
Obama Encryption Policy Rejects Laws Mandating Backdoors - DiabloD3
https://www.eff.org/deeplinks/2015/10/partial-victory-obama-encryption-policy-reject-laws-mandating-backdoors-leaves
======
cryoshon
Deceptive title, unintentionally.

FTA: "Instead, the Post reports, the “administration will continue trying to
persuade companies that have moved to encrypt their customers’ data to create
a way for the government to still peer into people’s data when needed for
criminal or terrorism investigations.”

While eschewing attempts to legislatively mandate that tech companies build
backdoors into their services, the president is continuing the status quo –
that is, informally pressuring companies to give the government access to
unencrypted data."

Status quo is that the government doesn't respect the privacy of its citizens.

~~~
quaunaut
We've agreed as a country that the ability to get a warrant in the case of
probable cause is a good thing. How is this not just maintaining that?

I find it hilarious how often privacy advocates manage to forget that we've
had this conversation before, and while the government can and has overstepped
in many ways, lets not throw out the ability to investigate at all along the
way.

~~~
drcube
Because breaking encryption breaks it for everyone. If the cops can get your
data, so can a hacker. There is simply no way to compromise. You either are
encrypted, in which case nobody but you can decrypt your data, or you're not
encrypted at all.

Remember the "TSA locks" we're all required to use on our luggage at the
airport? Nobody but the government was supposed to be able to unlock them. But
now anyone who wants to ruffle through your luggage can get universal keys for
all TSA locks. What happens when that same scenario plays out with your bank
account, your company emails, or any online store you've made purchases from?

~~~
quaunaut
I'm not arguing to break encryption. And neither is the white house. They want
ways around this stuff- ways that don't break encryption, but if the
information is available, then the ability to get to it if necessary.

Backdoors don't work because yeah, it breaks the whole system. But not
everything is encrypted with these companies, that's just plain.

~~~
Zombieball
Perhaps I am not versed well enough in the subject, but I have a hard time
envisioning any kind of system that allows government officials to get around
the encryption and peer into the contents but not hackers.

There will always be some sort of secret only the government has access to,
and once that secret is leaked it's game over.

~~~
quaunaut
You don't give the government access to their own door. The company simply
retains the right to access things- you know, the same way we have it now.

All it's arguing, is to say "You don't have to encrypt literally every part of
your system and delete the rest" a la what Snapchat suggests they're
doing(though we don't have proof).

------
declan
This is mostly good news. A few thoughts:

* The FBI-NSA-etc. axis already tried to ban nonescrowed crypto. This was in 1997, when far fewer products relied on it, far fewer people used the Internet, and far fewer groups mobilized to oppose it. If even _that_ effort failed, this one was likely to fail as well.

* Excerpt from that 1997 proposal, which was actually approved(!) by a House of Representatives committee: "It shall be unlawful for any person to manufacture for distribution, distribute, or import encryption products intended for sale or use in the United States, unless that product..." [http://thomas.loc.gov/cgi-bin/cpquery/T?&report=hr108p4&dbna...](http://thomas.loc.gov/cgi-bin/cpquery/T?&report=hr108p4&dbname=105&)

* I disclosed in 2012 that the FBI had drafted a proposed law to require backdoors; that legislation was never introduced, even as a placeholder. My 2012 article: [http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites...](http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites-now/) Of course the FBI's bill could be kept in reserve to become Patriot Act 2.0, just like the FBI-NSA-etc. axis had EPPSCA in reserve, which morphed into Patriot Act 1.0 a month after the 9/11 attacks, as I wrote about here: [http://www.cnet.com/news/how-bin-laden-and-911-attacks-shape...](http://www.cnet.com/news/how-bin-laden-and-911-attacks-shaped-electronic-privacy/)

* If the legislative approach is now off the table, as the WashPost piece indicates, look for the FBI-NSA-etc. axis to try more creative approaches. "Oh, you want that $2 billion government contract? You want your new device to be FIPS 140-2 certified? How about that merger or FTC antitrust review? Environmental reviews? Trade? Taxes? It sure would be a shame if things didn't go your way. Maybe you can help us and we'll help you..."

This is why it's worth supporting groups like EFF (I donated last year and
need to again before the end of this year). They provide a _moral_ argument
that counters that of the Washington establishment--and also provides guidance
for tech firms when they're faced with challenges like those above.

------
a3n
"Persuade."

How can we know that NSL's aren't being used right now to "persuade" or coerce
companies to cooperate? Who needs legislation when you effectively don't have
to reveal anything?

------
james4k
I am surprised the petition has yet to reach 100k signatures.

Is it optimistic to think that most of the tech community at least should
recognize the significance of this? Even if you doubt its effect on real
policy.

~~~
jstx
I'm not. Who has time to fully comprehend (and act upon) this? Especially when
we're already working >50h a week to maintain household status quo. It's hard
to focus on the state of society's infrastructure when I'm spending every
waking moment working to maintain my own. Yes, I know what is at stake, but
one avenue is a long burn and the other is a short fuse. I'll tackle the more
pressing issue first.

Disclosure: I work in the netsec industry and only signed this because HN
brought it to my attention in the rare spare moments between my daily tasks.
To use an analogy, I feel like I can't worry about putting out the forest fire
if my house is already on fire in the midst of it. At the same time, I'm
throwing money at someone that says they'll help me free up more time to do
the forest fire fighting. We'll see if I've made a grave mistake in how I
prioritize things.

~~~
hcon
This is my reaction whenever I hear someone suggest that "we should be rioting
in the streets." I have daily personal struggles and work that I'm trying to
pin down every day with all my energy. And my remaining time/energy go into
finding a mate if I even have any at all.

~~~
nitrogen
So it turns out the real way to prevent riots is to make sure everyone is
running in the rat race. Or in other words, jobs that only meet ~99% of their
needs.

------
late2part
The Obama administration has continued flawed policies in many areas,
especially those infringing on the 4th Amendment.

~~~
mhurron
Government basically exists to maintain the status quo. Anyone who might
really change anything really won't get far enough in order to.

Meet the new boss, same as the old boss.

~~~
late2part
Wouldn't it be good to have hope, and expect change? Our government, our
country, our people can change, for the better, or for the worse. I'm sad that
you think the status quo can't be changed. It can and should be.

~~~
happyscrappy
And it is. How is it in the interest of TPTB to have weed legalized? Yet it is
happening.

~~~
late2part
I'll be your Huckleberry. Why are we seeing advances in drug legalization and
LGBT rights, but erosion in others?

~~~
bcoates
Because the drug legalizers first disobeyed, then circumvented, and finally
ignored the law, and the LGBT groups cheerfully use personal intimidation and
group shaming rather than wasting their time putting their faith in
politicians?

The status quo can be improved but it's a process of beating the system and
the people in it until they stop resisting, not choosing better ones or
convincing them you're in the right.

------
pasbesoin
Meta: We might have more respect -- in limited measure -- for the government's
position if they actually cleaned up their own malfeasance, instead of
persistently, predictably trying to bury it.

You want transparency? Lead by example.

------
a3n
> the administration will continue trying to persuade companies that have
> moved to encrypt their customers’ data to create a way for the government to
> still peer into people’s data

If you are one of these companies that are informally cooperating with the
government on this, please state so publicly, in the signup process and by
message to current users, so that we can avoid using your services now, or at
least when it's discovered later if you weren't honest about it up front.

~~~
declan
Well put. We tried to take a very privacy-protective stand when building
Recent News ([https://recent.io](https://recent.io)) because of the amount of
personalization we do. This warrant canary is part of our privacy policy:

 _As of [date], we have not received any legal process or demand from any
federal, state, or local government that includes a gag order. We have
received no National Security Letters, civil subpoenas, search warrants,
Foreign Intelligence Surveillance Act orders, grand jury subpoenas, or any
other form of compulsory process accompanied by a gag order.

As of [date], we have received no legal orders requiring us to monitor users'
future activities or to modify our service.

If we do receive any form of compulsory process from any government entity, we
will do our best to ensure that our users' legal rights and privacy rights
under the Fourth Amendment to the U.S. Constitution are protected. That
includes challenging overly broad orders in court._

It is still valid, I'm happy to say, for [date] values of today.

~~~
polymatter
IANAL, but the judge may order you to keep the warrant canary or find you in
contempt. Law is based on intent and if your intent in removing that clause is
in broadcasting you are under gag order, when the gag order restricts you from
doing exactly that, you may find that will be taken as a breach.

This should not be taken as legal advice, YMMV, yadda yadda.

------
outside1234
Why does the Apple one get special kudos? They just say they "don't allow
government access to their SERVERS" \- they never say anything about the data.

