
FBI: Companies should help us ‘prevent encryption above all else’ - icpmacdo
http://www.washingtonpost.com/blogs/the-switch/wp/2015/06/04/fbi-official-companies-should-help-us-prevent-encryption-above-all-else/
======
joshstrange
> "Privacy, above all other things, including safety and freedom from
> terrorism, is not where we want to go," Steinbach said.

It's where I want to go. Also you have YET to show ANY evidence that we are
more safe or more free from terrorism by surrounding our rights to privacy.

>He also disputed the "back door" term used by experts to describe such built-
in access points. "We're not looking at going through a back door or being
nefarious," he argued, saying that the agency wants to be able to access
content after going through a judicial process.

You mean "Rubber Stamp Judicial Process"? Even if you didn't the mere fact
that these backdoors (you can rename it all your want it's a BACKDOOR) exist
make the whole system LESS secure. What a clown and this is the AD of the
FBI's Counterterrorism Division??? Fuck....

~~~
fweespeech
> It's where I want to go. Also you have YET to show ANY evidence that we are
> more safe or more free from terrorism by surrounding our rights to privacy.

If they could show that, credible evidence would have presented by now. ;)

But in all seriousness, the 1st & 4th amendment protections are the most vital
freedoms we have and they should not be abridged outside of a direct link to
harm. [e.g. Things like child porn, words designed to incite violent harm,
violent prisoners shouldn't have privacy ]

So you have to be rational about it but yeah, mass surveillance and reducing
self-defense tools to protect ourselves against criminals isn't "rational"
behavior.

Criminals are going to do illegal things and we have the right to protect
ourselves. If it inconvenience the government? So be it. I'm not going to bend
over for any criminal who wants access to my financial data "because
Terrorism".

Similarly, banning tools of self-defense [e.g. encryption for financial data,
access keys] are simply guaranteeing the criminals will be the only ones to
possess them.

I'm aware alot of people will be like "what about the 2nd"??

Yeah, that provides no protection against the government since they'll always
have the ability to drop bombs on you. When you can afford a F-16 and the
ability to pilot it for "self defense" purposes, let me know.

~~~
beatpanda
People who make that argument about the second amendment always seem to forget
that the U.S. military has been getting its ass kicked for more than a decade
now by people mostly armed with Toyota pickups, AK-47s and IEDs.

~~~
fweespeech
> People who make that argument about the second amendment always seem to
> forget that the U.S. military has been getting its ass kicked for more than
> a decade now by people mostly armed with Toyota pickups, AK-47s and IEDs.

People who make that argument seem to forget that if you decide to rebel, the
2nd amendment doesn't matter _because you are a criminal and can bring guns
over the border through Mexico or via other channels_. The same is true of
IEDs.

The "people" with AK-47s aren't getting them legally as common citizens.

That doesn't change the fact the majority of the US isn't going to rebel and
that such "rebellions" in the US tend to look like this:

[http://en.wikipedia.org/wiki/Ludlow_Massacre](http://en.wikipedia.org/wiki/Ludlow_Massacre)

------
kmicklas
Do these guys seriously not realize that "the terrorists" will use end-to-end
encryption whether it's legal or not? This literally makes no sense to me
unless "the terrorists" is code for "the local weed dealer".

~~~
josu
Remember that it's pretty much impossible to decipher a message, but it's
trivial to tell if a message is encrypted or not.

Once you outlaw encryption all encrypted communications will be illegal and
the people that use them terrorists.

This is how it begins.

~~~
click170
Do you have any supporting evidence?

I believe it may be incorrect because in my (limited) understanding, good
encryption is indistinguishable from random sequences of characters.

How can you tell a string of random characters is simply random, or is an
encrypted message, unless said encryption includes some kind of header or
marker information?

I may simply be wrong but I'm curious about the answer too.

~~~
cortesoft
They will start making random strings illegal

~~~
josu
As absurd as this sounds, I agree. Just look at all the 09 F9 controversy.

------
meesterdude
A wise man once said "shove it up your ass!" (george carlin)

Regardless, This guy doesn't know what he's talking about, and should not be
speaking, at all. Above all else.

I'm not against the FBI; I understand why they want this and what it means to
not have this kind of access. But they can't have it, and there are hundreds
of reasons why its a truly horrible idea.

This is just ANOTHER excuse to strip away our rights for the sake of "fighting
the terrorists" and "keeping us safe." Enough is enough. Just do your fucking
job and stop trying to power play everything.

I don't care what legal blessings or rights of passage you get; if something
of mine is encrypted, and i didn't give you access, it's not for you. That I
could encrypt crazy stuff or plots or whatever is true; tough shit. There are
other ways to sniff out nefarious people, and bring them to justice; the FBI
just wants everything served to them on a plate.

Also, please stop putting stupid fucks like this in government. Infuriatingly
dumb. Sacrificing our rights is not the way to fight terrorism; it's a path to
self destruction from within.

------
misterbishop
"companies shouldn't put their customers' access to encryption ahead of
national security concerns"

Encryption IS a national security concern.

When government agencies discourage encryption, or fail to report known
software vulnerabilities, they're acting against national security interests.

~~~
Zikes
With all the companies getting hacked and leaking my credit card information,
I'd say it's a very BIG national security concern.

I honestly don't know a single person that hasn't been caught up in at least
two of the bigger breaches of the past few years alone.

------
michaelvkpdx
Fire this guy and dismantle the FBI. Does anyone remember why we fought the
Revolutionary War, why we follow the Declaration of Independence and the
Constitution?

This joker should lose his job. He does not represent the values of this
country,

~~~
peawee
We fought the revolutionary war so that rich factory-owners could more freely
sell their wares without paying taxes to fund the war against the French and
Native Americans that they sent Ben Franklin to London to beg the king for.

~~~
tomschlick
Yeah lets forget about taxation without representation, being forced to
quarter troops in your home, being controlled from thousands of miles away,
and the Boston Massacre. It was all corporations. Got it.

~~~
nostrademons
The signers of the Declaration of Independence were all wealthy men, largely
physicians, lawyers, and merchants.

[http://en.wikipedia.org/wiki/Signing_of_the_United_States_De...](http://en.wikipedia.org/wiki/Signing_of_the_United_States_Declaration_of_Independence#List_of_signers)

The common people of the colonies were likely in a situation very similar to
where ordinary citizens today are when deciding between Google/FB/etc. and the
NSA. Distrustful of both sides, but more inclined to go with the weaker of
them, because then they'd be _less_ fucked over.

~~~
themeek
Wasn't President John Adams the defense lawyer representing the British
Soldiers at the Boston Massacre?

~~~
nostrademons
He was.

------
phkahler
"The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no warrants shall issue, but upon probable cause, supported by oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized."

So they would argue that this doesn't apply once we eliminate paper as a
medium.

Also, but, but, but... They're only collecting metadata, right?

~~~
emeraldd
"Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety."

\-- Benjamin Franklin

Seems pretty straight forward to me ...

~~~
wyldfire
I've cited this message by Franklin in the past but I've since learned that he
was making the case for the legislation to have the power to tax wealthy
landowners in order to fund the French and Indian war.

He's not saying this in anything like the context we tend to use it now.

[http://www.npr.org/2015/03/02/390245038/ben-franklins-
famous...](http://www.npr.org/2015/03/02/390245038/ben-franklins-famous-
liberty-safety-quote-lost-its-context-in-21st-century)

~~~
neverartful
Even if Franklin didn't intend it in the same vein, it still seems like sage
advice.

------
csandreasen
Jesus Christ - way to bury the lead. The headline reads 'prevent encryption
above all else', but three paragraphs in:

 _" But Steinbach's testimony also suggests he meant that companies shouldn't
put their customers' access to encryption ahead of national security concerns
-- rather than saying the government's top priority should be preventing the
use of the technology that secures basically everything people do online."_

Here is the actual hearing: [http://www.c-span.org/video/?326360-1/hearing-
cartoon-contes...](http://www.c-span.org/video/?326360-1/hearing-cartoon-
contest-attack-garland-texas)

The hearing was concerning ISIS use of social media as a recruitment platform
and how it related to the recent shootings in Garland, Texas and in Boston on
Tuesday.

The subject of encryption is not the primary focus of the hearing, but when it
does come up I think he makes his point clear at about 39:30 when says this:
_" I think we need an honest conversation and get past the rhetoric of what we
are talking about. We're not talking about large scale surveillance
techniques. We are talking about going before the court, whether the criminal
court or the national security court, with evidence, a burden of
proof/probable cause, suggesting a crime has been committed or in our case
there is a terrorist and showing that burden of proof, having the court sign
off on it, and then going to those providers and requesting access to the
stored information or communications that's ongoing. So we're not looking at
going through a backdoor or being nefarious - we're talking about going to the
company and asking for their assistance. We suggest and we are imploring
Congress to help us seek legal remedies to that and asking companies to
provide technological solutions to help that. We understand privacy. Privacy
above all other things including safety and freedom from terrorism is not
where we want to go. "_

He later goes on to suggest expanding he scope of CALEA to include more than
just telecommunications companies.

If people are going to debate this topic, I think they should start from his
actual position and not a half sentence soundbite.

~~~
harshreality
He's arguing categorically against end-to-end encryption. All encryption,
according to the FBI, must be negotiated through centralized points that can
be served with a warrant and made to MITM the communications.

It's not even clear that's the extent of what they want. They probably also
want the communications to _always_ be MITMed by the centralized nodes, so
that warrants can request _historical_ communications dating back to some
retention limit.

------
JBiserkov
I propose a new protocol: HTTPSUFBIHCO - HyperText Transport Protocol Secure
Unless the Federal Bureau of Investigation Has a Court Order.

The logo will be a semi-open padlock with a FBI agent holding a FISA court
order.

~~~
pyrocat
You may want to remove "Court Order" to future proof the standard.

------
jhallenworld
I've been hacking up a facebook clone at work. I've discovered that it's
easier than ever to have end to end encryption. For example, there are now
good working RSA and symmetric javascript crypto libraries that work in the
browser:

    
    
       for RSA: https://github.com/travist/jsencrypt
       for AES: https://code.google.com/p/crypto-js/
    

This includes generating your own private key for a totally in-browser "sign
up" process (browser can save your private key in a file, you then point to it
to "log in").

Add to this: a distributed message passing system: something like torrents
with channels shared by multiple users so that you can't easily see who is
sending to who with enough traffic.

Also for identity verification: use the bitcoin block chain as a CA.

Anyway, think of a single-page web-app, where the page is stored along with
your private identity file on a USB-key (this avoids the security hole of
having to download it every time).

~~~
AgentME
This works very well until someone knocks on your door and kindly asks you to
place some javascript on your site that tells everyone's browsers to send
their private keys to your server where they can be subpoenaed.

------
EliRivers
_to build technological solutions to prevent encryption_

There is one way and one way only to do that. Remove all general purpose
computing devices from the hands of the public, and make it illegal to
manufacture or distribute them, or knowledge of how to do so. I can't see it
happening, myself.

Cory Doctorow, on the coming war on general purpose computation (although he
thought it would be the copyright lobby)
[https://www.youtube.com/watch?v=HUEvRyemKSg](https://www.youtube.com/watch?v=HUEvRyemKSg)

~~~
TeMPOraL
> _I can 't see it happening, myself._

It's already been happening for some time, and we're quite far in the process.
The mainstream population stops buying computers in favour of mobile devices -
tablets and smartphones, which are locked down and dumbed down. Then you have
DRM, and the cloud. I fear the next step will be professionalization of
software engineering - you may suddenly find yourself in need of an
engineering license to be able to legally use a Turing-complete language.

------
multinglets
Yeah, cool, let's all just stop using encryption for sensitive customer data
so we more easily can catch the least sophisticated criminals who don't figure
out how to do it themselves.

Let's also make it crystal clear to the more sophisticated criminals that they
do, in fact, need to do it themselves.

Giving the FBI an easy way to put small time drug dealers in their pocket
should obviously be a top priority of software companies.

I will vote for _any_ politician who will tell these people to go fuck
themselves.

------
GeorgeOrr
I'm curious how many people think he understands the technology and just
doesn't care if he's undermining security, or is he just clueless.

~~~
jerf
He can't see himself as the bad guy, or enabling the bad guys in the future by
making the law enforcement apparatus all powerful.

Of course he'd fling the same accusation at us, from his point of view. What
if there was a terrorist attack that could have been prevented if only they'd
have been allowed to see through the encryption? I mean, let's be honest, on
its own merits, that's not the worst argument in the world.

It's just that as an old-school true-blooded American patriot, I can't help
but notice that "just giving them all the powerz" is not the way we do things
around here, and there are reasons for that.

(Before reflexively downvoting because I dared sound a bit patriotic, consider
_why_ I feel compelled to wrap myself in the flag here....)

~~~
vidarh
Of course the "what-if" argument falls flat on its face because we can always
go further to create more safety, and if you first use that argument you need
to justify why you stop just _there_.

E.g. why is terror getting this level of attention vs. child murder, which in
terms of numbers of victims is a far bigger problem?

By the "what if" logic, these people ought to be prepared to go far in
curtailing privacy to get at child abuse given the magnitude of the problem
compared to terror.

We know how to profile the likely perpetrators very well too. The vast
majority of such crimes are carried out by a few very specific groups of
people, namely dads, brothers and other close male family members.

Surely if the - on average - few terror deaths are worth these types of
sacrifices, the many hundred child murders and thousands upon thousands of
abuse victims would justify far more extensive curtailment of privacy?

It quickly becomes very clear that the "what if" argument is rationalisation:
if harm reduction was as important to them as they like to imply, they would
not be spending their attention on terror.

What the "anti-terror crowd" need to be made to answer when they ask for more
rights is _what makes terrorism different_ , and why are they not spending
their energy on the many problems that have far more serious effects.

~~~
chrishynes
"namely dads, brothers and other close male family members".

You're right about it being close family members, but the rest of your profile
is wrong.

The majority of child abusers are female:
[http://www.safehorizon.org/page/child-abuse-
facts-56.html](http://www.safehorizon.org/page/child-abuse-facts-56.html)

~~~
vidarh
My information comes from an extensive NSPCC survey, but I don't think the two
contradict each other - the question is the exact definition of abuse that is
being used and I should have looked it up and been more precise about that.

Without going back and digging up the exact NSPCC survey, the article you in
to appears to take into account a much wider set of criteria, though it's hard
to say since it doesn't state its definition either and I couldn't find its
source. The wording does also seem to imply that it is looking at reported
cases as opposed to use a survey, which would give different numbers.

In terms of type of abuse you consider, it will drastically shift the balance.
E.g. for sexual abuse the numbers are completely dominated by male family
members. Once you add in violence it shifts a lot, and other neglect will
likely shift it further if for no other reason than simply because women are
still more likely to be the primary carer.

Of course in any case it doesn't alter the main point.

------
rilita
As fweespeech says here also, criminals will encrypt regardless of what is
going on. The people the FBI is "after" are going to encrpyt, so fighting to
make public systems store data and hand to the FBI when desired is pointless.

If the FBI isn't mining normal citizens data for loose connections to stuff
that is none of their business, then their is no need for them to have access
to the systems they want.

The only argument that could be made is that criminals are stupid and may not
use proper encryption on their own, therefore we should watch what everyone is
doing so that we can catch these particularly dumb criminals.

The goal of the FBI in all their statements is to try and convince the public
that "only criminals need encryption; everyone else should let us watch
everything they do." 1984 anyone?

------
downandout
From [http://www.globalresearch.ca/the-terrorism-statistics-
every-...](http://www.globalresearch.ca/the-terrorism-statistics-every-
american-needs-to-hear/5382818) :

 _" – You are 35,079 times more likely to die from heart disease than from a
terrorist attack

– You are 33,842 times more likely to die from cancer than from a terrorist
attack"_

So terrorism clearly isn't the issue they are trying to address. That's what
makes the people that run the various fiefdoms within our government - people
that are not elected, do not answer to the public, and who rarely leave their
jobs - so scary. We know they are lying, but to what end? What will their
successors do with the power they garner using fear of terrorism? We are
rapidly approaching Orwell's worst nightmare.

------
Bud
"Freedom from terrorism"? There is no such freedom.

And I'm not interested in the FBI trying to create one.

~~~
zedadex
There's literally no way to break down that idea without turning it into some
kind of negation of rights.

For you to ever be 'free' from others doing [thing Z], everyone (you, them,
everyone else) would have to be precluded from doing anything that might lead
to [thing Z] - and suddenly no one can do [thing A], [thing B], [thing C]...

Not only that, but now all it takes is for someone to make a shaky argument
for some action potentially leading to [thing Z], and suddenly you or anyone
else can be accused of committing that action in pursuit of committing [thing
Z], and/or get locked up because of it.

I'm as averse to getting blown up as the next guy, but that doesn't stop me
from recognizing a loosely-defined slippery slope when I see one.

It'd be nice to see a world in which it's very rare/difficult for _anyone_ to
do certain things - but let's not pretend we can create a world completely
'free' of anything without sacrificing most of our inalienable rights.

------
typon
This seems so horribly wrong that I can't believe this was actually said in
public. And the Washington Post apologist writing is very strikingly clear
too.

------
ChrisAntaki
Merriam-Webster defines _terrorism_ as "the systematic use of terror
especially as a means of coercion" [1].

[1] [http://www.merriam-webster.com/dictionary/terrorism](http://www.merriam-
webster.com/dictionary/terrorism)

------
tptacek
I think the headline here is misleading. A casual reader could get the
impression that the FBI is asserting that the most pressing issue facing the
country is "prevention of encryption". Above all else: prevent encryption".

Really, what the FBI is saying (clumsily) is that companies should work with
the FBI to ensure that sound encryption doesn't trump every other concern.

------
pekk
I'm not far left. I broadly support law enforcement. I understand opposition
to Silk Road and I support prosecution. I even support Snowden going to trial.
But my reaction to this is "screw the FBI if that's what they think." Unless
Congress outlaws domestic use of encryption, I'm still going to have access to
open source encryption and I'm still going to prefer companies which use
encryption to maintain my privacy.

So the FBI has a tough row to hoe here, if the people who would otherwise
support it are alienated as I am

------
dognotdog
It is astounding how little most people in government understand how
'cybersecurity' works. Do they imagine it like how baby's think they're hiding
when they can't see you?

~~~
shostack
That quote around "someone's job depending on them not understanding
something" comes to mind...

------
justaman
Let them outlaw encryption. Let them backdoor all the softwarez. Let them
isolate themselves from the intellectuals.

"America will never be destroyed from the outside. If we falter and lose our
freedoms, it will be because we destroyed ourselves." \- Lincoln

------
summerdown2
I do find it a pity security organisations like the FBI and NSA are
interpreting their remit so narrowly focused on the "attack" side of the role,
rather than the "defense" side. It's probably a consequence of the effect of
bad publicity on the politicians who provide budget for such things, but I
really wish they saw their role as preventative and defensive rather than data
gathering. There's so much good could be done to improve the security of
critical infrastructure if they put their minds to it.

Also, though I'm not surprised by the fact they're against encryption -
They've been against it all through the court case against Phil Zimmerman for
example - I am surprised how tone-deaf their arguments are beginning to sound.
It's like they don't understand there's a real public debate happening around
them.

------
bigiain
"companies shouldn't put their customers' access to encryption ahead of
national security concerns"

Which "companies" and which "nation"?

Is he proposing Baidu need to work with the FBI to further US national
security? Or Xaiomi? Is he proposing Apple and Google should provide whatever-
he-wants-to-rename-backdoor-keys* to the Chinese and Iraqi governments for
their "national security"?

[*] I propose "Freedom Keys" to replace "backdoors"…

------
unics
When the US Government stops their encryption of data and makes everything
available to the public, then I will agree with them.

~~~
neverartful
Not only available, but immediately and readily available.

------
a3n
> He also disputed the "back door" term used by experts to describe such
> built-in access points. "We're not looking at going through a back door or
> being nefarious," he argued, saying that the agency wants to be able to
> access content after going through a judicial process.

Back door: any circumvention of normal access. Normal access in this case
would be access after decryption. It's irrelevant whether it's supported by
judicial process, it's still a back door, just one that they aren't hiding the
use of.

He says he's not looking for a back door (which is a lie, but members of
Congress don't understand that, nor the public), and he associates it with the
word "nefarious."

The FBI, masterfully twisting the language since 1908.

------
Zikes
Diffie-Hellman already paved the way for encryption for everybody. There's no
stuffing that genie back in the bottle.

------
fixxer
Nothing annoys me more than ignorance. How are you going to outlaw math?

~~~
oxalo
Reminds me of the Indiana Pi Bill:
[https://en.wikipedia.org/wiki/Indiana_Pi_Bill](https://en.wikipedia.org/wiki/Indiana_Pi_Bill)

~~~
chopin
Considering spaces other than Euclidian spaces pi can be rational (when
defined as ratio beween circumference and diameter of a circle).

------
naringas
They want us to communicate over insecure channels so they can ensure
everybody's safety.

~~~
Zikes
I sure hope his bank's online portal isn't HTTPS or that'd make him a
hypocrite.

~~~
pgeorgi
It's not entirely unlikely that he stopped doing banking himself, instead of
through an assistant, well before online portals for banks were a thing.

------
oofabz
> Encryption [...] is "a good thing," Comey has said, even if he wants the
> government to have the ability [to] get around it.

Doesn't the government already have the ability to get around it, without
compromising security? They can subpoena your password or private key.

If this is not good enough for him, that means he wants the ability to decrypt
messages without judicial process. Like messages in other countries where the
FBI is prohibited from operating. Or mass data collection, reading the
messages of millions of innocent people in an attempt to catch one criminal. I
don't want the FBI to do either of these things.

~~~
kinghajj
AFAIK, it's still not settled whether cryptographic keys/passwords/passphrases
can be subpoena'd. Existing case law from physical security distinguishes
between keys--like the one to your door or a cabinet--from combinations--like
those to a safe. The state can legally demand the former, as the law views
them as physical evidence as any other that may be rightly relinquished with a
proper warrant. The latter, however, are the contents of one's mind, and as
such requiring their divulgence runs afowl of 1st amendment protection of free
speech and/or 4th amendment protection against self-incrimination. To me, it
seems obvious that encryption 'keys' are much more like 'combinations', and
were only called 'keys' as a word play (like many concepts in IT).
Prosecutors, however, see that word and go "hey, wait a second, we're entitled
to those!!"

------
smegel
And if Apple gave encryption keys to Russia or China I am guessing the USG
would be OK with that? Or would that "betray their customers right to
privacy"?

~~~
woah
Obama actually denounced the Chinese government for pressuring companies into
giving up encryption keys, that same week he had criticized U.S. companies for
not giving up encryption keys. I was blown away by the immense cognitive
dissonance. This was earlier this year, I'll have to see if I can dig up the
article.

------
xtx23
Let's say FBI has those backdoors they want, how can they make sure that the
terrorists won't take advantage of those backdoors? When they can just allow
China to come in and steal U.S government worker's data like
[http://www.nytimes.com/2015/06/05/us/breach-in-a-federal-
com...](http://www.nytimes.com/2015/06/05/us/breach-in-a-federal-computer-
system-exposes-personnel-data.html)

I am more worried about them handling the backdoors.

------
golemotron
What bothers law enforcement is simply the idea that there is something they
can never have access to. The reality is that it has always been that way. Two
conspirators could walk into a pub and sit a corner booth in the days before
ubiquitous electronics and the law would never have access to that
conversation.

There is nothing about the advent of new communications technologies that
gives governments the authority to mandate circumventions for them. It's a
attempt to preserve a status quo that never existed.

------
nathan_long
>He also disputed the "back door" term used by experts to describe such built-
in access points. "We're not looking at going through a back door or being
nefarious," he argued, saying that the agency wants to be able to access
content after going through a judicial process.

"Back door" does not imply nefariousness, it just implies a way around normal
protections, which is exactly what they want. Tim Cook used the term "a key
under the doormat". I like that description.

Anyone can see that if you leave a key under the door mat for a friend, an
enemy may find it. It's inherently unsafe.

Now add to that analogy: 1) unlike in meatspace, the homeowner can't pick an
unlikely hiding spot; instead, the authorities would mandate the exact same
hiding spot for every house, 2) unlike in meatspace, the enemy has an
automated swarm of invisible robots looking for house keys and committing
theft and arson, 3) unlike the situation where you hide a key for a friend,
the key would be there permanently, not just for a day or two.

All of these issues make it clear that this is a bad idea, even ASSUMING that
the government is perfectly trustworthy.

------
MangoDiesel
This seems like a pretty clear signal that the ability of the state to conduct
mass surveillance may be slipping.

------
gizi
The FBI should first clearly spell out a definition for encryption. Encryption
is a function[&] that maps a number on another number. ([&] technically, this
is a simplification because encryption tends to map a given number on an
entire set of other numbers). What the FBI is asking for, is that some number
mapping functions would be declared illegal. But where is that list of illegal
number mapping functions? The problem that arises now, is that no matter how
long their list of illegal number mapping functions, it will always be
possible to design a number function that is not on their list but that would
still be entirely valid to use for encryption. Furthermore, how can they
actually enforce a law that says that particular number functions would be
illegal? You see, they do not like that people use encryption functions on
their numbers and they also do not like it when it rains. In both cases,
however, their desires cannot overrule the laws of nature.

------
alan_cx
General thought...

Two things strike me about these issues. Firstly there is a disconnect between
a lot of citizens and those who are supposed to be there to protect those
citizens; and second, we need to decide how much risk we are prepared to
accept for freedom.

The FBI, MI5, and their ilk are there to protect the people. Yet an awful lot
of the people talk about the likes of the FBI as thought they are just doing
what they do because it pleases them, and them alone. But Im pretty sure the
FBI believe that they are there to protect the people. To that end, I believe
the people who work in the FBI are sincere. Somehow this must be reconciled.

As must freedom v's risk. I think there needs to be a rational debate about
how much risk we are prepared to accept for an agreed amount of freedom. We
simply cant have freedom with out risk. The only way to eliminate risk, is to
eliminate freedom.

People need to address these two issues fairly soon, other wise, I think we
are all in a while lot of trouble.

~~~
ionised
> The FBI, MI5, and their ilk are there to protect the people.

I'm not at all convinced of this anymore. They exist to protect the government
and the status quo. Whatever that may be at the time.

Even civil liberties groups and charities are spied upon and labelled
'domestic extremists'.

------
jokoon
I don't understand, who else than the government has the right to tap internet
lines ? If there's nobody, encryption does not protect your privacy, since
investigations require warrants.

The problem is that the more the government watches everybody, the more people
will encrypt. The logical path would to forbid anybody to tap lines. Then, of
course, encryption would not be necessary, since data would flow securely.

Also, as long as its the authorities, as long as data does not fall into the
hand of private interests (which is a risk), I don't see what the government
would do about this ability to spy on its people since government represent
the interest of voters. Ideally of course, in reality there would be many
abuses.

By the way I don't understand why the authorities benefit for using Tor.

~~~
michaelmior
> The logical path would to forbid anybody to tap lines. Then, of course,
> encryption would not be necessary, since data would flow securely.

Why does forbidding someone from tapping somehow make data more secure? Just
because it's forbidden doesn't mean it won't happen.

> as long as data does not fall into the hands of private interests

This is a risk because it's impossible to prevent. Especially as wireless
networks become more and more common. It's impossible for all practical
purposes to prevent wireless signals from being collected.

~~~
jokoon
Well internet infrastructures should be made secure and be considered as
sensitive. That way it would be shielded from many small criminals.

> impossible to prevent

Well putting good encryption standards would mitigate this by a lot. And isn't
the sector of mobile antennas a walled garden ?

Of course if nothing is regulated to give the government a chance to tap it,
then consumers will always try to conceal their behaviors and criminals will
never be caught.

On the other hand, if the government properly regulates how data
infrastructures are kept safe from private interests and if it's properly
audited and made public, it will gain the trust of consumers and it will make
the FBI's job much easier.

I honestly doubt the government will really want to let everyone have the
opportunity to get away with the law because the technology allows it. There
are strategies to protect citizens from private interests while doing
investigations.

The problem with tor is that the government can end up systematically crack if
they want, so using stealth tools isn't the road that makes sense.

It boils down to trust. If trust goes down, it makes things much easier from
criminals, since the FBI's job will be so much harder, since everyone
effectively doesn't trust government.

Anyway, I'm not so knowledgeable about all that, but it's true that the law
must evolve on technology. Guilty until proven otherwise should be the norm,
and privacy matters, but if everybody is paranoiac like a criminal would and
protects their data because nothing is regulated and because private companies
always take a peek, then nothing will change.

~~~
michaelmior
> guilty until proven otherwise should be the norm

This is a scary statement to me. Why should it be assumed that I am guilty of
something because I don't want my communication to be read? This amounts to
saying that I have no right to privacy.

It seems that you're saying that I should just trust the government to not
read my messages if I am innocent. However, I don't think it's fair to say
that I only have the right to privacy if I trust the government to stay out of
my communications because that's not really privacy at all.

------
smitherfield
It's an unpopular opinion amongst techies, but I do think people should
recognize the genuine nuances to this issue.

It probably won't ever happen, but as a "live and let live" kind of guy who
nevertheless recognizes there are truly evil people out there, and the purpose
of government almost above all else is to protect society from them, I think
the policy which would make the most sense for this sort of thing would be for
a government to simply come up with a sort of digital social contract with its
citizens:

We couldn't care less if you're buying weed on the internet, or cocaine, or if
you're selling them, or emailing your mistress, or pirating HD tentacle
hentai. You can do these things in public or private, as you so choose. In the
digital realm, we respect your privacy and subscribe to the principle of _de
minimis._

In return, we're going to require that encrypted internet traffic in our
country be routed through our servers, with software that flags a limited
amount of suspicious, IP-anonymized traffic for human review. If the algorithm
turns out out to be wrong in your case and the email was only about the
nuclear bomb-grade heroin you snorted off the Pakistani general's long-range
missile during your secret gay tryst in Islamabad, _we don 't care._ We'll
destroy those records immediately, and there's no way for our human reviewers
to see your IP address. We know exactly who reviewed your records and we'll
throw the book at any one of them who leaks any private data.

And because we have lent our citizens this exceptional freedom to use the
internet for any peaceful purpose, that means encrypted traffic that isn't
routed through our servers must be treated as suspicious. It may or may not be
legitimate, but much of it may well be related to terrorism or violent crime,
or child pornography, or financial crime, or foreign agents. So, we will
continue our policy as stated above; we won't punish you just for using
encryption illegally, but doing so does give us reason for questioning you and
requesting access to your private keys.

~~~
c22
The reason techies find solutions like these unpalatable is because there is
no technical way to provide these capabilities without simultaneously
weakening protections against attacks from other entities (criminals, other
governments, etc).

Also, while you, personally, may think it's okay to buy and sell cocaine over
the internet, many of the other people signing/writing this social contract
would disagree.

~~~
zedadex
> The reason techies find solutions like these unpalatable is because there is
> no technical way to provide these capabilities without simultaneously
> weakening protections against attacks from other entities (criminals, other
> governments, etc).

Right, the golden key problem.

> Also, while you, personally, may think it's okay to buy and sell cocaine
> over the internet, many of the other people signing/writing this social
> contract would disagree.

'Social contracts' rarely refers to specific stances on policies/issues. He
was likely using it to refer to the underlying implicit agreement the term
usually refers to (the agreement to live by laws, etc) as opposed to any
actual document you might be thinking of (like a constitution or something).

From that standpoint, I agree with him - there are some issues which will only
ever be 'resolved' by reconsidering the underlying stance we take on what our
societies can or can't do, and revising the underlying social contract the
societies we choose to live in are built upon.

------
rietta
Well, at least he is being more straight forward than Comey was. He's laying
it out there that in his opinion it's key escrow or else!

Of encrypted device users, just how many have not opted to have the key backed
up by Apple or Microsoft? Backing up seems to be default, which is self-
elected key escrow. 99% of the the rest of everyday users probably have a 4
digit PIN that can be cracked very quickly under forensic examination. Anyone
with a real security need is going to be following their own opsec protocols
anyway, which they would do with or without a law preventing good default
security for everyday users.

They really do seem to be overblowing just how dark the network is to them
under their investigatory powers.

------
Fando
Is it incorrect to say that America is the biggest threat to world peace?
American military industrial complex seems like the biggest terrorists in the
world. Which country has killed more innocent people across the world and
started most wars since WW2?

~~~
ionised
Much of the behaviour of the US towards other nations can easily be considered
the actions of a rogue state. I can't see how one could deny this when looking
at the facts.

------
drawkbox
Law enforcement and detective work in this century is very lazy. They want to
strip privacy for an easier job.

Engineers that get rid of security or do it half way are seen as bad.

Yet people enforcing the law, stripping away laws and rights they are here to
protect, do this to make it easier for 'national security'.

Respect for the law has taken a huge dive down with the War on Terrorism and
the War on Drugs with many similar parallels. It appears to be diving even
further. Good quality detective work is being worked out in favor of constant
surveillance.

------
tn13
Any marginal gains that US might achieve in terms of security are not worth
the resources and human liberties they need to sacrifice. Of course for those
who are in power there is an incentive to paint a needlessly scary picture
take our money and destroy our freedom.

I think public schools without bullying would be better and more beneficial
objective than protection from terrorists who do not exist.

------
tsotha
Honestly, I don't understand how this can work as a practical matter. For
companies and their customers to have a chance of surviving criminal hacking
attempts they have to be as secure as they can be.

If it's easy for the FBI to track people they have a legitimate interest in
it'll be easy for some guy on the other side of the world to lift your SSN.

------
rebootthesystem
It is time for a moderate Libertarian government. It really is. We need to
bring the train back onto the rails.

~~~
pluma
Heck, moderate _anything_ would be a good place to start.

Even the Democrats are right-wing extremists by European standards.

~~~
rebootthesystem
No, no. No.

Democrats use, lie and abuse the middle and lower classes just to get votes.
They promise crap, they create division and tension along racial, economic,
and any other line they can find. It's a playbook right out of the best South
American dictatorships. The masses vote for them based on stupid shit like
"Hope and Change" and then they get nothing. Frankly, I don't understand why
these people keep voting for them. Look at what's happening to the black
community under a black president. If there was ever an indication that
Democrat's mode of operation is to use the masses for votes there you have it,
playing live right in front of on us TV nearly every day.

The only good thing about Democrats are some of the approaches to social
issues. Things like gays are not evil and the war on drugs is stupid.

Republicans? Crap. The religious right represents delusion and insanity. They
too, when you produce a few key words, will vote for you at the push of a
button. They manipulate a different set of audiences for different reasons.

The only good thing about Republicans is the leaning towards fiscal
responsibility, low taxes and low spending.

A good moderate Libertarian will be for small government, low taxes, a
moderate liberal social stance, fiscal responsibility, not fucking with the
world with armament and getting the hell out of our lives, homes, businesses
and bedrooms.

I for one am glad to see someone like Rand Paul making the moves he is making.
He is smart. He knows that in this country it is still impossible to win as a
Libertarian due to the dominance the main parties are granted by the electoral
college system. So, he sits as a Republican. Yet, it is obvious he is not a
bible thumping Republican. He is a Libertarian, there's no doubt about that.
The chances of him getting the nomination are probably not good, but you never
know.

If voters just stopped to think for a moment to realize that the average
politician is not much more than a bad used car salesman working hard to use
and abuse them every day for their own gains we might just have a chance to
start doing things differently. That's a tall order. How do you convince a
bible thumper to vote for someone that isn't going to push their buttons and
won't demonize gays or other groups? How do you convince a union leader to
have their membership vote for someone who isn't going to promise free goodies
and favors to their membership?

Probably won't happen. But that's the root of the problem in American
politics. We are being pulled to the right or left by a process of buying
votes. Those of us in the middle who see things for what they are and really
want to do the right thing for the country and future generations have no
voice in this because the big parties and the electoral college system push us
down into the noise. Voting Libertarian in California or Texas is wasting your
vote.

The electoral college, for all it's virtues, has created a system where the
party that should be in power right now has no chance at having a voice.
Collectively Libertarians are in the many millions across the nation. However,
our system of government is designed to pretend that every state is a
homogeneous voting block, allocating all votes to one or the other party,
which is utterly ridiculous in today's reality.

While I really wish for a Libertarian shift in our politics I fear this is
almost impossible to achieve given the realities of how the game is designed
and played.

~~~
pluma
What are you disagreeing about, exactly?

The European "right-wing" is socialist by American standards and the American
"liberals" are right-wing by European standards.

Heck, the only reasons Americans think "small government" is the solution (and
that it has to be an all-or-nothing decision) is that the government they have
is bullshit.

You can have regulations without having a "nanny state" that dictates every
aspect of your life. You can have privacy and welfare and socialised health
care and various other kinds of good things _without_ "socialism".

Americans, generally speaking, _don 't care about other people_. Personal
responsibility is the highest good: if you made it, it was your personal
achievements that got you to where you are; if you end up in a bad situation,
it was your own failings and bad decisions that got you there.

But that has nothing to do with liberalism or capitalism. In fact, it's quite
anti-liberal. Without regulation, capitalism eats its children: you get
monopolies and oligopolies, innovation stagnates and new competitors are
either acquired or driven out of the market; you also provide no incentive for
moral responsibility to the consumers. Randian "libertarianism" is deeply
flawed and sociopathic.

~~~
rebootthesystem
I think the problem with the way you are seeing things is what I call the
"Star Trek View of the Universe". This is where all Vulcans are the same, all
Klingons are the same, all <insert planet> are the same.

Example:

> Americans, generally speaking, don't care about other people.

That's not even close to being true. A cursory google search reveals that the
US is at the top of the list of nations engaged in charitable donations,
foreign aid and other metrics of generosity that clearly indicate that we do
care about other people.

And, no, Americans are not a homogeneous herd that thinks and behaves the same
way. And that's why the problems and the solutions are sometimes very hard to
sort out. Yet I'll take this any day to some of what goes on in many nations
around the globe.

------
thrillgore
Me: 'Go fuck yourself'

------
RexRollman
It's a power grab, plain and simple. The FBI and CIA are probably happy that
9/11 and neverending terrorism occurred as it gave them the excuse to do it.

"It's for your own good."

------
fapjacks
You know how you know you're on the right track? When the fascist scumbag
terrorists say what you're doing should be prevented "above all else"...

------
tracker1
Terrorists are already going to use encryption... so "stopping the terrorists"
is a weak argument (not the one used here, but just saying).

Beyond this, given that every level of access the U.S. government has been
given in any kind of automated fashion has been abused... "Fuck 'em" ... They
do not have a right to violate the 4th ammendment at any given level just
because "papers" and posessions are digital in nature.

~~~
pluma
But then at least we know you're guilty if you use encryption.

It's kinda like the reasoning that banning marijuana was better for the police
because they didn't need to distinguish between illegal drug use and legal
drug use.

------
dendory
I think one thing clear is that anyone who follows the news will be hard press
to use technology that doesn't implement open source encryption. That's the
only way we can be sure there isn't a black door. I think we should let every
major tech company know that this isn't the time to reinvent the wheel or roll
out their own in house solution, but to work on bettering proven open source
technologies.

------
Zelphyr
I find it interesting that the FBI is saying we don't need encryption while 4
million government workers' information has been hacked.

------
naveen99
you can't prevent encryption. There is no barrier to entry to people writing
encryption from scratch. You could even do it with a combination of computer
and paPer, if you don't trust the computer... People using 3rd party closed
source encryption tools don't really have a reasonable expectation of non-
backdoored software.

------
luckydude
At the risk of getting some list, these guys are the reason that we formed a
country. It was people like this guy that made everyone here get a gun and
fight. Literally. I'm not some gun nut, but wow, our government has gone off
the rails.

This is not what I want for my country, not what I want for my kids.

------
Puts
I think we are focusing in the wrong thing when encryption is all about
privacy discussions. If we want to build distributed systems, for example for
money transfers, we will need "unbreakable" encryption for signing.

------
mauricemir
"Privacy, above all other things" is not the same meaning as "Companies should
help us ‘prevent encryption above all else’"

Some one has an axe to grind and is deliberately misusing the FBI's quote.

------
payne92
..and we pay their salaries.

------
AnEngineer
Is it just me, or is the irony of this story colossal:

[https://news.ycombinator.com/item?id=9662421](https://news.ycombinator.com/item?id=9662421)

------
ddp
Again? I thought we went over this in the 90's. Sigh.

------
CyberDildonics
When will we have the option to enable multiple layers of encryption at the IP
level? It would put to rest so many of these power grabs.

------
new_hackers
I wonder how many terrorist attacks have been prevented BECAUSE OF encryption?

Having all information in plain text frankly scares me more...

------
bwb
holy crap, they have lost their damn minds! I can't believe this horse shit :(

------
spacemanmatt
That's some ripe security state propaganda, there.

------
MichaelCrawford
Unclear on the concept:

I use the Tor Browser Bundle to read my gmail. I figure it's helpful to those
working for legitimate regime change, that I put encrypted traffic on the net.

~~~
dstanko
LOL

------
AC__
Me to the FBI: "The FBI should help me help them fuck off"

