From his perspective as the head of the FBI whose job it is to achieve outcomes within the law, of course Comey advocates encryption backdoors. He would likely also advocate allowing the FBI to suspend the bill of rights for any suspect during the duration of an investigation, and he'd quite likely prefer that the FBI be legally allowed to torture suspects if extreme techniques were viewed as likely to result in useful information. To law enforcement, the rights of a suspect are a barrier to many convictions.
How did we get to this point? Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective. Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues). And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
Comey is a symptom of the kind of cowardly, authority-respecting society we've become. I look forward to the day when our FBI director is not someone whose gaffes and judgment calls we read about in the newspaper on a regular basis.
Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective.
In this case, it might be better to assume malice rather than incompetence. In the 1950's it was s/terrorist/communist/, but it was a remarkably effective political tool. We might be in the same situation.
But this time, our fates are all linked. Once shipping backdoors becomes mainstream, it might be impossible to go back.
We should try to think of some concrete steps to resist this. It feels like we have to try, since there's so much at stake.
Could we reverse engineer the political forces at play? We could try to think of the most effective thing we could do, and then focus on that.
> Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective.
> In this case, it might be better to assume malice rather than incompetence.
I really want to consider you paranoid, but sadly I strongly agree. This is hardly the first time engineered paranoia has gripped the country, but living through it is horrible.
I was a kid during the mid-to-late Cold War (post "duck and cover") and somehow I was never able to take it seriously. Even when I took classes on strategic deterrence and the like in college I considered them light entertainment I was paying for to give me a break from the serious classes.
This is hardly the first time engineered paranoia has gripped the country ... I was a kid during the mid-to-late Cold War (post "duck and cover") and somehow I was never able to take it seriously.
Unfortunately, the threat was (and still very much is) real:
I first got the impression you meant something like "the Red Menace", but I take it you meant:
Engineered paranoia is still very real and a danger to our societies because of its reality-distorting effects that can result in violent overreactions.
> We should try to think of some concrete steps to resist this. It feels like we have to try, since there's so much at stake.
Great point. One idea I had recently is to start an organization in the same spirit as Open AI called OpenSurveillance that builds and releases all sorts of useful tools for thwarting surveillance efforts or acting as an adversary to an entity with pervasive surveillance power (generally speaking, corrupt regimes around the world).
I think it would entail a combination of social/operational and technological tools, and would be useful for defensive and offensive efforts.
When OpenAI releases a state of the art facial recognition algorithm, it becomes obvious how the technology might be used for good or for evil. The same goal would apply.
Perhaps one utility conducts an analysis of public social media data to determine the best strategy for bribing or compromising an adversary. Another could explain how to use a HackRF YARDStick One to track the movement of an adversary via tire air pressure sensors. Another might utilize an infra-red camera to determine which entrances and exits of a building are slow to close and could offer time to sneak in.
Still other tools might be a user-friendly rootkit installer for easy installation on a spouse or boss's device, etc., or maybe a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.
The basic idea would be to highlight enough about reality so that the security (and privacy) implications of the policies can be weighed accurately by the public. By putting all the tools in one place and releasing polished, thoughtful products, the organization would help the public understand the privacy/security tradeoffs much better.
Basically a modern Anarchist's Cookbook for the surveillance age.
Disclaimer: It is not the intent of this post to discourage people to break laws, simply to use their vote and influence to peacefully change laws.
Do you think such an organization could exist in the light?
I've been considering a comparable project, but more focussed on opsec/infosec in a file sharing context. However, I've felt chilled by the possible legal consequences to me and my family if I enter this arena.
Bootstrapping myself to have great opsec seems like a really tough task. I feel like I'd have to repeatedly burn hardware, houses and identities if I want to stand a chance to reach "opsec heaven" where I can freely persue projects such as the Spook's Cookbook or the Pirate's Cookbook.
>acting as an adversary to an entity with pervasive surveillance power (generally speaking, corrupt regimes around the world)
>a user-friendly rootkit installer for easy installation
>a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.
I'm afraid corrupt regimes would be the ones who benefit the most from such tools.
Most people I've met who work in security at large companies would rather lose their job than participate in the erasure of security for all. Apple showed this pretty obviously, but I think many companies would have most of their software engineers quit before accepting such a request, even if it was a direct order. The government cannot order you personally to write software, that's blatant first amendment violations, even if they figure out a way to order a company to do so. When politicians see one of their largest corporations disappearing over night, and the associated loss of world power and tax revenue, from engineers quitting vs a police force trying to force things like this... I think there will be some reconsidering that would happen.
> Most people I've met who work in security at large companies would rather lose their job than participate in the erasure of security for all.
While I think (and hope) this is correct, I'm not sure it matters.
For example, it would not be necessary for most of the engineers to be aware of a backdoor or other known vulnerability. There have been examples from open source crypto where malicious code has weakened it significantly and still nobody noticed.
There's also the very real possibility of baking the backdoor/vulnerability into a custom ASIC design. Chances are the government has a lot of expertise in this area and could simply tell Apple that it would provide one of the parts for all iPhones and the part would behave to spec (but would contain other undocumented behavior).
I think it's also realistic that other governments do this. Unless a chip is manufactured using the latest microprocessor-level miniaturization, it could contain all sorts of undocumented circuitry. I'm not sure about the economics of this sort of attack, but surely it makes sense once in a while.
They can take the high road because they currently have money and social status to leverage. If they were easily replaceable and earning an average middle-class income, the first amendment wouldn't mean crap next to their continued employment. That could actually be a novel argument against anything that would suppress their wages and salaries; their paycheck may be the last line of defense against a dystopian future.
I have found people like to claim they would do the ethical/moral thing, but from what I have seen; it's maybe 1 out of a thousand that will walk, especially when it comes to their job/career.
There's this weird denial that takes place. I see it in all professions.
>In this case, it might be better to assume malice rather than incompetence. In the 1950's it was s/terrorist/communist/, but it was a remarkably effective political tool. We might be in the same situation.
Eh, communism was way more of a threat. People in extremely high positions were communist traitors (eg Harry Dexter White who negotiated Bretton Woods/the creation of IMF for the US, or Alger Hiss who was involved in the creation of the UN, or a gazillion people in the British intelligence services).
If the government today was filled with people loyal to ISIS or AQ, then you could draw such a parallel.
Comey is a bureaucrat looking for more power to do his job. He's the runny nose.
The flu is Feinstein. From the ridiculous controls that treat cold medicine like contraband, the Patriot act, and bullshit like this, the Senator is a wellspring of bad law and disrespect for the American people.
I'm a Californian, and I don't think I've ever voted for her, but I can't say so for sure to be honest.
However, a senior politician of marginal quality can be better for your state than a junior politician of superior quality. In theory they are able to score you all kinds of handouts and preferential treatment where the junior politician would just get ignored.
I don't know if that's the case for Feinstein, but my point is there's some utility there from the perspective of a Californian that does not exist for (say) a Utahn given the option to vote in CA elections.
> Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective. Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
You are looking at the problem wrong. It has nothing to do with government indoctrination but an issue with incentives. The FBI's whole job is to investigate potentially illegal acts and as human beings they are incentivized to do their job as well as they can. When the opportunity comes up to give them more tools to do their job no one in the FBI is going to say "no I want to continue with one hand behind my back".
The exact same thing happens at companies. Companies with poorly aligned incentives will quickly see employees act against the will of the company as a whole to make sure they look and come across as best as possible, and any chance a decision comes up to help them do their job better they will fight for it, because not doing so is pretty dumb.
Well run companies work around these incentive issues by trying to get everyone aligned with checks and balances. We don't have that in the government because the people who are supposed to be doing the checks and balances (congress) have incentives to follow the FBI's requests because of the political suicide of coming out against solving crimes and defeating terrorists. It can (and will) be used against them at election time and their checks and balances (us as voters) fall for it all the time because we (as a collective whole) are short sighted and scared that something might happen and don't want to be someone who voted for someone soft on security.
The only way to realign the incentives back for societal good is to get the common voter to understand the bigger implications of issues and hold our elected officals accountable. Until that happens the incentiives are always going to be aligned for the government to gain power.
I was with you until "It can (and will) be used against them at election time and their checks and balances (us as voters) fall for it all the time because we (as a collective whole) are short sighted and scared that something might happen and don't want to be someone who voted for someone soft on security."
Everyone's vote is secret, so no one will come to your house and bust your balls over voting for someone who comes out against defeating terrorists. The problem is that there are no incentives to become well-read in the issues behind each election. Maybe we can find a way to incentivize learning the facts and becoming well-read on issues before elections [1]
Individual voters are influenced by media. Publishers look hard for any story they can spin into public outrage; it's natural for politicians not to want to be a hero of such story, because it will cost them votes.
They're also influenced by education. There's nothing to suggest that education is less subversive to your individual thoughts and preferences than "media", except the media you consume is largely voluntary, while education is forced upon you while you are a minor.
>He'd quite likely prefer that the FBI be legally allowed to torture suspects if extreme techniques were viewed as likely to result in useful information. To law enforcement, the rights of a suspect are a barrier to many convictions.
Not Comey. In this committee session he bluntly said torture is not effective and that his personal standard for what constitutes torture is more stringent than that in the statutes.
No he stated his moral position (that torture is wrong) first, and then at the end of his answer appended "and of course it is ineffective, but that is another story".
The problem here is, what if studies showed torture really did work? Would he have the same, up front moral position? I think that's what parent was trying to allude to. Not whether he is morally opposed to it right now but if he's more of a "if it works I'll use it no matter what" type of person.
But that just calls into question a person's character and it's going to be impossible to dig down and find a satisfying answer for everyone. So I'm not sure how fruitful this is.
>...if extreme techniques were viewed as likely to result in useful information
Right, he wouldn't use it because he doesn't believe it's effective. The GP is suggesting that if it were effective and legal, do you really believe he would refrain from doing it on moral grounds? It's the prerogative of the FBI to pursue cases using essentially all effective legal means, and it's no surprise to hear they are lobbying for more tools to become legal.
No. Like I said, he literally stated word for word that torture is both morally wrong in his eyes and ineffective, not to mention illegal.
Paraphrasing here but I think his definition was along the lines of "anything that purposefully causes physical harm or injury to a person", and when asked whether bad prison food counts, he said that in his eyes for his team that is not something he would condone. This was a pretty straightforward response; the man at least talks the good talk on torture.
Not to take away from his talking the good talk, but I don't think that his moral position is very meaningful given that it is demonstrably ineffective. If it was demonstrably effective and he said it was immoral, those words would carry much more weight. But he has little to lose by saying that it's morally wrong when it doesn't work. The illegality is also moot when discussing legalization.
Sure, but if the populace and the political climate demanded torture from the FBI and he refused, he would be fired and replaced with someone not so principled in their opposition.
There are threats against the US that are more than a few crazy people. The rise of Islamism is real. But the reality is that the number of casualties due to terrorism in the US is dwarfed by those of gang or drug violence, even including 9/11 (which is now more than 15y ago...). We do not hear anyone suggesting restricting civil liberties to reduce gang violence. It is kind of a curious massively asymmetrical tolerance to crime.
>>We do not hear anyone suggesting restricting civil liberties to reduce gang violence.
We hear about it all the time. It's just so pervasive we no longer see how extreme is the intrusion!
Civil asset forfeiture, stop & frisk, the near endless litany of TSA/Homeland Security abuses, "VIPER" teams hassling Greyhound bus riders, states such as Hawaii where the 2nd Amendment is ignored, the SWAT teams that have taken over every small-town police department, the banking secrecy acts that report you if you move more than $4000 at a time or in an undefined "suspicious" way (also see "structuring"), the aggressive+confrontational transformation of law enforcement into domestic military, the involvement of military at WACO... need I continue?
We do not hear anyone suggesting restricting civil liberties to reduce gang violence. It is kind of a curious massively asymmetrical tolerance to crime.
The fear, of course, is such restrictions would be next. You start by going after the boogeymen, terrorists and pedophiles, then expand to gangs, then drug dealers, then political enemies, then....
I took gang violence as an example, there are many other kinds of "common violence" that could happen to anyone. The US stats below are for a single year [1] [2]. For reference, cumulative casualties in the US as a result of terrorism for 2001-2014 is 3,412 [3], 416 if you exclude 9/11. Any way you look at it, terrorism is a very minor form of crime in the US and Europe.
Yes, this is it exactly. Terrorism is scary the same way a random murder in your neighborhood is scary.
Anecdote: I live in one of the lowest crime neighborhoods in Chicago. Every now and again though someone is shot in the area. The first thing I always wonder: was it random or was it gang/drug related? Nine of ten times it's the latter and I feel better because I don't associate with gangs or regularly participate in drug deals in a McDonald's parking lot at 4AM. It's scary when it's random because it's easy to think, "that could have been me, it could have been anyone."
That's why terrorism is scary (and that's why the terrorists do what they do). Of course protections should be in place, but there's simply only so much you can do before you're policing every aspect of everyone's life to prevent the tiniest chance that something happens to a tiny percentage of people. But, damn, is it scary.
You could aggressively curtail civil liberties in order to crack down on drunken driving, which kills more people than 9/11 each year, and can happen to pretty much anybody.
Good counterpoint, I don't have an answer for you, you'd need somebody who supports curtailing civil liberties in order to combat terrorism to give an answer to that.
> I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat
It was always just a ruse to snatch power. Parading a potential existential threat to consolidate authority goes back to antiquity and is a common theme in historical narratives, fiction, allegorical literature, popular political writings of the founding fathers...
It's like the political version of a 419 scam. I'm continually dumbfounded that people fall for these things.
In the modern era, there's accessible easy-to-read references at our finger-tips to learn about all the classic shams that are constructed to manipulate and seize power, but it doesn't seem to matter. It's really something.
> From his perspective as the head of the FBI whose job it is to achieve outcomes within the law, of course Comey advocates encryption backdoors.
Wiretapping and search warrants are long standing and well support ways for law enforcement to investigate among other things organized crime. Just because you know have encryption doesn't mean that has changed. Similar to how the NSA didn't suddenly stop doing signal intelligence just because they allegedly "lost the crypto wars".
> Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
It's a presumably a "better safe than sorry" and "nobody got fired for choosing more surveillance" kind of a thing.
> Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
Terrorism is just the ultimate argument of people in the establishment. Just like encryption enthusiast might have some story about how they are helping dissidents, but are mostly encrypting their warez and mundane e-mails.
True, but there is a big difference between presenting evidence to a judge to obtain a search warrant and subsequently manually wiretapping a phone line or two and the sort of massive-scale surveillance/capture we have today.
It's like the difference between a doctor examining an awake patient who has complained about a specific symptom... vs to a doctor sneaking into the bedroom of thousands of sleeping non-patients and performing a secret physical exam on their genitals just in case anything about their genitals seems alarming.
The crime (building the illegal infrastructure to do that surveillance) is now justified after the fact by a fairly quaint comparison to traditional police work.
As much as I'd like to, I don't believe that surveillance is about police work. It's about political intimidation which is identical to the kind of political intimidation that seems obvious when talking about other police states from history.
The effects of intimidation are not obvious as everyone expects them to be. I'll make an analogy with the North Korean regime to illustrate my point.
How is it possible that the leader of N. Korea is able to make statements to the public that are obviously absurd. Are people in N. Korea less rational than elsewhere? Less intelligent? No, but over time the range of ideas considered acceptable has adapted to include some of the most ludicrous (and contradicted by fact) claims imaginable.
How does this happen? I think it happens gradually. How likely are we to loudly criticize our government when we know all our devices contain a hot mic and all the audio might be getting recorded? Maybe we still offer a criticism but we couch it a bit or we follow it with some praise. Small things like this mean that we all hear less criticism, less scrutiny, less dissent. All because we are not sure who is listening or who will be reported to authorities for holding a controversial view.
Over the course of decades, perfectly intelligent, rational people in N. Korea are easily able to believe some fairly outlandish claims simply because of a few decades of secret police presence and fear of being reported.
What does this have to do with the US? By definition, terrorism is a political crime. It causes intimidation and fear. It is designed to be asymmetrical and sporadic, and is impossible to stop. The only way to fight it is with extreme social control... a more compliant society where holders of nonstandard beliefs are more easily identified.
If the surveillance data had not been used to fight non-terrorism crimes, or if the systems were designed with a cryptographically provable audit trail, I'd consider the possibility that this was just a more modern way of doing law enforcement. But sadly I think all of the evidence points in the other direction.
One way to fight terrorism is refusing to be terrorized.
The goal of terrorists is inflicting terror and reactions following from the terror. Terror suppresses reason, so the reactions become less reasonable and thus detrimental to the attacked side.
By this measure, terrorists have unquestionably won. The Western societies under attack suppress their core values after the attacks, such as openness, free speech, tolerance to a variety of views, and primacy of reason and right over force. Voluntarily crippling your own encryption is like voluntarily making holes in your armor, all out of fear.
It's like an auto-immune reaction that kills the patient instead of the germ.
""" surprised anyone can still use the word "terrorism" with a straight face anymore
"""
Is quickest way to shut down conversation. Especially given horrific events in France, Ohio, Florida. Your argument is not only ridiculous its counter productive to anyone offering a balanced saner approach.
You're more likely to die from a lightning bolt than a 'terrorist' attack. You're thousands of times more likely to die from bad driving habits or being overweight, so why is the terrorist bogeyman given so much concern in the political conversation?
Because a lightning bolt is a much more random occurance. It doesn't have agency, an agenda or a trajectory within society. A lightning bolt isn't looking to instigate more lightning bolts.
In 10 years time the death stats for lightning bolts will be similar and for road accidents will probably have declined. Which way do you think the terrorists stats will go?
Terrorism is less likely to remain a low-probability event because it contains the intention of death spurred by a toxic ideology that wishes to spread.
The comparisons given are accidents and happen through negligence or plain bad luck.
If your premise is true that it will grow because it wishes to spread, then why has it empirically remained constant? Why isnt it more successful every year as it pushes growth?
It has the strong potential to grow but right now there are enough people opposing its spread.
Even so, terrorism may have cumulative political and social effects. People don't like to know there are others out there who wish them harm. Once a certain threshold of resentment is reached within an affected society then suddenly massive unrest could erupt.
Some politicians are trying to mitigate this by suggesting we should just get used to the occasional terrorist attack and treat it like a lightning strike or a piece of heavy furniture falling over.
You must not live in the us. Every politician here is hyping the threat well beyond proportion to the life loss potential. But humans are irrational and scare prone, so why not exploit the cognitive bug, for votes and profit?
Arguing deaths due to <x> happened more frequently than terrorism in some time period is useless, if the underlying process that generates those numbers are widely different.
Rather than thinking in terms of mortality rate over a period, its more accurate to think in terms of events. A single lightning bolt strike can at most affect 0 ~ 10 people with a gaussian distribution. A terrorist attack on the other hand has a long tail distribution and can cause 10^0 ~ 10^4 deaths.
There is no organized cult going around making lightening bolts with explicit intention of causing large scale harm. On the other hand there are several organized terrorist groups which are intentionally trying to do that. As far as being overweight or bad driving habits, billions of dollars are poured into health care system, automated driving and regulations with goal of reducing deaths due to them.
Bad driving and cardiac/obesity DO cause more than 10^6 deaths per annum and get no where near the proportionate political/media attention that terrorism does. There are 10x the deaths in auto accidents than the worst terrorist attack in US history every single year. The DHS budget alone dwarfs any proportional safety return that could be made by simply raising the legal driving age by a year.
I think what he's saying is that a disproportionate amount of time and money is spent on saving a tiny number of lives.
If your goal as a government is to minimise the number of lives lost that were preventable, then the argument is that there are many more effective ways of doing it other than spending huge amounts on security services.
I presume there's some stat somewhere that says that young drivers are more likely to be involved in fatal traffic accidents. No-one would claim that dying in these accidents is not tragic.
So if you were to raise the legal driving age by a year, you may end up saving lots of lives, and that would be a lot cheaper way of saving lives.
It's not a flawless argument, as one has to balance freedoms with restrictions and the fact that any historic analysis of attacks has to try and unpick the fact that security apparatus was in place in the past. Spending 0 money on security could have unforeseen consequences, and most people would accept that preparing and executing an attack would be easier.
First of all I agree with you, but let me state what I think the other side's argument might be. You can choose to eat healthy and exercise and reduce your chance of early death from obesity/health issues. You can also drive extra carefully, or take a plane, or not travel at all if you're that concerned about a car crash. With a terrorist attack though, it's mostly out of your control and literally anyone can be affected at any time and that's the scary part. That being said, people should take into account how minuscule that risk really is, but that's hard for the average joe to do when every attack is plastered all over the news for days whether it's something major or a lone gunman killing a few people.
>You can choose to eat healthy and exercise and reduce your chance of early death from obesity/health issues. You can also drive extra carefully, or take a plane, or not travel at all if you're that concerned about a car crash.
Since "Terrorism" is a political problem, how about a political solution? Stop going into Muslim countries and murdering women/children and tearing down governments with no plan for rebuilding? Be more cautious about what you do on the world stage. Stop bombing brown people just because they don't support 'American interests' and such.
How many people die from terrorism in a year in the U.S.?
Not many.
How much money do we spend on it every year?
Too Much.
How often do politicians talk about it?
Way Too Much.
It's ridiculous. It is basically a non-issue here.
I bet the number of blacks killed by cops outnumbers the people killed by terrorists here in the U.S. Let's spend a trillion dollars fighting THAT problem!
More people die of auto erotic asphyxiation than terrorism annually (~682 people). You're insistence is what is rediculous, as parent pointed out if it was a problem--it isn't; then 0 cases have been publicly thwarted via this technique.
I don't buy in that this problem is large enough not that this solution would be acceptable if it was
Arguing deaths due to <x> happened more frequently than terrorism in some time period is useless, if the underlying process that generates those numbers are widely different. There is no organized cult going around preaching auto erotic asphyxiation with explicit intention of causing large scale harm. On the other hand there are several organized terrorist groups which are intentionally trying to do that.
Unchecked Terrorism has non stationary distribution and can lead to deadlier events that are orders of magnitude larger. Further why pick a year and not a day? At any given day the number of deaths due to Terrorism are close to zero, except you know on a tragic day a decade ago in september.
> if the underlying process that generates those numbers are widely different.
So stop the underlying process? Terrorist organizations aren't quiet about their problems, that tragic day in September was in opposition to US interference in their lives. If our goal was combatting terrorism, we picked a terrible way of addressing the problem.
>>that tragic day in September was in opposition to US interference in their lives.
To you these attacks are a valid grievance redressal mechanisms??? Is that the path every disenfranchised group should take?? If you are okay with such approach, no point in having a discussion.
It's not about whether you're ok or not with their methods. The question is, do you really, actually, want to stop terrorism, or are you just pretending, using the T-word as a political tool? The actions of not just US, but other western countries strongly suggest, that they don't actually care about stopping terrorism.
The gist of it is that Comey went to great lengths to make sure warrantless wiretapping wouldn't be considered legal. And when he failed to do so, he resigned.
It would be ironic if at some point he was wiretapped and blackmailed into toeing the party line (where 'the party line' is 'they', and 'them', clearly).
On a more serious note though: it strikes me that in our time of 'total information awareness' the ability to blackmail people in powerful positions is a significant flaw in our system, much more so compared to the past.
Has any research been or anything worthwhile been written about this (potential) problem? I mean, we know people have been blackmailed or that attempts have been made, so the question is how common this actually is.
Despite my internal knee-jerk 'this sounds tinfoil-hatty', I can't think of anything keeping intelligence agencies from wielding massive hidden power in this way. Or would it just have come to light much more often if that were the case?
I think he came to the belief that there was legal justification for conducting mass surveillance in secret... in other words that the AG didn't need to sign off on it for it to be an appropriate tool.
If the AG had signed for it, then we'd have probably seen the supreme court weigh in on it. But since he didn't, the program continued behind closed doors and grew massively. I believe now there is a rolling 60 day archive of nearly all worldwide communications and metadata (and longer rolling archives for select subsets). It's incredibly impressive tech but quite scary.
Comey is not just someone with a job at a particular organisation, he's also a servant of the state, and he is a citizen. Any servant of the state has a duty to the constitution. His job description comes second (or later).
It's not at all natural that he should argue for hollowing out the constitution, or favour the needs of own organisation over the rest of the state or over the entire society.
> It's not at all natural that he should argue for hollowing out the constitution, or favour the needs of own organisation over the rest of the state or over the entire society.
Very true. But I think it's safe to assume that no good, just individual would end up in the role of Director of an intelligence service. Who really aspires to be the leader of a team of secret police?
There are some professions that are not strictly speaking unethical, but that tend to attract an ilk of people who are unconcerned with ethics. Used car salespeople, brothel owners, chiefs of secret police forces, people hired to do telephone cold calls to sell shady investments to the elderly, etc.
If Comey is viewed in this light, we can see that he is acting predictably. Sadly, many people have the mistaken idea that people who dress in nice suits and wear medals and get appointed by presidents somehow deserve the benefit of the doubt. They do not.
The article specifically states that he doesn't want a backdoor:
“We’ve had very good open and productive conversations with the private sector over the last 18 months about this issue, because everybody realizes we care about the same things. We all love privacy, we all care about public safety and none of us want backdoors — we don’t want access to devices built in in some way. What we want to work with the manufacturers on is to figure out how can we accommodate both interests in a sensible way”
Hi, you're new here. In the USA when someone in government says something that you agree with, it may because they are sincere, or it may be because its what you want to hear. Politicians, and humans in political roles, may lie. Lying is when they say something that isn't true. They may do this for many reasons. A common reason is when they want an outcome X, and they say to you that they don't want outcome X. "Oh thank goodness! They don't want outcome X either! I can go about my business." They might say they "don't want a backdoor". Technically, this isn't even a lie. Comey does not intend to put a backdoor on your phone. Your phone is not a house. Clearly it cannot have a door. But Comey very much wants to be able to decrypt the information on your phone and says so specifically and at great length. A technical person would call this "a backdoor". It is clearly not a backdoor, and no form of door will be installed on your phone. When Comey says "we dont want access to devices built in in someway", what he means is that of course your phone wont be built with the access mechanism. Your phone is an inert piece metal, plastic and silicon etc. What he wants is that when your phone is first connected to electrical power, at the factory, then it will have the access software installed. Not built in, but installed at the factory.
|How can we optimize the privacy, security features of their devices and allow court orders to be complied with.
You can't; this is an either or situation. There is literally no system that could be put in place that wouldn't be exploited by people who were not the intended users.
He is playing the word game, what a technical person might call a "backdoor" he will call a "front-door" or something else, so there's technically not a "backdoor" and he technically didn't lie, even if he wants what many of us geeks would indeed call a "backdoor". It's sort of how the NSA redefines the dictionary meaning of common sense words to mean something else, (for example something like: "surveillance" means breaking into someone's home to plant a bug in there, so technically almost no one is under that definition of "surveillance", even if capturing our emails, hacking webcams etc. would be considered surveillance as well, but since no one broke in to plant a physical bug, that's not "surveillance" - it's just a words game).
I thought it was interesting that he talked about breaking into other people's devices while specifying how they would harden their own systems. "We don't want you looking at our stuff, but your stuff is fair game."
> Comey is a symptom of the kind of cowardly, authority-respecting society we've become.
I am an Indian citizen living in USA and I think American society must take the blame here and not the politicians. The way society thinks and votes I think only a total narcissist moron can succeed in US administration.
The fastest way to rise to top (as we saw in case of Obama and Trump) is to find some target group and blame that group for the failure of other larger society. The larger society is far too quick to raise pitchforks and burn the other group at stake.
It is depressing to see that large % of Americans have seen inside of jail. A lot of people labeled as "suspected terrorist" or "sex offenders" are no where close to the common sense definition of those words. But once you have that label rest of the society treats you like utter shit. You cant find a job, state can put any arbitrary restrictions on all your freedoms etc.
Unless US society learns to be compassionate and stand up for the rights of even those "deplorable" people purely as matter of principle I don't think there is any scope for optimism.
I remember Ron Paul's words "Once you give up some liberty, you are not going to get it back, ever!"
I'm always requesting constructive criticism like this from foreign-born coworkers, hoping for such valuable outside perspective, but they seldom provide it, no doubt hoping to avoid being offensive.
> The fastest way to rise to top (as we saw in case of Obama and Trump) is to find some target group and blame that group for the failure of other larger society. The larger society is far too quick to raise pitchforks and burn the other group at stake.
Yes, we are very much a blame society. It is the Republicans fault. It is the Democrats fault. It is my neighbor's fault. It is my parents' fault. Blame blame.
> Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
This depends on what kind of crime you talk about. And is "the vast majority of crimes" actually prevented from occurring? How do you get numbers for this?
Calling people who don't agree with you stupid is not going to advance your cause. At all.
> I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues).
Two points:
1. The occasional zealot is all it takes to make people feel unsafe, affect their behaviour towards other people and just generally ruin a lot of peoples days.
2. Blaming all terrorist attacks on mental issues alone without taking into account viral ideologies is dishonest.
edit: i forgot this:
> And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
I'm confused about this. I'm hurried at the moment, but this seems to a bill that orders tech companies to provide a solution to encryption without having a backdoor?
Isn't this like legislating a violation of mathematics or something?
As I just put it in my open letter: "Let me be clear. This distinction that the Director makes has no basis in fact or science. Any imaginable key escrow system that would by design provide routine access to encrypted data is a backdoor that will be able to be hacked. Any such system of so called lawful intercept is an unfixable, mandated security vulnerability that will make Americans less safe both at home and abroad." (https://rietta.com/blog/2017/05/03/americans-access-to-stron...)
https://www.youtube.com/watch?v=VPBH1eW28mo is a pretty good video for persuading people why this legislation is a bad idea. We might still be able to beat it by rallying support.
Susan Landau's congressional testimony - with Comey siting one table away - applies to this as well. She explains in detail not only the problem with backdoors, but also how the FBI badly needs to update their methods. The quote from the NSA that legal access doesn't mean that access will be easy should have ended this brouhaha last year.
> I suppose tech companies could give them a backdoor and call it a front door?
They're more likely to go "LOL, no" and as it's both impossible AND compelling speech is impossible per 1st Amendment the Government would end up losing in the courts.
The compelling speech argument would not have held up in court. Apple was putting on a show because they had already advertised to customers that they wouldn't unlock phones for law enforcement.
What? Apple was not putting on a show. What the FBI requested required actual software development to be done. You can't force someone to work for you.
Judges absolutely can force work and do it all the time. See the discovery process Uber is going through now. For an example more relevant to the Apple case, look at the Lavabit court orders.
The idea that writing software not intended for public release is compelled speech under the standard of Wooley v. Maynard is laughable. Nobody except a few gullible tech bloggers (are there any other kind?) took that argument seriously.
> Judges absolutely can force work and do it all the time. See the discovery process Uber is going through now. For an example more relevant to the Apple case, look at the Lavabit court orders.
Discovery is different. Laws already require you to retain various records for later discovery. That's just general "shuffle stuff around" work that doesn't really require much effort.
What the FBI was asking for was custom software development to be done to circumvent existing software and hardware functions.
> The idea that writing software not intended for public release is compelled speech under the standard of Wooley v. Maynard is laughable.
Not sure I follow. The distinction wasn't public versus private release; it was writing the custom software itself. The whole "you can keep it and destroy it afterwards" didn't really matter. The FBI can't simply insert itself into your business, have engineers reprioritized from what they're currently working on and expect you to produce something for them.
> What the FBI was asking for was custom software development to be done to circumvent existing software and hardware functions.
Which is exactly what was requested in the Lavabit case, to the letter. I used the discovery example to show that courts compel work all the time, which you originally claimed they could not do.
> Which is exactly what was requested in the Lavabit case, to the letter.
What you're saying is not true. If you take a look at what happened in the unsealed documents regarding Lavabit [1] the FBI wanted a copy of the SSL private key. That's it. The owner of Lavabit offered to do some coding so they could target the meta data of a single person but it was rejected so he ultimately shut his service down.
> I used the discovery example to show that courts compel work all the time, which you originally claimed they could not do.
Discovery is seeking data that already exists and is reasonably accessible. You can't use discovery to force someone to write software the doesn't exist to provide additional functionality to a product. The FBI had to resort to using the All Writs Act in order to attempt to do this and backed down before it could go through and set a precedent. I'd suggest taking a look at how electronic discovery [2] works.
Also the HN discussion around the Apple vs FBI case was rather interesting and is full of good information [3].
"The case began in June, when Texas-based Lavabit was served with a “pen register” order requiring it to give the government a live feed of the email activity on a particular account."
"Levison resisted the order on the grounds that he couldn’t comply without reprogramming the elaborate encryption system he’d built to protect his users’ privacy."
"So in July the government served Levison with a search warrant striking at the Achilles’ heel of his system: the private SSL key that would allow the FBI to decrypt traffic to and from the site, and collect Snowden’s metadata directly."
In other words, they asked him to write software to get just metadata for Snowden's correspondences and when he delayed, they requested everything.
> You can't use discovery to force someone to write software the doesn't exist to provide additional functionality to a product.
"A party may serve on any other party a request ... to produce ... any designated documents ... stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form."
If the amount of translation is infeasible without writing scripts, you can be forced to write scripts.
But again, the whole point of this discovery tangent was to show that courts can and very often do "force someone to work for you," which I will assume you now concede is true. Let's stick to the Lavabit case and what constitutes illegal compelled speech, as these are the points on which we still disagree.
> You got Lavabit case exactly wrong. No wonder you're confused.
I can't tell if you're trying to troll me or what at this point. I link you to the lavabit case details then you link me to the lavabit details.
They wanted a "pen register" which assumes reasonable hook-up-ability. This wasn't possible without reprogramming the system. This made it unreasonable and it was withdrawn. Then they asked for the SSL key so they could use a pen register. The owner suggested, instead of the SSL key, that he write software to avoid it and they declined so he shut it down.
You stated I got it wrong but my original post was factual and specifically referenced the wikipedia article that references the exact order. Nothing that you have posted has shown otherwise.
> > You can't use discovery to force someone to write software the doesn't exist to provide additional functionality to a product.
> "A party may serve on any other party a request ... to produce ... any designated documents ... stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form."
But you can't. Translation cannot be twisted to meaning "develop a new feature that creates another way to enter a system". It just can't.
> But again, the whole point of this discovery tangent was to show that courts can and very often do "force someone to work for you," which I will assume you now concede is true.
The best they can do, again, is reasonable collection from a medium which consists of direct or requiring translation. I'm not sure what I would concede here as nothing I have said goes against the sources you have posted.
As far as I am concerned this conversation is over as I do not see the value in continuing to repeat the same information, over and over.
> You stated I got it wrong but my original post was factual and specifically referenced the wikipedia article that references the exact order.
Let's refresh your memory.
> The owner of Lavabit offered to do some coding so they could target the meta data of a single person but it was rejected so he ultimately shut his service down.
No, he didn't offer to do it. He was ordered to do it and refused. Only after refusal did the FBI ask him to hand over his private key, not because it was "unreasonable" as you erroneously claimed but because after he realized he would be held in contempt for not doing the work, he was delaying access to the data by negotiating terms of work too slowly, causing the government to forever lose the ability to collect metadata that would have been generated in the meantime. https://www.justsecurity.org/wp-content/uploads/2014/04/lava...
> Translation cannot be twisted to meaning "develop a new feature that creates another way to enter a system". It just can't.
You're moving the goalposts. First, it was 'the government can't make you work," for which I gave you the discovery example as a counterexample that happens all the time. Then it was "the government can't make you write software," and I showed you that it just so happens you can be effectively forced to write software as part of discovery. Now it's "you can't be forced to write software to create another way to enter a system." Discovery doesn't serve as a counterexample to that claim because I never intended it to be a counterexample to that claim but to that first claim. As I've repeatedly stated, the Lavabit case is a counterexample to this third claim.
> I do not see the value in continuing to repeat the same information, over and over.
Nor do I. I'm hoping you actually have some new information that your argument can stand on instead of repeating the same things I debunked in my very first post.
> As I said, that distinction matters for Apple's spurious "compelled speech" argument.
It does not. Just because a government orders you to do something privately doesn't mean it isn't compelled speech. Regardless, see my reply to your other comment.
> Just because a government orders you to do something privately doesn't mean it isn't compelled speech.
As I said earlier, the standard for illegal compelledspeech was defined in Wooley v. Maynard, prior to which there was no such thing as illegal compelled speech. Do you actually have an argument about why forcing the writing of unreleased software is illegal compelled speech, or are you going to keep saying it as a truism?
The idea is that it is currently infeasible to build a consumer product that updates itself that is not vulnerable to exploitation by the manufacturer (see Apple's San Bernardino case). It looks like the FBI would like legislation that grants them access to the manufacturer's de-facto backdoor without having to pay for a work order.
So, the NSA and the CIA were recently hacked, yet these numbskulls think we can create a system that will only be accessed by "the good guys" How many hacks, leaks etc will it take for them to understand that if this passes, that will be the end of online security?
New Rule: If you want to propose cybersecurity legislation, you need to pass the fizz buzz test.
they think we can create a system only available to them
Because there are civilian consumer systems, and state apparatus systems. The civilian consumer systems just leave shit out in the open, all over the place, and make a mess, with no obligation to common, clueless people.
Everyone knows that no effort is made to retain military operational security for sloppy, undisciplined non-combatants.
Anyone with clearance to actual hardened systems, sees a clear difference from the other side of the wall, and questions why the charade must go on, when it'd be so much easier to dispose of the pretense that there's "privacy" to be had, and see investigations forced to prosecute with so much parallel construction.
The state apparatus systems, in their minds, deserve preservation of secrecy, because it puts the owners at an advantage. They seek advantage by crippling consumer civilian systems. This is the line of reasoning from their perspective. Render outsiders defective. Create real systems for themselves. Maintain authority by denying useful systems to unknown quantities.
> "What nobody wants to have happen is something terrible happen in the United States and it be connected to our inability to access information with lawful authority."
But they're not asking for that. They're asking for the ability to force companies to grant them access to information without something terrible happening.
The only way you could prevent something terrible happening, and have that prevention be "connected to [their] ability to access information with lawful authority", is to have the ability to inspect private data. And the only reasonable way they would do that is to do it surreptitiously.
They could try just asking the user to unlock their iPhone, or demand it with a court order (where I assume they can plead the 5th), but either would tip the suspect off. So they have to do it without the user's knowledge. And the only way to do that is if the company has a backdoor, or makes it so incredibly insecure as to no longer guarantee privacy at all.
The only logical way to give the FBI what it wants is to compromise user privacy.
> During the session, Comey also made repeat plays for expanding the scope of national security letters (NSL) — arguing that these administrative subpoenas were always intended to be able to acquire information from internet companies, not just from telcos.
The FBI claims that they would always get permission from a judge for invading user privacy. In the next breath, they want to expand NSLs, which is invading user privacy without requiring a judge's approval.
Both Lavabit and Silent Circle have had to close down their businesses after Lavabit was unreasonably demanded by the government (in a gag-ordered search warrant) to give up its private TLS keys, exposing all its users' privacy. But no law enforcement agency gives a shit about privacy; only secrecy.
Unbelievable. Just happened to see a clip today (https://goo.gl/F9XeQU) where Feinstein was "grilling" Comey about announcing the investigation into Clinton right before the election.
When Feinstein totally let him off the hook I was floored?!? He interfered worse than the Russians - how does he still have a job?
Ahh, she wants his support for the decrypt bill. I'll never understand why the Democrats have zero interest in protecting personal privacy.
Some Democrats are fairly strong proponents of protecting personal privacy, as are some Republicans. Conversely members of each party are down right anti privacy. When standagainstdpying.org was still active you would see very little correlation between party and score.
Our 2 party system leads to widely erratic results on issues like this, as we are seeing with this Comey Feinstein partnership.
“I don’t think Congress intended that distinction but what it does do us is in our most important investigations it requires us that if we want to find out the subscriber info to a particular email to go and get an order from a federal judge in Washington as part of the FISA court. An incredibly long and difficult process. And I’m worried about that slowing us down — and I’m also worried about it being a disincentive for our investigators to do it at all.”
Hurdles to protect privacy are important. If it's not an arduous process we have a problem.
Can it be ambiguous to only use who instead of whom? If not, then it's probably not important, just feels painful for people who know the rules. That's as much an indictment of the rule itself as it is of people breaking it.
No, it can't[1]. However, vestigial marking of present-tense third-person-singular verbs is going strong and pretty much nobody considers the fact that it's completely useless as an argument against doing it.
The difference is that nearly everyone doesn't know the who/whom rule -- it is dead -- while nearly everyone does know the living pres.3sg rule, and they have trouble violating it even if in the abstract they might like to.
[1] The strongest argument in this direction is that no one in the modern day knows what whom means or under what circumstances it appears, meaning that when a whom is encountered it can only make them more confused.
Would it be okay to mandate spy microphones in all cars, spy cameras in all rooms, and make it illegal to remove or disable them, as long as only the 'good guys', with a warrant, could access the info?
What if doing this would save N people/year from terrorist attacks?
What other rights should we sacrifice for a 'safer' society? Surely we shouldn't let terrorist recruit people, so there goes free speech. We also shouldn't let them gather together to plot their wicked plots, so there goes freedom of association. And if we could bar people at risk of committing terrorist acts, from vulnerable locations, such as subways, airports, parks with a lot of people in them, well, I'm sure that would save a few lives too.
Putting in backdoors is sure fire way to kill US based mobile phone producers. Criminals will just use foreign produced phones and only way to counteract that is to outlaw those phones. Can't wait till they criminalize having certain firmware on your phones.
I had a slightly different take on the issue. If you require U.S. companies to include backdoors (or whatever word the FBI comes up with) then those companies will simply move operations to another country. Silicon Valley will dry up and innovation will happen somewhere else. You can already see the seeds of such a movement; when researchers are afraid to present at a conference for fear of being arrested[0], or a company is being forced to do something it doesn't want to do[1].
These things are not conducive to a growing, free nation. Our current leadership talks about bringing jobs back to America, but this course of action is forcing companies to move elsewhere, and taking their jobs with them.
Because if you can control or modify radio firmware then it's can usually operate outside of certified range and power. Most of routers use same hardware for all markets while radio regulations are different. So limits are enforced per-country in software and it's easier for manufacturers to completely lock down devices.
Yup, I'm in the UK and dd-wrt allows me to push my router power output far beyond the legal spec (since the actual router can support that but is software limited).
I didn't because I'm a good neighbour and it's not a massive apartment.
> We all love privacy, we all care about public safety and none of us want backdoors — we don’t want access to devices built in in some way. What we want to work with the manufacturers on is to figure out how can we accommodate both interests in a sensible way
It's not, but notice his wording. He has no clue if it's possible or not, he wants a mandate for the tech companies to "figure it out".
There have been voices from the tech industry saying it's impossible, but Comey doesn't want to hear that. He's literally called that response "emotional" and believes tech lovers simply are clinging to encryption and privacy irrationally.
He's not going to stop until he can hear what he wants to hear. I think the only thing that will satisfy him is a beltway bandit lying to him about their technology.
Diane Feinstein is old and needs to retire. She is completely out of touch with the needs of her constituency, and comes off more like an old guard republican rather then a democrat that she is supposed to be.
> comes off more like an old guard republican rather then a democrat
This is true of most Democrats these days, except when they want to pander to minorities or other disadvantaged groups who could use real, actual allies instead of the panderers. I am amazed and humbled by these folks' perseverance in the face of a two party system in which one party apparently hates them and the other thinks so little of them that their best efforts at being allies generally consists of terrible pandering.
Maybe many minorities and members of disadvantaged groups don't like being told that the pressing issues which affect their communities are just "identity politics," which seems to me to happen a lot lately.
Of course; it's insulting to have these issues reduced to a phrase like that. It's also insulting to have these issues reduced to a plug on the campaign trail and then ignored for the next year or two until the next big campaign, or used as a weapon by one rich old white lady against an affluent old Jewish guy to score political points (for example).
You want to see the typical Democratic interaction with minorities on a political level? Look at Flint, during the Primaries and general election, and compare it to now.
AFAIK, Ted Lieu is the only person that any opposition has produced, and I'm not sure who else is even in a position to primary Feinstein. Starchild ain't gonna cut it.
Unfortunately the Democrats have been trying to out-Republican the Republicans since the Clinton administration. (When the party really embraced getting all married-up with wealthy donors, and inevitably turned its back on its traditional roots.)
I didn't intend for this to be a 100% thing, I think there are a decent number of people who are probably a lot more well informed than I am, but when the large majority of voters opinions are so easily manipulated as to effectively be for sale, then what the hell is the point? It's not much different than an oligarchy, but it's made a bit better because our overlords have a lot of hoops to jump through the keep the show running.
Nothing the parent said assumes voters are rational.
They pointed out that CA voters can remove her. True.
They pointed out she's still there, so the plausible majority of the people that cast votes must have wanted to elect her vs the opposition choice (as of the last election). True.
It does say that the voters wanted her there. I don't think they're engaged enough for that to be the case. Even if there were a grassroots attempt to do this, it would fail without substantial political and monetary support, because voters as a whole are not paying anywhere near enough attention to make informed decisions about these things in my opinion. When they even bother to show up.
Democracy couldn't exist if there was a mechanism to say certain votes are irrational and shouldn't be counted. It's not a perfect system but it's the best yet.
I'm not saying there are votes that shouldn't be counted, but I do think the electorate is generally so disengaged and uninformed that it makes a farce out of anything. It's like a blind person attempting to drive a car. It's still better than non-democratic alternatives, but I think that has more to do with how all of the arcane pieces that make up the system happen to divvy up power enough to prevent it from becoming too centralized, and there's sort of a looming threat that the people could turn against you. It isn't because the core concept of the people actually controlling their own government holds much weight, at least not in how most people seem to conceptualize it.
Really I'd like for this not to be the case, but at the moment it seems like that isn't likely to happen anytime before I'm dead.
Feinstein is now 83. I don't think she has announced either way, but it is likely she'll retire. If so, then there will probably be a lot of candidates.
Yea, here is Colorado we have Cory Gardner. Rank and file republican in an increasingly deep blue state. Currently leading the pack as most hostile to his constituent's interests:
I don't know why California Democrats elected Diane in the first place. Were there not any real liberals in California to choose from preferably with some expertise in Californias most valuable export?
I was watching the hearing during lunch, had to attend to work meetings, and then saw this article which is what spurred me to post my open letter to Congress tonight and share it here on HN at https://news.ycombinator.com/item?id=14261423. We have to get this information out there in a format that Congress and our non-techie friends and family understand.
Law enforcement is tasked with putting people in jail, not so much preventing future abuses of bad laws by governments. This is why checks and balances must be maintained, for when all you have is a hammer everything looks like a nail.
"The high profile court battle ultimately ended after the FBI paid a third party company to gain access to the device via an exploit in the security system."
It cost a lot of money, basically (AFAIK on the order of a million dollars to Celebrite).
One funny outcome of the San Bernardino iPhone cracking debate was the Government double speak:
To Apple ...
> We only want to force you to build a custom iOS so we can get into this iPhone.
To DA's across the country ...
> Send us all your iPhones for ... reasons.
But comedy aside, they really do care about the cost / time of un-encrypting things. They're position seems to be that anything outside of your brain (5th amendment and all) should be available with a court order in a reasonable time and at reasonable cost.
I don't agree with that, because manufacturers should be able to produce whatever software they damn well please. But, they have a logical position if you look from the right angle.
> They're position seems to be that anything outside of your brain (5th amendment and all) should be available with a court order in a reasonable time and at reasonable cost.
I'm looking forward to the first court cases that deal with somebody who implanted a memory chip into their body and are storing information in it (only accessible through a wirelessly sent password) that the court wants to access. Could the court order surgery to remove it.
Can someone call out these alleged encryption back doors for what they are? Junk science.
If Apple and Google aren't legally able to build as secure as devices & infrastructure as possible, the DOJ, FBI, NSA, and CIA sure as hell won't be secure. Merry Christmas to Assange.
"Backdoor" is such a loaded term. But it could be done relatively securely with a dual key system. Apple (or you/your device), has one key; the government has some other key. Either one unlocks the phone.
But then you need the government to securely store a few master keys. Given the latest CIA, NSA and OPM leaks I doubt this is possible long-term. However, maybe changing the devices keys based on year of manufacture is a reasonable step to have some sort of safeguard.
> We have to figure out a way to optimize those two things: privacy and public safety.
Given how safe the public is, you'd think that this would mean "we need to focus on privacy". That is the public's priority. The FBI, whose mandate is abviously not to protect the privacy of citizens, is obviously going to advocate for the public safety, or more specifically his organization's degree of visible success in ensuring it.
Obviously the director of the FBI is not who you should be asking for a balanced recommendation regarding safety and privacy.
Is there any good information on what has been accomplished through such access etc ?
What have they stopped using such methods? I think if they wanted to get anything like this moving forward they need to show results. Not too many trust the government these days.
I do not like the idea of "backdoors" but I can see realistic need for such things. I think many are against such things "until" some massive WMD type attack then the tune will change.
There is another big problem with mandatory decryption laws.
If someone want to incriminate you, they don't need to plant a file with child porn anymore: they just need to plant a file composed of random bytes and acuse you of having encrypted child porn there.
Now good luck providing the court an encryption key that does not exist.
If you're wondering how it got to this point I'd like to remind you that you (If you live in the US) don't own this country. The people in charge don't care about you. They care about money, power, and stability of their system. It's hopeless to resist because they own your home, your bank account, and all your money. The only way we'll ever change it is getting scientists, nerds, and engineers into congress. I don't know how we'll do it but we have to do it to ensure freedom for everyone in the USA.
Ridiculous. When will these numbskulls understand that you can't regulate people's use of encodings? It's right there in human language. You can't force everyone to use the same one.
I still don't understand. They want to be able to have a court order a device maker to decrypt data, but today they can already get a court to order the device owner to decrypt it. The device owner actually has the password or key. The truth is that they want to do this without the device owner knowing it's being done.
Passwords so far are somewhat protected under the fifth. And you have to go trough contempt of court. Firmware signing keys that belong to a third party are not.
> The device owner actually has the password or key.
The device owner might be dead. Given that the context is law enforcement, that's reasonably likely (I forget - wasn't that the problem with San Bernardino?)
How did we get to this point? Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective. Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues). And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
Comey is a symptom of the kind of cowardly, authority-respecting society we've become. I look forward to the day when our FBI director is not someone whose gaffes and judgment calls we read about in the newspaper on a regular basis.