My biggest issue with all this is that when you give them the power to take away rights to prevent terrorism or protect children, the government will use their powers wherever convenient. For example, the patriot act has been used in 1,618 drug cases and only 15 terrorism cases[1]. It has also been used for everything from copyright violations to Las Vegas money issues[2].
Not to mention potential misbehavior by rogue elements, even when official policy is innocent. LOVEINT being a recent example in precisely this domain, but instances are manifold.
That argument probably has limited utility among the general public because a lot of people think drug dealers are fair game for "any means necessary" too.
As I recall, the strongest argument in the late 1990s was that there was no possible way to design a weakness in crypto for government that bad guys couldn't also exploit--and at much greater scale. "This bill will make it easier for someone to steal your identity" type stuff.
Blatant attempt by intelligence services and law enforcement to get their personal wish lists legislated by shamelessly exploiting a tragedy.
I'll happily donate a constant percentage of my company income to fight whatever useless laws come out of this. It'll be fought immediately if they try to legislate backdoors or any equivalent tinkering.
Last time we had a big legal fight about strong encryption, we got a supreme court ruling that source code implementing strong encryption was free speech, didn't we? Wonder how counterproductive the governments own actions will be this time.
“If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,”
If you can penetrate that with evidence of a terrorist plot, 1) you can penetrate that without evidence of a terrorist plot, and 2) probably so can others.
So its Crypto Wars 2. There are two possible ways this will play out:
a) Obama is just being polite given that "Call me Dave" is in town and has an election to fight so he can't been seen as being soft on terrorism. He knows that its highly likely that Cameron will be out of a job in six months time so is just stringing him along.
OR:
b) The fix is in, a tame lawmaker will drop a bill that they just happened to have prepared that was sitting in their drawer for a rainy day. Given the Republican's have never met a national security bill that they didn't like expect it to pass through the house and senate with the usual added pork and pardons for the NSA/CIA to make sure nobody goes to jail for recent revelations (Democrats being too chicken to filibuster).
If we don't see a huge outcry from the tech industry pointing out what an insanely bad idea this is on Tuesday then I fear for the future.
George Orwell's 1984 should be a required reading for high school students. Not just in the U.S., but world wide. It really highlights just what dangers come from the idea that you have nothing to fear if you have nothing to hide, and the sheer amount of power and influence a global, instantaneous, and always on intelligence network can have over the population.
“We expect companies to be able to help with this,” he
said. “That doesn’t mean that you always have to write bad
cryptography.”
Yes, actually, that's exactly what it means. What in the world is this author doing giving the NSA the last word? What's really sick is that it sounds reasonable, like he's exposing a false dichotomy. But is it so hard to see that it's actually a real choice?
This is absolutely terrifying. You can't use "the way things currently are" to argue for giving governments access to personal data. You have to think about, and protect "the way things might end up". How easy do you want to make it for corrupt government leaders to suppress opposition?
with regard to snuffing out terrorist plots, this (in my mind) needs to be a collective effort. Government is not the only entity that should be responsible for preventing terrorism. The way I see it, it's the only way to keep governments from becoming the omniscient creatures they strive to be. By making it a world-wide collective effort to work to prevent terrorism. The moment you make it entirely the government's problem and responsibility is the moment you (for humanity's sake) have to relinquish your privacy.
'Patriots' is an interesting word in this context. I say giving foreign intelligence agencies access to your customer's private communications is treason.
This is doublespeak - taken in its opposite (and the message it was intended to deliver), it means if you don't want law enforcement to have encryption backdoors, you're not patriotic.
Ya know - "either you're with us or you're with the terrorists." [0]
> [Obama] said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.”
He's right that they're patriots, but he's wrong about the problem they're trying to solve. They're fighting different terrorists. Terrorists hiding in government.
That's optimistic. I think we learned with PRISM that Silicon Valley companies are more than willing (whether through legal compulsion or otherwise) to cooperate with the administration.
This discussion so far contains: 52 times "terror", 11 times "safe", 5 times "fear". I'm tired of those words. Having no TV and reading no news I don't see any connection between those words and the world that surrounds me.
It's sad to see homeless or drunk people in the street, but that's the worst I see.
I think eating healthy, exercising, having friends and a job does much more for our "safety" than ridiculous laws and surveillance.
I don't understand why people fear so much. Is it not possible to just refuse to fear? Be conscious about the effects it has. Talk about it. Why not just be brave and ignore the nonsense? Living with fear is no good life. We can't choose what happens in the world, but we can choose what we feel about it. We will die if we have to die. So what? It's not the end of the world.
edit: I remember seeing the tv in Finland. They play hours of crime-related series every day. What can you think of the world if you just see murders all day?
Have I missed something important? Is there a case, or even evidence of one, wherein encryption was a factor in a plot coming to fruition? If there had been, I would have expected the Obama, Cameron, et al., to trot it out.
Are we legislating this just in case? Strong encryption is already out there. I suppose if we make it illegal, the terrorists will just have to make do with weak encryption. But why don't we just make terrorism illegal, then?
It is not about terrorism - it is that technology like this threatens the current level of the capability of the state to enforce its laws. Imagine instead the use of encryption among the financial elite to conspire to defraud speculation markets or manipulate stock prices. Or enemy states using encryption to thwart espionage attempts. Or insurgents and soldiers engaged with US troops around the world to organize efforts to put up resistance.
Remember that Julius Caesar famously sought to make pen and paper illegal because he saw such low barriers to fast potentially secret communication a threat to Rome's security.
I know of no case reasonably called terrorism where encryption played a role in thwarting intelligence efforts.
> I suppose if we make it illegal, the terrorists will just have to make do with weak encryption.
When encryption is outlawed, only outlaws will have encryption.
Terrorist plots in general are not talked about publicly. As frustrating as that might be, the absence of mention from top government officials is no indication at all of whether something was or was not involved in a plot (terrorist, criminal, etc.)
Typically the only terrorist plots you'll hear about publicly are the ones that have to be public--either because of a public warning (even then, typically extremely vague), or because the break-up happened in a public way.
1) Based on what I've read from experts and what I know, if a national security agency targets your data, they will get it. Even government systems containing state secrets, protected by other state security agencies, have proven to be vulnerable. Banks are penetrated; even RSA's crown jewels were stolen, IIRC.
2) Even if 'content' data is encrypted, metadata almost certainly is not. Security agencies can identify which data belongs to their target and collect it, even if encrypted. Also, IIRC, recent leaks indicated that the NSA automatically collects much encrypted traffic, including Tor and maybe VPN traffic.
3) Metadata, as most people here probably don't need to be reminded, is as valuable as content. Again, regardless of what encryption you use your metadata probably is vulnerable and security agencies can easily collect it and utilize it.
4) Therefore, it seems that encryption only prevents low-cost search of bulk-collected content. It doesn't provide any security for metadata (usually), encrypted content still can be collected, and unencrypted content probably is vulnerable if you are a high-value target.
> “If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said.
Yes, it's the kind of problem you get when a patriot whistleblower exposes rampant corruption and unlawful behavior at the NSA; behavior that, above and beyond civil liberties, hurts American commercial interests, and then you do nothing about it.
> He said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.”
He's right about them being patriots. He might be wrong about what patriotism means in this case.
So Obama is the least transparent president in history, cracked down the most on whistle blowers and is diametrically opposed to privacy. When will everyone admit that they voted for a charming fascist.
Allow me to ask what I'm certain is an incredibly naive question, so please bear with me. But it's a question that the average / non-tech folks ARE asking, and I'm not looking to be attacked, I'm looking for an intelligent answer (or corrections if my assumptions are wrong.) Base scenario:
We have adversaries. Our adversaries are plotting something objectively bad - to blow up things and kill innocent people. They are plotting and coordinating these bad things via communications with one another. Historically, we have been able to intercept those communications, read them, and interrupt our adversaries from the bad things they are plotting.
If our adversaries' communications are completely impossible to intercept, we have lost one of the most valuable tools in our ability to prevent them from doing bad things. How are we supposed to prevent them from doing these bad things?
Again - please don't attack me - just looking for a smart answer here.
> How are we supposed to prevent them from doing these bad things?
Well, we might not be able to. Such is the price of liberty. Personally, I think the thousands that died in the trade centers do not justify the massive loss of civil liberties, and it's STILL not clear we would have been able to do anything about it.
Bad guys are going to use encryption no matter what. Citizens should not be restricted from using it themselves just because it makes it easier on the federal government.
I find it works best to use something the "Average/non-tech" person will surely understand:
"What if there were cameras in your house that recorded everything you did & said, but the government promised you the footage would only be reviewed in the case that they suspect you committed a crime. How would you feel about that?"
I've gotten a lot of mileage from this metaphor myself. The response is usually silence while they internally question their worldview or something. Never gotten a counter argument, nor anyone replying with "I'd be okay with that". Would be interested if HN could poke a hole in this so I can patch it. :)
How did they find out Person Y's phone needed to be searched/monitored to begin with? Obviously they have other sources of intelligence.
The question also doesn't address the issue of how far is too far, imagine how many crimes would be discovered with nightly searches of everyone's homes. Should we begin searching everyone's homes warrantlessly? What is more detrimental to society, the criminals, or the police state?
What are they doing to do, deploy unremoveable malware on every phone by default? Because as long as phones have CPUs and we can tell them what to do, they can employ unbreakable encryption. How are they supposed to get around that? Mandatory spyware?
What did police do before the telephone was commonplace? Criminals met and still meet in speakeasies and other safe locations to communicate without a phone, are we gonna install mics in every room as part of new building codes?
If phones do become irreversibly broken and monitored, guess what, criminals will stop using phones. Kevin Gates (rapper) has a song about drug dealing called... I Don't Talk On Phones, lol.
tl;dr: surveillance state monitoring all phones just means criminals will stop using phones to communicate so its only going to hurt "legitimate" privacy.
- legal. It's against the law; there are strong 1st and 4th arguments against surveillance, and 5th and 6th amendment arguments as well. Some people have even tried to argue that if encryption is a munition the 2nd amendment applies. The "we could stop bad people" argument applies especially to the 4th.
Similar legal protections exist in Europe, although not generally as strong.
- practical: either a system is secure or it isn't. Handing it over to anyone increases the risk of compromise. Bans on effective encryption are self-defeating.
- collateral damage: US intelligence agencies have a track record of killing innocent people themselves (e.g. drone strikes), supporting murderous governments (CIA in south america), funding terrorism and failing to prosecute the guilty (Iran-contra), use of intelligence for domestic immoral politics (Watergate, FBI vs MLK). Handing over data about your e.g. Chilean users to the CIA may result in them being murdered.
- international hypocrisy: saying that mass surveillance is OK says it's OK for other governments too. Do you support Chinese interception against their adversaries? Are you happy to turn over your entire email history on entering a country?
- finally, I'm going to question how much it does help. The Paris terrorists were known to the police, as was the killer of Lee Rigby. Intercept evidence is generally not used in trials. Nobody is presenting a cache of encrypted emails found on a computer used by the Parisian terrorists and saying "if we'd decrypted this we could have prevented it".
Technology marches inexorably forward. These algorithms already exist in unbroken form. What the government is doing is mandating that Apple and Google make user's data less secure. The government will claim that any such backdoor will only be openable by them and only in cases of great need (read terrorism).
What will happen is that non-governmental organizations will find these keys and get the same ability. What will happen is that the government will overreach, as they have done before time and time again.
This isn't about stopping terrorism, this is about keeping the current ability to spy on US Citizens. The internet was the single greatest intelligence boon in history and the government is concerned about loosing spying capacity.
Unsophisticated terrorists would gain little protections from at-rest and over-the-wire encryption. It's really quite easy to screw up and be found in the dragnet. Sophisticated actors would be using additional software anyway. You know, the kind that already exists.
The libraries are free and public. The algorithms publicly published. You can't put the cat back in the bag.
The government is trying to legislate particular usages of math. They are literally saying that Apple and Google shouldn't be using certain sequences of numbers. This isn't an exaggeration or hyperbole since everything is encodable in numbers and obviously some communication is illegal.
This is literally illegal equations, and it is so very far down a slippery slope that every citizen should be concerned.
To answer your question, the government will still not be able to decrypt many communications, even with this backdoor. These technologies protect casual users from data theft, but putting in backdoors makes everybody less safe.
How are we supposed to prevent adversaries from making their communications impossible to intercept?
It's not like knowledge about cryptography suddenly vanishes. And it's not like those computers aren't annoyingly programmable to do such evil deeds like encrypting data in a way that officials can't access it.
Given that, what's this all about? Governments could mandate key escrow (which is what I guess they're really aiming for) for any system under their control. So adversaries build their own, in Excel using VBA, if necessary.
There is no way to honor that demand by the US and UK governments unless computers become a _much_ different thing than what they're now.
> Historically, we have been able to intercept those communications, read them, and interrupt our adversaries from the bad things they are plotting.
I challenge this assertion. It has happened in some cases, but the claim that surveillance is an effective way to stop terrorism has failed to be backed up with many success stories.
> If our adversaries' communications are completely impossible to intercept, we have lost one of the most valuable tools in our ability to prevent them from doing bad things.
The most organized adversaries' communications are already impossible to intercept. They know they are under surveillance and are taking measures to counter that surveillance. The people that surveillance affects most are innocent people.
In a different perspective (and I'm going to speak in an American context because I'm American and the article is about the American president) there are some things that are worth the lives of Americans. Our nation was founded with a rebellion and many Americans died in that struggle. They died for freedom, to gain rights. American history is full of people dying to protect the rights of Americans.
And from another perspective, terrorism is a hugely overblown concern. More Americans die in car accidents every year than have died from terrorism in the entire history of the United States[1]. 33561 people died in car crashes in the US in 2012[w]: that's like the September 11 attacks happening almost once a month. The fact that we're spending $10.8 billion in a year on the NSA[3] to prevent a handful of deaths that it may not even prevent, and less than 10% of that ($815 million) on the NHTSA[4] shows that our priorities are not where they should be.
I think that in this case what makes your story incorrect is that banning encryption software will only prevent normal every day people from using it. With the vastness of the internet, there is no way for any government to prevent encrypted communications from any determined individuals.
All they can end up doing is preventing the everyday users of the mass services from using encrypted transmission. So the innocent lose freedoms but the guilty carry on as normal.
They don't need mass surveillance and weak crypto to find out what a few known evil doers are up to. You can develop informants, physically bug devices, and get warrants for service providers (the old fashioned way where you specify a person's name and what you're looking for).
But they'd rather have a database with the sum total of human thoughts and interactions.
> How are we supposed to prevent them from doing these bad things?
Are we necessarily able to prevent these bad things from happening? Right now, we aren't able to entirely stop crime from happening. Why would we necessarily be able to stop these types of crimes from happening?
It's all a question of whether we want to give up certain freedoms in exchange for increased safety (or sense of safety).
It's not very complicated, it's just a balance of one thing (freedom) versus another (safety). Different people will value these two things differently, and I'm not sure I can make an argument that choosing safety over freedom is necessarily a "bad" choice.
That being said, I'm not in favor of the government banning private communication. But I understand that there are people who are, and their reasoning.
Because as someone smart said - If we want to defend our own freedoms, we have to start with defending freedoms of scoundrels, because the government will always start with taking away theirs. And when it's gone, ours will be gone too.
> "They are plotting and coordinating these bad things via communications with one another"
Yes, but has anyone considered the means they might be using to do this? Why assume it's electronic? Check the wikipedia page for the Millennium Challenge, especially the section on 'Exercise action'.
Human intelligence assets that we gutted in the 70's would have been quite useful in fighting terrorism. Humans blow things up and humans organize. The idea that they are not already using encryption in communications is foolish.
If we leave a backdoor for the "patriots", then we can guarantee that foreign governments and criminals will find and use the same backdoor. All any restrictions on encryption will do is lead to more non-terrorism arrests.
[+] [-] tuna-piano|11 years ago|reply
1. (2011) http://www.washingtonpost.com/blogs/worldviews/post/patriot-...
2. http://en.wikipedia.org/wiki/Controversial_invocations_of_th...
[+] [-] SixSigma|11 years ago|reply
http://www.belfasttelegraph.co.uk/news/local-national/northe...
[+] [-] dllthomas|11 years ago|reply
[+] [-] snowwrestler|11 years ago|reply
As I recall, the strongest argument in the late 1990s was that there was no possible way to design a weakness in crypto for government that bad guys couldn't also exploit--and at much greater scale. "This bill will make it easier for someone to steal your identity" type stuff.
[+] [-] mrsteveman1|11 years ago|reply
I'll happily donate a constant percentage of my company income to fight whatever useless laws come out of this. It'll be fought immediately if they try to legislate backdoors or any equivalent tinkering.
Last time we had a big legal fight about strong encryption, we got a supreme court ruling that source code implementing strong encryption was free speech, didn't we? Wonder how counterproductive the governments own actions will be this time.
[+] [-] dllthomas|11 years ago|reply
[+] [-] guard-of-terra|11 years ago|reply
[+] [-] dllthomas|11 years ago|reply
If you can penetrate that with evidence of a terrorist plot, 1) you can penetrate that without evidence of a terrorist plot, and 2) probably so can others.
Both of these make us less safe.
[+] [-] nyxtom|11 years ago|reply
[+] [-] ipsin|11 years ago|reply
"Of course, they'll want to subvert private communications. They're patriots."
The world needs a hell of a lot less patriotism right about now.
[+] [-] spiralpolitik|11 years ago|reply
a) Obama is just being polite given that "Call me Dave" is in town and has an election to fight so he can't been seen as being soft on terrorism. He knows that its highly likely that Cameron will be out of a job in six months time so is just stringing him along.
OR:
b) The fix is in, a tame lawmaker will drop a bill that they just happened to have prepared that was sitting in their drawer for a rainy day. Given the Republican's have never met a national security bill that they didn't like expect it to pass through the house and senate with the usual added pork and pardons for the NSA/CIA to make sure nobody goes to jail for recent revelations (Democrats being too chicken to filibuster).
If we don't see a huge outcry from the tech industry pointing out what an insanely bad idea this is on Tuesday then I fear for the future.
[+] [-] bhhaskin|11 years ago|reply
[+] [-] viccuad|11 years ago|reply
edit: oh, one starts to write a comment, attends the phone, and your idea is already submitted :/.
[+] [-] dllthomas|11 years ago|reply
For one, fiction is not evidence. Using it as such is poor reasoning.
For another, I've seen a reaction of "that's just fiction, it wouldn't actually happen" distracting from the important points.
[+] [-] andrewflnr|11 years ago|reply
[+] [-] datashovel|11 years ago|reply
[+] [-] datashovel|11 years ago|reply
[+] [-] p01926|11 years ago|reply
[+] [-] themartorana|11 years ago|reply
Ya know - "either you're with us or you're with the terrorists." [0]
[0] http://georgewbush-whitehouse.archives.gov/news/releases/200...
[+] [-] click170|11 years ago|reply
He's right that they're patriots, but he's wrong about the problem they're trying to solve. They're fighting different terrorists. Terrorists hiding in government.
[+] [-] nateberkopec|11 years ago|reply
[+] [-] hamoid|11 years ago|reply
It's sad to see homeless or drunk people in the street, but that's the worst I see.
I think eating healthy, exercising, having friends and a job does much more for our "safety" than ridiculous laws and surveillance.
I don't understand why people fear so much. Is it not possible to just refuse to fear? Be conscious about the effects it has. Talk about it. Why not just be brave and ignore the nonsense? Living with fear is no good life. We can't choose what happens in the world, but we can choose what we feel about it. We will die if we have to die. So what? It's not the end of the world.
edit: I remember seeing the tv in Finland. They play hours of crime-related series every day. What can you think of the world if you just see murders all day?
[+] [-] ibejoeb|11 years ago|reply
Have I missed something important? Is there a case, or even evidence of one, wherein encryption was a factor in a plot coming to fruition? If there had been, I would have expected the Obama, Cameron, et al., to trot it out.
Are we legislating this just in case? Strong encryption is already out there. I suppose if we make it illegal, the terrorists will just have to make do with weak encryption. But why don't we just make terrorism illegal, then?
[+] [-] xnull1guest|11 years ago|reply
Remember that Julius Caesar famously sought to make pen and paper illegal because he saw such low barriers to fast potentially secret communication a threat to Rome's security.
I know of no case reasonably called terrorism where encryption played a role in thwarting intelligence efforts.
> I suppose if we make it illegal, the terrorists will just have to make do with weak encryption.
When encryption is outlawed, only outlaws will have encryption.
[+] [-] snowwrestler|11 years ago|reply
Typically the only terrorist plots you'll hear about publicly are the ones that have to be public--either because of a public warning (even then, typically extremely vague), or because the break-up happened in a public way.
[+] [-] hackuser|11 years ago|reply
1) Based on what I've read from experts and what I know, if a national security agency targets your data, they will get it. Even government systems containing state secrets, protected by other state security agencies, have proven to be vulnerable. Banks are penetrated; even RSA's crown jewels were stolen, IIRC.
2) Even if 'content' data is encrypted, metadata almost certainly is not. Security agencies can identify which data belongs to their target and collect it, even if encrypted. Also, IIRC, recent leaks indicated that the NSA automatically collects much encrypted traffic, including Tor and maybe VPN traffic.
3) Metadata, as most people here probably don't need to be reminded, is as valuable as content. Again, regardless of what encryption you use your metadata probably is vulnerable and security agencies can easily collect it and utilize it.
4) Therefore, it seems that encryption only prevents low-cost search of bulk-collected content. It doesn't provide any security for metadata (usually), encrypted content still can be collected, and unencrypted content probably is vulnerable if you are a high-value target.
[+] [-] ak217|11 years ago|reply
Yes, it's the kind of problem you get when a patriot whistleblower exposes rampant corruption and unlawful behavior at the NSA; behavior that, above and beyond civil liberties, hurts American commercial interests, and then you do nothing about it.
> He said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.”
He's right about them being patriots. He might be wrong about what patriotism means in this case.
[+] [-] nsnick|11 years ago|reply
[+] [-] nlh|11 years ago|reply
We have adversaries. Our adversaries are plotting something objectively bad - to blow up things and kill innocent people. They are plotting and coordinating these bad things via communications with one another. Historically, we have been able to intercept those communications, read them, and interrupt our adversaries from the bad things they are plotting.
If our adversaries' communications are completely impossible to intercept, we have lost one of the most valuable tools in our ability to prevent them from doing bad things. How are we supposed to prevent them from doing these bad things?
Again - please don't attack me - just looking for a smart answer here.
[+] [-] duaneb|11 years ago|reply
Well, we might not be able to. Such is the price of liberty. Personally, I think the thousands that died in the trade centers do not justify the massive loss of civil liberties, and it's STILL not clear we would have been able to do anything about it.
Bad guys are going to use encryption no matter what. Citizens should not be restricted from using it themselves just because it makes it easier on the federal government.
[+] [-] smtddr|11 years ago|reply
"What if there were cameras in your house that recorded everything you did & said, but the government promised you the footage would only be reviewed in the case that they suspect you committed a crime. How would you feel about that?"
I've gotten a lot of mileage from this metaphor myself. The response is usually silence while they internally question their worldview or something. Never gotten a counter argument, nor anyone replying with "I'd be okay with that". Would be interested if HN could poke a hole in this so I can patch it. :)
[+] [-] SixSigma|11 years ago|reply
Timothy McVeigh didn't use encryption.
9/11 Hijackers didn't use encryption.
7/7 Bombers didn't use encryption.
Boston Bombers didn't use encryption.
Can you see where this is going ?
[+] [-] PostOnce|11 years ago|reply
The question also doesn't address the issue of how far is too far, imagine how many crimes would be discovered with nightly searches of everyone's homes. Should we begin searching everyone's homes warrantlessly? What is more detrimental to society, the criminals, or the police state?
What are they doing to do, deploy unremoveable malware on every phone by default? Because as long as phones have CPUs and we can tell them what to do, they can employ unbreakable encryption. How are they supposed to get around that? Mandatory spyware?
What did police do before the telephone was commonplace? Criminals met and still meet in speakeasies and other safe locations to communicate without a phone, are we gonna install mics in every room as part of new building codes?
If phones do become irreversibly broken and monitored, guess what, criminals will stop using phones. Kevin Gates (rapper) has a song about drug dealing called... I Don't Talk On Phones, lol.
tl;dr: surveillance state monitoring all phones just means criminals will stop using phones to communicate so its only going to hurt "legitimate" privacy.
[+] [-] pjc50|11 years ago|reply
- legal. It's against the law; there are strong 1st and 4th arguments against surveillance, and 5th and 6th amendment arguments as well. Some people have even tried to argue that if encryption is a munition the 2nd amendment applies. The "we could stop bad people" argument applies especially to the 4th.
Similar legal protections exist in Europe, although not generally as strong.
- practical: either a system is secure or it isn't. Handing it over to anyone increases the risk of compromise. Bans on effective encryption are self-defeating.
- collateral damage: US intelligence agencies have a track record of killing innocent people themselves (e.g. drone strikes), supporting murderous governments (CIA in south america), funding terrorism and failing to prosecute the guilty (Iran-contra), use of intelligence for domestic immoral politics (Watergate, FBI vs MLK). Handing over data about your e.g. Chilean users to the CIA may result in them being murdered.
- international hypocrisy: saying that mass surveillance is OK says it's OK for other governments too. Do you support Chinese interception against their adversaries? Are you happy to turn over your entire email history on entering a country?
- finally, I'm going to question how much it does help. The Paris terrorists were known to the police, as was the killer of Lee Rigby. Intercept evidence is generally not used in trials. Nobody is presenting a cache of encrypted emails found on a computer used by the Parisian terrorists and saying "if we'd decrypted this we could have prevented it".
[+] [-] 16bytes|11 years ago|reply
What will happen is that non-governmental organizations will find these keys and get the same ability. What will happen is that the government will overreach, as they have done before time and time again.
This isn't about stopping terrorism, this is about keeping the current ability to spy on US Citizens. The internet was the single greatest intelligence boon in history and the government is concerned about loosing spying capacity.
Unsophisticated terrorists would gain little protections from at-rest and over-the-wire encryption. It's really quite easy to screw up and be found in the dragnet. Sophisticated actors would be using additional software anyway. You know, the kind that already exists.
The libraries are free and public. The algorithms publicly published. You can't put the cat back in the bag.
The government is trying to legislate particular usages of math. They are literally saying that Apple and Google shouldn't be using certain sequences of numbers. This isn't an exaggeration or hyperbole since everything is encodable in numbers and obviously some communication is illegal.
This is literally illegal equations, and it is so very far down a slippery slope that every citizen should be concerned.
To answer your question, the government will still not be able to decrypt many communications, even with this backdoor. These technologies protect casual users from data theft, but putting in backdoors makes everybody less safe.
[+] [-] pgeorgi|11 years ago|reply
It's not like knowledge about cryptography suddenly vanishes. And it's not like those computers aren't annoyingly programmable to do such evil deeds like encrypting data in a way that officials can't access it.
Given that, what's this all about? Governments could mandate key escrow (which is what I guess they're really aiming for) for any system under their control. So adversaries build their own, in Excel using VBA, if necessary.
There is no way to honor that demand by the US and UK governments unless computers become a _much_ different thing than what they're now.
[+] [-] copsarebastards|11 years ago|reply
I challenge this assertion. It has happened in some cases, but the claim that surveillance is an effective way to stop terrorism has failed to be backed up with many success stories.
> If our adversaries' communications are completely impossible to intercept, we have lost one of the most valuable tools in our ability to prevent them from doing bad things.
The most organized adversaries' communications are already impossible to intercept. They know they are under surveillance and are taking measures to counter that surveillance. The people that surveillance affects most are innocent people.
In a different perspective (and I'm going to speak in an American context because I'm American and the article is about the American president) there are some things that are worth the lives of Americans. Our nation was founded with a rebellion and many Americans died in that struggle. They died for freedom, to gain rights. American history is full of people dying to protect the rights of Americans.
And from another perspective, terrorism is a hugely overblown concern. More Americans die in car accidents every year than have died from terrorism in the entire history of the United States[1]. 33561 people died in car crashes in the US in 2012[w]: that's like the September 11 attacks happening almost once a month. The fact that we're spending $10.8 billion in a year on the NSA[3] to prevent a handful of deaths that it may not even prevent, and less than 10% of that ($815 million) on the NHTSA[4] shows that our priorities are not where they should be.
[1] http://www.johnstonsarchive.net/terrorism/wrjp255a.html
[2] http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in...
[3] http://en.wikipedia.org/wiki/National_Security_Agency
[4] http://en.wikipedia.org/wiki/National_Highway_Traffic_Safety...
[+] [-] prawn|11 years ago|reply
[+] [-] tuna-piano|11 years ago|reply
All they can end up doing is preventing the everyday users of the mass services from using encrypted transmission. So the innocent lose freedoms but the guilty carry on as normal.
[+] [-] logn|11 years ago|reply
But they'd rather have a database with the sum total of human thoughts and interactions.
[+] [-] runeks|11 years ago|reply
Are we necessarily able to prevent these bad things from happening? Right now, we aren't able to entirely stop crime from happening. Why would we necessarily be able to stop these types of crimes from happening?
It's all a question of whether we want to give up certain freedoms in exchange for increased safety (or sense of safety).
It's not very complicated, it's just a balance of one thing (freedom) versus another (safety). Different people will value these two things differently, and I'm not sure I can make an argument that choosing safety over freedom is necessarily a "bad" choice.
That being said, I'm not in favor of the government banning private communication. But I understand that there are people who are, and their reasoning.
[+] [-] gambiting|11 years ago|reply
[+] [-] amirmc|11 years ago|reply
Yes, but has anyone considered the means they might be using to do this? Why assume it's electronic? Check the wikipedia page for the Millennium Challenge, especially the section on 'Exercise action'.
http://en.wikipedia.org/wiki/Millennium_Challenge_2002
[+] [-] protomyth|11 years ago|reply
If we leave a backdoor for the "patriots", then we can guarantee that foreign governments and criminals will find and use the same backdoor. All any restrictions on encryption will do is lead to more non-terrorism arrests.
[+] [-] flycaliguy|11 years ago|reply
[+] [-] icelancer|11 years ago|reply
[+] [-] tdaltonc|11 years ago|reply
[+] [-] chj|11 years ago|reply
[+] [-] diminoten|11 years ago|reply
And if the company is a US company, who would disagree with that?
[+] [-] unknown|11 years ago|reply
[deleted]