FBI director Comey backs new Feinstein push for decrypt bill(techcrunch.com) |
FBI director Comey backs new Feinstein push for decrypt bill(techcrunch.com) |
The device owner might be dead. Given that the context is law enforcement, that's reasonably likely (I forget - wasn't that the problem with San Bernardino?)
Hmmmmmm.
All writs on steroids.
How did we get to this point? Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective. Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues). And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
Comey is a symptom of the kind of cowardly, authority-respecting society we've become. I look forward to the day when our FBI director is not someone whose gaffes and judgment calls we read about in the newspaper on a regular basis.
In this case, it might be better to assume malice rather than incompetence. In the 1950's it was s/terrorist/communist/, but it was a remarkably effective political tool. We might be in the same situation.
But this time, our fates are all linked. Once shipping backdoors becomes mainstream, it might be impossible to go back.
We should try to think of some concrete steps to resist this. It feels like we have to try, since there's so much at stake.
Could we reverse engineer the political forces at play? We could try to think of the most effective thing we could do, and then focus on that.
> In this case, it might be better to assume malice rather than incompetence.
I really want to consider you paranoid, but sadly I strongly agree. This is hardly the first time engineered paranoia has gripped the country, but living through it is horrible.
I was a kid during the mid-to-late Cold War (post "duck and cover") and somehow I was never able to take it seriously. Even when I took classes on strategic deterrence and the like in college I considered them light entertainment I was paying for to give me a break from the serious classes.
Now we have the emperor's new suicide vest.
Great point. One idea I had recently is to start an organization in the same spirit as Open AI called OpenSurveillance that builds and releases all sorts of useful tools for thwarting surveillance efforts or acting as an adversary to an entity with pervasive surveillance power (generally speaking, corrupt regimes around the world).
I think it would entail a combination of social/operational and technological tools, and would be useful for defensive and offensive efforts.
When OpenAI releases a state of the art facial recognition algorithm, it becomes obvious how the technology might be used for good or for evil. The same goal would apply.
Perhaps one utility conducts an analysis of public social media data to determine the best strategy for bribing or compromising an adversary. Another could explain how to use a HackRF YARDStick One to track the movement of an adversary via tire air pressure sensors. Another might utilize an infra-red camera to determine which entrances and exits of a building are slow to close and could offer time to sneak in.
Still other tools might be a user-friendly rootkit installer for easy installation on a spouse or boss's device, etc., or maybe a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.
The basic idea would be to highlight enough about reality so that the security (and privacy) implications of the policies can be weighed accurately by the public. By putting all the tools in one place and releasing polished, thoughtful products, the organization would help the public understand the privacy/security tradeoffs much better.
Basically a modern Anarchist's Cookbook for the surveillance age.
Disclaimer: It is not the intent of this post to discourage people to break laws, simply to use their vote and influence to peacefully change laws.
Eh, communism was way more of a threat. People in extremely high positions were communist traitors (eg Harry Dexter White who negotiated Bretton Woods/the creation of IMF for the US, or Alger Hiss who was involved in the creation of the UN, or a gazillion people in the British intelligence services).
If the government today was filled with people loyal to ISIS or AQ, then you could draw such a parallel.
The flu is Feinstein. From the ridiculous controls that treat cold medicine like contraband, the Patriot act, and bullshit like this, the Senator is a wellspring of bad law and disrespect for the American people.
Why do Californians keep electing this person?
However, a senior politician of marginal quality can be better for your state than a junior politician of superior quality. In theory they are able to score you all kinds of handouts and preferential treatment where the junior politician would just get ignored.
I don't know if that's the case for Feinstein, but my point is there's some utility there from the perspective of a Californian that does not exist for (say) a Utahn given the option to vote in CA elections.
You are looking at the problem wrong. It has nothing to do with government indoctrination but an issue with incentives. The FBI's whole job is to investigate potentially illegal acts and as human beings they are incentivized to do their job as well as they can. When the opportunity comes up to give them more tools to do their job no one in the FBI is going to say "no I want to continue with one hand behind my back".
The exact same thing happens at companies. Companies with poorly aligned incentives will quickly see employees act against the will of the company as a whole to make sure they look and come across as best as possible, and any chance a decision comes up to help them do their job better they will fight for it, because not doing so is pretty dumb.
Well run companies work around these incentive issues by trying to get everyone aligned with checks and balances. We don't have that in the government because the people who are supposed to be doing the checks and balances (congress) have incentives to follow the FBI's requests because of the political suicide of coming out against solving crimes and defeating terrorists. It can (and will) be used against them at election time and their checks and balances (us as voters) fall for it all the time because we (as a collective whole) are short sighted and scared that something might happen and don't want to be someone who voted for someone soft on security.
The only way to realign the incentives back for societal good is to get the common voter to understand the bigger implications of issues and hold our elected officals accountable. Until that happens the incentiives are always going to be aligned for the government to gain power.
Everyone's vote is secret, so no one will come to your house and bust your balls over voting for someone who comes out against defeating terrorists. The problem is that there are no incentives to become well-read in the issues behind each election. Maybe we can find a way to incentivize learning the facts and becoming well-read on issues before elections [1]
[1] http://www.pewresearch.org/fact-tank/2013/06/17/political-vi...
Not Comey. In this committee session he bluntly said torture is not effective and that his personal standard for what constitutes torture is more stringent than that in the statutes.
> if extreme techniques were viewed as likely to result in useful information
He's not arguing that torture is wrong, he's arguing that torture doesn't work.
Right, he wouldn't use it because he doesn't believe it's effective. The GP is suggesting that if it were effective and legal, do you really believe he would refrain from doing it on moral grounds? It's the prerogative of the FBI to pursue cases using essentially all effective legal means, and it's no surprise to hear they are lobbying for more tools to become legal.
We hear about it all the time. It's just so pervasive we no longer see how extreme is the intrusion!
Civil asset forfeiture, stop & frisk, the near endless litany of TSA/Homeland Security abuses, "VIPER" teams hassling Greyhound bus riders, states such as Hawaii where the 2nd Amendment is ignored, the SWAT teams that have taken over every small-town police department, the banking secrecy acts that report you if you move more than $4000 at a time or in an undefined "suspicious" way (also see "structuring"), the aggressive+confrontational transformation of law enforcement into domestic military, the involvement of military at WACO... need I continue?
The fear, of course, is such restrictions would be next. You start by going after the boogeymen, terrorists and pedophiles, then expand to gangs, then drug dealers, then political enemies, then....
It was always just a ruse to snatch power. Parading a potential existential threat to consolidate authority goes back to antiquity and is a common theme in historical narratives, fiction, allegorical literature, popular political writings of the founding fathers...
It's like the political version of a 419 scam. I'm continually dumbfounded that people fall for these things.
In the modern era, there's accessible easy-to-read references at our finger-tips to learn about all the classic shams that are constructed to manipulate and seize power, but it doesn't seem to matter. It's really something.
Wiretapping and search warrants are long standing and well support ways for law enforcement to investigate among other things organized crime. Just because you know have encryption doesn't mean that has changed. Similar to how the NSA didn't suddenly stop doing signal intelligence just because they allegedly "lost the crypto wars".
> Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
It's a presumably a "better safe than sorry" and "nobody got fired for choosing more surveillance" kind of a thing.
> Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
Terrorism is just the ultimate argument of people in the establishment. Just like encryption enthusiast might have some story about how they are helping dissidents, but are mostly encrypting their warez and mundane e-mails.
True, but there is a big difference between presenting evidence to a judge to obtain a search warrant and subsequently manually wiretapping a phone line or two and the sort of massive-scale surveillance/capture we have today.
It's like the difference between a doctor examining an awake patient who has complained about a specific symptom... vs to a doctor sneaking into the bedroom of thousands of sleeping non-patients and performing a secret physical exam on their genitals just in case anything about their genitals seems alarming.
The crime (building the illegal infrastructure to do that surveillance) is now justified after the fact by a fairly quaint comparison to traditional police work.
As much as I'd like to, I don't believe that surveillance is about police work. It's about political intimidation which is identical to the kind of political intimidation that seems obvious when talking about other police states from history.
The effects of intimidation are not obvious as everyone expects them to be. I'll make an analogy with the North Korean regime to illustrate my point.
How is it possible that the leader of N. Korea is able to make statements to the public that are obviously absurd. Are people in N. Korea less rational than elsewhere? Less intelligent? No, but over time the range of ideas considered acceptable has adapted to include some of the most ludicrous (and contradicted by fact) claims imaginable.
How does this happen? I think it happens gradually. How likely are we to loudly criticize our government when we know all our devices contain a hot mic and all the audio might be getting recorded? Maybe we still offer a criticism but we couch it a bit or we follow it with some praise. Small things like this mean that we all hear less criticism, less scrutiny, less dissent. All because we are not sure who is listening or who will be reported to authorities for holding a controversial view.
Over the course of decades, perfectly intelligent, rational people in N. Korea are easily able to believe some fairly outlandish claims simply because of a few decades of secret police presence and fear of being reported.
What does this have to do with the US? By definition, terrorism is a political crime. It causes intimidation and fear. It is designed to be asymmetrical and sporadic, and is impossible to stop. The only way to fight it is with extreme social control... a more compliant society where holders of nonstandard beliefs are more easily identified.
If the surveillance data had not been used to fight non-terrorism crimes, or if the systems were designed with a cryptographically provable audit trail, I'd consider the possibility that this was just a more modern way of doing law enforcement. But sadly I think all of the evidence points in the other direction.
""" surprised anyone can still use the word "terrorism" with a straight face anymore """
Is quickest way to shut down conversation. Especially given horrific events in France, Ohio, Florida. Your argument is not only ridiculous its counter productive to anyone offering a balanced saner approach.
I don't see any reason to compromise against a fake enemy.
I bet the number of blacks killed by cops outnumbers the people killed by terrorists here in the U.S. Let's spend a trillion dollars fighting THAT problem!
edit: clarify
I don't buy in that this problem is large enough not that this solution would be acceptable if it was
http://www.washingtonpost.com/wp-dyn/content/article/2007/05...
The gist of it is that Comey went to great lengths to make sure warrantless wiretapping wouldn't be considered legal. And when he failed to do so, he resigned.
What happened to him since then?
It's not at all natural that he should argue for hollowing out the constitution, or favour the needs of own organisation over the rest of the state or over the entire society.
Very true. But I think it's safe to assume that no good, just individual would end up in the role of Director of an intelligence service. Who really aspires to be the leader of a team of secret police?
There are some professions that are not strictly speaking unethical, but that tend to attract an ilk of people who are unconcerned with ethics. Used car salespeople, brothel owners, chiefs of secret police forces, people hired to do telephone cold calls to sell shady investments to the elderly, etc.
If Comey is viewed in this light, we can see that he is acting predictably. Sadly, many people have the mistaken idea that people who dress in nice suits and wear medals and get appointed by presidents somehow deserve the benefit of the doubt. They do not.
“We’ve had very good open and productive conversations with the private sector over the last 18 months about this issue, because everybody realizes we care about the same things. We all love privacy, we all care about public safety and none of us want backdoors — we don’t want access to devices built in in some way. What we want to work with the manufacturers on is to figure out how can we accommodate both interests in a sensible way”
If you are curious about how you might incorporate what people say into your reasoning about reality and outcomes, this is a good book: https://www.amazon.com/How-Know-What-Isnt-Fallibility/dp/002...
You can't; this is an either or situation. There is literally no system that could be put in place that wouldn't be exploited by people who were not the intended users.
I am an Indian citizen living in USA and I think American society must take the blame here and not the politicians. The way society thinks and votes I think only a total narcissist moron can succeed in US administration.
The fastest way to rise to top (as we saw in case of Obama and Trump) is to find some target group and blame that group for the failure of other larger society. The larger society is far too quick to raise pitchforks and burn the other group at stake.
It is depressing to see that large % of Americans have seen inside of jail. A lot of people labeled as "suspected terrorist" or "sex offenders" are no where close to the common sense definition of those words. But once you have that label rest of the society treats you like utter shit. You cant find a job, state can put any arbitrary restrictions on all your freedoms etc.
Unless US society learns to be compassionate and stand up for the rights of even those "deplorable" people purely as matter of principle I don't think there is any scope for optimism.
I remember Ron Paul's words "Once you give up some liberty, you are not going to get it back, ever!"
This is a really excellent point that you make.
Yes, we are very much a blame society. It is the Republicans fault. It is the Democrats fault. It is my neighbor's fault. It is my parents' fault. Blame blame.
This depends on what kind of crime you talk about. And is "the vast majority of crimes" actually prevented from occurring? How do you get numbers for this?
Calling people who don't agree with you stupid is not going to advance your cause. At all.
> I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues).
Two points:
1. The occasional zealot is all it takes to make people feel unsafe, affect their behaviour towards other people and just generally ruin a lot of peoples days.
2. Blaming all terrorist attacks on mental issues alone without taking into account viral ideologies is dishonest.
edit: i forgot this:
> And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
Provably wrong.
So prove it.
Isn't this like legislating a violation of mathematics or something?
New Rule: If you want to propose cybersecurity legislation, you need to pass the fizz buzz test.
they think we can create a system only available to them
Because there are civilian consumer systems, and state apparatus systems. The civilian consumer systems just leave shit out in the open, all over the place, and make a mess, with no obligation to common, clueless people.Everyone knows that no effort is made to retain military operational security for sloppy, undisciplined non-combatants.
Anyone with clearance to actual hardened systems, sees a clear difference from the other side of the wall, and questions why the charade must go on, when it'd be so much easier to dispose of the pretense that there's "privacy" to be had, and see investigations forced to prosecute with so much parallel construction.
The state apparatus systems, in their minds, deserve preservation of secrecy, because it puts the owners at an advantage. They seek advantage by crippling consumer civilian systems. This is the line of reasoning from their perspective. Render outsiders defective. Create real systems for themselves. Maintain authority by denying useful systems to unknown quantities.
But they're not asking for that. They're asking for the ability to force companies to grant them access to information without something terrible happening.
The only way you could prevent something terrible happening, and have that prevention be "connected to [their] ability to access information with lawful authority", is to have the ability to inspect private data. And the only reasonable way they would do that is to do it surreptitiously.
They could try just asking the user to unlock their iPhone, or demand it with a court order (where I assume they can plead the 5th), but either would tip the suspect off. So they have to do it without the user's knowledge. And the only way to do that is if the company has a backdoor, or makes it so incredibly insecure as to no longer guarantee privacy at all.
The only logical way to give the FBI what it wants is to compromise user privacy.
> During the session, Comey also made repeat plays for expanding the scope of national security letters (NSL) — arguing that these administrative subpoenas were always intended to be able to acquire information from internet companies, not just from telcos.
The FBI claims that they would always get permission from a judge for invading user privacy. In the next breath, they want to expand NSLs, which is invading user privacy without requiring a judge's approval.
Both Lavabit and Silent Circle have had to close down their businesses after Lavabit was unreasonably demanded by the government (in a gag-ordered search warrant) to give up its private TLS keys, exposing all its users' privacy. But no law enforcement agency gives a shit about privacy; only secrecy.
When Feinstein totally let him off the hook I was floored?!? He interfered worse than the Russians - how does he still have a job?
Ahh, she wants his support for the decrypt bill. I'll never understand why the Democrats have zero interest in protecting personal privacy.
Our 2 party system leads to widely erratic results on issues like this, as we are seeing with this Comey Feinstein partnership.
Hurdles to protect privacy are important. If it's not an arduous process we have a problem.
How "important" can the investigation possibly be if this serves as a "disincentive"?
According to whom, we the people or a bunch of authoritarians who'd like to be able to access every nook and cranny of our personal lives?
Call me silly, but I think grammar is important. I hope you don't take this the wrong way!
Edit: lol, I thing I made a typo earlier.
What if doing this would save N people/year from terrorist attacks?
What other rights should we sacrifice for a 'safer' society? Surely we shouldn't let terrorist recruit people, so there goes free speech. We also shouldn't let them gather together to plot their wicked plots, so there goes freedom of association. And if we could bar people at risk of committing terrorist acts, from vulnerable locations, such as subways, airports, parks with a lot of people in them, well, I'm sure that would save a few lives too.
These things are not conducive to a growing, free nation. Our current leadership talks about bringing jobs back to America, but this course of action is forcing companies to move elsewhere, and taking their jobs with them.
[0] https://en.wikipedia.org/wiki/United_States_v._Elcom_Ltd. [1] https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...
Crazy.
How is this possibly reconcilable?
There have been voices from the tech industry saying it's impossible, but Comey doesn't want to hear that. He's literally called that response "emotional" and believes tech lovers simply are clinging to encryption and privacy irrationally.
He's not going to stop until he can hear what he wants to hear. I think the only thing that will satisfy him is a beltway bandit lying to him about their technology.
This is true of most Democrats these days, except when they want to pander to minorities or other disadvantaged groups who could use real, actual allies instead of the panderers. I am amazed and humbled by these folks' perseverance in the face of a two party system in which one party apparently hates them and the other thinks so little of them that their best efforts at being allies generally consists of terrible pandering.
Edit to add: of course the same could be said about the remaining 49 states and their reps/sens as well...
Why isn't this an acceptable solution?
One funny outcome of the San Bernardino iPhone cracking debate was the Government double speak:
To Apple ...
> We only want to force you to build a custom iOS so we can get into this iPhone.
To DA's across the country ...
> Send us all your iPhones for ... reasons.
But comedy aside, they really do care about the cost / time of un-encrypting things. They're position seems to be that anything outside of your brain (5th amendment and all) should be available with a court order in a reasonable time and at reasonable cost.
I don't agree with that, because manufacturers should be able to produce whatever software they damn well please. But, they have a logical position if you look from the right angle.
I'm looking forward to the first court cases that deal with somebody who implanted a memory chip into their body and are storing information in it (only accessible through a wirelessly sent password) that the court wants to access. Could the court order surgery to remove it.
If Apple and Google aren't legally able to build as secure as devices & infrastructure as possible, the DOJ, FBI, NSA, and CIA sure as hell won't be secure. Merry Christmas to Assange.
But then you need the government to securely store a few master keys. Given the latest CIA, NSA and OPM leaks I doubt this is possible long-term. However, maybe changing the devices keys based on year of manufacture is a reasonable step to have some sort of safeguard.
Given how safe the public is, you'd think that this would mean "we need to focus on privacy". That is the public's priority. The FBI, whose mandate is abviously not to protect the privacy of citizens, is obviously going to advocate for the public safety, or more specifically his organization's degree of visible success in ensuring it.
Obviously the director of the FBI is not who you should be asking for a balanced recommendation regarding safety and privacy.
What have they stopped using such methods? I think if they wanted to get anything like this moving forward they need to show results. Not too many trust the government these days.
I do not like the idea of "backdoors" but I can see realistic need for such things. I think many are against such things "until" some massive WMD type attack then the tune will change.
And if it didn't work, they probably wouldn't tell us (just in case it might sometime...)
If someone want to incriminate you, they don't need to plant a file with child porn anymore: they just need to plant a file composed of random bytes and acuse you of having encrypted child porn there.
Now good luck providing the court an encryption key that does not exist.
- Option 1: you - Option 2: somebody else
Those are the only two options.
Option 1 protects people from criminals and tyrants, but impedes law enforcement.
Option 2 enables law enforcement but makes people vulnerable to criminals and tyrants.
Any suggestion that we can get the best of both worlds is confused or disingenuous. We have to choose.
Do you get final say on who can access your device's data, or does somebody else?
https://www.youtube.com/watch?v=VPBH1eW28mo is a pretty good video for persuading people why this legislation is a bad idea. We might still be able to beat it by rallying support.
I suppose tech companies could give them a backdoor and call it a front door?
They're more likely to go "LOL, no" and as it's both impossible AND compelling speech is impossible per 1st Amendment the Government would end up losing in the courts.
There's a post-partisan, grassroots PAC to do exactly that:
Feinstein is just old and out of touch. She still thinks that Hollywood is an economic driving force in California.
Kumala Harris is our replacement for Boxer. Hopefully we can get someone a little more liberal to replace Feinstein.
The goal of terrorists is inflicting terror and reactions following from the terror. Terror suppresses reason, so the reactions become less reasonable and thus detrimental to the attacked side.
By this measure, terrorists have unquestionably won. The Western societies under attack suppress their core values after the attacks, such as openness, free speech, tolerance to a variety of views, and primacy of reason and right over force. Voluntarily crippling your own encryption is like voluntarily making holes in your armor, all out of fear.
It's like an auto-immune reaction that kills the patient instead of the germ.
On a more serious note though: it strikes me that in our time of 'total information awareness' the ability to blackmail people in powerful positions is a significant flaw in our system, much more so compared to the past.
Has any research been or anything worthwhile been written about this (potential) problem? I mean, we know people have been blackmailed or that attempts have been made, so the question is how common this actually is.
Despite my internal knee-jerk 'this sounds tinfoil-hatty', I can't think of anything keeping intelligence agencies from wielding massive hidden power in this way. Or would it just have come to light much more often if that were the case?
If the AG had signed for it, then we'd have probably seen the supreme court weigh in on it. But since he didn't, the program continued behind closed doors and grew massively. I believe now there is a rolling 60 day archive of nearly all worldwide communications and metadata (and longer rolling archives for select subsets). It's incredibly impressive tech but quite scary.
The difference is that nearly everyone doesn't know the who/whom rule -- it is dead -- while nearly everyone does know the living pres.3sg rule, and they have trouble violating it even if in the abstract they might like to.
[1] The strongest argument in this direction is that no one in the modern day knows what whom means or under what circumstances it appears, meaning that when a whom is encountered it can only make them more confused.
[1] https://ucr.fbi.gov/crime-in-the-u.s/2013/crime-in-the-u.s.-...
[2] https://ucr.fbi.gov/crime-in-the-u.s/2013/crime-in-the-u.s.-...
[3] http://edition.cnn.com/2016/10/03/us/terrorism-gun-violence/
Anecdote: I live in one of the lowest crime neighborhoods in Chicago. Every now and again though someone is shot in the area. The first thing I always wonder: was it random or was it gang/drug related? Nine of ten times it's the latter and I feel better because I don't associate with gangs or regularly participate in drug deals in a McDonald's parking lot at 4AM. It's scary when it's random because it's easy to think, "that could have been me, it could have been anyone."
That's why terrorism is scary (and that's why the terrorists do what they do). Of course protections should be in place, but there's simply only so much you can do before you're policing every aspect of everyone's life to prevent the tiniest chance that something happens to a tiny percentage of people. But, damn, is it scary.
That's the worst thing about Comey. He is totally comfortable and unabashed about going in front of the American people and playing a word game.
You want to see the typical Democratic interaction with minorities on a political level? Look at Flint, during the Primaries and general election, and compare it to now.
Unchecked Terrorism has non stationary distribution and can lead to deadlier events that are orders of magnitude larger. Further why pick a year and not a day? At any given day the number of deaths due to Terrorism are close to zero, except you know on a tragic day a decade ago in september.
So stop the underlying process? Terrorist organizations aren't quiet about their problems, that tragic day in September was in opposition to US interference in their lives. If our goal was combatting terrorism, we picked a terrible way of addressing the problem.
To you these attacks are a valid grievance redressal mechanisms??? Is that the path every disenfranchised group should take?? If you are okay with such approach, no point in having a discussion.
Maybe listen/read to his full response first?
But that just calls into question a person's character and it's going to be impossible to dig down and find a satisfying answer for everyone. So I'm not sure how fruitful this is.
Paraphrasing here but I think his definition was along the lines of "anything that purposefully causes physical harm or injury to a person", and when asked whether bad prison food counts, he said that in his eyes for his team that is not something he would condone. This was a pretty straightforward response; the man at least talks the good talk on torture.
I've been considering a comparable project, but more focussed on opsec/infosec in a file sharing context. However, I've felt chilled by the possible legal consequences to me and my family if I enter this arena.
Bootstrapping myself to have great opsec seems like a really tough task. I feel like I'd have to repeatedly burn hardware, houses and identities if I want to stand a chance to reach "opsec heaven" where I can freely persue projects such as the Spook's Cookbook or the Pirate's Cookbook.
I think it could but it would need good legal support and PR support to prevent its actions from being mischaracterized.
> Bootstrapping myself to have great opsec seems like a really tough task
I think it would be incredibly difficult if not impossible in today's world. So I think that an "in the light" approach is much less vulnerable.
>a user-friendly rootkit installer for easy installation >a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.
I'm afraid corrupt regimes would be the ones who benefit the most from such tools.
They already do. But since the tools are under the radar there is not all that much pressure on technology firms to follow best practices.
For example, why don't we have fully auditable filesystems?
No, but neither is the "War on Terror."
I didn't because I'm a good neighbour and it's not a massive apartment.
While I think (and hope) this is correct, I'm not sure it matters.
For example, it would not be necessary for most of the engineers to be aware of a backdoor or other known vulnerability. There have been examples from open source crypto where malicious code has weakened it significantly and still nobody noticed.
There's also the very real possibility of baking the backdoor/vulnerability into a custom ASIC design. Chances are the government has a lot of expertise in this area and could simply tell Apple that it would provide one of the parts for all iPhones and the part would behave to spec (but would contain other undocumented behavior).
I think it's also realistic that other governments do this. Unless a chip is manufactured using the latest microprocessor-level miniaturization, it could contain all sorts of undocumented circuitry. I'm not sure about the economics of this sort of attack, but surely it makes sense once in a while.
There's this weird denial that takes place. I see it in all professions.
The idea that writing software not intended for public release is compelled speech under the standard of Wooley v. Maynard is laughable. Nobody except a few gullible tech bloggers (are there any other kind?) took that argument seriously.
Uhh, I think I'm blanking on the other. Both will likely lose, but maybe it will make her look over shoulder and keep closer to her constituents.
http://www.sciencemag.org/news/2017/01/qa-michael-eisen-want...
Feinstein is now 83. I don't think she has announced either way, but it is likely she'll retire. If so, then there will probably be a lot of candidates.
Unfortunately, the threat was (and still very much is) real:
Stanislav Petrov: The man who may have saved the world http://www.bbc.com/news/world-europe-24280831
Thank you Vasili Arkhipov, the man who stopped nuclear war https://www.theguardian.com/commentisfree/2012/oct/27/vasili...
Not that paranoia is a particularly useful response, but it did not require much engineering.
Engineered paranoia is still very real and a danger to our societies because of its reality-distorting effects that can result in violent overreactions.
Did I get that right?
In 10 years time the death stats for lightning bolts will be similar and for road accidents will probably have declined. Which way do you think the terrorists stats will go?
The comparisons given are accidents and happen through negligence or plain bad luck.
Rather than thinking in terms of mortality rate over a period, its more accurate to think in terms of events. A single lightning bolt strike can at most affect 0 ~ 10 people with a gaussian distribution. A terrorist attack on the other hand has a long tail distribution and can cause 10^0 ~ 10^4 deaths.
There is no organized cult going around making lightening bolts with explicit intention of causing large scale harm. On the other hand there are several organized terrorist groups which are intentionally trying to do that. As far as being overweight or bad driving habits, billions of dollars are poured into health care system, automated driving and regulations with goal of reducing deaths due to them.
What?? What does legal driving age has to do with DHS budget? You are simply rambling, different mortality causes have different risk models.
Or to explain simply you are comparing "Apples to Oranges".
Since "Terrorism" is a political problem, how about a political solution? Stop going into Muslim countries and murdering women/children and tearing down governments with no plan for rebuilding? Be more cautious about what you do on the world stage. Stop bombing brown people just because they don't support 'American interests' and such.
They pointed out that CA voters can remove her. True.
They pointed out she's still there, so the plausible majority of the people that cast votes must have wanted to elect her vs the opposition choice (as of the last election). True.
Really I'd like for this not to be the case, but at the moment it seems like that isn't likely to happen anytime before I'm dead.
If your goal as a government is to minimise the number of lives lost that were preventable, then the argument is that there are many more effective ways of doing it other than spending huge amounts on security services.
I presume there's some stat somewhere that says that young drivers are more likely to be involved in fatal traffic accidents. No-one would claim that dying in these accidents is not tragic.
So if you were to raise the legal driving age by a year, you may end up saving lots of lives, and that would be a lot cheaper way of saving lives.
It's not a flawless argument, as one has to balance freedoms with restrictions and the fact that any historic analysis of attacks has to try and unpick the fact that security apparatus was in place in the past. Spending 0 money on security could have unforeseen consequences, and most people would accept that preparing and executing an attack would be easier.
Discovery is different. Laws already require you to retain various records for later discovery. That's just general "shuffle stuff around" work that doesn't really require much effort.
What the FBI was asking for was custom software development to be done to circumvent existing software and hardware functions.
> The idea that writing software not intended for public release is compelled speech under the standard of Wooley v. Maynard is laughable.
Not sure I follow. The distinction wasn't public versus private release; it was writing the custom software itself. The whole "you can keep it and destroy it afterwards" didn't really matter. The FBI can't simply insert itself into your business, have engineers reprioritized from what they're currently working on and expect you to produce something for them.
Which is exactly what was requested in the Lavabit case, to the letter. I used the discovery example to show that courts compel work all the time, which you originally claimed they could not do.
What you're saying is not true. If you take a look at what happened in the unsealed documents regarding Lavabit [1] the FBI wanted a copy of the SSL private key. That's it. The owner of Lavabit offered to do some coding so they could target the meta data of a single person but it was rejected so he ultimately shut his service down.
> I used the discovery example to show that courts compel work all the time, which you originally claimed they could not do.
Discovery is seeking data that already exists and is reasonably accessible. You can't use discovery to force someone to write software the doesn't exist to provide additional functionality to a product. The FBI had to resort to using the All Writs Act in order to attempt to do this and backed down before it could go through and set a precedent. I'd suggest taking a look at how electronic discovery [2] works.
Also the HN discussion around the Apple vs FBI case was rather interesting and is full of good information [3].
[1] https://en.wikipedia.org/wiki/Lavabit
As I said, that distinction matters for Apple's spurious "compelled speech" argument.
It does not. Just because a government orders you to do something privately doesn't mean it isn't compelled speech. Regardless, see my reply to your other comment.
Even so, terrorism may have cumulative political and social effects. People don't like to know there are others out there who wish them harm. Once a certain threshold of resentment is reached within an affected society then suddenly massive unrest could erupt.
Some politicians are trying to mitigate this by suggesting we should just get used to the occasional terrorist attack and treat it like a lightning strike or a piece of heavy furniture falling over.
As I said earlier, the standard for illegal compelledspeech was defined in Wooley v. Maynard, prior to which there was no such thing as illegal compelled speech. Do you actually have an argument about why forcing the writing of unreleased software is illegal compelled speech, or are you going to keep saying it as a truism?
https://www.wired.com/2014/04/lavabit-ruling/
"The case began in June, when Texas-based Lavabit was served with a “pen register” order requiring it to give the government a live feed of the email activity on a particular account."
"Levison resisted the order on the grounds that he couldn’t comply without reprogramming the elaborate encryption system he’d built to protect his users’ privacy."
"So in July the government served Levison with a search warrant striking at the Achilles’ heel of his system: the private SSL key that would allow the FBI to decrypt traffic to and from the site, and collect Snowden’s metadata directly."
In other words, they asked him to write software to get just metadata for Snowden's correspondences and when he delayed, they requested everything.
> You can't use discovery to force someone to write software the doesn't exist to provide additional functionality to a product.
You absolutely can.
https://www.federalrulesofcivilprocedure.org/frcp/title-v-di...
"A party may serve on any other party a request ... to produce ... any designated documents ... stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form."
If the amount of translation is infeasible without writing scripts, you can be forced to write scripts.
But again, the whole point of this discovery tangent was to show that courts can and very often do "force someone to work for you," which I will assume you now concede is true. Let's stick to the Lavabit case and what constitutes illegal compelled speech, as these are the points on which we still disagree.
I can't tell if you're trying to troll me or what at this point. I link you to the lavabit case details then you link me to the lavabit details.
They wanted a "pen register" which assumes reasonable hook-up-ability. This wasn't possible without reprogramming the system. This made it unreasonable and it was withdrawn. Then they asked for the SSL key so they could use a pen register. The owner suggested, instead of the SSL key, that he write software to avoid it and they declined so he shut it down.
You stated I got it wrong but my original post was factual and specifically referenced the wikipedia article that references the exact order. Nothing that you have posted has shown otherwise.
> > You can't use discovery to force someone to write software the doesn't exist to provide additional functionality to a product.
> You absolutely can.
> https://www.federalrulesofcivilprocedure.org/frcp/title-v-di....
> "A party may serve on any other party a request ... to produce ... any designated documents ... stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form."
But you can't. Translation cannot be twisted to meaning "develop a new feature that creates another way to enter a system". It just can't.
> But again, the whole point of this discovery tangent was to show that courts can and very often do "force someone to work for you," which I will assume you now concede is true.
The best they can do, again, is reasonable collection from a medium which consists of direct or requiring translation. I'm not sure what I would concede here as nothing I have said goes against the sources you have posted.
As far as I am concerned this conversation is over as I do not see the value in continuing to repeat the same information, over and over.
Let's refresh your memory.
> The owner of Lavabit offered to do some coding so they could target the meta data of a single person but it was rejected so he ultimately shut his service down.
No, he didn't offer to do it. He was ordered to do it and refused. Only after refusal did the FBI ask him to hand over his private key, not because it was "unreasonable" as you erroneously claimed but because after he realized he would be held in contempt for not doing the work, he was delaying access to the data by negotiating terms of work too slowly, causing the government to forever lose the ability to collect metadata that would have been generated in the meantime. https://www.justsecurity.org/wp-content/uploads/2014/04/lava...
> Translation cannot be twisted to meaning "develop a new feature that creates another way to enter a system". It just can't.
You're moving the goalposts. First, it was 'the government can't make you work," for which I gave you the discovery example as a counterexample that happens all the time. Then it was "the government can't make you write software," and I showed you that it just so happens you can be effectively forced to write software as part of discovery. Now it's "you can't be forced to write software to create another way to enter a system." Discovery doesn't serve as a counterexample to that claim because I never intended it to be a counterexample to that claim but to that first claim. As I've repeatedly stated, the Lavabit case is a counterexample to this third claim.
> I do not see the value in continuing to repeat the same information, over and over.
Nor do I. I'm hoping you actually have some new information that your argument can stand on instead of repeating the same things I debunked in my very first post.