Hacker News new | comments | ask | show | jobs | submit login
FBI pushing for surveillance backdoors on websites (cnet.com)
301 points by quadrahelix on May 4, 2012 | hide | past | web | favorite | 159 comments



Some days I wish I could purchase a huge lighted sign, kilometers in length, and place it on the moon.

It'd say "The internet is not broken" I think I'd make it flash.

That's it. It's not perfect, security is a real threat and hassle to those on it, but it's not broken. It does not need fixing by the government.

I am very sorry that the FBI is unable to track communications on the net. Really I am. But this is no different than the problem they had before telephones were invented. In fact, throughout much of our nation's history, law enforcement had no idea what kind of communications criminals had. The universe did not explode. Somehow life went on.

I read last week that although most recent college grads are having problems finding work, there are exceptions. One of those are, sad to say, legal professionals seeking government work. The federal government is snatching up young lawyers and even paying off all their college bills in addition to their salary. In return we're creating an army of legal attack dogs in each agency looking for new ways to "fix" things for their paymasters.

Once again, it's not perfect. But it does not need fixing. What we're seeing now isn't the end of some long civil discussion about what rights everybody should have in a technological world. It's the beginning -- just the beginning -- of a new world where a lot of things we took for granted just a decade ago aren't going to be true any more.


> I am very sorry that the FBI is unable to track communications on the net. Really I am. But this is no different than the problem they had before telephones were invented. In fact, throughout much of our nation's history, law enforcement had no idea what kind of communications criminals had. The universe did not explode. Somehow life went on.

Related: I wince every time someone says it's the FBI's job to catch criminals, and we should make it easier for them to do so. No, it's not their job to catch criminals, period. Their job is to catch criminals while protecting everybody's fundamental human rights. It's part of their job description, part of their raison d'etre, and yes, it's a tough job. If you can't accept a tough job, you don't deserve a badge.

Once you realize what the FBI's job really is, it becomes difficult to accept the argument that giving them humongous surveillance capacities makes it easier for them to do their job. In fact, indiscriminate surveillance prevents the FBI from doing their job, because it contradicts their very raison d'etre.

Every time a law enforcement agency complains about not being able to spy on random Internet users, you know they're slacking off.


> I wince every time someone says it's the FBI's job to catch criminals, and we should make it easier for them to do so. No, it's not their job to catch criminals, period.

If "catching criminals period" was their job, there are no shortage of criminals for them to catch using their current powers.

So, when they want new powers, the relevant question is "what new criminals are they going after?"

Of course, we're all criminals. It's almost impossible to avoid committing a felony or two per day.


"I wince every time someone says it's the FBI's job to catch criminals, and we should make it easier for them to do so. No, it's not their job to catch criminals, period. Their job is to catch criminals while protecting everybody's fundamental human rights. It's part of their job description, part of their raison d'etre, and yes, it's a tough job. If you can't accept a tough job, you don't deserve a badge."

Amen! It's not our duty to give up individual liberty in order to make it easier for the FBI or any other government organization to catch the fringe terrorists and criminal element.


A felony? Really? I have no grasp of how your laws are divided in the states and presumed the "every-day accidental crimes" would be misdemeanors. What felonies are you referring to?


Felony soda tossing: http://www.wireclub.com/topics/off_topic/conversations/T6K1R...

Felony mic check: http://www.dailykos.com/story/2012/01/12/1054041/-Occupy-San...

Felony protesting: http://www.soarclub.com/2012/03/felony-protest-in-front-of-g...

I also recall a few years back there was a man charged with a felony for "digging fossils" with his son in the wrong place.

And a man charged as a sex offender for grabbing a child that ran in front of his car (to lecture him).

I found another where a man was charged with felonies for throwing seed pods at police, but that's not really an "every-day accidental crime."

So, yes, most incidents are misdemeanors, but if you commit them in the wrong place, at the wrong time, or with the wrong people present, it can be a felony.


> presumed the "every-day accidental crimes" would be misdemeanors.

It's interesting that you're accepting of the idea that ordinary activities are likely to be crimes.

It's actually rational to have harsh penalties for minor things. You're trying to control people. Minor penalties won't be heard about by others. In addition, prosecutors and police aren't much interested in minor things. Harsh penalties get their attention.

The only way to break this cycle is to stop criminalizing these minor things, which is something that a govt with a control fetish will never do.

By accepting the idea that ordinary activities can be criminal, you're buying into that fetish. Your "but they shouldn't be felonies" is either embarrassment or ignorance of the consequences of said "buy into".

Here's my rule. If I'm unwilling to have my mother shot for doing {thing}, said thing should not be a crime. That's an appropriate rule because criminalizing said thing will result in someone being shot....




"Related: I wince every time someone says it's the FBI's job to catch criminals, and we should make it easier for them to do so. No, it's not their job to catch criminals, period. Their job is to catch criminals while protecting everybody's fundamental human rights. It's part of their job description, part of their raison d'etre, and yes, it's a tough job. If you can't accept a tough job, you don't deserve a badge."

That may be what we wish, but I wonder how often each of the following to phrases are heard within FBI evaluations:

- That's some great police work there, Lou.

- That's some great civil liberties protection there, Lou.

That which gets measured gets done.


The claim about an army of legal attack dogs is absolutely inaccurate. Law students seeking government work do not have it any better than college graduates as a whole. In fact, budgets at the federal and state level are hemorrhaging and law students are having a harder time than ever gaining government work. In some cases it's more competitive than private practice. DOJ hiring numbers for recent grads are down dramatically. Some departments have even cancelled their summer programs. Given the oversupply of new lawyers graduating these days, it's far more accurate to say we're creating an army of legal stray dogs than attack dogs.

There are lawyers working hard at places like the EFF to combat these kinds of government policies. I think it's more productive to focus ire on these policies rather than attacking the legal profession as a whole.

[] http://www.mainjustice.com/2011/01/24/justice-department-und... [] http://abovethelaw.com/2011/05/would-you-work-as-a-federal-p...


To torture the analogy further, stray dogs are typically more dangerous than attack dogs - there's nobody (company) holding their leash, and they still have sharp teeth (developed knowledge of a relatively opaque topic).


> I am very sorry that the FBI is unable to track communications on the net. Really I am. But this is no different than the problem they had before telephones were invented. In fact, throughout much of our nation's history, law enforcement had no idea what kind of communications criminals had. The universe did not explode. Somehow life went on.

A gem, so I wanted to highlight it from the rest of your post.


It would be a gem, were it true.

Generally criminals have had the same kinds of communication as the rest of us. Before the internet, the telephone. Before the telephone the telegraph. Throughout both and before, regular mail.

The FBI and preceding law enforcement forces have demanded and found ways to tap these communication mechanisms. Some private networks escaped their surveillance - such as the Rothschild carrier pigeon network - but government surveillance of private individuals is not a new problem.

What is relatively new is that the mechanisms that would be used to provide it are easily exploitable by a clever person sitting in a room in China. You can't easily give the FBI tools to catch local criminals without creating exploitable security threats in our own infrastructure.


Pedantry: The telephone predates the FBI by about 30 years or so.


I'm amazed that we insist on treating all undesirable activities as crimes instead of trying to treat them as social problems with social solutions more often. It has worked wonders for Portugal in the war on drugs, and TBH, I think it would work well for a lot more types of social ills. Criminalization marginalizes those that engage in undesirable activities and pushes them underground and as far away from any sort of help to help them overcome the problem.

It's possible that such an approach would have some intended consequences like the abuses we see in the psychiatric community of the problemization of every behavior that isn't considered "normal", but this would be far better than the current prison-industrial complex that promotes an incarceration system that exarberates the problem instead of promoting healing.

A classic example of a social ill that the FBI likely exploiting to justify the passage of this law that would probably better solved with social solutions is child pornography. I seriously would be surprised if most sexual predators of children don't first start off as casual consumers of child porn and things worsen from them. Dealing it as a social problem probably leaves a lot more room for those people to seek psychiatric treatment early on instead of promoting avoidance behaviors that allows consumption to grow unnoticed by those close to the person with the problem.

I'd much rather see a Federal Bureau for the Study and Treatment of Social Ills.


The federal government is snatching up young lawyers and even paying off all their college bills in addition to their salary.

Law student here: I'd like to see a citation for this.[1] More likely, the lack of employment opportunities for legal grads burdened with high levels of debt means that the government can afford to be unusually choosy about the quality of legal graduates it hires.

1. This is the sort of joke only a law student could love. Sorry.


I wonder how long it'll take for surveillance appliances to morph into content filters..

Who say's China doesn't innovate? They've been a great inspiration to our federal babysitters for years.


I've been following the Bo Xilai story in the NYT and elsewhere. I find it very interesting that not only is the Chinese government spying on all their citizens, but they have been spying on each other.

A recent article stated that the only secure communication in China is basically in writing or in person. Absolutely no electronic communication is trusted.

The same people within the US government using pushing for far reaching citizen spying have to understand that these tools will most certainly be turned on them.


> I am very sorry that the FBI is unable to track communications on the net. Really I am. But this is no different than the problem they had before telephones were invented. In fact, throughout much of our nation's history, law enforcement had no idea what kind of communications criminals had. The universe did not explode. Somehow life went on.

Governments/states have been opening and snooping people's mail and correspondence for thousands of years... the telephone isn't some new invention that allowed them a novel window into criminal communications.


Opening people's snail mail is a bit too conspicuous to happen on a large scale without causing an outcry. Imagine everyone started getting their letters delivered with a torn envelope re-sealed with FBI tape. There'd be riots.

So I guess GP's point can be expressed more accurately as: Throughout much of our nation's history, law enforcement had no way to track people's communications on such a massive scale as they are trying to do now.


As if you cannot read through paper through other means besides opening an envelope. I imagine that it would be problematic to read all snail mail, but if they have machines to read the destination address in a serial fashion, there's always the possibility of tagging along another machine next to it or even embedded on the previous one to read the contents inside the envelopes with something not in the electromagnetic visible range.


"Throughout much of our nation's history," that kind of technology has been unavailable.


Steaming open letters was/is fairly invisible though.


I read last week that although most recent college grads are having problems finding work, there are exceptions. One of those are, sad to say, legal professionals seeking government work. The federal government is snatching up young lawyers and even paying off all their college bills in addition to their salary. In return we're creating an army of legal attack dogs in each agency looking for new ways to "fix" things for their paymasters.

Got a link for that? Given that there are about 600K less government jobs in the US currently than there were when this administration took office, I'd be surprised if there's been a great surge in legal hiring (although I'm willing to be convinced).


Got a link for the 600k figure? According to the US Office of Personnel Management, http://www.fedscope.opm.gov/employment_access.asp, these are the annual numbers:

  Sept 2011 - 2,130,289  
  Sept 2010 - 2,113,210
  Sept 2009 - 2,038,183 
  Sept 2008 - 1,938,821


The 600k is probably across all government sectors, not just federal: http://data.bls.gov/timeseries/CES9000000001

Federal employment is slightly above its medium-term average: http://data.bls.gov/timeseries/CES9091000001

The large spike in 2010 is the US census, which by law must be conducted every 10 years. Other than that, though, federal employment isn't exactly ballooning; the trend is (gently) downward, as you can see from both the graphs and the monthly numbers underneath.


I'm not saying we should give government's back doors and censor the Internet...

But anyone who has been the target of a DDoS attack can tell you the Internet is very much broken.


> In fact, throughout much of our nation's history, law enforcement had no idea what kind of communications criminals had. The universe did not explode. Somehow life went on.

Not really. Crime rates have been going down. Murder rates have been going down. People's lives have been saved, that wouldn't have "gone on" before.

This is due, in part, to better policing. To what extent this has do to with wiretapping abilities can be debated/analyzed, but a "somehow life went on" attitude is pretty much a blunt argument for "let's never change anything then", and is therefore irrelevant to the discussion.


This is due, in part, to better policing.

That's... debatable.

I think it's due to Disney movies.


Well I didn't say it's entirely to better policing, hence the "in part".

For a citation, why not look at the last part of this article which was very popular on HN a few months ago:

http://www.newyorker.com/arts/critics/atlarge/2012/01/30/120...

273 points: http://news.ycombinator.com/item?id=3691372

You're going to have a hard time debating that improved police techniques haven't made a difference at all, regardless of your personal opinion of Disney movies.


Crime rates could be going down because...

1. The methodology of collecting and reporting crime statistics has changed;

2. The use of said "improved police techniques" has discouraged people from reporting crimes;

3. The "justice" system has favored reducing its rate of Type I errors at the expense of increasing its Type II errors;

4. Enforcement of the laws is no longer consistent across and within jurisdictions;

5. There are more corrupt legal officials, and they are in better positions than ever before;

6. Social conditions and individual motivations have changed, and people are less inclined to commit crimes.

I'm not saying any of these are true, but they are all equally plausible explanations (as is any combination of them). You cannot establish a causal relationship by correlation (and "common sense") alone; you must identify all of the variables and control for them.


According to Freakonomics, low crime rates are due to birth control and/or the ability of couples to decide when and where they want to have kids.

[edit: birth control and the Rowe vs. Wade abortion ruling]


That argument is one theory, highly controversial. I'm certainly not saying it doesn't play a part, but it's still a hotly debated question among experts as to what is ultimately responsible for the crime drop. Most likely, it's due to a combination of factors, for the basic reason that social phenomena like crime tend to be very complicated. We would be extraordinarily lucky if it could be pinned down a single, simple explanation.

And while the socioeconomic distribution of the population would be expected to play a part (which is certainly affected by family planning), it would be highly unlikely for progress in policing techniques not to play a part at all.


Downvoted?? Really?!

I'm pretty sure this is contributing to the discussion, no matter how unpopular it may be. I'm disappointed.


It's being downvoted because you're drawing an illusory correlation solely to be contrarian. This does not contribute to the discussion.

I think the decreased crime rate is due to global warming! There's a perfect negative correlation between crime rate and average global temperature, so clearly the data support my opinion.


Not at all. It's pretty far-fetched to say that any link between policing and crime rates is illusory. It's certainly not the only causation, but it would be ludicrous to say they weren't related. It is rather ludicrous to talk about global warming and crime, unless you can come up with a truly plausible mechanism for it.

And I'm certainly not being contrarian either. I'm saying that the argument that "life went on" even when the government had no wiretapping ability, has no relevance here. You might as well say that life went on in the gulags in Russia. That's the point I'm arguing -- that "life went on" is not a valid argument in any context, because it's generic and doesn't address any of the actual issues.

Oh well, go ahead and downvote away... it's only numbers! :P


In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities

I call that progress.


Indeed. That comes from the same FBI who said a couple of months ago that having to get warrants makes their job harder.


Indeed. Having to respect any civil rights protections (the need for a warrant, habeas corpus, the right to silence, the right to avoid self-incrimination, the ban on torture, etc) makes life more difficulty for the authorities. But history shows that those societies that have no civil rights protections are not happy or prosperous over the long term, and a government that rids itself of all checks and balances is a government that must necessarily be authoritarian and unaccountable.


I've advocated in other threads here for the need of more widespread, mass market, anonymous communications tools. This is not just an anonymity issue, but a critical tool for any company wanting to claw market share away from Facebook, Google, or whoever is their dominant competitor.

E-mail, chat, and voice communications between two people should universally utilize end to end encryption. Service providers should have no knowledge of the contents of that communication, nor the ability to reveal the contents. Using private communication in order to serve advertisements to individuals is dubious.

Small companies can not afford a data breaches. Building spying tools in to your service for any group or nation -- be it the US or China -- compromises the trust users have in you in addition to facilitating espionage, warrantless data theft, and other illegal activity.

These spying services are more than welcome to access this data at the point it is received through the use of lawful means. Giving them on demand, effortless access to anything they please spawns a lazy, corrupt, and paranoid society for all involved.


Your point about "widespread" and "mass market" is important.

People can't cope with encrypted email. There are very many broken implementations, and even with the good crypto people install it wrong or use it wrong.

Something that's idiot proof is important.

But then, "they'll" just pass a law requiring people to hand over the keys, or go to jail for X years. (Which could happen now under contempt of court laws, but would be easier under UK style RIPA law. (http://www.legislation.gov.uk/ukpga/2000/23/contents) (http://www.homeoffice.gov.uk/counter-terrorism/regulation-in...) (http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Pow...) )


I think there's plenty of abuse and they should be improved - but I don't think its crazy that in time there would be a system where, with a warrant, investigators could wiretap someone's online activities - provided they had reasonable suspicion that they were conducting their illegal business over the certain sites or one internet connection. I know this might sound like cleaning the noose we're about to hang someone with, but there are legitimate law enforcement needs, I often think the collective energy from the EFF and others would be better spent not on opposing anything like this, but on advocating and lobbying for strict judicial review and process.

For example if we suspected someone was using Craigslist and other internet tools like Skype, to organize and coordinate a human trafficking ring, I would want them to be able to collect evidence akin to a wiretap to investiate the extent of the organization and bring prosecutions.

That after-all is the main thing, if the representatives of the people in terms of law enforcement/districts attorneys/federal have a reasonable suspicion that you're committing a crime, we should be allowed to investigate - and for you to challenge any evidence gained in a court. Previous abuses of power are of course troubling, the NSA phone tapping and others comes immediately to mind, which is why I believe energy is best spent on ensuring proper checks and balances and the rule of law - it requires constant work to ensure we have adequate protections for citizens and an adequate ability to prosecute suspected offenders.

Just a final point - I want to stress that I do believe the government has and will continue to overstep its bounds with regard to law enforcement, this has been true for time immemorial, and citizens will continue to fight back and push for legal reforms - but simply throwing our hands up and ignoring real, legitimate law enforcement needs seems silly too. Especially when agencies like mine can right now hijack individual sessions of you on our website and watch everything you do.


For example if we suspected someone was using Craigslist and other internet tools like Skype, to organize and coordinate a human trafficking ring, I would want them to be able to collect evidence akin to a wiretap to investiate the extent of the organization and bring prosecutions.

They already have that ability through physical surveillance. accessing fully public data, and subpoenas.

That after-all is the main thing, if the representatives of the people in terms of law enforcement/districts attorneys/federal have a reasonable suspicion that you're committing a crime, we should be allowed to investigate - and for you to challenge any evidence gained in a court. Previous abuses of power are of course troubling, the NSA phone tapping and others comes immediately to mind, which is why I believe energy is best spent on ensuring proper checks and balances and the rule of law - it requires constant work to ensure we have adequate protections for citizens and an adequate ability to prosecute suspected offenders.

I suspect that many arguing against these powers in their entirety have lost all faith in checks, balances, and the rule of law, thanks to numerous prior abuses (using the PATRIOT Act against non-terrorists, NSA warantless wiretapping, etc.). The government is far too interwoven at this point, and the important issues too far from the public consciousness, for an organization like the EFF to make any meaningful difference in checks and balances. As such, the safest route is to oppose easily abused powers in their entirety.

Just a final point - I want to stress that I do believe the government has and will continue to overstep its bounds with regard to law enforcement, this has been true for time immemorial, and citizens will continue to fight back and push for legal reforms - but simply throwing our hands up and ignoring real, legitimate law enforcement needs seems silly too. Especially when agencies like mine can right now hijack individual sessions of you on our website and watch everything you do.

What you call "legitimate law enforcement needs" I call overstepping the bounds of their moral authority for the sake of saving manpower. Are these agencies hijacking sessions on the agency web site, or here on Hacker News? If it's the former, most web frameworks probably have such debugging abilities built in, and as such is nothing impressive. If the latter, it sounds like the agency is running a beefier Wireshark on the whole Internet, which is (or ought to be) illegal.


You can't have systems that are secure except when you don't want them to be. They are either secure and require factoring huge numbers (or other hard problems) break, or they are easily broken fr everybody.

Compound that with a country that is more interested in prosecution and confinement than justice, and you have a very bad mix.

The very existence of National Security Letters makes me fear this kind of power.


It's ridiculous to design a system for the purpose of spying on its users, with users being aware of that. The only people that will be discussing illegal activities using that medium then will be those so oblivious and dense that they likely would have been caught any number of other ways without the eavesdropping.

Savvy criminals will migrate to darknets and other methods of communication that are more robust against eavesdropping.

Personally i think authorities should just give up on the idea of eavesdropping. With proper encryption modern communications can perhaps be intercepted, but never deciphered.

Honeypotting seem like a much better strategy for catching internet criminals. Why would you ever shut down a child porn site or copyright infringement hub when you can instead take over and catch gather loads of evidence for prosecution?


You are imagining sophisticated criminals from movies. Yes, genuinely sophisticated criminal rings with ample resources do exist, but they are in the tiny minority. I think you would be amazed at how low-tech, careless, and quite frankly, stupid most criminals are. This is the common denominator they are aiming at, as it offers the broadest and most dense prosecution yield.


> you would be amazed at how low-tech, careless, and quite frankly, stupid most criminals are

Then I'm sure there are other ways of catching them that don't threaten our privacy and freedom.


A fine point to be sure, but again we already can see everything a user does on most websites - and most people don't even know about it.

Even with that knowledge though wiretapping still leads people to being caught. http://www.boston.com/metrodesk/2012/04/anthony-dinunzio-bro... So it's obviously still quite effective - and even with encryption they'll still devote man hours to trying to figure out ways around it.


More of these activities should be treated as problems instead of crimes. The concept of "crime" conflates problems with a prescribed solution (incarceration) so it becomes impossible to separate the two and be able look upon the problem with fresh eyes and perceive novel solutions.


This is exactly what I don't understand every time they try to pass a law like this, it's always "It's getting harder for us to catch criminals doing X," where X changes depending how hard they think they have to force it.

My response is always, NOBODY said law enforcement SHOULD BE EASY, deal with it.


You have to give them some credit though because its a clever scheme.

The "fight crime" argument is always valid since crime always exists. Its the same with "fight terrorism" since terrorism always exists.

So if you use those arguments, in combination with a war that has no end (you cant win against a "ism"), you dont even have to talk to the public anymore and justify anything. Its very convenient and saves time.

Note the sarcasm. :)


You're right and this is true about everything the government does. There will always be health problems. There will always be "poor" people. There will always be drugs, or pornography or rude children or whatever excuse is currently convenient to pass laws to give government more power.


"In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned."

That's a feature not a bug.


> If you create a service, product, or app that allows a user to communicate, you get the PRIVILEGE of adding that extra coding," a person who has reviewed the FBI's draft legislation told CNET.

Wait how is that a "privilege". Are they kidding? Is that supposed to be funny? How is adding wiretapping features to invade my users' privacy a privilege. It is like saying if you do something we don't like you get the privilege to get punched in the face.


I assume it is dry humour.

But perhaps they meant, "reward". After all, it won't happen if you aren't successful. It is like paying tax in that respect.


I assumed it's a patriotic thing, "you get to help protect Americans citizens" type deal.


It'd definitely dry humor, as it was in the context of a conversation with an industry rep who presumably wouldn't be interested in making more work for his constituents.


I assume it is humor.

But the implementation of this still "raises massive questions".

Anyone who creates a communication mechanism now has a legal obligation to create a feature allowing the state to listen?

Today, you can create a communication mechanism and you don't have an obligation to make it work reliably if your users don't care. But your obligation to the state suddenly becomes the creation of an effective surveillance mechanism. That could easily cost more than the rest of the system.

I mean, would "Chat Roulette" suddenly have to be able to stream everything to FBI headquarters?

This absurdity has been gone over many here of course but its still awe-inspiring...


Completely agree.

Thinking about something like World of Warcraft, Blizzard might have to store all chat logs for what could be a significant amount of time. Even the simplest of internet forums might be required by the FBI to store every thread. That's a cost to not only the developer but to the host in resources and management.


Not to mention it forces additional strains on technology start-ups that now have regulation over-head cost from Feds that are mad they can't violate the 4th amendment where ever they want.


It's not dry humor, they're not joking. The fact that they're not joking, explains the FBI's actions to begin with.

You have to look at the world from their perspective: you exist by special permission, your rights exist so long as they choose not to revoke them. That is all. It's the inversion of the Bill of Rights: the individual is increasingly restrained from doing anything unless given permission, while the government may do anything unless they are very specifically restrained.

Breathing is a privilege. And they are not kidding. The sooner you accept that, the sooner maybe something can be done about the rapidly expanding police state.


This would seem to be an opportunity for CS people to do what the do best--obfuscate through bad UI design. If they're legally obligated to provide an interface, then why make it a good interface? I'm thinking that the FBI's interface to the snooping back door should be through a pseudo-lisp interpreter with vividly named functions:

(violateRights (shackle (humiliate userID)))

Or similar.


Alternatively, there is no reason such a backdoor can't be programmed to inform the user.

"Usage of this backdoor will inform the user that they are being surveilled"

I don't think you can execute a National Security Letter gag order against source code.


Obviously the fact that it's in source code is irrelevant, otherwise every gag order could be got round with a quick <p>here is the information</p> page hosted on a webserver..

It's like saying you can shoot somebody because a gun can't be prosecuted for murder.


Yeah, but when someone gets shot with a gun you can't prosecute the manufacturer, so long as they put warning labels on their guns and sell them according to the laws regulating the sale of guns. The person responsible is the person who pulled the trigger, which in this case would be the Feds.

The key is to make sure that they get access to the backdoor directly.

At the end of the day you can always code loopholes around the law, which will work until they legislate the loopholes away with more legislation. Almost every industry has been doing this since the beginning of government.

One of the best ways to code this into the system is to provide security measures that allow you to prevent what machines can access your account and notify you if machines not your own try to access your account.

"You recently tried to access your account from the IP address X.X.X.X located in Quantico, Virginia. If this was not you, please report this to customer service."

Customer service can then legitimately comply with the gag order by admitting nothing and say they'll look into it.


> Yeah, but when someone gets shot with a gun you can't prosecute the manufacturer

Right, so you can't prosecute Google if I use gmail to send something that violates a gag order. If Google violate a gag order through their source code they are entirely liable for it.


If Google gets served a gag order and violates that specific gag order served because of a piece of code they wrote, then I could see that happening. If they get served a gag order and then modify that code so that all future gag orders are not possible then I don't see a crime being committed for which they are liable.

Gag orders are circumstantial. Code that applies to general situations is not. Backdoors (access) and confidentiality (disclosure) are concepts that are mutually exclusive of one another.


Or a Malbolge API.


Yeah, or maybe the backdoor "accidentally" has a lot of null-reference bugs and other crappiness. It isn't adding business value in the first place, why try to make it any good.


"To serve and protect." Is that even true anymore? Was it ever? Was just reading about an apparent increase in cop-on-citizen sexual assault among Occupy Wall Street protesters:

http://www.nakedcapitalism.com/2012/05/david-graeber-new-pol...

Why aren't our law enforcement professionals more accountable to us, the citizens they purportedly "serve"? The transaction ought to be that we, the citizenry, grant them privileges - go through red lights, carry firearms, right to detain people - in return for restraint and considered application of those privileges. I no longer believe in the integrity of that transaction.

Maybe I'm overreacting to propaganda. But what reassurance does our law enforcement ever offer us that they are not abusing their privileges?


"To protect and serve" is the motto of the LAPD. Otherwise, it's a TV trope that arose out of the fact that most television in the US comes from southern California; it has never been a generic police slogan. http://tvtropes.org/pmwiki/pmwiki.php/Main/StandardPoliceMot... http://tvtropes.org/pmwiki/pmwiki.php/Main/SoCalization


Your own source says it "has been adopted by many other police departments across the English-speaking world" and has "been adopted by so many police departments, in fact, that it's practically a Stock Phrase in the English-speaking world."

And even if that's not true (since I'd hardly call TVTropes an authoritative source), I was using it rhetorically. I should think that regardless of its origin, that motto closely represents the ideal that we want our police agencies to uphold.


Why should they be accountable to you? The law enforcement gives them their salary, it protects them, it puts food on their table.

What do ordinary citizens do for them, except create work for them to deal with?

Edit: Just so you dont think I am nuts, I realize the insanity of the system, and I wish this was a world where intelligent, compassionate people made the decisions.


Elect their boss?


From a pool of candidates being presented to you as choices, preselected to be there because they are all corrupt?

If you add a predetermined winner, you have your presidential election system. :)


I blame old centralized media. That's changing, if more slowly than some of us might like, and disturbingly quickly for others.


Side issue: I assumed cops run red lights, etc., not because it's legal for them outside hot pursuit but because who's going to enforce it? I don't actually know anything about this.


One of the only things I liked about the transformers, was the police car that said "to pursue and enslave." Seems apropos of pretty much everything these days.


Hmm. Isnt the world aware that these sites already provide the government with all the info they could possibly want?

You cant get privacy if you use any american company. This should be well known by now. Just for reference, here is a nice list of 800+ massive companies who support CISPA:

http://www.digitaltrends.com/web/cispa-supporters-list-800-c...

We are experiencing the last days of freedom on the Internet. Our generation is the last one. Enjoy while it lasts.


I share your concerns, though I don't necessarily agree that it's the last days of freedom on the internet. With peer to peer and encryption any number of secure platforms can and have been built that are impossible for third parties to spy on. However, just because we can build these, doesn't mean they'll get the critical mass required for use. People will still gravitate towards the cool/popular/easy-to-use systems like Facebook, GTalk, Google Hangouts, Skype, etc. Those systems will be increasingly subject to eavesdropping and a general lack of privacy.

The irony is that even if this bill went through and got every major internet company to provide backdoors for wiretapping, they'd only be catching the low hanging fruit.


I think you and me and other people into computers will always find ways to avoid big brother. But if 99% of the population is being watched (since the majority will gladly give up privacy for convenience), its not a very free internet anymore.

Yes, government acts such as these would be ironic IF they were about fighting "terrorism" (lol). But thats just their excuse.


Before '95 I'm sure anyone you asked, who was online, could tell you about basic HTML, circumventing blocks, security and even some basic CS knowledge. These days, everybody is online, mainly for easy to use services like Facebook, they don't give a crap how it works.

The 99%, are the 99% who were not online twenty years ago, the 1% are the people who were (or would have been) online 20 years ago.


Which leads me to wonder, why do they need surveillance of the common man. The government does not trust its citizen. Is it because it knows it has turned its citizenry into something that can be manipulated?


There are many theories. But lets look at what they are doing:

- They dont care about their spending (US national debt is insane).

- They dont put any money in improving the country (almost everything goes to the war machine).

Only a country who knows none of this is going to matter in the future would do this since its suicidal, obviously.

So why is it not going to matter? I dont think we want to know... but the survellience is there for them to feel safe against us when it happens.


I do not use facebook, but...

...If they pass this law I am also quiting from gmail. We need a freedom box that we control and is distributed, not centralized so automation of surveillance is harder.

I know that there are bad guys out there, but not only in terrorist organization, secret service use to have garbage people too (the people that love power too much).


I don't think Google delivers over TLS (it doesn't to my server anyway), so in general your mail is subject to wiretapping anyway. And even if it did there's no way protocol I know (maybe DKIM has a section for destination verification?) for them to know that they're really delivering it to the right host.

Basically unencrypted email is a lost cause already. If you care about this stuff you need to dump webmail right now and go with a client encryption solution (and convince all your friends to use it).


I'm seeing TLS connections with google, both inbound and outbound:

  Anonymous: TLSv1 with cipher RC4-SHA (128/128 bits)
   209.85.214.42    mail-bk0-f42.google.com
   209.85.160.42    mail-pb0-f42.google.com
   209.85.213.170   mail-yx0-f170.google.com
   209.85.214.198   mail-ob0-f198.google.com


That's good to know. Maybe I have my postfix misconfigured, I'll check. Still, the MitM hole is present. Without destination host verification, the FBI could simply sit outbound on the network insert themselves into the transaction.


Agreed.

Something else is weird; I see both trusted and untrusted outgoing SMTP TLS connections in the logfiles, including untrusted connections to machines that I know have valid startssl certs. Maybe I have my postfix misconfigured as well!


Gmail is https by default.


That's between your browser and their server. I'm referring to the content of the SMTP connection over which the mail travels, which remains almost always unencrypted in the modern world. Which essentially means that the FBI doesn't need Google's assistance to wiretap your email per se, they just use and machine they probably have sitting on the backbone pipe anyway.


POP, IMAP, and SMTP access to Gmail servers all require TLS. https://support.google.com/mail/bin/answer.py?hl=en&answ... and https://support.google.com/mail/bin/answer.py?hl=en&answ...

Edit: oh you mean from e.g. comcast.com server to mail.google.com server. Never mind.


And again, that's between the client and the server. The path between Gmail's mail server and the sender/recipient of the mail's server is not always encrypted.


Gmail is kinda a tricky one - bear in mind that even if you personally quit, then even if you communicate with gmail users, Google is still getting your communications data there and able to build a profile (albeit not a complete one).


In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities

It is not at all a given that this "going dark problem" actually exists. In many ways, surveillance is easier than it has ever been. See https://www.cdt.org/blogs/2811going-dark-versus-golden-age-s...


> The requirements apply only if a threshold of a certain number of users is exceeded

They're not even pretending that this is really about catching savvy criminals, and not mass-surveillance.


The FBI wants to catch "criminals", and they like easy backdoors. The NSA is the one interested in mass-surveilance and they usually are very good at collecting information with little to no help from corporations, seeking more direct interaction only when the scale of a particular target (say Facebook) becomes so large that they need to move their filters closer to the real data to keep up.

Usually these things start pretty innocently - you'll be approached by a local police department who has a real murderer they're trying to catch, who happens to be stalking people on your service. I've been through and heard of that kind of approach happening several times. Everyone knows the big NSA/MegaFed style visits happen as well, usually not before your CEO is hobnobbing with Senators anyways, giving keynote speeches to large globalist audiences, etc. (IE by the time they let you know, you're already part of the system anyways.) That's theory, I've only experienced the former not the latter.

Some day hopefully!

(edit: I've witnessed the FBI backdoor, not the NSA. :P)


I just heard a BBC news spot where one of the interviewees, a law professor if I recall correctly, indicated that the support for CISPA by Facebook and other prominent startups was in order to provide legal cover for just these types of requests.

Under current rules, it was stated, while these companies can be pressured by the FBI to release certain info and give certain access, they have no immunity from litigation - so they can still be sued for complying with the requests by their users and other concerned parties.

The interviewee indicated that CISPA gives them the legal immunity they need so that they can comply with the FBI while being able to fend off potential lawsuits.


Use encryption on ALL data that you don't want to publicly readable.

I post something that says this pretty much weekly on here and I'm sure I could post it every day if I had the time. Stop trusting third parties to keep your data back; they lose it all the time, through subpoenas, leaks, accidents, exploits, whatever. Take responsibility for yourself. If you have comms that can't safely be aired on CNN, ENCRYPT THEM. There's simply nothing else to say on the matter. Don't trust anyone else to protect you, because they aren't able to even if they try. You must use real, client-side cryptography to keep your message even semi-secure.


While I most certainly agree, this begs the question: what encryption tools can you use (and trust)? I'm pretty confident that there are backdoors in most commercial tools from Apple, Microsoft and PGP (just to name a few). Before anyone is too quick on say that TrueCrypt is the answer, please note that there have been wild speculations about backdoors etc in TrueCrypt too (but I don't think anything has been proven).


Truecrypt is OSS and has some insanely brilliant people working on it. I think that more than a couple people would notice if there were shenanigans afoot.


Hmm. Interesting statement since the authors have chosen to remain anonymous. You would think it would be impossible to know weather or not they are brilliant, or if they are working for the US security agencies.

So you have people working on the most well known full disk encryption system on planet Earth, but they are living in obscurity.... kind of interesting isnt it?


or they have chosen to stay anonymous to avoid being pressured by various governments to implement backdoors. I guess we will never know for sure.


I hope this spurs the massive adoption of client-side encryption. Server-side encryption has proved to be just a marketing tool.


I think the real problem is that almost all applications default to cloud storage of data. They are not going to accept data that is unintelligible to them (certainly not for free).

If developers would start to make their apps "cloud optional", then you could at least choose how your data is shared.


> They are not going to accept data that is unintelligible to them (certainly not for free).

Why not? You can store two gigabytes of random noise with Dropbox for free. 5GB worth on Google Drive. Storage locker services don't care if files are encrypted either. I actually can't think of a service that does care.


You wont see that from massive American companies (except possibly Mozilla who always have had strong interests in consumer privacy and integrity).

But there is still alternatives out there. You just have to give up the sites and corporations you have gotten used to over the years. Google, Facebook, Microsoft...

Also, if you use Windows, you can pretty much count on it having backdoors already. Thats just my opinion based on common sense. The largest american operating system being free from backdoors? Heh, not very likely. THe NSA could pretty much force them to put it in, and put a gag order on them afterwards. Thats the reality of United States.


Few mainstream services are going to accept data they can't recover for a user when they forget their password and their computer failed. Which pretty much precludes client-side encryption.


I have several friends living in China. They use Chinese version of Yelp, Facebook, etc. They are aware that the government spies on their online activities. But they use these services anyways, albeit with much care. I believe most Americans easily forget about this.


I use SpiderOak, it is a lot like DropBox with client side encryption. If you lose your password you lose you data.

https://spideroak.com/


Tip for HN: The 'worldbackupday' promo code still worked in Nov/Dec 2011 when i signed up, and i got 5GB instead of 2GB.

Original promo announce: https://spideroak.com/blog/20110330182326-eric-brian-and-wor...


if this is truly the case, how do they provide your stored data over their website, i call shenanigans.


No, the web access feature is opt-in; you have to input your spideroak credentials so that spideroak client code running in their datacenter can decrypt your encrypted datastore and make it available via the web interface.

There is a small perceptible delay when i try to use this(rarely).

That said, their UI is comprehensive feature-wise and not as user friendly as Dropbox UX.


Some people (like myself) are working on that. See: https://www.laconicsecurity.com

Disclaimer: I work for Laconic Security


I hope for a lot of things too. But we've known that the NSA is whole-scale wiretapping the Internet for years and no one cares enough to fix the problem.


I hope someone stands up to these bullies. They can't make us do this. Really, a few powerful people just need to say no.

If you are in this position, please for the love of god don't agree to put a surveillance backdoor in your website.



Very nice, but what if you get a gag order from FBI or NSA? Then you would be required to go to prison if you uphold your promises on the web site and disclose what happened.

But I would be interested in your comments regarding this theoretical situation. Surely you must have thought about it.


The gag order is the whole point.

Read through it again - it is a positive, affirmative statement that we make each week (and make in three continents). A judge (or LEA, whatever) would have to compel us to make false public statements on an ongoing basis, and would have to further compel foreign (swiss) nationals to do likewise.

Can we be held in contempt, etc., for refusing to make public false statements ? Perhaps.

In reality, since rsync.net is not actually an ISP (we take pains to make sure we do not count as an ISP, since it allows us to skip things like the OP has posted) and since we host no publicly available materials, we're not likely to get a warrant. If we do, it's likely to be an extremely mundane act of discovery, etc. That would get added to the warrant canary and we would continue updating it.

In our 11 years of running this service (7 years under the "rsync.net" brand) we've not gotten a single one.

But the parent to these comments was speaking of taking a stand, which is why this was instituted - people do indeed need to make a stand. We refuse to live in a world with Lettres de Cachet, and that's that.


Thank you. This planet needs more people like you on it. I will also do everything in my power to prevent the future I see coming.


11 yrs without ever receiving a warrant.

That seems quite impressive.

And it suggests to me your customers are well-behaved. Is that how you would characterise them?

I also think it's a great selling point.

Maybe it's desirable not to have "unruly neighbors" in your "cloud service neighborhood".

We've seen plenty of examples what can happen when such neighbors draw attention to themselves.


The key is that our service is cold storage only. All access, regardless of protocol, is with a username and password - there is no anonymous access to data stored here.

So there is no "hosting" or publishing of any kind.

The unintended consequence of this that we are really starting to appreciate is that we are NOT an ISP. The definition is fluid, and there's no guarantee about future regulation, but up to this point every one of the major "provider" laws has not applied to us as we are currently structured.

So the reporting, the LEA interfaces, the logging, etc. - we have no more responsibility to perform these items than your bakery does.

We are not a web host, and we are not an ISP.


Woah, I didn't know that Joe Biden was the sponsor of the exact bill that Phil Zimmerman referenced in his essay, “Why I Wrote PGP”.

From the OP:

“On the other hand, as a senator in the 1990s, Vice President Joe Biden introduced a bill at the FBI's behest that echoes the bureau's proposal today. Biden's bill said companies should "ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." (Biden's legislation spurred the public release of PGP, one of the first easy-to-use encryption utilities.)”

The bill:

  S.266 
  Latest Title: Comprehensive Counter-Terrorism Act of 1991 
  Sponsor: Sen Biden, Joseph R., Jr. [DE] (introduced 1/24/1991)  Cosponsors (3)

From Zimmerman's essay:

“Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling measure buried in it. If this non-binding resolution had become real law, it would have forced manufacturers of secure communications equipment to insert special "trap doors" in their products, so that the government could read anyone's encrypted messages. It reads, "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." It was this bill that led me to publish PGP electronically for free that year, shortly before the measure was defeated after vigorous protest by civil libertarians and industry groups.”

http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

In that case, thank you Joe Biden? :)


If al-Qaeda can build their own bombs and guns, I'm pretty damn sure they can set up their own secure Email & VOIP servers.


Screw email and VOIP servers. In the movie Traitor, one person would compose an email and then save it to the draft folder. Then the other person would login to the same Webmail account and read the draft message. Since the message is never sent over the wire, there's no need for secure email (only SSL for the email client).


"only if a threshold of a certain number of users is exceeded"

And thus the stupidity and evil-ness of the whole plan is revealed. They don't want to spy on criminals, who will use the minority methods that aren't monitored. They want to spy on the general population who is innocent of any crime.


I don't know about anyone else here, but I am getting sick and tired of this. I personally think we as a community need to start a movement.

This is ridiculous.


Do not fear, subjects. If you have done no wrong, you have nothing to worry about.

Sleep safely in your beds. The government is watching over all who might do you harm.


In related news, the FBI has banned sales of regular paper, and requires that any paper be embedded with microtransmitters that the FBI can easily activate and read the contents of the paper, effectively closing the analog gap that prevents papertapping.


The worst part is that laws like these add to the regulatory burden faced by small internet startups to get off the ground. The trickier the legal environment and the amount of rules that a company has to abide by to do business online, the harder it will be to do business and the fewer startups will succeed.

The internet giants, Microsoft, Google, Facebook, et al. might even welcome additional rules like this. They provide additional barriers to entry and provide them more protection against new competitors.

I'd reckon that it's in large part because the internet hasn't had many rules like this that the cycles of innovation online have been so fast.


The article said there would be minimum number of users for the rules to apply.


The effect is still there, it makes scaling up more difficult. There are possible futures where very small teams can run services for very large numbers of people.


When things like this happens it makes it seem sensible that China doesn't allow US companies (facebook et al) into their market. When it comes down to an argument of who gets to spy on users - theyd rather do it themselves than allow another country to do it behind the back door. (note: I'm not saying its right that anyone should)

So whats the net result? Bad for business - bad for innovation, because you are further dividing the internet (and hence the market for internet services) up on nationalistic lines.


I can't imagine how this ability would combat terrorism. It's trivially easy to write your own communication software -- why would anyone doing serious crime use Skype?

On the other hand, now the government gains widespread power over the vast majority of innocent citizens.

However, it's also worth noting that this request is merely reinstating wire tapping abilities that the government once had over communication before the rise of the internet.


Does anybody even still believe this is about fighting "terrorism"? Its been quite a ridicolous claim ever since 9/11 and its been a decade now.

I dont mean to put you or anyone else down, because I know there is an absolutely massive media campaign 24/7 on all news stations, making people feel threatened and insecure.

But its time to realize whats going on. At least so you can tell your children what storytelling the government used to destroy the spirit of the Internet. Just in case the history books goes with the public propaganda, and they probably will.


why would anyone doing serious crime use Skype?

I don't agree with this at all but ...

I'd venture that most criminals are not exactly tech savvy. We've all seen those stories about guys caught because they posted pictures of their deeds on Facebook or Myspace.


>I'd venture that most criminals are not exactly tech savvy

Even if this is currently true; it will change.


Will it? Criminals know they can be wiretapped, but that hasn't stopped them from using phones for communicating.


I don't believe criminals will be any smarter than the average citizen.


2012 is shaping up to be a deluge of rights-curtailing legislation.

Did the guys behind the curtain just decide that smart-bombing Congress with this shit doesn't work, it gives citizens enough time and leeway to resist it, so instead they're gonna try the carpet-bombing strategy instead?

WTF. We shouldn't have to keep fighting these battles.


I don't see how this could ever work, in practice. What constitutes a sufficient surveillance capability for a webapp that is constantly evolving? With every change to your app, you have to update the surveillance aspect as well. This seems like a real burden that limits innovation.

> The requirements apply only if a threshold of a certain number of users is exceeded

So, you start the next Instagram with barebones resources. You don't design/build surveillance into your admin console. Your service takes off, and then you have to stop accepting users after some magic number?

The government needs to get over the idea that surveilling everyone in all circumstances is the best way to promote a civil society.


This is convoluted at best, the internet is not the telephone.

The more they push, there more technology that uses encryption/vps/offshore/offworld/alternative routes/etc will become easier for the average user and not just the command line jockey.

So what will the FBI do when sites start registering in other countries, use hosting in other countries, use alternative non U.S. DNS, open source, and encryption?

ps. This is already happening on the small scale , and the losers are the job market.

As a Canadian I no longer register .com names nor do I host in the U.S., and I did so for 10 years.


Let us all just stream, wait... triple stream everything to that new shiny spy center they built in Utah and just get over with it already. These people are simply out of control now.

The fact that this is in the works just shows how unapologetic the clueless little three letters are these days. One step up from that is the analysis that these people intend to operate above the law and these "secret" understandings that they build on laws must be put to an end while the authors must be jailed for a long time.


The influence of RAND Corp on this legislation is instructive. CISPA is not the creation of Hollywood or even the FBI, it's coming from people building a technocratic military-industrial complex.

Interesting background interview with RAND researcher here: http://www.corbettreport.com/episode-173-alex-abella-inside-...


"The FBI draft also contains provisions for requiring mobile phone customers to speak clearly and slowly."


The FBI needs to learn: Implementing surveillance techniques like these is the best business subsidy that foreign web sites could ever dream of. What a great way to drive email servers out of their reach.

Someone needs to make the FBI more supportive to US businesses.


Ala Field of Dreams: if you tap it, they will encrypt. Encryption was much harder to obtain on phone-like devices for 'common-folk'. On data-oriented medium, it's pretty much par for the course. Not sure how this is so readily justifiable.


This is potentially very destructive to Silicon Valley.


This is sure making offshore hosting/incorporation look pretty sweet right now.

Facebook should move their headquarters to New Zealand.


It would seem they are more obsessed dealing with the symptoms of the problem than the real problem.


I think the FBI is watching the movie, "The Net" too much.


There's something that totally won't be hacked or leaked.


Can't they just borrow it from the NSA?


I wonder how they are going to enforce this law on cryptographically secure communication software written by some anonymous group and released as open source software out on the net? I guess being able to pin the maintainer of the github repository to the wall might be a problem, but its easy to imagine this just forcing development underground and users upgrading only in big jumps every couple of years.

Its not like this software would need to be changing all the time... people could email each other their ip addresses or the software could take care of it for them in the background. (e.g.: when its running it polls your email server to see if you've gotten an email with your friends ip address being updated, signed by his private key, then if you want to call him your client has the right email address to send the packets to directly)... negating the need for any kind of centralized server. (I'm sure there are better ways to do this.)

Write a javascript version that can run in the browser and anyone with a web browser can then use it (and you can sidestep the appstore as well, because you can make downloadable installable javascript apps that show up on the home screen in this way. Apple's had that in there since before the appstore and it still works and is supported.)


They can just make it illegal to use that software, and use a gun silencer analogy. a 75 year old judge would eat that up.


"If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding"

What kind of sick, twisted monster thinks "adding extra coding" is a GOOD THING???


If this gets any traction we will at least benefit in 100% knowing our (American) government is a joke. The FBI has a "going dark" problem? Really!? How is that possible exactly? Criminals aren't using Facebook and Skype to discuss their activities. Even if they were, I'm sure Facebook and Skype have some automated flagging system for keywords that come up in any communication channel they operate. Nonetheless, aside from cyber criminals, "hackers", traditional criminal behavior is executed in real life. The same reality that the FBI has sufficient surveillance on 24/7.


We might understand the joke, but we're only an insignificant part of the voting population. The vast majority of American voters don't understand that their ability to sleep at night free of terror comes at the chipping away of their freedoms elsewhere. They don't make the connection between feeling up someone else's kids in an airport and the loss of freedoms in general.

The things we talk about (encryption, backdoors, etc.) seem trivial to us because we're buried in it every day or at least have some context to place it in. But Joe the Plumber or Betty the Housewife doesn't. They don't even really have a place to start to get simple, concise information on how to start understanding it in a way that fits in with their daily lives.

It's not that they can't learn - they don't have the resources or the time.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: