection against criminals, cloud storage must become as impregnable as our physical devices. Do we truly lack the will or creativity to produce custodians who cannot recover our data without our permission?
> Do we truly lack the will or creativity to produce custodians who cannot recover our data without our permission?
It depends what you mean by permission. If you mean it's physically impossible, those exist, but then they can't help you if you forget your password so it's probably not the right option for most people.
All we need now is a piracy-style commercial to go along with the message:
"You wouldn't encrypt a child you just abducted. You
wouldn't encrypt potassium nitrate you plan to use to
make a bomb and blow up a bulding. You wouldn't encrypt
a stack of cash or a duffel bag of cocaine. So why would
you encrypt information you wish to keep private?"
The reality is that encrypted information may only be evidence of conspiracy, and even with 100% perfect encryption that the government is incapable of decrypting it's the equivalent of doing everything face to face, keeping the information in your head, and remaining silent under the Fifth Amendment. The government can't yet subpoena the contents of your thoughts against your will.
Besides which, as soon as something criminal actually becomes criminal there's physical world, tangible evidence that cannot be encrypted -- the child, the explosive, the stacks of cash. And even if it's a purely digital crime, if there's sufficient suspicion of a crime, the government can get a warrant to install surveillance equipment to watch the device in question and watch the plaintext evidence.
The problem here is encryption itself. You can't put the genie back in the bottle. I'm inclined to agree with him on the fact we need a compromise, before like he said something bad happens and a rushed solution is implemented that isn't optimal for either side.
However, I can't think of any of the government's proposed solutions as working. Someone who wants the security offered by encryption will just use a truly secure system, even if it means they buy the device or software on illegally or from a foreign country.
Where this is demand for true privacy, there will always be supply.
I don't see how any "compromise" can be anything but lose-lose.
Say you get Apple to agree to allow law-enforcement to have another data decryption key loaded onto every device that is protected by a device specific key that Apple will provide to law enforcement on request. In theory this sounds ok.
Until you realise that anyone intent on any ACTUAL wrong doing is going to also use their own software encryption to protect anything worth protecting.
All you have done now is reduced the protection of the average law abiding citizen by creating a possible attack vector (no matter how tanky Apple HQ security may be) and not at all enabled law enforcement to attack actual high value targets.
You could argue that high value targets are not the actual targets here.. but then why bother? Do you really need access to someones phone to prove they stole a car? Or shot up a bunch of people? No, good old fashioned police work is good enough for that. The only time I see the need for easy access to someones phone is criminal conspiracy and in that case it's highly unlikely they are going to be just relying on the devices full disk encryption.
The entire argument from law enforcement on this issue is a complete joke so far, they need to get with the times and retool for the threats of today.
The underwear drawer analogy highlights the schism here. On one hand, for people who don't think of their phone as "an extension of their brain" (to use a phrase I've seen here), it's puzzling to think we'd be on board with letting police search our most intimate places with a warrant, but not our phones. To those convinced that there is no way to allow reasonable access to law enforcement without allowing unlimited access to hackers, that position doesn't make sense.
My brain is not my underwear drawer. Sure, I'm going to be upset with you rummaging through my underwear drawer but there is a very good reason why regarding a phone as an "extension of the brain" should afford it much greater protection. Possibly even ultimate protection, that is in-accessible regardless of warrant.
My point is that if you see a phone just as a gadget, like I imagine Obama does, it is hard to see why it should get more protection than something really intimate like the inside of someone's house. That's the heart of why the two sides view this issue so differently.
Personally, I don't consider my phone any more private than my desk drawer. I don't put anything on my phone that I wouldn't write down on a piece of paper. I know some do, and they're entitled to their view, but I find Obama's underwear analogy pretty convincing because I think of a phone just as a gadget.
I'm sure you already know this argument, but it bears re-mentioning. It's not the things you directly store on your phone -- it's everything else. Your phone tracks where you go, what opinions you post about various things and when, the people you communicate with, your money, and your correspondence. Apple is making the case that your phone could basically turn into a traveling wiretap, listening to everything you say. I even saw a recent article that said folks are looking into using your phone to track when you have sex. The iPhone health app, if used, is about as personal as I could imagine anything being.
None of that bears on what sorts of extremely personal information you may or may not voluntarily choose to additionally put on your phone. In the aggregate, however, it's about as intimate as you can get.
I understand the "I don't put anything personal on my phone" statement. I feel the same way. But that doesn't mean that there aren't extremely personal and sensitive pieces of information on there -- information I would not want to be sharing with others without my consent.
The scale of this is the problem. A government mandated back door sets up a single point of failure for every phone in the world.
My other worry is that strong encryption already creates a black box. Obama is against the existence of black boxes, so the next logical step after government mandated back doors for phones is requiring that you share any encryption keys with the government.
But that's not the argument, and framing it as such is incredibly disingenuous on the part of Obama.
People aren't arguing whether government should have the right to search your phone. They have that right. I support them having that right (when under a lawful order).
The argument is whether manufacturers should be forced to weaken the security of their devices so that law enforcement can break in. In this, there is no difference between the physical and digital realms: we don't require safe manufacturers to build in government skeleton keys either.
> "if technologically it is possible to make an impenetrable device or system, or the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?
Won't somebody think of the children!!!
In seriousness though, the government and the the FBI have already show themselves capable of infiltrating and bringing down child pornography rings that use strong encryption.
There are ways to do that without backdooring everyone's phones 'just in case'.
It's the digital age. I am recorded on video at minimum, I would expect four times a day. I'm not a criminal. I'm commuting to work. The digital age has eroded the privacy that generations before us were able to take for granted. Does Obama want to eliminate the only guarantee to privacy that still exists in the digital age? The fourth amendment states: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." I wouldn't expect to be able to exercise that right, in any sense at all in the digital age, without encryption.
I am disappointed that he doesn't come out pro-encryption.
USA companies will end up losing business to foreign companies and organized crime (I include terrorists when I talk about organized crime) will have an easier time wounding both citizens and businesses via cyber attacks.
The funny thing is, one year ago he almost was. He spoke with President Xi in China about legislation Beijing was considering that would similarly handcuff tech companies [1]. He criticized Xi for this and pointed out that it would damage their economy.
I don't understand whether he continues to hold that view or not. Perhaps he does think it will hurt our economy but is worth the cost. Perhaps he thinks it is better for our security too. Of course he is wrong. I am so baffled that nobody has been able to explain this to him in a manner similar to the understanding Lindsey Graham was able to achieve.
Shouldn't the President have access to the best minds in technology? It's not as if any of us would refuse his phone call. Note I don't claim to be a best mind but I think I can talk through the issue to present understanding of the full tech side of the picture to a layperson, and at the same time be respectful of the challenges faced by the DOJ when trying to give justice to victims and security to the public. I think all of you on HN can, too.
> "My conclusion so far is that you cannot take an absolutist view on this," he said. "So if your bargain is strong encryption, no matter what, that we can and should in fact create 'black boxes,' then that I think does not strike the kind of balance that we have lived with for 200, 300 years, and it's fetishizing our phones above every other value. And that can't be the right answer."
> For more than 260 years, the contents of that page—and the details of this ritual—remained a secret. They were hidden in a coded manuscript, one of thousands produced by secret societies in the 18th and 19th centuries. At the peak of their power, these clandestine organizations, most notably the Freemasons, had hundreds of thousands of adherents, from colonial New York to imperial St. Petersburg. Dismissed today as fodder for conspiracy theorists and History Channel specials, they once served an important purpose: Their lodges were safe houses where freethinkers could explore everything from the laws of physics to the rights of man to the nature of God, all hidden from the oppressive, authoritarian eyes of church and state. But largely because they were so secretive, little is known about most of these organizations. Membership in all but the biggest died out over a century ago, and many of their encrypted texts have remained uncracked, dismissed by historians as impenetrable novelties.
Obama's claim should not be taken as anything other than a blatant lie he knows the majority of people are too ignorant to notice.
You seem to be making the bad-faith assumption that Obama is familiar enough with the history of strong encryption or Freemasonry that he'd know about the situation you describe.
Don't ascribe to malice, etc. (though of course when talking of the leader of a superpower, the ill effects of malice and ignorance may be indistinguishable enough to render the difference meaningless).
> (though of course when talking of the leader of a superpower, the ill effects of malice and ignorance may be indistinguishable enough to render the difference meaningless).
I was going to argue you with you until you added this. ;)
Malice and ignorance for someone in his position are identical in my world view. The man has a budget to hire the most intelligent people in the country to advise him.
Ignorance and/or incompetence in public interviews should be beyond the realm of a reasonable result.
Here in Ukraine, we have the same problem. If you publicly don't agree with the government's policy of tightening the nuts, you may face a prison term under any fabricated accusations, including "work for russian spies". Because "extremism" word isn't fashionable here since 2013-2014, all true Ukrainian patriots now get called "kremlin agents" by our corrupt government.
I grew up in Syria where most people considered the government and police to be a bunch of armed thugs. Now that I live in the West, I've come to the conclusion that this is the case everywhere, it's just that our armed thugs behave better and with (slightly) better restrictions than others, but these restrictions keep getting ignored as time passes or whenever they become too inconvenient to the thugs.
Yes. I grew up in a communist country and, while we had plenty of state propaganda, nobody believed it. I was shocked when I discovered that the western governments behaved the same way, with the exception that their citizens believed their propaganda.
The problem with state propaganda in communist/socialist regimes is that the state is so corrupt that it brings misery to the country, people are poor and have zero opportunities. This brings natural distrust in the government. Not to mention that critics of said propaganda are usually disappeared.
In the West, the corruption is not as strong, people have opportunities and a much better quality of life (everyone can eat, education, healthcare etc) and there is much more respect for due process. All this makes people trust their government a lot more, probably too much.
In the West, critics are allowed but tend to get lost in the brouhaha, they may be refused certain jobs and won't get invited to prime time tv but they won't be persecuted unless they're whistle blowers, in which case they will be labeled as traitors and sent to maximum security, not that different to socialist dictatorships. It's just that socialist dictatorships have a much lower threshold of what constitutes a traitor...
He's also a President who implicitly expresses support for the view that "Snowden is a traitor", by refusing to "pardon" him (which should never even have been necessary).
Sanders may be the only current candidate to differ on that issue.
We have way more information stored on these devices than ever before. They want it because it's there, not because they need it.
For example, the first mobile phones, could only store 10 text messages, you'd typically delete them after reading. Modern phones store years of messages, so the governments want that.
Further back, we communicated in person or the phone, for which there was no record of what was said (unless actively under surveillance). Now these conversations are stored forever Facebook messenger/What's app etc.
One solution would be to simply automatically delete messages after reading.
There was another discussion about this which dropped off the front page [1]
I am not as bothered by Obama's conclusions as I am bothered by the errors in his supporting facts. These are going to contribute to the mis-education of portions of the American public. Here is his full keynote which I think we all should watch [2]
One year ago President Obama held nearly the opposite view. He spoke with President Xi in China about legislation Beijing was considering that would similarly handcuff tech companies [3]. He criticized Xi for this and pointed out that it would damage their economy.
I don't know whether Obama continues to hold the view that mandating backdoors would damage a country's economy or not. Perhaps he does think it will hurt our economy but is worth the cost. Perhaps he thinks it is better for our security too. Of course he is wrong.
I am baffled that nobody, to date, has been able to explain the entirety of the issues we must balance to maintain public safety and security to our President. Senator Lindsey Graham (R-SC) was able to achieve that understanding [4]
Shouldn't the President have access to the best minds in technology? It's not as if any of us would refuse his phone call. Note I don't claim to be a best mind but I think I can talk through the issue to present understanding of the full tech side of the picture to a layperson, and at the same time be respectful of the challenges faced by the DOJ when trying to give justice to victims and security to the public. I think all of you on HN can, too.
Fortunately, some Congressmen are well-informed. They realize Apple is not simply being disobedient here. Lindsey Graham changed his mind [4] and Mike Lee made great points too [5] in an oversight hearing this week. Dianne Feinstein is of course still clueless [6]. Other personalities have also changed their views when presented with facts. Sam Harris was initially very outspoken against strong encryption [10], but then changed his mind after reading responses to his initial video [11].
On balance, putting backdoors on encrypted devices is not the right way to maintain security. For Obama's understanding, I'll concede one circumstance under which I feel we ought to help unlock an iPhone.
In the incredibly movie-like scenario where the location of a nuclear weapon is hidden on an encrypted iPhone, then we should sick all our computers on decrypting that phone. I believe this is already done by the NSA program, Bullrun, revealed by Snowden.
Obama thinks he has technological advisors but he doesn't. Around 12:00 in the full keynote [2], he starts to talk about how he has coordinated with technologists to form a special task force that solve persistent technological issues the government faces. I think that is a good start. But he is still missing someone or some group who he trusts to act in an advisory role to him about technology and, in particular, encryption. In fact, in this part of the keynote, he's trying to appeal to technologists, but he's still treating them as a mere tool to bring about his goals. He says "We want to create a pipeline where there's a continuous flow of talent that is helping to shape the government." [2a] He says government propaganda is dangerous [2b], yet does not listen to the leagues of technologists who tell him backdoors are bad, or even himself from one year ago [3]. He is pursuing his own agenda and engaging in government propaganda that is unfactual, thus doing the very thing he says he isn't.
I do believe that if Obama understood the facts about encryption then he would come to a different conclusion. If he really understood the equation, and the factors we must balance to maintain public security, then he would not be asking tech companies to add backdoors to their devices. However, at the moment he does not understand the technology, therefore he does not know the things we must balance, and therefore the result of his equation is wrong. There's an error in variables he's established in his mind. His calculation of the final result is reasonable given the facts he understands, but the calculation is based on mis-information.
Let's inform each other and contact our representatives to make sure they are informed so that when the time does come to vote on this issue, we are all voting knowing that the debate is primarily about security vs. security [7] [8] [9], and not just security vs. privacy.
I will and will post the link. In the mean time I have a running summary of events here [1]. It's a little bit behind. Things are moving very quickly now.
I also wrote one letter to an assemblyman in California, Jim Cooper, who is proposing a law based on language from Manhattan DA Cyrus Vance [2]. I'll include that in the repo too. It's not comprehensive because there was a 2,000 character limit on the form used to send him comments, but it's something.
I'd rather not call it a war folder. This isn't a war. It's about educating reasonable people. Obama is simply missing some pieces to the equation, and we need to find a way to get him and the public those pieces. For the public, it's going to be even trickier, because the message will need to be very succinct. I think we can do it either way, so long as we stick to the facts and stay away from persuasive methods rooted in fear, uncertainty and doubt. Let us inform the public so that they are confident they are more safe and secure when they support strong encryption.
But the president warned that "America had already accepted that law enforcement can “rifle through your underwear” in searches for those suspected of preying on children"
This is a poor and emotive analogy.
Access to a smartphone is more analogous to having an invisible, all seeing, all hearing, time travelling drone being sent to any time and location the authorities desire, where it can spy on a suspect with impunity.
Well, if there's any silver lining to this ... hopefully this will galvanize Republican opposition to encryption backdoors. Wouldn't want to be seen agreeing with the president, after all.
There is nothing bad about all of this, if there are proper mandates. The only obstacle here seems to be iPhone fanboys who feels they are attacked for some reason.
On top of this, if Apple really wants to not fall into this situation, they should have built a phone even they could not break (which I thought was already the case, and I'm surprised they didn't). If they can break into this phone, they should let it happen so that the FBI can do it.
And even if they don't supply this software, somebody else, or the FBI, will do it instead. Which is what Snowden said.
In the end, why should only Apple be able to break in that device? Nobody should be able to, not even Apple. That's what I feel it's Apple fault anyway.
To be fair this seems to be a play to make companies like Apple, who hold so much data about their users, to look bad. Because this only shows that Apple can access that data, which to me is a bad thing in itself.
Here you go: https://www.youtube.com/watch?v=6RNKtwAGvqc, it's 8 minutes, feel free to still hold your opinion afterwards, but challenge yourself to listen to someone give you substance instead of "whatever" reasons. They kind of matter a lot, and whether it's "Apple" or someone else is pretty much irrelevant.
As I said, Apple shouldn't have made this "golden key" possible. That's on them.
Same thing for the juniper backdoor.
It should be up to the government to tighten up internet infrastructure security. I really don't see any initiative to do so, and it's the same thing for most businesses: there are no "security standard", mainly because all those communication technologies are very new, and a little too complex for engineers to think about making rules about them.
Ultimately, the law will say the last word, because that's how things work. I don't think tech companies should do what they want in all the countries of the world. If apple doesn't comply with the FBI, that same kind of story will happen later for another company in another country.
My point is that all those technology are new, so there is this vacuum which makes it impossible to really define things or protect yourself.
All those could be solved if there were better security standards, or any standard at all, no data centralization (all internet is structurally centralized), and more consumer awareness. P2P techs are already quite secure, and would make things very difficult for intelligence agencies.
A basic security problem is figuring out who you can trust. You often need to trust something by default (hence root CAs in operating systems and such), or you need to have a mechanism for building trust (e.g. networks of trust such as sharing GPG keys).
And unfortunately we have seen plenty of examples of how screwed-up a default-trust scheme can become. Laptop vendors have abused their root-CA authority multiple times now, in recent memory. You don’t want the keys to the kingdom in anyone’s hands.
Besides, no matter how many assurances you give me today, I have no idea how careful you are when hiring people or how well you secure your Magic Keys. In the end, they get out in the open. This is why you can’t allow for even a single hole in the system.
I changed my mind. I was in the corner where I was against all forms of backdoors, but Obama convincd me that there are circumstances that one wants to break encryption. Any governement can ask a judge for a house search warrant if there is good reason to it. We do this for rapists, child pron and in lots of other circumstances. This is the good side of law and order.
So we need to rethink the current situation. The point is that the current proposal is insane. A master key to a backdoor for the US government (not other governments) is a bad idea for many reasons. So are there better alternatives?
Of course there are and I think that we should look at the best alternative such that we keep our privacy AND police can ask a judge to break encryption of a phone or any storage device.
The first and obvious problem is how to break encryption. One could look into a system where the 'backdoor' needs three keys to open; one from a government, one from the supplier and one from a 'independent' agency (I do not present details here, I merely want to show that there may be alternatives looking at). A 3-key backdoor may work and break encyption on phones of rapists, terrorists and suspects of other crimes. Note that every request of the FBI and other agencies will have to go through a public court.
The second problem that I see is the secret orders in the US. There are no guarantees against unlawful behaviour of government agencies if the secret courts continue to exist. One can only have enough privacy if one can defend itself in a public court and the actions of governments are transparent. This is maybe the largest problem to overcome since the US government agencies like their secret powers (too) much. I think that the public cry for encryption and privacy is a reaction to the secret powers of the agencies. One can argue that Apple has enough of the secret powers and choose the path of unbreakable iphones because of this. So if these agencies cannot give gag orders to companies and cannot give secret orders to hand over data about individuals, the public might accept a 3-key backdoor.
First I thought: Not bad idea, I may agree. Then I thought: backdoors are backdoors are backdoors. I think the problem is that there is nothing like a very very secured backdoor. I don't know if something like a 3 key backdoor is even possible technologically. Another thought: There is not only the USA. Phones are used everywhere in the world. What about a search warrant in another country? What if other countries use this backdoors for other things?
Last personal thought: I'm not living in the USA and I fear this government will not do any good things for myself (especially since Snowden). A backdoor mostly in US hands is a very bad thing for me and I would not use products which such a US backdoor.
I think your standpoint may well be what the majority considers reasonable, but consider this; nothing stops a criminal from using encryption technology without backdoors. There is no way to ban such technology, because it is already available for free from websites all around the globe, and distributed with free operating systems.
So what you end up with is a gimped encryption technology that is much more vulnerable than what we have now for the common man, and strong encryption (available for free, right now) for everyone with a modicum of know-how.
And how would you implement a global three-key backdoor? Which governments get to participate? Or should each country get their own backdoor for computing devices sold locally? Can I legally buy a computing device from another country and use it here? Can I legally install software of my own choosing?
What about when via #2, the government covertly works its way up to obtaining the 3rd party's key? With a 3-party system you now have targets for the biggest party to go after. If the US gov gets BigTechSoft's key, then the whole scheme fails. The NSA (gov) has been found doing exactly that already. Back to single point of trust/failure.
given US gov's past 50 record of fucking up security every single time how can you even think this?Its like giving a mentally challenged person a loaded revolver and expecting safe things to happen
Hardly unexpected. On technology, this administration has been as stupid and uninformed as any and all before it. When does the time come when the people have had enough and we stop listening to luddites and idiots and start listening to educated people who understand technology? We are at the brink of an economic collapse if the FBI gets its way and yet we're concerned with the work phone contents of a simple murderer? Obamacare and any other achievements Obama has so far won't fucking matter if we can no longer conduct any transactions online which is exactly where this administration and the shameless and incredibly fucking stupid and useless FBI are pushing us to.
The 4th amendment is by its very nature a compromise between safety and privacy. Otherwise it would say people had a right to be free from search and seizure, not "unreasonable search and seizure." And it wouldn't say anything about warrants.
So Obama is pro civil liberties, but hey, you want to compromise now, because as soon as a(nother) big thing happens (9/11), Congress will come in and do whatever it pleases to do an end around any privacy concerns. The scary thing is that privacy is not one of the 'inalienable' rights in the Constitution, and it needs to be built up in the Bill of Rights via interpretation of the various amendments, the ninth being the general blanket one here. I don't get it; this is the work-issued phone they are fighting over. It's been said before. The terrorists destroyed their personal phones, not their work phones. If this isn't a power play by the government and law enforcement, in light of that fact, then how do you rationalize this President Obama?
This is just to create jobs. Insecure encryption means people have to be tasked at cracking it. More people are tasked analyzing the data. More people are tasked making an action plan in response. More people are tasked acting on it.
With secure encryption, none of this is possible. And should not be.
Obama and the government should be focused on actual bad BEHAVIORS not words that happen to float in the ether. Behaviors like the metadata of the terrorist's phone- who they called, where they went , etc. I'll allow them to see what I do and where I go on the net. But not what I am saying or thinking.
Obama's statement is not, on the surface, unreasonable.
However we are not talking about a classroom scenario in which we are prioritizing our phones over other values.
The US Government secretly built a massive illegal surveillance infrastructure for spying on the American public and the citizens of nations we consider allies!
Since the programs were revealed by Snowden and corroborated by others, Obama has not once spoken directly about the excesses. He has not accepted responsibility for any mistakes, or vowed to take any corrective action. He's simply ignored the issue and let a few outspoken retirees from the intelligence community wage the PR campaign on his behalf.
Many of us realize that if we can't use strong encryption on devices, the power and scope of existing surveillance will increase dramatically.
Many of us realize that there has not just been a propaganda campaign by government to legitimize its surveillance goals, but outright lies reassuring the public that the data would only be used to fight terrorism (itself subject to an ever-expanding definition).
As we should all have learned by now, any mention of terrorism or child abuse or accusations of "absolutism" is clear evidence that we are hearing a propaganda message.
Government does not care about enforcing laws for the sake of justice, it cares about perpetuating its own power. The key insight of the American Revolution was that government should have reduced and carefully enumerated powers. Obama disagrees strongly with this.
If this is what happens when we elect an former constitutional scholar to high office, I shudder to think what will happen when someone with less exposure to enlightened ideas takes the helm.
Obama has never been "liberal". He capitalized during his first campaign by proposing a more business-friendly version of national healthcare, subtly eroding support from Clinton, while pretending to the democratic base that he had made fewer compromises and was more true to the party's views.
Both major American political parties are predominantly conservative. This is the only explanation for the success of someone like Trump, who is an extreme authoritarian more than a holder of any specific political ideology. With these remarks we see clearly the strong authoritarian streak in Obama, and also the blatant propagandist attempting to lure us into granting Government excessive power by fear-mongering about terrorism (which was George W. Bush's most insidious trait).
The key point is that we can't trust a government that has already betrayed our trust substantially and has not acknowledged the scope of illegal surveillance or sought remedies to restore the public trust. Also, the FBI's botched handling of the San Bernadino shooter's phone shows us that our most trusted law enforcement agency lacks basic competency with technology.
It is not an absolutist stance to call out the lies, propaganda and mishandling of data. It's simply common sense exercised by people who actually understand the power of data and the significance of widespread breach of that privacy. In order to engage in a calm and timely debate, Obama has to acknowledge and address the excesses that were revealed.
We should all expect more from our president than propaganda and fear-mongering.
Really well put, thanks. It's a little meaningless to acknowledge Obama's straw man opponent, but on a purely tactical level I think it is more effective to seek out maximalist position that includes not just a right to strong encryption but also a scaling back of mass surveillance, as you are advocating here. It is unfortunately too easy for him to paint the pro-encryption side as absolutists when the debate reduces to a binary strong vs weak encryption. It is really disheartening to see him take this position.
How many of the people objecting to this now will obediently line up to vote Obama's Secretary of State into the presidency this November? That's the point where we'll learn how important the issue actually is to them.
Everyone here seems to be attacking a point the article didn't make, while avoiding the point that was made. Our legal system catches criminals by looking at what occurred leading up to and following a crime, and using that information to determine the perpetrator. As it stands, most crimes occur in the real world, and therefore most evidence is unencrypted. As things become more and more digital, evidence surrounding crimes will be more digital as well. If everything is completely encrypted, then there will be no evidence for police to look at, no way to trace the perpetrator.
This article has no mention of FBI backdoors, and Obama is in fact asking for people to propose other solutions. The question falls on everyone: How will we catch criminals in the digital age?
Before the net and big data, investigation for facts based on analyzing clues and motive led to warrants for discovery of information. Even these warrants were only for concrete evidence. They did not allow for the administration of 'enhanced investigation' to draw out the thoughts of the suspects.
What has changed is that the phone has become an archive of my life and contains much more information than just a phone log. Invading my phone is equivalent to invading my brain. The govt already has mountains of metadata. Suspects are not invisible - they already are tagged by association. And email data, text data, and telephone data is all old. Even without decryption, there is so much of it that analysis cannot be done by humans. And by the time it gets to a human it's hours to days old - STALE.
Fresh intel requires surveillance. Drones are as small as flies and just as numerous. Real time surveillance of suspects by robot swarms is far better than analyzing cryptic email messages. Another change that has further enabled tyrannical control now is that tech allows mass surveillance, whereas in the 'good old days' , the govt had to be focussed and behave with more care simply because they did not have the resources to wiretap everyone.
Misuse of data ALWAYS happens because people are people. In the good old days, we would shudder at the idea of a guy like Trump with his finger on the nuclear button. giving him the ability to look into anyone's ledger is just scary.
But it will never be that all data is encrypted and out of the view of police. Even if a person were to encrypt all their own data, then any time that person interacts with the rest of the world, those interactions could be subject to observation/tracking/subpoena/etc.
There will always be crime scene forensics, surveillance cameras, human interviews, and all manner of other data collected and available for police to investigate crimes.
Physical evidence is frequently hidden, obscured, and destroyed. Hiding evidence is constitutionally protected.
Is there more to this argument? "everything completely encrypted" doesn't really mean anything. What problem does the digital age present that require new trade-offs?
All of us value our privacy, and this is a society that is built on a Constitution and a Bill Of Rights and a healthy skepticism about overreaching government power. Before smartphones were invented and to this day, if there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear at your doorstep and say we have a warrant to search your home and can go into your bedroom and into your bedroom drawers to rifle through your underwear to see if there’s any evidence of wrongdoing.
And we agree on that because we recognize that just like all of our other rights, freedom of speech, freedom of religion, etc, that there are going to be some constraints imposed to ensure we are safe, secure and living in a civilized society.
Technology is evolving so rapidly that new questions are being asked, and I am of the view that there are very real reasons why we want to make sure the government can not just wily-nilly get into everyone’s iPhones or smartphones that are full of very personal information or very personal data.”
What makes it even more complicated is that we also want really strong encryption because part of us preventing terrorism or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitized, is that hackers, state or non-state, can’t get in there and mess around.
So we have two values, both of which are important.
And the question we now have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there is no key there, there’s no door at all? And how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available that even do simple things like tax enforcement? Because if you can’t crack that at all, and government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket. So there has to be some some concession to the need to be able to get to that information somehow.”
Now what folks who are on the encryption side will argue is any key whatsoever, even if it starts off as just being directed at one device, could end up being used on any device. That’s just the nature of these systems.That is a technical question. I am not a software engineer. It is, I think, technically true, but i think it it can be overstated.
So the question now becomes, we as a society, setting aside the specific case between the FBI and Apple, setting aside the commercial interests, the concerns about what the Chinese government could do with this even if we trust the US government, setting aside all these questions, we’re going to have to make some decisions about how we balance these respective risks. I’ve got a bunch of smart people sitting there talking about it, thinking about it. We have engaged the tech community aggressively to help solve this problem.
My conclusion so far is that you cannot take an absolutist view on this. So if your argument is strong encryption no matter what, and we can’t and shouldn’t make black boxes, that I do not think strikes the balances we’ve struck for 200 or 300 years and it’s fetishizing our phones above every other value. And that can’t be the right answer. I suspect the answer will come down to how can we make sure the encryption is as strong as possible, the key as strong as possible, it’s accessible by the smallest number of people possible, for a subset of issues that we agree are important. How we design that is not something I have the expertise to do.
I am way on the civil liberties side of this thing…I anguish a lot over the decisions we make in terms of how we keep this country safe, and I am not interested in overdrawing the values that have made us an exceptional and great nation simply for expediency. But the dangers are real. Maintaining law and order in a civilized society is important. Protecting our kids is important. And so I would just caution against an absolutist perspective on this.
Because we make compromises all the time. You know, I haven’t flown commercial in a while. But my understanding is that it’s not great fun going through security. But we make the concession. It’s a big intrusion on our privacy, but we recognize it as important. We have stops for drunk drivers. It’s an intrusion but we think it’s the right thing to do.
And this notion that somehow our data is different and can be walled off from those other trade-offs we make, I believe is incorrect. We do have to make sure, given the power of the Internet and how much our lives are digitized, that it is narrow, and is constrained, and that there’s oversight. I’m confident that this is something that we can solve.
But we’re going to need the tech community, the software designers, the people who care deeply about this stuff to help us solve it. Because what will happen is if everyone goes to their respective corners and the tech community says ‘Either we have strong, perfect encryption or else it’s Big Brother and an Orwellian world,’ what you’ll find is that after something really bad happens, the politics of this will swing, and they will become sloppy, and rushed, and it will go through Congress in ways that have not been thought through. And then you really will have dangers to our civil liberties because the people who understand this best, who care most about privacy and civil liberties, will have disengaged or taken a position that is not sustainable for the general public as a whole over time.
> You know, I haven’t flown commercial in a while. But my understanding is that it’s not great fun going through security. But we make the concession. It’s a big intrusion on our privacy, but we recognize it as important.
I cannot agree that I recognize the "security theater" conducted by the TSA as important or useful. [1] I will grant that it may have helped the airline industry continue to attract travelers during the fear-filled period immediately following 9/11. Was that worth infecting air travel with a self-perpetuating institutional virus?
Are we prepared accept the consequences of similarly infecting a vastly more significant industry?
Thank you for posting a transcript! It is valuable for me to see the arguments laid out in text.
The tone is so reasonable but there's a fair amount of manipulative scaremongering here.
1) child pornography
2) terrorists
3) wealthy tax evaders (?!)
theyll have to work a little harder to catch 1 and 2 without putting everyones communications into a dragnet. Not even sure what he's getting at with the talk about Swiss bank accounts. It's just nonsense.
If interviewed Obama I would ask him if he has to go through a TSA checkpoint when he boards AF1. I would ask him to reveal all top secret security information to me. I would ask him for the nuclear codes. I would ask him for an advanced copy of his schedule for the next 6 months. When he refused to answer I would ask him why he thinks his security is more important than mine.
"I am way on the civil liberties side of this thing…I anguish a lot over the decisions we make in terms of how we keep this country safe, and I am not interested in overdrawing the values that have made us an exceptional and great nation simply for expediency. But the dangers are real."
> "My conclusion so far is that you cannot take an absolutist view on this," he said. "So if your bargain is strong encryption, no matter what, that we can and should in fact create 'black boxes,' then that I think does not strike the kind of balance that we have lived with for 200, 300 years, and it's fetishizing our phones above every other value. And that can't be the right answer."
> For more than 260 years, the contents of that page—and the details of this ritual—remained a secret. They were hidden in a coded manuscript, one of thousands produced by secret societies in the 18th and 19th centuries. At the peak of their power, these clandestine organizations, most notably the Freemasons, had hundreds of thousands of adherents, from colonial New York to imperial St. Petersburg. Dismissed today as fodder for conspiracy theorists and History Channel specials, they once served an important purpose: Their lodges were safe houses where freethinkers could explore everything from the laws of physics to the rights of man to the nature of God, all hidden from the oppressive, authoritarian eyes of church and state. But largely because they were so secretive, little is known about most of these organizations. Membership in all but the biggest died out over a century ago, and many of their encrypted texts have remained uncracked, dismissed by historians as impenetrable novelties.
Encryption was in the hands of people outside the government since before the US came into existence.
I have to sympathize with Obama here. Although I am very much pro-encryption, the arguments here are not convincing at all; you'll have a hard time convincing people by dismissing their views or implying that they don't know what they're taking about or instilling fear that all the tech companies will leave the US.
The way you talk to people is more important than the points you're making.
Phones should be searchable with a court order. If Apple or any other company insists on making a phone that cannot be searched with a court order, the congress will simply pass a law forbidding the sale of such devices in the USA (the same kind of law/regulation that exists for radio devices and interference). A consumer device should be "searchable with a court order"|"accept interference".
"simply pass a law forbidding the sale of such devices in the USA"
1. They can't even restrict sale of guns, let alone ban them.
2. Banning the iPhone would make the issue headline news.
3. There'd be riots on the streets.
4. if they did, it'd back to the prohibition era, more crime, violence etc.
1. There's no constitutional right to an encrypted phone.
2. No silly, they'll ban unbreakable encryption, and Apple will follow suit. IPhones will be searchable with a warrant. IPhones sales will drop an 0.0001%.
3. moot
4. Really? "No IPhones => more crime, violence"? is this the epitome of #FirstWorldProblem?
1. Criminals will still use encryption / get guns. Only lawful people will be harmed.
2. Compromises will just lead to defeat for the pro-encryption / pro-gun side.
3. If we want to stand up for all of our other civil rights, we need the right to encrypt / bear arms.
4. Consequentialism: the number of people being harmed by encryption/guns is smaller than the number of people who would be harmed by living in a world without encryption/guns.
Personally, I think these are all solid arguments that work for both guns and encryption, but I'm generally more libertarian than many in the SF tech scene.