> "Privacy, above all other things, including safety and freedom from terrorism, is not where we want to go," Steinbach said.
It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
>He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
You mean "Rubber Stamp Judicial Process"? Even if you didn't the mere fact that these backdoors (you can rename it all your want it's a BACKDOOR) exist make the whole system LESS secure. What a clown and this is the AD of the FBI's Counterterrorism Division??? Fuck....
There's nothing in the world that can provide "freedom from terrorism" which makes it even an even uglier lie. Even if it could, I'd still be against it though, because there are many ways to fight terrorism that don't involve sacrificing the freedom our ancestors bought with blood. The FBI needs leadership that understand how to operate within American principles.
Theyre tired of having to break laws to do their job. They want to spy on us and they want us to not only accept it but appreciate and like it. If you make it socially acceptable it will never be challenged again.
Privacy, in the context of the government, also means freedom to be left alone. I think that's quite an important freedom to have.
We really need to make stronger arguments for privacy. Too many people conflate real privacy (which I believe virtually nobody actually wants to give away, if they truly understand what giving it away means) with "sharing stuff on Facebook and Instagram".
One is an obvious choice, and the other (the government, or even companies through non-transparent trackers, knowing everything about you) is not, but is forced upon you.
>show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy
Wasn't FBI surveillance a thing during the Boston bombing? Since 9/11 have any attacks been prevented? If surveillance was a tool to prevent these attacks, why wasn't the surveillance authority (FBI) held directly responsible for the attacks?
Anyone who would advocate surveillance would first need to be criminally prosecuted for the Boston bombing because at the time they had the information and ignored it. With-holding information from the law about crime or potential crimes is illegal.
> It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
If they could show that, credible evidence would have presented by now. ;)
But in all seriousness, the 1st & 4th amendment protections are the most vital freedoms we have and they should not be abridged outside of a direct link to harm. [e.g. Things like child porn, words designed to incite violent harm, violent prisoners shouldn't have privacy ]
So you have to be rational about it but yeah, mass surveillance and reducing self-defense tools to protect ourselves against criminals isn't "rational" behavior.
Criminals are going to do illegal things and we have the right to protect ourselves. If it inconvenience the government? So be it. I'm not going to bend over for any criminal who wants access to my financial data "because Terrorism".
Similarly, banning tools of self-defense [e.g. encryption for financial data, access keys] are simply guaranteeing the criminals will be the only ones to possess them.
I'm aware alot of people will be like "what about the 2nd"??
Yeah, that provides no protection against the government since they'll always have the ability to drop bombs on you. When you can afford a F-16 and the ability to pilot it for "self defense" purposes, let me know.
wow your second quote is hilarious. "We're not looking at going through a back door! We just want to access the content". it means the speaker was using that metaphor visually, and didn't know that the word backdoor doesn't really have that kind of a physical meaning. (You can tell the speaker has it wrong because they say, "going through a back door" - I just notice even the word 'back door' is written with a space whereas in computing we write it closed (joined) - https://www.google.com/search?q=wikipedia+back+door)
I honestly think the qualifications for high-ranking national security folks in the United States includes things like "played with G.I. Joes a lot as a kid." These people are almost caricatures.
Do these guys seriously not realize that "the terrorists" will use end-to-end encryption whether it's legal or not? This literally makes no sense to me unless "the terrorists" is code for "the local weed dealer".
Of course they do: that's why simply running Tor qualifies you for extra attention from their side.
Remember that they decide who to murder using metadata. A world where only "evil people" used encription would be ideal: they would know who to bomb right away!
They probably do. Having only "the terrorists" using encryption would make them much easier to spot. Encrypted traffic from your IP could become probable cause for a search warrant.
A wise man once said "shove it up your ass!" (george carlin)
Regardless, This guy doesn't know what he's talking about, and should not be speaking, at all. Above all else.
I'm not against the FBI; I understand why they want this and what it means to not have this kind of access. But they can't have it, and there are hundreds of reasons why its a truly horrible idea.
This is just ANOTHER excuse to strip away our rights for the sake of "fighting the terrorists" and "keeping us safe." Enough is enough. Just do your fucking job and stop trying to power play everything.
I don't care what legal blessings or rights of passage you get; if something of mine is encrypted, and i didn't give you access, it's not for you. That I could encrypt crazy stuff or plots or whatever is true; tough shit. There are other ways to sniff out nefarious people, and bring them to justice; the FBI just wants everything served to them on a plate.
Also, please stop putting stupid fucks like this in government. Infuriatingly dumb. Sacrificing our rights is not the way to fight terrorism; it's a path to self destruction from within.
Fire this guy and dismantle the FBI. Does anyone remember why we fought the Revolutionary War, why we follow the Declaration of Independence and the Constitution?
This joker should lose his job. He does not represent the values of this country,
We fought the revolutionary war so that rich factory-owners could more freely sell their wares without paying taxes to fund the war against the French and Native Americans that they sent Ben Franklin to London to beg the king for.
> Does anyone remember why we fought the Revolutionary War, why we follow the Declaration of Independence and the Constitution?
I remember asking this question back in 2005, and getting a solid "No". so I left the country. I doubt it's somehow been magically remembered since then.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
So they would argue that this doesn't apply once we eliminate paper as a medium.
Also, but, but, but... They're only collecting metadata, right?
Just playing devil's advocate since I agree with you, but...
I think he'd focus on that "...and no warrants shall issue, but upon probable cause..." bit. With end-to-end encryption, even upon demonstrating probable cause to a judge and having a warrant issued, he's still looking at ciphertext.
Jesus Christ - way to bury the lead. The headline reads 'prevent encryption above all else', but three paragraphs in:
"But Steinbach's testimony also suggests he meant that companies shouldn't put their customers' access to encryption ahead of national security concerns -- rather than saying the government's top priority should be preventing the use of the technology that secures basically everything people do online."
The hearing was concerning ISIS use of social media as a recruitment platform and how it related to the recent shootings in Garland, Texas and in Boston on Tuesday.
The subject of encryption is not the primary focus of the hearing, but when it does come up I think he makes his point clear at about 39:30 when says this: "I think we need an honest conversation and get past the rhetoric of what we are talking about. We're not talking about large scale surveillance techniques. We are talking about going before the court, whether the criminal court or the national security court, with evidence, a burden of proof/probable cause, suggesting a crime has been committed or in our case there is a terrorist and showing that burden of proof, having the court sign off on it, and then going to those providers and requesting access to the stored information or communications that's ongoing. So we're not looking at going through a backdoor or being nefarious - we're talking about going to the company and asking for their assistance. We suggest and we are imploring Congress to help us seek legal remedies to that and asking companies to provide technological solutions to help that. We understand privacy. Privacy above all other things including safety and freedom from terrorism is not where we want to go. "
He later goes on to suggest expanding he scope of CALEA to include more than just telecommunications companies.
If people are going to debate this topic, I think they should start from his actual position and not a half sentence soundbite.
He's arguing categorically against end-to-end encryption. All encryption, according to the FBI, must be negotiated through centralized points that can be served with a warrant and made to MITM the communications.
It's not even clear that's the extent of what they want. They probably also want the communications to always be MITMed by the centralized nodes, so that warrants can request historical communications dating back to some retention limit.
The Boston example is interesting... From articles I've read it's not really clear when they started surveilling Rahim, but I found it interesting that they knew he bought 3 knives on Amazon.com. The Boston Globe implies that it was the knife purchases themselves which clued the FBI into starting the investigation;
But in the course of laying out those allegations against
Wright, the document goes into detail about why federal
officials said they had Rahim on 24-hour surveillance in the
first place.
... goes on to discuss the knife purchase, and subsequent conversation ...
I've been hacking up a facebook clone at work. I've discovered that it's easier than ever to have end to end encryption. For example, there are now good working RSA and symmetric javascript crypto libraries that work in the browser:
for RSA: https://github.com/travist/jsencrypt
for AES: https://code.google.com/p/crypto-js/
This includes generating your own private key for a totally in-browser "sign up" process (browser can save your private key in a file, you then point to it to "log in").
Add to this: a distributed message passing system: something like torrents with channels shared by multiple users so that you can't easily see who is sending to who with enough traffic.
Also for identity verification: use the bitcoin block chain as a CA.
Anyway, think of a single-page web-app, where the page is stored along with your private identity file on a USB-key (this avoids the security hole of having to download it every time).
This works very well until someone knocks on your door and kindly asks you to place some javascript on your site that tells everyone's browsers to send their private keys to your server where they can be subpoenaed.
to build technological solutions to prevent encryption
There is one way and one way only to do that. Remove all general purpose computing devices from the hands of the public, and make it illegal to manufacture or distribute them, or knowledge of how to do so. I can't see it happening, myself.
It's already been happening for some time, and we're quite far in the process. The mainstream population stops buying computers in favour of mobile devices - tablets and smartphones, which are locked down and dumbed down. Then you have DRM, and the cloud. I fear the next step will be professionalization of software engineering - you may suddenly find yourself in need of an engineering license to be able to legally use a Turing-complete language.
What I find most interesting here is that the government is clearly afraid of people using encryption against them, and yet most people seem to not have considered the thought of others using encryption against them...
Yeah, cool, let's all just stop using encryption for sensitive customer data so we more easily can catch the least sophisticated criminals who don't figure out how to do it themselves.
Let's also make it crystal clear to the more sophisticated criminals that they do, in fact, need to do it themselves.
Giving the FBI an easy way to put small time drug dealers in their pocket should obviously be a top priority of software companies.
I will vote for any politician who will tell these people to go fuck themselves.
As fweespeech says here also, criminals will encrypt regardless of what is going on. The people the FBI is "after" are going to encrpyt, so fighting to make public systems store data and hand to the FBI when desired is pointless.
If the FBI isn't mining normal citizens data for loose connections to stuff that is none of their business, then their is no need for them to have access to the systems they want.
The only argument that could be made is that criminals are stupid and may not use proper encryption on their own, therefore we should watch what everyone is doing so that we can catch these particularly dumb criminals.
The goal of the FBI in all their statements is to try and convince the public that "only criminals need encryption; everyone else should let us watch everything they do." 1984 anyone?
"– You are 35,079 times more likely to die from heart disease than from a terrorist attack
– You are 33,842 times more likely to die from cancer than from a terrorist attack"
So terrorism clearly isn't the issue they are trying to address. That's what makes the people that run the various fiefdoms within our government - people that are not elected, do not answer to the public, and who rarely leave their jobs - so scary. We know they are lying, but to what end? What will their successors do with the power they garner using fear of terrorism? We are rapidly approaching Orwell's worst nightmare.
This seems so horribly wrong that I can't believe this was actually said in public. And the Washington Post apologist writing is very strikingly clear too.
I think the headline here is misleading. A casual reader could get the impression that the FBI is asserting that the most pressing issue facing the country is "prevention of encryption". Above all else: prevent encryption".
Really, what the FBI is saying (clumsily) is that companies should work with the FBI to ensure that sound encryption doesn't trump every other concern.
I'm not far left. I broadly support law enforcement. I understand opposition to Silk Road and I support prosecution. I even support Snowden going to trial. But my reaction to this is "screw the FBI if that's what they think." Unless Congress outlaws domestic use of encryption, I'm still going to have access to open source encryption and I'm still going to prefer companies which use encryption to maintain my privacy.
So the FBI has a tough row to hoe here, if the people who would otherwise support it are alienated as I am
It is astounding how little most people in government understand how 'cybersecurity' works. Do they imagine it like how baby's think they're hiding when they can't see you?
[+] [-] joshstrange|10 years ago|reply
It's where I want to go. Also you have YET to show ANY evidence that we are more safe or more free from terrorism by surrounding our rights to privacy.
>He also disputed the "back door" term used by experts to describe such built-in access points. "We're not looking at going through a back door or being nefarious," he argued, saying that the agency wants to be able to access content after going through a judicial process.
You mean "Rubber Stamp Judicial Process"? Even if you didn't the mere fact that these backdoors (you can rename it all your want it's a BACKDOOR) exist make the whole system LESS secure. What a clown and this is the AD of the FBI's Counterterrorism Division??? Fuck....
[+] [-] staunch|10 years ago|reply
[+] [-] chrismarlow9|10 years ago|reply
[+] [-] higherpurpose|10 years ago|reply
We really need to make stronger arguments for privacy. Too many people conflate real privacy (which I believe virtually nobody actually wants to give away, if they truly understand what giving it away means) with "sharing stuff on Facebook and Instagram".
One is an obvious choice, and the other (the government, or even companies through non-transparent trackers, knowing everything about you) is not, but is forced upon you.
[+] [-] zamalek|10 years ago|reply
Wasn't FBI surveillance a thing during the Boston bombing? Since 9/11 have any attacks been prevented? If surveillance was a tool to prevent these attacks, why wasn't the surveillance authority (FBI) held directly responsible for the attacks?
Anyone who would advocate surveillance would first need to be criminally prosecuted for the Boston bombing because at the time they had the information and ignored it. With-holding information from the law about crime or potential crimes is illegal.
[+] [-] fweespeech|10 years ago|reply
If they could show that, credible evidence would have presented by now. ;)
But in all seriousness, the 1st & 4th amendment protections are the most vital freedoms we have and they should not be abridged outside of a direct link to harm. [e.g. Things like child porn, words designed to incite violent harm, violent prisoners shouldn't have privacy ]
So you have to be rational about it but yeah, mass surveillance and reducing self-defense tools to protect ourselves against criminals isn't "rational" behavior.
Criminals are going to do illegal things and we have the right to protect ourselves. If it inconvenience the government? So be it. I'm not going to bend over for any criminal who wants access to my financial data "because Terrorism".
Similarly, banning tools of self-defense [e.g. encryption for financial data, access keys] are simply guaranteeing the criminals will be the only ones to possess them.
I'm aware alot of people will be like "what about the 2nd"??
Yeah, that provides no protection against the government since they'll always have the ability to drop bombs on you. When you can afford a F-16 and the ability to pilot it for "self defense" purposes, let me know.
[+] [-] michaelvkpdx|10 years ago|reply
[+] [-] psykovsky|10 years ago|reply
I think you meant surrendering, or did you really meant encircling? Not a native speaker, just trying to get a better grasp of the language.
[+] [-] DavideNL|10 years ago|reply
That's called a "Cognitive Distortion": Polarized Thinking (or “Black and White” Thinking).
We don't have to choose between either privacy or safety !
[+] [-] logicallee|10 years ago|reply
[+] [-] beedogs|10 years ago|reply
[+] [-] kmicklas|10 years ago|reply
[+] [-] Igglyboo|10 years ago|reply
[+] [-] felipeerias|10 years ago|reply
Remember that they decide who to murder using metadata. A world where only "evil people" used encription would be ideal: they would know who to bomb right away!
[+] [-] josu|10 years ago|reply
Once you outlaw encryption all encrypted communications will be illegal and the people that use them terrorists.
This is how it begins.
[+] [-] blfr|10 years ago|reply
[+] [-] Kalium|10 years ago|reply
[+] [-] superuser2|10 years ago|reply
[+] [-] meesterdude|10 years ago|reply
Regardless, This guy doesn't know what he's talking about, and should not be speaking, at all. Above all else.
I'm not against the FBI; I understand why they want this and what it means to not have this kind of access. But they can't have it, and there are hundreds of reasons why its a truly horrible idea.
This is just ANOTHER excuse to strip away our rights for the sake of "fighting the terrorists" and "keeping us safe." Enough is enough. Just do your fucking job and stop trying to power play everything.
I don't care what legal blessings or rights of passage you get; if something of mine is encrypted, and i didn't give you access, it's not for you. That I could encrypt crazy stuff or plots or whatever is true; tough shit. There are other ways to sniff out nefarious people, and bring them to justice; the FBI just wants everything served to them on a plate.
Also, please stop putting stupid fucks like this in government. Infuriatingly dumb. Sacrificing our rights is not the way to fight terrorism; it's a path to self destruction from within.
[+] [-] misterbishop|10 years ago|reply
Encryption IS a national security concern.
When government agencies discourage encryption, or fail to report known software vulnerabilities, they're acting against national security interests.
[+] [-] Zikes|10 years ago|reply
I honestly don't know a single person that hasn't been caught up in at least two of the bigger breaches of the past few years alone.
[+] [-] michaelvkpdx|10 years ago|reply
This joker should lose his job. He does not represent the values of this country,
[+] [-] peawee|10 years ago|reply
[+] [-] anonbanker|10 years ago|reply
I remember asking this question back in 2005, and getting a solid "No". so I left the country. I doubt it's somehow been magically remembered since then.
[+] [-] phkahler|10 years ago|reply
So they would argue that this doesn't apply once we eliminate paper as a medium.
Also, but, but, but... They're only collecting metadata, right?
[+] [-] emeraldd|10 years ago|reply
-- Benjamin Franklin
Seems pretty straight forward to me ...
[+] [-] curun1r|10 years ago|reply
I think he'd focus on that "...and no warrants shall issue, but upon probable cause..." bit. With end-to-end encryption, even upon demonstrating probable cause to a judge and having a warrant issued, he's still looking at ciphertext.
[+] [-] csandreasen|10 years ago|reply
"But Steinbach's testimony also suggests he meant that companies shouldn't put their customers' access to encryption ahead of national security concerns -- rather than saying the government's top priority should be preventing the use of the technology that secures basically everything people do online."
Here is the actual hearing: http://www.c-span.org/video/?326360-1/hearing-cartoon-contes...
The hearing was concerning ISIS use of social media as a recruitment platform and how it related to the recent shootings in Garland, Texas and in Boston on Tuesday.
The subject of encryption is not the primary focus of the hearing, but when it does come up I think he makes his point clear at about 39:30 when says this: "I think we need an honest conversation and get past the rhetoric of what we are talking about. We're not talking about large scale surveillance techniques. We are talking about going before the court, whether the criminal court or the national security court, with evidence, a burden of proof/probable cause, suggesting a crime has been committed or in our case there is a terrorist and showing that burden of proof, having the court sign off on it, and then going to those providers and requesting access to the stored information or communications that's ongoing. So we're not looking at going through a backdoor or being nefarious - we're talking about going to the company and asking for their assistance. We suggest and we are imploring Congress to help us seek legal remedies to that and asking companies to provide technological solutions to help that. We understand privacy. Privacy above all other things including safety and freedom from terrorism is not where we want to go. "
He later goes on to suggest expanding he scope of CALEA to include more than just telecommunications companies.
If people are going to debate this topic, I think they should start from his actual position and not a half sentence soundbite.
[+] [-] harshreality|10 years ago|reply
It's not even clear that's the extent of what they want. They probably also want the communications to always be MITMed by the centralized nodes, so that warrants can request historical communications dating back to some retention limit.
[+] [-] zaroth|10 years ago|reply
[+] [-] JBiserkov|10 years ago|reply
The logo will be a semi-open padlock with a FBI agent holding a FISA court order.
[+] [-] pyrocat|10 years ago|reply
[+] [-] jhallenworld|10 years ago|reply
Add to this: a distributed message passing system: something like torrents with channels shared by multiple users so that you can't easily see who is sending to who with enough traffic.
Also for identity verification: use the bitcoin block chain as a CA.
Anyway, think of a single-page web-app, where the page is stored along with your private identity file on a USB-key (this avoids the security hole of having to download it every time).
[+] [-] AgentME|10 years ago|reply
[+] [-] sasas|10 years ago|reply
> https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...
[+] [-] EliRivers|10 years ago|reply
There is one way and one way only to do that. Remove all general purpose computing devices from the hands of the public, and make it illegal to manufacture or distribute them, or knowledge of how to do so. I can't see it happening, myself.
Cory Doctorow, on the coming war on general purpose computation (although he thought it would be the copyright lobby) https://www.youtube.com/watch?v=HUEvRyemKSg
[+] [-] TeMPOraL|10 years ago|reply
It's already been happening for some time, and we're quite far in the process. The mainstream population stops buying computers in favour of mobile devices - tablets and smartphones, which are locked down and dumbed down. Then you have DRM, and the cloud. I fear the next step will be professionalization of software engineering - you may suddenly find yourself in need of an engineering license to be able to legally use a Turing-complete language.
[+] [-] userbinator|10 years ago|reply
On that subject: http://www.gnu.org/philosophy/right-to-read.en.html
[+] [-] pdkl95|10 years ago|reply
That was only Doctorow's first talk on the subject. He later extended the talk into far broader topics:
https://www.youtube.com/watch?v=jY_jxXTFEk4
(he has given several versions of this talk, and it seems that google has taken down the version I usually link to. sigh)
[+] [-] multinglets|10 years ago|reply
Let's also make it crystal clear to the more sophisticated criminals that they do, in fact, need to do it themselves.
Giving the FBI an easy way to put small time drug dealers in their pocket should obviously be a top priority of software companies.
I will vote for any politician who will tell these people to go fuck themselves.
[+] [-] GeorgeOrr|10 years ago|reply
[+] [-] rilita|10 years ago|reply
If the FBI isn't mining normal citizens data for loose connections to stuff that is none of their business, then their is no need for them to have access to the systems they want.
The only argument that could be made is that criminals are stupid and may not use proper encryption on their own, therefore we should watch what everyone is doing so that we can catch these particularly dumb criminals.
The goal of the FBI in all their statements is to try and convince the public that "only criminals need encryption; everyone else should let us watch everything they do." 1984 anyone?
[+] [-] downandout|10 years ago|reply
"– You are 35,079 times more likely to die from heart disease than from a terrorist attack
– You are 33,842 times more likely to die from cancer than from a terrorist attack"
So terrorism clearly isn't the issue they are trying to address. That's what makes the people that run the various fiefdoms within our government - people that are not elected, do not answer to the public, and who rarely leave their jobs - so scary. We know they are lying, but to what end? What will their successors do with the power they garner using fear of terrorism? We are rapidly approaching Orwell's worst nightmare.
[+] [-] Bud|10 years ago|reply
And I'm not interested in the FBI trying to create one.
[+] [-] typon|10 years ago|reply
[+] [-] ChrisAntaki|10 years ago|reply
[1] http://www.merriam-webster.com/dictionary/terrorism
[+] [-] tptacek|10 years ago|reply
Really, what the FBI is saying (clumsily) is that companies should work with the FBI to ensure that sound encryption doesn't trump every other concern.
[+] [-] pekk|10 years ago|reply
So the FBI has a tough row to hoe here, if the people who would otherwise support it are alienated as I am
[+] [-] dognotdog|10 years ago|reply
[+] [-] shostack|10 years ago|reply