It's interesting how governments come to feel entitled to forms of surveillance. For thousands of years financial transactions were completely illegible to government. They took place hand to hand, either in cash or barter. But now that transactions are digitized, it is actually illegal to conduct certain types of transactions anonymously (KYC/AML laws). This came about because governments got used to being able to peer into the financial lives of their citizens, and once they got used to it, they didn't like it when people circumvented that, so they made it a crime.
The same is true here of private messaging. Governments got used to being able to read our messages. They have come to rely on it. And so now they want to make it illegal for us to keep them out.
I guess what i'm saying is: We ought to be extremely careful what we allow our governments to get used to doing. There is an argument to be made that the original sin here was allowing wiretaps at all, even when the medium was un-encrypted.
After WWII, the US imposed a constitution on Japan. Here's Article 21: "Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed.
No censorship shall be maintained, nor shall the secrecy of any means of communication be violated."
All wiretapping was illegal in Japan until 1999.[1] Even today, it's very rare. 40 wiretaps in 2017.[2]
You talk about governments as if they were an alien sentient life form ("governments ... feel entitled"). They're not. They are groups of people who serve constituencies. You could tell the exact same story in reverse: the lack of surveillance technology made people feel entitled to anonymous financial transactions. The feelings of entitlement (if you want to call them that) follow the available technology. But ultimately these decisions are always trade-offs between one feeling of entitlement in one constituency and another feeling of entitlement in another. In this case, one side feels entitled to privacy, the other, to security (or the illusion of security, which some people find valuable even in the absence of actual security).
I point this out not because I disagree with your baseline position that privacy is valuable. I don't. I point this out because i believe that arguing for it on the basis that government feelings of entitlement are somehow less legitimate than the feeling of entitlement of non-governmental constituencies is not going to be an effective strategy because it's based on a false premise.
AML laws are nuts. They operate on the presumption of guilt. That is, the burden of proof is on you to prove the money's provenance is not illegal. It's pretty scary. I have some BTC I mined back when they weren't worth much and those AML laws make me worried to cash out.
What we need are innovative ways for organizations to manage and organize themselves without relying on the traditional method of putting a few people or special interest groups “in charge”. Inevitably, the types of people who seek out those roles wreck the intentions of the organization that they lead.
It's not that they got used, it's simply because they can do it with today's technology. They quickly got to using all sorts of atrocious things such as poison gas and nuclear bombs as soon as they were possible. Same with street surveillance. The cat's out of the bag now, can't turn time back and pretend we can't track every message anymore since we had cheap storage, cameras, internet and AI to sort through the collected data.
It's not that "the government" feels entitled, but rather that surveillance - even and especially the very limited, court-approved, kind - is essential to law enforcement. As in dismantling organized crime and preventing terror attacks.
For me it feels too easy to say "the government" has no legitimate interest in intercepting communications.
There's nothing wrong in what you've said, but it doesn't help with the other side of the argument, which is catching child abusers/terrorists/baddies.
The biggest problem (and my understanding is that it's much more widespread than the others we hear about) is the sharing of child abuse imagery.
I think these governments and the EFF are both being willfully blind asses here. Governments don't see that their people don't trust them to have sound morals (because of their shitty morals) and the EFF is so laser-focused on privacy that it wants to wave it's hand about child abuse as the lesser of two evils.
Someone needs to come up with a system that doesn't offer shelter to paedophiles, soon, or their going to lose the argument in the eyes of the public (and then legislatively).
I don't think it's possible to do both of these things, so I think we're ultimately going to lose the argument. Would be nice to be surprised though!
Throughout history when societies enjoy above average improvement, it is because they are able to displace inheritance-based systems. These inheritance-based systems hand out benefits to random children, they subvert progress by enabling the incompetent and disabling the competent. Commonly, people who inherit stuff (money, authority, property) keep skewing laws to prevent others benefiting from the fruits of their labor, so that inheritors can maintain ownership. They do this by paying to skew laws to benefit owners over achievers.
If privacy doesn't exist anymore, then the inheritors will receive a level of power they have never had before. They will be unstoppable. We will reach an end-state of cultural-political development where the inheritors will no longer be challenged. We have had dark periods of time when inheritors have ruled for long periods, ancient Egypt with mass enslavement for example. Without privacy we will reach an event-horizon of wealth inequality, and no political counter-movement will be able to take root to challenge it. We are seeing the beginning of this in Hong Kong, we are seeing it in an uncompetitive pay-to-play patent system, in an increasingly monopolistic corporate environment, in increasingly uncompetitive marketplaces in dark pool trading systems, and in Apple/Microsoft/Facebook/Google/Amazon app stores and tech markets.
The threat to privacy is the greatest threat to progressive civilization we have ever encountered IMO.
This reminds me of one curious legend / hypothesis about the last days of Atlantis that I read in some book. The story was basically that during the Atlantis era, the "world config" was tuned slightly differently and that allowed what we'd call magic: curious long distance effects that could be caused without the modern tech. For some time it went well, but then it started sliding to the dark side: bad and evil people, that could use anything to gain power, kept winning over the good people who were restricted by "moral" and things like that. By about 10,000 B.C. the power of evil people became indisputable: they could see nearly everything and could instantly squash any opposition by means of notoriously powerful black magic. There were a couple unsuccessful attempts to bring power back to good people, but it never worked for long time: evil people kept taking it back quickly and efficiently. I think, the Lord of The Rings book took the idea from that story. The situation looked completely hopeless and there was no point to continue running this show, so shortly before 10,000 B.C. the entire civilization was "hard reset" and the "world config" was tweaked to prevent any long distance effects. Since then people are following the technology track. As we see, it's taken only 12,000 years to replicate the very same system without any magic: powerful long distance weapons and amazing surveillance technology that would impress even the Sauron form the movie. We are only missing that Sauron who would consolidate all the power.
What's your source for ancient Egypt having mass enslavement? The sources I've read on the matter indicate that ancient Egyptian society was no more and no less reliant on slavery than its contemporaries (like the Phoenicians). The popular image that we have of the pyramids being built by vast armies of slave labor is a myth. Most Egyptian monuments, like the Pyramids or the temple of Ramses II were built using paid wage labor that would have been otherwise idle during the dry season.
> If privacy doesn't exist anymore, then the inheritors will receive a level of power they have never had before.
I’m having a hard time understanding your implication here. Wouldn’t the inheritors want more privacy as that would lessen the visibility of their actions and those involved?
Let me remind everyone to never let the "going dark" rhetoric go unchallenged. People are under vastly more surveillance (with data flowing one way, towards governments and corporations, not reciprocal like neighbors) than ever in history. But somehow the tiny scrap of privacy that encryption allows us to keep is framed as "going dark".
The encryption works but the endpoints are compromised. The Intel management engine and the AMD equivalent are good examples of how modern hardware is complex enough to seed backdoor hardware into a system.
You know, for many years I have been writing and speaking about the dangers of centralizing power in the hands of a few social networks. That’s what all this comes from. (Remember this? https://www.eff.org/deeplinks/2018/12/congress-censors-inter...). We have no good software alternatives to Facebook and Google — for now. So we accept FEUDALISM on the Web! Look at the latest post here for example:
On HN and at EFF we all diagnose the problem correctly, but the solution requires a platform to coordinate everyone. This platform currently does not exist. And it must be open source, permissionless and work across domains. If you want, come join me in making it. (Yes, scuttlebutt, matrix, mastodon etc. exist but they are not mainstream. SAFE network is probably the best design around, but they never even release it.)
I already went ahead and put about half a million $ of our company’s revenues into building this platform. We have to go the other way — get people to use it first, like they do Wordpress! 34% of all websites now. And then attract developers.
We designed a crypto ecosystem for it to incentivize people to participate: https://qbix.com/token
This is not encouraging anyone to buy anything. Just information about what we are working on. I feel like very few people will get what we are doing until it’s ready: liberating people from giant centralized corporations and giving them control and choice. Like Linux and Wordpress and the Web did.
Contact me if you’re interested to contribute to this platform or use it for your own web projects like you use Wordpress/Drupal (greg at-symbol and then qbix.com)
An all out attack on encryption is an all out attack on free speech. It is no different than using shorthand, or symbols, or a made up language to communicate.
In addition to the defense of the need for real encryption I’d like to see EFF and others go on a more proactive offense as well proposing solutions for the bogeymen that governments keep raising — especially around child exploitation.
Why should the burden of solving that be placed on the defenders of privacy? The people calling for the power to spy on everyone have not offered any explanation of how backdooring everyone's communication reduces sexual abuse of children.
Of course, they don't really care about child exploitation. They are cynically using the issue as a pretext to preserve and normalize a massive expansion of their power.
The DOD budget is $617B[1]. The entire DOJ budget is $6B, with about half of that allocated to law enforcement[2]. I'm not sure precisely how much of that is spent investigating child exploitation, but the DOJ doesn't view it as a high enough high priority to even mention it in the budget. A couple of highlights:
- $295 to fight the opioid crisis. How successful was the drug war with the ability to tap phones again?
- $486M for violence against women programs and $45M for victims of human trafficking. Maybe next they will tell us that reading our messages and snooping our video calls will make women safer.
[Edit: Also interesting, the FBI's nearly $10B budget request[3]. The budget request doesn't break down the spending, but it does include a section on crimes against children almost at the very end. They highlight their recent investigations have led to about 1000 arrests. The FBI's stated top priorities[4] do not include crimes against children.]
The children argument is an emotional argument, not a technology one. For thousands of years people watched over their children, now they want to outsource this to the govt because they are too busy. The EFF could only respond with an emotional counterargument, about how self-censorship stunts children's mental development or sth.
From what I understand a large segment of child exploitation happens in the living room, and involves family. It's horrible but I don't think the solution is to put a government backdoor into a mandatory listening device in every household.
You don't need child exploitation as bogeyman. There is also plenty of organized and disorganized crime and terrorism that is routinely disrupted by surveillance.
> As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life.
It would be nice if people could commit to seperating out the requests by shoolmates for naked pics of 17 year olds and requests by older men for naked pics of 10 year olds when presenting these stats. :/
As it is, information like this (and indeed most stats you see in public discourse) is useless for determining the scale of a problem and sensible public policy approaches.
It's always about control under the pretense of security. Rights to privacy can be violated and dismissed, but good encryption itself cannot. Encryption is the last frontier of privacy, and we must defend it vigorously.
Encryption, like any tool, can be used to do good things and bad things, stop blaming the tool for the user's behavior. Law enforcement agencies will need to adapt to that reality instead of using a blanket ban or backdoors into everyone's lives under the pretense that there are bad people out there and to think of the children™ excuse that has been used and abused over and over again.
I find it funny, that in effort to "catch criminals", government tries to pass laws to make things those criminals do, illegal. If you make encryption illegal, its not going to stop the human trafficker from using it. They are already breaking the law... what's another smaller law to help protect them? So they go to jail for encryption rather than human trafficking. The laws are now helping them, while hurting all the good citizens that just want privacy.
Your governments have been reading your facebook messages, sms, logging telephone calls forever.
This attack on encryption is attempt by the governments to suggest that somehow facebook is actually your friend and has some weight in protecting you. Facebook is losing dominance on the access of your communications, and your government wants you back on facebook where its contractors monetise it most with the least amount of effort. The security contracts need to maintain high ROI, otherwise they will lobby for more of your tax money in the name of security.
They were at one point in time [0]. Formally they asked for unlocking the iPhone, which ultimately isn't too hard given we are talking about a 3 letter agency. It was more about a general rule for backdoors.
Apple makes a big deal about on-device security but they heavily promote backing up data to iCloud. They hold the keys to iCloud encrypted backups, and your backed up messages are happily handed over to LE when asked. That's why "going dark" isn't a problem on iMessage.
> What is the (business) rationale for Facebook to refuse?
Advertising, market segment/product substitution.
There's a pervasive idea that Facebook must be gobbling up your communication data and it's starting to weird the general public out. It's very common to see people discussing how their phones must be recording for Facebook because they said something near their phone and then they saw a Facebook ad for it. Making a big publish show of fighting the government over whether messages can be intercepted at all provides the kind of advertising that money can't buy.
Also, there will likely always be some subset of people who are more technically savvy and care more about their privacy. These people tend to also set technical trends for the rest of the population. People may leave your platform for being too insecure, but nobody is going to leave your platform for being too secure, so build a secure product and target both market segments. This will give you a larger market, and will also deny your competitors the opportunity to grow by luring away a subset of your users by offering what is to those users a superior product.
They need to fix their reputation of awful privacy violations. While the reputation is more out of fear and speculation than it is of actual understanding, they still need to fix it.
So when companies like Apple are offering great security, people are scared Facebook is reading their conversations, continuously tracking their location, and listening to their microphones.
Less time and money spent in legal battles (that can get especially tricky in international cases) over individual surveillance requests if Facebook can just throw their hands up saying "It is not within our ability to comply".
It would also let them avoid inevitable articles such as "Facebook helps Beijing/Erdogan/Putin spy on protesters". I'm sure an executive could argue those drive away some users.
Don't you think a significant number of users would leave the platform if they knew the service was backdoored by the government? There are plenty of competitors, many of which offer end-to-end encryption.
[+] [-] darawk|6 years ago|reply
The same is true here of private messaging. Governments got used to being able to read our messages. They have come to rely on it. And so now they want to make it illegal for us to keep them out.
I guess what i'm saying is: We ought to be extremely careful what we allow our governments to get used to doing. There is an argument to be made that the original sin here was allowing wiretaps at all, even when the medium was un-encrypted.
[+] [-] Animats|6 years ago|reply
After WWII, the US imposed a constitution on Japan. Here's Article 21: "Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. No censorship shall be maintained, nor shall the secrecy of any means of communication be violated."
All wiretapping was illegal in Japan until 1999.[1] Even today, it's very rare. 40 wiretaps in 2017.[2]
[1] https://www.iol.co.za/mercury/world/japan-passes-controversi...
[2] https://mainichi.jp/english/articles/20170217/p2a/00m/0na/01...
[+] [-] lisper|6 years ago|reply
I point this out not because I disagree with your baseline position that privacy is valuable. I don't. I point this out because i believe that arguing for it on the basis that government feelings of entitlement are somehow less legitimate than the feeling of entitlement of non-governmental constituencies is not going to be an effective strategy because it's based on a false premise.
[+] [-] throwaway3392|6 years ago|reply
[+] [-] afpx|6 years ago|reply
[+] [-] visarga|6 years ago|reply
[+] [-] bayesian_horse|6 years ago|reply
For me it feels too easy to say "the government" has no legitimate interest in intercepting communications.
[+] [-] headmelted|6 years ago|reply
The biggest problem (and my understanding is that it's much more widespread than the others we hear about) is the sharing of child abuse imagery.
I think these governments and the EFF are both being willfully blind asses here. Governments don't see that their people don't trust them to have sound morals (because of their shitty morals) and the EFF is so laser-focused on privacy that it wants to wave it's hand about child abuse as the lesser of two evils.
Someone needs to come up with a system that doesn't offer shelter to paedophiles, soon, or their going to lose the argument in the eyes of the public (and then legislatively).
I don't think it's possible to do both of these things, so I think we're ultimately going to lose the argument. Would be nice to be surprised though!
[+] [-] riazrizvi|6 years ago|reply
If privacy doesn't exist anymore, then the inheritors will receive a level of power they have never had before. They will be unstoppable. We will reach an end-state of cultural-political development where the inheritors will no longer be challenged. We have had dark periods of time when inheritors have ruled for long periods, ancient Egypt with mass enslavement for example. Without privacy we will reach an event-horizon of wealth inequality, and no political counter-movement will be able to take root to challenge it. We are seeing the beginning of this in Hong Kong, we are seeing it in an uncompetitive pay-to-play patent system, in an increasingly monopolistic corporate environment, in increasingly uncompetitive marketplaces in dark pool trading systems, and in Apple/Microsoft/Facebook/Google/Amazon app stores and tech markets.
The threat to privacy is the greatest threat to progressive civilization we have ever encountered IMO.
[+] [-] f883l|6 years ago|reply
[+] [-] quanticle|6 years ago|reply
[+] [-] jonnybgood|6 years ago|reply
I’m having a hard time understanding your implication here. Wouldn’t the inheritors want more privacy as that would lessen the visibility of their actions and those involved?
[+] [-] analognoise|6 years ago|reply
[+] [-] deogeo|6 years ago|reply
[+] [-] throwaway13337|6 years ago|reply
It should be as clear as day that an attack on encryption is an attack on the values of America.
This is the tact that should be taken in the conversation - is the attorney general so anti-American as to request this?
[+] [-] yen223|6 years ago|reply
[+] [-] solotronics|6 years ago|reply
[+] [-] colordrops|6 years ago|reply
[+] [-] bayesian_horse|6 years ago|reply
[+] [-] buboard|6 years ago|reply
[+] [-] BubRoss|6 years ago|reply
[+] [-] EGreg|6 years ago|reply
https://qbix.com/blog
On HN and at EFF we all diagnose the problem correctly, but the solution requires a platform to coordinate everyone. This platform currently does not exist. And it must be open source, permissionless and work across domains. If you want, come join me in making it. (Yes, scuttlebutt, matrix, mastodon etc. exist but they are not mainstream. SAFE network is probably the best design around, but they never even release it.)
I already went ahead and put about half a million $ of our company’s revenues into building this platform. We have to go the other way — get people to use it first, like they do Wordpress! 34% of all websites now. And then attract developers.
We designed a crypto ecosystem for it to incentivize people to participate: https://qbix.com/token
This is not encouraging anyone to buy anything. Just information about what we are working on. I feel like very few people will get what we are doing until it’s ready: liberating people from giant centralized corporations and giving them control and choice. Like Linux and Wordpress and the Web did.
Contact me if you’re interested to contribute to this platform or use it for your own web projects like you use Wordpress/Drupal (greg at-symbol and then qbix.com)
[+] [-] gorgoiler|6 years ago|reply
If democratic governments want to force Facebook to keep files on their citizens for law and order purposes, pass a law that says that explicitly.
This whole “nice social media business you have there, would be a shame if something were to happen to it...” is extra-democratic bullying.
[+] [-] edoo|6 years ago|reply
[+] [-] yellow_postit|6 years ago|reply
[+] [-] Canada|6 years ago|reply
Of course, they don't really care about child exploitation. They are cynically using the issue as a pretext to preserve and normalize a massive expansion of their power.
The DOD budget is $617B[1]. The entire DOJ budget is $6B, with about half of that allocated to law enforcement[2]. I'm not sure precisely how much of that is spent investigating child exploitation, but the DOJ doesn't view it as a high enough high priority to even mention it in the budget. A couple of highlights:
- $295 to fight the opioid crisis. How successful was the drug war with the ability to tap phones again?
- $486M for violence against women programs and $45M for victims of human trafficking. Maybe next they will tell us that reading our messages and snooping our video calls will make women safer.
[Edit: Also interesting, the FBI's nearly $10B budget request[3]. The budget request doesn't break down the spending, but it does include a section on crimes against children almost at the very end. They highlight their recent investigations have led to about 1000 arrests. The FBI's stated top priorities[4] do not include crimes against children.]
[1] https://en.wikipedia.org/wiki/Military_budget_of_the_United_...
[2] https://www.justice.gov/jmd/page/file/1033086/download
[3] https://www.fbi.gov/news/testimony/fbi-budget-request-for-fi...
[4] https://en.wikipedia.org/wiki/Federal_Bureau_of_Investigatio...
[+] [-] buboard|6 years ago|reply
[+] [-] chillacy|6 years ago|reply
[+] [-] concordDance|6 years ago|reply
It's existed at a huge scale for hundreds of years, child porn production soesn't noticeably bump the needle.
[+] [-] bayesian_horse|6 years ago|reply
[+] [-] concordDance|6 years ago|reply
It would be nice if people could commit to seperating out the requests by shoolmates for naked pics of 17 year olds and requests by older men for naked pics of 10 year olds when presenting these stats. :/
As it is, information like this (and indeed most stats you see in public discourse) is useless for determining the scale of a problem and sensible public policy approaches.
[+] [-] pharrington|6 years ago|reply
[https://www.justice.gov/opa/pr/attorney-general-barr-signs-l...]
[https://www.gov.uk/government/publications/open-letter-to-ma...]
[https://www.gov.uk/government/publications/open-letter-to-ma...]
[+] [-] nerbert|6 years ago|reply
[+] [-] m-p-3|6 years ago|reply
Encryption, like any tool, can be used to do good things and bad things, stop blaming the tool for the user's behavior. Law enforcement agencies will need to adapt to that reality instead of using a blanket ban or backdoors into everyone's lives under the pretense that there are bad people out there and to think of the children™ excuse that has been used and abused over and over again.
[+] [-] EGreg|6 years ago|reply
Which other governments would you like to have a backdoor?
[+] [-] TheCapeGreek|6 years ago|reply
[0]: https://en.wikipedia.org/wiki/Five_Eyes
[+] [-] nhumrich|6 years ago|reply
[+] [-] sbhn|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] thelazydogsback|6 years ago|reply
[+] [-] heretoo|6 years ago|reply
[+] [-] dna_polymerase|6 years ago|reply
[0]: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...
[+] [-] ub|6 years ago|reply
[+] [-] K0SM0S|6 years ago|reply
I mean, beyond the personal political opinion of Mark and shareholders, why would this company defy those governments?
(asking naively because I feel blinded by my opinion, I can't make a good strategic case for it, only a moral one)
[+] [-] dodobirdlord|6 years ago|reply
Advertising, market segment/product substitution.
There's a pervasive idea that Facebook must be gobbling up your communication data and it's starting to weird the general public out. It's very common to see people discussing how their phones must be recording for Facebook because they said something near their phone and then they saw a Facebook ad for it. Making a big publish show of fighting the government over whether messages can be intercepted at all provides the kind of advertising that money can't buy.
Also, there will likely always be some subset of people who are more technically savvy and care more about their privacy. These people tend to also set technical trends for the rest of the population. People may leave your platform for being too insecure, but nobody is going to leave your platform for being too secure, so build a secure product and target both market segments. This will give you a larger market, and will also deny your competitors the opportunity to grow by luring away a subset of your users by offering what is to those users a superior product.
[+] [-] JaRail|6 years ago|reply
So when companies like Apple are offering great security, people are scared Facebook is reading their conversations, continuously tracking their location, and listening to their microphones.
[+] [-] deogeo|6 years ago|reply
It would also let them avoid inevitable articles such as "Facebook helps Beijing/Erdogan/Putin spy on protesters". I'm sure an executive could argue those drive away some users.
[+] [-] oarabbus_|6 years ago|reply
[+] [-] nyolfen|6 years ago|reply
[+] [-] Havoc|6 years ago|reply
Not big on shadow world gov conspiracy theories but that seems rather...strange