From his perspective as the head of the FBI whose job it is to achieve outcomes within the law, of course Comey advocates encryption backdoors. He would likely also advocate allowing the FBI to suspend the bill of rights for any suspect during the duration of an investigation, and he'd quite likely prefer that the FBI be legally allowed to torture suspects if extreme techniques were viewed as likely to result in useful information. To law enforcement, the rights of a suspect are a barrier to many convictions.
How did we get to this point? Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective. Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues). And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
Comey is a symptom of the kind of cowardly, authority-respecting society we've become. I look forward to the day when our FBI director is not someone whose gaffes and judgment calls we read about in the newspaper on a regular basis.
Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective.
In this case, it might be better to assume malice rather than incompetence. In the 1950's it was s/terrorist/communist/, but it was a remarkably effective political tool. We might be in the same situation.
But this time, our fates are all linked. Once shipping backdoors becomes mainstream, it might be impossible to go back.
We should try to think of some concrete steps to resist this. It feels like we have to try, since there's so much at stake.
Could we reverse engineer the political forces at play? We could try to think of the most effective thing we could do, and then focus on that.
> Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective.
> In this case, it might be better to assume malice rather than incompetence.
I really want to consider you paranoid, but sadly I strongly agree. This is hardly the first time engineered paranoia has gripped the country, but living through it is horrible.
I was a kid during the mid-to-late Cold War (post "duck and cover") and somehow I was never able to take it seriously. Even when I took classes on strategic deterrence and the like in college I considered them light entertainment I was paying for to give me a break from the serious classes.
This is hardly the first time engineered paranoia has gripped the country ... I was a kid during the mid-to-late Cold War (post "duck and cover") and somehow I was never able to take it seriously.
Unfortunately, the threat was (and still very much is) real:
I first got the impression you meant something like "the Red Menace", but I take it you meant:
Engineered paranoia is still very real and a danger to our societies because of its reality-distorting effects that can result in violent overreactions.
> We should try to think of some concrete steps to resist this. It feels like we have to try, since there's so much at stake.
Great point. One idea I had recently is to start an organization in the same spirit as Open AI called OpenSurveillance that builds and releases all sorts of useful tools for thwarting surveillance efforts or acting as an adversary to an entity with pervasive surveillance power (generally speaking, corrupt regimes around the world).
I think it would entail a combination of social/operational and technological tools, and would be useful for defensive and offensive efforts.
When OpenAI releases a state of the art facial recognition algorithm, it becomes obvious how the technology might be used for good or for evil. The same goal would apply.
Perhaps one utility conducts an analysis of public social media data to determine the best strategy for bribing or compromising an adversary. Another could explain how to use a HackRF YARDStick One to track the movement of an adversary via tire air pressure sensors. Another might utilize an infra-red camera to determine which entrances and exits of a building are slow to close and could offer time to sneak in.
Still other tools might be a user-friendly rootkit installer for easy installation on a spouse or boss's device, etc., or maybe a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.
The basic idea would be to highlight enough about reality so that the security (and privacy) implications of the policies can be weighed accurately by the public. By putting all the tools in one place and releasing polished, thoughtful products, the organization would help the public understand the privacy/security tradeoffs much better.
Basically a modern Anarchist's Cookbook for the surveillance age.
Disclaimer: It is not the intent of this post to discourage people to break laws, simply to use their vote and influence to peacefully change laws.
Do you think such an organization could exist in the light?
I've been considering a comparable project, but more focussed on opsec/infosec in a file sharing context. However, I've felt chilled by the possible legal consequences to me and my family if I enter this arena.
Bootstrapping myself to have great opsec seems like a really tough task. I feel like I'd have to repeatedly burn hardware, houses and identities if I want to stand a chance to reach "opsec heaven" where I can freely persue projects such as the Spook's Cookbook or the Pirate's Cookbook.
>acting as an adversary to an entity with pervasive surveillance power (generally speaking, corrupt regimes around the world)
>a user-friendly rootkit installer for easy installation
>a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.
I'm afraid corrupt regimes would be the ones who benefit the most from such tools.
Most people I've met who work in security at large companies would rather lose their job than participate in the erasure of security for all. Apple showed this pretty obviously, but I think many companies would have most of their software engineers quit before accepting such a request, even if it was a direct order. The government cannot order you personally to write software, that's blatant first amendment violations, even if they figure out a way to order a company to do so. When politicians see one of their largest corporations disappearing over night, and the associated loss of world power and tax revenue, from engineers quitting vs a police force trying to force things like this... I think there will be some reconsidering that would happen.
> Most people I've met who work in security at large companies would rather lose their job than participate in the erasure of security for all.
While I think (and hope) this is correct, I'm not sure it matters.
For example, it would not be necessary for most of the engineers to be aware of a backdoor or other known vulnerability. There have been examples from open source crypto where malicious code has weakened it significantly and still nobody noticed.
There's also the very real possibility of baking the backdoor/vulnerability into a custom ASIC design. Chances are the government has a lot of expertise in this area and could simply tell Apple that it would provide one of the parts for all iPhones and the part would behave to spec (but would contain other undocumented behavior).
I think it's also realistic that other governments do this. Unless a chip is manufactured using the latest microprocessor-level miniaturization, it could contain all sorts of undocumented circuitry. I'm not sure about the economics of this sort of attack, but surely it makes sense once in a while.
They can take the high road because they currently have money and social status to leverage. If they were easily replaceable and earning an average middle-class income, the first amendment wouldn't mean crap next to their continued employment. That could actually be a novel argument against anything that would suppress their wages and salaries; their paycheck may be the last line of defense against a dystopian future.
I have found people like to claim they would do the ethical/moral thing, but from what I have seen; it's maybe 1 out of a thousand that will walk, especially when it comes to their job/career.
There's this weird denial that takes place. I see it in all professions.
>In this case, it might be better to assume malice rather than incompetence. In the 1950's it was s/terrorist/communist/, but it was a remarkably effective political tool. We might be in the same situation.
Eh, communism was way more of a threat. People in extremely high positions were communist traitors (eg Harry Dexter White who negotiated Bretton Woods/the creation of IMF for the US, or Alger Hiss who was involved in the creation of the UN, or a gazillion people in the British intelligence services).
If the government today was filled with people loyal to ISIS or AQ, then you could draw such a parallel.
Comey is a bureaucrat looking for more power to do his job. He's the runny nose.
The flu is Feinstein. From the ridiculous controls that treat cold medicine like contraband, the Patriot act, and bullshit like this, the Senator is a wellspring of bad law and disrespect for the American people.
I'm a Californian, and I don't think I've ever voted for her, but I can't say so for sure to be honest.
However, a senior politician of marginal quality can be better for your state than a junior politician of superior quality. In theory they are able to score you all kinds of handouts and preferential treatment where the junior politician would just get ignored.
I don't know if that's the case for Feinstein, but my point is there's some utility there from the perspective of a Californian that does not exist for (say) a Utahn given the option to vote in CA elections.
> Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective. Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
You are looking at the problem wrong. It has nothing to do with government indoctrination but an issue with incentives. The FBI's whole job is to investigate potentially illegal acts and as human beings they are incentivized to do their job as well as they can. When the opportunity comes up to give them more tools to do their job no one in the FBI is going to say "no I want to continue with one hand behind my back".
The exact same thing happens at companies. Companies with poorly aligned incentives will quickly see employees act against the will of the company as a whole to make sure they look and come across as best as possible, and any chance a decision comes up to help them do their job better they will fight for it, because not doing so is pretty dumb.
Well run companies work around these incentive issues by trying to get everyone aligned with checks and balances. We don't have that in the government because the people who are supposed to be doing the checks and balances (congress) have incentives to follow the FBI's requests because of the political suicide of coming out against solving crimes and defeating terrorists. It can (and will) be used against them at election time and their checks and balances (us as voters) fall for it all the time because we (as a collective whole) are short sighted and scared that something might happen and don't want to be someone who voted for someone soft on security.
The only way to realign the incentives back for societal good is to get the common voter to understand the bigger implications of issues and hold our elected officals accountable. Until that happens the incentiives are always going to be aligned for the government to gain power.
I was with you until "It can (and will) be used against them at election time and their checks and balances (us as voters) fall for it all the time because we (as a collective whole) are short sighted and scared that something might happen and don't want to be someone who voted for someone soft on security."
Everyone's vote is secret, so no one will come to your house and bust your balls over voting for someone who comes out against defeating terrorists. The problem is that there are no incentives to become well-read in the issues behind each election. Maybe we can find a way to incentivize learning the facts and becoming well-read on issues before elections [1]
Individual voters are influenced by media. Publishers look hard for any story they can spin into public outrage; it's natural for politicians not to want to be a hero of such story, because it will cost them votes.
They're also influenced by education. There's nothing to suggest that education is less subversive to your individual thoughts and preferences than "media", except the media you consume is largely voluntary, while education is forced upon you while you are a minor.
>He'd quite likely prefer that the FBI be legally allowed to torture suspects if extreme techniques were viewed as likely to result in useful information. To law enforcement, the rights of a suspect are a barrier to many convictions.
Not Comey. In this committee session he bluntly said torture is not effective and that his personal standard for what constitutes torture is more stringent than that in the statutes.
No he stated his moral position (that torture is wrong) first, and then at the end of his answer appended "and of course it is ineffective, but that is another story".
The problem here is, what if studies showed torture really did work? Would he have the same, up front moral position? I think that's what parent was trying to allude to. Not whether he is morally opposed to it right now but if he's more of a "if it works I'll use it no matter what" type of person.
But that just calls into question a person's character and it's going to be impossible to dig down and find a satisfying answer for everyone. So I'm not sure how fruitful this is.
>...if extreme techniques were viewed as likely to result in useful information
Right, he wouldn't use it because he doesn't believe it's effective. The GP is suggesting that if it were effective and legal, do you really believe he would refrain from doing it on moral grounds? It's the prerogative of the FBI to pursue cases using essentially all effective legal means, and it's no surprise to hear they are lobbying for more tools to become legal.
No. Like I said, he literally stated word for word that torture is both morally wrong in his eyes and ineffective, not to mention illegal.
Paraphrasing here but I think his definition was along the lines of "anything that purposefully causes physical harm or injury to a person", and when asked whether bad prison food counts, he said that in his eyes for his team that is not something he would condone. This was a pretty straightforward response; the man at least talks the good talk on torture.
Not to take away from his talking the good talk, but I don't think that his moral position is very meaningful given that it is demonstrably ineffective. If it was demonstrably effective and he said it was immoral, those words would carry much more weight. But he has little to lose by saying that it's morally wrong when it doesn't work. The illegality is also moot when discussing legalization.
Sure, but if the populace and the political climate demanded torture from the FBI and he refused, he would be fired and replaced with someone not so principled in their opposition.
There are threats against the US that are more than a few crazy people. The rise of Islamism is real. But the reality is that the number of casualties due to terrorism in the US is dwarfed by those of gang or drug violence, even including 9/11 (which is now more than 15y ago...). We do not hear anyone suggesting restricting civil liberties to reduce gang violence. It is kind of a curious massively asymmetrical tolerance to crime.
>>We do not hear anyone suggesting restricting civil liberties to reduce gang violence.
We hear about it all the time. It's just so pervasive we no longer see how extreme is the intrusion!
Civil asset forfeiture, stop & frisk, the near endless litany of TSA/Homeland Security abuses, "VIPER" teams hassling Greyhound bus riders, states such as Hawaii where the 2nd Amendment is ignored, the SWAT teams that have taken over every small-town police department, the banking secrecy acts that report you if you move more than $4000 at a time or in an undefined "suspicious" way (also see "structuring"), the aggressive+confrontational transformation of law enforcement into domestic military, the involvement of military at WACO... need I continue?
We do not hear anyone suggesting restricting civil liberties to reduce gang violence. It is kind of a curious massively asymmetrical tolerance to crime.
The fear, of course, is such restrictions would be next. You start by going after the boogeymen, terrorists and pedophiles, then expand to gangs, then drug dealers, then political enemies, then....
I took gang violence as an example, there are many other kinds of "common violence" that could happen to anyone. The US stats below are for a single year [1] [2]. For reference, cumulative casualties in the US as a result of terrorism for 2001-2014 is 3,412 [3], 416 if you exclude 9/11. Any way you look at it, terrorism is a very minor form of crime in the US and Europe.
Yes, this is it exactly. Terrorism is scary the same way a random murder in your neighborhood is scary.
Anecdote: I live in one of the lowest crime neighborhoods in Chicago. Every now and again though someone is shot in the area. The first thing I always wonder: was it random or was it gang/drug related? Nine of ten times it's the latter and I feel better because I don't associate with gangs or regularly participate in drug deals in a McDonald's parking lot at 4AM. It's scary when it's random because it's easy to think, "that could have been me, it could have been anyone."
That's why terrorism is scary (and that's why the terrorists do what they do). Of course protections should be in place, but there's simply only so much you can do before you're policing every aspect of everyone's life to prevent the tiniest chance that something happens to a tiny percentage of people. But, damn, is it scary.
You could aggressively curtail civil liberties in order to crack down on drunken driving, which kills more people than 9/11 each year, and can happen to pretty much anybody.
Good counterpoint, I don't have an answer for you, you'd need somebody who supports curtailing civil liberties in order to combat terrorism to give an answer to that.
> I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat
It was always just a ruse to snatch power. Parading a potential existential threat to consolidate authority goes back to antiquity and is a common theme in historical narratives, fiction, allegorical literature, popular political writings of the founding fathers...
It's like the political version of a 419 scam. I'm continually dumbfounded that people fall for these things.
In the modern era, there's accessible easy-to-read references at our finger-tips to learn about all the classic shams that are constructed to manipulate and seize power, but it doesn't seem to matter. It's really something.
> From his perspective as the head of the FBI whose job it is to achieve outcomes within the law, of course Comey advocates encryption backdoors.
Wiretapping and search warrants are long standing and well support ways for law enforcement to investigate among other things organized crime. Just because you know have encryption doesn't mean that has changed. Similar to how the NSA didn't suddenly stop doing signal intelligence just because they allegedly "lost the crypto wars".
> Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
It's a presumably a "better safe than sorry" and "nobody got fired for choosing more surveillance" kind of a thing.
> Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
Terrorism is just the ultimate argument of people in the establishment. Just like encryption enthusiast might have some story about how they are helping dissidents, but are mostly encrypting their warez and mundane e-mails.
True, but there is a big difference between presenting evidence to a judge to obtain a search warrant and subsequently manually wiretapping a phone line or two and the sort of massive-scale surveillance/capture we have today.
It's like the difference between a doctor examining an awake patient who has complained about a specific symptom... vs to a doctor sneaking into the bedroom of thousands of sleeping non-patients and performing a secret physical exam on their genitals just in case anything about their genitals seems alarming.
The crime (building the illegal infrastructure to do that surveillance) is now justified after the fact by a fairly quaint comparison to traditional police work.
As much as I'd like to, I don't believe that surveillance is about police work. It's about political intimidation which is identical to the kind of political intimidation that seems obvious when talking about other police states from history.
The effects of intimidation are not obvious as everyone expects them to be. I'll make an analogy with the North Korean regime to illustrate my point.
How is it possible that the leader of N. Korea is able to make statements to the public that are obviously absurd. Are people in N. Korea less rational than elsewhere? Less intelligent? No, but over time the range of ideas considered acceptable has adapted to include some of the most ludicrous (and contradicted by fact) claims imaginable.
How does this happen? I think it happens gradually. How likely are we to loudly criticize our government when we know all our devices contain a hot mic and all the audio might be getting recorded? Maybe we still offer a criticism but we couch it a bit or we follow it with some praise. Small things like this mean that we all hear less criticism, less scrutiny, less dissent. All because we are not sure who is listening or who will be reported to authorities for holding a controversial view.
Over the course of decades, perfectly intelligent, rational people in N. Korea are easily able to believe some fairly outlandish claims simply because of a few decades of secret police presence and fear of being reported.
What does this have to do with the US? By definition, terrorism is a political crime. It causes intimidation and fear. It is designed to be asymmetrical and sporadic, and is impossible to stop. The only way to fight it is with extreme social control... a more compliant society where holders of nonstandard beliefs are more easily identified.
If the surveillance data had not been used to fight non-terrorism crimes, or if the systems were designed with a cryptographically provable audit trail, I'd consider the possibility that this was just a more modern way of doing law enforcement. But sadly I think all of the evidence points in the other direction.
One way to fight terrorism is refusing to be terrorized.
The goal of terrorists is inflicting terror and reactions following from the terror. Terror suppresses reason, so the reactions become less reasonable and thus detrimental to the attacked side.
By this measure, terrorists have unquestionably won. The Western societies under attack suppress their core values after the attacks, such as openness, free speech, tolerance to a variety of views, and primacy of reason and right over force. Voluntarily crippling your own encryption is like voluntarily making holes in your armor, all out of fear.
It's like an auto-immune reaction that kills the patient instead of the germ.
""" surprised anyone can still use the word "terrorism" with a straight face anymore
"""
Is quickest way to shut down conversation. Especially given horrific events in France, Ohio, Florida. Your argument is not only ridiculous its counter productive to anyone offering a balanced saner approach.
You're more likely to die from a lightning bolt than a 'terrorist' attack. You're thousands of times more likely to die from bad driving habits or being overweight, so why is the terrorist bogeyman given so much concern in the political conversation?
Because a lightning bolt is a much more random occurance. It doesn't have agency, an agenda or a trajectory within society. A lightning bolt isn't looking to instigate more lightning bolts.
In 10 years time the death stats for lightning bolts will be similar and for road accidents will probably have declined. Which way do you think the terrorists stats will go?
Terrorism is less likely to remain a low-probability event because it contains the intention of death spurred by a toxic ideology that wishes to spread.
The comparisons given are accidents and happen through negligence or plain bad luck.
Arguing deaths due to <x> happened more frequently than terrorism in some time period is useless, if the underlying process that generates those numbers are widely different.
Rather than thinking in terms of mortality rate over a period, its more accurate to think in terms of events. A single lightning bolt strike can at most affect 0 ~ 10 people with a gaussian distribution. A terrorist attack on the other hand has a long tail distribution and can cause 10^0 ~ 10^4 deaths.
There is no organized cult going around making lightening bolts with explicit intention of causing large scale harm. On the other hand there are several organized terrorist groups which are intentionally trying to do that. As far as being overweight or bad driving habits, billions of dollars are poured into health care system, automated driving and regulations with goal of reducing deaths due to them.
Bad driving and cardiac/obesity DO cause more than 10^6 deaths per annum and get no where near the proportionate political/media attention that terrorism does. There are 10x the deaths in auto accidents than the worst terrorist attack in US history every single year. The DHS budget alone dwarfs any proportional safety return that could be made by simply raising the legal driving age by a year.
First of all I agree with you, but let me state what I think the other side's argument might be. You can choose to eat healthy and exercise and reduce your chance of early death from obesity/health issues. You can also drive extra carefully, or take a plane, or not travel at all if you're that concerned about a car crash. With a terrorist attack though, it's mostly out of your control and literally anyone can be affected at any time and that's the scary part. That being said, people should take into account how minuscule that risk really is, but that's hard for the average joe to do when every attack is plastered all over the news for days whether it's something major or a lone gunman killing a few people.
>You can choose to eat healthy and exercise and reduce your chance of early death from obesity/health issues. You can also drive extra carefully, or take a plane, or not travel at all if you're that concerned about a car crash.
Since "Terrorism" is a political problem, how about a political solution? Stop going into Muslim countries and murdering women/children and tearing down governments with no plan for rebuilding? Be more cautious about what you do on the world stage. Stop bombing brown people just because they don't support 'American interests' and such.
How many people die from terrorism in a year in the U.S.?
Not many.
How much money do we spend on it every year?
Too Much.
How often do politicians talk about it?
Way Too Much.
It's ridiculous. It is basically a non-issue here.
I bet the number of blacks killed by cops outnumbers the people killed by terrorists here in the U.S. Let's spend a trillion dollars fighting THAT problem!
More people die of auto erotic asphyxiation than terrorism annually (~682 people). You're insistence is what is rediculous, as parent pointed out if it was a problem--it isn't; then 0 cases have been publicly thwarted via this technique.
I don't buy in that this problem is large enough not that this solution would be acceptable if it was
Arguing deaths due to <x> happened more frequently than terrorism in some time period is useless, if the underlying process that generates those numbers are widely different. There is no organized cult going around preaching auto erotic asphyxiation with explicit intention of causing large scale harm. On the other hand there are several organized terrorist groups which are intentionally trying to do that.
Unchecked Terrorism has non stationary distribution and can lead to deadlier events that are orders of magnitude larger. Further why pick a year and not a day? At any given day the number of deaths due to Terrorism are close to zero, except you know on a tragic day a decade ago in september.
> if the underlying process that generates those numbers are widely different.
So stop the underlying process? Terrorist organizations aren't quiet about their problems, that tragic day in September was in opposition to US interference in their lives. If our goal was combatting terrorism, we picked a terrible way of addressing the problem.
>>that tragic day in September was in opposition to US interference in their lives.
To you these attacks are a valid grievance redressal mechanisms??? Is that the path every disenfranchised group should take?? If you are okay with such approach, no point in having a discussion.
The gist of it is that Comey went to great lengths to make sure warrantless wiretapping wouldn't be considered legal. And when he failed to do so, he resigned.
It would be ironic if at some point he was wiretapped and blackmailed into toeing the party line (where 'the party line' is 'they', and 'them', clearly).
On a more serious note though: it strikes me that in our time of 'total information awareness' the ability to blackmail people in powerful positions is a significant flaw in our system, much more so compared to the past.
Has any research been or anything worthwhile been written about this (potential) problem? I mean, we know people have been blackmailed or that attempts have been made, so the question is how common this actually is.
Despite my internal knee-jerk 'this sounds tinfoil-hatty', I can't think of anything keeping intelligence agencies from wielding massive hidden power in this way. Or would it just have come to light much more often if that were the case?
I think he came to the belief that there was legal justification for conducting mass surveillance in secret... in other words that the AG didn't need to sign off on it for it to be an appropriate tool.
If the AG had signed for it, then we'd have probably seen the supreme court weigh in on it. But since he didn't, the program continued behind closed doors and grew massively. I believe now there is a rolling 60 day archive of nearly all worldwide communications and metadata (and longer rolling archives for select subsets). It's incredibly impressive tech but quite scary.
Comey is not just someone with a job at a particular organisation, he's also a servant of the state, and he is a citizen. Any servant of the state has a duty to the constitution. His job description comes second (or later).
It's not at all natural that he should argue for hollowing out the constitution, or favour the needs of own organisation over the rest of the state or over the entire society.
> It's not at all natural that he should argue for hollowing out the constitution, or favour the needs of own organisation over the rest of the state or over the entire society.
Very true. But I think it's safe to assume that no good, just individual would end up in the role of Director of an intelligence service. Who really aspires to be the leader of a team of secret police?
There are some professions that are not strictly speaking unethical, but that tend to attract an ilk of people who are unconcerned with ethics. Used car salespeople, brothel owners, chiefs of secret police forces, people hired to do telephone cold calls to sell shady investments to the elderly, etc.
If Comey is viewed in this light, we can see that he is acting predictably. Sadly, many people have the mistaken idea that people who dress in nice suits and wear medals and get appointed by presidents somehow deserve the benefit of the doubt. They do not.
The article specifically states that he doesn't want a backdoor:
“We’ve had very good open and productive conversations with the private sector over the last 18 months about this issue, because everybody realizes we care about the same things. We all love privacy, we all care about public safety and none of us want backdoors — we don’t want access to devices built in in some way. What we want to work with the manufacturers on is to figure out how can we accommodate both interests in a sensible way”
Hi, you're new here. In the USA when someone in government says something that you agree with, it may because they are sincere, or it may be because its what you want to hear. Politicians, and humans in political roles, may lie. Lying is when they say something that isn't true. They may do this for many reasons. A common reason is when they want an outcome X, and they say to you that they don't want outcome X. "Oh thank goodness! They don't want outcome X either! I can go about my business." They might say they "don't want a backdoor". Technically, this isn't even a lie. Comey does not intend to put a backdoor on your phone. Your phone is not a house. Clearly it cannot have a door. But Comey very much wants to be able to decrypt the information on your phone and says so specifically and at great length. A technical person would call this "a backdoor". It is clearly not a backdoor, and no form of door will be installed on your phone. When Comey says "we dont want access to devices built in in someway", what he means is that of course your phone wont be built with the access mechanism. Your phone is an inert piece metal, plastic and silicon etc. What he wants is that when your phone is first connected to electrical power, at the factory, then it will have the access software installed. Not built in, but installed at the factory.
|How can we optimize the privacy, security features of their devices and allow court orders to be complied with.
You can't; this is an either or situation. There is literally no system that could be put in place that wouldn't be exploited by people who were not the intended users.
He is playing the word game, what a technical person might call a "backdoor" he will call a "front-door" or something else, so there's technically not a "backdoor" and he technically didn't lie, even if he wants what many of us geeks would indeed call a "backdoor". It's sort of how the NSA redefines the dictionary meaning of common sense words to mean something else, (for example something like: "surveillance" means breaking into someone's home to plant a bug in there, so technically almost no one is under that definition of "surveillance", even if capturing our emails, hacking webcams etc. would be considered surveillance as well, but since no one broke in to plant a physical bug, that's not "surveillance" - it's just a words game).
I thought it was interesting that he talked about breaking into other people's devices while specifying how they would harden their own systems. "We don't want you looking at our stuff, but your stuff is fair game."
> Comey is a symptom of the kind of cowardly, authority-respecting society we've become.
I am an Indian citizen living in USA and I think American society must take the blame here and not the politicians. The way society thinks and votes I think only a total narcissist moron can succeed in US administration.
The fastest way to rise to top (as we saw in case of Obama and Trump) is to find some target group and blame that group for the failure of other larger society. The larger society is far too quick to raise pitchforks and burn the other group at stake.
It is depressing to see that large % of Americans have seen inside of jail. A lot of people labeled as "suspected terrorist" or "sex offenders" are no where close to the common sense definition of those words. But once you have that label rest of the society treats you like utter shit. You cant find a job, state can put any arbitrary restrictions on all your freedoms etc.
Unless US society learns to be compassionate and stand up for the rights of even those "deplorable" people purely as matter of principle I don't think there is any scope for optimism.
I remember Ron Paul's words "Once you give up some liberty, you are not going to get it back, ever!"
I'm always requesting constructive criticism like this from foreign-born coworkers, hoping for such valuable outside perspective, but they seldom provide it, no doubt hoping to avoid being offensive.
> The fastest way to rise to top (as we saw in case of Obama and Trump) is to find some target group and blame that group for the failure of other larger society. The larger society is far too quick to raise pitchforks and burn the other group at stake.
Yes, we are very much a blame society. It is the Republicans fault. It is the Democrats fault. It is my neighbor's fault. It is my parents' fault. Blame blame.
> Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
This depends on what kind of crime you talk about. And is "the vast majority of crimes" actually prevented from occurring? How do you get numbers for this?
Calling people who don't agree with you stupid is not going to advance your cause. At all.
> I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues).
Two points:
1. The occasional zealot is all it takes to make people feel unsafe, affect their behaviour towards other people and just generally ruin a lot of peoples days.
2. Blaming all terrorist attacks on mental issues alone without taking into account viral ideologies is dishonest.
edit: i forgot this:
> And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
I'm confused about this. I'm hurried at the moment, but this seems to a bill that orders tech companies to provide a solution to encryption without having a backdoor?
Isn't this like legislating a violation of mathematics or something?
As I just put it in my open letter: "Let me be clear. This distinction that the Director makes has no basis in fact or science. Any imaginable key escrow system that would by design provide routine access to encrypted data is a backdoor that will be able to be hacked. Any such system of so called lawful intercept is an unfixable, mandated security vulnerability that will make Americans less safe both at home and abroad." (https://rietta.com/blog/2017/05/03/americans-access-to-stron...)
https://www.youtube.com/watch?v=VPBH1eW28mo is a pretty good video for persuading people why this legislation is a bad idea. We might still be able to beat it by rallying support.
Susan Landau's congressional testimony - with Comey siting one table away - applies to this as well. She explains in detail not only the problem with backdoors, but also how the FBI badly needs to update their methods. The quote from the NSA that legal access doesn't mean that access will be easy should have ended this brouhaha last year.
> I suppose tech companies could give them a backdoor and call it a front door?
They're more likely to go "LOL, no" and as it's both impossible AND compelling speech is impossible per 1st Amendment the Government would end up losing in the courts.
The compelling speech argument would not have held up in court. Apple was putting on a show because they had already advertised to customers that they wouldn't unlock phones for law enforcement.
What? Apple was not putting on a show. What the FBI requested required actual software development to be done. You can't force someone to work for you.
Judges absolutely can force work and do it all the time. See the discovery process Uber is going through now. For an example more relevant to the Apple case, look at the Lavabit court orders.
The idea that writing software not intended for public release is compelled speech under the standard of Wooley v. Maynard is laughable. Nobody except a few gullible tech bloggers (are there any other kind?) took that argument seriously.
The idea is that it is currently infeasible to build a consumer product that updates itself that is not vulnerable to exploitation by the manufacturer (see Apple's San Bernardino case). It looks like the FBI would like legislation that grants them access to the manufacturer's de-facto backdoor without having to pay for a work order.
So, the NSA and the CIA were recently hacked, yet these numbskulls think we can create a system that will only be accessed by "the good guys" How many hacks, leaks etc will it take for them to understand that if this passes, that will be the end of online security?
New Rule: If you want to propose cybersecurity legislation, you need to pass the fizz buzz test.
they think we can create a system only available to them
Because there are civilian consumer systems, and state apparatus systems. The civilian consumer systems just leave shit out in the open, all over the place, and make a mess, with no obligation to common, clueless people.
Everyone knows that no effort is made to retain military operational security for sloppy, undisciplined non-combatants.
Anyone with clearance to actual hardened systems, sees a clear difference from the other side of the wall, and questions why the charade must go on, when it'd be so much easier to dispose of the pretense that there's "privacy" to be had, and see investigations forced to prosecute with so much parallel construction.
The state apparatus systems, in their minds, deserve preservation of secrecy, because it puts the owners at an advantage. They seek advantage by crippling consumer civilian systems. This is the line of reasoning from their perspective. Render outsiders defective. Create real systems for themselves. Maintain authority by denying useful systems to unknown quantities.
> "What nobody wants to have happen is something terrible happen in the United States and it be connected to our inability to access information with lawful authority."
But they're not asking for that. They're asking for the ability to force companies to grant them access to information without something terrible happening.
The only way you could prevent something terrible happening, and have that prevention be "connected to [their] ability to access information with lawful authority", is to have the ability to inspect private data. And the only reasonable way they would do that is to do it surreptitiously.
They could try just asking the user to unlock their iPhone, or demand it with a court order (where I assume they can plead the 5th), but either would tip the suspect off. So they have to do it without the user's knowledge. And the only way to do that is if the company has a backdoor, or makes it so incredibly insecure as to no longer guarantee privacy at all.
The only logical way to give the FBI what it wants is to compromise user privacy.
> During the session, Comey also made repeat plays for expanding the scope of national security letters (NSL) — arguing that these administrative subpoenas were always intended to be able to acquire information from internet companies, not just from telcos.
The FBI claims that they would always get permission from a judge for invading user privacy. In the next breath, they want to expand NSLs, which is invading user privacy without requiring a judge's approval.
Both Lavabit and Silent Circle have had to close down their businesses after Lavabit was unreasonably demanded by the government (in a gag-ordered search warrant) to give up its private TLS keys, exposing all its users' privacy. But no law enforcement agency gives a shit about privacy; only secrecy.
Unbelievable. Just happened to see a clip today (https://goo.gl/F9XeQU) where Feinstein was "grilling" Comey about announcing the investigation into Clinton right before the election.
When Feinstein totally let him off the hook I was floored?!? He interfered worse than the Russians - how does he still have a job?
Ahh, she wants his support for the decrypt bill. I'll never understand why the Democrats have zero interest in protecting personal privacy.
Some Democrats are fairly strong proponents of protecting personal privacy, as are some Republicans. Conversely members of each party are down right anti privacy. When standagainstdpying.org was still active you would see very little correlation between party and score.
Our 2 party system leads to widely erratic results on issues like this, as we are seeing with this Comey Feinstein partnership.
“I don’t think Congress intended that distinction but what it does do us is in our most important investigations it requires us that if we want to find out the subscriber info to a particular email to go and get an order from a federal judge in Washington as part of the FISA court. An incredibly long and difficult process. And I’m worried about that slowing us down — and I’m also worried about it being a disincentive for our investigators to do it at all.”
Hurdles to protect privacy are important. If it's not an arduous process we have a problem.
Can it be ambiguous to only use who instead of whom? If not, then it's probably not important, just feels painful for people who know the rules. That's as much an indictment of the rule itself as it is of people breaking it.
No, it can't[1]. However, vestigial marking of present-tense third-person-singular verbs is going strong and pretty much nobody considers the fact that it's completely useless as an argument against doing it.
The difference is that nearly everyone doesn't know the who/whom rule -- it is dead -- while nearly everyone does know the living pres.3sg rule, and they have trouble violating it even if in the abstract they might like to.
[1] The strongest argument in this direction is that no one in the modern day knows what whom means or under what circumstances it appears, meaning that when a whom is encountered it can only make them more confused.
Would it be okay to mandate spy microphones in all cars, spy cameras in all rooms, and make it illegal to remove or disable them, as long as only the 'good guys', with a warrant, could access the info?
What if doing this would save N people/year from terrorist attacks?
What other rights should we sacrifice for a 'safer' society? Surely we shouldn't let terrorist recruit people, so there goes free speech. We also shouldn't let them gather together to plot their wicked plots, so there goes freedom of association. And if we could bar people at risk of committing terrorist acts, from vulnerable locations, such as subways, airports, parks with a lot of people in them, well, I'm sure that would save a few lives too.
Putting in backdoors is sure fire way to kill US based mobile phone producers. Criminals will just use foreign produced phones and only way to counteract that is to outlaw those phones. Can't wait till they criminalize having certain firmware on your phones.
I had a slightly different take on the issue. If you require U.S. companies to include backdoors (or whatever word the FBI comes up with) then those companies will simply move operations to another country. Silicon Valley will dry up and innovation will happen somewhere else. You can already see the seeds of such a movement; when researchers are afraid to present at a conference for fear of being arrested[0], or a company is being forced to do something it doesn't want to do[1].
These things are not conducive to a growing, free nation. Our current leadership talks about bringing jobs back to America, but this course of action is forcing companies to move elsewhere, and taking their jobs with them.
Because if you can control or modify radio firmware then it's can usually operate outside of certified range and power. Most of routers use same hardware for all markets while radio regulations are different. So limits are enforced per-country in software and it's easier for manufacturers to completely lock down devices.
Yup, I'm in the UK and dd-wrt allows me to push my router power output far beyond the legal spec (since the actual router can support that but is software limited).
I didn't because I'm a good neighbour and it's not a massive apartment.
> We all love privacy, we all care about public safety and none of us want backdoors — we don’t want access to devices built in in some way. What we want to work with the manufacturers on is to figure out how can we accommodate both interests in a sensible way
It's not, but notice his wording. He has no clue if it's possible or not, he wants a mandate for the tech companies to "figure it out".
There have been voices from the tech industry saying it's impossible, but Comey doesn't want to hear that. He's literally called that response "emotional" and believes tech lovers simply are clinging to encryption and privacy irrationally.
He's not going to stop until he can hear what he wants to hear. I think the only thing that will satisfy him is a beltway bandit lying to him about their technology.
Diane Feinstein is old and needs to retire. She is completely out of touch with the needs of her constituency, and comes off more like an old guard republican rather then a democrat that she is supposed to be.
> comes off more like an old guard republican rather then a democrat
This is true of most Democrats these days, except when they want to pander to minorities or other disadvantaged groups who could use real, actual allies instead of the panderers. I am amazed and humbled by these folks' perseverance in the face of a two party system in which one party apparently hates them and the other thinks so little of them that their best efforts at being allies generally consists of terrible pandering.
Maybe many minorities and members of disadvantaged groups don't like being told that the pressing issues which affect their communities are just "identity politics," which seems to me to happen a lot lately.
Of course; it's insulting to have these issues reduced to a phrase like that. It's also insulting to have these issues reduced to a plug on the campaign trail and then ignored for the next year or two until the next big campaign, or used as a weapon by one rich old white lady against an affluent old Jewish guy to score political points (for example).
You want to see the typical Democratic interaction with minorities on a political level? Look at Flint, during the Primaries and general election, and compare it to now.
AFAIK, Ted Lieu is the only person that any opposition has produced, and I'm not sure who else is even in a position to primary Feinstein. Starchild ain't gonna cut it.
Unfortunately the Democrats have been trying to out-Republican the Republicans since the Clinton administration. (When the party really embraced getting all married-up with wealthy donors, and inevitably turned its back on its traditional roots.)
I didn't intend for this to be a 100% thing, I think there are a decent number of people who are probably a lot more well informed than I am, but when the large majority of voters opinions are so easily manipulated as to effectively be for sale, then what the hell is the point? It's not much different than an oligarchy, but it's made a bit better because our overlords have a lot of hoops to jump through the keep the show running.
Nothing the parent said assumes voters are rational.
They pointed out that CA voters can remove her. True.
They pointed out she's still there, so the plausible majority of the people that cast votes must have wanted to elect her vs the opposition choice (as of the last election). True.
It does say that the voters wanted her there. I don't think they're engaged enough for that to be the case. Even if there were a grassroots attempt to do this, it would fail without substantial political and monetary support, because voters as a whole are not paying anywhere near enough attention to make informed decisions about these things in my opinion. When they even bother to show up.
Democracy couldn't exist if there was a mechanism to say certain votes are irrational and shouldn't be counted. It's not a perfect system but it's the best yet.
I'm not saying there are votes that shouldn't be counted, but I do think the electorate is generally so disengaged and uninformed that it makes a farce out of anything. It's like a blind person attempting to drive a car. It's still better than non-democratic alternatives, but I think that has more to do with how all of the arcane pieces that make up the system happen to divvy up power enough to prevent it from becoming too centralized, and there's sort of a looming threat that the people could turn against you. It isn't because the core concept of the people actually controlling their own government holds much weight, at least not in how most people seem to conceptualize it.
Really I'd like for this not to be the case, but at the moment it seems like that isn't likely to happen anytime before I'm dead.
Feinstein is now 83. I don't think she has announced either way, but it is likely she'll retire. If so, then there will probably be a lot of candidates.
Yea, here is Colorado we have Cory Gardner. Rank and file republican in an increasingly deep blue state. Currently leading the pack as most hostile to his constituent's interests:
I don't know why California Democrats elected Diane in the first place. Were there not any real liberals in California to choose from preferably with some expertise in Californias most valuable export?
I was watching the hearing during lunch, had to attend to work meetings, and then saw this article which is what spurred me to post my open letter to Congress tonight and share it here on HN at https://news.ycombinator.com/item?id=14261423. We have to get this information out there in a format that Congress and our non-techie friends and family understand.
Law enforcement is tasked with putting people in jail, not so much preventing future abuses of bad laws by governments. This is why checks and balances must be maintained, for when all you have is a hammer everything looks like a nail.
"The high profile court battle ultimately ended after the FBI paid a third party company to gain access to the device via an exploit in the security system."
It cost a lot of money, basically (AFAIK on the order of a million dollars to Celebrite).
One funny outcome of the San Bernardino iPhone cracking debate was the Government double speak:
To Apple ...
> We only want to force you to build a custom iOS so we can get into this iPhone.
To DA's across the country ...
> Send us all your iPhones for ... reasons.
But comedy aside, they really do care about the cost / time of un-encrypting things. They're position seems to be that anything outside of your brain (5th amendment and all) should be available with a court order in a reasonable time and at reasonable cost.
I don't agree with that, because manufacturers should be able to produce whatever software they damn well please. But, they have a logical position if you look from the right angle.
> They're position seems to be that anything outside of your brain (5th amendment and all) should be available with a court order in a reasonable time and at reasonable cost.
I'm looking forward to the first court cases that deal with somebody who implanted a memory chip into their body and are storing information in it (only accessible through a wirelessly sent password) that the court wants to access. Could the court order surgery to remove it.
Can someone call out these alleged encryption back doors for what they are? Junk science.
If Apple and Google aren't legally able to build as secure as devices & infrastructure as possible, the DOJ, FBI, NSA, and CIA sure as hell won't be secure. Merry Christmas to Assange.
"Backdoor" is such a loaded term. But it could be done relatively securely with a dual key system. Apple (or you/your device), has one key; the government has some other key. Either one unlocks the phone.
But then you need the government to securely store a few master keys. Given the latest CIA, NSA and OPM leaks I doubt this is possible long-term. However, maybe changing the devices keys based on year of manufacture is a reasonable step to have some sort of safeguard.
> We have to figure out a way to optimize those two things: privacy and public safety.
Given how safe the public is, you'd think that this would mean "we need to focus on privacy". That is the public's priority. The FBI, whose mandate is abviously not to protect the privacy of citizens, is obviously going to advocate for the public safety, or more specifically his organization's degree of visible success in ensuring it.
Obviously the director of the FBI is not who you should be asking for a balanced recommendation regarding safety and privacy.
Is there any good information on what has been accomplished through such access etc ?
What have they stopped using such methods? I think if they wanted to get anything like this moving forward they need to show results. Not too many trust the government these days.
I do not like the idea of "backdoors" but I can see realistic need for such things. I think many are against such things "until" some massive WMD type attack then the tune will change.
There is another big problem with mandatory decryption laws.
If someone want to incriminate you, they don't need to plant a file with child porn anymore: they just need to plant a file composed of random bytes and acuse you of having encrypted child porn there.
Now good luck providing the court an encryption key that does not exist.
If you're wondering how it got to this point I'd like to remind you that you (If you live in the US) don't own this country. The people in charge don't care about you. They care about money, power, and stability of their system. It's hopeless to resist because they own your home, your bank account, and all your money. The only way we'll ever change it is getting scientists, nerds, and engineers into congress. I don't know how we'll do it but we have to do it to ensure freedom for everyone in the USA.
Ridiculous. When will these numbskulls understand that you can't regulate people's use of encodings? It's right there in human language. You can't force everyone to use the same one.
I still don't understand. They want to be able to have a court order a device maker to decrypt data, but today they can already get a court to order the device owner to decrypt it. The device owner actually has the password or key. The truth is that they want to do this without the device owner knowing it's being done.
Passwords so far are somewhat protected under the fifth. And you have to go trough contempt of court. Firmware signing keys that belong to a third party are not.
> The device owner actually has the password or key.
The device owner might be dead. Given that the context is law enforcement, that's reasonably likely (I forget - wasn't that the problem with San Bernardino?)
How did we get to this point? Nobody would reasonably argue that extreme surveillance measures, patriot act, etc., is necessary to stop the vast majority of crimes from occurring, so why is it so easy for seemingly serious/intelligent people to think this nonsense is reasonable?
Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective. Terrorism is a political word to describe political enemies of the state, yet the patriot act and surveillance machinery has been used in enforcement of many other kinds of (less serious) crime.
I am surprised anyone can still use the word "terrorism" with a straight face anymore after it's become so clear that there is no large existential threat (merely the occasional zealot who acts out due to his/her own mental health issues). And in spite of a historically unprecedented global surveillance system there have been no attacks thwarted.
Comey is a symptom of the kind of cowardly, authority-respecting society we've become. I look forward to the day when our FBI director is not someone whose gaffes and judgment calls we read about in the newspaper on a regular basis.