They make going dark seem like some terrible unprecedented thing but electronic communication hasn't even been ubiquitous for that long. Before that there were no wire taps because there were no wires. The human race somehow managed to survive.
It's important to note that part of the reason they "need" technology to track terrorism is that technology enables terrorism. To say that we got along fine before technology and mass surveillance means we don't need mass surveillance is a flawed argument; it misses the fact that technology brings with it a big bag troubles and benefits.
But personally, I still think window of abuse for back doors is too large to be rationally allowed.
I wonder how we'll deal with this as technology progresses even further. In 10-20 years, it probably won't take much for a random nutjob to make an extremely deadly virus. And that are only baby steps in nanotechnology. Do we really want total privacy and anonymity in a world where a single person can easily wield such destructive powers?
Yes, because giving up privacy and anonymity will only marginally slow down (if at all) the would be evildoers, at least those smart enough to not brag about their evil doings in Facebook.
In my home country, we have one of the more strict gun owning laws in the world. That does not prevent the criminals from getting guns at all - pretty much every random fucker can get his hand on a pistol, and organized gangs have gear that is often comparable with that of the army. But, on the other hand, it is pretty difficult for the average law abiding citizen to arm themselves for self protection.
The funny thing is, this strict control got really started in the late 60's and 70's, when student riots made for a moment seem like a coupe / civil war against the regime were at least thinkable. So, what are the real winners when the government outlaws technologies than short the gap between state power vs individual powers? It is not the criminal elements in society. They already are breaking the law and profiting from it. They will work around whatever restrictions get imposed and illegally import the gear they need from wherever it is available. It is you and me who get the shaft!
The point of gun control isn't to keep the guns from the hands of real criminals (much less gangs), it's to keep guns from the average not-really-law-abiding citizen, who gets drunk and shoots his ex-wife, or leaves his gun accessible to his kids (hello school shootings) or just gets mad at his boss (just happened around here, the guy had a hunting rifle).
Whether that justifies preventing people from arming themselves for self-defense is arguable, of course.
Are you saying that because there are idiots who drink and drive, all cars should be banned. But if there end up being criminals with cars that get away from the police on bikes... then it is somehow alright because it was never a goal to stop them in the first place?
I guess I feel even more strongly against letting a dumb law enforcement agency dictate what infosec is ok to have on my systems, thank you very much!
[Edit] Ok, I can see my argument was kind of dumb, comparing regulation with outright banning.
Nonsense. A general restriction is not the same as declaring everyone guilty. Am I being declared guilty until proven innocent by not being allowed to own military weaponry? Nuclear weapons? Biological agents?
This doesn't mean the restrictions are OK in this case; as I wrote, it's arguable*
I guess it's a great thing we have the Second Amendment and associated judicial proceedings.
Whatever makes you happy. Not being from the US, my interest is purely academic. Our constitution has no such provision, and the population is under no urge to add it.
The point of gun control is to score points with some parts of the population while disarming the rest--anything else is just grandstanding used to justify the act.
Frankly, thugs with guns are irrelevant. I'm not advocating to drop all privacy because there are some bad guys with ill intent, who may want to hurt you or me - as a society we've already decided it's not a big deal (otherwise you'd have much more resources poured into crime prevention). The question I'm asking is - in the quickly coming age of easily obtainable weapons of mass destruction, does the privacy arguments change? And how do you want to secure people from random evildoers utilizing such weapons? It's a genuine concern, and in case you think I'm just fearmongering, I suggest checking out the progress happening in biotechnology.
It was not my intention to fear monger. I was speaking by analogy, not sure if it was not clear or if you disagree with my argument.
What I am saying is this: in a world where weapons of mass destruction becomes more available, privacy/anonymity is mostly a non issue. I will say it outfront: I am skeptical of the evil genius in a basement, holding a day job while secretly moonlighting on his personal armageddon. Players willing and able to conduct this type of terrorist attacks will probably not rely on the same IT stack regular joes do.
Assuming they have the financial resources and personnel to pose a credible threat will know to not use their iphones. They will know to use vintage hardware, to download and compile their own Linux/OpenBSD from scratch, to get their crypto libraries from "rouge" countries outside of the sphere of influence of the US, etc. Those that do not, they will be busted early.
Those that pose the real threat then are the ones that you cannot stop by making technology harder to get. As long as there is demand, there will be supply. And they will have gear that is in the same ballpark as the forces that are supposed to stop them. Probably not as good as the best there is, because you can never outspend the guy with the printing press, but good enough to hold their own.
And then there is the cost. Not only the conspiracy theory cost that the government is going to turn fascist, but the very real cost of giving real criminals an edge over the public. They already are breaking the law, they wont care about using banned technology. If they can afford it, and if they can either profit from it or avoid being caught using it, they will get it in the black market.
You were not fearmongering; I was preempting in case someone accused me of doing so ;).
I agree with your analysis if applied to contemporary dangers. But I've been not-so-subtly hinting towards biotech for a reason - as it progresses and the "tools of the trade" become both cheap and possible to DIY, the "required financial resources and personnel" drop sharply. People brewing up dangerous viruses ten years from now in universities or hackerspaces, whether on purpose or by accident, don't seem like a big stretch of imagination. And I honestly wonder, how are we, as a society, planning to safeguard ourselves against that threats. We can barely handle the diseases that occur naturally. People don't realize how dangerous this stuff is, because - again, except from natural diseases - we've never had to deal with a self-replicating technology before.
I'm not saying we'll need to drop privacy and anonymity entirely, but I suspect that they will be affected by any good solution. I'd probably sleep safer if I knew that there's no easy way to anonymously obtain necessary ingredients. You'll never stop a very determined attacker, but they're not the problem - random nutjobs with an axe to grind are.
> I'd probably sleep safer if I knew that there's no easy way to anonymously obtain necessary ingredients
That is already the case for a lot of things, when it comes to chemistry anyway. Your random person couldn't get their hands on the things required to make various dangerous chemicals. Criminals, they can, sometimes, but with great effort and expense so it's usually aimed at chemicals that will make them money (drugs, typically) -- and the really advanced stuff is done by "legit" (kind of) labs, not a home chemist.
Of course, that's only as good as the stores following the protocols, and with the internet that can change somewhat, but even then it requires buying chemicals outside of the country and getting it through customs (which isn't perfect, but puts up enough of a barrier that regular people or average criminals don't risk it).
Are you saying that because someonemight do something evil, we should all lose our right to privacy and anonymity to protect everyone from what the mad scientist might do?
Can you even show that taking my privacy away makes me markedly safer, because unless you can establish that first I'm not even listening.
I would wager that a substantial number (probably majority) of individuals on this site (SF/NYC dwellers, especially) would trade their right (Ok: not really, but everyone elses) to keep and bear arms for a bit of (false) security.
How about traditional police investigation tactics? They have been and continue to be extremely effective, much more so than blanket comms survalience. If you compare today to a few hundred years ago, we've already expeeienced the kind of change in destructive access you fear, and yet it almost never happens.
Governments going completely insane on their people are relatively common. Everyone thinks it will not happen to them, until it does. That's a much greater risk than rogue individuals. To double the big risk to half the small one is bad risk management.
I agree if you express it not in terms of probability of event (rouge individuals pop up every day somewhere) but expected damage. There is only so much one man can do today, so it's right to focus on big risks and not small ones. But technology tends to change things, and I fear that upcoming biotech (and possibly pure nanotech in more distant future) will drastically change the equation, giving unprecedented power to rouge individuals with ill intent. The question is, how can we defend from that; how can we minimize the amount of damage one person can do?
Swinging to the other side, would you really want to allow an alphabet soup agency to make a virus or nanotech (a literal "bug") to infiltrate your body and monitor everything going on with you on the off chance that some nutjob does the same thing?
Honestly? Yes. Already some way to artificially boost the immune system would be a good thing, and in a world with advanced nano/biotech available this seems like a no-brainer. We need some sort of blanket protection not only from potential attackers, but from much more likely accidents.
That's a pretty extreme speculation. There has been only one non-state-actor use of WMDs, ever: The Aum cult sarin gas attack on the Tokyo subway. They could have done more damage with a simple bomb.
Actually two; the guys did a sarin attack twice. But I'm not worried about chemical weapons; they're not that dangerous. What worries me is biological attacks, which differ by having a self-replicating component that can amplify even the tiniest exposure to an international emergency.
How much money do you have in the bank, and what is your bank account number? If anything can be hidden in the internet, then who decides which things can be hidden?
I can show you my balance and even give you the number in case you're so nice as to transfer me something. And I'll live happy knowing that if you try doing something funny, you can be tracked down and held responsible.
The point is, you may want that money to be spent stopping that someone before he makes / releases it, and that seems to be at odds with privacy concerns.
> A.k.a. "All people should be considered guilty until proven innocent."
Not really. Please re-read the comment I replied to. The point is, progress of technology brings new dangers and appropriate means of protection need to be created.
If anything, "watch everyone to have enough data available to be able to spot a criminal before he strikes". But my point actually is, some amount of watching will always be necessary, and advancements of technology seem to increase the need for that surveillance as the time goes.
> If anything, "watch everyone to have enough data available to be able to spot a criminal before he strikes".
A.k.a. "assume everyone is a criminal".
> But my point actually is, some amount of watching will always be necessary
Sure, if there's reasonable suspicion that the person being watched is a criminal, and there's a real warrant (not some rubber-stamp from FISA) authorizing said watching. Watching everyone because "well we don't know if this person's a criminal or not" is not only ineffective (as proven by the dearth of terrorist attacks actually prevented due to NSA surveillance) but unethical and - per the United States Constitution - illegal.
Of course, none of this would be an issue if law-abiding citizens were encouraged and given the resources to protect themselves against crime, be it physical (by practicing self-defense, armed or otherwise) or virtual (by encouraging the use of free/open software, and strong encryption).
i don't see how that argument makes sense. Yeah there were no wire taps, but there also weren't any wires for criminals to use to communicate. Criminal investigators have histroically been able to get at any place where there might be evidence, with a warrant. The historical maxim has been "the law is entitled to every man's evidence." You could put a lock on your desk drawer, but that can be easily bypassed with a warrant. There is protection against warrantless searches, but once due process is given, a court's power to compel the disclosure of evidence is almost unlimited.
An encrypted hard drive is a totally unprecedented thing in that regard.
But this has already happened and the judge in question 'compelled' the suspect to decrypt her laptop. I don't know if she ever did, whether there was any evidence that was germane to the case on it or whether she was held indefinitely but there is recourse for the authorities in these cases.
Eventually her husband provided the cops with the correct password[1]. The 5th Amendment prevents you from providing testimony that would incriminate yourself. In this case, though, she was being compelled to decrypt the laptop to produce evidence against someone else - Ms. Fricosu was granted immunity against any evidence collected from the laptop[2], so she didn't have any 5th Amendment grounds. In general, a Grand Jury has the right to subpoena any evidence from a third party that is relevant to a criminal investigation, and you can be held in contempt if you don't produce it. She had already admitted in a wiretapped conversation that there were documents relevant to the case on the laptop, the laptop was in her possession and that she refused to give them the passwords.
The use of crypto for information security predates the United States. It wasn't very good crypto back then, but it was around. People also had other ways to obscure information from the government: shorthands, code books, code phrases, foreign languages, argots, and cants (and physical seals, to discourage tampering with mail).
> Then governments with enumerated powers would need some unprecedented powers to get into that unprecedented thing, right?
Only the federal government is limited to its enumerated powers. So at best your argument is that mandating backdoors requires state rather than federal action. State governments can do whatever they want unless it conflicts with a Constitutional right, and there is no right to have a place to stash evidence the government can't get to with adequate process.
All that means is that you don't have to point to the Constitution to prove a right exists. The right still has to exist somewhere and be recognized.[1] The power of courts to access nearly all evidence with due process predates the Constitution and nothing about that document shows any intention to alter that practice.
[1] "Rights" are exceptions, not the rule. The rule is the will of democratically elected legislatures. Rights are exceptions to democracy and should be construed to swallow the rule.
Rights are expansive. There is no "precautionary principle" when it comes to rights. If a new thing is discovered, like strong encryption, I have a right to use it in conjunction with my other rights. If I can make a cheap personal rocket, I have a right to launch myself into orbit, as long as I'm not infringing on others' rights. The fact that such a rocket means anyone can build an ICBM doesn't put it outside of one's rights.
Governments have no inherent power to "inspect." You seem to think governments should have superior powers to individuals. While there is a philosophical argument for this, that doesn't mean it's always going to be true.
It's fallacious to use the concept of "enumerated powers" and "limited government" to argue that "rights" in the U.S. are, or were intended to be, structured the way you describe. "Limited government" concerns the allocation of power between the state and federal governments, not the relationship between those governments and individuals.
State governments are not ones of enumerated powers and they are not limited. They are successors to the British Parliament and inherited the powers of that institution including the general police power. Against that backdrop, "rights" are those specific restrictions on the exercise of that power that states have bound themselves to by the federal Constitution and their own constitutions. There is no room in that framework for an expansive conception of rights that all exist so long as you're "not infringing on others' rights."
A great concrete example is blue laws, which were widespread at the time of the founding and regulated everything from alcohol sales to food consumption. Some of those have been challenged, hundreds of years later and mostly unsuccessfully, on establishment clause grounds, but there is little doubt the states, as a general principle, have the right to regulate public morals.
The contents of your human memory are not protected as a general principle. For example, you can be compelled to testify against someone else. You can't be compelled to testify against yourself, but the premise of that protection isn't some general right not to disclose the contents of your memory, but a very specific right against forced confessions.
