from the who-takes-these-people-seriously? dept
Former Wall Street Journal publisher L. Gordon Crovitz still gets to publish opinion pieces in the WSJ. And while I often find them interesting, any time he touches on technology in almost any manner, he seems to fall flat on his face, often in embarrassing ways -- such as the time he insisted the internet
was invented by companies without government support (yes, he really argued that). Crovitz has also been strongly pro-surveillance state for years. He's
attacked Wikileaks and Chelsea Manning by blatantly taking quotes out of context, and then last year, writing a column about the Snowden leaks that showed
he doesn't understand even the basic facts. Crovitz tends to see the world the way he wants to see it, rather than the way it really is.
His latest is no exception, repeating a bunch of bogus or debunked claims to argue that
the tech industry should happily insert back doors into technology to aid in surveillance. He kicks it off by both repeating the false claim concerning how "subway bomber" Najibullah Zazi was caught, but also totally misunderstanding the difference between encrypting data on a device and encrypting data in transit:
It’s a good thing Najibullah Zazi didn’t have access to a modern iPhone or Android device a few years ago when he plotted to blow up New York City subway stations. He was caught because his email was tapped by intelligence agencies—a practice that Silicon Valley firms recently decided the U.S. government is no longer permitted.
Apple , Google, Facebook and others are playing with fire, or in the case of Zazi with a plot to blow up subway stations under Grand Central and Times Square on Sept. 11, 2009. An Afghanistan native living in the U.S., Zazi became a suspect when he used his unencrypted Yahoo email account to double-check with his al Qaeda handler in Pakistan about the precise chemical mix to complete his bombs. Zazi and his collaborators, identified through phone records, were arrested shortly after he sent an email announcing the imminent attacks: “The marriage is ready.”
Except, no. It wouldn't have mattered if he had a modern iPhone or Android device because whether or not email is encrypted is
entirely unrelated to whether or not data on the device is encrypted. What Apple and Google are promising now is to encrypt data on the device. Even if that was turned on, if you send an unencrypted email, it's still available to be viewed. Crovitz is comparing two completely different things and
doesn't seem to realize it. What kind of standards does the WSJ have when it allows such false arguments to be published uncritically?
Furthermore, the fact that Zazi sent an unencrypted email via Yahoo was a different issue. And Yahoo encrypted all its email connections a while ago, and no one freaked out at the time. Even so, that's unimportant, because law enforcement and the intelligence community can and do still read emails with a warrant. And, as was made clear by many in the analysis of the Zazi case, he had been
watched by law enforcement for a while. The phone encryption that Google and Apple are discussing would have had
no impact whatsoever on the Zazi case. So why even bring it up, other than pure surveillance state FUD?
But, to someone as ignorant of the basics as Crovitz, it's an opportunity to double down.
The Zazi example (he pleaded guilty to conspiracy charges and awaits sentencing) highlights the risks that Silicon Valley firms are taking with their reputations by making it impossible for intelligence agencies or law enforcement to gain access to these communications.
Except, again,
that's not true. Intelligence agencies and law enforcement would still have access to
communications in transit -- just not data held on his phone directly (which they wouldn't have unless they got the phone itself). Second, it still wouldn't be "impossible" to get the information. They could either crack the encryption or issue a subpoena ordering the phone's owner to unlock the data (or potentially face a potential contempt of court ruling). While there are some 5th Amendment concerns with that latter route, it's still not "impossible." And it's not about communications. Crovitz is just totally ignorant of what he's writing about.
Since then, U.S. and British officials have made numerous trips to Silicon Valley to explain the dangers. FBI Director James Comey gave a speech citing the case of a sex offender who lured a 12-year-old boy in Louisiana in 2010 using text messages, which were later obtained to get a murder conviction. “There should be no one in the U.S. above the law,” Mr. Comey said, “and also no places within the U.S. that are beyond the law.”
Again, different issue. The Louisiana case? That was
debunked a day later, and it wasn't because of access to the kind of information that would now be encrypted. As noted
by the Intercept:
In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.
Next thing you know, Crovitz will argue that all shoes should come pre-muddied so that law enforcement can track them. After all, how could law enforcement track down criminals who
don't leave a trail of muddy footprints?
Then Crovitz shifts to his own personal worldview -- insisting that the public actually doesn't want privacy or protection from the snooping eyes of government. He insists, the truth is the public really wants to be spied on.
It looks like Silicon Valley has misread public opinion. The initial media frenzy caused by the Edward Snowden leaks has been replaced by recognition that the National Security Agency is among the most lawyered agencies in the government. Contrary to initial media reports, the NSA does not listen willy-nilly to phone and email communications.
Last week, the Senate killed a bill once considered a sure thing. The bill would have created new barriers to the NSA obtaining phone metadata to connect the dots to identify terrorists and prevent their attacks. Phone companies, not the NSA, would have retained these records. There would have been greater risks of leaks of individual records. An unconstitutional privacy advocate would have been inserted into Foreign Intelligence Surveillance Court proceedings.
First off, no, the USA Freedom Act was
never "a sure thing." From the very beginning, it was considered a massive long shot. And, no it would not have "created new barriers" -- it would have merely made it clear that the NSA can't simply collect
everyone's data in the hopes of magically sifting through the haystack and finding connections. Also, Crovitz is flat out wrong (again!) that this would have led to a "greater risk" because the phone companies held the data. While this was the
key talking point among those who voted against it, it's simply incorrect. The telcos
already retain that information. The bill made no changes to what information telcos could and would retain. It only said that they shouldn't
also have to ship all that data to the NSA as well. There was no increased risk. Saying so is -- once again -- trumpeting Crovitz's ignorance.
Furthermore, the idea that the public is miraculously comfortable with the government spying on them... based on
the government voting against curtailing government surveillance is simply ludicrous. It doesn't even pass a basic laugh test. The Pew Research poll that tracks this issue most closely continues to show that the vast majority of people are
against NSA surveillance on American data, and the numbers who feel that way
have been growing consistently since the first of the Snowden revelations.
But let me repeat the assertion Crovitz made here, just to remind everyone of how idiotic it is: he's saying that
the public is now comfortable with surveillance because
Congress voted down surveillance reform. And he thinks this is obvious.
The lesson of the Snowden accusations is that citizens in a democracy make reasonable trade-offs between privacy and security once they have all the facts. As people realized that the rules-bound NSA poses little to no risk to their privacy, there was no reason to hamstring its operations. Likewise, law-abiding people know that there is little to no risk to their privacy when communications companies comply with U.S. court orders.
Facts, huh? It's kind of funny that he'd argue for the facts when he seems to be lacking in many of them. And he's wrong. There is tremendous risk to privacy, as illustrated by the fact that the NSA
regularly abused its powers to spy on Americans. Furthermore, he ignores (or is ignorant of the fact) that much of the data the NSA collects is also freely available to the CIA and FBI -- and that the FBI taps into it so often that it
doesn't even track how many times it dips into the database.
And of course,
none of this even bothers to point out that the reason why Google and Apple are increasing encryption is because it
makes us all much safer from
actual everyday threats -- including the very threats that the NSA and others in law enforcement keep warning us about. Making us all safer is a good thing, though, not to L. Gordon Crovitz, apparently.
Crovitz is either woefully clueless and misinformed or he's purposely misleading the American public. Neither reflects well on him or the Wall Street Journal.
Filed Under: encryption, fud, gordon crovitz, l. gordon crovitz, mobile encryption, najibullah zazi, surveillance
Companies: apple, google, wall street journal