Wonder how this panel's decision will affect projects such as Textsecure and Redphone which were sadly sold to Twitter, and therefore under US jurisdiction to force backdoors into. Same goes for Phil Zimmerman's new service.
I say it is only a matter of time. The wheels are already turning in that direction. Just need a few terrorism/child porn high profile cases where someone on behalf of FBI will testify how they had to let the evil perpetrator go because encryption made it impossible to wiretap them -- and bam legislation will be out in no time.
Remember many countries make cryptography illegal and even in US exporting string cryptographic software was the same legally as exporting the designs for bombs and rockets. And ban and/or arm twisting fines are just around the corner I suspect.
These laws /must/ be updated for modern usage.
Configuring it was a pain in the ass (you couldn't telnet/ssh into it because it had no IP number) but it worked very well and didn't show up in pings, traceroutes, or much of anything else.
You can do a lot at the frame layer.
Law enforcement doesn't have a hand in the tech stacks of private companies. This isn't "making their job easier" -- in a lot of cases it's making their job possible.
What you are ignoring is that this proposal, like CALEA, is really part of a very long chain of events that have led to ever greater police power. If you look at the history of law enforcement for the past 50 years, you see monotonic increases in the power of the police: the power to arrest people, the power to kill people (including the weapons the police carry), the power to conduct surveillance, the power to seize assets, etc. The reason we have the largest prison population on the planet is that we have ceded such vast power to the power to the police (and to prosecutors).
Unfortunately, there are a lot of ring-wing, law-and-order types in this country who see nothing wrong with this picture:
The problem arises when critical evidence exists only in the infrastructure of some private company. If a case hinges on a fact that is proven only by information that is in the hands of, e.g., Verizon, then yes, law enforcement requires the cooperation of that tech company to gather evidence.
>but the police did a fine enough job beforehand
Beforehand? The police did a fine enough job gathering evidence before technology leapfrogged ahead of them? Sure, they did. Then they sought to adapt our laws to the advancements that we've made. You see power creep in law enforcement; I see power creep in everybody.
...and if the company lacks that evidence because the police took too long to ask for it, then the case falls apart. So what? Our justice system is not meant to minimize the number of false negatives, it is meant to minimize the number of false positives.
"The police did a fine enough job gathering evidence before technology leapfrogged ahead of them?"
Read the context; the police did a fine enough job of gathering wiretap evidence before CALEA. The phone had been around and in common use for decades before CALEA, and even in the years leading up to CALEA the police had gathered enormous amounts of evidence from wiretaps and pen registers. It was just harder, because prior to CALEA the police had to actually step away from their desks and install a machine to perform a wiretap -- how terribly inconvenient!
"You see power creep in law enforcement; I see power creep in everybody."
Only if you ignore the fact that the police are more powerful today than they were when our parents were growing up. You are not witnessing power creep, you are witnessing a possible minute change in the balance of power between people and the government. Instead of calling up a phone company and demanding a wiretap, the police might have to show up in a data center with a rack-mountable interception device, in the worst case.
Good point. Let's say you're a company like Facebook and the feds come to you with a warrant; would you rather service that warrant yourself (CALEA style) or have them install a Carnivore inside your data center? Which one do you think is going to do more damage?
Consider this problem: if you are running a Tor relay, would you want to be forced to keep logs and make your system readily-accessible to law enforcement agencies? If you use Tor, do you want your circuits to have nodes with special backdoors built in? Do you want to see Tor, Freenet, proxy server and remailer operators put in legal danger or pushed out of the United States?
For good reason, because if a private company was busy bending over backwards for law enforcement through mounds of code that already works for their needs with their investor/own capital taking time away of providing/improving something useful to their target users, they wouldn't be in business for long.
Seriously though, it often makes sense to build in affordances for enforcement. We may not agree what laws exist, but if they're going to be enforced, they should be enforced uniformly and efficiently.
I'll tell you what; we can discuss broad based mandatory surveillance capabilities AFTER the US Government lives up to it's treaty obligations under the International Convention Against Torture , and prosecutes those Government Officials who authorized, engineered and abetted a torture regime during the past 2 decades.
It has happened here, ask a native american.
Throwing up an arbitrary, "here's something I don't like, we can make no progress till you fix it" is a tactic to avoid the issue.
That's rather naive. We need to fix a lot of laws before we could do that because:
1. It's not unheard of for laws to be contradictory in some circumstances, or just outright contradictory.
2. Do you really want everyone to be automatically ticketed for jaywalking?
Laws were written with policemen's, and the court's discretion in mind, whether you want to believe that or not, and switching to an automatic always on enforcement mode would be oppressing in the extreme.
If some cab driver gets a ticket from a speed camera becasue he's rushing to get a pregnant woman to the hospital, i've got no problem letting that ticket go - that should be an easy and painless process as well.
It often seems that discretion is used to protect the powerful from any consequence. Yeah, i'd rather err on the side of everybody gets a day in court.
Explicitly, i think laws should say what they actually mean. If jaywalking is sometimes ok, write that down somewhere so we don't have to argue about it.
Just to be clear, I agree with you. I was pointing out the way I think things are and probably will continue to be.
>It often seems that discretion is used to protect the powerful from any consequence.
It does seem to have that effect.
>Yeah, i'd rather err on the side of everybody gets a day in court.
That, in itself is another freebie to the wealthy and well-connected. In Texas it is almost always possible to get a traffic citation dismissed by showing up in court with an attorney that specializes in such things. Or, if you're a working stiff, who has no more days off, you can plead no contest and pay the citation with a credit card. Cost is about the same in my experience (minus the day off).
Like the laws that made slavery legal on US soil?
Like the laws that mandate jews business ilegal, made them move to ghettos and finally to concentration camps in Germany?
The laws that expropriated private property on Russia, made agriculture collapse and people nearly starve? Same thing in Cuba not long ago.
Like laws that make intellectual property common ideas like software patents and make small developers servants of the big entities?
"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
I'm not advocating we just throw people who might be guilty in jail. Everybody deserves their day in court. I think you'd be hard pressed to find someone (who's not directly involved in something horrible - father of a murdered child, etc) that disagrees with getting a fair trial.
For example, i'm a big fan of red light cameras. I hate them, but the blind uniform enforcement is great. Doesn't matter if you're a cop, or an important business man, or late for school. You break the law, you pay your ticket and move on.
Laws are for cases where it's hard to get everyone to agree in the heat of the moment, that's why we write them down beforehand. Arguing about Alice killing Bob is different from arguing about Alice buying a car from Bob. It's still a negotiation, but adding some special cases so everyone gets all the facts doesn't seem wrong. Remember, the prosecution still has to turn all that stuff over.
I am pretty sure your local district attorney would disagree. The majority of prisoners in America -- the overwhelming majority -- did not have a trial and took a plea deal instead. A standard prosecutor tactic is to make the list of charges as long and extensive as possible, to pressure the defendant into a guilty plea. It has been suggested that if everyone were to refuse a plea deal and demand a jury trial, the justice system would be completely overwhelmed and unable to handle the load.
"For example, i'm a big fan of red light cameras. I hate them, but the blind uniform enforcement is great. Doesn't matter if you're a cop, or an important business man, or late for school. You break the law, you pay your ticket and move on."
I had not thought of that, but it is a perfect example of why we do not want law enforcement to become too efficient:
We build other systems that are very complex, explicit and efficient. Less prosecutor discretion, and more adaptive law seems better than making trial costs spiral out of control.
Yes, and yellow light timing isn't contentious at all, is it? It's almost like perfect enforcement of stupid laws gets those laws modified to not be stupid. But whatever, i'm sure your way is good too.
The purpose of these obstacles is to make law enforcement difficult in general, so that tyranny is harder to establish. By forcing the police to work hard, we force them to prioritize the laws they will enforce. It would be hard for the government to justify enforcing some oppressive law while letting murderers walk free; it is less difficult to justify ignoring an oppressive law because the police were too busy tracking down murderers.
When those checks and balances check out, so to speak, I want my law enforcement agencies able to do their job efficiently. This is a case of making that process -- the post-warrant process, after checks and balances have played out -- easier.
The checks and balances are weakened every time we make the police "more efficient." Again, the point of making the government, police included, inefficient is to thwart those who would try to establish oppressive systems. Making the police more efficient makes it easier for unjust laws to be passed and enforced.
I think your approach of making everything hard, really just makes government expensive. The flip side, looking for fewer and more specific crimes frees up a bunch of resources to do the job well.
Sure, but such laws must be enforceable, and they must be enforceable with the resources available to law enforcement agencies. We have a lot of stupid laws, but over the period of time where those lose were passed we also increased the power and authority of the police.
"I think your approach of making everything hard, really just makes government expensive."
Thus making it accountable to the citizens, as those expenses must be paid for with tax money (or debt, which is just a way to postpone tax collection). Eventually people start to complain about the poor funding for education, healthcare, parks, and other things. Eventually, the limited tolerance people have for government spending begins to catch up with law enforcement (though we are nowhere near that point).
Of course, for the past few decades, we have taken the alternative approach: prioritizing law enforcement over civil rights and reducing or eliminating the obstacles to law enforcement.
But building a bridge out of the way of your own infrastructure with your own/investor capital so only flashing lights and sirens can cross it is another (god forbid the other parties involved use the same bridge).
Why don't law enforcement agencies build their own social networks and email clients that people want to use?
Their wet dream is key escrow, something like "You can use your strong 2048 bit keys but please be kind enough first to send it to the NSA for escrow storage".
Also interesting is Steve Bellovin et al.'s excellent report on security implications of extending CALEA to VoIP:
Steve Bellovin is now the FTC's Chief Technologist and spends his days trying to bring technical sanity to the government in various ways.
Wonder if it's possible to implement something like Tor for VoIP.
And on any device with root you can install driver that encrypts the mic signal.
So instead of terrorists we will have technology literate terrorists.