I don't understand your response. Why is the balance of risk from government vs risk from bad actors changed by whether I know about encryption?
Firstly, widely available, unbreakable encryption is a new thing (especially when you consider ciphers considered strong even 5 years ago are now breakable).
Any new thing has the power to disrupt the status quo (resulting in possible net gains or losses for all of us).
Like every other major disruption in history, it has to be controlled to ensure the good outweighs the bad (eg cars, planes, computers, medicine, guns, whatever... all have some level of control to ensure they provide a net benefit to society)
So with this new thing you have to ask, do I prefer the option of uncontrolled technology and the possible risks, or do I prefer some level of control to try and ensure a net gain for me, my family, and maybe society too?
And ultimately you have to trust someone. And I trust the criminal gangs slightly less than the democratically elected government variety.
The implication is simply that encryption ought to be ubiquitous and easy to use if it is to be effective. That's kind of where the tech industry has been pushing.
.
Yes and the tech industry, just like any other (auto, tobacco, food, drug etc) don't always have your best interests at heart, as proven by history.
Who exactly is it that you think is more at risk from a terrorist than someone stealing their data? A grandma?! Surely you yourself don't actually believe that.
Encryption won't save granny from data thieves, we know this because the bad guys simply ring up and pretend to be Bill Gates and she hands over the keys.
But we also know that wide-spread uncrackable encryption will lead to less convictions as savvy crims learn how to hide their tracks better. Less convictions mean more crims on the streets, and more crime. This is not an acceptable outcome either.
That will require either holding that code permanently (a major security risk) or re-making it continuously (a huge waste of time and effort for some of the company's most critical engineers, and still no real mitigation of the security risk, as those engineers will over time inevitably learn the methods required to develop the software from all the repetition and thus be susceptible to compromise by bad actors).
They aren't the only options, and I'm surprised that this being a tech forum it's the only ones we keep getting hammered with.
Anyway, enough of this. Why don't you explain what you're proposing? Is it:
I'm not offering solutions, I'm asking for them. We are techies, first we must accept that uncontrolled cryptography presents a real risk to our rule of law (ie convictions mostly hinge on information gathering, cryptography has the potential to disrupt this massively), then we try and come up with solutions. I think this is all our politicians are trying to say.
However since you asked I will offer some ideas (I'm no expert so feel free to offer constructive criticism).
One option I see is restricting types of encryption allowed to be used. An independent technology forum could establish what is considered 'adequate' levels of public cryptography. The public are free to use this, and it is strong enough to protect against casual attack, but still able to be brute forced by Govt level processing power. Sure the real bad guys still exist, but most laws aren't designed to get everyone. Stopping the casual threats is a large part of most law enforcement strategy.
Another possibility is an independent key store accessible only by the courts. Using HSM type technology you can lock down private keys to only be accessible by certain parties with certain approval. A bit like how nuke keys are handled. With enough procedure this could be secured as much as anyone could expect.
Another option is some sort of ro
I have never voted for an incumbent in any election, and I ALWAYS vote. I want to get rid of the a**holes, not bring them back so they can continue screwing up.
So you want your vote to count more than others? I think they've tried that system before and it failed...
I don't know whey you are stealing clothes when you could have laptops, iPads and jewelry.
Have you ever stayed in a hotel? Most people will have their valuables on them, or if left in the room kept in a safe. I hardly think that renting a hotel room, which you have to present ID and credit card (sure you could fake that but...) only so you can hack the electrical control bus to try and work out when another guest is not in (maybe), so you can somehow break down their door, and pray they have something valuable lying around you can steal (that doesn't have GPS and tracking), and hope there's no cameras or security (which there usually is), is the best idea I've heard of.
If you want to steal stuff, learn how to climb or abseil and come in through the window. It's a whole lot simpler.
I may have a hard time convincing *you*, but that's not the same as having a hard time convincing anyone.
No, but the fact still remains, your average Donald/Hillary voter doesn't even know what encryption is, and even if they did, don't know how to use it correctly which mean it's not 'essential'.
I don't see the relevance of recency.
Well it wasn't essential at some point not long ago (ie about 20 years ago when no-one used encryption (outside of specialist circles), so what has changed that now changes that fact?
but you may not buy a phone that has encryption that secures such data from bad actors", then that is giving up an essential liberty.
More than likely I'm guessing, some new rules will create a restriction of technology. Just like how you can own an AR15, but not a ICBM. Or you can drive a Lamborghini on a public road but not an Indy car. Cryptography will be defined by some standards in which 'adequate' protection will be publicly available, and the high end will be restricted. It will become an offence to use higher end encryption without appropriate authority.
This concept is not new, and for something that has the potential impact on law enforcement as cryptography, it's hard to see how doing nothing is ever going to be an acceptable option.
No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.
Same goes for whoever is approving those smart elevator controls, you know the ones where the lift has no buttons, you type in your floor on a panel in the lobby, then get assigned a lift number? They are becoming more and more common and I always have a worse experience with them than the old fashioned up and down buttons with floor buttons in each lift.
Also, most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.
Are you sure about that? Every wallet or purse I've ever peaked into is full of pointless shit, mostly credit card sized. And every holiday I've ever been on we've always had a spare card to jam in the socket.
I think it's all down to the protestant work ethic that's been drilled into the minds of all westerners for generations. "Work hard in this life, and you shall receive your just rewards in the next life" and so on.
Dude, I think this way of thinking has been around a lot longer than 16th century...
Most Americans don't interfere in the business of any country.
I've been a U.S. citizen for my entire life of almost 50 years, and no President has ever asked my opinion before he acted like the world's biggest bully.
My favourite trump moments:
- Announcing that not only will he build a wall along the border, but he'll make Mexico pay for it.
This has been my single favourite moment so far. I'm still waiting to hear how this will address the planes, tunnels and submarines that currently also being used by smugglers?
any criminals that care about it at all, ALREADY HAVE completely secure data & communications.
No true Scotsman?
ever heard of PGP? full-disk encryption?
no, this is all about gaining access to the low hanging fruit. which in the vast majority of cases means joe taxpayer.
PGP and FDE were available in 9/11 but not common or easy enough for that level of criminal. Yet only 15 years later kids and grandmothers get FDE by default now.
It would be dishonest to imply that there isn't a trend there. And that trend will continue to have implications. I'd still like to hear what approaches anyone thinks can be done to address this new threat.
It is a black box, you and I cannot see into the deepest inner workings, and voting out those inner workings is nigh impossible.
Speak for yourself. I've done a number of projects for Govt Depts and local, state and federal level. Most of what I worked on I fully understood how it worked.
I don't like to sound defeatist, but our government is unchangeable in the short and medium term. I think effective change will take a century from now.
Only because you don't really understand how a government as large as the US works. It's specifically designed not to change quickly, quick changes introduce unacceptable risk to the nation as a whole, and the government is there to reduce risk on the people. Democracies are designed for stability over dynamics. If you want dynamic go see how that is working out in places like Afghanistan and Iraq.
I'm interested in living in a society where I have some privacy, and I'm willing to accept the additional 1/1,000,000 chance that a terrorist will kill me for that to happen.
Yes well that's cute, but you seem to forget the other myriad of bad guys who will be jumping at the chance to setup water-tight criminal organisations with this new technology. The 1/1M chance of being extorted for money might now become 1/10000. And the chance of the drug dealer setting up at your kid's school might go from 1/10 to 1/2.
Once the bad guys cotton onto the power of immunity this technology gives them, your world changes. You seem to think the only change will be positive. Why is this?
A bunch of people vote for Obama because they wanted an end to Bush's policies. Tell me again how "voting it out" is supposed to work, you tragic little fool.
-jcr
Person who is too ignorant to understand simple discussion resorts to name calling. Film at 11...
Ah, but the central question is this: what is more likely, that bad guys will fuck me and my family over by using encryption to hide in the shadows, or that bad guys will fuck me and my family over by obtaining information that I am no longer able to protect via encryption?
Perhaps you think the former; I am certain the latter is the greater risk.
Maybe for you personally, but what about grandma up the road? or 99% of the people who have no clue how encryption really works? You know the people who make their password their birthdate, or their dog's name? The ones who write it down on a post it note next to the computer?
We have to accept that cryptography is a new paradigm security, one that can't be dealt with by quotes from the Bible or other 200 year old wise men.
Back doors don't make sense, but I don't any sane person is asking for that (eg in the Apple case the FBI was merely asking for the opportunity to brute force. This is not a "back door"). I do think the law needs to continue to function, and part of that is the ability to obtain information. Don't underestimate the power this will have to disrupt the balance, and the consequences it will bring.
Fine. In that case, *I* get to decide which of my information is too precious/sensitive to reveal, so suck it up.
Yeah but unfortunately for you society doesn't work like that. We have rules to maintain order, and one of those rules is that people don't get to do whatever they feel like.
You need to engage with the quote more carefully. The quote speaks of "essential Liberty"
You're going to have a hard time convincing anyone that cryptography that was only invented a few years ago is an "essential liberty".
And yes the cops should have the ability to break locks with a court order, that is a key foundation of a law enforcement.
I'll support more cops/FBI/etc to make sure all the other approaches are covered.
What approaches are they then? Seriously, I'd love to hear what suggestions you have for dealing with a world of criminals who now have completely secure data and communications.
I prefer to think it's a case of we sane people don't think anything on the phone is worth giving the government the ability to distribute unlimited malware. There is such a thing as weighing the costs. If you want to be the Land of the free and the home of the brave you don't cower at every shadow and give up your rights so easily. Put another way: Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety - Ben Franklin
Every time some legal issue is raised in here, some retard throws out that stupid quote.
By your logic we should have no security ever then?
Or you lock your doors right? Oh wait, you've traded the liberty of freely opening and closing your door without a key for the security of trying to keep burglars out. You now deserve neither security nor liberty.
At some point we need rules, or the bad guys will kill you. Yes they will, no amount of playing Counter Strike will save you ass when the real bad guys come for you. And those rules need to be enforceable by someone. Someone who isn't you, because even the toughest man on the planet will still get raped by a well organised gang.
So once you accept that we need rules, and someone to enforce them, you are trading some liberty for security. If you don't accept this, then go live in a war zone were there is no rules and tell us how liberated you feel.
Any serious study of the last couple of decades reveals that over and over someone in law enforcement or intelligence has been aware of the info needed to act on attacks against us beforehand .
Er, because cryptography was not common place then. In the next few decades it will be trivial for everyone and everyone to hide in the shadows of encryption. That might sound cool because you think you're the baddest kid on the block, but I assure when the real bad guys use that to fuck you and your family over, you'll be first to cry that the govt aren't doing enough to save you.
Ok. So I blow up a few city blocks. In Obama's mind, I can't be arrested unless they can read my cell phone? Or does he just mean that the police will say: "We can't open the phone! Guess we should give up and go to the bar to have a few beers. No point in even trying to do an investigation. It's hopeless."
Are you interested in living in a society with enforceable laws, or do you feel that strongly about technology that it must be allowed to be free regardless of any impact it has to that society?
Obtaining information is a key pillar of law enforcement, and for the first time in human history technology allows that to be shutdown. there's some huge risks to our way of life here, any government would be negligent not to address them.
Slashdot Mirror
I don't understand your response. Why is the balance of risk from government vs risk from bad actors changed by whether I know about encryption?
Firstly, widely available, unbreakable encryption is a new thing (especially when you consider ciphers considered strong even 5 years ago are now breakable).
Any new thing has the power to disrupt the status quo (resulting in possible net gains or losses for all of us).
Like every other major disruption in history, it has to be controlled to ensure the good outweighs the bad (eg cars, planes, computers, medicine, guns, whatever... all have some level of control to ensure they provide a net benefit to society)
So with this new thing you have to ask, do I prefer the option of uncontrolled technology and the possible risks, or do I prefer some level of control to try and ensure a net gain for me, my family, and maybe society too?
And ultimately you have to trust someone. And I trust the criminal gangs slightly less than the democratically elected government variety.
The implication is simply that encryption ought to be ubiquitous and easy to use if it is to be effective. That's kind of where the tech industry has been pushing.
. Yes and the tech industry, just like any other (auto, tobacco, food, drug etc) don't always have your best interests at heart, as proven by history.
Who exactly is it that you think is more at risk from a terrorist than someone stealing their data? A grandma?! Surely you yourself don't actually believe that.
Encryption won't save granny from data thieves, we know this because the bad guys simply ring up and pretend to be Bill Gates and she hands over the keys.
But we also know that wide-spread uncrackable encryption will lead to less convictions as savvy crims learn how to hide their tracks better. Less convictions mean more crims on the streets, and more crime. This is not an acceptable outcome either.
That will require either holding that code permanently (a major security risk) or re-making it continuously (a huge waste of time and effort for some of the company's most critical engineers, and still no real mitigation of the security risk, as those engineers will over time inevitably learn the methods required to develop the software from all the repetition and thus be susceptible to compromise by bad actors).
They aren't the only options, and I'm surprised that this being a tech forum it's the only ones we keep getting hammered with.
Anyway, enough of this. Why don't you explain what you're proposing? Is it:
I'm not offering solutions, I'm asking for them. We are techies, first we must accept that uncontrolled cryptography presents a real risk to our rule of law (ie convictions mostly hinge on information gathering, cryptography has the potential to disrupt this massively), then we try and come up with solutions. I think this is all our politicians are trying to say.
However since you asked I will offer some ideas (I'm no expert so feel free to offer constructive criticism).
One option I see is restricting types of encryption allowed to be used. An independent technology forum could establish what is considered 'adequate' levels of public cryptography. The public are free to use this, and it is strong enough to protect against casual attack, but still able to be brute forced by Govt level processing power. Sure the real bad guys still exist, but most laws aren't designed to get everyone. Stopping the casual threats is a large part of most law enforcement strategy.
Another possibility is an independent key store accessible only by the courts. Using HSM type technology you can lock down private keys to only be accessible by certain parties with certain approval. A bit like how nuke keys are handled. With enough procedure this could be secured as much as anyone could expect.
Another option is some sort of ro
I have never voted for an incumbent in any election, and I ALWAYS vote. I want to get rid of the a**holes, not bring them back so they can continue screwing up.
So you want your vote to count more than others? I think they've tried that system before and it failed...
I don't know whey you are stealing clothes when you could have laptops, iPads and jewelry.
Have you ever stayed in a hotel? Most people will have their valuables on them, or if left in the room kept in a safe. I hardly think that renting a hotel room, which you have to present ID and credit card (sure you could fake that but...) only so you can hack the electrical control bus to try and work out when another guest is not in (maybe), so you can somehow break down their door, and pray they have something valuable lying around you can steal (that doesn't have GPS and tracking), and hope there's no cameras or security (which there usually is), is the best idea I've heard of.
If you want to steal stuff, learn how to climb or abseil and come in through the window. It's a whole lot simpler.
I may have a hard time convincing *you*, but that's not the same as having a hard time convincing anyone.
No, but the fact still remains, your average Donald/Hillary voter doesn't even know what encryption is, and even if they did, don't know how to use it correctly which mean it's not 'essential'.
I don't see the relevance of recency.
Well it wasn't essential at some point not long ago (ie about 20 years ago when no-one used encryption (outside of specialist circles), so what has changed that now changes that fact?
but you may not buy a phone that has encryption that secures such data from bad actors", then that is giving up an essential liberty.
More than likely I'm guessing, some new rules will create a restriction of technology. Just like how you can own an AR15, but not a ICBM. Or you can drive a Lamborghini on a public road but not an Indy car. Cryptography will be defined by some standards in which 'adequate' protection will be publicly available, and the high end will be restricted. It will become an offence to use higher end encryption without appropriate authority.
This concept is not new, and for something that has the potential impact on law enforcement as cryptography, it's hard to see how doing nothing is ever going to be an acceptable option.
Nothing like being able to know a room will have belongings but is unoccupied to make the burglar's work easy.
Because risking jail for stealing tourist's clothes is worth it for your average IT savvy crook....
No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.
Same goes for whoever is approving those smart elevator controls, you know the ones where the lift has no buttons, you type in your floor on a panel in the lobby, then get assigned a lift number? They are becoming more and more common and I always have a worse experience with them than the old fashioned up and down buttons with floor buttons in each lift.
Also, most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.
Are you sure about that? Every wallet or purse I've ever peaked into is full of pointless shit, mostly credit card sized. And every holiday I've ever been on we've always had a spare card to jam in the socket.
I think it's all down to the protestant work ethic that's been drilled into the minds of all westerners for generations. "Work hard in this life, and you shall receive your just rewards in the next life" and so on.
Dude, I think this way of thinking has been around a lot longer than 16th century...
I think you've been watching too many movies...
Most Americans don't interfere in the business of any country. I've been a U.S. citizen for my entire life of almost 50 years, and no President has ever asked my opinion before he acted like the world's biggest bully.
He asks for your opinion every 4 years...
And destroyed their country.
I take it you haven't been to Germany lately? Or had any experience in Engineering? Or understand the political power balance in Europe right now?
My favourite trump moments: - Announcing that not only will he build a wall along the border, but he'll make Mexico pay for it.
This has been my single favourite moment so far. I'm still waiting to hear how this will address the planes, tunnels and submarines that currently also being used by smugglers?
This is how I feel as well.
It is eerie how similar the Trump rise to the head of the ticket is to the Obama rise.
What the racism, fascism, division and inciting of hatred and violence? Eerie....
any criminals that care about it at all, ALREADY HAVE completely secure data & communications.
No true Scotsman?
ever heard of PGP? full-disk encryption?
no, this is all about gaining access to the low hanging fruit. which in the vast majority of cases means joe taxpayer.
PGP and FDE were available in 9/11 but not common or easy enough for that level of criminal. Yet only 15 years later kids and grandmothers get FDE by default now.
It would be dishonest to imply that there isn't a trend there. And that trend will continue to have implications. I'd still like to hear what approaches anyone thinks can be done to address this new threat.
It is a black box, you and I cannot see into the deepest inner workings, and voting out those inner workings is nigh impossible.
Speak for yourself. I've done a number of projects for Govt Depts and local, state and federal level. Most of what I worked on I fully understood how it worked.
I don't like to sound defeatist, but our government is unchangeable in the short and medium term. I think effective change will take a century from now.
Only because you don't really understand how a government as large as the US works. It's specifically designed not to change quickly, quick changes introduce unacceptable risk to the nation as a whole, and the government is there to reduce risk on the people. Democracies are designed for stability over dynamics. If you want dynamic go see how that is working out in places like Afghanistan and Iraq.
I'm interested in living in a society where I have some privacy, and I'm willing to accept the additional 1/1,000,000 chance that a terrorist will kill me for that to happen.
Yes well that's cute, but you seem to forget the other myriad of bad guys who will be jumping at the chance to setup water-tight criminal organisations with this new technology. The 1 /1M chance of being extorted for money might now become 1/10000. And the chance of the drug dealer setting up at your kid's school might go from 1/10 to 1/2.
Once the bad guys cotton onto the power of immunity this technology gives them, your world changes. You seem to think the only change will be positive. Why is this?
A bunch of people vote for Obama because they wanted an end to Bush's policies. Tell me again how "voting it out" is supposed to work, you tragic little fool.
-jcr
Person who is too ignorant to understand simple discussion resorts to name calling. Film at 11...
Ah, but the central question is this: what is more likely, that bad guys will fuck me and my family over by using encryption to hide in the shadows, or that bad guys will fuck me and my family over by obtaining information that I am no longer able to protect via encryption?
Perhaps you think the former; I am certain the latter is the greater risk.
Maybe for you personally, but what about grandma up the road? or 99% of the people who have no clue how encryption really works? You know the people who make their password their birthdate, or their dog's name? The ones who write it down on a post it note next to the computer?
We have to accept that cryptography is a new paradigm security, one that can't be dealt with by quotes from the Bible or other 200 year old wise men.
Back doors don't make sense, but I don't any sane person is asking for that (eg in the Apple case the FBI was merely asking for the opportunity to brute force. This is not a "back door"). I do think the law needs to continue to function, and part of that is the ability to obtain information. Don't underestimate the power this will have to disrupt the balance, and the consequences it will bring.
Fine. In that case, *I* get to decide which of my information is too precious/sensitive to reveal, so suck it up.
Yeah but unfortunately for you society doesn't work like that. We have rules to maintain order, and one of those rules is that people don't get to do whatever they feel like.
You need to engage with the quote more carefully. The quote speaks of "essential Liberty"
You're going to have a hard time convincing anyone that cryptography that was only invented a few years ago is an "essential liberty".
And yes the cops should have the ability to break locks with a court order, that is a key foundation of a law enforcement.
I'll support more cops/FBI/etc to make sure all the other approaches are covered.
What approaches are they then? Seriously, I'd love to hear what suggestions you have for dealing with a world of criminals who now have completely secure data and communications.
I prefer to think it's a case of we sane people don't think anything on the phone is worth giving the government the ability to distribute unlimited malware. There is such a thing as weighing the costs. If you want to be the Land of the free and the home of the brave you don't cower at every shadow and give up your rights so easily. Put another way: Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety - Ben Franklin
Every time some legal issue is raised in here, some retard throws out that stupid quote.
By your logic we should have no security ever then?
Or you lock your doors right? Oh wait, you've traded the liberty of freely opening and closing your door without a key for the security of trying to keep burglars out. You now deserve neither security nor liberty.
At some point we need rules, or the bad guys will kill you. Yes they will, no amount of playing Counter Strike will save you ass when the real bad guys come for you. And those rules need to be enforceable by someone. Someone who isn't you, because even the toughest man on the planet will still get raped by a well organised gang.
So once you accept that we need rules, and someone to enforce them, you are trading some liberty for security. If you don't accept this, then go live in a war zone were there is no rules and tell us how liberated you feel.
I see no issue with the logic of this comment. If it's that obvious to you, maybe you could explain your problem with it?
Any serious study of the last couple of decades reveals that over and over someone in law enforcement or intelligence has been aware of the info needed to act on attacks against us beforehand .
Er, because cryptography was not common place then. In the next few decades it will be trivial for everyone and everyone to hide in the shadows of encryption. That might sound cool because you think you're the baddest kid on the block, but I assure when the real bad guys use that to fuck you and your family over, you'll be first to cry that the govt aren't doing enough to save you.
Ok. So I blow up a few city blocks. In Obama's mind, I can't be arrested unless they can read my cell phone? Or does he just mean that the police will say: "We can't open the phone! Guess we should give up and go to the bar to have a few beers. No point in even trying to do an investigation. It's hopeless."
Are you interested in living in a society with enforceable laws, or do you feel that strongly about technology that it must be allowed to be free regardless of any impact it has to that society?
Obtaining information is a key pillar of law enforcement, and for the first time in human history technology allows that to be shutdown. there's some huge risks to our way of life here, any government would be negligent not to address them.