In 1977 the Institute of Electrical and Electronics
Engineers (IEEE) scheduled a symposium at which several
important papers on cryptography were to be presented.
Research had established a basis for developing powerful
new encryption schemes, using fundamental concepts of
computer science, and examples of these schemes were
included in the papers. Prior to the symposium, however, a
letter arrived at IEEE headquarters warning that the
presentations might subject the authors and the IEEE to
prosecution under the Arms Export Control Act of 1976. The
letter was signed by an IEEE member, Joseph Meyer, who gave
only his home address, but who turned out to be an employee
of the National Security Agency (NSA).
40 years later, we still repeat the same arguments and make the same mistakes.
This shouldn't be too big of a surprise. Our current politicians views of the world were largely molded by the people in office when the Arms Export Control Act was voted in.
It would be interesting to see a visualization of our political "family tree". For example, Rep George Miller from California was in office from 1975-2014. Who worked for him over those years, where are they now? Or flip it around, who did our current pols work/mentor under?
Keith Sebelius was a rep for KS in 1976. Father-in-law of Kathleen Sebelius. No direct ties to the 1976 bill, but that isn't the point I'm making. Nepotism and family ties run deep.
Rep Paul Tsongas voted Yea for the bill in 1976. His widow is now a Rep for California.
Rep John Conyers is the longest serving member of the house, having been elected in 1965.
Senator Trent Lott retired in 2007. Was elected to House in 1973.
Senator Chuck Grassley elected to House in 1975.
Recently retired Senator Tom Harkin elected to house in 1975.
Rep John T. Myers in office 1967 to 1997. His son-in-law takes over the seat 2001-2003.
Senator Paul Sarbanes served in the House from 1971-77 then moved over to Senate until 2007.
Rep Charles Rangel in office continuously since 1971.
Rep Norm Mineta server from 1975 to 1995, then went on to Sec of Commerce and Sec of Transportation.
Not all these people voted for the bill. Again, not the point. The point is, our system makes the same stupid decisions because it's a lot of the same stupid people.
The more I look at the govtrack.us page for this bill, the more names I recognize, the more I think "we really need to get away from politics being a legit `career` option."
> The more I look at the govtrack.us page for this bill, the more names I recognize, the more I think "we really need to get away from politics being a legit `career` option."
Which has been tried, and the extreme on the other end isn't pretty either. Strict term limits in California (prior to some revision in 2012) meant that Senators and Congresspeople were almost never around long enough to truly get involved and understand an issue. There was a lot of freshman lawmakers all trying to make their own mark, perpetually blind to the prior efforts.
The question really is how many years in congress, the senate, or both is too much, and how low of term limits is too low? If we can't find a happy middle ground (I honestly don't know), then maybe we need to step back and examine the question again, and decide whether there are some other levers and incentives and regulations we can use to our benefit.
Note: It's also worth looking at whether passing institutional attitude (knowledge?) as you described is actually a bad thing, or a natural correlation. If that district or state has a particular leaning, it could be that it's just natural that a similarly positioned person will be more likely to pick up the seat later.
The only long-term solution is to reduce the power and scope of the government. The Siren Song of power lures the worst types. If the federal government had vastly reduced power, then it would not attract these types of people, and making a career of it would be no more glamorous that sitting on city council for 20 years in a small town.
Term limits are a stop-gap measure. And let's say they go into effect. Well, the day after the term is up, the politician will step through the revolving door into the lobbying world, advising the new crop of term-limited representatives on how to "get things done."
I won't lie, that connection did come to mind as I wrote that. Especially since the submission regarding Javascript Fatigue[1] the other day which covered it quite a bit.
I think this might be mostly because Senators and Congresspeople are basically like the old aristocrats, each dragging behind them a train of assistants and policy analysts that are working directly for them, serving as the technocratic backstop to their policy decisions. A short-term congressman necessarily will have inexperienced employees (at least, inexperienced in the considerations of that particular district), and thus—even with the very good normative beliefs (the things that are "their stance")—they will have flawed positive beliefs (their knowledge of facts and research that can inform "their stance.")
If you could truly split congress from its technocratic base, such that each new member of the House or Senate is just "plugged in" to a long-lived technocratic base-infrastructure (in the same way the President is!) then we could achieve much shorter term-limits while still achieving high effectiveness.
We could achieve shorter term limits, but if the problem is persisting political opinions that may not represent the people, then it may make the problem worse. :/
Term limits are a band-aid, even at the Presidential level as far as I'm concerned. If someone is a shitty rep, then stop electing him, and likewise if he's a great rep then all term limits do is give you more chances to elect a shitty rep.
"Defendants appear to insist that the higher the utility value of speech the less like speech it is. An extension of that argument assumes that once language allows one to actually do something, like play music or make lasagne, the language is no longer speech. The logic of this proposition is dubious at best."
I love this - definitely not a side to the argument that I'd considered before, but I find it very compelling. Well written article all around.
"Speech" is not about the medium, it's about whether something is being communicated. Courts have long recognized that functional things can be speech. Clothes are functional, but fashion can be speech if the point of wearing it is to communicate an idea to other people. Of course, fashion (and code), can be not speech too. Code in the context of instructing a computer to perform encryption is not speech. But publishing that code to communicate to other people how to peform encryption is surely speech.
"code in the context of instructing a computer to perform encryption is not speech." the decision cited from 1999 by the appellate court specifically considered this and found the opposite. As long as your phrase "Code in the context of instructing..." means source code, then they disagreed wholeheartedly with you. They found that people in the encryption field universally used source code to convey ideas and to communicate. They argued that utility of something doesn't revoke it as speech, as the parent to your comment noted. They did not take into consideration CD's with object compiled code on them nor easily scannable papers, which they note are a dubious prospect to begin with--being limited by the same export restrictions.
What the appellate court held was that just because source code may be used to instruct a computer does not mean that it's not speech when used "to convey ideas and to communicate." That does not mean that source code is speech when used to instruct a computer. It means that source code isn't not speech just because sometimes you use it to instruct a computer. Logically, those are two very different statements.
The court wasn't saying that the government can't regulate what you can and cannot program a computer to do. It was saying that the government cannot restrict sharing of source code between people, which is often used to communicate ideas.
IANAL, but I think that argument about code-as-not-speech breaks down when you consider that this is code that, because of the digital signatures it includes, is intrinsically tied to Apple, and can be used to break any Apple phone. Perhaps a good analogy there would be that the FBI is asking Apple to write a speech that they disagree with, and then sign that speech, and then allow the FBI access to that speech, and the FBI is saying "don't worry, no one will see it, just us". And Apple is, quite rightly, saying "like hell, you can't even secure your personnel records - that speech is harmful to us and we will not be compelled to write it and sign it."
I think the argument that signing is an expressive act and thus protected is much stronger than the idea that the code for disabling the checks is speech and thus protected.
Just for the record, the FBI isn't saying "don't worry, no one will see it, just us." as they aren't requesting a copy of the signed code. They're just requesting that Apple use it to unlock the device.
So the FBI's ability to secure the code isn't currently relevant.
Considered in isolation, it isn't relevant. But the basis of this decision will serve as a precedent to get Apple to unlock a multitude of phones. And that's not Apple's business. Apple, or any other company, is not a branch of law enforcement, and cannot be conscripted to perform law enforcement's functions.
That's simply not true. Businesses of all stripes are conscripted all the time to gather data and turn it over to law enforcement. The government has very wide latitude in this area.
Gather data, which Apple already does and provides. Not write wholesale operating systems, sign them, and maintain them for only the government to use.
You make it sound like Apple is being asked to put a man on the moon. They're being asked to comment out a few lines of code and recompile. Apple's objections have nothing to do with the volume or difficulty of work.
That can easily be made to look ridiculous: Does it become speech again after I disassemble it to find out how it works? At what point wasn't it speech?
It's not speech if you're not communicating an idea with it. You build a sculpture out of bricks it's speech. You take it apart and build an outhouse, it's not speech. It's not the substance of the thing that makes it speech or not. It's whether a human is using it to communicate ideas with other humans.
AnthonyMouse has already clarified: It's the same information. My question, to which you are not responsive was: At what point does the same information magically become not speech? You are relying on perception, not on reality. It's always the same information. But it's easier to perceive it being a cog or lever inside a computer. But we all know that code is code. Compiled, decompiled, encrypted, compressed, translated, etc. It's all code all the time, and it's all speech all the time. You are bordering on some kind of Deepak Chopra-esque quantum mysticism that says humans must perceive speech in order for it to be speech.
> You are bordering on some kind of Deepak Chopra-esque quantum mysticism that says humans must perceive speech in order for it to be speech.
Speech is a thing humans do, not a characteristic of bits or bricks or black armbands. The First Amendment doesn't protect particular types of things. It protects communications between humans. If one human isn't using a thing to communicate to other humans, it's not speech.
> If one human isn't using a thing to communicate to other humans, it's not speech.
Imagine a coder refusing an order from the FBI to create a tool. She is refusing to translate her thoughts into code. What is that other than refusing an attempt to compel speech?
There is only one human in this picture. But the code an FBI order is attempting to extract from her brain is still speech.
> She is refusing to translate her thoughts into code.
You seem to be mixing up the standard for the fifth amendment and the first amendment. The fifth amendment says that the government can't compel you to testify against yourself, and that a physical action (like punching in a key code) can be testimonial if it involves accessing one's thoughts. The fifth amendment doesn't apply here because Apple is under no threat self-incrimination.
And "accessing your thoughts" is not the test under the first amendment. The test is whether the speaker is expressing an idea. Instructing a computer to do something is not expression, it's not communication with another human. It's a human acting on an inanimate object. The fact that the action involves accessing one's thoughts is irrelevant. E.g. the government can definitely compel a bank employee to punch in a key code to unlock a vault, even though that involves translating thoughts of the combination into a sequence of key presses.
NB: it's kind of interesting to be splitting hairs over what is and is not speech here. A court can compel you to come in and testify against someone, which is undoubtedly speech. Yet the power to compel testimony is one of the fundamental powers of a court, and has never been understood to be a violation of the first amendment.
You can be compelled to recite facts you may know, when there is some evidence that you know them. Not infrequently, witnesses claim not to have known, not to have a reliable account, or not being able to recall those facts.
This is substantially different from compelling coders to discover how to break their own secure implementation and implement a deliberately broken implementation. This is compelling a creative work, and a particularly perverse one.
Not trying to be pedantic, but doesn't an outhouse communicate messages? For instance "there's probably human waste here.", "Poop inside this rather than next to it" etc.
All of the points in this thread which indicate a distinction between what is and is not speech are all based on the legal precedents up until this point. The US legal system finds precedents valuable, but there's always an opportunity to find some new distinction or test.
SCOTUS can make special distinction for encryption because implementations in practice are both a tool with independent utility and communicate an idea.
If you take a sculpture apart then it no longer conveys the same information.
The code cryptographers use to communicate ideas is the same code the computer can execute. Are you contending that the same information is speech sometimes but not other times? What if the thing you're going to do with the information hasn't even been decided yet at the time of dissemination?
What's dubious about it? It's saying that "no, you can't just reframe an act to focus on the speech (communicative aspect) and automatically inherit free speech protections".
Example: "What? What's the problem? All I did was the send the signal 100100111011110[...] to my computer. I have the right to say '1', don't I? I have the right to say '0', yeah? So I must have the right to say '100100111011110[...]'. The fact that this triggered a destruction of the evidence on my hard drive is totally irrelevant, because we established I have the right to say '100100...', don't infringe on that, man."
Ah, but the point of free speech is not that you are shielded from the consequences of the action of your speech.
In your example, giving instructions that destroys evidence can certainly make you guilty of obstruction of justice or some other similar crime. But the point is, the government cannot either compel you to give those instructions, or compel you to not give them. They don't have the right to do that - at least not until they've convicted you of a crime that allows them to restrict your rights. If you're a free citizen, you can give whatever instructions to your computer you damn well please - and then face the consequences, which may be to make you a criminal.
What the government ends up arguing in the Apple case, is they want to make you work to figure out what a "10101..." is that will break your own products and make you say it (to the right phone... and then the next phone, and the next). This, they want to do, even though you have not committed any crime. That is the issue at stake.
As a free, lawful person you have the right to decide for yourself whether you're going to say something that you disagree with ethically and commercially. The FBI wants to take away your right to make that decision. They want, without even having legislated on the topic, to force you to say what they want you to say "because terrorists".
the court decision cited only took up source code, and not compiled object code, precisely because source code is meant to be read by humans. Also, the right to normal "spoken" speech can be abrogated when it is a call to immediate action, and it may not be a stretch that issuing a command to destroy evidence--a crime-- would be an unprotected communication towards immediate action.
With regard to publishing the encryption algorithm, the court found that he wasn't "refram[ing] an act to focus on speech" as you say but was engaging in the standard way that cryptologists communicate ideas: source code.
Exactly this makes me feel that turning Obama's "fetishizing our [smart]phones" comment back at his branch of government is plausible. The executive branch has fetishized the smartphone (and started paying it as much attention as a locked safe inside a locked house) - and therefore deserves as much protection as any other part of our private lives.
djb strikes me as the most lucid person on the planet.
His style extends to his software - he offered a bounty for a verifiable security hole in his qmail software in 1997 which still stands today. Nobody has ever found any security holes in qmail. https://cr.yp.to/qmail/guarantee.html
qmail is... specific. It does very little and does it in many different processes. That's kind of like putting a security guarantee on `cat`. In practice qmail on its own is not really usable these days (does it even compile without patches anymore?). The extensions to it are also not even standardised - it mainly happens by patching the source.
I'm not saying that software is bad, but the security guarantee is too restricted to be practical anymore.
But qmail was a revelation in 1996, and a solid choice for at least ten years, despite never reving past 1.03. Those ten years were pretty ugly in the network services security world. djb's bounty was a significant statement in a crazy era.
No one uses qmail any more. But it was used by everyone who ran serious mail servers for a long time. The guarantee was well-tested.
It is not coincidental that Postfix uses a very similar multiprocess model. That is how you encapsulate security domains. djb didn't invent it, but he shined the light for everyone who followed.
I agree it was very novel and useful. But in my mind it seats somewhere between a technology preview and a project. Most weird stuff happens to applications that get new features, get redesigned, get new aspects that weren't accounted for before.
You can cut out a lot of security issues by defining ahead of time what you're going to support, writing only that, and never doing anything else. New, small code rarely has terrible design flaws if there was a good plan ahead of time (and djb had an AWESOME plan) and you write it by yourself. Now if you live with a project for a long time, and actually maintain and extend it - that's would be even greater achievement. Postfix went in the similar direction as you mentioned and started around the time qmail got stable, but still lives.
Those are all great points. I think it's fair to say that djb built the reference model, and Wietse built the consumer product.
Relatedly, djb is an academic who releases code sometimes, and Wietse is a sponsored open source developer. Their methods are very different, but they've both made huge and complementary contributions.
The prosecutors argued that they were "hacking" the machines, and behaving illegally. That's ridiculous.
If Apple can be forced to falsely claim that any hacked software is "valid", then every single citizen of the USA can be forced to parrot the government line.
I don't think the OP falls into the trap that the above is pointing out, but it would be easy to take this argument and accidentally make it into an argument that does.
