A key promise of Obama's campaign for the presidency was to run the “most transparent” government- however the only person to really deliver on that promise was a whistleblower.
Secret courts, secret domestic spying, and now calls for weakening of the digital equivalent of the safe shows that he either was not honest about transparency, or has radically changed his opinion since becoming POTUS.
Maybe it's that he decided to use his political clout to pick healthcare as his signature in American history, not wage war against the NSA, but either way it saddens me to have campaigned for someone who has empowered a surveillance state instead of fight against it.
Liberty literally means "freedom from arbitrary or despotic government or control", and freedom in the information age means the liberty to communicate and store information. Anything to compromise that makes us all more vulnerable to control in all parts of our lives, not just those stored in zeros and ones. I believe America can be "Land of the free, home of the brave", but not without digital liberty.
I think Washington has changed Obama more than Obama changed Washington. He's spent seven years in the craziest bubble in America surrounded by people being paid millions to distort his worldview one way or another.
A while back he advised some kids in College to never type anything into a computer if they want it to remain private. For him, it probably seems completely reasonable. I doubt he's touched a keyboard since he became president. His daughters are the only teenagers in America who've never been near Snapchat (the Secret Service will keep it that way). And he's literally surrounded by security officers and spooks everywhere he goes. They manage every interaction he has so you can imagine their worldview is going to affect him.
I'm not trying to make excuses for him. He's so completely off the deep end nowadays (between this and TPP) that it's heartbreaking as a long time supporter. I hope he leaves the presidency, leaves Washington and spends a few years thinking about what went wrong before writing his memoirs. It would be an amazing insight into the corrosive influence of Washington on a person's integrity.
> I hope he leaves the presidency, leaves Washington and spends a few years thinking about what went wrong before writing his memoirs.
No doubt he will. But let's stay focused on the debate for now. He's still in office. There's still time to share facts with him.
He says he has a digital services team. Who holds those positions currently?
And who are his technology advisors? What are they saying on this issue? What have they shared with Obama?
From Obama's remarks, it sounds like he treats the digital services team more as a toolset, rather than a team of trusted advisors.
EDIT: The next PCAST (President's Council of Advisors on Science and Technology) meeting will be on March 25 and webcast here [1]. No need to sign up, just visit that page on the date to view. I suggest we all watch this and submit questions to their group in advance.
They meet every other month. The last meeting was on January 15, which predates Comey's open letter to the public (Feb 21) about the San Bernardino case, so they have not yet publicly discussed encryption in light of what's happened since Comey's letter.
I have hundreds of bookmarks in chrome. I have so many bookmarks that I've essentially stopped making new ones because the back log is simply too large.
That speech I bookmarked. Despite the terrible formatting that speech is a work of art applicable to every human being who holds power, whether it's POTUS or the office manager.
I'd recommend Pinboard.in. If you pay for an account with Bookmark Archive, it will also save a permanent copy of the bookmarks so that you can read them even if the original goes down, and provides full text search over them. There's a nice "Save Pinboard Bookmark" that you can add as a Bookmarklet. Lastly, it has a flag for "Read Later" if you like tracking that intention.
It is excellent for solving the information craving that goes, "I could have sworn that I read something about that...", and then actually finding it later, sometimes years later, in appropriate need. I don't use that capability very often, but I love the feeling that I have a permanent archive of all this information.
The problem with "adjusting your browser" is that this requires creating a default style which is at odds with virtually every other site.
Which points to a significant problem with the Web: one reason we're inundated with crap styles is that the browser defaults are crap.
If the W3C and browser vendors set sane margins, padding, font sizes, etc., at least we could fall back to these rather than deal with the crap of current website design.
But the defaults are crap, and designers try to "improve" on them, and ....
That said, unstyled HTML (if that's what this is, I can't inspect the page) remains better in most cases than styled pages.
Let's take a moment of deep appreciation for President Obama's decision to not panic after the San Bernadino shooting, reinstate color terror alert codes, spark a ground invasion of Syria, or in any other way overreact.
For a brief interlude in American history, we had a president that didn't capitalize on terror attacks politically, or generally set a tone of paranoia and fear.
We almost never say it. I want to say it. As someone who first became politically aware during the post 9/11 Bush era, it's really nice to have an administration in the White House that isn't trying to scare us.
We wouldn't live like that in a Trump administration. We would live in fear.
"SCOTT SHANE: Well, five years ago, there were—there was a question about what to do as Gaddafi’s forces approached Benghazi. The Europeans and the Arab League were calling for action. No one really knew what the outcome would be, but there was certainly a very serious threat to a large number of civilians in Benghazi. But, you know, the U.S. was still involved in two big wars, and the sort of heavyweights in the Obama administration were against getting involved—Robert Gates, the defensive secretary; Joe Biden, the vice president; Tom Donilon, the national security adviser.
And Secretary Clinton had been meeting with representatives of Britain, France and the Arab countries. And she sort of essentially called in from Paris and then from Cairo, and she ended up tipping the balance and essentially convincing President Obama, who later described this as a 51-49 decision, to join the other countries in the coalition to bomb Gaddafi’s forces."
No, he just sanctions low-key drone strikes in countries we're not even at war with keeping a hushed public content. Just listen to his SXSW speech. I think you see the real Obama showing through there, and no, it is not an idealist who was corrupted by Washington. He is slick as they come in Washington.
Better that and kill some terrorists than send an entire army for the same terrorists. Much more efficient and safe for everybody, including the country where the drone is used. Better a drone than an army.
I am not against the strategic use of drones vs. putting boots on the ground. I am questioning the number of countries we have used drones in. A lot of questions are also being raised about the targets being "terrorists", and I am not talking about an accidental drone strike at a wedding of civilians, but the public's blind acceptance that we are indeed getting the 'bad guys'. I am not so sure the ratio of bad guys to civilians is as high as reported. Are you, and what's your evidence?
This recent debate has quite literally centered on his administration using the San Bernardino shootings as leverage to force Apple to break iPhone's encryption. It's the main reason this whole discussion has the profile level it does.
He's asking to strike a balance in a court case. The tone, the actions, are so incredibly measured. Even though I disagree with them. And let's face it, iPhone encryption is weak encryption, with a single point of failure, the Apple signing key.
In comparison, six weeks after 9/11 we got the entire PATRIOT act rammed through, and the current NSA domestic panopticon put into place illegally and in secret.
And the administration is making it's arguments openly, we are not being manipulated by the general climate and context.
We aren't being made to feel afraid in the way we were in those dark years. We are not being told to buy duct tape and plastic sheeting to seal doors and windows in case of biological or chemical attack. The administration is not making a big show of deploying missile batteries in DC, while the Terror Alert is raised another shade, all based on "chatter".
We had a Vice-President say we are going to have to "work the dark side", and he meant torture. And we did, in dark dungeons on the far side of the world.
We started to torture, and we all have to live with seeing torture a regular fixture in our entertainment. That wasn't the case in the same way before the Bush administration normalized the practice. Obama ended this inhumanity on his first day in office.
When I see how far reaching the changes to our culture were, when I see how it's percolated, when I see it in Hostel, Game of Thrones, or in the far more radical Scandal, which is actually honest about the sadistic motivations behind torture, I wince and mourn what we lost as Americans, and I curse the name of Dick Cheney.
We were, all of us, debased. Even our culture and entertainment was debased.
And the open source, lone wolf style of ISIS has a far greater potential to be exploited to cause mass hysteria. The fact that it isn't is a refreshing departure from what I fear is the norm in American politics.
The entire stance, attitude and tone from Obama makes me feel secure. Because I'm far more afraid of government overreach and repression than any terrorist group.
Watching Trump, hearing Chris Christie call this WW III, it gives me terrible flashbacks to a time I am glad is over.
"And let's assume that we were to send 50,000 troops into Syria -- what happens when there's a terrorist attack generated from Yemen? Do we then send more troops into there? Or Libya perhaps? Or if there's a terrorist network that's operating anywhere else in North Africa or in Southeast Asia?
> And let's face it, iPhone encryption is weak encryption, with a single point of failure, the Apple signing key.
So what? The underlying debate is whether or not the DOJ should be allowed to require phone manufacturers to guarantee they can decrypt phone data when served with a warrant.
You can rally for Apple to make a more secure phone all you want. That is a separate issue. It doesn't change the fact that the DOJ is willing to do everything it can to get access to all phones through the courts or Congress. They don't care how it happens, they just want it.
It's not about one phone, it's not even just about the phones the DOJ currently has waiting to be decrypted. It's about every phone in the world. The DOJ knows this, but they can't say that because it is part of their position to argue that this is only about one phone.
This is politics. These are lawyers. They will say anything that they think will convince a judge, Congress or the American people to win them to what they believe is the correct side. That's how our system works.
They're not conspiring to do evil. They just don't have all the facts. And even if they are conspiring to do evil, our course should be the same. We should educate each other about how encryption works, and how legislation requiring backdoors would actually make us all less safe on balance than having no backdoors at all.
The difference between Bush's (and Congress's) response to 9/11 and Obama's response to San Bernadino were as different in scale as 9/11 was to San Bernadino. The last time something happened that was a comparable scale to 9/11, the US responded by inventing, and then using, nuclear weapons.
Trump would make you pine for the days of George W. Bush. I think we took for granted the fact that Bush did things to smooth bigotry rather than incite it, like publicly declaring that Islam is a religion of peace and taking care to distinguish al-Qaeda from Islam in general. I think rather than pinning these things on the President we should take a look at the media, the rest of the government, and most importantly the public. Like it or not, the nationally televised murder-by-airliner of 3,000 people is going to incite panic, hatred, overreaction, and fear to a degree that not even the most resolute President can control.
I have (from afar) also witnessed the Bush presidency and regarding tone of voice and speeches, Obama was the far better diplomat and seemed very concerned with humanitarian causes.
I suppose we should also be appreciative he hasn't instituted gulags... that we know of anyway. But that's really beside the point for this discussion.
I think Obama had that in his character years before he even ran for President, so I think it is an easy out to say he was corrupted by the system in Washington. Basic character doesn't just do a 180. Granted, your ideals may be softened by coming up against those who oppose them, but they do not reverse and hide under the covers. All politicians promise many beautiful things, but they have their agendas. Under Obama drone strikes have multiplied in several nations we are not even at war with, and stayed out of the news for the most part, and he has not been made accountable in the slightest. Through his representatives it has been made clear that he wants Snowden to return and face espionage charges. Even if that is the way to face the government, he did not offer any of his take on it to say otherwise. I am very untrusting of most, if not all, politicians, since I see it is a game for people to gain and feel powerful. I do not idealize candidates in the slightest. Trump polarizes people, and I do not like him in the slightest; I know where he stands though. With Obama his rhetoric and his actions are not in sync.
> It would be an amazing insight into the corrosive influence of Washington on a person's integrity.
That's going on the assumption that he had integrity in the first place and I'm no longer immune to considering the possibility that he did not and just played the voters for all it was worth.
For instance: someone with integrity would have returned an un-deserved Nobel peace prize.
Quoting "Obama said he was "surprised" and "deeply humbled" by the award. He stated that he does not feel he deserved the award,[14][15] and that he did not feel worthy of the company the award would place him in."
But usually I don't agree with it, in Obama's case I do.
It's not as if he brought lasting peace to some place that's been on fire for the last 3 decades, besides the prize was awarded way too early in his first term for him to have time enough to accomplish such a thing in the first place (after only 9 months).
My personal view on this is that he mostly received it because he wasn't Bush and they were trying to shame him into doing the right thing (which may have had a point) but I don't think that worked out too well.
The big international war issue from 2003 to 2008 was the US invasion and occupation of Iraq.
Enter Barack Obama, a candidate who campaigns vigorously on trying to get America out of Iraq and trying to limit or even undo some of the damage America inflicted on itself during that war (not to mention Iraq and its people).
Things have not gone all that well. But, when I imagine what would have happened if McCain had been elected, I conclude that things would have gone even worse.
What other candidate was pushing as vigorously for de-escalating and militarily disengaging from Iraq as Obama was? Hillary Clinton??
Where would we be on this particular issue if Senator Obama had not decided to run for president -- if he had just left it all to the existing establishment candidates?
I'm not so sure about all this. Bernie's been in Washington for decades as a Congressman, so he's been exposed to the same stuff, and his worldview is completely different from Obama's. Before he was elected, Obama had very little experience in Washington; he didn't even serve a full Senate term, and mostly voted "present". He just told us what we wanted to hear, and didn't have much of a record backing up his rhetoric. Hillary, by contrast, has a lengthy record, but it backs up all the worst actions that Obama has shown, but worse. Bernie has an even lengthier record but unlike Hillary there's no indication of corruption and his record is pretty much all good from a liberal perspective.
Note that Bernie and Hillary have both said they believe middle ground can be sought on this issue.
As strange as it may sound, the Clintons did the most for the pro-encryption side of this debate. Former President Clinton passed CALEA, which TechDirt points out applies to "manufacturers and providers of telecommunications support services" [1]. Also from CALEA,
> (1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
> (a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;
> (b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
I believe the judge in the San Bernardino case will point to this to deny the DOJ's request to use the All Writs Act to compel Apple to write the special version of the OS. At the very least, CALEA is a strong statement that Congress has already decided that they will not pass laws requiring Apple and others to put backdoors in their phones. That doesn't mean the debate is over, however. Many people still do not understand encryption technology and will blame technologists for standing in the way of legislation that they perceive would have saved us from certain terrorist attacks.
Although Bernie has said he's against surveillance, he and many of his most vocal supporters remain uninformed about encryption. I tried posting a couple times in the Sanders subreddit, calling for Sanders to take a stronger position in support of end-to-end encryption [2]. The response was he can't take a position on this because it isn't a major issue. I think that time is fast approaching. Obama hasn't let up, and obviously neither will technologists. It's difficult for a politician or law enforcement official to tell the population that they can't track all communications in the manner they used to be able to, and on the other hand, we technologists cannot simply ask math to stop working.
>As strange as it may sound, the Clintons did the most for the pro-encryption side of this debate. Former President Clinton passed CALEA
Huh? You must be too young to remember the Clinton presidency, but Clinton's administration made a huge push to force everyone to use the "Clipper" chip for encryption, which would have both mandated a specific type of (not-so-strong) encryption and given the government the keys for it through key-escrow. We're really lucky that Clinton couldn't get that one through Congress, but to claim that the Clintons are pro-encryption is being completely ignorant about history. They're only pro-key-escrowed encryption.
I didn't say the Clintons were pro-encryption. I said, "Oddly enough, they did the most for this side of the debate".
Maybe that's inaccurate, in that they probably weren't responsible for the exact language that comes to Apple's rescue in CALEA, however Clinton did sign it.
Anyway, my point was, in a thread about the iPhone case, in response to a comment with a user praising Bernie Sanders, that Bernie has not said anything different about encryption than Obama or Clinton, and that's it. That's my whole point. I am not making this political, I'm just sharing facts. Of course we know Hillary won't do jack to protect strong encryption. I don't think Sanders will support it either, based on what he's said so far.
I find your train of thought to be rather belittling and infantilizing of a man who, by all accounts, is quite brilliant (regardless of views on his politics, it's a commonly held position). Now, sure, people are affected by the circumstances in which they live, but you've framed it as though Obama has been hoodwinked by nefarious and persistent forces. Personally, I disagree with President Obama's crypto policies, but I don't assume that he came to his positions out of anything but a thoughtful reading of intelligence briefings and alike.
> I think Washington has changed Obama more than Obama changed Washington. He's spent seven years in the craziest bubble in America surrounded by people being paid millions to distort his worldview one way or another.
I completely agree, I bet it's not a great job most of the time and a really different and isolated world.
>there will probably not be a single American that thinks a bomb proof car in a exaggeration.
Everyone in the world knows the President's car is a mobile battle fortress. I saw an entire show about it on the History Channel.
That's not because he's detached from the people, though, it's an unfortunate necessity of office. The last time an American President rode around in public in a convertible, it didn't end well for him.
I think the following truth has a lot of relevance to your comment: the only way somebody gets elected president of the US is if it's a given that he or she will maintain the status quo on behalf of powerful interests.
Obama's campaign promises are as empty as those of any other politician. He's used his presidency to bring a windfall to the Halliburtons of healthcare and escalated the war on whistleblowers and the attack on privacy.
His successor will do the same.
We can hope that his supporters become appropriately disillusioned, but so much of politics is about loyalty in exchange for spoils, not ideas or accountability, so I'm not optimistic.
> maintain the status quo on behalf of powerful interests.
I think "maintain" is the best-case scenario under the current system. "Shift dramatically in favour of" is the worst case, and that's primarily what I'm voting based on these days.
This is actually why I'm so hesitant on Bernie Sanders. I'm seeing the same campaign promises, the same basic ideas, the same wild support base. And I can't help but think we're about to face the exact same result.
Voting for promises is IMO meaningless. Same shit, different day. Instead, look at a candidate's history and base your vote on that. Unfortunately that takes more effort than most are willing to spend, but I can't think of a better way to estimate what they will do in the future.
Could you imagine what that would do to politics if everyone voted based solely on a candidate's record instead of promises and charisma?
I'm not sure if anyone could really stand up to the rest of Washington for 8 years, without going in as such a zealot in some way that you might not really want them as President.
Ted Cruz/Paul Ryan/Ron Paul might be the closest thing to that. Bernie Sanders, maybe, although I'd have a hard time seeing him maintain an 8 year long fight. Everyone else is basically establishment to some degree (Trump doesn't strike me as ideological as much as opportunist++, although certainly different in style than the others.)
(And maybe you want someone reasonable/rational/etc. but not ideological as President.)
I think Sanders could maintain. I could be wrong, but he has a pretty long record of doing the right thing (from my perspective) and I'm not sure what else you're supposed to vote for if not his / her record? Charisma? Promises? Anger?
I think Sanders is more ideological than most credible candidates in history (which is a lot of the appeal); same as Ted Cruz. (just polar opposites on ideology)
They're both pretty exceptional as top-2 candidates for their party nomination for that reason, compared to historical trends.
Disclosure: I liked Obama as candidate, and I've liked him as president.
I haven't always been happy with some of his decisions and policies. But, my guess is that he's constantly being whispered the worst case scenarios.
A president probably feels responsibility for the well being of hundreds of millions of people. And, all that it takes are a few highly polished ex-lobbiest communicators whispering, 'if you won't strengthen this program, Mr. President, then a terrorist will unleash a dirty bomb on the east coast and injure tens of millions.' Who would want to be responsible for that? 'Oh, just wiretap citizens? I guess that doesn't seem too bad if it's an either-or-decision.'
Unfortunately, I don't see a way out of this mess. Bin Laden won when he turned the US into a 24-7 terror watch. Now, we live by fear and over-protection against an enemy that we can't see.
And once again we see what a bad idea it is for the US to only have two major political parties. If there was at least another major left-wing party, they could freely criticize Obama for acting more like a right-winger than a left-winger during his terms.
But the "supposed left-wing" Democrats can't do that right now even if they wanted to, because that would hurt their chances with the Democrats, and Independents are irrelevant in this context, as if they want to vote left-wing, they'll have no choice but to go Democrat anyway - even though Independents make up almost 50% of the country and could easily support at least another 2 major parties if they all were a little more organized and didn't get brainwashed into voting the same Democratic or Republican parties that they hate (and the reason they registered Independents).
Imagine you need to hire someone to guard a big red button. The best that can happen is nothing; but the worst that can happen is that they themselves decide to push the button.
The Executive branch effectively only has the purpose of destroying, stopping, blocking, canceling, and annulling things. The president vetos bills; stops foreign invasions with military power; commutes federal prison sentences created by the judicial branch; stops legislation from applying by signing trade agreements or granting amnesties; etc. And every department within the Executive, like the FDA or the SEC, exists solely for the purpose of blocking people from doing things.
So the President is effectively just sitting there in front of a control panel consisting entirely of big red buttons. Sometimes, rarely, situationally, it helps to press one of them. Pressing one at random, though, would almost certainly do damage and serve no purpose.
Obama's status quo was done by just avoiding pressing the big red buttons. That's bad in one way. But it's an entirely different kind of bad to start pressing lots and lots of the big red buttons. That's what George W. was actually hated for—what he did, not what he didn't do.
Trump couldn't accomplish much good, certainly. But he would have full access to a panel of big red buttons. Do you trust Trump there?
The conclusion here doesn't quite follow from the premises :). Obama didn't do what he said does not imply vote for Trump any more than it implies vote for tajen.
Now I'm going to delve into specific politics more than I normally like to do, but I think there are important ideas to consider. Even if a president doesn't do what he/she promised to do, the attitude of a president does have an effect on the country. Judging from the attitude of Trump and the raucousness of some of his rallies, I don't think Trump's attitude and that of his more violent supporters should be spread across the country. That alone is enough reason to vote for someone other than Trump.
It's pretty sad, though, to have several elections in a row where more and more people are voting against a candidate rather than for a candidate. I can only think of one current candidate who I would vote for positively, rather than to just to avoid another candidate who is more negative.
The good news about Trump is that he's not bought or sold. He is what he is, which from my viewpoint is better than the unknown that we currently have.
You don't become a billionaire without having deeply entrenched political and business connections. Donald Trump may be "self funded" but I don't believe for an instant that his persona is any less calculated than that of any other politician, or that his agenda is entirely his own.
Because he is a politician, and by definition a very successful one. Just because he wears a red baseball cap and is willing to use vulgar language and encourage violence at his rallies in the name of denouncing political correctness doesn't mean he's an anti-establishment maverick and hero of the common man, or that anything he says is sincere. He's simply found a gimmick that works.
To his credit, it seems to work extremely well. But that doesn't make him qualified for the office.
Ok, it might, to a degree because it's a political office, but... he seems like a charlatan. I don't understand why people trust him, he seems like the most obviously political figure in the entire field.
There is a large segment of the population (in every country) that responds very well to power figures. The same reason why people in Russia like Putin, and so many other dictators have been quite popular at times. Trump is trying to reach those people by acting like the power person in the race. On the other hand, a big part of the population is also adverse to power figures, myself included. I would never vote for an authoritarian figure and there are many others like me.
I've read this so many times I am starting to think this makes sense to the people saying it: "Trump may be [insert whatever], and [policy X] is ridiculous, and [statement Y] went over the line. But [X] won't ever happen, so I don't have to worry about it."
Don't get me wrong, using policy and public statements to judge fitness for public office isn't perfect, but it seems in this case we are substituting policy and public statement with something that has little or no relationship with executing a complex and demanding job.
You act like his entire life hasn't been "executing a complex and demanding job"? Running a small business is hard enough, I can't even imagine running an empire.
Trump has been one step ahead of every last person this entire election cycle. It's been fascinating to watch and I'm done doubting him, underestimating him, or second-guessing why he does or says anything. Now I'm simply at the point where I'm just trying to learn from it, because there are lessons for any business owner or public figure inside.
In fact, if he were to win, I'm not even convinced [X] "won't happen".
It doesn't have to be hard to run an empire badly.
A shell script that just repeats "Sell all assets and invest in SPY" would outperform Trump at running his empire, and it would have the side bonus of not being a crazy asshole.
I'm sure it's hard to do well. My point is that Trump hasn't done well. The fact that he built a not particularly successful business empire with inherited money doesn't say much about his skills or smarts.
Hiring good people is hard, for sure. Has Trump ever done it?
I find this line laughable. Everyone seems to think that turning a million into billions is a cakewalk.
Most people wouldn't even know where to begin and would lose their minds during any downturn. The others would buy a small house and whither away savings. The rest would waste it all on idiocy.
If you're running a billion dollar empire and it hasn't burnt to the ground, you can be sure that he's hired good people.
Why don't you go put $1,000,000 in a market simulator and tell me how your "shell scripts" do over the next 20 years.
Given that you haven't answered the original question, I'm guessing that you have hired very few or even zero people ever?
Trump inherited tens of millions. Other people have done the "market simulator" thing and the result is that Trump has not outperformed the market. My shell script would have done about as well at growing Trump's wealth as Trump did.
Turning tens of millions into a few billions over the past forty years is a cakewalk. I don't know why you think it's "laughable" to say this. It doesn't even require smart investing, just the minimal amount of non-stupid investing.
I haven't answered your original question because it's simply not relevant. You're trying to make an ad-hominem argument against me. I'm not exactly going to jump at the chance to help you with that.
Yep, it's clearly that easy when you can look backwards at it. You have a time machine too?
You and I both know that you would have shit your emotional bricks in every downturn... while these guys are all buying more. And if not that error, then you likely would have generated some other failure.
If you're so good, you'd have that shell script up and running by now. Use that 20/20 hindsight to go do it in the future and see how that goes. Go turn $1000 into $1,000,000. It's easy, isn't it? Everyone can do it!
Nope. Instead, you haven't answered my question because, I am now convinced, you have absolutely no clue how difficult it is to grow such a large business, albeit a small one.
But of course you won't answer - you've never walked the mile. Yet there you are, on your high horse driving from the backseat on Hacker News with talk of shell scripts and 20/20 hindsight whiling failing to see another person's accomplishments - that is the sin.
Disagree with Trump's political policies, fine. I honestly don't care. But to make business success sound so easy - especially in this forum where there are tons of people who have received generous amounts of capital and squandered it all - is to insult any successful businessperson out there.
Just try and say that he's "lucky". Be that person -- the worst kind -- and be done with it.
Sure, I'll call Trump lucky. What do you call it when someone inherits eight figures, if not luck?
I love how you constantly make stuff up about me, then argue against the stuff you made up. No wonder you're a Trump supporter. It's a personality match!
If what you're trying to learn is how to manipulate people, then I agree, he is a master. There is a name for this type of people, they're called con men. Trump is a sales person. He has trained himself to sell anything, and he is just selling a quick solution for people that feel disenfranchise by the current political system.
He is selling exactly what a serious amount of people in this country want. If you don't know that then you don't understand America. Go work in a factory for a year.
You sorely overestimate anyone's intentions. Nearly all Trump types simply want productive jobs and to be left alone. I know this because I've worked in factories with them (non-Union).
If it's racist to not want to send my job to China, then you really need to check the definition of racism.
And why is it that so many legal immigrants are pro-Trump? Hmmm.....
Should we try to read intentions beyond what he is literally saying? The defense of Trump is solely based on the idea that he doesn't mean what he says. But this is tantamount to say that he is a liar. If that is the case, how can someone ever trust him? If you need to build on fear and lies to be elected, it is anyone's guess what might be the result.
No Trump supporter is saying this at all. Most highly agree on at least one of his major platform issues. If we've learned one thing, it's that he means exactly what he says, and won't back down or apologize. This only makes him stronger.
The days of believing this guy is dumb are over. He has single-handedly changed everything in American politics, and did it while people like you were believing he was a clown. That too, makes him stronger.
Except that he cannot provide it. Most of his proposals would require to overturn centuries of laws and other American traditions. Promising that is akin to trying to sell the statue of liberty.
I mean simple things like deporting 11 million people, killing families of terrorists, legalizing torture, and closing the US to China imports, just for starters.
Not impossible. Other Presidents weren't even trying and they removed between 1-2 million.
I don't think you understand the amount of power ICE has if unhandcuffed and fully supported.
Plus, they can come back in legally. With papers. Through the door. What on earth is so hard about that???
> killing families of terrorists
We already do this - not directly, but if we know a family is shielding a high-value target, we will hit the entire building.
> legalizing torture
This is perhaps hyperbole, but wanting to play on a level playing field is not exactly an earth-shattering request. There are ways to intimidate without 'torture'.
> closing the US to China imports
Doubtful, but pushing for tariffs from Congress is within reason and would be supported by a great part of America.
How come? Polls & numbers (whatever value they have this early on in the "general" cycle) state otherwise. In fact, it looks like Bernie has a much better chance at the moment than Hilary... Don't you think Trump would dominate 24/7 news cycle on digging up Hilary's old wounds? What does he have on Bernie? "He's a communist you're voting for a communist!"?
Interestingly enough, the polls say otherwise. [0] [1]
As the Politifact piece notes, (1) it's early in the campaign; (2) Bernie is much less well known than Hillary, and his perceived negatives might become more important in the general election; and (3) polls can always be wrong. Nonetheless, it doesn't seem to be correct to say he has far worse odds against Trump than she does.
I'm giving Bernie Sanders one last chance. But if he is elected and also reneges on his promises, I will probably stop caring about politics permanently.
edit: Whoops! Shouldn't have revealed I'm a Bernie supporter. Forgot that HN is a libertarian paradise!
It's funny, some threads you'd think everyone here was at least a socialist. Then in others you'd think everyone is one step short of declaring themselves sovereign citizens.
I think the lizard people who run the site just flip a coin when each story is posted to decide which kind of comments it'll have.
There is such a thing as left-libertarianism, and I suspect that a lot of people here have at least one foot in that ideology even if they've never heard about it.
I think people put too much importance on the role of the president with regards to domestic policy. You can't expect the president to effect change if congress opposes the president 100% of the time.
Electing Bernie won't make a huge difference if the republicans still control congress.
Woodrow Wilson sprang immediately to mind as an example of a president who effected change despite an intransigent congress. He is also a president who fought against entrenched interests.
Your idea seems to be more of an observation of recent presidents than a property of the presidency itself. I think there are two things that make it so. First, modern presidents are generally picked from a very narrow pool of candidates which the parties and the media help select and shape, thus making sure a relatively docile candidate is chosen. Second, most modern presidents are very politically oriented and beholden to the groups that donated to them during their campaigns.
I think that can be used to describe Hillary, but I think both Sanders and Trump are non-docile and not beholden to outside interests. Sanders, because his funds largely come as a mandate from individuals and he is very clear about who he works for. Trump, because he has nothing at all to lose by doing whatever he wants.
This is kind of sad, when I think about it - what you're describing is Trump and Sanders being opposed to Hillary and <Trump's opposition, I forget the name> in a way that matters just as much as Democrat VS Republican, but that decision is entirely up to the Dem/Rep oligarchy.
The president has an enormous amount of power. The executive branch has been steadily expanding its power since the beginning of the country.
Consider, for example, a Sanders DOJ vs. a Trump DOJ? (I suspect a Trump FBI would be primarily interested in cataloging and spying on anyone critical of Trump or of Muslim faith, essentially use COINTELPRO as a starting point, but make it better and stronger and do good deals). What about a Sanders DEA? EPA? DHS? The executive can do nearly anything if they are bold enough. The executive can ignore the judicial branch ("He has made his ruling, now let him enforce it"), the legislative branch (subpoenas from congress? About illegal leaks of classified information for political purposes concerning Valerie Plame? Please direct the law enforcement officers with weapons in your branch to serve them. You don't have any?)
I believe Sanders would refrain from using executive power to make things worse, while I am certain all of the other candidates would not refrain. Hillary will not differ from Obama nor does she claim to. Trump's shtick is to be an American dictator, an executive strong man who advocates violence and abuse towards anyone who disagrees with him and acts as an outlet for racism and hate and anger. Imagine if he had an army of FBI, DHS, NSA agents at his beck and call.
I've always wondered what would happen if a President gave a TV-broadcast speech, telling people to write to their congressmen and demand a change of their policy on some issue.
Would that be illegal? Would it be speech? It's not like the President would be telling you who to vote for (though it might be different if the US had referendums, because the President would be telling you what to vote for); the President is simply attempting to sway your opinion, and then telling you to inform someone else of your (hopefully swayed) opinion.
This is exactly what I think Trump has in mind. First time congress doesn't do what he wants, he'll get on TV and list off every single congress critter that is getting in the way of Making America Great Again. They'll quickly fall in line or find themselves replaced in 2 years.
I wasn't implying that republicans controlling all three branches of government would be good. In fact, it's rather horrifying considering the current state of that party.
However, even if democrats won back the majority of congress -- are there enough left leaning democrats enough to support Bernie's platform?
If Sander's doesn't reneg on his promises he'll be a one-term president (which of course assumes he gets elected which would never happen). I mean, think of how much people hate Carter.
Based on the title of the post alone, someone with even center to left politics should expect to get jumped on in the following discussion. It's a post that's trolling for conflict, not solutions.
Ah, come ON: It was plenty clear just what the heck Obama was well before and during the election. E.g., Bill Ayers, Reverend Wright, and his other buddies. Then, during the campaign where he was campaigning and on a stage with Hillary and Bill Richardson and the US National Anthem was playing, Hillery and Bill had their hands over their hearts and Obama had his hands together and below his belt. Then there was his "my Muslim faith". Then on his apology tour where he bowed down to the heads of China, France, Saudi Arabia, and Japan.
Actually all of these sound like excellent gestures.
Not playing to BS patriotism and phony sentiment by having his hands "together and below his belt"? Daring to say "my muslim faith" (haven't heard of that, so I kinda doubt it, but still). Bowing in respect to heads of other nations, instead of playing the "greatest nation on earth"?
All of these all excellent.
It's all the OTHER stuff that's bad about what he did.
Nearly universally in the US, hand over heart during the playing of the US National Anthem is a biggie. A lot of highly patriotic US citizens could get all wound up about that. Each of Hillary and Richardson put their hand over their heart. It's a free country, so you are welcome to your opinion, but what Obama did would be telling to a huge fraction of US citizens and, thus, some telling background for someone asking the question I was responding to. Or, whatever you think about hand over heart, what Obama did correlates with some other things he did that were equally shocking to a lot of people, and that is, net, my point, independent of my opinion.
and I have links and personal copies of the other three. Just now I'm not going to the trouble to check if the other three URLs are current.
To a huge fraction of US citizens, bowing to a foreign leader is a biggie and part of why it was commonly said that Obama went on an "apology tour". Some people will conclude that he deliberately insulted the US in a way disloyal to the US.
Playing "greatest nation on earth" is irrelevant: No significant nation expects leaders of other nations to bow. Bowing is wildly inappropriate.
Some people will look at that clip and conclude that Obama just misspoke or was repeating something McCain didn't say but might have, etc. Take it as you wish.
Some people are disappointed in Obama, and some of what I wrote is some of why they had what should have been for such people good advanced information and warning. There was plenty of warning -- we knew who he was.
Judging people is not an exact science, but it is very much a necessary activity, especially in selecting a POTUS.
Again, the US is a free country, so you are free to disagree. Still, there was a lot of definitely unusual information, commonly offensive to a lot of people, before Obama was elected.
"My Muslim faith": http://www.youtube.com/watch?v=bMUgNg7aD8M
Some people will look at that clip and conclude that Obama
just misspoke or was repeating something McCain didn't say
but might have, etc.
I appreciate you posting that video. Watching, I feel that clearly the context is "John McCain himself hasn't said that I'm a Muslim but he insinuates it", and that he's just phrasing it as a counterfactual. I was interested enough to find a longer version of the interview (https://www.youtube.com/watch?v=nMhB-CwF4yc) and it struck me the same way.
But clearly you and others read it differently. I'd guess that's because you are (proudly) Christian, and don't think a "true" Christian would ever say intentionally say the words "my Muslim faith" if there was any chance of misunderstanding? A sort of reverse-shibboleth, akin to testing whether someone is an undercover informant by asking them to do something clearly illegal?
My guess has always been that Obama, like many politicians, is less devoutly Christian than many of his followers want him to be, but I've never suspected that he actually considers himself Muslim. Instead, I'd guess that he harbors enough religious doubt that he feels guilty about claiming to be Christian, but feels compelled to overstate his religiousness for political reasons.
Is this the sort of conclusion you draw from the video, or do you see it as evidence that he is actually committed to Islam? What's the thought process behind your interpretation?
To me Obama is a subject I wish I'd never heard about. I don't want to know about Obama. But I am a US citizen and, thus, basically need to try to understand him. To understand him is, as usual for people, not an exact science, but I have to try.
My first conclusion is that no way before he leaves office will he really say what or who he is. Not a chance. So, instead, he is putting on an act, much more than nearly anyone else. I do believe that he enjoys his acting and coming close to the line of revealing enough to let people draw conclusions but still leaving some ambiguity. He enjoys toying with the public perception of him without having the public draw serious, actual conclusions much like a cat can enjoy toying with a mouse without actually killing it.
IMHO, he gets away with his acting because the mainstream media (MSM) and nearly everyone in US public life want the Obama presidency to look successful, care about that even more than Obama does.
For most of the more important policy actions of the US in the last year or so, I have to conclude that they are very different from everything about Obama before a year ago, e.g., in the last year, what the US is finally actually doing against ISIS, the Chinese activity in the South China Sea, what North Korea is doing, and some US military advanced weapons programs. And I would include US diplomatic interactions with Netanyahu and Israel.
So, my guess is that Obama didn't direct or even approve of those policy changes. Then, meanwhile, Obama talks about letting 100,000+ Syrians into the US (I'll bet it won't happen), flies off to Hawaii for a long golf vacation, says that ISIS is "contained", shows up in Paris to claim that climate change is the most serious problem, or some such, and gave his recent call for essentially back doors on everything with an electron -- point, none of those are activities of a serious POTUS. So, for the past year, Obama has not been a serious POTUS. So, a guess is that in effect he is no longer the POTUS and that about a year ago a committee of leaders had a chat with Obama and told him the good news, he gets to stay in office and work on his golf game and jump shot, have bro dinners in the White House, etc. And more good news: He doesn't have to bother himself or lose sleep or interrupt his golf game to think about the work of POTUS. And the alternative? He leaves office right away. More evidence is the Ryan budget -- it was totally bipartisan and in other ways outrageous. So, in getting that budget passed something was up, and I can't believe that Obama had anything to do with it.
But the above is just the simple, superficial, easy to observe stuff about Obama.
For a real answer to your question, I should not answer dishonestly or answer honestly in public. Ask me again this time next year. I do suspect that at about this time next year will come out some tell all books from some Administration insiders, Congressional staffers, etc. that will be well beyond anything commonly discussed now. The US will have been seen to have "dodged a bullet", that some patriots came together and saved the country from a serious threat.
It's a free country. You can have your opinion. You asked for mine, and I gave a little. You can continue for yourself from there.
I appreciate the genuine response, although your explanations for events seem bizarre to me. I find them parallel to another current front-page article on mental illness:
I had tried to fill the gaps with guesses. But when my
guesses were wrong, conspiracy theories crawled in.
For me, the explanation that politicians are fallible humans is mostly sufficient. My guess would be that nothing to contradict Obama's official narrative comes out after he leaves office.
But I also fear that my own reasoning is flawed in ways invisible to me. We'll see what truth the future brings to light. Thanks for engaging.
Yup, sometimes something that goes bump in the night is dangerous and sometimes it is not. And sometimes we can guess that we heard something that went bump in the night but nothing did.
There are some bad things out there. We need to try to detect them. That sometimes we guess wrong doesn't mean we shouldn't try. But before we draw big conclusions and take important action, we need to be very careful -- measure at least twice and saw just once and because we may not get to saw twice.
> So if your argument is strong encryption, no matter what, and we can and should, in fact, create black boxes, then that I think does not strike the kind of balance that we have lived with for 200, 300 years.
Mr. Obama, you are the one who upset the balance with secret, dragnet surveillance of nearly all communications. That's not the bargain the public has had with law enforcement for the last 300 years. Widespread, end-to-end encryption is simply the natural reaction to the arms race you started. We would have never come to this point if the government had kept surveillance within court-supervised bounds.
> dragnet surveillance of nearly all communications. That's not the bargain the public has had with law enforcement
I'm not sure this is the argument to make to Obama and the DOJ. They are already framing this as a privacy issue
The factors they understand are the public safety and economic impacts. Let us speak to those points and allow privacy to be a secondary concern. Obama himself told President Xi last year that the exact same policies would dramatically hurt Xi's economy [1]
Obama has been President for 7 years, during which time he has consistently supported and expanded the programs started during the Bush presidency. In my view this makes him as culpable as anyone for the position that we are at today. George Bush may have started these programs but he isn't the one launching attacks on the tech industry today.
Obama has a meta-point however that proponents of the absolutist position don't seem to want to face. Democracy relies on transparency. Many of the progressives who are rallying in support of absolute right to privacy are some of the same people who constantly criticize Swiss bank accounts, Cayman island financial shenanigans.
But if companies were to implement the same sorts of impenetrable encryption, on every device, all the way down to the corporate desktop, in a way that not even the company executives themselves can read the email of their own employees, then lots of regulations the government applies to companies would be mooted.
Taken to the extreme, if all communication is digital, and 100% impregnable, and people maintain good OpSec, then it will be hard to impossible to execute lawsuits or regulatory investigations into malfeasance because they'll be no paper trail.
The end result of going full tilt on crypto is cryptoanarchy. This was pretty much well argued in the 90s among the cypherpunks community. Most of the libertarians and Objectivists were salivating over how strong crypto protocols would end fiat currency, end taxation, end regulation, and so on.
So how far as a society are we willing to take this? Does it just extend to private data? Does it extend to transactions? To payments you make for things? To transfers of money? To business transactions? Will Democracy be able to audit nothing of the interactions of citizens or our institutions in the future?
You don't have to agree with Obama's position to see that cryptoanarchy and Democracy are on a collision course, and it makes sense to discuss the possibilities openly without just plugging your ears and taking an absolutist position that demonizes anyone who disagrees.
On balance, putting backdoors in phones will make us less secure, because criminals will just use other methods to communicate, and the public will be putting their data within reach of every hacker in the world through a government-imposed weakness.
The administration is unlikely to understand our privacy concerns. They do understand economic and public safety issues, and it is the facts around these issues that we must share with them. President Obama himself told President Xi last year that introducing backdoor legislation would hurt his economy [4]. Let's make Obama's argument back to him
"the public will be putting their data within reach of every hacker in the world through a government-imposed weakness"
You're reusing arguments about key escrow in a way that doesn't apply.
This isn't key escrow. It's about software updates, which use digital signing in the way it's supposed to be used.
Apple's software updates are guarded by a private key. Of course they need to keep the private key safe, but sometimes use it to sign releases. It's expensive but doable, and a good thing too, because the entire app ecosystem (not to mention https and Bitcoin) depends on keeping private keys safe.
If keeping a private key safe is impossible even for a well-funded company like Apple, public key encryption doesn't work. Game over.
They can still plant bugs in offices, cars, homes, etc. That's specific and targeted and proportional, but expensive and hard.
There's no good reason they have to have access to electronic devices, they can install cameras and mics. It's just easier going straight to the phones and emails.
But they had that power and they abused it massively, and are now suffering the backlash, and why should privacy stop given they've demonstrated they can't be proportional in their surveillance?
They were not specific with what they got from the phones and emails, so they've demonstrated they're not responsible or measured and now strong encryption is necessary as government has clearly shown that secret courts === warrantless mass surveillance.
The other thing that's clear is that the US couldn't care less about privacy for anyone not in the US, so all us non-US citizen need this encryption to protect us from your peeping tom government.
So you're in favor of the government bugging and installing cameras secretly? Because you can't really bug say, Enron's corporate office without a warrant served, and so they'd know they're being watched.
The alternative is breaking and entering. So since retroactive paper trails will be devalued, the government will have to switch to preemptive collection and entrapment scenarios.
I'm not sure this is better for privacy or democracy.
There are far more investigative alternatives than few you have mentioned.
Serving warrants rarely involves "bugs", and warrants are not the only tool available. For example, a judge can order people to produce documents, enforced with the threat of contempt of court. Other witnesses can be found (with any data they bring), and simple observation of public actions can reveal a surprising amount.
> so they'd know they're being watched
So what.
The warrant requirement is intended to be a burden to law enforcement. The entire point is that a civilized and fair society that follows the rule of law prioritizes the restrictions and procedures we call "due process" above the demands and desires of law enforcement.
If letting some criminals walk free is a necessary consequence of the the rights retained by the people, then some crimes go unpunished. Anybody suggesting that we should accept punishing some small amount of innocent people as "collateral damage" is working against the foundation of a free society.
This sounds like a bunch of crap (re: the warrant for Enron's corporate office). I admit I'm not aware of exactly what the legalities are right now, but for the sake of argument, I don't see why the government shouldn't be able to secretly bug a corporate office, provided that a proper warrant is in place. So yeah, if they get a warrant to do so and convince a judge that this is necessary, they should be able to get some government spy to be able to sneak in somehow (maintenance worker?) and plant bugs.
The whole key here is having a warrant, a specific warrant for a specific target looking for specific things. I don't think most Americans have a problem with law enforcement being able to snoop on people of suspicion provided the proper channels are followed, only particular persons of interest are snooped on, and it isn't just a fishing expedition. This is exactly why we have warrants: so that law enforcement can gather evidence of crimes and prosecute people, but without overly infringing on the civil liberties of the people.
So no, it wouldn't be "breaking and entering" if you have the correct warrant in place, just like it isn't "breaking and entering" when the police have a warrant to enter your house looking for evidence and they enter when you aren't home.
I'm not a lawyer, but aren't you supposed to be notified of warrants? Sure, they could knock on your door and break in to serve a warrant if you're not home, but aren't they required to notify you they've done so?
> I'm not a lawyer, but aren't you supposed to be notified of warrants?
Think about a warrant issued for the use of a Stingray, or for a wiretap. There is no notice requirement when running the searches permitted by those warrants.
I find it very hard to believe that performing warranted, clandestine on-premises surveillance on a target is legally impossible. (See the first season of The Wire, ferinstance.)
No, you don't have to be notified. Have you never heard of a wiretap? They've been doing wiretaps for as long as telephones have been around (about a century now, I think). Obviously you don't have to notify a suspect that they're being tapped.
As for your link, that's completely irrelevant: that only talks about when officers are allowed to enter your home when you're there. It doesn't even mention what the law is if no one's home. It does say they're allowed to enter if they announce their presence and no one answers after some time. It does not mention whether they have to notify you, and the reasons they'd be busting down your door after announcing themselves are totally different from the reasons they'd be spying on you, so these aren't even comparable scenarios.
Jeesh, all you have to do is watch TV for the last 50 years or so: police (or other law enforcement investigators, more likely FBI) absolutely can and do spy on people with warrants, including using "bugs". They've been doing this for ages, it's nothing new. And until recently, there was a legal process for this, requiring a proper warrant.
You might be right, but telling me to get facts from Hollywood cop shows is a rather strange assertion. I mean, seriously, these shows regularly show cops doing all kinds of things, like torturing suspects for information.
They've only been showing that crap on cop shows since 9/11. And yes, TV shows aren't always perfectly reflective of reality, but they usually do get things nominally right to a decent degree.
You can't tell me you really think wiretaps are something that never have happened.
This is largely overblown though. Even with unfettered access to great and easy to use crypto your society doesn't collapse. It turns out that maintaining anonymity is a giant pain in the ass, no more people are going to go full on tinfoil ghost on society to dodge taxes any more than they already disappear and live off the grid. Most businesses are easier to conduct in public and even derive benefit from it.
Regulatory enforcement is fairly easy: in order to have a license to operate your coal plant, you agree to hand over documents x, y, z. If in your crypto-dystopia I handed over encrypted docs instead of the plaintext for my coal plant I would just have my business fined out of existence just like would happen now.
If I have incriminating documents and no crypto I'm not going to encrypt them, I'm going to slag the hard drives they're on and burn the paper copies.
If you're a public official: make it illegal to use encryption beyond the provided email encryption (which the agency IT dept can also read). I think you can make the case that it is already illegal since an internally encrypted message that you refuse to decrypt (at the request of a superior, a court, or investigation) would have to have been misuse of gov't property (your first amendment rights do not allow you to use government systems for private use and you explicitly have no privacy with respect to the scenario mentioned above when you use them).
People have always had plenty of ways to be shitheads and get away with it, and there have always been mechanisms to make those decisions costly. These things continue to be true despite the presence of strong crypto.
The reason an "absolutist" position here makes sense is because this is a binary choice between everyone legally having security, or no one legally having security. Until now we haven't had to make this choice because neither was an option, we just all existed in a vague middle ground dictated by our circumstances, number of shits given, and technical acumen. True, you might not have had access to cryptography, but you didn't have data to encrypt so you lost nothing by having no encryption. Now everyone has a lot to lose but not everyone realizes that.
The issue isn't that they won't hand over documents x,y,z, they'll just hand over fake documents x, y, and z, while the real documents remain encrypted. When the government asks why they can't read files Real_X, Real_y, and Real_Z, they'll claim they're private email communications between employees, and that you can't force them to turn over the keys.
But in reality, they were secret bribery emails between corporate executives and local politicians.
Prior to cryptography, you could pull this off as well, you could have fake books. Hide the real books offsite so warrants can't find them, etc. Cryptography doesn't change whether it's possible to do or not, it just makes it easier to do and scales better.
I mean, even the Nazi's could have used one time pads by carrier pigeon if they wanted to, Enigma wasn't even needed. But the logistics of doing it are less convenient.
As cryptography becomes more universal, more automatic, more user friendly, OpSec will become less of a burden for less diligent people.
Infact, we hope it does, because sloppy OpSec is a huge problem for society right now. Just look at passwords.
You're completely right that there are undesirable consequences to mathematically absolute privacy that can't be compromised by any means. But I'd argue that the government has brought this scenario upon itself by blowing up the old system of procedural (rather than mathematical) safeguards.
In the past, Apple had your iMessage data, or at least the ability to decrypt it on-demand. It was understood that this data would be private by default, but would be disclosed to the government through an established, case-by-case process supervised by the courts. Everyone was pretty much OK with this. You and I got our data kept private, unless there was some material, specific reason for the government to suspect it was related to a crime. The government got to dump the data of people under investigation, if a court thought there was good reason to do so.
Then the government went nuclear. They said, here's a National Security Letter that compels you to give us everything you have. Bulk data. Any cooperation that is physically possible. You can't talk about it and you can't appeal to the courts. If you have to capability to MiTM all of your users and pipe everything to us, you have to do it. No oversight, no transparency and no safeguards. Whatever we do with the data is up to us.
In this context, what alternative do tech companies have besides to similarly escalate and build systems that make it physically impossible for them to cooperate?
The government destroyed the social compact between telecom providers and law enforcement with forced, secret bulk surveillance. If the government is willing to step back and make binding, unequivocal commitments that companies that do maintain the ability to decrypt their users' communications won't be forced to secretly use them en masse, maybe we can go back to the old status quo. But the government doesn't seem willing to do that. They want cooperation, but they also want the ability to bust in the back door with an NSL and say "give us everything, on everyone."
The legal system has become so tilted in the government's favour (see: the inability to challenge the constitutionality of bulk surveillance, because you can't prove it happened to you), that companies will no longer trust in the old procedural safeguards. The only thing we can trust is the mathematically proven safety of encryption. And that's the government's fault. So now we are forced to chose between absolute privacy and zero privacy.
I'm in favor of Apple's choices, but I can see the government's side of this too, I don't think it's as cut and dried morally as people are making it. I like to mentally "game out" repercussions of various scenarios to see where they lead, and I don't think it is bad with such wide sweeping and powerful technologies, to play devils advocate and argue on both sides.
A lot of people don't seem to want get into the fine details and debate at all. They just want to declare absolute privacy, like absolute freedom of speech, a done deal, and move on. I think there are interesting sociological, economic, and political issues to discuss not to curtail debate like that.
I also don't like the way the sides are demonized. Perhaps the end result is to enact a shift in the way police work is done and the way regulations are prosecuted. Perhaps the government can rule that privacy is a right only for personal communications, and does not apply to computers used for business sectors that are regulated. They can mandate anti-privacy, mandate transparency and paper trails, for say, health insurers, or makers of chemicals.
But the nuance and fine details need to be worked out.
I think with respect to business regulation, encryption won't pose much of a problem. People in criminal prosecutions have a right not to incriminate themselves. But if the government wants to investigate, say, DuPont for chemical dumping and there's a law on the books saying companies have to keep chemical storage records for 7 years, DuPont can't just throw away the key for their encrypted internal data. They'll have broken the law requiring them to keep their data and be liable to regulatory sanctions for that.
In contrast to criminal law, most regulatory schemes use a reverse onus. That is to say, the onus to prove compliance is on the regulated entity. So you can't just say, "sorry, we don't have that data / we encrypted it". That will be de facto non-compliance. So if you are encrypting internal data (which of course you should be doing, just so it isn't stolen), you had better have the means of decrypting it when the government comes knocking.
The thorny issues will be in criminal prosecutions where disclosure of the accused's (encrypted) stored data will now need the active participation of the accused, who of course can exercise their Fifth Amendment rights to refuse. And the government won't be able to go around them and get the device vendor to unlock it. But companies facing regulatory sanctions already don't have these rights.
Thank you, I think this is a much clearer argument for how to proceed and how to address transparency required in business and satisfies some of my concerns.
I think we may need additional regulations for the political class however. Government communications need to be secure, but I think being a politician abdicates some privacy rights, and IMHO, if you are an elected representative, you either must use some kind of key escrow, or, you must be able to provide access to your communications under warrant, and if you fail to do so, it's grounds for impeachment.
The risk of collusion between politicians and industry is too great IMHO.
Yes, that would be a lovely outcome. Everyone gets to keep normal functional encryption, but employees (especially Senators) have to provide a backdoor key to their employer to use it for work..
Way to burn a strawman the height of Mount Everest. Nobody is asking for cryptoanarchy, just freedom of backdoored communication.
In any case, I surely hope my bank is already practicing that kind of opsec. That doesn't mean they suddenly stop giving reports to the government. Why would it? That's just.. what?
>Obama has a meta-point however that proponents of the absolutist position don't seem to want to face. Democracy relies on transparency. Many of the progressives who are rallying in support of absolute right to privacy are some of the same people who constantly criticize Swiss bank accounts, Cayman island financial shenanigans.
And there's nothing preventing law enforcement to find about these by tons of other means, including checking suspected bank transactions with a warrant.
People determined to communicate without anyone hearing, e.g. to setup their tax-haven accouts-- can do it in 2000 ways. Mass surveillance is about all the others who casually exchange data and discussions.
>The end result of going full tilt on crypto is cryptoanarchy.
> "including checking suspected bank transactions with a warrant"
> Assuming one is not using cryptocurrency like bitcoin to store money and make transactions.
All transactions in Bitcoin are public. It's a public ledger that is barely pseudonymous. So, it's actually even easier for law enforcement than with banks -- you don't need to pick up the phone to investigate a transaction history.
I thought it was interesting that someone in a previous thread pointed out the parallels between encryption and firearm regulation. They presented it as a point in favor of gun ownership, but it made me take a step back and look at it the other way.
My opinions haven't changed, but I'm a little more wary of the rhetoric being thrown around.
>I thought it was interesting that someone in a previous thread pointed out the parallels between encryption and firearm regulation. They presented it as a point in favor of gun ownership, but it made me take a step back and look at it the other way.
Instead of reading it as something negative about encryption, you can think it as a positive.
In the sense, that the argument shows that encryption has all the "freedom", "individual rights" etc benefits touted for gun ownership, but without the bloodshed that is associated with guns.
Absolutely right. Imagine a white man goes on a spree shooting with hate-crime elements. We are trying to find out if more of these attacks will occur
Now the suspect's money is in a Goldman Sachs account and the bank tells the gov't they couldn't just break into their client's financial records and find out who transferred them money. This is a "secret trust" account where nobody - not even Goldman employees - can recover transnational records. What kind of precedent would that set? What about if China wanted to find out bank transactions?
Some say this is hate-crime is one of the worst in decades and it's worth finding out if we are at risk for more. Opponents say banking privacy is an absolute right.
Can anyone tell me if they story ran in national news, the CEO of Goldman would not be facing charges of treason right now?
Unbreakable encryption isn't new. One-time pads have been around for a long time. Book ciphers can be impenetrable when done properly. And there's always the tried-and-true technique of simply never writing anything down, and doing everything face to face. Even if you argue that this is too difficult and you need something modern and easy to use, uncrackable encryption programs have been available for maybe two decades now.
Yet regulators seem to still be able to get the information they need. They're often nearly toothless, but that's because of politics, not technology.
This as an argument is completely crazy and similarly absolutist.
Having access to proper crypto at all, as an option, does not mean everything will inevitably be encrypted and not controlled for. Companies will still have the power to set their own device rules and so on. There's plenty of existing laws in place to allow for any kind of reporting still happen; you do not need to break all crypto forever.
> cryptoanarchy and Democracy are on a collision course
Yes, though I'd like to see your argument for that.
However, the failure mode of crypto-anarchy is perfectly secret digital companies arising, who then proceed to affect the real world for digital currency. (Such as a hitman, or an army of anonymous mercenaries conducting irregular warfare for hire.) So, basically large scale terrorism.
Probably much better than the failure mode of a bit overzealous police state.
> some of the same people who constantly criticize Swiss bank accounts, Cayman island financial shenanigans.
That's their shortsightedness. There are ways to tax that don't rely on looking into people's bank accounts. And a lot of the current expenditures could be replaced by projects that require proof of payment. So, you need to show a proof of payment otherwise no school for your kids, no healthcare, no pension, you can't use public roads, etc. And people can vote to enforce collection of money, just like now, foreclosure and repossession works on physical things.
> companies
People can vote to make records keeping mandatory (just like now), and employees have it in their interest to get things in writing. Otherwise they (also) go to jail if they did something really stupid. (It was an order is not an acceptable defense for some time.)
> Will Democracy be able to audit nothing of the interactions of citizens or our institutions in the future?
As it was unable to do so before digital records. And as it is unable to do so for criminal organizations.
And since cryptography exists and computing is becoming more and more accessible, it's getting easier and easier to maintain a secret organization with a secret ledger.
So, all in all, it's a bad thing to rely on those backdoors. It's not even a stopgap measure.
We're going to fight hard so our grandchildren have really secure email in a world where everything they do and every word they say is uploaded to the internet, transcribed and annotated in realtime by swarms of drones controlled by other kids that, only 50 years earlier, would have been at home doxxing people on Twitter.
Privacy will die, not because it's undesirable or a bad idea, it'll die like copyright and DRM - because it's technically and economically easy to defeat, and people will be motivated to do so. What's more, those people will be hard to catch - after all, the drones will be communicating over very strongly encrypted channels.
[Please refute - I genuinely have nightmares about this future]
I disagree - digital surveillance state will be gone within a decade, or twenty years at most. Already we see programs like Telegram becoming very popular (100 million users) where the opportunity for surveillance is massively reduced. Platforms are going to slowly transition towards encrypted content and data that not even service providers can decrypt (SpiderOak is a good example).
The biggest holdout will be operating systems - Google and Microsoft very much do not want to lose their backdoors (or front doors) into everyone's data. But within ten years, we will finally have a "year of Linux on desktops" in which both grandma and the young university student can both buy an Ubuntu computer and have it work how they need it to. And phones will run an OS that can't be maliciously updated remotely, and doesn't leak user data to apps and OS providers.
The final step will be near anonymous internet usage, which we are currently in the infancy of. There will be a shift to a more decentralized availability (but not necessarily storage) of data in most of the applications we use most often. Essentially Freenet, but without all the usability problems. The Facebook of the future will have open source (and encrypted) data where your info is only viewable to you and your friends. There are currently platforms that exist like this, but they are mostly in "testing" stages and are not ready for widespread use.
I'm not talking about the state exclusively, nor am I talking about your online activities. I'm saying you will have a camera and microphone trained on you, always. My personal AI assistant - smart but not nearly sentient - knows to highlight the most titillating segments, which I have just captioned and published for all to see (anonymously, over an encrypted connection).
It's great that one's ISP doesn't know what porn site one is visiting, but 4chan are nevertheless streaming a video of one in the act.
I fail to see how this technology - small, cheap, highly capable and connected drones - will fail to come about in the next 50-100 years. And because of that, I seriously think we need to mentally prepare for living much more publicly than we do now.
I guess I thought the drones were a joke or hyperbole in your post.
There are a lot of things that make me not concerned about your scenario. Firstly, cameras are easily defeated, especially by technology 50 years from now. You're presently a single curtain away from defeating them. In the future it might be some non-human visible light array that blinds a camera (these already exist today but aren't very common). Who knows.
Secondly, most people benefit from security and privacy through obscurity. No one cares about what 99% of people do. The other 1% will have easy means for protecting privacy, whether it be closing their curtains or some futuristic piece of technology.
Thirdly, I think expectations of privacy are going to naturally diminish a lot in the future. Sexuality will probably be a lot less stigmatized, and no one will care whether a state senator is jackin it to gay scat porn.
However advanced drones get, the technology to counter them bothering you will no doubt be a lot more advanced.
> It's great that one's ISP doesn't know what porn site one is visiting,
Well.... that seems to be the way Utah is heading, with the support of anti-porn crusaders (many of whom are radical feminists - that's originally where I found this link)
This is why I strongly oppose the drone strikes. Nobody should be killed by the state (except I guess by soldiers in self defense). I especially so not like the idea of killing someone probably at home in pajamas eating Cheerios at five pm in the evening local time. I don't think there is any justification for that even if the person in question is a flight risk and has been the mastermind behind millions of death.
Such a killing with no attempt to detain runs afoul of my morals. This is worse than capital punishment which I also strongly oppose for any situation.
I think your concern about lack of due process should be more focused on the tens to hundreds of thousands of civilian bystanders the US has killed since 2001. We are killing dozens of women and children overseas every week and chalk them up as collateral damage.
I am honestly not worried about collateral damage. If someone is shooting at you, you shoot right back at them regardless of whether they are standing behind a hundred babies. That is not a problem.
When we talk about collateral damage in case of unprovoked attacks, we are minimizing the issue. If we are not willing to risk our soldiers to capture people who are not firing at us, then we should not try to capture or kill those people. I think it is pretty simple. If they are worth killing with a drone, they are worth sacrificing the lives of our soldiers in an attempt to catch them dead or alive. Whether there is any collateral damage is not the issue.
I am not a very smart person so I looked up the definition of sociopath.
> Hare also provides his own definitions: he describes psychopathy as not having a sense of empathy or morality, but sociopathy as only differing in sense of right and wrong from the average person.
Well, I might be a sociopath. Don't get me wrong. I think babies are very cute and would go out of my way to save an infant's life. However, I cannot command others to imperil their own lives to maybe not kill an infant.
Not to derail the topic too much but it bothers me that people think the collateral deaths of "innocent women and children" in an extrajudicial drone strike are worse than the death of the target. The collateral damage would not have happened if we didn't shoot in the first place. I am not saying we should be isolationist or even that we should not exercise restraint in use of force (even in self defense), far from it. I am just asking that we approach the topic as rationally as we can.
Now, we should be clear as to why we try to save infants and small children first in an emergency. Here is the article that made me think about this http://www.3quarksdaily.com/3quarksdaily/2015/01/children-ar... but it makes sense what I read a while back. It is not because they are more important (far from it, society has much more invested in growing up a working adult) but because the infants and children are more vulnerable. It made a world of sense when I thought about it this way. When it comes to a fire, I can see how a healthy adult can survive longer suffocating in a smokey room as opposed to an infant. I think a trained fireman or a nurse can do triage pretty will without someone screaming in their face "why won't you attend to my baby first?"
In most situations, we would probably care for infants and young children before anyone else. However, like with everything in life, we should think about why and not just what. A person who has killed millions of people has the same right life as a newly born infant and we shouldn't try to sidestep difficult questions and scream "why won't you think of the children" just looking for an emotional response.
>Privacy will die, not because it's undesirable or a bad idea, it'll die like copyright and DRM - because it's technically and economically easy to defeat, and people will be motivated to do so.
>[Please refute - I genuinely have nightmares about this future]
Um, this is pretty easy to refute: we've been complaining about copyright and DRM for ages now, and not only are they not waning, they're at least as strong now as they've ever been. There's no indication whatsoever that copyright law is going anywhere or being relaxed in any way, in fact it's the opposite. Sure, it's generally easy to copy digital stuff (absent DRM), but that doesn't make it legal, nor has the internet become a free-for-all (quite the opposite in fact; it's more dangerous to commit copyright violations now than ever I think). Same goes for DRM: despite all the complaints, DRM is still present in many places, and you still need to use it for things like watching Netflix. It is possible to defeat it (I'm not going to say technically easy though, because a lot of it is unbroken), but what the DRM-users have proven to us is that it's non-trivial now, and more importantly it only has to be "good enough": as long as it prevents most users from doing something the copyright holder doesn't want, that's all they really care about.
I don't really recognise any of what you're describing here - it's trivial to download almost any copyrighted work in seconds, for free, and basically nobody suffers any consequences for doing so.
Even so, it was just an analogy. There's very little stopping people just following you round recording you on their smartphone as it is. When it's semi-autonomous flying robots the size of a grain of rice, I don't believe you are going to have much legal recourse.
You're not talking about downloading copyright works, you were talking about "the death of copyright". Copyright isn't dead, it's alive and well, regardless of how easy it is to download stuff.
Not only that, while it may be easy to download stuff, it's also easy to be sued for it, and this has happened countless times. There's been a whole industry of suing downloaders and getting them to settle for $3k. So your assertion that "nobody suffers any consequences for doing so" is quite false. Ask Jammie Thomas.
Yes, you can largely avoid this by using a VPN, but not that many people do.
In the end, they are going to introduce laws that make it illegal to implement end-to-end encryption. This sucks, but it's going to happen. France is already moving to do it [1], and in the US, John McCain and others are also calling for similar laws [2]. They will all start off saying that it will be controlled carefully etc., as Obama keeps saying, and then it will be used with reckless abandonment.
What this essentially means is a move to Android for criminals, terrorists, and anyone that wants privacy (since Android allows installation of apps that have not been approved by a gatekeeper bound by the laws of the countries it operates in, whereas iOS does not by default). Open source Android apps with strong encryption will be built in countries without such laws. All of this will likely be the downfall of a few lazy drug dealers that don't want to give up their iPhones, but since the cat is out of the bag and apps with end-to-end encryption already exist and will continue to be built, the governments making these moves will not actually catch any reasonably intelligent terrorists that install and use these apps. They will, however, gain exactly what they want: the ability to conduct surveillance on most people in the world whenever they want.
I cannot fathom end to end encryption ever being made illegal. I tremendously doubt this will ever happen in any effective manner. At worst, they will pass from vaguely worded bill that makes it illegal in the sense that you are required to decrypt data on demand for any government agency. But since we are already seeing the trend of service providers being unable to decrypt user data, I doubt that will be much of an issue either.
We will probably start seeing a lot more people getting locked up for decades for "contempt of court" by refusing or being unable to decrypt their personal data for a judge. Current record for contempt is 14 years - with no conviction and no jury.
If you're not willing to revolt over it then it is definitely a possibility that end-to-end encryption will be made illegal. Non-techies simply don't care, they have 'nothing to hide' (or so they think).
I think it's naive to underestimate a government's ability to coerce people into not using it. There are many surviving illiberal democracies and it really wouldn't take that much to get the U.S. to trend more toward illiberalism either.
The Lavabit case was only contentious because of a very poor implementation of encrypted user data. It won't be long until there are established platforms and libraries that are used by most apps that fix the technical problems of Lavabit. Mega (the file uploading service) is pretty close to having a reasonably fool proof design, in that the most security conscious users are unlikely to have any external party be able to send malicious code that prevents the security and effectiveness of client side encryption.
I'm not convinced this will get past our Congress. Lindsey Graham is also not convinced [1]
The reason the Apple case is in the courts is nobody wanted to put their name on this encryption bill without understanding it. Feinstein is one of the only ones willing to so far [2]. Basically, any politician who feels they are at about the end of their career might put forth such legislation, but all the others know it'd be suicide.
One of the best ways to make such actions fail is to proliferate strong encryption in OTT messaging and for system software makers to create interfaces that enable third parties to make encryption products for all purposes including voice calls.
Making broad swathes of widely used software into contraband will be a law enforcement nightmare.
One strong point that comes out is reference to the transitory nature of governments, just because you trust yours now (!), does not mean you can trust future incarnations, don't give this kind of power to an unknown.
Also asserting that your government has the right to certain powers over its citizens establishes the precedent that any government should have that right. If it's OK for the US or UK governments to have the keys to its citizens encryption, then it's ok for China, Russia, Iran, etc.
Interestingly, the encryption system underlying WhatsApp was developed by the US government for people in oppressive states to use to avoid surveillance and restrictions on access to information.
This is well known and, for the most part, internalized by the people. Governments, however, seem to believe the opposite: that the fundamental goodness of their pursuit of protecting the governed justifies almost all tactics.
Case in point - pre-ww2 governments collecting data about their citizens(religion, sexuality, race, political affiliation) which was then used to actually murder people by the Nazis. Just because the current government doesn't use the data in a malicious way doesn't mean the next one won't.
Right. We need to inform each other and our representatives how we feel about this issue, and support our argument with facts. There is a lot each of us can do. I suggest focusing on the security and economic implications of passing legislation requiring backdoors in phones. The DOJ and Obama will not listen to the privacy angle. It must be shown that on balance, we will not be more secure because criminals will just change to use technology that is encrypted, and in the mean time we will have placed our user data within reach of hackers everywhere via a government-imposed weakness that phone makers like Apple will never be allowed to fix. They'll be required by law to maintain such a weakness.
I agree that being open to an alternate point of view is a good idea..
We need to share facts in this debate..
We know about technology, they know about law enforcement
Let us each bring facts to the table and resist coming up with conclusions from the outset. Obama is missing some facts, and in order to convince him that's true I think we need to be open to the idea that there may be some things we do not know
We're not going to find out about those things by conjecturing. We need the administration to share any relevant details as much as they need to understand encryption technology
This is akin to the politicians that don't want to believe the science around global warming. They believe that if they just deny it, they will turn out to be correct. Obama is doing the same with "golden key" encryption. It is not that the experts are correct and know what they are talking about, it is just that they are disengaged and being stubborn.
"I'm the President of the United States of America and if I say that there must be math that gives me what I want. If you don't invent it, you are disengaged."
Yup. But he doesn't understand that criminals will just change to use technology that is encrypted. We just need to share the facts and let people make up their own minds.
What baffles me is that nobody has been able to convince the President of that simple fact. Surely, he must know about Signal and Snowden, and that Signal can easily be downloaded to any device...
"And what we realized was that we could potentially build a SWAT team, a world-class technology office inside of the government that was helping across agencies. We’ve dubbed that the U.S. Digital Services."
Yes, that's a great analogy! Go with that!
"And this was a little embarrassing for me because I was the cool, early adaptor President."
From his rhetoric, it sounds like he wants to appeal to technologists by arguing he keeps them very close to him in the White House. He's saying, "see? I have tech friends and I give them cool jobs where they feel appreciated."
He's also implying that they should count towards him being informed about technology. But we know that's not the case.
So he's trying to say he has trusted technology advisors, but he doesn't. It's scary. Join me in tweeting at them [1]
Interesting choice too - there's clearly a demographic who go to the Folsom Street Fair who definitely don't have negative connotations to "fetishizing", and I suspect any porn site operator could give you some numbers that some people would not believe about the number of people for whom fetishes are a real thing.
I wonder if Obama and his speechwriters have research about how many people (and from which demographics) that phrase is going to be read in which ways? (I wonder if they've worked out that they've already lost the tech crowd on this issue, and there's a statistically significant crossover between the tech crowd and the people for whom fetishes are considered a positive thing?)
This is not a fetish. This is a conflict between a government that has gotten away from the "we serve the citizens" mentality, and gone to "we'll do anything we want, routing around the constitution whenever we want, and use "serving citizens" as the excuse, and the citizens who should be able to specify, to any level detail that we want, exactly how those "servents" will serve us. It seems to be sliding away from us.
so they tell us that we have to arrange our private lives in such way that it would be easier for them to investigate/persecute us, if sometime in the future they decide that we are guilty of breaking their laws.
[with great sadness]: how low have we fallen if we seriously discussing this instead of grabbing pitchforks.
I think what it takes is a visible critical mass gathering with "pitchforks" and all the relatively-awake people in society would join in. Nobody wants to be part of the 10 or 100 or 1000 person "movement" that gets squashed and futures ruined. But if it seemed like most of (active) society was going to pile on too, people would.
However, most of society is simply not active. Most of society would never pick up any pitchforks one way or the other, without things getting REALLY bad. At some point a highly motivated minority of the population (but still a lot of people) basically needs to make the change for everyone. I'm not saying that's right or wrong, just saying what seems to be the case.
This has been the default position of US government across administrations at least since the 1976 Arms Export Control Act. Nothing has changed except that "the terrorists" have replaced "the communists".
If law was adopted to require backdoors - those who are privacy conscious would simply move their data to countries that allow for strong encryption as well as deniability.
It'd still pose an issue for when people are accessing their data, however depending on your setup this will be very hard to prove from a third-parties perspective given ample security precautions taken (ie using an offshore VPN all the time, data never full accessed locally).
For larger tech companies, I'd assume setup of a new company structure offshore and sensitive data handling to be "outsourced" offshore too (ie parts of the EU, other OECD countries).
I hate it when leaders get all upset when the balance is shifted away from them, and yet are perfectly fine when the balance tilts in their favor.
FTA: "then that I think does not strike the kind of balance that we have lived with for 200, 300 years."
200 years ago, it was not possible to cast a dragnet and catch everyone who was doing Something Bad(tm). The government had to get a warrant to open mail; today, the NSA can sift through billions of messages (metadata, they say) in a second.
Even considering US Mail: you could not keep track of who was sending whom mail, at scale. But today, every letter that is mailed has its front and back scanned (for reading the address); but more importantly, these images are saved for future use.
All of this is possible thanks to technology. And when the balance was tilting in their favor, the Establishment was quite happy. But when the balance tilts the other way, suddenly they're crying like a spoiled child whose toys have been taken away.
You can't just throw tantrums when things don't go your way. If the technology permits E2E encryption, they'll just have to live with it and find other ways to catch criminals.
Sam Harris posted a video trying to draw such parallels between digital and physical worlds [1]. After reading responses to his first video, he then changed his mind [2]. In particular, one email from a Google engineer he found particularly compelling. I can summarize.
Our phones contain both a) things we consider privacy-sensitive and b) security-sensitive. Family photos and bank accounts. The Googler dispels one of Sam's analogies. Digital security and insecurity is highly scalable. We lock our doors, and police can force them open if needed. Generally, there are not many burglars around. Here I will quote Sam's reading of the Googler's email,
> "The digital world is like having a house at zero distance from every burglar in existence, including the planet's top lock pickers. They have zero cost and near-zero risk attempting to break into my door. The "police" are virtually non-existent, and even if identified the bad guys are probably out of reach of prosecution. Even the amateurs have tools that allow them to probe millions of doors per second, and the pros have access to the same heavy tools that the police would use to force my door. And perhaps I live in a huge condo with a single door, so hacking that one lock will expose millions to ransacking. That's the nature of every digital device connected to the internet. Attacking them is a highly scalable task. You're not protected by your location, there's no affluent neighborhood with low crime and good police, where the wealthy can live and feel safe. Nope, the internet is a dystopian world when it comes to security. It's a Mad Max scenario where you're only safe if your front door and your entire house and your personal car is blinded like Fort Knox's safes, and armed with flame throwers."
Before I realized Sam had recanted his position, I wrote a point-by-point response to his first video [3]. I think the Googler did a better job relating to non-technologists.
There's a lot of this online. Check out Sam Harris' recant of his original position against Apple in which he reads an email he received from a Google engineer [1]. The email is very well written
Obama, the technology, sir, is absolutist. You can have it one way, with privacy, or another, complete lack of it. That's how things are, and you are, with all due respect, stupid for arguing otherwise.
All this talk about "warrant-proof spaces" presumes that they're something new, when in fact they aren't. In the past, conversations in private tended to not be reduced to tangible form and were lost to law enforcement unless they had the foresight and the warrant to bug the location. Now that so many of our communications are mediated by technology, they are by necessity reduced to a tangible form. Secure end-to-end crypto merely takes us back to the status quo antebellum.
Let's get the facts straight about encryption and security. The DOJ needs our help, and we need theirs
We need a grassroots movement here. I know we have the EFF and Apple and a slew of others. But we all need to be writing about this to have our voices heard.
I am in between projects and writing about this extensively online. Would anyone like to work together to organize facts and promote discussion in a concerted manner? The goal would be a) to make a concise message that is understandable by a non-techie, b) back it up with facts and primary source, and c) seek out public figures who can share our message. I have a running summary of events here which I will put in a github repo [1]
Dear technologists:
The task of educating the public and our government on encryption may be even harder than you think. Everyone needs to understand the issues at stake in order to make up their own mind, and it could take years to educate the general public about encryption.
We can expect to continue seeing terrorists attacks in the news regardless of what laws Congress passes. This much we know, and this is, of course, out of our control. However, uninformed law enforcement will blame encryption and they will blame technologists for not allowing them to catch these attacks. Unless all law enforcement truly understands the technology, then they will always blame citizens for fighting for their right to privacy.
Of course, we know this is about security vs. security, not security vs. privacy. Privacy is a secondary focus for many. But law enforcement believes our primary focus is privacy.
My primary concern is that law enforcement does not know how to keep us safe in a world where criminals can sometimes communicate with smartphones across the world in a way that cannot be monitored with a warrant. Regardless of whether Cyrus Vance, James Comey, Loretta Lynch or Obama truly understand this or if they are putting up a smoke screen, the fact is that law enforcement across the country trust them the most. Non-technologists will be more moved to understand the security and economic implications of forcing backdoors upon Americans and US phone manufacturers. For the most part, they are not going to see eye to eye with us on privacy concerns. Lindsey Graham has already changed his view. We can share facts with others and let them make up their own minds.
Some damage is already done. The fact that Vance and Comey have been fighting this for so long is going to make it difficult for them to go back and convince officers of the law that technologists were right, and they were wrong. Many officers will continue to feel snubbed by the tech community.
If we're to advance to the next level of our mutually trusting society, we must all understand encryption technology and its implications. To the extent that we do not all understand encryption, and the ease of which it can be used regardless of government mandates, we will continue infighting and not progress together.
The idea that technologists feel the issue is black and white or absolutist is absolutely incorrect :-). Math is black and white, but our public safety and security is not. It is a complex equation that must be balanced, and we have that focus just as President Obama does. The difference between us and the DOJ is we understand a few more pieces to the equation. I'm open to the idea there are pieces that technologists do not know about, and I encourage the administration to share these details with us. Until all the details are on the table, we won't be able to come up with a solution together. Let's focus on discussing and sharing the variables and their weights. Given information, people can make up their own minds.
If backdoor laws are passed, it's not the end of the world, but our industry will suffer while non-technologists struggle to understand why terrorist attacks continue to occur. It'll be another 4-8 years until we can dig ourselves out of that hole. Let's keep the great country we have and bring facts to the table for open discussion.
This is incredibly naive bordering on puerile. To suggest that POTUS' view on this is without nuance is to miss his point. POTUS went on to cite existing warrant mechanisms and their underlying principle:
"And we agree on that, because we recognize that just like all of our other rights ... that there are going to be some constraints we impose so we are safe, secure and can live in a civilized society."
I'm not suggesting that this means POTUS and the government have the right answers at the moment. Despite that, we can't ignore the important role law enforcement plays in society, the requirements in support of their role, and the complexities surrounding the right to privacy. We need people advocating for the right balance, not just getting each other frustrated.
OP may have worries other than US law enforcement being from another country. This is one of the /many/ complexities in this space.
> We need people advocating for the right balance, not just getting each other frustrated.
I don't understand this line of thinking regarding the big encryption debate. Yeah it sounds good if you don't know anything about encryption. "Look, he's being reasonable. Why is everyone saying he's wrong instead of striking a balance".
The problem is it's a binary problem. There is zero way to strike any type of balance here. You either encrypt communication to prevent others from accessing it or you provide a backdoor or escrow key to access the data in which case all encrypted communications are now insecure.
There isn't a middle ground there. If there is I have yet to see anyone suggest it and I can't think of a technical way to do it. Too many attack vectors when you purposefully impose multiple party keys or backdoors.
In that case, perhaps the balance we need to strike is rhetorical, not technical.
I think some people in the tech world are 4th-amendment absolutists. That's not a new thing; in Cryptonomnicon there was the electromagnetic doorframe so strong that it would wipe drives passing through it. I don't know that it's a position I hold myself, but it's one I definitely respect.
But we have a multi-century history of the government being able to read people's documents once they have a warrant. A lot of crime-fighting makes use of this. Whatever the intricacies of the technology, there's a status quo that I think we should at least acknowledge.
So I think the rhetorical balance we need to strike as an industry is along the lines of, "Yes, we totally get why you would want to get into that terrorist's phone. We wish we could find a way to give you access to just that without compromising everything. But it's not like a wall we can put a special door in. It's like a balloon. The moment it loses integrity, it's worthless. We want to help you, but we can't."
When the message instead comes across as absolutist, I think we're in danger of losing public support. Without that, we'll have a very hard time resisting government demands for access.
Your message can basically be distilled into "it's absolutist but we can't let it come across that way to hurt our PR".
I'm not sure trying to increase the complexity of the issue just to make it sound like the technology community doesn't see this as binary is a good solution. I think what we need to do is education people around how encryption works.
If we're wishy-washy about the whole thing it may come off as something we can possibly do in the end. I think education is the only way. But that's just my opinion.
Some people on this are absolutists, and some aren't. If we could create a safe back door, some would be in favor of doing that, and some wouldn't. That's distinct from us not having a way to create a safe back door.
One problem I see us having (and I've seen this on Facebook) is that some people think that we are saying we can't create a safe back door because we don't want to. And I think they're getting that notion because of the people in the absolutist camp.
> If we could create a safe back door, some would be in favor of doing that, and some wouldn't. That's distinct from us not having a way to create a safe back door.
I've seen a tiny handful of comments like that and other comments about how they're fine if it isn't completely safe in order to "protect the country". Is there any data to even know for sure what the majority of common people think about encryption and backdoors?
I'm not convinced a near majority simply thinks that SV just "doesn't want to". Well except in maybe the current Apple vs FBI case as the FBI and some of the media are kinda shouting that. Perhaps that'll sway the tides and make more people think in that way, however?
Either way I still think trying to educate the populous is the best way to undermine the entire idea of escrow keys / backdoors.
I don't think a "near majority" needs to think that for this to be a useful approach.
When people can't engage on the substance, they fall back on human heuristics. E.g., bedside manner is important in doctors because people will generally stop listening to doctors they don't find trustworthy.
You're welcome to try to educate the populace on the subtleties of crypto. My guess is that the number of people who will sit still for that is pretty small, but maybe I'm wrong. In case I'm right, though, I think a useful backup would be displaying empathy for the (reasonable) societal goals that are driving this push for back doors.
I didn't think I'd come back but I liked your comment and wanted to rebut.
There is a middle ground and where it lies is directly related to the assessed risk. To support a mechanism is a binary choice but its design is not.
In the San Bernardino example, an unexpected potential adversary (Apple) has emerged. An unexpected vector is being discussed which has nothing to do with the encryption mechanism itself. Perfect cryptography doesn't imply a perfect cryptosystem and it sure doesn't imply perfect privacy.
The balance that needs to be found is around the assistance which is rendered to warranted agencies to enable their access to data. IMO vendor supported key material attacks are not an unreasonable solution but obviously that mechanism can go horribly wrong if the software is leaked and it is not adequately designed. The same can be said for signed updates in general though. This is a hard technical problem but it's not a binary choice where the agency has some magic key they can use wherever they want or they have nothing. If they can be enabled on a case by case basis such that it is cost effective for them to do the rest, that might be enough.
Obviously this is all based on the assumption of a robust local judicial process. However, whatever decision making process occurs needs to take into account global implications. Other commenters here and elsewhere have mentioned what this could mean for agencies in other countries where judicial process may be less robust. Many have commented about a lack of transparency in our own. This is a separate but very closely related concern. There are also considerations for the open source community and how precedent like this might be applied to them. It's a hard problem but it's not binary.
I think this is an inadequate rebuttal. You're not being specific enough with what you mean by "its design is not [a binary choice]" Yes it really is. Either the cryptographic algorithm is broken or it's not; either the passphrase is known by 2+ parties or it's not; either there are backdoors, or there aren't. If no, no (1), and no, then the ciphertext is not determinable by the government if the only source for the passphrase can't or won't give it up.
It's also a binary condition whether a company should produce an unsafe fork of their own software and make it available to any government. If they should, then in effect all governments will use it against their adversaries, foreign and domestic.
> The balance that needs to be found is around the assistance which is rendered to warranted agencies to enable their access to data. IMO vendor supported key material attacks are not an unreasonable solution[...]If they can be enabled on a case by case basis such that it is cost effective for them to do the rest, that might be enough.
Why is it not unreasonable? You're compelling companies to write custom software explicitly for law enforcement use. Let's say you own a company that creates product X. Now the FBI is compelling you, through the court system, to develop a completely custom version of product X to let them access it or use it in some way. Sure they're paying you but you now have to redirect resources to handle this and you likely hired people to do things other than work on a government project. This ultimately can hurt your company and its market position simply by consuming your resources.
This is unprecedented outside of war times. It's hard for me to imagine anyone being okay with compelling a company to become a government contractor.
> It's a hard problem but it's not binary.
It absolutely is. The "middle ground" you pointed to isn't a middle ground; it's unconstitutional. I have yet to hear a technically viable AND constitutional "middle ground" in this debate.
> vendor supported key material attacks are not an unreasonable solution
Did you know encryption technology is not limited to Apple? It's not even limited to big companies. Anyone with a book or internet connection can implement encryption.
This isn't plutonium, which is hard to come by. Any law that puts a backdoor on phone's encryption schemes will fail to stop criminals from hiding their communications. They'll simply use another device or download a different app that does give them encrypted communications.
You and Obama are both correct to point out we should be seeking a balance to maintain our security. However, your calculation of that balance is missing some key elements, such as the one I mention above, which is that this is a gigantic game of whack-a-mole. It's the biggest one you could ever play. There's no way you can censor the internet or ban certain kinds of software. It's the same as censoring speech. Encryption is just code. The policy Obama is implicitly proposing simply won't work.
I can see you've thought about this so I'll give you one example where I think we should unlock a phone.
In the movie-like scenario where there's a nuclear weapon hidden somewhere, and an encrypted phone holds its location, then I would expect the NSA and FBI and every computer in the world to sick their processors on copies of that phone's data in an attempt to break the encryption. I believe this is already described as something the NSA has in place with a program called Bullrun. It seems likely to me that the FBI is unable to make use of this technology because decryption is so laborious, even for the mass of computers that the NSA has built up, and even for all of Google's machines. They just don't have enough to decrypt every criminal's phone. But I believe they could decrypt the movie-like scenario nuclear-weapons-hiding phone.
So we're covered in the most extreme case. But in reality there are all kinds of ways to discover someone's password, and you don't always need a huge server farm to get at it. For example, software has weaknesses that are only known to the NSA. No software is 100% impregnable. Even Snowden admits this.
We've existed as a society for a long time without encryption. Bad actors who collaborate exclusively online using encrypted technology, and who never meet in person, are few and far between.
Unless the US government has some major secrets to reveal about the balancing factors of maintaining public security, then on balance, trying to force backdoors into phones will make us all less secure. This forced weakness will be exploitable by every hacker in the world, at no cost, and from positions which are not governable. And the phone manufacturer will be required to keep that weakness as-is because to fix it would be to break the law.
I don't believe that Obama himself has an blunt understanding of this issue, but I can't know what is truly in his heart or head and the view promoted in his statements here is utterly oversimplified and purposely lacking in nuance. Glossing over the impossibility of providing security only against "bad guys" while leaving you open to "good guys" is an intentionally low resolution view of the issue intended to make refutations based on that impossibility sound like nerds nitpicking the implementation details.
I don't think whether he understands it to really matter. I think even if he was the world's foremost security expert, his message would be the same as it is now.
The government isn't saying that no one should be able to encrypt data. They just thing that, in some cases, it should be done in such a way that certain data can be read by use of a centralized master key.
This, of course, presents certain problems. What if that master key leaks?
But it's not binary. Data secured this way is absolutely safer than not encrypting something at all. "Is it safe enough?" is certainly a question that people can disagree on.
The fundamental issue is that any back door accessible to "the good guys" will also be accessible to sufficiently-technically-advanced "bad guys". And from the perspective of securing the United States' defense infrastructure, major corporations, etc., there are multiple sufficiently-technically-advanced "bad guys" in the world already (i.e., certain major foreign governments and their intelligence/defense complexes).
So if you're doing US national security, you cannot accept the Obama position; any technology to which our "good guy" law enforcement could get access is guaranteed to also be a technology to which a "bad guy" foreign enemy combatant could similarly gain access.
If you're a major US corporation, you cannot accept the Obama position; any technology to which our "good guy" law enforcement could get access is guaranteed to also be a technology to which a "bad guy" foreign intelligence/espionage agent could similarly gain access.
So as far as that is concerned, it is binary. You can either be secure against foreign threats, in which case you are also as a side effect impenetrable to the local "good guys". Or you can be penetrable by the local "good guys" and also as a side effect penetrable by the foreign "bad guys".
The argument advanced against Obama's position is that A) it fundamentally fails to acknowledge this reality, and B) seems to argue for deliberately compromising national security in order to... preserve national security? In other words, it is not only unrealistic, it is in fact nonsensical and self-contradictory.
We're talking about iPhones here. Not the nuclear launch codes. Maybe you have information on your phone that KGB is interested in, but most people don't.
Again, security & encryption aren't binary. It isn't on or off. Different levels of protection are appropriate for different levels of threats. The lock on my mom's suburban house is a lot weaker than the lock on the vault holding the gold at Fort Knox.
Similarly the kind of security appropriate for consumer grade cell phones might be different than the kind appropriate for guarding US national security secrets.
Maybe you have information on your phone that KGB is interested in, but most people don't.
You have a very narrow view of what information is sensitive. Do you know how many Americans work either directly in, or in industries associated with, defense? How many of them use Apple products as part of their work?
Or let's take a more down-to-earth example: I work for a company in the health-care space. We have health records on thousands of people, and as we expand we'll have more health records on more people. With your approach, where should we draw the line? Would it be OK to use security bad enough that, say, an Eastern European organized-crime ring could break in? Or do we need to defend against them and not against the KGB? How do we figure out what level of tools to use to do that? How do we figure out whether what we have now will still be mafia-proof in five years?
Oh, and keep in mind that legally we have to protect that data, and improper access to it can not just shut down the company but send me and my co-workers to jail. How much would you be willing to compromise with that on the line? If the potential consequences to you were jail time, how much on the side of Obama and the FBI would you be? How much risk of that would you take on in order to make law enforcement's life a little bit easier?
And in case you think this is a red herring, remember the San Bernardino shooter... worked for a public-health department.
If I can gain access to your customer's data by gaining access to a cell phone owned by one of your employees then you are doing something deeply, deeply wrong.
The fact that it's an iPhone in the San Bernardino case is kind of a red herring; the precedent it would set is not "iPhones and only iPhones and not any other type of computing device are subject to law enforcement unlocking". The precedent it would set is that any encrypted system must be built to be decrypted on demand by law enforcement.
And that gets back to my original comment: a system the "good guys" can decrypt is one the "bad guys" will be able to decrypt too.
Slippery slope arguments are lame when they start to go like this.
Like, I get you. By allowing X which might actually be OK, we might allow X+1 to happen and that wouldn't be OK. So we must oppose X as a practical matter.
I get the practicality of that.
But when you start opposing X as a matter of principle rather than simply as a matter of practicality that's when you've gone off the rails.
Well, for one thing it's not even a slippery slope. They want to unlock his work-issued phone, not his personal phone, and the FBI admits they have, and other law-enforcement agencies admit they have, an almighty queue of other things they'd like to get force-unlocked if they can only get precedent claiming that companies do indeed have to circumvent their own products on demand.
And you presume that compromising the iPhones belonging to the men and women who do control the nuclear launch codes wouldn't serve to compromise everything they control, by extension? Either by using the data as a lever against the people, or directly snooping, this would be a very powerful opening, and your position seems to defy all common sense.
Yes he did use it for a reason. He used it to make it seem perverse that you would want your information on your phone to be secure. Hes is trying, once again, to put forth the governments position that if you're not trying to hide something, you have nothing to fear.
And quite frankly, yes, I do hold the security and privacy of data as more important than the terrorism song and dance the government is playing. And I do hold that view absolutely.
Plus, any key that the government can use without your permission, they can illegally abuse. And if there's one thing we've seen proven recently, it's that such abuse will occur.
It's worth noting that in this case we're only talking about keys that are useful to someone in physical possession of a phone. So as long as I retain physical possession of my phone no one can get at it, keys or not.
wow, when you put it that way it's like saying "either I have the right to own a gun or I do not." So I guess if people except limits on gun ownership they should accept limits on encryption cuz it's just as dangerous?
Actually no. What I'm saying is that you do have the right to own a gun, but there are limits on gun ownership.
* Minors cannot buy guns.
* Convicted felons cannot buy guns in most circumstances.
* There are numerous locations in which it is illegal to bring a gun.
* There are numerous types of guns that you are not allowed to own.
To me personally the concept of even owning a gun is utterly ridiculous, but I guess American people would be incredibly upset if every gun had to come with a built-in remotely controlled switch that could be used by the police to disable it. This is essentially what they are trying to do with encryption - you are free to use it, but we want to be able to manually switch it off if we want to.
Encryption is a measure that prevents unauthorized parties from taking part of what is encrypted. If it fails that on such a basic level that a specific unauthorized party can trivially access it, it's not effective encryption. Whether or not it is effective, then, is just a matter of whether you agree that who ever holds the master key is authorized to access whatever it is that you encrypted.
It's still not broken in any technical sense, but if I don't want a third party to read my data and they are still able to do so, it's a stretch to call it encryption.
I don't think that's true at all. If you use gmail your data is pretty safe. Unless you tell me your password I'm going to have a pretty hard time reading your mail. It's encrypted at rest on Google's disks. It's encrypted in transmission over the internet. Google's network is protected with various forms of encryption and security that makes it hard for an unauthorized party to get into.
But Google itself can access and read your email. It does so in an automated fashion to target ads at you.
Sure there is. We have a system of laws and courts that define the contract.
And besides, the existence of a contract or not isn't really my point. My point was that encryption isn't an all or nothing situation. You don't either have completely ironclad security where you and only you can access your data or nothing at all.
There are degrees of technical protection. That was my point. The black and white thinking about this issue is wrong.
> Sure there is. We have a system of laws and courts that define the contract.
Isn't the point of discussing this that you actually don't have anything that defines that contract? In terms of the fourth amendment, it seems like there is quite the opposite contract in place already. Also, as an Apple product user outside the U.S., this supposed contract is not something that I ever agreed to.
> And besides, the existence of a contract or not isn't really my point. My point was that encryption isn't an all or nothing situation. You don't either have completely ironclad security where you and only you can access your data or nothing at all.
It is an all or nothing situation. That there is only one unauthorized party able to intercept my data using a back door doesn't change the fact that there is an unauthorized party able to intercept my data using a back door. Whether that is practical for you or not, again, depends on whether you consider the third back-dooring third party authorized.
> There are degrees of technical protection.
I think that maybe the discussion here comes from the fact that you are indeed talking about "technical protection" in general and not encryption specifically. The point of encryption is that only eligible parties can decode the data. If others can decode the data it's not really encrypted, as a matter of definition.
For example, using Google as a mail provider may prove to be poor "technical protection", but the data is encrypted and the authorized parties are part of the terms of service. That the U.S. government can decode my encrypted data without permission may prove to be practical "technical protection", but in terms of encryption it really is a boolean situation.
There's no award for effort. Apple built a cryptosystem that doesn't work against an adversary that is Apple. "Encrypting" isn't some magical property that makes your data safe. The encryption itself is just one aspect of a whole system that must be designed to protect against certain adversaries with certain capabilities. The government would be totally allowed, for example, to tamper with your wax seals if it had a warrant to read your mail.
I lied, there is an award for effort. Wherever you have an "reasonable expectation of privacy", the government must get a warrant or your permission to exercise its search and seizure authority. That's the protection that you're entitled to by our laws.
Even the EFF is acknowledging the weakness of your argument when they try to frame it as an issue about Apple's free speech instead.
I think a lot of libertarians miss the fact that many of the communications monitoring aspects that the administration is proposing includes authorization by court order.
It's not like your communications are being monitored by random government employees at will for no reason. There's a specific safeguard here for personal privacy, and that's through a court order.
If government is monitoring your communications, then there's a pretty dammed good reason, as determined by a judge.
Sure, you might call that final safeguard as not enough or susceptible to corruption, but once you do that, you cease to be able to function in a society.
Judicial review is the "trust zone" that citizens are expected to have on society. If you don't trust judicial review, then there's no hope left for you to function in a normal society filled with other people. If you don't have such a "trust zone" in government, then you are basically forced to build your own army to protect you, since you don't trust government.
Since having your personal army is stupid, your best option is to make sure judicial review cannot be corrupted.
Communications are already being monitored by random government employees with no judicial review.
The FISA court is already a rubber stamp. Encryption is one of the only ways to non-passively protest.
Edit: Can't reply to my replies, likely because of the down votes on my parent's comment.
Re: FISA, yes to both. That anecdote may be truth but I am still hung up on NSA employee looking up ex-girlfriends' emails the day he got access to do so.
Re: Army, you aren't wrong but that's not encouraging. It's true, at the end of the day the most powerful military will win.
But it's an argument that only wins against those with something to lose, like people who care about their family or nation states with a future. I guess that's why the ultimate response over a long enough timeline to an unbeatable military force is terrorism.
The existence of the FISA Court has never been a secret. It was created by FISA in 1978 and is right there in the text of the statute. Even the members of the FISA Court are publicly disclosed (they're all existing Federal judges who are appointed to temporary terms).
What is secret about the FISA Court is its decisions, not its existence (and that should change slightly as a result of the USA Freedom Act's requirement to release "significant" opinions).
As a European that still effectively screams "secret court" to me, just with some word games around it. Part of the problem is the US also broadly applies "Top Secret" to too much information, even the mundane, so then it "has to go to the secret court because it's "Top Secret".
Oh, I'm happy with the description of the FISA Court as a "secret court"; I just wanted to answer the misconception that this means people didn't know that the court existed.
Interestingly, regular courts can and do hear cases involving classified information.
It's not that cases involving classified information somehow get transferred to the FISA Court; instead, the FISA Court only hears cases involving surveillance requests arising under FISA.
I hear this a lot, what is the basis of considering the FISA court merely a rubber stamp?
Is it the approval rate? Is it the lack of transparency?
If it's the approval rate, in my experience the reason why court warrant approvals are so high is because intelligence / law enforcement are very risk adverse and will not submit requests that are likely to be rejected. Anecdotally, the officers I talked to considered it career poison to submit a request that got rejected by a court.
tehwebguy: I'd prefer if you replied to me in a separate post rather than editing in a reply to your post. It makes it hard for me to respond.
In a way I'm heartened by stories about NSA employees acting inappropriately, it means that they're being caught and disciplined and the Office of the Inspector General is doing its job. If it was routine and accepted it wouldn't be a newsworthy story and the inspector general.
That said, I don't think employee abuses have much bearing on the effectiveness of the FISA court as a source of judicial oversight for intelligence operations inside the United States.
I think it shows that they have an excellent understanding of their authorizing legislation.
It also reflects that unlike other types of warrants the court can request revisions or additional information before making a decision and requests can be withdrawn before a formal rejection can take place.
Some estimates put the reject/withdrawal rate closer to 25%
The U.S. government has already shown that it is willing to abuse the law and create loopholes. Maybe the FBI will need a court order, but once the back door exists, what's to stop the NSA, or North Korea, from using it and finding ways to exploit that vulnerability. Freedom has a cost and we need to accept that. There are no free lunches here.
But without a valid court order, the evidence collected by the NSA cannot be used against a defendant in a trial. If a defendant feels a court order was improperly issued, he can appeal his conviction on those procedural grounds.
If the data is not used in a criminal case, then there is no mechanism for 4th amendment protection and the spied-upon has no recourse.
Except that this isn't correct in the face of parallel construction. You can't fight the evidence at trial if it either isn't presented, or its origins are misrepresented by the prosecution, which is what parallel construction leads to. (You use the stuff from the NSA to find other stuff, and build a plausible story about how you found the other stuff. The illegal search is never presented in court, so you can't fight it; the other stuff is, but is should be fruit of the poisonous tree, if the full truth were told.)
1. Data is collected without a court order, by an otherwise trustworthy government (for the sake of argument).
2. Time passes and government policies change
3. Information that was previously inadmissible, and which should have never been collected in the first place, is now admissible.
When we talk about law, we can't just consider how the current government will use it. We need to restrict how a future government could abuse it. You see the same pattern all the time in software: Some assumption is made in an earlier version. The basis of that assumption becomes invalid after further development. Now the thing that didn't matter before gets a bug added to your queue.
>But without a valid court order, the evidence collected by the NSA cannot be used against a defendant in a trial.
Ostensibly, but in reality the FBI or local agency will use parallel construction to find another way to introduce evidence without even mentioning the NSA.
> Your best option is to make sure judicial review cannot be corrupted.
This is the problem Snowden exposed. There is not enough transparency to verify judicial processes.
Secondly, it's seems that if information collection, safety, and exchange were working well, the FBI wouldn't be asking for more.
Obama's ability to unite and create dialog is welcomed. However, I don't think phones are fetishized. There's simply a lack of education everywhere. As Jobs said, “Privacy means people know what they are signing up for”.
Nothing is being missed other than the premise that you can only create a back door that just compromises your privacy and security to the FBI/NSA. A backdoor available to the US Govt, is a backdoor available for everyone.
> The question here is: do you place any trust in government?
The Snowden leaks have shown the NSA's system-wide abuse and sealed courtroom judgements allowing rampant abuse and overreach by the NSA where they're able to operate free from oversight where even most of Congress had no idea what they were doing.
> If not, then you really can't function in a normal society. Good luck building your own army.
This ridiculous conclusion tantamounts to we either have to trust the US Govt or we need to build a private army. We are already functioning in a society without the need of a private army. We also live in a time where we can protect our sensitive information from the US Govt with readily-available strong encryption. Do I trust the US Govt with my most sensitive information? No I don't. Do I need a private Army? No, no I don't.
I can have trust in a government, but not in some of the individuals that make up that government. And I would want necessary protection from said individuals.
The entirety of the US system of government is predicated on lack of trust. Hence checks and balances through branches and the limits placed on the government by the constitution. The founders saw this coming. They didn't trust the government. Why should we?!
I don't know why you were downvoted. Your comment is spot on, let me just finish the sentence - "if you don't trust government, then you can't function in a society and therefore government eliminates you".
> If you don't trust judicial review, then there's no hope left for you to function in a normal society filled with other people.
This is an extreme statement and a false dichotomy. I think there's plenty of room between "completely trust government" and "unfit for society". If I'm uncomfortable with the potential for abuse of monitoring (which has already happened plenty of times), that means what exactly? I should remove myself from public discourse?
Right, which is why we have Judicial review of communications monitoring, since we don't trust the executive branch (a political entity) with that power alone.
So you're suggesting that the sole legitimate check on governmental power is the government itself? And that anyone outside the government attempting to challenge abuses of power is by definition unfit for society?
But the voters are being purposefully misinformed by that very same government. It's literally circular reasoning.
Your argument would hold more weight if the people voting were actually well informed and educated about what the implications of their votes would be. If the government came out and said "everything you do, say, click and load will be saved for latter analysis" do you think they would vote the same way?
The argument would also carry more weight if the voters actually had a chance to vote on this issue orthogonally to everything else, rather than picking a candidate and hoping.
(Not that I'd accept building a backdoor just because 50%+1 people wanted access to my users' data, either, but at least then the argument made in the post you replied to would have any meaning at all.)
> It's not like your communications are being monitored by random government employees at will for no reason. There's a specific safeguard here for personal privacy, and that's through a court order.
That argument had weight pre-Snowden. It carries no water now.
Yeah, the ones that were badly misconfigured and easily circumvented, like how NSA employees were caught snooping on their love interests. I for one do not want to live in a society where the government is one .conf file away from putting my entire life story in plaintext under scrutiny.
A. The Snowden revelations show the US has spent years being dishonest about their programs. You'd be silly at this point if you think there is not a huge database of American communications too.
B. "Filtered". Do you really believe that? Considering it's coming from the same government that also uses the words "enhanced interrogation"?
C. The US seems to consider the rest of the world people with no rights at all. People understand spying on other countries, not spying on every other single person in the world with a phone and/or an internet connection.
D. Your reasoning is faulty:
> If government is monitoring your communications, then there's a pretty dammed good reason, as determined by a judge.
Just because an "authority" says/does something does not mean it is right. It should be expected to explain its reasoning, openly and transparently. Then I can trust it. The current programs do not do that and have no intention of doing that.
E. Random US government employees are literally reading your communications.
Authorization by court order still works fine in physical space.
We are talking about introducing back-doors to what essentially already is an extension to our brains. If you understand computers, you know that analogies between the "real world" and our abstract world of modern information systems usually don't hold well.
Please try to think through all the subtleties, you clearly don't have to be labeled "libertarian" to foresee a death-by-a-thousand-cuts of our civil liberties (as with democracy, the US still sets global trends btw).
> Authorization by court order still works fine in physical space.
That's an interesting question to evaluate by analogy, though.
Suppose you could, relatively easily, build a safe that nobody can enter without the combination (including the safe manufacturer). The government could serve a warrant to the person who has the combination, and you might even have to choose between opening the safe or going to jail, but if they chose the latter, they still can't get into the safe. They could point a camera at the safe, or rig the dials, so that the next time you open it you get the combination and can open it themselves; however, if you know or suspect they've done so, you can avoid ever touching the safe again, and they still don't have access. And serving a warrant to the safe manufacturer does no good at all, because everyone already knows everything about the safe except the combination.
Have you played "The Room"? I might just install it again right here on my smartphone after reading your comment - "fetishist" that I am :)
With that statement of mine I was mostly trying to convey how some things shouldn't be easy.
Let me try to paraphrase:
I'm sure that Sherlock would find a way to open that safe without a computer doing it for him!
To a certain degree I can understand the frustration of executive agencies over their apparent missing-out on all the shiny low-hanging fruit - but they shouldn't worry so much as the promises of most tech be it the use of "big data" or accessing our all-encompassing "personal assistants" ultimately won't free them of doing their jobs.
> With that statement of mine I was mostly trying to convey how some things shouldn't be easy.
I agree completely. I think attempts to paint this as a "reversal" of hundreds of years of governmental warrant procedure is ignoring that these new devices and this new data didn't exist hundreds of years ago. If we're going to put a huge amount of valuable data about our lives in one place, we'd better protect that place better than we've ever protected anything before.
First, it doesn't matter what process governments (plural) have in place to protect backdoor access mechanisms or escrowed keys. That those mechanisms exist at all means they can and will be abused by people who do not go through those mechanisms.
Beyond that:
> If government is monitoring your communications, then there's a pretty dammed good reason, as determined by a judge.
Not even close to true. We have documented evidence at this point that the government is monitoring all communications. They have no discretion.
For the moment, I trust that the government has not yet descended so far that it will arbitrarily arrest or detain everyone who attempts to maintain the security of their information. That doesn't mean I trust the government to unilaterally decide whose information it can access.
Government brokenness is not binary. There's a spectrum from "theoretical perfection" to "absolute tyranny". The US and UK governments are currently attempting to take a step in the wrong direction; that doesn't immediately imply that anyone opposing that step "ceases to be able to function in a society". Or are you seriously attempting to suggest that the government is entirely infallible and incorruptible?
The safeguard for privacy isn't just the court system. That provides a modest amount of protection against abuse of information that was left insecure to begin with, such as information left unencrypted with a third party. However, for information that truly needs security, the privacy of that information is maintained by the system holding it; that system neither has nor needs any concept of "a user other than the owner who somehow has access".
Let's ignore the Apple case for a moment, since Apple fundamentally does have access to the device. Even additions like the more recent security chip have potential ways to bypass security, albeit by dissecting a tamper-resistant chip; that's a tradeoff for supporting insufficiently long user PINs, and wouldn't be needed with a secure passphrase. Whether Apple wins or loses, the much more interesting question is whether challenges arise to the construction of devices that genuinely cannot be accessed by anyone other than the device owner.
As a simple example, consider an encrypted device, using a key and passphrase, where the passphrase uses an appropriate strengthening technique to make it computationally intensive to test a single possibility. Easy to get in if you know the passphrase, but if done right, computationally infeasible to brute force even with NSA-level computing resources and centuries of time.
Laptops regularly use that level of security today (modulo the user's chosen passphrase). Phones should as well.
If I had a perfect eidetic memory, I could memorize huge volumes of information and keep no records of them; in that case, that information is completely secure (against anything except rubber-hose). Encryption provides an amplification mechanism there: instead of memorizing gigabytes of data, I can instead memorize a passphrase, and gain access to arbitrarily large amounts of information that nobody else can access (modulo security bugs, or physical device compromise followed by my continued access).
That those mechanisms exist at all means they can and will be abused by people who do not go through those mechanisms.
Isn't this true about traditional wiretaps as well? Yeah, a corrupt agent could illegally wiretap anyone's phone, but that certainly won't hold up in court.
Yes, that's true. And anyone who cares about the security of their phonecalls should be using encryption rather than POTS; for example, you could use Signal for encrypted phonecalls and SMSes. Warrant or not, unless there's a bug in the implementation, the only way you can tap that communication would be to compromise the endpoints (either electronically, or via a physical bug/tap on the device).
Metadata has critical value. And private communications are being monitored, recorded, and searched as well. (Many people, myself included, also reject the notion that unauthorized collection and recording is fine as long as the subsequent searches and filters are authorized.)
You seem to be taking government descriptions at face value, despite documented evidence to the contrary.
Consider the possibility that the government you seem to place absolute trust in is not, in fact, perfect.
You seem to be attempting to paint everyone who disagrees with you as someone who stockpiles baked beans and ammo in a bunker. You also seem to have no concept of any middle ground between "absolute trust in the infallibility of government" and "radical anarchist".
Let's make this concrete, instead. Anyone can, today, using off-the-shelf software, store information such that only someone with a passphrase can access it, and such that all the computing power in the world would take centuries to access it without the passphrase.
In such a scenario, I don't expect anyone to "trust" anyone, or to need to. (Modulo the issue of trusting the software to be properly implemented, which is a separate discussion but has some plausible solutions.) Instead, I expect that the software in question will prevent unauthorized access, as it was designed to do.
It is exactly like some communications are being monitored by random government employees at will for no legitimate reason: https://en.wikipedia.org/wiki/LOVEINT
Note that "most incidents are self reported" kinda sounds good, but really means "we don't have any good systems for finding it", and probably means many incidents are never discovered.
Maybe it's that he decided to use his political clout to pick healthcare as his signature in American history, not wage war against the NSA, but either way it saddens me to have campaigned for someone who has empowered a surveillance state instead of fight against it.
Liberty literally means "freedom from arbitrary or despotic government or control", and freedom in the information age means the liberty to communicate and store information. Anything to compromise that makes us all more vulnerable to control in all parts of our lives, not just those stored in zeros and ones. I believe America can be "Land of the free, home of the brave", but not without digital liberty.