It’s almost as if access to high levels of intelligence has an influence on ones perspective.
Not that I’m taking a position on things either way really. The likes of apple should be able to do what they please — just not be surprised when they find the government installing the backdoors themselves.
I can't tell if you're for or against backdoors with that statement. Either way, I disagree. I don't think those for or against it are dumb people.
They're just in a different position... In the DOJ, encryption gets in the way of their job--catching criminals... while the penalties for a backdoor fall on others (those responsible for the data). There's no downside to them personally (and very little for the DOJ itself) for getting a backdoor.
The opposite is true for those not in the DOJ... the protection for our data is compromised.. and in exchange, the DOJ is able to prosecute some criminal we've never known, met, or had any contact with.
To those in the DOJ who deal with criminals everyday, their ability to prosecute criminals is of the upmost importance to them personally... and for the rest of us, unless we're a victim of a crime, there's only downsides to a backdoor.
>There's no downside to them personally (and very little for the DOJ itself) for getting a backdoor.
There is if the people in the DOJ suffer from identity theft and get their bank accounts cleaned out because some nefarious people exploited the backdoors.
Except legislation requiring backdoors will either exempt systems used by government workers of a certain level, or provide much higher penalties if those workers experience a breach.
> There is if the people in the DOJ suffer from identity theft and get their bank accounts cleaned out because some nefarious people exploited the backdoors
People in the DOJ have more options available to them if they choose to try to find or punish an identity thief than the general public.
Also, the direct fear of not being able to do your job because of strong encryption is more focused than a nebulous fear of possible identity theft.
I was thrown by the "dumb people", not having got that from the parent comment. Then I realized I'd read "high levels of intelligence" in the sense of "military intelligence" rather than IQ. I think my initial reading was the intended one, but I'm not sure.
Being a cop (at any level) does very much bias your view of things. Nobody calls the cops (or the FBI, DOJ, CIA, etc.) when things are great. Police tend to only see the absolute worst of human nature and the worst things that people do and develop biases accordingly.
I've known a few cops and they all have stories that are hard to hear and are worse than what you hear on most true crime shows. I assume access to high level intelligence involves endlessly seeing cases where people were caught attempting to purchase weapons grade nuclear materials, endless plots that never happened but are very scary to read about, etc.
That being said, it is bias and it shouldn't be allowed to unilaterally influence politics. Banning strong encryption is both impractical and destructive to our society and economy.
Do terrorists even use it now? As far as I'm aware, the 2015 Paris attackers used unencrypted SMS and burner phones. Despite France supposedly being on "high alert" over Charlie Hebdo, they still evaded detection. But the anti-encryption handwringing brigade didn't let truth get in the way of a good story.
The majority of terrorist attacks in America in the last ten years were carried out by lone wolf attackers who were mentally ill or motivated by extreme political ideologies. They didn't use encryption because they weren't talking to anyone.
They think that if they can jail people for using encryption then one of two things happen: terrorists stop using it (with the presumed good that entails) or terrorists don't stop using it. If the latter, they hope they can jail the terrorists for the use of illegal encryption - maybe even before any successful attack - without the need to show anything but the use of illegal encryption. If all you're focused on is short-term tactical progress in fighting terrorism, it's a win; I don't think it helps our argument to pretend like that's not the case.
Or maybe no? What if this isn't primarily about terrorism; instead, what if the lawmakers and government people want more and more power to themselves, by gradually getting access to more and more private conversations, step by step turning the US into sth like Russia and China? Then they would use the same arguments about terrorism, as they do now, wouldn't they.
"They"'re not a single individual with coherent motivation. It's a bunch of people that want a bunch of different things. I fully expect quite a few aren't terribly interested in a police state. We need to be sure our arguments make sense and we're not willfully blind to concerns that, on their face (if narrowly) make sense.
"But terrorists will just ignore the law" is a bad argument. It ignores the fact that the ban still increases the power of the government to act against terrorists. The problem with the law isn't that it's useless against terrorists. The problem is that it also increases the power of the government against the innocent, and possibly the power of some non-governmental criminals as well (depending on implementation).
A problem could be that people in general don't care about: "increases the power of the government against the innocent" -- because that's a theoretical problem in the "distant" future?
Personally I think the US gov getting too much power and gradually in small steps get access to "everyone's" communication, is like 1000 times more dangerous than "encrypted terrorism messages",
and, what can be a good way to make people in general better understand the risks & dangers with small steps towards a dictatorship? Maybe if everyone reads 1984 :- / or if everyone was better educated about what happens if you're in China an critizise the government there?
I didn't mean literally all lawmakers etc (although that's what I wrote). The next time I can try to write "some of them" instead.
One part of the solution is probably to raise awareness of the ways that systems justified in these ways are already being abused. For instance, spying on romantic interests at the NSA was apparently common enough that they had a cutesy name for it.
It should be very difficult to prosecute, convict, and land someone in prison. I say that as a victim of a violent crime. It’s a huge parasitic drain on the entire country. It’s peddled under the guise of justice.
The Philadelphia DA Larry Krasner is setting a fine example we all need to take note of.
It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into some conversations early on: massive shootings, terroristic activities, nuclear weapon programs of countries that should not be trusted with them, drugs that may have killed users and mere stupidity that may have started new wars.
I think that the only way agencies were able to keep postponing the end of the Patriot act and related laws ( https://en.wikipedia.org/wiki/Patriot_Act ) is presenting massive evidence to the congress of the tragedies they were able to avoid with the power granted by those laws.
Somebody that was publicly martyred by a country of great power makes more noise than a war that was avoided.
Weakening strong cryptography is not the solution but I think we sometimes grossly underestimate the other face of the coin.
Cryptography and secure messaging systems are not all under US jurisdiction. If access to backdoors alone has kept multiple massive criminal activities from being executed, then surely we should see some being successfully executed by the groups not using backdoored encryption.
The fact that we don't suggests either that (1) backdoors aren't that essential to thwart them or (2) there are no such regular massive attacks.
Further, as people like the US Attorney General helps to publicize those backdoors, more criminals will choose alternative messaging systems (fewer of which are backdoored), making the US less safe.
> It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into some conversations early on
Sure, because we're never told. And you know what? Maybe there's good reasons. But "we can't tell you why, but trust us, it's super effective!" isn't enough of an argument.
Law enforcement seems overeager to label anything and everything terrorism if they possibly can. For instance, someone at my previous workplace vandalized prod in a fit of rage when he left and they called it terrorism because the system had utility companies as customers. Why would law enforcement be so interested in juicing their terrorism numbers if the real thing was plentiful?
My hypothesis: real terrorism isn't plentiful, but the budget to go after it became plentiful after 9/11, and the people who benefit from the budget do what they can to keep it that way. Erosion of freedoms and judicial overreach are side-effects.
From their point of view, if technically possible, they would like to listen to any conversation and being able to spot in seconds conversations about any country security threat.
It is easy to see that the risk is that if plaintext data is available, the data can be mined for a lot of other purposes including illegal or not ethical ones. It is also possible that eventually that data could leak to the wrong entities.
And yes, in any big organization, the left hand may not know what the right hand is doing and, while one is concern in matters of public safety, the other may be primary concerned with the hegemony of its own power.
So it is complex.
But just assuming that you do not need them and they are just evil is a massive over generalization.
> It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into some conversations early on
Aren't the ones we hear of are the ones where the FBI set the whole scenario up?
Lack of transparency is indeed what make people second guess their intentions. And I have to agree that "being lied to" is the number one reason why people do not trust them.
I am not an expert but I think the general feeling most of people have is we are hearing a lot of constructed lies. Is there a list of stories told to the public that were proven to be lies? Did they even come out and say "Yes, we lied and this is why..." ?
>> It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into the conversation early on
I don’t think it’s fair to assume that at all.
Without evidence, I’m unconvinced the governments need for information access is motivated by justice rather than the interests of a few.
Renewing the Patriot Act and other such laws is easily explained by self-interest.
Renewal: The best case is it foils a terrorist attack. The worst case (Snowden) has already occurred.
Nonrenewal: The best case is no terrorist attacks. The worst case is a terrorist attack that may have been prevented with Patriot Act level wiretapping.
No one wants to be blamed for a terrorist attack at the next election so the Patriot Act is renewed.
How can this be true when it seems the deadliest attacks really are coordinated through end-to-end encrypted platforms such as WhatsApp? I'm not in favour of backdoors, but I have a hard time believing that I should rationally fear the government of most Western nations more than the people who carried out the Nice attacks when it comes to my personal safety.
> the deadliest attacks really are coordinated through end-to-end encrypted platforms such as WhatsApp?
Most of the recent attacks in America were carried out by lone-wolf far-right extremists. Some of the ones who were caught were actual government employees.
Furthermore, there's more to fear than someone spraying bullets into a crowd; ICE is performing 3am Gestapo raids and imprisoning citizens.
So you bet your ass I'm more afraid of the government than a guy driving a semi-truck. The government can hurt more people in a day than a terror group can in a year.
The reality is that we should be just as concerned by a guy blowing up a truck at the Apple Store as we should about ICE raids at 3 in the morning. With both right wing terrorists and the government, scope creep has a way of ensnaring us all eventually.
Same is true of any terrorist, and any government.
So look, the question is not: Whether or not compromising my personal privacy will bring me more or less security? But rather the question is: Whether or not compromising my personal privacy is consistent with American Ideals?
I say no. So in my personal opinion we, as a nation, have no business mandating that people compromise their personal privacy.
You’re probably not literally the only person is unconcerned, but the overwhelming majority of the population seems to suffer from the availability heuristic, which means they’re concerned simply because it’s in the news, and it’s in the news simply because of its emotional affect.
> The reality is that we should be just as concerned by a guy blowing up a truck at the Apple Store as we should about ICE raids at 3 in the morning..
I disagree.
> With both right wing terrorists and the government, scope creep has a way of ensnaring us all eventually.
What's an example of a terrorist group's scope creep?
> So look, the question is not: Whether or not compromising my personal privacy will bring me more or less security? But rather the question is: Whether or not compromising my personal privacy is consistent with American Ideals?
Disagree.
> So in my personal opinion we, as a nation, have no business mandating that people compromise their personal privacy.
In the sense that they were the secret police of the Nazis, sure that’s incorrect usage. In the sense that ICE camps are being compared to WW2 concentration camps by people who were in WW2 concentration camps, and in the sense that the Gestapo played a key role in the WW2 camps, it’s uncomfortably accurate. After all, when it comes to who to detain and how, most of them are just following orders…
> "The government can hurt more people in a day than a terror group can in a year"
Of course. But we need to remind myself this: what it is the probability that they are going to willingly hurt innocent people on a massive scale at the moment?
Aligned with your comment:
I have to admit that one of my paranoid fears is that this will change in the future and who is supposed to protect us is actually going to be our enemy. This was also one of the founding fathers.I guess, we are in a good company.
History is full of examples of good kings that die and their successors are very wicked men.
At the moment I think that "being able to find out what they need to" is net positive for the world ( see https://news.ycombinator.com/item?id=20509347 ) but what really bother me is that if in a future (hopefully remote) this change, there is no way to undo the past.
From my prospective the security that they are able to provide because of being able to tap in any conversation and the risk of citizen data being used against innocent people is clearly a huge compromise.
So the same attorney general that believes the FBI was infected by the "deep state" and is vulnerable to widescale corruption also thinks that same group should be able to remove encryption from anything?
"In the field of psychology, cognitive dissonance is the mental discomfort (psychological stress) experienced by a person who holds two or more contradictory beliefs, ideas, or values."
I think the usual devil's advocate argument is that those attacks are not a practical concern at all to anyone's life (except the extremely unfortunate — thoughts & prayers).
It barely registers when compared to boring old regular crime and homicide, all of which is of dwarfed by road accidents.
All of which combined is itself still single-digit chances of dying, the rest being cancer, disease and strokes.
So the argument goes, you should focus on the much more direct and practical impact that laws & politics can have on your life.
A OTP is extremely easy to use for a terror network (just distribute several GB of pad on a thumb drive, have a shared secret for pad generation, etc) and completely unbreakable in the perfect use case, and feasibly unbreakable before an attack in the lazy-use case.
Just because they opted to go with low-hanging fruit doesn't mean the fruit needs to be low-hanging for them to make use of it.
I have tried arguing this directly with members of the British parliament and failed abysmally. with the benefit of hindsight, I suggest a different approach.
Untested hypothesis: what we consider to be trivial, politicians consider to be advanced magic.
Alternative hypothesis: politicians understand the skill level required perfectly, but they also have good reason to believe the terrorists are complete morons who wouldn’t be able to find, generate, or use a one-time pad if their life depended on it (and in this case their life literally would depend on it).
There's a story from Daniel Ellsberg about how access to secret information can make politicians (seemingly) stupid. It's possible that it's still very applicable here.
> “You will deal with a person who doesn’t have those clearances only from the point of view of what you want him to believe and what impression you want him to go away with, since you’ll have to lie carefully to him about what you know. In effect, you will have to manipulate him. You’ll give up trying to assess what he has to say. The danger is, you’ll become something like a moron. You’ll become incapable of learning from most people in the world, no matter how much experience they may have in their particular areas that may be much greater than yours.”
As some wonk deep in the machine that wants to get their project pushed through, generate a fantastical story, mark it super extra unbelievably stop secret, and then parade around the politicians that have clearance. They _feel_ it, but can't share it and they use those thought terminating feelings to push through kooky-dooks legislation. Preferably using secret laws.
On average it is fair to assume, politicians do not know anything and just believe what they are told to by their direct reports and advisors. And it is fair to assume that some of those do not know a lot of what is going on in the trenches. I see a lot of analogies with what is happening in big corporations.
On the face of it, I'd sort of agree with you, but a government wanting the ability to spy on anyone and seeking bans on technology that enables private communication should be terrifying. That's an enabling step for totalitarianism and should be treated as a red flag.
It might be less of a red flag if regulation was likely to be able to prevent terrorists from using encrypted communication technology, but that's absurd as long as we have general-purpose computers and access to the open internet.
How is it any different than busting down your door though? I agree the government shouldn’t be able to collect data randomly, but the slippy totalitarianism slope seems like a silly way to blame technology.
Personally, I fear all advancements it cryptology will be classified in the future.
You might need a source showing that attacks would be stopped by backdoors in encryption, since anyone could make encrypted communication using software off of GitHub.
> The risk, he [Barr] said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”
Two things about this odd quote, which dances on the edge of the Orwellian "nothing to hide" argument:
1. I'd put the odds that current president has in fact stored the nuclear launch codes on a "consumer product" at 50:50. He's shown a shocking disregard and disdain for protocol. The way in which diplomacy is carried out through Twitter suggests he's not capable of evaluating the threats posed his uses of consumer-grade technology.
2. Barr assumes a threat model involving petty criminals. The real threat is the US federal government, which has demonstrated repeated disregard, under multiple administrations, for search and seizure boundaries set by the Constitution.
What was the phrase before the election? “But her emails”? I’m not American, but that phrase seems to have shown up a lot and been about inappropriate storage of classified material.
One can store material inappropriately even without authorisation.
I'm really struggling to understand how you can think that.
The launch codes are used by the president. If a party has access to data then that data can be replicated and stored anywhere else that party can access.
The president is the authority that decides how the codes are stored, they exist primarily for his use.
“Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,” he (U.S. attorney general William Barr) said
Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
The context when Franklin said that is interesting. Pennsylvania was having trouble on the western frontier due to the French and Indian War, and the legislature wanted to put a tax on land to raise money for arms for defense.
The governor was blocking this, because the Penn family, which owned a lot of Pennsylvania land, objected. The Penn family did recognize the need for defense (although they were largely absentee landlords so not in personal danger), and offered to donate a lump sum for the arms if the legislator would agree that it did not have the power to tax Penn land.
Franklin's quote was in a letter he wrote to the governor arguing for rejection of this offer.
The "essential Liberty" he was referring to was the liberty of the legislature to legislate how it saw fit, including taxing Penn land to pay for security, and the "purchase a little temporary Safety" was the one time lump sum for arms.
That was in 1755. He did re-use the phrase 20 years later in 1775 in a more general context, closer to what people quote it for nowadays.
Same exact reaction here. Had to re-read it several times. For anyone else confused: I think by "security" he's referring to infosec and by "safety" he's referring to physical safety. (As opposed to my initial reading, where I thought "security" meant physical security and "safety" meant online safety.)
That’s not a logical argument by Franklin, it’s his opinion. There’s no axiomatic reason why Ben Franklin’s opinion is more correct than anyone else’s, even William Barr’s.
Says the rhetoritician; cleverly trying to blur the issue. Opinion or no, the principle is consistent through much of the intellectual environ's of the time. If both statememt's are read as opinion's neither wins. If both are construed as statements of fact, Franklin's still holds the more portentous conclusion. Namely that the being willing to sacrifice his capacity to guide himself to live longer , will inevitably result in neither goal being attained. Everyone dies.
So that's really a bit of a non-starter. I would say that Franklin has more credibility however; if only because of the man's legendary common sense.
I'll also point out, Franklin's sentiment can be traced back to the principle that "Vigilia aeterna est pretium libertatis". A consequence of which is, sorry Mr. Barr. Tell your police to do some actual investigative work. It is not the job of the populace to relinquish essential liberty to make tyranny in the making that much further realized.
It is what we do with our Liberty that elevates us as angels, or drops us to the level of daemonic debasement.
Law enforcement needs to understand their job should never be made trivial as their very existence in and of itself is as the sole means to rescension of that which culturally we value most; hich should absolutely be as burdensome a process as possible in the light of what is being taken.
Never mind that making unbackdoored encryption illegal just adds a token charge to a long list of other charges, which to me is an absolute anti-pattern, of the same level as most firearm regulation in light of the second amendment; which I'll admit to being a bit of a hard-liner on.
Your comparison to the second amendment is not just "on the same level", but entirely accurate.
To this day the United States Munitions List, classifies cryptographic devices under Category XIII Materials and Miscellaneous Articles.
All the way back to the pre-constitution 1784 Virgina General Assembly, to some extent recognizes the need for secure communications channels in a militia. "There shall be a private muster of every company once in every three months", and setting forth those in charge of initiating and communicating the time and place of the muster.
People often focus on the first amendment right to encryption. But I at least feel that the second amendment right is equally strong, with the governments own position on arms control behind it, legal interpretation should if anything not tolerate it's own inconsistency.
Benjamin Franklin is a Founding Father and has been generally accepted as an authority for more than 200 years, especially on the subject of freedoms and rights. He was a renown political theorist, politician, civic activist, statesman, and diplomat in his own day, not to mention the fact his reputation has stood the test of time.
>Can you call it that though?
>One is a person with a well-earned a reputation, the other.. well you get the point.
Yes
>An argument from authority, also called an appeal to authority, or argumentum ad verecundiam, is a form of defeasible argument in which a claimed authority's support is used as evidence for an argument's conclusion
You're not defending the point logically; you're only supporting argument is that someone with a good reputation supports it as well.
The annoying thing about "logical fallacies" is that if anyone season argument they disagree with that resembles a "fallacy", that quote it and act like theyve won.
He is not saying that everything Benjamin Franklin has ever said is true. Obviously. However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct. That's not what an appeal to Authority is
>The annoying thing about "logical fallacies" is that if anyone season argument they disagree with that resembles a "fallacy", that quote it and act like theyve won.
That is annoying and I agree, but that's not what's going on here.
>He is not saying that everything Benjamin Franklin has ever said is true.
No one said he was.
>However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct.
No it doesn't. It absolutely _does not_. Reputation isn't irrelevant in so far as it lends credibility to a person's statements, but the discussion doesn't stop there. If you're going to defend a quote then defend it. Saying "this is true because X is trustworthy and Y is an 'evil schmuck'" is not an argument.
If this is not a prime example of Appeal to Authority then show me why it's not and provide an example. You're just throwing out your opinions as if they were fact.
This is not an example of Appeal to Authority because Ben Franklin is an accepted authority. If all parties agree on the reliability of an authority in the given context it becomes a valid inductive argument. Otherwise every Citation or Source or Bibliography would be a "logical fallacy". An Appeal to Authority would be if the quote was attributed to someone like James Polk. Sure he was president, but he has no authority on this sort of subject.
>This is not an example of Appeal to Authority because Ben Franklin is an accepted authority.
...huh?
>If all parties agree on the reliability of an authority in the given context it becomes a valid inductive argument.
No, it doesn't. Why do you believe that? How do you feel about quantum mechanics? Do you realize that Einstein fought tooth and nail against it for years?
>Otherwise every Citation or Source or Bibliography would be a "logical fallacy".
Citations link to works, not authorities. A citation may link to, say, an academic paper which provides evidence to support its assertions. No one is linking to random comments made by so-called authorities, that would never be accepted (unless the citation was to literally show that a quote is legitimate, i.e., made by the person claimed to have made it.)
But given a hypothetical question like “What play should a football team run when they are on 2nd down and 3 with 2:19 in the 3rd Quarter while leading by 3 points” — wouldn’t a professional NFL coach’s opinion be given more credence than mine? Einstein may have been wrong on quantum mechanics but if you had 1000 physics question it would be hard to think of a better person to ask.
You're proving my point. When examining an argument you should do so based on the merits of said argument. That's literally the basis of Appeal to Authority. It doesn't get more clear cut than this.
I'd also like to point out you have yet to provide a single fact in support of anything you're saying.
>However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct.
Providing evidence towards the likelihood of truth, as I said, and saying "this is true because X is trustworthy and Y is an 'evil schmuck'", as you said, are not equivalent.
Are you actually trying to argue you can't tell the opinion of children and subject matter experts apart because gathering evidence based on reputation is a logical fallacy?
If you keep posting unsubstantive comments and flamebait here we are going to ban you. I don't want to do that, because you've also posted good comments. Would you please fix this?
But, "Only the Sith deal in absolutes." - Obi-Wan Kenobi
I don't think opinions of people who were born before telegraphs matter much in today's political discourse. Basically, it boils down to, "I found a quote I agree with, and when I attach $(some famous dead person)'s name on to it, it sounds really great and authoritative."
If you really think that we aren’t facing the same problems today, that didn’t exist 300 years ago; you need to take a far harder look at the problems.
I kinda agree with you, but quoting Benjamin Franklin as a solution is not exactly "taking a harder look" at the problem. How is it any better than "because the Bible says so!"?
As much as I disagree with Barr and I've repeated that quote countless times, I can't help but think it's utterly stupid. Did Ben Franklin really think we should throw out things like the rule of law and the police? They are an explicit trade of Liberty for Safety. Was he some sort of fundamentalist anarchist?
"All Property, indeed, except the Savage's temporary Cabin, his Bow, his Matchcoat, and other little Acquisitions, absolutely necessary for his Subsistence, seems to me to be the Creature of public Convention. Hence the Public has the Right of Regulating Descents, and all other Conveyances of Property, and even of limiting the Quantity and the Uses of it. All the Property that is necessary to a Man, for the Conservation of the Individual and the Propagation of the Species, is his natural Right, which none can justly deprive him of: But all Property superfluous to such purposes is the Property of the Publick, who, by their Laws, have created it, and who may therefore by other Laws dispose of it, whenever the Welfare of the Publick shall demand such Disposition. He that does not like civil Society on these Terms, let him retire and live among Savages. He can have no right to the benefits of Society, who will not pay his Club towards the Support of it."
You are intentionally misinterpreting his quote. He doesn't think much of excessive property. Yes, you probably don't need a 3rd home while other people have no homes...
Yes, and the distinction is completely artificial. Worse, he gets the relationship between property and law exactly backwards. Property rights, even for what some here are calling "excessive" property, were not created "by the public" (meaning by legislators) through the passage of laws. Rather, property rights existed first and laws were passed to rationalize the abridgement of those rights when they proved inconvenient to those in power.
If you take someone else's property for your own use by force without their permission, they are perfectly justified in using force to take your property without your permission. That is the fundamental natural law which underlies property rights, as well as all other natural rights: reciprocation. It doesn't matter who the property belongs to, how much other property they have, or who is doing the taking.
The "fundamental natural law" you appeal to is none of those things, so it would be disingenuous to hold him to it. I'm not sure how I feel about the quote and don't have enough context on his thinking to really judge it, but your rejection sounds dogmatic, not reasoned.
I'm not "holding him to" anything. I'm just stating a fact. It is not logical to claim that it is simultaneously right for you to be able to do something unilaterally to someone else but wrong for that person to do exactly the same thing to you. Not unless you're arguing against the universality of rights in general, anyway, and if you're taking that approach then you can't make any meaningful statements at all about what rights other people may or may not have.
If you take someone's property without their permission there are three possibilities: (1) you admit that it's wrong and deserving of punishment; (2) you claim that taking property without permission is universally right (i.e. that there are no property rights), in which case you can't complain when others take your property; or (3) you claim that rights are not universal, in which case others can claim the right to take your property just as easily as you claim the right to take theirs. Whichever path you choose, the act of theft justifies its own proportional punishment. The same reasoning applies to any other natural right, as they are all based on the principle of reciprocation.
I agree this isn't the time or place, but you are not stating a fact; rather you are choosing a particular framing which is neither unique nor universally accepted.
It doesn't matter whether or not I agree with you or Franklin (or neither) here - I was noting that your attempt at pointing out his "error" is itself logically flawed and does not demonstrate any such error on his part.
You claim that I am "not stating a fact" but it is a fact that any claim that an action is right when done by one person but wrong when done by another is either an internal contradiction or a repudiation of any universal standard for right and wrong. Either way, you can't consistently argue that a proportional response would be wrong after taking that same action yourself.
I should hope that this argument is not "unique", since it's just an application of basic logic, and I really couldn't care less whether the conclusions are universally accepted. The logic is sound whether you accept it or not.
Ah, we seem to be focused on different parts of your state to. The problem you ran into is axiomatic, not logical. You are asserting a concept of property that is not the same as Franklins, and then attempting to refute him based on that framework. He (I thinks least, based on those quotes alone) is proposing a quite different framework, so you have fallen into a type of category error. That is what I was pointing out. It’s all fair to argue that his framework is inferior, but it is illogical to just claim he got it wrong because it doesn’t fit the framework you prefer.
I think this has run its course, it’s not a good media to get into something like this at depth.
Keywords being "essential" and "temporary" in the original quote. Granted, that leaves a lot of room for interpretation, but Franklin was not advocating doing away with, for example, law enforcement.
Though I would agree it's a quote of triteness and "just so" convenience that gets massively abused.
I wonder how Benjamin Franklin would feel about its common usage nowadays. For specific context I used to use this quote in relation to my dislike of the PATRIOT act and similar, and I never really took any introspection as to whether I was truly defending my position through the use/abuse of the quote. Granted I was literally in middle school at the time, so maybe my lack of a more nuanced position could be forgiven, but a quote is not an argument.
In a perverse way, this is progress: At least the false premise of "we can have both secure encryption and key escrow" has finally been dropped and Barr is making the more blunt assertion that the need for eavesdropping outweighs all other needs in cybersecurity.
This will be a taboo and unpopular option. My theory is that these discussions are theater. More often than not people store and access their data from their cell phones. Between CarrierIQ and OTA updates/access, there is no such things as end-to-end encryption on a cell phone. People get really upset when I bring this up. I suspect it is a matter of denial and not providing links to public documents, which will never exist. I would suggest that very few people have the patience to implement proper OpSec with their own data.
You don't even need "backdoors" in encryption. Existing lawful-intercept on Slack, Discord, Facebook, Google and all the wireless carriers will net just about anything you could ever want to know.
> People get really upset when I bring this up. I suspect it is a matter of denial and not providing links to public documents, which will never exist.
The last time I saw this matter being discussed here, tptacek was getting pretty upset at people who were suggesting that baseband processors presented a security threat. He's a security expert with a reputation to uphold so I expect he's probably right, but I would still like to see a detailed explanation of why he's right.
For a reason I don't understand, this topic seems to illicit a lot of insults, when calmly assuaging fears would doubtlessly be more effective.
Is there somewhere I could read some more on this point?
I was under the impression that iMessage was end-end encrypted. So unless Apple has a secret backdoor built into their systems, nobody should be able to access those messages correct? Wireless carriers are just sending my encrypted messages over their networks.
What am I missing?
Do you believe my cell service provider could decrypt my HTTPS connections to my bank?
I'm pretty sure he's just referring to the fact that if someone can push an ota update and you have something like iMessage that has encryption keys on the device, there's nothing stopping a company from pushing an update out that compromises your security. End to end isn't compromised, it's potentially compromised. Smartphones are the schrodinger's cat of security because while they're considered "secure" right now, they could be blown wide open via automatic update any second. Telegram is encrypted end-to-end, but if you have automatic updates on, there's nothing from stopping the developer or rogue actors (or states, like russia) from pushing an update out that uploads all of the encryption keys to their servers and decrypts everyone's messages. Automatic updates are fundamentally insecure because they can instantly compromise your security. If you want true security, go with open source and review (or wait for reviews) of all code changes that happen in the apps you use, and you want a distro that either doesn't have an os ota system or allows you to disable it. Also, there is potential for baseband attacks because we're all at the mercy of telecoms and no one runs custom firmware or opensource code on their baseband processor so who knows what vulnerabilities lie there.
It doesn't matter if the apps try to be secure. If any point in the communication holds the key-data in memory and is not on a //user// trusted device then the key is compromised.
Since cellphones have a BMC that isn't user owned, which does have access to the full system memory (rather than being an isolated peripheral modem), and since OTA firmware updates can be pushed by the "infrastructure" (including fake 'towers' setup by TLAs, criminal hackers of other sorts, and hobbyists) containing code to compromise and silently ex-filtrate any data (including those keys, or even just the conversation directly); it is an inherently insecure environment.
What should the average security-conscious person do then? Resort to one-time pads? Is there any way to be truly secure, or should we just stop trying?
If we want secure tools for democracy then that's going to mean a completely open and thus verifiable (audit-able) platform.
This needs to be from the PCB traces, all of the component tolerances, all of the chips, all of the firmware (even the ROMs that are actually baked in ROMs on the chips), the bootloader, OS, and entire userland.
This is required not just for the host system but also the human interfaces and peripherals.
I hope we will be able to reach that point with a RISKV system at some point; but the various proprietary interfaces that require licences for implementation/etc might make this problematic. I am for standards, preferably completely free, but FRAND and non-restrictive on meeting the above goals might be good enough. The platform has to be fully open-book, but some of that book can be covered by reproduction limitations for a limited time. (I'd prefer standard patent duration at most, as this stuff NEEDS to become the digital version of paper at some point; and within my lifetime would be nice.)
Not sure why this comment by
robdachshund is dead: "Why bother trying to break encryption when you have backdoors in the hardware and OS? It's far easier to just use a keylogger on your OS keyboard, take a screenshot, access RAM buffers, etc."
To answer to that. Maybe the problem is in those hardwares and operating systems that do not have backdoors?
Apple showed that they are capable and willing to perform silent over the air updates to operating systems to address security concerns. The specific incident I am referring to is with Zoom.
If you can read your message history from an iPhone, Apple is just one silent update away from reading it as well.
You're missing that Apple has the ability to put backdoors in kernel updates, and these can reach right into process memory and get your unencrypted messages.
Why bother trying to break encryption when you have backdoors in the hardware and OS? It's far easier to just use a keylogger on your OS keyboard, take a screenshot, access RAM buffers, etc.
Even with end to end at some point the information needs to be displayed to the user and especially on Android at that point you can collect anything you'd like. Unless there is some way of encrypting data all the way to the display controller I don't know about. But that will never happen as it would be the end of so many other features.
So he's right theres no such thing as true end to end on common cell phones.
I most certainly do. CarrierIQ (former name) negates it. HTTPS and GPG can't hide anything from it. Any phone app will be entirely transparent. There are other debug apps embeded in different phones that can be triggered to start gathering data in the background. They can even tell the velocity you swiped in what direction and what angle you were holding the phone.
The article doesn't seem to indicate which devices are communicating, just generally referring to communication. Medical devices which communicate should certainly not be an acceptable communication to risk.
Unfortunately such a mechanism requires that we trust the government. That trust was broken with the Revelations from Snowden.
For now, the average citizen fears the government more than criminals and this is the easy calculation folks are making and will continue to make at the ballot box.
Ah, the clipper chip from the 1990s debate over again. They didn't get it then and the world is still ok (kinda, but encryption seems to be low on the list of pressing problems)
The only place they seem to have gotten their way is anti-counterfitting thats injected into scanner silicon.
"
From the moment Diffie and Hellman published their findings in 1976, the National Security Agency's crypto monopoly was effectively terminated. In short order, three M.I.T. mathematicians -- Ronald L. Rivest, Adi Shamir and Leonard M. Adleman -- developed a system with which to put the Diffie and Hellman findings into practice. It was known by their initials, RSA. It seemed capable of creating codes that even the N.S.A. could not break. They formed a company to sell their new system; it was only a matter of time before thousands and then millions of people began using strong encryption.
That was the National Security Agency's greatest nightmare. Every company, every citizen now had routine access to the sorts of cryptographic technology.....
The genie was out of the bottle. Next question: Could the genie be made to wear a leash and collar? Enter the Clipper chip."
Interesting to see RSA portrayed as a foe of the government and a thorn in the NSA's side here, knowing what's been reported about their involvement with "Project Bullrun."
So when the backdoor is hacked, as it inevitably will be, whom will I have legal recourse against to recover damages? I'm assuming that any company incorporating such a backdoor would be afforded some immunity against civil lawsuits arising from successful hacks. Also if such compensation is forthcoming won't I essentially be contributing towards it with my own tax dollars?
“Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,”
And I expect some would argue that the "slight incremental" and "massive" are incorrectly placed in that statement.
> The risk, he said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”
There's a good reason not to use encryption schemes that have backdoors, they aren't safe and this pull quote betrays the fact that Barr knows that.
I'd be willing to wager that the government isn't going to use backdoor-able encryption because the risk of failure is too great. While not being critical to national security, safety in storing your medical, financial records and your conversations with other is mission critical to citizens. Hopefully folks on capital hill see that.
>While not being critical to national security, safety in storing your medical, financial records and your conversations with other is mission critical to citizens. Hopefully folks on capital hill see that.
They aren't going to see it. The government will just use the non-backdoored version. If a company gets its data popped because of the backdoor, the government will just blame the company, or it's acceptable losses because they catch some bad guys.
Everyone should be super, super, super pessimistic that attempts like these will be handled in the interests of citizens.
I made this comment in a previous thread, but I think it applies here as well:
If you ask the government to do something impossible, such as provide COMPLETE safety and security, they will try to do that. I think the news media bears some responsibility in this regard, as they always blame or call out whatever agency that fails to maintain safety and security, thus leading to severe measures to try to mitigate the previous failure.
I'm afraid even Senator Ron Wyden misunderstands it. It isn't that we give them the "power" to break encryption, its that we fundamentally weaken it. We must build the encryption with tissue paper in order to let a person walk through it.
Most discussion of backdoors these days is no longer about weakening the encryption itself, but prohibiting its private use. It's about data retention, key escrow, key disclosure and man-in-the-middle attacking everyone like Kazakhstan is trying to do.
Cryptography technology is public knowledge now; there's no putting the cat back in the bag, so now it's about making the non-government approved use of it criminal / basis to assume guilt.
One could make a good case that strong encryption is a form of Arms (certainly the US did, as "Auxiliary Military Equipment"[1]). So if encryption is a form of Arms, then Barr should probably keep his mouth shut or else he's making a case against the holy Second Amendment.
Australia has already passed draconian secret mass-surveillance laws, and also is part of five eyes so everyone (including American citizens) are subject to draconian mass-surveillance which is shared with the US when their data goes through any computer on Australian soil.
Australian Federal police are busy attacking journalists right now for exposing a coverup of their soldiers murdering children.
Americans should fight this with everything they have.
Make no mistake, the "free" world is well on its way to becoming a surveillance dystopia.
The nazis could only have dreamed about having the secret and unfettered surveillance apparatus politicians have created, and they are targeting that apparatus towards journalists and citizens.
It's not about terrorists or pedophiles, it's about you and I, and anyone else who could potentially expose government or military incompetence/wrongdoing.
Without encryption backdoors, how will you know if people are illegally using high-strength encryption? Everything must be decrypted on demand to determine if illegal cryptography is being used.
That doesn't seem hard: just make sure everything is plaintext (i.e., a known and approved protocol, like FTP, telnet, HTTP/HTML, etc.), or make sure it's an approved encryption protocol that has a built-in backdoor (and the data within, again, being one of those approved protocols). Of course, people could be hiding high-strength encryption within the backdoored protocol, but they could do random checks for that.
Basically, the only way to really hide data is to either use steganography, or to use an unapproved data-transfer protocol (and using unapproved protocols can be banned).
I've seen this posted several places. It's a bit of a clickbaity title because it sounds like a quote. As far as I can tell, it can't be attributed to him.
The exact quote is:
"Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety"
I'm purely making a statement on the article title.
I don't think I did. The title is not a quote, but it seems to be a reasonable summary of what he said, directly from more than one quote. What is it that you are objecting to, you think the formatting of the title makes it look like a direct quote? Fwiw, in that case I don't agree.
> The risk, he said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”
When the government stops caring about my race, where my ancestors came from, my sexual orientation, my religion, my gender, my political leanings, and probably a few more I'm forgetting, and puts robust steps in place to ensure that it won't start caring about them again later, then maybe I'll consider entertaining the idea of allowing the government to peek at my messages.
Considering the export controls on cryptography in the not so distant past [1], I think things have been worse for cryptography. This isn't to say I don't think Barr's comments are alarming, but he is continuing a push by DOJ that has been going for years now and has made little progress.
I really want someone who is testifying in congress to put this in terms that affect the congressmen personally, explaining to them that it will make it easier for state actors to gain compromising information from their email addresses and personal devices.
I think government officials would obviously want to have access to non-backdoor versions of software, so they can exchange their highly sophisticated and ultimately important state business discussions on WhatsApp secure.
Passing over for a moment the (lack of) ability of the government to keep secret the means of using the backdoor...
Most encryption software (including crypto libraries) is open source. Is he proposing banning open source or just mandating that it only be distributed as binaries by compromised companies?
Does he, and does anyone else proposing this, have the slightest notion what banning good encryption would actually entail?
Banning open source software is probably not feasible (you can distribute the code as a printed book after all). They would have to:
- ban all Internet traffic that uses non-backdoored encryption (all ISPs would be required to report it)
- ban all amateur radio equipment, including all products one could use to build a satellite dish (like aluminium foil?..); keep a fleet of radio-direction-finding vans circling the streets
Eventually, maybe also ban general-purpose non-backdoored computers.
> “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”
Talk about putting the cart before the horse! The USA is made of people, not hardware.
Am I wrong to believe the government is, in fact, capable of cracking encryption on individual bases, but not on _many_ cases? Isn't this what we want? For the limits of encryption to keep mass snooping at bay?
In other words, I think the "ticking time bomb" scenario often used to justify a backdoor is a fallacy. If the government really wanted or needed to, they could easily decrypt or break into a device (rubber hose method comes to mind).
Don't let fear rule your life, and convince others not to as well. That is our job.
This is ultimately bad for people.
It gives too much power to the government. It is same as saying government can disable all guns remotely.
And also no matter how much regulation and monitoring there is a big risk from government employees. It will be exploited by others.
And at the end of day, criminals are going to find a solution for themselves when they have to and this will only leave people vulnerable. And usually government itself will use a different tech for obvious reasons and leaves this for citizens only.
Its trivial and common to have one or more than one key that unlocks the actual key that is in fact used to decrypt data see LUKS the standard for full disk encryption on Linux for example. This trivially lets you change your passphrase without rewriting all your data on disk.
It's also useful for recovering data that the user has forgotten their self set passphrase or wont share it in case of a hostile ex employee. Furthermore one can have multiple passphrases and revoke one if it is known to be compromised.
For the governments concept on it see "key escrow" and the clipper chip fiasco
Problems are legion and multifaceted. To put it briefly based on past actions no reasonable party would trust the US government to be respectful of their rights and privacy nor even competent enough to keep a secret.
It would force the entire world of computer security to be shackled and standardized upon what an incompetent bureaucracy understands and it would be a disaster inside a year.
If one recalls a lot of current woes with malware can be traced back to one of their geniuses that took home a hard drive full of tools and lost it all to the bad guys.
If a golden key that unlocked everything in existence came into being it would be in the hands of state actors within 30 days and everywhere next year.
It has always required monumental arrogance and profound lack of foresight to suggest we should backdoor all security for the benefit of the keystone cops and their current fearless leader Sergeant Shultz here.
As the iconic tv character used to say "I know nothing. Nothing!!"
Government generates a public/private key pair Gpub/Gpriv, and publishes the public part. It also requires the following scheme to be used: if you want encrypt a message M with a key P, you generate random key K, encrypt M with K to obtain Enc_K(M), encrypt K with Gpub to obtain Enc_Gpub(K), and encrypt K with P to obtain Enc_P(K), and then send this triple (Enc_K(M), Enc_Gpub(K), Enc_P(K)). This way, either of the P or Gpriv can be used to decrypt M (you just use it to first decrypt K, and then decrypt M). This scheme is as strong as the scheme used for encryption is, and no cryptography is weakened by its use, except of course a huge negative impact in case Gpriv leaks. With stakes this high though, you could bring likelihood of leak to be very low, and you could modify the scheme to mitigate the impact of the leak.
I don't like it as much as anyone else, but unfortunately I think this is viable in practice. Of course, nothing stops you, a hacker, from using non-backdoored encryption, but government is fine with that, as long as Google, Apple, Facebook etc. are forced to use backdoors.
> Of course, nothing stops you, a hacker, from using non-backdoored encryption, but government is fine with that, as long as Google, Apple, Facebook etc. are forced to use backdoors.
Which just goes to show that this isn't actually about catching hardened criminals (who will just use non-backdoored encryption, either alone or layered on top of the compromised channels) but rather about enabling pervasive surveillance of ordinary citizens.
Not necessarily. There is a middle ground between the two: common criminals that simply use the tools that Google, Apple etc create to make security for normal people easy. If it's effortless to enable full end to end encryption on your phone, then not only will your grandpa enjoy benefits of it, but also a cocaine dealer or a burglar trying to fence stolen goods.
But yes, I think that there are lower-hanging fruits available for pick up here. I wish we lived in a reality where backdooring encryption was the best available path to reduce crime.
The lazy sort of criminal that relies on commonplace, corporate-controlled communications apps would be caught using a traditional investigative approach regardless of any end-to-end encryption. It's the more sophisticated ones that they're using as justification for these backdoors—exactly the type that might be mildly inconvenienced at most by backdoors in standard communications services.
If what these criminals are doing is causing actual harm then there must be sufficient offline physical evidence to track and convict them by without direct access to their communications networks. Far from reducing crime, the enforcement of compulsory backdoors would itself be a crime committed by the government against its own citizens on a massive scale.
> Government generates a public/private key pair Gpub/Gpriv [...]
Isn't that exactly the Clipper Chip scheme? The arguments against it are as valid now as they were then. If you haven't seen them before, they can be found at the 1997 paper "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", and its 2015 followup "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications".
Not exactly the same, it offers slightly different trade-off between the benefits and the drawbacks. But yes, the idea is clearly not new or non-obvious. There are plenty arguments against doing that, and thank you for the references (I wasn't aware of the second one). Nevertheless, just because it has some (in fact, many) drawbacks, doesn't mean it's completely broken and useless, and that means that we shouldn't expect that something like this won't ever materialize.
Year is 2040. Candidate for Senate was linked to foreign agent for some innocuous reason. FISA court grants warrant. Justice find nudes, because obviously. Incumbent administration leaks to Twitter.
This is such a bad move the tragedy/comedy writes itself.
Question.. if you make encryption illegal would that actually stop a "criminal" from using it? This seems like making guns illegal, it only stops law abiding citizens.
The advantage of making something illegal that a lot of law-abiding people would otherwise use, is that, even though criminals by definition ignore the law, law enforcement now knows anyone using that thing is a criminal. It has a tremendous effect on how easy it is to identify the criminals.
I think the right questions would be: "How can we reduce of orders of magnitude the probability of another 9/11?" and assuming monitor communication being a critical matter, "How could we reduce the probability of communications between terrorist going unnoticed and being able to understand what they are talking about?"
They already had all the pieces to the puzzle when the first attack happened, and they failed to prevent it. Allowing pervasive surveillance of our private communications would throw magnitudes more hay on the stack. So, this is probably not the way to go about it.
Rosenstein: https://www.justice.gov/opa/speech/deputy-attorney-general-r...
Sessions: https://www.justice.gov/opa/speech/attorney-general-sessions...
Comey: https://www.theguardian.com/technology/2015/jul/08/fbi-chief...
Comey engaged in a long running campaign on this from at least 2014, until he was fired.
Lynch: https://www.networkworld.com/article/3040224/attorney-genera...
Holder: https://www.washingtonpost.com/news/the-switch/wp/2014/09/30...
Let's all hope they continue to fail.
Not that I’m taking a position on things either way really. The likes of apple should be able to do what they please — just not be surprised when they find the government installing the backdoors themselves.
They're just in a different position... In the DOJ, encryption gets in the way of their job--catching criminals... while the penalties for a backdoor fall on others (those responsible for the data). There's no downside to them personally (and very little for the DOJ itself) for getting a backdoor.
The opposite is true for those not in the DOJ... the protection for our data is compromised.. and in exchange, the DOJ is able to prosecute some criminal we've never known, met, or had any contact with.
To those in the DOJ who deal with criminals everyday, their ability to prosecute criminals is of the upmost importance to them personally... and for the rest of us, unless we're a victim of a crime, there's only downsides to a backdoor.
There is if the people in the DOJ suffer from identity theft and get their bank accounts cleaned out because some nefarious people exploited the backdoors.
People in the DOJ have more options available to them if they choose to try to find or punish an identity thief than the general public.
Also, the direct fear of not being able to do your job because of strong encryption is more focused than a nebulous fear of possible identity theft.
I've known a few cops and they all have stories that are hard to hear and are worse than what you hear on most true crime shows. I assume access to high level intelligence involves endlessly seeing cases where people were caught attempting to purchase weapons grade nuclear materials, endless plots that never happened but are very scary to read about, etc.
That being said, it is bias and it shouldn't be allowed to unilaterally influence politics. Banning strong encryption is both impractical and destructive to our society and economy.
https://en.wikipedia.org/wiki/Clipper_chip
"But terrorists will just ignore the law" is a bad argument. It ignores the fact that the ban still increases the power of the government to act against terrorists. The problem with the law isn't that it's useless against terrorists. The problem is that it also increases the power of the government against the innocent, and possibly the power of some non-governmental criminals as well (depending on implementation).
A problem could be that people in general don't care about: "increases the power of the government against the innocent" -- because that's a theoretical problem in the "distant" future?
Personally I think the US gov getting too much power and gradually in small steps get access to "everyone's" communication, is like 1000 times more dangerous than "encrypted terrorism messages",
and, what can be a good way to make people in general better understand the risks & dangers with small steps towards a dictatorship? Maybe if everyone reads 1984 :- / or if everyone was better educated about what happens if you're in China an critizise the government there?
I didn't mean literally all lawmakers etc (although that's what I wrote). The next time I can try to write "some of them" instead.
I think I have more to fear from the government than I do from the types of criminals that encryption backdoors would thwart.
There's already freaking 1% of the population in jail; how many more do these assholes want to imprison?
The Philadelphia DA Larry Krasner is setting a fine example we all need to take note of.
I think that the only way agencies were able to keep postponing the end of the Patriot act and related laws ( https://en.wikipedia.org/wiki/Patriot_Act ) is presenting massive evidence to the congress of the tragedies they were able to avoid with the power granted by those laws.
Somebody that was publicly martyred by a country of great power makes more noise than a war that was avoided.
Weakening strong cryptography is not the solution but I think we sometimes grossly underestimate the other face of the coin.
The fact that we don't suggests either that (1) backdoors aren't that essential to thwart them or (2) there are no such regular massive attacks.
Further, as people like the US Attorney General helps to publicize those backdoors, more criminals will choose alternative messaging systems (fewer of which are backdoored), making the US less safe.
Sure, because we're never told. And you know what? Maybe there's good reasons. But "we can't tell you why, but trust us, it's super effective!" isn't enough of an argument.
Law enforcement seems overeager to label anything and everything terrorism if they possibly can. For instance, someone at my previous workplace vandalized prod in a fit of rage when he left and they called it terrorism because the system had utility companies as customers. Why would law enforcement be so interested in juicing their terrorism numbers if the real thing was plentiful?
My hypothesis: real terrorism isn't plentiful, but the budget to go after it became plentiful after 9/11, and the people who benefit from the budget do what they can to keep it that way. Erosion of freedoms and judicial overreach are side-effects.
It is easy to see that the risk is that if plaintext data is available, the data can be mined for a lot of other purposes including illegal or not ethical ones. It is also possible that eventually that data could leak to the wrong entities.
And yes, in any big organization, the left hand may not know what the right hand is doing and, while one is concern in matters of public safety, the other may be primary concerned with the hegemony of its own power.
So it is complex.
But just assuming that you do not need them and they are just evil is a massive over generalization.
Fine, but assuming that they'll abuse any amount of power given is completely reasonable, in light of plentiful examples in the past.
Aren't the ones we hear of are the ones where the FBI set the whole scenario up?
I mildly prefer the "neither confirm nor deny" responses https://en.wikipedia.org/wiki/Glomar_response
I am not an expert but I think the general feeling most of people have is we are hearing a lot of constructed lies. Is there a list of stories told to the public that were proven to be lies? Did they even come out and say "Yes, we lied and this is why..." ?
I'd like to see more of that made public.
Renewal: The best case is it foils a terrorist attack. The worst case (Snowden) has already occurred.
Nonrenewal: The best case is no terrorist attacks. The worst case is a terrorist attack that may have been prevented with Patriot Act level wiretapping.
No one wants to be blamed for a terrorist attack at the next election so the Patriot Act is renewed.
Most of the recent attacks in America were carried out by lone-wolf far-right extremists. Some of the ones who were caught were actual government employees.
Furthermore, there's more to fear than someone spraying bullets into a crowd; ICE is performing 3am Gestapo raids and imprisoning citizens.
So you bet your ass I'm more afraid of the government than a guy driving a semi-truck. The government can hurt more people in a day than a terror group can in a year.
The reality is that we should be just as concerned by a guy blowing up a truck at the Apple Store as we should about ICE raids at 3 in the morning. With both right wing terrorists and the government, scope creep has a way of ensnaring us all eventually.
Same is true of any terrorist, and any government.
So look, the question is not: Whether or not compromising my personal privacy will bring me more or less security? But rather the question is: Whether or not compromising my personal privacy is consistent with American Ideals?
I say no. So in my personal opinion we, as a nation, have no business mandating that people compromise their personal privacy.
I can't be the only person completely unconcerned by events like this taking place. And I'm not someone without copious anxiety in their life.
I disagree.
> With both right wing terrorists and the government, scope creep has a way of ensnaring us all eventually.
What's an example of a terrorist group's scope creep?
> So look, the question is not: Whether or not compromising my personal privacy will bring me more or less security? But rather the question is: Whether or not compromising my personal privacy is consistent with American Ideals?
Disagree.
> So in my personal opinion we, as a nation, have no business mandating that people compromise their personal privacy.
Agree.
Good talk.
/s?
Also: https://en.m.wikipedia.org/wiki/Association_of_German_Nation...
Of course. But we need to remind myself this: what it is the probability that they are going to willingly hurt innocent people on a massive scale at the moment?
Aligned with your comment:
I have to admit that one of my paranoid fears is that this will change in the future and who is supposed to protect us is actually going to be our enemy. This was also one of the founding fathers.I guess, we are in a good company.
History is full of examples of good kings that die and their successors are very wicked men.
At the moment I think that "being able to find out what they need to" is net positive for the world ( see https://news.ycombinator.com/item?id=20509347 ) but what really bother me is that if in a future (hopefully remote) this change, there is no way to undo the past.
From my prospective the security that they are able to provide because of being able to tap in any conversation and the risk of citizen data being used against innocent people is clearly a huge compromise.
How can a man even hold both of those viewpoints?
Well, given that they're doing it now, I'd say somewhere near 100%.
So the argument goes, you should focus on the much more direct and practical impact that laws & politics can have on your life.
Just because they opted to go with low-hanging fruit doesn't mean the fruit needs to be low-hanging for them to make use of it.
Untested hypothesis: what we consider to be trivial, politicians consider to be advanced magic.
Alternative hypothesis: politicians understand the skill level required perfectly, but they also have good reason to believe the terrorists are complete morons who wouldn’t be able to find, generate, or use a one-time pad if their life depended on it (and in this case their life literally would depend on it).
> “You will deal with a person who doesn’t have those clearances only from the point of view of what you want him to believe and what impression you want him to go away with, since you’ll have to lie carefully to him about what you know. In effect, you will have to manipulate him. You’ll give up trying to assess what he has to say. The danger is, you’ll become something like a moron. You’ll become incapable of learning from most people in the world, no matter how much experience they may have in their particular areas that may be much greater than yours.”
https://www.motherjones.com/kevin-drum/2010/02/daniel-ellsbe...
It might be less of a red flag if regulation was likely to be able to prevent terrorists from using encrypted communication technology, but that's absurd as long as we have general-purpose computers and access to the open internet.
Personally, I fear all advancements it cryptology will be classified in the future.
Well, it's hacker news, so let me pull a word we like to bandy about: "scale".
"We need pervasive surveillance to protect you from the cannibals we imported to lower your salaries, peasants."
Two things about this odd quote, which dances on the edge of the Orwellian "nothing to hide" argument:
1. I'd put the odds that current president has in fact stored the nuclear launch codes on a "consumer product" at 50:50. He's shown a shocking disregard and disdain for protocol. The way in which diplomacy is carried out through Twitter suggests he's not capable of evaluating the threats posed his uses of consumer-grade technology.
2. Barr assumes a threat model involving petty criminals. The real threat is the US federal government, which has demonstrated repeated disregard, under multiple administrations, for search and seizure boundaries set by the Constitution.
One can store material inappropriately even without authorisation.
The launch codes are used by the president. If a party has access to data then that data can be replicated and stored anywhere else that party can access.
The president is the authority that decides how the codes are stored, they exist primarily for his use.
Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
The governor was blocking this, because the Penn family, which owned a lot of Pennsylvania land, objected. The Penn family did recognize the need for defense (although they were largely absentee landlords so not in personal danger), and offered to donate a lump sum for the arms if the legislator would agree that it did not have the power to tax Penn land.
Franklin's quote was in a letter he wrote to the governor arguing for rejection of this offer.
The "essential Liberty" he was referring to was the liberty of the legislature to legislate how it saw fit, including taxing Penn land to pay for security, and the "purchase a little temporary Safety" was the one time lump sum for arms.
That was in 1755. He did re-use the phrase 20 years later in 1775 in a more general context, closer to what people quote it for nowadays.
But it turns out that his opinion of what constitutes security and safety is completely opposite my own.
So that's really a bit of a non-starter. I would say that Franklin has more credibility however; if only because of the man's legendary common sense.
I'll also point out, Franklin's sentiment can be traced back to the principle that "Vigilia aeterna est pretium libertatis". A consequence of which is, sorry Mr. Barr. Tell your police to do some actual investigative work. It is not the job of the populace to relinquish essential liberty to make tyranny in the making that much further realized.
It is what we do with our Liberty that elevates us as angels, or drops us to the level of daemonic debasement.
Law enforcement needs to understand their job should never be made trivial as their very existence in and of itself is as the sole means to rescension of that which culturally we value most; hich should absolutely be as burdensome a process as possible in the light of what is being taken.
Never mind that making unbackdoored encryption illegal just adds a token charge to a long list of other charges, which to me is an absolute anti-pattern, of the same level as most firearm regulation in light of the second amendment; which I'll admit to being a bit of a hard-liner on.
My 2 cents.
To this day the United States Munitions List, classifies cryptographic devices under Category XIII Materials and Miscellaneous Articles.
All the way back to the pre-constitution 1784 Virgina General Assembly, to some extent recognizes the need for secure communications channels in a militia. "There shall be a private muster of every company once in every three months", and setting forth those in charge of initiating and communicating the time and place of the muster.
People often focus on the first amendment right to encryption. But I at least feel that the second amendment right is equally strong, with the governments own position on arms control behind it, legal interpretation should if anything not tolerate it's own inconsistency.
William Barr is none of these thing.
One is a person with a well-earned a reputation, the other.. well you get the point.
Yes
>An argument from authority, also called an appeal to authority, or argumentum ad verecundiam, is a form of defeasible argument in which a claimed authority's support is used as evidence for an argument's conclusion
You're not defending the point logically; you're only supporting argument is that someone with a good reputation supports it as well.
He absolutely is
The annoying thing about "logical fallacies" is that if anyone season argument they disagree with that resembles a "fallacy", that quote it and act like theyve won.
He is not saying that everything Benjamin Franklin has ever said is true. Obviously. However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct. That's not what an appeal to Authority is
Show me where that happened.
>The annoying thing about "logical fallacies" is that if anyone season argument they disagree with that resembles a "fallacy", that quote it and act like theyve won.
That is annoying and I agree, but that's not what's going on here.
>He is not saying that everything Benjamin Franklin has ever said is true.
No one said he was.
>However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct.
No it doesn't. It absolutely _does not_. Reputation isn't irrelevant in so far as it lends credibility to a person's statements, but the discussion doesn't stop there. If you're going to defend a quote then defend it. Saying "this is true because X is trustworthy and Y is an 'evil schmuck'" is not an argument.
If this is not a prime example of Appeal to Authority then show me why it's not and provide an example. You're just throwing out your opinions as if they were fact.
...huh?
>If all parties agree on the reliability of an authority in the given context it becomes a valid inductive argument.
No, it doesn't. Why do you believe that? How do you feel about quantum mechanics? Do you realize that Einstein fought tooth and nail against it for years?
>Otherwise every Citation or Source or Bibliography would be a "logical fallacy".
Citations link to works, not authorities. A citation may link to, say, an academic paper which provides evidence to support its assertions. No one is linking to random comments made by so-called authorities, that would never be accepted (unless the citation was to literally show that a quote is legitimate, i.e., made by the person claimed to have made it.)
I'd also like to point out you have yet to provide a single fact in support of anything you're saying.
Great! I didnt say that and neither did the gp you originally replied to. Whats your point?
That's you as you seem to have forgotten.
Are you actually trying to argue you can't tell the opinion of children and subject matter experts apart because gathering evidence based on reputation is a logical fallacy?
But if people disagree they can go ride a bike without a helmet, people in the transplant list will thank you.
https://news.ycombinator.com/newsguidelines.html
I don't think opinions of people who were born before telegraphs matter much in today's political discourse. Basically, it boils down to, "I found a quote I agree with, and when I attach $(some famous dead person)'s name on to it, it sounds really great and authoritative."
He also didn't think much of private property.
[1] http://press-pubs.uchicago.edu/founders/documents/v1ch16s12....
If you take someone else's property for your own use by force without their permission, they are perfectly justified in using force to take your property without your permission. That is the fundamental natural law which underlies property rights, as well as all other natural rights: reciprocation. It doesn't matter who the property belongs to, how much other property they have, or who is doing the taking.
If you take someone's property without their permission there are three possibilities: (1) you admit that it's wrong and deserving of punishment; (2) you claim that taking property without permission is universally right (i.e. that there are no property rights), in which case you can't complain when others take your property; or (3) you claim that rights are not universal, in which case others can claim the right to take your property just as easily as you claim the right to take theirs. Whichever path you choose, the act of theft justifies its own proportional punishment. The same reasoning applies to any other natural right, as they are all based on the principle of reciprocation.
This is neither the time nor the place, but if you're interested in a more complete treatment of the topic I would recommend this paper: http://www.mises.org/journals/jls/12_1/12_1_3.pdf
It doesn't matter whether or not I agree with you or Franklin (or neither) here - I was noting that your attempt at pointing out his "error" is itself logically flawed and does not demonstrate any such error on his part.
I should hope that this argument is not "unique", since it's just an application of basic logic, and I really couldn't care less whether the conclusions are universally accepted. The logic is sound whether you accept it or not.
I think this has run its course, it’s not a good media to get into something like this at depth.
> Was he some sort of fundamentalist anarchist?
The quote plainly refutes that idea.
Though I would agree it's a quote of triteness and "just so" convenience that gets massively abused.
You don't even need "backdoors" in encryption. Existing lawful-intercept on Slack, Discord, Facebook, Google and all the wireless carriers will net just about anything you could ever want to know.
The last time I saw this matter being discussed here, tptacek was getting pretty upset at people who were suggesting that baseband processors presented a security threat. He's a security expert with a reputation to uphold so I expect he's probably right, but I would still like to see a detailed explanation of why he's right.
For a reason I don't understand, this topic seems to illicit a lot of insults, when calmly assuaging fears would doubtlessly be more effective.
I was under the impression that iMessage was end-end encrypted. So unless Apple has a secret backdoor built into their systems, nobody should be able to access those messages correct? Wireless carriers are just sending my encrypted messages over their networks.
What am I missing?
Do you believe my cell service provider could decrypt my HTTPS connections to my bank?
Since cellphones have a BMC that isn't user owned, which does have access to the full system memory (rather than being an isolated peripheral modem), and since OTA firmware updates can be pushed by the "infrastructure" (including fake 'towers' setup by TLAs, criminal hackers of other sorts, and hobbyists) containing code to compromise and silently ex-filtrate any data (including those keys, or even just the conversation directly); it is an inherently insecure environment.
This needs to be from the PCB traces, all of the component tolerances, all of the chips, all of the firmware (even the ROMs that are actually baked in ROMs on the chips), the bootloader, OS, and entire userland.
This is required not just for the host system but also the human interfaces and peripherals.
I hope we will be able to reach that point with a RISKV system at some point; but the various proprietary interfaces that require licences for implementation/etc might make this problematic. I am for standards, preferably completely free, but FRAND and non-restrictive on meeting the above goals might be good enough. The platform has to be fully open-book, but some of that book can be covered by reproduction limitations for a limited time. (I'd prefer standard patent duration at most, as this stuff NEEDS to become the digital version of paper at some point; and within my lifetime would be nice.)
To answer to that. Maybe the problem is in those hardwares and operating systems that do not have backdoors?
If you can read your message history from an iPhone, Apple is just one silent update away from reading it as well.
I don't think you understand what end-to-end means.
So he's right theres no such thing as true end to end on common cell phones.
That's kind of what HDCP is, so it could be done on an embedded display too.
Hardly the only application though, is it?
I do not find that this comment proven, neither in your profile, nor in the context of this thread.
Unfortunately such a mechanism requires that we trust the government. That trust was broken with the Revelations from Snowden.
For now, the average citizen fears the government more than criminals and this is the easy calculation folks are making and will continue to make at the ballot box.
-An American
Snowden provided evidence (to the fourth estate) proving that trust has been already been broken.
The only place they seem to have gotten their way is anti-counterfitting thats injected into scanner silicon.
" From the moment Diffie and Hellman published their findings in 1976, the National Security Agency's crypto monopoly was effectively terminated. In short order, three M.I.T. mathematicians -- Ronald L. Rivest, Adi Shamir and Leonard M. Adleman -- developed a system with which to put the Diffie and Hellman findings into practice. It was known by their initials, RSA. It seemed capable of creating codes that even the N.S.A. could not break. They formed a company to sell their new system; it was only a matter of time before thousands and then millions of people began using strong encryption.
That was the National Security Agency's greatest nightmare. Every company, every citizen now had routine access to the sorts of cryptographic technology.....
The genie was out of the bottle. Next question: Could the genie be made to wear a leash and collar? Enter the Clipper chip."
[1] https://www.nytimes.com/1994/06/12/magazine/battle-of-the-cl...
Leash and collar indeed...
My impression is the NSA of today is very different than that of the 70s and 80s.
And I expect some would argue that the "slight incremental" and "massive" are incorrectly placed in that statement.
There's a good reason not to use encryption schemes that have backdoors, they aren't safe and this pull quote betrays the fact that Barr knows that.
I'd be willing to wager that the government isn't going to use backdoor-able encryption because the risk of failure is too great. While not being critical to national security, safety in storing your medical, financial records and your conversations with other is mission critical to citizens. Hopefully folks on capital hill see that.
They aren't going to see it. The government will just use the non-backdoored version. If a company gets its data popped because of the backdoor, the government will just blame the company, or it's acceptable losses because they catch some bad guys.
Everyone should be super, super, super pessimistic that attempts like these will be handled in the interests of citizens.
If you ask the government to do something impossible, such as provide COMPLETE safety and security, they will try to do that. I think the news media bears some responsibility in this regard, as they always blame or call out whatever agency that fails to maintain safety and security, thus leading to severe measures to try to mitigate the previous failure.
Cryptography technology is public knowledge now; there's no putting the cat back in the bag, so now it's about making the non-government approved use of it criminal / basis to assume guilt.
[1] https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
Australian Federal police are busy attacking journalists right now for exposing a coverup of their soldiers murdering children.
Americans should fight this with everything they have.
Make no mistake, the "free" world is well on its way to becoming a surveillance dystopia.
The nazis could only have dreamed about having the secret and unfettered surveillance apparatus politicians have created, and they are targeting that apparatus towards journalists and citizens.
It's not about terrorists or pedophiles, it's about you and I, and anyone else who could potentially expose government or military incompetence/wrongdoing.
Basically, the only way to really hide data is to either use steganography, or to use an unapproved data-transfer protocol (and using unapproved protocols can be banned).
The exact quote is:
"Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety"
I'm purely making a statement on the article title.
When the government stops caring about my race, where my ancestors came from, my sexual orientation, my religion, my gender, my political leanings, and probably a few more I'm forgetting, and puts robust steps in place to ensure that it won't start caring about them again later, then maybe I'll consider entertaining the idea of allowing the government to peek at my messages.
[1]: https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
Most encryption software (including crypto libraries) is open source. Is he proposing banning open source or just mandating that it only be distributed as binaries by compromised companies?
Does he, and does anyone else proposing this, have the slightest notion what banning good encryption would actually entail?
- ban all Internet traffic that uses non-backdoored encryption (all ISPs would be required to report it)
- ban all amateur radio equipment, including all products one could use to build a satellite dish (like aluminium foil?..); keep a fleet of radio-direction-finding vans circling the streets
Eventually, maybe also ban general-purpose non-backdoored computers.
Ban random data ?
And ban the universe from being quantum ?
Talk about putting the cart before the horse! The USA is made of people, not hardware.
In other words, I think the "ticking time bomb" scenario often used to justify a backdoor is a fallacy. If the government really wanted or needed to, they could easily decrypt or break into a device (rubber hose method comes to mind).
Don't let fear rule your life, and convince others not to as well. That is our job.
And also no matter how much regulation and monitoring there is a big risk from government employees. It will be exploited by others.
And at the end of day, criminals are going to find a solution for themselves when they have to and this will only leave people vulnerable. And usually government itself will use a different tech for obvious reasons and leaves this for citizens only.
TC piece takes a way to harsh stance. He made some good points in there.
It's also useful for recovering data that the user has forgotten their self set passphrase or wont share it in case of a hostile ex employee. Furthermore one can have multiple passphrases and revoke one if it is known to be compromised.
For the governments concept on it see "key escrow" and the clipper chip fiasco
https://en.wikipedia.org/wiki/Clipper_chip
Problems are legion and multifaceted. To put it briefly based on past actions no reasonable party would trust the US government to be respectful of their rights and privacy nor even competent enough to keep a secret.
It would force the entire world of computer security to be shackled and standardized upon what an incompetent bureaucracy understands and it would be a disaster inside a year.
If one recalls a lot of current woes with malware can be traced back to one of their geniuses that took home a hard drive full of tools and lost it all to the bad guys.
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-balti...
If a golden key that unlocked everything in existence came into being it would be in the hands of state actors within 30 days and everywhere next year.
It has always required monumental arrogance and profound lack of foresight to suggest we should backdoor all security for the benefit of the keystone cops and their current fearless leader Sergeant Shultz here.
As the iconic tv character used to say "I know nothing. Nothing!!"
I don't like it as much as anyone else, but unfortunately I think this is viable in practice. Of course, nothing stops you, a hacker, from using non-backdoored encryption, but government is fine with that, as long as Google, Apple, Facebook etc. are forced to use backdoors.
Which just goes to show that this isn't actually about catching hardened criminals (who will just use non-backdoored encryption, either alone or layered on top of the compromised channels) but rather about enabling pervasive surveillance of ordinary citizens.
But yes, I think that there are lower-hanging fruits available for pick up here. I wish we lived in a reality where backdooring encryption was the best available path to reduce crime.
If what these criminals are doing is causing actual harm then there must be sufficient offline physical evidence to track and convict them by without direct access to their communications networks. Far from reducing crime, the enforcement of compulsory backdoors would itself be a crime committed by the government against its own citizens on a massive scale.
Isn't that exactly the Clipper Chip scheme? The arguments against it are as valid now as they were then. If you haven't seen them before, they can be found at the 1997 paper "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", and its 2015 followup "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications".
Honest question, if I have a key that can unencrypt all of your data, why is it important that it not literally be your key?
The obvious drawback being the huge damage when a master key is inevitably leaked.
This is such a bad move the tragedy/comedy writes itself.
i'm interested in knowing the attitudes other governments have.