
As encryption spreads, U.S. grapples with clash between privacy, security - jakobdabo
http://www.washingtonpost.com/world/national%2dsecurity/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.html
======
4bpp
I always found examples such as the one with the trucker, which keep getting
brought up in this context, extremely disingenuous. The same sort of argument
could easily be used for any tactic that ever resulted in anyone being
convicted for something they most likely did - in a hypothetical alternative
scenario, they might just as well have been extolling the benefits of torture
by saying how after having a few of his fingernails pulled out, the scumbag
trucker was more than happy to confess to his crimes.

Nobody is doubting that giving the prosecutors more powers to produce
incriminating material will produce more convictions. Emotionally charged
anecdotes like this just serve to distract from the discussion about
proportionality and possible abuses that we should be having, while providing
no relevant information.

~~~
IBM
I don't think it's an unfair argument. The assault by the trucker happened and
evidence of it existed on the phone. In the post-iOS 8 world that evidence
would be unavailable. It's the difference between him getting off or not (or
likely getting off depending on the circumstantial evidence).

~~~
drdeca
I don't understand why it would be reasonable to require that the phone have a
backdoor which allows them to access the data if they have a warrant for that
specifically, but not reasonable to require someone to give up the the
password under contempt of court if they have a warrant for that specifically.

Not that I necessarily think either is reasonable, but I don't understand in
what way the second would be worse? I suppose if a person turned out to have
not committed a crime, and there was a warrant against them, if they were
required to give up their password, they might fail to remember it?

Is that risk worse or lesser than the risk of authorities being able to e.g.
get data without a warrant via the backdoor?

I'm not really sure?

~~~
csandreasen
Because if there's something really bad on my device, I'd be better off
telling the cops "I forgot the password" and risking possible contempt of
court rather than them seeing the actual evidence and getting a far worse
sentence.

------
tmalsburg2
As a European, I'm totally in favor of a mandatory backdoor for the US
government. It would do wonders to the development of the European IT industry
because many governments and cooperations could not continue using US-based IT
products. The amount of hubris required to force a backdoor on a global
industry and market is really breathtaking and I think the US would shoot
themselves in the foot if they tried doing that. It's not like there is a law
of nature that makes software development outside of the US impossible.

~~~
bdcravens
Would companies based in the US not ship a different version of their products
that are exported? What would it mean for companies outside of the US. A large
number of the products and services my company uses are from European
countries.

> It's not like there is a law of nature that makes software development
> outside of the US impossible.

Of course, see what I said above. I think what makes the US attractive for
software development is the VC industry and culture there; a quick browse of
founders in SF will reveal a ton of immigrants attracted to that culture.

~~~
tmalsburg2
> Would companies based in the US not ship a different version of their
> products that are exported?

They can of course try that but their clients have little reasons to trust
them. Apart from that it might be very costly to develop, test, and distribute
two versions of each product and to maintain compatibility, all of which puts
US companies at a disadvantage.

There is already plenty of evidence for the idea that the privacy crisis helps
the European industry. Many new businesses in several European countries are
successfully selling privacy-reserving software and services and their future
crucially depends on the trust of their customers, so they have to take
privacy serious in ways that US companies don't have to, at least for now.

------
staunch
> _“I don’t want a back door,” Rogers, the director of the nation’s top
> electronic spy agency, said during a speech at Princeton University, using a
> tech industry term for covert measures to bypass device security. “I want a
> front door. And I want the front door to have multiple locks. Big locks.”_

This kind of Orwellian doublespeak coming from officials in power should give
all sane people pause.

But, even if our right to privacy was not enshrined in the Fourth Amendment,
it would not be possible for any government to have their intrusion into our
private lives enforced in the long term. Computers have the means to afford
people true privacy and they will have it, without respect to those who would
deny it.

~~~
MichaelGG
Long term? Smaller and cheaper devices means people are even more easily spied
upon. Privacy must be handled as a sacred law, because technology will blow
past it. We simply leak too much information as a matter of physics.

~~~
eternalban
> Privacy must be handled as a sacred law

Fully agree with this. Technology is merely an amplifying factor here. If a
society is healthy, then applications of technologies of the day are non-
issues.

Just keep in mind that 1776 would not have been a meaningful year if the
founders could not even "assemble" and discuss legitimate grievances without
fear of being subject to misuse of state power. This is why we have a 4th
amendment.

------
ipsin
The use of Stingrays (IMSI catchers) and the DEA's collection of international
phone records for almost 20 years are more examples of how any power given to
law enforcement or the Federal government will be abused, and that abuse will
be actively hidden from view.

You can't "find a balance" when the scales are hidden.

~~~
cm2187
And the problem with data is that they store it. You don't just have to trust
the current government, you have to trust all the governments for the next 50
years. At least in Europe, History tells us that a democracy can rapidly turn
into a violent dictatorship.

~~~
PythonicAlpha
Do you really think, that this can only happen in Europe? (I know, that you
meant history, but I am wondering, if humans are so much more democratic in
the US? I for my part am sure, that in my country there can be a violent (or
covered) dictorship again very soon).

~~~
cm2187
What is interesting in the US is that the composition of the population
evolves a lot over time. In Europe too to a lesser degree. One could argue
that the US is the oldest (and therefore most stable and rooted) democracy.
But as the proportion of the hispanic population grows, from a cultural point
of view, Mexico becomes sort of part of the history of the US. And not a long
history of democracy there.

------
arto
As Jacob Appelbaum observes in the documentary Citizenfour, "What we used to
call liberty and freedom we now call privacy. And now people are saying
privacy is dead."

~~~
higherpurpose
That's powerful, and probably accurate.

------
junto
I think they have already quite well demonstrated their total disregard for
the public's privacy. Now that the horse has bolted they now suddenly realise
that they have backed themselves into a dark nasty corner, where everything is
going to be encrypted within a few days years.

Sorry, but you have to earn trust and they are unlikely to get it back. Just
look at the way geeks look at Microsoft.

You can't put the genie back in the bottle.

~~~
DickingAround
Yes. There isn't some big debate going on. The feds did a bad thing by looking
in people's bedroom windows. Now people are shutting their blinds. It's not a
debate. It's a response. The feds can mandate that people open the windows
again but then there will be no more undressing in front of them. The peep
show is over.

------
moe
This whole debate is a red herring.

The NSA already has backdoors[1][2] in your Desktop OS (Windows, OSX), in your
mobile OS (Android, iOS), in your smartphone hardware (Qualcomm Baseband), in
your ISPs network hardware (Cisco, Juniper), in your server hardware (Dell),
in your network hardware (most router firmwares), and there's rumors they have
backdoors in Intel and AMD CPUs, too.

Why would they be concerned about encryption that runs on top of hard- and
software that they can control at will?

[1] [https://gigaom.com/2013/12/29/nsas-backdoor-catalog-
exposed-...](https://gigaom.com/2013/12/29/nsas-backdoor-catalog-exposed-
targets-include-juniper-cisco-samsung-and-huawei/)

[2]
[http://en.wikipedia.org/wiki/NSA_ANT_catalog](http://en.wikipedia.org/wiki/NSA_ANT_catalog)

[3]
[http://en.wikipedia.org/wiki/Room_641A](http://en.wikipedia.org/wiki/Room_641A)

~~~
tptacek
It would certainly be the most expensive and hamfisted possible way for NSA to
get access to a target computer system.

The more you know about how encryption software is actually built and deployed
in large-scale applications, the sillier this "split key escrow" trial balloon
sounds. It is facially ridiculous and will never happen. Good for pageviews,
though!

~~~
bendoernberg
What makes it expensive and hamfisted?

------
A_COMPUTER
What many here are asserting is basically a form of individual sovereignty,
that a person should have the ability to create and share information that the
government cannot read. This will never happen. The government is always going
to assert that your rights are contingent on the government's ability to
violate those rights if it thinks it has sufficient cause according to some
standard. Many of you are arguing that the government should completely give
up that ability for regular crime that probably happens thousands of times
across the country every day.

You are now thinking, what about encryption, PGP, passphrases, I have a legal
right to not have to give those up, don't I? Yes, we are very lucky that in
the United States the Supreme Court has decided that you don't have to give up
a password. But this was because it used to be that a password didn't actually
protect very much and the legal system hasn't caught up yet. Lock combinations
are meaningless when the government can just crack the safe, and passwords to
email are meaningless when they can just compel the email service to cough up
the mail. The court's aware of PGP, but the times it actually hasn't been able
to get the data through other means is currently small so it's still not worth
the political battle. When the device that most people can carry around in
their pockets is sufficiently secure that nobody can get the contents without
compelling the owner to give up the passphrase, legislation will be introduced
for backdoor access or the Supreme Court will rule that you have to give up
the passphrase. That is why device LE access is, believe it or not, a
compromise. They are willing to overlook nerds using PGP because that's still
niche, but encrypted unbreakable devices are an existential threat to the
government's ability to control everyone's life for good or for ill.

I still think it needs to be fought as long as possible, but I am under no
illusions that we will ultimately lose.

------
diyorgasms
Let's suppose for a minute that there is some legislation put forth forcing
encryption to have back doors inserted, or some other sort of key escrow. Why
would anyone with the know-how and a privacy concern not just write an
implementation of a known crypto algorithm?

Essentially, how would this legislation do anything but compromise the
security of law-abiding people while not at all reducing the capabilities of
those the US government wishes to stop?

~~~
cortesoft
Seriously, it is way too late for this. You can't change the math, which is
what crypto is. Now that people know it, you can somehow remove that
information from the world.

------
voidlogic
I don't get it (aka hate it), any sophisticated government adversary (terror
groups, organized crime, etc) will simply use the existing strong security
measures that the government cannot crack (since they have no escrowed key).

To me that means this measure isn't about the boggy-man of terrorism, etc
rather its about everyday criminal investigations. I think people are (overly)
willing to give up their liberties when faced with the major boggy-man
threats, but I think convincing the public to give up liberty to catch the pot
dealer down the street or the dude embezzling from mega-corp is going to be a
much harder sell politically.

------
olefoo
We need to start having key signing parties. And we need better software to
manage and run them.

No key escrow proposal (which the multi-party proposal in this article is)
will ever be safe. If the key can be assembled, it can be cached; and as we've
seen in the past decade it's very hard for any agency to deny itself
surveillance powers.

------
p01926
If the FBI wanted car manufacturers to design seat belts and airbags with
murderers and rapists in mind, it wouldn't have taken months of debate to
reject the idea. Just because we've entered the domains math and CS, we get
months of dithering, contemplating whether or not to force domestic companies
to install complex new self-destruct functions into their products.

Al-Qaeda have been using Mujahedeen Secrets — a Windows-based encryption app —
since 2007. Legislators should test whether potential new laws can have any
impact on such uncontroversially abhorrent software. If, like split keys, they
fail the Mujahedeen Secrets test, they can only damage our collective
security.

~~~
woah
What is abhorrent about this software?

~~~
stuartd
Nothing, according to Bruce Schneier -
[https://www.schneier.com/blog/archives/2008/02/mujahideen_se...](https://www.schneier.com/blog/archives/2008/02/mujahideen_secr_1.html)
\- perhaps OP just doesn't like encryption when used by bad guys.

------
strooper
For the sake of argument, if we assume that US government has right to protect
its citizens from the monstrous conspiring world, why are they exporting these
backdoor technologies to secret services all over the world? Even the
countries championing in least human rights, poverty, oppression have these
backdoor technologies to use against their citizens. US citizens at least
enjoy the freedom of barking, citizen of those other countries don't...

------
mrbabbage
Two main thoughts:

> Hailed as a victory for consumer privacy and security, the development
> dismayed law enforcement officials, who said it threatens what they describe
> as a ­centuries-old social compact in which the government, with a warrant
> based on probable cause, may seize evidence relevant to criminal
> investigations.

This is an interesting perspective. I tend to view this the opposite way.
Until spring 2013, we tended to believe that the state doesn't rummage around
in the private lives of individual citizens, except for warranted
investigations of a few tax cheats, drug dealers, racketeers, and the like.
Snowden's disclosures were a massive trust-loss event, and both companies and
individuals will be loath to offer any concession to law enforcement without a
clear demonstration of good faith and limited access to private data.

I'm also glad to see this perspective from the top cybersecurity advisor at
NIST:

> “The basic question is, is it possible to design a completely secure system”
> to hold a master key available to the U.S. government but not adversaries,
> said Donna Dodson, chief cyber­security adviser at the Commerce Department’s
> National Institute of Standards and Technologies. “There’s no way to do this
> where you don’t have unintentional vulnerabilities.”

Personally, I'm hoping the United States eventually realizes Dodson is right
and that preserving both individual security and law-enforcement access is
futile. Hopefully the United States will give up on these key escrow / split
key schemes and let meatspace force break encryption on a warranted, rare
basis as investigations require.

~~~
bcg1
> Until spring 2013, we tended to believe that the state doesn't rummage
> around in the private lives of individual citizens

Not sure if I'm taking your comment the wrong way, if so I apologize... but a
lot of us have known for quite a bit longer than spring 2013

------
vamur
Wonder if the arguments will be the same once there is tech to read human
brains.

------
nateabele
> _“What we’re concerned about is the technology risks” bringing the country
> to a point where the smartphone owner alone, who may be a criminal or
> terrorist, has control of the data [...]_

Wow, it's almost like criminals and terrorists would be secure in their
persons and effects, as would the rest of us!

Then law enforcement and the TLAs might actually have to do real, actual
investigative work. Oh, darn.

------
pdkl95
It is easy to fall into a nihilistic, hopeless attitude when faced with
problems of this size. While this problem can affect anybody, I suspect the
these feeling about feasibility of change affect the people that create modern
technologies in a specific way: it distracts and hides just how much power
_we_ retain, that cannot be collected by the people trying to place themselves
at the top of rapidly centralizing power structures.

The power I'm referring to is the power retained by whomever is _actually
implementing_ the world we live in. A tyrant can issue all the orders and
threats they want - unless someone caries out those orders, the tyrant is just
making a lot of hot air. Implementation is what matters in the end, and I
think the readers of HN have a pretty good idea who it is that will end up
implementing our future.

So the next time someone asks you to implement some bit of the surveillance
state, use your power and let some bit of that future go unimplemented. It may
be a trivially small thing that may not affect much in the long run. Those
little things add up, and the message it sends is important.

I realize that it is hard to take a stand. There is always the possibility of
being fired - or worse. Just remember that the engineers working around
technology have an advantage over the typical "protest" crowds of the past:
the people that want to use the surveillance state need engineers to make
their tools. So take advantage of any little bit of power that you have and
hold the line in some small way against this creeping tyranny. Above all,
remember that tools like this very forum are available.

I'm not saying there is no risk, and I'm not saying there won't have
consequences. What I am suggesting is that unless we start making these
principled stands _right now_ , the situation is only going to get worse, and
the sacrifices required to fix this situation only rise with time.

Please. This is our future, and as clichée as it sounds, there is a lot of
truth to the idea that the real power comes form strength in numbers.

==

/* speaking of the power held by engineers... I suspect "work to rule" (
[http://en.wikipedia.org/wiki/Work-to-rule](http://en.wikipedia.org/wiki/Work-
to-rule) ) could be a particularly effective tool in the hands of the people
the keep important parts of the world running */

~~~
m4x
You only need a few sympathetic hardware engineers to put in hardware back
doors, however, and it's practically impossible to verify that the hardware
you have is trustworthy by the time it's in your hands. A million engineers
all making sure they don't implement surveillance functionality can't undo the
work done by the handful of bad guys unless they're somehow able to inspect
every piece of hardware down to the lowest level and verify manually that it's
safe.

The user has to do the same thing when they receive their hardware for obvious
reasons.

And software is no different. There are lots of FOSS devs who would refuse to
help implement surveillance systems, yet there's no practical way to prevent
one small team of bad actors from injecting code somewhere between software-
conception and delivery-to-end-user.

The only possible way to be confident about your technology would be to build
it yourself from the ground up. You would need to design and fabricate the
hardware yourself, from passive components up, and re-implement the _entire_
software stack by hand.

Even if you did all that, if you're a desirable target then you still face a
very high risk that one of the people working somewhere in your project will
be employed by your opponent and will compromise your system.

The conclusion I have come to is that if you have anything you don't want
intercepted, you simply can't use any modern device.

------
SEJeff
This reminds me of a bully complaining when suddenly everyone is learning
martial arts... A bit ridiculous

------
anonymousab
It seems like encryption methods that rely on the government, like some sort
of government-run key escrow, are the inevitable solution. Corporations are
relatively secure from malicious threats and the government gets the access it
wants.

~~~
maxerickson
Bad actors won't respect the ban on effective encryption tools. So giving the
government keys expends massive resources and doesn't actually solve the
problem that it proposes to solve.

------
philfrasty
Can anyone recommend a good read discussing the relationship between security
and privacy?

------
tete
Wait, what? You need security, such as encryption to get privacy? How is that
a clash?

------
cyphunk
giving tools that help law enforcement do their job is a good thing. but if
those tools are so easily replaced by current market or future market
alternatives then pushing for those tools just kills your industry.

------
spiritplumber
Safety, security, laziness, pick two.

------
MichaelCrawford
Among my concerns are those working for legitimate political change. I expect
that's because I have very vivid memories of Watergate, as well as some
memories of the Vietnam War protests.

~~~
larzang
There's no need to even go back that far. The treatment of David Miranda,
Manning's imprisonment, Kiriakou's imprisonment, Snowden's ensured
imprisonment should he ever leave the safety of his current umbrella,
continued harassment and infiltration of anarchist and leftist orgs in
California and Oregon and elsewhere by all levels of law enforcement.

The FBI continues to disproportionately expend resources on environmental
groups despite no cases of loss of life from green direct action, while
admitting themselves that right-wing militias present a greater domestic
threat than even the dreaded foreign terrorism they're so happy to prove
they're protecting us from by spending years deliberately radicalizing and
then entrapping harmless fools.

Law enforcement motivations cannot be ever trusted when it comes to your
privacy.

~~~
danielschonfeld
Law enforcement in its current form can't be trusted period. It's too biased
with its own political and financial agendas and does very little in terms of
law enforcing and too much of concocting.

If mental healthcare got a sliver of the attention and budgets defense+LE get
i personally think we'd all be better off.

------
enupten
Is there really any "security" lost ? I mean, last I checked, the NSA had
little to show for all the snooping around (other than possible economic
benefits).

