Tim Cook: "Weakening Encryption Or Taking It Away Harms Good People"

Patrick O'Neill writes: Over the last year, Apple CEO Tim Cook has repeatedly made headlines as a spearpoint in the new crypto wars. As FBI director James Comey pushes for legally mandated backdoors on encryption, Cook has added default strong encryption to Apple devices and vocally resisted Comey's campaign. Echoing warnings from technical experts across the world, Cook said that adding encryption backdoors for law enforcement would weaken the security of all devices and "is incredibly dangerous," he said last night at the Electronic Privacy Information Center awards dinner. "So let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reason."

At least one thing that makes sense.

[Z00L00K]

Too many things these days that don't make sense. If you have a hole in a system it will be abused by malicious people.

Re:At least one thing that makes sense.

[jcr]

If you have a hole in a system it will be abused by malicious people.

Like the federal government.

-jcr

Re:At least one thing that makes sense.

[nine-times]

Like the federal government.

Well I think the idea that "If you have a hole in a system, it will be abused by malicious people" is a big part of the reason I'm uncomfortable with the federal government having access to people's personal info. Yes, there's the whole danger of dictatorship and secret police and bla bla bla. It's a real danger, but it feels far off. Far more immediate is the danger of... just some asshole that works for the NSA or FBI abusing the access. For all the assurances that "we have access to your data, but we promise only to look at it after we get a warrant from a secret court," you know that there's some dude at the NSA looking through email from people he went to high school with, just for kicks. And that's creepy and all, but if that guy is also a bit crazy and malicious, he can do some damage to people's lives.

So ultimately, the danger of the Federal government having access to your data is less that the Federal government is itself dangerous, but having access to private data without sufficient oversight is going to be abused by individuals within the Federal government.

Re:At least one thing that makes sense.

[Creepy]

James Comey (head of the FBI) has pretty much said he wants all encryption outlawed. Having personally read a ton of emails that were not mine just for fun in college (via packet sniffer), including some very personal ones (though most not - I also scooped up numerous passwords but never used them... can't say that's true for the other kids that did the same, though), I'd say this is a terrible idea. Let's all go back to party lines, too, because you'll never know who's listening and therefore everyone is more secure.

  Incidentally, I learned never to send any private or personal information via email because I learned about and how to use packet sniffers. I would never sext or send personal info via text, either - only fools trust their phone company security (at least in America). Now that the America FREEDOM Act has passed, can't trust Skype or VoIP either, because those are all permitted to be dragnet vacuumed up now (FREEDOM for what? more government snooping it seems) and companies like Microsoft are protected from liability for letting the NSA scoop them up.

Re:At least one thing that makes sense.

That is cute that YOU don't. But I assure you, your insurance company, physician, and bank do. Your social security #, bank account, medical prescriptions (actually sent everywhere by law), probably even your passwords, are being sent everywhere, unencrypted.

Re:At least one thing that makes sense.

[Ravaldy]

I agree. I think there's a better compromise to be had. Putting aside conspiracy theories I believe there are 2 reasons governments would want access to data.
1. To monitor for security
2. In court cases where data on a device is required to provide guilt or innocence

In my opinion, "Monitoring for security" hasn't yielded any results. Proof that the bad guys are wiser than the system.

As for court cases I'd keep it pretty clear cut. If a case requires data from a defendant and the defendant refuses to provide said data, that should play against his case. I can't see one case where keeping the data from a trial to prove your innocence makes any sense.

Re:At least one thing that makes sense.

[electrosoccertux]

If you have a hole in a system it will be abused by malicious people.

Like the federal government.

-jcr

you wouldn't want to do anything about that would you? we'll put you on the potential terrorist list just in case.

Re:At least one thing that makes sense.

[nine-times]

Putting aside conspiracy theories I believe there are 2 reasons governments would want access to data.

I'd argue that the real reason the government wants access is not some coherent conspiracy, but some relatively simple factors: People in the US were in a panic following 9/11.

People were scared. When people are scared, they panic. When they panic, they make stupid, short-sighted decisions. Remember when people in Iowa were taping plastic sheeting over their windows for fear of a chemical/biological attack? Remember how silly that was?

While the general populace were panicking, so were various public officials. They wanted to figure out how to make sure we were protected from terrorist attacks, and it was decided that we should do whatever it takes, even if it violated people's rights, and even if it was immoral. Even if it was stupid and didn't actually help, it didn't matter, because they wanted to do everything that it was possible to do. So they had the TSA searching your bags for nail clippers and liquid soap, and they had the NSA listening to your phone calls.

And yes, for many people behind these decisions, I think that was the motivation. They actually wanted to protect the US from attack, and also knew that they'd be fired (or lose their reelection) if they were seen to be failing to do everything humanly possible to prevent another attack.

In the mean time, lots of businesses made money from the ramped-up security, and those businesses are giving "campaign contributions" to the officials that decide whether to keep those programs. Plus, organizations like the NSA increase in power and prominence, and they'll use their influence to argue against rolling back such programs. There's also pressure from law enforcement, who have been using the intelligence for the prosecution of crimes unrelated to terrorism, and want to keep all the tools they can get. Even though it's a violation of people's rights, it doesn't seem so bad when you've been doing it for a decade. Aside from that, even if officials are in favor of ending these kinds of programs, it's still difficult politically because a lot of uninformed voters are going to see this as being "soft on terrorists".

So all those things add up, and nobody has the political will to end anything. Very few people even have the balls to come out and say that these programs should be ended.

Re:At least one thing that makes sense.

[Ravaldy]

Absolutely.

When I said "conspiracy theories" I wanted to avoid getting into the intellectual theft argument.

Two Words: The Fappening

Two Words: The Fappening
Imagine Government has access to your private files LEGALLY, such that exposure of your files, your property, your life is completely unprotected by legislation?

Re:Two Words: The Fappening

[Luckyo]

This is already the case?

Re:Two Words: The Fappening

[geekmux]

Two Words: The Fappening Imagine Government has access to your private files LEGALLY, such that exposure of your files, your property, your life is completely unprotected by legislation?

Why do you speak of legalities as if that were a constraint around our government today?

Let me be clear. They break the law. And there's not a fucking thing you can do about it.

And no, it doesn't matter what puppet you vote into office.

Re:Two Words: The Fappening

Two Words: The Fappening
Imagine Government has access to your private files LEGALLY

Right idea, wrong reason.

Imagine how much more wide spread the next The Fappening will be with Uncle Sam's mandated backdoor.

How do you "take away" encryption?

[spiritplumber]

I mean, this is the same guy who wants to effectively "take away" the ability of users to write their own code on their own machines, sure, but how's that even accomplished.

Re:How do you "take away" encryption?

[GrahamCox]

WTF are you talking about? I can and do write code on my iOS and Mac devices and Mr Cook and his company provide the tools to do it.

Re:How do you "take away" encryption?

You can't distributed signed binaries without having it signed by Apple's CA. Nope. Hence "signed" and "We verify these guys are not doing anything malicious, or we revoke this signature and tell the asshole to piss in the wind and keep the program from launching any more". It's a whopping $100 to go through that process too, mostly so they can establish your identity and proof your not some asshole submitting a thousand pieces of malware an hour in the hope that one or two get through because its completely free to do.

If you're a programmer starting up your own business and can't afford the whopping $100 fee to get your program signed once the entire development cycle is done with, there are several easy workarounds. You can open the program holding down the option key while loading it, or going into preferences and telling it to ignore these checks to begin with. You can then run any code you want without ever seeing the warning again. It's really really hard to do. Its 4 mouse clicks. 4. Or you could not be a cheap ass and be willing to obtain the free developer kit and then $100 for the digital signature and identity verification/non malicious code checks.

Quit frankly, if it's that easy for Tim Cook to fuck your ass, you better not ever go to prison, or you're going to be a world of hurt (literally and figuratively). Same if anyone in the real world ever calls you a bad name or something. Grow a damn spine, man and get real. Or stop posting bullshit. Or get a clue. or all of the above.

Re: How do you "take away" encryption?

It's not the $100 so quit pretending it is. It's about control. If all Apple was doing was making sure your app isn't malicious that would be one thing. What they also do is make sure your app doesn't do things they don't approve of. Like, for instance, enable purchasing of things that Apple doesn't get a cut of. Or, in some cases, controversial things our not family friendly things. Or maybe they don't do that on a particular day. It is pretty arbitrary, and that, not the $100, is the problem.

It's a problem because unlike Android, I can't (legitimately) tell an iOS device to load an app from another source, so I have no freedom there. Is it more secure? Yes, absolutely. It's also less free, and that matters more to a lot of people.

It's also what this whole thing with encryption is all about. To get back on topic, James Comey is acting in an un-American anti-freedom manner and should resign because he doesn't deserve our trust or the job he has. Got that, NSA? Be sure to pass it along to the FBI so they can add it to me file.

Re:How do you "take away" encryption?

[Austerity+Empowers]

I wasn't sure. So I clicked on "terminal" and typed "gcc" and it worked. To be fair, "gcc" seems to invoke this "clang" thing not gcc, but it compiles code and Hello, World! shows up. I tried python too, that also seems to work, if you're in to white spaces.

Not sure what this guy is talking about really. Even MS gives out free dev tools these days, and that is in spite of Bill Gates' famous objection to giving such tools out for free.

Something to hide?

Are you honest person? You have something to hide?

Yes, every honest person has a lot to hide and it is called privacy! And it is important that everyone would value their privacy and encrypt everything just in sake of others rights for privacy!

If some authority has problems, they are free to come to knock on my door or call me. I can talk on front door or in the phone.

Re:Something to hide?

People always get it wrong. It's not privacy you want but anonymity.

Re:Something to hide?

I am willing to argue that even criminal with evil intent have a right to privacy. The police's job is to catch them by doing hard work. Monitoring everyone thought and wait for a red flag is not police work.

Re:Something to hide?

Exactly. And as a gay man who was (publicly) in the closet for decades, I imagine Tim Cook is very aware of the value of privacy.

Re:Something to hide?

[jcr]

I wouldn't say he was in the closet. He didn't make any announcements, but it was widely known around Apple and nobody cared.

-jcr

Re:Something to hide?

[gnasher719]

People always get it wrong. It's not privacy you want but anonymity.

I want both. If Google puts ads into my browser based on my browsing history, and the computer is shared with my wife, what good is anonymity?

Re:Something to hide?

Man, if I'd realized that I would have put a parenthetical clarifier in my post. Thanks for the correction!

Re:Something to hide?

You could blame the dog.

Re:Something to hide?

[sg_oneill]

I wouldn't say he was in the closet. He didn't make any announcements, but it was widely known around Apple and nobody cared.

I imagine he likely however would have taken his time before letting his folks know, which is usually a big reason people stay in the closet. Many "in the closet" folks are out to their friends and workmates, but hide it from their parents , who might be religious or bigoted or whatever. Whatever the case is privacy is *very* important to people who are gay or transgendered or whatever.

Re:Something to hide?

[weilawei]

I hate to be a broken record, but in every other instance, we (Slashdot commenters) tell people not to put information about their personal life online unless they want other people to see it. If you attach your name, you should not expect it to magically disappear.

This is a hard truth to learn. Some people don't get it and are later angry. Some people get it, act accordingly, and prepare for/accept the consequences.

Re:Something to hide?

[weilawei]

If your wife has a problem with your browsing habits, you need to communicate better--with her.

News flash: people watch porn.

Re:Something to hide?

[Noah+Haders]

good to know that you're such a perv that for you private == porn. what if you're searching for information on mental disease? or divorce? there's all sorts of things that people want to keep private, either from family members or from work.

Re:Something to hide?

[Noah+Haders]

maybe some day a biography will come out... but I wonder if growing up gay in Alabama taught him the value of privacy. he's definitely a strong man.

Re:Something to hide?

[Noah+Haders]

how did he attach his name? he used the internet from his computer. it's not like he started a slashdot account linked to his email with the user name iamtrans

Re:Something to hide?

[weilawei]

If you're divorcing your wife, I think you have bigger problems than ads.

If you've got a disease, I think you still need to communicate better with your wife.

If you can't trust your wife, you've got very little left.

Re:Something to hide?

[Noah+Haders]

ok, what if you're thinking of coming out gay or trans? or what if you are a woman and looking for domestic abuse shelters? there are so many valid reasons to protect your privacy.

Re:Something to hide?

[weilawei]

And there are many tools available for you to protect your privacy with. NoScript, Tor, et al..

Personal responsibility, what a concept. The idea that you consider the consequences of your actions before you take them, plan for the consequences, and accept them when you run into them--especially if you failed to plan for them.

Yes, you should be able to do all sorts of things without fear of repercussions, but reality is otherwise at the moment. That's why you plan for the consequences that exist and work to change the ones that will exist in the future.

We don't want to pay for services, so we get ad-supported services. Then, those ad-supported services have to be reasonably targeted to make them worth running. If you want something for free, and you don't want to be tracked, use the free and open source tools available to protect your privacy. If you don't like the ads, use services which offer a patronage model.

Prior planning prevents piss poor performance. I've no sympathy for people who want everything handed to them on a silver platter.

Re:Something to hide?

[IsThisNickTaken]

What if you're searching for a birthday gift for your wife, or planning a surprise getaway for your anniversary, etc.?

Yes, I know about I the incognito modes, running browsers in a VM and resetting the VM, etc. I was just pointing out legitimate things that you would want to hide from your spouse and that your spouse would most likely be glad to not find out about (depending on how they felt about surprises...) :)

Re:Something to hide?

[weilawei]

At least I'm not a politician. Then I'd be a lying jackass.

Re:Something to hide?

[kilfarsnar]

If you're divorcing your wife, I think you have bigger problems than ads.

If you've got a disease, I think you still need to communicate better with your wife.

If you can't trust your wife, you've got very little left.

What if you're planning a surprise party for her?

Re:Something to hide?

[schlachter]

I'm not able to parse your rant/post.

Are you arguing that an average person must take it open themselves to understand encryption, IT security, best practices, and relevant tools, and be expected to implement a secure setup across all their devices on their network?

Most people have limited to no ability to understand this, let along allocate the time to maintain a solution.

Re:Something to hide?

[schlachter]

I am willing to argue that even criminal with evil intent have a right to privacy.

And if you argue that far, then certainly a criminal WITHOUT evil intent has a right to privacy. Such as your average weed smoker, or Gay person in much of the world, or Pork eater in Israel military, or dude that ties his giraffe to a lamp post on Tuesdays

Re:Something to hide?

[Creepy]

Had to start doing this on my laptop. Was searching for gift ideas for her for Christmas and didn't use incognito mode, but her desktop computer started having problems (hard drive was failing) so she used my laptop and, while I'd cleared browser history (which I do religiously, anyway, mainly because some development work I do can pull in old pages if not cleared), ads for the things I looked at started appearing in her Facebook feed. Fortunately, she didn't notice, but I only shop Incognito now.

Re:Something to hide?

[Austerity+Empowers]

Let's spell it all out. I'm sure this isn't comprehensive:
- I want personal issues related to my family (medical, mental, social, sexual, etc.) hidden. No one needs to know that, frequently even I do not, but families overshare and it should be safe to do so.
- I want my finances secret. The government already knows how much I make, my employer and investment banks already helpfully report this and withhold taxes. But that does not mean it should be casually available to anyone who wants to go look. It is not anyone else's business, and worse, can be used to hurt me or my family.
- I want my choices to be secret. I am protected by the Bill of Rights against self-incrimination, I would not voluntarily admit to any crime I committed if I knew they were watching nor am I obligated to do so. I should not be in a position to accidentally "confess" particularly to a crime no one is investigating. I may not have known what I did was a crime, and in fact no one may have been hurt, therefore there is no reason for the police to be involved. The government, however, has financial motive to collect fines. If say, I bought alcohol from on a Sunday morning in Texas, this is illegal. No one is hurt, but if the government were to spy, the purchaser would lose his liquor license and I'd be fined making the government money. In fact more people are hurt by the crime disclosure than by keeping it on the DL, but it's hardly 'dishonest'.
- I want my private activities secret. Not all things I do are for everyone to know: I may be looking for a new job, I may have a mistress or five, I may be in the closet but the winter coats are a rockin', I may be working on the Next Big Thing and trying to get a business going but in a position where someone could snipe my idea and get a leg up on me (particularly if that someone were wealthier than I am, and not having to go seek funding), etc. There are tons of honest or quasi-honest reasons to want privacy.
- I may be communicating privileged information to a client, patient or customer with the expectation or perhaps written guarantee of secrecy and have a significant contractual liability should that information get out. It should not be victim to the government (or private corps) prurient interests.
- I may be in a position where I am about to acquire, legally, something incredibly valuable but until I have possession and/or have dispositioned it securely be vulnerable to dishonest people. Ex. Let's say I won the lottery, until such time as I can get the ticket notarized, successfully placed in the appropriate hands, there is a huge financial incentive for a thug to mug me of that ticket. I cannot do this without communication: i may need to make several parties aware of my position and arrange for security. A bad agent spying on me, who makes a normal wage at his poice force job would really like to get that ticket and already has the right combination of weapons, authority and disposition to steal it.
- I may simply not want to be gossiped about, and have the elements of truth of that gossip come around and haunt me later. The less people know, the less interesting the gossip and the sooner it all ends.

Re:Something to hide?

[Austerity+Empowers]

I guess I don't consider something you post on facebook with inappropriate privacy settings, or broadcast out loud in a bar, or write in a newspaper, or have written in the sky to be private. I don't think the government is doing anything wrong by looking there. But if you have the appropriate privacy settings and/or the reasonable expectation of privacy, the government should be forbidden from it and not given any special privileges.

Re:Something to hide?

[weilawei]

You understand me correctly and you raise a good point. The average person is not likely to be capable of, nor have the time to devote to defending themselves against ridiculous invasions of privacy.

As it presently stands, it's a good idea to be able to that and devote the time to it--but people shouldn't have to.

That's why I said that people should work to change the state of things so people don't need to worry about it. Things like private browsing modes and the Tor browser bundle are making it simpler than ever, although they are by no means perfect.

Re:Something to hide?

[david_thornley]

Who says I'm browsing without NoScript? I've looked at stuff on Amazon, and noticed it appearing in ads on my Facebook feed. Chrome has an "incognito window" feature, but it warns that it can't protect against whatever is on the other end.

A while back, Target was doing data mining to target advertising, and sent ads appropriate for a pregnant woman to a teenage girl. Unfortunately, her father saw the ads, and since she hadn't told him it was a very awkward moment.

There are things I do online that are traceable to me, and have to be in order to be useful.

Like Everything Else in The Computer World...

It's either safe for all or unsafe for all.

Signs you are in trouble

[cold+fjord]

#3 - You rely upon Apple maintaining and respecting your privacy

Tim Cook didn't address Apple's real privacy problem

Re:Signs you are in trouble

[phantomfive]

The advantage Apple has is that they don't rely on advertising for any significant part of their revenue. Which means people who buy their products are still customers, not products. That's a good thing.

Re: Signs you are in trouble

[Rosyna]

Hmm I thought apple received billions in revenue from defaulting search to google

And?

Also, the search engine recently defaults to Bing in a lot of contexts. Apple gives the contract to whoever is the most willing to adhere to Apple's rules.

Re:Signs you are in trouble

[gnasher719]

Looks like someone at MoneyCNN has an axe to grind.

There has never been any evidence, or any good reason to believe that anyone hacked into iCloud to get pictures of "celebrities". On the other hand, plenty of evidence that there were easy to guess username / password combinations. Plus, the article title is "Tim Cook didn't address Apple's real privacy problem", when the first statement it makes is that Apple actually _did_ address a problem.

Re:Signs you are in trouble

[IamTheRealMike]

The advantage Apple has is that they don't rely on advertising for any significant part of their revenue.

That's the theory Apple is peddling. It doesn't match up very well with reality though.

Firstly, don't get me wrong, I love Tim Cook's stance. I love that Apple is pushing encryption. I don't want to see them stop. But Silicon Valley needs to move as one here, and this sort of competitive sniping isn't really helping.

The only product Apple has that's actually end to end encrypted is iMessages. But WhatsApp is also encrypted in the same way, and that's owned by Facebook, which makes its money by advertising. So much for that theory.

All the other cloud products Apple has work in exactly the same way as their competitors do: you upload unencrypted documents to Apple, who then store and process them for you. And this is a technological constraint, not a business model constraint. Keeping servers fully blind as to the data they're working with is an open field of academic research. It's not something that Google or Facebook or Twitter or DropBox or whoever are holding back from because they hate privacy. It's just a really hard problem.

And finally Apple does of course have an advertising product. It has iAds. That has not been a successful product for them, but it's not for lack of trying.

So when you actually examine the details of Apple's products, you see that they're not really any different to what their competitors are doing. Cook's statements sound good to the non-expert listener, but it's just marketing.

What's more, there's a rather problematic assumption underlying Cook's position. Apple indeed makes most of its money from the extremely fat margins it makes from iPhone buyers, who consistently pay way over the odds for what they're getting. But it's only possible for Apple to subsidise its cloud offerings via fat hardware margins because Apple ignores the low end of the market. Indeed, given their attempts to destroy Android, it's fair to say Apple not only ignores the low end but would be quite happy if people too poor to buy an iPhone had no smartphone technology at all. Advertising as a business model may not be perfect but it's the reason that people in Africa can buy smartphones for $30 and use services like Google Maps, Search, Photos, etc. People who live outside affluent countries matter too.

Re: Signs you are in trouble

[frdmfghtr]

"Keeping servers fully blind as to the data they're working with is an open field of academic research. It's not something that Google or Facebook or Twitter or DropBox or whoever are holding back from because they hate privacy. It's just a really hard problem."

How is this a hard problem? The Spideroak cloud storage service does this; uploaded files are encrypted before they leave your machine. Even the file names are secret; the servers have zero knowledge of the file's name or type or contents.

Re: Signs you are in trouble

[IamTheRealMike]

How is this a hard problem? The Spideroak cloud storage service does this; uploaded files are encrypted before they leave your machine. Even the file names are secret; the servers have zero knowledge of the file's name or type or contents.

Services like SpiderOak sacrifice features people want, in order to get that. For instance, no search. No web preview or editing. Clunky sharing. No password recovery if you forget.

Still, I was mostly thinking about other services. If you look at some of the features Google Photos has like being able to do text search for untagged photos using image recognition, there's no technical way to do that in a blind manner right now.

Re:Signs you are in trouble

[Noah+Haders]

The only product Apple has that's actually end to end encrypted is iMessages.

also facetime audio and factime video. they basically have a secure communication platform, except for email.

Keeping servers fully blind as to the data they're working with is an open field of academic research. It's not something that Google or Facebook or Twitter or DropBox or whoever are holding back from because they hate privacy. It's just a really hard problem.

google makes all their billions from reading people's communications and tracking their searches then advertising against it. they have incentive to not solve this "hard problem".

Advertising as a business model may not be perfect but it's the reason that people in Africa can buy smartphones for $30 and use services like Google Maps, Search, Photos, etc. People who live outside affluent countries matter too.

this is a fair point and something that I need to think on some more. but it could be argued that many people who rejoice at a $30 phone don't fully understand how much they're giving up when they get one.

Re:Signs you are in trouble

[Noah+Haders]

it's fair to say that while many sites such as gmail had integrated advanced security features such as 2FA, apple had not done so in the name of usability. this was the fundamental flaw. after the fappening apple rolled out 2FA.

However, i would call this a security problem not a privacy problem.

Re:Signs you are in trouble

[IamTheRealMike]

I agree with you. From my post ....

It has iAds. That has not been a successful product for them

... and ...

it's only possible for Apple to subsidise its cloud offerings via fat hardware margins because Apple ignores the low end of the market

Re:Signs you are in trouble

[phantomfive]

So when you actually examine the details of Apple's products, you see that they're not really any different to what their competitors are doing.

Nah, if you work in ad-tech you'll see there's a difference between a company that relies on ads for revenue and one that doesn't.

When an ad company wants to increase revenue, they ask, "how can we show more ads?" or maybe, "how can we increase inventory?"

When a product company wants to increase revenue they say, "how can we get more people to use our product? or maybe, "what new product can we build that people will like?" The focus is still firmly on the customer.

Re: Signs you are in trouble

[BasilBrush]

Hmm I thought apple received billions in revenue from defaulting search to google

I've no idea, and neither do you. But it's clear that Apple are currently only using Google as the default for browser searches because the public expect it. Google is the world's favourite web search engine.

But Apple's every move is away from offering Google's services. Where it used to be the only supported search engine you can now select others. And their other major search app-Siri dropped Google as it's underlying search engine 2 years ago.

And of course Apple completely replaced Google Maps with their own version to end Google's snooping on where iPhone users are.

FBI director

[mcfedr]

When politicians say this things - you can maybe believe that they don't understand the impossibility of undermining encryption such that only the 'good guys' can do it. But the director of the FBI, would must know what he is talking about, and must know that its just completely wrong.

Re:FBI director

[dcollins117]

But the director of the FBI, would must know what he is talking about, and must know that its just completely wrong.

Of course he knows. He knows better than most people do. When he talks of breaking encryption, he's talking about weakening your encryption, not his. He's going continue to use the most robust tools at his disposal to protect his privacy. But he's the good guy, at least in his mind. You, he's not so sure about.

In the end it doesn't matter what he wants. It's a foolish request that can't be implemented. The tools to communicate securely over unsecure channels are freely available to everyone at no cost. More importantly, we have the math. You can't outlaw math.

Re:FBI director

[DrXym]

Of course it's wrong - from everyone else's viewpoint. A backdoor sounds like a wonderful idea if you're the head of the FBI tasked with catching bad guys and faced with the cost and frustration of extracting useful info from an encrypted device.

Re:FBI director

[Maggu]

Also, the US can't enforce "legally mandated backdoors" on every foreign made phone. It seems somewhat unrealistic to me to tell every visiting businessman or tourist that they can't bring a phone into the US. I suppose it would be possible to go the UK route and make use of encryption a criminal offense for US citizens, but that's a bit of an uphill battle that won't hurt criminals much.

Re:FBI director

[cccc828]

More importantly, we have the math. You can't outlaw math.

Oh, really?

Re:FBI director

[CeasedCaring]

Use of encryption IS legal in the UK.
It's witholding your password from law enforcement when officially asked for it which is a criminal offence.

Re: FBI director

So using encryption properly is an offense in the UK.

Re:FBI director

[dcollins117]

OK, I stand corrected. I guess you can :)

Re:FBI director

[Steve+B]

any reference to evolution will also be forbidden

Who knew that the Islamic State was run by the GOP?

Re:FBI director

[mcfedr]

I think that is the craziest part, that again the people involved know about, that they can never hope to control all the software in the world. And as much as they can might be able to stop ordinary americans using real encryption they have no chance of stopping the 'terroists' that they claim to be really trying to spy on.

Sounds exactly like a pro-gun argument...

[Zondar]

But how many people will support this argument when the subject is encryption but rail against it when the subject is firearms and self-defense?

Re:Sounds exactly like a pro-gun argument...

[Kirth]

Oh yeah, now you're comparing locks to guns? What exactly is your point here? Trying to discredit advocates of encryption?

Re:Sounds exactly like a pro-gun argument...

[antiperimetaparalogo]

But how many people will support this argument when the subject is encryption but rail against it when the subject is firearms and self-defense?

You already know the answer to your rhetorical question my fellow G[r]eek...

Free Greek language lesson for barbarians:
How the "I will give you my gun when you pry it from my cold, dead hand" English phrase is "translated" in Greek? MOLON LABE!

Re:Sounds exactly like a pro-gun argument...

[DMUTPeregrine]

Guns have strong offensive uses. Encryption generally doesn't, the closest it comes is cryptolocker-style ransomware. Which is mitigated by offline backups.

Re:Sounds exactly like a pro-gun argument...

Perhaps because most people don't understand that "pro-gun" arguments aren't about guns, but about rights. That line in the sand defining the government's mandate and the extent of acceptable action it can take against its own citizens.

Re:Sounds exactly like a pro-gun argument...

[BlueStrat]

Guns have strong offensive uses.

Which are only effectively countered by people defending themselves with guns.

God created Man. Sam Colt made them equal.

Grandma (and the physically disabled, young women, etc) has a chance against a young, fit, male attacker if she has a gun. More than without a gun. Much more than blowing a "rape whistle" and peeing herself, or waiting for police who, in many small towns including the one I live in, typically wait at the donut shop until the shooting is over before arriving to take a report and have the body(s) removed. As one cop told me in a moment of frankness; "I ain't dodging gunfire for no $70k a year and a pension!"

Police in the US have no legal obligation to protect citizens.

Police handle the paperwork. Citizens are the true "first responders".

Strat

Re:Sounds exactly like a pro-gun argument...

[dcollins117]

Oh yeah, now you're comparing locks to guns?

It's not that far-fetched. Cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment up until 1992 or so. There are still restrictions of the export of encryption technology.

Re:Sounds exactly like a pro-gun argument...

Guns have strong offensive uses.

Encryption has strong offensive uses... that's why the government wants a back door. So you can't organize protests or other 'offensive actions' against the government without their knowledge beforehand, knowing everyone who is involved, putting you on watch lists, taking action to prevent it (like arresting the leaders for 'terrorism' or something, maybe even 'disappearing' them via the NDAA), etc.

Re:Sounds exactly like a pro-gun argument...

[Sique]

But it is quite complicated to kill someone by encryption. Maybe reading him 2048-bit-RSA-keys will cause him to die of boredom?

Re:Sounds exactly like a pro-gun argument...

[aaaaaaargh!]

I think the major difference might be that firearms are designed to kill animals and people, whereas encryption is designed to keep information secure. As in: Comparing apples with bananas.

Re: Sounds exactly like a pro-gun argument...

They already have that right. Must of the gun toting morons you refer to are already criminals. The rest, and the majority, of us are quite responsible and quite offended by the uninformed rabid generalizations people like you seem to think you can get away with. You might try learning how to be polite. People outside your little circle might take you seriously.

By the way, speaking of not getting shot: Do you ever notice how a lot of states make it illegal to defend yourself from that by banning effective armor? So if they take away guns and they take away armor, who do you think they believe is going to be shooting you? Hint: The very people you naively think exist to protect you.

Re:Sounds exactly like a pro-gun argument...

[sabbede]

Not me? Come to think of it, wasn't the exportation of encryption restricted under munitions export rules? The government may have inadvertently defined it in a way that places it under the 2nd amendment.

Re:Sounds exactly like a pro-gun argument...

[david_thornley]

Guns aren't usually going to protect people. For a gun to be useful, the wielder has to be willing to kill with a split-second decision, and that's not really common. If I'm within ten feet of you, and you aren't an expert, I can get my hands on you before you can draw and aim a gun. A whistle has the great advantage that getting it ready is not threatening or attention-grabbing, and using it will come a lot easier than shooting somebody.

Re:Sounds exactly like a pro-gun argument...

[BlueStrat]

Guns aren't usually going to protect people.

Then why do police, judges, and many other government politicians and bureaucrats carry guns for protection and/or are protected by people carrying guns?

As a poster above correctly points out, *no* safety measure or thing is 100% effective in every single situation that could possible arise. Traffic signals, guard rails, on and on, none of these things or countless others are 100% effective in every situation, and some things, like seat belts & airbags, actually end up doing more harm than good in some cases.

Guns are relatively effective for personal protection and on balance are better to have than not have if a threat arises. Otherwise police would not carry firearms specifically for that purpose.

Strat

Re:Sounds exactly like a pro-gun argument...

[david_thornley]

Police and bodyguards are generally aware that they may well have to shoot somebody, and have made the decision that they're willing to kill. They also usually have fewer inhibitions about bringing a gun into a situation that might escalate. If a police officer thinks I might get violent, the police officer will be prepared for an attack if I'm within ten feet. It may well be that you're prepared to kill, and I'm not saying that's good or bad, but the majority of the population isn't.

There are also dangers connected with guns. One that might not be obvious is that, if someone draws a gun and isn't prepared to use it, they make themselves a priority target to be taken out as fast as possible, without regard for consequences. Having guns around means that gun accidents will happen. (You're probably not going to have an injury from a gun accident, since you give the impression of being well enough trained. Most people who are given a gun will not want to go through that training.) It makes suicide more likely to succeed, and various studies have shown that people are usually glad their attempt failed later on.

Assuming that you're not a psychopath or trigger-happy or something like that, having people like you armed is probably a net positive. That doesn't apply to the general population.

Re:Sounds exactly like a pro-gun argument...

[BlueStrat]

Police and bodyguards are generally aware that they may well have to shoot somebody, and have made the decision that they're willing to kill. They also usually have fewer inhibitions about bringing a gun into a situation that might escalate. If a police officer thinks I might get violent, the police officer will be prepared for an attack if I'm within ten feet. It may well be that you're prepared to kill, and I'm not saying that's good or bad, but the majority of the population isn't.

There's your problem. You're generalizing. Legal CCW license holders in the US =/= the general population. Go tour/visit some local ranges. Talk to the people you meet and see there. They're generally delighted to be informative and helpful.

Almost everyplace requires a certain number of hours/classes (varies by loc.) of training and a certification issued by a licensed firearm instructor at a licensed range, as well as background checks including mental health history are performed. I'm not even sure that every police department or academy requires the mental health background check that most CCW licensing requires.

CCW holders have been asked multiple times by multiple people along the way if they're certain they both need to carry the weapon and if they fully understand and are able and willing to accept and carry out the legal responsibilities and obligations attendant and are tested by the licensed instructor on those obligations and requirements before being issued a license/permit.

The people who choose to go through all this generally are motivated and genuinely interested in personal security, tactical strategy and combat situational training, shooting sports in general, and community safety and protection.

The same is not true with too many police officers these days. Many are well trained, extremely professional, intelligent, always de-escalate situations if possible, and are unsung heroes in their communities Sadly, these days more and more carry because it's required by their employer and do the minimum amount of training and practice required, but otherwise have no genuine interest and are far from professional, and some I've seen are not even safe to allow to wander around armed anywhere, never mind out in public with innocent bystanders around.

Strat

Re: Sounds exactly like a pro-gun argument...

[Plumpaquatsch]

Must of the gun toting morons you refer to are already criminals. The rest, and the majority,

Spot the obvious mistake (no, the one besides the spelling mistake).

Re:Sounds exactly like a pro-gun argument...

[Plumpaquatsch]

And you don't understand that "innocent until proven guilty" means that the government has no right to initiate force against any of its citizens without evidence or probable cause. Owning a penis does not a rapist make. Owning a gun does not a murderer make.

But drawing a gun on a cop does make you a criminal. And gun nuts don't wait to draw their guns to shoot cops until they "come to take their guns". They just assume that the cops coming because he's drunk and waking up the whole neighbourhood with his noise are there to "come to take his guns". They aren't called "gun nuts" because they love their guns ...

Re:Sounds exactly like a pro-gun argument...

[Plumpaquatsch]

Not me? Come to think of it, wasn't the exportation of encryption restricted under munitions export rules? The government may have inadvertently defined it in a way that places it under the 2nd amendment.

What makes you think the 2nd covers exporting arms? "The right to be an international arms dealer"?

Re:Sounds exactly like a pro-gun argument...

[david_thornley]

I'm not arguing against people who are interested in putting the effort in to get CCW licenses. I'm not involved in that scene, but find your claims perfectly believable. I'm arguing against the idea that a handgun will make the typical person safer.

Re:Sounds exactly like a pro-gun argument...

[BlueStrat]

I'm not arguing against people who are interested in putting the effort in to get CCW licenses. I'm not involved in that scene, but find your claims perfectly believable. I'm arguing against the idea that a handgun will make the typical person safer.

You're still generalizing here. Again, the point is that your 'typical moron' who *should not* be carrying a gun is legally weeded out by the processes and tests administered by licensed professionals that a legal concealed firearm carrying individual that I just described must go through, and accompanied by extremely harsh criminal sentences and strong enforcement against those who violate gun laws. Well, with the exception of the US AG & ATF who is/are apparently above the law, along with many others of both Partys across many Branches and positions, but that's another topic.

As I suggested in my prior post, go tour a range or two where the required training/lessons take place and *talk* to some people. Don't just take other people's word for something that is both so very important to get right, but also so easy and likely even enjoyable to see exactly for yourself what the facts are in an afternoon?

Oh, and check the DoJ's/FBI's own crime statistics of CCW license holders compared to general averages and even by demographic group. Legal gun owning/carrying people are not where the majority of gun violence/death or crime in general comes from by any stretch of the imagination to any reasonable person looking at those numbers.

The vast majority of US gun crime and violence is gang/drug-related and mostly in the inner city areas of the major US cities. Interestingly, the vast majority of those cities seem to have been controlled by a single Party for multiple decades. Cities who see more plurality in political leadership seems to correlate to fewer problems for those cities across multiple sectors.

Strat

Re:Sounds exactly like a pro-gun argument...

[sabbede]

What? No. I'm saying that the way it was defined for the purposes of export control could be argued as having defined it in a way that protects access to it under the 2nd amendment.

Like this:

Exporting cryptography is prohibited under arms export rules.

Therefore, cryptography is an element of the category "arms"

The right to bear arms is protected by the 2nd amendment.

Therefore the right to encrypt is protected under the 2nd amendment.

Re:Sounds exactly like a pro-gun argument...

[david_thornley]

I'm generalizing? On what? You have described a rigorous process that produces people who are generally good carrying firearms. I'm not arguing against that. You and people like you are probably good to have around.

I'm saying that most people are not like that. The original claim was that firearms were the best defense, and I'm arguing that this is not true of everybody. Most people will find them useless in an attack. If you want to argue against me, forget about the relatively small segment of the population we're agreed on.

Re:Sounds exactly like a pro-gun argument...

[BlueStrat]

I'm saying that most people are not like that. The original claim was that firearms were the best defense, and I'm arguing that this is not true of everybody. Most people will find them useless in an attack. If you want to argue against me, forget about the relatively small segment of the population we're agreed on.

The only *other* people who carry a firearm *without* going through the rigorous process described are criminals. The instruction, training, and testing are not optional in order to legally carry.

You are arguing that "most people", who are a group of people who will never legally carry a firearm being unable/unwilling to go through and successfully complete the training/testing/background checks required, are not suited to carrying a firearm. We do not disagree.

However, that does not change the basic properties of a firearm. Firearms *are* the best defense. Sadly, not everyone is capable of responsibly carrying a firearm and will be unable/ineligible to legally carry one, and thus will be weeded out if they attempt to obtain the required licensing.

Brushing one's teeth is the best way to prevent cavities, regardless of whether or not some individuals are incapable of understanding how to do it properly or unwilling to do it regularly. Likewise, guns are the best defense, regardless of whether or not some people are incapable of successfully completing the required training, instruction, and testing in order to legally carry a gun.

So, what are we arguing about? The people you describe cannot become legal gun-carriers. It's a non-sequitur.

Strat

Re:Obama

Until a hacker reads him the content of his emails or online shopping basket, and then he will be like "Tell this Commi to stfu."

Re:Compared to guns...

[Blaskowicz]

I think guns should be strongly encrypted and acknowledge that I set the "do not shoot" bit on myself.

Bad guys will use it anyway

[SlovakWakko]

Anybody who stands to lose more by having their (illegal) activities uncovered compared to being penalized for using (banned) encryption will still use it, so only the good guys, who don't use it to cover up their criminal activity will stop using encryption. At the same time they will be more exposed to data and identity theft, blackmail and illegal snooping. This just shows how little actually the FBI cares about the safety of common, law-abiding citizens. They don't see their mission as protecting people from becoming victims in the first place, but rather as catching criminals after the fact. It's logical if pretty evil - the more crime there is in USA, the more money and power the FBI gets. But folks - which one of those is better for us? Prevention or prosecution?

Re:Bad guys will use it anyway

[bill_mcgonigle]

But folks - which one of those is better for us? Prevention or prosecution?

That's entirely the wrong question. The operant one is, "which one increases the power and wealth of the ruling class? (aka the politically-connected)".

The "bad guys" won't use strong encryption under the proposed regime. The FCC will force the ISP's to install filters that only allow packets through that are co-signed to the government (y'all wanted Net Neutrality right?). If you try to pass unsigned data it will be blocked and a SWAT team will show up at your house to put a semi-automatic rifle barrel in your face and toss you in a cage for a decade or more. Tunnelling that data will be made a crime and the NSA has the technology to detect it already. You MAY not speak privately from the government.

There is zero chance of countering this existential security threat while pretending that the ruling elite are interested in the benefit of the People. Security folks need to adult-up and face reality - we're past the point of this ending nicely; it's only a matter of which shit-sandwich we get to swallow at this point. Pixie dust and unicorn farts won't change that. Rand Paul won't be allowed to win the Presidency (but I repeat myself).

Surveillance or Security

[Kirth]

This is an exclusive OR. Choose only one.

"Either we build our communications infrastructure for surveillance, or we build it for security. Either everyone gets to spy, or no one gets to spy", as Bruce Schneier says.

Re:Surveillance or Security

[juanfgs]

> This is an exclusive OR. Choose only one.

HA! I get it

Re:Compared to guns...

[DMUTPeregrine]

Well, since encryption has been classified as a munition in some laws in the past, and in the Wassenaar agreement, one could argue a second amendment right to cryptography software.

Re:Sure encryption is important...

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

The logic behind encryption backdoors...

[Shadow+of+Eternity]

is the same is saying we should not allow people to lock their cars/houses because criminals might hide something behind a locked door.

Re:The logic behind encryption backdoors...

[Noah+Haders]

based on everything we've learned about nsa/gchq, including poisoning the RSA protocols, I think it's more accurate to say "nobody* can gain access to encrypted data".

There is no "right reason" for privacy.

In order to distinguish "right" and "wrong" reasons for privacy, you'd need to look into the communication. Which abolishes privacy.

The whole point of privacy is not to look into communication. In a way, not to let Schrödinger's cat out of the bag.

"None of your business" does not distinguish good and bad business. So I don't really like the pitch of Cook here:

Weakening encryption or taking it away harms good people who are using it for the right reason.

Because it will be immediately followed up by "so let's only weaken encryption and take it away from people who are using it for the wrong reason." And then we get an oversight committee which decides about which reasons are right and wrong, erring on the "safe" side.

Just wait...

[Viol8]

There'll be some tin foil hat wearing paranoid redneck along any minute to tell us why he needs his sub machine gun collection to fend off The Men In Black when they come for him after he's sent illegally encrypted kitten pictures to his boyfriend.

Re:Compared to guns...

[Tailhook]

strongly prefer

A government with the power to take one right can take the other. The strong preferences of groupthink assholes like you and Tim Cook will see both taken.

Re:Compared to guns...

[misexistentialist]

Guns are specifically regulated so that the people don't have weapons capable of resisting government mercenaries, so of course civilians wouldn't be allowed "military-grade" encryption

It's not like we make manufacturers of fire safes

[sabbede]

give skeleton keys to the government.

Cook's being gay influence his privacy stance?

[swb]

I'm sure I'll take a beating for this, but I wonder if Cook's being gay -- and not being completely "out" until relatively recently -- have some influence on this thinking about privacy?

If you think about it, someone who is gay and had been less than publicly out about it has had a period of their life where they were pretty intense about guarding their personal privacy, especially someone in a high profile corporate job where there are plenty of people inside and outside of the company who would want to take you down.

And not to say that his homosexuality is the only explanation, he's obviously intelligent and presents the case for privacy and encryption in principled, intellectual terms.

Sure, it doesn't explain everything. Straight CEOs also support encryption and not always because they have secret drug/hooker/mistress/etc issued to hide, too.

But it's also works as a counter-explanation, CEOs who may not have had a deep interest in their personal privacy may have less personal association with privacy and may fall for the trap of "I have nothing to hide" and "It only helps criminals" or other deferential logic where they see granting government access as reasonable.

Re:Cook's being gay influence his privacy stance?

[Noah+Haders]

I agree with you on this. If a biography ever comes out, I wonder if we'll learn that his passion for privacy comes from growing up gay in alabama in the 60's...

Re:Compared to guns...

[Drethon]

Guns are regulated by the government (ok, gun show regulation needs some work but otherwise...). We don't need gun regulation since we already have it, we need it to be effectively applied.

Weak encryption = no encryption

[sjbe]

The problem with weakening encryption is that weaknesses do not care who uses them and once discovered they cannot be corrected. And weaknesses WILL be discovered sooner or later. Probably sooner. There is no way to only let the "good guys" in while keeping the "bad guys" out. You cannot weaken encryption without making it completely useless in the process.

Sorry to see you modded troll there

[drinkypoo]

It's clear that the majority of elected officials are not there to help us, so it's sad to see you modded down for sharing facts. Your comment should be insightful or informative, not troll. Sadly, there are still those who think that government is there to help them when it's really a bipartisan effort to keep us in our place.

Re:Sorry to see you modded troll there

[Ravaldy]

Although I agree with the comment having been marked improperly by trolls, the statement that elected officials are not there to help us is too broad. Most elected officials get into politics to help people by enabling change. Unfortunately some lose their way and some are bound by promises made which end up casting a shadow over the work they accomplished.

I have met a few people over the years that invested their own money (to avoid ties) with the objective of getting into municipal politics. I know of at least one that made it and did great things for his community.

I'm sure that some elected officials aren't clean but there are many that are even if you don't agree with their view of the future for our society.

Re:Sorry to see you modded troll there

[drinkypoo]

Most elected officials get into politics to help people by enabling change. Unfortunately some lose their way and some are bound by promises made which end up casting a shadow over the work they accomplished.

And the higher you hope to go, the more corrupt you have to be, as a rule. Sometimes there are seeming promotions which lead to dead-ends, though, like how when they accidentally hire an intelligent cop they push him towards becoming a detective. Then he's not out on the street where he can make a positive difference in a bunch of people's lives.

I'm sure that some elected officials aren't clean but there are many that are even if you don't agree with their view of the future for our society.

If their view of the future is deliberately best for them, then it's by definition not clean.

Re:Sorry to see you modded troll there

[Ravaldy]

I won't be able to agree with you and that's ok, we are both entitled to our own opinion based since we have obviously had different experiences in our lives.

I live in Canada so things are possibly different. Fact is that no matter who you are, you answer to someone and what some may consider acceptable, others will consider appalling. It's often a matter of perspective right or wrong.

I tend to have faith in people. I believe in enabling people to do their best. If they fail they need to be accountable and willing to explain why they believe they failed followed by what they would do different next time.

Re:Sorry to see you modded troll there

[drinkypoo]

I tend to have faith in people. I believe in enabling people to do their best. If they fail they need to be accountable and willing to explain why they believe they failed followed by what they would do different next time.

Well, that's certainly not how it works here in the USA. How it works here is that an exec of a corporation channels some money to the federal government, which buys a position of some sort — not a senate seat, of course, you have to spend quite a bit to buy one of those, but being in charge of something that is beneficial to the corporation. They do a "horrible" job while there, benefiting their parent corporation of course, and then as soon as they either quit or get drummed out of office they go right back to work for the same corporation, sometimes literally in the same position.

I would be shocked and amazed if it didn't work the same way in Canada, but that wouldn't have any bearing on how politics works in the USA... and much of the world in fact.

Re:Sorry to see you modded troll there

[Ravaldy]

Many elected officials end up building their own business because nobody will hire them for their skillset. The fact is that many take a pay drop by choosing to go into government here in Canada. Our justice system is also very different which prevents people in power from getting away from the law. I'm not suggesting we are worlds apart but I believe there is less corruption caused by corporate greed.

In the USA many say a 3rd political party may never happen yet in Canada the smallest party is looking at possibly winning the next federal election.

Then I must be using mine wrong

[mpercy]

Here I thought a guns was designed to fire a bullet at the target the operator points it at. No gun I own has ever killed any animals or people despite firing thousands of rounds, because the only thing I point them at are inanimate (paper, steel) targets.

Re:Then I must be using mine wrong

[Creepy]

I use this argument a lot with anti-gun people. While I personally have actually shot animals with guns (rabbits at a farm that were out of control pests for 10 cents a kill), the vast majority of things I've shot are paper targets. I've also shot far more clay pigeons than rabbits (about 3 dozen to 2). I don't own any guns and don't plan to buy any soon, so I'm not some raging pistol shooting Yosemite Sam.

Incidentally, encryption was considered a munition until Clinton moved it (and increased the amount). Back then you could only export 40 bit encryption unless the code was published in a book and OCR scanned in (books were free speech), which is how PGP was exported.

Security is a process - not a tool

[sjbe]

Grandma (and the physically disabled, young women, etc) has a chance against a young, fit, male attacker if she has a gun.

Only if she has it out, loaded, safety off, is capable of pointing it in the right direction before the attack occurs and is aware of where the attack is coming from. It's an absurd hypothetical strawman that NEVER actually happens in the real world. Do you really want granny carrying a sidearm at all times given the extremely remote chance of her actually getting attacked outside of your imagination? Personally that's not a society I care to live in. Firearms have their time and place and I'm not remotely arguing against the 2nd amendment but they aren't what keeps crime in check. Guns are used FAR more often to facilitate crime than to prevent it. Real security comes from a properly structured civil society. Guns play a role but it should be a very minor one.

As one cop told me in a moment of frankness; "I ain't dodging gunfire for no $70k a year and a pension!"

The number of cops that EVER discharge their weapon intentionally in the line of duty is miniscule. It's significantly less than one percent. If your story is true then it shouldn't be surprising at all - almost all cops never have to "dodge gunfire" or shoot at a live person. However if he really wanted a safe job and a pension then he should have picked another line of work. There are easier and safer ways to make a decent living.

Police in the US have no legal obligation to protect citizens.

Police have a legal obligation to enforce the laws and guess what? The laws (usually) protect the citizens. (unless you are a minority - then you are apparently on your own judging by police response times) Countries with far stricter gun control laws somehow miraculously manage to have even better crime statistics than the US and FAR fewer deaths by firearm. Having a civil society isn't merely a result of everyone packing guns and having a Mexican standoff.

Police handle the paperwork. Citizens are the true "first responders".

What a bunch of delusional macho BS. When was the last time you actually saw someone grab a gun and go be a "first responder" to a crime? You haven't. The notion that you are going to protect society with a firearm isn't justified by the evidence. The evidence shows that the odds are FAR higher that the gun will be used in a suicide or result in an accident. I don't have a problem with people owning guns but let's not pretend that the citizenry are marching out to fight crime. If we get to that point I'm moving to someplace civilized.

Re:Security is a process - not a tool

[sjbe]

For all your "It never happens!" crap there are daily documented cases.

Show me the evidence. Cite me these "daily documented cases" of grandmothers and disabled people defending themselves with guns. Go ahead. I'll wait.

Re:Security is a process - not a tool

[BlueStrat]

For all your "It never happens!" crap there are daily documented cases.

Show me the evidence. Cite me these "daily documented cases" of grandmothers and disabled people defending themselves with guns. Go ahead. I'll wait.

Well, wouldn't want to keep "Your Snarky-ness' waiting. Here you go. Google supplies many, many, many more.

Intruder shot by 73-year-old: http://www.cbs46.com/story/263...

84-year-old Richmond woman shoots intruder: http://abc7news.com/archive/79...

82-year-old woman kills 2 teens who broke into her home: http://news.aazah.com/content/...

'Not Here': 53-year-old woman shoots intruder: http://dailycaller.com/2014/07...

Yeah, go ahead, take away Grandma's only effective defense. Humoring your hoplophobia is much more important than Grandma's life, after all, right?

I don't typically resort to name-calling, but in this case I must call it like I see it and point out that you, Sir, are a moron.

Strat

Re:Security is a process - not a tool

[rjh]

When was the last time you actually saw someone grab a gun and go be a "first responder" to a crime? You haven't.

You seem to believe this doesn't happen. It does. I know because I was the guy with a gun.

In August 1998 a young man was getting beaten to death in my apartment's parking lot. (Whether it was their intent to kill him, I don't know. What I do know is that beating someone with a tire iron is lethal force.) One of my neighbors called 911. I went out with a 12-gauge loaded with deer slug and suggested they leave him alone. They stopped beating him. When the deputy sheriff arrived a few minutes later this young man was in bad shape, but was still alive. He's alive because I had a shotgun.

In 2006 a younger friend of mine who had been the victim of a violent rape ten years before received word that her attacker was being released from prison. The prison psychologist contacted my friend to let her know this rapist was still obsessed with her. He had a three-day window between the time he was released and the time he registered his new domicile with a local county sheriff -- three days during which my friend was intensely vulnerable. The police said they'd send a car past her place twice each shift. That was no comfort at all. But when several of her (armed and trained) friends took shifts in her home with a shotgun, she was able to rest well. (And each day she woke up to a hearty plate of eggs, bacon, toast, and a cup of hot Jamaican Blue Mountain.)

A couple of years ago a friend of mine had to testify at a trial and was afraid to walk to the courthouse for fear the defendant's friends would waylay her. She shared her fears with me. I shrugged, holstered a Glock, and walked her to the courthouse. I didn't go inside (since that would've been a violation of the law), but I handed her off to a sheriff's deputy who took her the rest of the way to the courtroom. She felt safe the entire way.

You seem to believe guns are the problem. Guns are not the problem. Guns in the hands of the irresponsible, the untrained, and the immature... now there's a problem for you, an enormous one, and one I don't have a good answer for.

But a rifle, a shotgun, or a handgun, in the hands of a responsible, mature individual who's been trained in their use and the legal statutes pertaining to violence... we genuinely are the first responders the original poster talked about. And our business is violence *prevention*, not violence. Our presence deters violence. I like that, I like that a lot.

I've got no desire to shoot anyone. Killing is a messy, disgusting business and I recommend everyone avoid it. A gunshot will involve years of nightmares, torturous soul-searching, civil lawsuits, the deceased's friends and family wanting vengeance, and every other damned thing imaginable... and that's for a 100% justified kill. There is literally no upside in shooting someone.

But preventing bad things from happening to people? I have to say... that's kind of cool. I like that. A lot.

Re:Security is a process - not a tool

[david_thornley]

These are all examples of home intruders, meaning that the defender was probably not wearing a gun at the time. It's also a situation in which you can identify a person as a threat quite easily. (You can also make mistakes; I believe the Darwin Awards site has a case of a man shooting his penis off thinking it was an intruder.) You don't have any example of carrying a weapon in public being useful.

Also, you've got a few examples of gun owners successfully dealing with a home invasion. I can find a few examples of when having a gun in the home led to tragedy. To see how it balances out, we'd need a better statistical analysis.

Re:Security is a process - not a tool

[sl149q]

Its not that there are NO examples of civilians (even old ones) killing intruders with guns.

Its just that there are MORE examples of civilians (accidentally or otherwise) killing non-intruders with guns.

Re:Security is a process - not a tool

[BranMan]

As one old hand on /. to another - hats off to you sir if even half of what you said is accurate (and I have a suspicion it is). It was once called civic duty, but is sorely missing today.

Nothing gets peoples attention like the unmistakable "crunch-crunch!" of a shotgun being primed, I imagine. I have no guns myself, but I would still step out with whatever was at hand if a situation similar to the ones you describe above occurred.

It's refreshing to hear of someone with the same outlook. Bless you sir!

Re:Security is a process - not a tool

[rjh]

Well, in the interests of honesty I have to say the matter in '98 with the shotgun was a lot more of a chaotic mess than I made it out to be. Whenever the fecal matter strikes the rotating metal blade, there's always a whole lot more confusion than the neat after-action writeups indicate.

The incident involving the courthouse, I actually don't recall what I was carrying -- either a Glock or an FN FNP-9.

Beyond that, yes, it's factual. :)

I've never much trusted the language of patriotism or civic duty. Too often they get hijacked by scoundrels to justify their skulduggery. I like to think of it this way: I like my home, I like my neighborhood, I like my neighbors. That gives me a pretty good motivation to give a damn about them. That, to me, is all that civic virtue really is: giving a damn about the people around you.

I recommend it to everyone. Life's better if we give a damn about the people around us. :)

Re:Security is a process - not a tool

[Zondar]

"Its just that there are MORE examples of civilians (accidentally or otherwise) killing non-intruders with guns."

I'd love to see some evidence of this claim...

Re:Security is a process - not a tool

[Plumpaquatsch]

As one cop told me in a moment of frankness; "I ain't dodging gunfire for no $70k a year and a pension!"

The number of cops that EVER discharge their weapon intentionally in the line of duty is miniscule. It's significantly less than one percent.

So? According to this list at Wikipedia 45 police officers were killed by (non-accidental) gunfire last year in the US - most never got a chance to return fire. It does not mention how many were injured, nor how many weren't hit. Getting shot at as a police officer is an all too real possibility.

Of course, somebody willing to shoot a cop will not hesitate to shoot a granny carrying a gun. Or anyone else packing heat. So much for the claims of the GP. Not to mention cops getting caught in the cross-fire between criminals and people "just defending themselves" and shooting at anything that moves.

Oh, and cops don't just get shot by people with illegal guns: according to concealedcarrykillers.org at least 17 law enforcement officers were shot dead by owners of concealed carry permit since May 2007.

Re:Security is a process - not a tool

[imidan]

What a bunch of delusional macho BS. When was the last time you actually saw someone grab a gun and go be a "first responder" to a crime? You haven't.

There was an incident in my town a few years ago in which a guy shot some people and barricaded himself in a building. There was one citizen who took it upon himself to grab his gun and go be a "first responder" to this crime. The barricaded man shot him, and then it was up to the police to try to remove the would-be hero safely from the area in order to get him medical treatment.

So, anecdotal evidence that people do grab a gun and attempt first response, but it doesn't always go quite the way they imagined it would.

Vocally resisting

[sproketboy]

But not actually resisting.

It Already Happened

[JimSadler]

Some of you may have noticed that large banking chains insist upon very restricted use of characters in passwords. They also insist on short passwords that disallow password phrases. For example ASCi2 symbols are usually not allowed. Many keyboard symbols are also disallowed. All in all the major banks seem to insist upon fairly weak passwords. Since they, in theory, cover any losses made by hackers or crackers invading bank accounts I find their position really weird. Certainly it can not be so difficult to allow really strong passwords. What the heck is going on? The banks themselves use 2500 character passwords and there were experts claiming that they need to go to 5,000 character passwords for bank to bank transfers. Should customers be banned from using the same level of encryption?

Re:Compared to guns...

[rjh]

Speaking as someone who has purchased many firearms at gun shows: no commercial firearms dealer has ever sold me anything without requiring an ATF Form 4473, whatever the local equivalent state and/or municipal paperwork is, and a NICS check. No private individual has ever sold me anything without requiring a photo ID and a copy of my concealed carry permit, which guarantees that I'm not prohibited from purchasing arms.

The idea that gun shows are hotbeds of background check-free shopping is completely wrong. According to the FBI, few criminals obtain their firearms at gun shows. I suspect the reason is just simple pragmatism: there are too many cops at gun shows and too many civic-minded people who will tell the cops if they hear someone's looking for a no-paperwork sale. Then the cops get involved, ask who you are, run your ID, discover you've got a felony conviction, and *bam*, you're now under arrest.

If I was a criminal and I wanted to obtain a firearm, I'd do what the guy who stole my SIG P220 did. I left the shooting range, placed my range bag in my trunk, realized I'd left a box of ammunition inside, locked my vehicle, walked back inside, picked up the ammunition, walked outside, and discovered my hatchback's rear window had been shattered and some asshole was already fifty meters away running down the street with my range bag over my shoulder and a tire iron in his hand...

James Comey

[fredrated]

has become the most dangerous person in the world.

Why not just put it how they would understand?

[wardrich86]

If you lived in Compton, would you lock your front door, but keep the backdoor unlocked and windows open? If you open it, they will come.

Re:It's not like we make manufacturers of fire saf

[david_thornley]

The government has experts who can open a fire safe. It may not be cheap, but it can be done. As far as we can tell, there are no experts who can decrypt something encrypted in AES-128 or stronger without the key.

How to kill the US tech inudstry

[Mike+Van+Pelt]

The piece of this that hasn't gotten nearly enough attention is this: Requiring U.S. tech companies to put backdoors in encryption will make U.S. technology anathema in every other country on this planet. U.S. tech companies will lose virtually all of their non-US market immediately, and the rest of it as soon as alternatives become available. (Which they will; the demand will be huge.)

Re:How to kill the US tech inudstry

[drcesteffen]

Also, the US and foreign companies will move all of their high technology work overseas as it will be the only way to secure their trade secrets, proprietary information, and intellectual property that has not yet been patented. So, there will be no US technology companies. The bad guys don't have to destroy the United States if they can manipulate the US government into doing it for them.

Ugh

[kuzb]

Anyone at Apple trying to sound altruistic just looks like the pot calling the kettle black.

Re:Ugh

[kuzb]

Nope, but they should stop trying to look like the good guys. The number of human rights violations that plants they work with have racked up is amazing, and it's not getting better. They ship all the jobs overseas to china where they can abuse all their workers, and then sell the products for a 500% markup.

They constantly attempt to put on this air that they're working for the greater good, but it's bullshit. Apple is as evil as they come. They work for greater profit and nothing else.

Re:Compared to guns...

[Drethon]

Thanks for the info, I've only purchased one gun up to this point from a chain store so my actual gun show knowledge was all second hand. If you had an appropriate gun on hand when they guy stole yours it might be one of the few times I'd consider shooting someone in the back to be a service to the public... though law enforcement might disagree.

Re:It's not like we make manufacturers of fire saf

[sabbede]

I have a feeling the NSA can break pretty much anything, so long as they don't need their computers for anything else for a few days or weeks.

Re:It's not like we make manufacturers of fire saf

[david_thornley]

It is effectively impossible to brute-force a 128-bit key, and by that I mean you can't do it by using all the resources of the Solar System until the heat death of the Universe. Exponential growth works that way, and a 128-bit key is 2^64 times as hard to brute-force as a 64-bit key, which already requires significant horsepower.

There is a possibility that the NSA can break AES, but that seems unlikely given the Snowden revelations and the lack of success of academic cryptanalysts. They'll probably always be a few years behind the NSA, but the gap has narrowed significantly.

Re:It's not like we make manufacturers of fire saf

[sabbede]

I know, but they don't need to go with a pure brute force approach.

Re:It's not like we make manufacturers of fire saf

[david_thornley]

You're then claiming that the NSA knows how to break the ciphers, and I've seen no evidence of that. It's not in the Snowden revelations, and private crypto researchers seem to think it very unlikely.

Re:It's not like we make manufacturers of fire saf

[sabbede]

No, I'm saying there's more than one way to skin a cat. You can decipher a message much faster if you happen to know it ends with an email signature used for unencrypted messages as well. Or you can steal the keys and reduce the problem to guessing a password. For that you can create a custom rainbow table based on biographical data and get a huge head-start.

Re:It's not like we make manufacturers of fire saf

[david_thornley]

And I'm saying that people have thought of that.

If you know something of the message, you've got a known-plaintext attack, and those are studied. A good cipher is one where even being able to dictate the plaintext allows you to get the key.

Stealing the keys is possible sometimes, but not necessarily for earlier messages. It also requires a higher level of intrusion than just intercepting messages and trying to read them.

Given good password handling, which I hope a key manager would have, rainbow tables are simply not very useful. Salt defeats rainbow tables. Two bytes of salt increases the size of the necessary rainbow table by a factor of 65,536.

Re:It's not like we make manufacturers of fire saf

[sabbede]

Sure, given a good key manager, but what about a human? The practical impossibility of breaking modern cryptography goes out the window once you factor in human vulnerabilities. Why brute-force a key if you can trick somebody into giving you a head start?

Re:It's not like we make manufacturers of fire saf

[david_thornley]

Which doesn't require tying up computers for weeks or months.

Crypto isn't magic. If used properly, and not compromised by outside means, it's probably unbreakable, and I'd trust it to defy the NSA. Any successful attack would be by means of a keylogger, or research on somebody, or using a rubber hose, or something like that.