Slashdot Mirror
Two Years After FBI vs Apple, Encryption Debate Remains (axios.com)
It's been two years since the FBI and Apple got into a giant fight over encryption following the San Bernardino shooting, when the government had the shooter's iPhone, but not the password needed to unlock it, so it asked Apple to create a way inside. What's most surprising is how little has changed since then. From a report: The encryption debate remains unsettled, with tech companies largely opposed and some law enforcement agencies still making the case to have a backdoor. The case for strong encryption: Those partial to the tech companies' arguments will note that cyberattacks and hacking incidents have become even more common, with encryption serving as a valuable way to protect individuals' personal information. The case for backdoors: Criminals are doing bad stuff and when devices are strongly encrypted they can do it in what amounts to the perfect dark alley, completely hidden from public view.
Nowhere does it guarantee a right to privacy. The government needs to be able to keep people safe and they cannot do this unless they have to the correct tools.
... for the technologically illiterate politicians who, at the same time, are too goddammed unable, for some reason, to LISTEN to the EXPERTS who tell them that "responsible encryption," encryption with backdoors, is vulnerable, and not really secure at all. Christ allmighty, what is with the stream of idiots in U.S, U.K, and Australian politics who speak on the matter, and don't try to understand it?
If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
The problem is that there is no middle ground here. Putting any sort of back door into encryption effectively renders it useless. The cops can say whatever they want but that is an indisputable fact and isn't negotiable even if we wanted to. You can have good encryption or for all practical purposes no encryption. There is literally no middle ground.
Even if we trusted the cops (and history tells us we shouldn't) the cops aren't the only party in play here. If the cops have a back door then so do black hats, criminals, foreign nations, and anyone else. So we get lots of whining by politicians and cops who are either clueless or disingenuous or both.
If you implement backdoors in your software, you can as well close shop. Nobody, at least no company with at least a hint of self preservation, will buy your product. If I cannot trust my company trade secrets to be secret from espionage because your product is insecure (and yes, a backdoor makes a product insecure BY DEFINITION), I will not use your product.
No "government only" backdoor is "government only" for long. First of all, the mere existence of such a backdoor gets known at some point in time, as the past history of deliberate leaks or accidental blunders have shown. And no later than this, the company that actively and deliberately puts backdoors in its security software is done for, for the reasons aforementioned. Yes, even if they "fix" this immediately. Why should I trust you that you have no backdoors now? Fool me once and all that.
Second, a general key into the secrets of every company worldwide is prized. Not by hackers. By governments. And governments have WAY other options at their disposal as any basement dweller or even organized crime. You have seen what North Korea does with people that li'l Kim simply does not like? Now imagine what they do with people that could give them the key to the holy grail. You know the key? Well, you may be in for a decision who you love more, your country or your kids. Almost every person has a weak spot. There are very, very few people who cannot be at least blackmailed if they cannot be bribed. Your life, your freedom, your credit, your family... everyone breaks at some point.
And state actors, especially when acting for repressive regimes, don't mind cutting your unborn son out of your wife if that's what makes you hand over what you want.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Basically the argument is it is illegal to keep secrets from the government.
Enjoy your fascism!
So much for the 4th and 5th amendments. You no longer have any rights to such things.
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Remember, this is the SAME FBI/DOJ that abused FISA warrants to spy on a political campaign during an election lying about the information given the judge.
I think the debate is over at this point. The FBI has shown it is willing to break laws, lie to get warrants, and attempt to affect an election to go the way they want it to. I'm not even sure why most of the top FBI officials are still in their jobs and not in jail. We haven't had a single one of them charged for what they did. Comey has lied at least 8 times under oath attempting to cover up the things he did, and he is still going around telling us WE are the problem?
Debate is off if the FBI and DOJ are unwilling to admit to their lawbreaking ways, which we learned from Congress, and are still unwilling to punish those who did abuse their positions.
The lame MSM, who need the sheeple to believe that there are two actual sides to every story in order for their clickbait model to keep the the business swirling as high as possible around the toilet bowl for just a few more years, cannot possibly classify any fringe viewpoint as anything other than normal, because that would decimate their business.
Unless, of course, a viewpoint is abnormal enough that the clicks will happen automagically because of morbid curiosity, c.f. flat-earth rocketman.
Given hacking into things and spying on people and companies, most notably giant state and state-sponsored actors like China and Russia has had actual effects on the maintenance of power by thugocracies, I'd say prosaic criminal detection vanishes as an importance.
Exactly like the Founding Fathers observed always happened, and tried to prevent against with the core principle of the design of the Constitution, and the Bill of Rights.
Every backdoor for government "crime" so an FBI agent can get another notch in his belt means billions around the world sink a little deeper into "If you want a vision of the future, imagine a boot stamping on a human face - forever." - George Orwell
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
And after two years, has anything in the debate changed on Slashdot? Perhaps a hardening of positions, but I doubt that anyone's mind here has been changed. Can anyone chime in: has your position on this been modified? What persuaded you?
I've noticed something deeply unsettling about this entire debate, as touched on by a previous /. post by someone else.
Periodically, there's a mass shooting or some terrorist attack or something. And immediately afterward, the government tries to take more of our rights, ostensibly "for our safety."
Well, to anyone thinking, like many comments posted earlier, they're not actually interested in your safety or your freedom. They just want excuses to keep pounding the rock until it erodes away.
I'll gladly take a back door in all my hardware and software if every politican going forward discloses exactly where every cent of their super PAC and other anonymous funding comes from, disclose every single meeting and conversation they have with all lobbiests and colleagues, all sexual relations, make available 24hr/day audio recordings of thier activities in addition to video of them at all times in public workplaces, the complete finnancial breakdown of everything they own, all business contacts, and most importantly, if a law is passed making it a felony with a 5 year minimum sentence to receive and accept anything over 50 dollars per human donor (cannot come from a company) as a politican without it being exchanged for a fair market value - even indirectly. I think if we could hold them to that I'd do it.
The argument for backdoors is:
1. We can stop bad guys better.
2. It doesn't "really" hurt the US public for us to spy on everybody's shit if they don't know.
The counter argument is:
1. Are you sure you can stop bad guys?
2. It DOES HURT untold millions of innocent US citizens.
The problem is, the cat is out of the bag. Everybody knows spying is the norm, and that screws with people, good people, in a bad way.
Is it as lethal as getting shot by a criminal? No. Is it as bad as having a mean boss looking over your shoulder questioning everything you do to the point that you are afraid to sneeze? Yes, for some people the resounding answer is yes.
Over reaching LEO started this issue.
If Law Enforcement hadn't started sucking up data without warrants for everyone, we wouldn't be nearly as protective about our personal data.
Stingrays don't differentiate.
NSA doesn't differentiate.
License plate readers and traffic cameras don't differentiate.
So, since I can't legally hide my face (there's a law preventing that in my state) and I can't legally hide my license plate, even when parked on private property (there's a law against that in my state), I will take as much care to protect other parts of my privacy as I deem necessary.
The first step in this debate is to find what each side deems "reasonable" within the current legal limits.
For example, retaining license plate data forever is legal for state and federal organizations. I'd say if there was a 6 month (or 14 day) requirement to wipe all that data if there isn't an active, open, investigation would go a long way.
LEO needs to earn our trust back.
because bone headed politicians are still arguing about it. By 'bone headed' I do not mean so stupid that they do not understand that you cannot have secret back-doors (although there are undoubtably some that are that stupid), but 'bone headed' in the sense that they continue to want to get their way irrespective of the practical impossibility and regardless of the damage that it will cause.
I suspect that some of them are playing a more subtle game, they secretly accept that it cannot be done but keep on pushing because they hope that the Tech companies will give way on something else that is more valuable to the politicians as a 'compromise' deal. Whatever this something else turns out to be I can guarantee that it will not be to your or my benefit.
Posturing like this also makes them sound good to Joe Sixpack who does not understand, but like politicians who talk hard against terrorists, etc - ie good for votes.
In this context "unsettled" means FBI lost.
All experts agree, deliberately weakening encryption or building in back doors is stupid. So the debate is over. All that is left are people who choose to ignore the consensus that the experts have reached. Typically these are people with questionable motives and/or questionable allegiances.
It is the exact same thing as the global warming "debate" and the creationism vs evolution "debate". There is no debate, only special interest posturing.
If you want to live in a country with the 2nd ammendment, where guns are sold liberaly "bicuzz there must be the right to, you know, eventually, maybe, defend ourselves against a tyrant democratic government, who happens to have access to nukes and bioweapons", then you also accept to live in a country where the bad guys that are not government also get that right.
Now, if you want to live in a country where the government can access most information about your life and your choices and your opinions, because most of that data is now available digitally, maybe you should, like for guns, not forfeit the the right to make that information private.
At least don't have double standards is all I'm saying. Hypocrisy is much more structural than gun or privacy rights - it's what makes people kill each other sociopathycally, and what makes governments use law to screw the small folk.
We worry about China's government misbehaving but apparently "it takes one to know one."
http://money.cnn.com/2018/02/14/technology/huawei-intelligence-chiefs/index.html
Not saying that there aren't American terrorists with encrypted phones, not saying China isn't dishonorable in its behavior (it's terrible, in fact).... I'm just saying that we don't need the U.S. government, which is technically incompetent and ethically unworthy, into our private spaces.
That's like the "more guns" solution offered by the NRA to control massacres. "We need to be able to hack more and more easily!"
It's all just masterbate... We just need to develop the tech regardless what any authority wants. You do it anonymously if necessary. But let's not waste time debating about it. We just do it and that's that. The philosophizing dictators can just go fuck off!
Get a court order, and give the iPhone to Apple to unlock. You get the data without exposing Apple's secret sauce. Problem solved.
"completely hidden from public view"
The argument for backdoors in the article is BS on its face. No criminal activity can take place completely in an individuals encrypted device. You have to do something in the real world, hand over the drugs/money, start shooting, penetrate a network, steal something. At most SOME of the evidence might sit on a device owned by the perpetrator but that still leaves plenty of other evidence (cameras, witnesses, forensics, network logs, cash trails, etc). The push for backdoors being a necessity to lay charges usually centers around either lazy people who don't want to do the boot work or fishing expeditions where law enforcement doesn't really have anything but hopes that dredging through someones life results in some kind of charges.
Criminals are doing bad stuff WITH POINTED STICKS and they can do it in what amounts to the perfect dark alley, completely hidden from public view
Criminals are doing bad stuff {insert object here} and they can do it in what amounts to the perfect dark alley, completely hidden from public view
Let's just ban everything, since anything can, potentially, be used to commit a crime. You could use a STICK OF BUTTER to commit a crime, for fuck's sake. So let's ban EVERYTHING, we'll go back to being stark naked 24/7/365, living outdoors, and anyone picking up a stick or a rock is killed because they might be a criminal.
Think the above sounds stupid? It's not as stupid as LEOs and politicians not listening to the people whose business it is to devise encryption algorithms, who keep telling them over and over again ad infinitum that you CANNOT HAVE BACKDOORS IN ENCRYPTION WITHOUT MAKING IT INHERENTLY INSECURE!
FBI and dumb politicians can go fuck themselves sideways with a rusty chainsaw. Things are already bad enough, there's new hacks and new data breaches practically every gods-be-damned day, I'm avoiding using plastic because I don't trust payment systems to not get breached (there is plenty of prior breaches of payment systems to warrant this), and they want to make things overall worse for everyone by making it easier for criminals to hack into whatever they want? The hell with that.
Everyone has the right to protect their information through encryption and no one has the right to a back door, this isn't a two sided argument,.
If you oppose encryption or data security, place all your sensitive information online, un-encrypted and see what happens, you'll quickly change your mind about encryption and data security.
The Feds want/trying to buy an invisible, pink, undetectable, flying unicorn. None have to use their supplied/dictated backdoored encryption technology even if made a legal requirement. A trivial do-it-yourself one-time pad (XOR the message with a given random bit string) is unbreakable. There is inconvenience in distributing this encryption/decryption key (random bit-stream), but looking at the 64GB micro SD card now siting on my thumb, it's not that big a deal. (The encrypted message contains an entry point into the key bit-stream so you only have to distribute one key to send many messages.) Sorry Jackbooters, your wet dream is only a fantasy.
The only problem is that the public needs to be EDUCATED as to why back doors are not feasible and the police need to be told once and for all time that if they are too lazy to do actual police work then they should find other employment. The police, the only group of employees able to get politicians to make their job easier for them.
Also Slashdot here is part of the problem by brining this up YET AGAIN. Come on now, anyone who argues for back-doors is nothing more than a shill for law enforcement and is technologically illiterate like the rest of the general public.
PS this debate was settled with the clipper chip, Its only the idiots who wont let it die.
People, this is Slashdot. Why is anyone talking about reasons against weakening computer security? What's next, you're going to go to a dentists' convention and try to sell people on the idea of brushing their teeth? Maybe after that, you can try to persuade some firefighters that they shouldn't soak rags in linseed oil and leave them in a pile in their hot garage. I wonder if I could convince the Pope that mysticism might make a nice bundle with social organization. Maybe you can convince the president that the only hooker you can be sure will remain quiet forever, is a dead one. And if you're a real Master Debater, try to explain to some librarians that the first amendment is a good idea.
Let's challenge ourselves. Can anyone think of any reason why backdoors might NOT be a stupid idea?
If you have a backdoor, you're fucked.
I think we need to think clearly about what is illegal:
"The case for backdoors: Criminals are doing bad stuff and when devices are strongly encrypted they can do it in what amounts to the perfect dark alley, completely hidden from public view."
Most of our private moments are conducted in what should be a "dark alley, completely hidden from public view". I'm fine with that.
Suppose we look at it like this.
Can you think of one other thing, any other thing, that the Three Letter Agencies wanted and didn't get? Money? People? Vast new powers? The ability to torture? The ability to silence internal critics? A word powerful enough to frighten the citizens and chain of command into doing anything ("terrorist")?
My point is this. If it had been possible to give them a backdoor without fatally compromising security, it would have happened by now. The TLAs hit the jackpot in 9/11 and got their dream scenario for the bureaucracy. If you can dream it, we can spy on that dream!
So they keep asking for a three-headed unicorn with sprinkles but those don't exist. That's our responsibility how, exactly? "But I want it!" is a viable argument for a 3 year old, not an adult.
If you support the FBI you're a freedom hating cocksucker. No debate required, and fuck you fascist cockguzzlers.
So do you think the goverment hasn't gotten the information off this phone?
Not protect us - they couldn't do that in the Florida shooting with warning and a real name ahead of time - not exactly encryption that held them back. But man, if anyone serious starts organizing some real dissent, they need to know stat so they can nip it in the bud before people notice what's going on. As long as it goes like "well, Earl was always a little off" when they carry the dissenter away, they keep power.
These are, after all, the actions of a government that's afraid of its people for all the wrong reasons - they know what they did and are scared to death of what we might do when we know for sure ourselves.
If they were afraid FOR us, they'd be acting a lot differently. Even the mainstream media would pick up the dramatic change in tone and transparency about actions and motivations.
Why guess when you can know? Measure!
See here
Http://zsmith.co/iOverwrite.html
"they can do it in what amounts to the perfect dark alley"
And? Are dark alleys illegal? Do you get to peruse every personal document in my home because you saw me in a dark alley? I'm sorry, but there is no sound argument for destroying all encryption because a fraction of a percent of people use it in a bad way. The benefits of encryption far outweigh the drawbacks. For the bad car analogy enthusiasts, that's like banning personal vehicles because they cause more injuries than public transportation.
As more and more of our lives are linked to our digital fingerprints (with or without our knowledge or participation) encryption is only going to get more important. No person should have their entire life recorded and brought up at a moments notice. Not even for murder cases. Innocent until proven guilty. You don't get to treat the entire populace as potential suspects at all times. Individual rights are important, and should not be forcibly removed to provide a fraction of a percent of public safety.
How about work on mental health care and start from the ground up with good intentions instead of trying to force this draconian shit down from the top?
I am 10000x more worried about governments abusing power and criminals hacking into insecure systems than I am about people, even criminals, having secure communications.
There are just some people that insist on continuing to be stupid. As they are high-level government employees, that is not surprising.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Everything must be accessible to the government, nothing can be private. There is a term for people like that: It is "Fascist".
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Using the logic of this article, dark alleys and private residences need to be banned too.
So the FBI forces Apple to put a gaping back door in so they can pry into the private lives of all and sundry. Lets say I'm a bad guy and I know about the deal AppleCorp made with Fed. So I encrypt the message before sending it to my thiefdom. The message on my phone is encrypted twice, once by me, and once by the phone. The Fed looks at the phone, sees the message through their back door, but they don't know what it is. Apple isn't to blame, they didn't do the first encryption, I did. So if you are honest, the Fed can look down your pants. If you are dishonest, the Fed are as stuck as they are now (and my thiefdom continues on like before).
Oh how I wish more people understood this basic fact!
ut I can imagine a far less threatening scenario that would address the situation that law enforcement mostly talks about, which is the inability to break into a locked phone.
I regard that as just too bad for them. I'm not about to give up my rights just because it makes their job harder. I firmly believe that we should allow 1,000 guilty men to go free rather than convict a single innocent man. We have the 5th amendment for a reason and I see no reason why we should allow it to be trampled on just to placate some lazy cops.
Put a hardware access method on the phone that lets the phone be decrypted at the cost of destroying the phone, and while I still think it is not worth doing, it wouldn't be nearly as bad as intentionally weakened software.
That is one of the dumbest ideas I've read in a while. Do you have any idea how fast some bored teenager or bad actor would start destroying phones intentionally?
If the cops have to get a warrant to break into my phone, need the physical phone to do it, and can't tracelessly root it and return it to me with me being none the wiser, my level of concern goes way down.
That is just another riff on the "if you have nothing to hide you have nothing to fear" argument. If I have something encrypted and the cops can't get it without my help then that is just too darn bad for them. They'll have to find other ways to build their case. If they can't build a case then that is the system working the way it is supposed to. Law enforcement is by and large a bigger danger to me than criminals or terrorists and that is the reason we have constitutional protections against abuse.
Think about it this way: while it hard to solve a crime, it is even harder to prevent a crime.
It is almost always easier to prevent a crime than to solve one after the fact. A lot less costly too. If it were not easier to prevent crimes then there would be a lot more crimes committed than there are. Take shoplifting for instance. Companies spend a lot of resources preventing shoplifting because it is FAR more effective, cheaper, and easier than just trying to catch and punish the criminals. A manager of a store I once worked with said that the most effective tactics are really aimed to keep honest people honest.
On top of that it is much easier to track and measure "crimes solved" versus "crimes prevented"...
Sometimes this is true but only for specific cases and it's not actually true as a general proposition. It's actually pretty easy to figure out how effective a crime prevention tactic is by simply measuring the before and after results. Shoplifting was X% of sales before implementing a tactic and Y% afterwards. Voila you have measured crimes prevented.