> "Privacy, above all other things, including safety and freedom from terrorism, is not where we want to go," Steinbach said.
It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
>He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
You mean "Rubber Stamp Judicial Process"? Even if you didn't the mere fact that these backdoors (you can rename it all your want it's a BACKDOOR) exist make the whole system LESS secure. What a clown and this is the AD of the FBI's Counterterrorism Division??? Fuck....
There's nothing in the world that can provide "freedom from terrorism" which makes it even an even uglier lie. Even if it could, I'd still be against it though, because there are many ways to fight terrorism that don't involve sacrificing the freedom our ancestors bought with blood. The FBI needs leadership that understand how to operate within American principles.
Freedom from terrorism is only modern times bogyman. A hundred years ago, it was anarchists! 50 years ago, it was communists. In 50 years into the future, a new fooist will replace terrorists and the same fight will start all over again.
I think what society need is some government reforms that require lawmakers to do cost-benefit analyses with tests and proofs. If they want to ban encryption, they should be forced to provide evidence that it actually work, and that the cost to society is less than current methods to fight terrorism. It would also likely get rid of many current inefficient methods, like security theater at airports.
This. It boggles my mind how scared people are of terrorism, especially domestic terrorism. If you live in Pakistan, where suicide bombings happen all the time, I can understand being scared of terrorism. But in the US? Come on.
You know what I'm scared of? I have to drive two hours four days a week. I am much, much more likely to die in my car. Hell, I was more likely to die in my car while I was in the military. Most people know someone who either got injured or died in a car crash. It happens all the time. How many people know someone who died in a terrorist attack?
But we're surrendering our freedom for the latter, which is a ridiculous phantom bogeyman, while we vigorously defend our right to die on the roadways.
I was stuck in Boston airport for 6+ hours yesterday. The TVs at my gate were tuned to CNN endlessly discussing various terror topics, including some antagonist (Pamela Gellar) ranting.
That entire section of the airport (and I imagine many homes tuned to the same station) were absolutely saturated with a message of fear and us-vs-them. I think it's ridiculous, but I can easily see how for many people this is a pervasive issue. It might be the majority of the media they consume, in that they don't seek out much else or tune out the 24-hour media cycle or fearmongering or ratings attempts.
Even with high-profile, high-fear factor, violent events we're highly selective about what we freak out about. Last year a military installation shot down a commercial airplane, killing nearly 300 people. No military solution called for, no drastic measures taken, commercial flights are still flying over war zones today.
Why do we believe we should/could do something about all foreign and domestic crazy people (so called 'lone wolfs' like at Boston) and all crazy and motivated groups who hate the US because of our foreign policy in their region (and there are plenty of regions with negative perspectives) when we can't even prevent state actors from killing civilians?
NYC population is 8.4M. Auto fatality rate in U.S. is ~12/10,000/year since 2001. If NYC follows US, then ~10k die per year in auto accidents.
The term "loaded question" refers to questions which presume facts. For example, "why did you kill him?" Is loaded because it presumes that you did kill him. The question you are referring to is not loaded.
Yeah, similar experience here on 7/7 (although I fortuitously walked instead of getting the tube that day, I do know a bunch of people who were close). I wasn't far off the centre of Manchester when they did the Arndale either. All you can do, as you correctly point out, is shrug and carry on.
It may be a loaded question but his point stands, fear is not based on rationality or we would be spending tens of billions of dollars a year trying to prevent car accidents that is currently being spent "fighting terrorism".
The question I want to ask is, looking at the history of human society (especially in the 20th century), is it more reasonable to fear terrorists or totalitarian governments? Just in terms of absolute numbers of people killed, it seems that the latter wins by orders of magnitude [1,2,3,etc]. So assuming we want to prevent death and hardship (the precise reason this guy wants to restrict encryption), we should be focused on preventing the rise of totalitarianism. That means we should be extremely wary of all of this surveillance infrastructure that's springing up everywhere, and of any calls to make our communications even less secure than they already are. It's not that today's government is totalitarian or even has those tendencies, it's that we're making it easier for it to happen in the future, and that's a real danger in my opinion.
Proving a policy change's future effects is generally impossible. Congress does have panels of people who write reports on the possible/likely effects of legislation. Not sure how frequently they use them, though.
If we aren't willing to ban alcohol even though it is a major factor in many accidents, deaths, murders, domestic abuse cases, child abuse cases, and rapes... then why should we ban something that would help stop a far less dangerous problem?
Theyre tired of having to break laws to do their job. They want to spy on us and they want us to not only accept it but appreciate and like it. If you make it socially acceptable it will never be challenged again.
12 years ago the US government employed convicted felon Adm. John Poindexter to promote the "Total Information Awareness" program, which crashed and burned upon being revealed to the public, but as we've seen in the intervening years the government decided to just go ahead with it anyway.
They'll chisel away at the protection laws piece by piece until they get what they want. I sometimes feel that we're screwed no matter how hard we try to fight.
Roller coaster. Everythings a roller coaster. We will win for a few years, they will win for a few years, then back to us. You'll have long stretches where we win (golden age) and back to them winning for a long period (dark age), but it will always bounce back one way or the other.
All you can really do is try to increase the worth of what you leave behind to your future progeny so that in times of dark ages they are high in the council but remain moral, and in the golden ages they use science to create awesome things and ignore hysteria and FUD. Unfortunately too much shift one way or the other in a genealogy tree makes the family lazy or a war mongrel so it's hard to pull off.
They will try to chisel away at rights (with some success), but if you think about what they are up against, they will always be playing wack-a-mole.
No matter how good the surveillance teams are, they will never completely control humanity nor know everything at all times. They simply aren't capable of it.
In addition, the wants are limitless but their budgets are constrained by what they can reasonably appropriate. As they make it harder to do business (by introducing security holes or ruining trust) the amount they can appropriate becomes less.
In addition, they become buried by an ever increasing amount of information that their inefficiency can't handle. I have no doubt some of the best and brightest in the world work for for secret agencies. But operationally they are still bureaucracies. Thus, they have no shortage of lazy and stupid people... many of whom are in leadership positions. In fact I believe these pleas for unconstitutional shortcut tools are the pleas of lazy and unimaginative people. People who don't want to be found probably have much more reason to worry if the special pleading ever stops. Because at that point there may be truly more competent people running the program.
Maybe not. If there is a force as strong as parts of government, it's other parts of government. Intelligence community is its own kingdom, with its own goals, but other areas of government run on a four year cycle and depend on public support. So if people will want restrictions in surveillance badly enough, politicians' pathetic pandering to public opinion could create a very powerful counter force.
Privacy, in the context of the government, also means freedom to be left alone. I think that's quite an important freedom to have.
We really need to make stronger arguments for privacy. Too many people conflate real privacy (which I believe virtually nobody actually wants to give away, if they truly understand what giving it away means) with "sharing stuff on Facebook and Instagram".
One is an obvious choice, and the other (the government, or even companies through non-transparent trackers, knowing everything about you) is not, but is forced upon you.
>show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy
Wasn't FBI surveillance a thing during the Boston bombing? Since 9/11 have any attacks been prevented? If surveillance was a tool to prevent these attacks, why wasn't the surveillance authority (FBI) held directly responsible for the attacks?
Anyone who would advocate surveillance would first need to be criminally prosecuted for the Boston bombing because at the time they had the information and ignored it. With-holding information from the law about crime or potential crimes is illegal.
Surveillance was used, however, to identify and track the Boston Bombers, leading to death and capture, and parallel construction was used to create an unstoppable court case, leading to imprisonment and death sentencing.
But you are right - these tools are not used merely to detect and stop terrorist activity. It is also used to track and stop ideas, to give leads and to give extremely powerful intelligence to the FBI, CIA, DIA, NCTC, etc whenever it is needed for some purpose. To those in power these capabilities are extremely powerful.
The existence of these powers does not mean that they will be abused on a systematic level - though of course the potential is always there. One danger is that America's fight to remain relevant in a world that may be moving past it, it may turn ever more Fascistic. In this case, these are powers that would be extremely dangerous for the government to have.
But take a step back to think about this. As citizens we are worried about the use of these capabilities to thwart the public. They are so powerful and so complete that we fear being subjects of its application - viscerally.
To the extent that the good will and checks and balances have worked to keep the brunt of these capabilities aimed outside US borders there are people who do fear, and deserve to fear, the wrath of the US government - even those who might otherwise be innocents, bystanders, or casualties of the struggle for power.
My heart goes out to these people stuck in the middle and it beats faster at the thought of being one myself.
"Surveillance", if you count confiscated video footage from the crime scenes, may have been used to identify, but not to track.
Tamerlan died in a shootout after a police officer in Watertown noticed the stolen SUV and called it in. [edit: note there was some tracking of the hijacked SUV due to the owner's cooperation, but that's targeted tracking with cooperation, and not of the brothers themselves]
Tsarnaev was apprehended after an ordinary citizen noticed someone hiding on his boat and called it in.
The massive manhunt, whatever the intelligence apparatus contributed, the shutting down of Boston and suburbs... all accomplished pretty much nothing, other than conditioning people to get used to martial law, and an excuse to point guns at people[1] to cow them into submission.
And what evidence at trial was unlikely to have been available except by parallel construction? The defense strategy was to admit the acts but argue he was brainwashed by his brother and shouldn't receive a death sentence.
The hijacked ML350 was tracked, allegedly, but not with broad surveillance powers. They were able to track it after the driver escaped, because he cooperated, had left his iphone in the vehicle, and the vehicle had satellite navigation.
Actually, I like this strategy and it probably works. It's a good strategy against pirated software too. If 90% of terrorist suppliers are really cia entrappers, terrorists are going to have a hard time coordinating anything that requires resources beyond 1 person. Entrapment requires lying. And if you have ready decided to lie to your own people, may as well use its full evil power on the adversary.
If you're justifying your program by spending its resources trying to goad people with mental handicaps and other lowest common denominator people into committing terrorism, what have you accomplished?
Any organization with a degree of security, one a nation would consider an adversary, is aware of the dangers agents pose with infiltration.
Lots of attacks have been claimed to have been prevented, though in many cases when the details for several of them came out they were attacks that may have been discussed but weren't particularly likely to have been executed, and/or plots that were largely driven by government agents.
> It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
If they could show that, credible evidence would have presented by now. ;)
But in all seriousness, the 1st & 4th amendment protections are the most vital freedoms we have and they should not be abridged outside of a direct link to harm. [e.g. Things like child porn, words designed to incite violent harm, violent prisoners shouldn't have privacy ]
So you have to be rational about it but yeah, mass surveillance and reducing self-defense tools to protect ourselves against criminals isn't "rational" behavior.
Criminals are going to do illegal things and we have the right to protect ourselves. If it inconvenience the government? So be it. I'm not going to bend over for any criminal who wants access to my financial data "because Terrorism".
Similarly, banning tools of self-defense [e.g. encryption for financial data, access keys] are simply guaranteeing the criminals will be the only ones to possess them.
I'm aware alot of people will be like "what about the 2nd"??
Yeah, that provides no protection against the government since they'll always have the ability to drop bombs on you. When you can afford a F-16 and the ability to pilot it for "self defense" purposes, let me know.
Self-defense is an interesting approach to privacy.
So far, we've been treating encryption as a matter of privacy (Fourth Amendment). But since the U.S. government has historically treated encryption as a weapon, perhaps we could also argue that encryption is a matter of the Second Amendment. It would be really interesting to get the NRA, Rand Paul, and Bernie Sanders to speak out in favor of encryption at the same time...
Of course, the flip side of this approach is that it's much easier to support restrictions on the possession, use, and export of weapons. "Export-grade" ciphers are still causing issues 20 years later.
And just for the hell of it, let's throw in the (nearly-never cited) 3rd Amendment.
It "places restrictions on the quartering of soldiers in private homes without the owner's consent". This explicitly was to prevent citizens from having to bear the capital costs associated with the government's own decisions, but it also appears to have been borne out of a fear of having a government agent be able to observe one's most private affairs.
For better or worse, the 3rd amendment doesn't come with the precedents of the 2nd or 4th. There is an argument to be made that by having a General of the US Military capable of monitoring me while sitting on my couch (in a realistic scenario via my cell phone or Xbone), that the military is overstepping its constitutional bounds with respect to my privacy. This would not apply so much to the FBI, but it might eventually were precedent to be pushed in the correct direction.
The part about "prevent[ing] citizens from having to bear the capital costs associated with the government's own decisions" is also interesting.
It could mean that if the Feds want to make their own jobs easier by trespassing on the private property (laptops, phones, etc.) of citizens, they'll have to get the owner's permission first.
Now that we've successfully reinterpreted the 2nd, 3rd, and 4th Amendments to support privacy, why not the 1st Amendment? Would you like to join the Church of Privacy and accept Ed Snowden as your Lord and Savior? According to our Holy Book, in order to reach salvation, you must vigorously resist the Devil's attempts to spy on your life. Oh, and the 5th already gives you the right to refuse to divulge encryption keys, at least on some interpretations.
People who make that argument about the second amendment always seem to forget that the U.S. military has been getting its ass kicked for more than a decade now by people mostly armed with Toyota pickups, AK-47s and IEDs.
> People who make that argument about the second amendment always seem to forget that the U.S. military has been getting its ass kicked for more than a decade now by people mostly armed with Toyota pickups, AK-47s and IEDs.
People who make that argument seem to forget that if you decide to rebel, the 2nd amendment doesn't matter because you are a criminal and can bring guns over the border through Mexico or via other channels. The same is true of IEDs.
The "people" with AK-47s aren't getting them legally as common citizens.
That doesn't change the fact the majority of the US isn't going to rebel and that such "rebellions" in the US tend to look like this:
Oh that's cute. The U.S. has essentially upgraded its military forces and gets to beta test it in the deserts of the middle east. Did you think 'Winning the hearts and minds of the people' was an actual mission? And the U.S. pulling that off while only losing ~5K troops just furthers how laughable your statement was
You cannot fight against an evil government with the 2nd amendment, but you can definitely resist it. An unarmed population is totally helpless, meanwhile.
That's just wrong. Look at this list: http://en.wikipedia.org/wiki/List_of_revolutions_and_rebelli.... The unarmed revolutions (including some civil unrest but no large-scale deployment of firearms) are plenty and more successful than the alternative, which usually ends in a civil war.
And how many of those revolutions were against the homeland of a group that spends nearly $700 billion a year on defense? These are completely different circumstances.
Wouldn't the first act of an evil government be to outlaw civilian armaments and confiscate these guns? At that point, you'd be forced to either go to war(which you agree you would lose), or lose your weaponry. Perhaps the proliferation of guns would help the now criminal resistance acquire an arsenal, but I'm skeptical. European history is rife with examples of armed resistance forming from an unarmed populace.
I wouldn't call my ancestors 'helpless' considering their multiple armed rebellions and constant resistance after being conquered, or examples I'm less acutely aware of like the French or Polish resistance during WW2. It's also worth noting that while this resistance was very much detrimental to the hostile government, it was never the primary factor of its downfall.
> Wouldn't the first act of an evil government be to outlaw civilian armaments and confiscate these guns?
Historically this is exactly what happens.
Proponents of gun registries know this, want this. People who value their freedom have to fight a (so far, winning) battle to maintain their Constitutionally-protected rights.
If it comes to that, whether there's a legal right to have said guns is pretty much moot, because the people you're using those guns to resist aren't going to respect that right. If you're prepared to fight your government, you don't care whether it's allowing you to have the means to fight it.
Therefore the right to bear arms as a defense against tyranny is mostly empty words. The way to prevent tyranny is robust public institutions and a democratic culture. Weakly democratic states fall to autocrats all the time. There is no culture of democracy so the number of power holders a would-be autocrat has to cow is few. Democracy, real democracy, involves orders of magnitude more people, it's that much more difficult to overthrow.
Easier to already have a gun from when they were allowed, then to acquire a gun after they were banned.
Of course the later would never be hard in America, considering just how many guns there are that would not get swept up... But the first is still easier.
People in mud huts in Afghanistan don't seem to be having trouble waging guerrilla warfare against the most powerful (and expensive) military on the planet.
F-16s don't occupy territory. F-16s don't police thoughts.
This "they have tanks, planes, and bombs, so your rights don't matter anyway- you don't need them" bullshit is a farce:
People police people. People occupy territory.
It would just so happen that people are exceptionally susceptible to small arms fire.
Indeed, I've found the infiltration of monarchical type behaviour to be surprisingly prevalent in the modern US oligarchical elite structure. I think people have forgotten that, throughout most of the history of our country the UK and EU oligarchy/aristocracy/monarchy have been the enemy of the US, and in the beltway rush to power many of them have become infatuated with the trappings of neo-feudalism, all without even realizing the magnitude of their error.
Make no mistake about it, the idea of national sovereignty worldwide is under attack, including the United States of America's, but no one really wants to admit or even entertain ideas of whom it might be, lest the truth be too upending.
What have ended up is a modern day star chamber.
"Finding its support from the king’s prerogative (sovereign power and privileges) and not bound by the common law, Star Chamber’s procedures gave it considerable advantages over the ordinary courts. It was less bound by rigid form; it did not depend upon juries either for indictment or for verdict; it could act upon the petition of an individual complainant or upon information received; it could put an accused person on oath to answer the petitioner’s bill and reply to detailed questions. On the other hand, its methods lacked the safeguards that common-law procedures provided for the liberty of the subject.” –Encyclopedia Britannica
Nah. He's just nostalgic for the pre-Internet days when the FBI could listen on anyone's communications because phone companies were legally required to make their lines tappable.
They make going dark seem like some terrible unprecedented thing but electronic communication hasn't even been ubiquitous for that long. Before that there were no wire taps because there were no wires. The human race somehow managed to survive.
It's important to note that part of the reason they "need" technology to track terrorism is that technology enables terrorism. To say that we got along fine before technology and mass surveillance means we don't need mass surveillance is a flawed argument; it misses the fact that technology brings with it a big bag troubles and benefits.
But personally, I still think window of abuse for back doors is too large to be rationally allowed.
I wonder how we'll deal with this as technology progresses even further. In 10-20 years, it probably won't take much for a random nutjob to make an extremely deadly virus. And that are only baby steps in nanotechnology. Do we really want total privacy and anonymity in a world where a single person can easily wield such destructive powers?
Yes, because giving up privacy and anonymity will only marginally slow down (if at all) the would be evildoers, at least those smart enough to not brag about their evil doings in Facebook.
In my home country, we have one of the more strict gun owning laws in the world. That does not prevent the criminals from getting guns at all - pretty much every random fucker can get his hand on a pistol, and organized gangs have gear that is often comparable with that of the army. But, on the other hand, it is pretty difficult for the average law abiding citizen to arm themselves for self protection.
The funny thing is, this strict control got really started in the late 60's and 70's, when student riots made for a moment seem like a coupe / civil war against the regime were at least thinkable. So, what are the real winners when the government outlaws technologies than short the gap between state power vs individual powers? It is not the criminal elements in society. They already are breaking the law and profiting from it. They will work around whatever restrictions get imposed and illegally import the gear they need from wherever it is available. It is you and me who get the shaft!
The point of gun control isn't to keep the guns from the hands of real criminals (much less gangs), it's to keep guns from the average not-really-law-abiding citizen, who gets drunk and shoots his ex-wife, or leaves his gun accessible to his kids (hello school shootings) or just gets mad at his boss (just happened around here, the guy had a hunting rifle).
Whether that justifies preventing people from arming themselves for self-defense is arguable, of course.
Are you saying that because there are idiots who drink and drive, all cars should be banned. But if there end up being criminals with cars that get away from the police on bikes... then it is somehow alright because it was never a goal to stop them in the first place?
I guess I feel even more strongly against letting a dumb law enforcement agency dictate what infosec is ok to have on my systems, thank you very much!
[Edit] Ok, I can see my argument was kind of dumb, comparing regulation with outright banning.
Nonsense. A general restriction is not the same as declaring everyone guilty. Am I being declared guilty until proven innocent by not being allowed to own military weaponry? Nuclear weapons? Biological agents?
This doesn't mean the restrictions are OK in this case; as I wrote, it's arguable*
I guess it's a great thing we have the Second Amendment and associated judicial proceedings.
Whatever makes you happy. Not being from the US, my interest is purely academic. Our constitution has no such provision, and the population is under no urge to add it.
The point of gun control is to score points with some parts of the population while disarming the rest--anything else is just grandstanding used to justify the act.
Frankly, thugs with guns are irrelevant. I'm not advocating to drop all privacy because there are some bad guys with ill intent, who may want to hurt you or me - as a society we've already decided it's not a big deal (otherwise you'd have much more resources poured into crime prevention). The question I'm asking is - in the quickly coming age of easily obtainable weapons of mass destruction, does the privacy arguments change? And how do you want to secure people from random evildoers utilizing such weapons? It's a genuine concern, and in case you think I'm just fearmongering, I suggest checking out the progress happening in biotechnology.
It was not my intention to fear monger. I was speaking by analogy, not sure if it was not clear or if you disagree with my argument.
What I am saying is this: in a world where weapons of mass destruction becomes more available, privacy/anonymity is mostly a non issue. I will say it outfront: I am skeptical of the evil genius in a basement, holding a day job while secretly moonlighting on his personal armageddon. Players willing and able to conduct this type of terrorist attacks will probably not rely on the same IT stack regular joes do.
Assuming they have the financial resources and personnel to pose a credible threat will know to not use their iphones. They will know to use vintage hardware, to download and compile their own Linux/OpenBSD from scratch, to get their crypto libraries from "rouge" countries outside of the sphere of influence of the US, etc. Those that do not, they will be busted early.
Those that pose the real threat then are the ones that you cannot stop by making technology harder to get. As long as there is demand, there will be supply. And they will have gear that is in the same ballpark as the forces that are supposed to stop them. Probably not as good as the best there is, because you can never outspend the guy with the printing press, but good enough to hold their own.
And then there is the cost. Not only the conspiracy theory cost that the government is going to turn fascist, but the very real cost of giving real criminals an edge over the public. They already are breaking the law, they wont care about using banned technology. If they can afford it, and if they can either profit from it or avoid being caught using it, they will get it in the black market.
You were not fearmongering; I was preempting in case someone accused me of doing so ;).
I agree with your analysis if applied to contemporary dangers. But I've been not-so-subtly hinting towards biotech for a reason - as it progresses and the "tools of the trade" become both cheap and possible to DIY, the "required financial resources and personnel" drop sharply. People brewing up dangerous viruses ten years from now in universities or hackerspaces, whether on purpose or by accident, don't seem like a big stretch of imagination. And I honestly wonder, how are we, as a society, planning to safeguard ourselves against that threats. We can barely handle the diseases that occur naturally. People don't realize how dangerous this stuff is, because - again, except from natural diseases - we've never had to deal with a self-replicating technology before.
I'm not saying we'll need to drop privacy and anonymity entirely, but I suspect that they will be affected by any good solution. I'd probably sleep safer if I knew that there's no easy way to anonymously obtain necessary ingredients. You'll never stop a very determined attacker, but they're not the problem - random nutjobs with an axe to grind are.
> I'd probably sleep safer if I knew that there's no easy way to anonymously obtain necessary ingredients
That is already the case for a lot of things, when it comes to chemistry anyway. Your random person couldn't get their hands on the things required to make various dangerous chemicals. Criminals, they can, sometimes, but with great effort and expense so it's usually aimed at chemicals that will make them money (drugs, typically) -- and the really advanced stuff is done by "legit" (kind of) labs, not a home chemist.
Of course, that's only as good as the stores following the protocols, and with the internet that can change somewhat, but even then it requires buying chemicals outside of the country and getting it through customs (which isn't perfect, but puts up enough of a barrier that regular people or average criminals don't risk it).
Are you saying that because someonemight do something evil, we should all lose our right to privacy and anonymity to protect everyone from what the mad scientist might do?
Can you even show that taking my privacy away makes me markedly safer, because unless you can establish that first I'm not even listening.
I would wager that a substantial number (probably majority) of individuals on this site (SF/NYC dwellers, especially) would trade their right (Ok: not really, but everyone elses) to keep and bear arms for a bit of (false) security.
How about traditional police investigation tactics? They have been and continue to be extremely effective, much more so than blanket comms survalience. If you compare today to a few hundred years ago, we've already expeeienced the kind of change in destructive access you fear, and yet it almost never happens.
Governments going completely insane on their people are relatively common. Everyone thinks it will not happen to them, until it does. That's a much greater risk than rogue individuals. To double the big risk to half the small one is bad risk management.
I agree if you express it not in terms of probability of event (rouge individuals pop up every day somewhere) but expected damage. There is only so much one man can do today, so it's right to focus on big risks and not small ones. But technology tends to change things, and I fear that upcoming biotech (and possibly pure nanotech in more distant future) will drastically change the equation, giving unprecedented power to rouge individuals with ill intent. The question is, how can we defend from that; how can we minimize the amount of damage one person can do?
Swinging to the other side, would you really want to allow an alphabet soup agency to make a virus or nanotech (a literal "bug") to infiltrate your body and monitor everything going on with you on the off chance that some nutjob does the same thing?
Honestly? Yes. Already some way to artificially boost the immune system would be a good thing, and in a world with advanced nano/biotech available this seems like a no-brainer. We need some sort of blanket protection not only from potential attackers, but from much more likely accidents.
That's a pretty extreme speculation. There has been only one non-state-actor use of WMDs, ever: The Aum cult sarin gas attack on the Tokyo subway. They could have done more damage with a simple bomb.
Actually two; the guys did a sarin attack twice. But I'm not worried about chemical weapons; they're not that dangerous. What worries me is biological attacks, which differ by having a self-replicating component that can amplify even the tiniest exposure to an international emergency.
How much money do you have in the bank, and what is your bank account number? If anything can be hidden in the internet, then who decides which things can be hidden?
I can show you my balance and even give you the number in case you're so nice as to transfer me something. And I'll live happy knowing that if you try doing something funny, you can be tracked down and held responsible.
The point is, you may want that money to be spent stopping that someone before he makes / releases it, and that seems to be at odds with privacy concerns.
> A.k.a. "All people should be considered guilty until proven innocent."
Not really. Please re-read the comment I replied to. The point is, progress of technology brings new dangers and appropriate means of protection need to be created.
If anything, "watch everyone to have enough data available to be able to spot a criminal before he strikes". But my point actually is, some amount of watching will always be necessary, and advancements of technology seem to increase the need for that surveillance as the time goes.
> If anything, "watch everyone to have enough data available to be able to spot a criminal before he strikes".
A.k.a. "assume everyone is a criminal".
> But my point actually is, some amount of watching will always be necessary
Sure, if there's reasonable suspicion that the person being watched is a criminal, and there's a real warrant (not some rubber-stamp from FISA) authorizing said watching. Watching everyone because "well we don't know if this person's a criminal or not" is not only ineffective (as proven by the dearth of terrorist attacks actually prevented due to NSA surveillance) but unethical and - per the United States Constitution - illegal.
Of course, none of this would be an issue if law-abiding citizens were encouraged and given the resources to protect themselves against crime, be it physical (by practicing self-defense, armed or otherwise) or virtual (by encouraging the use of free/open software, and strong encryption).
i don't see how that argument makes sense. Yeah there were no wire taps, but there also weren't any wires for criminals to use to communicate. Criminal investigators have histroically been able to get at any place where there might be evidence, with a warrant. The historical maxim has been "the law is entitled to every man's evidence." You could put a lock on your desk drawer, but that can be easily bypassed with a warrant. There is protection against warrantless searches, but once due process is given, a court's power to compel the disclosure of evidence is almost unlimited.
An encrypted hard drive is a totally unprecedented thing in that regard.
But this has already happened and the judge in question 'compelled' the suspect to decrypt her laptop. I don't know if she ever did, whether there was any evidence that was germane to the case on it or whether she was held indefinitely but there is recourse for the authorities in these cases.
Eventually her husband provided the cops with the correct password[1]. The 5th Amendment prevents you from providing testimony that would incriminate yourself. In this case, though, she was being compelled to decrypt the laptop to produce evidence against someone else - Ms. Fricosu was granted immunity against any evidence collected from the laptop[2], so she didn't have any 5th Amendment grounds. In general, a Grand Jury has the right to subpoena any evidence from a third party that is relevant to a criminal investigation, and you can be held in contempt if you don't produce it. She had already admitted in a wiretapped conversation that there were documents relevant to the case on the laptop, the laptop was in her possession and that she refused to give them the passwords.
The use of crypto for information security predates the United States. It wasn't very good crypto back then, but it was around. People also had other ways to obscure information from the government: shorthands, code books, code phrases, foreign languages, argots, and cants (and physical seals, to discourage tampering with mail).
> Then governments with enumerated powers would need some unprecedented powers to get into that unprecedented thing, right?
Only the federal government is limited to its enumerated powers. So at best your argument is that mandating backdoors requires state rather than federal action. State governments can do whatever they want unless it conflicts with a Constitutional right, and there is no right to have a place to stash evidence the government can't get to with adequate process.
All that means is that you don't have to point to the Constitution to prove a right exists. The right still has to exist somewhere and be recognized.[1] The power of courts to access nearly all evidence with due process predates the Constitution and nothing about that document shows any intention to alter that practice.
[1] "Rights" are exceptions, not the rule. The rule is the will of democratically elected legislatures. Rights are exceptions to democracy and should be construed to swallow the rule.
Rights are expansive. There is no "precautionary principle" when it comes to rights. If a new thing is discovered, like strong encryption, I have a right to use it in conjunction with my other rights. If I can make a cheap personal rocket, I have a right to launch myself into orbit, as long as I'm not infringing on others' rights. The fact that such a rocket means anyone can build an ICBM doesn't put it outside of one's rights.
Governments have no inherent power to "inspect." You seem to think governments should have superior powers to individuals. While there is a philosophical argument for this, that doesn't mean it's always going to be true.
It's fallacious to use the concept of "enumerated powers" and "limited government" to argue that "rights" in the U.S. are, or were intended to be, structured the way you describe. "Limited government" concerns the allocation of power between the state and federal governments, not the relationship between those governments and individuals.
State governments are not ones of enumerated powers and they are not limited. They are successors to the British Parliament and inherited the powers of that institution including the general police power. Against that backdrop, "rights" are those specific restrictions on the exercise of that power that states have bound themselves to by the federal Constitution and their own constitutions. There is no room in that framework for an expansive conception of rights that all exist so long as you're "not infringing on others' rights."
A great concrete example is blue laws, which were widespread at the time of the founding and regulated everything from alcohol sales to food consumption. Some of those have been challenged, hundreds of years later and mostly unsuccessfully, on establishment clause grounds, but there is little doubt the states, as a general principle, have the right to regulate public morals.
The contents of your human memory are not protected as a general principle. For example, you can be compelled to testify against someone else. You can't be compelled to testify against yourself, but the premise of that protection isn't some general right not to disclose the contents of your memory, but a very specific right against forced confessions.
i think, if he meant surrounding, he'd have needed to use "with" or "in". "surrounding our rights with privacy" (which is grammatically correct but doesn't really make sense in this context).
I meant "surrendering" sorry, I JUST noticed this typo and went looking for the person who would point it out, thanks! Sorry for confusing you on an already confusing/inconsistent language.
wow your second quote is hilarious. "We're not looking at going through a back door! We just want to access the content". it means the speaker was using that metaphor visually, and didn't know that the word backdoor doesn't really have that kind of a physical meaning. (You can tell the speaker has it wrong because they say, "going through a back door" - I just notice even the word 'back door' is written with a space whereas in computing we write it closed (joined) - https://www.google.com/search?q=wikipedia+back+door)
I honestly think the qualifications for high-ranking national security folks in the United States includes things like "played with G.I. Joes a lot as a kid." These people are almost caricatures.
Do these guys seriously not realize that "the terrorists" will use end-to-end encryption whether it's legal or not? This literally makes no sense to me unless "the terrorists" is code for "the local weed dealer".
Of course they do: that's why simply running Tor qualifies you for extra attention from their side.
Remember that they decide who to murder using metadata. A world where only "evil people" used encription would be ideal: they would know who to bomb right away!
It isn't trivial actually. Detection would be a multipass process, the first pass would be a measurement of entropy, which would also flag compressed data (which would be very common). The second pass being magic number detection (file headers, can't be trusted). The third pass would likely be some sort of conformance test to every know compression format. The result of all this io intensive processing would not be a definitive answer.
If you want to get a taste of how difficult it would be to implement some method of detection, with a useful detection rate at scale, try to write some software that can detect localization encoding of strings on a binary stream. There is a reason why automatic translation of unknown localization doesn't really exist, there have been plenty of attempts, but nothing that results in a definitive answer.
I once wrote some software that would parse very poorly written csv files, it was one of the most frustrating projects I've ever done - and taught me the value of standards conformance. Basically, if the data source is non-cooperative, you aren't going to be able to reliably use the data.
I imagine it wouldn't be too hard to take encrypted text and transform it into something indistinguishable from the already unintelligible spam emails that pass through global networks en masse every day.
I believe it may be incorrect because in my (limited) understanding, good encryption is indistinguishable from random sequences of characters.
How can you tell a string of random characters is simply random, or is an encrypted message, unless said encryption includes some kind of header or marker information?
I may simply be wrong but I'm curious about the answer too.
You might say it's indistinguishable in a theoretical sense, but how are you planning on accessing this random sequence of characters?
Using software?
Why are you in possession of random data on a hard drive? A prosecutor will be happy to spin theories about what it might be.
How do you hide the possession of software you use to acess it? If you manage that, how do you hide the forensic evidence of "file access in random data consistent with evidence of hidden data or a hidden filesystem", in your OS or on your storage device?
I very much want to live in a world where these tools are legal. Otherwise, in the same sense as "lying to the FBI", they will be used as a weapon by law enforcement when none other is handy.
I see your point, and agree about the kind of world that I want to live in, but if I may be allowed to play devils advocate for a moment:
Just spitballing here but what if the software decrypted something as a side effect of doing something else like watching a movie. After all, buggy software is everywhere, perhaps that is just a bug.
What if that random file was a test input for a software fuzzing test. Is that not a plausible enough excuse?
What if the system periodically accessed data files [that had random data] to verify their integrity, you never know when data corruption might sneak in after all.
I totally agree that anyone trying to plead this case in court would likely fail miserably but the though experiment is interesting.
>Just spitballing here but what if the software decrypted something as a side effect of doing something else like watching a movie.
DRM movies are already encrypted. The DMCA does not seem to include an exception for law enforcement or intelligence gathering.
We just need an easy DRM format that allows content producers to licence and make available for viewing (but not arbitrary copying) custom content for specific viewers.
I was talking about a encrypted message vs. a non encrypted message, I wasn't taking into account random strings of text. But who would send random strings of text if not terrorists?
Yeah, but most unencrypted data doesn't look like random noise. If you run a few statistics on a packet/file/whatever and it looks random, you can comfortably assume its probably encrypted.
> ... you can comfortably assume its probably encrypted.
Or compressed, so you'd need to be able to detect every compression format ever created. I imagine that any time somebody serializes a succinct data structure [0], you're going to have to add a signature for that as well. I'm not confident that even an organization with the resources of the NSA would be able to keep up with that, you'd have to make illegal the writing of data structure libraries. Of course, the optimistic bureaucrat would see this as an opportunity for the creation of another federal entity, like the patent office, where code can be submitted for registration and approval. The Department of Circumlocution™.
The Arab world traditionally has had great mathematicians. I'm sure there is a bright young student in university right now who could write a good enough PGP implementation for the right price.
Oh for sure, but a majority of Persians during the Islamic Golden Age. I have no horse in that race, just a random fact I noticed while reading about each.
That would be Hollywood terrorists, or media channel terrorists. Real terrorists are organized and will use whatever they need to further their goals. It's also known that terrorist groups are recruiting lots of engineers.
Moreover, organized crime groups, which in real life are much more serious problem, are quite adept with advanced technology. They set up their own radio communications networks and use aerial and submersible drones.
> Moreover, organized crime, which in real life is much more serious problem
Well, sure, in that terrorist organizations are, by definition, a subset of organized crime, so that the problem they pose must be strictly less than that of organized crime more generally.
Technically yes, but in practice people (and media) usually consider them as a separate group from organizations like mafias and drug cartels. I think treating terrorism as something "special" and therefore "more evil" is very harmful.
...get elected as politicians or use their cash for more productive uses such as regulatory capture.
> Moreover, organized crime...
...simply used their captured politicians to make their activities legal. Why use cloak-and-dagger tricks when it is cheaper and easier buy the organizations that get in your way?
Mayby I should have written "real-life amateur terrorists / organized crime". Crime professionals don't use drones for smuggling, they use them for enforcement.
Here in Germany, we have banking trojans wehich are able to thwart two factor authentication by SMS. This requires considerable skill in synchronizing between the hacked computer and the hacked smart phone. I am pretty sure these guys can come up with decent encryption implementations if these are not available as open source any more. And the latter is pretty unlikely. In the 90's all but the US people had strong encryption after all. Open source projects working on crypto where just moving off-shore.
A ban of end-to-end encryption will need to be enforceable. What will LEO do, if I come up with it? Bust my house? That's unthinkable in Europe. Enforceability also means that all communcations must go unencrypted. This merely would kill all online commercial activity.
It would make it much easier to avoid DRM, and to cheat in online games for sure. I'm guessing online gambling would be out the window. Also, I don't know if I would want to do any banking online.
Well that can "easily" be solved by giving you a private key to use for your banking and e-com usage. Then "they" can decrypt it with ease and you stay "safe".
There is no need to sell anything. Even if suddenly the entire world banned crypto at the same time, they'll be plenty of mirrored OS projects floating around the torrent networks.
There's always a need for special purpose cryptosystems. Something that simplifies key management (e.g., for banks) will always be valuable, and it probably won't be sitting around on some random dude's hard drive.
They probably do. Having only "the terrorists" using encryption would make them much easier to spot. Encrypted traffic from your IP could become probable cause for a search warrant.
Since you brought it up, I wonder if encryption and compression aren't both instances of a common mathematical phenomena. They seem very similar to each other.
No. You can have a general purpose encryption algorithm , but not a general compression algorithm. Encryption generally requires increasing data size. Compression requires decreasing data size and is not possible in the general case.
A wise man once said "shove it up your ass!" (george carlin)
Regardless, This guy doesn't know what he's talking about, and should not be speaking, at all. Above all else.
I'm not against the FBI; I understand why they want this and what it means to not have this kind of access. But they can't have it, and there are hundreds of reasons why its a truly horrible idea.
This is just ANOTHER excuse to strip away our rights for the sake of "fighting the terrorists" and "keeping us safe." Enough is enough. Just do your fucking job and stop trying to power play everything.
I don't care what legal blessings or rights of passage you get; if something of mine is encrypted, and i didn't give you access, it's not for you. That I could encrypt crazy stuff or plots or whatever is true; tough shit. There are other ways to sniff out nefarious people, and bring them to justice; the FBI just wants everything served to them on a plate.
Also, please stop putting stupid fucks like this in government. Infuriatingly dumb. Sacrificing our rights is not the way to fight terrorism; it's a path to self destruction from within.
Fire this guy and dismantle the FBI. Does anyone remember why we fought the Revolutionary War, why we follow the Declaration of Independence and the Constitution?
This joker should lose his job. He does not represent the values of this country,
We fought the revolutionary war so that rich factory-owners could more freely sell their wares without paying taxes to fund the war against the French and Native Americans that they sent Ben Franklin to London to beg the king for.
Yeah lets forget about taxation without representation, being forced to quarter troops in your home, being controlled from thousands of miles away, and the Boston Massacre. It was all corporations. Got it.
The Boston Massacre was mostly propaganda to unite a bunch of colonists that weren't all that convinced that the King was such a bad guy... and it didn't work out that well as propaganda goes; most colonists (i.e. more than 50%) weren't convinced that war with England was the right thing to do.
The stories behind the other cases you cite are similarly murky. The US has been manufacturing consent since before it was born.
The common people of the colonies were likely in a situation very similar to where ordinary citizens today are when deciding between Google/FB/etc. and the NSA. Distrustful of both sides, but more inclined to go with the weaker of them, because then they'd be less fucked over.
> Distrustful of both sides, but more inclined to go with the weaker of them
Well, globally weaker and more locally powerful. Strength probably wasn't the decision criteria at all for those who chose the rebel side, it was probably perceived accountability: the local governments that were represented by the signers and which revolted were all accountable to the local population, the British government was not.
This is a really shallow reading of the events that caused the war, and it's certainly not the entire story nor is it representative of modern academic thought. There were, remember, thirteen original colonies, and each of those colonies had different people in them with different needs. The causes of the uprising in Boston, for example, were not the same causes that drove Virginians to support the war.
Corporations weren't citizens in 1776. It only took us 100 years or so to fuck that piece of it up. Nothing in the original Constitution or Declaration requires capitalism.
Arguably, corporations were more powerful then than they are now. Wars were fought because of the British East India Company - in 1778, it had a private army of 67,000 soldiers, over 50% more than the total strength of the American militia at that time.
The British East India Company didn't just have its own standing army. It also (since 1765) held the legal right to collect taxes in Bengal. For a large portion of India, it was the government.
Corporations aren't citizens now. If you mean "corporations weren't considered 'persons' in the scope of the 14th Amendment" in 1776 (or even, say, when the Constitution was first adopted), that's true, but then neither was anyone else.
Corporations, of course, have been legal persons in the general sense since the corporate form was invented; that's the whole point of the form.
> Does anyone remember why we fought the Revolutionary War, why we follow the Declaration of Independence and the Constitution?
I remember asking this question back in 2005, and getting a solid "No". so I left the country. I doubt it's somehow been magically remembered since then.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
So they would argue that this doesn't apply once we eliminate paper as a medium.
Also, but, but, but... They're only collecting metadata, right?
"Of course the people don't want war. But after all, it's the leaders of the country who determine the policy, and it's always a simple matter to drag the people along whether it's a democracy, a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism, and exposing the country to greater danger."
I've cited this message by Franklin in the past but I've since learned that he was making the case for the legislation to have the power to tax wealthy landowners in order to fund the French and Indian war.
He's not saying this in anything like the context we tend to use it now.
Just playing devil's advocate since I agree with you, but...
I think he'd focus on that "...and no warrants shall issue, but upon probable cause..." bit. With end-to-end encryption, even upon demonstrating probable cause to a judge and having a warrant issued, he's still looking at ciphertext.
Jesus Christ - way to bury the lead. The headline reads 'prevent encryption above all else', but three paragraphs in:
"But Steinbach's testimony also suggests he meant that companies shouldn't put their customers' access to encryption ahead of national security concerns -- rather than saying the government's top priority should be preventing the use of the technology that secures basically everything people do online."
The hearing was concerning ISIS use of social media as a recruitment platform and how it related to the recent shootings in Garland, Texas and in Boston on Tuesday.
The subject of encryption is not the primary focus of the hearing, but when it does come up I think he makes his point clear at about 39:30 when says this: "I think we need an honest conversation and get past the rhetoric of what we are talking about. We're not talking about large scale surveillance techniques. We are talking about going before the court, whether the criminal court or the national security court, with evidence, a burden of proof/probable cause, suggesting a crime has been committed or in our case there is a terrorist and showing that burden of proof, having the court sign off on it, and then going to those providers and requesting access to the stored information or communications that's ongoing. So we're not looking at going through a backdoor or being nefarious - we're talking about going to the company and asking for their assistance. We suggest and we are imploring Congress to help us seek legal remedies to that and asking companies to provide technological solutions to help that. We understand privacy. Privacy above all other things including safety and freedom from terrorism is not where we want to go. "
He later goes on to suggest expanding he scope of CALEA to include more than just telecommunications companies.
If people are going to debate this topic, I think they should start from his actual position and not a half sentence soundbite.
He's arguing categorically against end-to-end encryption. All encryption, according to the FBI, must be negotiated through centralized points that can be served with a warrant and made to MITM the communications.
It's not even clear that's the extent of what they want. They probably also want the communications to always be MITMed by the centralized nodes, so that warrants can request historical communications dating back to some retention limit.
The Boston example is interesting... From articles I've read it's not really clear when they started surveilling Rahim, but I found it interesting that they knew he bought 3 knives on Amazon.com. The Boston Globe implies that it was the knife purchases themselves which clued the FBI into starting the investigation;
But in the course of laying out those allegations against
Wright, the document goes into detail about why federal
officials said they had Rahim on 24-hour surveillance in the
first place.
... goes on to discuss the knife purchase, and subsequent conversation ...
I've been hacking up a facebook clone at work. I've discovered that it's easier than ever to have end to end encryption. For example, there are now good working RSA and symmetric javascript crypto libraries that work in the browser:
for RSA: https://github.com/travist/jsencrypt
for AES: https://code.google.com/p/crypto-js/
This includes generating your own private key for a totally in-browser "sign up" process (browser can save your private key in a file, you then point to it to "log in").
Add to this: a distributed message passing system: something like torrents with channels shared by multiple users so that you can't easily see who is sending to who with enough traffic.
Also for identity verification: use the bitcoin block chain as a CA.
Anyway, think of a single-page web-app, where the page is stored along with your private identity file on a USB-key (this avoids the security hole of having to download it every time).
This works very well until someone knocks on your door and kindly asks you to place some javascript on your site that tells everyone's browsers to send their private keys to your server where they can be subpoenaed.
> Anyway, think of a single-page web-app, where the page is stored along with your private identity file on a USB-key (this avoids the security hole of having to download it every time).
You've just made it unusably hard for a majority of people, and hard enough not to bother for anyone else but 0.1%.
to build technological solutions to prevent encryption
There is one way and one way only to do that. Remove all general purpose computing devices from the hands of the public, and make it illegal to manufacture or distribute them, or knowledge of how to do so. I can't see it happening, myself.
It's already been happening for some time, and we're quite far in the process. The mainstream population stops buying computers in favour of mobile devices - tablets and smartphones, which are locked down and dumbed down. Then you have DRM, and the cloud. I fear the next step will be professionalization of software engineering - you may suddenly find yourself in need of an engineering license to be able to legally use a Turing-complete language.
What I find most interesting here is that the government is clearly afraid of people using encryption against them, and yet most people seem to not have considered the thought of others using encryption against them...
Yeah, cool, let's all just stop using encryption for sensitive customer data so we more easily can catch the least sophisticated criminals who don't figure out how to do it themselves.
Let's also make it crystal clear to the more sophisticated criminals that they do, in fact, need to do it themselves.
Giving the FBI an easy way to put small time drug dealers in their pocket should obviously be a top priority of software companies.
I will vote for any politician who will tell these people to go fuck themselves.
He can't see himself as the bad guy, or enabling the bad guys in the future by making the law enforcement apparatus all powerful.
Of course he'd fling the same accusation at us, from his point of view. What if there was a terrorist attack that could have been prevented if only they'd have been allowed to see through the encryption? I mean, let's be honest, on its own merits, that's not the worst argument in the world.
It's just that as an old-school true-blooded American patriot, I can't help but notice that "just giving them all the powerz" is not the way we do things around here, and there are reasons for that.
(Before reflexively downvoting because I dared sound a bit patriotic, consider why I feel compelled to wrap myself in the flag here....)
Of course the "what-if" argument falls flat on its face because we can always go further to create more safety, and if you first use that argument you need to justify why you stop just there.
E.g. why is terror getting this level of attention vs. child murder, which in terms of numbers of victims is a far bigger problem?
By the "what if" logic, these people ought to be prepared to go far in curtailing privacy to get at child abuse given the magnitude of the problem compared to terror.
We know how to profile the likely perpetrators very well too. The vast majority of such crimes are carried out by a few very specific groups of people, namely dads, brothers and other close male family members.
Surely if the - on average - few terror deaths are worth these types of sacrifices, the many hundred child murders and thousands upon thousands of abuse victims would justify far more extensive curtailment of privacy?
It quickly becomes very clear that the "what if" argument is rationalisation: if harm reduction was as important to them as they like to imply, they would not be spending their attention on terror.
What the "anti-terror crowd" need to be made to answer when they ask for more rights is what makes terrorism different, and why are they not spending their energy on the many problems that have far more serious effects.
My information comes from an extensive NSPCC survey, but I don't think the two contradict each other - the question is the exact definition of abuse that is being used and I should have looked it up and been more precise about that.
Without going back and digging up the exact NSPCC survey, the article you in to appears to take into account a much wider set of criteria, though it's hard to say since it doesn't state its definition either and I couldn't find its source. The wording does also seem to imply that it is looking at reported cases as opposed to use a survey, which would give different numbers.
In terms of type of abuse you consider, it will drastically shift the balance. E.g. for sexual abuse the numbers are completely dominated by male family members. Once you add in violence it shifts a lot, and other neglect will likely shift it further if for no other reason than simply because women are still more likely to be the primary carer.
Of course in any case it doesn't alter the main point.
I'd warn him to beware of "What if..." worlds. In such places, anything is possible. Fearing the possible makes one paranoid and untrusting.
What if he is the terrorist and wants to more readily spy on the American people? Or a similar, more likely scenario, of what if the government has a spy from another country? Do we want them to have all of our information in their hands? If encryption is weakened they can more easily spy on our political leaders.
What about national security? Lowering encryption standards hurts national security. As an American patriot why would you want to hurt national security? For a bit of promised security? The current mass surveillance has prevented 0 attacks. Who is to say more surveillance would prevent any attacks? You can say for certain it would hurt national security (bad guys can use backdoors too) - but you cannot say for certain it would prevent any attacks. So it's a "lose/maybe-win" scenario. Not one in the countries best interests, if you ask me.
He wants to make his job easier, consequences be damned. It should be easy for the "good guys" to monitor and catch the "bad guys", give us back doors and unsecured communications with which to do our jobs.
He's too focused on his narrative to be able to understand the web of unintended consequences of what he's proposing. The same way law enforcement and lawmakers fail to see all of the unintended consequences of the drug war.
I found the question of whether he really doesn't understand the technical meaning of "back door" or is conscientiously trying to re-brand away from the negative connotations of the term particularly interesting. Maybe "side-door" would work?
It's so incredibly disingenuous. We're talking about a long established technical term with a precise meaning, but when world leaders are demanding it, they're uncomfortable using that term because it sounds like exactly what it is.
Saying it's "not a back door" is simply a lie, and I'm sure they or their advisors know it.
I think he wants to deliberately undermine the ability of the majority people to have access to information security. The only groups that he wants to have information security are US government agencies and their allies (both national and corporate).
I find the idea that "the people behind implementing and pushing for these policies don't understand the obvious consequences" to be absurd. This push has been about power from the start.
As fweespeech says here also, criminals will encrypt regardless of what is going on. The people the FBI is "after" are going to encrpyt, so fighting to make public systems store data and hand to the FBI when desired is pointless.
If the FBI isn't mining normal citizens data for loose connections to stuff that is none of their business, then their is no need for them to have access to the systems they want.
The only argument that could be made is that criminals are stupid and may not use proper encryption on their own, therefore we should watch what everyone is doing so that we can catch these particularly dumb criminals.
The goal of the FBI in all their statements is to try and convince the public that "only criminals need encryption; everyone else should let us watch everything they do." 1984 anyone?
"– You are 35,079 times more likely to die from heart disease than from a terrorist attack
– You are 33,842 times more likely to die from cancer than from a terrorist attack"
So terrorism clearly isn't the issue they are trying to address. That's what makes the people that run the various fiefdoms within our government - people that are not elected, do not answer to the public, and who rarely leave their jobs - so scary. We know they are lying, but to what end? What will their successors do with the power they garner using fear of terrorism? We are rapidly approaching Orwell's worst nightmare.
There's literally no way to break down that idea without turning it into some kind of negation of rights.
For you to ever be 'free' from others doing [thing Z], everyone (you, them, everyone else) would have to be precluded from doing anything that might lead to [thing Z] - and suddenly no one can do [thing A], [thing B], [thing C]...
Not only that, but now all it takes is for someone to make a shaky argument for some action potentially leading to [thing Z], and suddenly you or anyone else can be accused of committing that action in pursuit of committing [thing Z], and/or get locked up because of it.
I'm as averse to getting blown up as the next guy, but that doesn't stop me from recognizing a loosely-defined slippery slope when I see one.
It'd be nice to see a world in which it's very rare/difficult for anyone to do certain things - but let's not pretend we can create a world completely 'free' of anything without sacrificing most of our inalienable rights.
I imagine there are people in US government whose solely job is making up terms like this. "Freedom", "Terrorism" are both deep inside people's mind, putting them together sends a powerful message, even though it's a total bullshit when you stop for a second to think of it.
This seems so horribly wrong that I can't believe this was actually said in public. And the Washington Post apologist writing is very strikingly clear too.
I think the headline here is misleading. A casual reader could get the impression that the FBI is asserting that the most pressing issue facing the country is "prevention of encryption". Above all else: prevent encryption".
Really, what the FBI is saying (clumsily) is that companies should work with the FBI to ensure that sound encryption doesn't trump every other concern.
I'm not far left. I broadly support law enforcement. I understand opposition to Silk Road and I support prosecution. I even support Snowden going to trial. But my reaction to this is "screw the FBI if that's what they think." Unless Congress outlaws domestic use of encryption, I'm still going to have access to open source encryption and I'm still going to prefer companies which use encryption to maintain my privacy.
So the FBI has a tough row to hoe here, if the people who would otherwise support it are alienated as I am
It is astounding how little most people in government understand how 'cybersecurity' works. Do they imagine it like how baby's think they're hiding when they can't see you?
I do find it a pity security organisations like the FBI and NSA are interpreting their remit so narrowly focused on the "attack" side of the role, rather than the "defense" side. It's probably a consequence of the effect of bad publicity on the politicians who provide budget for such things, but I really wish they saw their role as preventative and defensive rather than data gathering. There's so much good could be done to improve the security of critical infrastructure if they put their minds to it.
Also, though I'm not surprised by the fact they're against encryption - They've been against it all through the court case against Phil Zimmerman for example - I am surprised how tone-deaf their arguments are beginning to sound. It's like they don't understand there's a real public debate happening around them.
"companies shouldn't put their customers' access to encryption ahead of national security concerns"
Which "companies" and which "nation"?
Is he proposing Baidu need to work with the FBI to further US national security? Or Xaiomi? Is he proposing Apple and Google should provide whatever-he-wants-to-rename-backdoor-keys* to the Chinese and Iraqi governments for their "national security"?
[*] I propose "Freedom Keys" to replace "backdoors"…
This is a major theme in John Brunner's "The Shockwave Rider". "In the novel, data privacy is reserved for corporate entities and individuals who may then conceal wrongdoing; by contrast, normal citizens do not enjoy significant privacy."
> He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
Back door: any circumvention of normal access. Normal access in this case would be access after decryption. It's irrelevant whether it's supported by judicial process, it's still a back door, just one that they aren't hiding the use of.
He says he's not looking for a back door (which is a lie, but members of Congress don't understand that, nor the public), and he associates it with the word "nefarious."
The FBI, masterfully twisting the language since 1908.
> Encryption [...] is "a good thing," Comey has said, even if he wants the government to have the ability [to] get around it.
Doesn't the government already have the ability to get around it, without compromising security? They can subpoena your password or private key.
If this is not good enough for him, that means he wants the ability to decrypt messages without judicial process. Like messages in other countries where the FBI is prohibited from operating. Or mass data collection, reading the messages of millions of innocent people in an attempt to catch one criminal. I don't want the FBI to do either of these things.
AFAIK, it's still not settled whether cryptographic keys/passwords/passphrases can be subpoena'd. Existing case law from physical security distinguishes between keys--like the one to your door or a cabinet--from combinations--like those to a safe. The state can legally demand the former, as the law views them as physical evidence as any other that may be rightly relinquished with a proper warrant. The latter, however, are the contents of one's mind, and as such requiring their divulgence runs afowl of 1st amendment protection of free speech and/or 4th amendment protection against self-incrimination. To me, it seems obvious that encryption 'keys' are much more like 'combinations', and were only called 'keys' as a word play (like many concepts in IT). Prosecutors, however, see that word and go "hey, wait a second, we're entitled to those!!"
There are a few federal cases that say otherwise. In US v. Kirschner[1], it was ruled that forcing the defendant to reveal his password through a grand jury subpoena was a violation of his 5th Amendment rights. The prosecution used a loophole for In re Boucher[2]: though the defendant still had a 5th Amendment right to not reveal his password, he was required to decrypt his hard drive in order to produce files under subpoena that he had already admitted were in his possession. Because he had already incriminated himself by revealing to a border patrol agent that his laptop contained child pornography, he no longer had a 5th Amendment right against self-incrimination for the charges of possessing child pornography.
As I mentioned in a post above[3], in the case against Ramona Fricosu she didn't have a 5th Amendment right to not produce her password partly because she was granted immunity for any evidence that would have been collected from it (but her husband would not be). If you have evidence of a crime, you are required to provide to the courts when requested. You have the right to not provide evidence or testimony which incriminates yourself - if you cannot be incriminated for it, you no longer have the right to withhold it.
And if Apple gave encryption keys to Russia or China I am guessing the USG would be OK with that? Or would that "betray their customers right to privacy"?
Obama actually denounced the Chinese government for pressuring companies into giving up encryption keys, that same week he had criticized U.S. companies for not giving up encryption keys. I was blown away by the immense cognitive dissonance. This was earlier this year, I'll have to see if I can dig up the article.
Let's say FBI has those backdoors they want, how can they make sure that the terrorists won't take advantage of those backdoors? When they can just allow China to come in and steal U.S government worker's data like
http://www.nytimes.com/2015/06/05/us/breach-in-a-federal-com...
I am more worried about them handling the backdoors.
What bothers law enforcement is simply the idea that there is something they can never have access to. The reality is that it has always been that way. Two conspirators could walk into a pub and sit a corner booth in the days before ubiquitous electronics and the law would never have access to that conversation.
There is nothing about the advent of new communications technologies that gives governments the authority to mandate circumventions for them. It's a attempt to preserve a status quo that never existed.
>He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
"Back door" does not imply nefariousness, it just implies a way around normal protections, which is exactly what they want. Tim Cook used the term "a key under the doormat". I like that description.
Anyone can see that if you leave a key under the door mat for a friend, an enemy may find it. It's inherently unsafe.
Now add to that analogy: 1) unlike in meatspace, the homeowner can't pick an unlikely hiding spot; instead, the authorities would mandate the exact same hiding spot for every house, 2) unlike in meatspace, the enemy has an automated swarm of invisible robots looking for house keys and committing theft and arson, 3) unlike the situation where you hide a key for a friend, the key would be there permanently, not just for a day or two.
All of these issues make it clear that this is a bad idea, even ASSUMING that the government is perfectly trustworthy.
The FBI should first clearly spell out a definition for encryption. Encryption is a function[&] that maps a number on another number. ([&] technically, this is a simplification because encryption tends to map a given number on an entire set of other numbers). What the FBI is asking for, is that some number mapping functions would be declared illegal. But where is that list of illegal number mapping functions? The problem that arises now, is that no matter how long their list of illegal number mapping functions, it will always be possible to design a number function that is not on their list but that would still be entirely valid to use for encryption. Furthermore, how can they actually enforce a law that says that particular number functions would be illegal? You see, they do not like that people use encryption functions on their numbers and they also do not like it when it rains. In both cases, however, their desires cannot overrule the laws of nature.
Two things strike me about these issues. Firstly there is a disconnect between a lot of citizens and those who are supposed to be there to protect those citizens; and second, we need to decide how much risk we are prepared to accept for freedom.
The FBI, MI5, and their ilk are there to protect the people. Yet an awful lot of the people talk about the likes of the FBI as thought they are just doing what they do because it pleases them, and them alone. But Im pretty sure the FBI believe that they are there to protect the people. To that end, I believe the people who work in the FBI are sincere. Somehow this must be reconciled.
As must freedom v's risk. I think there needs to be a rational debate about how much risk we are prepared to accept for an agreed amount of freedom. We simply cant have freedom with out risk. The only way to eliminate risk, is to eliminate freedom.
People need to address these two issues fairly soon, other wise, I think we are all in a while lot of trouble.
I don't understand, who else than the government has the right to tap internet lines ? If there's nobody, encryption does not protect your privacy, since investigations require warrants.
The problem is that the more the government watches everybody, the more people will encrypt. The logical path would to forbid anybody to tap lines. Then, of course, encryption would not be necessary, since data would flow securely.
Also, as long as its the authorities, as long as data does not fall into the hand of private interests (which is a risk), I don't see what the government would do about this ability to spy on its people since government represent the interest of voters. Ideally of course, in reality there would be many abuses.
By the way I don't understand why the authorities benefit for using Tor.
> The logical path would to forbid anybody to tap lines. Then, of course, encryption would not be necessary, since data would flow securely.
Why does forbidding someone from tapping somehow make data more secure? Just because it's forbidden doesn't mean it won't happen.
> as long as data does not fall into the hands of private interests
This is a risk because it's impossible to prevent. Especially as wireless networks become more and more common. It's impossible for all practical purposes to prevent wireless signals from being collected.
Well internet infrastructures should be made secure and be considered as sensitive. That way it would be shielded from many small criminals.
> impossible to prevent
Well putting good encryption standards would mitigate this by a lot. And isn't the sector of mobile antennas a walled garden ?
Of course if nothing is regulated to give the government a chance to tap it, then consumers will always try to conceal their behaviors and criminals will never be caught.
On the other hand, if the government properly regulates how data infrastructures are kept safe from private interests and if it's properly audited and made public, it will gain the trust of consumers and it will make the FBI's job much easier.
I honestly doubt the government will really want to let everyone have the opportunity to get away with the law because the technology allows it. There are strategies to protect citizens from private interests while doing investigations.
The problem with tor is that the government can end up systematically crack if they want, so using stealth tools isn't the road that makes sense.
It boils down to trust. If trust goes down, it makes things much easier from criminals, since the FBI's job will be so much harder, since everyone effectively doesn't trust government.
Anyway, I'm not so knowledgeable about all that, but it's true that the law must evolve on technology. Guilty until proven otherwise should be the norm, and privacy matters, but if everybody is paranoiac like a criminal would and protects their data because nothing is regulated and because private companies always take a peek, then nothing will change.
> guilty until proven otherwise should be the norm
This is a scary statement to me. Why should it be assumed that I am guilty of something because I don't want my communication to be read? This amounts to saying that I have no right to privacy.
It seems that you're saying that I should just trust the government to not read my messages if I am innocent. However, I don't think it's fair to say that I only have the right to privacy if I trust the government to stay out of my communications because that's not really privacy at all.
"The authorities" created Tor, and it was created so that spies can report back securely. The more Tor traffic there is, the more secure are they from being caught.
It's an unpopular opinion amongst techies, but I do think people should recognize the genuine nuances to this issue.
It probably won't ever happen, but as a "live and let live" kind of guy who nevertheless recognizes there are truly evil people out there, and the purpose of government almost above all else is to protect society from them, I think the policy which would make the most sense for this sort of thing would be for a government to simply come up with a sort of digital social contract with its citizens:
We couldn't care less if you're buying weed on the internet, or cocaine, or if you're selling them, or emailing your mistress, or pirating HD tentacle hentai. You can do these things in public or private, as you so choose. In the digital realm, we respect your privacy and subscribe to the principle of de minimis.
In return, we're going to require that encrypted internet traffic in our country be routed through our servers, with software that flags a limited amount of suspicious, IP-anonymized traffic for human review. If the algorithm turns out out to be wrong in your case and the email was only about the nuclear bomb-grade heroin you snorted off the Pakistani general's long-range missile during your secret gay tryst in Islamabad, we don't care. We'll destroy those records immediately, and there's no way for our human reviewers to see your IP address. We know exactly who reviewed your records and we'll throw the book at any one of them who leaks any private data.
And because we have lent our citizens this exceptional freedom to use the internet for any peaceful purpose, that means encrypted traffic that isn't routed through our servers must be treated as suspicious. It may or may not be legitimate, but much of it may well be related to terrorism or violent crime, or child pornography, or financial crime, or foreign agents. So, we will continue our policy as stated above; we won't punish you just for using encryption illegally, but doing so does give us reason for questioning you and requesting access to your private keys.
The reason techies find solutions like these unpalatable is because there is no technical way to provide these capabilities without simultaneously weakening protections against attacks from other entities (criminals, other governments, etc).
Also, while you, personally, may think it's okay to buy and sell cocaine over the internet, many of the other people signing/writing this social contract would disagree.
> The reason techies find solutions like these unpalatable is because there is no technical way to provide these capabilities without simultaneously weakening protections against attacks from other entities (criminals, other governments, etc).
Right, the golden key problem.
> Also, while you, personally, may think it's okay to buy and sell cocaine over the internet, many of the other people signing/writing this social contract would disagree.
'Social contracts' rarely refers to specific stances on policies/issues. He was likely using it to refer to the underlying implicit agreement the term usually refers to (the agreement to live by laws, etc) as opposed to any actual document you might be thinking of (like a constitution or something).
From that standpoint, I agree with him - there are some issues which will only ever be 'resolved' by reconsidering the underlying stance we take on what our societies can or can't do, and revising the underlying social contract the societies we choose to live in are built upon.
What incentive do they have to obey such a contract?
Anyway, there is oppression by the majority. It is a very good thing that in this age where there is very little privacy, that we are also much more permissive than we once were.
What incentive would they have not to? Our hypothetical government isn't concerned with victimless and/or trivial crimes.
Of course, no government can ever be forced to do anything (that's what makes it the government), but having everything clearly expressed and in the open, and with a tolerant approach to those who are not violent threats to society, is a far better situation than the government conducting surveillance programs in secret with secret scopes, where it may or may not have secret backdoors into commonly-used crypto, and lots of people are left hanging in a legal limbo hoping that the NSA doesn't develop a viable quantum computer before the statute of limitations runs out on their Silk Road drug transactions, etc.
I agree with the train of thought, but jhallenworld has a point - there's no way to trust the actors sworn-in to uphold such a contract are actually following the contract - nor is there any accountability for such.
I believe you're on the right track, but the underlying problem of corruption - at any time, any person trusted to use their position of power as they're "supposed to" instead of skirting their limitations or trying to find ways around them - still exists in the system you described.
- What happens when the authority figure decides that actual terrorist threats aren't the only things they should pursue with their unilateral control?
- What happens if they take that heroin-snorting secret gay tryst you were in out of context, and blackmail you with it (as happened with the information about intel agencies allegedly knowing about that high level CP ring Britain was involved with)?
Once again, I'm happy to see someone besides myself think in terms of how future social contracts should be modified to address the problems our current ones don't; but I think the problem of corruption underlies any potential social contract solution - because at the end of the day, no matter how many rules and limitations you write up, the people who spend their day-to-day living within the contractual system you've created will find (or create) weaknesses to exploit in that system.
Anonymous redundancy (multiple people needed to access some data; they don't know who the others are) or internal watchdogs (people who don't have control over the system, but can see how others who do are using their control; watchdogs are also not known so as to limit bribery potential) or something would need to exist as a sort of 'immune system' against the evolution of corruption within the contract.
Well, at least he is being more straight forward than Comey was. He's laying it out there that in his opinion it's key escrow or else!
Of encrypted device users, just how many have not opted to have the key backed up by Apple or Microsoft? Backing up seems to be default, which is self-elected key escrow. 99% of the the rest of everyday users probably have a 4 digit PIN that can be cracked very quickly under forensic examination. Anyone with a real security need is going to be following their own opsec protocols anyway, which they would do with or without a law preventing good default security for everyday users.
They really do seem to be overblowing just how dark the network is to them under their investigatory powers.
Is it incorrect to say that America is the biggest threat to world peace? American military industrial complex seems like the biggest terrorists in the world. Which country has killed more innocent people across the world and started most wars since WW2?
Much of the behaviour of the US towards other nations can easily be considered the actions of a rogue state. I can't see how one could deny this when looking at the facts.
Law enforcement and detective work in this century is very lazy. They want to strip privacy for an easier job.
Engineers that get rid of security or do it half way are seen as bad.
Yet people enforcing the law, stripping away laws and rights they are here to protect, do this to make it easier for 'national security'.
Respect for the law has taken a huge dive down with the War on Terrorism and the War on Drugs with many similar parallels. It appears to be diving even further. Good quality detective work is being worked out in favor of constant surveillance.
Any marginal gains that US might achieve in terms of security are not worth the resources and human liberties they need to sacrifice. Of course for those who are in power there is an incentive to paint a needlessly scary picture take our money and destroy our freedom.
I think public schools without bullying would be better and more beneficial objective than protection from terrorists who do not exist.
Honestly, I don't understand how this can work as a practical matter. For companies and their customers to have a chance of surviving criminal hacking attempts they have to be as secure as they can be.
If it's easy for the FBI to track people they have a legitimate interest in it'll be easy for some guy on the other side of the world to lift your SSN.
Democrats use, lie and abuse the middle and lower classes just to get votes. They promise crap, they create division and tension along racial, economic, and any other line they can find. It's a playbook right out of the best South American dictatorships. The masses vote for them based on stupid shit like "Hope and Change" and then they get nothing. Frankly, I don't understand why these people keep voting for them. Look at what's happening to the black community under a black president. If there was ever an indication that Democrat's mode of operation is to use the masses for votes there you have it, playing live right in front of on us TV nearly every day.
The only good thing about Democrats are some of the approaches to social issues. Things like gays are not evil and the war on drugs is stupid.
Republicans? Crap. The religious right represents delusion and insanity. They too, when you produce a few key words, will vote for you at the push of a button. They manipulate a different set of audiences for different reasons.
The only good thing about Republicans is the leaning towards fiscal responsibility, low taxes and low spending.
A good moderate Libertarian will be for small government, low taxes, a moderate liberal social stance, fiscal responsibility, not fucking with the world with armament and getting the hell out of our lives, homes, businesses and bedrooms.
I for one am glad to see someone like Rand Paul making the moves he is making. He is smart. He knows that in this country it is still impossible to win as a Libertarian due to the dominance the main parties are granted by the electoral college system. So, he sits as a Republican. Yet, it is obvious he is not a bible thumping Republican. He is a Libertarian, there's no doubt about that. The chances of him getting the nomination are probably not good, but you never know.
If voters just stopped to think for a moment to realize that the average politician is not much more than a bad used car salesman working hard to use and abuse them every day for their own gains we might just have a chance to start doing things differently. That's a tall order. How do you convince a bible thumper to vote for someone that isn't going to push their buttons and won't demonize gays or other groups? How do you convince a union leader to have their membership vote for someone who isn't going to promise free goodies and favors to their membership?
Probably won't happen. But that's the root of the problem in American politics. We are being pulled to the right or left by a process of buying votes. Those of us in the middle who see things for what they are and really want to do the right thing for the country and future generations have no voice in this because the big parties and the electoral college system push us down into the noise. Voting Libertarian in California or Texas is wasting your vote.
The electoral college, for all it's virtues, has created a system where the party that should be in power right now has no chance at having a voice. Collectively Libertarians are in the many millions across the nation. However, our system of government is designed to pretend that every state is a homogeneous voting block, allocating all votes to one or the other party, which is utterly ridiculous in today's reality.
While I really wish for a Libertarian shift in our politics I fear this is almost impossible to achieve given the realities of how the game is designed and played.
The European "right-wing" is socialist by American standards and the American "liberals" are right-wing by European standards.
Heck, the only reasons Americans think "small government" is the solution (and that it has to be an all-or-nothing decision) is that the government they have is bullshit.
You can have regulations without having a "nanny state" that dictates every aspect of your life. You can have privacy and welfare and socialised health care and various other kinds of good things without "socialism".
Americans, generally speaking, don't care about other people. Personal responsibility is the highest good: if you made it, it was your personal achievements that got you to where you are; if you end up in a bad situation, it was your own failings and bad decisions that got you there.
But that has nothing to do with liberalism or capitalism. In fact, it's quite anti-liberal. Without regulation, capitalism eats its children: you get monopolies and oligopolies, innovation stagnates and new competitors are either acquired or driven out of the market; you also provide no incentive for moral responsibility to the consumers. Randian "libertarianism" is deeply flawed and sociopathic.
I think the problem with the way you are seeing things is what I call the "Star Trek View of the Universe". This is where all Vulcans are the same, all Klingons are the same, all <insert planet> are the same.
Example:
> Americans, generally speaking, don't care about other people.
That's not even close to being true. A cursory google search reveals that the US is at the top of the list of nations engaged in charitable donations, foreign aid and other metrics of generosity that clearly indicate that we do care about other people.
And, no, Americans are not a homogeneous herd that thinks and behaves the same way. And that's why the problems and the solutions are sometimes very hard to sort out. Yet I'll take this any day to some of what goes on in many nations around the globe.
It's a power grab, plain and simple. The FBI and CIA are probably happy that 9/11 and neverending terrorism occurred as it gave them the excuse to do it.
Terrorists are already going to use encryption... so "stopping the terrorists" is a weak argument (not the one used here, but just saying).
Beyond this, given that every level of access the U.S. government has been given in any kind of automated fashion has been abused... "Fuck 'em" ... They do not have a right to violate the 4th ammendment at any given level just because "papers" and posessions are digital in nature.
But then at least we know you're guilty if you use encryption.
It's kinda like the reasoning that banning marijuana was better for the police because they didn't need to distinguish between illegal drug use and legal drug use.
I think one thing clear is that anyone who follows the news will be hard press to use technology that doesn't implement open source encryption. That's the only way we can be sure there isn't a black door. I think we should let every major tech company know that this isn't the time to reinvent the wheel or roll out their own in house solution, but to work on bettering proven open source technologies.
you can't prevent encryption. There is no barrier to entry to people writing encryption from scratch. You could even do it with a combination of computer and paPer, if you don't trust the computer... People using 3rd party closed source encryption tools don't really have a reasonable expectation of non-backdoored software.
At the risk of getting some list, these guys are the reason that we formed a country. It was people like this guy that made everyone here get a gun and fight. Literally. I'm not some gun nut, but wow, our government has gone off the rails.
This is not what I want for my country, not what I want for my kids.
I think we are focusing in the wrong thing when encryption is all about privacy discussions. If we want to build distributed systems, for example for money transfers, we will need "unbreakable" encryption for signing.
I use the Tor Browser Bundle to read my gmail. I figure it's helpful to those working for legitimate regime change, that I put encrypted traffic on the net.
It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
>He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
You mean "Rubber Stamp Judicial Process"? Even if you didn't the mere fact that these backdoors (you can rename it all your want it's a BACKDOOR) exist make the whole system LESS secure. What a clown and this is the AD of the FBI's Counterterrorism Division??? Fuck....