The UK is fairly close to crossing a line which would require me to either stop working (and do everything under the radar), or leave the country.
It sounds like the US might be doing a similar thing soon.
What happens if all of the (semi-competent) developers suddenly either refuse to work or simply can't?
The whole situation is truly bonkers to me - there is no debate to be had at all. If you ban secure encryption I cannot stay in your country any more - it is the last warning sign I will accept, if I wait too much longer the borders will close before me.
It represents my elected government telling me that I cannot do a thing which I do every single day without fail. It's as if someone turns around and says to my grandmother 'knitting is banned'. That just isn't how it works.
The history of civilization is full of battles over technology between the people and the government. New technology arrives that disrupts government functions and the government had to go about banning and controlling it. It's a pretty regular thing. The mandarins cracked down on tech development in China leading to stagnation. The Ottomans banned the printing press. The Japanese shut out all outside influence for a few hundred years. Now we ban encryption. Go figure.
There seems to be a difference between your examples and encryption though. All of your examples were developments that created positive value. AFAICT encryption in itself doesn't create positive value, it only prevents negative value. If, for example, our letters couldn't be opened, encryption would only be a waste of resources.
It is an undisputed historical fact that ubiquitous strong encryption was the primary enabler in the explosion of online commerce. What are you even talking about?
Those were the two most relevant links from Googling "ecommerce encryption". Regardless, without the ability encrypt personal and payment data for ecommerce transactions, it would've never succeeded.
That's not true. Being able to programatically verify (via public private key) makes things like ssl/key authorities possible. That's a multi-billion dollar industry.
That just means you have a broken way of assigning value which gives zero credit to inventions which enable other inventions, or provide safety, or mitigate risk.
Do tools have value? If you make something with tools, it's not the tools themselves which made it.
How about this one: the invention of the concept of a written contract with authenticating signatures and seals, allowing business to take place. (Together with a legal system for enforcing contracts.) Courts and documents themselves don't produce tangible value.
Insurance doesn't product value, but it protects. It has monetary value, demonstrated by the fact that people make premium payments to maintain it. Many never collect a dime over the life of an insurance term.
All kinds of infrastructure is an indirect example.
It would be great to see large website blocking government IP addresses, even for a few days Why give access to people who are trying to attack the system?
Obviously no company would do this but holy shit would that make the point. Just imaging Amazon, Apple, Google; practically everyone requiring government based IP addresses to go through HTTP for authentication, purchasing, etc and how quickly all of their data gets spilled onto the internet.
I mean ultimately it would be a "dick move" anyway but it would drive the point home so quickly.
The problem is the people in charge usually aren't smart enough to understand WHY we need encryption AT ALL. The majority of them most likely don't know the difference between HTTP and HTTPS
Exactly. Moreover, it's not like there's an immediate cause-and-effect of "use plain HTTP, get owned immediately". Instead, their credit cards and personal info would hit the black market, get aggregated and sold months down the road.
And even when that DID happen, it's not like the fact that their bank account is drained and their identity stolen is immediately determined to be a cause of X transaction on Y date over Z website.
In other words, it is hard to connect plain HTTP to identity theft even for the more-savvy let alone the common government worker.
Is there some reason why the government wouldn't be able to license the use of unadulterated crypto for purposes it doesn't give a shit about, like you transmitting your credit card number to online retailers, while mandating some form of government access in situations where it does give a shit, such as being able to access the data stored on disk-encrypted cell phones?
Fair question. Sounds like you don't know much about encryption. I'll do my best.
Encryption is software-based and is as available to people connected to the internet as checking out a book from the library. Using encryption is free, and writing software that makes use of encryption is something anyone could teach themselves.
I think what you're getting at is, why can't we have some forms of encryption that have back doors for government, and other forms that have no back doors.
Think about computer viruses. They are designed to infiltrate your system, and any system that is like yours. If a virus targets Windows 7 and infects your computer, then it would be able to infect any Windows 7 machine. The same is true for bugs or vulnerabilities within legitimate software.
Say I run a WordPress site. The computer that serves my website runs WordPress 3.4, for example. Let's say a weakness is found in WordPress 3.4 that allows anyone using the username "jabberwocky" to log into my site and gain administrator privileges. This enables them to edit text and photos on my site. WordPress discovers this weakness and releases an upgrade to 3.5 which fixes the bug and no longer allows users to gain administrator status when logged in as "jabberwocky".
If I don't upgrade my site to 3.5, my system is still vulnerable. Further, everyone knows about the weakness in WordPress 3.4 because the 3.5 release notes explain the reason for the upgrade. My site becomes an instant target for any hackers. If my business were based on this website it could really hurt my reputation, profits etc. if someone were to gain control of my site.
What the government is asking Apple to do is allow them to login as "jabberwocky" whenever they have a warrant. By doing this, Apple enables anyone to login as "jabberwocky" so long as they have the special software which Apple is being asked to write. And, since the government is asking for this access permanently, Apple will never be allowed to modify this security weakness sufficiently so that it does not exist, because by court order it must exist.
The final point I would make is that since encryption is so readily available, any user can download software that makes use of encrypted communications in less than a minute with an internet connection. Compelling Apple to weaken their encryption system does nothing to provide the DOJ with access to data within these other communication programs. Some examples are Signal, wickr and Telegram. Senator Lindsey Graham makes this point at the end of his questioning of Attorney General Loretta Lynch [1]. I hope you'll give it a listen.
The answer to this question is why the US must resist the mass invasion of government into our private lives. For many other issues, people from around the world still answer the question "where would you go" with the US.
In the US we actually have a chance to push back on our rights and enshrine them constitutionally. For the US this must be the end goal of the discussion on the privacy and encryption discussion. Protecting and clarifying existing rights, 1st, 4th, 5th all apply here and the courts should uphold them in the face of the executive branch and commercial interests pushing invasion into normalcy.
If we fail to protect those rights and clarify their meaning in the 21st century the answer to the question "But where will you go" will be "there is no place to go".
The result of these kinds of policies is brain drain. The people you are trying to ban the actions of are both some of the most driven and outspoken in the world, and also some of the most economically desirable in the world. If you prevent them from investigating their pet projects in their homeland, they will simply go and do it in another country, because it's not an obstacle for them. There's a tonne of countries out there that would gladly roll out the red carpet for a tech exodus from the former commonwealth states.
You think the governments of Ukraine, Mexico, Hungary, and Argentina ask nicely when it comes to this?
Hungary is a borderline dictatorship. Ukraine is a war-torn mess, and then some. Mexico is one of the most corrupt countries, with little to no history of respecting individual rights. Argentina just nearly became a failed state on par with Venezuela (the verdict is not yet in on whether they've avoided that outcome).
Half of that list is terrible and entirely unrealistic. Silicon Valley developers are not going to Hungary and Mexico.
As a German I do know about what the Stasi did. The thing is that most Germans don't acknowledge the relationship between what was going on then and what is going on now.
I don't know a single (German) person outside of tech who thinks anything they (ordinarily) do online or on their smartphone could be used against them in one way or another.
Some may complain about the government but they didn't change their habits when it comes to using their smartphone or laptop. They don't realize that, for instance, every picture they add to facebook will train algorithms that could be used for all kind of purposes.
President Gauck doesn't think it is valid to compare the Stasi and the NSA
> Gauck wehrt sich gegen Vergleich der NSA mit der Stasi
Das erklärt auch, warum er in dem Interview jeden Vergleich zwischen den Methoden der Stasi und den Aktivitäten der NSA weit zurückweist. Die Stasi habe wie jeder Geheimdienst in einer Diktatur "Krieg gegen das eigene Volk geführt". Sie habe die Bürger bespitzelt, um diese Bespitzelungen gegen die Bürger zu richten. Davon könne aktuell nicht die Rede sein. "Hier sprechen wir von einer Gefahr für die Demokratie innerhalb der Demokratie."
And Chanchelor Merkel declared data the "raw material of the 21th century"
and urged Germans to rethink their position on privacy
> Bundeskanzlerin Angela Merkel hat Daten als "Rohstoffe des 21. Jahrhunderts" bezeichnet. "Hier müssen wir jetzt aufpassen, dass der Datenschutz nicht die Oberhand über die wirtschaftliche Verarbeitung gewinnt", sagte die CDU-Politikern am Montag in Berlin beim Verlegerkongress Publishers' Summit.
"Those who cannot learn from history are doomed to repeat it"
Thanks for elaborating. I feel somewhat foolish trying to tell a German about the Stasi. On the internet we assume everyone is an American - well unless you're the NSA watching in which case it's definitely not domestic surveillance ;-)
As a European of 30+ years, I am actually pretty optimistic in that there is, in all areas of politics, a certain point at which EU governments will refuse to follow the US down the rabbit hole.
Germany feels pretty strongly about privacy (albeit not absolute privacy), and I doubt that they will start passing laws just "because the US did it".
UK, I'll give you that. Then again, the UK is culturally closer to the US than to mainland Europe in many ways, this being one of them.
I'm a bit less optimistic. Take the recent seizure of Cock.li servers in Germany [1].
Regardless of what you think of the Cock.li service or its owner, the seizure of all the company's emails suggests that demands from police authorities or politicians take precedence over data privacy concerns - even in privacy-conscious Germany.
I hope / believe this is true. And then the EU will be the beneficiaries of being the countries best situated to provide technological devices and services without weakened security.
The two biggest political parties in the UK are both broadly pro-surveillance and see things like the ECHR as an annoyance. As elsewhere the majority of the public in the UK is disinterested. The vocal minority are ignored or outvoted.
Switzerland is also quite adamant in protecting privacy. And from what I hear a great place to start a business.
As for UK, from what I understand they have an open channel with US in terms of information exchange for anti-terrorism. Perhaps due to that it's expected from them to follow suit with US in legislation if they want to stay in the same terms. That would probably extend to a few other countries who are in such a privileged relationship.
IBM and Yahoo are sinking ships; becoming unionized to get job security there is the equivalent of lashing yourself to their mast, when you should just get in a lifeboat.
The problem with a boycott of that kind is that it would take too long to have consequences feeled by the general public. It’s not like we could block roads and disrupt public transportation. While the whole world is relied on computers a very small percentage of everyday work is mission critical to need a constant maintenance and care by developers. From the other hand it could hurt businesses which isn’t our goal since most of these guys are probably already on our side.
We should find something more targeted that could have a greater impact in a shorter timeframe.
I think they'd notice quite quickly if the whole of Google went offline for a week or so. Like literally, no search, no gmail, no maps, no anything. Now imagine if other large companies did the same, like Apple, Microsoft, Amazon, etc. Heck, want to make a real effect? Have a boycott which takes AWS offline for a few weeks, including everything hosted on it.
The consequences would become clear soon enough. Bonus points if the White House and Houses of Parliament sites were taken offline with it.
Sure, but as I said in my parent comment in such a case we're hurting corporations. Why would we want to do that? Google isn't our enemy here, they're probably in the same boat as we're. Of course they could willingly participate which would be a game-changer but I seriously doubt they'd go in such extreme measures because it could alienate them in the eyes of the state.
>Google isn't our enemy here, they're probably in the same boat as we're.
Google is the enemy. Like Apple, they're a PRISM participant, and while that doesn't necessarily mean they offer "direct and open access to all user data" like some believe, it still means they willingly collaborate with the NSA, because they're required and obligated to do so under the law. Any company subject to US law is also subject to NSLs, with which they can be forced to act as covert agents for the NSA.
We're all in the same boat, but that's because the enemy is us. The entirety of the United States' IT and electronics industries is the enemy, here, and the victim.
There is too much money & shareholder interest tied up in those companies for that to happen. You can't just shut down a money machine unless shareholders approve or you can show why this is the best thing for your shareholders and you're acting responsibly. I think you'd have trouble proving these things because this is a polarizing topic. If you ask most people outside of tech circles they don't really care that much.
With a good chunk of US developers it wouldn't take more than a few days before employers felt the pain and it had generated plenty of headlines.
Sure, employers would be wrongfully punished, but they'd all spend more money buying political decisions in favor of encryption (and spending money seems to be the only way to influence politicians in the US nowadays).
While I agree with the sentiment, I fear that for many software developers ensuring the continuity of their livelihood is more important — either by necessity or choice — than defending the right to privacy and the freedom to keep private records.
Supporting your children extends beyond giving them a genome and physical sustenance. Genes haven't been the primary avenue of change in our species for at least a hundred thousand years. The significant things we pass on to future generations are our cultures, our languages, our ideas, our ways of life.
Every moment we are building that inheritance.
If we want to give your children and theirs a world where their hearts and minds are nurtured, where they are able to live with integrity and human-heartedness, then we're going to have to make some uncomfortable changes.
I should note that I don't really have a strong opinion on the idea of a boycott. I'm just reacting to the feeling of impossibility that people always express whenever someone proposes a challenging idea. In my experience, that feeling is typically where we hide the simple solution to a problem.
Move to a cheaper house, save up six months expenses. If the issue isn't important enough to sacrifice your comfort for it, it won't go your way. Your children will grow up as subjects, rather than citizens.
That is exactly and precisely how it works. In a common law legal system like the UK everything is legal until it suddenly isn't because some act of legislation makes it so. There is no constitution to restrict what legislation the government may choose to enact. There is a body of EU law that has some bearing but much that is relevant here (e.g. Convention of Human Rights) either comes with or was enacted into UK law with 'except because crime or national security, think of the children' tagged onto every clause.
Over just the last few decades UK governments have banned all manner of things, all of which were things people were doing every day. Hunting, smoking, various types of porn and 'legal highs' are some that immediately come to mind, but there are plenty more.
You are responsible for protecting your family. That may mean you have to sell your home. Do you rather want to do that or sacrifice your families freedom?
Is that a fact? Or is it learned behavior? This sort of lazy, defeatist appeal to some rigid notion of human nature is a pernicious refrain in any discussion about real change.
The only thing you can say for sure about humans is that we possess a capacity for change and adaptation whose bounds have yet to be identified. But if you want to live in a box, then that's what you'll get.
If your home is under physical attack, you abandon your home as a refugee. Maybe some developers feel strongly enough to do the same when their livelihoods are under ideological attack.
The UK is fairly close to crossing a line which would require me to either stop working (and do everything under the radar), or leave the country.
It sounds like the US might be doing a similar thing soon.
What happens if all of the (semi-competent) developers suddenly either refuse to work or simply can't?
The whole situation is truly bonkers to me - there is no debate to be had at all. If you ban secure encryption I cannot stay in your country any more - it is the last warning sign I will accept, if I wait too much longer the borders will close before me.
It represents my elected government telling me that I cannot do a thing which I do every single day without fail. It's as if someone turns around and says to my grandmother 'knitting is banned'. That just isn't how it works.