Having access to encrypted communications is just going add a lot more information to monitor and thus more noise to filter out for federal agencies, who are already bad at catching the red flags.
The answer here isn't MORE surveillance, it's more TARGETED surveillance ie devising much more precise warning patterns to look out for. For example, the San Bernardino killers apparently took out a massive loan and emptied their bank accounts prior the attack.
This happens quite frequently when people are going to make a big purchase or pay off another loan with worse terms. It's not as much of a red flag as you would think.
Problem is, the police seems to be spending the resources that should be monitoring those people on monitoring everybody.
The other thing to consider is what flags actually allow the authorities to do unless the flags rise to the level where the police can actually arrest the suspects or follow them around 24/7.
The point is that we should really consider the wisdom of a surveillance state that we're increasingly tolerating in the US. It is not illegal to be an extremist until you've broken laws. It is illegal for the government to deprive people of their constitutionally guaranteed rights. Like it or not, the rights that we enjoy have to apply to everyone or they aren't worth anything.
No it isn't because no agency has enough manpower or resources to follow up on every lead a 'terrorist detection model' generates. Catching bad guys isn't all tech. At some point, a human being has to get involved to investigate if they're actually planning to commit an attack.
Of course there's a purpose in having a government that looks for terrorists - but it is too easy to turn those capabilities into suppression of dissent. Did you see how in Paris they used their new emergency powers to PREEMPTIVELY put people who had protested against climate change in house arrest. Before they even had their convention. That was horrible.
The same exact thing happened in the Paris attacks: one of the killers (already known by french authorities to be radicalized) withdrew three months of salary shortly before the assault.
Saying that encryption is the problem is simply ridiculous considering the fact that even the most basic procedures aren't being taken care of.
I ask this in all seriousness, as I cannot fathom how such a system would be implemented, even disregarding the Constitution and the willingness of those creating the software.
Google "export grade encryption" and "lotus notes"
Dark dark days for privacy, and it came back to bite us as the FREAK vulnerability, but those in charge today are old enough to remember such tricks. That's why generals still talk of cooperation to create reasonable backdoors, they confuse true backdoors with the old work reduction schemes.
Including, presumably, not only programmers who're not under the jurisdiction of the FBI, but also programmers for whom the FBI is genuinely "their and their nation's adversary"?
Reminds me of a recent tweet: Homeland Security's new "House Un-American Mathematics Committee": https://twitter.com/puellavulnerata/status/67290345222221824
It's a terrible idea. The only proposed methods with theoretically possible security would suffer insurmountable side channel issues.
Edit: more https://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSA...
They want to be able to light a fire under your ass. Once they light that fire, the technical issues are moot.
Also, the US will probably forbid anybody from outside their jurisdiction from creating encryption software, otherwise it won't work. \s
If you read between the lines a bit, it's clear that what they want is encryption to/from cloud hubs where data is stored using escrowed keys (a.k.a. server-side "encryption"). Many services already more or less do this, so the goal would be to push the entire market in this direction and then eventually to outlaw or otherwise restrict systems that do not work in this way.
This fits in with the dumb terminal / mainframe model of the Internet being pushed to varying degrees by most of the tech giants these days and with Amazon's vision for IoT.
It's stupid and naive to claim that there is some technical barrier to what the FBI wants. It's actually quite easy if we apply a bit of government pressure to push the Internet even further toward the "put everything in the cloud" direction it's already going. Anything in the cloud is almost by definition backdoored.
Pretty much. The TLAs are whining because they got used to wholesale vacuuming of butt data, and now the pendulum is poised to swing the other way.
IMHO Apple is merely poking a hornet's nest, because it will be quite easy for USG to force them to modify their centrally-distributed software. The only truly defensible position we have is Free software. Whether there's enough interest/money to support its wide scale adoption is one of the major questions of our time.
> such a law requiring backdoors would be likely unconstitutional
Lol, as if that means anything when all ten test cases from the Bill of Rights are failing! I can see such a law being easily gavel-stamped since it's regulating interstate commercial activity.
I don't view the absolute number of calls to congress as important as unstated assumptions about what is "unamerican".
Back in the 90s if you asserted that the government was tapping everything, you were called a conspiracy nut. Because we had a shared societal belief that it was off the table in a free society. This has now been broken.
A politician endorsing a surveillance system that would make East Germany jealous would have been ridiculed by the media. Now they're ridiculed for not supporting such totalitarianism.
And Snowden's disclosures, while great for exposing the conspiracy, serves to normalize the surveillance. Very few people are switching away from butt services as a result, a tacit endorsement of the status quo.
FWIW, if you watch things from before 11sep2001 there's still constant mentions of terrorism. "911" is more of a pretend watershed so we can tell ourselves "everything changed" when in reality the panopticon has been building for far longer.
Comey is the emptiest suit I've ever seen testify before Congress. Comey is told by his handlers what he should claim to believe and otherwise he carefully avoids believing anything.
At one point today he really showed his ass. After tacitly agreeing with Leahy about "an Internet sale" of a gun which implied anyone could order a gun online without a background check, Graham asked Comey if such a purchase would be "delivered to my home."
When asked this question, the Director of the FBI, an organization that, along with the ATF, orchestrated the Fast and Furious gun-walking scheme and therefore should have absolutely zero confusion about the exclusive role of FFL holders in the transfer of firearms in the United States and the harsh federal penalties for anyone that fails to obey the relevant laws, answered in public, complete with a genuinely quizzical look;
"... I assumed it's shipped to you, but I don't know for sure actually ..."
Full stop. Not one shred of a clue. Un. Freaking. Believable.
There is nothing there. Comey is literally propping up a suit for the cameras.
Those services can't be trusted now where part of the threat model is corrupt, hostile, and/or authoritarian state actors. Unless you think America is the only place you'll conduct business that needs secure communication, that's not a viable "solution."
The fact that we currently mostly use systems where we need to trust a large number of people with our data only to communicate with one another doesn't mean that those systems are the right ones to build, even at a relatively apolitical technical level. The early internet, before HTTPS was common, added a large number of interconnected ISPs to that list of 'fully trusted by design' parties. That was, as we have recognized for decades, a design bug. One which we are only now starting to fix adequately. Trusting the cloud providers with full access to all data stored or even processed by them is a similar design mistake.
(Not saying that there isn't ever a use case to send data to a company so that they offer a service by processing it, but simply storing and transmitting private messages between two users shouldn't count as giving that data to the cloud provider anymore than it counts as giving that data to the ISP)
Of course, we still have to contend with the case where the software you use is NOT owned or trusted completely by you. That's a different problem that IMO can only be solved by open source software.
Comey knows that the solution to this problem won't be solved with legislation, which is why he isn't going to expend his energy trying to accomplish what the EFF suggests as a solution. One good thing to consider is that the EFF and the FBI both recognize that encryption can be an evil thing and that actions need to be taken to protect the citizens and the government that serves them.
With respect to the debate I'm seeing here in the comments, it seems like, to me, that there is a considerable amount of misunderstanding. What was discussed today wasn't the issue of mass surveillance, but of how or even IF these companies that offer secure communication services could aid in FBI investigations. That is both a technical and a non-technical issue. Comey calls it a non-technical issue simply because he thinks the solution ought to be left to the technical people at each company, and that in principle, regardless of encryption strength, these companies should offer a way to help the FBI in these exceptional instances. I think people here are seeing one or the other side and not realizing that Comey is aware of both.
It's not a useful classification. Encryption can be used for evil, just as everything else in the world can.
Comey calls it a non-technical issue simply because he thinks the solution ought to be left to the technical people at each company, and that in principle, regardless of encryption strength, these companies should offer a way to help the FBI in these exceptional instances.
There's a difference between leaving it to technical people to help, and forcing technical people to help. Legislation is the route to the latter.
There is no way for technical people to help against a good cryptosystem unless that cryptosystem has been subverted from the start. This is the new world we live in, and it's up to law enforcement to either recognize that fact, or weaken American encryption relative to the rest of the world, with predictable consequences.
EDIT: "The Horror of a 'Secure Golden Key'" https://news.ycombinator.com/item?id=8428632
No. If it's at all possible for the technical staff to help the FBI when 'appropriate', then it will also be possible for them to snoop on you for any other inappropriate reason (jealous boyfriend stalking his girlfriend, corporate espionage for profit, etc.)
> I think people here are seeing one or the other side and not realizing that Comey is aware of both.
I don't think it is possible to see one or the other side, I think in this case there are no 'sides' to be on. The cat is out of the bag, it won't go back in and any time wasted on this subject is time that would be more productively spent elsewhere. Just like gunpowder and nuclear weapons can't be un-invented (and those are a lot more skewed towards being 'evil things' and yet even gunpowder has good uses (explosives used for road building) and we've seen some proposals for PNE's (not that that ever worked)).
If you want encryption to be an evil thing by extension math is an evil thing.
Guns should be reconsidered because they kill so many people every single day in "normal" violence. It's sad that it takes a bunch of affluent white people getting killed for us to have a discussion on gun control.
The problem is, for example, that gang violence is exempt from "mass shooting" classification. So yes, we care because there was a mass shooting. It's called a mass shooting because it wasn't poor people shooting at each other.
And still, you're missing the point. Mass shootings make up a tiny fraction of gun violence in this country. We clearly do not discuss gun control due to gun violence, so clearly the goal of gun control is not to curb gun violence. We discuss gun control due to specific, exceedingly rare types of gun violence. One can only assume that the goal, then, is to prevent those specific, exceedingly rare instances of gun violence.
Not a tautology. I called you out for making a baseless, refutable claim. Consider the shooting in Charleston, S.C. Were the victims in that church affluent and white? Seems to me we had a national conversation following that shooting, as well.
> And still, you're missing the point.
I only took exception with the part of your argument about the national conversation shifting to gun violence in the wake of mass shootings of "affluent white" victims. Anything else you inferred from my statement is strictly a product of your imagination.
and you can't stage a mass stabbing with a gun.
Unless you just want to take guns away from all civilians forever, and in that case I don't think we can have an actual rational dialogue.
edit: I don't mean "you" specifically, I mean the general "you". I can see how that could read wrong.
Ohio, for instance, has gun shows that advertise on TV and facilitate casual gun sales. Not even a Walmart, just a booth at a convention center.
* Some states have permissive gun regulation.
* There is no consistent, nationwide background check system.
* There is a large field of options between where we are and "take guns away from all civilians forever". We already prevent the sale of grenades. We prevent the sale of gas. Doing so makes it harder for criminals to be criminals in particular ways. We can similarly restrict the sale of certain kinds of weapons to make it harder for criminals to be criminals, just as some of our other rights are restricted outright or through case law (including free speech, freedom to assemble, and others).
I think something like 1% of gun crimes are committed from firearms purchased from a gun show.
> We already prevent the sale of grenades. We prevent the sale of gas.
Explosives are pretty easy to make. How many pipe bombs were found with the San Bernadino shooters? And this is California in that example, possibly the most restricted state in the US regarding firearms.
Tannerite is legal for purchase in Ohio and California, for example. All you need is a blasting cap to set it off (or shoot it with a gun, which is one hell of a fun afternoon)
Can I ask why not? I mean, why is it irrational to suggest that civilians not be allowed to own powerful weapons designed to kill humans?
The people that are interested in causing you harm for their own gain really don't care how they do it; at this point in time the best equalizer for all is a firearm.
The angle on a tyrannical government, and keeping that problem in check, is a whole different discussion and probably isn't suited for this forum.
Question too - how do you use a gun to defend yourself against somebody else with a gun? Doesn't it come down to who can "draw" quicker - which will surely always be the attacker because he's the only one who knows what's about to happen?
Or are you only talking about defending yourself against people without guns who who might use them impulsively so they don't have the advantage of surprise?
Because criminals don't care about laws and then they would become the only ones with guns. A law abiding citizen should be allowed the necessary means to protect himself, his family, and his possessions.
Besides that, they're not necessarily designed to kill humans; plenty of people need guns to defend against animals (like anyone working in bear country, farmers protecting chickens against coyotes, etc.)
Are you genuinely so in fear for your family's' safety, that you need a firearm and ammunition on hand?
If that is the case, and I were in your position,I would seriously consider moving elsewhere before I armed myself.
I live in a country where they were banned some time ago for all civilians who don't have a very good reason for owning one. ("Because I like them", or "I need to protect my property/family" are not considered good reasons).
Many farmers and rural types were very angry about the ban when it was proposed and implemented. But now, the vast majority of the population considers it to be the crowning achievement of the politician who implemented it.
Guns and gun crime are now so rare in my city that almost every time a gun is used to commit a crime it is front page news.
And yet it still happens. Additionally, you're from AU; You have a very different culture and level of poverty that you really don't see in the US. We (the US) have issues with income disparity unseen in a first world country, and the majority of the gun crimes occur in that area (poor urban areas). Poverty is a huge driver for crime. Fix that problem and gun crimes plummet.
Are you aware that knife crimes are up some 10+% in AU versus gun crimes? It seems that the criminals are still willing to be criminals.
Take a look at Vermont for example. Pretty boring if you want to live in an urban area, but probably the safest state in the US with the most relaxed gun laws. Vermont allows concealed carry without a permit; what we call "constitutional carry".
It is worth noting however, that Sydney (where I live), is larger than every city in the US, except New York. And yet I am vastly (something like 400x) less likely to be the victim of any gun related crime than a US city dweller.
In countries that have banned guns, including Australia, the restriction on guns has done nothing to reduce crime. In every single country that has banned them (again including Australia) there was an initial uptick of crime. The UK in particular had a massive increase in homocides (the number one reason people give as to why guns should be banned) and also saw home invasions where the victims were physically at home at the time of the invasion increase. Australia was lucky in that after its uptick, crime returned to normal rates. In many other countries, crime has continued to trend upward.
Also, Australia still has guns including plenty of rifles and even handguns. You banned some types of guns, not all of them.
But the zero massacres since 1996 is still significant.
Yes, guns are still available for sports shooters, and hunting etc. But we also strengthened the laws concerning how weapons must be stored (in a safe). The police have the right to turn up at the door of any registered gun owner and demand to inspect their storage at any time.
I am not sure how often that actually happens, because my guns are all digital :P
There have been many massacres since 1996. One even involved guns. All that has happened with the banning of guns is that the weapon of choice for difference crimes has changed. In the case of mass killings, arson seems to have become the weapon of choice.
Most people who live in those areas can't really afford to do that.
In any case, the onus is on the prohibitionist to defend the policy of prohibition, not the other way around. "Guns increased your chances of dying this year by 0.003%" (~11k gun homicides over 300M population) is a totally unmoving argument to me and I suspect most people in the US. At those risk levels, might as well ban cigarettes, motorcycles, aspirin, alcohol, leaving the house...
What does this imply for FOSS? I can't really see the feds organizing a sit down with the maintainers of the hot new crypto algo repo hosted on Github.
that I know of. IANAL.