
Thomas Jefferson and Apple versus the FBI - lx
https://blog.cr.yp.to/20160315-jefferson.html
======
denzil_correa

        In 1977 the Institute of Electrical and Electronics     
        Engineers (IEEE) scheduled a symposium at which several 
        important papers on cryptography were to be presented. 
        Research had established a basis for developing powerful 
        new encryption schemes, using fundamental concepts of 
        computer science, and examples of these schemes were 
        included in the papers. Prior to the symposium, however, a 
        letter arrived at IEEE headquarters warning that the 
        presentations might subject the authors and the IEEE to 
        prosecution under the Arms Export Control Act of 1976. The 
        letter was signed by an IEEE member, Joseph Meyer, who gave 
        only his home address, but who turned out to be an employee 
        of the National Security Agency (NSA).
    

40 years later, we still repeat the same arguments and make the same mistakes.

~~~
legittosser112
This shouldn't be too big of a surprise. Our current politicians views of the
world were largely molded by the people in office when the Arms Export Control
Act was voted in.

It would be interesting to see a visualization of our political "family tree".
For example, Rep George Miller from California was in office from 1975-2014.
Who worked for him over those years, where are they now? Or flip it around,
who did our current pols work/mentor under?

Keith Sebelius was a rep for KS in 1976. Father-in-law of Kathleen Sebelius.
No direct ties to the 1976 bill, but that isn't the point I'm making. Nepotism
and family ties run deep.

Rep Paul Tsongas voted Yea for the bill in 1976. His widow is now a Rep for
California.

Rep John Conyers is the longest serving member of the house, having been
elected in 1965.

Senator Trent Lott retired in 2007. Was elected to House in 1973.

Senator Chuck Grassley elected to House in 1975.

Recently retired Senator Tom Harkin elected to house in 1975.

Rep John T. Myers in office 1967 to 1997. His son-in-law takes over the seat
2001-2003.

Senator Paul Sarbanes served in the House from 1971-77 then moved over to
Senate until 2007.

Rep Charles Rangel in office continuously since 1971.

Rep Norm Mineta server from 1975 to 1995, then went on to Sec of Commerce and
Sec of Transportation.

Not all these people voted for the bill. Again, not the point. The point is,
our system makes the same stupid decisions because it's a lot of the same
stupid people.

The more I look at the govtrack.us page for this bill, the more names I
recognize, the more I think "we really need to get away from politics being a
legit `career` option."

~~~
kbenson
> The more I look at the govtrack.us page for this bill, the more names I
> recognize, the more I think "we really need to get away from politics being
> a legit `career` option."

Which has been tried, and the extreme on the other end isn't pretty either.
Strict term limits in California (prior to some revision in 2012) meant that
Senators and Congresspeople were almost never around long enough to truly get
involved and understand an issue. There was a lot of freshman lawmakers all
trying to make their own mark, perpetually blind to the prior efforts.

The question really is how many years in congress, the senate, or both is too
much, and how low of term limits is too low? _If_ we can't find a happy middle
ground (I honestly don't know), then maybe we need to step back and examine
the question again, and decide whether there are some other levers and
incentives and regulations we can use to our benefit.

Note: It's also worth looking at whether passing institutional attitude
(knowledge?) as you described is actually a bad thing, or a natural
correlation. If that district or state has a particular leaning, it could be
that it's just natural that a similarly positioned person will be more likely
to pick up the seat later.

~~~
numbsafari
"There was a lot of freshman lawmakers all trying to make their own mark,
perpetually blind to the prior efforts."

Sounds a lot like our own industry...

~~~
kbenson
I won't lie, that connection did come to mind as I wrote that. Especially
since the submission regarding Javascript Fatigue[1] the other day which
covered it quite a bit.

1:
[https://news.ycombinator.com/item?id=11294218](https://news.ycombinator.com/item?id=11294218)

------
rkevingibson
"Defendants appear to insist that the higher the utility value of speech the
less like speech it is. An extension of that argument assumes that once
language allows one to actually do something, like play music or make lasagne,
the language is no longer speech. The logic of this proposition is dubious at
best."

I love this - definitely not a side to the argument that I'd considered
before, but I find it very compelling. Well written article all around.

~~~
rayiner
"Speech" is not about the medium, it's about whether something is being
communicated. Courts have long recognized that functional things can be
speech. Clothes are functional, but fashion can be speech if the point of
wearing it is to communicate an idea to other people. Of course, fashion (and
code), can be not speech too. Code in the context of instructing a computer to
perform encryption is not speech. But publishing that code to communicate to
other people how to peform encryption is surely speech.

~~~
swombat
IANAL, but I think that argument about code-as-not-speech breaks down when you
consider that this is code that, because of the digital signatures it
includes, is intrinsically tied to Apple, and can be used to break any Apple
phone. Perhaps a good analogy there would be that the FBI is asking Apple to
write a speech that they disagree with, and then sign that speech, and then
allow the FBI access to that speech, and the FBI is saying "don't worry, no
one will see it, just us". And Apple is, quite rightly, saying "like hell, you
can't even secure your personnel records - that speech is harmful to us and we
will not be compelled to write it and sign it."

~~~
harryh
Just for the record, the FBI isn't saying "don't worry, no one will see it,
just us." as they aren't requesting a copy of the signed code. They're just
requesting that Apple use it to unlock the device.

So the FBI's ability to secure the code isn't currently relevant.

~~~
brisance
Considered in isolation, it isn't relevant. But the basis of this decision
will serve as a precedent to get Apple to unlock a multitude of phones. And
that's not Apple's business. Apple, or any other company, is not a branch of
law enforcement, and cannot be conscripted to perform law enforcement's
functions.

~~~
harryh
That's simply not true. Businesses of all stripes are conscripted all the time
to gather data and turn it over to law enforcement. The government has very
wide latitude in this area.

~~~
karlshea
Gather data, which Apple already does and provides. Not write wholesale
operating systems, sign them, and maintain them for only the government to
use.

~~~
harryh
You make it sound like Apple is being asked to put a man on the moon. They're
being asked to comment out a few lines of code and recompile. Apple's
objections have nothing to do with the volume or difficulty of work.

~~~
karlshea
It sounds like you aren't very familiar with the actual ask; that's not at all
what they are tasked with doing.

The FBI wants them to create an operating system that would run entirely from
RAM without touching any of the flash memory on the device.

------
wyldfire
This blog entry is remarkably clear about the problem and why the suggestion
of barring non-key escrow'd encryption won't work.

~~~
nerdponx
Yep, I was stuck by how lucid the discussion was. The "remove the computer"
idea is powerful.

~~~
abraae
djb strikes me as the most lucid person on the planet.

His style extends to his software - he offered a bounty for a verifiable
security hole in his qmail software in 1997 which still stands today. Nobody
has ever found any security holes in qmail.
[https://cr.yp.to/qmail/guarantee.html](https://cr.yp.to/qmail/guarantee.html)

~~~
viraptor
qmail is... specific. It does very little and does it in many different
processes. That's kind of like putting a security guarantee on `cat`. In
practice qmail on its own is not really usable these days (does it even
compile without patches anymore?). The extensions to it are also not even
standardised - it mainly happens by patching the source.

I'm not saying that software is bad, but the security guarantee is too
restricted to be practical anymore.

~~~
quesera
qmail is not a modern MTA, that is true.

But qmail was a revelation in 1996, and a solid choice for at least ten years,
despite never reving past 1.03. Those ten years were pretty ugly in the
network services security world. djb's bounty was a significant statement in a
crazy era.

No one uses qmail any more. But it was used by everyone who ran serious mail
servers for a long time. The guarantee was well-tested.

It is not coincidental that Postfix uses a very similar multiprocess model.
That is how you encapsulate security domains. djb didn't invent it, but he
shined the light for everyone who followed.

~~~
viraptor
I agree it was very novel and useful. But in my mind it seats somewhere
between a technology preview and a project. Most weird stuff happens to
applications that get new features, get redesigned, get new aspects that
weren't accounted for before.

You can cut out a lot of security issues by defining ahead of time what you're
going to support, writing only that, and never doing anything else. New, small
code rarely has terrible design flaws if there was a good plan ahead of time
(and djb had an AWESOME plan) and you write it by yourself. Now if you live
with a project for a long time, and actually maintain and extend it - that's
would be even greater achievement. Postfix went in the similar direction as
you mentioned and started around the time qmail got stable, but still lives.

~~~
quesera
Those are all great points. I think it's fair to say that djb built the
reference model, and Wietse built the consumer product.

Relatedly, djb is an academic who releases code sometimes, and Wietse is a
sponsored open source developer. Their methods are very different, but they've
both made huge and complementary contributions.

------
adekok
Free speech includes “All these guys did is simply push a sequence of buttons
that they were legally entitled to push.”

[http://www.wired.com/2013/05/game-king/](http://www.wired.com/2013/05/game-
king/)

The prosecutors argued that they were "hacking" the machines, and behaving
illegally. That's ridiculous.

If Apple can be forced to _falsely claim_ that any hacked software is "valid",
then every single citizen of the USA can be forced to parrot the government
line.

Free speech? Only when it's acceptable speech.

------
0942v8653
A counterpoint: [https://www.technologyreview.com/s/600916/apples-code-
speech...](https://www.technologyreview.com/s/600916/apples-code-speech-
mistake/)

I don't think the OP falls into the trap that the above is pointing out, but
it would be easy to take this argument and accidentally make it into an
argument that does.

