
No Matter What the FBI Says, Compromising Encryption Is a Technical Issue - DiabloD3
https://www.eff.org/deeplinks/2015/12/no-matter-what-fbi-says-compromising-encryption-technical-issue
======
Briel
Federal agencies didn't flag the San Bernardino killers despite the fact they
apparently considered an earlier attack, had connections with known
radicalized persons, was radicalized for many years and other serious warning
signs.

Having access to encrypted communications is just going add a lot more
information to monitor and thus more noise to filter out for federal agencies,
who are already bad at catching the red flags.

The answer here isn't MORE surveillance, it's more TARGETED surveillance ie
devising much more precise warning patterns to look out for. For example, the
San Bernardino killers apparently took out a massive loan and emptied their
bank accounts prior the attack.

~~~
hueving
>For example, the San Bernardino killers apparently took out a massive loan
and emptied their bank accounts prior the attack.

This happens quite frequently when people are going to make a big purchase or
pay off another loan with worse terms. It's not as much of a red flag as you
would think.

~~~
vlunkr
Sure, but taking out a massive loan in coordination with other signs, like
buying guns, would start to paint a better picture.

------
austenallred
Can someone explain to me how a proposed government backdoor into encryption
would work? Is every creator of encryption software supposed to build in a
master key and hand that over to the FBI?

I ask this in all seriousness, as I cannot fathom how such a system would be
implemented, even disregarding the Constitution and the willingness of those
creating the software.

~~~
bigiain
"Is every creator of encryption software supposed to build in a master key and
hand that over to the FBI?"

Including, presumably, not only programmers who're not under the jurisdiction
of the FBI, but also programmers for whom the FBI is genuinely "their and
their nation's adversary"?

Reminds me of a recent tweet: Homeland Security's new "House Un-American
Mathematics Committee":
[https://twitter.com/puellavulnerata/status/67290345222221824](https://twitter.com/puellavulnerata/status/67290345222221824)

~~~
nindalf
That link 404's

~~~
bigiain
Ahhh, sorry. Here:
[https://twitter.com/puellavulnerata/status/67290345222221824...](https://twitter.com/puellavulnerata/status/672903452222218241)

------
api
"It turns out that somehow, Comey believes that the question of whether to ban
encryption without backdoors is “not a technical issue.” He told the senators
that “plenty of companies” provide services online while still maintaining the
ability to read their users' data, and that “plenty” of smartphone
manufacturers can unlock encrypted phones. Thus, he concluded, “it’s a
business model question.”"

If you read between the lines a bit, it's clear that what they want is
encryption to/from cloud hubs where data is stored using escrowed keys (a.k.a.
server-side "encryption"). Many services already more or less do this, so the
goal would be to push the entire market in this direction and then eventually
to outlaw or otherwise restrict systems that do not work in this way.

This fits in with the dumb terminal / mainframe model of the Internet being
pushed to varying degrees by most of the tech giants these days and with
Amazon's vision for IoT.

It's stupid and naive to claim that there is some technical barrier to what
the FBI wants. It's actually quite easy if we apply a bit of government
pressure to push the Internet even further toward the "put everything in the
cloud" direction it's already going. Anything in the cloud is almost by
definition backdoored.

~~~
mindslight
> _Anything in the butt is almost by definition backdoored_

Pretty much. The TLAs are whining because they got used to wholesale vacuuming
of butt data, and now the pendulum is poised to swing the other way.

IMHO Apple is merely poking a hornet's nest, because it will be quite easy for
USG to force them to modify their centrally-distributed software. The only
truly defensible position we have is Free software. Whether there's enough
interest/money to support its wide scale adoption is one of the major
questions of our time.

~~~
yuhong
Not so easy when there is no law requiring them to do so. In iMessage, Apple
still has the keys but the forward secrecy is enough to exclude it from CALEA
because of the way the "encryption" exception was designed. This of course
caused FBI to complain, which among other example of encryption made
encryption backdoors a political issue again in the first place.

~~~
mindslight
It's USG. Creating new authoritarian laws, especially indirectly applied
through companies, is basically _what it does_.

~~~
yuhong
Which reminds me that CALEA, DMCA and the like was passed in the 1990s, when
not as many people was using the Internet as today. SOPA/PIPA was passed in a
time when everyone for example is using Google, which is why the protests was
so effective. In this case, such a law requiring backdoors would be likely
unconstitutional (it was tried in the 1990s too), which is why FBI is
resorting to other methods.

~~~
mindslight
I itnerpret the trend the opposite way - lots of people using the Internet,
but having no clue how software works and being utterly disempowered with
respect to what their devices do. In the 90s, it was the entire Internet
community was solidly against surveillance backdoors. Now the majority figures
the activities shown on primetime propaganda are what is required to keep them
"safe".

> _such a law requiring backdoors would be likely unconstitutional_

Lol, as if that means anything when all ten test cases from the Bill of Rights
are failing! I can see such a law being easily gavel-stamped since it's
regulating interstate commercial activity.

~~~
yuhong
But the number of people using the Internet was relatively small, so nothing
has changed really. The only difference is that the majority began using the
Internet in the first place.

~~~
mindslight
Depends on how one perceives democratic force working.

I don't view the absolute number of calls to congress as important as unstated
assumptions about what is "unamerican".

Back in the 90s if you asserted that the government was tapping everything,
you were called a conspiracy nut. Because we had a shared societal belief that
it was off the table in a free society. This has now been broken.

A politician endorsing a surveillance system that would make East Germany
jealous would have been ridiculed by the media. Now they're ridiculed for
_not_ supporting such totalitarianism.

~~~
yuhong
That was caused by 9/11 though not the increasing use of the Internet. Which
also reminds me that the US-EU safe harbor dates back to 2000.

~~~
mindslight
Sure, but the cause of it doesn't really matter. The net effect is I feel
we're in a worse position for this battle than the 90s. Perhaps the 90s are
just safely in the past, but this time I feel this issue will be with us until
the tyrants finally get their way, or USG collapses.

And Snowden's disclosures, while great for exposing the conspiracy, serves to
normalize the surveillance. Very few people are switching away from butt
services as a result, a tacit endorsement of the status quo.

FWIW, if you watch things from before 11sep2001 there's still constant
mentions of terrorism. "911" is more of a pretend watershed so we can tell
ourselves "everything changed" when in reality the panopticon has been
building for far longer.

~~~
yuhong
I hope that Bernie wins, and that will help at least as a first step toward
change.

------
sobinator
I watched Comey's entire hearing today. The article here is accurate, but I
think that it takes an strongly opinionated view of Comey's guarded and yet
honest responses.

Comey knows that the solution to this problem won't be solved with
legislation, which is why he isn't going to expend his energy trying to
accomplish what the EFF suggests as a solution. One good thing to consider is
that the EFF and the FBI both recognize that encryption can be an evil thing
and that actions need to be taken to protect the citizens and the government
that serves them.

With respect to the debate I'm seeing here in the comments, it seems like, to
me, that there is a considerable amount of misunderstanding. What was
discussed today wasn't the issue of mass surveillance, but of how or even IF
these companies that offer secure communication services could aid in FBI
investigations. That is both a technical and a non-technical issue. Comey
calls it a non-technical issue simply because he thinks the solution ought to
be left to the technical people at each company, and that in principle,
regardless of encryption strength, these companies should offer a way to help
the FBI in these exceptional instances. I think people here are seeing one or
the other side and not realizing that Comey is aware of both.

~~~
sillysaurus3
_One good thing to consider is that the EFF and the FBI both recognize that
encryption can be an evil thing and that actions need to be taken to protect
the citizens and the government that serves them._

It's not a useful classification. Encryption can be used for evil, just as
everything else in the world can.

 _Comey calls it a non-technical issue simply because he thinks the solution
ought to be left to the technical people at each company, and that in
principle, regardless of encryption strength, these companies should offer a
way to help the FBI in these exceptional instances._

There's a difference between leaving it to technical people to help, and
forcing technical people to help. Legislation is the route to the latter.

There is no way for technical people to help against a good cryptosystem
unless that cryptosystem has been subverted from the start. This is the new
world we live in, and it's up to law enforcement to either recognize that
fact, or weaken American encryption relative to the rest of the world, with
predictable consequences.

EDIT: "The Horror of a 'Secure Golden Key'"
[https://news.ycombinator.com/item?id=8428632](https://news.ycombinator.com/item?id=8428632)

~~~
NotSammyHagar
Everything can be bad, even water can be bad. You need it to live, but then my
America, sadly tortured people with it (waterboarding).

------
mrsteveman1
If we're going to have an argument over who needs to change their "business
model" so the FBI's anti-terrorism mission is easier, gun manufacturers and
sellers should be at the top of the list, not software companies.

~~~
passionfruit
That is the same sort of silliness as banning software but applied to hardware
instead. Furthermore, many terrorist attacks have been done using knives and
machetes such as the May 22, 2013 Woolwich attack.

~~~
ethanbond
If your only goal is to prevent _terrorism_ , sure.

Guns should be reconsidered because they kill so many people every single day
in "normal" violence. It's sad that it takes a bunch of affluent white people
getting killed for us to have a discussion on gun control.

~~~
druddha
Give me a break. Gun control being discussed because there was a mass
shooting, not because of their race or socioeconomic status.

~~~
TazeTSchnitzel
Why does America care about this shooting in particular? It's a mass shooting
_of white people_.

~~~
druddha
That's a baseless assumption. America discussed gun control following the
shootings in Charleston, S.C., as well.

------
dcw303
> the FBI will rely on backroom pressure to make companies compromise
> encryption, or even eliminate business models it doesn’t like.

What does this imply for FOSS? I can't really see the feds organizing a sit
down with the maintainers of the hot new crypto algo repo hosted on Github.

~~~
alextgordon
In the US, publication of source code is free speech protected by the first
amendment.

[https://en.wikipedia.org/wiki/Bernstein_v._United_States](https://en.wikipedia.org/wiki/Bernstein_v._United_States)

~~~
theandrewbailey
Site note: publication/distribution of runnable binary code isn't necessarily
1st amendment protected. There aren't any laws[0] about it, and there haven't
been any federal court decisions[0] over it.

[0]that I know of. IANAL.

