A key promise of Obama's campaign for the presidency was to run the “most transparent” government- however the only person to really deliver on that promise was a whistleblower.
Secret courts, secret domestic spying, and now calls for weakening of the digital equivalent of the safe shows that he either was not honest about transparency, or has radically changed his opinion since becoming POTUS.
Maybe it's that he decided to use his political clout to pick healthcare as his signature in American history, not wage war against the NSA, but either way it saddens me to have campaigned for someone who has empowered a surveillance state instead of fight against it.
Liberty literally means "freedom from arbitrary or despotic government or control", and freedom in the information age means the liberty to communicate and store information. Anything to compromise that makes us all more vulnerable to control in all parts of our lives, not just those stored in zeros and ones. I believe America can be "Land of the free, home of the brave", but not without digital liberty.
I think Washington has changed Obama more than Obama changed Washington. He's spent seven years in the craziest bubble in America surrounded by people being paid millions to distort his worldview one way or another.
A while back he advised some kids in College to never type anything into a computer if they want it to remain private. For him, it probably seems completely reasonable. I doubt he's touched a keyboard since he became president. His daughters are the only teenagers in America who've never been near Snapchat (the Secret Service will keep it that way). And he's literally surrounded by security officers and spooks everywhere he goes. They manage every interaction he has so you can imagine their worldview is going to affect him.
I'm not trying to make excuses for him. He's so completely off the deep end nowadays (between this and TPP) that it's heartbreaking as a long time supporter. I hope he leaves the presidency, leaves Washington and spends a few years thinking about what went wrong before writing his memoirs. It would be an amazing insight into the corrosive influence of Washington on a person's integrity.
I think the following truth has a lot of relevance to your comment: the only way somebody gets elected president of the US is if it's a given that he or she will maintain the status quo on behalf of powerful interests.
Obama's campaign promises are as empty as those of any other politician. He's used his presidency to bring a windfall to the Halliburtons of healthcare and escalated the war on whistleblowers and the attack on privacy.
His successor will do the same.
We can hope that his supporters become appropriately disillusioned, but so much of politics is about loyalty in exchange for spoils, not ideas or accountability, so I'm not optimistic.
This is actually why I'm so hesitant on Bernie Sanders. I'm seeing the same campaign promises, the same basic ideas, the same wild support base. And I can't help but think we're about to face the exact same result.
I'm not sure if anyone could really stand up to the rest of Washington for 8 years, without going in as such a zealot in some way that you might not really want them as President.
Ted Cruz/Paul Ryan/Ron Paul might be the closest thing to that. Bernie Sanders, maybe, although I'd have a hard time seeing him maintain an 8 year long fight. Everyone else is basically establishment to some degree (Trump doesn't strike me as ideological as much as opportunist++, although certainly different in style than the others.)
(And maybe you want someone reasonable/rational/etc. but not ideological as President.)
Disclosure: I liked Obama as candidate, and I've liked him as president.
I haven't always been happy with some of his decisions and policies. But, my guess is that he's constantly being whispered the worst case scenarios.
A president probably feels responsibility for the well being of hundreds of millions of people. And, all that it takes are a few highly polished ex-lobbiest communicators whispering, 'if you won't strengthen this program, Mr. President, then a terrorist will unleash a dirty bomb on the east coast and injure tens of millions.' Who would want to be responsible for that? 'Oh, just wiretap citizens? I guess that doesn't seem too bad if it's an either-or-decision.'
Unfortunately, I don't see a way out of this mess. Bin Laden won when he turned the US into a 24-7 terror watch. Now, we live by fear and over-protection against an enemy that we can't see.
Ah, come ON: It was plenty clear just what the heck Obama was well before and during the election. E.g., Bill Ayers, Reverend Wright, and his other buddies. Then, during the campaign where he was campaigning and on a stage with Hillary and Bill Richardson and the US National Anthem was playing, Hillery and Bill had their hands over their hearts and Obama had his hands together and below his belt. Then there was his "my Muslim faith". Then on his apology tour where he bowed down to the heads of China, France, Saudi Arabia, and Japan.
> So if your argument is strong encryption, no matter what, and we can and should, in fact, create black boxes, then that I think does not strike the kind of balance that we have lived with for 200, 300 years.
Mr. Obama, you are the one who upset the balance with secret, dragnet surveillance of nearly all communications. That's not the bargain the public has had with law enforcement for the last 300 years. Widespread, end-to-end encryption is simply the natural reaction to the arms race you started. We would have never come to this point if the government had kept surveillance within court-supervised bounds.
> dragnet surveillance of nearly all communications. That's not the bargain the public has had with law enforcement
I'm not sure this is the argument to make to Obama and the DOJ. They are already framing this as a privacy issue
The factors they understand are the public safety and economic impacts. Let us speak to those points and allow privacy to be a secondary concern. Obama himself told President Xi last year that the exact same policies would dramatically hurt Xi's economy [1]
Obama has a meta-point however that proponents of the absolutist position don't seem to want to face. Democracy relies on transparency. Many of the progressives who are rallying in support of absolute right to privacy are some of the same people who constantly criticize Swiss bank accounts, Cayman island financial shenanigans.
But if companies were to implement the same sorts of impenetrable encryption, on every device, all the way down to the corporate desktop, in a way that not even the company executives themselves can read the email of their own employees, then lots of regulations the government applies to companies would be mooted.
Taken to the extreme, if all communication is digital, and 100% impregnable, and people maintain good OpSec, then it will be hard to impossible to execute lawsuits or regulatory investigations into malfeasance because they'll be no paper trail.
The end result of going full tilt on crypto is cryptoanarchy. This was pretty much well argued in the 90s among the cypherpunks community. Most of the libertarians and Objectivists were salivating over how strong crypto protocols would end fiat currency, end taxation, end regulation, and so on.
So how far as a society are we willing to take this? Does it just extend to private data? Does it extend to transactions? To payments you make for things? To transfers of money? To business transactions? Will Democracy be able to audit nothing of the interactions of citizens or our institutions in the future?
You don't have to agree with Obama's position to see that cryptoanarchy and Democracy are on a collision course, and it makes sense to discuss the possibilities openly without just plugging your ears and taking an absolutist position that demonizes anyone who disagrees.
On balance, putting backdoors in phones will make us less secure, because criminals will just use other methods to communicate, and the public will be putting their data within reach of every hacker in the world through a government-imposed weakness.
The administration is unlikely to understand our privacy concerns. They do understand economic and public safety issues, and it is the facts around these issues that we must share with them. President Obama himself told President Xi last year that introducing backdoor legislation would hurt his economy [4]. Let's make Obama's argument back to him
They can still plant bugs in offices, cars, homes, etc. That's specific and targeted and proportional, but expensive and hard.
There's no good reason they have to have access to electronic devices, they can install cameras and mics. It's just easier going straight to the phones and emails.
But they had that power and they abused it massively, and are now suffering the backlash, and why should privacy stop given they've demonstrated they can't be proportional in their surveillance?
They were not specific with what they got from the phones and emails, so they've demonstrated they're not responsible or measured and now strong encryption is necessary as government has clearly shown that secret courts === warrantless mass surveillance.
The other thing that's clear is that the US couldn't care less about privacy for anyone not in the US, so all us non-US citizen need this encryption to protect us from your peeping tom government.
This is largely overblown though. Even with unfettered access to great and easy to use crypto your society doesn't collapse. It turns out that maintaining anonymity is a giant pain in the ass, no more people are going to go full on tinfoil ghost on society to dodge taxes any more than they already disappear and live off the grid. Most businesses are easier to conduct in public and even derive benefit from it.
Regulatory enforcement is fairly easy: in order to have a license to operate your coal plant, you agree to hand over documents x, y, z. If in your crypto-dystopia I handed over encrypted docs instead of the plaintext for my coal plant I would just have my business fined out of existence just like would happen now.
If I have incriminating documents and no crypto I'm not going to encrypt them, I'm going to slag the hard drives they're on and burn the paper copies.
If you're a public official: make it illegal to use encryption beyond the provided email encryption (which the agency IT dept can also read). I think you can make the case that it is already illegal since an internally encrypted message that you refuse to decrypt (at the request of a superior, a court, or investigation) would have to have been misuse of gov't property (your first amendment rights do not allow you to use government systems for private use and you explicitly have no privacy with respect to the scenario mentioned above when you use them).
People have always had plenty of ways to be shitheads and get away with it, and there have always been mechanisms to make those decisions costly. These things continue to be true despite the presence of strong crypto.
The reason an "absolutist" position here makes sense is because this is a binary choice between everyone legally having security, or no one legally having security. Until now we haven't had to make this choice because neither was an option, we just all existed in a vague middle ground dictated by our circumstances, number of shits given, and technical acumen. True, you might not have had access to cryptography, but you didn't have data to encrypt so you lost nothing by having no encryption. Now everyone has a lot to lose but not everyone realizes that.
You're completely right that there are undesirable consequences to mathematically absolute privacy that can't be compromised by any means. But I'd argue that the government has brought this scenario upon itself by blowing up the old system of procedural (rather than mathematical) safeguards.
In the past, Apple had your iMessage data, or at least the ability to decrypt it on-demand. It was understood that this data would be private by default, but would be disclosed to the government through an established, case-by-case process supervised by the courts. Everyone was pretty much OK with this. You and I got our data kept private, unless there was some material, specific reason for the government to suspect it was related to a crime. The government got to dump the data of people under investigation, if a court thought there was good reason to do so.
Then the government went nuclear. They said, here's a National Security Letter that compels you to give us everything you have. Bulk data. Any cooperation that is physically possible. You can't talk about it and you can't appeal to the courts. If you have to capability to MiTM all of your users and pipe everything to us, you have to do it. No oversight, no transparency and no safeguards. Whatever we do with the data is up to us.
In this context, what alternative do tech companies have besides to similarly escalate and build systems that make it physically impossible for them to cooperate?
The government destroyed the social compact between telecom providers and law enforcement with forced, secret bulk surveillance. If the government is willing to step back and make binding, unequivocal commitments that companies that do maintain the ability to decrypt their users' communications won't be forced to secretly use them en masse, maybe we can go back to the old status quo. But the government doesn't seem willing to do that. They want cooperation, but they also want the ability to bust in the back door with an NSL and say "give us everything, on everyone."
The legal system has become so tilted in the government's favour (see: the inability to challenge the constitutionality of bulk surveillance, because you can't prove it happened to you), that companies will no longer trust in the old procedural safeguards. The only thing we can trust is the mathematically proven safety of encryption. And that's the government's fault. So now we are forced to chose between absolute privacy and zero privacy.
Way to burn a strawman the height of Mount Everest. Nobody is asking for cryptoanarchy, just freedom of backdoored communication.
In any case, I surely hope my bank is already practicing that kind of opsec. That doesn't mean they suddenly stop giving reports to the government. Why would it? That's just.. what?
>Obama has a meta-point however that proponents of the absolutist position don't seem to want to face. Democracy relies on transparency. Many of the progressives who are rallying in support of absolute right to privacy are some of the same people who constantly criticize Swiss bank accounts, Cayman island financial shenanigans.
And there's nothing preventing law enforcement to find about these by tons of other means, including checking suspected bank transactions with a warrant.
People determined to communicate without anyone hearing, e.g. to setup their tax-haven accouts-- can do it in 2000 ways. Mass surveillance is about all the others who casually exchange data and discussions.
>The end result of going full tilt on crypto is cryptoanarchy.
Absolutely right. Imagine a white man goes on a spree shooting with hate-crime elements. We are trying to find out if more of these attacks will occur
Now the suspect's money is in a Goldman Sachs account and the bank tells the gov't they couldn't just break into their client's financial records and find out who transferred them money. This is a "secret trust" account where nobody - not even Goldman employees - can recover transnational records. What kind of precedent would that set? What about if China wanted to find out bank transactions?
Some say this is hate-crime is one of the worst in decades and it's worth finding out if we are at risk for more. Opponents say banking privacy is an absolute right.
Can anyone tell me if they story ran in national news, the CEO of Goldman would not be facing charges of treason right now?
Unbreakable encryption isn't new. One-time pads have been around for a long time. Book ciphers can be impenetrable when done properly. And there's always the tried-and-true technique of simply never writing anything down, and doing everything face to face. Even if you argue that this is too difficult and you need something modern and easy to use, uncrackable encryption programs have been available for maybe two decades now.
Yet regulators seem to still be able to get the information they need. They're often nearly toothless, but that's because of politics, not technology.
This as an argument is completely crazy and similarly absolutist.
Having access to proper crypto at all, as an option, does not mean everything will inevitably be encrypted and not controlled for. Companies will still have the power to set their own device rules and so on. There's plenty of existing laws in place to allow for any kind of reporting still happen; you do not need to break all crypto forever.
> cryptoanarchy and Democracy are on a collision course
Yes, though I'd like to see your argument for that.
However, the failure mode of crypto-anarchy is perfectly secret digital companies arising, who then proceed to affect the real world for digital currency. (Such as a hitman, or an army of anonymous mercenaries conducting irregular warfare for hire.) So, basically large scale terrorism.
Probably much better than the failure mode of a bit overzealous police state.
> some of the same people who constantly criticize Swiss bank accounts, Cayman island financial shenanigans.
That's their shortsightedness. There are ways to tax that don't rely on looking into people's bank accounts. And a lot of the current expenditures could be replaced by projects that require proof of payment. So, you need to show a proof of payment otherwise no school for your kids, no healthcare, no pension, you can't use public roads, etc. And people can vote to enforce collection of money, just like now, foreclosure and repossession works on physical things.
> companies
People can vote to make records keeping mandatory (just like now), and employees have it in their interest to get things in writing. Otherwise they (also) go to jail if they did something really stupid. (It was an order is not an acceptable defense for some time.)
> Will Democracy be able to audit nothing of the interactions of citizens or our institutions in the future?
As it was unable to do so before digital records. And as it is unable to do so for criminal organizations.
And since cryptography exists and computing is becoming more and more accessible, it's getting easier and easier to maintain a secret organization with a secret ledger.
So, all in all, it's a bad thing to rely on those backdoors. It's not even a stopgap measure.
We're going to fight hard so our grandchildren have really secure email in a world where everything they do and every word they say is uploaded to the internet, transcribed and annotated in realtime by swarms of drones controlled by other kids that, only 50 years earlier, would have been at home doxxing people on Twitter.
Privacy will die, not because it's undesirable or a bad idea, it'll die like copyright and DRM - because it's technically and economically easy to defeat, and people will be motivated to do so. What's more, those people will be hard to catch - after all, the drones will be communicating over very strongly encrypted channels.
[Please refute - I genuinely have nightmares about this future]
I disagree - digital surveillance state will be gone within a decade, or twenty years at most. Already we see programs like Telegram becoming very popular (100 million users) where the opportunity for surveillance is massively reduced. Platforms are going to slowly transition towards encrypted content and data that not even service providers can decrypt (SpiderOak is a good example).
The biggest holdout will be operating systems - Google and Microsoft very much do not want to lose their backdoors (or front doors) into everyone's data. But within ten years, we will finally have a "year of Linux on desktops" in which both grandma and the young university student can both buy an Ubuntu computer and have it work how they need it to. And phones will run an OS that can't be maliciously updated remotely, and doesn't leak user data to apps and OS providers.
The final step will be near anonymous internet usage, which we are currently in the infancy of. There will be a shift to a more decentralized availability (but not necessarily storage) of data in most of the applications we use most often. Essentially Freenet, but without all the usability problems. The Facebook of the future will have open source (and encrypted) data where your info is only viewable to you and your friends. There are currently platforms that exist like this, but they are mostly in "testing" stages and are not ready for widespread use.
>Privacy will die, not because it's undesirable or a bad idea, it'll die like copyright and DRM - because it's technically and economically easy to defeat, and people will be motivated to do so.
>[Please refute - I genuinely have nightmares about this future]
Um, this is pretty easy to refute: we've been complaining about copyright and DRM for ages now, and not only are they not waning, they're at least as strong now as they've ever been. There's no indication whatsoever that copyright law is going anywhere or being relaxed in any way, in fact it's the opposite. Sure, it's generally easy to copy digital stuff (absent DRM), but that doesn't make it legal, nor has the internet become a free-for-all (quite the opposite in fact; it's more dangerous to commit copyright violations now than ever I think). Same goes for DRM: despite all the complaints, DRM is still present in many places, and you still need to use it for things like watching Netflix. It is possible to defeat it (I'm not going to say technically easy though, because a lot of it is unbroken), but what the DRM-users have proven to us is that it's non-trivial now, and more importantly it only has to be "good enough": as long as it prevents most users from doing something the copyright holder doesn't want, that's all they really care about.
In the end, they are going to introduce laws that make it illegal to implement end-to-end encryption. This sucks, but it's going to happen. France is already moving to do it [1], and in the US, John McCain and others are also calling for similar laws [2]. They will all start off saying that it will be controlled carefully etc., as Obama keeps saying, and then it will be used with reckless abandonment.
What this essentially means is a move to Android for criminals, terrorists, and anyone that wants privacy (since Android allows installation of apps that have not been approved by a gatekeeper bound by the laws of the countries it operates in, whereas iOS does not by default). Open source Android apps with strong encryption will be built in countries without such laws. All of this will likely be the downfall of a few lazy drug dealers that don't want to give up their iPhones, but since the cat is out of the bag and apps with end-to-end encryption already exist and will continue to be built, the governments making these moves will not actually catch any reasonably intelligent terrorists that install and use these apps. They will, however, gain exactly what they want: the ability to conduct surveillance on most people in the world whenever they want.
I cannot fathom end to end encryption ever being made illegal. I tremendously doubt this will ever happen in any effective manner. At worst, they will pass from vaguely worded bill that makes it illegal in the sense that you are required to decrypt data on demand for any government agency. But since we are already seeing the trend of service providers being unable to decrypt user data, I doubt that will be much of an issue either.
We will probably start seeing a lot more people getting locked up for decades for "contempt of court" by refusing or being unable to decrypt their personal data for a judge. Current record for contempt is 14 years - with no conviction and no jury.
I'm not convinced this will get past our Congress. Lindsey Graham is also not convinced [1]
The reason the Apple case is in the courts is nobody wanted to put their name on this encryption bill without understanding it. Feinstein is one of the only ones willing to so far [2]. Basically, any politician who feels they are at about the end of their career might put forth such legislation, but all the others know it'd be suicide.
One of the best ways to make such actions fail is to proliferate strong encryption in OTT messaging and for system software makers to create interfaces that enable third parties to make encryption products for all purposes including voice calls.
Making broad swathes of widely used software into contraband will be a law enforcement nightmare.
One strong point that comes out is reference to the transitory nature of governments, just because you trust yours now (!), does not mean you can trust future incarnations, don't give this kind of power to an unknown.
I agree that being open to an alternate point of view is a good idea..
We need to share facts in this debate..
We know about technology, they know about law enforcement
Let us each bring facts to the table and resist coming up with conclusions from the outset. Obama is missing some facts, and in order to convince him that's true I think we need to be open to the idea that there may be some things we do not know
We're not going to find out about those things by conjecturing. We need the administration to share any relevant details as much as they need to understand encryption technology
This is akin to the politicians that don't want to believe the science around global warming. They believe that if they just deny it, they will turn out to be correct. Obama is doing the same with "golden key" encryption. It is not that the experts are correct and know what they are talking about, it is just that they are disengaged and being stubborn.
"I'm the President of the United States of America and if I say that there must be math that gives me what I want. If you don't invent it, you are disengaged."
"And what we realized was that we could potentially build a SWAT team, a world-class technology office inside of the government that was helping across agencies. We’ve dubbed that the U.S. Digital Services."
Yes, that's a great analogy! Go with that!
"And this was a little embarrassing for me because I was the cool, early adaptor President."
This is not a fetish. This is a conflict between a government that has gotten away from the "we serve the citizens" mentality, and gone to "we'll do anything we want, routing around the constitution whenever we want, and use "serving citizens" as the excuse, and the citizens who should be able to specify, to any level detail that we want, exactly how those "servents" will serve us. It seems to be sliding away from us.
so they tell us that we have to arrange our private lives in such way that it would be easier for them to investigate/persecute us, if sometime in the future they decide that we are guilty of breaking their laws.
[with great sadness]: how low have we fallen if we seriously discussing this instead of grabbing pitchforks.
This has been the default position of US government across administrations at least since the 1976 Arms Export Control Act. Nothing has changed except that "the terrorists" have replaced "the communists".
If law was adopted to require backdoors - those who are privacy conscious would simply move their data to countries that allow for strong encryption as well as deniability.
It'd still pose an issue for when people are accessing their data, however depending on your setup this will be very hard to prove from a third-parties perspective given ample security precautions taken (ie using an offshore VPN all the time, data never full accessed locally).
For larger tech companies, I'd assume setup of a new company structure offshore and sensitive data handling to be "outsourced" offshore too (ie parts of the EU, other OECD countries).
I hate it when leaders get all upset when the balance is shifted away from them, and yet are perfectly fine when the balance tilts in their favor.
FTA: "then that I think does not strike the kind of balance that we have lived with for 200, 300 years."
200 years ago, it was not possible to cast a dragnet and catch everyone who was doing Something Bad(tm). The government had to get a warrant to open mail; today, the NSA can sift through billions of messages (metadata, they say) in a second.
Even considering US Mail: you could not keep track of who was sending whom mail, at scale. But today, every letter that is mailed has its front and back scanned (for reading the address); but more importantly, these images are saved for future use.
All of this is possible thanks to technology. And when the balance was tilting in their favor, the Establishment was quite happy. But when the balance tilts the other way, suddenly they're crying like a spoiled child whose toys have been taken away.
You can't just throw tantrums when things don't go your way. If the technology permits E2E encryption, they'll just have to live with it and find other ways to catch criminals.
Obama, the technology, sir, is absolutist. You can have it one way, with privacy, or another, complete lack of it. That's how things are, and you are, with all due respect, stupid for arguing otherwise.
[+] [-] tomlongson|10 years ago|reply
Maybe it's that he decided to use his political clout to pick healthcare as his signature in American history, not wage war against the NSA, but either way it saddens me to have campaigned for someone who has empowered a surveillance state instead of fight against it.
Liberty literally means "freedom from arbitrary or despotic government or control", and freedom in the information age means the liberty to communicate and store information. Anything to compromise that makes us all more vulnerable to control in all parts of our lives, not just those stored in zeros and ones. I believe America can be "Land of the free, home of the brave", but not without digital liberty.
[+] [-] jordanb|10 years ago|reply
A while back he advised some kids in College to never type anything into a computer if they want it to remain private. For him, it probably seems completely reasonable. I doubt he's touched a keyboard since he became president. His daughters are the only teenagers in America who've never been near Snapchat (the Secret Service will keep it that way). And he's literally surrounded by security officers and spooks everywhere he goes. They manage every interaction he has so you can imagine their worldview is going to affect him.
I'm not trying to make excuses for him. He's so completely off the deep end nowadays (between this and TPP) that it's heartbreaking as a long time supporter. I hope he leaves the presidency, leaves Washington and spends a few years thinking about what went wrong before writing his memoirs. It would be an amazing insight into the corrosive influence of Washington on a person's integrity.
[+] [-] rubbingalcohol|10 years ago|reply
[+] [-] grandalf|10 years ago|reply
Obama's campaign promises are as empty as those of any other politician. He's used his presidency to bring a windfall to the Halliburtons of healthcare and escalated the war on whistleblowers and the attack on privacy.
His successor will do the same.
We can hope that his supporters become appropriately disillusioned, but so much of politics is about loyalty in exchange for spoils, not ideas or accountability, so I'm not optimistic.
[+] [-] ocdtrekkie|10 years ago|reply
I voted for Obama twice. I regret both.
[+] [-] spoiledtechie|10 years ago|reply
[+] [-] rdl|10 years ago|reply
Ted Cruz/Paul Ryan/Ron Paul might be the closest thing to that. Bernie Sanders, maybe, although I'd have a hard time seeing him maintain an 8 year long fight. Everyone else is basically establishment to some degree (Trump doesn't strike me as ideological as much as opportunist++, although certainly different in style than the others.)
(And maybe you want someone reasonable/rational/etc. but not ideological as President.)
[+] [-] ap22213|10 years ago|reply
I haven't always been happy with some of his decisions and policies. But, my guess is that he's constantly being whispered the worst case scenarios.
A president probably feels responsibility for the well being of hundreds of millions of people. And, all that it takes are a few highly polished ex-lobbiest communicators whispering, 'if you won't strengthen this program, Mr. President, then a terrorist will unleash a dirty bomb on the east coast and injure tens of millions.' Who would want to be responsible for that? 'Oh, just wiretap citizens? I guess that doesn't seem too bad if it's an either-or-decision.'
Unfortunately, I don't see a way out of this mess. Bin Laden won when he turned the US into a 24-7 terror watch. Now, we live by fear and over-protection against an enemy that we can't see.
[+] [-] chadzawistowski|10 years ago|reply
According to who? The definition of liberty is still a matter of philosophical debate, as far as I understand it.
[+] [-] api|10 years ago|reply
[+] [-] graycat|10 years ago|reply
What did you expect?
[+] [-] eigenvector|10 years ago|reply
Mr. Obama, you are the one who upset the balance with secret, dragnet surveillance of nearly all communications. That's not the bargain the public has had with law enforcement for the last 300 years. Widespread, end-to-end encryption is simply the natural reaction to the arms race you started. We would have never come to this point if the government had kept surveillance within court-supervised bounds.
[+] [-] studentrob|10 years ago|reply
I'm not sure this is the argument to make to Obama and the DOJ. They are already framing this as a privacy issue
The factors they understand are the public safety and economic impacts. Let us speak to those points and allow privacy to be a secondary concern. Obama himself told President Xi last year that the exact same policies would dramatically hurt Xi's economy [1]
[1] http://www.reuters.com/article/us-usa-obama-china-idUSKBN0LY...
[+] [-] over|10 years ago|reply
[+] [-] ossreality|10 years ago|reply
He's at fault for keeping them in place, but that's about it.
[+] [-] cromwellian|10 years ago|reply
But if companies were to implement the same sorts of impenetrable encryption, on every device, all the way down to the corporate desktop, in a way that not even the company executives themselves can read the email of their own employees, then lots of regulations the government applies to companies would be mooted.
Taken to the extreme, if all communication is digital, and 100% impregnable, and people maintain good OpSec, then it will be hard to impossible to execute lawsuits or regulatory investigations into malfeasance because they'll be no paper trail.
The end result of going full tilt on crypto is cryptoanarchy. This was pretty much well argued in the 90s among the cypherpunks community. Most of the libertarians and Objectivists were salivating over how strong crypto protocols would end fiat currency, end taxation, end regulation, and so on.
So how far as a society are we willing to take this? Does it just extend to private data? Does it extend to transactions? To payments you make for things? To transfers of money? To business transactions? Will Democracy be able to audit nothing of the interactions of citizens or our institutions in the future?
You don't have to agree with Obama's position to see that cryptoanarchy and Democracy are on a collision course, and it makes sense to discuss the possibilities openly without just plugging your ears and taking an absolutist position that demonizes anyone who disagrees.
[+] [-] studentrob|10 years ago|reply
It's about security vs. security. [1] [2] [3]
On balance, putting backdoors in phones will make us less secure, because criminals will just use other methods to communicate, and the public will be putting their data within reach of every hacker in the world through a government-imposed weakness.
The administration is unlikely to understand our privacy concerns. They do understand economic and public safety issues, and it is the facts around these issues that we must share with them. President Obama himself told President Xi last year that introducing backdoor legislation would hurt his economy [4]. Let's make Obama's argument back to him
[1] https://youtu.be/g1GgnbN9oNw?t=3h35m52s
[2] https://youtu.be/g1GgnbN9oNw?t=3h11m46s
[3] https://youtu.be/g1GgnbN9oNw?t=3h19m39s
[4] http://www.reuters.com/article/us-usa-obama-china-idUSKBN0LY...
[+] [-] mattmanser|10 years ago|reply
There's no good reason they have to have access to electronic devices, they can install cameras and mics. It's just easier going straight to the phones and emails.
But they had that power and they abused it massively, and are now suffering the backlash, and why should privacy stop given they've demonstrated they can't be proportional in their surveillance?
They were not specific with what they got from the phones and emails, so they've demonstrated they're not responsible or measured and now strong encryption is necessary as government has clearly shown that secret courts === warrantless mass surveillance.
The other thing that's clear is that the US couldn't care less about privacy for anyone not in the US, so all us non-US citizen need this encryption to protect us from your peeping tom government.
[+] [-] BWStearns|10 years ago|reply
Regulatory enforcement is fairly easy: in order to have a license to operate your coal plant, you agree to hand over documents x, y, z. If in your crypto-dystopia I handed over encrypted docs instead of the plaintext for my coal plant I would just have my business fined out of existence just like would happen now.
If I have incriminating documents and no crypto I'm not going to encrypt them, I'm going to slag the hard drives they're on and burn the paper copies.
If you're a public official: make it illegal to use encryption beyond the provided email encryption (which the agency IT dept can also read). I think you can make the case that it is already illegal since an internally encrypted message that you refuse to decrypt (at the request of a superior, a court, or investigation) would have to have been misuse of gov't property (your first amendment rights do not allow you to use government systems for private use and you explicitly have no privacy with respect to the scenario mentioned above when you use them).
People have always had plenty of ways to be shitheads and get away with it, and there have always been mechanisms to make those decisions costly. These things continue to be true despite the presence of strong crypto.
The reason an "absolutist" position here makes sense is because this is a binary choice between everyone legally having security, or no one legally having security. Until now we haven't had to make this choice because neither was an option, we just all existed in a vague middle ground dictated by our circumstances, number of shits given, and technical acumen. True, you might not have had access to cryptography, but you didn't have data to encrypt so you lost nothing by having no encryption. Now everyone has a lot to lose but not everyone realizes that.
[+] [-] eigenvector|10 years ago|reply
In the past, Apple had your iMessage data, or at least the ability to decrypt it on-demand. It was understood that this data would be private by default, but would be disclosed to the government through an established, case-by-case process supervised by the courts. Everyone was pretty much OK with this. You and I got our data kept private, unless there was some material, specific reason for the government to suspect it was related to a crime. The government got to dump the data of people under investigation, if a court thought there was good reason to do so.
Then the government went nuclear. They said, here's a National Security Letter that compels you to give us everything you have. Bulk data. Any cooperation that is physically possible. You can't talk about it and you can't appeal to the courts. If you have to capability to MiTM all of your users and pipe everything to us, you have to do it. No oversight, no transparency and no safeguards. Whatever we do with the data is up to us.
In this context, what alternative do tech companies have besides to similarly escalate and build systems that make it physically impossible for them to cooperate?
The government destroyed the social compact between telecom providers and law enforcement with forced, secret bulk surveillance. If the government is willing to step back and make binding, unequivocal commitments that companies that do maintain the ability to decrypt their users' communications won't be forced to secretly use them en masse, maybe we can go back to the old status quo. But the government doesn't seem willing to do that. They want cooperation, but they also want the ability to bust in the back door with an NSL and say "give us everything, on everyone."
The legal system has become so tilted in the government's favour (see: the inability to challenge the constitutionality of bulk surveillance, because you can't prove it happened to you), that companies will no longer trust in the old procedural safeguards. The only thing we can trust is the mathematically proven safety of encryption. And that's the government's fault. So now we are forced to chose between absolute privacy and zero privacy.
So far, I think Apple is making the right choice.
[+] [-] revelation|10 years ago|reply
In any case, I surely hope my bank is already practicing that kind of opsec. That doesn't mean they suddenly stop giving reports to the government. Why would it? That's just.. what?
[+] [-] coldtea|10 years ago|reply
And there's nothing preventing law enforcement to find about these by tons of other means, including checking suspected bank transactions with a warrant.
People determined to communicate without anyone hearing, e.g. to setup their tax-haven accouts-- can do it in 2000 ways. Mass surveillance is about all the others who casually exchange data and discussions.
>The end result of going full tilt on crypto is cryptoanarchy.
That sounds like, but is not, a thing.
[+] [-] stillsut|10 years ago|reply
Now the suspect's money is in a Goldman Sachs account and the bank tells the gov't they couldn't just break into their client's financial records and find out who transferred them money. This is a "secret trust" account where nobody - not even Goldman employees - can recover transnational records. What kind of precedent would that set? What about if China wanted to find out bank transactions?
Some say this is hate-crime is one of the worst in decades and it's worth finding out if we are at risk for more. Opponents say banking privacy is an absolute right.
Can anyone tell me if they story ran in national news, the CEO of Goldman would not be facing charges of treason right now?
[+] [-] mikeash|10 years ago|reply
Yet regulators seem to still be able to get the information they need. They're often nearly toothless, but that's because of politics, not technology.
[+] [-] jes5199|10 years ago|reply
fortunately, that never happens. Even the strongest defenses consistently fall to human error
[+] [-] erkkie|10 years ago|reply
Having access to proper crypto at all, as an option, does not mean everything will inevitably be encrypted and not controlled for. Companies will still have the power to set their own device rules and so on. There's plenty of existing laws in place to allow for any kind of reporting still happen; you do not need to break all crypto forever.
[+] [-] pas|10 years ago|reply
Yes, though I'd like to see your argument for that.
However, the failure mode of crypto-anarchy is perfectly secret digital companies arising, who then proceed to affect the real world for digital currency. (Such as a hitman, or an army of anonymous mercenaries conducting irregular warfare for hire.) So, basically large scale terrorism.
Probably much better than the failure mode of a bit overzealous police state.
> some of the same people who constantly criticize Swiss bank accounts, Cayman island financial shenanigans.
That's their shortsightedness. There are ways to tax that don't rely on looking into people's bank accounts. And a lot of the current expenditures could be replaced by projects that require proof of payment. So, you need to show a proof of payment otherwise no school for your kids, no healthcare, no pension, you can't use public roads, etc. And people can vote to enforce collection of money, just like now, foreclosure and repossession works on physical things.
> companies
People can vote to make records keeping mandatory (just like now), and employees have it in their interest to get things in writing. Otherwise they (also) go to jail if they did something really stupid. (It was an order is not an acceptable defense for some time.)
> Will Democracy be able to audit nothing of the interactions of citizens or our institutions in the future?
As it was unable to do so before digital records. And as it is unable to do so for criminal organizations.
And since cryptography exists and computing is becoming more and more accessible, it's getting easier and easier to maintain a secret organization with a secret ledger.
So, all in all, it's a bad thing to rely on those backdoors. It's not even a stopgap measure.
[+] [-] thom|10 years ago|reply
Privacy will die, not because it's undesirable or a bad idea, it'll die like copyright and DRM - because it's technically and economically easy to defeat, and people will be motivated to do so. What's more, those people will be hard to catch - after all, the drones will be communicating over very strongly encrypted channels.
[Please refute - I genuinely have nightmares about this future]
[+] [-] beeboop|10 years ago|reply
The biggest holdout will be operating systems - Google and Microsoft very much do not want to lose their backdoors (or front doors) into everyone's data. But within ten years, we will finally have a "year of Linux on desktops" in which both grandma and the young university student can both buy an Ubuntu computer and have it work how they need it to. And phones will run an OS that can't be maliciously updated remotely, and doesn't leak user data to apps and OS providers.
The final step will be near anonymous internet usage, which we are currently in the infancy of. There will be a shift to a more decentralized availability (but not necessarily storage) of data in most of the applications we use most often. Essentially Freenet, but without all the usability problems. The Facebook of the future will have open source (and encrypted) data where your info is only viewable to you and your friends. There are currently platforms that exist like this, but they are mostly in "testing" stages and are not ready for widespread use.
[+] [-] Grishnakh|10 years ago|reply
Um, this is pretty easy to refute: we've been complaining about copyright and DRM for ages now, and not only are they not waning, they're at least as strong now as they've ever been. There's no indication whatsoever that copyright law is going anywhere or being relaxed in any way, in fact it's the opposite. Sure, it's generally easy to copy digital stuff (absent DRM), but that doesn't make it legal, nor has the internet become a free-for-all (quite the opposite in fact; it's more dangerous to commit copyright violations now than ever I think). Same goes for DRM: despite all the complaints, DRM is still present in many places, and you still need to use it for things like watching Netflix. It is possible to defeat it (I'm not going to say technically easy though, because a lot of it is unbroken), but what the DRM-users have proven to us is that it's non-trivial now, and more importantly it only has to be "good enough": as long as it prevents most users from doing something the copyright holder doesn't want, that's all they really care about.
[+] [-] downandout|10 years ago|reply
What this essentially means is a move to Android for criminals, terrorists, and anyone that wants privacy (since Android allows installation of apps that have not been approved by a gatekeeper bound by the laws of the countries it operates in, whereas iOS does not by default). Open source Android apps with strong encryption will be built in countries without such laws. All of this will likely be the downfall of a few lazy drug dealers that don't want to give up their iPhones, but since the cat is out of the bag and apps with end-to-end encryption already exist and will continue to be built, the governments making these moves will not actually catch any reasonably intelligent terrorists that install and use these apps. They will, however, gain exactly what they want: the ability to conduct surveillance on most people in the world whenever they want.
[1] http://fortune.com/2016/03/04/french-law-apple-iphone-encryp...
[2] http://www.digitaltrends.com/computing/senator-mccain-joins-...
[+] [-] beeboop|10 years ago|reply
We will probably start seeing a lot more people getting locked up for decades for "contempt of court" by refusing or being unable to decrypt their personal data for a judge. Current record for contempt is 14 years - with no conviction and no jury.
[+] [-] studentrob|10 years ago|reply
The reason the Apple case is in the courts is nobody wanted to put their name on this encryption bill without understanding it. Feinstein is one of the only ones willing to so far [2]. Basically, any politician who feels they are at about the end of their career might put forth such legislation, but all the others know it'd be suicide.
[1] https://youtu.be/uk4hYAwCdhU?t=1m44s
[2] http://www.politico.com/tipsheets/morning-cybersecurity/2016...
[+] [-] Zigurd|10 years ago|reply
Making broad swathes of widely used software into contraband will be a law enforcement nightmare.
[+] [-] tudorw|10 years ago|reply
[+] [-] joelhaus|10 years ago|reply
http://lesswrong.com/lw/85h/better_disagreement/
[+] [-] studentrob|10 years ago|reply
We need to share facts in this debate..
We know about technology, they know about law enforcement
Let us each bring facts to the table and resist coming up with conclusions from the outset. Obama is missing some facts, and in order to convince him that's true I think we need to be open to the idea that there may be some things we do not know
We're not going to find out about those things by conjecturing. We need the administration to share any relevant details as much as they need to understand encryption technology
[+] [-] thoughtsimple|10 years ago|reply
"I'm the President of the United States of America and if I say that there must be math that gives me what I want. If you don't invent it, you are disengaged."
[+] [-] plcancel|10 years ago|reply
"And what we realized was that we could potentially build a SWAT team, a world-class technology office inside of the government that was helping across agencies. We’ve dubbed that the U.S. Digital Services."
Yes, that's a great analogy! Go with that!
"And this was a little embarrassing for me because I was the cool, early adaptor President."
Cooler and adepter!
https://www.bostonglobe.com/news/nation/2016/03/11/transcrip...
[+] [-] SwimAway|10 years ago|reply
[+] [-] a3n|10 years ago|reply
[+] [-] aldeluis|10 years ago|reply
http://www.lasexta.com/programas/el-objetivo/noticias/entrev...
[+] [-] shitgoose|10 years ago|reply
[with great sadness]: how low have we fallen if we seriously discussing this instead of grabbing pitchforks.
[+] [-] brudgers|10 years ago|reply
It doesn't matter who says it.
[+] [-] jonathanmh|10 years ago|reply
[+] [-] Mandatum|10 years ago|reply
It'd still pose an issue for when people are accessing their data, however depending on your setup this will be very hard to prove from a third-parties perspective given ample security precautions taken (ie using an offshore VPN all the time, data never full accessed locally).
For larger tech companies, I'd assume setup of a new company structure offshore and sensitive data handling to be "outsourced" offshore too (ie parts of the EU, other OECD countries).
[+] [-] 1024core|10 years ago|reply
FTA: "then that I think does not strike the kind of balance that we have lived with for 200, 300 years."
200 years ago, it was not possible to cast a dragnet and catch everyone who was doing Something Bad(tm). The government had to get a warrant to open mail; today, the NSA can sift through billions of messages (metadata, they say) in a second.
Even considering US Mail: you could not keep track of who was sending whom mail, at scale. But today, every letter that is mailed has its front and back scanned (for reading the address); but more importantly, these images are saved for future use.
All of this is possible thanks to technology. And when the balance was tilting in their favor, the Establishment was quite happy. But when the balance tilts the other way, suddenly they're crying like a spoiled child whose toys have been taken away.
You can't just throw tantrums when things don't go your way. If the technology permits E2E encryption, they'll just have to live with it and find other ways to catch criminals.
[+] [-] kailuowang|10 years ago|reply
[+] [-] exabrial|10 years ago|reply
"You don't need a gun"
Oddly enough both are classified as munitions.
[+] [-] x5n1|10 years ago|reply