White House 'Responds' To Petition For Strong Encryption... By Asking For More Info From A Misspelled Ed Felten
from the say-what? dept
Earlier this year, the EFF's Rainey Reitman set up the SaveCrypto.org petition, which tied directly into the White House's We the People... petition site. The petition got the necessary 100,000 signatures to demand a response (though the White House isn't always good about doing that). And, now the White House has responded (sorta). The petition itself is pretty clear:Reject any law, policy, or mandate that would undermine our security.The response, on the other hand, is not clear at all. It just asks people to provide more info and says it's meeting with the people who put together the petition this week.
The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have disproportionate access to the keys to private data.
We demand privacy, security, and integrity for our communications and systems. As a public, we should be confident that the services we use haven’t been weakened or compromised by government mandate or pressure. No legislation, executive order, or private agreement with the government should undermine our rights.
Weakening encryption weakens the entire Internet. Please endorse strong encryption, and encourage other world leaders to do the same.
We want to hear from you on encryption:Now, there are all sorts of problems with this. First off, Reitman says that contrary to the claims made in the response, no one from the White House has contacted her or anyone else at EFF. So, that claim that the White House is sitting down with the creators of the petition is bogus.
Thank you for signing the petition on strong encryption and speaking out on this important national debate. As the President has said, "There's no scenario in which we don't want really strong encryption." It is critical that the government, the private sector, and other experts regularly engage to understand the impacts of encryption on national security, public health and safety, economic competitiveness, privacy, cybersecurity, and human rights around the world.
This conversation about encryption is also part of a broader conversation about what we, as a nation, can do to fight terrorism as it evolves online. That is why, in his address to the nation on Sunday, the President reiterated the Administration’s call for America’s technology community and law enforcement and counter-terrorism officials to work together to fight terrorism. American technologists have a unique perspective that makes them essential in finding new ways to combat it. They are the best and most creative in the world, and we need them to bring their expertise, innovation, and creativity to bear against the threat of terrorism.
This week, administration officials will sit down with the creators of this petition to hear directly from them about their priorities and concerns.
We also want to hear from you. Share your comments and questions here, and we'll report back after the meeting.
This is a critical conversation, and we want to hear from as many voices as we can.
Thanks again for your participation in We the People.
Second, while you should all go to that website and tell the White House what you think about strong encryption, it's absolutely ridiculous that anyone actually thinks that's necessary. The petition itself told the White House what they thought about encryption and that's that it's important in protecting our privacy and security and undermining it is dangerous with almost no real benefit. And, indeed, almost every technology expert who has opined on this subject has said the same thing -- including Ed Felten, the White House's Deputy CTO who supposedly co-wrote this response.
Except he didn't. Because not only does it not sound like him, the letter was actually signed by "Ed Felton" not Ed Felten:
Of course, I think we know which one of those two names actually wrote this non-response. But if that's the way the government is going to play the game, we might as well make use of the tools they've provided and let them know (yet again) about the importance of strong encryption without backdoors.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ed felten, encryption, going dark, petition, rainey reitman, we the people, white house
Companies: eff
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
Enough spin to power a city
There is no conversation.
Encryption is entirely binary, in that it's either secure for everyone, or secure for no-one.
The time for politeness is well past, and every single time someone tries to insist that if only the tech companies would try harder, or talk about it more they'd be able to create the magic golden keys being demanded, it needs to be pointed out that there is nothing to talk about, as they are asking for the impossible and know it.
When they stop lying, that is when a conversation can be started, but not one second before.
[ link to this | view in chronology ]
Re: Enough spin to power a city
• Tell 'em you don't understand why the head of our counter-intelligence agency(*) is demanding crap security.
• Tell 'em if the FBI director wants to subvert our counter-intelligence efforts, then we ought to take counter-intelligence responsibilities away from the FBI.
Just go on over to the White House and sock those people in the jaw.
(*) Yes, the FBI is supposedly our chief counter-intelligence agency.
[ link to this | view in chronology ]
Re: Enough spin to power a city
[ link to this | view in chronology ]
Re: Re: Enough spin to power a city
Is this really the best we can do as a response?
[ link to this | view in chronology ]
Re: Re: Re: Enough spin to power a city
[ link to this | view in chronology ]
Re: Enough spin to power a city
[ link to this | view in chronology ]
Re: Re: Enough spin to power a city
http://www.smbc-comics.com/?id=2429
:D
[ link to this | view in chronology ]
Re: Enough spin to power a city
[ link to this | view in chronology ]
Re: Enough spin to power a city
Besides: Most of the serious holes found in encryption are based on bad implementations.
Now, the "magic key" they are talking about is an illusion. Encryption strenght regulation would erode fast, type-regulation would spectacularly break with better mathematical understanding and compromising the implementation opens the box for incredible amounts of instant attack-vectors for criminals.
No matter how you define the intelligence vs cybercriminal, you end up with a law that would require several changes each year (Ridiculous in its own right!), a law that is an absolute gift for cybercriminals and/or an unworkable system.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: just reiterating "We want sciency-people to invent a backdoor that only good guys can use."
And then here's the (pun?) key: we make sure that THEY (the politicians) use that exact same encryption scheme as well. So when the key eventually leaks (as it will), we can all see exactly what they've really been saying.
After all, if they've got nothing to hide, they shouldn't mind a little "freedom of speech" forced out of their emails.
On the other hand, we've probably just put WikiLeaks out of business. And this'll stop most of the website hack attacks, since anyone can glean all you want from any emails.
Well, 1 out of 3 isn't bad -- good enough for government work, right?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Getting them to make any kind of an intelligent statement is a miracle these days.
[ link to this | view in chronology ]
Practical politics
We ought to show the administration, and those watching, that we have a ground game: That people care about this issue, and are motivated enough to speak out.
[ link to this | view in chronology ]
Re: Practical politics
"...we might as well make use of the tools they've provided and let them know (yet again) about the importance of strong encryption without backdoors."
That way the Executive branch has a list of folks (other than Tech Dirt readers), to refer to the proper list making bureaucrats, that they know need to be added to the No-fly No-guns No-rights Terror Watchlist.
Pesky encryption, free-speechy problem solved.
[ link to this | view in chronology ]
Re: Re: Practical politics
Never called your Congressman, have you? Never made any kind of public political statement that could be traced back to you?
If you're not on some kind of list already…
[ link to this | view in chronology ]
Re: Re: Re: Practical politics
-intoned the Anonymous Coward.
[ link to this | view in chronology ]
Re: Re: Re: Re: Practical politics
Look, if you're really that worried, then don't take a position on cutting the FBI's funding. You can just say something slightly more saccharine, and less likely to draw retaliation.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
My response to their 'call for responses'
In an attempt to provide insight, I feel talking specifically about technology is foolish, as clearly all those involved in the conversation for 'fixing' encryption to act against 'terrorists' are already so convinced of their argument talking about this in terms of internet technology is pointless.
Watching government hearings, it seems the government is fond of analogies, so please allow me a few.
What is being suggested by the government for the technology sector to do, is the equivalent of demanding every lock in the country be, or contain somewhere in its design, a simple pin and tumbler locking mechanism universally unlockable by a single Master Key.
This idea is implemented in many high schools which provide their own locks for students to use to secure their belongings in their lockers, and with an identical purpose. To keep out other students, while at the same time providing faculty a quick, easy method of searching student lockers for contraband and whatnot.
In practice, it allows clever and crafty students to pick the pin and tumbler 'master segment', by passing the infinitely more difficult combination lock mechanism entirely to access their fellow students belongings.
From here, I have PERSONALLY WITNESSED students use this capability to:
* Sneak contraband into the lockers of students they may hold a grudge against, so they may then 'Anonymously' inform the faculty of the students supposed misdeeds. Innocent students can be suspended, expelled, and possibly receive criminal records from well meaning deterrence policy by being framed.
* Steal from their fellow students. Everything from homework, reports,personal belongings, money, anything.
* Change the locks. To prevent students from accessing their own belongings, they may replace the lock with a far more durable, far less vulnerable and completely inaccessible lock, necessitating the school itself take means to remove it and allow the affected student access to their belongings again.
These are only a very small number of examples of what HAS happened in these situations. Now, let us apply them to encryption.
After bypassing the government 'Master Key', Backdoor, security vulnerability, good guy only all access pass or whatever else it is you wish to refer to the weakening of important personal security as, Terrorists, Cybercriminals and other horrible people will, with a little time and a few resources, be able to...
*Insert and disseminate without the authorisation or knowledge of the system owner illegal and felonious material before providing the always eager to protect law enforcement agencies with an 'anonymous tip' about child pornography, illicit copywritten material, proof of material support of ISIS and more, leading to felony convictions capable of not only incarcerating someone in excess of their current lifespan, but also bring about the destruction of their life and livelihood even should parole occur due to the previous false associations of guilt.
*Empty bank accounts, gain access to credit card information, copy personal data, access work related details and information and more. What is more, any transfer of the above to recognized terror groups such as ISIS can easily be construed as material support of a terror group,leading to felony convictions and serious jail time, simply for being robbed.
*Install new encryption tools. Simply because the government mandates use of weakened or compromised or 'improved for government access' encryption does not suddenly force existing tools and services to disappear. To prevent an individual realising what has been done with their systems before it is too late (convictions raised, etc), a proper, strong, inaccessible encryption system may be installed. This serves not only the purpose of locking out both the owner and law enforcement from the system, adding to the suspicion of guilt on the innocent party for 'use of banned or illegal encryption services' they themselves did not put on their system.
This does not even begin to address other constitutionally protected interests, such as the 5th amendment right to be secure against unlawful search and seizure.
In the above scenario, terrorists turn innocent citizens into dissidents simply by destroying their lives, an watching their own government turn the people against them.
An individual unjustly incarcerated due to the above scenarios is naturally going to lose faith in their own governments ability to discern good from evil. Worse, they themselves may feel that if living a good life got them where they are, there may be little point to TRYING to live a good life.
You yourselves provide material support to terrorists by acting out against your own people, and showing them that you are not a government to be trusted with the sanctity and security of this fine and great nation. You yourself create terrorists by enabling groups to more easily attack your citizens at home and at work. You yourself undermine your own security, and make your people less safe.
I implore you, I beg you, I PLEAD with you to understand the ramifications of what you are suggesting. This is not about allowing law enforcement access, it is about denying EVERYONE access unilaterally, and relying on actual investigation, not simply a ream of circumstantial and out of context evidence dredged from an ocean of data, to capture criminals.
As a law abiding citizen of this nation, I personally would rather CCTV cameras attached to every building in our nation, surveying every square inch of 'public' space for any sign of indecency.... than see encryption weakened and broken is so often suggested.
Worse, the long conversation about encryption not only weakens the methodology used to keep us safe, but time and time again insists on an ineffective and counter-productive solution in the face of working towards REAL solutions.
This conversation is the equivalent of attempting to dig through concrete with a plastic spoon. The people you reach out to for help repeatedly insist there are better ways to accomplish your goal, but all you ever ask for is a stronger plastic spoon.
If you truly care about your nation, your legacy as a government body, the trust and respect of your voting public, the security of your richest stakeholders and campaign contributors, and the operability of your nations impressive economic corporate powers.... you will stop demanding you know something everyone else does not, and LISTEN to the experts you bring in to advise and help you. The TECHNOLOGY experts. The ones expected to implement your plans.
I have worked in IT departments, and I recognize the governments behaviour in this field. When an IT department gets orders from upper management, they are devoid of understanding. They ask for a 'simple', vague, poorly worded theory of a contradictory instruction, like 'Make the network run faster, but don't expect a budget increase to cover it' or 'prepare the network infrastructure for the new offices, but only spend a quarter of what you tell us you need to do it', or my absolute favourite 'Don't bother with redundancies, it's a waste of money. Just fix stuff really fast when it breaks'.
You are smarter than this. You all are. I know you are.
Now act like it.
[ link to this | view in chronology ]
Re: My response to their 'call for responses'
Either way, the government only wants weaker encryption to make things more convenient for them. It's the concept of having your car unlock when your car key is within 5-10 feet of the door, but that opens up security issues like someone sending a signal to unlock the door. I've even heard of using extenders to get a nearby signal from the key, and send it much farther away to unlock the person's car. I don't know much about that, but both are very possible (creating the signal or extending it).
[ link to this | view in chronology ]
Re: Re: My response to their 'call for responses'
I fear saying 'I don't want to live here anymore' will get me arrested, tried as a terrorist, and thrown in jail for longer than child rapists and murders.
Yes, I fear discussing MY OWN COUNTRY, because any displeasure might be seen as dangerous extremism. I feel sick whenever I hear politicians try to call out civil atrocities in other nations like China because of the hipocracy. You know what? At least if I lived in China, I'd know what to expect.
Even Comcast, for all their horrible bullshit, can't physically prevent me from moving to an area serviced by another provider.
On to your second point.
I am aware the government wants convenience. That is what the term 'Terrorist' currently is. It is a convenient term long since stripped of any meaning to apply to someone the government doesn't like, but cannot manage to try or convict under any actual evidence or crime.
Are your neighbors keeping you up all night with their partying? Snag a payphone (those are still around, right?) and call in a terrorist meeting, saying you heard incomprehensible shouting and aggressive bantering. They'll get assaulted, taken in, ransacked, deprived of their rights, deprived of their possessions, and left sobbing and their lives destroyed. AND, you can finally get a good nights sleep.
Isn't that convenient?
Did one of your employees do something that ruined your companies reputation? Spin that as a Terrorist plot to affect the economic strength of the nation, and you don't need a reason anymore to fire the guy. Just let the feds pick them up.
Isn't that convenient?
The government has ALREADY proven they cannot responsibly handle convenience. We should be in no rush to give it to them.
[ link to this | view in chronology ]
Re: My response to their 'call for responses'
[ link to this | view in chronology ]
Re: Re: My response to their 'call for responses'
Before it was abolished, OTA was a Congressional agency, like CRS, CBO and GAO. So you would want to talk to your representative and senators about that.
This call for public comment is from the White House. The Office of Science and Technology Policy (OSTP) is part of the Executive Office of the President (EOP).
[ link to this | view in chronology ]
Echoing the sentiments of the article, I began my letter with "If the president truly believes that 'There's no scenario in which we don't want really strong encryption,' I don't understand what further discussion we need on this subject."
Thank you, btw, the Michael Chertoff/Hayden article from July 27th provided useful material for quoting. And the article including US wiretaps and how many encountered encryption last year was also useful.
The one quote I was looking for, but couldn't find (help?), was a quote I think I saw where Comey, despite all of his talk of bad actors going dark, says there effectively hasn't been anyone that has successfully evaded the FBI once they employ the other tools in their arsenal. Any help finding that or jogging my memory on what it is I'm actually thinking of would be appreciated.
[ link to this | view in chronology ]
Ed Felten [was Re: ]
You do know who Ed Felten is, don't you? Among other notable items, he used to blog frequently at Freedom-to-Tinker. He should be well-known to most of the Techdirt readership.
[ link to this | view in chronology ]
Re: Ed Felten [was Re: ]
Yeah, but that's Ed Felten. This was Ed Felton.
[ link to this | view in chronology ]
Re: Re: Ed Felten [was Re: ]
[ link to this | view in chronology ]
Re: Re: Ed Felten [was Re: ]
This confirmed here
https://www.whitehouse.gov/blog/2015/05/11/white-house-names-dr-ed-felten-deputy-us-chief-techno logy-officer
so we have no particular reason to believe it is NOT him - apart from the content.
[ link to this | view in chronology ]
Re: Re: Re: Ed Felten [was Re: ]
[ link to this | view in chronology ]
Re: Re: Ed Felten [was Re: ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
To end terrorism...
Start by telling people to not be afraid rather than emphasizing or actually manufacturing reasons to be afraid.
Stop killing people extra-judicially.
Stop denying and practicing illegal torture.
Stop trying to micromanage foreign governments and placing "US" friendly leaders who are more despotic than those they replace.
Stop spying on everybody in the world, it just pisses them off and makes them want to attack us more, both verbally and physically.
Practice what you preach instead of do as I say not as I do.
Be honest with yourselves in order to be honest with us, and we know, absolutely know, that you haven't been.
Be open and transparent instead of saying your open and transparent.
Stop using secret interpretations of secret laws in secret courts.
Follow your oaths of office and protect the constitution fully and faithfully, unlike what you are currently doing.
Likely there is more, but that is all I can think of at the moment. When people get as angry as I am right now, clear thinking gets less clear.
[ link to this | view in chronology ]
Re: To end terrorism...
You can't. Terrorism is a tactic. A war against terrorism is about as sensible as a war against ambush, or pincer movements.
You can have a war against an enemy - but then you have to identify the enemy and unfortunately the actual enemy in this case cannot be identified for political reasons. So, so long as that situation remains, there can be no solution.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Card-carrying technologist [was Re: ]
[ link to this | view in chronology ]
Re: Card-carrying technologist [was Re: ]
[ link to this | view in chronology ]
The people who aim for full access have proven again and again how they mishandle information and our trust.
Information has been used for profit, political purposes, expanded access to other agencies or law enforcements, and let us not forget: for passing around the office while laughing or looking up (ex)lovers.
You have taken our trust, ripped it to pieces, stomped on it. and lit it on fire, and now you just expect us to gather the ashes, somehow make it whole again and hand it over to you again?
You will have to work really hard to prove to alot of people that you are even mature enough to handle the power.
With the current direction, I find it hard to believe that it will ever happen.
[ link to this | view in chronology ]
QUIETLY Endorse Strong Encryption
Trump would blame encryption for his inability to find a foreign Obama birth certificate. (And a thousand Tea Party blogs would go "AHA!!!") Cruz would declare the daily Cryptoquote in his newspaper to be "ISIS indoctrination." Huckabee would rush to stand next to the first civil servant who used her religion to refuse to encrypt citizens' personal information. Chick-fil-A would proudly refuse to encrypt Visa information.
[ link to this | view in chronology ]
Re: QUIETLY Endorse Strong Encryption
If I'm to be perfectly honest... I'm kinda surprised he didn't just buy a forged birth certificate and claim Obama falsified his documentation.
[ link to this | view in chronology ]
Re: Re: QUIETLY Endorse Strong Encryption
It was also tried with John McCain during the 2008 election cycle. A birth certificate was shown in court "proving" he was born not in the Canal Zone, but outside it. It was shown to be a forgery.
Not that it would have mattered. While the Canal Zone and the Coco Solo Military base were US controlled, they were not considered US territory either. (Nor are other overseas US bases.) McCain was born a US national - but not a US citizen - thanks to his US parents. He got his citizenship when Congress changed the rules 11 months after he was born.
[ link to this | view in chronology ]
Re: QUIETLY Endorse Strong Encryption
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Ooh. Buzzword salad.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Why don't we wait until it evolves into a life form
[ link to this | view in chronology ]