Justice Department To Be More Aggressive In Seeking Encrypted Data From Tech Companies

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. Deputy Attorney General Rod Rosenstein issued the warning in a speech in Annapolis, Md., saying that negotiating with technology companies hasn't worked. "Warrant-proof encryption is not just a law enforcement problem," Mr. Rosenstein said at a conference at the U.S. Naval Academy. "The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost." Mr. Rosenstein didn't say what precise steps the Justice Department or Trump administration would take. Measures could include seeking court orders to compel companies to cooperate or a push for legislation. A Justice Department official said no specific plans were in the works and Mr. Rosenstein's speech was intended to spur public awareness and discussion of the issue because companies "have no incentive to address this on their own."

Nothing but the Abuses

"Violent criminal organizations" are the last thing on their minds when making these arguments. They want to go after dissent, after whistleblowers. They want to stalk their exes, commit industrial espionage and blackmail. They want to track the best moments to rape and murder, or to be able to plant evidence without alibis making their so-called discoveries as obviously fake as they can be.

These powers would not and will never be used to make citizens or the country safer in any way, even if it could be used in this fashion. If there were any chance they could, they would never pursue them.

Re:Nothing but the Abuses

[knope]

^ 100% agree

Re:Nothing but the Abuses

Too bad we can't format and reinstall the federal government.

Re:Nothing but the Abuses

[spire3661]

We can, but the erase function is bloody expensive.

Re:Nothing but the Abuses

[fulldecent]

Not in Texas.

Re:Nothing but the Abuses

[Wrath0fb0b]

Man, you are totally degrading our argument against these measures with this ridiculous line of reasoning. Of course these measures are useful against violent criminal organizations and actual people that wish to do harm. It's really trivial to find examples of this (like the dead San Bernardino shooter) and, with the way you've constructed your argument, you lose when an example like that comes out.

What those of us that are serious concede is that there are plenty of times in which such a measure is legitimately useful, but nevertheless, the risk for abuse is far too great and that we understand that as a tradeoff we should forego the legitimate uses to protect against the abuse. This is no different than any other conception of civil liberties -- after all, we know for a fact that our system acquits guilty people for a variety of procedural and other reasons, and that some fraction of those people go on to violate more people's rights. But we accept that as the cost of defendants' protections. Similarly, we accept the concept of parole knowing that some (maybe low) fraction of parolees will commit crimes that violate people's rights. We don't insist that parole can't happen unless that fraction is identically zero.

So quit it with the conspiratorial nonsense of imagining that this is some kind of plot. It's not, and you're making us look like loonies.

What it is is that there are zealots for whatever cause that don't give a shit about our rights and believe that it's better to trample them in order to get the drugs/terrorist/mafia/whatever-bad-guy. And you know what, in a big way that's a lot fucking worse that someone actually wants to enact tyranny. These are guys that are delusional and think they are fighting the good fight.

Oddly enough, besides making us look like loonies, your arguments give them cover by asserting that it must be bad motivations that lead to tyranny. It's exactly the opposite -- it's the zealous pursuit of good motives that pave the way to hell.

Finally, and before I rant further, I want to quote the Supreme Court talking about the purpose of the Fourth Amendment:

The point of the Fourth Amendment which often is not grasped by zealous officers is not that it denies law enforcement the support of the usual inferences which reasonable men draw from evidence. Its protection consists in requiring that those inferences be drawn by a neutral and detached magistrate, instead of being judged by the officer engaged in the often competitive enterprise of ferreting out crime.

Any assumption that evidence sufficient to support a magistrate"s disinterested determination to issue a search warrant will justify the officers in making a search without a warrant would reduce the Amendment to a nullity, and leave the people"s homes secure only in the discretion of police officers. Crime, even in the privacy of one's own quarters, is, of course, of grave concern to society, and the law allows such crime to be reached on proper showing. The right of officers to thrust themselves into a home is also a grave concern, not only to the individual, but to a society which chooses to dwell in reasonable security and freedom from surveillance. When the right of privacy must reasonably yield to the right of search is, as a rule, to be decided by a judicial officer, not by a policeman or government enforcement agent.

Re:Nothing but the Abuses

The things the other Anonymous Coward listed are all things that law enforcement have been caught doing red-handed, with powers such as the technically-illegal wiretapping. Looking up one's current or previous significant others has been shown to be a common problem. Planting evidence -
  usually drugs - has been caught numerous times on camera. Whistleblower protections (including protection of their identities) have been razed. Justine Ruszczyk was killed by an LEO with complaints of sexual abuse against him when she phoned to signal a rape. Civil Assets Forfeiture quickly became armed burglary.

    All of these newfound powers such as stingray units have done little if anything to solve any crimes, and yet have been consistently abused for things entirely unrelated to their official functions.

Re:Nothing but the Abuses

[fustakrakich]

But you can! Every two years you can completely replace the house of representatives. But every two years that opportunity is squandered when 97% of them are reelected. So let's not blame the government for doing what it is asked.

Re:Nothing but the Abuses

[Wrath0fb0b]

I agree. These are all abuses that have happened. But that doesn't mean that the policies were put in place for the purpose of abuses rather than by zealous people after other ends.

I think civil forfeiture is awful, but even I have to concede it has been a very useful tool at defunding drug conspiracies (not that I even believe in the War on Drugs in the first place). And I can understand how a zealous drug warrior would see that tool and not give a shit about people standing in the way. I still believe that the potential for abuse greatly outweighs the benefit, but it's madness to say that it was invented for the purpose of abusing it.

So I have to argue against the zealot not because I think he is in a conspiracy to abuse our rights, but because he's after his own windmill and will burn us to the ground to get at it. If you still don't get that, I don't think I can help you.

Re:Nothing but the Abuses

[JohnFen]

Every two years you can completely replace the house of representatives.

I can? How come nobody told me I had that kind of power??

Re:Nothing but the Abuses

Civil Forfeiture could do the same thing but be a lot less prone to abuse if they modified with just 1 caveat. Force the government to actually convict you of violating a law first. Then they can seize your property.

Re: Nothing but the Abuses

Lol. You think Texans and their stupid gun fetish will stand a chance against a government with helicopters that have machine guns that can take them out from a mile away? Good luck

Re: Nothing but the Abuses

Of course we cheered Apple for stonewalling an investigation against actual terrorists while caving to Chinese demands for access to data.

Re:Nothing but the Abuses

[eaglesrule]

Case in point: the so called "USA Liberty Act"

The Orwellian names they give these things are such a shiboleth. Anyone want to bet that the final version of the bill will be more of a threat to liberty than to actually preserve it?

Re:Nothing but the Abuses

[JohnFen]

Agreed, but I'd add a second caveat to that: the law enforcement agency does not get to keep any portion of the forfeited property or proceeds.

Re:Nothing but the Abuses

Force the government to actually convict you ...

*Whoosh*. Why didn't the government do that the first time? Why doesn't the government do that now?

Concerning illegal drugs, criminals find ways to hide contraband and police find new ways to detect it. Some 15 years after the official declaration of the 'war on drugs', that wasn't happening: The criminals were winning.

The Reagan government, a firm believer in irresponsibility to the people, chose to help the police perform outright theft (civil forfeiture) and treat any criminal act as organized crime (RICO). Eventually, after repeated increasing of police powers and reduction of citizen's rights, those laws were turned against law-abiding citizens.

Re:Nothing but the Abuses

[Neuronwelder]

Kind of makes me wonder; why do encryption if it's going to be exposed?

Re:Nothing but the Abuses

[gweihir]

Citizens that feel safe may begin to think about those that presume to lead them and other things that are obviously off. On the other hand, citizens that are in fear will grant the "authorities" any and all rights if they just promise to protect them. Hence you are perfectly right: Nobody in power has the slightest interest to make citizens safer.

Re:Nothing but the Abuses

[king+neckbeard]

Your argument falls apart under the reality that we were able to track basically all the bad guys even BEFORE the 9/11 Patriot Act crap. So many of the major terrorist attacks had the person/people behind it on a list or something, but we conveniently did nothing until after the event.

The reality is that strict adherence to due process doesn't just protect the rights of citizens, it protects law enforcement and spies from information overload. Without those checks, we have more data than we can filter through, and are less capable of effectively keeping us safe.

Re: Nothing but the Abuses

Yeah, actually, I think an uprising could be incredibly difficult for the government. Guns aren't the only weapons that get built by revolutionaries in a war. Plus, not everyone in the military would be willing to kill Americans, and those armaments would end up in civilian hands too. So, yeah, an uprising would be incredibly difficult for the government.

Re:Nothing but the Abuses

[pnutjam]

Didn't you take civics? I know your trying to be funny, but many people don't pay attention.

Re:Nothing but the Abuses

[JohnFen]

Of course. Let me explain the joke: the poster was giving the same oversimplified retort we always hear. However, he said it in a way that implies that a single person can actually change anything by voting. That is not true.

Re:Nothing but the Abuses

The San Bernardino Shooter's phone was given to the police unlocked, but they let it lock, so they increased the issue.
That phone also was cracked and produced NO evidence. By the time the phone was obtained, he was dead and no helpful links were to be found because he had destroyed them. So your example of "a good example" is a bad one. In fact, the police ARE trying to do illegal things:
http://www.ny1.com/nyc/all-boroughs/criminal-justice/2017/04/3/activist-jose-lasalle-recording-nypd-officers-cheering-arrest.html

I get your point that sounding alarmist is bad, but the abuses of the government against Google clearly show they have no integrity nor limits.
https://arstechnica.com/tech-policy/2013/10/new-docs-show-nsa-taps-google-yahoo-data-center-links/

Two-way street

I wonder if they recognize the hypocrisy in this statement when numerous administrations also encrypt or destroy email archives prior to leaving office.

Re:Two-way street

I wonder if they recognize the hypocrisy in this statement when numerous administrations also encrypt or destroy email archives prior to leaving office.

The usual authoritarian attitude is "oh well when *I* do it, then that's COMPLETELY different. I know *I* am justified, it's all those other people who aren't".

In order to make an omelet...

[drunken_boxer777]

...you have to break a few eggs. A few lives lost every year due to "terrists" are a small price to pay for freedom.

I am willing to risk the ridiculously small chance that my family and I will die in a terrorist incident in order to preserve our freedoms, despite continued government attempts to erode them (Patriot Act, etc.). I'd like to think that anyone sufficiently educated in mathematics and history would logically come to a similar conclusion.

Re:In order to make an omelet...

[MitchDev]

The governments ARE the terrorists with their blatant disregard for the constitution and human rights

Re:In order to make an omelet...

A few lives lost every year due to "terrists"

If you think that's few, the terrists will kill more until you acquiesce to their demands. You can't win this negotiation.

Re:In order to make an omelet...

[evolutionary]

I'm with you on that, although as another points out, is it we who are becoming the terrorist (Particularly in Pakistan I believe). People have become too busy with their own lives to worry about others, and consequently their own lives are compromised in the process. The "enhancements" the government talks about hasn't made anyone any safer (didn't stop the LA incident or others before it), it just made us less able to have a voice. The only one made safer, is the government status quo. two parties who are basically two sides of the same coin, the same direction, where real change is difficult (I'll never say impossible but they are trying). Because we wanted a little extra safety at the cost (we were told it would cost only a little) of our (in my opinion) essential freedoms, we deserve and currently losing our freedoms and safety.

Re:In order to make an omelet...

The number is not important. But if our rights are eroded (which is illegal), then the terrorist won.

I could argue if we lock everybody in their homes at 7 PM every night, and not let them out until 7 AM then there would be a lot less crime, and nobody could refute that, but it goes way too far.

Life is not perfect, not without risks, and not without criminals.

Timothy McVey was a criminal that blew up an entire building, but at least it was an intended military target, and he did that as a retaliation of what the government did in Waco and Ruby Ridge and others.

The bomb killed lots of innocent people as well, but we can't deny that a government building is a military target. but how is that any different than Obama invading Libya or Syria without a declaration of war and no threat from them. Yet drones and cruise missiles killed lots of people that are not military targets.

It's an example that if our own government does not comply with law, that people can and will respond. I sympathize with those victims of Oklahoma City that had nothing to do with Waco or Ruby Ridge, but I have no sympathy for the loss of that building or any within it that may have been involved in those events. They CAUSED those chain of events.

Personally, I believe in peaceful intellectual solutions, but most of the population have a brain the size of a lemon, with a lemon size understanding of the world and they come up with a lemon sized solution.

Re:In order to make an omelet...

I've never understood these 'if our rights are eroded, then the terrorists have won' trope. Do you really think there are a group of mujahadeen somewhere sitting around a table in a mud hut plotting how to steal your rights from you?

Nothing justifies the murder of innocents, but generally I think what they're trying to accomplish is to get us to leave them the fuck alone. Taking away your right to privacy isn't something they give the remotest shit about and they sure wouldn't blow themselves up to accomplish it.

Re:In order to make an omelet...

[Opportunist]

Are we safer now from terrorists than we were 15 years ago? I keep hearing that there is this huge terror threat and when I look around Europe, I can't help but see things blow up every now and then.

So what purpose does it serve to eliminate more and more freedoms when there is exactly ZERO gain to show for it?

Re:In order to make an omelet...

Nothing justifies the murder of innocents, but generally I think what they're trying to accomplish is to get us to leave them the fuck alone.

You ignore their actions in favor of an answer you find easier to taste.
The hostile agents did not spring into existence after "western" meddling, they had been murdering their neighbors for centuries.

Initially, Mohamed hunted down and murdered polytheists who saw their few cities as holdouts against the encroachment of Christianity and had become very violent toward any faith other than Jupiter and family. With the wealth of those cities, he and the first few generations of his followers hired Jews, Christians, and Zoroastrians to build great buildings to the glory of the One God.
For some centuries, the four beliefs got along well enough, theological arguments and conflict between individuals, but no mass hostility.
Then something changed, a Muslim sect decided on a different, more hostile interpretation of the Quran, and started a path of violence against anyone who disagreed. They targeted Christians, they targeted Jews, they targeted Zoroastrians, they targeted Muslims who didn't want to kill their lifelong friends and neighbors.
That's the current enemy. The part that many do not want to admit is that they had already gotten to most of traditional "moderate" populations, and many of those that remain are cautious about condemning the violence because they might have a jihadi infiltrator waiting for a reason to kill them.

Ceasing involvement in the Middle-East might show the lie of some of their propaganda, but it won't stop anything.

Re:In order to make an omelet...

[torkus]

Agreed.

I also wish the same would be applied more broadly to other industries. Like the TSA...but too many companies have too much interest in selling you $4 bottles of water in the airport and The Next Thing in naked-scanning machines.

It's the same logic that drives people to buy the protection plans for their cell phones. Overall, it's better to save that money and put it towards repair/replacement...but people like the "protection" and anyone can point out "BUT OMG MY FRIEND BROKE THEIR PHONE THE FIRST DAY THEY HAD IT" as a (irrelevant) counterpoint.

A few people are going to get hurt no matter what happens. Instead of taking ridiculous measures to "prevent" that, society should look at actually taking care of it's members. And as for all the claims about the US and murder rates and all...completely ignore the countries in perpetual states of civil 'war' ... where people routinely murder each other but the stats are conveniently ignoble since it's 'war'

Re:In order to make an omelet...

You can't win this negotiation.

Neither can they.

That conflict is one where the public has no reason to surrender, and yet also, has no chance whatsoever of winning, unless the people persuade the terrorists to surrender. But if you do surrender, you get nothing. The murders will continue anyway.

So why give up?

Re:In order to make an omelet...

"He who would spam slashdot with amazon affiliate links deserves neither liberty, nor security."

Creimer, where's your amazon link spam?

Re:In order to make an omelet...

Another butthurt AC still fixated on creimer. Sad.

CAP: snorts

Re:In order to make an omelet...

[bluefoxlucid]

They'd much rather the 4th Amendment and the 5th go away, of course. Yes, encryption is a legitimate hurdle for law enforcement--and no, you can't ban it, because it's always out there, and the bad guys will just get smarter.

They talk about terrorist organizations like they're a bunch of idiots living in some backwater shithole without running power, yet they're using WhatsApp encryption and so are bullet-proof and so encryption must go. When WA goes, the terrorists will get a technology group together to identify practices for using strong encryption technology which exists and build their own network.

Frigging Al Qaeda has its own phone support desk; they're an organization and they've got a respectable capacity for actually operating themselves. The only problem is their organizational goal is asinine and we need to tear them down--too bad long-lived terrorist organizations get to be long-lived by being good at what they do.

You pull the plug on encryption, you're only pulling it out of the hands of the common man; the terrorists, the crime networks, the people you can't find and can't identify, they all keep the nasty little tools that keep you from finding them. They also get to hack things and see people's stuff, and use that to expand the reach of their organizations--identity theft or even just profiling someone and hitting all their buttons to change their ideals and recruit them as a new terrorist.

Do you want to give the terrorists more power?

Re:In order to make an omelet...

You're 0.0000000000000007813562134725% of the population of your country. The rest choose to remain uneducated (sic) as thats what the 1% want. A healthy and educated citizenry would long ago have prevented your loss of freedoms by actually being involved in your countries civic duties. They would have also curbed the greed of corporations since that undermines the power of the citizens to direct their own destinies. Greed is great. Make Greed Great Again.

Re:In order to make an omelet...

Another butthurt creimer still fixated on "winning" on Slashdot. Sad.

CAP: fatty-fatty-bo-batty-banana-fanna-fo-fatty-me-my-mo-matty...creimer!

Re: In order to make an omelet...

We've already won.

Re:In order to make an omelet...

[torkus]

Because the "DO SOMETHING" movement of the ~2000's brought on lots of changes. Politicians couldn't just stand by and do nothing when Bad Things happened so they called their buddies and figured out ways to make money off not fixing anything.

And of course there's plenty of examples how Doing Something actually made things worse. 'Protecting our freedom' usually translates directly into impinging upon it in the form of invasive and pervasive searches, warrant-less phone tracking and recording, restricting speech and demonstrations, and a whole plethora of laws chipping away at what otherwise are supposed to be our guaranteed rights.

I mean...you're talking about a country that can't even provide universal healthcare ... so instead passes laws *requiring* it. This, of course, instead of addressing the actual problem which is the COST of said healthcare. So much for freedom.

Re:In order to make an omelet...

[JohnFen]

A few lives lost every year due to "terrists" are a small price to pay for freedom.

Agreed.

Although I put it a little differently: I'd rather live in a free but dangerous world than in an unfree but safe world.

(Not that I really think that's the choice)

Re:In order to make an omelet...

[gweihir]

I am fully with you. Especially as I am far more likely to die cleaning my windows or crossing the road to go shopping, than by a terrorist. The price to pay here is really, really small and history has countless really awful examples what always happens when governments are not tightly kept under control.

Re:In order to make an omelet...

[gweihir]

Funny thing is that the original meaning of "Terrorism" is the rule of a government by fear.

Re:In order to make an omelet...

[gweihir]

It basically went from "totally irrelevant as a personal risk" to "totally irrelevant as a personal risk". The purpose of eliminating freedoms is not to fight terrorism. That is just the pretext (i.e. propaganda-lie). The purpose of eliminating freedoms is tighter control over the population.

Even a cursory look throughout history shows that this is always what those in power are after and that is why they must be carefully watched and reminded whom they serve from time to time. Democracy was supposed to establish that control, but, not least due to media Gleichschaltung (by concentration in the hands of a small number of owners) and the media spreading fear at every opportunity, democracy has been thoroughly corrupted. The US is effectively already a (still relatively benign) police-state. The long-term perspective is full totalitarianism, usually in the form of fascism.

Re:In order to make an omelet...

[gweihir]

To be fair, if you are fully on-board with the oppressors, live in a totalitarian regime can be pretty safe. Of course, you need to sell your soul.

Re:In order to make an omelet...

[pnutjam]

I blame doomsday evangelicals, they should be rooted out.

Re:In order to make an omelet...

[JohnFen]

This is true -- but it also means that you are unfree.

Lives "may" be lost...

[LS1+Brains]

This is the same pile of bovine excrement used in any attempt to destroy, um I mean "regulate" freedoms. They "may" have a slim shred of justification if there was concrete and irrefutable evidence of the imminent commission of a homicide, but we all know better.

Re:Lives "may" be lost...

Note they do not specify to *whom*. It's no warning of "evil unknown third parties". If they are not given everything they want people are going to die.

They are quite literally making terrorist threats.

BS

[MitchDev]

""Warrant-proof encryption is not just a law enforcement problem,"" It's actually a natural right for all human beings, so stop trying to violate it.

Re:BS

It's also nothing new. Our forefathers would have been well aware of the concept of encoding a message such that only the intended recipient could understand it. You think the British knew at the time what 1 light vs 2 meant?

Re:BS

[fustakrakich]

You think the British knew at the time what 1 light vs 2 meant?

To the Brits any flashing light would be suspicious, and that's part of the problem. Transmission of a signal can be very revealing. Not only is encryption necessary, so is cloaking.

Public safety is not opposite to privacy

Secure encryption increases public safety. If the government can't break into everybodies data criminals can't either.

Re:Public safety is not opposite to privacy

government==criminals

Re:Public safety is not opposite to privacy

That's right, and the criminals will encrypt it no matter what so any "law" restricting it is completely invalid and I will not comply.

Re:Public safety is not opposite to privacy

[Sloppy]

That's true but I think it's a stupid argument to make, and you should stop doing it.

You need stupid peoples' support, and there are a lot of people (i.e. voters) who are pretty sure that their government is the one and only force for good in society. It doesn't matter if they're wrong; they are going to use their power to set policy based on that belief.

The right way to approach them is to explain -- no, remind them of -- two things that they won't religiously disagree with:

1) Your government is not the only government. Maybe you have extreme unjustifiable faith in your government, but you don't have faith in that other goverment over there.

2) There exist competent criminals who are not part of any government (neither your own, nor another).

These are both common sense truths that aren't controversial, yet all proposals to weaken computer security are based on the idea of ignoring both of them. When you encounter a fascist, don't tell them they are propping up their government at the peoples' expense, because they don't care. Just remind them that they are propping up other governments, and criminals, at their own government's and peoples' expense.

There simply isn't any domestic agenda, not even zealous crime-prevention, where it makes any sense to weaken computer security. Even your political opponents, for all their flaws, can be made to see the ways that the strategy is utterly stupid and works against whatever they're trying to do. Every time they draw their gun, laugh at how once again they managed to aim it right at their own head.

If you're against computer security, then you're anti-American. Because America uses computers.

Re:Public safety is not opposite to privacy

....and the criminals will encrypt it no matter what so any "law" restricting it is completely invalid and I will not comply.

Found the criminal!

He who sacrifices...

[pr0t0]

When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost.

Lives may be lost, but liberty will be preserved.

Let's put the cards on the table, shall we? This has little or nothing to do with saving lives, and everything about garnering power through the acquisition of data...lots and lots of data. While those who seek this power wouldn't word it quite this way, it's about a nation subjugating its citizenry.

Next step, aerosolized chemical agents to keep people calm and docile. You want Reavers? Cause that's how you get Reavers.

Re:He who sacrifices...

[pr0fessor]

More than liberty, because weakening encryption doesn't just allow warrants to get data it also leaves an opening for those criminal organizations they are so worried about.

You can't secure a house by leaving the back door unlocked and law enforcement should know that. I think it would do more damage when exploited than any good they might intend.

Re: He who sacrifices...

You also can't secure luggage with "TSA friendly" useless locks. Their bypass keys of course were compromised almost from minute 1. There is no such thing as a lock that only good guys can open (not that the Justice Dept is the good guys of course). If there were, we wouldn't have a crime problem.

Warrants guarantee the ability to search. They do not guarantee success while doing so. It's time the crybabies in law enforcement figure that out and start engaging in actual (hard) police work. Getting rid of dumbass drug and "money laundering" bullshit laws wouldn't hurt either, as would a tax code that didn't require spying on people's private lives to enforce. Then the feds would not be so overburdened. Of course, they'd also have a harder time just tossing people they don't like in jail over made up "crimes", but sometimes you gotta break a few eggs, right?

Re:He who sacrifices...

[messymerry]

Tanks for the Firefly reference. UDABES! Clearly /. understands what is happening as we move into dystopia, butt the hoi polloi just keep their noses to the grindstone and do their wage slave, tax mule bit as if everything is just fine and dandy. The only way out is through, so gird yourselves and get away from urbanity iff you can...

Re:He who sacrifices...

News flash: Liberty is long gone, you're living in a corporate plutocracy/oligopoly. You're free to fight over a shrinking number of low-wage jobs or be homeless. (Unless you're in a decreasing minority in the population).

Re: He who sacrifices...

To follow up on your lock comment any lock devised would be reverse engineered by criminal organizations. They buy ATMs and slot machines to figure out how they can be compromised. Even a $100 lock would be trivial for an organization of any size to figure out and make master keys for.

Drug cartels setup and maintain their own cellular networks for secure communication. Any organization willing to pay millions of dollars annually to protect their communications would surely be using unbreakable encryption. Is this law going to ban math? There is no way to stop bad people from using encryption, only the good guys will abide by that law.

Re:He who sacrifices...

[torkus]

Forget the back door...the government has quite literally millions of people walking through 1000's upon 1000's of doors.

The CIA can't keep their own hacking tools away from hackers.

The military can't keep it's secret and illegal wiretapping, etc. out of the limelight.

The police can't keep quiet about illegally tracking cell phones.

An (private!!!) agency allowed to actively collect and track PII for the entire country (and several others) without the direct consent of any individual couldn't prevent their entire records database from being copied and published...

And so on... Does anyone really think "the government" will be able to somehow keep their (required, pervasive, and permanent) encryption back-door safe somehow? Now, if it was only used in the utmost dire situations on presidential order (i.e. nuclear football) then maybe so. But if anyone thinks this would quickly become a rubber-stamp-approval for any LEO, anywhere, any time they want to access something...they're idiots.

Re: He who sacrifices...

[JohnFen]

would surely be using unbreakable encryption.

Since this a bit of a pet peeve of mine, I can't help but comment on this bit:

Outside of one-time pads, there is no unbreakable encryption. There's just encryption that's very hard to break.

Re:He who sacrifices...

[pr0fessor]

When ever there is an opportunity for profit someone will find a way leaving them an easy in is going to do more damage than any supposed good and very possibly any abuse of power. $16 billion to identity theft in the US alone last year they need to be finding ways to make encryption more secure.

Re: He who sacrifices...

[david_thornley]

How about encryption that is almost certainly unbreakable except by brute force, which will take more resources than the Solar System has in toto? There are only two ways to defeat a 256-bit key: find a crack for the cipher or get a Kardashev Type III civilization to help out.

There is no clash between privacy & public saf

....the stage for another round of clashes in the tug of war between privacy and public safety.

No, there is a clash between privacy and dragnet operations by lazy and corrupt law enforcement.

They collect all this data for our "security" and yet, some cranky old guy gets 23 guns and shoots up Las Vegas under their noses. Or two punk ass kids blow up a Boston marathon.

If you have to rely on personal data in order to get the person under investigation to basically incriminate themselves, then there is something horribly lacking in their investigation. You would have to be one brilliant criminal mastermind to have the only evidence against you be on your electronic device - actually an idiot savant - brilliant enough not to have any way of proving your crimes but stupid enough to keep a record on your personal device.

Plea to emotion

[cryptizard]

It bothers me how his argument is almost entirely a plea to emotion. It might as well be, "think about the children." Even if he is correct, that some violent criminals are getting away with crimes because we can't prosecute due to strong encryption, how many of those incidents are we willing to pay for more secure devices? It pains me to say it, but if we had to trade 10 murders for a few billion dollars of economic damage due to preventable cyber crime, I think there are very few people who would choose the second option. We know human lives have a price in this country or else we would have universal health care by now...

Another aggravating point in his speech is that he says, "we [the DoJ] are in the business of preventing crime and saving lives." That is not true. He is in the business of prosecuting crime and getting convictions. There are actually very few incentives for him to reduce crime. If removing encryption let him convict more criminals, and then had the side-effect of increasing cyber crime, leading to more criminal convictions, that is a win/win for him.

Re:Plea to emotion

but if we had to trade 10 murders for a few billion dollars of economic damage due to preventable cyber crime, I think there are very few people who would choose the second option

Unfortunately, this is where you are wrong.

We lost ~5000 lives on 9-11-2001 and we have spent trillions so far trying to fight a war against the idea of "TERRORISM". An undefined enemy that hides in plain sight.

RESPONSE

We are very tired of government agencies stepping over their bounds. They all need taken behind the woodshed for a good spanking.

If they ever contact my organization, they better have a very specific warrant issued by a TRUE judge seated on a TRUE court.

Any of this "secret court" nonsense will not be tolerated, and will be published without regard.

As for the Injustice department, for years they have strong armed lots of people, and I don't see anything in our constitution indicating they have any legal authority to even exist. Especially the Attorney General. Can anybody point out where in our Constitution it says that some super authority exist with a position called the "Attorney General"?

Until I see that evidence, they can kiss my ass.

Re:RESPONSE

Tough words are easy

Re:RESPONSE

The pen is mightier than the sword. Dare we to write against the injustices of the world so that a few among the timid spirits may stand and do mightier things.

Re:RESPONSE

[JohnFen]

I applaud your sentiment. If you are ever really in that position, though, you'll be going to jail.

Are you ready and willing to do that?

Re:RESPONSE

[david_thornley]

The FISA court is composed of real judges. Its warrants will be backed by police, and if you defy one (as opposed to contest it in court, and you probably won't win) you will be prosecuted.

The Constitution implicitly says that there can be departments in the executive branch, since the President is Constitutionally able to get written answers from the heads of the departments. Most of the President's power is derived from laws Congress passes, and Congress established a Department of Justice to help enforce the law, all according to the Constitution.

CMA

Wooty toot booty dem Feds spank bareazz dat bad-boi business ? You think? Betcha not ! Sounds like a Fed-flam cover story for pliant companies already flipping data to blue-bellies gumshooz. Or have Brin/Cook/Zook grown-a-pair? hahaha eh pad're !

Dear .gov,

93110 54424 89361 94864 52582
25835 16431 00678 94687 69838
58779 38406 24245 92889 70818
74466 32766 40828 28388 73696
08061 15272 85290 00289 97158
14950 62812 53875 11013 30839
60002 28422 96574 87300 02264
19787 89438 06869 25679 79615
32801 11894 87804 12303 82093
10455 33616 46729 17516 05458

Re:Dear .gov,

[Opportunist]

You take that back, my mother was a saint!

Re:Dear .gov,

Dear pleb,

We demand that you decipher that. If you refuse, there will be consequences. Also, if we don't believe that the message you give us is the deciphered version of the above, there will be consequences. So no matter what, you're fucked.

-.gov

And so it begins...

[evolutionary]

China, Russia, the UK and now the USA. Our constitution, even the pretence of it, as the US is increasingly not a government for the people or even by the people, but over the people regardless of what it believes. At least Russia and China are straightforward about it. We claim to be difference yet we push ourselves further and further towards the very people we openly condemn. Japan and France are starting to look pretty good right now. Canada is okay, for the moment, but given it's proximity and trying to retain it's "buddy, buddy" status with the USA, it may well go the same route or at least route data to the USA ever so quietly violating not only privacy, but it's own sovereignty. So when is the public going to say "enough". Even Snowden's sacrifice (and others before him) to show us what is going on so we can act, seems to have barely made people aware, and then they go back to "business as usual", save for the few exceptional people, who will be targets for questions the direction of the "status quo". Curse the Bush family for starting it, and curse those after them who kept expanding it. (And that includes Obama I'm sorry to say).

Re:And so it begins...

I have already said enough. I will not comply with any so called order or "law" that is not constitutional including the Patriot Act, Obamacare, or FISA courts or gun control, etc.

problem is, those in positions that are supposed to take action against those violating their oath, aren't doing their jobs.

Law Enforcement Backdoors

[Jason+Levine]

It sounds like they want encryption with a backdoor for law enforcement to get into with a warrant. Even putting aside the abuse of power that would happen (e.g. government getting a rubber stamped warrant to look at someone's phone because they don't like his political views), this is worrying. There is no such thing as "a backdoor only for law enforcement." If you make a backdoor, hackers and other governments WILL find it and WILL exploit it. Unlike a normal vulnerability, which can be patched when found, if this backdoor gets out it won't be able to be patched. The government agencies will demand that it remains open for them even while other entities abuse it.

"Law enforcement only" backdoors will just make security much weaker for everyone while not really improving much in the way of security on the law enforcement side.

Re:Law Enforcement Backdoors

If they mandate encryption be weakened in this way, everyone will simply use over-the-top encryption after the mandate-afflicted layer. (Yes, I mean "afflicted".)

Re:Law Enforcement Backdoors

[c]

"Law enforcement only" backdoors will just make security much weaker for everyone...

To be honest, that's starting to look like a spectacularly good idea.

Er... you do mean backdoors only on law enforcement communications, right?

Re:Law Enforcement Backdoors

[Opportunist]

Not only that, but it is a high profile target. The holy grail of crypto cracking. We're not talking about some hacker in Generistan wanting this, we're talking about governments wanting this. Anyone who has access to such a key is a target. For governments. From Iran to North Korea.

How long until one of them hears "You want to give me the key, because you do love your kids!"

We're talking about actors who have no problem snuffing out thousands of their own population, you think they'd have a problem holding your newborn baby over a meat grinder with you having a minute to cough up the key or else?

Re:Law Enforcement Backdoors

[argumentsockpuppet]

My initial reaction is also one of outrage and frustration. I started to formulate a response to express that when I realized that most of the other commenters would be doing the same.

(Does it need to be said? Does it need be said now? Does it need to be said by me?) I answered "no" to the last one.

Having read through the comments, it appears to me that there are zero supporters of mandating government access to encrypted files. I haven't seen anything new added to the discussion either, which makes this whole comment section less useful than a poll. Lets change that. You're a writer, an effective communicator, someone who can think through alternate possibilities. I'd like you to tell me why giving government access to encrypted files, with a warrant, is bad IF it doesn't involve a back door. (I've written about this before. You'll read my arguments against access there but I'm looking for new and better ones.)

Justice is important to our society and we should be outraged when it isn't served. Sometimes that means that it is necessary to invade the security or privacy of someone who has committed a criminal act. That's what warrants are for. Abuses can happen, and we should be outraged when they do, but addressing those abuses when they happen is the correct response. It isn't good for society to instead decide to prevent law enforcement from being able to do their jobs.

Re:Law Enforcement Backdoors

[cryptizard]

The DAG is not asking for a universal back door, he wants something more like key escrow. Apple will keep a copy of every user's key which can be used by Apple to decrypt data if they are served with a warrant. Alternatively, they could have a separate "master key" for each device that unlocks the secure enclave and decrypts the phone. These keys could be set at manufacture and stored in an air-gapped vault or something.

There are ways to do this that don't introduce a lot of risk of accidental discovery or leaking. This is proven by the fact that Apple already has a master key that opens every iPhone, in the form of their root signing key, and it has never leaked. I am more worried about the precedent this would set. Even if you trust the US justice system (which lots of people don't), once we have this system set up in the US then China, Russian, etc. will ask for the same thing. That is not power that we want them to have. We should set an example for the world of absolutely secure devices that not the manufacturer, government, anyone can get into.

Re:Law Enforcement Backdoors

Apple takes too long to respond with requests for keys, SOMEBODIES GONNA DIE!!!! We need them.

Re:Law Enforcement Backdoors

[JohnFen]

The DAG is not asking for a universal back door, he wants something more like key escrow.

Which is equally problematic.

Alternatively, they could have a separate "master key" for each device that unlocks the secure enclave and decrypts the phone.

Which is a backdoor.

Re:Law Enforcement Backdoors

[argumentsockpuppet]

Somebody who gets it.

Lets go down a slightly different rabbit hole. Maybe what we've been told isn't true. Maybe Apple hasn't kept the private signing key secret from our government. Before I expound on that, I want to point out that Apple's key doesn't decrypt the data on the phone. Apple's key signs the software that the phone automatically downloads which is used to prompt for a password and use that password to decrypt the actual key which is in turn used to decrypt the actual data. This means that Apple's key could be used to create software which would allow a computer to run brute force guesses until it successfully gets the decryption key. It doesn't need to be that way. The phone doesn't need to automatically download software updates without first requiring a password. Why does it do that?

Is there any reason to believe that Apple hasn't been forced by a secret order to use a method which is intentionally corruptible? It doesn't have to mean that Apple has already been forced to provide a copy of it's private key to the NSA. But it could. It could mean that the NSA has software ready to load on any phone that they decide needs accessed. Software that appears identical to what was previously on the phone but now records the password for retrieval. Software that records keystrokes or passes screenshots to NSA servers. That'd be handy wouldn't it? Is there any reason to believe it hasn't been done?

Re:Law Enforcement Backdoors

[Jason+Levine]

And any hacker who stumbles across it could get very rich by selling it to some state agency. Granted, they might have to hope said agency doesn't pay them and then have them "disappear", but it's not like these people operate completely within the law to begin with.

Re:Law Enforcement Backdoors

[Jason+Levine]

Going back to the pre-computer days, you'd get a warrant, raid the person's place of business, and seize their paper files. Those would give you the information you needed to convict. They could "encrypt" the paper files using code words and the like, but that could be broken pretty easily.

The government is trying to tie this model to computer searches. Most times, it will work. You raid someone's home/office, seize the computers, and sift through them for evidence. Without encryption, this can still work. The government gets the evidence it needs to put criminals behind bars.

Enter encryption.

With encryption, only the person who encrypted the files can know what they are. If Google encrypts the files, Google might be able to decrypt them, but what if Google structures their service such that the user is the one who encrypts them? This means that Google physically can't decrypt the files. The government can order, beg, and plead all they want, but Google would be unable to do anything. The government would need to get the user to decrypt his own files - which could be seen as self-incrimination and thus get the evidence tossed out in court. Plus, this means the government needs to deal with each user in an effort to get the files decrypted instead of dealing with one company, e.g. Google.

The solution for the government is a backdoor that only they can access. They want to push this so that, with a warrant, they can just decrypt all the files they need without needing to deal with dozens of users. This is good for the government, but bad for everyone else. A backdoor, no matter how well designed, would be a point where anyone could break in. This could include random hackers as well as other government agents. And this doesn't just target criminals. Law abiding citizens trying to keep their communications private could find themselves compromised because Country X's security agencies cracked the backdoor code.

Even if you accept that encryption would have backdoors, you can't simply ban encryption without backdoors. Open source code for strong, no-backdoor encryption already exists and is freely available. Even if you wiped it out from all US-based servers, it would be available on servers in other countries. Law abiding citizens might use the government-approved weaker encryption, but criminals could use the existing strong encryption. After all, what's another crime on top of the other ones they are committing? This would mean that law abiding users would be compromised while the criminals would be secure, leaving the government still unable to view their files.

The only solution to this is to accept that there might be some things that the government wouldn't be able to see (for better or worse). This might hinder some investigations, but there are a lot of restrictions on police that hinder them in the name of protecting innocent civilians.

Re:Law Enforcement Backdoors

[AHuxley]

Govs want what they had for
SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05

Re:Law Enforcement Backdoors

[argumentsockpuppet]

I think you didn't read the link: The Golden Key Fallacy, because what you argue first is exactly the fallacy I pointed out there. You go on to make the same argument I made immediately below that link: It Wouldn't Accomplish the Goal, namely that encryption exists independently of whatever rules or laws might be made. It looks like you're ignoring the issues I was trying to raise for discussion.

So, first off, it is possible to keep a key secure. Apple has such a key and they've apparently kept it secure (paranoid speculation aside.) To make it absolutely clear, Apple has the ability to make breaking encryption trivial any time they decide to, whether by creating the software update that would do it themselves or by providing that key to someone in law enforcement. You can call that a backdoor or not, but the result is the same: Anytime Apple decides to, they can break your encryption or allow law enforcement to do the same. The only thing that keeps that from happening is Apple's desire to market privacy. (The same goes for Google, Samsung, HTC, LG, etc.)

The bigger issues are that most people don't care and most criminals don't plan that well. You and I, even most /. readers, understand what encryption is and why protecting it is important. Great. If you ask ten people on the street whether law enforcement should be able to access encrypted data with a warrant, you'll get at least nine people saying they should. The only thing preventing it from happening is that the ten percent who do understand the issue are vocal and have math on their side. If Congress decides they need to be "tough on crime" in order to get re-elected, then you can expect laws mandating phone manufacturers have a way to provide access to encrypted data. Then there is the biggest and most dangerous issue. It will work.

The first six months of government mandated decrypt capability will result in hundreds of criminals being successfully prosecuted. Every one of those will be a headline that trumpets the success of the laws. Public opinion will strongly support it. It won't catch smart criminals, but those are rare and won't make headlines when the laws fail. Government will strengthen its hold on the ability to spy on its citizens at will.

To quote my website, since most people won't read it:
 

When lawmakers consult sympathetic technology and security experts, guess what they'll hear:

* Golden keys are already in place to secure phones
* Golden keys aren't necessary to accomplish the goal

The golden key fallacy hurts our case. Stop using it. We need better arguments. Help me find them.

Re:Law Enforcement Backdoors

[pnutjam]

Encryption is a race, mandating back doors will not do anything except speed that race up. Anything with a backdoor will be shunned as soon as it's used, and anyone who relies on backdoors will be too far behind in the race to deal with the advanced encryption that's coming.
It's better to lose some now and stay lean, then to get fat and happy and lose everything later.

Re:Law Enforcement Backdoors

[pnutjam]

never leaked that we know of...
The people who collect such things don't advertise it. It's like the Pre-Columbian Americas. The ones in the know just want to make money.

Re:Law Enforcement Backdoors

[argumentsockpuppet]

Encryption as a race is a good argument. It's weakness is the ignorance of the the general population. You say that anything with a backdoor will be shunned. I counter: Bitlocker.

Re:Law Enforcement Backdoors

[pnutjam]

Nobody uses bitlocker for personal encryption, and there is no real evidence of backdoors. It's like the American Cheese of encryption, it gets alot of use in unimportant places.

There are two kinds of encryption...

... warrant proof

and
 
... broken

Which one do you want protecting your company's secrets?

Re:There are two kinds of encryption...

[DontBeAMoran]

What about ROT13? Nobody ever cracked it.

Re:There are two kinds of encryption...

[JohnFen]

ROT26 is twice as good.

We are leaving them with no choice

[DeplorableCodeMonkey]

You can't get civil libertarians to even agree that people should be required to open up devices when presented with a warrant. Whenever the courts think it might be a fifth amendment right, a lot of people here cheer, even though that is ultimately self-defeating. If you can defeat a valid warrant by asserting the 5th, you have just made the 5th an enemy of the 4th amendment. That is not a healthy place for the Bill of Rights to be.

I have a simpler idea:

1. We pass a law making people responsible for remembering their encryption keys on devices they own.
2. We give law enforcement the power to have people prosecuted if they refuse to open a device that is mentioned in a search warrant as a particular thing to be searched for a particular offense.
3. We allow vendors to keep their products at full strength and instead focus on the users.

This is "common sense encryption control."

Re:We are leaving them with no choice

I stack a bunch of quarters on my table in such a configuration that you almost think it's a code.... looks kind of like binary.

Upon a search warrant these stacks of quarters are "discovered" and I'm told to decrypt the hidden meaning. However I just stacked them in such a way because I was bored.

Now what.

Your ideas assume encryption can be identified apart from randomness..... Which means random is resistance.

Re:We are leaving them with no choice

Those new laws would lose a Constitutional challenge. Both are clear infringements on the fifth amendment.

Re:We are leaving them with no choice

[omnichad]

If you can defeat a valid warrant

The valid warrant is not defeated. They can have the encrypted data. If they ask for unencrypted data, they're asking for something that didn't exist at the moment they asked for it.

#1 and #2 are already being treated as contempt of court. And this is worse than being prosecuted, because you aren't even given a sentencing term.

Common sense is not controlling encryption. It's maintaining 5th amendment rights - see the exclusionary rule.

Re:We are leaving them with no choice

I dont remember all of my old abandoned email passwords, do you. DO you actually remember every password you've ever had, cause all they have to do is find that one account you dont remember and then prosecute you.

Your idea is poor. If you can't prove I remember it then you can't make me spit it out, and the fact that you want to prosecute people for something you only THINK they know shows that you are probably just getting those chin whiskers. Keep your head down slugger you'll be fine if you keep working through the problem before you open your mouth.

Re:We are leaving them with no choice

[Opportunist]

Are you a politician or just a layman in complete ignorance when it comes to encryption?

I cannot remember my encryption key. Here's a few bytes of my old one, please memorize it:

CVLO3yiPSAeTjx4UKuquK06APlvtVrT4BF0YUOzCjE5RvIK2AXqGzz6...

there's about 150 more characters, but I guess you get the idea.

And I have a different one for every device I own. It might dawn on you just why it's kinda unfeasible to remember something like this.

Re:We are leaving them with no choice

[silas_moeckel]

This is really simple no.

Encryption has nothing at all to do with the 4th, they can have the data or the object holding the data all they want. Making extremely hard to open safes was a thing when this was thought of even ones that would destroy the contents if they were tampered with. Using codes was also very common at the time. This is not something new that we need to figure out how to deal with it's an old solved issue they are trying to make an end run around.

As to your specifics, good encryption can be indistinguishable from random data, this is also against the 5th by any reasonable interpretation. The mear fact you know the password is testifying against yourself.

Re:We are leaving them with no choice

I have a simpler idea:
1. We pass a law making people responsible for remembering their encryption keys on devices they own.

I agree. By the way, what was the encryption key and time based nonce you just used to make your HTTPS POST to Slashdot when posting that comment?
Yes, the one that only existed for a few seconds and has since been wiped from your computers RAM.

You don't know it you say? So by your own words, you are now a criminal for not remembering that information.

2. We give law enforcement the power to have people prosecuted if they refuse to open a device that is mentioned in a search warrant as a particular thing to be searched for a particular offense.

I agree there too. We have already proven that you criminally refuse to provide the encryption key you just utilized in making your slashdot post, all the while lying to us claiming you forgot it, even after stating you fully know you need to remember all such keys

So how about we find someone that isn't a self-admitted criminal to suggest changes to the law.
As this rules out yourself, we'll just continue to ignore you, as you stated should be a new law.

Re:We are leaving them with no choice

[david_thornley]

Suppose that LEOs find a phone at a crime scene, and it's probably evidence. They link it to me somehow. They ask me to unlock it.

At that point, if I unlock it, I've definitely tied myself to the phone at the scene of the crime. I've incriminated myself. It's unconstitutional to make me do that.

Suppose I don't use a device for a while and legitimately forget the password. Should I just go to the police station and turn myself in?

Prosecution should involve evidence that is beyond a reasonable doubt. How do you prove, beyond reasonable doubt, that I do know the password of a device that I haven't used in some time? How do you prove, beyond a reasonable doubt, that nobody else has changed the password since I last used it? Except in obvious cases, the prosecution is going to have to have sufficient evidence to convict that they can probably convict me for the original crime.

Two words:

Email.
Benghazi.

Go ahead and argue things couldn't be worse you dumbass fucktard lie-berals. Those two simple words prove you wrong.

Wow

"lives may be lost" Take your fear-mongering and shove it up your ass Rosenstein.

These people are both

[fredrated]

stupid and evil.

Justice Department

The Justice Department of what?

Re:This government needs even MORE power!

[InfiniteBlaze]

The intelligent argument is not that the government should be in charge of health care, but that the government should be the single-payer for health care. Numerous payers require numerous negotiations and often-unfair rates in the interest of profit. No one should profit off the health of another, and no one should be unhealthy due simply to the fact that they are poor. No one should be bankrupted by a health issue, especially when they have health insurance. Besides the obvious fact that healthier citizens are more productive, there are relatively unseen and often-ignored effects of concern over health, and guaranteed health coverage for all would eliminate those issues.

You want sympathy? Or even support?

[Opportunist]

Then stop abusing your power. As it is now, the likelihood of someone being damaged by you HAVING access to data is higher than if you don't.

Re:You want sympathy? Or even support?

"But then we wouldn't even need all that data or back-doors!"

This is very surprising!

Given the current political climate, you would think that they would be pushing hard for unencrypted data.

No

[nospam007]

"The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost."

Always the same bullshit.

Re:No

[sl3xd]

Always the same bullshit.

There's a certain amount of authenticity and credibility to bullshit.

This is pure chickenshit, as bullshit is far less petty.

companies "have no incentive to address this"

Quote: companies "have no incentive to address this on their own."

I do not believe companies are designing secure systems out of the "goodness of their heart".I believe there are sales incentives for designing systems that preserve privacy.

Companies actually have an incentive to not address this the way the government wants them to.

Trustless security

[GeekWithAKnife]

I don't want to trust security devices or methods, I want them to be bulletproof. Al-Qaeda used a fucking hotmail account for months and they were not caught. How is this backdoor BS gonna stop anything?

As long as the government is weakening security then security remains weak for everyone and those that have to "trust" simply use soemthing else.

In short, this method of backdoors is not preventing crime or catching out organised crime it's just making everything compromisable eg wrose.

Multi-factor multi-signature keys. If we develop with this in mind then data-breaches, abuse of power and all the usual crude is far less likely.

Your data is encrypted (default state) then have a key, the governmet has a key and or the company of the product has a key.

Scenerio one; jealous cop next door wants to see your tax return; he needs your key, governemnt key (already has it) and the company key. True that if you have part of the key brute forcing can be easier but it's still difficult if not impossible.

Scenerio two; FBI says you colliuded with russians (it's popular) and forced the company of your favourite IM to hand over keys. They have government key, company key but not your fucking key. -they can issue a warrant and you may reliquish your key OR refuse. They may now have a pretty decent chance or cracking encryption and might need 3-6 months to do so...

Scenerio three - no governement data sharing, only two keys, your and the company; nasty blackhat hackers stole all the company's data of your naked shenanigans, they stole the company keys as well, but you still have yours. Data is useless.

You get there idea....it's not perfect or fool proof but it's MUCH better than data laying about being "secure" in some sort of "high security" facility somewhere with one controlling entity and one encryption key which you do not own.


Lawman doesn't want to give citizens that kinda power? -OK how about mutli-factor multi-signatory keys for the governement only? Big insurance company gets one key, FBI gets another, DHS get a third. -now if there is to be sharing there needs to be a process to share the keys, preferably by agencies that keep each other in check and are less likely to collude. Put that process autheorization and signing on a public blockchain and we'll know it probably followed due process and if not we'll find out one day who signed the dotted line. (as it were)

Remember that? due process!

Re:Trustless security

It was too hard to get SIM card keys so they simply stole them from a private company.

Same with your method. The keys will be stolen by the justice department. For the children.

Re: Trustless security

How about we don't give the government any keys at all and the DOJ can go fuck themselves. They're entitled to nothing and nothing is what they should get. A warrant allows them to try to get something and that's it.

To try, not to succeed. If a company wants to sell warrant proof encryption they shouldn't have to dance around it publicly the same way beer makers dance around advertising a product that gets you drunk when you want to be drunk.

We need to end this ridiculous "third party doctrine" while we're at it too, and make it a crime for companies to share your data with the government absent a warrant from a real court. No national security letters, no made up bullshit courts, and, this is important, random judge assignments so they don't get cozy with law enforcement.

Re:Trustless security

[david_thornley]

Look, guy, I don't want to have to consult the government and Apple every time I unlock my iPhone, and that's what you're proposing. If I'm going to use the device, I need a key that actually works. At that point, the government and Apple partial keys are completely irrelevant. They're neither necessary nor sufficient for decryption.

Also, having more than one partial key isn't going to tell you anything about the real key, assuming any reasonable setup. Cryptographers have worked with partial keys for a long time.

Re:Trustless security

[GeekWithAKnife]

It was a proposed model.
Also, you wouldn't necessarily have to consult the government as a complicated action, you might just have a biometric ID that allows contactless key exchange.

But as to why would practically anyone want the governement or a company to hold crypto keys...well because they already have the data and there's nothing you can do to prevent it. Might as well find a happy medium to secure it from other parties.

"Violent Criminal Organizations"?

"Violent Criminal Organizations" have to conduct most of their business in the real world, where you can't really encrypt anything (witnesses, security cameras, evidence, etc). The only thing that weakening encryption does is make sure that everyone elses data remains vulnerable to hackers, identity thieves, espionage & government abuse. Here's an idea, focus on the real world crimes (murder, theft, drug sales) that cause actual harm to actual people and stop trying to go after the nearest stack of cash you can lay your hands on.

Re:This government needs even MORE power!

[fulldecent]

Enlightenment.

California has a population of 40 million, this is larger than 200 countries. If California can negotiate a great deal by itself then I don't expect the US as a whole to do it much better.

Also, California voted 140% democrat in the last election. Literally. If California can't pass single payer healthcare then clearly the idea is too extreme for the whole country.

~~~

Be careful, when we talk about "government" there are different governments.

I support

[fulldecent]

I support the authority of any government to lawfully query any company under its jurisdiction for as much data as it wants.

The ultimate problem here is that companies still control all your data. The long term solution is you should have a "my cloud" box in your basement. That's where your data lives, or at least the O(1) encryption keys for the O(n) amount of data you have elsewhere. In that situation government will need to request data from you directly if they want it.

There really is a strictly technical solution to these problems and we are getting closer every day to the solutions. https://security.googleblog.co...

Re:I support

[sl3xd]

The ultimate problem here is that companies still control all your data.

A lot of services have the encryption handled at the user endpoint - the company only handles encrypted data for which they have no key.

As far as the company is concerned, you're feeding them pool of random numbers.

For Law enforcement, encoded documents aren't new problem. Law enforcement (and militaries) have been unable to read ciphertexts for far longer than computers have been around. Classical ciphers have often proven impossible to crack. Parts of Kryptos have yet to be deciphered, even by the NSA. The FBI still puzzles over letters written in prison, and POW's, knowing their letters are going to be read by their captors, write subtly enciphered letters to their loved ones at home.

Alternatively, there are also documents like the Voynich Manuscript or the Rohonc Codex, where we have no idea if it even is ciphered, or just gibberish. (These manuscripts aren't all that different from a custom binary file format)

Re:I support

Sounds great in theory, but if you've done any research on the subject you quickly run into the fact that the government has been trying to prevent/weaken even private encryption of any kind for decades. Threatening/coercing companies that sell it, secretly limiting its effectiveness, and openly treating it the same way you would treat firearms/bombs. While there should be a lot of private encryption as well, support of large companies will also be needed to aid it creating new/better encryption systems and defending them against legislation.

Discussion of the issue is a total waste

[fustakrakich]

There is nothing to discuss, except how to make better encryption that nobody can control. Discussing whether we should or not is pure masturbation in manufactured hysteria. Regardless, the government will just have keyloggers built into the BIOS. The manufacturers are the weak link here.

Re:Discussion of the issue is a total waste

[sl3xd]

Regardless, the government will just have keyloggers built into the BIOS. The manufacturers are the weak link here.

Keyloggers are a well-known problem -- and one for which security solutions are designed to mitigate. U2F was designed to be secure with a keylogger installed (because spyware is a thing). There are completely open, easily manufactured designs of U2F keys.

GPG cards similarly have an open design, and are designed such that the keys can't be recovered from the device -- and the critical decryption is done on the GPG card.

There's also Coreboot, Libreboot, and OpenFirmware before that -- all open source BIOSes you can audit and compile yourself.

Electronics hobbyists design entire computers -- from PC board design and manufacture (at home) all the way to working Linux computers with internet access. Completely from scratch.

The reality is that the skills and tools to bypass such spying is common, widespread, and well published. Many who have the skills are thrilled when somebody shows an interest in their hobby, and eagerly assist anyone who asks.

Re:Discussion of the issue is a total waste

[AHuxley]

Gov pushed malware is going to be running under, over, around and with better encryption. The better encryption will be tested, passed and work perfectly.
So will the gov malware.

Re:This government needs even MORE power!

The intelligent argument is not that the government should be in charge of health care, but that the government should be the single-payer for health care. ....

A distinction without a difference.

Were the US government the single-payer, the US government rules for payment would be the de facto rules for all healthcare.

Unless you're one of the 1%.

How's that single-payer healthcare for US veterans working out? VA healthcare is what you want for the entire US?

The public bears a greater $ cost from backdoors

We can't sell cloud services to many European countries because they worry our lack of transparency is ripe for French-style industrial espionage. When we do, Americans benefit from the trade less than they otherwise would because of protectionist data locality rules.

Cisco and Juniper have lost credibility to QUANTUM and Dual_EC_DRBG that, minimum, make formerly-unpalatable Chinese options seem like, "why not?" At worst, our network infrastructure is actively avoided. Cisco laid off 12k people since the Snowden revelations.

What are we going to do, give those 12k jobs working in coal mines?

Crypto backdoors a disingenuous, reckless solution to a non-problem. Even forgetting your fucking phone fetish, there are real economic dangers, ones that have been tested, not hypothetical ones.

This again?

Police caught plenty of criminals before smartphones even existed. I wonder how they managed to do that without access to smartphone data?

Re:This again?

[AHuxley]

Re "I wonder how they managed to do that without access to smartphone data?"
When the UK was tracking US and international funding and support in Ireland in the 1980's?
The UK just collected on every call into and out of Ireland. All domestic calls too. Voice prints made it easy.
Funding, support and methods get discovered when interring people talk too much on phones thinking that are hidden in lots of other random calls.
GCHQ listened in on Ireland (18 July 1999) https://www.theguardian.com/uk...
How Britain eavesdropped on Dublin (15 July 1999) http://www.independent.co.uk/n...
What to do about smart phone with new encryption? Gov malware will get under that :)
The other really smart thing the UK did was never tell anyone what they did. Only the UK mil, GCHQ and Royal Ulster Constabulary Special Branch really got to see what was collected. No courts, police, human rights lawyers, media, telco workers really had any idea what was been done and the UK ensured it kept is secrets and kept on collecting everything in real time.

Contrast that with US methods, crypto, gov malware been commented on in public 2017.

Angels and Demons

[necro81]

I could jump into a long discussion about how anyone, anyone, who thinks it is possible to have perfect encryption that also just-so-happens to let perfectly benevolent law enforcement in, is either ignorant of the technology, lying to achieve some other purpose, or simply doesn't care about keeping us safe from the broader and more potent dangers of weak encryption.

I could do that, but CGP Gray has done a fine job of it in one five-minute video.

This is why we need standards

[Sloppy]

A tech company should not have the capacity to compromise security. (Since all companies can be coerced, whether legally or illegally, and your computer won't ever know the difference.) At worst they should only be able to deploy malware which uses a covert channel to leak keys or something. The crypto itself (which will probably also involve key exchange, though not always) needs to be done in a way that complies with a standard (i.e. there are multiple competing tools, by different developers, that can work with the data) then the data itself ought to be safe.

OpenPGP is an example of something done right. LUKS/dmcrypt is another. If a hostile entity pressures a developer to make it not work right, what could they do?

If some company is in charge of your security, then you don't have security. And if you are using proprietary communications software, that means you have one company in charge of your security.

Phase out the "tech companies"' role in your communications. The US government is telling you right now they intend to exert force to prevent whatever-it-is from being able to be secured. If you're using proprietary software for any sort of non-public communication, then you're doing it wrong, and you know you're doing it wrong (i.e. you do not have any expectation of privacy).

Re:This government needs even MORE power!

Veterans care is NOT single payer its actual medical care (and veterans are NEVER taken care of properly). Medicare is single-payer, and it actually works pretty damn well.

An incredibly bad argument

[JohnFen]

First, to hear the Justice department tell it, they must have been unable to solve crimes back before networks existed. Which is clearly BS.

Second, if their argument is to be taken seriously, then we also need to have laws preventing people from owning safes unless they give a copy of the key/combo to the government.

Re:An incredibly bad argument

I don't think you quite understand. They (Justice Dept) wants to go back to the good ol' days where they could call up a judge and get a warrant to tap your landline or intercept your postal mail. Ya know, 2 of the earliest networks, albeit non-computer.

Your "safe" argument is also BS as a safe can be brute forced.

You see these "Tech Companies" have thrown a wrench in the works with their fancy use of encryption. Though what the Justice Dept fail to comprehend is that any backdoor makes us all that much more insecure.

Re:An incredibly bad argument

Don't most commercial safes actually have backdoors in their designs for law enforcement? Not that I think that's good.. just that this is already something government has pushed onto companies in the pre-digital realm. I expect it's something they're just as loathe to admit as it is for crypto.

Re:An incredibly bad argument

[JohnFen]

Don't most commercial safes actually have backdoors in their designs for law enforcement?

Many safes (not all) do contain a special place where you can drill without setting off the anti-drilling countermeasures, but that's not intended for law enforcement purposes (not to say that it wouldn't be used for that, of course). The intention is to provide some means of access should the owner forget the combo and/or lose the key.

Re:An incredibly bad argument

The commentor above, making the comparison to safes and combination escrow is actually scoring a point for the opposing side.

Any safe manufacturer can be compelled to open a safe on demand of a warrant. Also banks can be required to open safety deposit boxes on demand of a warrant.

The real question is, intimacy of our personal communications aside, how is compelling a bank to open a safety deposit box any different from compelling Apple to decrypt and hand over your icloud account?

It's really not. But the simple "sorry we don't have the key" has sufficed until now.

What the government is asking for is the legal ability to force Apple and others to drill the lock and open the box the anyways.

These comparisons begin to fail when you realize that the contents of a safe are unchanged when you put them in, so all you need to do is cut off the lock.

But encrypted data is stored in plain sight, but changed into a form that designed to be impossible to change back sans the correct key and initialization vectors. Correctly done, encrypted data should be indistinguishable from random noise.

So now the government will likely mandate that all US Companies maintain a key escrow and turn over the keys on demand. Of course they already tried this with LavaBit and went so far as to ask for the TLS certificate keys and the keys to decrypt all of lavabit's customer data. The owner of lavabit deleted his keys and closed his company rather than comply.

The answer is as always to get your data out of the hands of US Companies.

Re:An incredibly bad argument

[CanHasDIY]

Don't most commercial safes actually have backdoors in their designs for law enforcement

None that I've ever seen.

Re:An incredibly bad argument

[JohnFen]

Any safe manufacturer can be compelled to open a safe on demand of a warrant. Also banks can be required to open safety deposit boxes on demand of a warrant.

That's right. And that is no different under the current law with encryption. The thing is, no warrant can force anyone to do something that's not in their power to do.

What the government is asking for is the legal ability to force Apple and others to drill the lock and open the box the anyways.

No, what the government is trying to get is the ability to force safe manufacturers to create a "master key" that unlocks the safes.

The government can "drill the lock" on encryption right now (breaking the encryption). It's just really, really hard.

Re:This government needs even MORE power!

Don't know about how the single-payer healthcare is working out for US veterans. But here in Canada, single-payer healthcare works out well enough for almost everyone. It's not perfect and there are gaps in the system, but overall it does the trick. I'm a self-employed entrepreneur - and I'm not afraid of a health problem causing me to go out of business and/or personally bankrupt.

In fact, two years ago I had a health scare that resulted in numerous trips to the hospital, visits to a neurologist, multiple MRIs, etc. I didn't pay out-of-pocket once, and I didn't worry that 30 days later I'd get a scary bill in the mail. Turns out my issue was easily addressed by some diet and lifestyle changes - but if it *was* more serious, at least I would be able to get treatment.

They forget something -

Alot of the well known figures, both in political, media, business, etc have skeletons in their respective closets.

Case in point, the recent blow up over sexual harrasment by a well known producer in hollywood (easy to find out if you want to know who / are unaware).

Those in power will not always be in power, or their children or grandchildren or nephew or whoever will not be in power.

Are they sure they want to have backdoors and all the other patroit act stuff around when they no longer have influence(or not around anymore)? This is one time when they should think of their children or children's children.

Re:There is no clash between privacy & public

Failing to stop crimes is spun as requiring additional power and budget in order to ensure it doesn't happen.

Chances are they knew what this guy was going to do, but stopping him at the last minute like the movies means they don't require draconian new measures to "keep us safe".

Re:This government needs even MORE power!

[GrumpySteen]

It's funny how you translated "more registered voters than residents" into "voted democrat".

The errors in the registration lists are largely due to people moving, dying, etc. and not contacting the state to deregister. It's a common problem and it's not just among Democrats, despite your obvious desire to paint it as such.

After Trump bitched about fraudulent voting and people being registered where they shouldn't, it came out that Steve Bannon, Tiffany Trump, Sean Spicer, Jared Kushner and Steven Mnuchin were all registered in more than one state because they hadn't deregistered themselves when they moved.

If you honestly believe that someone being registered in two states means they're voting in both states, then you should be demanding that all those Republicans be arrested for voter fraud.

So-called "Justice Dept" can go FUCK ITSELF

[Rick+Schumann]

I'm going to start with a quote from an AC, because some of you block AC's even if they're modded up to +5:

"Violent criminal organizations" are the last thing on their minds when making these arguments. They want to go after dissent, after whistleblowers. They want to stalk their exes, commit industrial espionage and blackmail. They want to track the best moments to rape and murder, or to be able to plant evidence without alibis making their so-called discoveries as obviously fake as they can be.

These powers would not and will never be used to make citizens or the country safer in any way, even if it could be used in this fashion. If there were any chance they could, they would never pursue them.

I actually couldn't have said it any better myself. Go search in the recent news; Trump has been openly hunting down regular citizens who have spoken out against him. Why would he do that if not to persecute them, perhaps to the point of false charges being raised against them, as a punitive action for DARING to speak out against the Great and Mighty Donald J. Trump, (LOL)? Note also that way too many people get into 'law enforcement' because they have Power Fantasies about subjugating (bullying, whatever you want to call it) whoever they please to, and apparently there are way too many closeted White Supremacists in law enforcement, if you take the frequency of young black men being shot to death for no damned good reason as any indicator of that.

Nope, banning encryption (or destroying it's effectiveness, same difference really) isn't going to make anyone in this country safer or reduce crime or terrorism or effectively prosecute offenders, it's going to be just one more step towards a TOTAL POLICE STATE where there is no such thing as 'Freedom', not unless you're a COP, or you're RICH. So FUCK THEM and their 'aggressive stance' (read as: BULLYING) in getting tech companies to breach citizens' devices.

Same argument used for gun control

[DidgetMaster]

In order to make everyone safe, we have to restrict law abiding citizen's access to guns and encryption, The only people who need encryption must be people who have something to hide; just like the only people who need something stronger than a bb-gun must be people who want to shoot innocent people in the streets.

Re:Same argument used for gun control

[TsuruchiBrian]

Except that I'm not worried if a psychotic person has 100 encryption algorithms and thousands of private keys.

Re:Same argument used for gun control

[DidgetMaster]

So would a psychotic person intent on inflicting pain and damage pay any more attention to laws against encryption than he would to laws against guns?

Re:Same argument used for gun control

[TsuruchiBrian]

No, but laws are not only useful when people voluntarily follow them. If it is illegal to have anthrax, then we can arrest people who are found in possession of anthrax (i.e. assume they were going to do something bad with it) rather than being forced to wait until they cross the line from law abiding anthrax enthusiast to bio-terrorist before taking action.

I'm not even making a claim about how much gun control there should be. What I am claiming is that I am not worried about encryption in the hands of psychotic people, but I am worried about guns in the hands of psychotic people. I am not even saying that your analogy is a bad one. I am just pointing out an area where this analogy breaks down for me.

Re:Same argument used for gun control

[CanHasDIY]

What about a psycho who straps a bomb to you, and the only way to disarm it is to break incredibly strong encryption?

Don't laugh, it's not as far-fetched as you might think.

Re:Same argument used for gun control

[TsuruchiBrian]

I guess I would maybe more scared of that if it happened every couple months. And even then, it's not clear that the addition of encryption to the situation makes it worse. What would this psycho do without the ability to incorporate encryption into his psychotic fantasies? Would he just blow the bomb up with a timer? If the encryption is actually strong, then there is no difference, because you aren't going to crack it.

I mean, we could invent an example where a psycho straps a bomb to you and won't release you unless you can paint an undetectable forgery of a van gogh painting. If this becomes a common occurrence, maybe we can talk about making paint brushes illegal for even (currently) law abiding citizens. But I would argue that maybe we should try to tackle making bomb parts harder to acquire as a more direct first step, since that seems like a bigger part of the problem.

Re:Same argument used for gun control

[CanHasDIY]

What would this psycho do without the ability to incorporate encryption into his psychotic fantasies? Would he just blow the bomb up with a timer?

Probably.

Which is what makes it a facile argument in both cases - a crazy asshole that wants to kill people will find a way, and no amount of laws or banning of inanimate objects will stop him.

Ergo, my point.

Re:Same argument used for gun control

[DidgetMaster]

There is a big difference between making something illegal that should always be illegal (e.g. anthrax) and making something illegal that has many legitimate uses (e.g. guns and encryption). That was my point. Outlawing something very useful just because someone abuses it to harm others is not a good reason.

Re:Same argument used for gun control

[TsuruchiBrian]

I don't think this is a bad point to make. I've made this point a lot myself. I think to the extent that if a person is determined to kill a lot of other people, by any means necessary, laws against guns, or even the successful elimination of guns from our society is not going to stop that person.

You can extend that argument to advocate for the legalization of nuclear, biological, and chemical weapons. A determined person will be able to get a hold of weapons of mass destruction anyway, so why bother prohibiting these items? Afterall, the 2nd amendment guarantees the right of an individual to bear arms (not just small arms). Any form of weapons control on individual Americans is a violation of the constitution.

I think the same argument that one could make against allowing individual rights to WMD (e.g. something like: It's just too dangerous, and this seems like a good area to restrict freedom in the name of public safety), could also be effectively made for extreme cases of gun ownership (e.g. extremely mentally ill people being legally allowed to buy and own military assault rifles and machine guns without any background checks, waiting periods, or reporting)

And like I said, I'm not advocating for any specific amount of gun control. What I am saying is that I don't think the argument "If a law isn't going to be 100% effective it's useless" is a good one. The argument on the other side of "If a law saves even 1 life, then it was worth it" is also bad. What I would like to see is people on both sides trading in their ideological positions on guns for reasonable ones.

Re:Same argument used for gun control

[TsuruchiBrian]

I am not saying that guns don't have legitimate uses, nor am I saying we should outlaw them. What I am saying is that regardless of the legality of either of these things, I don't think encryption in the hands of a psychotic person is dangerous, or if it is, I can't think of how it is, and so this doesn't worry me the way that having guns or a hammer, or anything that can be used to hurt someone in the hands of a psychotic person does.

I am just pointing out that guns are a very direct way to cause a lot of harm, whereas things like encryption, or mathematics, or compelling writing are much more indirect ways of potentially causing harm to people.

And BTW anthrax has a legitimate use as well. One of the reasons we have anthrax is labs is to test antibiotics effective against anthrax. There are many amateur scientists out there who might discover a better anthrax cure. But I think most people would agree that the benefit of a possible better anthrax treatment is not worth the risk of having every crazy person having easy access to an incredibly dangerous biological weapon.

In the case of anthrax, the argument for controlling it's access is exactly "Someone might abuse it to harm others".

So I don't think this is a bad argument to appeal to the danger of an item to advocate for controlling it, but what you need to do is to show that the benefit of it's unrestricted access outweighs the risk.

For example:
Yes cars are extremely dangerous, but they are so useful that all the deaths caused by cars are worth it.
Yes guns are extremely dangerous, but they are so useful that all the deaths caused by guns are worth it.
Yes anthrax is extremely dangerous, but the potential of a finding a better cure by eliminating anthrax-control is so beneficial that all the potential deaths caused by uncontrolled anthrax are worth it.

Or conversely
Cars are so dangerous that their usefulness is not worth all the deaths caused.
Guns are so dangerous that their usefulness is not worth all the deaths caused.
Anthrax is so dangerous that the usefulness of it's unrestricted access is not worth all the potential deaths it could cause.

These aren't inherently good or bad arguments. They are just dependent on the specifics of whether the danger actually is outweighed by the benefit or not.

Re:Same argument used for gun control

[CanHasDIY]

I don't think this is a bad point to make. I've made this point a lot myself. I think to the extent that if a person is determined to kill a lot of other people, by any means necessary, laws against guns, or even the successful elimination of guns from our society is not going to stop that person.

You can extend that argument to advocate for the legalization of nuclear, biological, and chemical weapons.

I guess one could. But you never see 2nd Amendment advocates make that argument, because contrary to popular belief, we're not a bunch of crazy rednecks that want to overthrow the government. Most of us are your friends and neighbors, responsible people who firmly believe that everyone has a right to defend themselves, with a weapon if necessary.

A determined person will be able to get a hold of weapons of mass destruction anyway, so why bother prohibiting these items? Afterall, the 2nd amendment guarantees the right of an individual to bear arms (not just small arms). Any form of weapons control on individual Americans is a violation of the constitution.

Technically, yes - and technically, there is no such thing as a "banned weapon," outside of nukes (which, IMO, nobody should have) - there are a lot of NFA restricted armaments, true, but they aren't completely banned, just cost-prohibitive. But I am aware of no law that would stop you from creating a biological pathogen in your garage.

I think the same argument that one could make against allowing individual rights to WMD (e.g. something like: It's just too dangerous, and this seems like a good area to restrict freedom in the name of public safety), could also be effectively made for extreme cases of gun ownership (e.g. extremely mentally ill people being legally allowed to buy and own military assault rifles and machine guns without any background checks, waiting periods, or reporting)

Besides the fact I already pointed out how most "WMDs" aren't necessarily illegal to own, the "extreme cases of gun ownership" example you provide is a complete myth - military assault rifles and machine guns are considered NFA items, which requires a person to acquire a Class III FFL license (no easy or cheap task, I assure you), a VERY extensive FBI background check (if you think NICS takes forever...), and pay for an additional tax stamp ($200/each) for each weapon. Also, it is a major felony to transfer an NFA destructive device or firearm to someone who does not hold a Class II license.

Therein lies a major problem with trying to have a real discussion about firearms laws - it seems a lot of people have absolutely no idea what laws are already on the books (which is part of the reason I think it's completely insane to demand new laws, when you don't even know what the current laws are).

And like I said, I'm not advocating for any specific amount of gun control. What I am saying is that I don't think the argument "If a law isn't going to be 100% effective it's useless" is a good one.

Agreed; see previous statement about educating oneself on existing laws before advocating for new ones.

The argument on the other side of "If a law saves even 1 life, then it was worth it" is also bad.

... and ironic, since defensive use of firearms saves many lives every year.

What I would like to see is people on both sides trading in their ideological positions on guns for reasonable ones.

Yea, me too, but there's an issue - chemically, the human brain has the exact same reaction to defending a strongly held belief as it does to snorting a big fat line of cocaine; as a species, we get high off arguing in favor of ideology over reason.

Re:Same argument used for gun control

[TsuruchiBrian]

I guess one could. But you never see 2nd Amendment advocates make that argument, because contrary to popular belief, we're not a bunch of crazy rednecks that want to overthrow the government. Most of us are your friends and neighbors, responsible people who firmly believe that everyone has a right to defend themselves, with a weapon if necessary.

That's right, you never see 2nd amendment advocates making this argument, because it as arguing for something they generally don't want. What I am saying is that their interpretation of the 2nd amendment (and mine as well), leads to this conclusion naturally, whether you find this conclusion desirable or not.

Technically, yes - and technically, there is no such thing as a "banned weapon," outside of nukes (which, IMO, nobody should have) - there are a lot of NFA restricted armaments, true, but they aren't completely banned, just cost-prohibitive. But I am aware of no law that would stop you from creating a biological pathogen in your garage.

I'm not a lawyer, but I am pretty sure biological weapons are illegal for an individual to to possess. I did a quick google search and found the biological weapons anti-terrorism act of 1989. I expect there is some kind of similar law preventing random citizens from possessing VX gas and Sarin gas, etc, but I did not find it yet.

Besides the fact I already pointed out how most "WMDs" aren't necessarily illegal to own, the "extreme cases of gun ownership" example you provide is a complete myth - military assault rifles and machine guns are considered NFA items, which requires a person to acquire a Class III FFL license (no easy or cheap task, I assure you), a VERY extensive FBI background check (if you think NICS takes forever...), and pay for an additional tax stamp ($200/each) for each weapon. Also, it is a major felony to transfer an NFA destructive device or firearm to someone who does not hold a Class II license.

I am not talking about our current laws when I referred to "the most extreme cases of gun ownership" . Clearly we already do prohibit many people from owning many kinds of firearms. What I am saying is that the rationale for banning individuals from owning WMDs (i.e. the trading of freedom for safety) would also make sense for those extreme cases of gun ownership (and clearly most people agree which is why we have those laws). It is my belief that these laws, while most people find them reasonable are actually unconstitutional.

I think a good first step would be to form an alliance to amend the 2nd amendment to restrict WMDs. You'd think it would have overwhelming support from both sides of the aisle. But I feel like many on the left would be opposed, as it would be seen as an admission that the 2nd amendment is and was always an individual right to all weapons (rather than a right of a militia). Maybe some on the right would be opposed because they would see any encroachment on the 2nd amendment as a slippery slope to further gun control.

Decentralize our data!

[DidgetMaster]

This is another argument for a decentralized web. Too much of our data is congregating in the hands of fewer and fewer players. We are going back to the mainframe days where all the data was managed in a central location. Everything is being stored in 'the cloud' which is just another name for somebody else's hard drive where it can be copied, stolen, or turned over to the government. Time for the pendulum to start swinging the other way.

Spurring public awareness?

[rnturn]

``Mr. Rosenstein's speech was intended to spur public awareness and discussion of the issue because companies `have no incentive to address this on their own.' ''

Ha! I think the public--much of it, anyway--is already very aware that companies are resisting government intrusion into the content of their ``personal devices'' or providing back doors that allow the government to waltz right into their phones and/or computers. What the public is largely unaware of is how many of these tech companies don't bother to stick up for their users/customers at all and just bend over and take it when the government sends them a request; it's only news when a company doesn't. I, for one, am happy to see them resist letting us become targets of government fishing expeditions. A pox on Mr. Rosenstein for playing the fear card in attempting to drum up support for increased domestic spying.

Must have been impossible... WW1, WW2, civil war..

[bussdriver]

Think of all the wars in history which did not have access (or capacity) to gather this sort of information. They were a far far bigger threat than a small number of suicidal people. Somehow they managed....

Today's threat doesn't even pass car accidents and many classifications are less than the number cell phone drivers kill each year.

The real enemy is the pursuit of perfection (aka utopia;) furthermore, such pursuits are mostly cover for alternator motives.

DoJ should be greatful not fearful

[WaffleMonster]

For Facebook, shadowy "big data", Twitter, Google, Microsoft, *Gram, Pokemon and all of the subpoena-enabled Orwellian spy shit being intentionally baked into every toaster oven on the planet.

Troves of new leads and capabilities previously wouldn't have possibly in their wildest dreams been able to pursuit is not enough. It will never be enough for LEA who sees their mission in a vacuum as the only consideration of import.

Each act of aggression towards tech companies offering mass communication services only drives the proliferation of decentralized alternatives run by Mr nobody and pushes key management closer to the edge. It's not possible to prevent someone who desires to do so from speaking in code or otherwise outlaw basic math. All you end up doing is making everything temporarily less secure before the tech companies role in securing communications is completely extricated from the equation.

Other side of the coin

The way I see it is if we have encryption that the government is unable to crack. Then we're a hop skip and a jump away from having DRM that the consumer is unable to crack.

I'm not really a fan of government mandated weakened crypto, but at the same time I'm not sure I really trust what powerful organizations can do with the perfect crypto (homomophically encrypted hardware maybe).

I'm not sure that society is equipped to have this conversation.

Re:Other side of the coin

[JohnFen]

Then we're a hop skip and a jump away from having DRM that the consumer is unable to crack.

To a very limited extent, perhaps. There are some very large technical differences between the two cases that make this conclusion dubious. And, to the extent that it could be true, it's already true.

I'm not sure I really trust what powerful organizations can do with the perfect crypto

Then you can relax, because we don't have perfect, unbreakable crypto.

You owe us an apology

I'm sorry you think security is more important than privacy.

Re:This government needs even MORE power!

Guns don't provide healthcare, people do.

It's not Privacy vs Public Safety..

it's Privacy vs State Surveillance

Nothing more, nothing less, than the Elite trying to do everything they can to put the Whistleblower and Evidence genie back in the bottle.

Re:This government needs even MORE power!

[InfiniteBlaze]

Yes, enlightenment is good. Single-payer in CA isn't dead; it's tabled until it's done correctly - http://www.latimes.com/politic...

Judicial Watch, Inc. appears to be rather biased, as evidenced by the below:
https://mediabiasfactcheck.com...
http://www.snopes.com/dhs-quie...
http://www.politifact.com/pers...
I'd take their filings with a grain of salt...or two or three.

Hiding in plain sight

I forget what group it was but they evaded the US government spying for 7 years by hiding messages in metadata for frames in porn videos. The government thought they were just sharing porn. Hiding in plain sight is much more effective than elaborate encryption schemes.

In the Trump admin?

His supporters claimed this wouldn't happen and he magically stopped all nsa data collection and magically increased our privacy, all by doing nothing! I guess trump is their messiah

Confused...

I'm confused, don't they ALREADY have access to the encrypted data...?

fuck the justice dept

"When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost."

just tell your pigs to quit shooting people and lives won't be lost. quit paying terrorist's rent and helping them plan attacks. stop running guns, drugs and god knows what else. quit trying to destroy the country.

Re:Must have been impossible... WW1, WW2, civil wa

I'm assuming that you're referring to terrorism, in that case the danger is FAR lower than even you are suggesting. Averaging over the last 40 years you're looking at about 75 deaths per year using the broadest possible definition. There are about 40 lightning deaths, 80 flooding deaths, 3.3k fire deaths, 12k murders per year, 40k auto accidents, 44k suicides, 200k medical malpractice, etc per year. So you're a little less likely to be killed by lightning and a little more likely to die in a flood than die in a terrorism incident. Perfection isn't even the issue, it's outright stupidity. We burn tens of billions in an ineffective attempt to stop a few dozen deaths while blithely ignoring the hundreds of people dying every day in ways which we could easily prevent. I think there have been several studies that have shown that humans are realllllllllyyyyyyyy bad at assessing risk.

As Bill Clinton says

[raymorris]

> The pen is mightier than the sword.
        The penis, mightier than the sword
- Bill Clinton

Re:As Bill Clinton says

No, that was Sean Connery.

Lives may be lost, but...

...when given a choice the Founders of our country chose freedom.

Re: This government needs even MORE power!

[mSparks43]

Shhhhh, Americans still think its them making the profits, rather than the rest of the world profiting from their early deaths.

To hell with China and Russia('s people)

[Impy+the+Impiuos+Imp]

Deputy Attorney General Rod Rosenstein issued the warning in a speech in Annapolis, Md., saying that negotiating with technology companies hasn't worked. "Warrant-proof encryption is not just a law enforcement problem," Mr. Rosenstein said at a conference at the U.S. Naval Academy. "The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost."

Translation: We want to continue sacrificing billions around the world to dictatorship because we are missing a tiny handful of criminal notches in our belt.

These are needed to prevent thuggery from accessing info that challenges their dictatorsbips. That is sufficient.

one word- Trump

search the comments for the word trump. educational.

Re:There is no clash between privacy & public

[CanHasDIY]

....the stage for another round of clashes in the tug of war between privacy and public safety.

No, there is a clash between privacy and dragnet operations by lazy and corrupt law enforcement.

This.

Seriously, if your entire investigation hinges on the contents of one locked cell phone, you couldn't be doing it more wrong.

Re:This government needs even MORE power!

[TemporalBeing]

The intelligent argument is not that the government should be in charge of health care, but that the government should be the single-payer for health care.

Wrong. The intelligent person asks why do we need to have health insurance to start with and solves that problem. Reduce the costs for all regardless of insurance coverage.

Also, the intelligent person realizes that government only adds bureaucracy and overhead to the cost of anything it provides. It does not improve it; rather it makes any changes take longer and longer.

There are very few things government can do well - military is one of them.

The DIY advantage

[JohnFen]

I don't rely on third party services for crypto, preferring to do it myself.

For the longest time, I thought that just made me weird. Now, it's starting to look like it makes me prescient.

The government can't stop my use of strong crypto, they can only stop third party services from using it.

Re:The DIY advantage

[RockDoctor]

Oblig XKCD

Re:This government needs even MORE power!

Wouldn't that be a good reason to clean up the voter registration lists?

What self-pity

... violent criminal organizations ...

Is that why you issue warrants for interception? Are you sure about that?

... because we cannot access a phone ...

Then it's a poorly performed investigation. Computers are wonderful but quit the push-button policing and do your real job.

... lives may be lost.

"Guns don't kill people, quality encryption kills people."

... not just a law enforcement problem.

Until the voters or congress-critters say differently, it is.

The public bears the cost.

Yes; of the war on drugs/ terror/ piracy/ pedophiles, of 'tough on crime' policies replacing rehabilitation, of the US government ignoring its single-buyer power, of US congress willfully eroding "power to the people" principles, of US congress deliberately deadlocking over every third bill.

The US government has bigger problems than an inability to spy on the communiques of "violent criminal organizations".

... companies "have no incentive ..."

That's right: No incentive to pay wages, pay taxes, or clean the environment. It's time to complain about that, first.

Funny thing

[JoelKatz]

His argument would work equally to defend requiring every home builder to include a recording device in every home so that law enforcement could, with a subpeona or warrant, access the recordings to investigate crimes.

Chickens home to roost

The DOJ has not recognized that this is their chickens coming home to roost. In other words, due to their past abuse of trust, we're technically removing their ability to abuse our trust. To complain about the backlash without recognizing why its happening is just short sighted, but not unexpected of a bureaucrat.

price for freedom

...you have to break a few eggs. A few lives lost every year due to "terrists" are a small price to pay for freedom.

That's not the price for freedom, it is the price for being ignorant.

We think terrorist and North Korea came out of nowhere, when history proves differently. People's anger need to be from a target. Guess what, the USA made themselves a target. Mainly because the USA system and government caused a lot of anger to other people.

Read about Saddam relationship with the USA, then you should be asking why the USA was involved?

Read about our military support to South Korea, why the USA is still getting involved?

Read about cops shooting innocent people from men to women. Why is the USA system letting this happens?

The USA system and government will still continue what it does most, create trouble, create anger and create more problems to make more money.

It is up to you to pay the real price to regain your freedom. Make your voice be heard. Make your vote meaningful. Act now and stop being ignorant.

Re:This government needs even MORE power!

[pnutjam]

Government can do many things well, unless it's sabotaged. It's no mistake that military, police, and fire are agreed on as necessary and mostly functional. It's the disgreed on parts that are deliberately broken as a "example" to show everyone how bad government does. There are plenty of parts that once ran great until they were sabotaged.

mod parent up

[bussdriver]

When it's not terrorism there is some other FEAR they are trying to sell us their cure for it if we only hand them more money and power to implement it... It's always a snake oil salesman with a cure for the incurable disease of FEAR.

"Perfect is the enemy of good" and they always hype cures as much as possible as being as perfect as possible (because an imperfect cure or incomplete solution is just mitigation.) You don't see a good salesman selling partial plans of mitigation-- they sell "comprehensive plans" to "solve" problem X. We just suffered through Trump making idiotically blatant false promises to solve everything because "it's so easy" (for him.)

Re:There is no clash between privacy & public

[david_thornley]

Consider the Miami night club shooter. The police knew he was a serious danger, and all the crypto in the world isn't going to show you anything more useful than that. The problem was that the police couldn't do anything about it. They don't have the power to arbitrarily imprison people indefinitely, and I (at least) consider that a Good Thing. They couldn't assign a couple of officers to follow him around at all times. They couldn't find significant laws he'd broken.

Re:Must have been impossible... WW1, WW2, civil wa

[david_thornley]

Civil war: there was active tapping of telegraph wires and cryptanalysis of messages. At that point, the Viginere cipher was considered extremely hard to break. There was also the case of Confederate battle plans wrapped around a couple of cigars, lost by the messenger, and found by a Union soldier.

WWI: The light cruiser Magdeburg ran aground in the Baltic, and the Russians were able to recover the naval codes and give them to the British. That's one example.

WWII: Enigma is the obvious example, but decryption of Japanese naval codes was also important. The Japanese carriers at Midway were where the plans had said. There's also a US military observer in North Africa who was sending back very good reports on British capabilities and intentions, in a code the Germans had managed to steal a copy of. It may be a coincidence, but Rommel's luck turned seriously against him when the observer left North Africa (and his signals intelligence people were lost in an encounter with a British supply column).

"lives may be lost."?

[tmh+-+The+Mad+Hacker]

The U.S.A. was birthed from the notion that freedom is worth more than a few lives, and that prevention of tyranny is worth spilt blood.