
Congress finally showed it's willing to fight the FBI on encryption - magoghm
http://www.theguardian.com/commentisfree/2016/mar/01/congress-showed-willing-fight-fbi-encryption-finally
======
sigmar
I watched most of the hearing (can be viewed here
[http://www.youtube.com/watch?v=g1GgnbN9oNw](http://www.youtube.com/watch?v=g1GgnbN9oNw)),
this article seems like a pretty accurate characterization. Comey's parsing of
words in his response to the question of whether any gov't agency can access
the phone reminded me of Clapper's "least untruthful" answer (ie his lie about
NSA data collection).

~~~
pdkl95
I also watched most of the hearing[1], and Comey was very practiced at
sticking to his story. However, one bit in particular stood out as something I
haven't heard before: he seemed to criticize Apple for trying to protect
people. He went off on a brief tangent at one point where he said things
like[2]:

"It's not Apple's job to protect the American people."

"They sell phones, they don't sell public safety. That's our business to worry
about."

He spent a minute or two saying things like that. This almost sounds like
Comey sees this as some sort of turf war, with Apple infringing on his
responsibilities. I'm not sure how to interpret that - isn't it the job of
_any_ manufacturer to make sure their product is safe? Wouldn't any kind of
courier have a duty to protect what that which they carry?

[1] side note: I'm actually very impressed by most of Representatives
understanding of the issue and the fairness of their questions.

[2] These may not be exact quotes! This is what I remember, I'll see if I can
find the spot in the video later.

~~~
prebrov
I'm delighted to see Congress taking a stand for's right here, and I hope
politicians finally realised they do have a personal stake in the matter.

They do have secrets, like most of us and effects of revealing these secrets
would have far worse consequences for them and their careers than for most
"ordinary citizens", which makes them high-profile targets. Easy targets, too,
if (or when) FBI/NSA/CIA allies with some party in domestic political
struggle.

Given surveillance powers these guys want, it won't be too long before they
decide that next order of business is to find more effective ways to steer
political discourse in the favourable direction.

I can see how "ordinary people" would think they "aren't important enough"
when it comes to surveillance, but it amazes me that ambitious politicians
wouldn't see themselves as "important enough".

~~~
jessaustin
_Given surveillance powers these guys want, it won 't be too long before they
decide that next order of business is to find more effective ways to steer
political discourse in the favourable direction._

This has likely happened already with NSA. FBI are jealous because NSA don't
share. Congress already know what a pain it is to deal with NSA; they're not
eager to create another effectively ungovernable agency.

~~~
kbenson
If you want to go all the way down that rabbit hole, the NSA could be
leveraging its power over politicians to prevent the FBI from gaining power,
since power of this sort is relative, not absolute (the FBI's gain would be
the NSA's loss).

To be clear, I don't really subscribe to that narrative.

~~~
adventured
It's very well known historically that these agencies have been fighting with
each other since their originations. They fight each other over intel,
budgets, turf, governance, talent, technology, etc.

I don't think there's anything to subscribe to or not. It's established fact,
widely written about for decades.

~~~
kbenson
I was more referring to the NSA leveraging power over our congressmen and
senators due to their knowledge of secrets those politicians may not want
exposed. That's a very dangerous game to play, and all it takes is one person
not willing to play for it to all come tumbling down for the NSA. So, I don't
really subscribe to _that_ narrative.

~~~
mike_hearn
I'm skeptical that the NSA would do that so explicitly (although given that
Snowden's entire set of revelations consisted of "they wouldn't do that .....
oh they did" perhaps I should have less confidence).

I think a far more plausible and subtle form of mental pressure is simply
manipulating secrecy and technical bullshit. You don't have to know a
Congressman's porn preference to manipulate him if you can instead say, "we
are tracking dangerous terrorists and if you don't do exactly what we want,
they will win and it'd be an awful shame if an angry analyst leaked to the
press the fact that YOU, CONGRESSMAN JONES, prevented us from doing our jobs".

Whether the terrorists really exist or not doesn't matter when you are
effectively unauditable, and can easily imply that anyone who gets in your way
is directly responsible for the deaths of innocents.

~~~
pdkl95
That's exactly it, but it's even simpler than that; when you control the
reports that the political leaders are relying on for information, you control
the set of options they can select from. Some things never get reported,
others get reported such that there is an "obvious correct" choice. Coercive
measures are possible, but they shouldn't be necessary in most cases.

Jacob Appelbaum describes this process very well in an interview[1] where
talks about the time the CSE[2] tried to recruit him. It's hilarious... and
scary for several reasons, including the suggestion that the CSE has to get
NSA approval for the people they hire.

[1]
[https://www.youtube.com/watch?v=Vt7XloDNcm4#t=805](https://www.youtube.com/watch?v=Vt7XloDNcm4#t=805)

[2] Communications Security Establishment (Canadian SIGINT agency)

------
AdmiralAsshat
I'll open the champagne when Congress actually _votes_ on some legislation to
prevent the FBI's request from happening. The congressional committee does not
represent all of congress, and I don't know how many congressmen would still
rally behind the "No privacy ever because TERRORISM" cry if it came to a vote.
This is, unfortunately, not a clear-cut partisan issue, and it's difficult to
predict how a vote would go.

~~~
sathackr
This will probably be decided, like most constitutional issues, by a Judge
that will be forced to interpret the 4th/5th amendment, in the ever changing
light of 'reasonableness', as it applies to the case at hand.

It will then become precedent, adding to the long list of very important
judicial decisions that must decide how to apply a law with very loosely
defined vocabulary. How a normal citizen is expected to remain apprised of
every single law, every interpretation of the law, and every precedent set by
a judge ruling on the law, is beyond me.

If the original laws (in this case, the Bill of Rights) were defined as well
as many judicial rulings are, we likely wouldn't be arguing if what is being
asked of Apple is 'reasonable' \-- as what constitutes 'reasonable' would be
defined by the law itself.

~~~
matt_wulfeck
This doesn't need to become a constitutional argument. Congress can pass a law
forbidding the government from forcing a manufacturer to build a back door.
Simple as that.

~~~
snowwrestler
Apple argues (correctly IMO) that Congress _already did that_ in the language
of CALEA.

------
dikdik
Isn't it amazing when corporate interests actually align with American
peoples' interests?

~~~
nindalf
What's more interesting in the Apple case is that protecting citizens' 4th
amendment rights is contingent on protecting corporation's 1st amendment
rights. Apple claimed that since code is speech, being forced to create and
digitally sign the backdoor code is forced speech.

The Citizens United decision from 2010 guarantees a corporation's 1st
amendment rights, but I wonder if Apple could still use this defense if that
decision was overturned.

~~~
snowwrestler
Citizens United depends on the concept that corporations have 1st Amendment
rights. But it did not create that concept.

That has actually been settled law for a long time; it is how newspapers
(which are corporations) are able to enjoy freedom of the press--not just the
reporters individually.

So Citizens United could be overturned and it would not hurt Apple's case at
all.

~~~
emergentcypher
Umm, newspapers enjoy freedom of the press because the 1st amendment
explicitly guarantees freedom of the press.

> Congress shall make no law [...] or abridging the freedom of speech, or of
> the press

------
frenchie14
I wonder if most members of congress owning locked/encrypted iPhones with
personal information made this issue feel a little closer to home.

------
atmosx
> “You have had apparently 70 prior instances where you have not taken the
> steps available to you,” Judge Orenstein said to Apple’s lawyers during a
> hearing.

From [http://www.nytimes.com/2016/03/01/technology/apple-wins-
ruli...](http://www.nytimes.com/2016/03/01/technology/apple-wins-ruling-in-
new-york-iphone-hacking-order.html?_r=0)

~~~
studentrob
Apple apparently grew a pair.

------
mmanfrin
Except for Trey Gowdy, who continued to display himself as a complete and
total idiot.

~~~
artursapek
My first impression of him was recently during Martin Shkreli's hearing and he
left a similarly bad taste in my mouth after this one.

------
studentrob
Agreed except for Sensenbrenner and Gowdy.

Sensenbrenner -
[https://youtu.be/g1GgnbN9oNw?t=3h59m30s](https://youtu.be/g1GgnbN9oNw?t=3h59m30s)

Gowdy -
[https://youtu.be/g1GgnbN9oNw?t=4h36m35s](https://youtu.be/g1GgnbN9oNw?t=4h36m35s)

Both of these characters basically bullied and badgered Apple's legal counsel,
Mr. Sewell, to write and lobby for legislation with which Apple would agree.
Neither would consider that perhaps no additional legislation is necessary to
protect Apple's rights.

Gowdy also mentioned names of a few of his friends at the end of his
questioning who probably think along the same lines he does.

~~~
jonlucc
What does Sensenbrenner even mean by "you aren't going to like what we come up
with". It sounds like he was pissed off that Apple didn't come with a bill to
hand him to do his job for him. And his last part sounds quite like a threat.

~~~
studentrob
It does sound like a threat at the end. He's basically saying, _" you don't
want to give us a new bill? Okay, we'll write a one-sided one, and you're
going to hate it, but too bad because all you wanted to do was debate and
discuss the issue"._

He sounds like he has already made up his mind, is in a rush, and does not
want to engage in debate. He already agrees with the DOJ and nothing is going
to change his mind.

It is unreasonable for him to expect Apple to propose legislation before even
one congressional hearing on the issue is complete.

Even after one hearing we can't expect the public and Congress expect to be so
informed on the implications of curtailing encryption that they should be
prepared to legislate on the issue.

Sensenbrenner claims Apple is saying "No no no" but in reality he is the one
doing the censure. Apple has repeatedly said they're willing to discuss the
issue in public.

------
rubyfan
Does the NSA have some new found powers?

FTA: "For example, why hasn’t the FBI attempted to get the NSA’s help to get
into the phone, since hacking is their job?"

 _Is_ it in fact their job? I'd assume there are some ground rules for
operations among the executive branch of government but apparently congress
thinks this is their charge?

~~~
snowwrestler
The allegation in the San Bernadino case is that it was international
terrorism, so the NSA would reasonably have jurisdiction.

------
krp
Am I mishearing, or did Comey whisper "god damn it" after the oath @
[https://www.youtube.com/watch?v=g1GgnbN9oNw&t=51m0s](https://www.youtube.com/watch?v=g1GgnbN9oNw&t=51m0s)
?

------
dbrannan
Only because major U.S. corporations complained, which tells you who owns
congress.

~~~
adventured
It is in fact the other way around. The US Government completely and entirely
dominates the private sector economy, controlling nearly every aspect top to
bottom. The US is one of the most regulated economies in the G20, with
economic regulations continuing to expand rapidly, the government adds
thousands of new regulations annually.

That blatant government control is why the NSA (US military, executive branch)
was able to force Google, Yahoo, Microsoft, Apple, et al. to comply against
their will, and often against their attempts to defend themselves. It's also
why this is even an issue at all. If Congress were owned by corporations, none
of this would be happening, Apple would have dismissed them with a swipe of
its hand, given it's the world's richest private corporation.

If corporations owned Congress, the US wouldn't have one of the highest
effective corporate tax rates on earth.

~~~
moonshinefe
What?

"If Congress were owned by corporations, none of this would be
happening"\--it's almost as if there can be multiple interests influencing /
lobbying for power somehow, and not a single corporation owns all of
congress...

------
graycat
Why? Has the FBI found a fast way to factor any product of two large prime
numbers? Until they do, what the FBI wants is not always what the FBI can get,
Congress or not.

~~~
chipperyman573
You need to break the encryption _or_ find the key. In this case the key has
4^9 bits of entropy (262144) which can be cracked in a matter of minutes if
they get a copy of iOS that doesn't have a timeout.

~~~
caf
Your math is a little off.

Presumably you are assuming a 4-digit numeric PIN, which means log_2(10^4)
bits of entropy (13.3).

~~~
graycat
No. I'm not really talking about, thinking about the current FBI/Apple issue
and, instead, am trying to be more fundamental and look ahead one step, say,
the next step after the FBI/Apple, uh, maybe call it a pissing match.

So, IMHO, here's where we are, whatever FBI/Apple do: People, and Apple, will
want encryption no one knows how to break. Indeed, IIRC, Apple has already
announced that they intend to make an iPhone Apple can claim they can't break.

And I suspect that quite broadly and commonly people will just roll back to
basic RSA, etc. encryption, say, from little command line programs they can
run on an old, not hacked, computer never connected to a network.

Then the issue in practice will be the same one that is fundamental in theory:
To break the encryption, need to a fast way to factor a product of two, large
prime numbers.

Pass code, 4-digit PINs, etc. -- I just passed over those as by now trivial
and irrelevant.

~~~
eru
> And I suspect that quite broadly and commonly people will just roll back to
> basic RSA, etc. encryption, say, from little command line programs they can
> run on an old, not hacked, computer never connected to a network.

Never gonna happen. I am willing to bet.

~~~
graycat
Some people, maybe a lot of people want to take encryption seriously.

So, get some little open source, command line programs that run and just
squirt out dirt simple flat ASCII files in base 64 encoding. Run the software
on some old computer where are fairly sure there are no back doors. Never
connect to computer to a network. Move the data from that computer on, say,
just old diskettes.

Then somehow have an iPhone read the base 64 and send it.

If the FBI gets the base 64 code, lots of luck making any sense out of it.

Some people will be impressed by that scenario and possibility.

~~~
eru
How many is `some'?

~~~
graycat
Should be everyone with first level programming skills and very interested in
solid data security. That's a lot of people, millions.

Maybe they just need to be reminded that they can do it themselves, easily,
with no dependence on Apple, Microsoft, the Internet standards and no risk of
backdoors, etc.

