> "I think that people and companies need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary," Mr. Carter told students and faculty at Stanford.
Right, because what they're doing in the cyber domain isn't lawful. Naturally they'll fix that retroactively.
> He urged the next generation of software pioneers and entrepreneurs to take a break from developing killer apps and consider a tour of service fending off Chinese, Russian and North Korean hackers...
Yeah, exploitation of vulnerability isn't partisan or nationalistic. While narrowly possible, it isn't really practical to fend off Chinese hackers without also fending off American ones, and vise versa.
> ...even as he acknowledged that the documents leaked by Edward J. Snowden, the former intelligence contractor, "showed there was a difference in view between what we were doing and what people perceived us as doing."
I can't help but picture these hacks that shill for the administration like cheaters who've been caught trying to talk their way out of it.
"Baby, I know I said I was visiting my grandma last night, and while I admit that leaked photograph of me kissing and groping my former lover is authentic, I swear to you it's not like that! The kiss had to be collected in case it was needed in the future but it's not cheating because I wasn't feeling into it at the time. You've got to understand there's a difference in view between what we were doing and what people perceived us as doing. I lied to keep you safe! Think of the greater good baby!!"
> ...even as he acknowledged that the documents leaked by Edward J. Snowden, the former intelligence contractor, "showed there was a difference in view between what we were doing and what people perceived us as doing."
That one boggles my mind. On 2013, Mar 12, Clapper lied to congress about NSA spying. The purpose of a lie is so that people perceive something different from reality. So they achieved their goal, they're just sorry they got caught.
Baby it was just the most truthful answer I could tell you. I mean, I'm sorry, I should have been more careful in my statement. I acknowledge that. But I must stress, that I did not wittingly make out and fondle. What I did was not, in any way, targeted at our relationship. My eyes were closed, and I was merely doing my duty to feel up our enemies. There is just no other technical way to go about it. And I resent the implication of wrongdoing in the unfair way you questioned me about the situation.
Now, you know I love you. I would never do anything behind your back. That's why all of your friends were fully briefed on this encounter. And they all agreed that it was necessary and appropriate. Well, almost everyone. I vow to bring the perpetrator who leaked the photo to justice! And so in light of this, we can have an important debate about who else I deny I have slept with, who else you have proof I sleep with and what other sexual acts I must do with them in order to safeguard our relationship.
But let's not forget what's important. We need to work together to build a framework for a process where I continue to see others I'm attracted to, particularly the Russian and Chinese ones, in a way that respects privacy, by preventing you from finding out, but with proper oversight that is transparent, accountable, and consistent with my unwavering support for monogamy. After all, the security of our relationship depends on it.
Most people are forgetting the rest of the story:
On 2013, March 13th, Clapper sent a private letter to congress, getting their agreement that what he said was the "least untruthful" thing he could have said.
and got away with lying to congress.
Everyone should learn from Clapper's example, when they're in front of a judge, court, or other tribunal.
But as classified information he's legally not allowed to share it publicly as part of testimony or otherwise. We don't actually know what he said in private to correct to those congressmen and women who are authorized to know this information. (i.e. The intelligence oversight committee.)
If the problem was the classified nature of the answer, the proper answer would have been something like "The law prvents me from addressing classified topics in public", not "No... not wittingly". Given that it was congress doing the asking, they would have had any number of ways they could have addressed that concern including giving him immunity or cleared the chamber so he was only addressing congress. Also, as Clapper was given the questions beforehand, he had ample opportunity to bring this up beforehand.
But that's not how this works. By saying that he can't disclose, he's disclosing the existence of the program. It's entirely possible that the program's existence was classified. The NSA's existence was classified for many years and I believe the "Groom Lake Facility" (aka Area 51) might still be. Everyone knows it exists, but the government won't admit it.
He can't address it beforehand if the admission of its existence is classified. By addressing it beforehand and saying "you can't ask me this question" he indicates its existence.
I don't think our government is quite cognizant of the post-national undercurrent that is especially prevalent in the tech industry even if that community insists on clustering in specific places. I get a sense that especially in DC and the status quo industries, there is a feeling that we still live in some post-WWII or Cold War fervent nationalistic society. It seems to me that everyone that knows, can do, or is aware has separated themselves from those notions of central nation state.
I don't know if we are permanently moving past the Westphalian nations state, but there does seem to be quite a fluctuation going on. Due to our own government's actions and serious, deep breaches of trust, our own government is becoming a threat to a whole sector of society and the economy.
I thin the question is how the government will react if it gets nothing but the cold shoulder that it should due to its own behaviors. Will it change its ways and learn how to deal with a new reality, a new world; or will it lash out and take an aggressive approach to infiltrate, disrupt, sabotage, and co-opt the tech community and graduates for its deceptive and rather nefarious antiquated and rather fascist intentions? I think history projects that the latter is far more likely than the former without significant civic intervention, but we will see.
Post-nationalist may be a bit of a strong term, or an overstatement, but I think you're on the right track.
People are more connected to each other across the world than before. The government is not the only body with multinational links and multinational information coming is as part of everyday life. The 'othering' of people in other countries no longer so prominent. We care a little less about our own country compared to the wider world.
And yes, the government has totally, thoroughly earned our distrust and disrespect in this field. Almost any new security work assumes not just hackers as its threat model, but pervasive network monitoring and compromised service-providers at every level.
New security systems, created by freedom-minded individuals - not terrorists, not criminals - actually count the government as a direct threat.
I agree that a lot of people are picking up on the post-national trend, and I think that it's a good thing for sure. The less tribalism we have, the more we can cooperate for the public good.
I'd say that the government isn't aware of the postnationalist movement because it's really quite a small group of people overall, and there aren't really any actionable goals or organizational structures that these people have rallied around. If there were post-nationalist groups getting into political advocacy etc, I assume we'd see a strong pushback and propaganda-based reiteration of the good old "American Values" to rile up the proliteriat.
In general, the government doesn't like getting the cold shoulder, and treats its behaviors as always justified. I'd put my money on aggression. After all, they already have JTRIG groups whose purpose is to infiltrate and disrupt political groups.
> "showed there was a difference in view between what we were doing and what people perceived us as doing."
This is pretty much the EXACT thing that is the problem. Let's be clear and unified on this topic: this is NOT a difference of "perception". This is a fundamental question of whether we're going to live in a democratic republic or not.
This is the core problem in security in general, and government programs like this make it worse. They will dump money into the security business, and security companies that do business with the government will have incentives to believe the lie that they can build both surveillance and security that people can trust.
Carter's words sound like the man who see's his judgement, but still uselessly pleads innocent for the decisions he believes should be kept in the dark.
I remember when my small private university received its first DOJ request in 2005 to install wire-tapping hardware on our servers. We in the IT department circled up and met, deciding to ignore this letter as a disgrace to the American public, the constitution, and the human values we believed in. Even receiving shamed us, and stirred anger and fear for years after.
When we ignored it, no request came again and no consequence -- because the people who asked us to do wrong would never ask us to do it again by the light of day.
Remember: stand true to what is right for you and those around you, whether in private or in public, and you'll never regret that choice from this day to your last.
Interesting, how do you know it was the actually the DOJ and not lets say Chinese or Russians using faked official looking letterhead to get a backdoor in your system.
This is just an example of how government stupidity when it comes to computer security is leading to MORE vulnerability and insecurity.
You did the right thing if dragged into court you could have rightfully pointed out that you refused for patriotic reasons since the whole thing "smelled" wrong and sounded like an attempt by foreign bodies to infiltrate your network, which would have got you into alot of trouble...
I wonder how the likes of Googles of this world response to similar requests...
Maybe the higher ups thought about that and invited the relevant engineers (or their boss) from Google and the likes at their offices in the Pentagon or some other place. At least that is not fakable.
He was 'thrown in the slammer' for a decade worth of accounting fraud and insider trading.. His excuse was that the big bad NSA was out to get him, but I'm not quite sure how that explains his fraudulent Enron deals;
They asked to install wire-tapping hardware on your servers because it is cheaper than hidden wire-tapping. If they do not ask again, it may be that their hidden wire-tapping hardware is in place. Or maybe, this is only conspiracy theory ?
> “I think that people and companies need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary,” Mr. Carter told students and faculty at Stanford.
Good luck with the convincing. Quite a few of us can read, so it will be rather impossible.
> The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_...
> Shortly after the terrorist attacks on Sept. 11, 2001, President George W. Bush secretly told the N.S.A. that it could wiretap Americans’ international phone calls and collect bulk data about their phone calls and emails without obeying the Foreign Intelligence Surveillance Act.http://www.nytimes.com/2015/04/25/us/politics/value-of-nsa-w...
> On July 9, 2012, when asked by a member of the press if a large data center in Utah was used to store data on American citizens, Alexander stated, "No. While I can't go into all the details on the Utah data center, we don't hold data on U.S. citizens."
So, it is not actually a criminal offense for law enforcement to violate the 4th amendment in collecting evidence. All that happens is that in pre-trial, a defense counsel can file a motion to suppress that evidence based on the exclusionary rule[1]. If the judge decides that the evidence was collected illegally, it is thrown out and cannot be presented to the jury. Less than 90% of cases go before a jury, but a knowledgable and zealous attorney can get evidence thrown out (or "c'mon, you know that will never fly with Judge Saris"d out) before a plea deal. This is the only way we have that warrants be sought, that they be validly[2] issued and that they be followed.--the threat that a criminal will "Get off on a technicality", either because the DA doesn't think she can prosecute, or because the evidence gets thrown out in pre-trial, or because an appeals/SCOTUS decision throws out the case.
None of that matters if the evidence collected is never intended for criminal prosecutions. Either by the FBI or by the NSA.
At least one of Boston's federal judges serves on the FISA court and I have it on the word of Boston's clerk of court that the FISA court judges care deeply about doing a good job and being a check on executive overreach. I believe him. But that doesn't matter at all.
[2] Most warrant requests are granted, not because it is a rubber stamp, but because the conditions for warrant approval are predictable and judges don't like having their time wasted with dumb requests. It's not like the patent office.
I'm sure there's a way for Silicon Valley and the US government to work together, but Silicon Valley can and should bring it's own demands to the negotiating table. This looks like a very one sided deal right now. The government gets to keep its secret courts, mass surveillance, secret drone strikes and foreign policy interference and expects the brightest and best minds in tech to sign up to facilitate all that.
No deal. There is another way. I'm sure many in tech would take up the gauntlet of protecting all people if it were to be executed in a way that fits with the ideals of those people - which coincidentally align pretty well with what the US Constitution and Bill of Rights put forth 223 years ago.
If the US wants security they can have it. If they want to continue to expand the military industrial complex, they should go looking elsewhere.
I'm sure there's a way for Silicon Valley and the US government to work together, but Silicon Valley can and should bring it's own demands to the negotiating table.
I don't exactly trust the policy positions of the handful of major corporations that rate on the White House's radar to be beneficial to the end user/society in general.
Not only that, but there is simply zero confidence in negotiation with the government and you are a fool to believe anything else. You don't even have to rely on echos and messages from ancestors and predecessors, with general warnings about the abuses of the power of governance in the hands of humans; you can just look at the last few years of all the deception, all the abuses, all the killing, all the thieving, all the protection of thieves, and pilfering of civil society, and all the lies. There is absolutely zero trust or confidence to be found. Unfortunately for the government and any government, its track-record is permanent, there are no re-dos without revolution. Once the image, once the record has been sullied in the most grotesque and lazy manner in which it has been for the last 15 years+ there is simply no going back. The damage is permanent, irreplaceable, and immutable.
You had one chance and choice on 9/12/2001, government; and you chose to play right into the hands and goals of the tactic of terrorism ... turning on your own people and sacrificing your principles at the cost of vanquishing the tenuous and feeble trust civil society had placed in you.
Maybe you will be successful in steering the massive ship and changing perceptions and molding society as you have before in the past, government. But for now, there is a lot of trust to be made up through apology, action, and prosecuting perpetrators, i.e., showing that your actions are not just more empty promises and lies that any other run of the mill addict uses to avoid accountability for their actions and impacts on those in their lives.
It baffles the mind how little the government seems to understand technology. Yes let's create a universal key but to make sure it's not abused or falls into the wrong hands we'll just split it up over agencies or setup an escrow. Never mind the fact that this undermines the security of every single piece of American data if we're compelled to use it.
If you're up to not good you're just going to download a non-backdoored encryption toolkit from somewhere else.
"If you're up to not good you're just going to download a non-backdoored encryption toolkit from somewhere else."
Good point. Software is made all around the world and there's no way for USA government to force it's backdoors (call it "golden key" or whatever) into all of it, especially in the age of open source. The purpose of wiretaping consumer grade software is clearly monitoring and controlling of casual citizens, not fighting serious criminals, hackers or enemy cyberarmies.
It is always a mistake to assume the opponent is ignorant or stupid. Of course the government knows the futility of trying to enforce the use of only "approved" encryption.
A law that required the use of "approved" encryption necessarily bans real encryption tools. Anybody that is actually secure is made a criminal, which is one more law that can be enforced arbitrary if someone decides you are a problem.
It should be fairly easy to filter for non-approved encryption with DPI. This gives them a nice map of all the "subversives" that are trying to evade the "monitoring and controlling of casual citizens".
“I think that people and companies need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary,” (Emphasis mine)
Step 1, make this first point true at least (the second and third points will probably be debated until the heat-death of the universe).
Quite heartened by the rest of the article though; techies standing by their principles.
I'm pretty certain none of this is true. It's frustrating that people can collect easy upvotes for writing innuendo like this.
Note: you didn't argue that there were public policy implications to proposed legislation. You said Apple is sharing zero-day vulnerabilities, and that they're doing it to get Apple Pay accepted by FedGov clients.
You've made extremely serious accusations here and insulted the integrity of a lot of good people. So I think you're now obligated to back up your extraordinary claims with evidence. Will you do that, please?
Your other option, if you don't have evidence that Apple has deliberately shared zero-day vulnerabilities with the USG, let alone done so in order to secure contracts with them, would be to apologize.
Everyone's different, but personally: I would be uncomfortable in the limbo of having neither supported such a grave and specific argument nor apologized for carelessly starting a rumor campaign about it.
Then try "cyber-sharing" executive order. It's the same thing. They are supposed to share "vulnerabilities" and "other data" about the potential targets. Same thing with the new CISA/NPCA bills.
> He urged the next generation of software pioneers and entrepreneurs to take a break from developing killer apps and consider a tour of service fending off Chinese, Russian and North Korean hackers, even as he acknowledged that the documents leaked by Edward J. Snowden, the former intelligence contractor, “showed there was a difference in view between what we were doing and what people perceived us as doing.”
You mean there was a difference in view between what you said you were doing, and what your leaked internal documents SHOWED beyond a shadow of a doubt what you were actually doing and planning on doing.
I, for one, appreciate that this is a mainstream media article that doesn't seem to paint the government as in the right at all. It leaves the last word with the tech sector in refuting the government's positions, which is refreshing to see.
"Mr. Obama, on a trip to Stanford in February, had expressed sympathy with those who were striving to protect privacy, even while saying it had to be balanced against the concerns of the F.B.I. and other agencies that fear “going dark” because of new encryption technologies."
"Expressing sympathy" means absolutely nothing when concrete actions have been taken to undermine privacy and security.
I hope that the tech industry can organize around resisting the government to provide security and privacy for their users.
The more robust anti-spying measures we have, the more secure we'll be from malicious actors who would use our communications against us for their own gain.
Keep playing the fascism game. So far their strategy has been to double-down every time there's a debate. Their only real trick is to clamp down more and insist it's permanent when they're questioned.
btw, not inferring that there's no room for compromise. But I think one of the only ways to make "surveillance" policies sustainable is by making their operations fully transparent. I get the eerie feeling this is not what US Govt. wants to do.
The text for this article on the nytimes fronpage reads:
>The computer industry is seeking to block surveillance, including by the N.S.A., which fears “going dark” on terror threats.
I find something about the use of "the computer industry" to describe Google et al be really quaint. It's understatement. Also, what industry doesn't depend on the computer industry these days?
The problem as I see it is that tech is generally willing to support the means of providing secure communications, but they're not going to play favorites. The US government, on the other hand, wants the ability to break the encryption for whatever reasons (and I do mean whatever).
Secure encryption is not a sliding scale - it's either secure or it's not. If one government can get in, then it's only a matter of time before some other government less friendly can.
So, the act of fending off hackers and intruders (Chinese, Iranian, etc.) means you fend off all of them.
In most ways that matter, this is another Cold War and there are no friendlies.
So, while most people here seem to be against the US government's requests, the reality is (I think) that we recognize that real security means tech doesn't play favorites.
You're right, of course, but this is the kind of "Fox News" style attitude that is causing me such angst. No one in this article or in the White House is suggesting Silicon Valley build crypto software that lets the US, but not any other country, view the plaintext contents. Why bring it up like they are?
Some idiots in some isolated buildings in Virginia might be saying that, but the government employs 10 million or more people. This outreach is positive. That backdooring is the problem, not this outreach.
It's a complicated issue -- HN's tactic of acting like children and putting their collective fingers in their ears when adults try to solve the real problem is getting on my nerves.
I just expect more from folks who claim to be among the best and brightest of Silicon Valley -- these conspiracy-level comments that pervade every single submission about the US government and crypto/privacy kill any real conversations before they can get started.
"One proposal, by Adm. Michael S. Rogers, the head of the National Security Agency, is to develop a split-key system in which companies hold half and the government, or some outside agent, holds the other half of the key to unlock encrypted communications. The two would be put together only with approval of a court. But many computer security experts reject that idea, saying it would leave too much room for theft and would motivate other governments to require the same."
Their existing 'solution' is a huge part of the problem. Sorry, you'll get very little sympathy from most here, and no one is giving the US gov a back door (not willingly, anyway).
Which attitude are you talking about? I don't think there is one that generalizes.
Also, whose security are you talking about? The article spends quite some time presenting national security concerns, but the proposals to enhance that often harm the ability of individuals and companies to secure their data (which the seemingly adult experts quoted in the article do bring up).
Right, because what they're doing in the cyber domain isn't lawful. Naturally they'll fix that retroactively.
> He urged the next generation of software pioneers and entrepreneurs to take a break from developing killer apps and consider a tour of service fending off Chinese, Russian and North Korean hackers...
Yeah, exploitation of vulnerability isn't partisan or nationalistic. While narrowly possible, it isn't really practical to fend off Chinese hackers without also fending off American ones, and vise versa.
> ...even as he acknowledged that the documents leaked by Edward J. Snowden, the former intelligence contractor, "showed there was a difference in view between what we were doing and what people perceived us as doing."
I can't help but picture these hacks that shill for the administration like cheaters who've been caught trying to talk their way out of it.
"Baby, I know I said I was visiting my grandma last night, and while I admit that leaked photograph of me kissing and groping my former lover is authentic, I swear to you it's not like that! The kiss had to be collected in case it was needed in the future but it's not cheating because I wasn't feeling into it at the time. You've got to understand there's a difference in view between what we were doing and what people perceived us as doing. I lied to keep you safe! Think of the greater good baby!!"