William Barr Turns Up The Heat On The DOJ's Anti-Encryption Rhetoric
from the 4000-words,-zero-concessions dept
The DOJ has now spent more than a year dodging an obligation it created itself. For years, FBI directors and DOJ officials have told anyone who'd listen -- conference attendees, Congressional reps, law enforcement officials -- the world was going dark. Device encryption was making it far more difficult for the FBI to collect evidence from seized devices and the problem was escalating exponentially.
It wasn't. Every new "going dark" speech contained a larger number of impenetrable devices the FBI was sure contained all sorts of juicy evidence. When the FBI was asked about these devices by members of Congress, it finally decided to take a look at its numbers. The numbers were wrong. The FBI said there were around 8,000 locked devices in its possession. In reality, the number is probably less than 2,500.
The problem is we don't actually know what the correct number is. The DOJ has been promising an update since May 2018, but it has yet to release this number. Instead, it has released the mouth of its top man -- William Barr, a longtime fan of domestic surveillance.
Barr's keynote address to the International Conference on Cyber Security didn't deal much with cybersecurity. Instead, it was 4,000-word anti-encryption rant. William Barr wants encryption backdoors. There's no use in the DOJ denying after his verbal assault on device encryption and device manufacturers. There is no subtlety and no hedging. The only concession Barr makes is that encryption shouldn't vanish entirely. But any form of encryption that remains should leave a key under the doormat for the G-men.
While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society’s ability to defend itself against other types of criminal threats. In other words, making our virtual world more secure should not come at the expense of making us more vulnerable in the real world. But, unfortunately, this is what we are seeing today.
Service providers, device manufacturers and application developers are developing and deploying encryption that can only be decrypted by the end user or customer, and they are refusing to provide technology that allows for lawful access by law enforcement agencies in appropriate circumstances. As a result, law enforcement agencies are increasingly prevented from accessing communications in transit or data stored on cell phones or computers, even with a warrant based on probable cause to believe that criminal activity is underway. Because, in the digital age, the bulk of evidence is becoming digital, this form of “warrant proof” encryption poses a grave threat to public safety by extinguishing the ability of law enforcement to obtain evidence essential to detecting and investigating crimes. It allows criminals to operate with impunity, hiding their activities under an impenetrable cloak of secrecy.
According to Barr, the government has a right to the contents of encrypted devices. He attempts to draw this conclusion by referring repeatedly to the Fourth Amendment. This safeguards citizens against unreasonable searches. Unreasonable searches can be performed as long as the government has a warrant. That's as far as Barr takes this line of thought. As he sees it, encryption shouldn't be able to nullify a search warrant. He believes encryption does this.
The Fourth Amendment strikes a balance between the individual citizen's interest in conducting certain affairs in private and the general public's interest in subjecting possible criminal activity to investigation. It does so, on the one hand, by securing for each individual a private enclave around his “person, house, papers, and effects” — a "zone" bounded by the individual's own reasonable expectations of privacy. So long as the individual acts within this "zone of privacy,” his activities are shielded from unreasonable Government investigation. On the other hand, the Fourth Amendment establishes that, under certain circumstances, the public has a legitimate need to gain access to an individual’s zone of privacy in pursuit of public safety, and it defines the terms under which the Government may obtain that access. When the Government has probable cause to believe that evidence of a crime is within an individual’s zone of privacy, the Government is entitled to search for or seize the evidence, and the search usually must be preceded by a judicial determination that "probable cause" exists and be authorized by a warrant.
Nothing is preventing the government from seizing devices. The warrant can still accomplish that. What Barr is arguing is that the Fourth Amendment guarantees government access to evidence, which it doesn't. It only gives it the right to search for it. A search warrant may result in a searched house or vehicle, but there's no guarantee any useful evidence will be recovered. The evidence it's looking for may not be on the premises. Or it may reside in a safe law enforcement isn't able to crack. Or it simply may not exist at all.
The "locked safe" is the closest equivalent to an encrypted device. The government is free to continue trying to open the safe, but the warrant only allows it to seize evidence or items likely to contain evidence. It doesn't obligate the safe manufacturer to build master keys for all safes and distribute them to law enforcement. Encryption backdoors make that demand. And they make that demand of any device manufacturer or software developer that secures customers' communications and data with encryption.
So, how does Barr think this will be accomplished? It appears he thinks everyone else should spend time figuring that out and let the DOJ get back to the difficult work of not answering questions about the FBI's encrypted device stash.
He thinks the courts should fix it, pointing to the Supreme Court's 1925(!!) decision creating the automobile exception to search warrant requirements. He feels this concession to law enforcement (one that's abused frequently by cops searching for seizable cash) should be followed by more concessions. Courts may not be able to order across-the-board backdoors, but they can create useful precedents for compelled access -- either for device owners or device manufacturers.
He thinks society in general should fix this, even if it can't contribute directly. What society can do is stop arguing about the deliberate weakening of encryption and just accept the fact that governments (and whoever else can find the backdoor) should have access to their communications and data. It's a sacrifice we, the people, should be willing to make for our government, which pretty much has only its own interests in mind.
And Barr thinks the tech community should fix it. He lists a bunch of bad proposals, one of which was proposed by none other than the UK's version of the NSA. He talks up Ray Ozzie's take on key escrow and (former GCHQ security specialist) Matt Tait's "layered envelopes" pitch he made for a blog that's headed by noted surveillance state apologist, Ben Wittes. Those are the "experts:" the GCHQ, a former GCHQ employee, and a software pioneer.
Barr says the real risk posed by compromised encryption is worth it. He doesn't explain how it's worth to the millions of people he'll put at risk in exchange for law enforcement access, but he seems to assume we'll all feel much better about it when criminals start disappearing from the streets.
[T]he argument is that a business is thwarted in its purpose of offering the best protection against bad actors unless it can also override society’s interest in retaining lawful access. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access. But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability — a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products. The real question is whether the residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. The Department does not believe this can be demonstrated.
In the end, Barr hopes we'll be hit with a tragedy so awful, Congress will decide to end the debate by outlawing un-backdoored encryption.
Obviously, the Department would like to engage with the private sector in exploring solutions that will provide lawful access. While we remain open to a cooperative approach, the time to achieve that may be limited. Key countries, including important allies, have been moving toward legislative and regulatory solutions. I think it is prudent to anticipate that a major incident may well occur at any time that will galvanize public opinion on these issues.
This is much worse than the handful of spoken asides uttered by FBI directors and a handful of DOJ officials. This was the only focus of Barr's 4,000-word keynote address. He spent a few words at the opening to at least indicate to the crowd he knew where he was (a cybersecurity conference) before spending the rest of it arguing against effective encryption. This is Barr's DOJ and, by extension, his FBI. This is the issue the DOJ's going to run with as long as he's in charge.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, doj, encryption, security, william barr
Reader Comments
Subscribe: RSS
View by: Time | Thread
OK, what are the real reasons?
Government routinely violates the rules set by the Constitution. If Barr thinks giving them more ability to violate the rules is something we will think is good, then he is either more crazy or more authoritarian than any good, law abiding, Constitution loving citizens should be.
His comments about the 4th Amendment are merely a smoke screen. The 4th Amendment would be important if he was acting with prosecution in mind, but the government has proven time and again that it often acts without intending to pursue a legal course, but as a mere exercise of power. And, while the courts and legislatures have authorized wire tapping with warrants, they have not authorized that the government has a right to access all communications, all the time, which is what weakened encryption will provide, and those intercepts will likely not be detectable. At least by the common person.
He also downplays the negative aspects of 'risk' due to encryption back doors. The economic disaster as eCommerce, eBanking, communications over IP (and probably others) crumble will not be easily overcome, if it can be overcome.
This is all about power and control.
[ link to this | view in chronology ]
Re: OK, what are the real reasons?
Barr knows all about that; he was instrumental in convincing Bush 41 to pardon the Iran-Contra conspirators.
He's an authoritarian, all right; always has been. He's a "law and order" type -- which is, of course, a dog whistle that means "harsh punishments for poor people, rampant corruption for the rich."
Today he's in the news for reinstating the federal death penalty. Yesterday he was in the news for ignoring a congressional subpoena. Laws are for the little people.
[ link to this | view in chronology ]
Re: Re: OK, what are the real reasons?
What do you call a being capable of hearing a dog whistle?
[ link to this | view in chronology ]
Intelligent.
[ link to this | view in chronology ]
Re:
Nah, plenty of people who aren't very intelligent understand what politicians mean when they talk about "law and order".
[ link to this | view in chronology ]
Re: Re: Re: OK, what are the real reasons?
What do you call being capable of understanding a metaphor?
[ link to this | view in chronology ]
Re: Re: Re: Re: OK, what are the real reasons?
Someone like something else?
[ link to this | view in chronology ]
Re: Re: Re: OK, what are the real reasons?
Mason: What is your position on forcing private companies to build-in government backdoors to encryption solutions, and what are the reasons for your position?
[ link to this | view in chronology ]
Re: Re: Re: Re: OK, what are the real reasons?
My position is that the concept of encryption that can be broken only by the good guys and not by the bad guys makes exactly as much sense as the concept of a gun that's only capable of shooting bad guys but not good guys.
Encryption is a matter of mathematics; deciding who are the good guys and the bad guys is a matter of morality. The two are very different realms and trying to make math be constrained by morality, when you actually think of it in those terms, is absurd.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: OK, what are the real reasons?
And from a practical perspective, it's a useless crusade, because let's say Barr gets his way and Congress requires backdoored encryption of Apple and Google and all the rest. Well, people with nefarious intent will just download software written in other countries by people who aren't subject to and don't care what Congress says, and the G-men still won't be able to read their stuff.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: OK, what are the real reasons?
It is not useless if your intent is to be able to monitor for and disrupt things like protests against proposed laws, or be able to catch whistle blowers.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: OK, what are the real reasons?
But of course that's not how it would work. It wouldn't be good vs. bad, it would be law enforcement / intelligence vs. everyone else. The law would tell us who shall have access (cf. CALEA); there's no need for it to justify that.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: OK, what are the real reasons?
The problem there is that math doesn't recognize the difference between "law enforcement" and "everyone else" either.
For an analog example think about a lock. Maybe a company comes along and makes a door that is completely impossible to smash down...the only way in is with a key. If the manufacturer was compelled to make a "law enforcement only" master key (or password) it would become HUGELY valuable to criminals because it would give them free access to everyone's houses. And if only one copy of that key sees daylight the baddies could make duplicates to their hearts content, suddenly the doors would no longer be secure.
So for encryption, once someone learns the super secret cops only method to decrypt communications, the entire platform is compromised.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: OK, what are the real reasons?
What on earth are you talking about? There is no way that ANY cop would ever let that key out of their possession. You are just making this stuff up. /sarc
[ link to this | view in chronology ]
Re: Re: Re: OK, what are the real reasons?
A very lucky person, I wonder what the trainer had to do to teach a dog to whistle.
Was the dog's name Peabody?
[ link to this | view in chronology ]
Re: Re: Re: OK, what are the real reasons?
"What do you call a being capable of hearing a dog whistle?"
What does one call somebody who blindly obeys the orders of their cult leader regardless of legality?
[ link to this | view in chronology ]
Somebody who blindly obeys...
Commonplace.
If we are to believe that human beings are typically not rational or self-aware enough to steer clear of gambling- or drug-addiction, then we should also recognize that they're also not rational or self-aware enough to steer clear of charismatic fraudsters.
But that would likely mean ousting the majority of elected officials and plenty of appointed ones.
Sortition is looking really good these days.
[ link to this | view in chronology ]
Re: Somebody who blindly obeys...
Sortition .. had to look that up.
Ranked voting may help, idk about sortition
[ link to this | view in chronology ]
Re: Re: Somebody who blindly obeys...
I actually think approval voting as opposed to ranked choice voting would work much better. It would play out more in local and state races under the system we have now, but it could serve to make third party moderate candidates more viable.
[ link to this | view in chronology ]
Re: Re: Re: Somebody who blindly obeys...
All that only works if we know who is counting the votes and can verify independantly from government. That kind of blind trust in government Flew out the window in 1963 for me.
[ link to this | view in chronology ]
Re: Re: Re: Re: Somebody who blindly obeys...
"All that only works if we know who is counting the votes and can verify independantly from government. That kind of blind trust in government Flew out the window in 1963 for me."
Yup. No one said there was only one issue needing attention.
[ link to this | view in chronology ]
Re: Somebody who blindly obeys...
Uriel.. you should write a comic strip daily!
[ link to this | view in chronology ]
Re: OK, real reason
yup, Barr's an authoritarian.
but name a modern AG that was not an authoritarian and upheld the Constitution
while you're at it -- define "rule of law"
[ link to this | view in chronology ]
Re: Re: OK, real reason
and upheld the Constitution
Supporting qualified immunity, good faith exception, border exception, and plea bargains, make me question the US administrations commitment to the constitution.
[ link to this | view in chronology ]
Re: Re: Re: OK, real reason
What spaceship did you just climb off of? Of course those people have been two-steppin, sidesteppin and doing any kind of dance that works to get around the US Constitution for decades.
[ link to this | view in chronology ]
Re: Re: Re: Re: OK, real reason
Well - of course ... so no need to even mention it anymore, huh.
Bet some would like that, run for the shadows they do.
[ link to this | view in chronology ]
Re: Re: OK, real reason
"yup, Barr's an authoritarian.
but name a modern AG that was not an authoritarian and upheld the Constitution
while you're at it -- define "rule of law""
The answer to your question does nothing to absolve or convict Barr of the allegations being made.
Everyone else is doing it does not change anything about the topic at hand, if you do not understand this, I suggest you go ask your mother.
[ link to this | view in chronology ]
Re: OK, what are the real reasons?
Some cops today are so brainwashed, its impossible to look them square in the face without seing the craziness in their eyes.
[ link to this | view in chronology ]
Re: Re: OK, what are the real reasons?
They may see that as a sign of aggression, similar to that found in the wild kingdom.
[ link to this | view in chronology ]
They have access
What seems strange to me here is that the feds already have access to the data...they can pull all the 1's and 0's they want of their seized phones. The problem is that the data is written in a language they can't read (encrypted). Instead of the safe analogy, something more apt may be: the FBI has a stack of papers written in gibberish and it wants the typewriter manufacturer to decode them.
Or better yet, consider the Enigma machine the Germans used in WW2. The machine was manual encryption, there was some wheels and dials anf plugs and when you typed in a letter it output another letter based on the initial settings. Unless you ad another machine woth the same starting settings it was nearly impossible to crack... Until Its code was famously cracked.
But what if you made an improved Enigma? An analog device where a user could specify a begining state and communicate securely with anyone he chose to share that setting with? Would you be obligated to find a way to crack your own device's code so the FBI ( or whoever) decided they wanted to read what he was saying?
[ link to this | view in chronology ]
Re: They have access
Some form of this insight does come up every time Techdirt discusses the current government desire for encryption backdoors.
A common way it comes up, for instance, is the well known use of coded language between dealers and buyers, phrases which seem innocuous but carry a hidden meaning known only to those who participate in the conversation (in theory anyway). No amount of warrants can compel the meaning of those messages. They can get the content, but the meaning remains hidden.
[ link to this | view in chronology ]
Re: Re: They have access
No, that's when good old fashioned policing comes in, where you find someone who does understand those meanings that you have leverage over and flip him to your side.
[ link to this | view in chronology ]
Re: Re: Re: They have access
Metaphors are not, by definition, intended to have a one-to-one perfect relationship to what they symbolically represent.
They can't just go to the coded speech vendor who gave them the coded langauge and get the cypher. They have to find another criminal, whom they can give leniency for their crimes to testify about the existence of coded language and his knowledge that a specific person uses this language to hide evidence of this crime. And until you find other evidence, that coded language still isn't clear evidence of a crime, only indicative of one in so far as we can believe the snitch. The point of coded language like this, like dog whistles, is that they can always claim that it was all innocuous and the deeper meaning isn't actually there. Reasonable doubt will always exist as to the existence of a deeper meaning of the coded language until other evidence pushes the needle.
But in encryption, there is a coded speech vendor. And the communications are gibberish. The point of assessing encrypted speech with the metaphor of coded language in communications is to point out that the argument that you could in the past get the content of communications with a warrant is a failed argument because the warrant might get the contents, but that was no guarantee that you understood what was being communicated.
[ link to this | view in chronology ]
Re: Re: Re: Re: They have access
That's what I was talking about.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: They have access
Yes, I was acknowledging that, and then highlighting the differences between that and encryption and why its not an appropriate connection to draw when using coded langauge as a metaphor for encryption. Your 'point', in so much as you had one, deemed to be that the police could possibly get the meaning of communications with a ton of extra work after the communication is acquired, whereas my point was that a warrant did not get you meaning.
If you were not trying to disagree with me, starting with the word 'no' was not an effective technique.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: They have access
I was only addressing the issue that you brought up with coded language, not the encryption issue. My use of the word 'no' was actually a shorthand agreement with your point. It's a common convention in this language we call English.
YOU: "No amount of warrants can compel the meaning of those messages."
ME: "No (they can't), that's when good old fashioned policing comes in, where you find someone who does understand those meanings that you have leverage over and flip him to your side."
[ link to this | view in chronology ]
Pressuring informants
The defense against informants was demonstrated in the Pizza Connection in which heroin and cocaine were moved through a pizza franchise. The code names would be alternated, swapped and changed around every week or so, so that it was unclear what was being sold along with a whole lot of pizza.
Eventually an investigation lead to convictions, but not until after years of baffling the FBI while they had devoted immense manpower analyzing the system.
It's a story that deserves a police procedural / historical drama, but that sort of thing doesn't excite Hollywood these days.
[ link to this | view in chronology ]
Re: Re: Re: They have access
Like Columbo!
[ link to this | view in chronology ]
And English only!
I agree with Barr! And what if someone uses some language that the cops don't know? How are they going to search that? The government itself used Native Americans in WWII to send radio messages in native language to protect from Japanese interception. And it worked! That's why we need an English only law. An the sooner the better!
[ link to this | view in chronology ]
Re: And English only!
Yes, because the whole word will only ever communicate in English if the US government says so.
What a stupid, shortsighted, and troll baiting comment.
[ link to this | view in chronology ]
Re: Re: And English only!
I expect someone was going for sarcasm to highlight the stupidity of Barr's commentary, but Poe's law came into effect.
[ link to this | view in chronology ]
Re: Re: Re: And English only!
I'll admit I mistook the language as non-sarcastic because of the use of anonymous coward in the name.
But rereading it I can see the sarcasm.
[ link to this | view in chronology ]
Google-style translators are getting pretty good.
I read a clear <sarc>...</sarc> in there. So yeah, an incident of Poe's law.
[ link to this | view in chronology ]
Re: Google-style translators are getting pretty good.
There’s members of the US congress saying similar things. You really can’t tell
[ link to this | view in chronology ]
Re: And English only!
Are you one of those crazy people who yell at others when they speak a foreign language? I have not seen this in person but have read about it, seems these folk need professional help.
[ link to this | view in chronology ]
Re: And English only!
I can’t imagine being so paranoid as to think that in a naturally multilingual society that anyone not speaking the only language you’ve ever bothered to learn must be an enemy. Let alone be willing to destroy large amounts of your global and tourist economy to feel safe. Yet here you are, you silly little coward.
[ link to this | view in chronology ]
Re: Re: And English only!
As others have pointed out they are almost certainly being sarcasting.
Also that is the exact position anyone trying to mandate "authorized access" is taking.
[ link to this | view in chronology ]
Barr with me a moment.
I think it is prudent to anticipate that a major incident may well occur at any time that will galvanize public opinion on these issues.
Sure the events will occur and have to some extent but I dont think the public's opinions will go the way the FBI wants.
I believe an event like that already happened when the FBI tried to force Apple to decrypt a terrorists phone in California. Afterwards a lot of people tried to get a newer apple phone or install updates on their current software because they realized the government will abuse it's power.
He can scream and whine all he wants but people, especially younger generations have repeatedly been told to protect themselves so I don't think he will ever get the majority of public opinion on his side.
[ link to this | view in chronology ]
Dear Mr. Barr,
We are in the process of implementing the backdoor you requested. However, for it to actually work, we need one minor change to the law.
It will be necessary to require everyone to calculate 2+2 with a result of 5. As you represent the government, it is time for you to stop complaining about noncooperation and begin to cooperate. As soon as this law is fully enforced, and all textbooks and calculating devices modified to comply, we can roll out your encryption backdoor. Note, however, that this must be a worldwide effort. If even one Ruritanian terrorist calculates 2+2=4, the backdoor will fail.
That is a job for government. It is time for you sociopathic tyrants to stop whining about what is impossible and just legislate harder.
Alternatively, you could simply get your department to do its job as if evidence of a crime could exist outside of a cell phone. You may, however, consider this the more difficult option.
Sincerely,
Everyone who ever passed a graduate-level abstract mathematics course.
[ link to this | view in chronology ]
You know he's not talking about an incident where a "minor lessening of security" resulted in the entire federal employee database being leaked, resulting in identity information for millions of people being in the wild. Because that wouldn't ever happen. The government is on top of this security thing. /s
[ link to this | view in chronology ]
Re:
Correct. He is talking about something catastrophic, maybe like 9/11. The problem he would have then (not that it would matter much, see Patriot Act and how it came about) is for him to prove that it could have been stopped if and only if the Government had access to encrypted communications.
[ link to this | view in chronology ]
Society wants this?
So when someone has to pay taxes it is the evil government taking the money. When the government wants to steal your information then all of a sudden it is "society" protecting itself.
[ link to this | view in chronology ]
criminals start disappearing from the streets
I'd feel better if they started disappearing from government buildings.
[ link to this | view in chronology ]
We have seen the laws in australia work, where the government can use a warrant to acess any data base ,and employees if tech companys have
been forced to give acess to any data the police want to see.
Companys have moved their data to servers in different countrys ,
its a disaster for the software industry.
Foreign companys do not want to work with australian companys
as they do not trust any person based in australia to protect user data
AS thy can be forced to give up encryption keys to the police .Since the iphone was invented i cannot think of 1 case where it was essential
for police to acess data on an encrypted device .
Police can easily get a warrant to acess users data from isp,s , phone
companys , web browsing, emails ,gps location etc
with a court warrant .
just because you use might phone with encrypted data does not mean
the government knows nothing about you.
Cars in the usa are constantly tracked by camera,s and license plate readers .
America is not russia , the constitution places limits on the government
versus users rights to privacy .
[ link to this | view in chronology ]
You First, Mr. William Barr
If you think so much of your "good guys only" backdoor, Mr. Barr, I want to see you use a system implementing it for all communications for a few years, with your very own personal Red Team trying to hack you every step of the way. (Hint: I know a professional or three who'd be more than happy to knock that backdoor of yours over, given the chance...)
[ link to this | view in chronology ]
The usual arguments...
~ Magic pixie-dusted unicorn keys. We might as well try to make bullets that only kill bad people. Countless efforts to backdoor security for law-enforcement purposes have backfired with keys released to the public.
~ Steganography already exists that will counter this: we can encrypt data to look like garbage in unused memory sectors. And the courts could lock people up for contempt for not decoding their unused sectors.
~ Also we already have encryption with multiple accounts and multiple keys, so a suspect can unlock his phone while still hiding secrets. And consequently, a court can hold a suspect for contempt for not unlocking all his (her) accounts.
[ link to this | view in chronology ]
Simply define 'was shot by police' as 'was a bad' person...
~ Magic pixie-dusted unicorn keys. We might as well try to make bullets that only kill bad people. Countless efforts to backdoor security for law-enforcement purposes have backfired with keys released to the public.
Bad example, we already have those. One needs only look to police shootings and the rare trial that results from them, where if the victim wasn't a bad person before they were shot they most certainly were after.
[ link to this | view in chronology ]
Re: The usual arguments...
Really bullets which only shoot bad people would be easier than backdooring encryption securely. Then they "only" need perfectly guided projectiles that can see and evaluate context visually like seeing them posing a legitimate threat. Having munitions which only shoot uniformed, armed combatants, or actively threatening (say strangling an innocent) would technically be possible but require a shitload of research and engineering to produce stupidly expensive "bullets" which resemble minature cruise missiles with orders of magnitude more cost and make the F-15 project look like a cheap, fast, and unprecedentedly efficient operation.
Meanwhile "keys only good guys can use legitimately" is literally impossible on several levels such as the reversible mathematical functions somehow varying in state based on things it cannot even be judged mathematically - let alone something intrinsic to the encryption.
[ link to this | view in chronology ]
Re: Re: The usual arguments...
Dont wear a ski mask in public. The discerning bullets will think you are trying to rob someone.
[ link to this | view in chronology ]
Going Dark? No! Growing Lazy
The DOJ has now spent more than a year dodging an obligation it created itself. For years, FBI directors and DOJ officials have told anyone who'd listen -- conference attendees, Congressional reps, law enforcement officials -- the world was going dark.
Please, would someone remind the statist mandarin of an attorney general (ie William Barr) that the tired law enforcement trope of going dark is pure unadulterated hokum.
In 2018 law enforcement is operating in the golden age of surveilance.
Italicized/bold text was excerpted from the website stanford.edu found within a report titled -
‘Going Dark’ Versus a ‘Golden Age for Surveillance’:
We are in a new age where most people carry a tracking device, the mobile phone. Location information comes standard with a wireless network – the phone company needs to know where your phone is to send you the call.A specific cell handles the call, so the network knows what cell you are in. Location information is tremendously useful for law enforcement and national security agencies. It can put a suspect at the scene of a crime, or establish an alibi. It can act as a “bug” without the need for the agency to place a bug on the suspect’s person or property.
The evidence suggests, furthermore, that the degradation of wiretap capability has been modest at most, and—atleast statistically—wiretaps have become more useful over time. The number of wiretap orders implemented in the U.S. has grown steadily the last two decades. According to publcally available statistics, court approved wiretaps are now at a record high: 3,194 wiretap court orders were issued for the interception of electronic, wire,or oral communications in 2010, a 34% increase from the 2,376 issued in 2009. In the six instances where encryption was encountered, it did not prevent law enforcement from retrieving the plaintext forms of communication.
These numbers actually understate the expansion of wiretapping in the U.S., in part due to the shift to “roving”wiretaps. In earlier years, separate court orders were required for each device used by the target of an investigation. Over time, however, Congress authorized roving wiretaps so that one wiretap order could apply to all the devices used by a suspect. Additionally, wiretaps were authorized by investigation, rather than for each individual target within an investigation. This means that the statistics understate the growth in actual use of wiretaps.
What explains the agencies’ sense of loss when the use of wiretaps has expanded, encryption has not been an important obstacle, and agencies have gained new location, contact, and other information? One answer comes from behavioral economics and psychology, which has drawn academic attention to concepts such as “loss aversion” and the “endowment effect.” “Loss aversion” refers to the tendency to prefer avoiding losses toacquiring gains of similar value. This concept also helps explain the “endowment effect” – the theory that people place higher value on goods they own versus comparable goods they do not own. Applied to surveillance, the idea is that agencies feel the loss of one technique more than they feel an equal-sized gain from other techniques. Whether based on the language of behavioral economics or simply on common sense, we are familiar with the human tendency to “pocket our gains” – assume we deserve the good things that come our way,but complain about the bad things, even if the good things are more important.
A simple test can help the reader decide between the “going dark” and “golden age of surveillance” hypotheses.Suppose the agencies had a choice of a 1990-era package or a 2011-era package. The first package wouldinclude the wiretap authorities as they existed pre-encryption, but would lack the new techniques for locationtracking, confederate identification, access to multiple databases, and data mining. The second package wouldmatch current capabilities: some encryption-related obstacles, but increased use of wiretaps, as well as the capabilities for location tracking, confederate tracking and data mining. The second package is clearly superior -the new surveillance tools assist a vast range of investigations, whereas wiretaps apply only to a small subset of key investigations. The new tools are used far more frequently and provide granular data to assist investigators.
https://stanford.edu/~jmayer/law696/week8/Going%20Dark%20or%20Golden%20Age.pdf
[ link to this | view in chronology ]
Kiss My Patootie, Barr!
Barr can bloviate all he likes, but it ain't gonna happen. Us programmers will always be able to circumvent any idiot laws those bozos pass to criminalize encryption.
[ link to this | view in chronology ]
Put up or shut up
As with all calls like this the response is simple: The public will consider implementing it only if those pushing the proposal adopt it first for themselves. If crippled encryption is a worthwhile trade then they can start with their own encryption, from the agency itself all the way down to the individuals employed by it.
Somehow I suspect that if Barr knew that mandating broken encryption would hit him first he'd lose a lot of that gung-ho attitude for it.
[ link to this | view in chronology ]
Re: Put up or shut up
The problem is it won't be the public implementing of it, it will be the corrupt Congress, who we know from past experience not only will exempt themselves. but listen to their biggest contributors rather than their constituents. The problem with that is that it will take some time (months, years) before their bank accounts, credit cards, debit cards, personal communications (all not part of the exemption) are impacted and maybe some additional time (more months or years) before they become aware of it, as companies try to twist and encumber and obfuscate and lie about information so as to deflect responsibility.
In the mean time there will be prosecutions of various Internet related companies who will pay fines for not protecting the 'private' data who will not be exonerated when it is found that the bad guys got in though the encryption back doors mandated by Congress. That is, if the encryption mandate actually passes Constitutionals tests (which may or may not be expected from the current court, breath holding not recommended).
[ link to this | view in chronology ]
Do you trust a government that would hand out actual military hardware to fictitious police agencies with keeping the skeleton keys to the backdoors?
[ link to this | view in chronology ]
Barr says the real risk posed by compromised encryption is worth it. He doesn't explain how it's worth to the millions of people he'll put at risk in exchange for law enforcement access, but he seems to assume we'll all feel much better about it when criminals start disappearing from the streets.
Yeah, just like stealing cash from drivers makes the criminals disappear from the streets even though the people are never charged with a crime or prosecuted. Just taking their money will make them disappear.
[ link to this | view in chronology ]
Never trust a cop
Real-life example #1,562,391x10*3 of why you never trust a cop (or any other LEO).
[ link to this | view in chronology ]
Re: Why do those meanies call is Raaaacist!?
Who could have expected the swamp slime hired to the AG position explicitly to lie about and bury the Mueller report would be capable of lying about other subjects too?
[ link to this | view in chronology ]
Change my mind
Only public officials who have disclosed their taxes should be allowed to call for encryption back doors.
[ link to this | view in chronology ]
Australia leads the way of anti-encryption - thanks Peter Dutton
[ link to this | view in chronology ]