Is the DEA Lying About iMessage Security?

First time accepted submitter snobody writes "Recently, an article was posted on Slashdot about the claim that law enforcement made about being frustrated by their inability to decrypt messages using Apple's iMessage. However, this article on Techdirt suggests that the DEA may be spewing out disinformation. As the Techdirt article says, if you switch to a new iDevice, you still are able to access your old iMessages, suggesting that Apple has the key somewhere in the cloud. Thus, if law enforcement goes directly to Apple, they should be able to get the key."

Are you kidding?

[IonOtter]

The mere fact that you even have to ASK such a question means the answer is "Yes."

Re:Are you kidding?

[BlkRb0t]

Betteridge says NO though.

Re:Are you kidding?

[russotto]

Betteridge is probably right. The messages are likely technically interceptable but not through the means the DEA tried; they didn't ask the right people the right questions.

Re:Are you kidding?

[blackraven14250]

Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use), rather than intercept it easily.

Re:Are you kidding?

[Daniel+Dvorkin]

Contrary to Betteridge, the answer to almost any question of the form "is the DEA lying" is yes. They're a worse propaganda machine than every other alphabet-soup agency put together, which is saying something.

Re:Are you kidding?

[Gr8Apes]

This is probably the crux of their complaint - they can't intercept the messages without going through proper procedures, getting a warrant, and leaving a paper trail. This is precisely how things should work.

Re:Are you kidding?

[sjames]

Exactly. The problem (as far as the DEA is concerned) is that they might be forced to actually obey the law themselves for a change. They much prefer tapping what they want with no oversight.

Re:Are you kidding?

[mysidia]

Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use),

This assumes a certain architecture. If the cryptosystem is strong, there is probably a frequent key rotation schedule, in which, the same key that encrypted past messages will potentially be replaced in the future by the time any new messages are exchanged.

It would be ideal, if some portion of this key were secured by the password, e.g. a SCRPT, BCRYPT or PBKDF2 hash of the password, is part of the secret material required to decrypt the key on the client, and any change of the user's password results in key rotation.

It is conceivable that Apple could design a system, in which, the keys would be available on multiple of your devices (because you knew an additional secret), but not available to Apple, to extract or find out what the key is (because Apple denies themselves access to the secret)

Do I think it's designed that way? No... it would not happen by coincidence, for sure.

Could they have designed it that way? Yes

Re:Are you kidding?

[ceoyoyo]

I'm pretty sure you're wrong. PGP uses RSA and IDEA. If RSA was breakable, particularly in realtime, there would be a lot more screaming. Some older versions of PGP had some bugs that were theoretically exploitable, but I don't think any of them have actually been exploited, never mind reliably or in real time. There have been several incidents over the years suggesting that authorities cannot decrypt PGP encrypted data.

It's possible that some early RSA encrypted messages using very short keys are technically decryptable, but you'd have to be a highly motivated government agency to do so, and you still wouldn't be doing it in anything close to realtime.

Yesterday's munitions are... pretty much unchanged today, except that you can be extra paranoid and use longer keys now.

Re:Are you kidding?

[mysidia]

Bcrypt is a wonderful tool but it is not strong encryption. PGP now yields to decoding.

That's not true... BCrypt for a specified number of rounds (adaptation of the blowfish cipher) is stronger than PBKDF2; that is, more resistant against dictionary/brute force attacks using GPUs and other embedded hardware.

Furthermore, these have nothing to do with PGP.

All 3 are key derivation functions, which are used to generate an encryption key from a password, and may be salted; such that the key generated is dependent upon both password and salt.

These are strong, because the computational power required to test whether one specific password is the right one to provide access to the key, is large, and the algorithms cannot be efficiently scaled (at least not as efficiently as the use of a simple hashing algorithm such as SHA256).

the strength of all 3 algorithms can be varied, according to the computational power available, and the required strength of the key derivation function.

AES256 is still extremely strong cryptography, when the key is well-protected.

Re:Are you kidding?

[mysidia]

There have been several incidents over the years suggesting that authorities cannot decrypt PGP encrypted data.

I think it's that authorities can't always decrypt PGP encrypted data.

In some earlier versions of PGP, or on some certain OS versions, the entropy producing functions of the OS (secure random number generator), were broken, in such a way, that one or more of the asymmetric keys protecting an encrypted document would be a weak keypair, OR one of the symmetric keys protecting an encrypted document would be a weak symmetric key.

The authorities are more likely to break the encryption by obtaining the IDEA encrypted keyfile, and launching a dictionary/phrase-based attack in order to gain access to the key material.

Another option is to subvert the recipient; through lawful wiretaps, or a sneak-and-peak type warrant, where malware or covert keylogger is deployed on the recipient's machine, so the key material is exposed, through routine operations.

It's American company so the answer is obvious

[thetoadwarrior]

If you're using software created in the US by a commercial company you can bet the government has access to it. Who would believe any different?

Yes and no

I think one of the main problems law enforcement has with iMessages is that it is ridiculously easy to get a pen register from a telco for a phone number. This is a list of the calls made to/from that number and a list of SMS/MMS to/from that number. iMessage bypasses SMS/MMS if both the origin and destination device are iMessage capable, so those interactions do not show in a pen register. The same could be said for many other text/chat services, but iMessage is the default texting client for a large number of people and does not require the user to do anything special to message others without the telco knowing, unlike many other services.

iMessage isn't that special, the memo could just as easily been talking about FaceBook messages, which also won't appear in a pen register.

Key in cloud != Key accessible by Apple

[kc9jud]

Just because your messages are accessible on a new device, it does not necessarily mean that your messages are readable or key is accessible by Apple. For instance, if the decryption key for iMessage were encrypted with your Apple ID password, then your key could be transferred around between devices, but Apple or the DEA would still have to brute-force/social engineer/whatever to get your password and decrypt the key. Whether or not it's actually set up that way...

Re:Key in cloud != Key accessible by Apple

Yes, that COULD be. In reality there are password reset methods and no company will ever tell a customer that they have just lost all their messages, photos, etc. because they forgot their password. Wake the fuck up.

Re:Key in cloud != Key accessible by Apple

[MyFirstNameIsPaul]

BlackBerry phones are encrypted as OP suggests, so when a user forgets a password, then there is nothing BlackBerry can do to help the user.

Re:Key in cloud != Key accessible by Apple

[gnasher719]

Yes, that COULD be. In reality there are password reset methods and no company will ever tell a customer that they have just lost all their messages, photos, etc. because they forgot their password. Wake the fuck up.

Actually, if you turn on two factor authentication then that is exactly what Apple will do. For authentication, there are three items that can be used: Your password, a 16 digit key that you should stash away in a secret place, and a device (iOS or Mac) that you registered with Apple. Any two of these, and you can do anything. With only one thing, there is nothing you can do, and nothing that Apple can do to help you.

Re: Key in cloud != Key accessible by Apple

[Anubis+IV]

I'd actually be curious if you could cite any examples of them having done this. I have several apps on my iPhone that were later pulled by Apple from the iTunes Store (including an app that purports to be a simple flashlight but actually allows the user to use the iPhone as a mobile hotspot without having to have pay for a tethering plan with their carrier), but I'm not aware of any that were pulled from user's devices. I'll readily agree that they do have the ability, but I can't recall them ever having exercised it.

Re:Key in cloud != Key accessible by Apple

[viperidaenz]

Your definition of cannot is wrong.
They cannot help you because they have not built a system for their support staff to help you in that situation.
The term should in no way imply the architecture of the system. It defines only the services they will provide you as a customer.

Re: Who cares

[MrMarket]

Political dissidents, whistle blowers... and FREEDOM LOVERS.

Probably talking about two different things...

[fuzzyfuzzyfungus]

Unless the DEA is actively 'leaking' in order to attempt to move people into a vulnerable channel with a false sense of security(not impossible; but I'm inclined to suspect that the higher level drug runners take their paranoia seriously, or they wouldn't have lasted long enough to level up, and the lower level ones are probably more often foiled by the fact that they need to solicit customers, any one of which could be a plant), I'd be inclined to a more prosaic explanation.

With SMS, architectural security during transmission is somewhere between pitiful and nonexistent and the entity that handles the messages during their voyage is the phone company, which has substantial legal incentives to, and a long history of, supine cooperation with the authorities.

With iMessage, it looks pretty much like SMS on the handset; but it's all just data to the telco, and Apple presumably included some SSL/TLS or similar implementation that isn't totally broken, meaning that going through the telco is totally useless(this would also be why the leaked memo specifically mentioned that iMessages sent to non-Apple devices, which would be crunched into SMS at some stage, were still often recoverable).

The fact that Apple can, apparently, retrieve your iMessage history for you suggests that, indeed, a subpoena of Apple would leave you in the open; but I imagine that the DEA is much more familiar with, and pleased by, the 'service-oriented' attitudes of the phone companies, who are extremely forthcoming with customer information, with very low bars to clear, and minimal pesky judicial process.

Certainly not a good idea to trust anything that the service operator can 'recover' or 'restore' for you to be secure(since it can't possibly be); but the DEA jackboots probably do encounter significantly greater hassle with a message that is never available to the notoriously friendly telcos. You are still up shit creek if they are building a case against you specifically(or if Apple caves and starts providing bulk access at some future time); but casual fishing is likely to be more difficult.

don't know about imessage

[Trailer+Trash]

But they've never lied about the effects of drug usage, right?

Right?

Um, right?

The drug war is suckled on lies

[mbone]

Every government statistic or statement on the drug war is not to be believed. There might be some truth in some of it, but after 80+ years of lies, it's not the way to bet.

The DEA is not the NSA.

[__aaltlg1547]

They're quite knowledgeable about DRUG TRAFFICKING. Expertise in other areas relevant to law enforcement should not be assumed. Apple either has a copy of your key or can crack their own encryption when they need to. The NSA could probably crack it too, but why would the DEA go to the NSA and why should the NSA concern itself with helping the DEA crack cases? That's not their job.

DEA can't TAP it

[mabhatter654]

The issue is not that the DEA cannot lawfully acquire the messages... It's that THEY HAVE TO ASK , EVERY TIME.

Most taps are just "wide open" until the warrant expires and the telco turns the tap off... There is very little oversight. Many online services give law enforcement more of an "open ticket" to keep coming back for email or Facebook as often as they need. While the line isn't "tapped" LEOs can refresh every twenty minutes if they want.

They are attepting to bully Apple into allowing a MITM or wide open ticket to people's accounts. The first post on this very carefully NEGLECTED to mention that Apple COMPLIES with lawful requests. Which they most certainly would. The issue is that Apple won't open a giant backdoors and look the other way while LEOs look up their ex-girlfriends, or people with fancy cars to pick on. Apple is probably making them request transcripts with dates and times... And then APPLE SENDS it to them.

Re:DEA can't TAP it

[ninetyninebottles]

Well, according to Apple's own (scanty) information on iMessage and on third party analysis, it looks like it is some sort of end to end encryption with Apple serving as the cert authority. it may well be that Apple cannot intercept the messages as the system is currently designed and can only reissue a certificate by killing the old one (and thus alerting the user because their iMessage stops working). That is by no means certain, but if it is not the case then Apple might have a false advertising lawsuit headed their way.

Re:DEA can't TAP it

[fustakrakich]

The issue is that Apple won't open a giant backdoors and look the other way...

Why not? I mean, aside from the possibility of getting caught...

Re:DEA can't TAP it

[fustakrakich]

The REAL issue is that there is NO LEGAL MANDATE for Apple to do so.

Actually we don't know that. Secret laws and all. There could be a gag order to keep them from mentioning it, like a national security letter. With all this secrecy, we don't have a clue of who knows what, leaving us to assume the worse, which is the recommended way of dealing with any of this.

Re:Who cares

[Opportunist]

Everyone should. Not because they're breaking a law, but because laws are changing. And rapidly so. What is very legal today may be illegal tomorrow. And then try to prove that you stopped the behaviour just because it became illegal. What is that you say? They have to prove that you still did it after it became illegal? You think you'd be the first to be in jail because there is "strong evidence" (read: someone hinted at it) that you did again what you did before?

Do it yourself

[chowdahhead]

It may not be the most elegant solution, but hosting your own Mumble server works pretty well for secure private IM and voice chat. There's a really slick Android client called Plumble, and I believe iOS has a basic one as well. The built-in authentication and encryption is sufficient, and the newer builds support the OPUS codec.

What about Blackberry?

[shking]

Remember the fuss just a year ago when India and other gov'ts complained about Blackberry? How is this different?

Re:PGP

[Arancaytar]

If they were the only ones who said so, I'd be inclined to distrust it too. However, RSA has been around for 36 years now with no serious challenges, so either there is a world-wide conspiracy that controls every single mathematician (or several that between them control all the mathematicians), or it's unbroken.

It's also possible that there are a few mathematicians decades ahead of current research that all work for various governments, but considering how much of mathematical work is derivative now, it seems far too unlikely that some unaffiliated researcher wouldn't have stumbled across the discovery independently.

(Well, or the NSA has a working quantum computer that can do work on a useful scale, which goes back to "decades ahead of current research".)

Re: Who cares

[viperidaenz]

We are a God fearing Christian Nation

I thought church and state were separate?

Erdos+Bacon=Pen register results in probable cause

[girlinatrainingbra]

And getting a pen register dataset can mean enough linkages can be shown to a "known drug dealer" or a "known felon" that they will then have probable cause to get a warrant, even if the number of linkages is so high that you're not the "friend of a drug dealer" or even the "friend of a friend of a drug dealer" but even "(friend of a)^5 of a drug dealer".
.
When you get links that are that long, you can ensnare everyone in the world, whether or not they are truly guilty of anything, just from guilt by association. See the comment about 6-degrees-of-Kevin-Bacon or the one about Bacon numbers and Erd''os Numbers.

Re:Closed proprietary software is NEVER secure!

Correct. As long as I cannot verify the encryption, then I cannot say it is secure; secure being relative to my needs and concerns. As the U.S. government is one party I would want to keep my encrypted information from, the DOD or any other agency having potential access means that their encryption cannot be considered seriously for my interests.

Re: Who cares

[flimflammer]

I was with you until you said this:

Worst that could happen is everyone walking out calmly and in order.

That is far from the worst that can happen. That is in fact the best case scenario outside of no one believing them and there truly not being a fire. Provoking people into violent acts of desperation by instilling the immediate fear of death into them, such that their rationality is severely compromised is outright negligent. This is why we have things like temporary insanity and heat of passion defenses.

I feel that you should be perfectly free to shout "Fire!" in a theater. However I also feel that if you end up causing a situation where someone is injured, you should be held liable for your negligent actions. Freedom of speech should not mean freedom from responsibility of that speech.

What if you told a blind person that the light at an intersection was green and there was no traffic, causing them to walk into the street and get run over? Would you push the free speech argument? You didn't kill him; the guy behind the wheel of the car did. That doesn't mean you weren't immensely negligent as a result of what you said.

As a closer example to the theater, what if in that same situation you screamed in front of a blind man "Everyone get out of the way! A car is heading straight for us!" causing him to jump out of the way and into actual traffic? Would you still feel like you were completely free of the burden of responsibility?

The DEA

[fyngyrz]

The DEA lies about everything else. Why would this be any different? The very fact that the DEA exists is an affront to personal liberty; We have decades of detailed records of them spreading falsehoods, destroying families, in general doing far more harm than drugs ever did or ever could.

DEA Informers: They lie about who they are, what they do, what their intent is -- and just about anything else they're asked. This is who they are. Liars. But that's not all they are. They're also as dangerous as any government agent you can imagine, wholly without concern for anyone but themselves.

DEA agents: They lie about where the danger comes from; they lie about toxicity; they lie about addictiveness. They lie about consequences (they ARE the primary consequences), and they have been known to attempt to trade your personal honor for your freedom if you fall into their hands. They created the violence underlying the black market drug trade; they created the black market itself. They're not shy of interfering with other sovereign countries, nor of playing fast and loose with our own "justice" system.

So when a DEA "anything" tells you something, you're best off assuming they're lying. It's what they do. Aside from destroying families, that is. If they're not lying, they're likely trying to hurt you some other way. Get away and stay away. Nothing truly good can ever come of contact with people so bereft of personal honor -- or so outright stupid -- that they would work for the DEA.

To heck with them. And the laws they rode in on. And those who made the laws. And those in the general population who thought, and perhaps still think, agencies like the DEA were ever a good idea.

The drug war: It's a war on you and your family and your friends.

Re:The DEA

[fyngyrz]

Really? How so?

Good grief. Ok, here's the obvious example: You can sell, or smoke, a joint - a light intoxicant which does far less harm (probably none at all in most cases) than alcohol - and go to jail for years for these acts. After which, you are often considered a felon, which pretty well puts paid to your future. I'm sure you know this and you're just being disingenuous.

You're confusing your uninformed state with the idea that my statements are unfounded.

Go spend some time with Google. The DEA's actions and policies are largely a matter of record, as is the massive amount of harm they have caused.

Re:The DEA

[anagama]

I don't know about the spreading of falsehood part, but destroying families and doing far more harm than good -- that's fact.

Glenn Greenwald debated GWB's drug czar on the question of whether the US should legalize all drugs. http://vimeo.com/32110912 Greenwald identified the following costs, all of which we pay due to the drug war, all of which would go away if reason prevailed, and challenges prohibitionists to address why these costs are worth it. Listen closely to Portugal's experience with decriminalizing all drugs (evaporation of the following costs, slight increase in usage rates of some drugs (but less of an increase than neighbor countries during the same time period), a DROP in usage rates of drugs among young people, reduction in the spread of HIV etc, returning people who use drugs to the productive economy rather than making them burdensomely unemployable, acceptance of the police as a helpful organization rather than an enemy, which leads to the police being able to actually investigate real crime).

If you are unable to address those costs with evidence based information, we will know your opinion is based on mere personal dislike for drugs and drug users, i.e., moralizing, fear mongering, and prejudice:

1. The US is the world's largest prison state on a per capita basis AND on an absolute basis. We hold 25% of the world's prisoners despite having only 5% of the world's population.

2. The War on Drugs is undeniably racist. All ethnic groups use drugs at essentially equal levels, but certain minorities comprise the greatest number by far of those convicted.

3. Economic costs in the 100s of billions and yet no reduction in drug use.

4. Drug war has spawned the privatised prison industry.

5. The erosion of civil liberties experienced in the last 40 years has been rooted in the drug war.

6. Militarization of the police force which turns it from an organization community members will trust for help, into one which is feared and deemed an enemy. This hinders solving crime.

7. International resentment to the US based on US demands that other countries criminalize their population and take on what are seen as unnecessary social and economic costs.

8. Extreme violence due to the fact that in a black market, only criminals will participate and criminals use violence to secure market share ("you don't see Budweiser and Heinken shooting each other over territory").

9. Drug war breeds contempt for the law, because millions of people use drugs, even frequently, without any consequences at all (depending on one's demographic profile).

10. The drug war destroys the lives of the very individuals the government claims it wishes to help because as felons, they become unemployable. So while imprisoned and after release, such people are unable to provide for their families and being separated from families is highly corrosive to families.

Re:The DEA

[djl4570]

Go spend some time with Google.

I don't disagree with you, but digging up citations to support your argument is your job, not the readers.

Re:The DEA

[jcr]

Do we have substantially more people in jail *because* of the war on drugs?

Are you serious?.

-jcr

Re:The DEA

[anagama]

Oh boy, what rubbish. Let's address some of your points:

1. You failed to show a correlation between drug prohibition and incarceration. Do we have substantially more people in jail *because* of the war on drugs? If so, prove it.

2. It doesn't matter that everyone consumes drugs at the same level (to be proven, where is your source?). What matters is who deals and distributors said drugs. I highly doubt that as many white people distribute drugs as other ethnic groups and it makes perfect sense to dish out longer jail time to distributors than users. So what are you really complaining about here?

3. There is a reduction (on a gross-level, not net), but the population is increasing and drug distributors are better funded than people enforcing the law. Are you implying that ineffective drug enforcement means we should give up altogether? Sex trade and child labor is on the rise too, should we stop trying to curb those crimes too?

4. I'm not going to argue for/against this.

5. I'm sure terrorism had nothing to do with it. The world is changing my friend, drugs are only part of the problem.

6. I'm not sure what you're referring to here. The DEA and main police force are separate beats. I trust my local police force just fine, thank you very much.

7. Last time I checked, drug use was illegal (and enforced as such) in most countries around the world, so I have no idea what you're referring to.

8. Poor logic. Again, should we legalize all form of criminal acts for fear of what the black market will do? Laws exist for morale reasons. Selling drugs is like selling Alcohol to a known Alcoholic. It is highly addictive and prays on people's weakness.

9. Many people experiment, but most move on and hold nothing but respect for law enforcement. Most people don't smoke pot and do crack through the rest of their life.

10. That's a problem that affects all felons. Where do you draw the line? Shouldn't we try to improve the life of *all* felons? Why the focus on drug felons alone?

Obviously you failed to watch the debate.

1. 50% of the Federal inmates, 25% of state inmates for drug offenses: http://www.drugwarfacts.org/cms/Prisons_and_Drugs

2. You're just being racist.
http://healthland.time.com/2011/11/07/study-whites-more-likely-to-abuse-drugs-than-blacks/
http://www.hrw.org/news/2009/06/19/race-drugs-and-law-enforcement-united-states#_Part_I:_Race

A recent study in Seattle is illustrative. Although the majority of those who shared, sold, or transferred serious drugs[17] in Seattle are white (indeed seventy percent of the general Seattle population is white), almost two-thirds (64.2%) of drug arrestees are black.

3. I don't even understand you're point in the first sentence. It's totally incoherent. The second, about the sex trade, completely misses the point because the number of people who use prostitutes is vastly smaller than those who use drugs. The drug war is like outlawing french fries -- sure, they make you fat but so many people use them, it's pointless to push against the tide. The same cannot be said about prostitution. If we ever get to the point that is the case, then we can address that -- right now, it's just off topic. A diversion.

5. As Greenwald pointed out in his debate, the egregious civil liberties violations of the last decade, first took root in the drug war.

6. Google "drug war militarization of the police force" and pick an article: https://www.google.com/search?q=drug+war+militarization+of+the+police+force

7. Again, you totally didn't watch the debate

Re:The DEA

[Moral+Judgement]

I am very sorry about your wife and your experiences. Many people may have adverse reactions to recreational drugs, which is why some form of quality control and minimum age policies will have to be instituted to make legalization work. However, alcohol abuse can and does lead to mental health problems, at a much higher rate among the general population than marijuana. While it's true that your wife may have been more susceptible to marijuana, that is not the case with the population as a whole, for whom alcohol is much more dangerous. I have supplied an research paper, a quote from the abstract of which is pretty illuminating, "Schizophrenia is frequently complicated by comorbid disorders such as medical illnesses, mental retardation, and substance abuse. Substance use disorder is the most frequent and clinically significant comorbidity in this population, and alcohol is the most common substance of abuse, other than nicotine (nicotine is much more prevalent than any other substance of abuse in this population) (Cuffel 1996)." I know the abstract only cites co-morbidity of drug use, mostly alcohol, with schizophrenia , rather than cause and effect. However, the same could be the case with much of the population for which marijuana "causes" schizophrenia. After all, no one is suggesting that cigarettes cause schizophrenia, and just about all mental health patients use them (only a slight exageration).

Re:The DEA

[TheRaven64]

something that would be unlikely to happen with alcohol

It's also unlikely to happen with marijuana. It's even unlikely to happen with LSD, although probably more likely. Unfortunately, unlike tobacco and alcohol, there is no requirement to put warning labels on marijuana when it's sold. It is also difficult to do detailed studies on the effects of the drug, and it is not possible to go to a doctor and be tested for the latent conditions that can be triggered by certain chemicals, if those chemicals happen to be illegal.

Re:The DEA

[sudon't]

"you don't see Budweiser and Heinken shooting each other over territory"

Not anymore, anyway. But of course we saw exactly the same problems anagama outlines above, during alcohol prohibition.

Re:The DEA

[fyngyrz]

So is what you're saying that Rosa Parks should have stayed at the back of the bus? Because she was "saying "Fuck you" to the whole democratic system and was just BEGGING the judge to put her in jail"?

What you're completely missing here is that the law can be wrong. The whole system can be wrong. It can fail to respond to corrective forces, such as information or awareness of side effects, or to take civil rights into account. Even when there are large, organized groups of people carefully organizing the data and presenting it regularly to the government. Even when the government's own studies indicate the accuracy of that data. At that point, you have government out of control; not a correct expression of a democratic process, or more to the point, correct action of the republic.

You're also missing the point that it isn't about the thrill of smoking; it's about the government wrongfully repressing personal choice, and in the process, creating a whole series of side effects that do huge harm, and then refusing to admit it was wrong. Even though prohibition II has produced exactly the same problems, albeit written larger, as prohibition I did; and even though just like prohibition I, prohibition II has utterly failed to control the substances it was intended to control and the people it was intended to control. It's junk law from junk minds which does huge damage to the citizens.

I don't do a lot if recreational drugs outside of wine with dinner and a cup of coffee from time to time. I'm not personally fond of pot. But I absolutely deny that the government is correct in saying I cannot smoke pot; and it's outright evil in what it does to people it catches selling or smoking pot. As far as the DEA goes, that's a violent and corrupt force deployed against our own people to no good purpose. The government does not deserve my support in this matter, and it does not have it.

Re:The DEA

[fyngyrz]

Having seen my wife turn into a paranoid schizophrenic by smoking joints

This is not a reasonable argument against pot. There are people out there who can't drink milk; who can't eat bread; who can't take aspirin, etc. The correct response to that reality is not to make milk and bread and aspirin illegal, and then to escalate such that someone who sells milk or bread or aspirin, or consumes them, goes to prison, etc.

There are people who will have severe reactions if they see flashing lights. Should we therefore make flashing lights illegal? What about peanuts? I like peanuts on my sundaes; but they will really hose some people. Should we outlaw peanut butter and all other peanut products? And then go shooting people on sight if they grow or sell peanuts?

It is an unreasonable argument to assert that these things are bad because some small percentage of the population has trouble with them. The reasonable conclusion, in fact, is that there's something unusual about that small percentage, and that is certainly worth looking at. But that's darned difficult to do when the whole thing is massively illegal and has its own ultra-violent specialized military to enforce that illegality.

Of course, that doesn't necessarily mean going to jail is the answer, but pretending that smoking joints is harmless really doesn't help.

It's harmless for the vast majority. We're quite sure of that, because the number of people who have indulged is extremely large. Pretending that your wife's experience, even if correctly attributed to marijuana use, is sufficient to categorize marijuana as generally harmful is very poor procedure. It is exactly the same kind of cognitive error that would categorize peanut butter as generally harmful because occasionally someone is found to have an adverse reaction to peanuts.

Re: Who cares

[sjames]

I'm pretty sure they're doing their best to figure out what Jesus would do and then do the opposite...

Re: Who cares

[demonlapin]

You can think that all you like, but the reality is that Americans have an immensely negative view of atheists. Here, observe that Americans consider atheists more objectionable than blacks, women, Catholics, Hispanics, Jews, Mormons, gays, or Muslims for political office. And that study does not discriminate about which political party you're discussing!

Re:PGP

[femtobyte]

Suppose the darkest inner circles of government intelligence agencies actually can crack widely-used and trusted encryption like PGP. If you're merely an international drug dealer and child slave trader (or peaceful anti-war protestor, whichever the FBI loathes more), the tiny cabal of people within the FBI who have the clearance to know about the PGP crack aren't going to do anything that remotely risks leaking such information. Your secrets are perfectly safe with them, because they've got more important targets (like all the Top-Secret-equivalent info from foreign governments and corporations) that they'd lose covert access to if even a vaguely credible hint of a PGP crack leaked to lower levels of government law enforcement (and from there to other countries' intelligence operatives). A PGP crack would simply be too important an asset for covert intelligence to risk exposing on whatever mildly nefarious plots your encrypted emails are hiding.

Re: Who cares

[ceoyoyo]

It is LITERALLY like shouting fire in a crowded theatre [wikipedia.org].

I think you don't understand what "literally" means. Your post gets sillier from there.

Open source

[DrYak]

Who would believe any different?

If the source is open, it's actually possible to check if the data safety is sane.

Exemple: Mozilla's Sync.
It *does* store web passwords on the server.

Data sent and received from the server is always encrypted. (the server never has access to the clear text, only to the encrypted form)
Without the password that the user keeps for him/herself, all the rest is useless.

Three-letter agencies could subpoena all that they want, there simply isn't a technical way to extract the data. All that they can get is only a bunch of random-looking encrypted data, which is useless without the password stored into the user's head (or a nearby post-it... saddly, no matter how much advance an encryption scheme is, there are always users who will screw up badly).

Counter example: Skype

Skype's license clearly state that they will collaborate with local authority as required by local law.
It's closed source, so you can't actually check, but given the license, you can safely bet that there is very likely a backdoor somewhere inside to comply with the various wire-tapping law.
(very probably in the form of a way for law-enforcement forces to obtain the encryption key, so it's possible to later decrypt any intercepted network traffic).