Hacker News new | past | comments | ask | show | jobs | submit login
An even worse anti-encryption bill than EARN IT (stanford.edu)
903 points by abecedarius 12 days ago | hide | past | favorite | 351 comments





A Twitter thread [1] from Matthew Green in this bill. Essentially he says that this bill is a dead on arrival bill which is designed to make EARN IT look like a fair compromise.

And we better not fall for it

[1] https://twitter.com/matthew_d_green/status/12759760840231198...


This is called the "Door in the Face technique" (https://en.wikipedia.org/wiki/Door-in-the-face_technique)

I'm surprised that page makes no reference to Overton Window which is also relevant:

https://en.wikipedia.org/wiki/Overton_window


Thanks for that. I was aware of this phenomenon but didn't know its name. Funny, the Overton Window article does link to DITF, but not the other way around.

Thanks for the reference, I didn't know that name and always called it the "aim at 1000 to get 100" rule, which is essentially trading without doing it openly.

We (HNers) might not fall for it but the proven technologically illiterate Representatives and their staff just might. This is why citizen's lobbying is so important. If the lawmakers are willfully ignorant - or in this case willfully arrogant about attacking encryption - the only thing that will get them to vote the right way is to hear from enough real constituents that the lawmakers feel like their reelection will be in jeapordy if they do vote the wrong way.

I agree with lunchbreak's comment that this new bill seems "engineered" to make EARN IT look like a reasonable compromise.

FYI, there's a long history of politicians attempting to regulate mathematical truths they don't understand. My favorite example is probably the infamous Indiana Pi Bill, via which local politicians wanted to regulate the value of Pi to be exactly 3.2, according a "proof" published by some crank. The politicians were even hoping they could get people outside Indiana to pay a royalty for the "proof." No, I'm not making this up:

https://rationalwiki.org/wiki/Indiana_Pi_Bill

https://en.wikipedia.org/wiki/Indiana_Pi_Bill


> My favorite example is probably the infamous Indiana Pi Bill, via which local politicians wanted to regulate the value of Pi to be exactly 3.2, according a "proof" published by some crank.

Honestly, that seems to be a bit of a distortion. What I've read about that makes it sound like some state legislators were fooled for a little while by a crank, which caused a dumb bill to advance a little before being killed. No law was ever passed, and the motivation appears to be less of trying to force nature to submit to law and more trying to secure rights to (what they thought) was advanced technology. Even the "regulate the value of Pi" aspect is a (popular) overstatement, since (IIRC) that value was only implied by the bill.


According to the rationalwiki link:

> The bill easily passed committee and was unanimously passed by the house. Representatives received it favorably, with one gushing that "The case is perfectly simple. If we pass this bill which establishes a new and correct value of pi, the author offers our state without cost the use of his discovery and its free publication in our school textbooks, while everyone else must pay him a royalty."


> According to the rationalwiki link:

The Wikipedia link is way better and more credible:

> Upon its introduction in the Indiana House of Representatives, the bill's language and topic occasioned confusion among the membership; a member from Bloomington proposed that it be referred to the Finance Committee, but the Speaker accepted another member's recommendation to refer the bill to the Committee on Swamplands, where the bill could "find a deserved grave".[5]:385 It was transferred to the Committee on Education, which reported favorably;[6] following a motion to suspend the rules, the bill passed on February 6, 1897[5]:390 without a dissenting vote.

Honestly, it sounds like none of them understood the mathematics and the main effect of the bill had something to do with getting the state a license to use the copyrighted techniques royalty free. I'm speculating, but I wouldn't be surprised if many of those who voted for did so because they thought there'd be little harm in getting something for free.

If anything, the more embarrassing thing seems to be they didn't seem to understand copyrights or patents very well, which are creatures of law that legislators should better understand than mathematics. I don't know if the precedents existed 120 years ago, but you can't patent/copyright mathematical truth, so even if the crank was right they should have known they didn't need to to anything to avoid paying him royalties to use his results.


RationalWiki generally sucks. They are in for belittling other people, not presenting a neutral view.

I... what? I dont even understand the point. Surely if politicians want to scam people for money there are better ways.

If you live in California, let Senator Feinstein's office know you're not pleased with this. Unfortunately I don't think she's up for reelection this year, but if she doesn't retire next year, consider not voting for her in the next primary,

Feinstein was one of the EARN-IT Act's sponsors, and a long-time opponent of cryptography.


At this point, with all of the tech industry in her state, I think she has enough of a permanent remember-harvy-milk voter block to blatantly ignore them as she has been doing for the past couple of decades.

She is one biggest pro-spy-on-everyone senators there is.

https://en.wikipedia.org/wiki/Dianne_Feinstein#Mass_surveill...


Been there. Done that. Got the form letter response.

Thank you for writing to me to share your concerns about law enforcement access to encrypted communications. I appreciate the time you took to write, and I welcome the opportunity to respond.

I understand you are opposed to the “Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act of 2020” (S. 3398), which I introduced with Senators Lindsey Graham (R-SC), Richard Blumenthal (D-CT), and Josh Hawley (R-MO) on March 5, 2020. You may be interested to know that the Senate Judiciary Committee - of which I am Ranking Member - held a hearing on the “EARN IT Act” on March 11, 2020. If you would like to watch the full hearing or read the testimonies given by the hearing witnesses, I encourage you to visit the following website: https://sen.gov/53RV

The “EARN IT Act” would establish a National Commission on Online Sexual Exploitation Prevention to recommend best practices for companies to identify and report child sexual abuse material. Companies that implement these, or substantially similar, best practices would not be liable for any child sexual abuse materials that may still be found on their platforms. Companies that fail to meet these requirements, or fail to take other reasonable measures, would lose their liability protection.

Child abuse is one of the most heinous crimes, which is why I was deeply disturbed by recent reporting by The New York Times about the nearly 70 million online photos and videos of child sexual abuse that were reported by technology companies last year. It is a federal crime to possesses, distribute, or produce pictures of sexually explicit conduct with minors, and technology companies are required to report and remove these images on their platforms. Media reports, however, make it clear that current federal enforcement measures are insufficient and that we must do more to protect children from sexual exploitation.

Please know that I believe we must strike an appropriate balance between personal privacy and public safety. It is helpful for me to hear your perspective on this issue, and I will be mindful of your opposition to the “EARN IT Act” as the Senate continues to debate proposals to address child sexual exploitation.

Once again, thank you for writing. Should you have any other questions or comments, please call my Washington, D.C. office at (202) 224-3841 or visit my website at feinstein.senate.gov


Remind her how unhappy she was when the CIA poked around Senate computers, and if even her title and the law won't protect you snooping, maybe cryptography isn't all bad.

https://www.cnn.com/2014/03/11/politics/senate-cia/index.htm...

You'd think this would have given both Feinstein and Graham a better appreciation for cybersecurity, but no.


Feinstein needs to go

87? Yep. My 2 year old has a deeper appreciation for modern society.

> the only thing that will get them to vote the right way is to hear from enough real constituents that the lawmakers feel like their reelection will be in jeapordy if they do vote the wrong way.

Like most real world systems this sounds incredibly inefficient to me. In germany there used to be (and maybe still is) the "Wahl-O-Mat" [1] ( an artificial word made out of two words: vote and automation ). The idea is to answer some questions and the Wahl-O-Mat tells you for which party you should vote.

Let's extend this idea and make a thought experiment. Imagine the questions and the answers would be tended / adjusted over time (like a profile on a dating site). The rules how the voting suggestion is computed are straight forward ( a weighted sum or something ). If a new controverse question arises then people adjust their voting-profile according to their beliefs (or if it doesn't matter to them they don't). If the profiles are public then the outcome of the next elections can be predicted easily. Best next thing to direct democracy.

[1] https://de.wikipedia.org/wiki/Wahl-O-Mat

Edit:grammar


These bills terrify me. A lot of stuff happens in politics that’s frustrating, and much of it doesn’t catch my attention. There’s something about the pure ignorance that goes into breaking encryption that I can’t comprehend. I can understand when bills come through and the extreme differences in opinion are the result of different interpretations of facts and truth, but when it comes to encryption, there is no safe party. We will all suffer equally, every political party and apolitical individual alike, once these idiots make math illegal.

Whatever your political affiliations may be, these are grounds for r/pcm level unity.


What's more terrifying is that this is something you understand.

Think of all the bills you don't understand that are just as bad!


Such as FOSTA/SESTA

I agree. If I had the ability to make one change in government, it would be that bills must be focused on a single topic and resolution. I don't want my members of my government voting to pass bad bills which compromised their integrity with a million small inclusions.

I love you for this comment

I think ironically a bill like this passing would lead to more decentralization of services -- making their goals of monitoring information even harder.

They don't want to track people who will use those decentralized services. Simple as that.

They want control over majority. Nothing else. Any legal business will be required to do what law requires them and it will affect every citizen.

I have no hope given the stupidity of my country to do something against acts like [1] personal data protection law or the decryption act. US going towards that road only means it's easier to justify our country and many others to go even higher. Soon a mandatory camera inside house for legal citizen.

1] https://carnegieindia.org/2020/03/09/what-is-in-india-s-swee...


Nailed this. This is about controlling the 99% of folks who aren't going to take the extra step of using a decentralized service. Think about how hard it is to get friends and family members on board with something super easy to use like Signal. Open source decentralized services are DOA for the overwhelming majority of people.

Absolutely. Anybody who wants to skirt this can simply use an instance of any number of open source end-to-end encrypted apps and servers. This is not for catching sophisticated criminals.

Maybe the way this plays out is it becomes very difficult for companies to innovate in communications, so open source peer-to-peer tech will end up dominating.

Of course then they'll probably legally attack the open source model.


Banks will love that.

As would EU, South American and Asian businesses, they would VPN to another continent VPN to finally have nested encryption for key stakeholders communication.


I think it will have the Gab effect. Gab advertises as a free-speech service. However, those that are already in the mainstream are generally on Twitter. Thus, the people that are on Gab are the people who got kicked off of Twitter, and and thus Gab is in general a cesspool.

The decentralized services won't be able to provide as smooth a service as the centralized ones, if for no other reason than network effects. Most people don't really care about end to end encryption. What percentage of WhatsApp users or Apple Messages users will quit the service if Facebook or Apple dropped end to end encryption. It will be pretty close to 0%. Thus what you will have is that the majority of people on the decentralized services are there because they are doing shady stuff. Thus the decentralized services will become hives of scams, dick pics, terrorists, child porn, alt right, etc. After a while, even being on one of those services will be seen as suspicious.


That is why somehow decentralized applications have to be better than centralized ones.

Probably need to move toward maximizing decentralization regardless.

Agreed. These are bad bills - but - perhaps they further the eventual necessity of a decentralized Internet?

Whats worst is these should all be entirely illegal. Its literally warrantless searching.

I'm not in favor of the bill, but a warrant is still required (at least for domestic stuff).

Which is why the U.S. government routes a copy of the traffic through servers hosted in a friendly ally's country, then do whatever you want with it.

https://www.youtube.com/watch?v=oYNXVgYhPOc&feature=emb_logo

General Alexander was very precise in his choice of words when he repeatedly stated "in the United States". What went unasked was whether these operations take-place against U.S. citizens outside of the borders of the United States.


And even then he was lying. They had tapped google's inter datacenter connections for instance.


Plus even when they do need a warrant, it doesn't do much good when there is literally a closed-access secret court specifically for handling surveillance requests which very rarely denies said requests and has a known history of enabling abuse.

The dragnet surveillance apparati searching through all your communications have warrants to do so? Certainly not. They redefined what "search" means so that it's only a search if the dragnet finds something and an analyst retrieves it. This loophole lets them conduct searches with complete disregard for the 4th amendment.

So long as the courts entertain the loophole, it's more accurate to say that searches do not require a warrant than to say that they do.


As an ignorant non-lawyer, it seems to me that the "illegal search" argument won't hold up. Laypeople see encryption as a lock on a safe that the govt should be able to compel you to open.

Why not use a 1st Amendment approach? Doesn't my freedom to speak also cover the "language" (i.e. encrypted bits) I'm using?


I still don't get why they're burdening the service providers with this? Like I know why but I'm surprised a bill that says that police can compel you to unlock your device hasn't come around.

Like why are you making it the mailman's problem?


A service provider like Google or Apple (a) provides a single point of access to many devices, and (b) is very likely to comply with law enforcement requests if compliance is legally required.

I'm not sure that's entirely a reasonable comparison.

The idea behind strong (especially E2E) encryption is that even with a warrant, the information in question is entirely inaccessible.


Yes, the same as any unrecorded conversation is inaccessible by warrant after it happens. Law enforcement doesn't need omniscience, but we do need freedom to associate and privacy in a democracy.

I didn't say they do.

Encryption is still a different idea from warrantless searches though.


But the beauty of E2E is that indeed it forces law enforcement to cough up a warrant.

With strong E2EE, a warrant won't do much.

A law abiding citizen might comply at the advise of their lawyer. My point is, E2E will at least ensure that warrants are used and not warrantless tactics, which seems to be an ever growing issue.

But encrypted conversations, by definition, are recorded.

With a warrant, law enforcement is permitted to search a safe containing written records of a conversation; why shouldn't they be allowed to search an encrypted consumer electronic device containing the same?


The difference is that a safe can be "brute forced"; you don't need to know the combination in order to be able to get in, with enough resources (i.e. a large enough drill). The same cannot be said about encrypted data, which is (as far as we know) literally impossible to break into no matter how much money you throw at the problem. If the same were true of safes—if they were physically impossible to get into without the key—then this same conversation would apply. Do you think, in that scenario, that safe manufacturers should be required to make a master key and distribute it to law enforcement?

IANAL, but as far as I know, if the police can't physically break into your safe, there is nothing saying that they have any legal recourse to compel you to open it. Why should encrypted data be any different? Any why should it be the responsibility of the manufacturer/service provider to supply law enforcement with a key? The government can always pass a law allowing law enforcement to legally require you to unlock your device, but that is not what they are doing.


> Do you think, in that scenario, that safe manufacturers should be required to make a master key and distribute it to law enforcement?

I'm not sure, to be honest, but I think it's certainly a reasonable position to take.

> IANAL, but as far as I know, if the police can't physically break into your safe, there is nothing saying that they have any legal recourse to compel you to open it.

If it can be established that the safe is yours and that you possess the key or know the combination, I believe a court can indeed order you to open it or to produce the contents, punishable by contempt of court.

> Any why should it be the responsibility of the manufacturer/service provider to supply law enforcement with a key?

Because the state has a compelling public interest in ensuring that law enforcement can successfully execute lawful search warrants. The existence of indestructible safes would constitute a significant impediment to achieving that goal, so manufacturers of such safes have the responsibility of ensuring that law enforcement can access them.

I don't necessarily agree with that argument, but I don't think it's unreasonable.


> If it can be established that the safe is yours and that you possess the key or know the combination, I believe a court can indeed order you to open it or to produce the contents, punishable by contempt of court.

I got curious about this, so I did some quick research. Again, IANAL, but my understanding is that, in the US, the court can order you to give up the physical key (if it is determined that you have it) but not the combination. The latter is protected by the Fifth Amendment right against self incrimination, in the same way as sharing knowledge verbally. So then the question becomes, is an encryption key (or passcode, etc) more like a physical key, or a combination? If the former, then you would be legally compelled to decrypt it if law enforcement asked you to do so. If the latter, however, then there is no legal way for law enforcement to force you to decrypt the device.

The legal framework for deciding how to handle encrypted data already exists, it's just ambiguous. Instead of passing a law that completely changes the scope and usefulness of encryption, doesn't it make much more sense to simply disambiguate and update existing laws accordingly? I don't know the full repercussions of that, but it seems that there exist less drastic solutions to the problem.

> I don't necessarily agree with that argument, but I don't think it's unreasonable.

I think it is unreasonable because it's asking companies to willfully violate their user's privacy and trust, and to severely undermine encryption as a whole. There is zero chance that this does not get abused.


> The latter is protected by the Fifth Amendment right against self incrimination, in the same way as sharing knowledge verbally. ... If the latter, however, then there is no legal way for law enforcement to force you to decrypt the device.

Not exactly. Yes, revealing the combination requires the person to implicitly admit that they know the what the combination is. But if the government can prove that they already know this "testimony" -- which they can in most cases -- then the "foregone conclusion" doctrine applies and the 5th Amendment privilege cannot be asserted. See, for example, the Massachusetts Supreme Court's decision in Commonwealth v. Jones. [1]

There is also conflicting 11th Circuit precedent that further requires the government to establish with "reasonable particularity" what is on the encrypted device. [2] In my opinion this is not correct; the contents of the drive have nothing to do with the testimonial value of the combination. In any event, this issue will eventually need to be resolved at the Supreme Court.

> I think it is unreasonable because it's asking companies to willfully violate their user's privacy and trust, and to severely undermine encryption as a whole. There is zero chance that this does not get abused.

I don't see how it violates user privacy or trust. In general, you don't have the right to keep records secure from law enforcement if they have a warrant. If this law is passed, these companies should simply disclose to their customers that they will provide law enforcement with the means to decrypt their data, as many already do.

I also don't see how it severely undermines encryption. Yes, end-to-end encryption is more secure, but it's not the industry norm. Security is relative, but I wouldn't call Gmail "insecure" just because Google allows law enforcement to read emails with a warrant.

[1] https://www.socialaw.com/services/slip-opinions/slip-opinion...

[2] https://www.eff.org/files/filenode/opiniondoe22312.pdf


> Not exactly. Yes, revealing the combination requires the person to implicitly admit that they know the what the combination is. But if the government can prove that they already know this "testimony" -- which they can in most cases -- then the "foregone conclusion" doctrine applies and the 5th Amendment privilege cannot be asserted.

That's fascinating, thank you for sharing! That helps make my point, though, that the legal framework for handling encryption already exists and just needs to be clarified a little bit, instead of making new, far-reaching laws with serious implications on the landscape.

> I don't see how it violates user privacy or trust. In general, you don't have the right to keep records secure from law enforcement if they have a warrant. If this law is passed, these companies should simply disclose to their customers that they will provide law enforcement with the means to decrypt their data, as many already do.

It will get abused. Just like wire tapping got abused, just like NSA surveillance got abused. Furthermore, having a master key floating around means that at some point, inevitably, a foreign government or organization will get ahold of it. If this were implemented correctly—over a special, secure channel that only law enforcement could access (with a warrant!)—that would be mostly harmless, but I simply don't trust our government and businesses to implement anything correctly that has to do with the privacy and security of user data. There have simply been too many previous violations.

> I also don't see how it severely undermines encryption. Yes, end-to-end encryption is more secure, but it's not the industry norm. Security is relative, but I wouldn't call Gmail "insecure" just because Google allows law enforcement to read emails with a warrant.

But the issue with bills like the EARN IT Act is that they make end-to-end encryption completely infeasible for any company to implement. That's the problem: you can't even have E2EE in the first place if it passes, because it conflicts with the requirement to allow law enforcement to be able to read messages.


> That helps make my point, though, that the legal framework for handling encryption already exists and just needs to be clarified a little bit, instead of making new, far-reaching laws with serious implications on the landscape.

I think this can be a reasonable argument, but it depends on whether criminal suspects generally comply with decryption orders. If most don't, then it is understandable that the government also wants the keys to reside with parties that almost certainly will comply: OEMs and service providers.

> It will get abused. Just like wire tapping got abused, just like NSA surveillance got abused.

Yes, warrants get abused, but they're necessary for the criminal justice system to function.

I think we need to be careful not to conflate this issue with warrantless surveillance, which is a different beast.

> Furthermore, having a master key floating around means that at some point, inevitably, a foreign government or organization will get ahold of it.

I don't see why this is necessarily true, and many Internet services are premised on it not being true. HTTPS requires that you trust the ability of CAs to keep their master keys secret. Gmail and Outlook require that you trust that Google and Microsoft will keep their master keys secret.

> But the issue with bills like the EARN IT Act is that they make end-to-end encryption completely infeasible for any company to implement.

I realize that. My point was that there's an argument to be made that in practice, most people don't use E2EE or even need it in the first place.

E2EE is probably necessary in certain cases -- for example, if you're a dissident in an authoritarian regime. But that doesn't mean it needs to come standard on every iPhone.

To be honest, I'm undecided on this issue. Maybe the security benefits of standard E2EE are worth making it more difficult for law enforcement to execute lawful search warrants. But to me the answer isn't obvious.


That's fair. It's definitely a tradeoff. I guess I'm sensitive to it because I strongly value freedom of speech and the right to privacy, and generally like governments having as little power as possible (to lower instances of abuse). I realize that you have to draw a line somewhere, though, and I don't have enough data to make any judgement on whether something like this is necessary. But in any case, I certainly hope it isn't!

If impenetrable safes existed, the government stance would certainly not just be to say "oh well, guess we gotta let criminals store whatever contraband they want".

Sure, but don't you think there are less drastic solutions than to require the manufacturer to create a master key, distribute it to law enforcement, and cross their fingers hoping that it doesn't get exploited?

I mean, what would the less drastic solution be in this analogy?

Pass a law that would allow law enforcement to legally require you to open the safe, just like they can currently compel you to hand over a physical key.

It's very simple. The powers that be just want to break encryption, but only for law enforcement use.

Simple.

Uggg.


One of the long term consequence of legally dismantling our Constitution (which is the US equivalent to "company values", both in terms of how often they are invoked and by how often the same people ignore them) is that it dramatically reduces our soft power on the world stage.

Right now China is engaging in textbook "secret war" with Hong Kong as well as a variety of other human rights abuses. It used to be that we, the U.S., could speak up, and have dozens of allies rush to our side on the principle that we are to be trusted. Consider how shoddy the evidence for justifying Iraq was, and the fact that most countries still chose to send their troops with ours. Our word used to mean something.

But now? How can we hold a higher ground than China when our own police forces use the very same tactics against our own protesters? How can we accuse the other side of building concentration camps when we have our own?

Backdooring encryption is just another attack on our basic freedoms. It is crazy that at a time we should be touting our values as proof they are objectively better compared to our competitors', we are also trying to take them apart and bring us down to the same level as our competitors. It's like a vast cargo ship encountering a dinghy, and the captain tells the dinghy "you need to change your construction materials, you're shooting yourself in the foot by making poor choices" while his crewmen are hard at work drilling holes into the windows below deck.


> Our word used to mean something. > But now? How can we hold a higher ground than China when our own police forces use the very same tactics against our own protesters? How can we accuse the other side of building concentration camps when we have our own?

But we’ve had things like this for a long time. The police have acted like they do for generations, we had concentration camps for Japanese people during World War II, and we’ve always done a variety of other reprehensible things (propping up brutal dictators, destroying native civilizations, institutional racism of every possible flavor.) Frankly, I’m shocked that our word ever meant something.


It's called media manipulation: US government has perfected a way to manipulate knowing and unknowing media outlets to spill out the news that serves their goals. Unsuspecting public just goes for it, especially since it's all too easy too fall into the self-righteousness (look at those nasty people doing that, they are nothing like us).

Internet was a tool that allowed all sides to be equally heard (the fact that it was abused to disseminate fake news supports that claim even more), so only now it's too obvious what's going on.

Oh, and other governments and organizations are catching up quickly with the same practice.


> we had concentration camps for Japanese people during World War II

I study WW2, and it's important to be factual.

The correct term is internment camps. Japanese-Americans usually lost their property, but the purpose was to locate them in central locations, not to re-educate or liquidate them, as our enemies did to the Allies.

For that time in history, it could be argued that the decision made sense. Japanese subs did shell the US mainland, and Japanese-Americans in Hawaii did help a Japanese aircrew try to escape after Pearl Harbor. Japan planned to return to Hawaii after Midway to occupy Hawaii.

I think using the term "moral high ground" is not helpful for a number of reasons. However, the US did rebuild the world economy after WW2, mostly to prevent it from becoming aligned with the Soviet Union. Most of the world's national borders are descended from WW2.

As leading historian Dr. Victor Davis Hanson says, "[WW2 was German and Japanese soldiers machine-gunning unarmed civilians by the tens of millions.]"


That's what concentration camp is for. To concentrate and control.

There were separate death camps (sometimes combined) that involved direct train-to-killing-field pipelines, and most concentration camps involved work in horrible conditions, but that's because of further goals above relocation.


Not in the US.

That some concentration camps in other countries were also death camps is entirely the point. They are not the same thing, but they're just one step removed. In fact, thousands of people died in the American camps even though there was not an official policy of extermination.

Camps are a very whitewashed aspect of US history. Look at the forced marches and internment of Native Americans, POWs at Andersonville or anybody unfortunate enough to be in the custody of Joe Arpaio.

We have a nasty habit of creating scenarios where death is an inevitable consequence without it being the official policy.


From some light research, it looks like 120,000 Japanese-Americans were put in these camps for 2-3 years and 1,862 died. In the country at large, if I'm reading this [1] right, 1,459,000 people died outside of the camps in the US, which had a population of 136,700,000. That's a ~1% base death rate per year, which would account for ~2/3 of these deaths in a year.

This could be investigated further; was the average length of imprisonment less than a year, were the causes of death different than in the larger population, did economic conditions and racism increase the base death rate among Japanese-Americans in the first place, was the age distribution different among those the US bothered to move to camps, pushing their base rate lower?

Evidently people died because of these camps, and it is incredibly likely that many of those deaths were racist hate crimes committed by US employees on US citizens. Even that aside, it was very much wrong it imprison innocent civilians on the basis of their race. 'Thousands died' does seem like a substantial overstatement when the only number I can find is less than 2,000 (it's from the US, so it may be biased). Probably a few hundred died as a result of these camps, mostly from disease.

[1] https://www.cdc.gov/nchs/data/vsus/VSUS_1943_2.pdf


That's true. If you count the Alaskan camps [1] you get another 118 American citizens who died in U.S. government camps, which would put us at 1980 dead - leaving us 20 short of thousands. I stand corrected.

[1] - https://www.npr.org/sections/codeswitch/2017/02/21/516277507...


I had not heard of the Aleutian internment, and it is clear that the evacuation was mismanaged and the people were mistreated. It's honestly horrific. They were on the front, so it doesn't read as much like racism, but it could have and should have been handled orders of magnitude better.

I'm not pedantically quibbling over whether it was 1980 or 2000 who died. I'm saying that if you took a random sample of 120,000 people at the beginning of 1943 and checked back at the end, 1,300-1,400 would have died. That leave hundreds, not thousands, who died in internment that wouldn't have died otherwise. These are arguable numbers, as I stated above, but they have more substance than I think you're implying.

Additionally, the US invested considerable resources into keeping these people alive. There were on-site hospitals, and not like the ones in Auschwitz where people were held until they died. These camps shouldn't have existed, but they were completely different animals from death camps and are not just a step away.


Remember, many Japanese were paroled, with a good many serving in the armed forces.

I’d be interested to know how many of the 120k were released. And of those who died, who many died “on parole.”


They’re not a step away from each other. Numerous countries, including those with strong norms against mass murder, intern suspected enemy sympathizers in times of war.

During the Gulf War (1992) the UK interned Iraqi citizens in the UK, just as they did with German citizens in WWII.

That was not a step away from mass murder.


Is the point that the murder happened in a nicer climate?

This is the same rhetorical slight-of-hand people use to ignore Guantanamo. One tends to learn more about the speaker than the topic.


>That's what concentration camp is for. To concentrate and control.

The problem is that these words have taken on entirely different meanings that perhaps what they once meant and there are those who take advantage of that disparity. When people hear about concentration camps, they think death camps, even if that isn't specifically what the word once meant.

There are many such ways to twist words like this and rarely do I find them being used for positive reasons. It is like when someone lists all the large name chemicals in a vaccine. They might be factually correct, but what is the chance they are doing that to scare people who have a misunderstanding of chemicals thinking that large name means harmful chemical?


The most famous concentration camp was for all practical purposes a combined one (when people talk of Aushwitz they generally conflate a pretty big complex of camps together).

It doesn't change the part where concentration camps were modeled after British and US approaches of dealing with "undesirables"


Victor Davis Hanson says a lot of things, including that Iraq II was a good idea - he was a minor but still fairly significant public relations voice in the neoconservative bloc that pushed that war into existence, to the enormous detriment of US interests in the Middle East and worldwide.

As a classicist he's tolerable, if no more than that; in any century where the years count up instead of down, the man seems entirely at sea.


> using the term "moral high ground" is not helpful for a number of reasons

The U.S. had a global nuclear monopoly for several years. It didn’t abuse it. That’s a hell of a high ground.


The US is the only country to have used nuclear bombs in anger, and that was during it's nuclear monopoly.

> used nuclear bombs in anger

Using a new weapon to end an existing war is one thing. Using a new weapon to start new wars is another. That delineation is independent of one's judgement of the weapon per se. They're both bad. But one is worse than the other.

The U.S. had the opportunity to go on a mission of global military conquest. There was military support for nuclear war with Russia and China. The United States didn't do that, and I think that's a unique and admirable trait.


Would you apply the same reasoning to any other country that used nukes to "end an existing war"?

> Would you apply the same reasoning to any other country that used nukes to "end an existing war"?

Yes, using nukes defensively is less bad than using it to start a war. That doesn’t mean I support the use of nukes.

WWII was unique in starting with no nukes and ending with them. We also didn't yet understand the long-term ramifications of the weapon's use.


So which conflicts since WWII would you OK the "defensive" use of nuclear weapons?

Yes, that's a fact. I can't tell whether you approve of that or not, but here's the background.

After the failure of the Treaty of Versailles at the end of of WW1, resulting in WW2, the Allies learned that unconditional surrender was needed to prevent future wars.

The Japanese military command preferred that their troops never surrender.

So the 2 options the US had were:

1) Curtis LeMay would use 10,000 bombers to napalm those cities, and every last village in Japan.

2) Use 2 nuclear weapons and demand a surrender. The military commanders in Washington debated the ethics of using such weapons, so this wasn't done lightly.

Having studied this over a period of years, #2 makes the most sense to me.

https://en.wikipedia.org/wiki/Curtis_LeMay


Except the Japanese didn't have the context to know the implications of the nuclear bombs. And the contemporaries noted that it was the Soviet declaration of war and invasion of Manchuria that forced their hand. The use of atomic bombs was superfluous.

That is an often overlooked part of the equation. If I remember correctly, Japan was a week or two away from being split in two like germany.

And Japan and the Soviet Union had been at each others throats since before there was a Soviet Union and Japan thumped the tsar.

I am sure Japan did not want to surrender under a Soviet flag that was looking for 50 years of retribution.

In a strange way it was an American coup to get peace signed before Russia started stripping the place down to the bone.


You are conflating extermination with concentration.

>For that time in history, it could be argued that the decision made sense. Japanese subs did shell the US mainland, and Japanese-Americans in Hawaii did help a Japanese aircrew try to escape after Pearl Harbor. Japan planned to return to Hawaii after Midway to occupy Hawaii.

It could also be argued that it made sense to do the same for Germans since we had a minority of Germans siding with Hitler and even holding Nazi rallies before we got involved in WWII. We weren't exactly good arbiters of fairness when it came to race either.


There were American companies inclined towards blacklisting German Americans at least. FDR made it illegal for them to do that with Executive Order 8802, probably because German Americans were such a large portion of the population that blacklisting them (let alone interning them) would have threatened the war effort.

https://en.wikipedia.org/wiki/Executive_Order_8802

Note that in Hawaii, Japanese-Americans were a significant portion of the local population, about one-third. Of the 150k+ Japanese-Americans living in Hawaii, only 1,200 to 1,800, or about 1%, were interned. On the mainland US where they were a smaller portion of the population, far more Japanese Americans were interned. This discrepancy probably comes down to a matter of practicality again; one third of the population is just too many to intern.


I believe that US citizens of German descent were actually placed in internment camps during WW2. I don't think it was at the same scale as Japanese citizens but it did happen.

A very small number did, relative to their portion of the population (which was large.)

Anti-German sentiment was certainly present in America and the UK during the world wars. In response to Anti-German sentiment, the British royal family anglicized their name during WWI, changing it from House of Saxe-Coburg and Gotha to House of Windsor. In America, German Americans largely stopped speaking German in public (German was the second most common language in America and was spoken particularly often in Pennsylvania, remnants of which can still be seen today in "Pennsylvanian Dutch" culture.) However, treating German Americans as severely as Japanese Americans were treated, at least on the mainland, was probably too impractical to be considered.

https://en.wikipedia.org/wiki/German_Americans#The_apparent_...


But now? How can we hold a higher ground than China when our own police forces use the very same tactics against our own protesters? How can we accuse the other side of building concentration camps when we have our own?

It's called having protestors in the first place. China wouldn't let you hear about it, or all you get is distorted information, which means you don't know what's going on in their society.


You don't think China has protestors? They protest on a scale not seen in the US, with 2010 having 180,000 "mass incidents".

They aren't allowed, is the point. You can be disappeared for speaking against Xi. Any comparison is a false one.

They absolutely are allowed.

OP's point is that protests happen in rural areas outside the central government's control. They are very much not allowed and usually crushed when found.

> They absolutely are allowed.

So you and I can go to tiananmen square tomorrow for a healthy protest and drum circle?


Like our protests?

Like our protests if the internet was heavily censored too

It’s not that simple. They want certain concessions from tech companies and others.

Ie “It would be a shame if something were to happen to your business model here.”


r/pcm?

r/PoliticalCompassMemes, a subreddit that's been gaining popularity recently. (I only discovered it oh, maybe 2-3 months ago? Wouldn't be surprised if the quarantine had a big impact.)

Joe Rogan recently released an episode with the comedian Andrew Schultz which I found very relevant. So many of us share common ground. It's the extremes that push us to be more extreme.

r/pcm has been a rare instance of unity, blunt kindness, and understanding in these times, and I greatly appreciate it.


It may be ignorance for most of the politicians that support the bill, but it's not ignorance for those creating and co-sponsoring the bill, but pure maliciousness. They want to give the government the power to read every single thing you say online, any consequences (or constitutionality) be damned.

Feinstein, Burr, and others like them haven't been champions of mass surveillance powers extensions for the past 20 years out of "ignorance". They know exactly what they're doing.

I still remember a video from the Senate floor showing how ruthlessly and in bad faith Feinstein argued FOR FISA 702 extension back in 2012 using lazy fearmongering about terrorists - the same kind of bad faith fearmongering used to allow the Iraq war, etc.

It boggles my mind that Feinstein has remained a senator for so long in California, but I suspect it may have something to do with the electronic voting machines there. I mean, you could say she has more than enough friends that could help her out with that, especially if she continues doing what she's been doing in the Senate.


Computer criminals (especially the commercial variety) and foreign intelligence agents must be drooling right about now. If something like this becomes law, it's only a matter of time until a mass-breach gives, e.g., China or Russia the dirty laundry of thousands of politicians and business leaders in one fell swoop. I don't think I need to spell out what that would mean for what's left of democracy in the USA.

I'm curious to know if anyone has any insight from the inside: do the particular congresscritters drafting these bills genuinely not understand the damage that would be done if this sort of drivel passed into law, or do they just not care?


but why do you think that 3 letters such as the FBI, DEA, or the NSA or CIA will stop using strong encryption?

do you really think that the DHS will just break its own encryption because of some laws?


The thing is all those three letter agency’s make heavy use of civilian contractors and commercial products.

There is no doubt they are using some bigco vpn or other software that can/will eventually be compromised.


> The thing is all those three letter agency’s make heavy use of civilian contractors and commercial products.

Using Ed Snowden’s autobiography as a point of reference, I’d say the IS agencies have probably 25% of the staff or higher as contractors, so definitely heavy use.


They won't stop using strong encryption. The big national security issue is not a break of government encryption; it's a break on civilian encryption.

Consider a foreign adversary with the ability to break encryption used by banks, credit card companies, large retail facilities, hospitals, etc.

There are a few things that seem tempting-- think "steal from the banks", but a lot of that is unlikely to work, anyway. Banks and wire transfer systems have auditing and verification measures in place that would make it difficult to pull this off successfully. Credit card companies and retailers would have a serious issue with reissuing cards, etc.

What would turn things upside-down is the LOSS OF FAITH in these systems and the economic, social, and practical effects. The Russians would be all to happy to exploit this.

Suppose somebody recovers the necessary keys to send out fake-but-authenticated buy/sell orders on the NYSE, NASDAQ, or even commodities exchanges, with the specific intent of causing havoc with algorithmic trading, and causes a crash.

Suppose somebody is able to break into JP Morgan Chase and reveal private records, transfer information, and the session keys used to decrypt them.

Suppose somebody is able to modify a single prescription in West Bumfuck, Georgia, cause their death, and show off that they can do it again.

In all of these cases, you would see an immediate collapse of trust in important institutions. If the attackers make clear that their ability to fuck things up is the result of backdoored crypto, there would likely be spillover from one institution to the others-- "I can't even trust my pharmacy; how the hell can I trust my bank?!"

That collapse of trust would result in severe, immediate, and possibly unrecoverable damage to entire industries. That would likely destroy a lot of wealth as stocks take a giant shit.

Could somebody DO that? With backdoored cryptio, I'd say it's likely, even inevitable. Backdoored crypto either has to have a mathematical weakness inserted somewhere into the algorithm itself (in which case I would expect adversarial equivalents of the NSA to hire fucktons of mathematicians and tell them find and exploit said backdoor), or you have to do some form of key escrow (in which case the master keys used to protect session keys will be SUPER high priority for attack, including technical attacks and the famous "give the right disgruntled IT worker a bunch of money" attack).

Strong, un-tampered-with encryption is SERIOUSLY vital for national security.

Yes, some companies already have issues with this due to shit security practice, but those can be treated as isolated incidents. If it becomes clear that EVERYBODY is fucked, I would expect to see the market crash worse than it has during the pandemic.

EARN-IT is NOT OKAY by a long shot, but as others have pointed out, this is an attempt to make EARN-IT look like a responsible, reasonable compromise. It isn't a reasonable compromise, but Congress is basically a giant bag of assholes, s we're probably screwed.


You won't like the answer...

1. Most congresspersons don't even read what they are voting on.

2. Most congresspersons don't even write the bills that have their name on them, most of that work being done by staffers in collusion with K-street or the MICC.

3. If a congressperson reads it and doesn't like it, K-street/MICC is likely to put real pressure on them to change their stance. If they are a freshman in any way they will be threatened with all kinds of isolation in future if the bill is important enough.

4. When it comes to intelligence level stuff, many of them will be told in executive session about dubious national security reasoning, designed to cow them.

5. The people who fund their campaign cycles will be used to threaten their position.

6. If all of the above fail, it' is possible some form that Epstein -alike blackmail or bribery operations (that probably already got said congressperson in the past) will be subtly mentioned.

Only an extremely rare minority have the guts to stand up to any single instance of the above, much less all of the above. Congress doesn't represent it's constituents, it just pretends it does to get elected. Ever try to get a meeting with one? Unless you just donated 5k+, good luck.

The worst of the tactics are deployed rarely and only for the most "important" bills, and only against the more powerful positions. For example: on October 2, 2001, the patriot act is introduced. It is opposed by senators Tom Daschle and Patrick Leahy. They both come out publicly against the bill October 6th. Sometime shortly after, anthrax letters were mailed to them both, being the most deadly version of anthrax thus far sent... by October 25th, only one person voted nay against the patriot act...


You're not wrong on any count, but it's impossible to take your arguments seriously when you say "congresscritters"

Edited while I still had the ability. Thanks for the constructive criticism, I should know better.

> Incentivizes technical innovation

What a load of bs.

Because those tech-freaks always find a way right? Innovation will simply appear without any doing on our part. We can just create non-sense bills and laws and they will make it work. They will magically find a way.

These imbeciles do not even understand the simplest things about encryption, but want to make laws for it. Ridiculous. I would laugh right now, if it was not such a serious issue.

Well, I am not in the US, but it will affect people world wide, who use services hosted in the US and next things happening EU comes around the corner with an equally stupid idea and it will hit me directly. Time for EFF again to save this world from idiotic leadership. You have my support.


This would be in breach of various privacy laws in the EU.

Companies have been sued for using weak encryption (cough plaintext passwords).


Of course, yes, but does it stop any of these politicians to come up with stupid ideas? I don't think so. Do we need more tests of what is OK in front of the European courts? 'cause once these politicians are sufficiently "incentivized" they wont stop pushing "their" ideas.

Problem is, other nations might follow suit & come with up with similar laws for their own means or persuasion from the US.

Crypto is classified as an armament for export control. I’m keeping mine under the second amendment, since the folks who wrote this bill seem to care about that one.

As an aside: does that mean US DoD will get a back door as well? As a secure provider with over 1M users that required encryption at rest and in transit I think they should be the first to give up the keys to law enforcement.


Congress should be the first to lose the things they vote to restrict. They should lose it for at least a year before a bill is allowed to pass by simple majority.

Yeah the TL;DR: on this is “Bill Barr (or any AG) could read all of your emails without a warrant if you vote for this.”

I know they would legally require a warrant to read them, maybe, but he’d have the access without it. Not a fun thought to go back to Hoover-style DoJ practices.


> “Bill Barr (or a Democrat AG) could read all of your emails without a warrant if you vote for this.

That would fix it.



There’s one for everything.

Please stop voting dumbasses in the US, it affects everyone living in countries who have commercial agreements with then

It also affects countries that don't have trade agreements with the US. Lots of countries use whatever the US and Europe are doing as inspiration for their own policies. My country introduced a GDPR-style law shortly after watching Europe do the same.

This might be an unpopular opinion, but I don't think we should encourage people to vote as much as we do. Voting is an opportunity to make your voice heard. If you have nothing to say about the issues facing a particular office, don't vote.

I do not vote for candidates who I am not informed about, but many people do. Those uninformed votes just drown out the voice of the informed voters and reinforce the party-line tribalism that seems to be slowly taking over the nation. In an ideal world, I would be informed about the issues surrounding all of the offices for whom I'm asked to vote. Unfortunately, I simply do not have time to concern myself with more than a handful of offices.


> Those uninformed votes just drown out the voice of the informed voters

I've always been a fan of general election ballots showing names, in a randomized order, with no reference to party.


Taiwan lists the candidates in a random order but includes their picture and their number in that order on the ballot. The candidates know their number from the beginning of their campaigns and wear the number on their clothing.

Have you tried absentee voting? It's honestly pretty great. I spend maybe three hours at my computer googling the people I don't know, then send it back.

Not sure if it makes a difference in the end but it's cool to know who's claiming they represent you.


I mean, I basically do the same with the sample ballot that gets mailed to me.

You might want to check other countries too.

Unfortunately only dumbasses vote. Smart people won't vote away their souvereignty to others who are then going to make far reaching decisions about their life. Basically it's choosing to become a slave.

Sounds like the "dumbasses" are right here given that not voting doesn't give them any sovereignty and the ones making far reaching decisions actually have to worry about them voting for the other guy. Compared to the "smart people" who give up a small but very real role as a kingmaker for nothing.

Everyone is born with souvereignty, but tricked into giving it away to others who will rule over them by voting. Tricked again and again and most never learn, unfortunately.

We need to just start with getting rid of being ruled by ridiculously old people.

Bill Pascrell almost certainly remembers where he was as a kid when he found out Hitler had been killed lol. Are you kidding me?


If you don't like the idiots in Congress... then run for office. Engage in the civic process. Why aren't there more nerds and programmers in Congress? We should be there

People won't vote for them.

Everyone complains about how politicians behave, but the truth is that they won't vote for you unless you behave like a politician. Voters are just as two-faced as the representatives they complain about.


Not true. We have a pirate party that has like 20% of the mandates in the capital city leadership (won the last election), and 11% in the parliament. Currently it polls around 17% for the parilamentary elections (second place) https://www.ceske-volby.cz/2020/06/14/preference-kantar-cz-c...

You also have a parliamentary system and a non-first past the poll system which is more open to coalition building to claim a majority. While it is well and good for you here it isn't viable under the political "meta" established by the rules.

We are. We just aren't americans, so we are counting on Americans to vote (or engage in the process). Thanks in advance!

Contrary to what some people are implying, support for mandatory decryption is not evidence of technological illiteracy.

From the perspective of these lawmakers, encrypted storage is like a safe. You have the right to store records in a safe to keep them away from prying eyes, but law enforcement has the right to order you to unlock that safe if they have a warrant. You have the same right to store those same records on an encrypted device, but law enforcement has the same right to order you to decrypt that device if they have a warrant.

Since people will sometimes refuse to decrypt a device, even when ordered to do so by a court, these lawmakers want to require OEMs and service providers to maintain control of the keys when they encrypt information on a user's behalf so as to increase the chances that lawful decryption can take place.

Is this a bad policy? Quite possibly. It has certain risks and makes certain tradeoffs, like any other policy. But it is arrogant to assume that anyone who supports it must be ignorant of how encryption works.


If they see it as a metaphor instead of whar it is that still makes it fundamentally ignorance.

Remember "a series of tubes" memes long predating youtube or its many pornographic not-quite-competitors?

It may map to better understanding but it is still ignorant as somebody software proposing applying computer antivirus software style scanning to infectious disease gene scanning of all micro-organisms in the body.

Even if the metaphor is technically correct in some aspects (the microbes being unauthorized executables in a space) the differences are substantial enough that it cannot be called anything but ignorant by those in the know who would point out precisely the current limitations and theoretical impossibilities like "we can't read cell DNA without destroying them currently". In the case of the safe analogy it is essentially impossible for someone to wind up ordered to open a random piece of garbage that is indistinguishable from a safe. Unlike with encryption.


With the safe analogy, I swear there's precedent that, if the security is a physical key, then a court can compel the owner to produce it. But if the safe uses a combination, the court cannot compel its divulgence, since that would violate the fifth amendment protections against being forced to testify against oneself. Encryption "keys", and the passwords from which they are commonly derived, are much more akin to combinations than to physical keys.

I think there might be a circuit split on this issue, but IMO merely divulging a combination or encryption key is not "testimonial" (and therefore not a 5th Amendment violation) except insofar as it admits knowledge of the combination or key itself. But if police can establish separately that you know it, then the "foregone conclusion" exception applies.

If you can point to specific precedent that would be helpful.


Did some more research on this; see this comment: https://news.ycombinator.com/item?id=23647018

The difference is that for the government to come into my house and force me to open my safe: 1) I will both know about it. 2) government will need a warrant.

In the case of my digital data that might be stored on google (or some other third party) I may never know that the government asked google to decrypt my data for them. In the past companies have done so without a warrant.

Maybe the contents of this bill does not work this way. I don't know.


> But it is arrogant to assume that anyone who supports it must be ignorant of how encryption works

No it's not. Because your analogy is, excuse the term, utter bullshit. Producing a safe requires an expert. A government could actually try to force all producers to give them a second key or some backdoor. Producing an encrypted messages requires software. Government has no chance in hell to restrict the distribution of "illegal software". Everyone who supports that narrative is stupid. Period.

Government officials aren't stupid in general, though. So why do they support the fight against encryption? Because they want to read the messages of average Joe, not the messages of Don Heroin or Sheik Al Explosive. They want to know where the next BLM gathering will be, or where the documents about city council corruption leak.


> (R-SC)...(R-AR)...(R-TN)

It's funny how you can read just that and know that the bill is going to be absurdly bad. Not even just bad in the philosophical/political sense but actually just bad as in not understanding the problem space, or not even formulated clearly or coherently.


Toss enough coins and you'll get a good streak of heads going.

There's plenty of D's who just love to come up with bills that make citizens more vulnerable to the government.


Sorry to say, but even in Australia the combination of SC, AR, TN leaves me worrying. There's a lot of dark history associated with those states that the world has known about for years. That's without taking the "R" into account.

Sometimes I think the USA should have it's own history A/B compared against it's own history as recorded by the rest of the world.

Not saying it's Tiananmen level yet, but it seems some people haven't read their own history.

Disclaimer: I live in NSW, Australia. Some evil stuff happened here that is rarely acknowledged.


The northeast states are built on a legacy of making life hard for anyone who didn't hail from the right country or worship in just the right way. The west coast treated Asians like crap. The plains states had to kick the natives out and that wasn't pretty.

It's harder to fit that crap into something short and sweet enough for history textbooks so you don't hear about it whereas simple skin tone based discrimination in the south is easy to make a bullet point out of so everyone knows about it.


> The plains states had to kick the natives out

...and the rest of the states...


Are you saying that Rs or people from southern states are incapable of critical and analytical thinking?

Perhaps just that that combination does not have the best track record in that regard. Their war on science, etc.

As a native born floridian, the claim that southern republicans are not good at critical and analytical thinking seems true to me. Surely they're out there, but I haven't met them yet, and I've met plenty of conservative southerners.

If your voting base prefers the blood of christ over a facemask to protect from coronavirus, you probably aren't writing bills based on, uh, informed analysis of relevant data.


Yes.

(Just saw an opportunity for a joke and took it)


Not sure, maybe it's the combination.

Nancy Pelosi backed EARN-IT, a bill that's just a more passive aggressive way to try to get the same camel into the same tent.

Agreed. In most cases the main difference between Republicans and Democrats is that the Democrats are much better at hiding their motives or wrapping them in some sort of socially acceptable argument.

I same ways, I prefer the Republican approach because they're more honest about how they want to screw you so it's easier argue and fight back against.


Feinstein (D-CA) co-introduced EARN IT. She might be up for re-election one more time before she retires.

She votes according to Trump’s recommendations more than any other democrat, and more than many republicans.

Her history of supporting right wing causes and overt corruption spans many decades.

As a California Democrat, her position has been unassailable most of her career. I suspect getting rid of her was a motivation for open primaries.

Californians, please stop voting for her!


> Feinstein (D-CA) co-introduced EARN IT. She might be up for re-election one more time before she retires.

Yes. I call her Senator Hollywood. That's the only constituency she really represents. She's been on the wrong side of all tech related bills over her entire career. EARN-IT is simply the latest one in that list.


Do we need an amendment to the constitution? We can't keep fighting these fights. Eventually they will win.

Yes, I'm surprised there is no "right to privacy" spelled out in clear terms. Sounds like that would be a wonderful thing to add directly to the Constitution.

The 4th amendment is supposed to guarantee this right. The Senators are old men who don't understand technology, so they believe that the protections that applied to letters at the time of the constitution don't apply to the medium that has replaced letters, namely email and messaging.

Please... These people know exactly what they are doing. The internet is a lot of things, and one of those things is a tool for mass surveillance. It's always, always been about power and money.

You are right, they have no excuse.

> I'm surprised there is no "right to privacy" spelled out in clear terms.

The problem is, there is no definition of the word “privacy” in the context of “right to privacy” that a majority can agree on. I highly doubt even the niche audience of HN could agree on what they feel is private or not. I think the EU took a decent shortcut around that debate with “right to be forgotten”.


Case in point, there’s a heated debate on HN today in the comments section of the DoJ post on Wikileaks whether Steve Job’s medical history (as shared by Wikileaks) should be private or not.

We need secure software in the hands of everyone making these attempts plainly unenforceable, rather than the current status quo of everyone's software destiny being administered by centralized companies that will comply with totalitarian shit at the drop of a hat.

Then we need good UI libraries for good languages.

I thought of UI toolkits as just niceties until recently. Now I realize that being able to make something pretty with good usability is power.


It's not like the second amendment stops anyone from trying and passing gross infringements.

Would this be for "online services" only, or would operating system vendors have to decrypt users' encrypted file systems on demand?

Answer: according to the article "any device that has more than a gigabyte of storage and sells more than a million units a year could have to build a government-required backdoor if it is subject to five warrants or other requests, as would any operating system or communication system with more than a million active users."


I briefly read the doc and it requires assistance to decrypt local device storage and remote storage. So it's a full spectrum demand for decrypting data.

Going after systems that have over a million users would leave a pretty big loophole for niche vendors and open source. But with such a big precedent, those could easily be targeted later.

For those, like you and me, who have been touting open-source as a beacon of hope: I'm sorry, we're done for.

First, anything that has more than a gig of memory and sells over a million units must be engineered according to the government's whims. That is pretty much ANYTHING useful nowadays. Hardware will now spy on you. And even though there is old hardware, and theoretically zero-trust programming techniques out there, that won't matter because:

They will go after open-source projects.

Any single method alone wouldn't work, but if pushed all at once, they could smother us. File lawsuits against and harass not just maintainers, but contributors and possibly even users; force registrars to de-register domains, and search engines to forget links; have ISP's stop allowing Tor connections, or possibly even implement whitelists of all websites instead of blacklists of "bad" ones.

Without secure computers, in today's world, there is no organized protest; there is no organized opposition; there is no truly effectual dissent, because the other side can see all and end it before it becomes an issue. And even then... gestures wildly.

Constitutionality means jack without both belief and enforcement. We have neither; a public split and jaded, and a government empowered in the worst possible way. And even if this doesn't pass - and that is a horrifyingly small if - the very fact that this is even being proposed is evidence that the battle is close to being lost completely. There is no second chance in this chase, and we are going to trip and fall eventually.

Though hope may be lost for us, may we retain hope that our descendants are at least somewhat at peace with the world we have given them.


Such a crack-down on the free-sharing world of the Internet has been a popular prediction at least since the 1990s, and you can probably find it in the oldest Usenet archives. However, it isn't hard to imagine that we are at a turning point in history, moving beyond the status quo in international relations that has been in place since WW2.

That means a possible end to a whole range of international agreements and treaties, and a fragmented world where anything is possible, somewhere, now that there is no chance of global consensus about anything at all. I'm waiting patiently for the international consensus for protection of "intellectual property" to break down. Plenty of countries take a net loss from it, and without the carrot of access to international trade systems like the WTO, if such are discontinued, they won't have an incentive to continue with it.


What if you put a text in your project:

All lawsuits are in the jurisdiction of X Tribunal, situated in Switzerland or another privacy-friendly country?


I’m drawing a blank on the name of the show... there’s a series on either Netflix or Prime Video where a retired high ranking FBI officer walks the viewers through a bunch of crazy cases. The majority of them are foreign intelligence related. I think it’s meant as some kind of pro-FBI pro-American low key propaganda.

Anyway, as a Canadian, one of my key takeaways from watching it is that it doesn’t matter what country you’re in, nor your nationality, nor the nation where you’re committing crimes; if the FBI or similar large agency decides to target you, you’re going to at a minimum have a really bad time, and very potentially end up getting a free trip to the US to spend time in jail, even if you’ve never stepped foot in the country before.

The show has this “look at how far we’re willing to go to keep America safe!” vibe to it, but as an outsider I found it pretty horrifying.

Edit: https://en.wikipedia.org/wiki/Declassified_(TV_series)


> Going after systems that have over a million users would leave a pretty big loophole for niche vendors and open source. But with such a big precedent, those could easily be targeted later.

Smaller just don't have to do it proactive, but can be required to do it later.

> the Attorney General can simply command it to build one, using what’s called an “assistance capability directive.” (If it does already have that capability, the AG can use the directive to command it to maintain it.) That isn’t limited to the million-plus club; any provider can be served with such a directive. That is, the “big” providers have to proactively design for decryptability, and the “little guys” with less than a million U.S. users better gird their loins


This bill will be sold to the right as helping fight against foreign terrorists living in the US. It will be sold to the left as helping against the alt-right organizing and spreading hate. And it will be sold to everyone as helping stop child exploitation.

In addition, there is already a lot going on in the country to keep the average person from focusing on this issue. It seems like allowing the government to spy on everyone is a pretty bipartisan agenda.


The further we get from wwii, and the Cold War to some extent, the harder it is to remind the public how scary it is to live without freedoms. How do we remind them? Could China and Russia act as cautionary tales that voters would respond to?

Putin jailing and murdering his political opposition, Chinese concentration camps for muslims - why do so many people assume it can’t happen here? Nazi germany wasnt some backwater nation, it was a strong, extremely cultured, advanced nation that was going through some very hard times. Germans didn’t like what happened - there were countless assassination attempts against hitler, but it was just eventually too late


Even you have forgotten that it's already happening in the US: you only need to look at the horrendous human conditions and the industrialization of the prison and justice system, which targets minorities for the pettiest offenses to be able to fill the prisons and make profits for their owners. Or look at the concentration camps at the border, where migrants are treated worse than we would treat any animal. Or look at the disproportionate treatment of minorities by police force: they are _scared_ of the police force, to the point the advice is to not trust the police. Is that something a citizen from a free country should face ?

It _is_ happening already, and despite the few vocal people talking about it the news cycle is spinning so fast that it goes out of the discussion in a matter of days and people seem to forget it.


You will always find that one social media post that will prolong any sentence.

> why do so many people assume it can’t happen here?

Is that actually the assumption? I'm pretty sure everyone already assumes that the government already has all of your messages, browsing history, transactions, etc, and they can come for you if they want.

Between the massive surveillance state that already exists and the judicial miracle of "parallel construction", it's already very much a problem. The only thing left to do is scale up.


There is something worse than gulags.

Telescreens, watched by "AI".

They can arrest you on trumped up charges, but it's not really feasible to do that to everybody, and extreme heavy-handedness promotes resistance.

Once they reach inside your device, they don't have to murder or imprison you, they can just give you a little slap whenever you try to stray from the garden path. Let you know that they're watching so they don't even have to censor you, and can claim that they don't, because you censor yourself.

Crimethink. Doubleplus ungood.


They can arrest you on trumped up charges, but it's not really feasible to do that to everybody

No, but I would imagine there would soon be some way of removing your liberty and keep you under house arrest for a set period. Imagine if they made sure your banking and cards were frozen for the period to stop you going anywhere...


Or a social credit system that prevented you from using public transit

A while ago there was a "north korean browser" that kept track of everything one did online. At the time people were saying how dystopic that was, but I'd always thought it must have been an elaborate troll, an in-your-face reminder of what could easily be done today, at multiple layers of the stack, with one's digital exhaust.

(On the sibling thread: by my calculation at most 13% of the 1984 society had telescreens, so at roughly 60% global internet usage we're well ahead of Orwell for staring into Palantirs.

Someone in the non-aligned movement ought to produce networking gear, so we aren't necessarily beholden to suppliers approved by one of the two[0] largest economies. Then again, seeing what happened to the former "leader of the third world" after the Cold War, maybe it's best not to draw attention to oneself in that way. "None of you has ever seen a dead donkey.")

[0] China, US, would you all please reflect that "one to embody power the other to crave it" is a philosophy attributed to the "bad guys" in that particular mythos?


I would dare say it’s already happened here to a segment of our population. The War on Drugs, secret prisons, National Security Letters, extraordinary renditions, and “signature strikes.”

> Germans didn’t like what happened - there were countless assassination attempts against hitler, but it was just eventually too late.

That myth has to die - there was no real opposition against Hitler for as long as he was successful. He was probably the most popular political leader of all the time. German people did not have a problem with his hatred against Jews, on the contrary, that's what gave him his popularity. It never was "Bad Nazis vs Good Germans" - Nazis and Germans were one and the same.

Yes, initially, in 1933 Nazis did slauther some of their political opponents, but for the years after that they really didn't need to terrorize the nation. Gestapo in 1937 was just 7000 people, inlcuding secretaries and other support stuff, and that was enough to keep 60 million nation in check. Compare that to 200k members of STASI in communist East Germany after war.

As for assasination attempts - if you look at Wikipedia list [0] you'll notice two things:

1. Most of them are pathetic, with zero chance of succeeding

2. None of them are attempted by common "good Germans" - some are by members of competing radical groups, some by citizens of countries conquered by Hitler, then, starting in 1940s there are attempts by generals that realize Germany is going to lose the war.

[0] https://en.wikipedia.org/wiki/List_of_assassination_attempts...


I’ll read more about it before I post the idea again, thanks for the correction

> He was probably the most popular political leader of all the time.

Worth noting that their first major win was in response to the stock market crash, but his popularity really only soared after they took power and imposed censorship.

Free speech not such a virtue in Nazi Germany. Much easier to be popular when nobody is allowed to say anything against you.


People hat Nazi spies within their own homes that made sure nobodY said anything wrong. Have a diary about such a couple. They made 200 people careful about what to say. Of course free speech was pretty much non-existent.

Most dissent was from somewhat popular leftist movements, that were directly targeted by any anti-free speech actions.

If you weren't, as americans would say, a "commie"? You felt like you won.


The 4 horsemen of the infocalypse:

- terrorists,

- drug dealers,

- pedophiles,

- organized crime.

Quoting https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...

Have a target "thing" you wish to stop, yet lack any moral, or practical reasons for doing so?

1. Pick a fear common to lots of people, something that will evoke a gut reaction: terrorists, pedophiles, serial killers.

2. Scream loudly to the media that "thing" is being used by perpetrators. (Don't worry if this is true, or common to all other things, or less common with "thing" than with other long established systems—payphones, paper mail, private hotel rooms, lack of bugs in all houses etc.)

3. Say that the only way to stop perpetrators is to close down "thing", or to regulate it to death, or to have laws forcing en masse tapability of all private communications on "thing". Don't worry if communicating on "thing" is a constitutionally protected right, if you have done a good job in choosing and publicising the horsemen in 2, no one will notice, they will be too busy clamouring for you to save them from the supposed evils.


I've just realised that they don't just do this with tech stuff. https://en.wikipedia.org/wiki/Boys_Beware

Everyone needs to remember: a constitution does nothing to protect your freedoms. It can serve as a rallying banner, but the only thing that will actually protect you is mass-will to enforce those freedoms. Simply having ideals on a piece of paper does nothing unless people actually fight for them, and those working against them aren't going to fight fair or say it out loud.

All of them are sponsored by the government. I think the counteract is to have all meetings, phone calls by public officials open for scrutiny.

Not from the US, but many on the left will see these capabilities as a counterweight to corporate data collection, others against the "dangers" of free thought. Very naive thought, but I think this will pass. Republicans mostly don't seem to know much of anything but certainly won't drop this opportunity.

That said, I don't think it would end encryption though, since it is out of the hands of governments. Of course a lot of traffic will be compromised still and it would grant access to large data hoarders.

edit: Of course that also means that Apple and MS OS aren't safe anymore.


Funnily, that's how public reason or public justification is defended philosophically. Different groups can agree to some end, with contradictory reasonings.

What’s the situation when two (ostensibly friendly) superpowers, the US and EU, have totally mutually incompatible laws regarding something totally transnational? I’m not asking rhetorically, I’m asking legally, what is a company to do if they want to do business in both locations?

That basically almost already happened with the Microsoft case a while back. The US government asked Microsoft US to give it some data that was held by a subsidiary (call it Microsoft EU) in Ireland. It went quite high up in the US courts, because it was illegal for Microsoft US to not hand over the data, but also illegal for Microsoft EU to hand over the data. But basically because the company was split along jurisdiction lines, there was the possibility for Microsoft US to tell Microsoft EU to hand it the data, Microsoft EU to say no, and Microsoft US to say to the US government "Well, we tried."

My guess is that they have to compartmentalize the operation. Essentially, it'll have to be like region-locking in video games, where you make different changes to the product for each region.

I can think of the German Cococola as one precident even if it is more local. Embargoes forced the German branch to split and develop their own independent supply chains. They remerged when possible.

Effectively the solution has been an effective hard split into two companies one for each set of laws. They certainly have to sever monetary and organizational ties to not locally be engaged in conspiracy. Without coordination or assistance they have no responsibility to tbeir illegal twin abroad.

They do what they can get away with locally and relying upon their counterpart's enforcement failures abroad. It may be illegal but if they are in another superpower's territory entirely they are protected. Being fully lawful to both at once was precluded so they effectively become mirror universe versions of themselves lawful in one and scofflaw in the other.

Other less shady alternative approaches include withdrawing from one superpower and shifting their business entirely or simply deciding to dissolve themselves entirely and distribute their assets to the shareholders.


Depending on the nature of the conflict, it might not be possible at all. Countries generally reserve the right to control both what crosses and happens within their borders- that’s more or less the definiton of sovereignty. If two countries have mutually-exclusive regulations regarding some goods, there isn’t a legal trade in those goods between them.

I guess it's time for github.eu

I'm from TN. It's no surprise to me that they also target DNS over HTTPS. Marsha Blackburn has long been in the pocket of large internet providers. She successfully stopped a large city here in TN from expanding their own successful municipal broadband.

The solution to policies like this is serverless or point-to-point systems. As an application publisher you cannot be held liable or obligated towards that which you do not possess and are, by design, not capable of possessing. As an example consider copyright law and BitTorrent. BitTorrent provides a software application and protocol but not servers or services, so the BitTorrent software is never liable for the copyright violations of content that makes use of its protocol.

The solution is to vote out idiots who support things like this, and get the government actually working for its citizens again, not against it. That's hard, and feels damn near impossible sometimes, but it's required. You can't fix social problems with clever technological workarounds.

But clever technological workarounds might expose those idiots for what they are:

Clowns trying to "regulate" things they don't understand without seeking expert advices beyond their narrow lobbyists.


The most "exposing" you will be able to do is to get them pushing insane laws that criminalize coherent action.

AFAIK, that's done already. You won't move further by technical decisions.


The problem with your solution is that the representatives we vote for don't include every combination of sides of every issue. You can vote for the best person regarding internet privacy, but they might have terrible views regarding welfare and transit. Everything is a compromise, it's so unlikely as to be labeled impossible that you'll find a representative who will vote the way you would on everything--and this is disregarding lobbying entirely.

It's not even hard, people are just complacent.

Here in the USA we are literally governed by the folks who show up.


Voting has gotten us to a point where half the politicians want to spread a plague, and much of the population believes them. That shouldn't even be a political issue!! Encryption is far far down the list of what is possible to meaningfully express in this system.

The web browsers and operating systems are our trusted computing base. If those have backdoors all else is moot.

These anti encryption policies are almost always about online services though. Government is generally not so concerned with encryption in the OS because people rarely encrypt their data at rest and even when they do it is still stored data at rest that can be brute forced in time.

If you are using a web browser for a typical online service any backdoor is less concerning than simply going straight to the service provider where all things converge. If a web browser is used in a serverless context, just for localhost user interaction, it can rely on other aspects of the OS to transmit data thereby circumventing any browser backdoor.


The article says that this bill applies to operating systems just as well. It's doesn't matter what's typical or reasonable, the hostile actors pushing this and the EARN IT act don't care.

Let's skip the denial stage. This is not a technical problem, it's a political problem and needs political solutions. Whatever technical solution you come up with will simply be made illegal if anyone but the nerdy 0.0001% will end up using it.

We are rushing full speed towards a police state. We have to stop.


> Whatever technical solution you come up with will simply be made illegal if anyone but the nerdy 0.0001% will end up using it.

But that never happened with BitTorrent. Conversely, industry gradually stopped caring about pursuits of IP violators. While this is ultimately a political problem it will only be practiced where it’s enforceable like all other political problems.


> While this is ultimately a political problem it will only be practiced where it’s enforceable like all other political problems.

Building a company in the US becomes an untenable legal and security risk as if you don't backdoor yourself you'll be liable but if you backdoor yourself and competitors or spies or journalists get the keys, I'm pretty sure you can't ask the US government to pay back the financial or PR losses (which is actually something you can do in Switzerland for privacy-related issues)


Nobody really uses Bittorrent to undermine the police state. They don't care about your dealings with the media industry as much.

And hey, why didn't you say "but that never happened to encryption"? Because it's about to happen in the US? Because it happened in Australia already?

You think a government that is seriously considering such bills will "gradually stop caring" about assaulting constitutional protections by banning effective encryption? If you haven't noticed, we're moving in the opposite direction, and not very gradually I might add.


I am not making assumptions either way.

Given usage of reasonably available standards at present you will never gain access to encrypted data at rest inside the probable lifespan of our planet let alone a court case.

Using current technology in the ways we currently use it. Some of the things we take for granted were considered impossible less than a hundred years ago. Logging full packet data for later decryption is already feasible, and that's all it takes if you can watch the wires.

As someone who typically votes conservative, this is the kind of ignorance that makes me seriously reconsider my stances. This would be throwing the baby out with the bathwater, and go a long way toward emulating China. No thank you! Time to double down on encryption efforts and Tor usage.

I hate to break it to you, but if this bill bothers you, then you’re best bet is to vote for the progressives. Welcome to the left wing, comrade. :-)

Over the years, I’ve watched most of my conservative friends defect to the democrats as the Republican party morphed from “small (but efficient) government” to starting the War on Science and War on the Climate, not to mention all the useless wars against the Middle East, etc.

At the same time, the Democratic party also veered to the right, and I’ve watched my liberal friends (and now, some of those conservative defectors) move to the progressive part of the democratic party.

It’s not that people’s opinions have changed, it’s that the parties have sold out their core values to appease big donors.

Prior generations in the US became more conservative as they aged. I don’t see that happening with my generation. Between that and demographic shifts, the Republican party is representing a rapidly shrinking minority of the population. I just wish the senate wasn’t so skewed toward conservative states and against city dwellers. 42 votes are controlled by a group of people the size of California.

Worse, the senate gets to appoint federal judges, so a minority of the US is electing the people that have exclusive control over court appointments (they simply refuse to appoint judges when there is a Democrat in the white house) and they’ve packed them with radicals.


> I hate to break it to you, but if this bill bothers you, then you’re best bet is to vote for the progressives.

Haha no. They both suck. It's only politically convient

> the Democratic party also veered to the right

I think you mean the left have veered radically more to the left.

> I just wish the senate wasn’t so skewed toward conservative states and against city dwellers.

As designed. Really we should go to the way it was supposed to be with the state legislatures choosing senators.

> hey simply refuse to appoint judges when there is a Democrat in the white house

The democrats will do exactly the same in the reverse situation.


There is plenty of room for a sane, intelligent conservative position in our political landscape and discourse.

Where is it?

There are over a dozen congressional candidates today (all on the R side AFAIK) who espouse or at least dog whistle to the Qanon cult.

Imagine if PETA, Earth First!, and the most unreasonable histrionic "social justice warrior" types took over the Democratic Party. That's where the Republican Party is going if it isn't there already.

Where's Eisenhower or even Reagan?


Perhaps conservatives will find compelling a comparison to the second amendment. When crypto was outlawed, only outlaws will have crypto.

The letter I sent to my senators is as follows:

I care deeply about the safety and security of my fellow Americans. I understand the challenges that strong encryption poses for law enforcement. I don’t want the terrorists and pederasts to win.

Yet, I strongly oppose Senate bill 4051, LAEDA. Consider giving a copy of your house keys the police just in case they need to come in without you knowing. Boy, I hope no one ever decides to steal all those keys at once. I hope no one guarding the keys ever develops an opioid addiction and decides to sell just a few keys. I hope China and Russia don’t get curious about what you are discussing with your colleagues and decide it would just be easiest to raid the key pantry.

Meanwhile, the real bad guys will just continue using existing, strong crypto. When crypto is outlawed, only outlaws will have crypto. As a strong supporter of the 2nd Amendment, you understand that it is every person’s right to defend themselves against the evil forces in the world as well as protect against a potentially tyrannical government. Just because some criminals use guns for evil doesn’t mean we should curtail the rights of the majority who uses them for lawful defense.

Please don’t be fooled that LAED or EARNIT leave strong crypto intact until a warrant is issued. No. These acts force everyone, law abiding or not, to install a trigger lock the government can switch on remotely. Do we really trust the next administration not abuse that right? Do we really trust big business that much?

Personally, I prefer to stand my ground. I have done nothing wrong. I will not hand over my rights to defend myself.


I'm very conservative and I don't like this one bit. I agree there is a good comparison to the 2nd. I think if you sat down with your average conservative, you would find that they probably either already agree or would be quick to agree that this is bad.

> Do we really trust big business that much?

In general I trust them more than the government simply because they will never have as much power as the government.

Stop trying to take my guns...and my crypto.


I think most conservatives believe that the government has too much power, should not be engaged in mass surveillance and especially not suborning people rights just to make life easier for law enforcement.

Conservatives don't care about rights and they certainly don't care about your values. They literally just want your money and if you don't have enough to get them re-elected they don't give a damn.

s/conservatives/moderates/

The Democratic and Republican party establishments have been eroding our rights for years.

Populist libertarians (1) and progressives have been fighting it for just as long.

(1) “the government has no right to levy an income tax” types, not “the courts have no right to inconvenience my monopoly” types.


Given how controversial gun ownership is, I wouldn't use that as an example, it might undermine the case.

Depends on who the recipient is.

I live in the rural South. This is a message that will resonate with my representatives.

Is there a way to see exactly which senators vote for a bill? I’m writing my senators now about how bad this bill would be, and I want to see if they follow through.

Yes! https://www.senate.gov/legislative/HowTo/how_to_votes.htm

There's also third party sites, such as this one which offers email services. https://www.govtrack.us/congress/votes


govtrack.us offers RSS feeds for every legislator as well, so if you have an RSS reader already set up you can just add the feeds for your representatives (you don't even need to create an account on govtrack!)

Being in the EU, I really wonder how this is going to play out if this bill comes to pass.

It's pretty clear this bill is incompatible with the GDPR, which specifically mandates using state of the art encryption when appropriate (and a backdoored encryption is certainly NOT state of the art).

The 2 laws would be fundamentally incompatible, which means we would probably see different services based on geolocation from the big companies (GDPR applies to EU residents, not citizens, so there is no overlap), but this means small players will have to choose between EU and US or take a legal risk.

From a risk perspective, the US have an exception for under 1 million users, while the EU has nothing of the sort. Which means it would, in theory, be less risky to start in the EU, expand in the US, and when you reach the 1 million users bar, separate EU from US operations (which has obviously a lot of issues, how do you handle a user moving from one place to the other, or users interacting accross boundaries?).

Let's hope this won't be the trigger to have several continental/national "internet" instances, but this is definitely going to contribute to a split.


We're going to have the "international edition", with 256-bit encryption, and the "US edition" with 40-bit encryption. https://en.wikipedia.org/wiki/40-bit_encryption

The 1 million user exception doesn’t apply if the government tells you that you need a backdoor.

Also, the CLOUD ACT is already incompatible with the GPDR, so cloud vendors are already in a situation where they’re forced to decide which law to break if they receive a warrant.


What are the effects of this, if passed, on the rest of the world using Office 365, Facebook or AWS? It might be impossible to reconcile with some regulation in eg the EU.

Logically it means that most of planet earth abandons our technologies and our companies. Locking out their best and brightest simultaneously give them an even better chance to exploit this opportunity.

I hope (fingers crossed) that the encryption laws will simply not apply to the EU. I mean most US companies operate via an intermediate company hosted in e.g. Ireland or the Netherlands already, so I reckon legally they can disregard these bills.

Of course, if the US government starts to offer money for data, they may budge anyways. I'm fairly sure MOST data can freely be shared with the US, it's just government data and higher level company data that isn't allowed to cross the borders.


https://www.linklaters.com/en/insights/blogs/digilinks/2019/...

Tl;dr: For most data, the cloud vendor is basically forced to violate either the cloud act or the gpdr. The gpdr has a bunch of fuzzy carve outs for requests involving people in danger or the “public interest”. My guess is that those will be expanded over time to force the data to be handed over, regardless.

If the data isn’t “personal information” (financial records aren’t, for example), GPDR doesn’t apply and the warrant must be served.

I think this means that, because they could hypothetically receive a warrant they have to serve, the Ireland/EU intermediary (or the US company that provides them with the software/hardware) will have to backdoor the encryption.

I am not a lawyer, and I haven’t even read any of these bills. I’m just piecing together summaries. I don’t think anyone really knows how the three bills will interact in practice.


I've read the bill of rights.

i have a right to be secure in my papers and affects.

okay, this bill emphasizes that police need a warrant, but glosses over the bit about actual security.

administrative controls aren't security. That's why we haven't outlawed locks on the front door...


Secure in your papers and affects means that they can't just go rifling through them. But if I have a bag in my car, and cops want to search it for drugs or weapons, then that's okay. So we've passed the point of the 4th having any legitimate meaning.

Most of the rights spelled out in the Bill of Rights have been effectively nullified. At this point they're better seen as test cases for when we need a revolution, rather than functional law.

lockpickinglawyer on youtube should quickly dispel any sense of security you have with the lock on your house. It is literally ZERO

Entering an unlocked house, in many common law jurisdictions, is tresspass at best.

Picking a lock falls into break and enter, regardless of the name of the charge.

Windows, and even walls offer little security in modern houses too! I can literally punch my way through vinyl siding, with chipboard under that, through to drywall.


> Entering an unlocked house, in many common law jurisdictions, is tresspass at best.

False, opening or door window is sufficient for the breaking part of burglary at common law, locks.are irrelevant. If locks are relevant, it's not because of common law.


There's no universal 'common law'. Each jurisdiction has its own, diverged "branch" of common-law, each with its own peculiarities.

Primarily, based upon its history.

And as the legislative branch passes laws, they effect the power of, modify the scope of, or render inert many such judicial decisions.

This is why I said "many common law jurisdictions', not just 'common law'.

One vital part of common law, is intent.

A door with a lock on it? And you pick it / disable it? It is going to be exceptionally difficult to prove benign intent here.

An unlocked door? Well...

Are your friends 'breaking and entering' by opening the door and walking in? Again, intent here...

Did you knock, and "thought you heard something"? Again, intent.

There have been many court cases, but as an example, for a while, in Ontario, Canada, it was common for police to knock at the door, and simply enter saying "Oh, I knocked.. but no one heard me."

I kid you not.

But let's take a step back here, and give you an example as to why this becomes more difficult with an unlocked door.

Part of the issue here is, many houses have a covered, 'cold room' prior to the house proper. Yet, this is still part of the house. It has a roof and walls, a door. It is simply part of the house.

In many colder climates, you enter this area. This is fully expected. You're now sheltered, but it isn't heated. When the owner opens the "door proper", blowing snow and wind won't enter their house. Ergo, to knock, you must approach the "real door" of the house, inside this room, and knock.

It is also not immediately clear if the "very outside door" you are accessing, is a cold room, or the actual door of the house. How do you discover one way or the other? Why you open the door, and enter!

Intent is primary here. Entry into an unlocked house does not prove intent, as there is no 'forced entry'.

One thing ; in Canada, the police lay charges. A person need not even make a complaint, for the police to act. Nor does a person insisting that the police not charge someone, indicate this will happen! An example here ; the police discover assault of some form. They only need evidence, not willingness to 'charge'.

Now take this legal position, and assign it to people entering houses. Your friend enters your house, as he always does, without even knocking.

According to you, that's 'break and enter', yes? What differentiates here?

Why, intent of course!

Intent is primary, and a locked door creates a very strong validation of intent. An unlocked? Zero validation.


This. Locks give you legal protection, not physical protection.

you are suggesting that commercially available and mass produced locks are easily defeatable. I agree. but that was not my point at all.

you see, I am legally allowed to blow my life's savings installing a lock that is secure - if I so choose. and if I do, I'm not legally required to resister the key with the police department... just in case they need to serve a warrant later on. nor are lock manufactures required to make the key available to police for each lock they sell.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: