We can argue all day about how the law doesn't prevent criminals from using technologies (it doesn't, which makes the law idiotic, from a logic perspective), but that's not the important part.
The important part is that this group of folks we're calling Government is trying to prevent us from being allowed to have secrets and whisper to each other.
Government is not as stupid as we'd like to think. Government doesn't believe that "terrorists" will stop using encryption. These laws are not for "terrorists". They're for us. Take away somebody's ability to keep secrets, and you've gained a pretty good advantage over their position.
This is about only one thing: leverage; and leverage is power.
We should tell other people that the law does not stop criminals from hiding their communications. Some people don't understand the nature of software or open source, and it can be explained.
> The important part is that this group of folks we're calling Government is trying to prevent us from being allowed to have secrets and whisper to each other.
Personally I think the people who support this kind of law are the same ones who believe they have nothing to hide from the government. So the privacy argument is lost on them. When you point out the law is harmful to their security and impossible to enforce, then there's a chance you'll be able to convince them.
This is a great opportunity for technologists to chat up their friends and family, start campaigns, or perhaps even run for office. This issue is an easy win if you can keep a cool head while explaining the facts.
The point I'm making is that I don't think it's lost at all. I think these people didn't all get to be in positions of power by being bumbling idiots. They know that they can convince some portion of the masses that they are in danger and need help. And that's all it takes to get a leg up on everyone; a portion of the masses.
I don't think our elected officials are bumbling idiots. But they aren't informed about everything either. It's impossible to be an expert across all fields.
As technologists, we think this issue is so straightforward that you must either be evil or a complete idiot if you support this law.
We'd do well to take a step back and observe our thought process. We often think things about computers are simple which others don't understand. That is why we get paid.
Investigate the motive and the means, just like you would a crime, and you won't find yourself in the legislative branch of this government.
The people and Congress have the power to put a stop to bad ideas coming out of law enforcement agencies. Speak up about it.
I don't think it is either. More likely it is the "something must be done, this is something" kind of thinking. You don't need to be absolutely evil or absolutely idiotic to subscribe to this philosophy.
The problem is that we end debating the right side of that claim (because that's what the uniformed masses and legislators focus on), what the something should be, rather than trying to convince people that the left side, the premise, is unfounded.
To fall into it without warning, no. Like all fallacies, it's a local maxima.
But to stick with it after it's pointed out... At best that's stupidity, at worst it's deceit and treachery.
The Press Secretary recently stated this about the President,
> he believes that strong encryption should be robustly deployed. At the same time, we should not set up a situation where bad actors -- terrorists -- can essentially establish a safe haven in cyberspace. 
There's also a commission that was formed yesterday to handle this question. It is called the President’s Commission on Enhancing National Cybersecurity  and they are due to give a report by the beginning of December (7.5 months).
The fundamental issue here is that mutual trust between US government and the American people has been significantly eroded. Until this issue is addressed and trust is restored, all other discussions (however informed) are ultimately idle chatter.
It seems like pretty common sense wisdom that being in power usually leads to wanting more power, and also that power often corrupts. One does not need to be a "conspiracy theorist" to come to this conclusion.
The real conspiracy is the apparently concerted effort to call anyone that believes the government is busy grabbing power a "conspiracy theorists".
It doesn't. You were saying some government officials are saying one thing to the public while knowing another to be true:
>> We love to think these people are much like our clients who don't know the difference between a popup window and a Python program. These people are informed by groups like the DIA, CIA, NSA, and every other TLA, with a wealth of information on these issues.
That implies some sort of secret plot that would harm the integrity of our government and country.
> It seems like pretty common sense wisdom that being in power usually leads to wanting more power, and also that power often corrupts. One does not need to be a "conspiracy theorist" to come to this conclusion.
I agree entirely.
> The real conspiracy is the apparently concerted effort to call anyone that believes the government is busy grabbing power a "conspiracy theorists".
Nobody said this. Claiming that there is a concerted effort by officials to lie, however, is accusing them of conspiracy.
This vibe of distrust hurts the ability of technologists to come together and be as effective as they're capable of being within government. Ultimately, society and its elected government is formed around trust. You have to believe that most of the people who enter into elected positions did so with the aim of improving our society before you can be effective within it yourself.
Yes. This is called lying. It doesn't require a "massive conspiracy".
> implies some sort of secret plot that would harm the integrity of our government and country
It implies nothing of the sort. It implies that Government is losing the leverage that gives it the power to levy taxes beyond what is acceptable by the population, and so Government's present endeavors (partly driven by outside commercial pressure - e.g., military contractors) are overshadowing its primary purpose, which is to protect us and our rights.
Better: this law would effectively grant criminals infinitely more protection than law-abiding citizens.
That is already the case. If you whisper a secret into my ear, the government can subpoena me and force me to tell a court what you said. They can force you to tell a court what you said so long as it's not incriminating to you, and even then they can do it if they give you immunity.
We can debate about what the law should be, but for the last several hundred years, the law has not really contemplated people keeping secrets from the Government. "Privacy" as it has been understood to date means protection from the government fishing for evidence without probable cause, not an absolute right to keep secrets.
Pervasive, unbreakable encryption is a game-changer that requires rethinking the existing framework. We're not just talking about not being able to get data from a terrorist's phone. We're talking about the bread-and-butter of many sorts of criminal prosecutions being opaque to the government. Good luck convicting someone on insider trading when all the relevant communications are opaque to the government.
I happen to think that the benefits of encryption outweigh the challenges to law enforcement. But its disingenuous to pretend that the government is trying to "take away" a right to "keep secrets" that you already had. Our whole legal system is built on being able to get whatever evidence is relevant wherever it may be found, with extremely narrow exceptions.
And while we're at it, why is the existing state of affairs not good enough? Why the attempts to subvert the message pipe? After all, the govt can still compel people to talk, and its people receiving those secret messages.
The reason is, to my cynical mind, that they're interested to avoiding the work of warrants etc. They'd like to sidestep privacy entirely, and just record everything in the pipe. Not entirely cynical; its exactly what they've done with the tools they already have.
In my mind there's an enormous gulf between subpoenas of a person for information, and the ability to get that information secretely and continuously.
That being said, the ostensible purpose of this bill is to govern what happens in response to a valid court order.
This is true, but they can't compel me to inform on someone who had a whispered conversation near me that I couldn't hear. To me, the current bill is more like the latter scenario.
If I invented a communication device consisting of two cans and a connecting string, then sold it as a way for neighbor kids to talk privately to each other, they could not compel me to divulge the contents of their conversations because I wouldn't have access, even though I built the canmunicator. I think that in this case, what they're doing is more like mandating that I have a way to let them monitor all string vibrations.
If they want to subpoena information, they can demand that one of the parties actually involved in the communication surrender their keys. If they refuse, then it seems like basically the same situation as when both parties to a whispered conversation refuse to talk about it.
It is. But - I'm sure you've heard this better stated before, but - the first game-changer was the massive volume of everyday conversation and chatter that has moved from ephemeral speech to various digital forms, such as SMS, Facebook, messaging apps, or this very site, and thereby (usually inadvertently) preserved indefinitely, along with a ton of metadata such as location information. Digital message records are in theory the same type of information as, say, the result of a subpoena asking someone what they heard in a not particularly important conversation in a private space three years ago, but the former's volume and precision creates a significant qualitative difference. Using encryption to take that information out of the government's reach is in large part a return to the status quo.
Of course, for the case of stored information on a phone, an alternative to encrypting such data is just periodically wiping it - something which, if Snapchat is any indication, appeals to people at some level and should be more widespread.
That is, you said it is a "game changer," and not a game-changer. You have to issue subpoenas, conduct depositions, etc.
Government can attempt to legally compel you, but they cannot actually "force" you to do something. Even torture cannot actually "force" you to do something. What can force you to "tell a court what you said" is making it impossible for you to keep a secret; like mind-reading technology.
> ...legal system is built on being able to get whatever evidence is relevant wherever it may be found...
Think about it for a minute; Government says "tell us what you whispered", you say "no", then Government says "fine. you go to jail for contempt". Has our society collapsed because people said "no" to this question?
> ...being disingenuous to pretend that the government...
I'm not sure "disingenuous" was the word you meant to use here. There is nothing I've feigned ignorance about, and I've made my points pretty clear.
Ah, see @JoeAltmaier's already great sibling reply.
Point out all the times that government databases have been hacked, and that if their secrets are swept up in government dragnets, it's only a matter of time before blackmailers and identity thieves get hold of them.
The pro-privacy lobby has 2 big boogey men: "criminals" and "the Chinese". What's our third boogeyman? We must close the boogeyman gap!
I suppose "crooked LEOs" doesn't have enough of a ring to it.
Um... how about Government.
I'm not suggesting that Government is intrinsically a boogeyman (and I'm not an anarchist), but first and foremost on the list of entities that privacy and weapons protect citizens from is Government.
Feinstein's seat is up in 2018, and she'll probably retire. How do we ensure our next Senator has a more technically literate position on encryption? Who are the plausible candidates?
In the 2012 open primary, the next highest Democratic candidate only got 2 percent of the vote compared to Feinstein's 49.5. So who is waiting in the wings?
You may disagree with a perhaps naive perspective like that, but that interpretation does not make it any less real. There are plenty of common folk who would agree in the above scenario data in plain text should be made available upon lawful request by either carrier or mfg. That's not "the government" and to think so kind of misses the mark.
We already have this concept of "the government can go through your stuff" in the form of search warrants. It's not a leap at all to apply that to encryption, too, even if some specific law gets it wrong at first.
I'm sure if pocket enigma machines were around when these laws were first being put to parchment, there'd have been something in there about encryption from the start.
The problem is that your government wants to break all forms of encryption regardless of where or how they are used. Either they want something like a skeleton key or a method of bypassing the security altogether.
So they're not requesting a search warrant. They are requiring that you hand over the keys to your home or install a special door for them that is always kept unlocked.
The difference is that when it's not the government we're free to disagree. We're only concerned with people wanting to force it on us which these civilians with their personal concerns would not be doing.
> You may disagree with a perhaps naive perspective like that, but that interpretation does not make it any less real.
You may honestly hold a view but that does not make it any more real or sensical.
People want the comfort you describe (easy unlock) and perfect security. They believe it's possible but they resist thinking critically about it.
> For the common people this comes in the form "I believe my dead relative's phone has information which will expose their killer, I want the carrier or manufacturer to make that data available, it's legally my phone, not Apple's or Samsung's, I want that data."
And if the data was in a safe you'd be saying "It's legally my paperwork, not American Safe Co's paperwork. I want that paperwork." If you hadn't planned ahead they wouldn't be able to help you either.
If you don't have anything super-secret or valuable in the safe you can take advantage of bricks-and-mortar key escrow like putting the key/combo in a safe-deposit box, or trusting the manufacturer to hold it such as with restricted keyways and encrypted bitting patterns.
And similarly, you (or rather, the relative who might be killed) could buy a phone with some family unlock option on the cloud backup or they could put their unlock code on a piece of paper, put it in their safe-deposit box, and will it to you in event of their suspicious death.
We're all worse off if unlocking a phone or safe is easy to do without these measures. It's better that a few people lose their paperwork than that none of us are ever secure in ours.
This is a relatively new area, so we must careful to be precise with the terms we are working with. Like naming variables.
>encrypted data should be made available in plaintext
'Encrypted' data that can be rendered as 'plain text' or any other interpretable form of data upon certain conditions being met outside the scope of the initial encrypter is not 'encrypted data.' But could rather be referred to as something like 'concealed data.'
Encrypted data is data that is only accessible to those who have been authorized to access it by the initial encrypter.(setting aside human error in encryption techniques)
This definition follows exactly from the use of modern encryption algorithms. Therefore, encrypted data accessible to anyone other than 'Alice' or 'Bob,' is not in fact encrypted.
Sure, I don't think Obama is going to throw me in jail and I have nothing to hide now...but that doesn't mean in 20 years there won't be some Nationalist/Authoritarian type in control of the country like we saw with countless fallen democracies in the 20th century.
Similarly, the Government has shown it incapable of keeping a secret with the sheer number of security failures they've experienced. So anything they have, we can assume is both public and indefensible. They use this capability and they might as well hand the information to criminals on a silver platter.
Yes. This is a great way of saying this.
This is one of the things that the Snowden leaks should have made clear to everyone but sadly that isn't the case.
A huge amount of my social and work communication is via IM, text, email etc. What is the justification this should all be recorded and reviewable but things I say in person are not? I don't see a huge difference at this stage given how much communication happens online now.
Is that you, Bush Jnr?
grips forehead and moans
Senator Feinstein, who co-released this draft bill, is also the senator who introduced the assault weapons ban which was law from 1994 to 2004.
On the opposite side of things, Senator Paul opposes gun control but supports strong encryption.
It depends what is meant by "assault weapon". If you mean fully automatic weapons, then no, but those were essentially banned (with minor exceptions) for private ownership in 1986. Ownership of those had been regulated since 1934. The 1994–2004 "assault weapons" ban covered specific features on guns. Since 2004, purchase of guns with (2 or more of) those features is once again legal. Note that some opposed to the 1994 assault weapons ban claim many of the features are cosmetic, rather than functional.
During the AWB you could buy firearms functionally identical to banned ones, the only difference being cosmetics.
The ban expired because that's what was in the original law. There were efforts to pass a new ban, but they didn't even make it out of committee. Perhaps a presidential endorsement could have helped it go farther, but one can't hold the president responsible for what happens in the Senate and House committees.
Republican representatives have been pushing back against these bills. Representatives Amash, Issa, Labrador. Senator Paul.
Last weekend I was at the Colorado GOP state convention and I spoke in-person to Colorado's leading GOP senate nominee and he spoke at length of our need to block this sort of legislation. In addition, I spoke with State Sen. Tim Neville, who was the party favorite for the Senate nomination, and he spoke very highly of the efforts of Amash and Paul.
Of course, they're joined by Democrats like Lofgren and Wyden and Independents like Sen. King.
The GOP is not a homogenous group.
In my opinion, the only political identity that you might hope would fight back are Tea Partiers, and that's the same group that feels strongly about gun rights. I don't think you could be more wrong.
It will be interesting to see what Cruz does here when inevitably questioned about it. Will he alienate his new neoconservative base on this issue? Will he stick to his Tea Party roots?