Excellent article ... The comments on the article's page are interesting. He's obviously not advocating treason, but one of the comments goes to great lengths explaining that those controlling the data collection are duly elected.
I was tempted to compare this type of end-to-end security to the second amendment (the right to bear arms), which was a right given to the people (in part) to ensure they could overthrow a corrupt government should one form - I don't think we're to that point and overreaching by the government has contracted back to reasonable levels before.
But thinking about this issue from a constitutional level, we have indeed (as the article states) given away our fourth amendment rights, and I don't see how developing the systems described in the article could be construed as treason - I'm simply making myself personally responsible for enforcing my fourth amendment rights.
My steps:
- Replace Google Apps for domains with my own servers.
- Stop using drop-box
- Establish private communications channels for IM (and perhaps something like Twitter.
Then I'll only use public infrastructure for data/messages I want to be public. Unfortunately, the list above represents a lot of work and is exactly the reason we seeded control of our data to outside corporations. We gave them our data as a means to simplify our lives or to gain greater "connectivity". It won't be so easy to go back.
>but one of the comments goes to great lengths explaining that those controlling the data collection are duly elected.
I saw this too and thought how insanely naive it was. Also how nonsensical a response it is. The very point is that people feel betrayed by their government. By definition, then, those "duly elected people" are not representing the will of the people. That is, there is something broken about the system that must be fixed, but cannot be fixed by merely participating more in that broken system.
This dysfunction is also evidenced by the fact that much of this was done in secret by these elected officials and there is much effort to maintain that secrecy. A democracy cannot flourish in secret, as it relies upon an informed populace. But, if not for someone breaking laws created by "duly elected officials", we would not even know of these programs and hence the need to consider holding these officials accountable democratically.
In fact, that was the very point of the article: we have lost the reins and must now protect ourselves. And, the article itself was very thought provoking. Not so much for the technological solutions it suggested, but for the justification and context for their neccessity.
> The very point is that people feel betrayed by their government.
Here is the problem: the people don't feel betrayed. Just look at the turnout of the recent "Restore the 4th" in San Francisco--a pathetic ~400 people turned out. You claim that our elected representatives are not representing the "will of the people," but what you mean is that they are not representing the viewpoints of you and your friends. It's disingenuous.
And it's not because people are entirely apathetic. Just look at how many people Tea Party rallies attract. Tea Party rallies regularly get tens of thousands of people to turn out at events all over the country.
Maybe, just maybe, the people know and just don't think the slope is so slippery as you and your friends think it is?
You should probably read the article and the comment I referenced in full, then re-read my post in context before pouncing with your worldview.
Hint: The author specifically does feel betrayed. That's what the article is about.
It's also funny that you mentioned the Koch brothers-backed, corporate-sponsored, Fox News-pitched, astroturf Tea Party "movement", given the way that same media has covered this NSA issue like an episode of "Where In The World Is Carmen Sandiego" as they moved the focus to the Snowden chase vs. focusing on the actual NSA activity he uncovered. Such disinformation/redirection campaigns that fueled the woefully misled Tea Party folks are merely the flip side of the media campaign to mute responses here by shaping the narrative to one about a man vs. a nation. Ironically, this failure (or complicity) of the media is yet another threat to our democracy.
But, even with this concerted effort to placate the masses, there are many, many people who feel betrayed or who are concerned, irrespective of your scientific assessment of the pulse of America, which seems to be based solely on the turnout at a rally.
It's very much a "blame the victim" argument government apologists & partisans always run to. It's the same as the redneck's "love it or leave it" choice. If the government is violating my rights I can either elect a different Democrat or I can live as an illegal alien in another country.
one of the comments goes to great lengths explaining that
those controlling the data collection are duly elected.
And how powerless are they? The unelected Clapper did anything, while the elected Wyden could do nothing. The technologist Snowden did everything. Democracy didn't bell the cat of the government bureaucracy. Technology did. Technology is more powerful than both democracy and bureaucracy, as it is not subject to dilution and co-optation.
> Technology is more powerful than both democracy and bureaucracy
That's an interesting statement, and I think one I represents a a troubling undercurrent of thought in the tech community. "We refuse to submit to the democratic process and will override the democratic consensus through technology."
And I think it invokes the rarely considered idea that maybe democracy isn't the pinnacle of human social organization.
Corrupt power structures may have finally optimized for dominating a democratically organized society and we should be at least philosophizing about a favorable post-democracy world. I.e., what's more "democratic" than democracy?
This is a scary comment; it reifies the abstract concern Rayiner had upthread. Favorable post-Democracy though technology? That sounds like something Aldous Huxley would write about.
Using technology to improve our social organization doesn't have to mean some sort of dystopian techno-unanimity.
In a more primitive time, would it be "scary" to suggest that through technological advancements like agriculture, writing, and calendars we could achieve a better, more just society?
I feel like we're talking past one another so I'll shut up after this reply. I think this disagreement comes down to a difference of values and not just how they are implemented.
Specifically, you seem to hold a notion of a social contract: a concept that I reject. Subverting a "contract" which has been forced upon me and to which I never agreed sounds like a noble endeavor to me, but I'm sure you'd be repulsed by the idea.
Given our starkly different motivations, I believe the best outcome either of us could hope for in a debate is that we both remain reasoned and civil, as there's probably little chance of winning the other to our side.
no. the correct phrasing for the current of thought you reference would be "we refuse to submit to undemocratic/unconstitutional restrictions on the democratic process and will attempt to overturn the administrative consensus through technology". The majority of the time this comes through democratizing access to information, thus raising awareness and allowing the democratic process to work as designed.
Sure you can. Our democratic process involves people choosing a credible representative, who then hires a staff and meets with other representatives in order to make decisions. An activist working within the system can, as I feel like you've pointed out before, ignore public opinion and lobby representatives directly; "lobby" is a curse word around here, but obviously it's not always a bad thing.
this is a silly comment. democratic process != majority rule. My point was precisely that by democratizing access to information, technology helps the public form an informed opinion.
I think the error in your comparison is that "the democratic consensus" is certainly not what produced PRISM and the rest.
What I suggest in the article is little more than civil disobedience, in a way. It's refusing to supply an apparatus we never approved with information we never released. Since they can and will take it from us without our knowledge or consent, we have to make it impossible for that to happen before we can have a reasonable parley, you know?
Obviously we're not quite at the Gandhi or King level of disobedience (it would be rather hubristic to suggest it), but it's a similar principle in action, perhaps a bit more preemptively.
> Technology is more powerful than both democracy and bureaucracy, as it is not subject to dilution and co-optation.
How many web sites do you visit with ads compared to the ones you don't, again? I mean, the whole "eternal September" concept is predicated on certain technologies being diluted/coopted.
Aren't you comparing/confusing the tool with behavior? It seems to me I could restate that as "The pencil is more powerful than the mathematical equation E=MC^2 it writes"...
Although I agree in a way, you already have limits to your freedom that you have agreed to tacitly. The differences, for instance, in the technology (from GPS to tanks) allowed to the military and to the citizenry. It is codified, explicit, and everyone seems to agree that it's okay. It's certainly a limit on your freedom, if you want to speak absolutely, but if you don't think it's reasonable, that's a difficult point to make properly.
"Freedom is dangerous" is certainly one of the major themes in play here, and I actually cut a bit relating this (the knife and hammer thing is the remainder) because it was getting a bit too philosophical. I'm glad you (and certainly others) heard the echo and followed it back to the sound.
The interesting thing to consider is that, from a 4th amendment perspective, the technology the author is discussing in theory goes way, way beyond protecting any rights found in the 4th amendment.
I think this may have been the point of the article's title (aside from being attention grabbing). The 4th amendment gives Americans the right against unreasonable searches without a warrant, and some similar legal protections exist in many other countries. But the technology the author is discussing generally has a design goal of preventing all searches, under any circumstances. In other words, to technologically ensure a right you never possessed in the legal sense. It provides protection for people and in situations not even the most rights respecting government would be likely to legally protect.
This doesn't make the technology bad, but it's a very interesting thing to think about, which is what I suspect was one of the points of the article. For better or worse, technological protection has the potential to go well beyond legal protections.
The whole point is that in technology, there is no such thing as privacy/secrecy that's conditional on having a legally proper warrant.
Either the data or system is secure, or it isn't. Technologically, if there is a way for a judge to authorize reading a single X; then it is a hole that eventually will allow to read all X without the warrant by others as well.
As an example, if a cellphone network software allows for FBI wiretaps, then that can be used also by illegal wiretapping (http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%... - the criminals weren't even identified). And if a system is secure (for any reasonable definition of the word secure), then noone can break that security, no matter what warrants they have.
There is no middle way. If I'm allowed to protect my communications from random illegal snoopers (say, corporate espionage); then that protection will be just as effective against legal snoopers.
If digital locks are treated as physical locks, a warrant would compel you to decrypt your files. If you refuse, that is obstruction of justice. Also, correct me if I'm wrong but I think there are few forms of commercially available encryption the government could not crack given time + resources, which a warrant would provide.
1) When properly used, commonly freely available encryption should be unbreakable even when given completely unreasonable resources (i.e., a Manhattan Project scale effort). Alternative methods (e.g. kidnapping&torture of everyone who might have access to keys and their relatives) would be far simpler and cheaper than actually bruteforcing proper cryptography.
2) There are freely available steganography/hidden volume tools that make it impossible to verify IF there is something encrypted - for example, you might guess that a hidden volume exists, the accused may decrypt N hidden volumes, but noone would be able to check if there is another N+1'st volume for which a key was not provided.
> But the technology the author is discussing generally has a design goal of preventing all searches, under any circumstances.
Well, the alternative is that the government has access to everything, all the time, and we just have to trust that they're not going to misuse it.
Also, your wording implies that if a government agency does have a valid warrant, that this means they're somehow entitled to whatever information they seek (within the parameters of said warrant). This is patently absurd to me. If the government seizes an encrypted document with a valid warrant, more power to 'em. Have fun brute-forcing it. Doesn't mean I owe them the passphrase.
Well yes, the whole point of the 4th amendment is so that we can "trust" (in the sense of feeling comfortable with) the government as a whole when it comes to searches because of the requirement for a warrant. In other words, the government has "access" in the technical sense of the word (the police can technically break into your house any time they want), but the requirement for a warrant is supposed to prevent them from misusing that access (they'll get in legal trouble if they break into your house without a warrant).
I wasn't suggesting entitlement so much as practicality. Up until recently, the distinction you're talking about didn't really exist. A warrant might not give police an "entitlement" to something in your house, but there wasn't really a lot you could do stop them from getting it. The best you could do is hide it which isn't very practical in a lot of situations.
But with an encrypted document, suddenly you have new protections. As you suggest, a warrant does the police no good because you also have the right (under the 5th amendment) not to tell them how to access it. Unlike a safe, forcing open an encrypted file might turn out to be impossible. Now you have a technical protection against searches that goes way beyond the legal one found in the 4th amendment.
Again, I'm not saying this is a bad thing, but I think it's an interesting way to look at it and at least one of the points I saw in the article. Technology is less a means to ensure 4th amendment rights and more a means to go beyond them...for both good and bad reasons.
Yeah, I think constitutionally speaking there is implied a level of trust in the government and legal process — hence words like "reasonable." I thought that since trust doesn't seem to be an option any more, we have to go beyond what is guaranteed us by the constitution (to little effect in this case) and secure it by other means. That way the constitutional rights are not an ideal to be aimed for, but a ground floor at which to level out.
I would think that this technology as described would bring it back to the choice of personal freedom... If authorities wanted/demanded access to my secure information, I have the option of refusing and being limited in my freedom (going to jail).
Now I, as a (hopefully) rational human being, have a choice again.
> He's obviously not advocating treason, but one of the comments goes to great lengths explaining that those controlling the data collection are duly elected.
Hopefully this article describes the outcome: That spying eventually makes us more free by making people truly secure their documents and communications against all intrusion short of the government running a black bag job on them. That provides a natural restraint on government intrusion.
I think it was supposed to be a "rule of thumb" not a law of nature. I heard it used in response to "snake oil" cures that were supposed to be completely harmless but cure everything from cancer to pancreatitis.
If you carry it out to the point of absurdity, even water can kill people if too much is ingested too fast.
"The mechanism of death from such doses (1.2% of body weight, or 0.84 kg for a 70 kg human) is unknown, but may be more mechanical than chemical. The LD50 in humans remains unknown, given lack of any accidental or intentional poisoning death data."
That seems an awfully low threshold for "strong enough to kill".
You got that so close, but wrong. Cloud services are inherently insecure because you don't have physical control over the devices containing your data. You have to trust that the remote end is secure, and exploiting trust is what intelligence agencies do best.
Here is the Ruckus Society's manual on "security culture" which has some brief info on why you need physical control over your data storage devices. Includes also some pointers on how to establish strong(er) physical security for your data. http://ruckus.org/article.php?id=789
I don't think that just any virtualized hardware is safe fundamentally or anything, I just meant it as a practical option instead of multiplying machines. Obviously trust, as I wrote, can't enter the equation. But if you are sure (in the mathematical sense) that the virtualized machine cannot be doing anything but running tangential software and relaying your info without the possibility of decrypting, it seems safe to me.
Obviously if I'm wrong let me know, but I just meant it as a general alternative to people having their own entirely isolated physical server, local or remote.
I found the almost throw away shot the article took at Spideroak to be kind of odd. While I'm sure they comply with the law, their service would not seem to allow them to very easily "decrypt on command".
In fact services like Spideroak would seem to be a reasonable tradeoff between convenience and security. A service you run on your own server from open source code reviewed by experts could be more secure, but it's a lot more of a hassle to set up.
I don't think that Spideroak would just decrypt your data if someone said pretty please, but the fact is that they retain the ability to do so if they are legally obligated to. It follows that they may do so if they are not legally obligated to, though I don't mean to imply that they would (and I don't think I do in the article, sorry if it comes across that way). It does mean that they can decrypt on command, though. If they have access theoretically, they have it practically, in this case. There's a difference between them and other cloud services but it's more like the difference between varieties of apple than between apples and oranges, I think.
I was tempted to compare this type of end-to-end security to the second amendment (the right to bear arms), which was a right given to the people (in part) to ensure they could overthrow a corrupt government should one form - I don't think we're to that point and overreaching by the government has contracted back to reasonable levels before.
But thinking about this issue from a constitutional level, we have indeed (as the article states) given away our fourth amendment rights, and I don't see how developing the systems described in the article could be construed as treason - I'm simply making myself personally responsible for enforcing my fourth amendment rights.
My steps:
- Replace Google Apps for domains with my own servers.
- Stop using drop-box
- Establish private communications channels for IM (and perhaps something like Twitter.
Then I'll only use public infrastructure for data/messages I want to be public. Unfortunately, the list above represents a lot of work and is exactly the reason we seeded control of our data to outside corporations. We gave them our data as a means to simplify our lives or to gain greater "connectivity". It won't be so easy to go back.