
The FBI Is Wrong: Apple’s Encryption Is in the Public Interest - denzil_correa
http://www.wired.com/2014/10/fbi-is-wrong-apple-encryption-is-good/
======
higherpurpose
> Comey went so far as to claim that Apple’s new system risks creating an
> environment in which the United States is “no longer a country governed by
> the rule of law.

That made me laugh. As opposed to a country where several enforcement agencies
including cops can spy on masses of people to their heart's content? It wasn't
too long ago that cops could get someone's phone and look through it as much
as they wanted. It took a battle to the Supreme Court to stop that from
happening (hopefully). So I think there's a much higher chance it's _them_ who
are violating them law when the devices aren't encrypted, than the other way
around.

I'm glad at least some journalists are calling out FBI director's BS
arguments. Others like Washington Post and NY Times seem more than happy to
give him a platform on which he can spread his propaganda to millions. It's a
good thing for him that spreading propaganda on US soil isn't illegal anymore,
I guess.

~~~
ObviousScience
Any arguments about the rule of law from agencies that lie to courts and
mislead them about how evidence was obtained so they can't be challenged on
using illegal tactics are a mockery.

------
nickff
I am not sure that people really comprehend what "the rule of law" means,
because the FBI's use of the phrase betrays a fundamental misunderstanding.

From the Oxford English Dictionary (also used in the Wikipedia entry): _" The
authority and influence of law in society, esp. when viewed as a constraint on
individual and institutional behaviour; (hence) the principle whereby all
members of a society (including those in government) are considered equally
subject to publicly disclosed legal codes and processes."_

"Rule of law" is more of a procedural guarantee for the citizenry than an
assurance the people will abide by laws.

~~~
davidp
Yes. It is used to contrast with "the rule of men."

In Russia, Afghanistan, and Venezuela, the laws don't seem to matter very
much; if Putin or the oligarchs/warlords/chavistas want things to be a certain
way, there isn't much to stop them despite laws that in theory constrain them.
That's the rule of men, as opposed to the rule of law, and it's antithetical
to a free society.

~~~
ethbro
"That's the rule of men, as opposed to the rule of law, and it's antithetical
to a free society."

Not sure the rule-of-law / rule-of-men dichotomy with regards to measuring a
free society is as clear cut.

Civil disobedience, corporate political spending, judicial activism, selective
legal enforcement at the local level, federal/state disagreement. These are
not all good or all bad things.

~~~
barrkel
Rule of law is generally necessary, but not sufficient, for freedom, so far as
we know human nature. Rule of men is capricious.

Laws that are written up and known ahead of enforcement, and that are enforced
fairly and impartially - that's rule of law. But the laws themselves may be
unjust or otherwise problematic.

That is, this is a lawful / chaotic axis, not a good / evil axis.

------
jliptzin
The smart criminals, the ones we truly want to catch - like sophisticated
terrorists, organized crime, hackers, are already encrypting their
communications. Default encryption on ios8 now protects the digital trail of
an otherwise lazy criminal who is more than likely leaving breadcrumbs
elsewhere and is largely involved only in petty affairs. Law enforcement just
needs to go back to more traditional investigative tactics instead of invading
everyone's privacy for the purpose of making their jobs a little easier.

~~~
tzs
> The smart criminals, the ones we truly want to catch - like sophisticated
> terrorists, organized crime, hackers, are already encrypting their
> communications.

I'm pretty sure that most people want the non-smart criminals caught, too. I
certainly have not heard too many victims or relatives of victims of murder,
sex crimes, hate crimes, robbery, gang violence, and the like say that they
don't truly want their crimes solved because they were victimized by non-smart
criminals.

~~~
Retric
I think the assumption is dumb criminals are likely to leave other traces.
Personally, I would rather pay a little more for policing than give them free
access to any and all data.

------
natch
>...it is impossible to create a back door into an operating system that
eliminates the possibility that other unauthorized access will occur...

This idea of back doors being opened up to black-hat hackers seems to be the
crux of the current leading argument against key escrow. Even the EFF is
beating this drum.

Bear with me, I'm not disagreeing with that argument, but isn't there another
point to be made here? And that is:

Key escrow systems ask us to assume that the current "good" guys in positions
of authority will always remain good. Isn't that a bit too much of an
assumption?

~~~
jchimney
they are always the 'good guys' until they are coming after you. I can
imagine, a time when government would have requested comms from the Occupation
movement. The problem is that they get to determine who the current enemy is.
We all agree that the extremes are negative (i.e. ISIS, Narc Terr etc.) but
what if a government is elected that decides that reproductive rights, equal
pay, race equality, pot legalization etc. are an issue...Are you still ok with
back doors? There would have been a time in the very near past that these
things would have been a very powerful weapon in the authority's arsenal that
would have stifled our culture's advancement (imho).

~~~
mcovey
>but what if a government is elected that decides that reproductive rights,
equal pay, race equality, pot legalization etc. are an issue...Are you still
ok with back doors?

To statists, the state is infallible. If race inequality is the standard
codified by law, then race inequality is good, because the government has
declared it so. So many people operate under these assumptions, giving
exception only to a few partisan issues which they've never even thought
critically about.

------
graycat
Ah, let's see: Here in the US we have a Constitution. Now I remember, once I
downloaded a copy. Right, here it is. Hmm .... Okay, how about this part:

Amendment IV

The right of the people to be _secure in their persons, houses, papers, and
effects_ , against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized.

Note: I added the emphasis. Maybe I'd wish the emphasis would be letters 10
feet high with two pounds of black ink each, but I'm not seeing a way to do
that on HN.

Seems pretty clear to me.

Now when I lived near DC, as I recall, the FBI HQ was not far from the
National Archives with the original copy and also not far from the Supreme
Court where, maybe, the FBI could get some eighth grade civics tutoring on
what that part of the Constitution means.

To me, what the part means is, in simple terms, keep your filthy, sticky hands
the F off my stuff. That is, unless you have one of those warrant thingies.
And I don't even own a mobile device.

I sound pissed off? Right: A lot of really good people fought and died to give
us the freedom to write and adopt that Constitution. To track mud all over it
now is, in a word, a bummer, and that's putting it very mildly.

The FBI needs to return and repeat eighth grade civics.

I know; I know; apparently some people in the FBI would say that the
Constitution was written long ago, and now the FBI has much, much, much more
important things to worry about than those old fuddy duddies who wrote that
old piece of paper and, besides, they didn't have smart phones then. Some
people might say such things, but I don't go along, and we do have a way to
get an answer -- that's just what the SCOTUS is there for, in this case for a
reading comprehension lesson in eighth grade civics.

That text I emphasized above is difficult to read and understand? Ah, now I
get it, for some in the FBI, easy to read and understand but difficult to
accept and easy to violate.

~~~
res0nat0r
This gets repeated incorrectly every time this issue comes up, but data you
hand over to third parties isn't black and white and is subject to access from
other entities.

~~~
graycat
Sorry, I typed quickly. I was referring to encryption on the iPhone, not on
some cloud server. From recent media stories, some people in law enforcement
want to be able to take a person's mobile device and see what data is on it
and also want the right to demand that the owner of the device decrypt the
data. My view of this part of the Constitution is that the person and their
device are protected and law enforcement is wrong.

So, the way I read the Constitution, if I have an iPhone and the data on it is
encrypted, then I don't have to give the FBI so much as a spit if they don't
have one of those warrant thingies. Even if they do have a warrant, do I have
to decrypt the data for them? I'd guess and hope not, but that might need a
SCOTUS opinion.

But, for the cloud, hmm, let's see: I write a very personal diary and store it
in a safe deposit box at a bank. Now that diary is no longer part of my
"personal papers"? I would hope that that part of the Constitution would
continue to apply to my diary, even though it is in bank's box.

And if I type my diary into a computer file and store it, encrypted, on a
cloud server, again I would think that that file on the cloud server was still
my "personal papers and effects".

Maybe we need some SCOTUS cases.

~~~
GHFigs
_My view of this part of the Constitution is that the person and their device
are protected and law enforcement is wrong._

You seem to not sharing the Constitution's distinction between warrantless and
warranted searches. The complaint being fielded by some in law enforcement is
that recent changes in encryption mechanisms in iOS and Android will render
many _warranted_ searches useless.

~~~
graycat
> distinction?

Yes, in the first paragraph is implicitly assumed that law enforcement didn't
have a warrant.

But eventually I also wrote "if they don't have one of those warrant thingies.
Even if they do have a warrant, do I have to decrypt the data for them?"

So, there I was considering the distinction.

------
Rapzid
The FBI went through a lot of trouble to invent cell phones, then smart
phones, and then to distribute them to every adult in the country just to
protect us all from each other. Before cell phones we were overrun by crimes
of all nature; there was no hope and no stopping it. Now Apple has the nerve
to implement features that might lock out law enforcement from information
they have a god given right to? Information critical to preventing your
neighbours from killing your children in the dead of night with impunity. Of
all the ways we have to communicate and store information securely, it's cell
phones that MUST have a law enforcement back door because reasons!

And people have the nerve to COMPLAIN? I bet these same people will be up in
arms when law enforcement wants back doors on our 24/7 encrypted voice box
recorders @.@

~~~
ziffyiffy
> The FBI went through a lot of trouble to invent cell phones

The government has every reason to have us all use as much technology as
possible because whenever our life touches technology, it leaves a trace which
will eventually be a part of your personal profile.

I doubt that the Apple/Google encryption is a serious hurdle to the
government. It's very likely that this is just a campaign to make the consumer
trust these brands again because huge tech companies live (some maybe forced
to live) in a symbiosis with government agencies. If the government doesn't
want tech companies to unite and turn against it, which still hasn't happened
yet and probably never will, then they must also give them something
after/before they take something.

------
tn13
What is in public interest is that these people must be fired from their jobs.
Worrying about "rule of law" while wasting taxpayers money.

------
dustinfarris
worth reposting ...

"""

First they came for the Socialists, and I did not speak out— Because I was not
a Socialist.

Then they came for the Trade Unionists, and I did not speak out— Because I was
not a Trade Unionist.

Then they came for the Jews, and I did not speak out— Because I was not a Jew.

Then they came for me—and there was no one left to speak for me.

"""

------
rrggrr
One compromise position in this would be to extend the 5th amendment to
include decrypted evidence, and to mandate backwards transparency in the FISA
warrant and wiretap processes. The advantage would be a solution to law
enforcement's 'ticking clock' scenario, and a solution to privacy advocate's
concerns about investigative accountability. Some criminals would walk, but
they would do so publicly exposed and ostracized for their misdeeds. This
would be a bitter pill for privacy advocates and law enforcement to swallow,
but the reality is that neither side wins in an environment of absolute
privacy or absolute surveillance.

~~~
Zigurd
Absolute privacy is the natural order. Absolute surveillance requires
suppression of knowledge. One is a lot more brittle and costly than the other.

------
xnull2guest
"The defining characteristic and critical role of the state is maintaining a
monopoly on the legitimate use of force. As time progresses, technological
advances change the way individuals and states engage in conflict, and it is
incumbent on states to adjust their activities and policies to maintain their
control over the use of coercive force. In the Information Age, the Department
of Defense (DoD) must develop an understanding of cyberspace and determine its
appropriate role in this new domain." \- Nye, Toft

------
mexicofail8888
Social Scientist view. allegedly opinions will differ. 1.)American colonies go
to America to avoid religious perspecution 2.)Churches involved in politics
3.)Prohibition against alcohol 4.)rise of Organized Crime and big syndicates
5.)FBI under Hoover avoids Reno, Nevada and Meyer Lansky, Mob accountant.

6.)FUN FACT. Look up the FOIA records of FBI files on Meyer Lansky. that's the
reason why Lansky did so much in the open, with few or NO ARRESTS or
'investigation'?

8.)FBI hoover is master of publicity and crackdown on 'bank robbers' who are
small and flashy, but not the BIG PROHIBITION GAMBLING and DRINKING by
organized crime.

10.)NO ENCRYPTION ALLOWED. Plenty of ID theft, likely money laundering,
medical fraud which will bankrupt the country.

SO THE ENTIRE WORLD DOES NOT NEED ENCRYPTION, nor basic Internet Security.

11.)Does NO encryption work in Mexico with the Mexico Organized Crime? No,
why? a.)plenty of informants inisde the law enforcement b.)buy cheap one or
two time use phones, which is too expensive for the average citizen. keep
changing phones. c.)set up their own cell phone and radio communication
towers.

d.)use low tech children to run back and forth e.)other ways that the CITIZEN
CANNOT use.

.

~~~
EliRivers
_1.)American colonies go to America to avoid religious perspecution_

Wasn't it that those "pilgrim fathers" who went to the new world at the time
(i.e. the times of the colonies) went there because they _wanted_ religious
persecution? At the time, there was too much religious tolerance for their
liking (particularly for those who had already tried living in Holland,
notorious libertines even then) and by establishing a colony they could
enforce their correct religion and not have to co-exist with others (which
they promptly did, insisting on their own brand of protestantism).

------
michaellosee
>(iOS 8) virtually eliminates the possibility that the encrypted data can be
unlocked without the passcode.

I am not the first to point out that it is stupidly easy to bruteforce
passcodes that are based on digits (like many phone passcodes are). The FBI
lamenting unbreakable phone encryption and the accompanying media buzz borders
on farcical and is disingenuous given that there is still a backdoor on the
iPhone[1] on port 62078. Am I missing anything?

[1][https://news.ycombinator.com/item?id=8057470](https://news.ycombinator.com/item?id=8057470)

~~~
LeoNatan25
With TouchID in all new Apple devices, it is much easier now to have complex
passcodes without sacrificing usability.

Also, some of these vulnerabilities are slightly outdated with iOS8.

~~~
michaellosee
Thank you, I knew I was missing something. Also, I found that iOS 8 (mostly)
fixed the backdoor:

[http://www.zdziarski.com/blog/?p=3820](http://www.zdziarski.com/blog/?p=3820)

------
wnevets
has the NSA commented yet?

------
wfunction
Intelligence agencies != law enforcement agencies

The NSA != your police officers

Just because encryption is a good technique to use against the NSA's
surveillance that doesn't mean it's in the public interest in terms of law
enforcement.

~~~
slg
Completely agree. The tech community (including most HN readers) seems to be
too closed minded about this subject. Encryption like this is a drastic change
in the legal landscape. It means that our property goes from 4th amendment
protections to 5th amendment protections. Whether you think that is a good
idea is a matter of your own personal politics, but that change can't be
easily dismissed.

Could you imagine if there was some new lock technology that came along that
forced everyone to abide by vampire rules. This lock would required police to
obtain your express invitation to enter your home regardless of whether they
had a warrant or not. Now imagine the uproar that would cause. That is exactly
what this type of technology does for our phone.

~~~
AnthonyMouse
> Encryption like this is a drastic change in the legal landscape.

It isn't a change at all. You have been able to anonymously rent a locker at a
YMCA or a self-storage unit or a cabin in the woods since forever. Evidence of
a crime stored there is inaccessible to law enforcement because they don't
know where it is. There is no practical difference between "don't know where
it is" and "don't have the password." This is not a new thing.

~~~
wfunction
> There is no practical difference between "don't know where it is" and "don't
> have the password."

I think you forget you're living in the real world.

There is also no practical difference between accidental and intentional
murder, so by your logic we should treat those the same way too.

------
karmacondon
The point that James Comey was trying to make is that we don't want to live in
a world without warrants. The prosecution in a criminal case has the burden of
proof. It's difficult to prove something beyond a reasonable doubt if key
evidence is encrypted and cannot be retrieved, even with a lawful warrant.
This means that more criminals who are legitimately guilty will walk, which
means that all of us will be less safe. The entire system is built around the
idea that law enforcement can search and seize evidence if they have a lawful
warrant from a duly appointed judge. Unbreakable encryption fundamentally
threatens that framework.

An example the FBI used is a stupid criminal kidnapping a child and leaving
their encrypted phone behind somewhere. Even if the FBI got warrants from
multiple respected judges, they couldn't go through that phone to look for
clues about where kidnapper may have taken the child. There are ticking bomb
scenarios and other time sensitive situations. It's reasonable that the law
enforcement should have some ability to access information with approval from
the judiciary. We don't want to endanger ourselves in order to protect the
banal communications on our cell phones or dissemble our legal system for the
sake of keeping our sexting private.

~~~
AnthonyMouse
> This means that more criminals who are legitimately guilty will walk, which
> means that all of us will be less safe.

Serving prison time actually increases recidivism (by increasing debt,
straining or severing ties with family and community, creating ties to other
criminals, making it harder to find a job, etc.), so it turns out that in
practice sending criminals to prison makes us less safe.

> The entire system is built around the idea that law enforcement can search
> and seize evidence if they have a lawful warrant from a duly appointed
> judge. Unbreakable encryption fundamentally threatens that framework.

Putting aside that the system doesn't actually work, it also doesn't require
anything you're suggesting it does. Searching a suspect's mobile device is far
from the only tool law enforcement has -- and it's one that they _didn 't_
have a decade ago, so suggesting that not having it would cause the world to
descend into chaos is disingenuous.

And the way the system actually _does_ work is by creating a nontrivial
possibility that committing a crime will result in punishment, thereby
deterring the large majority of prospective criminals. This doesn't require
anything even resembling 100% enforcement effectiveness. In fact, its actual
effectiveness is almost irrelevant because people have no sense of its true
effectiveness and the deterrent is based entirely on what prospective
criminals think would happen rather than what would actually happen.

That is one of the reasons why the system is so broken -- the deterrent is
effective even though the system isn't, so people think it's working and
nobody demands that it be fixed.

> There are ticking bomb scenarios and other time sensitive situations.

Hollywood has confused everyone into thinking that ticking bomb scenarios are
common. They are not. In the overwhelming majority of cases, law enforcement
investigates crimes _after_ they've been committed, not before. Basing major
policy on something that occurs in a negligible percentage of cases is just
silly.

~~~
tzs
> Serving prison time actually increases recidivism (by increasing debt,
> straining or severing ties with family and community, creating ties to other
> criminals, making it harder to find a job, etc.), so it turns out that in
> practice sending criminals to prison makes us less safe

Are you taking into account that while in prison, the person is not committing
crimes (except possibly against other prisoners)?

Prison will cause recidivism in some who would have given up crime if given
some non-prison punishment, but it will also reduce crime from people who
would have been recidivists anyway by delaying their return to crime.

Offhand, I don't recall seeing data on what the optimal term is for minimizing
crime, but I don't recall looking for such, either. Anyone have numbers?

~~~
AnthonyMouse
> Are you taking into account that while in prison, the person is not
> committing crimes (except possibly against other prisoners)?

Their kids will pick up the slack as they grow up without a father.

Also, are you really suggesting that crimes against prisoners are not crimes?

> Offhand, I don't recall seeing data on what the optimal term is for
> minimizing crime, but I don't recall looking for such, either.

The optimal term for minimizing crime is obviously life imprisonment but I'm
not sure that information can be put to any productive use.

~~~
tzs
> Also, are you really suggesting that crimes against prisoners are not
> crimes?

No. I interpreted the original assertion and subsequent discussion to be about
the effect of prison on crime against the general public.

> The optimal term for minimizing crime is obviously life imprisonment but I'm
> not sure that information can be put to any productive use

My guess is that the crime rate against the general public as a function of
prison time curve [1] is not monotonic. I expect that there is at least one
local minimum before the absolute minimum reached at life imprisonment.

[1] it would probably be better to say "curves", not "curve", because
different kinds of criminals probably have different shape curves.

~~~
AnthonyMouse
> No. I interpreted the original assertion and subsequent discussion to be
> about the effect of prison on crime against the general public.

Even putting aside the implied exclusion of prisoners as members of the
general public, it doesn't actually work that way. Prison inmates can cause
physical or psychological damage to other inmates who are about to be
released, increasing the subsequent drain they put on public resources and
their likelihood of re-offending. Inmates can be threatened with violence if
they don't convince their families or associates to commit crimes on the
outside. Crime bosses can smuggle in cellphones and bribe prison guards to
carry on running their organizations. "What happens in prison stays in prison"
is the opposite of what happens in prison.

> My guess is that the crime rate against the general public as a function of
> prison time curve [1] is not monotonic. I expect that there is at least one
> local minimum before the absolute minimum reached at life imprisonment.

I agree that it probably isn't monotonic, but it seems like asking the wrong
question. If a specific type of punishment causes harm to the convict and
causing harm to the convict increases the probability of recidivism then every
ounce of that punishment you mete out is counterbalancing itself. Increasing
the deterrent also increases the damage. Sure, the two curves may not be
perfectly symmetrical and therefore allow you to find a local minimum. But
that's like trying to optimize the amount of poison to put in your food as a
preservative. Is it not better to just use a non-poisonous preservative?

