> No, David. If I were in the job now, I would have simply told the FBI to call Fort Meade, the headquarters of the National Security Agency, and NSA would have solved this problem for them. They're not as interested in solving the problem as they are in getting a legal precedent.
That's quite the quote, especially given his history of employment.
The weirdest thing about this whole cell-phone saga to me is that the perps are dead, did not appear to be part of some organized group and that very little could be done to them that hasn't been done already based on evidence found on the phone.
Then there is the bit that a lot of the information that is on the phone is also already in the log files of the carriers. It's as if that phone somehow magically is going to yield an entirely new class of information that may not even exist in the first place.
To me it has been evident from day one that this is not about this phone or the data that's on it but just about the legal precedent, getting it in black-and-white from the former head of counter terrorism is quite an indictment of his successors.
And IIRC the phone in question is the perp's work phone, they also had personal phones which they destroyed, so the perps themselves knew phones could hold valuable data but saw no value in the the phone the FBI wants unlocked.
I imagine there's a Venn diagram of overlap between what a nutjob thinks is worth hiding and what would be of interest to law enforcement organisations. For example I doubt many of these extremists would both trying to hide information that could be used for psychological profiling of future attackers
The psychological profiling of future attackers has nothing to do with getting away with this push to access that particular phone. That's simply not even on the radar at this point, the FBI would be laughed out of any court they went to if they presented that as the reason why they want access. Their fig-leaf is that the phone may contain valuable information regarding this particular crime.
> the perps are dead, did not appear to be part of some organized group
A reasonable reason for inquiry here is to actually try to make sure if they were part of some organized group. "Appear not to be" is not quite enough.
This is a valid reason to investigate even if they are dead. How did they get radicalized, etc.
Not that it is a good enough reason to enforce breaking of encryption in the way proposed, but in a murder inquiry, privacy of the perps has to give way.
A reasonable reason for inquiry here is to actually try to make sure if they were part of some organized group. "Appear not to be" is not quite enough.
For a country that kills based on metadata[1], it seems quite far-fetched that they couldn't map out potentially interesting connections using just metadata.
Also, it would be pretty dumb to put any revealing data on a work phone with iCloud backups enabled (which is just not accessible due to the FBI's mistakes).
At any rate, this discussion is quite besides the point. Permitting this phone to be unlocked (or the hundred or so other phones mentioned) will open the floodgates for questionable regimes and a hunt for Apple's private key (more automation to handle requests will reduce security).
If this was really about the privacy of the perps; an NSL would've been enough and we'd never know about it. This is about setting precedent, and as publicly as possible.
If the feds get their way the entire idea of encryption is weakened, and not just for the lawful citizens. I suspect the reason for having this battle so publicly is propaganda based, just as it was with Zimmermann in the 90's.
The legality of the NSL (which does not require oversight- the FBI can self-sign them) hinges on the idea that the persons on whom the information is being gathered have/had "no reasonable expectation" of privacy of the information.
That said, if these back doors were to be instituted, could the argument then be made that we now have "no reasonable expectation" of privacy of anything on our cell phones? Could this set a precedent of unholy proportions?
Absolutely, and as terrifying as that possibility is I personally think they didn't go the NSL route because Apple is big enough to finally prove or disprove the constitutionality of NSL's; even bring the process to mainstream attention. That's something the DOJ would never want to see happen, because then everyone can come out of the shadows and tell their story.
From other intel they know that he did not use his work phone much and saw no need to destroy it. He did destroy his private phone, so I think its quite clear that their is nothing on that phone.
I think its reasonable for the FBI to want to access it, but lets not have any illusions, the change that their is any evidence on the phone is basically 0%.
It has to be, because there is no perfect. Everything is a numbers game between ever-more unlikely hypothetical evidence that might yield a valuable unknown, and the cost of collecting it.
By such completist thinking, we should examine every image and video in the world because they might show up in the background of a birthday party video or vacation selfie, giving us another clue. Similarly, we should interview everyone in cities they've been known to be in...
But in reality, unlike in a game or a movie, there is no 100% complete. The phone isn't one of a finite list of clues to examine whereby you will know everything you need to know. By fixating on the phone, or any few issues, you miss the larger point.
There's very little likelihood of learning anything of value here, and are far richer leads elsewhere.
This is just our security industry grandstanding for more money.
There is no perfect, but I think that by ordinary police standards in any developed country, not trying to investigate this kind of perp's phones would be too imperfect. It would be sloppy police work and any police officer deciding not to try to inspect the phone would be vulnerable to accusations of misconduct.
That doesn't mean that I agree that Apple should be forced to break the encryption. It means the police really have a duty to investigate.
I'm not saying they shouldn't be interested... What if, instead of simply being locked, the phone was eaten by a pelican that flew out over the ocean and died. Gone. Should we dredge the ocean to find the phone? It's a duty to do so, right?
The FBI have tried, and failed. How much more should they dredge before we stop harping on about this one piece of potential evidence?
In this case they have the phone physically in hand so they feel blocked and powerless, but from a cost-benefit point of view it might as well be at the bottom of the ocean.
Doesn't their duty compel them to investigate the most-likely to payout leads, not play political games over high-profile issues?
Alas, FBI's chances of breaking the encryption here (with support conscripted from Apple) are far higher than finding that pelican. By many orders of magnitude.
Their chance of beating a confession out of someone is pretty high too.
And when you consider the chance of there being worthwhile, actionable, data months later after their failures, finding the pelican is the safe part of the bet.
From comments around the case, the government operates like any other black hat.
Which is to say they absolutely have vulnerabilities that work against certain versions of iOS, but probably not others. And the NSA likely has more than a few zero days, simply because it's a far cheaper way for them to do their job than any alternatives.
Just like with any piece of software, there is no "secret vulnerability that works all the time forever": it's discover, exploit, patch, repeat.
(Which, incidentally, is also the argument against key escrow schemes. Whereas it would be discover, exploit all devices that implement the key escrow code, wait until the government develops a new patch, wait until all device manufacturers incorporate the patch... repeat.)
No the weirdest thing is that Apple is standing up to the government. Isn't that just wrong? You, the people choose the government, so in effect Apple is standing up to the people of America and saying 'no'. If you the people didn't want the FBI to be bullish then choose a different government.
It feels to me (an outsider) that it's the government that is out of control and is not accountable to the people.
It seems like the country is 50-50 divided on this. But more importantly, individual liberty is more important than majority rule. When the founding fathers created this country, they cared deeply about individual liberty, and worried about a tyranny of the majority. Even if a super-majority wants to deprive an individual or a minority group of its rights, they should not be allowed to.
A free country's first commitment is to personal liberty, and only secondly to democracy.
No, it's to the Republic to make sure the ideals of true democracy take a secondary place to individual liberty for the very reason that true democracy can be tyrannical. That's why the Republic comes before the democracy.
No. That's what a republic is: the government is not above law, and it is possible to push back against it.
Let me quote this piece of an anarchist pamphlet: "Governments are instituted among Men, deriving their just powers from the consent of the governed" - this means, amongst other things, that the governed do have the option to say "this is not okay anymore, stop."
What you seem to be saying is "you have a right to choose, once, and then just shut up and deal with it, the govt can do anything it wishes in the meantime." You're describing a dictatorship - "the State is always Right, by definition".
"The people" do not have a unified will. There's always a pro-totalitarian faction in any society, and they tend to come to the front at times of percieved instability and threat. Part of the problem is that a significant fraction of voters support violence being used against people with unpopular opinions, minority religions, different skin colours, etc.
Apple is in many countries, with governments who'd all like this kind of access. If you give FBI the tools, you also have to accept Russia, China and the whole gang having access to your phone.
And then build that fence all along the border so that no world-version phones get in (see how well it worked for other illegal imports). Plus, you haven't solved the problem at all: you just say "okay, let's make only US phones vulnerable to foreign hacking." Should I enumerate why that's a bad thing?
The U.S. government is responsive to the people. But there's a lot of lag--decades in some cases.
The government is empowered to take action on behalf of the public. If it does something that people like, then great--keep doing it. If it does something that the public doesn't like, then there are multiple ways for the public to change how the government works.
What's happening right now is actually how it is supposed to work. Innovation results in new technology, the government tries what it thinks is best, and then there's a huge national public conversation about it.
This is the 2nd time we've had this particular conversation; the first was in the 1990s. And we'll keep on having it, basically forever. That's how government by the people works.
From among two choices, already bought by special interests, and already so habituated to our intelligence and law enforcement communities that they have zero scepticism about these kinds of travesties.
Its not 'the government' that is doing anything, its the FBI wanting to open one specific phone based on a legal construct that does not apply. Any person has the right to challange a legal order.
The founders and many other people have worked hard to creat a system that protects the people from government action. For this reason they implented and evolved a legal system.
Before you comment, please consider whether you'd prefer to vent your frustration in online message boards with like-minded people, or spend that potential energy in other ways:
"What you can do about it:
-- You can contact the Obama White House online to comment on strong encryption.
-- You can specifically contact Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) to express concerns about their bill intended to force companies to weaken or work around encryption under court orders.
"Strong encryption is a cornerstone of freedom of the press, privacy, health care, banking, and commerce to name a few only a few of our national interests. Any erosion to this bedrock of modern society harms us all. Once back doors exist they cannot be kept secret. To quote a common adage, "security by obscurity is not security". Similarly, outlawing strong crypto technology only keeps it out of the hands of law abiding American citizens and companies. Since encryption is based on mathematical concepts that once understood can be somewhat trivially implemented in code, it is impossible to put back in pandora's box. The US government cannot stop foreign nationals from writing crypto software or publishing math papers. Harming cryptography in the name of security would simply serve undermine our own economic and civil interests, while doing nothing to stop "terror.""
Make your own country less corrupt, more free, and better for the economically-worst-off, so that your own entrepreneurs may eventually overtake the authoritarian superpowers?
Make your own country independent of deep-state interlocking intelligence services. Part of the problem is that the US will set the tone for dozens of countries where it has cultivated linkages that often override the will of the people.
Not that I disagree with this, but how is this supposed to help entrepreneurs? If anything, it will just increase the tax burden of running a business.
If you do stuff like building infrastructure, creating efficient health care systems (because you can do stuff for all the people lowering the price and having a bigger positive effect on overall health) you actually make it better for startups, cause they can use the infrastructure, need to pay lower wages (because health care and infrastructure are cheaper/taken care of).
If you use tax money on education you also have a positive effect for both startups and poor people.
You also even out the divide between new and and established companies, established companies having non innovative advantages, such as brand names, maybe their own "infrastructure". So you even get rid of companies that try to keep status quo and have innovation stall.
The sad thing is that currently some governments/parties/politicians create inhuman, even counter productive productive competition between humans while at the same time have companies be cartels and monopolies and more importantly create counter productive anti-competition laws such as intellectual property, to a degree really awful patent systems, brand protection stuff, etc.
It's kind of destructive in regards of innovation and progress.
You can't create wealth out of thin air. The government can't make people un-broke without someone else paying for it. Either you're losing money to taxes or some of your customer base is losing to taxes. Either way, no benefit (unless your company targets the poor in particular).
Ok, that's fair, there are several mechanisms (increased resource extraction, new tech, etc.) that can create wealth. However, taking money from one group and giving it to another does not create wealth. There is also an administrative overhead associated with such mechanisms, which could have been put towards more productive activities.
I'm wondering how myopia is going to help anything, including running a business.
EDIT:
I find it somewhat irritating that this needs to be stated, but helping the economically disadvantaged doesn't mean just raising taxes and giving everyone a welfare check. The narrative has been so well framed.
It could (and should IMO) mean creating a more just economic system while providing a real safety net. Ultimately, this would involve people being educated and able to obtain jobs that pay a decent wage.
There's some tax money involved in that, but I don't think we necessarily need to _raise_ taxes. Perhaps we just need to reallocate a bit from the war chest.
>PRESIDENT BARACK OBAMA: If, technologically, it is possible to make an impenetrable device or system where the encryption is so strong that there's no key - there's no door at all - then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?
It's so disappointing to me to hear a quote like that from the President.
Turn it around: when all communications are compromised to the FBI, how can anyone do any politics that is considered the slightest bit fringe?
Always remember that the FBI was against the civil rights movement and MLK. And consider that one of the leading presidential candidates is getting into the habit of inciting violence: http://talkingpointsmemo.com/edblog/the-rage-and-the-derp--2
Actually, either far left or far right lean control freak.
Hitler and his Fascist ally, Mussolini, were both far-right contol freaks. Josef Stalin and his predecessors were far left control freaks.
People in power like control, contrary to what they might say. Power corrupts, absolute power corrupts absolutely. People want to be elected because of their egos. Full stop. There is no other reason. No one does it because "they love America". They want to latch onto the gravy train and collect a check all the while dictating terms and or furthering an agenda. It's patently obvious to all.
I think the axes that the political compass (authoritarian-libertarian and economic left/economic right has are, while imperfect, a better way to think about it.
To that statement I'd immediately ask, "what did we do before there were smartphones? Did we not investigate crimes? Can't we do that now?"
Criminals have always tried to hide their activities and keep secrets. Sure with strong encryption maybe some information is hard to search, but that was always the case. (Did they ever find Jimmy Hoffa's body?)
I mostly agree with the idea that we have a lot more to lose by inserting backdoors than we would ever gain.
It's also a horribly counter-productive argument. This is obviously a politically charged subject, but let's try to be rational for a moment.
It seems likely that by far the most prolific creators of child pornography today are... children. What today's parent and grandparent generations used to do in relative privacy behind the metaphorical bike shed, surely today's teenagers are doing with their phones and laptops, perhaps unaware of how insecure and non-private their communications might be.
There are all sorts of difficult ethical questions about how that kind of behaviour should in itself be treated in law, but let's ignore those for now. In any case, if kids are carrying around that kind of material or sending it to each other, surely the best way to protect them is to make sure it stays as private as it should be? That means making everything as secure and safely encrypted as possible. Arguing for weaknesses in encryption or creating backdoor vulnerabilities has exactly the opposite effect.
While I agree that privacy and secure communications are the best means to protect kids in the first world, there are still enough horrible people in the world who rape children and take pictures, as well, there is child sex trafficking. We shouldn't forget that these things exist and reduce child porn to snapchat and selfies.
The availability of strong encryption does not enable or disable child rape or human trafficking. This will happen behind traditional closed doors and guarded with guns and/or money unless other aspects of society and human nature change.
We shouldn't forget that these things exist and reduce child porn to snapchat and selfies.
No, of course we shouldn't. There really are bad people in the world, and some of them really do do very evil things, and there really are good reasons to have police and security services, and they really do need reasonable powers to enable them to do their jobs and deal with the bad people.
But what we should do is keep these things in perspective and ideally set public policy based on evidence and rational arguments. Creating security loopholes that might help the authorities to find and stop a small number of genuinely evil people but might also create millions of new vulnerabilities to be targeted by other evil people (or even the same ones) isn't necessarily a good trade-off.
> there are still enough horrible people in the world who [emotion instead of substance]
What's the evidence that we need [abusive bill of the day] to fix that?
Why do we think the potential harm averted is greater than the harm we know comes from overreaching laws and abusive governments?
Human trafficking at all, sex or otherwise, is horrible, common, and relatively easily stopped without new laws - at least for the victims of the moment - so go spend time and effort helping rather than beating the panic drum as you are now.
I think you're reading a little more into my comment than was there. I didn't agree with what the parent comment said about child porn. I'm very much in favor of secure communication channels and privacy.
If certain tales of the dark net are to be believed, it has enabled an unprecedented level of communication between abusers of children. Seems like an obvious "con" of widely-available secure communication.
If you believe the "pros" outweigh it, say so, but don't pretend it isn't relevant.
Because it is an argument that people fall back on when rational arguments are failing.
In addition, the "child pornography" that people want to use as justification is REALLY RARE. The biggest kiddie porn bust in the history of the US was Operation Delego which had 600 members worldwide. Most of whom were busted with good, old fashioned police work.
Now, let's talk about the common "child pornography"--Suzie has naked selfies on her phone. Do you really think that Johnny won't go to a dodgy Chinese site to get the iPhone crack to let him see those?
Because the story is essentially a lie. The numbers, and the financial complicity, and the crypto-capabilities. There's no pedo-mafia.
Also that and there are so many more successful ways to catch molestation that we aren't taking.
It's not that molestation and exploitation isn't bad, but when you see someone ranting about it you can be pretty sure they're just doing it to push a political goal. It's an obvious call for censorship and more agency funding.
If the list of relevant things could only be five-thousand items long, this wouldn't even be on it.
And then we get to the cons, many of which are potentially Orwellian.
The creation of it certainly remains illegal, and its existence is a violation of individuals right to privacy (these images are never taken with consent, because the victims cannot consent). In the same way you could consider it a violation of your privacy for someone you do not want there taking your picture in private, child porn violates the same principle.
So child porn can be perfectly illegal without having an explicit law saying "Child Porn is illegal". Its creation violates so many fundamentals and its distribution violates a subset of those.
But the reason for the illegality is as important as the legality in the first place. Some of the most horrible nations commit acts we deem moral in consequence but often do them for still vile reasons (ie, you don't execute the mafia boss for rampant murder and robbery, but because hes threatening your own power).
The thing is: if encryption is illegal and you encrypt your illegal material so law enforcement can't convict you for it, they can still convict you for using encryption.
Which is such a great idea, because proper encryption is undistinguishable from random data: so, if you have a drive, any drive, good luck convincing anyone that it does not contain any encrypted content, and that whatever is in the empty sectors is just garbage. Guilty until proven innocent.
This is not even about deniable encryption (which is apparently a part of the threat model?): this is a nightstick to beat anybody who's inconvenient in any minor way. "Prove to me that your song collection contains no secret message, else you're guilty." There's no way to do that! For anything I could come up with, the universal response "well maybe it's hidden even better" holds.
In other words, introducing "guilty until proven otherwise" introduces witch-trials pretty much by definition: if she floats, she's a witch (so far, so good; yay it works); if she drowns (or dies in notprisonnosirnotatall after years of not confessing nonexistent secrets), she was innocent. Of course, there is absolutely no way this might be abused, and certainly not for personal vengeance.
Imagine if he had said "If it is possible to make an impenetrable safebox so strong that there's no key - there's no door at all - then how do we apprehend the money or gold inside it? How do we save the economy?"
That is the next frontier. A backdoor into your bank account. There is already precedent inside and outside the US.
The irony here is that we are arguing about encryption options being included (not enabled) by default. Any criminal with half a brain will be able to find a wide selection of free 3rd party encryption tools. Undermining default encryption mostly just weakens the security of average, every day, law abiding citizens.
What if the terrorist or pedo has things in his mind, that means all people's minds should be monitored at all times... Otherwise there is a chance that they might think thoughts to do evil things and then they might carry them out. I uhh want to emphasize that we should think of the uhh children.
To answer his question, we don't. I am so sick of them using this as a justification for stripping away all rights that I'm ready to apply first amendment protections to all digital data to stop this Trojan horse.
Yes, there are bad people doing bad things. But we are enabling much worse people to do much worse things trying to stop the bad people (also, if you make it so the low handing fruit of people who only possess digital data can no longer be used to score political points and to give the appearance of helping, it could force law enforcement to dedicate even more resources to the producers, thus being a win for both freedom and for the innocents needing protection).
Disappointing with regards to the rest of his track records? re: Guantanamo, reining in Wall Street, cracking down on whistleblowers, widespread use of drones to perform extra-judicial assassination?
If after 8 years you still think Obama is the Nobel peace prize wielding progressive philanthropist you've been fooled into thinking he is, joke's on you tbh.
Parent comment expresses incredulity at Obama's comment on the topic being discussed in the thread.
I point out said comment is perfectly in line with the policies implemented by Obama and his administration during his two terms and OP's incredulity is unwarranted.
Not sure how that's OT or inappropriate but furry muff, HN works in mysterious ways.
You would be better off having picked examples that are closer to the topic at hand.
Such as the fact that he voted for retroactive telecom immunity as a senator, supported increases in NSA surveillance as a President, and certainly signed off on the extraordinary measures taken to try and apprehend Snowden.
His stance on surveillance is clear. He has strongly supported it since 2008. (Before he was the Democratic nominee he spoke out against it.)
Fuck HN Moderation. HN mods support government fascists, and absolutely accept the statui quo, will bury Snowden news, and allow government shills to post. Fuck HN mods.
So how DO you disrupt criminal plots, then? Do you allow people to conspire to commit crimes?
You're going to find, that once you think it through, that you'll end up limiting the rights and freedoms of individuals... there's no getting around that.
Life sucks that way. People were never their own little countries. I just feel sorry for the middle-class suckers that thought they had freedom. Poor guys - they never figured out they were the tools of the wealthy and powerful telling them they had freedom, in order to make them work harder against the lower-class.
> So how DO you disrupt criminal plots, then? Do you allow people to conspire to commit crimes?
Suppose they meet in person to conspire. Would you suggest having every citizen carry un-blockeable microphones just in case?
This is not a "my freedom to swing my fist ends where your nose begins" kinda issue, this is "are we willing to build a police state if it reduced the risk of certain crimes by X%? Even at the cost of creating entry points into all of our communications that can be exploited by unauthorized and misauthorized actors alike..." issue. The ability to retrieve past conversations about conspiracies is a new capability here, not the ability to keep past private conversations secret (that was never as hard in pre-internet/pre-electronic times).
The interviewer in the article says:
"GREENE: But can you just explain why you would compare, you know, a company helping the government design a way to unlock an iPhone to something extreme as torture and ankle bracelets? I mean, that sounds like a very extreme jump."
But actually, an ankle bracelet that reports your location and audio might actually be less invasive of your private conversations in today's world that reporting the contents of your phone.
>But actually, an ankle bracelet that reports your location and audio might actually be less invasive of your private conversations in today's world that reporting the contents of your phone.
Not at all. I have the choice to carry / use a phone.
Today you do. This may not be the case in the future.
We have no idea what the political and technical landscapes will look like in 5, 15, or 25 years. It is not inconceivable that your governmental identification "card" will morph from the plastic of today into an embedded device in the phones of tomorrow.
In an argument about a literal "backdoor" - an entry in every person's house - you could also argue that people choose to live in houses instead of under the stars.
You suspect someone of a crime, get a little evidence, get a warrant, then surveil them. If they are using some difficult to monitor communication method you have to get creative. There's good reasons the system developed to be that way.
People TALK about killing far more than ever seriosuly think about or have the personality to actually do. Bad humour, frustration at work or with partner, or even how to make a bomb or commit a terrorist act (oh al quaida are stupid because, it would make more sense to do x, y then z) can all be topics of conversation amongst law abiding people after a few beers.
So are we happy to move the bar to innocent until silly enough to have discussed robbing a bank? Innocent until found to have mentioned the current taboo issue? Plenty of people have found out the hard way that the TSA, Twitter and airports aren't a great mix for jokes.
I say again, there's good reasons the system sought the evidence first, not retrospective police fishing expeditions.
"It is better that ten guilty persons escape than that one innocent suffer". Sir William Blackstone 1765.
I see nothing in the new technologies to fault or change those priciples. The only thing that has changed is scale.
That's the thing though: the government has been snooping without a court order for a while. Now they are saying "Oh, no, we'd totally only do this with a warrant or court order. Trust us!"
> Do you allow people to conspire to commit crimes?
What's wrong with conspiring to commit crimes? Also, I would imagine that the US First Ammendment explicitly (if I understand Brandenburg v. Ohio correctly) protects such speech, as long as it doesn't result in "imminent lawless action". So it's OK to conspire to commit crimes, as long as you don't actually commit them.
Edit: Reading Wikipedia [1], it looks that mere conspiracy is not enough for a conviction, but an "act in furtherance to committing the crime" is necessary.
Yes, that's exactly what you do. I would much rather we let a few (more) crimes get through here and there. Weakening privacy for everyone isn't worth it.
If you believe in the concept of natural rights, then it doesn't matter what polls show. Privacy is a fundamental human right, and neither government nor mob has any authority to impinge upon that right.
The reality is that security is also suffering when you weaken encryption. Do you want people to be able to track your children? Do you want criminals to know when you are home? Do you want stackers reading messages of their victims? Do you want rapist to know where you and your friends go camping?
These are just things outside the problem that their is a multibillion doller industry depending on encryption in the internet.
dead wrong. The majority of people do as you say, but the majority don't understand the balance. Security means protecting a few targets. Privacy means protecting the freedom of every single person.
With that kind of reasoning, you'll favor research for medicine against rare 100% lethal diseases instead of 20%-lethal cancer...
So how DO you disrupt criminal plots, then? Do you allow people to conspire to commit crimes?
Yeah
You're going to find, that once you think it through, that you'll end up limiting the rights and freedoms of individuals... there's no getting around that.
No, because in free societies you shouldn't have absolute security.
Life sucks that way. People aren't their own little countries.
Is this where you rip on Libertarians again and talk about "your army".
How to prevent crime, and what works? There is a long history behind that question, and even longer history of attempted strategies. Studies has asked why different nations has different crime rate, why it can change from decade to decade, or between cities in the same nation.
From that, there is also meta studies/books that has asked what the studies has shown. To take an example, the book freakonomics pointed out that out of all the crime reducing strategies, abortion laws has shown to be one of the best method. Unwanted children tend to have higher risk of being born with low social and economic status, which is then a strong predictor for crime. None of the other strategies that were looked on had any major effect on crime rate.
Then we have surveillance. Government studies has shown CCTV is effective to reduce vehicle crimes, but no evidence is found that it prevent violent crime. One study concluded that better illumination could be a cheap way of cutting illegal activity to the same degree as CCTVs.
Surveillance in stores and bank has shown a very unexpected result. It has proven useless in preventing robberies, and shoplifters are generally not bothered by them. However, studies has shown that employees accounts for 43% loss of revenue from shoplifting and that is reduced by surveilling. Banks was also one of the early adapters who noticed this.
Then we have studies such as the last month from Harvard, which said that the available information that police investigators has when investigate crime is increasing at a very fast rate. "The trajectory of technological development points to a future abundant in unencrypted data," the study said. Comparing today with the days before encryption, and today is much easier time for a police investigator.
How do the extreme majority of our citizens protect themselves from hackers and identity thieves if they can't have reliable private key encryption? It seems like you are focusing on solving a small segment of "criminal plots" by exposing many more of us to other "criminal plots".
The larger issue, by far, is whether we are a free people.
From the article:
CLARKE: No, the point I'm trying to make is there are
limits. And what this is is a case where the federal
government, using a 1789 law, is trying to compel speech.
And courts have ruled in the past, appropriately, that
the government cannot compel speech. What the FBI and the
Justice Department are trying to do is to make code
writers at Apple - to make them write code that they do
not want to write that will make their systems less
secure.
If the FBI gets its way in this case, forcing Apple employees to perform a service for the government, then it sets the precedent for the government to compel anyone to do anything the government wants. When you are forced to work for someone against your will, this is called slavery.
Of course the FBI used a terrorist attack to try and get what it's always wanted, and it will abuse the unlock power in the future if it gets it now, but judges could easily cite this case as a defense for the government to compel other action from the people.
Clarke makes it sound like there is court precedent against this compulsion, but that would be overturned if the FBI wins.
Indeed, encryption and privacy are very important, but our very liberty is more important.
This is way overblown. Yes, the government should not be able compel Apple to build back doors, but this isn't some kind of new precedent about compulsion. There are plenty of industries where the cost of doing business includes creating something to satisfy a regulatory requirement.
I believe that it is indeed a new precident about compulsion. If say, I want to make airplane parts I need to satisfy regulatory requirements. I know those requirements in advance, and can decide if I want to be a parts manufacturer or not. Lets say I instead decide to make drone parts for hobbyists because there's less regulation. Should the government be able to compel me to obtain an AS9100 cert so that they can bolt some of my hobby parts on a DHS operated drone? I would call that slavery. The FBI is attempting to compel Apple to do work that they never anticipated in order to comply with laws that do not yet exist.
It seems clear to me that if all the money we spent on fighting terrorism since 9/11 were instead spent on, say, reducing traffic fatalities, it would have saved a lot more people.
Well, it's all of a piece -- the prominence and attention terrorism and preventing it are given over all sorts of issues varied and sundry is completely disproportionate, whether that's shredding the Bill of Rights or lighting piles of money on fire to appease the terror gods.
I mean, it's "clear and obvious" to me, but since it's a major issue every campaign season and the risks presented by our old and crumbling infrastructure, global warming, and other menaces that don't make gruesome cell phone videos is not most people don't seem to have noticed.
320,000 people dead due to traffic fatalities over 10 years.
vs
350 people dead in terrorism over 10 years
It's:
320,000 people dead due to traffic fatalities over 10 years causing little political fallout.
vs
350 people dead in terrorism over 10 years plus a lot of political fallout for each event.
Bluntly, to shift the risk argument we'd either need to take politicans out of the decision making and give it to some independent fact-based body, or get the media and people in general far more riled up about car crashes.
I know right? It's almost as if the purpose of this whole farce wasn't actually to save lives and to protect our freedoms (for which they hate us). Wow, who'd have guessed...
I think Apple and all other tech companies that support it move as the FBI (or whoever controls the FBI) expected or wanted.
What was revealed a few years ago was the fact that big tech companies betrayed people's trust. So quite naturally they should attempt to regain that trust. Because if majority of people stop trusting tech companies and start using end-to-end encryption, use of encryption stops working as a signifier that indicates a higher likelihood that the user's doing something wrong. Thus it's crucial to keep ordinary people away from using encryption. In order to achieve this, it's important to make people trust big tech companies again.
In my opinion, this is what the writer of the plot of the dispute between the FBI and Apple thinks.
It's not the bill of needs. I was born with these rights. This is the danger of eroding the constitution, the arguments can be used against whatever issue you want. If we want it changed, do it the right way and pass an amendment. But please, protect the integrity of the most important document we have.
Sometime I wonder if the FBI and other security agencies lost perspectives or they know something that we don't.
Time and time again, their argumentation are not particularly persuasive.
I don't doubt the existence of terrorists, but it seems that they are more boogeymen rather than an actual threats.
And when it came down to it, the power of terrorists is to inspire fear, rather than kill people. They can change us because we felt the need to change.
For some reason, especially in the U.S., "leaders" have to appear strong. When there's no war going on, they have to start one. Terrorism is easy. There's really nobody to fight, but you get to fight them anyway. Politicians LOVE this.
Law enforcement loves it too. They get to trot it out as an excuse to lengthen their leashes.
Standard power play. There always needs to be an enemy to fight against to keep the population inline. After the Soviet Union collapsed it left a vacuum so we had to invent terrorism as the new threat. IMO anyone who is scared of a couple of inbred bible/koran thumping terrorists isn't fit to lead a country.
Other governments are definitely going to force manufacturers to make their phones unlockable or not for sale in their country.
China, Russia, Saudia Arabia, all forced Blackberry to turn over their encryption keys long ago.
US politicians should set an example and say we are NOT going to be like China and Russia and other repressive regimes and that when people's lives are literally on their phones, they have a reasonable right to privacy and protection from search and seizure, you know like in our constitution but ignored everyday.
Well the winds have changed on that stance, at least in Europe. I've seen a couple of leading politicians say something in the line of:
"If china can do it so can we"
concerning the Chinese firewall and blocking "unwanted" content on the web, which is scary.
If it happens, it'll become precedent, then all countries will want to do it.
The next logical step is to outlaw phones and devices that are incapable of breaking into. Then they'll make it so you need a license to employ cryptography.
It sounds crazy, but where we are right now would have sounded just as crazy 15 years ago.
> The next logical step is to outlaw phones and devices that are incapable of breaking into. Then they'll make it so you need a license to employ cryptography.
> It sounds crazy, but where we are right now would have sounded just as crazy 15 years ago.
Hardly. 15 years ago, the US were just barely past their encryption export ban, and we had yet to deal with the (still ongoing) fallout from it.
[0] although back then the US only tried to backdoor or ban strong encryption for the international market, not for the domestic one, for simplicity reasons the domestic versions of exported products often used "export-grade" (shit) encryption
I read the "we're back to the 90s again" articles. I think I would be careful not to overstate the case. I coded in the 90s. I did light crypto in the 90s. This isn't the 90s.
The world was so different then that the analogy wears thin. It was mostly client-server, the web was just taking off, and vast cloud server farms weren't even on the horizon. As you noted, the laws back then weren't for creating crypto -- it was for exporting it. At least in the states, we saw a healthy market for all sorts of new crypto tech: DES, AES, and RSA started in the 90s. (RSA became public in the 90s).
Note that I'm talking from the viewpoint of the average developer making applications. The business side, the international side, and the exporting mess? Yes, it's very similar. My comment was about changes Joe Dev is seeing now. The 90s was "write it, but only sell it locally", the 2020s are likely to be "don't write it unless you have permission", which is a completely different can of worms.
Agreed that the development community as a whole is still recovering from the 90s. The damage we're doing right now will take as long or longer to recover from, if we ever do.
> Note that I'm talking from the viewpoint of the average developer making applications. The business side, the international side, and the exporting mess? Yes, it's very similar. My comment was about changes Joe Dev is seeing now. The 90s was "write it, but only sell it locally", the 2020s are likely to be "don't write it unless you have permission", which is a completely different can of worms.
I'm not from the US, so there may be a difference if you're a solely a domestic US developer, but from outside the US the distinction is pretty much entirely academic.
The interesting thing is that Chinese officials sometimes make similar statements that say, "This is in line with what other countries around the world say and do." Submarine marketing worldwide. :)
"You know, we could, at the far extreme to make the FBI's job easier, put ankle bracelets on everybody so that we'd know where everybody was all the time. That's a ridiculous example, but my point is encryption and privacy are larger issues than fighting terrorism."
Ok so replace "ankle bracelets" with "GPS/cell triangulated device" and it's a ridiculous example because what, things that are already real aren't really "examples"?
I am surprised that a search for "math" only turned up one result in this thread, about car accidents vs terrorist victims.
Isn't it true that encryption legislation or policy is sort of irrelevant next to the very clear math that says encryption will always be ahead of decryption? Even in a (hopefully avoidable) dystopia where encryption is illegal, would that really stop technology companies from continuing to do what they've always done?
John Oliver has a great segment[1] where he notes that the majority of cheap, available encryption applications aren't even US-based, and so it becomes nigh-impossible for our (or any) government to stop any pedestrian from encrypting.
Yep. Cory Doctorow has talked about this: how the universe "makes it easy" to secure communications because mathematically, it's really easy to encrypt (verify that a number is prime) and really difficult to decrypt through hacking (factor a huge prime number).
And because of that, outlawing encryption is really outlawing math, which is ridiculous. Math is a universal API everyone has access to simply by existing. You can't outlaw math.
Do you have a link to that? Because I know a guy who really needs to counterpoint it. High-security engineer, Clive Robinson, always said security is about physics if you look at it down to the hardware. The physics try to connect things in ways you didn't see coming. That allows unauthorized communications. The physics also try to corrupt the operation of your chips. That compromises computational security mechanisms. Even encryption algorithms had tons of problems when they were implemented to the point that it takes pro's with years of experience to implement them with any assurance. Those are often broken later.
So, if Doctorow said that, he couldn't be further from the truth. The universe seems to do everything it can to make security difficult via physics itself. Throw in economics and biology (evolving malicious attackers) to top the argument off.
Security != encryption in every case. What you're describing is actually also what makes encryption stronger/easier than decryption:
A priori there's only 1 correct plaintext, while there are limitless chipertexts of any given plain text (assuming arbitrary IV lengths and key). You can't change that and this is basically what makes encryption so much stronger than decryption.
Only two sentences were about encryption. The others mainly covered the foundations, like kernels or MMU's, encryption depends on or can be bypassed with. You should look up TEMPEST Level 1 safes, PC's, peripherals, and rooms. That's just EMSEC part tgat requires all thst because physics fights us. Then, look up NSA Type 1 hardware and physical separation with Red/Black model to see how you start on endpoints. Rad-hard and fault-tolerant circuitry too where you'll see probabilities instead of certainties.
Add it all up to say that, outside a few products, your security mechanisms from CPU go crypto arent secure. Physics and intrinsic complexity work together to ensure this. Systems fighting all of it have less features, are heavy, more manual steps, less battery life, and cost several times more. Economics takes over there where physics leaves off.
"A priori there's only 1 correct plaintext, while there are limitless chipertexts of any given plain text (assuming arbitrary IV lengths and key)."
A priori there's electrical signals going through analog and digital circuitry that implements a form of it with malicious hardware, software, or networks connected to it. There's tons of ways to intercept or leak those secrets. These are not in the formal model of crypto. Once included, the picture changes considerably and leans my way.
Except of course I can create an unbreakable encryption with two pieces of paper and a pencil by constructing a one-time pad. And that encryption has nothing to do with computers except for the fact that doing encryption by hand would take ages these days and we therefore choose to delegate it.
The fact that our computers are too unreliable to be trusted with encryption does not mean that the universe does not favour encryption.
Unless you constantly keep inventing malicous hardware or hidden 'observers' in the paper and pencil scenario there's no way you can say that decryption is easier than decryption.
I saw that counter coming. A little bit different, better argument. Several things in here. So, let's look at them.
re paper encryption
That was defeated regularly in the Cold War in a number of ways. Easy or not, the mathematical proof didn't translate directly into the real world due to human issues and physical ones like intercept or observation. FBI's crypo unit has been defeating custom pencil and paper ciphers of criminals for a long time, too. So, we can say the best, provable encryption makes the job more difficult if no observation of the act of encryption, KEYMAT, or decryption take place. That's a lot more limited than mathematicians pronouncements imply. ;)
re universe
"universe does not favor encryption"
Oh, I think it doesn't. For one, encryption only happened one time in known universe that we know of. When it did, it screwed up more often than it worked. Then, even the best forms are defeated by stuff above thanks to other properties of the universe. Universe seems to favor plain text to me. Its own codes are plain to observe, too. Obfuscated at worst.
re computers
That was a nice dismissal but computers are the whole point, right? We talk encryption that we're going to use on a computer most likely. Then someone says some stuff like how we can trust the math. Then I have to point out we run electrical impulses representing machine instructions, not math. Then the conversation drifts to pencil and paper or arcane stuff.
At least you admitted we can't trust the math on a computer because it doesn't represent what it does. Often not on pencil and paper either or in speech if under surveillance. So, we can't trust the math at all. It's always math + all kinds of circumstances and methods. Even then, we can only trust it with probability C as in odds of Compromise.
Encryption and privacy are what make this reality work. You think you are you. I think I am me. This reality's ability to keep those separate is a privacy feature. From a Buddhist's perspective our understanding (Dharma) is that we are, on some level, all the same entity.
One of the early sutras put it this way:
> "Discrimination is consciousness. Nondiscrimination is wisdom. Clinging to consciousness will bring disgrace but clinging to wisdom will bring purity. Disgrace leads to birth and death but purity leads to Nirvana."
Encryption gives the means by which we can enable privacy between ourselves, or what we think of as self. If we enable complete privacy from all others, we drop into a self-world. If we disable privacy, and join all the others disabling privacy, we drop into an isolated type of Nirvana, with the implication everything becomes quite boring. I have compared this in the past to the observed push and pull of public and private cloud business models.
One solution may come via virtual realities where we can arrive at consensus in a fair and measured way without centralized control. It is my belief that immutable data structures backed by encryption, such as a blockchain, are the path out of this mess.
How easy is it to be part of society without a phone? The way people communicate, organize, meet, is all via these devices.
Yes, whether to have these devices is technically a choice, but when the social cost of choosing not to have one is so high, the choice is made for you.
Dont be so dramatic. You can have a phone and leave it at home if your gone do something where you don't want to get tracket. Thats just the most simple option. Its not a binary choice.
For people on Hacker News? Easy as shit. You have employable skills and Internet access. Life will be strictly better than it was when you didn't have a smartphone fifteen years ago.
It is fairly easy. I have a fairly dumb feature-phone I almost always leave at home unless I want to be reachable away from home. During work hours I work on a computer connected to the Internet, and can be reached quite reliably via e-mail, or via my employer's office phone.
You do need a mobile phone these days because (in The Netherlands) the government requires SMS authentication for some services, but I don't feel the need to own and carry a smart phone with me all the time.
The Apple situation annoys me because it's no longer about the web. It's about breaking crypto on a device which is vendor-locked. The same thing as breaking homegrown crypto, or DVD crypto; easy and trivial. The fact that Apple doesn't use ephemeral keys and can't simply throw away the key in the event of an incident is worrisome enough.
Real crypto needs to be more compartmented than that. A bank is not secure because of the massive door - it's safe because it would take a thief weeks to empty every safety deposit box.
It's also made even safer when the key is (more or less) thrown away for periods of time and nobody can get it. Even with manual over-ride. Literally somebody could be dying inside the safe and nobody could save them.
In properly implemented crypto nobody should hear you scream.
The hole concept of end to end encryption works far better if the ends are actually secure. We use end to end encryption to protect our communucation one the move and our endpoint are protected with secure hardware.
Weakening end point security is certantly not as bad as going after tls (for example) but its still a vital piece of our trust chain.
And the smartphone will grow in importance as an authentification factor and that makes it even more vital.
I just had a thought: what happens if Apple complies with the order (say they lose the legal battle or something), but individual employees refuse to build the software? I think the verdict is out on whether or not Apple, a corporation, can be compelled to do this, but what if they can't find anyone to do it?
Just thinking it _should_ be much harder to compel individuals to do something like this than it is to compel a corporation.
Ha! Folks will line up to do the job. I've refused to violate federal regulations (re wireless devices, bands and transmission rules) as a contractor and had the regular employees jump right in and volunteer for the job. At a Midwest manufacturer in a liberal (college) town.
Not actually interested in if people are willing to do ethically questionable engineering work; I'm interested in whether or not the government can compel them to do so.
That's quite the quote, especially given his history of employment.
The weirdest thing about this whole cell-phone saga to me is that the perps are dead, did not appear to be part of some organized group and that very little could be done to them that hasn't been done already based on evidence found on the phone.
Then there is the bit that a lot of the information that is on the phone is also already in the log files of the carriers. It's as if that phone somehow magically is going to yield an entirely new class of information that may not even exist in the first place.
To me it has been evident from day one that this is not about this phone or the data that's on it but just about the legal precedent, getting it in black-and-white from the former head of counter terrorism is quite an indictment of his successors.