
Encryption, Privacy Are Larger Issues Than Fighting Terrorism - Osiris30
http://www.npr.org/2016/03/14/470347719/encryption-and-privacy-are-larger-issues-than-fighting-terrorism-clarke-says
======
jacquesm
> No, David. If I were in the job now, I would have simply told the FBI to
> call Fort Meade, the headquarters of the National Security Agency, and NSA
> would have solved this problem for them. They're not as interested in
> solving the problem as they are in getting a legal precedent.

That's quite the quote, especially given his history of employment.

The weirdest thing about this whole cell-phone saga to me is that the perps
are dead, did not appear to be part of some organized group and that very
little could be done to them that hasn't been done already based on evidence
found on the phone.

Then there is the bit that a lot of the information that is on the phone is
_also_ already in the log files of the carriers. It's as if that phone somehow
magically is going to yield an entirely new class of information that may not
even exist in the first place.

To me it has been evident from day one that this is not about this phone or
the data that's on it but just about the legal precedent, getting it in black-
and-white from the former head of counter terrorism is quite an indictment of
his successors.

~~~
monk_e_boy
No the weirdest thing is that Apple is standing up to the government. Isn't
that just wrong? You, the people choose the government, so in effect Apple is
standing up to the people of America and saying 'no'. If you the people didn't
want the FBI to be bullish then choose a different government.

It feels to me (an outsider) that it's the government that is out of control
and is not accountable to the people.

~~~
winter_blue
It seems like the country is 50-50 divided on this. But more importantly,
individual liberty is more important than majority rule. When the founding
fathers created this country, they cared deeply about individual liberty, and
worried about a tyranny of the majority. Even if a super-majority wants to
deprive an individual or a minority group of its rights, they should not be
allowed to.

A free country's first commitment is to personal liberty, and only secondly to
democracy.

~~~
geggam
by definition a democracy is a tyranny of majority.... i think you mean
secondary to the republic

~~~
themartorana
No, it's to the Republic to make sure the ideals of true democracy take a
secondary place to individual liberty for the very reason that true democracy
can be tyrannical. That's why the Republic comes before the democracy.

------
jccc
Before you comment, please consider whether you'd prefer to vent your
frustration in online message boards with like-minded people, or spend that
potential energy in other ways:

"What you can do about it:

\-- You can contact the Obama White House online to comment on strong
encryption.

[https://www.whitehouse.gov/webform/share-your-thoughts-
onstr...](https://www.whitehouse.gov/webform/share-your-thoughts-onstrong-
encryption)

\-- You can contact your state Senators and Representatives via the contact
information supplied by ContactingTheCongress.org.

[http://www.contactingthecongress.org/](http://www.contactingthecongress.org/)

\-- You can specifically contact Senators Richard Burr (R-NC) and Dianne
Feinstein (D-CA) to express concerns about their bill intended to force
companies to weaken or work around encryption under court orders.

[http://www.contactingthecongress.org/cgi-
bin/newseek.cgi?sit...](http://www.contactingthecongress.org/cgi-
bin/newseek.cgi?site=ctc2011&state=nc)

[http://www.contactingthecongress.org/cgi-
bin/newseek.cgi?sit...](http://www.contactingthecongress.org/cgi-
bin/newseek.cgi?site=ctc2011&state=ca)

[http://appleinsider.com/articles/16/03/09/proposed-senate-
bi...](http://appleinsider.com/articles/16/03/09/proposed-senate-bill-
penalizing-resistance-to-decryption-requests-nears-completion-could-be-
introduced-next-week)

Express yourself with the honesty and clarity that the government's charm
offensive is lacking."

[http://appleinsider.com/articles/16/03/14/take-a-stand-
again...](http://appleinsider.com/articles/16/03/14/take-a-stand-against-the-
obama-fbi-anti-encryption-charm-offensive)

~~~
mixblast
And what about the rest of the world? Can we do anything other than just
trusting the US citizens to get their government to do the right thing?

~~~
arebop
Make your own country less corrupt, more free, and better for the
economically-worst-off, so that your own entrepreneurs may eventually overtake
the authoritarian superpowers?

~~~
wyager
>and better for the economically-worst-off,

Not that I disagree with this, but how is this supposed to help entrepreneurs?
If anything, it will just increase the tax burden of running a business.

~~~
tete
If you do stuff like building infrastructure, creating efficient health care
systems (because you can do stuff for all the people lowering the price and
having a bigger positive effect on overall health) you actually make it better
for startups, cause they can use the infrastructure, need to pay lower wages
(because health care and infrastructure are cheaper/taken care of).

If you use tax money on education you also have a positive effect for both
startups and poor people.

You also even out the divide between new and and established companies,
established companies having non innovative advantages, such as brand names,
maybe their own "infrastructure". So you even get rid of companies that try to
keep status quo and have innovation stall.

The sad thing is that currently some governments/parties/politicians create
inhuman, even counter productive productive competition between humans while
at the same time have companies be cartels and monopolies and more importantly
create counter productive anti-competition laws such as intellectual property,
to a degree really awful patent systems, brand protection stuff, etc.

It's kind of destructive in regards of innovation and progress.

~~~
wyager
All good points. Thanks for the well-reasoned response.

------
Gratsby
>PRESIDENT BARACK OBAMA: If, technologically, it is possible to make an
impenetrable device or system where the encryption is so strong that there's
no key - there's no door at all - then how do we apprehend the child
pornographer? How do we solve or disrupt a terrorist plot?

It's so disappointing to me to hear a quote like that from the President.

~~~
mozumder
So how DO you disrupt criminal plots, then? Do you allow people to conspire to
commit crimes?

You're going to find, that once you think it through, that you'll end up
limiting the rights and freedoms of individuals... there's no getting around
that.

Life sucks that way. People were never their own little countries. I just feel
sorry for the middle-class suckers that thought they had freedom. Poor guys -
they never figured out they were the tools of the wealthy and powerful telling
them they had freedom, in order to make them work harder against the lower-
class.

~~~
lazaroclapp
> So how DO you disrupt criminal plots, then? Do you allow people to conspire
> to commit crimes?

Suppose they meet in person to conspire. Would you suggest having every
citizen carry un-blockeable microphones just in case?

This is not a "my freedom to swing my fist ends where your nose begins" kinda
issue, this is "are we willing to build a police state if it reduced the risk
of certain crimes by X%? Even at the cost of creating entry points into all of
our communications that can be exploited by unauthorized and misauthorized
actors alike..." issue. The ability to retrieve past conversations about
conspiracies is a new capability here, not the ability to keep past private
conversations secret (that was never as hard in pre-internet/pre-electronic
times).

The interviewer in the article says:

"GREENE: But can you just explain why you would compare, you know, a company
helping the government design a way to unlock an iPhone to something extreme
as torture and ankle bracelets? I mean, that sounds like a very extreme jump."

But actually, an ankle bracelet that reports your location and audio might
actually be less invasive of your private conversations in today's world that
reporting the contents of your phone.

~~~
mobiuscog
>But actually, an ankle bracelet that reports your location and audio might
actually be less invasive of your private conversations in today's world that
reporting the contents of your phone.

Not at all. I have the choice to carry / use a phone.

~~~
Mtinie
Today you do. This may not be the case in the future.

We have no idea what the political and technical landscapes will look like in
5, 15, or 25 years. It is not inconceivable that your governmental
identification "card" will morph from the plastic of today into an embedded
device in the phones of tomorrow.

------
clarkmoody
The larger issue, by far, is whether we are a _free people_.

From the article:

    
    
      CLARKE: No, the point I'm trying to make is there are 
      limits. And what this is is a case where the federal 
      government, using a 1789 law, is trying to compel speech. 
      And courts have ruled in the past, appropriately, that 
      the government cannot compel speech. What the FBI and the 
      Justice Department are trying to do is to make code 
      writers at Apple - to make them write code that they do 
      not want to write that will make their systems less 
      secure.
    

If the FBI gets its way in this case, forcing Apple employees to perform a
service for the government, then it sets the precedent for the government to
_compel anyone to do anything the government wants_. When you are forced to
work for someone against your will, this is called _slavery_.

Of course the FBI used a terrorist attack to try and get what it's always
wanted, and it will abuse the unlock power in the future if it gets it now,
but judges could easily cite this case as a defense for the government to
compel other action from the people.

Clarke makes it sound like there is court precedent against this compulsion,
but that would be overturned if the FBI wins.

Indeed, encryption and privacy are very important, but our very liberty is
more important.

~~~
pgwhalen
This is way overblown. Yes, the government should not be able compel Apple to
build back doors, but this isn't some kind of new precedent about compulsion.
There are plenty of industries where the cost of doing business includes
creating something to satisfy a regulatory requirement.

~~~
jaycroft
I believe that it is indeed a new precident about compulsion. If say, I want
to make airplane parts I need to satisfy regulatory requirements. I know those
requirements in advance, and can decide if I want to be a parts manufacturer
or not. Lets say I instead decide to make drone parts for hobbyists because
there's less regulation. Should the government be able to compel me to obtain
an AS9100 cert so that they can bolt some of my hobby parts on a DHS operated
drone? I would call that slavery. The FBI is attempting to compel Apple to do
work that they never anticipated in order to comply with laws that do not yet
exist.

------
emodendroket
It seems clear to me that if all the money we spent on fighting terrorism
since 9/11 were instead spent on, say, reducing traffic fatalities, it would
have saved a lot more people.

~~~
wiz21
That's so clear and so mathematically obvious, +100 karma point for you !

That's basic risk analysis

~~~
emodendroket
I mean, it's "clear and obvious" to me, but since it's a major issue every
campaign season and the risks presented by our old and crumbling
infrastructure, global warming, and other menaces that don't make gruesome
cell phone videos is not most people don't seem to have noticed.

~~~
wiz21
100% agree... My old age tells me that politics are a necessary evil...

------
sugarfactory
I think Apple and all other tech companies that support it move as the FBI (or
whoever controls the FBI) expected or wanted.

What was revealed a few years ago was the fact that big tech companies
betrayed people's trust. So quite naturally they should attempt to regain that
trust. Because if majority of people stop trusting tech companies and start
using end-to-end encryption, use of encryption stops working as a signifier
that indicates a higher likelihood that the user's doing something wrong. Thus
it's crucial to keep ordinary people away from using encryption. In order to
achieve this, it's important to make people trust big tech companies again.

In my opinion, this is what the writer of the plot of the dispute between the
FBI and Apple thinks.

------
exabrial
"You dont need a gun"

"You don't need encryption"

It's not the bill of needs. I was born with these rights. This is the danger
of eroding the constitution, the arguments can be used against whatever issue
you want. If we want it changed, do it the right way and pass an amendment.
But please, protect the integrity of the most important document we have.

------
kiba
Sometime I wonder if the FBI and other security agencies lost perspectives or
they know something that we don't.

Time and time again, their argumentation are not particularly persuasive.

I don't doubt the existence of terrorists, but it seems that they are more
boogeymen rather than an actual threats.

And when it came down to it, the power of terrorists is to inspire fear,
rather than kill people. They can change us because we felt the need to
change.

~~~
JustSomeNobody
Politicians need to appear strong.

For some reason, especially in the U.S., "leaders" have to appear strong. When
there's no war going on, they have to start one. Terrorism is easy. There's
really nobody to fight, but you get to fight them anyway. Politicians LOVE
this.

Law enforcement loves it too. They get to trot it out as an excuse to lengthen
their leashes.

------
ck2
Other governments are definitely going to force manufacturers to make their
phones unlockable or not for sale in their country.

China, Russia, Saudia Arabia, all forced Blackberry to turn over their
encryption keys long ago.

US politicians should set an example and say we are NOT going to be like China
and Russia and other repressive regimes and that when people's lives are
literally on their phones, they have a reasonable right to privacy and
protection from search and seizure, you know like in our constitution but
ignored everyday.

~~~
BBlarat
Well the winds have changed on that stance, at least in Europe. I've seen a
couple of leading politicians say something in the line of: "If china can do
it so can we" concerning the Chinese firewall and blocking "unwanted" content
on the web, which is scary.

~~~
DanielBMarkham
If it happens, it'll become precedent, then all countries will want to do it.

The next logical step is to outlaw phones and devices that are incapable of
breaking into. Then they'll make it so you need a license to employ
cryptography.

It sounds crazy, but where we are right now would have sounded just as crazy
15 years ago.

~~~
masklinn
> The next logical step is to outlaw phones and devices that are incapable of
> breaking into. Then they'll make it so you need a license to employ
> cryptography.

Welcome to the 90s:
[https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#PC_era)
[0]

> It sounds crazy, but where we are right now would have sounded just as crazy
> 15 years ago.

Hardly. 15 years ago, the US were just barely past their encryption export
ban, and we had yet to deal with the (still ongoing) fallout from it.

[0] although back then the US only tried to backdoor or ban strong encryption
for the international market, not for the domestic one, for simplicity reasons
the domestic versions of exported products often used "export-grade" (shit)
encryption

~~~
DanielBMarkham
I read the "we're back to the 90s again" articles. I think I would be careful
not to overstate the case. I coded in the 90s. I did light crypto in the 90s.
This isn't the 90s.

The world was so different then that the analogy wears thin. It was mostly
client-server, the web was just taking off, and vast cloud server farms
weren't even on the horizon. As you noted, the laws back then weren't for
_creating_ crypto -- it was for exporting it. At least in the states, we saw a
healthy market for all sorts of new crypto tech: DES, AES, and RSA started in
the 90s. (RSA became public in the 90s).

Note that I'm talking from the viewpoint of the average developer making
applications. The business side, the international side, and the exporting
mess? Yes, it's very similar. My comment was about changes Joe Dev is seeing
now. The 90s was "write it, but only sell it locally", the 2020s are likely to
be "don't write it unless you have permission", which is a completely
different can of worms.

Agreed that the development community as a whole is still recovering from the
90s. The damage we're doing right now will take as long or longer to recover
from, if we ever do.

~~~
ohyeshedid
The only thing I think that directly ties back to the Zimmermann case would be
the public nature of this fight.

..but since we're referencing the 90's: If the feds succeed in gaining the IOS
source and signing keys I would say it's more like Phiple Troenix 2.0.

------
themartorana
_" You know, we could, at the far extreme to make the FBI's job easier, put
ankle bracelets on everybody so that we'd know where everybody was all the
time. That's a ridiculous example, but my point is encryption and privacy are
larger issues than fighting terrorism."_

Ok so replace "ankle bracelets" with "GPS/cell triangulated device" and it's a
ridiculous example because what, things that are already real aren't really
"examples"?

------
ccvannorman
I am surprised that a search for "math" only turned up one result in this
thread, about car accidents vs terrorist victims.

Isn't it true that encryption legislation or policy is sort of irrelevant next
to the very clear math that says encryption will always be ahead of
decryption? Even in a (hopefully avoidable) dystopia where encryption is
illegal, would that really stop technology companies from continuing to do
what they've always done?

John Oliver has a great segment[1] where he notes that the majority of cheap,
available encryption applications aren't even US-based, and so it becomes
nigh-impossible for our (or any) government to stop any pedestrian from
encrypting.

[1]
[https://www.youtube.com/watch?v=zsjZ2r9Ygzw](https://www.youtube.com/watch?v=zsjZ2r9Ygzw)

~~~
h0w412d
Yep. Cory Doctorow has talked about this: how the universe "makes it easy" to
secure communications because mathematically, it's really easy to encrypt
(verify that a number is prime) and really difficult to decrypt through
hacking (factor a huge prime number).

And because of that, outlawing encryption is really outlawing math, which is
ridiculous. Math is a universal API everyone has access to simply by existing.
You can't outlaw math.

~~~
nickpsecurity
Do you have a link to that? Because I know a guy who really needs to
counterpoint it. High-security engineer, Clive Robinson, always said security
is about physics if you look at it down to the hardware. The physics try to
connect things in ways you didn't see coming. That allows unauthorized
communications. The physics also try to corrupt the operation of your chips.
That compromises computational security mechanisms. Even encryption algorithms
had tons of problems when they were implemented to the point that it takes
pro's with years of experience to implement them with any assurance. Those are
often broken later.

So, if Doctorow said that, he couldn't be further from the truth. The universe
seems to do everything it can to make security difficult via physics itself.
Throw in economics and biology (evolving malicious attackers) to top the
argument off.

~~~
SCHiM
Security != encryption in every case. What you're describing is actually also
what makes encryption stronger/easier than decryption:

A priori there's only 1 correct plaintext, while there are limitless
chipertexts of any given plain text (assuming arbitrary IV lengths and key).
You can't change that and this is basically what makes encryption so much
stronger than decryption.

~~~
nickpsecurity
Only two sentences were about encryption. The others mainly covered the
foundations, like kernels or MMU's, encryption depends on or can be bypassed
with. You should look up TEMPEST Level 1 safes, PC's, peripherals, and rooms.
That's just EMSEC part tgat requires all thst because physics fights us. Then,
look up NSA Type 1 hardware and physical separation with Red/Black model to
see how you start on endpoints. Rad-hard and fault-tolerant circuitry too
where you'll see probabilities instead of certainties.

Add it all up to say that, outside a few products, your security mechanisms
from CPU go crypto arent secure. Physics and intrinsic complexity work
together to ensure this. Systems fighting all of it have less features, are
heavy, more manual steps, less battery life, and cost several times more.
Economics takes over there where physics leaves off.

"A priori there's only 1 correct plaintext, while there are limitless
chipertexts of any given plain text (assuming arbitrary IV lengths and key)."

A priori there's electrical signals going through analog and digital circuitry
that implements a form of it with malicious hardware, software, or networks
connected to it. There's tons of ways to intercept or leak those secrets.
These are not in the formal model of crypto. Once included, the picture
changes considerably and leans my way.

~~~
SCHiM
Except of course I can create an unbreakable encryption with two pieces of
paper and a pencil by constructing a one-time pad. And that encryption has
nothing to do with computers except for the fact that doing encryption by hand
would take ages these days and we therefore choose to delegate it.

The fact that our computers are too unreliable to be trusted with encryption
does not mean that the universe does not favour encryption.

Unless you constantly keep inventing malicous hardware or hidden 'observers'
in the paper and pencil scenario there's no way you can say that decryption is
easier than decryption.

~~~
nickpsecurity
I saw that counter coming. A little bit different, better argument. Several
things in here. So, let's look at them.

re paper encryption

That was defeated regularly in the Cold War in a number of ways. Easy or not,
the mathematical proof didn't translate directly into the real world due to
human issues and physical ones like intercept or observation. FBI's crypo unit
has been defeating custom pencil and paper ciphers of criminals for a long
time, too. So, we can say the best, provable encryption makes the job more
difficult if no observation of the act of encryption, KEYMAT, or decryption
take place. That's a lot more limited than mathematicians pronouncements
imply. ;)

re universe

"universe does not favor encryption"

Oh, I think it doesn't. For one, encryption only happened one time in known
universe that we know of. When it did, it screwed up more often than it
worked. Then, even the best forms are defeated by stuff above thanks to other
properties of the universe. Universe seems to favor plain text to me. Its own
codes are plain to observe, too. Obfuscated at worst.

re computers

That was a nice dismissal but computers are the whole point, right? We talk
encryption that we're going to use on a computer most likely. Then someone
says some stuff like how we can trust the math. Then I have to point out we
run electrical impulses representing machine instructions, not math. Then the
conversation drifts to pencil and paper or arcane stuff.

At least you admitted we can't trust the math on a computer because it doesn't
represent what it does. Often not on pencil and paper either or in speech if
under surveillance. So, we can't trust the math at all. It's always math + all
kinds of circumstances and methods. Even then, we can only trust it with
probability C as in odds of Compromise.

------
kordless
Encryption and privacy are what make this reality work. You think you are you.
I think I am me. This reality's ability to keep those separate is a privacy
feature. From a Buddhist's perspective our understanding (Dharma) is that we
are, on some level, all the same entity.

One of the early sutras put it this way:

> "Discrimination is consciousness. Nondiscrimination is wisdom. Clinging to
> consciousness will bring disgrace but clinging to wisdom will bring purity.
> Disgrace leads to birth and death but purity leads to Nirvana."

Encryption gives the means by which we can enable privacy between ourselves,
or what we think of as self. If we enable complete privacy from all others, we
drop into a self-world. If we disable privacy, and join all the others
disabling privacy, we drop into an isolated type of Nirvana, with the
implication everything becomes quite boring. I have compared this in the past
to the observed push and pull of public and private cloud business models.

One solution may come via virtual realities where we can arrive at consensus
in a fair and measured way without centralized control. It is my belief that
immutable data structures backed by encryption, such as a blockchain, are the
path out of this mess.

Here's Alan Watts talking about this:
[https://www.youtube.com/watch?v=lBOcFwUzIIQ](https://www.youtube.com/watch?v=lBOcFwUzIIQ)

------
shpx
>We could put ankle bracelets on everybody so we'd know where everyone was all
the time.

How does everyone carrying phones not already make this the case?

~~~
x5n1
It's a choice. Duh. Don't have a phone so they can't monitor you while you are
not at home.

~~~
agd
How easy is it to be part of society without a phone? The way people
communicate, organize, meet, is all via these devices.

Yes, whether to have these devices is technically a choice, but when the
social cost of choosing not to have one is so high, the choice is made for
you.

~~~
nickik
Dont be so dramatic. You can have a phone and leave it at home if your gone do
something where you don't want to get tracket. Thats just the most simple
option. Its not a binary choice.

~~~
devishard
I don't want to be tracked when I go to work (or ever), but I have to bring my
cell phone to work because I need it to do my job.

So, yes it's a "choice": I can have my privacy or I can have my job.

~~~
ambicapter
Get a dumb phone for work.

~~~
adrianN
Dump phones still allow tracking you.

------
xrorre
The Apple situation annoys me because it's no longer about the web. It's about
breaking crypto on a device which is vendor-locked. The same thing as breaking
homegrown crypto, or DVD crypto; easy and trivial. The fact that Apple doesn't
use ephemeral keys and can't simply throw away the key in the event of an
incident is worrisome enough.

Real crypto needs to be more compartmented than that. A bank is not secure
because of the massive door - it's safe because it would take a thief weeks to
empty every safety deposit box.

It's also made even safer when the key is (more or less) thrown away for
periods of time and nobody can get it. Even with manual over-ride. Literally
somebody could be dying inside the safe and nobody could save them.

In properly implemented crypto nobody should hear you scream.

~~~
nickik
The hole concept of end to end encryption works far better if the ends are
actually secure. We use end to end encryption to protect our communucation one
the move and our endpoint are protected with secure hardware.

Weakening end point security is certantly not as bad as going after tls (for
example) but its still a vital piece of our trust chain.

And the smartphone will grow in importance as an authentification factor and
that makes it even more vital.

------
bicknergseng
I just had a thought: what happens if Apple complies with the order (say they
lose the legal battle or something), but individual employees refuse to build
the software? I think the verdict is out on whether or not Apple, a
corporation, can be compelled to do this, but what if they can't find anyone
to do it?

Just thinking it _should_ be much harder to compel individuals to do something
like this than it is to compel a corporation.

~~~
JoeAltmaier
Ha! Folks will line up to do the job. I've refused to violate federal
regulations (re wireless devices, bands and transmission rules) as a
contractor and had the regular employees jump right in and volunteer for the
job. At a Midwest manufacturer in a liberal (college) town.

~~~
bicknergseng
Not actually interested in if people are willing to do ethically questionable
engineering work; I'm interested in whether or not the government can compel
them to do so.

------
username3
Gun rights are larger issues than fighting mass shootings.

------
JustSomeNobody
Edit: Posted to wrong article. My apologies.

~~~
rntz
Wrong article. You probably meant to reply to
[https://news.ycombinator.com/item?id=11288841](https://news.ycombinator.com/item?id=11288841)

~~~
JustSomeNobody
Yes, my apologies. Too many tabs open.

