President Obama Is Wrong On Encryption; Claims The Realist View Is 'Absolutist'
from the get-real dept
If you watch that, the President is basically doing the same thing as all the Presidential candidates, stating that there's some sort of equivalency on both sides of the debate and that we need to find some sort of "balanced" solution short of strong encryption that will somehow let in law enforcement in some cases.
This is wrong. This is ignorant.
To his at least marginal credit, the President (unlike basically all of the Presidential candidates) did seem to acknowledge the arguments of the crypto community, but then tells them all that they're wrong. In some ways, this may be slightly better than those who don't even understand the actual issues at all, but it's still problematic.
Let's go through this line by line.
All of us value our privacy. And this is a society that is built on a Constitution and a Bill of Rights and a healthy skepticism about overreaching government power. Before smartphones were invented, and to this day, if there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear at your doorstep and say 'we have a warrant to search your home' and they can go into your bedroom to rifle through your underwear to see if there's any evidence of wrongdoing.Again, this is overstating the past and understating today's reality. Yes, you could always get a warrant to go "rifle through" someone's underwear, if you could present probable cause that such a search was reasonable to a judge. But that does not mean that the invention of smartphones really changed things so dramatically as President Obama presents here. For one, there has always been information that was inaccessible -- such as information that came from an in-person conversation or information in our brains or information that has been destroyed.
In fact, as lots of people have noted, today law enforcement has much more recorded evidence that it can obtain, totally unrelated to the encryption issue. This includes things like location information or information on people you called. That information used to not be available at all. So it's hellishly misleading to pretend that we've entered some new world of darkness for law enforcement when the reality is that the world is much, much brighter.
And we agree on that. Because we recognize that just like all our other rights, freedom of speech, freedom of religion, etc. there are going to be some constraints that we impose in order to make sure that we are safe, secure and living in a civilized society. Now technology is evolving so rapidly that new questions are being asked. And I am of the view that there are very real reasons why we want to make sure that government cannot just willy nilly get into everyone's iPhones, or smartphones, that are full of very personal information and very personal data. And, let's face it, the whole Snowden disclosure episode elevated people's suspicions of this.Again, at least some marginal kudos for admitting that this latest round was brought on by "excesses" (though we'd argue that it was actually unconstitutional, rather than mere overreach). And nice of him to admit that Snowden actually did reveal such "excesses." Of course, that raises a separate question: Why is Obama still trying to prosecute Snowden when he's just admitted that what Snowden did was clearly whistleblowing, in revealing questionable spying?
[...]
That was a real issue. I will say, by the way, that -- and I don't want to go to far afield -- but the Snowden issue, vastly overstated the dangers to US citizens in terms of spying. Because the fact of the matter is that actually that our intelligence agencies are pretty scrupulous about US persons -- people on US soil. What those disclosures did identify were excesses overseas with respect to people who are not in this country. A lot of those have been fixed. Don't take my word for it -- there was a panel that was constituted that just graded all the reforms that we set up to avoid those charges. But I understand that that raised suspicions.
Also, the President is simply wrong that it was just about issues involving non-US persons. The major reform that has taken place wasn't about US persons at all, but rather about Section 215 of the PATRIOT Act, which was used almost entirely on US persons to collect all their phone records. So it's unclear why the President is pretending otherwise. The stuff outside of the US is governed by Executive Order 12333, and there's been completely no evidence that the President has changed that at all. I do agree, to some extent, that many do believe in an exaggerated view of NSA surveillance, and that's distracting. But the underlying issues about legality and constitutionality -- and the possibilities for abuse -- absolutely remain.
But none of that actually has to do with the encryption fight, beyond the recognition -- accurately -- that the government's actions, revealed by Snowden, caused many to take these issues more seriously. And, on that note, it would have been at least a little more accurate for the President to recognize that it wasn't Snowden who brought this on the government, but the government itself by doing what it was doing.
So we're concerned about privacy. We don't want government to be looking through everybody's phones willy-nilly, without any kind of oversight or probable cause or a clear sense that it's targeted who might be a wrongdoer.The answer to those questions in that final paragraph are through good old fashioned detective work. In a time before smartphones, detectives were still able to catch child pornographers or disrupt terrorist plots. And, in some cases, the government failed to stop either of those things. But it wasn't because strong enforcement stymied them, but because there are always going to be some plots that people are able to get away with. We shouldn't undermine our entire security setup just because there are some bad people out there. In fact, that makes us less safe.
What makes it even more complicated is that we also want really strong encryption. Because part of us preventing terrorism or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitalized is that hackers, state or non-state, can just get in there and mess them up.
So we've got two values. Both of which are important.... And the question we now have to ask is, if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there's no key. There's no door at all. Then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available to even do simple things like tax enforcement? Because if, in fact, you can't crack that at all, government can't get in, then everybody's walking around with a Swiss bank account in their pocket. So there has to be some concession to the need to be able get into that information somehow.
Also: tax enforcement? Tax enforcement? Are we really getting to the point that the government wants to argue that we need to break strong encryption to better enforce taxes? Really? Again, there are lots of ways to go after tax evasion. And, yes, there are lots of ways that people and companies try to hide money from the IRS. And sometimes they get away with it. To suddenly say that we should weaken encryption because the IRS isn't good enough at its job just seems... crazy.
Now, what folks who are on the encryption side will argue, is that any key, whatsoever, even if it starts off as just being directed at one device, could end up being used on every device. That's just the nature of these systems. That is a technical question. I am not a software engineer. It is, I think, technically true, but I think it can be overstated.This is the part that's most maddening of all. He almost gets the point right. He almost understands. The crypto community has been screaming from the hills for ages that introducing any kind of third party access to encryption weakens it for all, introducing vulnerabilities that ensure that those with malicious intent will get in much sooner than they would otherwise. The President is mixing up that argument with one of the other arguments in the Apple/FBI case, about whether it's about "one phone" or "all the phones."
But even assuming this slight mixup is a mistake, and that he does recognize the basics of the arguments from the tech community, to have him then say that this "can be overstated" is crazy. A bunch of cryptography experts -- including some who used to work for Obama -- laid out in a detailed paper the risks of undermining encryption. To brush that aside as some sort of rhetorical hyperbole -- to brush aside the realities of cryptography and math -- is just crazy.
Encryption expert Matt Blaze (whose research basically helped win Crypto War 1.0) responded to this argument by noting that the "nerd harder, nerds" argument fundamentally misunderstands the issue:
Figuring out how to build the reliable, secure systems required to "compromise" on crypto has long been a central problem in CS.
— matt blaze (@mattblaze) March 11, 2016
It's not like no one has thought about this problem before. It's a fundamentally difficult problem, and it won't be solved anytime soon.
— matt blaze (@mattblaze) March 11, 2016
It's not just that we don't know how to do crypto backdoors perfectly, it's that we don't even know how to do them non-disasterously.
— matt blaze (@mattblaze) March 11, 2016
We can't discuss how to make our systems secure with backdoors until we can figure out how to do it WITHOUT backdoors.
— matt blaze (@mattblaze) March 11, 2016
So the question now becomes that, we as a society, setting aside the specific case between the FBI and Apple, setting aside the commercial interests, the concerns about what could the Chinese government do with this, even if we trust the US government. Setting aside all those questions, we're going to have to make some decisions about how do we balance these respective risks. And I've got a bunch of smart people, sitting there, talking about it, thinking about it. We have engaged the tech community, aggressively, to help solve this problem. My conclusions so far is that you cannot take an absolutist view on this. So if your argument is "strong encryption no matter what, and we can and should in fact create black boxes," that, I think, does not strike the kind of balance that we have lived with for 200, 300 years. And it's fetishizing our phones above every other value. And that can't be the right answer.This is not an absolutist view. It is not an absolutist view to say that anything you do to weaken the security of phones creates disastrous consequences for overall security, far beyond the privacy of individuals holding those phones. And, as Julian Sanchez rightly notes, it's ridiculous that it's the status quo on the previous compromise that is now being framed as an "absolutist" position:
CALEA--with obligations on telecoms to assist, but user-side encryption protected--WAS the compromise. Now that's "absolutism".
— Julian Sanchez (@normative) March 11, 2016
Also, the idea that this is about "fetishizing our phones" is ridiculous. No one is even remotely suggesting that. No one is even suggesting -- as Obama hints -- that this is about making phones "above and beyond" what other situations are. It's entirely about the nature of computer security and how it works. It's about the risks to our security in creating deliberate vulnerabilities in our technologies. To frame that as "fetishizing our phones" is insulting.
There's a reason why the NSA didn't want President Obama to carry a Blackberry when he first became President. And there's a reason the President wanted a secure Blackberry. And it's not because of fetishism in any way, shape or form. It's because securing data on phones is freaking hard and it's a constant battle. And anything that weakens the security puts people in harm's way.
I suspect that the answer is going to come down to how do we create a system where the encryption is as strong as possible. The key is as secure as possible. It is accessible by the smallest number of people possible for a subset of issues that we agree are important. How we design that is not something that I have the expertise to do. I am way on the civil liberties side of this thing. Bill McCraven will tell you that I anguish a lot over the decisions we make over how to keep this country safe. And I am not interested in overthrowing the values that have made us an exceptional and great nation, simply for expediency. But the dangers are real. Maintaining law and order and a civilized society is important. Protecting our kids is important.You suspect wrong. Because while your position sounds reasonable and "balanced" (and I've seen some in the press describe President Obama's position here as "realist"), it's actually dangerous. This is the problem. The President is discussing this like it's a political issue rather than a technological/math issue. People aren't angry about this because they're "extremists" or "absolutists" or people who "don't want to compromise." They're screaming about this because "the compromise" solution is dangerous. If there really were a way to have strong encryption with a secure key where only a small number of people could get in on key issues, then that would be great.
But the key point that all of the experts keep stressing is: that's not reality. So, no the President's not being a "realist." He's being the opposite.
So I would just caution against taking an absolutist perspective on this. Because we make compromises all the time. I haven't flown commercial in a while, but my understanding is that it's not great fun going through security. But we make the concession because -- it's a big intrusion on our privacy -- but we recognize that it is important. We have stops for drunk drivers. It's an intrusion. But we think it's the right thing to do. And this notion that somehow our data is different and can be walled off from those other trade-offs we make, I believe is incorrect.Again, this is not about "making compromises" or some sort of political perspective. And the people arguing for strong encryption aren't being "absolutist" about it because they're unwilling to compromise. They're saying that the "compromise" solution means undermining the very basis of how we do security and putting everyone at much greater risk. That's ethically horrific.
And, also, no one is saying that "data is different." There has always been information that is "walled off." What people are saying is that one consequence of strong encryption is that it has to mean that law enforcement is kept out of that information too. That does not mean they can't solve crimes in other ways. It does not mean that they don't get access to lots and lots of other information. It just means that this kind of content is harder to access, because we need it to be harder to access to protect everyone.
It's not security v. privacy. It's security v. security, where the security the FBI is fighting for is to stop the 1 in a billion attack and the security everyone else wants is to prevent much more likely and potentially much more devastating attacks. Meanwhile, of all the things for the President to cite as an analogy, TSA security theater may be the worst. Very few people think it's okay, especially since it's been shown to be a joke. Setting that up as the precedent for breaking strong encryption is... crazy. And, on top of that, using the combination of TSA security and DUI checkpoints as evidence for why we should break strong encryption with backdoors again fails to recognize the issue at hand. Neither of those undermine an entire security setup.
We do have to make sure, given the power of the internet and how much our lives are digitalized, that it is narrow and that it is constrained and that there's oversight. And I'm confident this is something that we can solve, but we're going to need the tech community, software designers, people who care deeply about this stuff, to help us solve it. Because what will happen is, if everybody goes to their respective corners, and the tech community says "you know what, either we have strong perfect encryption, or else it's Big Brother and Orwellian world," what you'll find is that after something really bad happens, the politics of this will swing and it will become sloppy and rushed and it will go through Congress in ways that have not been thought through. And then you really will have dangers to our civil liberties, because the people who understand this best, and who care most about privacy and civil liberties have disengaged, or have taken a position that is not sustainable for the general public as a whole over time.I have a lot of trouble with the President's line about everyone going to "their respective corners," as it suggests a ridiculous sort of tribalism in which the natural state is the tech industry against the government and even suggests that the tech industry doesn't care about stopping terrorism or child pornographers. That, of course, is ridiculous. It's got nothing to do with "our team." It has to do with the simple realities of encryption and the fact that what the President is suggesting is dangerous.
Furthermore, it's not necessarily the "Orwellian/big brother" issue that people are afraid of. That's a red herring from the "privacy v. security" mindset. People are afraid of this making everyone a lot less safe. No doubt, the President is right that if there's "something really bad" happening then the politics moves in one way -- but it's pretty ridiculous for him to be saying that, seeing as the latest skirmish in this battle is being fought by his very own Justice Department, he's the one who jumped on the San Bernardino attacks as an excuse to push this line of argument.
If the President is truly worried about stupid knee-jerk reactions following "something bad" happening, rather than trying to talk about "balance" and "compromise," he could and should be doing more to fairly educate the American public, and to make public statements about this issue and how important strong encryption is. Enough of this bogus "strong encryption is important, but... the children" crap. The children need strong encryption. The victims of crimes need encryption. The victims of terrorists need encryption. Undermining all that because just a tiny bit of information is inaccessible to law enforcement is crazy. It's giving up the entire ballgame to those with malicious intent, just so that we can have a bit more information in a few narrow cases.
President Obama keeps mentioning trade-offs, but it appears that he refuses to actually understand the trade-offs at issue here. Giving up on strong encryption is not about finding a happy middle compromise. Giving up on strong encryption is putting everyone at serious risk.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: balance, cryptography, doj, encryption, fbi, president obama, privacy, security
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Too bad you aren't as critical of Apple's overhyped claims.
[ link to this | view in chronology ]
Re:Run
[ link to this | view in chronology ]
Re:
Always good to see the false equivalences followed up by the severely beaten stawman techdirt writer you drag around.
[ link to this | view in chronology ]
Re:
Based on what arguments? The one where they twist the facts?
[ link to this | view in chronology ]
Re:
It's amazing - you totally missed that this whole article is not "period, end of discussion" but a detailed exploration of why the President is wrong, including multiple citations to experts. That's called proving the point. The article is clearly not "I'm right, you're wrong" but "here's what Obama said, and here's a detailed explanation of why it's wrong."
Even though plenty of people disagree, it appears they are all idiots.
I don't see anyone being called "idiots" at all. I see them, rightly, being called out for not understanding the technological issues.
Too bad you aren't as critical of Apple's overhyped claims.
Do you read Techdirt? The site is pretty frequently anti-Apple. It is often quite critical of Apple's claims on a variety of things from patents to the way it runs its app store.
It must be convenient when you can just make up stuff with no basis in reality.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Not a single Apple claim was made in the article. Instead there were quotes from actual crypto and security experts. When are you going to get over your Apple issues and start trying to argue against their claims?
[ link to this | view in chronology ]
Re:
I think you may have missed the 39 paragraphs that came after "wrong." in this article.
[ link to this | view in chronology ]
Re:
It's like you want the whole system rigged in your favor. Oh, wait...
[ link to this | view in chronology ]
Re: Re:
I take "experts" with a grain of salt. Every turn in history there seems to be a bunch of experts saying you can't do this, or you won't do that... and in the end, they are proven to be either wrong or irrelevant.
Remember, 640k ram is enough for anyone, man will never visit the moon, and computers will never be small enough to hold in your hand. All things said by "experts" who have been proven oh so very wrong.
I also think it's incredibly easy to take pot shots at the President on this one. He's not a tech guru, he's not an encryption expert, and he's not a cell phone builder. He is however a politician who feels the pressure from LEOs and DoJ, understands in general terms their desires, and also understands (to some extent) the public's desires as well. What he put forward isn't a grand technical guide, it's a politicians view of the need to find something that possibly works for both sides.
The other choice, you understand, are solutions nobody would like, such as limited encryption, forcing a bad back door, or otherwise making encryption less usable and less functional.
The President isn't a stupid man. He's trying to start a discussion, where as both sides for the moment are using massive bullhorns to try to shout each other down.
Marking the President as "wrong" is just another shout through a big bullhorn.
[ link to this | view in chronology ]
Re: Re: Re:
Of course it's a politician, it's difficult for him to understand there is no compromise.
[ link to this | view in chronology ]
Re: Re: Re:
"snide, overconfident sense of superiority"
remember v.
1. "draw spurious conclusions from"
2. "ignore context of"
pot shots n.
"thorough arguments I don't like"
other choice n.
"false dichotomy"
big bullhorn n.
"medium-sized blog"
[ link to this | view in chronology ]
Re: Re: Re: Re:
"medium-sized blog""
Hint: When you get well more than 10 million page views a month, you ain't medium size... Mike posted the figures the other day, there isn't anything medium about Techdirt's audience reach.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
except those of us in other countries will have those things... so this really is only about spying on Americans
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Otherwise, it's pretty much the same: the first time you get any dependable statement from either is after the cheques clear.
The current game of the Democrats (assuming that Hillary trumps Bernie and it looks like that) is to disappoint any hopes they may have raised, once they are elected. The Republicans decided to start with hopeless candidates in the first place this time.
Apparently if you want to rise to the top, you better yank out your brain for better flotation and refill the void with readily available dollar bills after election.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I mean its not like you have secret courts, secret rulings, secret orders that you hide from the citizens they are used against....
"but the Snowden issue, vastly overstated the dangers to US citizens in terms of spying."
Really? So there weren't workers pulling up info on lovers & ex-lovers and very little oversight to catch that happening? You aren't running games to hide how the actual evidence was gathered to protect the secret project not allowing the accused to challenge the secret machinery that no one, who isn't 100% committed to the program, gets to make sure is accurate & isn't just more tiger repelling stone bullshit we pay billions for?
"And it's fetishizing our phones above every other value"
Much like your administration has fetishized being opaque & hiding the fetish of gathering and hoarding all of the data while ignoring you can't find shit in the huge piles you collect to such a degree that the FBI has to groom, convert, fund, & plan terrorist "attacks" so you have headlines to trot out?
[ link to this | view in chronology ]
President Obama just declared war on high tech
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This is nothing new with this.
Besides it is ridiculous for him to call himself a "realist" when he denies reality is "absolutist".
[ link to this | view in chronology ]
Re:
Well, so-so. But that's what the return of torture is good for. The current administration has put every known government-employed torturer and murderer (also known as heroes and patriots) out of the reach of justice. And Trump has actually stated that as president he is going to actively order torture and expects FBI et al to obey. And he's running strong in the polls. Even if he does not make it, Americans are far too fond of such medieval antics to be counted among civilized countries.
So if citizens and other humans are no longer secure in their person and health and sanity from law enforcement (because the masses rejoice in having that part of the Constitution dismantled), denying them to be secure in their assets (like a phone) is just a second-grade offense.
[ link to this | view in chronology ]
RE:
[ link to this | view in chronology ]
I'm pretty sure that all politicians are training to do this when asked about more or less any controversial issue. They suggest that each side has it's merits, and the debate should be resolved by a compromise that meets in the middle. It's the sort of thing that's usually useful in politics and is sometimes the only way things get done. Side A gets some of what they want, Side B gets some of what they want, and neither is fully happy, but things get done.
Unfortunately they typically ignore that in cases like this, it's a false compromise fallacy (wikipedia lists this as Argument to moderation). It is entirely possible for one side to be so completely wrong that there is no middle ground.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I suggest using a physical analogy to make the point: An anti-gravity machine!
Immediately, the criticism comes: You're violating the laws of physics (at least, to the extent that we understand them). You can't do that!
Well guys, maybe "crypto with selective backdoors" violates the laws of mathematics (at least, to the extent that we understand the mechanics of mathematics, and how crypto rests on that mechanics). You can't do that!
And then, throw in a hypothetical: So, WHAT IF we *could* build an anti-gravity machine, that could manipulate objects, say, up to the size of a car.
- What would the control console look like?
- Who would have access to the control?
- If the control is in the normal-gravity world, and sends instructions to the anti-gravity "thingy", how do we ensure that there are no third parties that could send fake signals, or could disrupt legitimate signals, even including making sure the instruction arrives on-time (what if the anti-gravity "thingy" misses its landing zone, and lands on the head of its inventor instead)?
- Would there be a black market for these devices?
Bringing this analogy to life sounds like a job for Jamie Oliver.
-- recherche
[ link to this | view in chronology ]
The biggest point here is...
Goodbye Apple, was fun but now it's over!
[ link to this | view in chronology ]
Re: The biggest point here is...
[ link to this | view in chronology ]
Re: Re: The biggest point here is...
20 years ago, it was illegal to export strong encryption programs from the U.S.
In a few years, it will be illegal to import strong encryption programs into the U.S.
The Land of the Free and the Home of the Brave.
How long until it becomes illegal to carry around agitory propaganda calling for violent overthrow of the government? Like the Declaration of Independence? How long until you are barred from carrying around copies of the Constitution without plausible cause?
[ link to this | view in chronology ]
Re: Re: Re: The biggest point here is...
Well. I don't know "how long" exactly, but the first step is taking away your ability to defend yourself. They will take your guns first. Then they will proceed at whatever speed they care to proceed at.
[ link to this | view in chronology ]
Re: Re: Re: Re: The biggest point here is...
You don't fight a guerilla war with hand guns but with sniper rifles and explosives.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The biggest point here is...
If that is what you believe, then feel free to give yours up.
"You don't fight a guerilla war with hand guns but with sniper rifles and explosives."
You don't fight a "guerrilla war" at all. If we ever get to that point, we've already lost. With that aside; We still have the ability to rise up in armed protest, however ineffective it may be. That alone is enough to give tyranny pause.
But personal beliefs aside, it doesn't change the fact that they well come for the guns first. Disarming the people is always the first step in subjugating them.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: The biggest point here is...
[ link to this | view in chronology ]
Re: Re: The biggest point here is...
- I think you mean no AMERICAN phone will be safe. The people who your spys are suppose to be spying on will still have encrypted phones... so how is this about them?
[ link to this | view in chronology ]
Re: Re: Re: The biggest point here is...
[ link to this | view in chronology ]
Just saying.
Also, if it was technically possible to live in a house that not even a tank (police, lol) can pry open, I would happily live in it.
Sure, you might not catch criminals in it, but at least we'd be safe from them too. Unless we let them inside, of course, same as with phones.
So, I'm not able to get an unbreakable door that a nuke won't ven budge it because it has to be breakable by the police?
You're going to expose me, my family and my children, OH MY GOD! THINK OF THE CHILDREN! YOU'RE KILLING MY CHILDREN just because you want to be able to get inside with a warrant?
That doesn't mean that you won't be able to catch criminals. At some point, everyone has to get out of their homes; if not, at least to buy food or get water.
But you see:
"If I'm not a criminal, you have nothing to investigate about me."
Does it remind you of something?
And btw, I'm not talking about the fact that just because you got something backdoored, the smart people "on the other side" won't be able to figure out ways of using that same device in a way that bypasses your own backdoor (as in, building a killswitch on the phone, for example).
And then, we are back at the -100 step. Now you got all the devices backdoores, but you still won't be able to get the juicy bits on terrorists' phones.
Of course, you will still be able to catch their latest Candy Crush records.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Hiding not protecting
If all the rapists stopped distributing evidence of their crimes it would not make the abuse nonexistent.
The serial rapists in the Catholic church did it without it being a fancy internet crime.
This smells like the banning of camera-phones in the torture chambers in the concentration camps!
[ link to this | view in chronology ]
Re: Hiding not protecting
[ link to this | view in chronology ]
As has been mentioned, there will always be things that can not be revealed to LEO. I tell someone a secret, he goes out and dies and never wrote it down or recorded it in any manner, that info will not be 'retrievable' from him.
Cellphones have taken on a whole new character. They are now the personal confident of your life. LEO wants it to be the personal spy that lives in your back pocket. Why would I want to carry a camera that can be turned on at anytime without my permission to find out I'm not the bathroom? Would turning on the microphone aid in that if you could hear me passing gas? Is that so important to LEO they just must have this access?
You think we have problems now with hackers, please put in backdoors because when you do, they will know it exists and will become the golden apple to reach for. When it does happen to be cracked and it will, how will this back door be closed when today due to these same spying problems people are starting to refuse to do updates to keep the corporate nose out of your personal life?
[ link to this | view in chronology ]
Who cares what Obama is saying anyway?
Watch his cheeks.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Dear Mr Obama ....
The tech/security people say: "1 + 1 = 2"
LEO and the alphabet agencies demand: "make 1 + 1 = 4!"
Mr Obama says: "Lets compromise - make 1 + 1 = 3"
(This is known as the "Door In The Face" technique)
As a side note, I stopped using "air travel" over a decade ago because of TSA. It's not that I'm a criminal or a terrorist, it's that the "terrorist risk" (very tiny) did not warrent the response (I.E. being treated as a criminal at the airport).
[ link to this | view in chronology ]
Yet had they had strong encryption in place maybe many of those secrets would not have leaked out during the hack of the OPM (Office of Personal Management), a government branch in charge of among other things, application data for those government employees as well as candidates for employees, applications for security clearances as well as those who hold security clearances, polygraph test results for each employee over the years that hold security clearances, investigation results for security clearances, as well as the data base on those in the Scattered Castle program.
If there was ever a time when the government came away with egg all over it's face worldwise, You are looking at it. Mainly because you have to realize what this data entailed to understand what a fuck up this was that hackers got away with all this data.
It includes everything about someone. Who they are, where they live, whose in the family, where they live, where you bank, what your neighbors say about you, if LEO has any data on you, in polygraph especially the go really off the deep end. Into bestiality? Been to a strip bar? Had sex with someone other than your spouse? Debt? I mean this describes everyone down to the dot. Want a road map on how to compromise an important office holding person? What to know just how to get to someone to compromise them?
Now tell me that encryption, had it been in place, properly used, would not have saved US employees from exposure!
Yet here we are with the government demanding 'let's weaken encryption'.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Confidence games
How confident are we in that piece of information? Do we believe it?
Going further, elsewhere, it's been further said that Apple would have been willing to comply with the government's request—if the application had been made under seal. AFAICT, the New York Times story does not say that. Where does that latter piece of information come from? Do we have any confidence in it—or is it just a rumor which loosely follows from the New York Times report above?
[ link to this | view in chronology ]
wrong again
Looks like you're 2 for 2 on being wrong about security front, Mr. Obama...
[ link to this | view in chronology ]
Re: wrong again
Only if we wish to fly. Either one participates in the absolute farce of being felt up by people hired from the tops of pizza boxes, possibly being robbed while an entire Federal Agency tries to pretend that never happens (as entire theft rings get busted) or can't locate the footage showing that the power hungry agent went batshit on a citizen or they don't get to fly.
[ link to this | view in chronology ]
Re: wrong again
[ link to this | view in chronology ]
Re: Re: wrong again
We've gotten a branch of government for the Homeland, how much longer til it's the Fatherland? The differences are becoming tissue thin.
[ link to this | view in chronology ]
Re: Re: wrong again
[ link to this | view in chronology ]
Everything he says is suspect
[ link to this | view in chronology ]
Re: Everything he says is suspect
[ link to this | view in chronology ]
Re: Re: Everything he says is suspect
July 3, 2008: “My Position On FISA”:
[ link to this | view in chronology ]
Re: Everything he says is suspect
Too bad a great acting president has been sorely lacking for a few decades now.
[ link to this | view in chronology ]
Only Sane Man????
Back then, NSA put forth the very same arguments Obama and the (In)Justice Dept. are putting forth today over the San Bernardino iPhone.
Back then, the tech community put forth the same argument they are today.
I have to ask myself. Did no one learn anything from the clipper chip debacle, or has the government simply biding its time, before making the attempt again, only this time ...WITH COMPUTERS?
[ link to this | view in chronology ]
Math tends to be absolutist...
[ link to this | view in chronology ]
"I am not a software engineer"
[ link to this | view in chronology ]
The weapon of incrementalism
This is the most maddening argument of all to me. Airport security and DUI checkpoints are very controversial things that a substantial percentage of the population take grave exception to.
To trot these out as "well, look we all agree on those, so we must all agree on this" is extremely deceptive and manipulative.
[ link to this | view in chronology ]
Re: The weapon of incrementalism
[ link to this | view in chronology ]
Power Corrupts
"If there really were a way to have strong encryption with a secure key where only a small number of people could get in on key issues, then that would be great."
That would only be great if those small number of people were incorruptible and held to the Constitution, which IMO is not probable or even possible. In all likelihood people in that position would be very corruptible, more so for being put in a trusted and powerful point of control. Think IRS scandal and the 500 FBI files (old but new somehow). They would be almost guaranteed to be politically, monetarily or physically leveraged, voluntarily or not.
[ link to this | view in chronology ]
Re: Power Corrupts
Not even then, because even if those people were completely incorruptible, and had nothing but the public and it's rights in mind with every decision they made, what guarantee is there that the next batch will be equally flawless? Or the group after that?
When you're talking about something that stands to have a significant impact on the privacy and security of a great many people it's not paranoia to assume the worst and act and/or plan accordingly, it's common sense.
[ link to this | view in chronology ]
Re: Re: Power Corrupts
The power you give to your friend is the power you give to your enemy!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Equation
Lawyer = Shyster = Politician = Criminal = Traitor
[ link to this | view in chronology ]
Hoisted, petard, own...
The government does not suffer the pocketbook dilemma, though it squanders their allowance in pursuit of maintaining their positions rather than acquiring solutions to problems. They do suffer from 'being seen to be being on top' of the next new thing, and do so to their own detriment. Not only do they fail to comprehend the extent of the next new thing along with much of the where's, the why's and the how's, they do so with a vehemence and short sightedness that squanders all that came before.
Take this encryption thingy. Encryption has been around for centuries. Now when it becomes slightly more easily deploy-able they cannot find a way around it. What did they do to solve crime prior to cell phones? What did they do to solve crime with cell phones that had no encryption? What did they do when not everything was knowable (not that it is now, they sure want it to be)? Where in any of this countries founding documents does it say that the government must be, or is even allowed to be all knowing? Now with easily deployed encryption all the prior techniques are no longer known or workable or even allowed, or so it seems.
I am afraid that the government suffers from prior successes. They managed, not to break the Enigma cypher during WWII, but to steal one of the machines. This allowed them to know things the enemy did not know that they knew, and that caused all kinds of problems for the enemy. There have probably been other successes of this kind during the cold war that are less well known to us but are well known lessons for them. What did they learn? That if they can know something that their opponent does not know that they know, it is easier to compromise them. The key word there is easier. (Where does it say that governing should be easy?) That compromise might be an arrest, a non judicially sanctioned execution, or just being in the right place at the right time to stop something the government doesn't want, whether that is for the benefit of the world or the government's self protection does not really matter, to them.
There are cyphers that cannot be broken. They are less easily deployed and require some infrastructure to work. Infrastructure that takes time to deploy, but is unstoppable, at least without the total Big Brother infrastructure that allows Big Brother to know everything about everyone in real time. The government may stop this easily deploy-able encryption, to the detriment of safety and security of the common person in their daily business, but it will just drive those determined to the less easily deploy-able methods, that have been around since before electricity was a thing. And once again the government will be in a place where they won't know anything about the 'next new thing' even though it is far from new.
[ link to this | view in chronology ]
Re: Hoisted, petard, own...
Also, the strength of cypher system is based on the underlying technology used to create it. Modern computer based systems are mathematically very strong for our current technology but they can be broken if one has enough computational power and enough time.
Back to San Bernardino, there is another rule about intelligence: it goes stale the older the information. Even if there is intelligence information on the phone, as it ages it will become much less useful overall.
[ link to this | view in chronology ]
Re: Re: Hoisted, petard, own...
I was unaware of that concept of patterns with regard to cyphers, thanks for letting me know.
[ link to this | view in chronology ]
Re: Re: Re: Hoisted, petard, own...
Properly done one-time pads are totally unbreakable. Book ciphers are not.
There are two reasons that one-time pads aren't the way most encryption is done, though: you must have a source of truly random numbers (which is not possible on standard computing equipment) and you must be able to transmit the key securely to the other end. It's that last requirement that's the serious problem -- in most situations, if you have a way of securely transferring the key then you could just transmit your message instead.
[ link to this | view in chronology ]
Re: Re: Re: Re: Hoisted, petard, own...
Curiously enough, although on somewhat of a completely tangential break— did you notice that Intel's application to submit its amicus brief in the San Bernardino case was denied by Magistrate Judge Pym on March 7?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Hoisted, petard, own...
I think World War 2 provides a great example of how important this is. During war, one-time pads are used (they work there because the keys are transferred securely at the base before deployment) by all sides.
Late in the war, the Allies started to be able to break OTP-encrypted messages from the Axis. They were able to do this because Germany's ability to produce random numbers had been degraded (in the day, random numbers were produced by rooms full of people pulling balls out of Bingo cages) and they suffered a shortage. Remember that with OTP, you need a new truly random number for every character in the cleartext.
So they started taking shortcuts that meant that their random numbers, while still being very nearly random, had a slight statistical color to them. It was enough to allow a good percentage of messages to be cracked.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
Neither would satisfy if certain protocols are part of the book cypher. The name of the book, the language of the book, page number and word number on that page might only lead to the first or third or fifth letter of that word rather than the word itself. The protocol might change by which word in the message you are looking up. It works one way for word one, and another for word two, etc. Also the message may be very simple. A time and date that are expressed with the words used, words that have nothing to do with time or date, and would be very short in say a 1000 page book, which one does not know the title, the edition, or the language of.
What if the protocol said that if the word is 'the' and it represented a number, that could be the number of times 'the' appears before the reference, after the reference, may include the reference, etc. Like a one time pad, these protocols could be distributed in person prior to anything untoward happening.
Got anything else?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Hoisted, petard, own...
[ link to this | view in chronology ]
Re: Hoisted, petard, own...
Along that vein, though, I'd point out that Neal Koblitz and Alfred Menezes deserve some respectful attention: Another Look at Provable Security
[ link to this | view in chronology ]
Chicken Little: The Universe is going dark: 26.8% dark matter, 68.3% dark energy !!!
There could be *pornographers* in there!
We need to spend $1 trillion to shed some light on this darkness IMMEDIATELY !
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Here we vote for political parties. These parties decide who gets in charge after the elections. Our politicians don't think for themselves.
In the States, there is at lease a chanche to get a independent president.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
In England they tried to change the system too: http://www.electoral-reform.org.uk/single-transferable-vote
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
The voting system is not wrong, just not the best. Most Citizens do not even know how the US government is supposed to operate and I expect you know even less than these idiots siting here bemoaning their paltry existence as citizens.
Few of these lazy fucks would get off their duff to learn anything more about a candidate for office other than who is a D and who is an R. We like to pretend that we know whats up... but we are pretty much clueless to the point its insane.
Every fucking Candidate for President from either party is a terrible choice and the Americans are making it clear they don't give a shit at long as something is entertaining.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
And yes, I'm no expert but I know, most people don't give a fuck about politics. They do what they're told (vote for your parties candidate), don't make a noise and "They have got nothing to hide".
I know your candidates are bad, but our gouvernment will do everything your president wants from it. That's why I read Techdirt. Our media think everything Democratic is fantastic (Obama is a saint), and don't look past Trump's hair color (they adhere to the filosofy: I'm right, so everybody who disagrees is stupid).
[ link to this | view in chronology ]
Mr red circle is right about experts. After all, climate change is a hoax
[ link to this | view in chronology ]
Cloudflare is a pain in the arse
Thx.
[ link to this | view in chronology ]
Yes, you can!
Wrong, Mr. Obama. I can. But you must because you have sworn an oath on the Constitution. The Constitution which explicitly carves out in the Bill of Rights the right of every citizen to be secure in his assets short of a warrant, and a widely distributed skeleton mechanism is not compatible with that.
So you have sworn to take an absolutist view on this, and if you don't keep your oath, you should be impeached, prosecuted, and jailed.
If you were not willing to serve as president of the United States according to the job description spelled out in the Constitution, you should not have run for office.
[ link to this | view in chronology ]
Re: Yes, you can!
The false assumption is a simple back door which could be used remotely without the party knowing. This is the scaremongering concept. The reality is much more of "phone in police possession, warrant issued by judge, need to access content in the same manner one would open a safety deposit box or a wall safe".
The back door of any sort doesn't mean a WEAK and easily exploited one. Imagine a back door that requires that your read a number that is physically printed on a circuit board, or that requires that you have the device ID and say it's actual serial number to move forward, or something of similar nature. Creating a complex back door which could then pop the lock on the encryption (perhaps by releasing the user's pincode, as an example) would still once again require actual possession of the device in order to enter the passcode to view the content.
Assuming a simple "type hello three times" back door is just not really brilliant, and creates yet another false argument in this discussion.
[ link to this | view in chronology ]
Re: Re: Yes, you can!
Wait, you mean we're talking about something that can only be exploited with a bit of knowhow and effort? Oh, well, in that case.
[ link to this | view in chronology ]
Re: Re: Re: Yes, you can!
[ link to this | view in chronology ]
Re: Re: Yes, you can!
The time to put up or finally just shut your uneducated, ignorant, misinformed, and copyright infringing due to your unlicensed use of the Rambler club logo pie-hole is long past due.
Workable backdoors are feasible, so why not PROVE IT yourself with the best functional example?
I dare you.
Double dare you.
[ link to this | view in chronology ]
Really bad people Need to keep secrets
[ link to this | view in chronology ]
Re: Really bad people Need to keep secrets
How can future Snowdens and Assange get the goods on Our bad guys and gals with strong encryption?"
You'd think they could at least grasp it from this angle.
[ link to this | view in chronology ]
Information in our brains.
See? That's why law enforcement needs torture! To get to the information in people's brains! And you have to get to that information before it is destroyed by forgetting. That's why the cops that make first contact with a subject need to use it as soon as possible put in the field. But only when needed.
Luckily, the President and FBI understand these things.
[ link to this | view in chronology ]
The Puzzle Pieces that Obama is Missing in the Apple Encryption Debate
One year ago President Obama held nearly the opposite view. He spoke with President Xi in China about legislation Beijing was considering that would similarly handcuff tech companies [3]. He criticized Xi for this and pointed out that it would damage their economy.
I don't know whether Obama continues to hold the view that mandating backdoors would damage a country's economy or not. Perhaps he does think it will hurt our economy but is worth the cost. Perhaps he thinks it is better for our security too. Of course he is wrong.
I am baffled that nobody, to date, has been able to explain the entirety of the issues we must balance to maintain public safety and security to our President. Senator Lindsey Graham (R-SC) was able to achieve that understanding [4]
Shouldn't the President have access to the best minds in technology? It's not as if any of us would refuse his phone call. Note I don't claim to be a best mind but I think I can talk through the issue to present understanding of the full tech side of the picture to a layperson, and at the same time be respectful of the challenges faced by the DOJ when trying to give justice to victims and security to the public. I think any technologist or well-informed citizen is capable of doing this.
Fortunately, some Congressmen are already well-informed. They realize Apple is not simply being disobedient here. Lindsey Graham changed his mind [4] and Mike Lee made great points too [5] in an oversight hearing this week. Ted Lieu has been an ardent supporter of strong encryption [5a]. Dianne Feinstein, however, holds the opposite viewpoint [6].
Other personalities have also changed their views when presented with facts. Sam Harris was initially very outspoken against strong encryption [10], but then changed his mind after reading responses to his initial video [11].
On balance, putting backdoors on encrypted devices is not the right way to maintain security. The reasons are, 1) if we put backdoors on the iPhone, criminals will simply change to use another piece of software or device, 2) compelling companies to insert weaknesses into their products grants hackers a huge opportunity which they will indefinitely exploit, 3) Apple and other tech companies have been in an arms race against such hackers since their inception. Companies that failed at computer security have failed as businesses, and if we handcuff tech companies they won't be able to innovate around security flaws because those flaws will be mandated by law, and then there will be data breaches, people will be upset, they won't buy iPhones, and this industry will disappear from the US overnight, hurting our IT industry and the future of our economy and first place standing in the world in that regard, 4) Apple does contribute to public safety, despite FBI Director James Comey's feelings otherwise [12], 5) If we demand this of Apple, China will too, putting American diplomats and dissidents, or any travelers to China who use iPhones at greater risk than they already are, 6) Giving government access to data within smart phones is granting access to an entire history of communications, even before the time of any suspected crime. Wiretaps never had this power, and the power the government has now is unprecedented. This creates an imbalance that never existed before.
There are already laws being introduced in CA and NY that seek to guarantee phones sold there can be decrypted. This litigation based on language from Manhattan DA Cyrus Vance [13]. I suppose that, by stating the government's position, this is a form of starting the debate. But, it feels like these laws are being forced upon us before any debate can occur. It's possible to get this right before crippling our IT industry. We just need to talk to each other and listen with an open mind to the other side of the argument.
For Obama's understanding, I'll concede one circumstance under which I feel we ought to help unlock an iPhone.
In the incredibly movie-like scenario where the location of a nuclear weapon is hidden on an encrypted iPhone, then we should sick all our computers on decrypting that phone. I believe this is already done by the NSA program, Bullrun, revealed by Snowden.
Obama thinks he has technological advisors but he doesn't. Around 12:00 in the full keynote [2c], he starts to talk about how he has coordinated with technologists to form a special task force that solve persistent technological issues the government faces. I think that is a good start. But he is still missing someone or some group who he trusts to act in an advisory role to him about technology and, in particular, encryption. In fact, in this part of the keynote, he's trying to appeal to technologists, but he's still treating them as a mere tool to bring about his goals. He says "We want to create a pipeline where there's a continuous flow of talent that is helping to shape the government." [2a] He says government propaganda is dangerous [2b], yet does not listen to the leagues of technologists who tell him backdoors are bad, or even himself from one year ago [3]. He is pursuing his own agenda and engaging in government propaganda that is not factual, thus doing the very thing he says he isn't.
I do believe that if Obama understood the facts about encryption then he would come to a different conclusion. If he really understood the equation, and the factors we must balance to maintain public security, then he would not be asking tech companies to add backdoors to their devices. However, at the moment he does not understand the technology, therefore he does not know the things we must balance, and therefore the result of his equation is wrong. There's an error in variables he's established in his mind. His calculation of the final result is reasonable given the facts he understands, but the calculation is based on mis-information.
Let's inform each other and contact our representatives to make sure they are informed so that when the time does come to vote on this issue, we are all voting knowing that the debate is primarily about security vs. security [7] [8] [9], and not just security vs. privacy. Let's stick to the facts and stay away from persuasive methods rooted in fear, uncertainty and doubt. Let us inform the public so that they are confident they are more safe and secure when they support strong encryption.
[1] https://news.ycombinator.com/item?id=11270529
[2a] https://youtu.be/wfsIZioIpdI?t=14m54s
[2b] https://youtu.be/wfsIZioIpdI?t=16m15s
[2c] https://youtu.be/wfsIZioIpdI?t=12m00s
[3] http://www.reuters.com/article/us-usa-obama-china-idUSKBN0LY2H520150302
[4] https://youtu.be/uk4hYAwCdhU?t=1m44s
[5] https://www.youtube.com/watch?v=XOZLEhTlr6E
[5a] http://video.cnbc.com/gallery/?video=3000496813
[6] http://www.c-span.org/video/?406201-1/attorney-general-loretta-lynch-testimony-justice-department-op erations (seek to 51:00)
[7] https://youtu.be/g1GgnbN9oNw?t=3h35m52s
[8] https://youtu.be/g1GgnbN9oNw?t=3h11m46s
[9] https://youtu.be/g1GgnbN9oNw?t=3h19m39s
[10] https://youtu.be/ZQAmlVFjJ9k
[11] https://youtu.be/9HK4IBscfMQ?t=4m50s
[12] https://youtu.be/g1GgnbN9oNw?t=3h16m18s
[13] http://pastebin.com/raw/hPpAKmtq
[ link to this | view in chronology ]
My conclusions so far is that you cannot take an absolutist view on this.
[ link to this | view in chronology ]
Re: My conclusions so far is that you cannot take an absolutist view on this.
1 + 1 = 10 : as above, binary representation
1 + 1 = 1 : mod 2, “or” operation
odd + odd = odd? think it must be—
1 + 1 = 5 (mod 2)
[ link to this | view in chronology ]
Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
1 + 1 = 1 : “or” operation
odd + odd = odd? Weird. (That's what I thought first, then I mixed up the “or” operation equivalence.)
[ link to this | view in chronology ]
Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
1 + 1 = 5 (mod 2)
No, the message is that the "balanced compromise" is just wrong any way you look at it.
[ link to this | view in chronology ]
Re: Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
[ link to this | view in chronology ]
Re: Re: Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
Like Hollywood accounting?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
1 + 1 = 1 + 1 + 1 + 1 + 1
Unfortunately, when I set it up like this, the pattern looks familiar enough to me, that I think I may be under an NDA regarding previous work in this area.
In an open forum, it would be a deletion rule, from the addition chain. A kinda crazy mathematician did some work in this area a some decades(?) ago. The work was essentially forgotten, and thought to be useless. And after saying that, I'm now really getting into the area covered by my NDA. Sorry.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
[ link to this | view in chronology ]
Re: My conclusions so far is that you cannot take an absolutist view on this.
[ link to this | view in chronology ]
Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
[ link to this | view in chronology ]
Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
1 10 -> base 10 (2 decimal )
1 2 10 -> base 10 ( 3 decimal )
[ link to this | view in chronology ]
Re: Re: Re: My conclusions so far is that you cannot take an absolutist view on this.
Then suppose we can tristate a line driver.
[ link to this | view in chronology ]
White House Support
[ link to this | view in chronology ]
Cryto promotion
Thank you for the big fuss about encryption. You have done more to make people aware for the need then all the security experts warnings previously tried to do. This is an object lesson of the Streisand effect, make enough noise and everybody take notice. So now we all are aware that big brother intends to snoop our every breath we take and move we make. Now the general public Knows that YES I certainly need encryption, to keep all the mundane details of my life private. So now you can get a warrant and I will plead the fifth amendment right of silence. Remember that pesky constitution stuff, the one you have been ignoring since 2008? Wasn't there an oath of office involved to uphold that each time you were sworn in? I guess treason is just an insignificant detail to you.
[ link to this | view in chronology ]
Re: Cryto promotion
Laws are for the little people.
[ link to this | view in chronology ]
I should have also tried asking for a Pony and settling on a dog.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Particularly since you did not take an oath on upholding the axioms of geometry.
[ link to this | view in chronology ]
Re:
Or asking for an elephant and settling for a dog *and* a pony.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
I stopped reading right there. For decades now, the government has been sh*tting on the Constitution, ignoring the bill of rights and overreaching every chance they get and his administration is no different.
After saying this, how can you trust anything else that comes out of his mouth?
[ link to this | view in chronology ]
Re:
The problem has a lot more to do with the basic problem of America: Black and White thinking, with absolutely no grey zone at all. When the President comes out with what is effectively a grey zone proposal ("can't we find a compromise?") he gets shit on by both sides.
Intolerance, the inability to consider things from the other side, absolutism... all things that are seriously harming the US and quickly guiding it to the crapper.
Part of what has happened is now everything overreaching of a challenge to some right people feel they have. Plenty of people out there yammering on about freedom of speech, but more than willing to mount violent protests to stop people from having that right. America has become a place where minority groups are telling the majority what to do, wrapping themselves in the constitution as they do it. It's truly sad.
So rather than slam the President for trying to find some functional middle ground, stop and think that perhaps your view is a little too extreme and little bit too unyielding. The solution lies not with him, it starts with you.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Intolerance, the inability to consider things from the other side, absolutism... all things that are seriously harming the US and quickly guiding it to the crapper.
Exactly! I'm with you, Whatever. Take a famous example from history: Slavery. There were some people in the US who wanted slavery, and some who didn't. So they worked out a perfectly fine compromise, called the Missouri compromise. This basically allowed slavery in the southern states, but not the northern. But, oh no, the absolutists wanted slavery outlawed everywhere! Yammering on about "freedom" and "rights" and minority groups and such crap. This eventually led to the US Civil War in which millions of people died. All just because the absolutists wouldn't compromise. Truly sad.
If we had had more people like Whatever back then, we could have avoided the civil war and still have slavery today.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The absolutist concept would have had slaves everywhere. The compromise limited slavery and started the US down the road to the point where slavery was no longer acceptable. Without the initial compromise position, perhaps nothing would have been done and your "boy" would be shining your shoes for you.
" All just because the absolutists wouldn't compromise. Truly sad."
Yes, and the absolutists of free speech, racial equality, and so on are likely to find themselves in that exact same position, unable to compromise, and ending up leading the US into a new civil war. Some would suggest we are already very close (and the Alex Jones style whackjobs would say it's already happening). Absolute positions and the lack of compromise thinking is what leads us all to disaster.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Or nowhere. Kind of left that out, didn't you? Hmm, I wonder why.
The compromise limited slavery and started the US down the road to the point where slavery was no longer acceptable.
No, it was the absolutist's rejection of the compromise that led to the end of slavery. Your attempted rewrite of history is very telling.
Absolute positions and the lack of compromise thinking is what leads us all to disaster.
Like the abolition of slavery. What a disaster, huh?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
My assumption is that the slaves were a given situation, and the work was to resolve the issue.
"No, it was the absolutist's rejection of the compromise that led to the end of slavery. Your attempted rewrite of history is very telling."
Fail. The point is that the law changed, the rules changed, and the absolutists looked less and less as the good guys. It was clearly enough of an issue to go to war about.
"Like the abolition of slavery. What a disaster, huh?"
Like civil war. Nice try on all the trolling, but it's not working.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Yeah, by allowing it to continue.
The point is that the law changed, the rules changed, and the absolutists looked less and less as the good guys.
Dang those abolitionists, they just couldn't compromise, could they?
Nice try on all the trolling, but it's not working.
More like turning the light on a cockroach. And you do seem to be scurrying.
[ link to this | view in chronology ]
Re: Re:
Obama isn't some saint who is trying to buck the system to do what he can. He was the one who argued in favor of the indefinite detention provision of the NDAA, which violates the 5th and 6th amendments. Plus, you know all that spying on Americans that the NSA has been doing and which the government refuses to stop? Obama is on the verge of finalizing a plan to allow the FBI, CIA and other agencies access to all of that raw data as well, effectively giving them the same spying capabilities as the NSA. Not to mention that his "most transparent administration in history" has basically been waging a war against whistle blowers and freedom of information.
So forgive me if I don't believe that he's some shining beacon of sanity, preaching a rational solution to all of use crazy absolutists.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Words you find you agree with followed by non-sequitur bullshit.
Trump does it like that as well.
One could almost think that "Mein Kampf" has run out of copyright and nobody is afraid of using its tactics any more.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Self Incrimination and the if I'm dead I can't answer your questions...
This code, that password, this identifier, etc...
Enter the personal information device, aka Smart Phone, which from here on I will refer to as a "port-a-mind".
These devices become extensions of our minds, storing vast amounts of data, some of which is extremely personal and or confidential.
Yes, some people store things they shouldn't. Just like people know things they probably shouldn't because the knowledge can only be gained by doing something illegal.
The thing is that up until recently, if you were arrested and dragged in to court, you could plead the 5th. Sure, it makes you look guilty as hell, but you could do it and nobody, including the judge can force you to answer.
A person's spouse can also not be coerced into answering questions as that is protected against as well.
So why isn't a person's port-a-mind protected as well? Remember, the port-a-mind is that extension of the person's mind for the digital age which is almost a requirement to remember all those digital bits and pieces of information necessary to interact with doctors, lawyers, schools, government entities, pretty much anyone these days.
That's where encryption comes in. Strong, unbreakable (without uber quantum computers able to handle billions of quarthian strands) encryption, that cannot be coerced or forced into giving those answers that you refuse to give.
With encryption, our port-a-minds are safe to use and can store confidential information with impunity. We're safe knowing that no-one can get our data without our consent, extending the 5th amendment to our digital data.
Without encryption, or with encryption that others can break against your will, port-a-minds are useless.
Without these port-a-minds, many people's daily lives will become more frantic, panic filled as they forget key pieces of data that now have to be indelibly etched into their wetware.
So, Mr. Obama, you can either have encryption, or you cannot.
Encryption can only be considered encryption when no-one that you have not authorized can decrypt the data.
There is no balance, it is and will always be an absolute.
Black or White - no grey.
Encryption / Not Encryption, or to quote an extremely old and extremely wise muppet with the power to lay the white-house to waste with a wave of his little green hand, "Encrypt or encrypt not, there is not try."
In another form of word play, "You can pry the decryption keys from my cold, dead - ohhhh, that's right, you can't now can you assholes!"
[ link to this | view in chronology ]
Re: Self Incrimination and the if I'm dead I can't answer your questions...
Lord Chief Justice Camden's Judgment— (Note that this famous case is also reported at 95 Eng. Rep. 807. As was the custom of the time, the reports of the case do differ in their expression.)
“Papers are the owner's … dearest property; and are so far from enduring a seizure, that they will hardly bear an inspection.”
[ link to this | view in chronology ]
Re: Re: Self Incrimination and the if I'm dead I can't answer your questions...
[ link to this | view in chronology ]
I fixed Obamas video
https://www.youtube.com/watch?v=yviJfcfBNew&feature=youtu.be
[ link to this | view in chronology ]
Examples of past failures when keys leak...
I can't believe that most if not all techie sites have not kept hammering on the fact that different types of "backdoors" HAVE been implemented in the past by private industry. And while I can't say all implementations have run into trouble, I can say that one glorious example of failure is the HDMI - HDCP protocol.
I was in the "industry" when this happened and all manufacturers' had to acknowledge that we would not encode the master the key into our devices and that any such act would result in breach of contract and potential legal action...etc etc
The "'governments'" as usual, and not just the U.S., are just looking for quick solutions that allow for *cough* due process of law *cough* as defined under vague and blithely ignorant language.
My point is, why aren't more examples of these attempts or past implementations, that at one time must have been thought 'somewhat' secure by the companies/organizations that implemented them, being raised as examples of precedent failure? How many times has the Entertainment industry tried to implement DRM and failed? How much have they spent? If such a mechanism could be implemented private industry would have already found it.
I was hoping to find an example of where previous private industry efforts have been brought forth to the government as cautionary anecdotes of these schemes.
I did find an excellent paper here: http://dspace.mit.edu/handle/1721.1/97690 discussing the difficulties and challenges of what the government is asking of the technical communities. Yet, still no mention of private industry attempts and failures. The paper does mention the "Clipper" chip but this was never fully implemented.
Alternatively, let's suppose the governments' in the not so distant future have been able to implement such a scheme. So our banking systems, personal computers, phones etc all have some type of 'backdoor' mechanism baked into the design. Then any one or more of these "security algorithms" is leaked, by whatever means. What are the governments' going to do then? Wouldn't this be a perfect pretense for an "Internet Kill Switch"? I mean in order to "protect" us.
Am I missing something? I mean is there a reason that the failed attempts by private industry to do the same or similar things the governments' are requesting are not being trotted out ad infinitum?
As Buzz LY would say "...to infinity and beyond." ;-)
[ link to this | view in chronology ]
Re: Examples of past failures when keys leak...
However, the thing that you are missing is that very strong (effectively unbreakable), and theoretically unbreakable (one time pads) cryptography already exist. Therefore, forcing people to use some form of system that gives government access to encrypted material only gives them access to the material of law abiding people and stupid criminals. The latter can almost always to caught and convicted without reading the contents of their phones and computers. Anybody who is really determined to keep material secret from the government can, although it is not easy to do.
From what I see, modern governments are scared of their own citizens forcing them to actually represent them, or throwing them out of office. They think that they can control their citizens and society, but the harder they try to do this, the greater the chance of them being overthrown by violent revolution, or an internal coup. (Look at how often senior part members get removed from power, and thrown into jail in one party states).
[ link to this | view in chronology ]
Re: Examples of past failures when keys leak...
[ link to this | view in chronology ]
The most famous backdoor...
The vaunted keys to luggage.
We HAD to give them a way to access luggage, they promised to only use them for good. Anyone who wants to can now have a copy of all of the keys because they failed to secure them. Hell half of the time they still just cut the locks open because its faster than following procedure.
Not even touching on all of the theft that went on (and was covered up/ignored/denied) they failed to secure this secret and they want us to give them wide ranging access.
Perhaps maybe they need to consider they haven't proven they can handle responsibility. They secretly spy, they secretly hack, they secretly scoop up everything then pretend they didn't do it even in the face of 'evidence' they deny is real (yet want to imprison the leaker forever after torturing him).
Giving them the backdoor to luggage hasn't made anyone safer yet they won't see anything but demanding more backdoors they don't understand, won't protect, & will not do anything but slide us further towards everything we were founded not to be and call out in other nations.
[ link to this | view in chronology ]
Quantum Encryption
Once Quantum Entanglement reaches the point of practical applications, it becomes one of the best ways to do data transfers, since there will be no middle to be attacked.
We'll move from "that isn't how Encryption/ Math works" to "that violates the Laws of Physics".
[ link to this | view in chronology ]
Re: Quantum Encryption
Ansible like communication that "CANNOT" be eavesdropped on.
No more cell towers, no more ISPs, just connections to regional datacenters where half of your device token resides, the other half being in your device.
No matter how far away you are, even on the other side of the galaxy, instantaneous, secure, communications.
Of course, this only works out to be true *IF* the NSA/CIA/FBI/Fatherland Security doesn't turn them into triplicate entangled components. 1 for device, 1 for DC, 1 for Alphabet agencies.
[ link to this | view in chronology ]
The Puzzle Pieces that Obama is Missing in the Apple Encryption Debate
However, mandating government backdoors is, on balance, only going to make us less secure.
Here is my full response to his position: https://pastelink.net/1555
[ link to this | view in chronology ]
Re: government cannot just willy nilly get into everyone's iPhones,
The Fed is compelling a third party (whose budget exceeds that of many countries) to facilitate investigatory duties without direct federal oversight. The liability here isn't just related to this case, it is also the internal security problems this potentially creates at Apple. How exactly does the fed plan on preventing employees at Apple from exploiting this functionality on behalf of say, a wall street executive with a fat bankroll?
And isn't that exactly the current problem with ISP's using surveillance apparatus (originating from government funded R&D) for commercial surveillance today?
If your going to draft people into compulsory service, call it that. But stop playing on both sides of the line. Either the carrier/developer is agency of state, or their testimony is compelled, NOT BOTH. By straddling the line the government is endowing carriers/developers with sovereign authority, while denying the citizens any recourse for dealing with that authority.
You are screwing with checks and balances here.
Obama. Please stop whining about Snowden. Everyone knew what was going to happen when Bush consolidated intelligence agencies. While Snowden may have been the defining cultural event, it wasn't the defining event. The Snowden leaks where the result of many bad decisions, several of which were made in the executive branch.
This isn't just about Federal violations of civil rights. It is in fact mostly about commercial sector violations of civil rights. Obama, you are steward of the WHOLE Constitution, not just the part that makes your life easier. Please take that into consideration, and reevaluate the problem.
Of course the whole thing could be kabuki theater. They may be playing to the media for drama and national attention, then decide for Apple, but with a judicial decision that also gives the fed a blank check to violate all kinds of other civil rights. The people stop bitching, and business goes on as usual. Perhaps the plan here is to feed the beast a box of rocks and keep the steak for themselves?
It isn't going to work if that's the case.
[ link to this | view in chronology ]
You mean "strong encryption", eh?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Suggesting that encryption still has value if others can easily crack it turns encryption into a false sense of security.
[ link to this | view in chronology ]
Re:
You are falsely assuming that any backdoor would be easily cracked. As I mentioned above, it could be something that requires many steps, including physical possession of the phone, and then only discloses the pincode and not the actual decrypted data. By securing the pincode process to enforce "from the device input screen only" would make it significantly harder (never impossible) to not only crack, but to actually implement. Imagine if you will a backdoor that requires a dongle or other physical means. There are plenty of options - once you get off the absolutist position that nothing is possible and start thinking.
[ link to this | view in chronology ]
Re: Re:
What if a foreign agent (or even a terrorist) silently infiltrates the FBI and clones the dongle?
What if a misguided but otherwise well-intentioned whistle-blower accidentally leaks the key, part of the key, the random seed, or even just data on the used algorithm?
What if a Chinese hacker poses as an attractive lady enticing some dude to open a photo that breaks the system and steals the key?
[ link to this | view in chronology ]
Re: Re:
Whatever: "Pretty sure my vague idea based on minimal technical understanding has solved the problem."
Welp, I'm convinced!
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
The whole idea behind encrypting the phone contents is to ensue nobody but the owner can gain access to the contents. The FBI want to remove that protection so that they have access to the content almost as easily as the owner, which will rapid;y result in thieves having access to the content of stolen phones, along with any bank accounts etc.
Similar encryption ion communications is meant to ensure that only senders and recipients can read the messages. Any suggestion that only the device provider can get at the contents with a warrant is laughable,as the would soon face so many demands that they would be forced to hand keys over to the agencies to save costs, and at that point the warrant requirement would vanish.
Ensuring that the FBI, and other agencies can get at phone contents, or read messages is defeating the purpose on encryption, which means that such encryption is broken by definition.
[ link to this | view in chronology ]
Re: Re:
The basic principal of encryption is; Encryption is an absolute. You are either secure or not secure. If it is not secure, then you must assume at all times that it is not secure. There is no such thing as "mostly secure".
If they create the possibility of even a multi step backdoor, someone will crack it. Look at the many many fine examples of our government trying this very thing. Here's one example; Try Google'ing Luggage master keys.
[ link to this | view in chronology ]
Re: Re: Re:
• NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View (Mar 2011)
(contained within the NIST SP 800 series.)
[ link to this | view in chronology ]
Re: Re:
Perhaps, in your non-absolutist wisdom, YOU can come up with an adequately backdoored law-enforcement-friendly phone.
It could be beta-tested with law-enforcement, law-enforcement officials, Congress, and anyone else claiming it's necessary for our own good. Assuming they trust the security, as we would be expected to, they should have absolutely no issue with putting their personal information at risk.
[ link to this | view in chronology ]
Movie sins style:
The good old "we know X is important BUT...". Ding.
Appeal to old, scared people. Try to sound patriotic. Ding.
Again, appeal to old, scared people. Also F***ing magnets, how do they work? Ding. Ding. That's 2 sins for repeating yourself
The "someone think of the children" argument. +4 sins
Oh for f**k's sake! +4 sins
Translation "we're really scraping the bottom of the barrel here guys". +2 sins
Blow up your door and blind your kid with a flashbang ?
Real terrorists keeps their detailed plans in the same drawer as their knickers.
+1 sin for the sheer stupidity of it all
Total: 17 sins.
Sentence: "We aren't seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law."
[ link to this | view in chronology ]
The Real Solution
Security is an afterthought to most software design because it isn't economical when you need to rush the product out the door to meet some marketing schedule.
[ link to this | view in chronology ]
Re: The Real Solution
So if the user sets "admin1234" as a password is it still the security vendor's fault?
[ link to this | view in chronology ]
Re: The Real Solution
[ link to this | view in chronology ]
Re: Re: The Real Solution
Cybersecurity Framework
[ link to this | view in chronology ]
I'm sure
(Hint - sarcasm)
[ link to this | view in chronology ]
How is this better?
Is it not better to imagine some other candidate who does NTO seem to fully understand the issue might in fact be brought to see reason?
The only candidate at the moment we know absolutely cannot see reason on this point is Clinton; she and her husband supported the Clipper Chip after all. So they know all too well the argument at hand and are working bring back Clipper in another form...
[ link to this | view in chronology ]
Backdoors and Front doors
[ link to this | view in chronology ]
The tables have turned.
He does this all the time. Now it's directed at you. Are you having fun yet?
[ link to this | view in chronology ]