[austerity]

The mere fact that the encryption ban is being discussed and bringing it up doesn't instantly end one's political career is frightening. Access to all individual's communications is a level of trust reserved for closest family members if that. And here government nonchalantly goes on to assume this level of trust from every citizen. Yet everyone except a handful of techies is completely oblivious to how monstrously perverted that is. The future looks really dark right now.

[tptacek]

I hope it's obvious that I don't support crypto bans of any sort†.

But: I find this sentiment a little hard to understand.

The principle at play here goes way back into common law, and was most famously articulated in the 1700s as "the public is entitled to every man's evidence".

Access to all an individual's communications has been a privilege of the judicial system for the whole life of this country, and for many centuries of the country we came from. The founders didn't carve out a rule saying that individuals had the right to conceal evidence, and, one by one, when they assumed the reigns of government, their actions confirmed that they intended no such rule.

The norm for centuries has been that if you're being investigated, and the courts sanction that investigation, your documents and communications are fair game. In fact, before 1967, it wasn't even the law of this country that the government couldn't intercept and monitor your communications by fiat, without a warrant. Forced to confront the abuses of wiretaps by unscrupulous government agencies, Congress and the Supreme Court didn't choose to ban wiretaps; instead, they systematized them.

When people discuss the need for backdoors in crypto, they're generally not talking about the status quo. What they're worried about is 15 years from now, where all communications and storage technology is end-to-end encrypted, and no warrant or judicial order of any sort can retrieve evidence from them. That's not a crazy worry: it's what's inevitably going to happen.

† (http://cryptopals.com, &c)

[hobs]

I think the big difference between the 1700s and today that seems unacknowledged in your post is that most communication happened face to face and was not documented for the government to intercept.

You and your wife could not be forced to testify against each other(Spousal privilege), but your private sms conversation absolutely could be. (What was possible as only a private conversation is now easily sent across the world, and as a consequence is sniffed and stored by potentially many parties.)

This is not a surprise for anyone who understands that they are sent in plain text, but from the context of people, those conversations would still be considered private communications between spouses.

I am not saying the law gives a shit about the distinction, but persons absolutely do. I hope you now understand the sentiment a bit more.

[tptacek]

I agree with this! I think the law is going to need to change, too.

The problem is, no matter how we change the law, the law is going to demand a balance of interests. We can outlaw coerced production of personal communications between relatives and friends, but there are still going to be communications the public has a right to access.

The technology is not going balance those interests. It's morally neutral, and incapable of concerning itself with the needs of society to stop organized criminal enterprises.

Again: for me, the wins of strong crypto clearly beat out the losses. But it's not insane that people --- especially people who don't work in technology --- might weight the factors differently.

[Grishnakh]

Answer me this, because I really don't know:

Back in the 1700s, if you wrote a private letter (on paper/parchment, with a feather ink pen as they had back then), in a foreign language, and the court system wanted to use this as evidence, could the government compel you to translate it?

Or, suppose you developed your own cipher (they had ciphers back then, I'm sure). Could the government compel you to decipher the message back then?

The use of encryption really isn't much different from this.

[csandreasen]

I don't think that's an appropriate analogy. You may as well just say "In the 1700s, if you wrote an enciphered letter..." since cryptography isn't a new concept. Various schemes have been used to protect military and diplomatic communications for centuries. If you did so then or now, you wouldn't be under any obligation to reveal the contents, but you take on the additional burden of actually performing all of the necessary calculations, securely destroying the scratch paper you used in the process of encrypting the message, handling key management and distribution, securing the areas where the encrypting/decrypting is taking place (you wouldn't want the redcoats barging in the hour or so while you're in the middle of converting the plaintext to ciphertext), etc.

Nobody does that anymore. You're instead using a tool that someone else made, and either that tool or the other person is handling all of the hard work. Tools definitely can be regulated - I need a license to drive; I need to register my car; I need to go through a background check to own a gun; I can own a gun, but if I misuse it I go to jail; felons can't purchase guns legally; I can't buy a nuclear weapon or the fissile material needed to make own.

The questions that policymakers are fumbling through right now are things like "how (if at all) do we regulate tools and the companies that make/distribute them if those tools allow people evade law enforcement?"

[hobs]

I think you are not wrong, but the point I was trying to make is that the whispered conversation of romantic partners is now something that is recorded and written and sent, the reality is that the law didnt change to become more draconian, the people's behavior changed so that the law FEELS more draconian.

Basically, when most of your society is illiterate, they are not creating evidence for LEO to subpoena in the first place.

[pc2g4d]

But with backdoored encrypted communications the government would have instant access to ALL enciphered letters at once, regardless of the seeming guilt or innocence of the sender or recipient.

To me that seems like the key difference. If all but face-to-face communications are electronic, and no electronic communications can be strongly encrypted, then the private sphere is greatly reduced and many things once considered private become public.

But on the other side of things, with strong crypto many things once considered public would become private.

There doesn't seem to be an easy way around this choice.

[tptacek]

Hold on. With status quo electronic communications in the 80s and most of the 90s, the government retained instant access to communications for investigative purposes, and no serious objections were raised --- just as nobody objects to the idea that the police, searching your house with a warrant, get instant access to letters you've left on your desk.

Instantaneity can't be the fulcrum of this debate, because it's been the norm since the beginning of English common law.

There has to be some other principle at stake that can argue against decryption backdoors. And I think there are such principles! But I think it's important that they be articulated carefully.

[pc2g4d]

Yes, in previous decades the government could access electronic communications under the third party doctrine[1] that says the fourth amendment only applied to "papers" held by the individual / in their home, not to communications voluntarily placed in the hands of a third party. On the other hand, far less of people's lives was conducted online. I expect that's why no real objections were raised.

Because much intimate communication has moved from in-person/on-telephone/other-instantaneous communications to asynchronous platforms hosted by third parties, in effect much that was "private" is now effectively "public". What once required a warrant now does not. Many things previously subject to protections against unreasonable searches are no longer so protected.

[1]: http://www.abajournal.com/magazine/article/the_data_question...

[tossablanarch]

I take a pretty extreme stance when it comes to these arguments: That social contract of which you speak, is routinely ignored and shit on by Federal, State, and local authorities when it suits their interests.

For them to play loosey-goosey with it and expect the normies to abide by it without question is ludicrous.

Cases of mistaken identity, action based on bad information, and people losing their lives or being incarcerated incorrectly as a result are in the news every day.

So, IMO, they're not entitled to fuck all anything ala this "social contract".

[bweitzman]

Why wouldn't the government just get a warrant to have you decrypt whatever communication they'd like to see (if you're being investigated) and if you don't you are held in contempt of court?

Of course if all communication is encrypted it would be harder for a government to get a warrant but I think that's probably more in line with the 4th amendment.

[tptacek]

I think that could happen, yes. I don't think that's a good outcome either.

[digler999]

see the 5th and 4th amendment

[mvitorino]

I don't think that what was established 3 centuries ago, when the world was completely different, should necessarily hold true today, regardless of the best intentions at the time. The only method of recording facts at the time was by writing it on paper.

Given technology evolution, we must constantly re-evaluate what is still legitimate and should be transposed to today and what is off-limits.

Let me give you what is (for us today) a ridiculous example to prove my point: imagine that in a couple hundred years, it becomes possible to scan anyone's brain with some sort of machine and determine what a person is thinking about?

[mvitorino]

Also, having backdoors into encryption is akin to the Government having a remote kill switch that would render your legally owned gun useless. But that is a whole other debate.

[tptacek]

So, the many downsides of implanting backdoors into cryptography are most of why I oppose them, and support the global deployment of default-unbreakable communications, so that people don't even have to think about whether their communications are electronically protected but simply always are.

But that's not what I'm taking issue with. What I don't get is the repulsion people here seem to have with the simple idea that the state is entitled to evidence, as part of the social contract that animates the country, and that technology is in fact poised to overrule that entitlement without due process of law or politics.

It's a simple and sensible issue to have with crypto. Crypto is important and valuable technology, but that doesn't mean everything about it is good. It has downsides, too. We should be honest about them, and less shocked when people weigh the downsides differently than we do.

[pdkl95]

> What I don't get is the repulsion people here seem to have with the simple idea that the state is entitled to evidence

I don't think many people have any significant objection to the state acquiring evidence, as long as proper procedure (warrants/etc) is followed.

While the repulsion is primarily over breaking encryption (key escrow nonsense, etc) and the damage that would cause, there is another problem with the Government's desire for "access" that I haven't seen much in the reprisal of the Crypto Wars compared to the previous round in the 90s.

The government is implicitly demanding additional work be done on it's behalf. Managing a key escrow system (or part of it) isn't free. There is a labor cost and a cost in damage to a business's market position and reputation (their product will be seen - rightly - as less valuable).

A warrant isn't a guarantee that a search will produce the desired evidence. It is unreasonable to demand that we (everyone, before any warrant is involved) should change our behavior and try to preserve evidence or compromise our own security to make it easier for the government at some hypothetical time in the future.

[tptacek]

I think government interference in the engineering decisions of private companies are a valid reason to oppose crypto backdoors. I don't think it's the strongest reason --- we ask private companies to expend extra effort to comply with engineering requirements in all sorts of other products. But I sympathize with the argument.

A warrant isn't an engineering technique or a mathematical axiom. It's a directive from a court that its recipient must comply with a demand to produce some information. Warrants are, in some sense, about people.

If you encrypt some piece of information such that you retain the ability to decrypt and recover it, then as far as the law is concerned, you're capable of responding to a warrant for that information. Technology is going to make it possible for everyone, not just the tech savvy, to refuse to comply with those kinds of warrants. Public policy will need to adapt. As I said, we may not like how it adapts.

[mvitorino]

I think most people have repulsion, as you say, towards the idea because a lot of them consider crypto a weapon (the only one actually) to defend themselves from unprecedented violations of privacy that are possible with today's technology.

[AnimalMuppet]

Well, if the government actually can get the evidence when they have legally-valid reason to do so, then they don't have to violate everyone's privacy all the time in order to get evidence for when they might need it. So there's a basis for a truce here.

Unfortunately, you'd have to trust the government to keep their end of the deal...

[the8472]

> the state is entitled to evidence

But it is not entitled to the existence of evidence. It can only collect what still exists at the point of collection.

Using encryption keeps the plaintext of communication ephemeral, even if the ciphertext is persistent.

Mandating backdoors means mandating persistence.

[tptacek]

That same argument could have been used to ban wiretaps, which after all synthesize permanent evidence from ephemera. But it didn't: instead of banning wiretaps, we systematized and legitimized them, and refined that understanding over and over again for 50 years.

[ArkyBeagle]

Assuming the kill switch is competently used, would you rather than happen or be shot by a SWAT team?

[qbrass]

They're going to shoot you anyway, because they won't assume the gun you're allegedly holding has been disabled.

[mvitorino]

That's the big IF: competently used.

[ArkyBeagle]

You have to deal with that when you fail to avoid behavior that interests law enforcement no matter what.

IMO, a kill switch seems like a mild Pareto improvement to me.

[mindslight]

The 3rd, 4th, and 5th amendments say otherwise. While you're right in the narrow implication-following sense, you're wrong in the general big-picture sense. Similar to how the 4th amendment was broken with mass adoption of the automobile, and the 6th/7th were broken by commercial law (have you ever been able to get a jury trial for a speeding ticket?)

In the past, ephemeral day-to-day communications were not accessible to the courts, because they were carried out face to face. These days, those same communications are carried out electronically. Similarly with storage - due to the complexity brought on by computers, there is simply much more to correctly remember in today's world, necessitating the use of auxiliary storage for one's brain.

The attack on encryption is a direct attack on whether individuals' computers should function as their personal agents (akin to lawyer and priest professional confidentiality), or whether individuals are prevented from personally wielding the amplifying power of computation and left at the mercy of powerful groups who do.

[tptacek]

I'm probably not wrong about this. As I've said: the Supreme Court has more than once confirmed that the common law principle of the state's entitlement to evidence is, in fact, the law of the land here as well.

We limit the state's access to evidence through judicial oversight. We do not, as a general rule, allow individuals to further overrule that access.

[mindslight]

Sure, but the Supreme Court also uses narrow implication-following. Existing rules or precedents generate another precedent. And society is doing the same thing with path-dependent adoption of technology.

As computer scientists, we know this can only lead to eventual contradictions. Old concepts are subsumed with new definitions in different abstractions. "Plan to meet up for dinner" used to mean a face-to-face talk when you bumped into someone on the street or, later, over two direct analog wires that were equally ephemeral as long as nobody was a priori recording. Now it means digital messages that are automatically stored indefinitely.

The right to privacy should apply generally to each definition, but when you analyze with local reasoning of course the latter message is voluntarily stored on a bazillion servers and sent over tapped fibre.

Which is why I gave some other concrete examples. Do a plain reading of the 6th and 7th amendments, and wonder why a speeding ticket does not result in a jury trial. But follow the path of legal reasoning that got us to the present condition, and you can see how the ideals were subsumed and discarded.

[tptacek]

I'm really not sure what the rules of evidence have to do with your right to a jury trial in the adjudication of a small fine.

(There are places where you do have a right to full trial over a traffic fine, but you wouldn't want to avail yourself of that right).

[mindslight]

They're both examples of the same general phenomenon - complexity-induced contradictions eroding our rights.

[schoen]

We had a mini-debate about this with rayiner in another thread pointing out that people have always been allowed to use cryptography in America and have always done so, and that it's often made it harder and occasionally impossible for the government to figure stuff out. It's true that it was always a very deliberate decision and effort in the past, rather than something particularly convenient or automatic, but people have had ciphers for centuries, and some of those have been successful at obscuring communications from governments, and in the U.S. there was no apparent suggestion that this was legally improper.

[tptacek]

The problem policymakers are faced with is:

* Everyone is going to use encryption by default, without trying or even knowing what cryptography is.

* That cryptography is going to be unbreakable, not just by today's investigators but possibly for millennia. Even if quantum attacks on crypto are possible, we have ciphers that will hold up, and computers are already small and fast enough to make their added expense a rounding error.

This is a very different situation than the Barksdale crew using a keypad code. 70 years ago, military grade crypto was crackable (and doing so helped us win World War 2). That isn't going to happen in 70 years, ever again.

[schoen]

In this case I think the strength of my argument is just about whether people are allowed to try to conceal their communications from the government, and the historical legal answer is yes, not no!

I agree that they're likely to do a dramatically better job of it in the future than they could have before and that it will be easier.

[jsprogrammer]

>(have you ever been able to get a jury trial for a speeding ticket?)

Here is a LEO forum discussing jury trials for moving violations (running stop sign, etc.): http://forums.officer.com/t107818/

[mindslight]

And from that thread it seems per-state ("CA did away with jury trials for infractions long ago"), while the US constitution is country wide. Apparently some states that I'm unfamiliar with allow the option to better preserve their illusion.

Also witness how the officers gleefully go about trampling the 5th amendment:

> Rejoice in the fact that, win or lose: ... It's still going to cost the violator more for the attorney than the fine will be.

Yet another example of the effect I'm describing - de jure it makes sense as it's one's own responsibility to pay for an attorney. de facto it constitutes an extrajudicial punishment that police directly acknowledge.

[simplemath]

>where all communications and storage technology is end-to-end encrypted, and no warrant or judicial order of any sort can retrieve evidence from them. That's not a crazy worry: it's what's inevitably going to happen.

Good.

[tptacek]

I think it's a good thing too, but if you think that technology is going to overturn a foundational principle of our judicial system, you're going to be disappointed. Public policy is going to account for this change, and we may not love the way they solve it.

[simplemath]

That's absolutely the case, and although I might daydream about this reverse baby/bathwater scenario r.e. the judicial system and encryption - we well know that always on e2ee will be circumvented, by hook or by crook.

I mean, Bluffdale didn't get built for nothing.

[tptacek]

Tangent, but: giant NSA data centers are such a red herring. The inevitable outcome is one of two things:

1. We've been missing something fundamental about computer science for many decades and all the encryption we use everywhere is going to be broken.

2. Everything is going to be unbreakably encrypted by default and no data center any country can build will ever so much as recover a single emoji from a single IM.

Again: don't think about the status quo; think about 15-20 years from now.

[schoen]

Trying to brainstorm random scenarios about what could make there be a future "3.", "4.", etc...

3. "Enabling" (some kind of sabotage, infiltration, or collaboration) means a lot of things with a theoretically sound design are broken or backdoored in a way that is somehow hard to notice.

4. End-to-end encryption has a lot of UI inconveniences around key management, so it will only used for a small minority of communications.

5. The "Going Bright" paper's world in which it continues to be easy for governments to hack people. (However, the connection to the data centers isn't very obvious -- maybe for archiving stuff that was transferred with a non-forward-secret protocol, but why will things be transferred with such protocols?)

6. The fear about quantum computers is justified because they only cost about a billion dollars to reduce to practice at a level that can attack deployed systems. For some reason, the transition to post-quantum crypto is especially slow, difficult, or error-prone.

7. Crypto developers continue not to do Cryptopals and, for decades, continue to make frequent implementation mistakes that allow passive adversaries to defeat their systems.

8. There's going to continue to be an easy covert way to get in proximity of servers and read their session keys, but that way doesn't allow covert exfiltration of plaintexts from the servers so attackers need to record the ciphertext elsewhere.

9. The data centers are for recording metadata events, which are expected to become incredibly voluminous.

10. The Internet of Things industry still accepts second-class cryptographic mechanisms supposedly because of technical limitations of their devices, so uses smaller keylengths, no PFS, inadequate RNG, obsolete or custom ciphers...

11. People still use GSM phones with Kᵢ physically generated by their carrier as a basis for confidentiality of a portion of their communications, and it's still possible to attack the carriers' generation and distribution of these keys.

[simplemath]

NSA data internment is not a red herring, its one of the raisin darts [sic] for crippling encrypton - the goal is to keep everything forever and mine it later. strong encryption presumably breaks that use model (save quantum computing and the miniscule possibility that p v np is somehow solved ).

In the coin you've presented, certainly [1.] is the option we should all be expecting, sadly.

Option 2 sounds damn near utopian. I'll continue, as i mentioned before, to daydream about that one.

[gizi]

> What they're worried about is 15 years from now, where all communications and storage technology is end-to-end encrypted ...

Encryption is basically a branch of mathematics. Outlawing all mathematics that can be used for the purpose of encryption, requires to accurately describe the precise boundaries of this branch of mathematics. It is trivially easy to prove that this cannot be done:

You cannot construct a predicate function that accepts as argument another function and returns true/false if the argument is an encryption function, because it means that this function implicitly claims to be able to determine if such function will halt. The theorem of the halting problem precludes that a predicate function could exist that returns true/false if the function supplied as argument will always halts. Therefore, no function could ever be constructed that can generally determine if another function is an encryption function.

This means that encryption cannot be defined. Without definition, it is not possible to outlaw it.

> no warrant or judicial order of any sort can retrieve evidence from them ...

Warrants and judicial orders are just verbiage while encryption algorithms are machine-executable instructions. It is simply not enough to mumble verbiage. They will also have to speak in terms of machine-executable instructions, in order to overcome the encryption measures that they are facing.

Why would it be necessary to preserve the power of people who are only capable of mumbling non-executable verbiage? If their jobs have become obsolete due to progress in technology, they will not be the first nor the last ones that this happens to. Join the club.

[tptacek]

This has nothing to do with my argument at all, but I'm game for pointing out that I think it's an incredibly weak argument. All sorts of things that we rightly agree are fair game for public policy decisions can be boiled down to "just math" or "just basic chemistry" or, whatever.

This is the computer science version of the weed farmer's argument that the government can't regulate marijuana because it grows in the ground, man.

[ArkyBeagle]

What is possible to define is contempt of court for not decrypting something under a lawful order to do so.

[ArkyBeagle]

I find it a bit disturbing that people don't realize that a court must have the power to gain extraordinary access to information in order to pursue application of the law. This is necessary. I'm sure it's hell on Earth when you are subject to it, but I can't think of a way around it.

[Zigurd]

Try serving a warrant on a satellite.

Warrants have never had the power to do the impractical, much less the impossible.

[tptacek]

That's true, but the state does have the power to outlaw commercial devices that provide default-unbreakable encryption. People who really want encryption will get it anyways, but it's the default state that animates the "going dark" concern.

What's important to public policy is what Apple and Google, and whatever their analogues in 2030 might be choose to do, and how they're regulated.

[Zigurd]

Secure endpoint software has to be non-commercial in that it has to be open source or otherwise trust-able by the public. Because it can't be proprietary, it would be hard to sell under any circumstances. The major portals could create this software, or they could just provide documented interfaces.

To provide default-unbreakable encryption requires a combination of commercial services that enhance the UX of using strong encryption, like web-of-trust features in communications software that make it impractical to MITM communications and key exchange, and non-commercial software that secures communications payload.

So any effective ban would ban not only an Apple proprietary system that was secure, but also those non-commercial components that are a necessary part of a truly secure communications system. That's where the overreach happens.

[tptacek]

I guess I'm not okay with the ban on crypto that Apple and Google sell either, and I think that's the ban that matters more to laypeople.

[cm2187]

The other thing is that cryptography doesn't make a conversation completely private forever.

I remember a conference where old crypto algorithms were mentioned. Unbreakable in the 80s or 90s but now trivial to decipher. The speaker implied that both Russia and the US would have carefully recorded and stored all of each other's communication and that we can bet that the content of these communications is still interesting today, not just for their historical interest.

We live old. Much older than the technologies we use. Now our gvt is doing to us what they would only do to foreign embassies.

[tptacek]

I think it's important to keep in mind that crypto is probably not on a Moore's-Law-like track, so that the ciphers we're relying on today will probably be trivial to break in 20 years. In fact, the things that make 80s-90s crypto breakable mostly aren't algorithmic weaknesses but rather implementation flaws that weren't well understood then but are now.

Quite a bit of 90s crypto remains unbreakable, because the data is at rest and will never be put back into a circumstance that exposes the weaknesses of its cryptosystem.

[pbsd]

The Russian counterpart to the DES, GOST 28147-89, still stands to this day. A 64-bit block cipher with a 256-bit key, designed in the 70s.

[Alex3917]

> The principle at play here goes way back into common law, and was most famously articulated in the 1700s as "the public is entitled to every man's evidence".

One of the big drivers behind the American revolution was John Wilkes' diaries being seized by the government in 1763. This was done with a legal warrant, but it's still the reason why we have the 4th amendment today. So the idea that we have a tradition of the government being able to seize whatever they want with a warrant isn't entirely accurate.

[tptacek]

That's an interesting argument. What historically have been the exceptions to what the government can seize with authorization from a judicial warrant?

The "every man's evidence" principle isn't just an English thing; it's been repeatedly confirmed by the Supreme Court, it's baked into our rules of evidence, and can easily be read out of both the text of the 4th Amendment and the actual actions of the framers once they actually put the Constitution into action.

The Wilkes thing in particular is a little more complicated than you're acknowledging, though I think you must know much more about it than I do. The warrant the King used against Wilkes was a general warrant, the kind the 4th Amendment was intended to forbid: those "warrants" were like a cross between a search warrant and eminent domain, allowing the government unrestricted access to all the property and possessions of its target. They were instruments of harassment, and their unpopularity was definitely a driver for the revolt.

[Alex3917]

> What historically have been the exceptions to what the government can seize with authorization from a judicial warrant?

I don't know that there are many exceptions once you have a warrant, but there is definitely a preference to use subpoenas when possible.

(I'll note though that I probably don't know more about this, most of my knowledge just comes from reading Jeffrey Rosen books on privacy law.)

[jsprogrammer]

>The founders didn't carve out a rule saying that individuals had the right to conceal evidence

Please, sir, read the fifth amendment [5].

[5] https://www.law.cornell.edu/constitution/fifth_amendment

[tptacek]

So your contribution to this discussion is the suggestion that having cited Lord Chancellor Hardwicke, discussed the distinction between search warrants and general warrants, and pointed out Branzberg v Hayes, maybe I was unfamiliar with the text of the 5th Amendment?

If the 5th Amendment doesn't protect your personal diary --- and it doesn't --- and it doesn't prevent the government from wiretapping your phone --- and it doesn't --- it's unlikely to bear heavily on this discussion either.

[jsprogrammer]

You claim there is no special allowance by the founders for an individual to conceal evidence.

Yet, the fifth amendment allows an individual to not be a witness against their self; if an individual is a witness to evidence against their self, they may conceal it, per the fifth amendment.

I said nothing of personal diaries or phones.

[tptacek]

The Fifth Amendment was intended to prevent torture and coerced confessions. It doesn't hide a general right to conceal evidence, which is itself a crime in many places in the US.

[jsprogrammer]

So, what do you do when the only valid evidence would be a confession, or other testimony that evidences the testifier's involvement in crime? As you said, the fifth amendment prohibits the use of violence in such cases.

I never argued for the existence of a 'general right to conceal evidence', only that, contrary to your very specific claim, the founders did allow for individuals to conceal evidence.

[Alupis]

> So your contribution to this discussion

> it's unlikely to bear heavily on this discussion either.

Why so much snark anytime someone disagrees with you?

> If the 5th Amendment doesn't protect your personal diary --- and it doesn't --- and it doesn't prevent the government from wiretapping your phone

You're interpretation is flat out wrong. Let me quote a few sections for you:

> nor shall be compelled in any criminal case to be a witness against himself

Seizing someone's electronic communications certainly does make a great witness against oneself, especially when the communications were seized without a warrant.

> nor be deprived of life, liberty, or property, without due process of law

Again, seizing communications en masse without a warrant for each communication is expressly against even the most rootementary interpretation of the 5th Amendment. There is no due process of law here. In fact, we know some people are in prison thanks to Parallel Construction - the exact opposite of due process.

[tptacek]

This is such a weird argument. You clearly can be compelled to produce private documents as evidence. A private document you wrote is in the exact same sense self-testimony. I don't doubt that you can conjure a first-principles argument that the law says otherwise, but the reality you'll end up in won't be the one we share now.

I got snarky because of the "sir" in the parent comment. I SAY GOOD DAY TO YOU, SIR.

Totally fair game to ding me for doing that, though.

[Alupis]

> You clearly can be compelled to produce private documents as evidence.

You are correct - but only via due process (court order/warrant, etc..).

What we have here is not due process - but rather systematic bulk collection and inspection of all electronic communications from every citizen. These private communications are then sifted through, looking for anything of interest... and if found, we then (sometimes) go get a warrant to retro-actively wiretap your communications. That's not legal, but it's what's going on.

Regarding full-device encryption - it's the same thing. You need a warrant to compel me to turn over my device. No law makes it legal for the government to "hack" into your device remotely and inspect it's contents (unless you have a specific warrant). If the individual refuses to turn over the device or decrypt it, it's no different than someone refusing to turn over a written letter... and we have punishments for these actions. We don't need to ban encryption for this, we already have mechanisms in place to handle these situations.

[sliverstorm]

I think you're conflating surrendering evidence with self-incrimination. The fifth amendment does not permit you to shred your balance books.

[jsprogrammer]

What is self-incrimination, but surrendering evidence of crime?

[tptacek]

What is a warrant or subpoena but a demand by the state to surrender incriminating evidence?

You have a right not to testify against yourself. You do not have the right to conceal or destroy evidence!

[jsprogrammer]

The case you seem to be missing is when the testimony itself is evidence. Such a case seems to be protected by the fifth amendment.

How do you compel the production of evidentiary, self-incriminating testimony?

[cooper12]

It's because everyone can understand someone listening in to their phone calls, but computers are magic. What we need is computer literacy and for people to be educated of their rights as users of the world wide web.

[cm2187]

I think it's more generally "what you can't see doesn't exist".

If there is a dodgy-looking guy staring at you when you go home, you get frightened. If he watching you through the CCTV then it's all fine. A bit like if you have a video of a guy getting killed on youtube it's horrible, but if it's a one liner in a newspaper about a drone bombing a house then it's ok. If there is a video of a guy killing someone with a knife in the street of London, it will be remembered for years as a horrendous terrorist attack. But if the police publishes statistics about knife attacks in your neighborhood then it's just a bunch of boring numbers.

[mindslight]

When I discuss the issue of mass surveillance with older people, it's in the context of phone conversations. A lot of times they bring up the idea of a "click" on the line. If only.

[hodwik]

The government can tap pretty much any call, and has been collecting meta-data on all calls, and the public does not seem to mind.

I think you're overestimating how much the public's indifference has to do with computer illiteracy.

That's like saying gun control advocates only argue as they do because they don't understand guns. It's a really silly argument.

[AnthonyMouse]

> That's like saying gun control advocates only argue as they do because they don't understand guns. It's a really silly argument.

It's a completely valid argument in both cases. Banning only the scary-looking guns has no productive effect. And if you ask normal people whether they think government employees should be able to read steamy messages between husband and wife, the answer is going to be no.

Also keep in mind that push polling is a thing. Every time you hear a statistic like "only 27% of Americans oppose mass surveillance," expect that the question was whether the government should be able to tap your phone if it was the only possible way to prevent a terrorist attack that would kill you.

If you ask whether large numbers of government employees and contractors should be able to know everything about your business and sex life if it would have the same effectiveness in catching terrorists as a variety of alternative methods that would shovel fewer tax dollars into the pockets of large government contractors, you get a different answer.

[mindslight]

> And if you ask normal people whether they think government employees should be able to read steamy messages between husband and wife, the answer is going to be no.

Disagree. The person imagines a constrained government, which would only be reading private messages when there is reason for suspicion. The only time another human would be invading their privacy is in an exceptional situation that happens to others (since they themselves are good), which can be just-worlded to the required degree. And of course mass media distorts their priors to think that suspicion strongly implies guilt - a TV show would be quite boring if there were no wrongdoing.

I suspect tech is so (relatively) resistant to mass surveillance because we've perceived how horribly wrong group dynamics go and, rather than accepting being compliant herd followers, found our own outlets and created our own kingdoms. We are the outliers - we will never have the majority on our side.

[AnthonyMouse]

> The person imagines a constrained government, which would only read private messages when there is reason for suspicion.

That's the point. People who support mass surveillance or encryption bans only do so because they're uninformed (or have been purposely misinformed by others). You teach regular people how it actually works and they change their tune.

[griffinmb]

My parents are okay with mass surveillance. I've tried running them through how it actually works, but it turned out that they really don't seem to care about this kind of privacy. They are very much about the idea that "if it even saves just one person" it's worth it.

On the subject of encryption bans and backdoors, I explained that this would make it easier for them to be the target of hacks and fraud. This concerned them, but ultimately they are under the impression that the people handling it know more than me and I can't be correct.

I don't think they are particularly out-of-the-ordinary, so I don't think the solution is a simple act of informing people. I think people who do care about this stuff largely need to accept the possibility that this isn't important to the majority of the population, and that it never will be (no matter how informed the public is). Instead, we need to continue build the tools and the infrastructure to secure ourselves regardless of policy and legislation.

[mindslight]

Except the chance of a human seeing those messages is still constrained. I don't think your 'average' person is creeped out by a computer analyzing their messages. To the extent some might be, they have so little digital autonomy (gmail etc) that the only way they can change that is to avoid electronic communication for the things they'd like to keep private. And the majority are clearly not doing that for the bulk of their communication.

[hodwik]

People in tech are suspicious of mass surveillance because most people in tech got here by way of Science Fiction, which was in a dystopian phase when we were highly impressionable.

[Retric]

Banning only the scary-looking guns has no productive effect.

That's rather disingenuous, I am all for banning people buying howitzers and other artillery even if there just big guns. Yes, you can make them with a decent machine shop, but just because some nutjobs are highly capable does not mean they all are.

[monocasa]

I think he's talking about "assault weapon" bans. I don't think whether or not a rifle has a pistol grip is going to b the determining factor in preventing a mass shooting.

[Retric]

<Playing devil’s advocate or in this case Angel’s advocate?>

It is easier to carry out a door to door mass shooting with a pistol grip. This is why assault weapons have them in the first place. Sure, it might only save a few lives, but that would be meaningful for those who lived. ;0

</enough derailing>

IMO, none of that stuff was going to get passed, it's all about the political football. I am starting to think encryption may be the same game as it's a great way to drum up donations.

[Grishnakh]

>Also keep in mind that push polling is a thing. Every time you hear a statistic like "only 27% of Americans oppose mass surveillance," expect that the question was whether the government should be able to tap your phone if it was the only possible way to prevent a terrorist attack that would kill you.

Yep, this is why so many polls are BS: the questions are worded in such a way to coerce people to answer a certain way, or options are left out.

It may not even be intentional; if you use the OKCupid dating site, they have thousands of questions you can answer so that it can match you up with people. I think a lot of these questions (probably most) were actually submitted by users, and many times they have terrible choices. For instance, there's one question about dogs: it asks if you want to own a dog or not. The choices are (I don't have the exact Q in front of me here) "yes, I do or would love to own a dog!", or "No, I dislike dogs". WTF? If you pick the latter, it makes you look like you hate dogs. But what if you like dogs just fine and are generally an animal-loving person, but you just don't want to own and care for a dog? I like horses well enough too, but that doesn't mean I want to buy a horse farm and fill the barn with horses. I think iguanas are cute, but I don't really want one as a pet. I think parrots are beautiful and interesting animals, but I really don't want to live with all that squawking (plus I think they should be left in the wild). But somehow because I don't want to take care of a dog, I'm suddenly a dog-hater according to this poll question.

The way a poll question is designed really reflects a lot on the bias of the person writing the poll; the only way to mitigate it is to have every poll question thoroughly scrutinized by a diverse committee. But they never are, they just run the poll, collect the data, and assume it to be gospel truth.

[al3xnull]

Apologies if this devolves, but I have to comment: Except that many gun control advocates do argue as they do because they don't understand guns and the processes around them. Not so silly.

[2close4comfort]

This is brought to you by an intelligence community that thinks that using your AOL email address is good enough for classified information.

[humanrebar]

To be fair, the intelligence community is outraged. It's their bosses that are downplaying the issue.

[imglorp]

There's a number of forces aligned here against ubiquitous encryption. Private comms are just the subset, but they have to be considered together.

- content holders want to make sure you're paying for every byte you consume [1]

- marketing intel and ad networks always need more about you by any means [2]

- contractors want to sell their data vacuums [3]

- law enforcement wants a precrime db even if it's illegal [stingray]

- government control of populace, yadda yadda [4]

- because encryption kills children [5], I'm not making this up

- congress critters need to appear to be doing _something_ about $threat even if they know it will be shot down later in judicial challenge

And arrayed against all that is one little tattered document from a bunch of idealists that only the People seem to read.

1. http://www.cnet.com/news/netflix-vpn-access-lock-down-overse...!

2. https://news.ycombinator.com/item?id=11085650

3. http://maplight.org/content/73373

4. http://www.thedailybeast.com/articles/2013/06/12/the-militar...

5. https://www.cryptocoinsnews.com/encryption-kill-children

[csydas]

I'd like to echo this and add additional comments. The original post states that it should be career ending, but the truth is that while many government officials and Tech companies say they are interested in privacy, the ideas being presented about backdoors are basically incredibly desirable to the majority of government agencies and major tech businesses.

Even your average citizen understands encryption on the basic level and what the backdoor means. No, they don't understand the technical underpinnings of how it works, but they know it means privacy that cannot be bypassed, and many are willing to give up that privacy if it means getting what they want elsewhere. You can lob the scares of "are you sure you have nothing to hide?" to any proponent of encryption as much as you like, but in all honesty they've made the assessment already and have decided that it's worth the gamble. Proponents of encryption aren't the victims of some massive disinformation campaign, they're just making a really bad decision despite the available evidence, and it's turning out to be an overwhelmingly popular decision.

[x5n1]

We should equate encryption banning with antisemitism. That should help end politicians careers for attacking encryption as it does if they come out as big antisemitic. I am only half kidding.

[mtgx]

There's a more fundamental problem at stake. Law enforcement has gotten used to requesting our data from third-party providers instead of us directly. So now they act as if that's normal.

But it completely bypasses the 4th amendment either directly or in spirit. In most cases they don't even need to serve a warrant to the companies, and even if they do, I think that warrant should always be served to the individual.

It shouldn't be served to companies just because "it's easier" and because it happens that in the 21st century the data about our lives is stored on a third-party company's servers. If we just wanted to make things as easy as possible for law enforcement we'd have to do away with many more of our rights.

[ArkyBeagle]

It's not frightening at all. This is the standard nation-state insouciance.

To see how out of touch governments can be, I think there are two stories, both unfortunately of a military nature.

One is Eisenhower's trek across the US in the interwar period, the thing ( along with the Autobahn ) that inspired the Interstate, and the story of the squad-level light machine gun in WWI, especially related to the Lewis gun.

Machine guns were not embraced until the Germans showed how effective they were in WWI. This really happened. Commanders were optimizing for damage per bullet long after they should not have been.

Be wary, but don't be frightened. I at least find it relatively easy to conduct my affairs such that I don't have to live in fear. So it can be done.

At least consider the possibility that the Snowden and Manning stories are stories about people who really didn't think it all the way through, if they didn't want to be hunted. There's an element of martyrdom and hubris to those stories.

In a way, much of the Nixon cases were about interpretations of telephone technology and wiretapping roughly 100 years after the advent of those technologies. The timescales here are glacial.

[wfo]

Actually, with a warrant the police should be able to get through your encryption.

The debate is not about whether or not the state can look at your communication, the debate is how. When the state wants to look at your communications and has a warrant to do so, do they:

Demand your keys and lock you in jail indefinitely until you provide them?

Or retain permanent access to every communication and promise to never use it unless they have a warrant.

[csandreasen]

Demanding keys would conflict with the 5th Amendment; in the few cases that I'm aware of[1][2] where a defendant was successfully compelled to decrypt their files, the suspect had either already demonstrated that the evidence was in their possession and thus given up their right to self- incriminate or been granted immunity. Also, with end-to-end encryption law enforcement won't be able to decrypt regardless of whether or not they have a warrant, and they need a warrant to initiate a wiretap to begin with.

[1] https://news.ycombinator.com/item?id=9663447

[2] https://news.ycombinator.com/item?id=9663378

[krapp]

I don't want to live in a world where encryption is banned. I also don't want to live in a world where one's political career is instantly ended by bringing it up. Those are just two different flavors of fascism.