Hacker News new | ask | show | jobs
by drdaeman 3845 days ago
Strongly disagree.

Legal protection provides a recourse after everything happens. Technological measures don't let it happen in the first place. Or, well, to be more correct - make it significantly harder to happen.

Consider: we can send all our email as non-enveloped postcards and rely on the laws that our correspondence privacy is protected. But for some reason we don't. Why we still send send out our Internet correspondence completely unprotected is beyond me.

It is important that we have laws, so we can get a legal recourse if something goes wrong. But it's extremely naive to think that no one would violate those laws just because they are in place.

Even more, I believe that technological measures must come first. Because if a law comes first, the public relaxes, thinks they're safe now, and few bother about actually putting a lock on the door.
2 comments
nickpsecurity 3845 days ago
"Legal protection provides a recourse after everything happens. Technological measures don't let it happen in the first place. Or, well, to be more correct - make it significantly harder to happen."

It actually prevents many things when the law is clear. Your email example misses the entire point. So, let's use it to illustrate the point. I create an encryption system to protect email. It gets large uptake to point NSA and FBI are pissed by it. With current laws, they will feel free to:

1. Hit me with a FISA warrant to order a backdoor or key leak.

2. Hit me with court order to do the same.

3. Parallel construct some dirt on me.

4. Use NSA TAO or TAREX to smash my systems for their benefit.

5. Use FBI to raid my stuff or seize my property.

6. Have me audited by SEC or IRS depending on my company structure.

We've seen stuff like this happen to leakers, supporters of Wikileaks, companies resisting subversion, etc. You can build all the tech in the world but it's not that helpful if legal system is set up to destroy the user or developer easily. Those laws need to be rolled back. Only the people can do that. They don't give a shit enough to act. So, it's a political problem rather than technical one.

Feel free to continue to deploy and use tech to protect yourself. Just know the bigger problem is what's enabling their surveillance dragnet and police state problem in first place. The things that can get you with or without crypto. The things that have to go away to maintain democracy.

link
drdaeman 3845 days ago
Ah, sorry, I see your point now. I suppose I got it wrong when I replied to your comment. Yes, I fully agree with you here on the point that the laws that allow this are wrong and they must be rolled back. Those are legal issues and they must be fixed as such.

I must make it clear that I stand that both legal and technological measures are necessary and are equally important. And I believe that neither would work well without the other one.

Current mass surveillance relies on lack of technical measures that protect from one. So, I believe that if everyone and their dog encrypts their correspondence in a secure manner, it would cause much greater hit on mass surveillance programs than any lawmaking could do. Please note I don't say that lawmaking is not necessary here. On the contrary, it is equally important to prevent TLAs from even trying to break technological measures and hold them responsible for their actions.

link
nickpsecurity 3845 days ago
"I must make it clear that I stand that both legal and technological measures are necessary and are equally important. And I believe that neither would work well without the other one."

100% agree. The overall solution will combine technological methods and legal reforms. We continue developing and implementing what technical solutions we can for privacy and security in general. Just have to never fool ourselves on what it will take to stop the huge internal threat.

link
maxerickson 3845 days ago
Pointers to (seemingly) frivolous prosecutions (3) and pointers to anything resembling 4 or 6 would make them a lot more interesting.

Without just a little bit of evidence, they are like saying the NSA will shoot your dog.

My naive, facile reading suggests that systems like Signal, Pond and Tor tend to be more effective at actually securing communications, so it would be especially interesting to hear about the jackboots kicking them.

link
nickpsecurity 3845 days ago
The technique used for No 3 is here and other documents suggest they work with many agencies rather than just DEA:

http://www.huffingtonpost.com/peter-van-buren/parallel-const...

Number 4 we're not going to get examples of: TAO & TAREX operate in a bubble. There are two known efforts to do this sort of thing but tactics are unknown. One is BULLRUN:

http://securityaffairs.co/wordpress/17577/intelligence/nsa-b...

Additionally, the ECI leaks mention that the "FBI compels" firms to "SIGINT-enable" their stuff. This means the FBI has some way of coercing companies to backdoor things. The specifics were left out. That they've been doing it for years with no details public indicate even talking about it must be a crime. Like the other stuff.

IRS, SEC, whoever being used against people is a tactic with a long history. My bookmarks aren't giving me a link right now. I do recall Nacchio of Qwest claiming government came after him for being only ones not helping NSA. A quick Google had Binney saying IRS and NSA worked tight together albeit with speculation on Tea Party rather than obstacles to SIGINT as target.

http://www.wnd.com/2014/07/whistleblower-irs-in-cahoots-with...

And FBI raiding and seizing opponents stuff is well-known, happening to most leakers, too. Civil forfeiture is another weapon with a long history at FBI and DEA especially. Some journalists during Bush-Cheney Administration ended up on Do Not Fly list. Tor project people like Applebaum get harrassed at borders. So on and so forth. Many methods they can use without ever doing time for the abuse.

What they will do to you depends on who you are, what you're doing, what dirt they have on you, your resources, and so on. The uncertainty is one of their most powerful weapons. Never know when hammer will drop on you or how hard.

link
maxerickson 3845 days ago
Specific examples are more interesting than raising the specter. You've doubled down on raising the specter.
link
nickpsecurity 3845 days ago
Think I could've done better? Just file some FOIA requests and lawsuits on the subject requesting all specific examples of cooperation between NSA and other LEO's plus list of all TAO and BULLRUN activities against Americans. Bet you'll have less than I posted.

Btw, a manual for DEA of using NSA's evidence isn't a specter: means it's ongoing.

link
maxerickson 3845 days ago
Ongoing retaliation against people working on crypto?
link
csandreasen 3845 days ago
If you're going to use the envelope analogy, also consider that we don't put our mail in envelopes to prevent the police from intercepting it; we put them in envelopes to prevent access by all of the people handling the mail between the sender and intended recipient. A cop with a warrant can rightly get access to a person's mail in transit. The envelope also isn't particularly difficult to get around - we don't secure our mail through technical measures but instead by putting stiff legal penalties on tampering with it.
link