Is it really worth leaving a thoughtful comment about such an ignorant statement?
It's clear to me that these people have no idea what encryption actually is and only have a cursory understanding of what it does. They're aware that criminals and terrorists can use encryption to communicate covertly. That's why they want to ban it. Are they also aware that the exact same technology is used to protect their online banking? To protect against attacks like the Sony hack? Do they know that there is a huge segment of the economy that relies on strong encryption to do business?
It's pretty clear at this point that they don't care about privacy. Perhaps if the ramifications are explained to them in a different way they would be more open to dissenting points of view.
EDIT: The recent news stories have motivated me to renew my support for the EFF. I'd encourage anyone with disposable income to do the same.
> Are they also aware that the exact same technology is used to protect their online banking? To protect against attacks like the Sony hack? Do they know that there is a huge segment of the economy that relies on strong encryption to do business?
I'm sure they are.
The problem is, I suspect, more the delusion that if there are backdoors, only MURICA will be able to exploit them because GODDAMN GREATEST COUNTRY IN THE WORLD! They would find the idea that there are talented individuals and groups, outside the US, who are capable of exploiting these facilities, absolutely incomprehensible.
Moreover, the civil servants who they should be able to rely on to provide accurate information about why it doesn't work that way (e.g. the NSA) will be actively encouraging that ignorance for their own benefits.
> The problem is, I suspect, more the delusion that if there are backdoors, only MURICA will be able to exploit them because GODDAMN GREATEST COUNTRY IN THE WORLD! They would find the idea that there are talented individuals and groups, outside the US, who are capable of exploiting these facilities, absolutely incomprehensible.
I don't think that's it at all. I think it's because they expect everything to work the way the phone system did. For a long time, tapping a phone was just a warrant away. And it really was significantly harder for anyone except the government to listen in on phone conversations. Now, the world has moved on from POTS to connections that allow arbitrary data to be sent instead of just sound. In that world, the control in the system shifts to the endpoints and away from the network. We (the kind that reads HN) understand why that has to be the case, but lawmakers and law enforcement are struggling with that paradigm shift.
I see it as being very similar to the problems encountered by the record companies in the late 90s/early 00s. They were comfortable selling CDs and understood CD copying well enough to deal with what little piracy there was. But then Napster came along and showed that their product was just bits that could easily be transferred freely across the globe. We all understood this reality, but the industry spent the better part of a decade trying to make uncopyable bits (DRM) and to stamp out piracy in a torrent of lawsuits. At this point, they've mostly come to terms with the new reality and are adjusting.
Government is going to need to come to terms with that same new reality and adjust.
> And it really was significantly harder for anyone except the government to listen in on phone conversations.
This is absolutely not true. Outside everyone's house was a box, and by hooking two wires there you could easily monitor phone calls. There was similar security every where else along the way.
When wireless (not cellular) phones became common, you could get a scanner to listen them (I'm not sure they were legal to sell listening at that frequency but they were easily modified).
The movie companies and the record companies wanted DRM -- they were under the delusion that they could both control digital information while sharing digital information.
So now Washington is suffering from a similar delusion: you can build encryption to keep criminals out of your banking website, but still allow the feds access to whatever they choose.
You know the answer to this, but that's not the point. The old system did not prevent crooked agent to have access as well.
The problem here is much bigger, because they assume that no one in the world (including foreign governments) would be able to figure out how to exploit backdoor(s).
Imagine a foreign government eventually would discover it. Such knowledge would be extremely powerful weapon in cyber warfare. What McCain is suggesting is extremely dumb, even if he's not concerned about our privacy.
"if you do this then I'll give you this campaign donation", is that the kind of explanation it would provide? Otherwise I don't see it getting very far.
This makes me think we need to implement a cryptographic protocol to revoke donations when politicians go back on the words that solicited the donation.
These are simply power hungry politicians trying to control our lives. The only way to solve this is to create a strong voter base that cares. What I really love about the 2nd amendment is the kind of public support it enjoys and the politicians are forced to support it in either letter or spirit.
A friend of mine told me that politics is the art of getting uninformed people to decide what you want. With that in mind I'd say it's maybe worth having a thoughtful debate about this, probably not about whether or not this law is correct but about how to get politicians to understand the ramifications of this decision even if they have no idea what encryption actually is.
I've got no idea how to do that though so I'll let you guys start...
> It's clear to me that these people have no idea what encryption actually is and only have a cursory understanding of what it does.
I'm not so sure. Even if McCain (and other politicians) have a perfect understanding of encryption, I would expect some of them to make statements like this. I interpret it as pandering to their audience in an attempt to look tough on terrorism. It is unfortunate that if this pandering becomes a reality that it will do real harm to our security and economy.
> Are they also aware that the exact same technology is used to protect their online banking?
Yes they are -- that's why it's not a matter of passing a one-page bill overnight, but rather a more complex piece of legislation that in order to be done right, need time and bi-partisan involvement.
And I found it hard to believe you don't see a difference between encrypting your bank transaction, and encrypting your online conversation.
Disclosure: I'm against all type of bans on any encryption.
It shouldn't be hard to believe because there is no difference whatsoever. You could do bank transactions over chat, you could run chat over bank transactions. Both are fundamentally the same thing. The mathematical model that says that Alice exchanges information with Bob is not a simplification, it's fundamentally how it works. Content is arbitrary and doesn't matter.
Put more simply. If the terrorist wants to stay safe they would exploit any loophole. If conversation is backdoored but banking is not, they could use online banking and code word type messages in transaction descriptions that move trivial amounts of money back and forth between multiple accounts.
You don't need much bandwidth. The Internet is creating a false sense of data size because nowadays even a simple hello world seems to require a multi-megabyte download. But actual communication for practical purposes can be done in just bytes. There's more than enough space in transfer title to communicate a lot of stuff, even without a pre-arranged set of shortcuts, and in planning stages, you don't need real-time communication anyway.
(Note, this comment would fit in one or two bank tranfers).
> don't see a difference between encrypting your bank transaction, and encrypting your online conversation.
How is my online conversation with the bank any different than my other online conversations? Sure the content is different, but it's all the same medium, using the same sort of technology.
> How is my online conversation with the bank any different than my other online conversations?
It happened between you and your legitimate bank. Its definitely not like 2 terrorist exchanging information online. Unless of course your are HSBC bank.
Banking doesn't strike me as a use-case that the government needs to worry about, since a mandate already exists to report financial information and suspicious banking activity to law enforcement. A backdoor would be more convenient for them, but encryption of your communications between you and the bank does not mean the bank is encrypting your financial and demographic information in such a way that they themselves will not be able to retrieve it.
What's being discussed here is the Apple strategy, where the service provider can provide a service to the public without the ability to retrieve information generated by the service.
The desire for companies to provide such services was likely spurred by the government's insistence that they provide private encryption keys, even in the event that they provide access to encrypted information not limited to the direct subject of a warrant, and the federal courts' repeated confirmation of the government's power to enforce such requests. See the demise of Lavabit [1].
There are numerous technical workarounds to this problem; for example, a private-key infrastructure that generates one key pair per message, or per customer. However, none of those workarounds allow a service provider to market products that are end-to-end secure from eavesdropping or the later revelation of the customer's information to empowered third parties.
So in essence, the argument I'm making is that it doesn't matter if there is a fundamental difference between banking and a chat application, because in either case the government either already has or is actively seeking the power to obtain the information you generate.
As it's hard to imagine a world where malicious parties would not be able to obtain encrypted communication mechanisms (unless you ban open-source, computers, pens, and the human brain), it's difficult to reconcile the above with the proposed effect this law would have, and it's very difficult to imagine the government restricting the application of these new powers to terrorist organizations only. See the history of the Patriot Act, for example [2].
Keep in mind that McCain is up for re-election next year. Some of this is overstated, although I figure he probably does believe the government should have a backdoor and doesn't fully understand the implications of that.
It's true that the title is somewhat overstated, however the statement that really motivated my comment was the one from the head of the NYPD.
> We have a huge operation in New York City working closely with the Joint Terrorism Task Force where we’re monitoring and they go dark, because basically they go onto an encrypted app, they’re going onto sites that we can’t access.
We have an answer, but it's a political no-go. The answer is: you can't, really.
You can do the obvious things like stop bombing the living shit out of Middle East, etc. but that would only reduce the amount of radicalized people. The best you can do is to push it down below the "crazy noise floor" - because you ultimately can't prevent random people with a particularly destructive mental condition or an axe to grind from shooting people up. Not even if you turn the country into a police state.
You are saying what I am saying. There are no good answers. Doesn't mean we stop looking for answers. Which is what the focus of these debates should be.
It's easy when there are no good answers, to take a dump on the decisions people in positions of responsibility take. It just distracts and complicates the story.
I love how Republicans believe that outlawing guns won't stop criminals from having guns while at the same time believing that outlawing encryption will keep criminals from using encryption.
Encryption methods are far easier to transport and spread illegally than gun are.
Rand Paul is pretty openly pro-encryption. Hillary Clinton is equivocating; I think she's probably anti-encryption. These may be exceptions that prove the rule but I think what we're really seeing is a combination of ignorance, pandering and authoritarianism across the spectrum.
No, just a general comment. My only regret about Bernie is there aren't more people like him running for office. It takes a lot to have a majority in Congress and so IMO we're not close to having enough non-establishment candidates like him to have faith our government will debate civilly and act reasonably.
Is he really non-establishment? I realize he's an Independent 'Social Democrat' or whatever, but he's been in Washington since 1991. He's pretty well established IMO.
Don't forget: Hillary Clinton and Fritz Hollings sponsored the horrible SSCA bill (all electronic devices must have a back door) when she was a junior Senator.
At the time I wrote to my representative Bob Stump and he went and talked with Hollings and sent me a synopsis of their conversation.
It was Warren Buffett who said that we have had class warfare, and that his class won. So true.
Yes, except he's a member of the Republican Party, serving as Junior US Senator from Kentucky as a Republican, and running for the Republican Presidential nomination.
Edit: this was not meant to be snark, just an indication that, in the context of this particular thread/discussion, he's a Republican. The parent had a valid question, please stop downvoting him/her.
Rand Paul is a big-R Republican whose views are generally characterized as small-l libertarian. So, yes, he's (in at least some respects) a libertarian (but not a Libertarian), but still a valid counterpoint to a generalization about Republicans, if it doesn't apply to him.
Only if you considerably stretch the definition. He's a moderate Republican closer to old school states' rights conservatism than neoconservatism, but certainly not a libertarian, though he does exploit the label to make himself look edgy.
This sort of true-Scotsmanning does libertarianism no favors. I say that having voted for Gary Johnson last time around. Rand Paul would be better for USA residents and for the world than any president in my lifetime has been. Of course he isn't perfect, but no one who was would have anything to do with national government.
It isn't true-Scotsmanning, it's a factual statement. Make no mistake, I too consider Rand Paul to be among the higher stock available in the U.S. mainstream political scene.
> Nah, what we need is fewer rich people and more women and people of color
Please no sexism, classism, and racism in choosing people. Best people for the job regardless of their income tax bracket or their skin color. Just put people in office that understand how to run a country and limit the powers of government.
This is a common and frustrating sentiment when people try to counter sexism/classism/racism. The real question is this: Is it really true that rich white males are generally more competent?
If they aren't, what can we do to remove that bias and get what you ask for?
If they are, what's preventing other groups from gaining competence?
Japanese Americans do much better than white males in many professions including higher education does that mean system is biased towards them? How come those politicians who talk non-stop about minorities never mention Jews, Indian Americans, Chinese Americans, Japanese Americans as minorities and extend the same benefits to them ?
The reality is that different cultures value different things and pursue different dreams. Only politicians benefit by peddling the agenda that some other group is keeping another group down. As an Indian education was extremely valued in the family, education not only ensured prosperity but status and excellent marriage opportunities. Automatically academic and intellectual success is something I have pursued and probably my children would do the same. My parents sold many items to put me through colleges and I would do the same for my kids. White Americans on other hand have different concepts of status, a football player is considered as cool where as smart boy is considered nerd. Guess who gets more dates ?
USA was founded on the principle that people should be free to pursue their own values. What we do not want is politicians forcing needless values on us.
Since our current batch of politicians is predominantly wealthy white men, it seems to me like we may already have sexism, classism, and racism going on.
That said, I'm not advocating quotas, and frankly speaking I'm all in favor of getting rid of sexism, classism, and racism.
But my money's on, if we did, our politicians at all levels of government would better reflect who they represented.
> I would no sooner put a anti-gov politician in charge than hire a manager who's opposed to the existence of the team he's managing.
That is how you get ever expanding bureaucracy, regulatory overreach, kingdom building and information silos. Those who can see beyond their own team and work to make their department irrelevant are exactly the kind of people you want as managers in your company.
I am not sure why and how that helps anyone. Japanese Americans and Indian Americans are least politically influential and extremely better off than every other group. On other hand look at Blacks And Irish Americans. Opposite case.
Groups do well when they enjoy freedom, chase opportunities freely, compete and drink less. Not when someone from their community is elected.
You are completely wrong about the manager aspect. A good manager will always keep the team lean, less red tape and maximize the freedom of the team members as well as the customers they are serving. managers on other hand will always claim their more resources which they will spend on their own lavish lifestyle and problems that did not need solving in first place. Obama is a good example.
I would hire a manager who's opposed to the existence of the team he's managing if I didn't like the team he's managing and I thought this was the only way to solve it.
Even if those women, like Hillary, have no idea about encryption, but certainly want to have the government closely control who can have want kinds? In this context, anti-government means the government has no business legislating encryption.
Keep your generalizations to yourself. There is a wide array of Republicans who believe in limited government not cracking private security because it doesn't belong there. McCain is a nice guy but is an extreme hawk.
McCain isn't a nice guy. He's always been opposed to every kind of civil rights and in favor of total central government power and total war.
He introduced the campaign finance bill that forced the government to argue before the Supreme Court that it had the power to ban books with political opinions it didn't agree with, the same argument that led to the Citizens United decision.
He made up a song about bombing Iran and sang it at campaign stops. (Tune of Beach Boys' Barbara Ann)
That's just the start. This encryption but is of a piece with his whole career. McCain is as bad as they come.
Not being from the US, I probably don't know as much about McCain as many of you, but I do recall him making the news for suggesting a murder suspect should be treated as an enemy combatant, which in turn seemed to mean essentially that they were no longer entitled to things like due process. I remember feeling very cold when I read that.
He introduced the campaign finance bill that forced the government to argue before the Supreme Court that it had the power to ban books with political opinions it didn't agree with, the same argument that led to the Citizens United decision.
Did you oppose that bill at the time, on the grounds that it would lead to such ridiculous arguments? If you had, you would have been the only one. Most First-Amendment nose-thumbers loved that bill. I suspect their hearts were in the right place, just as I suspect McCain's was (then, on that topic; various statements made since have been disconcerting).
It would be nice if the rich bastards didn't play the body politic like a marionette, but this isn't the way to change that.
The fact that you didn't lead off with a reference to the Keating Five indicates to me that you don't actually know much about McCain or his career.
"Did you oppose that bill at the time, on the grounds that it would lead to such ridiculous arguments? If you had, you would have been the only one."
I was not the only one. [0][1] The AFL-CIO, the NRA, the ACLU, and Americans that care about the First Amendment were just the beginning. Right inside the Senate, current majority leader McConnell was warning the world about exactly what was wrong with the bill. McCain insisted on keeping all the worst and most totalitarian provisions; they were his favorites.
"Most First-Amendment nose-thumbers loved that bill. I suspect their hearts were in the right place, just as I suspect McCain's was"
That's the same kind of contempt for patriotic Americans McCain always exhibits. His heart is not in the right place.
"The fact that you didn't lead off with a reference to the Keating Five"
I could have worn my fingers down on that smartphone with the crimes of McCain before I got to his relatively tiny involvement in the Lincoln S&L bit. I think he was on the list mostly because they needed a Republican to round it out.
To be pedantic, that Beach Boys parody dates back to the late 70s during the hostage taking of the U. S. Embassy. (Which causes me to wonder: did his campaign properly secure the rights from the song writer, or did they do like other candidates and "steal" it?)
There were quite a few different parodies of that song with the "Bomb Iran" theme from different groups, and all McCain did was the "Bomb, bomb, bomb" part, which made the message clear, but didn't really specifically invoke any of the particular parodies.
It's a political party. The whole point of one is to get people behind a general platform. Even keeping in mind that two-party systems tend to be extremely factional by practical necessity, the view that the GOP is the "party of limited government" is nothing but propaganda.
Somebody please explain to me how political parties aren't the dumbest idea ever, because I'm having trouble seeing it. I find the concept of buying into political beliefs wholesale - instead of considering them on a case-by-case basis - to be plain insanity.
Some pretty big advantages: They are voting blocs that are long lived enough for reputation to work. It makes representatives much easier to follow and predict (for media and citizens). They become much more efficient in wielding power and less vulnerable to divide-and-conquer adversaries.
Relatively few people can keep track of what a handful of parties did in the last couple of years, imagine how short the public memory would be if it was single representatives.
<cue comments suggesting technological solutions>
Also, ideas in politics are interrelated. A big core value or strategic objective will pretty naturally lead to a bunch of other related ideas. You can view this as "buying into political beliefs wholesale" but it's a pretty natural thing to happen.
Thanks for the explanations. I don't buy them entirely, but I need to think about it more.
> Also, ideas in politics are interrelated. A big core value or strategic objective will pretty naturally lead to a bunch of other related ideas. You can view this as "buying into political beliefs wholesale" but it's a pretty natural thing to happen.
Ideas may be interrelated but it doesn't say anything about their validity. Whether it's natural or not, I still find it incredibly stupid. The focus on ideas seems wrong in itself. The usual discussions like whether Free Market or Government-Regulated Market are Better™ are pointless; we should be talking about whether a free-market solution or a top-down solution is better for a particular problem, like determining wages or building a power plant.
I mean, the level of absurdity of buying ideas wholesale is obvious to everyone in almost every single discipline besides politics. Static vs. dynamic typing, or Lisp vs. rest of the world, or why PHP sucks are fun topics to discuss, but when push comes to shove, everyone knows that they should use the best tool for the job and get the job done.
Imagine for a moment that we're tasked with writing a grep-like utility. If we were to run this project the way we run our countries, we'd have several opposing groups:
- C supporters arguing for C, because everything fast and big is written in C!
- Their little more progressive branch arguing for C++.
- Perl supporters, saying that C is wrong because it was used by the Sov^H^H^HMicrosoft to write Windows, therefore it is evil.
- Lisp supporters, saying that other languages are infringing on programmers' freedoms, and that the only rule should be the one of non-aggressive macro writing.
- Fortranaries arguing we should write in Fortran because in Good Old Days everything was great and was written in Fortran.
etc.
Ultimately, running a country is about solving problems - some of the most important problems we ever face. Why do we accept this insanity where it matters the most?
Check out how many people[0] get elected to the Congress without one and you'll see that their organizational advantages outweigh their irrational issue agglomeration.
>Encryption methods are far easier to transport and spread illegally than gun are.
I won't go that far, I would say that getting a Gun in the US or even in Europe (especially since the eastern European and Balkan states have joined (officially or unofficially Schengen) is by far easier than setting up your own secure crypto from scratch.
This isn't an argument in favor of banning crypto, just a hard simple truth that the number of people that can setup a secure cryptographic system is small, the amount of people that can design them is even smaller, and a single operational mistake can ruin your entire encryption.
Don't get me wrong at this moment in time it's "fairly" easy to get off the shelf (FOSS or commercial) encryption software that would prevent law enforcement from accessing the data, and it's possible to implement encryption that would also foil full state level (intelligence agencies, military intelligence etc.) actors from breaking your crypto in any given timely manner at least.
But there are quite a few cutting edge attacks already on RSA, AES and other ciphers for key extraction, quite a few cryptographic systems were discovered to have horrific flaws in them, and some commercial solutions also have a backdoor/work reducer in them for lawful (and unlawful) access.
That said if you currently eliminate the existing eco-system of "non-backdoored / non-broken" encryption don't expect for it to be easily revived, it will not be that hard to crush existing even FOSS crypto working groups and as time passes and agencies like the NSA can break existing encryption ciphers more easily it will only be harder and harder to build safe crypto without going into new cipher suits, and most cryptographers in the world today work for governments, or are heavily watched.
So the dream of having the worlds most prominent math and computer science prodigies raising up to the challenge and building new cryptography in a dusky basement of a Berlin bar is a fairly romantic fantasy.
Just look at how hard it was to get decent (for the time) encryption software when the US and most countries treated it as highly regulated commodities, and that was without an intentional crackdown on everyone who writes and distributes such software.
> I would say that getting a Gun in the US or even in Europe (especially since the eastern European and Balkan states have joined (officially or unofficially Schengen) is by far easier than setting up your own secure crypto from scratch.
No, it is far easier to download an openbsd cd image from canada than it is to physically carry a gun.
OpenBSD cd image would give you absolutely nothing when it comes to defending against state level actors sorry.
And you are assuming that in their proposed reality that would be as easily achievable as it is today, you'll be surprised how effective can a crackdown be once a government sets its mind to it.
> you'll be surprised how effective can a crackdown be once a government sets its mind to it.
Effective like prohibition was? Or the war on drugs? All that will happen is people will stop using macOS and Windows because that is all the US government can pressure.
Are you trying to compare the amount of people that can distill moonshine or smuggle drugs to the amount of people capable of writing secure encryption software?
The effectiveness of limiting proliferation is tied directly to the difficulty and the scarcity of the human capital involved, this is why restricting the proliferation of small arms which can be build by anyone with some machining experience is near impossible, but limiting the proliferation of say nuclear arms and technology is quite possible.
It would surprise me if the NSA (or any other agency) doesn't have a list of all or most software engineers and mathematicians which are capable of designing crypto, that mailing list isn't that big.
You are living in a delusion, they can't crack the standard encryption that comes with openssh, and that is the type of thing they want to ban.
People can easily hide data streams inside video-streams/ text-files/images to circumvent trivial screening. The government won't be able to do anything effective without massive costs and draconian measures. Not to mention people outside the US can carry on however they like anyway.
You've missed the 2nd half of my post I see, I said that if any even half arsed measures are going to be in place the crackdown will become more effective with time.
If you can stall or slow down the evolution of open encryption sufficiently so state actors can catch up then that's effectively makes that encryption useless.
Today for example the NSA can break weak DSA configurations, and factor weak RSA keys in 2-3 years they'll gain other capabilities.
What will happen if say we do wake up to a post quantum world with much of our asymmetric cryptography being worthless.
Do you really see people being able to develop a new RSA level family of algorithms at a hackaton?
If you can't increase the work that needed to be done to break your encryption at the same rate as your adversary increases their capabilities you are going to lose and lose badly.
And draconian measures and extreme costs is just what they are proposing, I'm not advocating that it's going to be effective at first or cheap, but dismissing it as even if they want too they will never be able too is just as foolish as voting for Trump ironically to give him a sympathy vote.
Go ask people from East Germany, pre-Glasnost Russia and even some countries that exist today how easy it is going to be to evade surveillance enmass.
You should never be dismissive of threats no matter how far fetched or unlikely they are or how incapable your opponent at executing them might be, this is probably one of the more important lessons one can take from history.
There are a variety of algorithms which are safe in a post-quantum crypto world. Developing and deploying them will take time, but they exist. Making them safe will take longer, but it will happen.
The threat you describe sounds like a race. But in fact, it's more like a switch. Right now the world is pre-quantum. When the switch is flipped, to post-quantum, a lot of algorithms will break. But not all of them.
Regarding your point, I don't think that people here are being dismissive of your ideas. You're quite right. But there are reasons to be positive about the future, while highlighting the negatives. Isn't it so interesting that certain algorithms can be safe in a pqcrypto world?
Notice where the algorithms spring up from. You mention a hackathon, but that's not where these algorithms root. They're from universities. And universities are interesting. If the legislation will face resistance, it will probably be from academics, like in the last crypto war.
Today there won't be much issues, I'm talking about a reality in which your Government (doesn't matter if it's the US, UK, Germany or China) is not only not helping you to build strong crypto (which they always done so in the past), but actually is working against you.
How easy would it to work on open encryption software if we'll have to revert to the Pre Bernstein V. United States era (which wasn't so long ago) and one that might actually be more heavily regulated than (restriction on actual work on encryption and related field rather than exporting software) before? Heck Phil Zimmermann almost ended up going to jail when PGP was "leaked" outside of the US, and this isn't East Germany, this is the US in the mid 90's.
And I'm saying, yes, you're right. But have hope. That's something to watch out for going forward, but we can go forward.
This thread's article is interesting, because it's the first step toward a world you describe. But reason has a way of prevailing. Not always, but usually.
One thing that's missing now, that someone here might want to cook up, is a good explanation. The topic of crypto is difficult. Not just because it's hard like calculus, but because there are a lot of subtleties. Old analogies to locks and doors aren't really applicable. What we need is a way of highlighting what's going on, why people should care, and what they can do.
Are you claiming that OpenBSD never had or has exploits that the NSA could or can use to access systems running it? Because if so that would be a heck of a lofty claim.
> I won't go that far, I would say that getting a Gun in the US or even in Europe (especially since the eastern European and Balkan states have joined (officially or unofficially Schengen) is by far easier than setting up your own secure crypto from scratch.
This is laughable. Getting a gun legally or illegally is harder than downloading a basic Tails live cd.
> Just look at how hard it was to get decent (for the time) encryption software when the US and most countries treated it as highly regulated commodities, and that was without an intentional crackdown on everyone who writes and distributes such software.
Um, I assure you that the US Government was quite serious about preventing encryption export.
You are also ignoring history. It was far harder to get an operating system image, period. It was more cost effective for me to drive to a store and buy a physical CD than download over an internet connection in 1996. The retail channel is fairly easy to control--nobody is going to spend the money to press CD's and publish something that will get them raided by US marshals.
This has changed. Dramatically. Between higher bandwidth and bittorrent, you probably couldn't stop the distribution on an OS image, nowadays.
I agree. Also ,just the knowledge that someone is using illegal encryption(non backdoored) is very valuable from an intelligence standpoint since it directly points on highly suspicious people,and also reducing legal blocks towards their inquiry.
And it seems possible to build a system that detects such illegal usage ona web scale.
Liberals simultaneously believe they can outlaw guns but they can't outlaw drugs. Hypocrisy can be fun to notice in your hated enemy, but sometimes you have to dig into the details of each idea separately without analogies to similar surface level ideas.
> "...News emerging from Paris — as well as evidence from a Belgian ISIS raid in January — suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted."
> CIA director John Brennan said that "there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it ... And I do hope that this is going to be a wake-up call."
This is Edward Snowden's fault. Let's look at the facts:
* Edward Snowden declared war against terrorists.
* Edward Snowden started indescriminently bombing villages in the middle east.
* Edward Snowden created massive ill will against America, then left a huge power vacuum in the region by pulling out after, dare I say it, conducting terrorism against the native inhabitants.
> I led a platoon in Iraq, and we did nothing of the sort.
I fought in Fallujah; I would be very surprised to hear from the residents that they did not feel terrorized or modify their behavior in response to our activities. I have no doubt that you don't see yourself in that light, but your intents mean very little to those people.
Putting too much weight on either perspective, the action's originator or recipient, leads to all sorts of silliness (the concept of hate crimes, donglegate, etc). Try to detach yourself and just consider the facts.
You equate "they felt terrorized" with "terrorism." Terrorism is the deliberate targeting of civilians in order to cause fear for political ends. It's not "civilians being scared" and definitely not "civilians modified their behavior." I have no doubt civilians lived (and sometimes died) through horrible battles. In examining the ethics of violent conflict it absolutely does matter whether civilians were targeted or not. If you saw anyone deliberately harm civilians, or use disproportionate force against an enemy that resulted in needless civilian death, you should report it and hopefully that person goes to jail. I have no doubt some people did terrible things. That's a far, far distance from the general claim that the U.S. was "indiscriminate" or "conducted terrorism."
Well, I can appreciate that you conducted yourself with honor. However, here is another data point, equally as anecdotal, showing another story (wikileaks apache video).
It's not simply anecdotal about me and my conduct. It's a firm knowledge of the U.S. military's internal policies and controls.
As for that video -- I wasn't sure it's one that I had seen, so I watched it again. I don't know what point you're trying to make -- those men were completely legitimate targets. I would have killed them myself. I'm sorry you had to confront what war's actually like, but killing is sort of the whole point.
it's really disappointing to me that you probably won't respond to woodman's post, and that you and countless others are incapable of taking even a moment to attempt overcoming your cognitive dissonance
Don't forget that in 2007 Edward Snowden started funding and training anti-government groups in Syria, then in 2009 when he won election, he upped his game and then in 2011 started arming them. Then in 2012 when Russia approached him with a deal to have Assad step aside and force the Syrian government to stop murdering its people, Snowden laughed and said Assad was on his way out anyways and he didn't need their deal. This is definitely all Snowden's fault.
Edward Snowden then had the audacity to leak our ways and means to the same terrorists and put the lives and safety of our men in the field at risk!
Edward Snowden then had the balls to tell the American people that the NSA was sharing their nude selfies amongst NSA employees and put the lives and safety of our men in the field at risk!
This would be a suspension of the 4th and 5th amendment. Correct me if I am wrong.
"...A valid search warrant must meet four requirements: (1) the warrant must be filed in good faith by a law enforcement officer; (2) the warrant must be based on reliable information showing probable cause to search; (3) the warrant must be issued by a neutral and detached magistrate; and (4) the warrant must state specifically the place to be searched and the items to be seized..."
This McCain B.S. implies that the defendant will never be served with a warrant. This secret warrant will be issued by eleven secret judges, serving a seven year term, picked by one man "...without any supplemental confirmation from the other two branches of government."
This does not meet the standards of being neutral per point number 3 above. WOW!
Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment.
We really need to set an age limit on how old people can get while staying in office before being forced to retire. We already prevent people younger than 40 from running for President. Why should we let people older than 65 do it? What's the difference?
I upvoted you because I agree about the cognitive dissonance between having a lower limit but not having a higher one (as the old adage goes, don't tell me what's too little if you can't tell me what's considered too much), but I respectfully disagree. If one person is an idiot at 79, that does not mean that another cannot be well-informed and in-touch at the age of 85.
Then there's the premise of your argument: that he doesn't know what he's talking about. I counter that just like David Cameron of the UK, McCain knows full-well what he's proposing, but he just doesn't care about the cost. It's not about being out of the loop, it's about having a different agenda than the one you're seeing. His goal isn't to ban encryption so "terrorists" can't communicate, his goal is to ban encryption so that when someone currently not committing any crimes and without the intention of committing any crimes either does "something bad" in the future or otherwise falls afoul with the powers that be, decades of digital surveillance and intercepted communications would be instantly available for whatever nefarious (or otherwise) purposes the NSA, NSC, FBI, CIA, or whomever would have to serve their needs.
EDIT: Part of my argument seems to have been misunderstood, my response about 79 vs 85 was just in direct counter to passing a maximum age limit; I don't believe we should have a minimum age limit, either.
No. This makes little sense, is arbitrary and absurd. We need people to be qualified by measurable factors like degrees, years working in a particular field, ability or intelligence and/or other relevant facts.
John McCain is a good man, I think he has good intentions, and is very qualified for certain positions. This is just not one of them, and it isn't because I disagree with him (I do), it is because he isn't qualified to make decisions about computer science or technology.
I believe the problem to lie in the fact we expect people who are no different than you or I to be able to create laws about things they have no clue about. This guy might know a thing or two in field A and B, but has no clue about C-Z. I know I have little to no knowledge in most of the world, and I am not suited to be a lawmaker. What makes him/them any different?
I would argue that in the last 15 years he has gotten further from the vanguard of encryption, purely by virtue of the field advancing.
I don't think an age limit makes sense though, as his knowledge of encryption is not likely to be any worse than the vast majority of the population anyway.
How can you tell the difference between, say, an OTP encrypted message and a random number?
To outlaw encryption that "the US govt can't crack" they have to outlaw random numbers hah, yeah.. I totally can imagine a future where PRNGs must be approved by the US government.
The US government is a monolithic institution that is governed by the mandate "move slow and break things". They can only legislate what they can enforce. They can't stop people sharing music, they can't stop people sharing data, and they sure as fuck won't be able to stop encryption.
They definitely will be able to drive it underground and limit the average American's privacy though. It is just that, as far as anyone can be a typical America, they aren't a hardened radicalized terrorist. Let's take stock of the wars against nouns:
* War on Drugs, massive failure.
* War on Terror, not only failure, likely made problem worse.
* War on Math, if we measure this by people prevented from using encryption, then we are losing. However, if we measure this by student test scores relative to other nations, we are def. winning the war against math.
Can we have a new rule when laws are proposed? Whenever you see the headline "(name of politician) wants to pass a law which will do ____" it should be rewritten to "Lobbyists have convinced (name of politician) that they need a law which will do _____".
From opensecrets.org:
Industry Favorite
John McCain is a top recipient from the following industries in 2015-2016:
Cable & satellite TV production (#1)
Defense Aerospace (#1)
Defense Electronics (#1)
For-profit Education (#1)
Misc Defense (#1)
Personally I'd love it if TV networks would bring up ESPN style player stats summary sheets on politicians involved in a story listing a few key 'stats' such as what their top 3 sources of funding are, former employers, brief voting record summary etc. For so many politicians their motivations are so obvious when you see their records, but for most people that aren't willing to do a bit of digging, its essentially hidden in plain sight.
Really! To me, this suggests that the fundamental problem is the enormous size of USA. If it were replaced by twenty other nations each a twentieth the size, could the parasites even afford to subvert the popular will and well-being? Divide all those bribes by 20, and you're not left with much to corrupt a reasonable person.
I swear the media has a bias too. So many articles are bashing encryption lately. I wish I could do more to fight misinformation and general ignorance than posting on my Facebook though. Ideas?
Data on people seems to be what everyone wants. We have big data collectors like Google and Facebook firmly on the pro-encryption side, ensuring your privacy. And that the only parties able to mine your Google and Facebook activities are Google and Facebook.
On the other hand, some media companies are also ISPs now (Comcast, TWC). They don't really have destination sites collecting your general behavior, but they have something better - all your traffic in transit. Shame it's encrypted.
Doesn't this mean their citizens would be less safe from foreign (and domestic) spies than foreigners are from their spies? Doesn't this mean that foreign businesses who actually care about their security would abandon their software and IT services? If they can crack it, others can, or will learn soon to, crack it.
So basically he wants to ensure that black hatters will be able to crack all encryption in the United States? If the U.S. Government can crack something, than that means there is a human element that will always be exploitable. If a group of people can crack an encryption, than that group of people is the weakness. Someone will be social engineered, hacked, or compromised successfully eventually. They might even just make a stupid mistake. This basically ensures that whatever the United States is using to crack encryptions will leak eventually causing legal encryption to be completely insecure until the government releases its next update, until that leaks as well, and we end up with a cycle of fuckery on our hands. Yeah, let's not do that.
> Obama administration says it has no plans to legislate against strong encryption, and the UK government says it doesn't either.
So It doesn't look like we have to worry. The argument for legislation is idiotic. Terrorists won't care if it's legal or not to use strong encryption. You would only be forcing law abiding citizens to use weak encryption.
It is certainly relevant, because his point is that encryption is just math, and you can't outlaw math. Or, even if you did outlaw math, it won't have any effect because you can't enforce it.
It's a bit of a reducto-ad-absurdum simplification, but the argument is pointing out the fact that most people wouldn't ever consider valid a law that would prevent simpler mathematical operations, so why should we consider the validity of a law that would try to outlaw complicated mathematical operations.
Mass surveillance + "if we cant understand your data and isn't in one of the prescribed formats then you are a criminal and can be charged on that fact alone."
John McCain also selected Sarah Palin as his running mate in 2008. People understand that McCain's heart is usually in the right place, his judgement isn't exactly sound.
I just wrote to both Senators and my Representative telling them not to support this legislation. I linked to this discussion for them to learn more. Please contact your Congressional representatives today!
I am not sure how this can be implemented effectively in a globalized world! Lets say we take John McCain's advice and corporations give america a back door to read encrypted data, what would other countries do? Would they make laws forcing corporations to give back-doors on the encrypted data as well? Eventually, one of these countries could sell that information to unscrupulous hackers?
Also, such a mechanism will only catch unwitting gmail like app using terrorists (assuming google co-operates with USA). I would guess vast majority of terrorists will still encrypt the data themselves without relying on underlying app to do so?
How about we (the USA) as a country re-adjust our attitude/foreign policy? That goes light years further toward averting any future terrorist attacks. I don't condone ISIS even one bit, but we would be fools to not admit our role in shaping their current behavior.
So either we give - by adjusting our attitude or if we choose to stay entrenched on our position, then go all the way and nuke the crap out of them.
I don't like middle of the road solutions... maybe it's just me.
Whoever tries to pass that law is going to realize the mistake they made when it comes time to enforce it and they have to delete code from nearly every computer in the country.
Other countries like Russia will be able to laughably crack US citizens bank accounts, email accounts etc if this was actually done.
It will be a massive public relations nightmare for anyone who actually tries to make this reality.
There's plenty of discussion from then around the problems caused by this arrangement, so it might be a good idea to find the best of it, and dust it off.
I am picturing a scene in which few of our ancestors, out of fear for fire, and seeing someone hurt by fire, decided to ban making fire altogether. Since they don't know about "fire", we better educate them.
The Senior Senator from Arizona needs to just retire and enjoy his twilight years. There was a time where I found him interesting, engaging, and worth voting for. It's been several years since that was the case.
and people wonder why Republicans (Libertarians mostly) didn't turn out to vote for him 2008, here is a hint - it wasn't Palin that was the stain on that ticket. We remember McCain/Feingold
John McCain is partly responsible for the rise of ISIS by having architected the funding of the Free Syrian Army whose members went off to form ISIS and who continues to be funded by us, with a great deal of the resources finding their way into ISIS hands.
I've seen this claim floating around that we're funding the FSA which is just channeling money to ISIS, but I haven't been able to find any reliable source. Could you please link to something that backs that up?
It's clear to me that these people have no idea what encryption actually is and only have a cursory understanding of what it does. They're aware that criminals and terrorists can use encryption to communicate covertly. That's why they want to ban it. Are they also aware that the exact same technology is used to protect their online banking? To protect against attacks like the Sony hack? Do they know that there is a huge segment of the economy that relies on strong encryption to do business?
It's pretty clear at this point that they don't care about privacy. Perhaps if the ramifications are explained to them in a different way they would be more open to dissenting points of view.
EDIT: The recent news stories have motivated me to renew my support for the EFF. I'd encourage anyone with disposable income to do the same.