
White House Takes Security Pitch to Silicon Valley - aarestad
http://www.nytimes.com/2015/04/27/us/white-house-takes-cybersecurity-pitch-to-silicon-valley.html
======
Canada
> "I think that people and companies need to be convinced that everything we
> do in the cyber domain is lawful and appropriate and necessary," Mr. Carter
> told students and faculty at Stanford.

Right, because what they're doing in the cyber domain isn't lawful. Naturally
they'll fix that retroactively.

> He urged the next generation of software pioneers and entrepreneurs to take
> a break from developing killer apps and consider a tour of service fending
> off Chinese, Russian and North Korean hackers...

Yeah, exploitation of vulnerability isn't partisan or nationalistic. While
narrowly possible, it isn't really practical to fend off Chinese hackers
without also fending off American ones, and vise versa.

> ...even as he acknowledged that the documents leaked by Edward J. Snowden,
> the former intelligence contractor, "showed there was a difference in view
> between what we were doing and what people perceived us as doing."

I can't help but picture these hacks that shill for the administration like
cheaters who've been caught trying to talk their way out of it.

"Baby, I know I said I was visiting my grandma last night, and while I admit
that leaked photograph of me kissing and groping my former lover is authentic,
I swear to you it's not like that! The kiss had to be collected in case it was
needed in the future but it's not cheating because I wasn't feeling into it at
the time. You've got to understand there's a difference in view between what
we were doing and what people perceived us as doing. I lied to keep you safe!
Think of the greater good baby!!"

~~~
spin
> ...even as he acknowledged that the documents leaked by Edward J. Snowden,
> the former intelligence contractor, "showed there was a difference in view
> between what we were doing and what people perceived us as doing."

That one boggles my mind. On 2013, Mar 12, Clapper lied to congress about NSA
spying. The purpose of a lie is so that people perceive something different
from reality. So they achieved their goal, they're just sorry they got caught.

~~~
Canada
Baby it was just the most truthful answer I could tell you. I mean, I'm sorry,
I should have been more careful in my statement. I acknowledge that. But I
must stress, that I did not wittingly make out and fondle. What I did was not,
in any way, targeted at our relationship. My eyes were closed, and I was
merely doing my duty to feel up our enemies. There is just no other technical
way to go about it. And I resent the implication of wrongdoing in the unfair
way you questioned me about the situation.

Now, you know I love you. I would never do anything behind your back. That's
why all of your friends were fully briefed on this encounter. And they all
agreed that it was necessary and appropriate. Well, almost everyone. I vow to
bring the perpetrator who leaked the photo to justice! And so in light of
this, we can have an important debate about who else I deny I have slept with,
who else you have proof I sleep with and what other sexual acts I must do with
them in order to safeguard our relationship.

But let's not forget what's important. We need to work together to build a
framework for a process where I continue to see others I'm attracted to,
particularly the Russian and Chinese ones, in a way that respects privacy, by
preventing you from finding out, but with proper oversight that is
transparent, accountable, and consistent with my unwavering support for
monogamy. After all, the security of our relationship depends on it.

~~~
spydum
I am a bit creeped out at how well you are at spin..

------
tsunamifury
Carter's words sound like the man who see's his judgement, but still uselessly
pleads innocent for the decisions he believes should be kept in the dark.

I remember when my small private university received its first DOJ request in
2005 to install wire-tapping hardware on our servers. We in the IT department
circled up and met, deciding to ignore this letter as a disgrace to the
American public, the constitution, and the human values we believed in. Even
receiving shamed us, and stirred anger and fear for years after.

When we ignored it, no request came again and no consequence -- because the
people who asked us to do wrong would never ask us to do it again by the light
of day.

Remember: stand true to what is right for you and those around you, whether in
private or in public, and you'll never regret that choice from this day to
your last.

~~~
yc1010
Interesting, how do you know it was the actually the DOJ and not lets say
Chinese or Russians using faked official looking letterhead to get a backdoor
in your system.

This is just an example of how government stupidity when it comes to computer
security is leading to MORE vulnerability and insecurity.

You did the right thing if dragged into court you could have rightfully
pointed out that you refused for patriotic reasons since the whole thing
"smelled" wrong and sounded like an attempt by foreign bodies to infiltrate
your network, which would have got you into alot of trouble...

I wonder how the likes of Googles of this world response to similar
requests...

~~~
S4M
Maybe the higher ups thought about that and invited the relevant engineers (or
their boss) from Google and the likes at their offices in the Pentagon or some
other place. At least that is not fakable.

------
staunch
> _“I think that people and companies need to be convinced that everything we
> do in the cyber domain is lawful and appropriate and necessary,” Mr. Carter
> told students and faculty at Stanford._

Good luck with the convincing. Quite a few of us can read, so it will be
rather impossible.

> _The right of the people to be secure in their persons, houses, papers, and
> effects, against unreasonable searches and seizures, shall not be violated,
> and no Warrants shall issue, but upon probable cause, supported by Oath or
> affirmation, and particularly describing the place to be searched, and the
> persons or things to be seized._
> [http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_...](http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution)

> _Shortly after the terrorist attacks on Sept. 11, 2001, President George W.
> Bush secretly told the N.S.A. that it could wiretap Americans’ international
> phone calls and collect bulk data about their phone calls and emails without
> obeying the Foreign Intelligence Surveillance Act._
> [http://www.nytimes.com/2015/04/25/us/politics/value-of-
> nsa-w...](http://www.nytimes.com/2015/04/25/us/politics/value-of-nsa-
> warrantless-spying-is-doubted-in-declassified-reports.html?_r=0)

> _On July 9, 2012, when asked by a member of the press if a large data center
> in Utah was used to store data on American citizens, Alexander stated, "No.
> While I can't go into all the details on the Utah data center, we don't hold
> data on U.S. citizens."_

[http://en.wikipedia.org/wiki/Keith_B._Alexander#Statements_t...](http://en.wikipedia.org/wiki/Keith_B._Alexander#Statements_to_the_public_regarding_NSA_operations)

Why are these people not in prison for violating the constitution on a mass
scale? Their only defense can be that they were simply "following orders."

The USA PATRIOT Act will be viewed by historians as something akin to the
Reichstag Fire Decree
[http://en.wikipedia.org/wiki/Reichstag_Fire_Decree#Backgroun...](http://en.wikipedia.org/wiki/Reichstag_Fire_Decree#Background)

~~~
afarrell
So, it is not actually a criminal offense for law enforcement to violate the
4th amendment in collecting evidence. All that happens is that in pre-trial, a
defense counsel can file a motion to suppress that evidence based on the
exclusionary rule[1]. If the judge decides that the evidence was collected
illegally, it is thrown out and cannot be presented to the jury. Less than 90%
of cases go before a jury, but a knowledgable and zealous attorney can get
evidence thrown out (or "c'mon, you know that will never fly with Judge
Saris"d out) before a plea deal. This is the only way we have that warrants be
sought, that they be validly[2] issued and that they be followed.--the threat
that a criminal will "Get off on a technicality", either because the DA
doesn't think she can prosecute, or because the evidence gets thrown out in
pre-trial, or because an appeals/SCOTUS decision throws out the case.

None of that matters if the evidence collected is never intended for criminal
prosecutions. Either by the FBI or by the NSA.

At least one of Boston's federal judges serves on the FISA court and I have it
on the word of Boston's clerk of court that the FISA court judges care deeply
about doing a good job and being a check on executive overreach. I believe
him. But that doesn't matter at all.

[1] Everyone should read
[http://lawcomic.net/guide/?p=1585](http://lawcomic.net/guide/?p=1585) and
actually look at this flowchart for the 4th amendment
[http://lawcomic.net/guide/?p=2256](http://lawcomic.net/guide/?p=2256).

[2] Most warrant requests are granted, not because it is a rubber stamp, but
because the conditions for warrant approval are predictable and judges don't
like having their time wasted with dumb requests. It's not like the patent
office.

------
tomelders
I'm sure there's a way for Silicon Valley and the US government to work
together, but Silicon Valley can and should bring it's own demands to the
negotiating table. This looks like a very one sided deal right now. The
government gets to keep its secret courts, mass surveillance, secret drone
strikes and foreign policy interference and expects the brightest and best
minds in tech to sign up to facilitate all that.

No deal. There is another way. I'm sure many in tech would take up the
gauntlet of protecting all people if it were to be executed in a way that fits
with the ideals of those people - which coincidentally align pretty well with
what the US Constitution and Bill of Rights put forth 223 years ago.

If the US wants security they can have it. If they want to continue to expand
the military industrial complex, they should go looking elsewhere.

~~~
forgottenpass
_I 'm sure there's a way for Silicon Valley and the US government to work
together, but Silicon Valley can and should bring it's own demands to the
negotiating table._

I don't exactly trust the policy positions of the handful of major
corporations that rate on the White House's radar to be beneficial to the end
user/society in general.

~~~
wahsd
Not only that, but there is simply zero confidence in negotiation with the
government and you are a fool to believe anything else. You don't even have to
rely on echos and messages from ancestors and predecessors, with general
warnings about the abuses of the power of governance in the hands of humans;
you can just look at the last few years of all the deception, all the abuses,
all the killing, all the thieving, all the protection of thieves, and
pilfering of civil society, and all the lies. There is absolutely zero trust
or confidence to be found. Unfortunately for the government and any
government, its track-record is permanent, there are no re-dos without
revolution. Once the image, once the record has been sullied in the most
grotesque and lazy manner in which it has been for the last 15 years+ there is
simply no going back. The damage is permanent, irreplaceable, and immutable.

You had one chance and choice on 9/12/2001, government; and you chose to play
right into the hands and goals of the tactic of terrorism ... turning on your
own people and sacrificing your principles at the cost of vanquishing the
tenuous and feeble trust civil society had placed in you.

Maybe you will be successful in steering the massive ship and changing
perceptions and molding society as you have before in the past, government.
But for now, there is a lot of trust to be made up through apology, action,
and prosecuting perpetrators, i.e., showing that your actions are not just
more empty promises and lies that any other run of the mill addict uses to
avoid accountability for their actions and impacts on those in their lives.

------
BinaryIdiot
It baffles the mind how little the government seems to understand technology.
Yes let's create a universal key but to make sure it's not abused or falls
into the wrong hands we'll just split it up over agencies or setup an escrow.
Never mind the fact that this undermines the security of every single piece of
American data if we're compelled to use it.

If you're up to not good you're just going to download a non-backdoored
encryption toolkit from somewhere else.

~~~
kbart
_" If you're up to not good you're just going to download a non-backdoored
encryption toolkit from somewhere else."_

Good point. Software is made all around the world and there's no way for USA
government to force it's backdoors (call it "golden key" or whatever) into all
of it, especially in the age of open source. The purpose of wiretaping
consumer grade software is clearly monitoring and controlling of casual
citizens, not fighting serious criminals, hackers or enemy cyberarmies.

~~~
pdkl95
It is always a mistake to assume the opponent is ignorant or stupid. Of course
the government knows the futility of trying to enforce the use of only
"approved" encryption.

A law that required the use of "approved" encryption necessarily bans real
encryption tools. Anybody that is actually secure is made a criminal, which is
one more law that can be enforced arbitrary if someone decides you are a
problem.

It should be fairly easy to filter for non-approved encryption with DPI. This
gives them a nice map of all the "subversives" that are trying to evade the
"monitoring and controlling of casual citizens".

------
rurounijones
“I think that people and companies need to be convinced that everything we do
in the cyber domain is _lawful_ and appropriate and necessary,” (Emphasis
mine)

Step 1, make this first point true at least (the second and third points will
probably be debated until the heat-death of the universe).

Quite heartened by the rest of the article though; techies standing by their
principles.

~~~
pen2l
> Quite heartened by the rest of the article though; techies standing by their
> principles.

Funny principles, those.

Ads, privacy violations, more ads, dark patterns, some more ads.

~~~
AndrewKemendo
No, those are just those pesky business people forcing that on the purity of
my Docker lib.

------
phaed
> He urged the next generation of software pioneers and entrepreneurs to take
> a break from developing killer apps and consider a tour of service fending
> off Chinese, Russian and North Korean hackers, even as he acknowledged that
> the documents leaked by Edward J. Snowden, the former intelligence
> contractor, “showed there was a difference in view between what we were
> doing and what people perceived us as doing.”

You mean there was a difference in view between what you said you were doing,
and what your leaked internal documents SHOWED beyond a shadow of a doubt what
you were actually doing and planning on doing.

Do these guys not know their audience?

------
white-flame
I, for one, appreciate that this is a mainstream media article that doesn't
seem to paint the government as in the right at all. It leaves the last word
with the tech sector in refuting the government's positions, which is
refreshing to see.

(at least that's how I read it as a tech guy)

------
cryoshon
"Mr. Obama, on a trip to Stanford in February, had expressed sympathy with
those who were striving to protect privacy, even while saying it had to be
balanced against the concerns of the F.B.I. and other agencies that fear
“going dark” because of new encryption technologies."

"Expressing sympathy" means absolutely nothing when concrete actions have been
taken to undermine privacy and security.

I hope that the tech industry can organize around resisting the government to
provide security and privacy for their users.

The more robust anti-spying measures we have, the more secure we'll be from
malicious actors who would use our communications against us for their own
gain.

------
Lancey
So is Washington ever going to acknowledge that they've done something wrong
or are we going to keep playing the fascism game?

~~~
cryoshon
Keep playing the fascism game. So far their strategy has been to double-down
every time there's a debate. Their only real trick is to clamp down more and
insist it's permanent when they're questioned.

It'll break eventually.

------
JulianMorrison
"Going dark" is exactly what should happen. The only secure system is a secure
system.

For all countries X, the government of X is absolutely untrustworthy.

------
kokey
I wonder if this is going to work out as well for them as working with Silicon
Valley in the 90s worked out:
[http://en.wikipedia.org/wiki/Clipper_chip](http://en.wikipedia.org/wiki/Clipper_chip)

------
datashovel
I sure hope Silicon Valley isn't buying what D.C. is selling.

~~~
datashovel
btw, not inferring that there's no room for compromise. But I think one of the
only ways to make "surveillance" policies sustainable is by making their
operations fully transparent. I get the eerie feeling this is not what US
Govt. wants to do.

------
wiggumz
White House Takes Backdoor Insecurity Pitch to Silicon Valley

------
joshkpeterson
The text for this article on the nytimes fronpage reads:

>The computer industry is seeking to block surveillance, including by the
N.S.A., which fears “going dark” on terror threats.

I find something about the use of "the computer industry" to describe Google
et al be really quaint. It's understatement. Also, what industry doesn't
depend on the computer industry these days?

