The debate receded when the Trump administration took office
Comey was the key advocate in this during the Obama years. He spoke for years advocating backdoors... even after Trump took office. Here's an article from March 2017 when he advocated an international backdoor[0]. Here's one in May 2017 when he backed Feinsteins decrypt bill[1].
It receded because Comey was pushed out. And it took a while for Wray to come in and make it an issue again.
It's worth remembering that this is not some faceless government action. They're just people who are lobbying for the change. Remember to contact your representatives regularly to advocate your position on these issues.
The reason this story even exists is because this issue of "lawful access" is not due to any individual personalities. It's clearly a priority at an institutional level, including the White House:
>Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said.
Strongly agree. For those who disagree and see it as personal and temporary thing rather than an inevitable incentive for these institutions, I would like to remind you of the clipper chip debacle of the 90s. Doesn't matter who's in power, it is very tempting to all of em, presenting immediate advantages for governments with only, seemingly, vague longer term disadvantages. The perfect drug.
Yes, I'm sure they have found allies and people that agree with them. That doesn't mean the debate is over or lost. If everyone in government agreed on this issue, they would have passed it years ago.
Obama's whitehouse was the reason the FBI never got very far on this issue. Even up until he left, all he could agree to was that it was an issue and solutions should be looked into. Obviously Trump is much more open to passing something on this than Obama was. But note Congress never put a bill on Obama's desk... even the floated Compliance with Court Orders Act of 2016 got little congressional support, and ended up never being introduced.
And Obama didn't end it, and by all accounts expanded on it. Almost every anti-privacy action started by GWB was expanded under Obama. And Trump is why it probably never should have been allowed. The abuse of the Patriot Act in and of itself should be reason enough to fight anything similar, or expansive in the erosion of personal liberty.
Comey wasn't appointed until Obama's fifth year in office, his predecessor (Mueller) held the same position on this issue, served for longer, and was of course a Bush appointee.
And of course his Trump-appointed successor shares the same opinion.
Why are you making this a partisan issue when it's clearly not.
There's no intentional partisanship in my post. My only point was that the issue receded because a key advocate was sidelined (and not because of any particular position by trump).
Mueller certainly was pro-backdoors... but he started out advocating for a backdoor into encrypted communications.. and didn't widen that idea into a backdoor into phones and other devices until his last year in office. Comey picked up where he left off. It's certainly true the FBI and DOJ have produced many people who are pro-backdoors.
This clearly isn't a partisan issue, since there are democrats and republicans that support backdoors.. and democrats and republicans that don't support backdoors. You really do have to pay attention to the names, and support Republicans and Democrats that are against this issue.
I would really like to be a fly on the wall, when American diplomats are going to try to explain to its allies that them having a backdoor to all cellphones in the world is a good idea.
Then capping it all of by coming up with a strategy of how to sell this idea to their electorate, which some places, have a very dim view of American privacy laws.
In addition if Google and Apple builds some backdoor into their products, any regime of any country which Google and Apple operates in will demand to get the same backdoor. How are they going to not give them that, they won't be able to.
I'm sure the Justice Department, and the FBI does not care about foreign implications of their wishes, but their are parts of the American government that has to. It is deeply naive to believe that something like this will fly on the international stage.
> any regime of any country which Google and Apple operates in will demand to get the same backdoor
Exactly. So we end up with 1000s of people (many services from many countries) that have authorized access to your phone. This cannot be contained in any way. Not something to look forward to....
Why do you think this? The manufacturer is obliged to maintain a backdoor, and give access on demand.
The US is a big enough market that they could force this to be built. Other countries will just write similar laws to get the same access to the same backdoors.
Trump's election should really have been the last nail in the coffin on this kind of stuff, at least in the US. Either you hate him (and thus don't want him or anyone like him in the future to have this kind of access), or you love him and don't want anyone who hates him to ever gain this kind of access. A polarizing political figure should erode trust in unrestrained state power unless you believe he's the last President ever.
People shouldn't have trust in unrestrained state power regardless of how kind and gentle those in power have been or are likely to be. Maybe Trump's election made more people realize this, but hopefully most people who bother to think about such things realized it to begin with.
That to me seems like the biggest problem with parliamentary systems (which have many other advantages, especially for new parties, local constituencies, etc.). Unless there's a sovereign, or some other system, it's often left up to the sitting government to decide when elections will be called.
That's not true for most parliamentary systems. In fact it's only customary in the UK to arbitrarily call elections when poll numbers are up. But even in the UK, there is obviously a maximum term between elections. And calling elections without reason isn't actually possible anymore. Theresa May had to jump through some hoops to almost lose her majority last summer.
In the US, a president who leaves office before the expiration of their term is replaced by the Vice President (or the next in the line of succession if there is no Vice President). In Germany, a chancellor can only recalled by electing a replacement. If they resign or die, the President gets to make a few decision, and they will usually task the leader of the largest party to find themselves a majority. Only after two or three failures of that process would a President turn to early elections.
I'm not sure what the current number is (not sure it's ever been polled), but there was a pretty well reported poll that said just over half of Republicans would back a delay if Trump said one was necessary. Seems that it was a Washington's Post poll: https://www.washingtonpost.com/news/monkey-cage/wp/2017/08/1...
From my casual observations and conversations with people, I would guess 20% would at least support postponing the next election cycle purely on the basis of “voter fraud” conspiracy nonsense that Fox News et al peddle.
I don't see it. There is always a case for privacy. But if people consider the presidency corrupt it would probably be a good idea to grant the judicial branch more power. Because secrecy doesn't protect you against a sufficiently corrupt government, it protects the government from you.
Also I rarely have seen any government system installed in such a way that some kind of lawful intercept mechanism would be required to circumvent their internal controls; they almost always are set up in standard boring enterprise way where an admin user can easily access anything, reset any credential, etc. I have seen systems where people forgot the admin credentials or lost access to the admins, but even in those systems there were easy backdoors with physical access.
There are some systems designed to protect keys and admin access from lower tier admins (for crypto fill, etc), but with those they are generally not archival, just transport security, and there are ways to downgrade or replace keys on request. The judiciary also doesn’t in practice have any real ability to do things to the executive without cooperation of parts of the executive; if we had some insane civil war type situation where a federal judge wanted to enforce an order against the executive, it would be basically impossible to do so without some support of the executive (or an external force, like a state national guard). This isn’t how it should be, but probably was like this within a decade of the constitution’s ratification and has gotten more so with time.
I guess it wouldn't necessarily be the judiciary. What I am getting at is that what enables you to run a conspiracy against the government also enables them to run a conspiracy against you. When journalists starts ending up dead, like in Malta or Slovakia, you want to be able to unravel any connection the murderers had to political figures and not end up with a bunch of dead ends consisting of encrypted communication and currency. How to actually solve that in a good way is up for debate though.
Privacy protects you from any entity wanting to use your personal life to discredit you. Secrecy doesn't protect you since a corrupt government will intimidate, discredit or kidnap you regardless of merit. What protects you is being able to uncover their slush funds and secret dealings.
The 4th Amendment to the US Constitution basically says there is no justification for such powers. The entire foundation of the the US Government is a warning against the centralization of power.
China operates like you describe and people that think like that should just move there. Perhaps we could create a program to swap citizens between countries so people can live with their ideological peers.
From what powers? The 4th amendment does not protect you from "reasonable" searches. A corrupt government wouldn't care about the constitution, like during Watergate. I am not a US citizen nor in the US (so the 4th amendment doesn't cover me) and I have already spent a fair amount of time in China. But thanks for offering.
If all the hacks, breaches and vulnerabilities from the past 5 years have taught us anything, it should be that security is hard enough to do without weaknesses intentionally baked in.
I'm going to bet that this law will come with a provision that says researchers that try to break or report bugs in whatever system they come up with could get jail time.
It kind of does. I may have misinterpreted the article, but the proposal seems to be forcing hardware and software vendors into key-escrow schemes.
So the decryption key on your phone (or perhaps a key to the key, same thing AFAICT) would have to be stored by the manufacturer so that it could be accessed by various US government agencies.
If it’s a Chinese company, that means the Chinese government would have access, too.
And if such a law and precedent was set by the US, the likely reaction from other countries would be to enact similar laws.
So, lots of people all over the world will be able decrypt your data, for lots of reasons.
And how long do you think that neat partitioning of keys by country of sale would last?
My money is on "until about the next Tuesday after the scheme is first deployed", and then every phone is open to every sufficiently-motivated country's intelligence agencies and law enforcement, and that's the end of business, law-enforcement and possibly even military security for anyone stuck using one of those devices.
Just to be clear, these guys are in favor of China, Russia, Iran and ISIS having back doors into devices used in the US for communication of potentially very privileged information.
Once backdoors are introduced, that is the outcome that will come of this.
There's a lot of conspiracies and security absolutism in this thread. So while I agree that this policy is misguided, I think it's important for the community to address the actual issues raised, and not some strawmen about the government preparing to enslave all citizen etc.
Imagine you're a high-minded, fair, and absolutely law-abiding FBI officer charged with solving some white collar crime, like corruption or fraud.
You started some time in the 80s. The usual MO was to get a warrant and search someone's house and office. You'd find 60 to 100 binders full of letters, transaction records, and org charts for this criminal enterprise you're investigation.
Today, you find an iPhone and a smug banker telling you take it. "The new model is coming out anyway." Then, he orders a Vodka Soda from his butler and you slink out, iPhone in hand.
Just to be clear (again): I absolutely do not think that this scenario is reason enough to mandate backdoors. But I am similarly convinced that it happens, probably quite often. And that it would be rather frustrating to deal with.
It will be far easier to convince people if we start acknowledging what they already think to be true, to avoid hyperbole, and not to obscure our real motivation behind some rather ridiculous claims of technical impossibility[0[.
[0[: bitcoin already has 2-of-3 multisig, so 1-of-2 shouldn't really be impossible if anybody, you know, tried
Why would the government push an backdoor that would expose their own citizens to more hacking? Almost seems like they’re just trying to look tough on crime but won’t actually do it.
Android, at least the parts that would be required to be modified to implement this misfeature, is already open source. That won't help. The DoJ isn't asking for proprietary code secrecy, fundamentally they're asking for key escrow. Storing data in different places isn't something source visibility can address.
Which they will. All they are asking for is some form of key escrow; which can (and has) been given a reasonable security definition.
The problem is that secure implementations of key escrow are much harder; and (given the amount of use the escrowed key will get), certainly going to be broken in practice.
Okay --- I'll iterate the algorithm a thousand times. Now I'm back to respectable strength.
Besides, any selective "break glass" scheme is going to be vulnerable to arguments about the need for urgent access to prevent terror or something.
Either the population has access to strong crypto or it doesn't --- and technological prohibition never actually works. You may be able to make it easy to crack phones used by the naive, but you can't stop determined people writing and running software.
Why do we need this? If this has been such a huge problem for them over the last decade shouldn’t we have seen a rise in crime rates because criminals are having an easier time getting away? Seems like it’s been the opposite.
The question I have for anyone pushing for this, is do you want a foreign gov't to have the same access? Because as soon as you require this in the US, that's exactly what will happen.
I was hoping that it was going to be an article about how users should be able to unlock their own phones and get root access without any risk of bricking them.
Well, various people want the government to do something to the "other," and these people just disagree about what they want the government to force people or groups of people (i.e. corporations) to do. Others just think we should stop letting the government force anything without substantial data that indicates an actual probable reduction of some negative behavior.
I think Apple has the will to fight this and I think a strong 4th amendment case can be made. Freedom of the people must be protected.
Apple, Amazon, Netflix and Google will need to work hard to distance themselves from Facebook in the public imagination. They’re presently all “big tech” FAANGs. Until that happens, Silicon Valley’s political priorities will suffer in D.C.
While the political priorities of telecoms, oil companies, the pharmaceutical cartel, and banking continue to set the political agenda. Sure, that makes sense. Let's ignore one of the larger sections of our economy and opt to punish the bad actors at the expense of the whole industry in this one sector alone.
Tech countered many political interests. With tech weakened, the interests they were defending have no defences.
We must reform money’s role in our democracy, but basic political balances are intrinsic to the game. In retrospect, privacy advocates may have relied too heavily on the support of a single segment.
This is somewhat unrelated, but I really think 4-5 years terms for government anywhere in the world is way too long. You elect them, they break promises and pass all kinds of crazy laws, and still get to stay and keep doing damage for 5 years, after which they might even get elected again because most people won't remember what happened 5 years back.
It might not be feasible, but a way for citizens to send everyone home easily every 1-2 years if they screw up would be beneficial.
Wow. One of the people working on this is a former security guy at Intel. Makes me wonder if meltdown and specter were engineered into chips on purpose.
Meltdown and Spectre aren't backdoors or simple mistakes. They are the unforeseen consequences of speculative execution. Also, other companies' processors are affected too.
Spectre/Meltdown aren't the "tinfoil" (which might actually be legitimate) fears in Intel -- those are probably Intel Management Engine/AMT/etc. and general supply chain risk (maybe Intel processors in general are safe, but if you're a target, maybe the machines you order are "special" -- although making special CPUs in the latest process, especially if you're not Intel itself, is a lot harder than making "special" versions of other chips in older process in the system.)
Without other evidence pointing to deliberate design of the flaws, it's reasonable to think that an expert on security would be hired by Intel for that expertise on security, and that they would also be someone tapped to be in a high-level group that would be looking into security issues for the government. You can definitely disagree with the goals of the Justice Department and those involved in this matter without also attributing deliberately introducing flaws that resulting in Meltdown and Spectre.
Nothing is "inevitable". Laws are constructs of society, ultimately. Cutting hands for stealing, death penalty for smoking marijuana, forcing people to not use end-to-end encryption - it can all be undone by a vigilant and activist society.
If everyone has a self-defeatist "inevitable" attitude on the other hand...
Don't get me wrong, I hope Apple (and the rest of the tech industry) try to kill the baby in the crib. But it'd be sticking your head in the sand and intellectually dishonest to say that law enforcement doesn't have a legitimate interest in pursuing this and are just going to give up because some tech people say it shouldn't happen.
Law enforcement also has a legitimate interest in being able to walk into my house, examine and copy my stuff, and make sure I'm not doing anything against the law. They also have a legitimate interest in stopping me on the street at random and demanding my identity, proof of citizenship, a blood sample (to make sure I'm not doing any drugs that are against the law), and a list of the people that I've talked to today, and about what subjects.
Oh, that's not "legitimate"? I've seen serious proposals for those in the past few years, and not a few actual instances. All invoking the L-word.
What do people mean by "legitimate" then? Mostly, I see it as begging the question, an attempt to redefine and color the argument. Of course their interests are "legitimate" -- whose are not? Does passing a law make something legitimate? What about an unconstitutional law?
History has proven that capabilities like the ones proposed are always abused by power, and that compromised security systems grow more compromised over time.
We already have the safest, most prosperous society in human history. We need to stop taking individual freedoms away just to move the needle a fraction of a percent.
I like the idea of focusing on the device problem rather than the transport problem.
I'm personally completely ok with the special devices specific unlock code suggested. It's not universal, and requires the government to go through the company first who at some level at least have a stake in me believing my device is secure.
The insentives seem to work and I still have reasonable security.
Comey was the key advocate in this during the Obama years. He spoke for years advocating backdoors... even after Trump took office. Here's an article from March 2017 when he advocated an international backdoor[0]. Here's one in May 2017 when he backed Feinsteins decrypt bill[1].
It receded because Comey was pushed out. And it took a while for Wray to come in and make it an issue again.
It's worth remembering that this is not some faceless government action. They're just people who are lobbying for the change. Remember to contact your representatives regularly to advocate your position on these issues.
0. https://www.techdirt.com/articles/20170327/10121437009/james...
1. https://techcrunch.com/2017/05/03/fbi-director-comey-backs-n...