Government is trying to make it illegal for one person to keep secrets and whisper them into another's ear.
We can argue all day about how the law doesn't prevent criminals from using technologies (it doesn't, which makes the law idiotic, from a logic perspective), but that's not the important part.
The important part is that this group of folks we're calling Government is trying to prevent us from being allowed to have secrets and whisper to each other.
Government is not as stupid as we'd like to think. Government doesn't believe that "terrorists" will stop using encryption. These laws are not for "terrorists". They're for us. Take away somebody's ability to keep secrets, and you've gained a pretty good advantage over their position[1].
This is about only one thing: leverage; and leverage is power.
> We can argue all day about how the law doesn't prevent criminals from using technologies (it doesn't, which makes the law idiotic, from a logic perspective), but that's not the important part.
We should tell other people that the law does not stop criminals from hiding their communications. Some people don't understand the nature of software or open source, and it can be explained.
> The important part is that this group of folks we're calling Government is trying to prevent us from being allowed to have secrets and whisper to each other.
Personally I think the people who support this kind of law are the same ones who believe they have nothing to hide from the government. So the privacy argument is lost on them. When you point out the law is harmful to their security and impossible to enforce, then there's a chance you'll be able to convince them.
This is a great opportunity for technologists to chat up their friends and family, start campaigns, or perhaps even run for office. This issue is an easy win if you can keep a cool head while explaining the facts.
The point I'm making is that I don't think it's lost at all. I think these people didn't all get to be in positions of power by being bumbling idiots. They know that they can convince some portion of the masses that they are in danger and need help. And that's all it takes to get a leg up on everyone; a portion of the masses.
I don't think our elected officials are bumbling idiots. But they aren't informed about everything either. It's impossible to be an expert across all fields.
As technologists, we think this issue is so straightforward that you must either be evil or a complete idiot if you support this law.
We'd do well to take a step back and observe our thought process. We often think things about computers are simple which others don't understand. That is why we get paid.
I think most of the elected officials are technologically illiterate, and bills such as this are driven by the fear that's been instilled in those officials by the appointed or hired intelligence community. Because they're the ones, what I'll colloquially call the "citizen conformance enforcement branch" of the government, that are most interested in the data and are most empowered by it.
Investigate the motive and the means, just like you would a crime, and you won't find yourself in the legislative branch of this government.
As technologists, we think this issue is so straightforward that you must either be evil or a complete idiot if you support this law
I don't think it is either. More likely it is the "something must be done, this is something" kind of thinking. You don't need to be absolutely evil or absolutely idiotic to subscribe to this philosophy.
The problem is that we end debating the right side of that claim (because that's what the uniformed masses and legislators focus on), what the something should be, rather than trying to convince people that the left side, the premise, is unfounded.
> "something must be done, this is something" kind of thinking. You don't need to be absolutely evil or absolutely idiotic to subscribe to this philosophy.
To fall into it without warning, no. Like all fallacies, it's a local maxima.
But to stick with it after it's pointed out... At best that's stupidity, at worst it's deceit and treachery.
There are not many people with technical knowledge in respected positions of government. The US CTO, Megan Smith, is probably the most respected. She claims Obama supports strong encryption [1]. She omits the fact that Obama is looking for ways to keep strong encryption out of the hands of criminals, which as we know is as impossible as keeping knives out of the hands of criminals.
The Press Secretary recently stated this about the President,
> he believes that strong encryption should be robustly deployed. At the same time, we should not set up a situation where bad actors -- terrorists -- can essentially establish a safe haven in cyberspace. [2]
There's also a commission that was formed yesterday to handle this question. It is called the President’s Commission on Enhancing National Cybersecurity [3] and they are due to give a report by the beginning of December (7.5 months).
The idea behind keeping secrets and whispering in someone's ear is not esoterica.
The fundamental issue here is that mutual trust between US government and the American people has been significantly eroded. Until this issue is addressed and trust is restored, all other discussions (however informed) are ultimately idle chatter.
We love to think these people are much like our clients who don't know the difference between a popup window and a Python program. These people are informed by groups like the DIA, CIA, NSA, and every other TLA, with a wealth of information on these issues.
Lindsey Graham changed his mind [1]. It isn't a massive conspiracy. I wouldn't say Feinstein is well-informed. Watch some of the hearings where she interacts with other members. It's awkward and clear they don't enjoy working with her.
Why does wanting more power have to be a "massive conspiracy"?
It seems like pretty common sense wisdom that being in power usually leads to wanting more power, and also that power often corrupts. One does not need to be a "conspiracy theorist" to come to this conclusion.
The real conspiracy is the apparently concerted effort to call anyone that believes the government is busy grabbing power a "conspiracy theorists".
> Why does wanting more power have to be a "massive conspiracy"?
It doesn't. You were saying some government officials are saying one thing to the public while knowing another to be true:
>> We love to think these people are much like our clients who don't know the difference between a popup window and a Python program. These people are informed by groups like the DIA, CIA, NSA, and every other TLA, with a wealth of information on these issues.
That implies some sort of secret plot that would harm the integrity of our government and country.
> It seems like pretty common sense wisdom that being in power usually leads to wanting more power, and also that power often corrupts. One does not need to be a "conspiracy theorist" to come to this conclusion.
I agree entirely.
> The real conspiracy is the apparently concerted effort to call anyone that believes the government is busy grabbing power a "conspiracy theorists".
Nobody said this. Claiming that there is a concerted effort by officials to lie, however, is accusing them of conspiracy.
This vibe of distrust hurts the ability of technologists to come together and be as effective as they're capable of being within government. Ultimately, society and its elected government is formed around trust. You have to believe that most of the people who enter into elected positions did so with the aim of improving our society before you can be effective within it yourself.
> saying one thing to the public while knowing another to be true
Yes. This is called lying. It doesn't require a "massive conspiracy".
> implies some sort of secret plot that would harm the integrity of our government and country
It implies nothing of the sort. It implies that Government is losing the leverage that gives it the power to levy taxes beyond what is acceptable by the population, and so Government's present endeavors (partly driven by outside commercial pressure - e.g., military contractors) are overshadowing its primary purpose, which is to protect us and our rights.
> Government is trying to make it illegal for one person to keep secrets and whisper them into another's ear.
That is already the case. If you whisper a secret into my ear, the government can subpoena me and force me to tell a court what you said. They can force you to tell a court what you said so long as it's not incriminating to you, and even then they can do it if they give you immunity.
We can debate about what the law should be, but for the last several hundred years, the law has not really contemplated people keeping secrets from the Government. "Privacy" as it has been understood to date means protection from the government fishing for evidence without probable cause, not an absolute right to keep secrets.
Pervasive, unbreakable encryption is a game-changer that requires rethinking the existing framework. We're not just talking about not being able to get data from a terrorist's phone. We're talking about the bread-and-butter of many sorts of criminal prosecutions being opaque to the government. Good luck convicting someone on insider trading when all the relevant communications are opaque to the government.
I happen to think that the benefits of encryption outweigh the challenges to law enforcement. But its disingenuous to pretend that the government is trying to "take away" a right to "keep secrets" that you already had. Our whole legal system is built on being able to get whatever evidence is relevant wherever it may be found, with extremely narrow exceptions.
With a subpoena or warrant, yes. But not pervasively.
And while we're at it, why is the existing state of affairs not good enough? Why the attempts to subvert the message pipe? After all, the govt can still compel people to talk, and its people receiving those secret messages.
The reason is, to my cynical mind, that they're interested to avoiding the work of warrants etc. They'd like to sidestep privacy entirely, and just record everything in the pipe. Not entirely cynical; its exactly what they've done with the tools they already have.
In my mind there's an enormous gulf between subpoenas of a person for information, and the ability to get that information secretely and continuously.
You make a good point, which is that if companies have to weaken their encryption in order to be able to comply with this law, that opens up the possibility for easier surveillance without a warrant. I think that's a huge concern, because in my opinion the 4th amendment only provides limited protections to bits travelling over third-party pipes on the Internet, so effective end-to-end encryption is essential for privacy.
That being said, the ostensible purpose of this bill is to govern what happens in response to a valid court order.
> That is already the case. If you whisper a secret into my ear, the government can subpoena me and force me to tell a court what you said. They can force you to tell a court what you said so long as it's not incriminating to you, and even then they can do it if they give you immunity.
This is true, but they can't compel me to inform on someone who had a whispered conversation near me that I couldn't hear. To me, the current bill is more like the latter scenario.
If I invented a communication device consisting of two cans and a connecting string, then sold it as a way for neighbor kids to talk privately to each other, they could not compel me to divulge the contents of their conversations because I wouldn't have access, even though I built the canmunicator. I think that in this case, what they're doing is more like mandating that I have a way to let them monitor all string vibrations.
If they want to subpoena information, they can demand that one of the parties actually involved in the communication surrender their keys. If they refuse, then it seems like basically the same situation as when both parties to a whispered conversation refuse to talk about it.
> Pervasive, unbreakable encryption is a game-changer that requires rethinking the existing framework.
It is. But - I'm sure you've heard this better stated before, but - the first game-changer was the massive volume of everyday conversation and chatter that has moved from ephemeral speech to various digital forms, such as SMS, Facebook, messaging apps, or this very site, and thereby (usually inadvertently) preserved indefinitely, along with a ton of metadata such as location information. Digital message records are in theory the same type of information as, say, the result of a subpoena asking someone what they heard in a not particularly important conversation in a private space three years ago, but the former's volume and precision creates a significant qualitative difference. Using encryption to take that information out of the government's reach is in large part a return to the status quo.
Of course, for the case of stored information on a phone, an alternative to encrypting such data is just periodically wiping it - something which, if Snapchat is any indication, appeals to people at some level and should be more widespread.
All that pervasive unbreakable encryption does is make it possible to whisper in someone's ear at a distance. You right there said there is a tool for that situation:"the government can subpoena me and force me to tell a court what you said."
That is, you said it is a "game changer," and not a game-changer. You have to issue subpoenas, conduct depositions, etc.
Government can attempt to legally compel you, but they cannot actually "force" you to do something. Even torture cannot actually "force" you to do something. What can force you to "tell a court what you said" is making it impossible for you to keep a secret; like mind-reading technology.
> ...legal system is built on being able to get whatever evidence is relevant wherever it may be found...
Think about it for a minute; Government says "tell us what you whispered", you say "no", then Government says "fine. you go to jail for contempt". Has our society collapsed because people said "no" to this question?
> ...being disingenuous to pretend that the government...
I'm not sure "disingenuous" was the word you meant to use here. There is nothing I've feigned ignorance about, and I've made my points pretty clear.
EDIT:
Ah, see @JoeAltmaier's already great sibling reply.
You are taking a literalist view of the word "force" there. You can be compelled to testify, and the people asking the questions need to do their homework so they can catch you in a lie if you try that. That's how things were before every communication was electronic.
I think probably the right way to go after this bill is not to tell people that they need to protect their secrets from the government, but that they need to protect their secrets from 'criminals'.
Point out all the times that government databases have been hacked, and that if their secrets are swept up in government dragnets, it's only a matter of time before blackmailers and identity thieves get hold of them.
I'm not suggesting that Government is intrinsically a boogeyman (and I'm not an anarchist), but first and foremost on the list of entities that privacy and weapons protect citizens from is Government.
Feinstein's seat is up in 2018, and she'll probably retire. How do we ensure our next Senator has a more technically literate position on encryption? Who are the plausible candidates?
In the 2012 open primary, the next highest Democratic candidate only got 2 percent of the vote compared to Feinstein's 49.5. So who is waiting in the wings?
While it's convenient to paint this as "the government," many people, the ones who elect most officials, are also of the opinion that if authorized (by some manner) that encrypted data should be made available in plaintext. For the common people this comes in the form "I believe my dead relative's phone has information which will expose their killer, I want the carrier or manufacturer to make that data available, it's legally my phone, not Apple's or Samsung's, I want that data."
You may disagree with a perhaps naive perspective like that, but that interpretation does not make it any less real. There are plenty of common folk who would agree in the above scenario data in plain text should be made available upon lawful request by either carrier or mfg. That's not "the government" and to think so kind of misses the mark.
Yes, exactly, it's the same thinking that lets the government search people's houses when authorized, or detail and question them when authorized.
We already have this concept of "the government can go through your stuff" in the form of search warrants. It's not a leap at all to apply that to encryption, too, even if some specific law gets it wrong at first.
I'm sure if pocket enigma machines were around when these laws were first being put to parchment, there'd have been something in there about encryption from the start.
The problem is that your government wants to break all forms of encryption regardless of where or how they are used. Either they want something like a skeleton key or a method of bypassing the security altogether.
So they're not requesting a search warrant. They are requiring that you hand over the keys to your home or install a special door for them that is always kept unlocked.
> That's not "the government" and to think so kind of misses the mark.
The difference is that when it's not the government we're free to disagree. We're only concerned with people wanting to force it on us which these civilians with their personal concerns would not be doing.
> You may disagree with a perhaps naive perspective like that, but that interpretation does not make it any less real.
You may honestly hold a view but that does not make it any more real or sensical.
People want the comfort you describe (easy unlock) and perfect security. They believe it's possible but they resist thinking critically about it.
> For the common people this comes in the form "I believe my dead relative's phone has information which will expose their killer, I want the carrier or manufacturer to make that data available, it's legally my phone, not Apple's or Samsung's, I want that data."
And if the data was in a safe you'd be saying "It's legally my paperwork, not American Safe Co's paperwork. I want that paperwork." If you hadn't planned ahead they wouldn't be able to help you either.
If you don't have anything super-secret or valuable in the safe you can take advantage of bricks-and-mortar key escrow like putting the key/combo in a safe-deposit box, or trusting the manufacturer to hold it such as with restricted keyways and encrypted bitting patterns.
And similarly, you (or rather, the relative who might be killed) could buy a phone with some family unlock option on the cloud backup or they could put their unlock code on a piece of paper, put it in their safe-deposit box, and will it to you in event of their suspicious death.
We're all worse off if unlocking a phone or safe is easy to do without these measures. It's better that a few people lose their paperwork than that none of us are ever secure in ours.
(Speaking not necessarily to what you said, but more generally.)
This is a relatively new area, so we must careful to be precise with the terms we are working with. Like naming variables.
>encrypted data should be made available in plaintext
'Encrypted' data that can be rendered as 'plain text' or any other interpretable form of data upon certain conditions being met outside the scope of the initial encrypter is not 'encrypted data.' But could rather be referred to as something like 'concealed data.'
Encrypted data is data that is only accessible to those who have been authorized to access it by the initial encrypter.(setting aside human error in encryption techniques)
This definition follows exactly from the use of modern encryption algorithms. Therefore, encrypted data accessible to anyone other than 'Alice' or 'Bob,' is not in fact encrypted.
Remember folks, the Government you get in the future is unwritten and unknowable.
Sure, I don't think Obama is going to throw me in jail and I have nothing to hide now...but that doesn't mean in 20 years there won't be some Nationalist/Authoritarian type in control of the country like we saw with countless fallen democracies in the 20th century.
Similarly, the Government has shown it incapable of keeping a secret with the sheer number of security failures they've experienced. So anything they have, we can assume is both public and indefensible. They use this capability and they might as well hand the information to criminals on a silver platter.
> Government is not as stupid as we'd like to think. Government doesn't believe that "terrorists" will stop using encryption. These laws are not for "terrorists". They're for us.
This is one of the things that the Snowden leaks should have made clear to everyone but sadly that isn't the case.
> The important part is that this group of folks we're calling Government is trying to prevent us from being allowed to have secrets and whisper to each other.
A huge amount of my social and work communication is via IM, text, email etc. What is the justification this should all be recorded and reviewable but things I say in person are not? I don't see a huge difference at this stage given how much communication happens online now.
I think the american voter has started to lose it's way, or at least feel hopeless to change what is put in place. but I dont care if the nominee is a republican or democrat, we need to pass laws that keep the government at bay and stop letting them push us around. the media and politics pit us, the people, against each other in order to swayed us and get laws passed that control us. I am tired of it. most people on one side of an issue or another could come together and be friends. but the media pushes hate and fear till both sides are so defensive they think the other is the enemy instead of the guy saying "he said she said" and throwing the knife in the middle.
You have to love this, especially as it comes from the same people who think that government interfering with their firearms is the end of society. Meanwhile, losing their ability to keep a secret from the government they think they're getting ready to revolt against doesn't faze them.
> Slight digression, but does that mean owning assault weapons is a ok again in the US? Just curious.
It depends what is meant by "assault weapon". If you mean fully automatic weapons, then no, but those were essentially banned (with minor exceptions) for private ownership in 1986[0]. Ownership of those had been regulated since 1934[1]. The 1994–2004 "assault weapons" ban covered specific features[2] on guns. Since 2004, purchase of guns with (2 or more of) those features is once again legal. Note that some opposed to the 1994 assault weapons ban claim many of the features are cosmetic, rather than functional.
What do you consider an assault weapon? Fully automatic guns have been and still are illegal without proper permits. The problem with the ban referred to in the GP, is that it was mostly a superficial feel good law. Take a normal hunting rifle, add some cosmetic changes and suddenly it is an assault weapon under the old ban. Add that most gun crimes are committed with hand guns, and the ban amounted to nothing more than a news soundbite.
Depending on your definition of 'assault', yet. In the US is was essentially defined by the number of features your rifle was allowed to have, and indeed there is no longer a limit. It's hard (>$20k to buy a used one) to get a fully automatic rifle.
> Oh yeah, has been since Bush the second let the ban lapse.
The ban expired because that's what was in the original law. There were efforts to pass a new ban, but they didn't even make it out of committee[0]. Perhaps a presidential endorsement could have helped it go farther, but one can't hold the president responsible for what happens in the Senate and House committees.
Err, it's Feinstein, who represents California, that's introducing this legislation.
Republican representatives have been pushing back against these bills. Representatives Amash, Issa, Labrador. Senator Paul.
Last weekend I was at the Colorado GOP state convention and I spoke in-person to Colorado's leading GOP senate nominee and he spoke at length of our need to block this sort of legislation. In addition, I spoke with State Sen. Tim Neville, who was the party favorite for the Senate nomination, and he spoke very highly of the efforts of Amash and Paul.
Of course, they're joined by Democrats like Lofgren and Wyden and Independents like Sen. King.
It's really the establishment within both the Democratic and Republican parties that is pushing for this. It's opposed by more left-leaning Democrats and more libertarian-leaning Republicans.
Bullshit. This is coming from John McCain-style neoconservatives and democrats that don't lean liberal on civil liberties.
In my opinion, the only political identity that you might hope would fight back are Tea Partiers, and that's the same group that feels strongly about gun rights. I don't think you could be more wrong.
It will be interesting to see what Cruz does here when inevitably questioned about it. Will he alienate his new neoconservative base on this issue? Will he stick to his Tea Party roots?
We can argue all day about how the law doesn't prevent criminals from using technologies (it doesn't, which makes the law idiotic, from a logic perspective), but that's not the important part.
The important part is that this group of folks we're calling Government is trying to prevent us from being allowed to have secrets and whisper to each other.
Government is not as stupid as we'd like to think. Government doesn't believe that "terrorists" will stop using encryption. These laws are not for "terrorists". They're for us. Take away somebody's ability to keep secrets, and you've gained a pretty good advantage over their position[1].
This is about only one thing: leverage; and leverage is power.
1. https://en.wikipedia.org/wiki/Enigma_machine#Breaking_Enigma