There's no need to feel bad for the DoJ. They rarely encounter encryption and when they do they get around it. For instance in 2009, there were more than 2,300 criminal wiretaps that caught the communications of more than 230,000 people. The cops encountered encryption once, and still got the plaintext. http://www.wired.com/threatlevel/2010/04/wiretapping/
Moreover, we've been down this road before with the Clinton/Gore push for encryption backdoors -- the so-called Clipper chip. Congress asked the National Research Council to look into it and what did they come up with?
"It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages."
Simply put, this is an egregious power grab that's unnecessary. It's a technical mandate that limits secure communications and outlaws technology like PGP and OTR and possibly TOR.
The FBI have a legitimate cause for concern: if strong cryptography ever becomes foolproof and widespread, it will make intercepting communications much, much harder -- and there are legitimate reasons for why the FBI would want to intercept communications.
Obviously, the proposed legislation is pretty crazy, but I have at least a little sympathy for the FBI here.
This didn't deserve a downvote, because it's obviously exemplary of the very sentiment that's driving the thing.
However, that sentiment is assinine. The business of this nation isn't to make the interception of communications easier, it's to facilitate our affairs. The article says
But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers.
As if the powers of law enforcement are the overriding concern, rather than the freedom of the people.
I'd expect that an intelligent, well reasoned and well documented argument for fascism would still get a serious downvote here.
I normally down for quality on low karma posts and downvote for opinion on high karma posts. But when the opinion is assinine enough, even the most eloquent expression deserves a downvote.
Downvoting in this context isn't suppression, its just a strong statement that this opinion is outside our community. And there are plenty of things I disagree with that I wouldn't downvote below 1 because I know they are held by a reasonable fraction of the intelligent people here.
I don't think my sentiments are "assinine", thank you :)
The FBI has legitimate reasons to want to intercept communications, e.g., to try to prevent organized crime and domestic terrorism. While most people would probably support the FBI's interest in doing that, they would also agree that infringing on privacy is bad. So we have a complicated tradeoff, and a system of checks and balances -- and that system might potentially be greatly effected by widespread crypto.
The idea that only privacy rights have any value is just naive IMHO, and it is unsurprising that most people don't believe that.
Our security is important, but nothing is more important than our freedom. Thus, the powers of law enforcement must exist in the spaces between our freedoms, and not encroach, forcing us to alter our behavior for their convenience.
Surely it would be more convenient to law enforcement if they had DNA samples and fingerprints from the entire population, but that's not going to happen.
In some ways, demanding the "right" to eavesdrop is even more pernicious, because it's interfering with our freedom to speak and associate with those we choose -- one of our most cherished freedoms.
And like at least one other commenter mentioned, the government has a clear track record of abusing such powers. I'll add another to that list, their abuse of the Echelon system.
One of Echelon's primary roles has been to gather industrial espionage from European companies for US ones, say some intelligence experts. The French were said to have lost a $6bn contract for Airbus with the Saudi government to Boeing and McDonnell Douglas, thanks to Echelon intercepts of faxes and telephone calls.
...The [British Parliament] report warned businesses and ordinary individuals that they are being spied on and that users should encrypt their e-mails. It said: "That a global system for intercepting communications exists ... is no longer in doubt. They do tap into private, civilian and corporate communications."
Remember folks, the downvote mechanism is not for when you disagree with people - it's for people who aren't contributing to the conversation. This is a legitimate, reasonable comment and doesn't deserve the downmodding.
The authors of this bill fundamentally misunderstand how the Internet works.
They believe that all useful Internet communication is centralized: for two parties to communicate, a third party (GMail, AIM, Facebook, HN, Twitter, etc) must relay the messages. But this isn't even true for email! Most companies run their own local servers. There is no central broker to tap - it's just P2P communications. Hell, if you and I open our college number theory books, implement RSA, and share port numbers and IP addresses, the law hasn't considered us. But we don't need to do that - there are plenty of expert-reviewed P2P technologies that allow for secure communication. It gets worse: I could use a VPN, and pipe my results through TOR, and use secure proxies. People just use centralized services because they're nice.
In this case, the government is asking citizens to sacrifice their liberty (and companies to sacrifice their valuable time) for something that can only be ensured by direct access to a suspect's computer, without providing any solid evidence that our safety has been threatened. FUD at its finest.
There is no central broker to tap - it's just P2P communications
According to the article, the proposed regulations would cover that:
Developers of software that enables peer-to-peer communication must redesign their service to allow interception.
Of course, that doesn't mean they'd have a prayer of enforcing it, but I don't like the idea of being forced into what would be illegal activity to preserve my own privacy.
It seems to me that this provision would be hard to make stick, what with the Clinton-era precedents that encryption code is protected under the 1st Amendment. It's probably time to pull out my old "This T-shirt is a munition" shirt [1]
How does that cover in anyway the case where I run my own SMTP/IMAP server for me and my minions, and we are encrypting all email with GNU Privacy Guard using the GPGMail plugin to Apple's Mail.app?
As I read the article (without having seen the actual proposal, and probably not able to understand the legal-ese if I had), you just would not be allowed to do that. You'd have to use some alternative to GPG, that has a law enforcement back door.
This is nonsense. It's technologically impossible to enforce this. Global VPN providers will always provide a link out of the US, and peer-to-peer communications will always be secure, no matter what the government wants. If they push this, it could become a big PR problem for them when it becomes apparent they can't possibly enforce it.
Be a good citizen and get wiretapped. Be a criminal and stay secure. It's like the DRM paradox, and just as resistant to litigation, criminal or otherwise.
Edit: I'm not saying that all p2p is secure, only that it will always be possible to have secure p2p. There are totally-overkill-for-even-normally-outrageous-circumstances encryption schemes that would be even resistant to a quantum computer. By altering the frames it's possible to make your secret traffic look like something totally different to get around filtering. Whatever filters or taps are dreamt up, new schemes will arise to circumvent them.
Out of curiosity, do the people writing bills ever bother to consult experts in the fields that a bill pertains to? I don't have the expertise to tell if it's the case for most fields other than technology, but if the bill-writing process is anything similar, are bills on things like health care, the economy, and the wars in Iraq and Afghanistan also based on a complete lack of understanding of the facts?
You could also ask the question if the people voting on the bills actually read them. The answer is, generally no. Also, the congresspeople who propose bills sometimes don't even read their own material, because they assume their staff (who actually wrote it) got everything correct. Strange but true.
However, I've been toying around with the idea to link bunch of dedicated servers with OpenVPN tunnels and let users connect to them via OpenVPN server (tls) also.
The idea is to form a closed or separate network with services and have it be privacy friendly network.
The main point I am trying to make is that we the people should be able to, and be allowed to run and manage our own network that isn't wiretapped constantly by for-profit intel contractors.
So if they have had problems with interception of terrorist transmissions, where are the new Sept 11th attacks? Fear mongering to give up another inch of your freedom.
Agreed. Their argument is they are trying to better protect us:
But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers. ... "We’re not talking expanding authority. We’re talking about preserving our ability to execute our existing authority in order to protect the public safety and national security."
But our intelligence services had all the data necessary to discover the "Christmas day bomber" but failed to connect the dots.
Court order, that is the question, what they want is to be able to tap anyone, always, "just in case you are a terrorist".Read: control your political adversaries and get more power.
I'm for it if and only if there is a court order(You know they are listening you).It must be balanced.
I'm working on voice recognition software, in a few years the any government will have the option to transcribe ALL the skype messages in a very very cheap way and store them. This way you can search for patterns...and improve your industrial spying too. If they have the power to do so, they will do so.
Since they new about the September 11 stuff before it happend, but still did not prevent it, they should not be awarded more money, toys or power but rather punished for their failure.
The FBI has a tough problem on their hands. Probably even an impossible one.
They seem to be trying to strike a good balance here, but especially the encryption part is likely to rile people up. And in some cases it's totally impossible.
What is impossible is this: You can't have secure communication which is inherently insecure by design.
The "backdoor" (a intentional bug) will have to be part of the communication protocols and therefor present in every data stream which makes this protocol less secure. Any such backdoor WILL BE in time be open to any hacker, cracker, foreign spy, and anyone who can run a simple script?
Of course law enforcement is necessary. But you've jumped and equated resisting unfettered wiretaps to a world with no law enforcement. That's the same kind of broad stroke generalization that gets our rights trampled, like they were in the illegal wiretapping of Internet traffic at Folsom St., San Francisco:
Mark Klein, a retired AT&T communications technician, submitted an affidavit in support of the EFF's lawsuit this week. That class action lawsuit, filed in federal court in San Francisco last January, alleges that AT&T violated federal and state laws by surreptitiously allowing the government to monitor phone and internet communications of AT&T customers without warrants.
I am talking only about the ability of the FBI to conduct court ordered wiretaps.
Right now companies can create internet based products without even thinking about the idea of wiretaps. Making a policy that companies should create procedures for dealing with ordered wiretaps from the beginning sounds like a good idea to me. (The encryption part doesn't though.)
Your replied to "They are seeking the ability to tap anything they want, any time they want" which is unfettered wiretapping with "You really think a world with no law enforcement is a better one?"
I am talking only about the ability of the FBI to conduct court ordered wiretaps.
Yes, you are only talking about court ordered wiretaps, but I'm wary about actual implementation of wiretaps, and for good reason, as I posted about factual historic illegal wiretapping as recently as 2002.
Yes, I certainly did read the article. I take an interest in matters of politics, government vigilance, and rights infringements I wish more Americans would. Don't get me wrong. I'm all for legal law enforcement, and aiding those tasked with doing their job while not trampling civil rights and liberties. I happen to think there are wise and unwise ways to go about it. For example, suspending habeas corpus, the right to due process, as George Bush did by citing national security, and which was reversed by the Supreme Court as unconstitutional, I think is unwise. I also don't think terrorists will stop and think, oh well, they've got their country wiretapped, so there is no way to carry out attacks now...
The need for a court-order isn't part of the FBI's position in this argument but is a historical/constitutional mandate that has existed for some time. And law enforcement has shown a willingness to ignore this limitation in practice (see the AT&T case).
Their position, what you called "balanced", is simply that they need the technological ability to tap all phones everywhere. There's nothing balanced (or sane or ..etc) about this demand. Society and technological feasibility may balance their demand for them but that's different from what you originally said.
Moreover, we've been down this road before with the Clinton/Gore push for encryption backdoors -- the so-called Clipper chip. Congress asked the National Research Council to look into it and what did they come up with?
"It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages."
http://epic.org/crypto/reports/nrc_release.html
Simply put, this is an egregious power grab that's unnecessary. It's a technical mandate that limits secure communications and outlaws technology like PGP and OTR and possibly TOR.
Online encrypted e-mail services are already push-overs. Hushmail will rat it out its clients with a court order. http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
And if that doesn't work the FBI can always deploy its zero-day browser bug that installs spyware -- CIPAV. http://www.wired.com/threatlevel/2007/07/fbi-spyware-how/
Don't feel for the feds, fight them.