> Attorney General William Barr said in a speech last month that encrypted messaging services allow "criminals to operate with impunity." The cost of encryption is “ultimately measured in a mounting number of victims — men, women and children who are the victims of crimes, crimes that could have been prevented if law enforcement had been given lawful access to encrypted evidence,"
This disgraceful, emotionally manipulative statement is an obvious lie. Police/FBI/etc have have access to far more information about criminals than any point in history. The average person (criminals included) leaves behind an incredible amount of "digital exhaust". They should be able to build a complete pattern-of-life easily with 3rd party data (e.g. ad tracking), various side channels, and the massive amount of metadata[1] recorded every time criminals used their phone.
Of course, using all of that data to find a criminal requires actual detective work specific to each case. Encryption (especially on a phone examined after a crime) isn't preventing law enforcement from investigating crimes; it is, however, harder to automate. This anti-encryption argument is really about automated mass surveillance, not finding specific criminals.
And it's crystal clear and obvious in this case that it doesn't matter. The man shot a bunch of people, and was subsequently killed to stop his slaughter. There is no doubt to his guilt. There is no case to build. While the public may wish to know more about the shooters motives, that's not something the public or any law enforcement agency needs to keep people safe.
This guy's (now deceased) sister drove him to the location. So she was in on it, too. (Why she's not included as a perpetrator in discussions about this event is odd.)
I'm sure he left evidence that goes well beyond his own phone if he was planning and plotting with others. They should have no trouble piecing this together with or without his phone.
Maybe they can’t build a profile via ad tracking, because ad tracking isn’t as invasive/doesn’t collect data which can be tied back to a specific name.
Well, everyone is talking about how excited they are to violate the 2nd Amendment. Might as well violate the 4th, too, and maybe the 1st and 5th while we are at it. All in the name of safety.
If Apple does not give you the tools to decrypt messages on their phones, doesn't that make it "impossible" to automate, where automate is defined as any version of "decrypting the data on the phone"?
Is the American government position “Guns don’t kill people, encryption kills people”, or am I just combining the personal opinions of a bunch of unrelated people who work for the government?
In the US, there are more firearms than people. About one-third of all households have at least one firearm [0]. The vast majority of these people have never had a serious brush with law enforcement, but some significant portion would refuse to part with their guns if a ban were enacted tomorrow. While it is said that nearly all Americans are felons [1], most Americans do not intentionally commit felonies or think of themselves as being on the opposite side of things from law enforcement. That would suddenly change for millions of ban-defying US citizens, and it's hard for me to imagine a likely scenario where that decreases violence in the US.
It really does seem to be that is the position. There are a lot of backwards nutjobs in the government right now, blaming other backwards nutjobs, while the rest of us sane people are trying to duct tape society together.
Guns don't kill people, encryption doesn't kill people, backwards nutjobs kill people. Politics in America, currently, can entirely be summed up as the Spiderman pointing at Spiderman meme.
The position is actually: never let a tragedy or crisis pass by without trying to use it to expand the power of the government.
They have no such actual position regarding encryption killing people, they're entirely flexible, able and more than willing to sway with the wind when it presents. Whether or not encryption kills people, so to speak, is not their concern, it's nothing more than the opportunistic excuse framing. They'll use anything that will stick, anything that gets the result they're seeking.
This was exactly my thought when I read this article. But the scariest thing is that, what US Govt decides have huge implications for the whole world!
Having a backdoor in software NOT only enables US government and other cyber criminals to have access. It also enables other governments like Russian, Chinese, Israilean, North Korean governments too! Keep that in mind too.
Relating the two is provocative. And it just caused me to wonder whether part of difficulty of advocating for privacy might now be that privacy rights advocacy will get blurred with gun rights advocacy, in the minds of people already people fatigued by, and skeptical of, the latter.
Actually the general consensus in the US government would be that everything kills people and must be regulated by people who don't understand it and who have conflicts of interest. That way people will stop dying.
We(HN commenters) all know that the demonization of encryption is bullshit. What we need to do is to figure out how to communicate that effectively to the public.
"Authorities want every house in America to be remodeled to include a second front door with a special government lock. They promise to only give police departments, contractors, and/or federal employees access to the single master key that can be instantly and easily copied and shared over the internet and opens every single house and business in America. Even if we trusted the government with this power, how could that go wrong?"
I think there are different counters that will resonate for different people:
You can oppose banning/weakening encryption because you believe encryption is an irreplaceable tool for security.
You can oppose banning encryption because you believe that would actually be an ineffective tactic for preventing crime.
You can oppose banning encryption because you believe such bans violate inherent civil liberties.
There's another one that's really hard for me to explain -- You can oppose banning encryption because you've read Shannon or have a general sense of how RC4 worked and it feels just gross to ban basic operations, like shuffling information in a particular way. It's a bit like banning addition, or like banning pig latin.
I hear rebuttals and debates around the first three, but I don't think there's an effective rebuttal to the last one, which is just a paradigm shift. It's like, "I don't support this because I do not understand information the way you do."
Maybe we should print copies of "A Mathematical Theory of Communication" and leave them in hotel rooms, like the Gideons do with Bibles.
In part, we need a better lobby, or more lobbyists, who can break down what the real issues are and effectively explain those to Congress and the government.
Though, this reeks of the Executive branch making a scapegoat out of tech to distract from the gun industry, just like getting Walmart to pull game adverts and talking about "red flag" laws.
And gun owners know the demonization of guns is bullshit. Perhaps we could find common cause against government - mandated disarmament instead of trying to shift the blame elsewhere?
We can't expect layman and ordinary people to understand the real consequences and implications of the misinformation and misleading from government and corporations involved in surveillance.
We on HN and every one that really understand the matter will need to keep fight for ourselves and others.
But I believe trying to find a answer to your question a great exercise that contributes very much. I just don't have a good answer.
Maybe something like, they cant even keep our PII safe... what di you think will happened with our key
Law enforcement needs to go back to old-school detective techniques if they really need that phone data. Encryption is code, code is speech. Encryption keeps banks safe from criminals.
Are we going to go through this for every administration now?
Even if you do not have a problem with giving government keys to, say, the iPhone, then you have to deal with every piece of software someone writes to enable encryption.
You'd literally have to convince every person in the world to not write or use encryption software in "the wrong" ways. And, that's impossible because encryption exists to protect society from criminals. I don't see another way around this.
“It is prudent to anticipate that a major incident may well occur at any time that will galvanize public opinion on these issues ... Whether we end up with legislation or not, the best course for everyone involved is to work soberly and in good faith together to craft appropriate solutions, rather than have outcomes dictated during a crisis.” -- AG William Barr, July 23 2019
"Never let a good crisis go to waste" -- Winston Churchill, probably
Of course. The FBI always claims this shit because in their opinion no longer having access to everyone’s data is “going dark” and throughout history they have always had complete access to everyone and everything.
They don’t stand here saying “we need to deal with white supremecists”, they say “we need the ability to violate everyone’s rights”. They already have a public track record of mass illegal surveillance.
“ultimately measured in a mounting number of victims — men, women and children who are the victims of crimes, crimes that could have been prevented if law enforcement had been given lawful access to encrypted evidence,"
I don't understand this. How would getting into his phone post facto stop the shooting? Do they have a time machine?
FTA: "The cost of encryption is “ultimately measured in a mounting number of victims — men, women and children who are the victims of crimes, crimes that could have been prevented if law enforcement had been given lawful access to encrypted evidence,".
By the same reasoning, had the shooter ran away because he drove a car faster than police ones, we should ban all sports cars then?
If the NSA can’t keep foreign intelligence from stealing its encryption keys, how can we expect the government to protect any backdoor into our devices? I’m not willing to trade ownership of my phone and my bank accounts to the government on some promise they’ll use it to keep me safe. Only an idiot would take that bargain.
> FBI tells lawmakers it can't access Dayton gunman's phone
Lawmakers tell FBI it's too late the dead don't come back to life, and ask what the fuck were they all doing before the massacre given all the warning signs (regarding both the shooter and the readily availability of firearms for purchase)...
I want to know what changed between 2016, when the FBI bought a tool to hack the San Bernardino shooters iPhone[1] for $900,000[2] and now — with presumably an up-to-date iPhone running 2019 iOS — that forced them to come to this conclusion.
50 years from now: AG Joe Bare said in a speech last month that FBI couldn't access recordings of the felons thoughts because the opted out from brain chip implant; he further said that the practice of letting some individuals hiding their thoughts from authorities has a high cost of mounting number of victims, some of whom are kids. He added that the 1st amendment gives far too much freedom and needs to be rethought in the changed society.
this will escalate quickly. figure 5 years or fewer until we see laws that have insanely harsh penalties (20 years in prison) for using non-backdoored encryption.
This will not work for many reasons, most importantly:
- Key escrow or government-enabled crypto doesn't work
- Creating classes of encryption doesn't work (Excluding a group and not allowing them to use the same crypto as another group)
- If someone is going to do something unlawful, they will use something else that isn't accessible by the government; take away phone encryption and they will simply use something else
Unless those points are solved, the whole 'should we allow it' discussion is pointless anyway.
Tacking on to that: most of that stuff doesn't work because you can't really physically enforce it; it's an intellectual barrier which due to the way we can simply talk to each other as humans is super easy to circumvent. This was tried with export controls, but that didn't actually work for the information itself; only for commercial products.
If they got access but don't find anything of interest, it's of no use to them to let folks know they can access the phone. It will only make the paranoid more paranoid.
Access to the phone I think is overrated. Getting access to social media accounts, email accounts, text message, chatting apps, and cloud backup probably gives them more than 80% of what they need.
[+] [-] pdkl95|6 years ago|reply
This disgraceful, emotionally manipulative statement is an obvious lie. Police/FBI/etc have have access to far more information about criminals than any point in history. The average person (criminals included) leaves behind an incredible amount of "digital exhaust". They should be able to build a complete pattern-of-life easily with 3rd party data (e.g. ad tracking), various side channels, and the massive amount of metadata[1] recorded every time criminals used their phone.
Of course, using all of that data to find a criminal requires actual detective work specific to each case. Encryption (especially on a phone examined after a crime) isn't preventing law enforcement from investigating crimes; it is, however, harder to automate. This anti-encryption argument is really about automated mass surveillance, not finding specific criminals.
[1] "We kill people based on metadata" https://www.youtube.com/watch?v=UdQiz0Vavmc
[+] [-] bredren|6 years ago|reply
Digital forensics is way outside typical leo training and believe it or not you can make a lot more money in the private sector with IT training.
Local, state and federal case loads get backlogged behind, leaving the highest priority cases to get staffed.
[+] [-] otakucode|6 years ago|reply
[+] [-] sorokod|6 years ago|reply
I think that at this point of the 21st century, this is 100 % detective work.
[+] [-] fortran77|6 years ago|reply
I'm sure he left evidence that goes well beyond his own phone if he was planning and plotting with others. They should have no trouble piecing this together with or without his phone.
[+] [-] dymk|6 years ago|reply
[+] [-] jeffdavis|6 years ago|reply
[+] [-] MuffinFlavored|6 years ago|reply
If Apple does not give you the tools to decrypt messages on their phones, doesn't that make it "impossible" to automate, where automate is defined as any version of "decrypting the data on the phone"?
[+] [-] ben_w|6 years ago|reply
[+] [-] randallsquared|6 years ago|reply
[0] https://www.npr.org/2016/01/05/462017461/guns-in-america-by-... [1] https://ips-dc.org/three-felonies-day/
[+] [-] DiabloD3|6 years ago|reply
Guns don't kill people, encryption doesn't kill people, backwards nutjobs kill people. Politics in America, currently, can entirely be summed up as the Spiderman pointing at Spiderman meme.
[+] [-] adventured|6 years ago|reply
They have no such actual position regarding encryption killing people, they're entirely flexible, able and more than willing to sway with the wind when it presents. Whether or not encryption kills people, so to speak, is not their concern, it's nothing more than the opportunistic excuse framing. They'll use anything that will stick, anything that gets the result they're seeking.
[+] [-] unsungNovelty|6 years ago|reply
Having a backdoor in software NOT only enables US government and other cyber criminals to have access. It also enables other governments like Russian, Chinese, Israilean, North Korean governments too! Keep that in mind too.
[+] [-] neilv|6 years ago|reply
[+] [-] treebeard901|6 years ago|reply
[+] [-] kurthr|6 years ago|reply
[+] [-] mirimir|6 years ago|reply
More like "Guns don't kill people, people kill people." plus "Encryption hinders us from finding people who commit crimes."
[+] [-] TheLastPass|6 years ago|reply
[+] [-] 01100011|6 years ago|reply
[+] [-] bo1024|6 years ago|reply
[+] [-] thirstywhimbrel|6 years ago|reply
You can oppose banning/weakening encryption because you believe encryption is an irreplaceable tool for security.
You can oppose banning encryption because you believe that would actually be an ineffective tactic for preventing crime.
You can oppose banning encryption because you believe such bans violate inherent civil liberties.
There's another one that's really hard for me to explain -- You can oppose banning encryption because you've read Shannon or have a general sense of how RC4 worked and it feels just gross to ban basic operations, like shuffling information in a particular way. It's a bit like banning addition, or like banning pig latin.
I hear rebuttals and debates around the first three, but I don't think there's an effective rebuttal to the last one, which is just a paradigm shift. It's like, "I don't support this because I do not understand information the way you do."
Maybe we should print copies of "A Mathematical Theory of Communication" and leave them in hotel rooms, like the Gideons do with Bibles.
[+] [-] mattlutze|6 years ago|reply
Though, this reeks of the Executive branch making a scapegoat out of tech to distract from the gun industry, just like getting Walmart to pull game adverts and talking about "red flag" laws.
[+] [-] s17n|6 years ago|reply
The correct framing: "Encryption maintains the status quo by denying law enforcement access to data that previously was not stored"
[+] [-] deogeo|6 years ago|reply
[+] [-] DuskStar|6 years ago|reply
[+] [-] bubble_talk|6 years ago|reply
[+] [-] andrerm|6 years ago|reply
We on HN and every one that really understand the matter will need to keep fight for ourselves and others.
But I believe trying to find a answer to your question a great exercise that contributes very much. I just don't have a good answer.
Maybe something like, they cant even keep our PII safe... what di you think will happened with our key
[+] [-] jchanimal|6 years ago|reply
[+] [-] ryacko|6 years ago|reply
You can’t explain it in one sentence, you have to explain cultures, subcultures, how each subculture interacts, etc.
It won’t matter anyway, it impacts the average person in the most indirect way imaginable.
[+] [-] eitland|6 years ago|reply
[+] [-] tomatotomato37|6 years ago|reply
[+] [-] verizonuser|6 years ago|reply
[+] [-] switch007|6 years ago|reply
[+] [-] SimeVidas|6 years ago|reply
[+] [-] CPLX|6 years ago|reply
[+] [-] studentrob|6 years ago|reply
Are we going to go through this for every administration now?
Even if you do not have a problem with giving government keys to, say, the iPhone, then you have to deal with every piece of software someone writes to enable encryption.
You'd literally have to convince every person in the world to not write or use encryption software in "the wrong" ways. And, that's impossible because encryption exists to protect society from criminals. I don't see another way around this.
[+] [-] sehugg|6 years ago|reply
"Never let a good crisis go to waste" -- Winston Churchill, probably
[+] [-] olliej|6 years ago|reply
They don’t stand here saying “we need to deal with white supremecists”, they say “we need the ability to violate everyone’s rights”. They already have a public track record of mass illegal surveillance.
[+] [-] Zhenya|6 years ago|reply
I don't understand this. How would getting into his phone post facto stop the shooting? Do they have a time machine?
[+] [-] squarefoot|6 years ago|reply
By the same reasoning, had the shooter ran away because he drove a car faster than police ones, we should ban all sports cars then?
[+] [-] merpnderp|6 years ago|reply
[+] [-] coldtea|6 years ago|reply
Lawmakers tell FBI it's too late the dead don't come back to life, and ask what the fuck were they all doing before the massacre given all the warning signs (regarding both the shooter and the readily availability of firearms for purchase)...
[+] [-] docbrown|6 years ago|reply
1: https://www.engadget.com/2016/04/07/fbi-iphone-third-party-t...
2: https://www.engadget.com/2017/05/08/fbi-paid-900000-to-unloc...
[+] [-] bro25|6 years ago|reply
[+] [-] fnord77|6 years ago|reply
[+] [-] oneplane|6 years ago|reply
This will not work for many reasons, most importantly:
- Key escrow or government-enabled crypto doesn't work
- Creating classes of encryption doesn't work (Excluding a group and not allowing them to use the same crypto as another group)
- If someone is going to do something unlawful, they will use something else that isn't accessible by the government; take away phone encryption and they will simply use something else
Unless those points are solved, the whole 'should we allow it' discussion is pointless anyway.
Tacking on to that: most of that stuff doesn't work because you can't really physically enforce it; it's an intellectual barrier which due to the way we can simply talk to each other as humans is super easy to circumvent. This was tried with export controls, but that didn't actually work for the information itself; only for commercial products.
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] hedora|6 years ago|reply
Is it that they need the phone to tell them that white supremacy and assault rifles are things that exist in the US?
Do they need the phone data for a conviction?
I don’t understand what they expect to do with whatever they find that they can’t get from other sources.
They can get location history and a pretty good idea what and who he communicated with from ISP and cell logs, etc.
[+] [-] alistproducer2|6 years ago|reply
[+] [-] segmondy|6 years ago|reply
Access to the phone I think is overrated. Getting access to social media accounts, email accounts, text message, chatting apps, and cloud backup probably gives them more than 80% of what they need.