My biggest issue with all this is that when you give them the power to take away rights to prevent terrorism or protect children, the government will use their powers wherever convenient. For example, the patriot act has been used in 1,618 drug cases and only 15 terrorism cases[1]. It has also been used for everything from copyright violations to Las Vegas money issues[2].
For American: these are people who don't pay a mandatory tax for consuming government-run media like the BBC and Channel 4 (perhaps because the don't watch or listen to that content).
The tax is for picking up TV signals, not for consuming BBC broadcasts. It does fund the BBC, though. Additionally, Channel 4 gets none of the license fee, and it is not Government-run.
(Nor's the BBC for that matter run by the Government - it merely has requirements to be for the public benefit, to represent the UK, and a variety of other things, by law, and in return it gets money from the TV license.)
The post you're responding to did not say anything about broadcasts. But the tax is not for picking up signals, any consumption of BBC media means the viewer must pay the license fee.
The term government is preferable because the term 'state' is vague to people outside the UK. Being a government run service does not mean the BBC is required to follow the ideology on the current party in power.
> But the tax is not for picking up signals, any consumption of BBC media means the viewer must pay the license fee.
Actually... it's consumption of live TV broadcasts specifically (you can consume news, radio, and BBC iPlayer catchup without paying a penny), and it covers all live TV - even if you only watch, say, Channel Five online, and never access any BBC content, you have to pay the fee.
That is to say, the BBC is supposed to be run for the benefit of the United Kingdom and its citizens, not for the benefit of whoever happens to be the elected leader at the moment.
TL;DR "run by the state" = run by the executive appointed by the trust appointed by the monarch.
The government doesn't have direct operational control. The BBC executive is appointed by the BBC Trust. Trustees are appointed by the monarch in accordance with the recommendations of the government. So, beyond the selection of the trustees, the BBC is independent of government.
In the past the BBC has been somewhat anti-establishment especially during the Thatcher years. Recently its been a bit more pro-establishment especially as the BBC's charter is to be renewed in 2016 and during which issue of funding will come up.
Those terms are synonymous. I have read your subsequent reply but being run by the government does not in any way imply being run by the party that is currently in power.
Not to mention potential misbehavior by rogue elements, even when official policy is innocent. LOVEINT being a recent example in precisely this domain, but instances are manifold.
Another important point about LOVEINT in particular is that the known cases were all self-reported. Which speaks to the integrity of those involved compared to hypothetical officers who did the same thing but did not report themselves... but does not speak well of the internal checks in the system, and I have a hard time believing those other officers are entirely hypothetical.
That argument probably has limited utility among the general public because a lot of people think drug dealers are fair game for "any means necessary" too.
As I recall, the strongest argument in the late 1990s was that there was no possible way to design a weakness in crypto for government that bad guys couldn't also exploit--and at much greater scale. "This bill will make it easier for someone to steal your identity" type stuff.
Blatant attempt by intelligence services and law enforcement to get their personal wish lists legislated by shamelessly exploiting a tragedy.
I'll happily donate a constant percentage of my company income to fight whatever useless laws come out of this. It'll be fought immediately if they try to legislate backdoors or any equivalent tinkering.
Last time we had a big legal fight about strong encryption, we got a supreme court ruling that source code implementing strong encryption was free speech, didn't we? Wonder how counterproductive the governments own actions will be this time.
“If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,”
If you can penetrate that with evidence of a terrorist plot, 1) you can penetrate that without evidence of a terrorist plot, and 2) probably so can others.
This kind of "privacy" (lack of the existence of institutionalized absolute compelled disclosure to law enforcement and along with broadly cast suspicion less search) was once called liberty and freedom by American mythological forefathers.
So its Crypto Wars 2. There are two possible ways this will play out:
a) Obama is just being polite given that "Call me Dave" is in town and has an election to fight so he can't been seen as being soft on terrorism. He knows that its highly likely that Cameron will be out of a job in six months time so is just stringing him along.
OR:
b) The fix is in, a tame lawmaker will drop a bill that they just happened to have prepared that was sitting in their drawer for a rainy day. Given the Republican's have never met a national security bill that they didn't like expect it to pass through the house and senate with the usual added pork and pardons for the NSA/CIA to make sure nobody goes to jail for recent revelations (Democrats being too chicken to filibuster).
If we don't see a huge outcry from the tech industry pointing out what an insanely bad idea this is on Tuesday then I fear for the future.
There are a fair number of Republicans who would oppose this sort of thing (as many did last time). The most prominent might be Rand Paul, who is a serious prospect for the GOP presidential nomination.
But look at what just happened with civil forfeiture; pressure on the administration came from Republicans and Democrats alike. Republicans like to feel privacy from the government too. It just needs to be framed correctly; "imagine if someone like Lois Lerner had a backdoor to every conservative group's email server," or something like that.
And there are other routes they could take with legislation besides global key escrow. They could pass a law that mandates stiff penalties for people who decline to provide their encryption password in the face of a warrant.
There is already laws on the books to handle that. If the government can get a warrant describing the item(s) to be retrieved from the encrypted volume then you can be held in contempt of court if you don't hand them over. There was a recent ruling that (that is being appealed) that ruled in this direction.
But as per the 4th, if the government can't say what they want from the encrypted volume then they are on a fishing trip and you can tell them to get lost. There was a recent ruling that confirmed this (again being appealed).
What is up in the air is whether or not you can be compelled to provide your password to decrypt the volume. Expect the Supremes to have weigh in on this one in the coming years.
Basically all this is an end run around what's left of the 4th and 5th amendments. Probable cause means that law enforcement actually has do its job and build reasonable case rather than just deciding you are a bad person, looking to see which laws you've broken based on your data shadow, and then throwing the book at you in hope you'll settle for a plea.
> They could pass a law that mandates stiff penalties for people who decline to provide their encryption password in the face of a warrant.
It's interesting though -- or scary, even -- that this would mean forgetting the password to an encrypted volume could land you in jail. You don't have the means to prove you're innocent (by providing the password and revealing the data), and because of this you're thrown in jail.
It doesn't seem fair to me. Basically, the authorities are saying "we claim you have illegal encrypted data on that disk". If you cannot prove to us that you don't, you're going to jail. The outcome of this is that even a suspicion can land you in jail. It's on you to prove you're innocent, not on the authorities to prove you're guilty.
George Orwell's 1984 should be a required reading for high school students. Not just in the U.S., but world wide. It really highlights just what dangers come from the idea that you have nothing to fear if you have nothing to hide, and the sheer amount of power and influence a global, instantaneous, and always on intelligence network can have over the population.
I've started thinking it's harmful because it gets brought up in every damn debate as though just making reference to it is enough to signal that you have thought critically about the issue.
Fiction is cultural commentary, and 1984 is designed by its author, specifically, to engage the culture in the discourse regarding the rights of the individual versus the needs of the state. To take 1984 literally is to lose the plot entirely; to consider it an analog of the human condition - like so many other works of literature, both fiction and non-fiction - is the point entirely. 1984 has as much relevance now as it ever has, and should be required reading for everyone - not just school kids - who care about the state of their cultures in the future.
Why do you think the focus itself is harmful? Does 1984 in some way detract from the issue of state control over personal lives, or is it the hubris of the issue that makes it so difficult .. because if you're referring to the hubris, I can understand that. Its a kind of fatigue that sets in when 1984 is brought up, over and over again, and people stop paying attention to the real issue because the pop-culture knee-jerk reaction is to devalue the message due to the fatigue of no solution. There is no solution to 1984; its a dire conundrum with no end, and I think this is a source of definite stress in the issues.. the book itself does not discuss a solution. However, discussing the book is a solution, because it brings the issue to a point where an individual can be aware that they have to always be vigilant against state intrusion.
But this is not always the case - for the younger generations who are not familiar with the issue, 1984 is a very important piece of literature. For those of us who have suffered decades of ignominy over the crimes of our governments, sure: fatigue is the issue. But, we must never be willing to put our freedoms aside, for a little relief from repression. Always be aware, and always fight back!
I don't follow the reasoning. Obviously none of these works are going to perfectly reflect everything about our current reality; that's not the idea. The idea is to think critically about what's actually going on around you, and these stories can be a lens through which to look at your situation.
"Only reading 1984 is not" helpful? I definitely do not agree. Reading at least one of these works at least provides the opportunity to consider its relevance. Reading none of them trivially throws out that potential benefit.
The person appeared to be advocating real world action based on the contents of a fictional novel. Sure, it is a fact that the story exists and is interesting. That doesn't mean that it prescribes a particular action for people to take in the real world. Anything can happen in a fiction story, but as far as we can tell, the real world is not fiction and is limited in what can happen. This means that it is potentially very dangerous to take actions based on the events of a fictional story, as there is no guarantee (or even a good reason) to believe that the real world operates in the same fashion as any particular fictional world.
I read a book in high school called The Alliance that discussed pervasive digital surveillance in a dystopia. I think it's this one: http://www.amazon.com/Alliance-Gerald-Lund/dp/0875791603 . It starts slowly but gets better as I recall.
As long as we're adding books to a dystopian-novel reading list, consider That Hideous Strength - a sort of spiritual prequel to 1984 describing the gradual rise of such a regime. It also might be the last major work in the genre before the atomic bomb, and predates 1984. It's a transitional work, which is both interesting and a source of its limitations -- I'll leave you with Orwell's book review to detail its strengths and weaknesses which should get you an idea: http://www.lewisiana.nl/orwell/
You can also consider Chesterton's The Man who Would Be Thursday, referenced in that review as well.
Yvgeny Zamyatin We 1921. Orwell acknowledged its influence on 1984, and believed that Brave New World was also influenced by it, though Huxley said otherwise. Anthem's resemblance may not be purely coincidental.
“We expect companies to be able to help with this,” he
said. “That doesn’t mean that you always have to write bad
cryptography.”
Yes, actually, that's exactly what it means. What in the world is this author doing giving the NSA the last word? What's really sick is that it sounds reasonable, like he's exposing a false dichotomy. But is it so hard to see that it's actually a real choice?
The former NSA lawyer sort of has a point, but he is over simplifying in order to mislead.
The first option is to use provably broken cryptography, like 512-bit export grade RSA, that the government can just bust whenever they feel like it. Of course, so can pretty much anyone else, so this offers almost no protection.
The second option is to use secure cryptography, like 2048-bit RSA, that is thought to be difficult to bust in any reasonable timeframe. However, the government can compel you to hand over your private key, and they can then use that to decrypt whatever they want. An attacker could also steal the key and do the same thing.
The third option, which is what companies have begun to realize is the only method with actual security from criminals AND the government, is to transmit data without using a private key that they control. A good example is iMessage's use of device keys for parties of a conversation, without the use of a central key that lives on Apple's servers. They cannot be compelled to turn over the master key, and no one can steal the key either. If they have done their job correctly, there is no way to compromise the data that doesn't include obtaining someone's phone. This third option is what the ex-NSA lawyer doesn't even want to include in the conversation, even though it is what everyone is up in arms about right now.
It's also worth stating that this does not offer some new revelation in privacy. If I had sent you a letter in 1885, someone would have to actually GET the letter to read it and know what I told you. A system like iMessage functions in the same way: to know what I wrote you, you have to obtain one of our phones. The NSA is just sad that they can no longer pluck the message from the air.
One final note: there are so many methods of communication on the Internet, and more launch every month, that I can't imagine how they could all be monitored. Terrorists could be communicating with voice chat on Everquest 2. They could be arranging plants in their Farmville gardens to spell out coded messages. It's an arms race, and I don't want my freedoms compromised by governments trying to win it.
> A good example is iMessage's use of device keys for parties of a conversation, without the use of a central key that lives on Apple's servers. They cannot be compelled to turn over the master key, and no one can steal the key either.
I'm not intimately familiar with the security of iMessage, but Apple controls the key server, as far as I understand. Can't law enforcement just compel Apple to make their key server respond with a public key owned by the NSA, instead of the public key of whichever device wants to receive the secret information?
Yeah, that is my main worry about their strategy as well. A public key server and visibility into the keys selected for a conversation could solve this, but the usability cost would be gigantic.
I think it's pretty tough to make something elegant and simple without centralization, but hopefully it will happen some day.
This is absolutely terrifying. You can't use "the way things currently are" to argue for giving governments access to personal data. You have to think about, and protect "the way things might end up". How easy do you want to make it for corrupt government leaders to suppress opposition?
with regard to snuffing out terrorist plots, this (in my mind) needs to be a collective effort. Government is not the only entity that should be responsible for preventing terrorism. The way I see it, it's the only way to keep governments from becoming the omniscient creatures they strive to be. By making it a world-wide collective effort to work to prevent terrorism. The moment you make it entirely the government's problem and responsibility is the moment you (for humanity's sake) have to relinquish your privacy.
That statement is wrong regardless of how you feel about the state, which is an impressive achievement. If you are of the "consent of the governed" mindset, then the government is the "collective effort". If you recognize the fact that your consent is not asked or required for governance, than you also likely recognize the fact that the state will continue to expand - as that is the nature of bureaucracies.
I can only think of one area that the state leaves alone, religion, it has its finger in every other pie. What are you actually suggesting, that companies should voluntarily be backdooring software and handing over keys to the government? Or are you suggesting that they should be monitoring all their customers and informing on them, in the attempt to preserve privacy?
From a "consent of the governed" mindset, government is one kind of collective effort. There are collective efforts that are not "a part of government", and certainly there is a difference between individual action and further empowering police or the armed services.
From a pure "the government will expand regardless and pay no heed to anything the populace does or says" standpoint, there's not much point in discussing any action of any sort. But backing off that just a little, if the popular mindset at least helps determine how that bureaucracy expands then privately limiting terrorism might help push the growth along less harmful avenues.
What form that should take is certainly subject to further discussion - I think we agree that companies adding backdoors, monitoring and informing is a bad approach and I don't think it's what the parent meant to suggest.
Why duplicate effort? It isn't as if competition in the effort would improve state service, as it is impossible to compete against the state - it really doesn't like it.
> ... privately limiting terrorism might help ...
You do know that terrorism is an incredibly rare event, right? I am confident that any sort of effort, either by the state or by private initiative, would be a tremendous misallocation of resources. That leaves the effort firmly in the state's hands - where operating in the red is the norm. Private individuals can't continuously operate in the red because they'd eventually starve.
> What form that should take is certainly subject to further discussion...
Yeah, I'd love to hear some ideas that aren't insane - but I won't be holding my breath.
You seem to be thinking of this as a parallel military/policing effort. I was thinking individual/social. Things of low cost, and hopefully with other benefits - such as keeping community members feeling engaged and included, providing an environment conducive to less violent memes, things of that vein...
No, I've set no constraints on private efforts. Things of low cost quickly become very expensive (in both time and money) when multiplied by the size of the population, or the number of cities, or whatever other base you're imagining. I've not yet heard an actual suggestion though.
The goal is not, primarily, "reduction of terrorism because terrorism is first-order a significant problem we need to deal with". Terrorism is first-order a tiny problem; reducing it is good, but not worth tremendous expense. But the second-order effects of overreaction to terrorism can be existential threats.
I think a multi-pronged approach is necessary. First, continuing to spread the word that the first-order effects are not so severe - you're helping, there. Second, trying to capture any over-reaction in a non-privileged sphere (and trying to multi-purpose it - medical first-response built in case of terrorism also helps with heart attacks and pandemic). Third, reducing instances of terrorism to be over-reacted to, insofar as it's reasonable.
People will respond more positively to the second point if it credibly has some impact on the third.
lol, imagine what you just described in a state machine. The hypothetical program is billed as an anti-terrorism measure, with a stealth payload to reduce irrational fear of terrorism. Those without the irrational fear will resist program implementation, as will those positively influenced by the program. At best the program would arrive at a fluctuating state of half implementation. This also would only ever be a private effort, as it would completely undermine the goals of the state.
I think the best we can hope for is free, high quality, approachable instruction in propositional logic. Now we only need to get people interested in PL... maybe sponsored product placement of SWI Prolog on daytime TV? :)
Actually, reducing irrational fear of terrorism can reduce incidence of terrorism - as terrorism becomes a less effective tool it will be employed less. "Refuse to be terrorized" isn't a bad meme.
Beyond that, one doesn't need to fear the first-order effects of terrorism in order to support such a program. Fearing damage done by undirected (or maliciously directed) overreaction to terrorism is plenty.
"This also would only ever be a private effort, as it would completely undermine the goals of the state."
I'm not convinced the state is quite that monolithic, but I think this is likely better as a private effort anyway.
I definitely wouldn't say I am certain I have a foolproof answer, otherwise the solution would probably already be apparent. What I am saying is, certainly, the problem is a difficult one.
I think the idea behind '1984', the book, (before I understood what terrorism was) only seemed a flippant idea propositioned as the plot of a fictional book. Surely no human being would ever consciously choose to govern the world (or their nation) in such a way, and even so they would likely be cut off early in the process if they tried.
Now with more life experience and knowledge of the current state of the world, I can only reason that '1984' makes complete and total sense once the concept of "terrorism" is understood to be the catalyst of such a movement.
Here are some basic scenarios:
1) Terrorism scares citizens and thus, as a knee-jerk reaction, wish to empower their government with omnipotent, omniscient, and omnipresent powers. The kinds of powers that any subsequent (corrupt) government could easily take advantage of.
2) Terrorism scares citizens, and as such citizens decide to be proactive to collaborate with their government to help prevent terrorists from causing harm to their nation and to make them as effective as they can possibly be, while at the same time working to preserve basic human rights such as the right to privacy.
3) Terrorism scares citizens. Knowing that entrusting their government with the kinds of powers they would need in order to act against terrorism would be overreaching, as such citizens decide their government should have no such powers and decide not to give their government God-like powers, while also deciding not to collaborate and blaming all failures on their government, and so citizens continue to live in a world of constant alertness and fear worrying that their next trip to the city could be their last...
Just like the Goldilocks fairy tale, I think the world is not looking for a solution that is "too hot" or "too cold". Rather we're all looking for the solution that is "just right". The specific solution I can't say I have the answer, but with continuous iteration and improvement I'm certain smart people can come to a sane (but more than likely imperfect) solution that does not violate any single group and their goals / objectives / rights. And at the same time does not necessarily handicap future generations with rules and regulations that are almost insurmountable should they find themselves ruled by a corrupt / power-hungry government.
It isn't really complicated as all that, it helps to define terms.
Problem: Reduce terrorism to zero while maximizing individual freedom. So we'd have to define "terrorism" and "freedom". That is going to be pretty difficult, as the the goal posts on terrorism have shifted from what was once an activity that fell within the spectrum of warfare, and therefor outside the realm on nonstate actors, to where it is at today - criminal activity that upsets people. I have no doubt that the goal posts will continue to shift. Freedom is even more difficult to define, as many feel they are entitled to freedoms that necessitate the reduction of other's freedoms: freedom from hunger, sickness, etc. So you aren't likely to find consensus on a definition for that.
It isn't a difficult problem, it is an impossible problem, because it isn't even possible to define the terms. That is, unless you accept the idea of universal preference, then it becomes pretty simple - as you'd be able to fix both variables. But then this conversation would be completely pointless, as universal preference invalidates the supposed justifications for the existence of government :)
The only reasonable action is to do nothing. The costs outweigh the gains by a tremendous margin.
I think I understand, and agree. Government should strive to be inclusive in their objectives, and not exclusive. It creates an entirely different landscape when government is dependent upon the people and vice-versa.
I think in particular that there is value in spreading memes that 1) the possibility of anonymity is vital to a free society; and that 2) abuse of anonymity undermines that possibility and thereby undermines freedom.
Obviously we don't deal with 2 by breaching anonymity - that is destructive to our ends. But that doesn't stop us spreading the meme.
'Patriots' is an interesting word in this context. I say giving foreign intelligence agencies access to your customer's private communications is treason.
This is doublespeak - taken in its opposite (and the message it was intended to deliver), it means if you don't want law enforcement to have encryption backdoors, you're not patriotic.
Ya know - "either you're with us or you're with the terrorists." [0]
> [Obama] said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.”
He's right that they're patriots, but he's wrong about the problem they're trying to solve. They're fighting different terrorists. Terrorists hiding in government.
That's optimistic. I think we learned with PRISM that Silicon Valley companies are more than willing (whether through legal compulsion or otherwise) to cooperate with the administration.
This discussion so far contains: 52 times "terror", 11 times "safe", 5 times "fear". I'm tired of those words. Having no TV and reading no news I don't see any connection between those words and the world that surrounds me.
It's sad to see homeless or drunk people in the street, but that's the worst I see.
I think eating healthy, exercising, having friends and a job does much more for our "safety" than ridiculous laws and surveillance.
I don't understand why people fear so much. Is it not possible to just refuse to fear? Be conscious about the effects it has. Talk about it. Why not just be brave and ignore the nonsense? Living with fear is no good life. We can't choose what happens in the world, but we can choose what we feel about it. We will die if we have to die. So what? It's not the end of the world.
edit: I remember seeing the tv in Finland. They play hours of crime-related series every day. What can you think of the world if you just see murders all day?
Have I missed something important? Is there a case, or even evidence of one, wherein encryption was a factor in a plot coming to fruition? If there had been, I would have expected the Obama, Cameron, et al., to trot it out.
Are we legislating this just in case? Strong encryption is already out there. I suppose if we make it illegal, the terrorists will just have to make do with weak encryption. But why don't we just make terrorism illegal, then?
It is not about terrorism - it is that technology like this threatens the current level of the capability of the state to enforce its laws. Imagine instead the use of encryption among the financial elite to conspire to defraud speculation markets or manipulate stock prices. Or enemy states using encryption to thwart espionage attempts. Or insurgents and soldiers engaged with US troops around the world to organize efforts to put up resistance.
Remember that Julius Caesar famously sought to make pen and paper illegal because he saw such low barriers to fast potentially secret communication a threat to Rome's security.
I know of no case reasonably called terrorism where encryption played a role in thwarting intelligence efforts.
> I suppose if we make it illegal, the terrorists will just have to make do with weak encryption.
When encryption is outlawed, only outlaws will have encryption.
If it's not about terrorism, somebody should tell Obama; that's his quote I pulled.
Now, regarding:
> the use of encryption among the financial elite to conspire to defraud speculation markets or manipulate stock prices
Is anyone going to attempt to argue that encryption facilitates more fraud than it prevents?
> When encryption is outlawed, only outlaws will have encryption.
Right. I find it hard to believe that Obama and Cameron are going to take away our encryption and somehow convince our adversaries to abide by those rules.
Oh he knows. Lip service to the public about terrorism is just that.
> Is anyone going to attempt to argue that encryption facilitates more fraud than it prevents?
No idea.
Keeping things on topic financial fraud, insider trading, etc is an example where strong encryption does complicate the state's ability to enforce and investigate illegal activity. The purpose here is to draw from a well of motivation other than oft cited but never seen use of encryption in 'terrorism'.
The government's fear is that ubiquitous access to these tools will deprecate the executive branch. All tools from nuclear enrichment to hammers to animal husbandry have noble and malicious potential. Encryption is no different. The executive branch's job is to allow the noble purposes and to discourage, prevent, investigate and indict the malicious.
From the perspective of the executive, encryption presents a serious hurtle to the pursuit of the malicious.
Yet disagreements between the public and the executive about the the scope and breath of executive practices along with the US incarceration rate, of legal exceptionality of the rich and powerful, and general unease with current power structure coupled with traditional mythical US values means that the public would like guarantees about their ability to communicate without being searched.
The US public wants its cake and to eat it too. Secure and private communication for the masses that can not be intercepted. But it wants the executive branch to be able to enforce the law and to investigate broadly.
The executive branch has made many proposals to this middle ground: the clipper chip and key escrow, proliferation of weak cryptography and the use of third party doctrine as a buffer zone mechanism all represent compromises the executive branch has made.
What it comes down to is that the US public does not trust the executive branch not to abuse a middle ground - it points to historical and current examples of extralegal abuse - and in general feels that its government represents their interests but only after compromises with other 'more important' interests (international and domestic elite).
That is to say that the current state of "front door" encryption is a compromise made by the executive but one that the public does not trust.
Yet the public still wants law enforcement to be able to investigate insider trading.
So the government is in a bind. The government is justified to the people by its ability to enforce the laws of the land - if it can't, even for technical reasons - it will have difficulty seeming justified. The government's solution is to invoke the boogieman. 'Terrorists' will get you if we don't compromise. 'Pedophiles' will get your kids if we don't compromise.
But no, it's not about terrorism - it's that the government does not know how it will be able to stand up to proper strong cryptography in the case of true and perceived malicious use.
Freedom is like a dove, yadda yadda.
Encryption is like osteoporosis.
> Right. I find it hard to believe that Obama and Cameron are going to take away our encryption and someone convince our adversaries to abide by those rules.
Entirely. Historically this has been achieved by subversion of cryptographic methods, consumer products and standards and misinformation about security margins. It has made legitimate strong cryptography hard to come by but not specifically illegal. It is likely to become more and more difficult to perform this sort of influence now that the cat is out of the bag.
Terrorist plots in general are not talked about publicly. As frustrating as that might be, the absence of mention from top government officials is no indication at all of whether something was or was not involved in a plot (terrorist, criminal, etc.)
Typically the only terrorist plots you'll hear about publicly are the ones that have to be public--either because of a public warning (even then, typically extremely vague), or because the break-up happened in a public way.
1) Based on what I've read from experts and what I know, if a national security agency targets your data, they will get it. Even government systems containing state secrets, protected by other state security agencies, have proven to be vulnerable. Banks are penetrated; even RSA's crown jewels were stolen, IIRC.
2) Even if 'content' data is encrypted, metadata almost certainly is not. Security agencies can identify which data belongs to their target and collect it, even if encrypted. Also, IIRC, recent leaks indicated that the NSA automatically collects much encrypted traffic, including Tor and maybe VPN traffic.
3) Metadata, as most people here probably don't need to be reminded, is as valuable as content. Again, regardless of what encryption you use your metadata probably is vulnerable and security agencies can easily collect it and utilize it.
4) Therefore, it seems that encryption only prevents low-cost search of bulk-collected content. It doesn't provide any security for metadata (usually), encrypted content still can be collected, and unencrypted content probably is vulnerable if you are a high-value target.
> “If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said.
Yes, it's the kind of problem you get when a patriot whistleblower exposes rampant corruption and unlawful behavior at the NSA; behavior that, above and beyond civil liberties, hurts American commercial interests, and then you do nothing about it.
> He said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.”
He's right about them being patriots. He might be wrong about what patriotism means in this case.
So Obama is the least transparent president in history, cracked down the most on whistle blowers and is diametrically opposed to privacy. When will everyone admit that they voted for a charming fascist.
I try not to mix the politician with the POV. Especially in this case. My impression of Obama is he's a very cerebral president. My impression is that he wants the country to have an open, honest conversation about important issues. Without stirring up controversy sometimes it's probably impossible to get people talking about or thinking about these things. My initial belief is that he not only doesn't believe in this, but wants to see strong signs that public opinion disagrees also with what he has proposed.
I'm hopeful the next president will be just as conscientious about the intricacies of important issues and how it's important not to act on controversial things without strong public support.
My initial reaction, though strongly opposed to what he's saying is: "Joke is on us". The fear I think is having a U.S. president who will not consider public opinion and go about making his / her decisions in a bubble.
So what you are saying is that Obama is supporting surveillance in the hopes that we will oppose it because he supports it? I think you are giving him too much credit. There aren't many policies that all politicians can agree on, but spying on citizens seems to be one of them. This is a great example of how Obama can do no wrong.
Allow me to ask what I'm certain is an incredibly naive question, so please bear with me. But it's a question that the average / non-tech folks ARE asking, and I'm not looking to be attacked, I'm looking for an intelligent answer (or corrections if my assumptions are wrong.) Base scenario:
We have adversaries. Our adversaries are plotting something objectively bad - to blow up things and kill innocent people. They are plotting and coordinating these bad things via communications with one another. Historically, we have been able to intercept those communications, read them, and interrupt our adversaries from the bad things they are plotting.
If our adversaries' communications are completely impossible to intercept, we have lost one of the most valuable tools in our ability to prevent them from doing bad things. How are we supposed to prevent them from doing these bad things?
Again - please don't attack me - just looking for a smart answer here.
> How are we supposed to prevent them from doing these bad things?
Well, we might not be able to. Such is the price of liberty. Personally, I think the thousands that died in the trade centers do not justify the massive loss of civil liberties, and it's STILL not clear we would have been able to do anything about it.
Bad guys are going to use encryption no matter what. Citizens should not be restricted from using it themselves just because it makes it easier on the federal government.
1) It's a tough sell to Average Joe. Average Joe wants it both ways - he wants Liberty AND to be protected from bad guys. Obama etc. were effectively hired to protect Average Joe from the bad guys. If Obama were to say "Sorry guys, we can't protect you in the name of Liberty", he's going to be eviscerated.
2) Agreed completely that banning encryption is foolish. I think what they really want is NSA-style backdoors - "encryption for everyone except us." And of course I see the concern with that.
> Average Joe wants it both ways - he wants Liberty AND to be protected from bad guys.
If Average Joe "wants Liberty AND to be protected from bad guys" then he doesn't have both if he doesn't have Liberty.
The only way you can have Liberty and Security is if you don't sacrifice one for the other. The need for the sacrifice is the lie. There is no reason you can't have both, because sacrificing liberty is not necessary for security.
In reality the opposite is the case. "Those who give up essential liberty for a little temporary safety deserve neither and lose both." Liberty and privacy are essential components of security. You're not secure if the bad guys can compromise your entire infrastructure just by infiltrating the police or police computers (to say nothing of the security risk from corrupt government officials). Creating intentional security vulnerabilities in order to facilitate government spying does not bring about a security improvement. It's based on the premise is that we need to reduce security in order to be secure, which is preposterous and untrue.
Rights are frequently unpopular with the Average Joe. There are often majorities for the abrogation of rights for the minority side. That is why a Bill of Rights, and a government of divided powers.
If the Average Joe doesn't like it, well, then it's the President job to explain the relationship between encryption and rights like free speech, presumed innocence, and security from search without a warrant. Not to go looking for ways to abrogate those rights to satisfy the Average Joe.
I find it works best to use something the "Average/non-tech" person will surely understand:
"What if there were cameras in your house that recorded everything you did & said, but the government promised you the footage would only be reviewed in the case that they suspect you committed a crime. How would you feel about that?"
I've gotten a lot of mileage from this metaphor myself. The response is usually silence while they internally question their worldview or something. Never gotten a counter argument, nor anyone replying with "I'd be okay with that". Would be interested if HN could poke a hole in this so I can patch it. :)
"Oh, I think it will be a great idea. The government will see how good of a citizen I am and how much I learn on my own, and perhaps, if I'm lucky, they'll give me a job so that I can stop cooking the rats in my walls."
Not a counter argument at all. You've just shown that any more time on you will be wasted. There will always be types like you. Nothing to do but write you off.
I agree with that perspective completely. The problem is that the people who are generally the most blindly pro-government say something like:
"I've got no problem with that. I have nothing to hide."
(I have a friend who says _exactly_ that.) But at that point you really can't keep the argument/discussion going, because you're dealing with someone who clearly says one thing and would act differently. I'm sure if the camera crew arrived and started drilling in his house he'd change his tune, but what can you do short of that. The problem with debating with a lot of people, sadly.
This metaphor has worked well for me too, to show people that they already expect there to be limits on what the government can do to keep people safe--even though they might have not have realized it.
So it's good as a throwaway metaphor for illustrating that concept, but it's not great for arguing against surveillance, because Internet traffic is not the same thing as getting dressed every morning. Most people get a lot less worked up about email and web surfing than being naked.
The Charlie Hebdo attackers used regular cell phones, and they were on security watch lists, and Algerian officials claimed to had sent warnings about them.
The gunman in Canada who tried to shoot up Parliament openly posted his plans and talked to jihadi sympathizer accounts on Twitter in the open. He was also on watch lists and had his passport pulled for trying to go to Syria.
One of the Boston bombers was on a watch list, and Russian officials sent warnings about him.
Seems nobody is watching the people on watch lists
Even if previous well known attacks didn't rely on encryption, it seems likely that future attacks will be organised over encrypted channels because they are now more ubiquitous.
How did they find out Person Y's phone needed to be searched/monitored to begin with? Obviously they have other sources of intelligence.
The question also doesn't address the issue of how far is too far, imagine how many crimes would be discovered with nightly searches of everyone's homes. Should we begin searching everyone's homes warrantlessly? What is more detrimental to society, the criminals, or the police state?
What are they doing to do, deploy unremoveable malware on every phone by default? Because as long as phones have CPUs and we can tell them what to do, they can employ unbreakable encryption. How are they supposed to get around that? Mandatory spyware?
What did police do before the telephone was commonplace? Criminals met and still meet in speakeasies and other safe locations to communicate without a phone, are we gonna install mics in every room as part of new building codes?
If phones do become irreversibly broken and monitored, guess what, criminals will stop using phones. Kevin Gates (rapper) has a song about drug dealing called... I Don't Talk On Phones, lol.
tl;dr: surveillance state monitoring all phones just means criminals will stop using phones to communicate so its only going to hurt "legitimate" privacy.
First let me clarify that I agree the notion of "banning encryption" is misguided and wrong. I'm looking at Obama's position (perhaps incorrectly) as "we need to be able to have backdoors", not "ban encryption".
I think the government's argument would be that yes, the most sophisticated adversaries will always find a way around monitoring. But I think they'd argue that 95% of adversaries are not the most sophisticated, so the position to is to make it as easy as possible to catch that 95%.
"If we're trying to monitor 100 bad guys and 95 of them are just using iMessage, then let's make it easy to read what the 95 of them are saying and deal with the other 5 with more sophisticated countermeasures, rather than having to use more sophisticated countermeasures for all 100 of them."
I absolutely see the whole argument here. I'm just trying to figure out what the right solution is.
- legal. It's against the law; there are strong 1st and 4th arguments against surveillance, and 5th and 6th amendment arguments as well. Some people have even tried to argue that if encryption is a munition the 2nd amendment applies. The "we could stop bad people" argument applies especially to the 4th.
Similar legal protections exist in Europe, although not generally as strong.
- practical: either a system is secure or it isn't. Handing it over to anyone increases the risk of compromise. Bans on effective encryption are self-defeating.
- collateral damage: US intelligence agencies have a track record of killing innocent people themselves (e.g. drone strikes), supporting murderous governments (CIA in south america), funding terrorism and failing to prosecute the guilty (Iran-contra), use of intelligence for domestic immoral politics (Watergate, FBI vs MLK). Handing over data about your e.g. Chilean users to the CIA may result in them being murdered.
- international hypocrisy: saying that mass surveillance is OK says it's OK for other governments too. Do you support Chinese interception against their adversaries? Are you happy to turn over your entire email history on entering a country?
- finally, I'm going to question how much it does help. The Paris terrorists were known to the police, as was the killer of Lee Rigby. Intercept evidence is generally not used in trials. Nobody is presenting a cache of encrypted emails found on a computer used by the Parisian terrorists and saying "if we'd decrypted this we could have prevented it".
Technology marches inexorably forward. These algorithms already exist in unbroken form. What the government is doing is mandating that Apple and Google make user's data less secure. The government will claim that any such backdoor will only be openable by them and only in cases of great need (read terrorism).
What will happen is that non-governmental organizations will find these keys and get the same ability. What will happen is that the government will overreach, as they have done before time and time again.
This isn't about stopping terrorism, this is about keeping the current ability to spy on US Citizens. The internet was the single greatest intelligence boon in history and the government is concerned about loosing spying capacity.
Unsophisticated terrorists would gain little protections from at-rest and over-the-wire encryption. It's really quite easy to screw up and be found in the dragnet. Sophisticated actors would be using additional software anyway. You know, the kind that already exists.
The libraries are free and public. The algorithms publicly published. You can't put the cat back in the bag.
The government is trying to legislate particular usages of math. They are literally saying that Apple and Google shouldn't be using certain sequences of numbers. This isn't an exaggeration or hyperbole since everything is encodable in numbers and obviously some communication is illegal.
This is literally illegal equations, and it is so very far down a slippery slope that every citizen should be concerned.
To answer your question, the government will still not be able to decrypt many communications, even with this backdoor. These technologies protect casual users from data theft, but putting in backdoors makes everybody less safe.
To take your argument further, it's not the equation of the A-bomb, it's the implementation? That's somewhat compelling.
But, at least in the US, firearms aren't illegal. Using them in a crime is the illegal part. The biological act of moving your arm isn't illegal, but hitting somebody is.
The analog would be making it illegal to form a fist because you might use it to attack something.
How are we supposed to prevent adversaries from making their communications impossible to intercept?
It's not like knowledge about cryptography suddenly vanishes. And it's not like those computers aren't annoyingly programmable to do such evil deeds like encrypting data in a way that officials can't access it.
Given that, what's this all about? Governments could mandate key escrow (which is what I guess they're really aiming for) for any system under their control. So adversaries build their own, in Excel using VBA, if necessary.
There is no way to honor that demand by the US and UK governments unless computers become a _much_ different thing than what they're now.
> Historically, we have been able to intercept those communications, read them, and interrupt our adversaries from the bad things they are plotting.
I challenge this assertion. It has happened in some cases, but the claim that surveillance is an effective way to stop terrorism has failed to be backed up with many success stories.
> If our adversaries' communications are completely impossible to intercept, we have lost one of the most valuable tools in our ability to prevent them from doing bad things.
The most organized adversaries' communications are already impossible to intercept. They know they are under surveillance and are taking measures to counter that surveillance. The people that surveillance affects most are innocent people.
In a different perspective (and I'm going to speak in an American context because I'm American and the article is about the American president) there are some things that are worth the lives of Americans. Our nation was founded with a rebellion and many Americans died in that struggle. They died for freedom, to gain rights. American history is full of people dying to protect the rights of Americans.
And from another perspective, terrorism is a hugely overblown concern. More Americans die in car accidents every year than have died from terrorism in the entire history of the United States[1]. 33561 people died in car crashes in the US in 2012[w]: that's like the September 11 attacks happening almost once a month. The fact that we're spending $10.8 billion in a year on the NSA[3] to prevent a handful of deaths that it may not even prevent, and less than 10% of that ($815 million) on the NHTSA[4] shows that our priorities are not where they should be.
I think that in this case what makes your story incorrect is that banning encryption software will only prevent normal every day people from using it. With the vastness of the internet, there is no way for any government to prevent encrypted communications from any determined individuals.
All they can end up doing is preventing the everyday users of the mass services from using encrypted transmission. So the innocent lose freedoms but the guilty carry on as normal.
They don't need mass surveillance and weak crypto to find out what a few known evil doers are up to. You can develop informants, physically bug devices, and get warrants for service providers (the old fashioned way where you specify a person's name and what you're looking for).
But they'd rather have a database with the sum total of human thoughts and interactions.
> How are we supposed to prevent them from doing these bad things?
Are we necessarily able to prevent these bad things from happening? Right now, we aren't able to entirely stop crime from happening. Why would we necessarily be able to stop these types of crimes from happening?
It's all a question of whether we want to give up certain freedoms in exchange for increased safety (or sense of safety).
It's not very complicated, it's just a balance of one thing (freedom) versus another (safety). Different people will value these two things differently, and I'm not sure I can make an argument that choosing safety over freedom is necessarily a "bad" choice.
That being said, I'm not in favor of the government banning private communication. But I understand that there are people who are, and their reasoning.
Because as someone smart said - If we want to defend our own freedoms, we have to start with defending freedoms of scoundrels, because the government will always start with taking away theirs. And when it's gone, ours will be gone too.
"The trouble with fighting for human freedom is that one spends most of one’s time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
— HL Mencken
Though, personally the scene that springs to my mind is the one from "A Man for All Seasons":
William Roper: So, now you give the Devil the benefit of law!
Sir Thomas More: Yes! What would you do? Cut a great road through the law to get after the Devil?
William Roper: Yes, I'd cut down every law in England to do that!
Sir Thomas More: Oh? And when the last law was down, and the Devil turned 'round on you, where would you hide, Roper, the laws all being flat? This country is planted thick with laws, from coast to coast, Man's laws, not God's! And if you cut them down, and you're just the man to do it, do you really think you could stand upright in the winds that would blow then? Yes, I'd give the Devil benefit of law, for my own safety's sake!
> "They are plotting and coordinating these bad things via communications with one another"
Yes, but has anyone considered the means they might be using to do this? Why assume it's electronic? Check the wikipedia page for the Millennium Challenge, especially the section on 'Exercise action'.
Human intelligence assets that we gutted in the 70's would have been quite useful in fighting terrorism. Humans blow things up and humans organize. The idea that they are not already using encryption in communications is foolish.
If we leave a backdoor for the "patriots", then we can guarantee that foreign governments and criminals will find and use the same backdoor. All any restrictions on encryption will do is lead to more non-terrorism arrests.
It was my impression that Switzerland had a name for being crypto and privacy friendly. It sounds odd to me that the US making a law would automatically mean that every other country with strong ties to the US would follow it as well.
This is the same argument Obama tried to use with Abbvie while trying to block their takeover of shire for tax purposes. He used the phrase "economic patriotism".
But in the end the government had to go with a more mundane solution and reward Abbvie 100% of contracts for their new hepatitis drug with Medicare rather than give split the cohtract with gilead.
My point - look for some large government contracts with apple and google in exchange for dropping encryption on their platforms.
1. (2011) http://www.washingtonpost.com/blogs/worldviews/post/patriot-...
2. http://en.wikipedia.org/wiki/Controversial_invocations_of_th...