Hacker News new | more | comments | ask | show | jobs | submit login
No Matter What the FBI Says, Compromising Encryption Is a Technical Issue (eff.org)
245 points by DiabloD3 on Dec 10, 2015 | hide | past | web | favorite | 93 comments

Federal agencies didn't flag the San Bernardino killers despite the fact they apparently considered an earlier attack, had connections with known radicalized persons, was radicalized for many years and other serious warning signs.

Having access to encrypted communications is just going add a lot more information to monitor and thus more noise to filter out for federal agencies, who are already bad at catching the red flags.

The answer here isn't MORE surveillance, it's more TARGETED surveillance ie devising much more precise warning patterns to look out for. For example, the San Bernardino killers apparently took out a massive loan and emptied their bank accounts prior the attack.

>For example, the San Bernardino killers apparently took out a massive loan and emptied their bank accounts prior the attack.

This happens quite frequently when people are going to make a big purchase or pay off another loan with worse terms. It's not as much of a red flag as you would think.

Sure, but taking out a massive loan in coordination with other signs, like buying guns, would start to paint a better picture.

I believe the word is "context."

That done by somebody that the police should be monitoring closely should raise some flags.

Problem is, the police seems to be spending the resources that should be monitoring those people on monitoring everybody.

But coupled with the stated other red flags, this one is bright red with big red arrows pointing to it.

It's hard to say whether they're really "bad at catching the red flags" or not because we're looking at the data after the fact, knowing exactly how the situation turned out. Everything looks like a serious, obvious warning sign once the data has been pre-filtered and given context by the fact that we KNOW these people were planning a terrorist attack.

The other thing to consider is what flags actually allow the authorities to do unless the flags rise to the level where the police can actually arrest the suspects or follow them around 24/7.

Actually, they need both. They are building a ML model that detects probable terrorists. You need to work on fine-turning the model as well as gather more data to improve classification accuracy. The question isn't which approach to take, but how much accuracy is good enough. 100% security is only possible if we monitor every thought of every person on this planet. Are we willing to give up our freedom and privacy for increasing our terrorist detection model performance by 0.1%? (just a guess)

I've seen that movie before, it's called The Minority Report.

It's interesting that you mention The Minority Report. I feel that one of the key themes of the movie (and the story it's based on by Phillip K. Dick) is the question of when someone actually becomes a criminal. That is, if someone is thinking about committing a crime, should they be arrested? Let's say at the last minute they change their mind. If you had arrested that person on the basis that they were going to commit a crime, you would have been wrong and arrested an innocent person.

The point is that we should really consider the wisdom of a surveillance state that we're increasingly tolerating in the US. It is not illegal to be an extremist until you've broken laws. It is illegal for the government to deprive people of their constitutionally guaranteed rights. Like it or not, the rights that we enjoy have to apply to everyone or they aren't worth anything.

This scenario plays out all the time with the exception that it involves 2 or more people: conspiracy to commit a crime.

>> 100% security is only possible if we monitor every thought of every person on this planet

No it isn't because no agency has enough manpower or resources to follow up on every lead a 'terrorist detection model' generates. Catching bad guys isn't all tech. At some point, a human being has to get involved to investigate if they're actually planning to commit an attack.

There is no such thing as 100% security. Maximum security prisons are an example of this fallacy.

The answer is no, we should not be monitoring everyone all the time in the hope that we catch those few small people. I don't want to live in a world where the government is just big brother. We've already seen lots of abuses of the monitoring, like the government targeting reporters of sensitive national security issues (this happened even with Obama). I see surveillance by normal means (phone location, email) getting so pervasive it really will be almost impossible to have anonymous contact with reporters to become a whistle blower - it's almost that today. Maybe only computer programmers will have enough savvy to even attempt anonymity.

Of course there's a purpose in having a government that looks for terrorists - but it is too easy to turn those capabilities into suppression of dissent. Did you see how in Paris they used their new emergency powers to PREEMPTIVELY put people who had protested against climate change in house arrest. Before they even had their convention. That was horrible.

>"For example, the San Bernardino killers apparently took out a massive loan and emptied their bank accounts prior the attack."

The same exact thing happened in the Paris attacks: one of the killers (already known by french authorities to be radicalized) withdrew three months of salary shortly before the assault.

Saying that encryption is the problem is simply ridiculous considering the fact that even the most basic procedures aren't being taken care of.

French authorities didn't manage to stop the Paris attacks despite them also using open, unencrypted communications.

Can someone explain to me how a proposed government backdoor into encryption would work? Is every creator of encryption software supposed to build in a master key and hand that over to the FBI?

I ask this in all seriousness, as I cannot fathom how such a system would be implemented, even disregarding the Constitution and the willingness of those creating the software.

Contrary to many opinions here, this is not a new problem. For many years encryption products included "work reduction" schemes. Not backdoors per se, but schemes that allowed those with the insider knowledge to bruteforce the encryption in a reasonable time. Those without the knowledge (the public) still faced strong encryption. It worked back in the 90s. With today's computing power it is likely no longer practical.

Google "export grade encryption" and "lotus notes"


Dark dark days for privacy, and it came back to bite us as the FREAK vulnerability, but those in charge today are old enough to remember such tricks. That's why generals still talk of cooperation to create reasonable backdoors, they confuse true backdoors with the old work reduction schemes.

See also TSA Master keys for a physical implementation and how well that works (or not). [1]

[1] https://www.schneier.com/blog/archives/2015/09/tsa_master_ke...

Steven Levy wrote an excellent book about the first big battle over encryption standards in the 90s, "Crypto". One of the more heavily pushed "solutions" was the Clipper Chip, which was essentially key escrow.

"Is every creator of encryption software supposed to build in a master key and hand that over to the FBI?"

Including, presumably, not only programmers who're not under the jurisdiction of the FBI, but also programmers for whom the FBI is genuinely "their and their nation's adversary"?

Reminds me of a recent tweet: Homeland Security's new "House Un-American Mathematics Committee": https://twitter.com/puellavulnerata/status/67290345222221824

That link 404's

It won't work. That's about it. I.e. once there is a backdoor, security is compromised and it can be used both by law enforcement and malicious attacker.

https://en.wikipedia.org/wiki/Key_escrow https://en.wikipedia.org/wiki/Secret_sharing

It's a terrible idea. The only proposed methods with theoretically possible security would suffer insurmountable side channel issues.

Edit: more https://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSA...

That makes sense (technologically). Still a terrible idea but I understand how it would be done now, thanks.

Like most insane directives I'd imagine this one isn't intended for the masses. Only for the ones you want to compel. This isn't as technical an issue as we'd want to believe.

They want to be able to light a fire under your ass. Once they light that fire, the technical issues are moot.

I guess that's the overall idea.

Also, the US will probably forbid anybody from outside their jurisdiction from creating encryption software, otherwise it won't work. \s

And of course that is balancing on the assumption that only the US has people capable of building such software.

"It turns out that somehow, Comey believes that the question of whether to ban encryption without backdoors is “not a technical issue.” He told the senators that “plenty of companies” provide services online while still maintaining the ability to read their users' data, and that “plenty” of smartphone manufacturers can unlock encrypted phones. Thus, he concluded, “it’s a business model question.”"

If you read between the lines a bit, it's clear that what they want is encryption to/from cloud hubs where data is stored using escrowed keys (a.k.a. server-side "encryption"). Many services already more or less do this, so the goal would be to push the entire market in this direction and then eventually to outlaw or otherwise restrict systems that do not work in this way.

This fits in with the dumb terminal / mainframe model of the Internet being pushed to varying degrees by most of the tech giants these days and with Amazon's vision for IoT.

It's stupid and naive to claim that there is some technical barrier to what the FBI wants. It's actually quite easy if we apply a bit of government pressure to push the Internet even further toward the "put everything in the cloud" direction it's already going. Anything in the cloud is almost by definition backdoored.

> Anything in the butt is almost by definition backdoored

Pretty much. The TLAs are whining because they got used to wholesale vacuuming of butt data, and now the pendulum is poised to swing the other way.

IMHO Apple is merely poking a hornet's nest, because it will be quite easy for USG to force them to modify their centrally-distributed software. The only truly defensible position we have is Free software. Whether there's enough interest/money to support its wide scale adoption is one of the major questions of our time.

Greatest instance of the 'cloud-to-butt' translator I've seen.

Not so easy when there is no law requiring them to do so. In iMessage, Apple still has the keys but the forward secrecy is enough to exclude it from CALEA because of the way the "encryption" exception was designed. This of course caused FBI to complain, which among other example of encryption made encryption backdoors a political issue again in the first place.

It's USG. Creating new authoritarian laws, especially indirectly applied through companies, is basically what it does.

Which reminds me that CALEA, DMCA and the like was passed in the 1990s, when not as many people was using the Internet as today. SOPA/PIPA was passed in a time when everyone for example is using Google, which is why the protests was so effective. In this case, such a law requiring backdoors would be likely unconstitutional (it was tried in the 1990s too), which is why FBI is resorting to other methods.

I itnerpret the trend the opposite way - lots of people using the Internet, but having no clue how software works and being utterly disempowered with respect to what their devices do. In the 90s, it was the entire Internet community was solidly against surveillance backdoors. Now the majority figures the activities shown on primetime propaganda are what is required to keep them "safe".

> such a law requiring backdoors would be likely unconstitutional

Lol, as if that means anything when all ten test cases from the Bill of Rights are failing! I can see such a law being easily gavel-stamped since it's regulating interstate commercial activity.

But the number of people using the Internet was relatively small, so nothing has changed really. The only difference is that the majority began using the Internet in the first place.

Depends on how one perceives democratic force working.

I don't view the absolute number of calls to congress as important as unstated assumptions about what is "unamerican".

Back in the 90s if you asserted that the government was tapping everything, you were called a conspiracy nut. Because we had a shared societal belief that it was off the table in a free society. This has now been broken.

A politician endorsing a surveillance system that would make East Germany jealous would have been ridiculed by the media. Now they're ridiculed for not supporting such totalitarianism.

That was caused by 9/11 though not the increasing use of the Internet. Which also reminds me that the US-EU safe harbor dates back to 2000.

Sure, but the cause of it doesn't really matter. The net effect is I feel we're in a worse position for this battle than the 90s. Perhaps the 90s are just safely in the past, but this time I feel this issue will be with us until the tyrants finally get their way, or USG collapses.

And Snowden's disclosures, while great for exposing the conspiracy, serves to normalize the surveillance. Very few people are switching away from butt services as a result, a tacit endorsement of the status quo.

FWIW, if you watch things from before 11sep2001 there's still constant mentions of terrorism. "911" is more of a pretend watershed so we can tell ourselves "everything changed" when in reality the panopticon has been building for far longer.

I hope that Bernie wins, and that will help at least as a first step toward change.

"Comey believes..."

Comey is the emptiest suit I've ever seen testify before Congress. Comey is told by his handlers what he should claim to believe and otherwise he carefully avoids believing anything.

At one point today he really showed his ass. After tacitly agreeing with Leahy about "an Internet sale" of a gun which implied anyone could order a gun online without a background check, Graham asked Comey if such a purchase would be "delivered to my home."

When asked this question, the Director of the FBI, an organization that, along with the ATF, orchestrated the Fast and Furious gun-walking scheme and therefore should have absolutely zero confusion about the exclusive role of FFL holders in the transfer of firearms in the United States and the harsh federal penalties for anyone that fails to obey the relevant laws, answered in public, complete with a genuinely quizzical look;

"... I assumed it's shipped to you, but I don't know for sure actually ..."

Full stop. Not one shred of a clue. Un. Freaking. Believable.

There is nothing there. Comey is literally propping up a suit for the cameras.

> Many services already more or less do this...

Those services can't be trusted now where part of the threat model is corrupt, hostile, and/or authoritarian state actors. Unless you think America is the only place you'll conduct business that needs secure communication, that's not a viable "solution."

"Unless you think America is the only place you'll conduct business that needs secure communication", and you trust the US government in the general, and you trust each individual government agent or employee with that kind of access not be corrupt, and you trust each such agent or employee to be super-competent as to not be hacked by an hostile third party, and you trust the cloud company in the general, and you trust each employee of that company with access to not be corrupt and to be super-competent... and so on and so forth.

The fact that we currently mostly use systems where we need to trust a large number of people with our data only to communicate with one another doesn't mean that those systems are the right ones to build, even at a relatively apolitical technical level. The early internet, before HTTPS was common, added a large number of interconnected ISPs to that list of 'fully trusted by design' parties. That was, as we have recognized for decades, a design bug. One which we are only now starting to fix adequately. Trusting the cloud providers with full access to all data stored or even processed by them is a similar design mistake.

(Not saying that there isn't ever a use case to send data to a company so that they offer a service by processing it, but simply storing and transmitting private messages between two users shouldn't count as giving that data to the cloud provider anymore than it counts as giving that data to the ISP)

Honestly the EFF should pivot their marketing directly to this, rather than staying abstract and getting lost in the noise - "FBI Director James Comey wants to help authoritarian regimes spy on Americans simply to make his agency's job easier"

The article does label key escrow as 'technical means that badly compromise their users’ security'. Now I'll be the first to admit that I'm not an expert, but saying 'well, you can use key escrow' ignores the fact that the authors label key escrow as one of the ways not to do it.

Outsourcing your computation to the cloud doesn't have to be insecure, if you trust the code you're running (perhaps it's your own code). Cryptographers call this delegated computation, and while modern techniques are still VERY slow, there has been a lot of progress in the past few years, and I think the landscape of these techniques will look much better.

Of course, we still have to contend with the case where the software you use is NOT owned or trusted completely by you. That's a different problem that IMO can only be solved by open source software.

I watched Comey's entire hearing today. The article here is accurate, but I think that it takes an strongly opinionated view of Comey's guarded and yet honest responses.

Comey knows that the solution to this problem won't be solved with legislation, which is why he isn't going to expend his energy trying to accomplish what the EFF suggests as a solution. One good thing to consider is that the EFF and the FBI both recognize that encryption can be an evil thing and that actions need to be taken to protect the citizens and the government that serves them.

With respect to the debate I'm seeing here in the comments, it seems like, to me, that there is a considerable amount of misunderstanding. What was discussed today wasn't the issue of mass surveillance, but of how or even IF these companies that offer secure communication services could aid in FBI investigations. That is both a technical and a non-technical issue. Comey calls it a non-technical issue simply because he thinks the solution ought to be left to the technical people at each company, and that in principle, regardless of encryption strength, these companies should offer a way to help the FBI in these exceptional instances. I think people here are seeing one or the other side and not realizing that Comey is aware of both.

One good thing to consider is that the EFF and the FBI both recognize that encryption can be an evil thing and that actions need to be taken to protect the citizens and the government that serves them.

It's not a useful classification. Encryption can be used for evil, just as everything else in the world can.

Comey calls it a non-technical issue simply because he thinks the solution ought to be left to the technical people at each company, and that in principle, regardless of encryption strength, these companies should offer a way to help the FBI in these exceptional instances.

There's a difference between leaving it to technical people to help, and forcing technical people to help. Legislation is the route to the latter.

There is no way for technical people to help against a good cryptosystem unless that cryptosystem has been subverted from the start. This is the new world we live in, and it's up to law enforcement to either recognize that fact, or weaken American encryption relative to the rest of the world, with predictable consequences.

EDIT: "The Horror of a 'Secure Golden Key'" https://news.ycombinator.com/item?id=8428632

Everything can be bad, even water can be bad. You need it to live, but then my America, sadly tortured people with it (waterboarding).

> these companies should offer a way to help the FBI in these exceptional instances

No. If it's at all possible for the technical staff to help the FBI when 'appropriate', then it will also be possible for them to snoop on you for any other inappropriate reason (jealous boyfriend stalking his girlfriend, corporate espionage for profit, etc.)

Everything can be an 'evil thing'. A hammer, encryption, a laptop and an email client can be 'evil things'. So if everything can be an 'evil thing' the conclusion should be there are no 'evil things' only evil activities perpetrated by (probably) evil people.

> I think people here are seeing one or the other side and not realizing that Comey is aware of both.

I don't think it is possible to see one or the other side, I think in this case there are no 'sides' to be on. The cat is out of the bag, it won't go back in and any time wasted on this subject is time that would be more productively spent elsewhere. Just like gunpowder and nuclear weapons can't be un-invented (and those are a lot more skewed towards being 'evil things' and yet even gunpowder has good uses (explosives used for road building) and we've seen some proposals for PNE's (not that that ever worked)).

If you want encryption to be an evil thing by extension math is an evil thing.

If we're going to have an argument over who needs to change their "business model" so the FBI's anti-terrorism mission is easier, gun manufacturers and sellers should be at the top of the list, not software companies.

That is the same sort of silliness as banning software but applied to hardware instead. Furthermore, many terrorist attacks have been done using knives and machetes such as the May 22, 2013 Woolwich attack.

Agreed, the 9/11 hijackers only had knives, and they may very well have been successful even without them.

If your only goal is to prevent terrorism, sure.

Guns should be reconsidered because they kill so many people every single day in "normal" violence. It's sad that it takes a bunch of affluent white people getting killed for us to have a discussion on gun control.

Give me a break. Gun control being discussed because there was a mass shooting, not because of their race or socioeconomic status.

Yes. It's still sad that we have to have several people getting killed by the same person in the same day for it to become a public discussion. People get shot to death every day, but we don't care because they're all separate incidents (boiling a frog). Also they're mostly black but that doesn't make race the reason.

Why does America care about this shooting in particular? It's a mass shooting of white people.

That's a baseless assumption. America discussed gun control following the shootings in Charleston, S.C., as well.

Well sure, with a tautology like that.

The problem is, for example, that gang violence is exempt from "mass shooting" classification. So yes, we care because there was a mass shooting. It's called a mass shooting because it wasn't poor people shooting at each other.

And still, you're missing the point. Mass shootings make up a tiny fraction of gun violence in this country. We clearly do not discuss gun control due to gun violence, so clearly the goal of gun control is not to curb gun violence. We discuss gun control due to specific, exceedingly rare types of gun violence. One can only assume that the goal, then, is to prevent those specific, exceedingly rare instances of gun violence.

> Well sure, with a tautology like that.

Not a tautology. I called you out for making a baseless, refutable claim. Consider the shooting in Charleston, S.C. Were the victims in that church affluent and white? Seems to me we had a national conversation following that shooting, as well.

> And still, you're missing the point.

I only took exception with the part of your argument about the national conversation shifting to gun violence in the wake of mass shootings of "affluent white" victims. Anything else you inferred from my statement is strictly a product of your imagination.

We've been having gun control discussions for decades. The issue has been decided. Gun enthusiasts having access to their hobby has been determined to be worth about ten thousand deaths per year. The cost is understood and accepted.

Knife attacks are possible, yes, but you can't stage a mass shooting with a knife.

> you can't stage a mass shooting with a knife

and you can't stage a mass stabbing with a gun.

I'm sure there are plenty of people with different priorities being goaded into making the opposite argument. Defending yourself by offering up others is a poor strategy that results in everyone losing.

How exactly? If anything this outlines the failure of NICS; not gun manufacturers and FFL's.

The "business model" argument Comey was making at least becomes somewhat relevant to a national debate on terrorist attacks if you're talking about the actual weapons used in the attacks and the companies that make them.

How is it a failure of NICS?

We have plenty of gun laws and methods of checking criminal history already; additional restrictions and laws don't change the fact that criminals are willing to be criminals.

Unless you just want to take guns away from all civilians forever, and in that case I don't think we can have an actual rational dialogue.

edit: I don't mean "you" specifically, I mean the general "you". I can see how that could read wrong.

Not sure what "we" and "plenty of" mean. This is regulated state by state. And the number of laws (?) is irrelevant if they are ineffective.

Ohio, for instance, has gun shows that advertise on TV and facilitate casual gun sales. Not even a Walmart, just a booth at a convention center.

* Some states have permissive gun regulation.

* There is no consistent, nationwide background check system.

* There is a large field of options between where we are and "take guns away from all civilians forever". We already prevent the sale of grenades. We prevent the sale of gas. Doing so makes it harder for criminals to be criminals in particular ways. We can similarly restrict the sale of certain kinds of weapons to make it harder for criminals to be criminals, just as some of our other rights are restricted outright or through case law (including free speech, freedom to assemble, and others).

I'm a native born and so far lifelong resident of Ohio; and I wouldn't have our gun laws any other way (constitutional carry would be nice)

I think something like 1% of gun crimes are committed from firearms purchased from a gun show.

> We already prevent the sale of grenades. We prevent the sale of gas.

Explosives are pretty easy to make. How many pipe bombs were found with the San Bernadino shooters? And this is California in that example, possibly the most restricted state in the US regarding firearms.

Tannerite is legal for purchase in Ohio and California, for example. All you need is a blasting cap to set it off (or shoot it with a gun, which is one hell of a fun afternoon)

> Unless you just want to take guns away from all civilians forever, and in that case I don't think we can have an actual rational dialogue.

Can I ask why not? I mean, why is it irrational to suggest that civilians not be allowed to own powerful weapons designed to kill humans?

I shoot as a hobby (steel and paper), and have a loaded gun on me at all times at home (on the bedstand when sleeping) for self defense. Removing that not only kills a hobby that I love, but also places me at a mortal disadvantage if the situation arises. I'm actually for non violent felons being allowed to still have a right to self defense. If we had a program that could actually rehabilitate violent felons (the prison system DOES NOT do this), I'd be all for those people to be allowed the right to defend themselves as well.

The people that are interested in causing you harm for their own gain really don't care how they do it; at this point in time the best equalizer for all is a firearm.

The angle on a tyrannical government, and keeping that problem in check, is a whole different discussion and probably isn't suited for this forum.

Most victims of guns aren't attackers that were shot in self defense. Are you saying it's better that large number of innocent people get killed than a minority of self-defending people? That doesn't sound like a safe solution overall - it only benefits the people who take more action to defend themselves and hurts everyone else.

Question too - how do you use a gun to defend yourself against somebody else with a gun? Doesn't it come down to who can "draw" quicker - which will surely always be the attacker because he's the only one who knows what's about to happen?

Or are you only talking about defending yourself against people without guns who who might use them impulsively so they don't have the advantage of surprise?

Most people killed by guns are victims of suicide. America has a mental health problem. If you want to prevent deaths from guns fix the mental health problems first. If you want to stop people from dying focus on the number preventable cause of death, heart disease.

Most victims of guns are in gang related skirmishes in poverty centers.

> I mean, why is it irrational to suggest that civilians not be allowed to own powerful weapons designed to kill humans?

Because criminals don't care about laws and then they would become the only ones with guns. A law abiding citizen should be allowed the necessary means to protect himself, his family, and his possessions.

Besides that, they're not necessarily designed to kill humans; plenty of people need guns to defend against animals (like anyone working in bear country, farmers protecting chickens against coyotes, etc.)

I don't really buy the "criminals have them, so I need one too" argument.

Are you genuinely so in fear for your family's' safety, that you need a firearm and ammunition on hand?

If that is the case, and I were in your position,I would seriously consider moving elsewhere before I armed myself.

I live in a country where they were banned some time ago for all civilians who don't have a very good reason for owning one. ("Because I like them", or "I need to protect my property/family" are not considered good reasons).

Many farmers and rural types were very angry about the ban when it was proposed and implemented. But now, the vast majority of the population considers it to be the crowning achievement of the politician who implemented it.

Guns and gun crime are now so rare in my city that almost every time a gun is used to commit a crime it is front page news.

> Guns and gun crime are now so rare in my city that almost every time a gun is used to commit a crime it is front page news.

And yet it still happens. Additionally, you're from AU; You have a very different culture and level of poverty that you really don't see in the US. We (the US) have issues with income disparity unseen in a first world country, and the majority of the gun crimes occur in that area (poor urban areas). Poverty is a huge driver for crime. Fix that problem and gun crimes plummet.

Are you aware that knife crimes are up some 10+% in AU versus gun crimes? It seems that the criminals are still willing to be criminals.

Take a look at Vermont for example. Pretty boring if you want to live in an urban area, but probably the safest state in the US with the most relaxed gun laws. Vermont allows concealed carry without a permit; what we call "constitutional carry".

It's true that our respective societies are very different (despite their similarities). We do not really have a small-town society in Australia. Almost all Australians live in large cities, and metro areas. This urban mindset is definitely reflected in our policies and laws.

It is worth noting however, that Sydney (where I live), is larger than every city in the US, except New York. And yet I am vastly (something like 400x) less likely to be the victim of any gun related crime than a US city dweller.

That's the trick, isn't it? By referring to "gun crime" it looks like, magically, crime has disappeared along with the guns. But it isn't relevant whether a victim of a mugging is faced with a gun or a knife, so it's not "gun crime" that's interesting, but "crime".

In countries that have banned guns, including Australia, the restriction on guns has done nothing to reduce crime. In every single country that has banned them (again including Australia) there was an initial uptick of crime. The UK in particular had a massive increase in homocides (the number one reason people give as to why guns should be banned) and also saw home invasions where the victims were physically at home at the time of the invasion increase. Australia was lucky in that after its uptick, crime returned to normal rates. In many other countries, crime has continued to trend upward.

I don't think it is down to luck that Australia has had had zero mass shootings by crazy people since the our government implemented a mandatory buyback, and destroyed hundreds of thousands of weapons almost 20 years ago.

Mass shootings in Australia were rare before the gun laws were strengthened.

Also, Australia still has guns including plenty of rifles and even handguns. You banned some types of guns, not all of them.

Australia also had only 18M citizens at the time.

But the zero massacres since 1996 is still significant.

Yes, guns are still available for sports shooters, and hunting etc. But we also strengthened the laws concerning how weapons must be stored (in a safe). The police have the right to turn up at the door of any registered gun owner and demand to inspect their storage at any time.

I am not sure how often that actually happens, because my guns are all digital :P

> But the zero massacres since 1996 is still significant.

There have been many massacres since 1996. One even involved guns. All that has happened with the banning of guns is that the weapon of choice for difference crimes has changed. In the case of mass killings, arson seems to have become the weapon of choice.

> If that is the case, and I were in your position, I would seriously consider moving elsewhere before I armed myself.

Most people who live in those areas can't really afford to do that.

In any case, the onus is on the prohibitionist to defend the policy of prohibition, not the other way around. "Guns increased your chances of dying this year by 0.003%" (~11k gun homicides over 300M population) is a totally unmoving argument to me and I suspect most people in the US. At those risk levels, might as well ban cigarettes, motorcycles, aspirin, alcohol, leaving the house...

Bear in mind that technology will soon let people create arms in the privacy of their own home. Then it has to be the idea that gets banned, so good luck.

The technology to make firearms at home has existed for a hundred years.

"without special skill," I should have not left unsaid.

> the FBI will rely on backroom pressure to make companies compromise encryption, or even eliminate business models it doesn’t like.

What does this imply for FOSS? I can't really see the feds organizing a sit down with the maintainers of the hot new crypto algo repo hosted on Github.

In the US, publication of source code is free speech protected by the first amendment.


Site note: publication/distribution of runnable binary code isn't necessarily 1st amendment protected. There aren't any laws[0] about it, and there haven't been any federal court decisions[0] over it.

[0]that I know of. IANAL.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact