> I don't think we would live in a forced back door world for too long. After another 2, 4, or 8 years, we will eventually realize that giving the government a back door to the iPhone did not give it a back door to the myriad of other encrypted communications tools out there. Terrorists will find other ways to hide their communications.
I'm going to disagree with you here. Didn't we think, back in 2001, that we'd only have to live with pat-downs on every plane flight for so long? That the government would eventually realize that terrorists couldn't hijack planes once passengers knew that the proper response was to storm the cockpit rather than waiting for the usual ransom demand to be acquiesced to? That the terrorists would find other ways to cause terror?
If the US Government gets what it wants with this case they will use it as a wedge to permanently deny us any semblance of electronic privacy. You will get to choose between using paper and having some random police officer [1] decide that it's time for you to go down and he's absolutely sure he can find something you've done wrong [2].
This move is one of the last things standing in the way of that future. Apple's engineers are threatening to destroy one of the most successful, profitable organized entities in human history in protest. A sort of technological mutually assured destruction. I hope their threat works, and that they don't have to follow through on it, and that if they do, their statement is understood.
> I'm going to disagree with you here. Didn't we think, back in 2001, that we'd only have to live with pat-downs on every plane flight for so long? That the government would eventually realize that terrorists couldn't hijack planes once passengers knew that the proper response was to storm the cockpit rather than waiting for the usual ransom demand to be acquiesced to? That the terrorists would find other ways to cause terror?
Thank you for bringing this into the picture.
The thing is that once you give up a bit of your liberty to the state, you never get it back.
The TSA is an abomination. You can basically shred the whole Bill of Rights as soon as you step into an airport.
> You will get to choose between using paper and having some random police officer [1] decide that it's time for you to go down and he's absolutely sure he can find something you've done wrong [2].
And the shoe and underwear bombers were some kind of geniuses. "Hey, his putting a failed bomb in his shoe made all the Americans take off their shoes in aiports. I wonder what would happen if I put one in my underwear?"
The guy who convinced TSA to confiscate my 12oz bottle of shampoo because I hadn't poured it into 4 3oz bottles, then put them in a Ziplock bag, also deserves a prize.
The TSA is an abomination. I will not set foot in US for fear of them. The most important conferences in my business are in US and a few customers have already requested my consulting, but there's no way I travel to US.
> Didn't we think, back in 2001, that we'd only have to live with pat-downs on every plane flight for so long? That the government would eventually realize that terrorists couldn't hijack planes once passengers knew that the proper response was to storm the cockpit rather than waiting for the usual ransom demand to be acquiesced to?
It's interesting to note that passengers figured out about storming the cockpit was the way to go on 9/11 itself, literally an hour and eleven minutes after the first plane hit the World Trade Centre. They clearly knew that the old "wait out for ransom" no longer applied.
> You will get to choose between using paper [...]
Let's give imagination a run:
After 10 years of FBI cases where child molesters and terrorist houses were raided only to find they were able to shred evidence last minute, the FBI decided that they don't have time, energy, money and will-power to sit down all day long and play with 10,000 pages-long paper puzzles.
Therefore they asked congress to pass a law where every company selling shredding machines will attach a little tiny camera to their device. Upon shredding, a photo will be taken of what you shred. This photo will be obviously securely transferred and stored in FBI vault, just in case, locked with each shredder's individual key until proper Court gives a warrant to give out encryption key and decrypt photos of documents that have been previously destroyed.
There you have it!
And don't get me started on 2030, where we will be able to read and print out people's thoughts...
How exactly are they supposed to permanently remove all semblance of privacy? Short of infiltrating popular open source projects in plain view and proving the (potentially) unprovable, I don't see how this is possible.
If they can't quite do that, then they bring back the whole "export-grade cryptography" thing, except they call it "terrorist-grade cryptography" this time around. Then they start monitoring every crypto-capable open-source project's responsible disclosure system. When they see a vulnerability good enough to subvert that open-source project, they shut down that project before the bug can be fixed. And then they suppress all knowledge of the bug.
Or they infiltrate popular open-source projects in plain view. Wouldn't be hard at all to get that one bug they need in some peripherally relevant subsystem that nevertheless breaks the entire thing.
You're assuming that the government is hyper-competent. I'm not so sure. There are an awful lot of cooks in that kitchen, so to speak. Eventually, it'd leak that they're purposely sabotaging open-source projects. Not that that possibility might stop them from trying, but it'd certainly hamper recruiting efforts considering the people best able to do the sabotage are the ones likely to be contributing to the projects in the first place. And even if they can start forcing tech companies to take actions that hamper their own security, the best cooperation they can hope for would be a grudging one at best. It'd be like getting involved in a land war in Asia.
Look at the fight against child pornography. Tech companies dedicate a lot of resources to fighting child pornography and working with the FBI to help prosecute offenders and NCMEC to help identify the children being exploited. Even with the active and enthusiastic support of the tech community, it's an uphill battle. How much more difficult would that fight be without that support?
Point being, if governments can't make child pornography--something everyone is against--go away, how likely is it that they'll be able to make a dent against encryption?
"Child pornography". Any pornographic depiction of a person deemed 17 years old is child pornography. It needs not be a photo, it could be a drawing. If the origin of the picture is unknown, I assume any picture of a young-looking 25 years old person could be assumed child pornography during an investigation. As horrible as actual unconsented pornography is, which I frankly condemn, I still take it with a grain of salt when I'm told "This CEO has child pornography on his computer".
"Then they start monitoring every crypto-capable open-source project's responsible disclosure system. When they see a vulnerability good enough to subvert that open-source project, they shut down that project before the bug can be fixed. And then they suppress all knowledge of the bug."
...to exploit it? seriously?
i'm not saying it's impossible or unlikely, it just sounds like 1. it's a tremendous amount of work 2. it still doesn't actually solve the problem
I know, I know, the idea is incomplete, it needs some tweaks and refinement. It's just there to demonstrate the kind of power, freedom, and creativity we should be expecting to be pointed at crypto-capable open-source projects in the future we're looking at.
As for it being a tremendous amount of work: First, I'd guess that, given the infrastructure they already have, they could probably pull it off with a few dozen people. It's not bigger than, say, Reddit (78 employees?!). Second, have you seen how much effort they're putting into the kind of thing? They already have server cabinets throughout the US that read most of American's internet. IIRC they managed to stick a black box between Google's datacenters that could snoop on people's email while it was flying back and forth between their distributed storage system. Just imagine how much money, physical access, and and reverse-engineering those things took. And not only that, but that was theoretically GCHQ that did them, not the NSA! Foreign soil!
Seriously. The right mindset here isn't that it's "too much effort" or that it "doesn't work that way". We're dealing with something that has in the past demonstrated the ability to do these kinds of things. If you want a good set of tools for getting into the right state of mind for this, we should be treating it sort of like a hostile superintelligence, not any kind of bureaucracy.
As PHK pointed out, the NSA (and other large SIGINT agencies) obviously already have some amount of influence on popular free and open source software.
If anybody find this at all surprising, watch PHK's "Operation Orchestra"[1] asap.
They can always go the FCC route and enforce a lock down on any general computing device sold within the border; Submit your source code to our automated build and signing service or your software will simply not run.
Remember that all that is required is that the majority of people comply.
As it already is in some cases in the United Kingdom. Granted, their freedom of speech protections aren't as great as ours, but if Congress really wanted to, what's to stop them from making a Consitutional ammendment that declares encryption keys as not being protected under the Fifth Ammendment?
.png){kind=link}
I'm going to disagree with you here. Didn't we think, back in 2001, that we'd only have to live with pat-downs on every plane flight for so long? That the government would eventually realize that terrorists couldn't hijack planes once passengers knew that the proper response was to storm the cockpit rather than waiting for the usual ransom demand to be acquiesced to? That the terrorists would find other ways to cause terror?
If the US Government gets what it wants with this case they will use it as a wedge to permanently deny us any semblance of electronic privacy. You will get to choose between using paper and having some random police officer [1] decide that it's time for you to go down and he's absolutely sure he can find something you've done wrong [2].
This move is one of the last things standing in the way of that future. Apple's engineers are threatening to destroy one of the most successful, profitable organized entities in human history in protest. A sort of technological mutually assured destruction. I hope their threat works, and that they don't have to follow through on it, and that if they do, their statement is understood.
[1] https://www.washingtonpost.com/news/the-watch/wp/2016/03/10/... [2] https://en.wikipedia.org/wiki/Parallel_construction