Journalism Professor Dan Gillmor On Why You Should Support Techdirt's Crowdfunding Campaign
from the important-issues dept
With a little more than a week remaining in our crowdfunding campaign to support our coverage of the encryption fight, well known media commentator and professor Dan Gillmor offers his thoughts on why Techdirt's coverage is so important.
Help Techdirt Cut Through The Confusion In The Crypto Fight
The "FBI-versus-Apple" story of recent weeks has brought a vital issue to the front burner: whether we will have secure technology in the future–or at least the chance to have secure technology–or not.
In reality, this isn't only about Apple or the FBI. It's about the considerable weight of government in its zeal to have access to everything we say and do in the digital realm–which is to say, increasingly, almost everything we say and do.
The Obama administration, and governments around the world, believe they have an innate right to whatever information they want. This is a law-enforcement-first mentality, and in many ways an understandable one in a sometimes dangerous environment. But governments also want something they assuredly cannot have: a way to crack open our devices and communications, willy-nilly, when we're using encryption tools that make it difficult if not impossible to do so without users turning over the keys to their digital locks.
They call this a "privacy versus security" debate. It is, in fact, a "security versus security" issue: If they get backdoors into our devices, software and networks, they will–according to just about every reputable non-government security and encryption expert–guarantee that we will all be less secure in the end, because malicious hackers and criminals (some of whom work for government) will ultimately get access, too. Governments want magic math, and they can't have it. It's also a free speech issue, a huge one, because the government is telling Apple it has to write new code and sign it with a digital signature.
Sorry, this is binary. We have to choose. One choice is to acknowledge that bad guys have a way to have some secure conversations using encryption, thereby forcing law enforcement and spies to come up with other ways to find out what the bad guys are doing. The other choice is to reduce everyone's security, on the principle that we simply can't afford to let bad people use these tools.
Sadly, the journalism about this has been reprehensibly bad, at least until recently, outside of the tech press. Traditional Big Media basically parrot government people, including most recently President Obama himself, even though they're finally starting to wake up to what's happening. John Oliver's HBO program last Sunday was a sterling example of how media can treat this complex topic in a way that a) tells the truth; and b) explains things with great clarity.
Mike Masnick and his site, Techdirt, have been leaders in covering the way various liberties and technology intersect. Now they're crowdfunding to add more coverage of encryption and its ramifications. I'm supporting this initiative and hope you'll give it some thought as well. We need more such coverage, and we can depend on Mike and team to provide it.
Reposted from Dan Gillmor's blog
Help Techdirt Cut Through The Confusion In The Crypto Fight
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: crowdfunding, dan gillmor, encryption, going dark
Reader Comments
Subscribe: RSS
View by: Time | Thread
Thanks!
[ link to this | view in thread ]
Weakening US made encryption only serves to harm the US itself. And maybe the clueless criminals Tim loves to write about.
[ link to this | view in thread ]
Do you teach your students that it's good journalism to say that complex issues are binary?
[ link to this | view in thread ]
Re:
The point he's making is exactly right. Too many people -- especially on the policy side -- continue to believe that there is some sort of "middle ground." The point that Dan is making is that, in THIS case, it's not. If you weaken security, you weaken security for everyone. It is a binary decision.
He is not saying that all complex news stories are binary. But some of them are. This one is.
[ link to this | view in thread ]
Re:
That's a fairly binary question, phrased in those legal terms.
Yes or no?
[ link to this | view in thread ]
Re:
And when there are facts -mathematical realities- that only go one way, it is good journalism to report that they can only go one way, and to dispel the false position that there is a middle ground, or a legit debate around the issue.
You, AC, are basically demanding Gillmor adopt a "false equivalency" approach, because he's a journalism prof.
[ link to this | view in thread ]
Re: Re:
LIAR! This case isn't different from any other topic and does have a non binary solution which you fail to mention each and every time you write about the story.
THE GOLDEN KEY!
All you have to do to solve this problem is say the magic words, turn around 3 times, burn some sacred herbs (without inhaling ofc!) and the problem is solved. I really don't see how you or anyone else can miss that rather easy solution
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Either they've had a typical math education already, and can already do simple arithmetic adequately. Or, less likely, but still possible, they're now moving on into university-level mathematics, where algebra starts to get fun. Either way, not appropriate teaching material for a journalism professor.
So, no. Not ok.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Quite simply, law enforcement must not prevail and forcing speech out of Apple is only a very small portion as to why.
One day
Like many gone by
It will become
Encrypt or die
And this will hold true
For you or I [sic, frig off, poetic licenseez]
So smash it up
And let if fly
[ link to this | view in thread ]
Re:
.. maybe try again tomorrow?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
You offer no reason for why these two things are mutually exclusive. While many or even most topics have a middle ground between extreme points, this one does not.
"Do you teach your students that it's good journalism to say that complex issues are binary?"
You think it would be better to teach that no topic can be binary? That in itself would be an extreme position to take on a non-binary topic, making you a hypocrite.
[ link to this | view in thread ]
Re:
Study from Berkman Center at Harvard found that Techdirt had the most impact of any media property in the SOPA fight (see page 42, which lists us above EFF):
http://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/files/MediaCloud_Social_Mobilization_a nd_the_Networked_Public_Sphere_0.pdf
And, EFF Director Cindy Cohn has also recommended supporting our campaign:
https://www.techdirt.com/articles/20160301/17121133777/eff-director-cindy-cohn-why-you-should-suppor t-techdirts-encryption-crowdfunding-campaign.shtml
EFF and Techdirt are two different types of organizations, and we can work together quite well. Techdirt's reporting is helpful to the EFF in activating more people. But they need the kind of reporting that we can do.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Sure. You can make it out to Floor64 Inc and send it to our address listed on this page: http://www.floor64.com/contact.php
If you put it to my attention that probably doesn't hurt either.
[ link to this | view in thread ]
Re: Re:
While it's strange that you have to answer for the professor, it's clear that neither he nor you has not explained why THIS issue issue is so incredibly special that it's binary. Honestly, I'd rather him explain it, as you're proved over and over again that you abhor subtlety and make a living presenting most things as binary. Can the professor not speak for himself? Or is he too busy to explain anything--just like you always pretend to be?
[ link to this | view in thread ]
Re: Re: Re:
Let me see if I can explain it with an example.
You have a lock on your door. This lock is as secure as the manufacturer can make it, designed to keep 'bad guys' out of your house such that ideally only you, who has the key, can open it.
However, this lock can also keep out the 'good guys' who might want to have the ability to enter your house without a) you knowing about it, or b) having to ask you to unlock it. In response they claim that the lock maker specifically designed and marketed their locks as 'anti-good guy' locks, and demand that the lock maker make the lock weaker so that they can gain access, and/or create a special 'key' that they can use to unlock it themselves.
Here's where the problem lies. Any weakness introduced to the lock to allow the 'good guys' easier access makes it easier for the 'bad guys' to have access as well. Any key created for the 'good guys' is just one theft, or one 'misplacement' away from being in the hands of the 'bad guys' as well.
And the real kicker, the 'Nothing was gained but worse security' bit? While the general public is likely to still use the now vulnerable lock to protect their houses, whether because they don't know it's been weakened, or because of other factors, the bad guys can and will easily switch to a lock that doesn't have those weaknesses, putting the 'good guys' right back at square one when it comes to them.
The tl;dr version: Any security vulnerability can be used by 'bad guys' just as easily as it can be used by 'good guys'. There is not, and never will be, 'good guys only' security, and demanding it just because secure encryption stops both is demanding that security in general be weakened, making everything and everyone less secure.
[ link to this | view in thread ]
Re: Re: Re:
Ah, didn't realize it was you. Should have figured you'd resort to insults. But for someone who continually (wrongly) insists that I speak from an area of ignorance, it's kind of funny to see you now so sure that it's not a binary situation at all, which is only displaying your ignorance of cryptography.
The issue was already well explained by That One Guy, but to add to his response even further: cryptography is not easy. The whole point of strong cryptography is building system that only let the intended person (singular) in. But there are always vulnerabilities or the possibility of vulnerabilities, and the job of cryptographers/security professionals is to block all of those. But any time you make any change to a cryptographic solution, you are almost certainly introducing new vulnerabilities.
That's the part of this that so few people seem to understand. The government is asking for:
(1) Apple to add in a new vulnerability, which will be added without significant or widespread testing to make sure it's truly safe.
(2) That new vulnerability almost certainly will create other vulnerabilities. This is just a fundamental thing in cryptography.
(3) However, rather than with any other system whereby there would be a targeted effort to fix those vulnerabilities, that won't be possible here, because the vulnerability will be demanded by the courts and purposely put into place.
The level of disaster this can cause for everyone could be massive. You're basically undermining how *computer security itself* works, and handcuffing the people who fix things.
The end result is that you and everyone else are almost certainly less safe. And that's why this choice is binary. People who don't know any better *think* that there are shades of gray here. And in lots of situations there are shades of gray. But in cryptography, if it's not fully encrypted, it's like it's not encrypted at all. It's open. This isn't "oh, open a tiny door and then throw away the key." This is "punch a giant hole in the damn" and then pretend it won't wipe out all the lands downstream.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
In cryptographically-secured communication, as is true with communication in general, both signal and context are necessary to receive a message. An eavesdropper may decrypt a coded signal, but lack a critical piece of context.
Or, considering just the coded signal, there are quite a few known examples of systems partially broken. One rather well-known example, is the identification of “AF” during WWII:
[ link to this | view in thread ]
Re: Re: Re: Re:
Just to take my own practices—for a long time, I had a policy in place that machines were secured against remote threats, but not so locked down that an admin with physical access and time could not break in—and recover (most) data. During that period, I generally evaluated the risks from accidental data loss as greater than the risk of undetected physical intrusion.
The problem is that threat environments vary dynamically. A server with a 24/7 guard lives in a different world than a mobile device.
You can make it easier for authorized personnel to gain access than unauthorized intruders in specific situations, for limited periods of time. But you can't do that in general, forever. Advantages are temporary. When circumstances change, the policies need to change in response. Attacks get better over time, and defenses must adjust to that reality.
Today, individual citizens face nation-state level attackers.
[ link to this | view in thread ]
Re: Re: Re: Re:
Let's start with first principles: Why do you suppose that being able to encrypt my iPhone such that no one else in the world can ever see what's on it makes me safer in the first place? Safer from what? How do you know that letting the government get into any iPhone with a warrant doesn't make me safer? You just assume that more cryptography is always better. Why?
That said, isn't it true that this vulnerability already exists? Apple already has the key that can sign the update that can disable the iPhone self-destruct. Why is it that everything is fine now if the potential to break the dam is already sitting there in Cupertino?
[ link to this | view in thread ]
Re:
Do take a look.
[ link to this | view in thread ]