
The Encryption Debate Isn't About Stopping Terrorists, It's About Solving Crime - scottie_m
https://lawfareblog.com/encryption-debate-isnt-about-stopping-terrorists-its-about-solving-crime
======
rsingel
This is ridiculous. Prosecutors now have so much more information left as
breadcrumbs; GPS locations, tower pings, metadata, emails, social media posts,
etc, than they ever had before the rise of smartphones.

It used to be easy for people to make anonymous phone calls from phone booths
- try making an anonymous call today.

Strong on-device encryption of data at-rest has the nice effect of making
mobile device theft much less attractive.

Strong encryption of data in transit, including auto-deleting messages, can
prevent lots of other crime as well, and protects vulnerable people such as
victims of domestic violence who may have to show their phone to their abuser
at any time.

~~~
rgbrenner
The Austin bomber is a perfect example. They caught him because he brought his
cell phone with him when dropping off the bombs. He didn't use it--it was just
powered on and with him.

Imagine that happening before cell phones. The criminals carrying a tracker
24x7.

The Unabomber sent mail bombs for 18 years. The austin bomber gets caught in 3
weeks.

[https://www.dallasnews.com/news/crime/2018/03/21/authorities...](https://www.dallasnews.com/news/crime/2018/03/21/authorities-
tracked-austin-bomber)

~~~
OnMyPhone
I used to work with the local Sheriff's Dept doing IT stuff. The detectives
said they were amazed at how much data they could get from phones / cell
providers. It's helped solve so many crimes like bomb threats, abuse cases,
and even some murders.

They also said that if someone was smart, they would just leave their phone at
home, or somewhere else as an alibi and do whatever. Then they would have to
go back to the drawing board which they admittedly said they haven't had to do
in a long while.

~~~
scottie_m
If you’re smart, not impulsive, able to plan and consider other points of
view, you _tend_ not to be the murdering, bomb threatening, abusing type.
People who can lay plans and carefully follow through with them tend not to
rob liquor stores, and deal drugs. If you don’t care about poeple, or hurting
them, but can plan and have good impulse control there’s a world white collar
crime, politics, business and law for you. In short, the police tend to deal
with idiots, or people who have poor planning/impulse control.

In other words, the guy who plans out a careful alibi tends not to be the guy
who needs one. The previous post mentioned the Unabomber, who was a rare
example of someone who had excellent planning skills, high intelligence, and
excellent impulse control. It took almost two decades to catch him, and only
because his brother recognized his writing.

------
kstrauser
I keep hearing phrases like "debate" or "the issue", but there is none.
Mathematicians and computer scientists universally state the fact that
crackable encryption is not encryption. This is totally understood. Across the
aisle sits a group of prosecutors and legislators whose argument devolves to
"but if we wish hard enough, maybe...?" and who insist on trying to plow ahead
with a discussion as though it were something to be discussed.

There is no "debate", or "the issue". There are only those who understand
reality and those who refuse to do so.

~~~
syshum
Matt Blaze said it best: ‘When I hear the if we can put a man on the moon we
can do this, I’m hearing an analogy almost as if we are saying if we can put a
man on the moon, well surely we can put a man on the Sun’.

~~~
BLKNSLVR
That's a really good analogy for the encryption situation as it contains the
sort of "fuzziness of definition" that loses the attention of 'the common
folk'.

We could say that we put a man on the sun, but by what measure a 'man' by the
time they arrive, and upon what part of the fusion reaction do we land in
order to define 'on'?

Excellent, I say, into an echo chamber.

------
logfromblammo
Framing it as "the encryption debate" instead of "the eavesdropping debate" is
telling, in terms of the inherent bias in the article.

The free ride enjoyed by law enforcers in terms of solving crimes by following
the money and listening to unguarded communications may be coming to an end,
thanks to cryptography. But end-to-end encryption by default isn't going to do
anything but raise the lowest-hanging fruit a bit higher. Stupid criminals
will still be easily caught, because they cannot avoid doing stupid things.
And no one has perfect op-sec. Everyone makes mistakes, and mistakes lead to
convictions. The difference is that police resources will have to be
prioritized and targeted to uncover those mistakes, rather than continually
picking up cheap finds from a surveillance dragnet.

This is no longer a matter for debate, at least in the US. We already went
over this with Clipper Chip, and rehashed it several times. Encryption is
protected by the 1st Amendment. Back doors can be used by adversaries in
addition to law enforcers. Law enforcers cannot be trusted to use their
granted powers responsibly. Indeed, encryption has advanced this far in part
_because_ governments cannot be trusted.

~~~
jaclaz
>Encryption is protected by the 1st Amendment.

Maybe it is, but the actual point of the 1st Amendment seems to me that to be
able to express idea, opinions, etc. publicly and without fear of retaliation
by the government, which is a much higher grade of freedom IMHO than merely
allowing pople to exchange those ideas and opinions in a form that noone else
but the recipient can access.

It would somehow feel more appropriate if encryption was protected by (an
extension of) the Fourth and/or of the Fifth.

~~~
fjsolwmv
Encryption is pretected by all three of those amendments.

------
DannyB2
You can't have it both ways. Pick one:

1\. Insecure systems: government can get in, but so can hackers.

2\. Secure systems: hackers can't get in, but neither can government.

It's a binary choice. Like being pregnant. You are, or you are not. There is
no try.

~~~
vbezhenar
That's wrong. Encrypt all necessary data with government-controlled public
key. Government can get in, but hackers can't.

~~~
manjushri
That's wrong. Insiders can leak the private key, or hackers can take it.

~~~
gldalmaso
Or the government can leave it behind their remote servers along with their
cyber weapons for anyone to wander by.

~~~
LolWolf
Or anyone who is willing to spend enough computational power now only needs to
crack one key instead of millions of different ones.

~~~
vbezhenar
If there's anyone who can have enough computation power to break key, then
that key is weak and its size should be increased.

~~~
LolWolf
One can only make keys so large to be useful—my point is the same, still, that
one would only have to break/find/buy/steal a single key instead of millions.

------
al2o3cr
Shorter former prosecutor: "Making programs that preserve user privacy by
default would have made my job harder."

------
squozzer
If all we cared about was solving crimes, we could make US law enforcement
much easier by doing away with a lot of things, such as certain amendments to
the US Constitution.

But law enforcement is only one component of a functional society.

And the rest of us, from time to time, have to deal with the criminals who
have yet to be caught by our acceptably-efficient law enforcement apparatus.

This includes people who like to steal information, many of whom are probably
out of US law enforcement's reach.

The author doesn't address that problem, which I can understand, as he's a
lawyer and former fed prosecutor. And while it's tempting to tell him to stay
in his lane, we're stuck with him and others like him.

And it doesn't seem possible for the people (whom government doesn't really
trust, despite platitudes uttered for generations) and the government (whom
the people do not trust, for reasons I have a hard time impeaching) to agree
on a system for safeguarding information.

Which is too bad, because most people would probably like to help enforce
laws, espeically those involving children and other vulnerable types.

BUT, we live in a world where even the most open and free societies do the
following:

1) Use the police (more accurately, the threat of legal trouble) to silence,
bankrupt, and intimidate problematic people.

2) Defeat or ignore the controls designed to prevent abuses of power.

3) Refuse to hold government institutions accountable for malfeasance.

It might help Dr. Rozenshtein's case if he would apply his gifts to solving
the political problems listed above, which might restore the trust between
government and governed, which in turn might get him the tools he thinks
government should have for enforcing the law.

------
pfortuny
Solving crime is not a right. The government _trying to_ is (a right of the
people).

Privacy (and hence encryption) is a right.

End.

~~~
fjsolwmv
Says who?

~~~
pfortuny
About the right to privacy:
[https://en.wikipedia.org/wiki/Right_to_privacy](https://en.wikipedia.org/wiki/Right_to_privacy).

Governments have no rights (and prosecution is part of the Government), they
only have mandates. To comply with these, they have powers, not rights.

Edit: no->not

------
otakucode
It does not matter if busted encryption would solve crimes. It would also
solve some crimes if police went door to door and searched every house for any
signs of law-breaking. The plaintive cries of 'but it would stop criminals,
terrorists, whatever' are not anywhere close to being sufficient reasoning.

------
s2g
NatSec, terrorism, and the victimization of children are the standard gotos
for the government wanting a blank check to do things.

Been that way for a _long_ time.

~~~
d0mine
The tactic is sometimes called "Think of the children"

The Four Horsemen of the Infocalypse
[https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...](https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse)

------
mtgx
No, it's about enabling complete surveillance of everything.

For those who don't know, Lawrefareblog has always been pro-mass surveillance.
They only started doubting themselves a little when Trump won the election.
But it seems they're back on the pro-mass surveillance horse now.

> _When we founded this site more than six years ago, I never in my wildest
> dreams imagined myself writing these words about a man who will take the
> oath of office as President of the United States. We began Lawfare on the
> assumption that the U.S. federal executive branch was a tool with which to
> confront national security threats. While I accepted that its manner of
> doing so might threaten other values—like civil liberties—or prove
> counterproductive in protecting national security goods, I never imagined I
> would confront the day when I ranked the President himself among the major
> threats to the security of the country._

[https://www.techdirt.com/articles/20161111/00230136015/long-...](https://www.techdirt.com/articles/20161111/00230136015/long-
time-mass-surveillance-defenders-freak-out-now-that-trump-will-have-
control.shtml)

Huh, no kidding? So a "bad" president could abuse the extensive powers that
are given to him thoughtlessly to "fight crime and national secure threats"?
It's only the argument privacy activists have _always made_.

Lawfareblog seems to always work with the assumption that the government is
always the "good guys" and therefore will never abuse the powers given to
them. That is wrong.

~~~
fjsolwmv
The name of the blog is the big hint. They are advicates of using the law as a
weapon of war. It's extremely authoritianism.

------
hapnin
The genie can't be put back in the bottle, counselor. Move on.

------
conductr
“Solving crime” sounds great as a sound bite or headline. But it is a heavy
handed government action. It almost directly translates to removal of free
will and the choice to dissent.

------
waddlesworth
Most of the comments here seem to be about the cons of removing encryption or
backdooring encryption, but I don't think the author is suggesting that.

I think the article is only advocating for a checkbox in the settings menu to
enable encryption for any would-be communication medium, which is turned off
by default. I'm not especially against this, so long as there are no
detractors to enabling this option.

~~~
cesarb
> which is turned off by default.

Defaults matter.

\- Most non-technical users won't know of this setting, and thus be
unprotected.

\- The consequence of forgetting to enable this setting is severe (forget it
even once, and you risk leaking a secret for eavesdroppers).

\- When security is optional, having security enabled is suspicious. When
everyone has security enabled all the time, an attacker can't know whether
someone is sending secrets or cat pictures.

This is why we're currently seeing a push towards encrypted by default
everywhere. Not because everything needs encryption, but because then there's
no risk of forgetting.

------
mnm1
Bullshit. We already know the FBI is acting in bad faith and doesn't care
about actually solving crimes as much as it does about having access to all
data. If this wasn't the case, they would have never demanded a backdoor from
Apple when they had other alternatives
([https://www.macrumors.com/2018/03/27/fbi-san-bernardino-
ipho...](https://www.macrumors.com/2018/03/27/fbi-san-bernardino-iphone-
disorganization/)). If the trust in the FBI, and consequently in all other law
enforcement organizations, somehow still existed, it should no longer after
these latest lies. The FBI isn't interested in solving crimes, it's interested
in exploiting secrets of its enemies for political reasons as they did to
Martin Luther King Jr. and many others and working towards goals that are not
publicly declared. One would have to be completely ignorant of history to
think that the FBI (and by extension all US law enforcement organizations) are
benevolent institutions that only care about stopping crime. History tells us
otherwise. Articles like this by former prosecutors are just more propaganda
from the FBI's propaganda machine. Bullshit and more bullshit pandering to the
"law and order" types who have never studied any history and likely any other
subjects as well.

------
thrillgore
Removing encryption is the final nail in device ownership, and probably the
idea of a democratic society.

~~~
ragequitta
Just to play devil's advocate: does democracy require privacy? It's not like
the early 20th century where if you're were a part of the communist party you
were suspect. We can pretty much say whatever we want (and we do) without fear
unless we are actually criminals. I know the "if you have nothing to fear"
argument doesn't hold up, but privacy is actually a relatively new thing in
the human experience. And I'm not sure why democracy would fall apart without
it.

But boy do I like privacy / hope it sticks around.

~~~
aethertap
Alternative history, if perfect surveillance existed in 1950:

The first private conversation that Martin Luther King, Jr. had about the
injustice of his time was captured and automatically analyzed, and as a result
he was identified as a disturber of the peace and arrested for unrelated
violations long before his message ever reached an audience.

Rosa Parks was detained for disorderly conduct long before she made her stand,
and as a result her stand never happened.

There was never a zeitgeist of change in the oppressed community, because
there were never any stories of people resisting. They were all prevented from
acting in any significant way, or from getting together to share their stories
and find support.

The issue of racial discrimination never made it to court because all of the
people who could have brought it there were stopped before they could get
started.

Perfect surveillance can stop any threat to the status quo while it's in its
infancy, long before it amounts to anything. It can probably do it without
introducing any new, draconian laws by simply looking through recent history
for "questionable" actions and harassing people over them.

The argument that it's okay now basically amounts to saying that there is no
longer any injustice and that today's system is a perfect example of virtue
and fair play, and that anyone who disagrees is a malcontent who _really does_
deserve to be silenced.

Sometimes the majority is wrong, and it takes brave people willing to break
the rules in order to point it out and change things. I'd say that democracy
_does_ depend on privacy for this reason.

~~~
ragequitta
The argument I have against this is we now _have_ near perfect surveillance
and this isn't happening. I can be a part of a far left socialist movement and
spread my ideas as easily as I can be part of this crazy new nazi movement.
And both of those ideologies are rampant on the internet, but nobody is being
arrested for it (at least not until they do something stupid). I understand in
the past this wasn't the case, but as of now it's pretty difficult to stop
ideas. And when/if you _do_ stop them the internet history is right there for
martyrs to be made.

I'd argue with little to no privacy the government actually has less power in
situations like this. Because the lack of privacy extends to what the
government is doing also. Cameras/microphones/eyes everywhere means it's much
more difficult to get away with a lot of the covert insanity that was
happening before.

I would say things like Snowden/Panama Papers/Wiki leaks/many other examples
are showing that having privacy can actually benefit the people in power more
than the average Joe. Joe Blow doesn't want his dildo collection known about,
the government doesn't want (insert insane things like funding drug
cartels/terrorist organizations) to be known. All in all I'd say sacrifice
knowledge your dildo collection for the greater good.

That said I do believe privacy still needs to be a thing. I hope it is a thing
again in the future. But I actually don't know how horrible it is that it's
gone away. People might just have to tell the truth for a while, which might
benefit society in its current corrupt state?

------
misterbowfinger
I'm not sure I agree with what I'm about to say myself, but wanted to see how
others feel....

The advent of the internet has caused us to question a lot of our rights as a
people. We originally felt strongly around our right to free speech and our
social networks embodied that to its logical conclusion, and now we're here at
a dire state of hate speech and vitriol that threatens the (perceived)
stability of our democracy. While the printing press and television have
contributed to our partisanship, it's almost undeniable that the internet -
and the ability for _anyone anywhere_ to publish _anything_ \- has pushed us
over the edge.

There have been serious considerations about what we can do about this. One of
the issues is that, as a people, we might not be ready to have all this power
ourselves.

I'm wondering if that extends to encryption and privacy. Can we, as a people,
be trusted with this level of autonomy, power, and security?

~~~
icelancer
>> Can we, as a people, be trusted with this level of autonomy, power, and
security?

A philosophical question is one worth considering for fun, but it has little
practical value. There is no way to stop people from using mathematics to
protect their privacy and their data, and any debate around that come from
people who are innumerate.

We can discuss the should/could stuff as a matter of interest to waste
taxpayers' dollars and time, I suppose, but that's not what lawmakers
generally try to discuss. They want to figure out how to do the impossible, or
at least lie about it.

~~~
fjsolwmv
It's not impossible, you are confusing math with opsec I reality. Stop it.
Pretending it's possible to encrypt effectively is going to give the
government an excuse to apply rubber hose decryption under cover of
deniability.

~~~
icelancer
>> Pretending it's possible to encrypt effectively

Is not something I did.

------
abalone
tl;dr Common criminals go with default security settings.

This is about to get even worse for law enforcement. To date, iCloud backup
still offers a way for law enforcement to access data with a warrant. However
that is about to change. Apple is about to roll out iMessages on iCloud, which
sounds innocuous, but actually will premiere a major step forward in security:
end-to-end encrypted data in the cloud _by default_.

This is huuuuuge.

The thing that has been holding back E2EE as the _default_ is that it has
sacrificed recoverability. That is, it has required a strong password, which
is easy to forget, and if you forget it, no one can help you. So it's
something you had to opt into. Not a default.

Now, Apple has created a backup solution that -- get this -- removes the need
for a strong password. Sounds crazy, right? All you need to remember is your
iPhone passcode. Obviously, this is brute forceable and can't secure your
cloud data...

Except yes it can. They've implemented hardware security modules that prevent
brute forcing. Then they destroyed the signing key for the HSM firmware.
Neat.[1]

So, iMessages are going to transition to this, which probably means they won't
be in the iCloud backup, and thus not available to law enforcement. And then
it's probably just a matter of time until the whole backup is secured with
E2EE.

[1]
[https://www.youtube.com/watch?v=BLGFriOKz6U](https://www.youtube.com/watch?v=BLGFriOKz6U)

~~~
mtgx
I'll believe it when I see it. One simple privacy-focused solution Apple could
have implemented since many years ago is _keeping_ iMessages E2EE, instead of
backing them all up to the cloud automatically and _not_ allowing the users to
disable the backups for iMessages unless they disable the whole iCloud backup
(which is enabled by default).

~~~
abalone
_> One simple privacy-focused solution Apple could have implemented since many
years ago is keeping iMessages E2EE, instead of backing them all up to the
cloud automatically_

Which means they would not be recoverable or even restorable to a new iPhone.
Not a good default for a consumer device.

Apple made the right choice, letting you opt into stronger security at the
sacrifice of recoverability. And now they're working on the best of both
worlds.

