And there's no app for that.
February 22, 2011 8:07 AM   Subscribe

What's up, loaded headline?
posted by graphnerd at 8:10 AM on February 22, 2011

It's a challenge for a lot of things.
posted by boo_radley at 8:14 AM on February 22, 2011 [2 favorites]

Why the "internet" qualifier on freedom? If you aren't free on the internet, you aren't free.
posted by DU at 8:20 AM on February 22, 2011 [5 favorites]

The real challenge for freedom? Hypocrisy.
posted by spicynuts at 8:27 AM on February 22, 2011 [7 favorites]

It's not really hypocrisy if you just see it the way that the US government sees it: that Internet privacy is a destabilizing influence so we want lots of it in countries we don't like but very little of it here.

It's quite simple, really.
posted by Avenger at 8:34 AM on February 22, 2011 [10 favorites]

The US secretary of state, Hillary Clinton, praised the role of social networks such as Twitter in promoting freedom – at the same time as the US government was in court seeking to invade the privacy of Twitter users.

And others.

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet...

... officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages. [emphasis added]

posted by Joe Beese at 8:50 AM on February 22, 2011 [4 favorites]

officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.

Haha, who writes this shit? Why don't they try to pass a law mandating the invention of warp drive or something else that's really cool, since they're going to be doing things that are technically impossible anyway.
posted by tylerkaraszewski at 9:04 AM on February 22, 2011 [9 favorites]

Even if such a mandate were technologically feasible (see also: off-switch for the Internet), I'm less worried about Congress requiring all electronic communications to be capable of complying with a wiretap order than I am about the ease with which those wiretap orders are granted. By analogy, I don't want an unsearchable house; I want a government that doesn't issue search warrants without first establishing probable cause.
posted by Marty Marx at 9:14 AM on February 22, 2011 [17 favorites]

Allowing transfer of arbitrary data pipe to any machine on the Internet is pretty much the linchpin of freedom on the Internet. Unfortunately I don't think a lot of people actually realize that, so steps taken to "improve" the Internet to get rid of that capability could happen relatively easily without the public realizing the impact.
posted by burnmp3s at 9:19 AM on February 22, 2011 [3 favorites]

I'm less worried about Congress requiring all electronic communications to be capable of complying with a wiretap order than I am about the ease with which those wiretap orders are granted.

If they are capable of complying, that means that somebody in the company can read your everything. It also means that same somebody can choose to hand it over to the government if he/she desires (or is coerced.)
posted by callmejay at 9:35 AM on February 22, 2011

If they are capable of complying, that means that somebody in the company can read your everything. It also means that same somebody can choose to hand it over to the government if he/she desires (or is coerced.)

But they aren't capable of complying. It's impossible because public key encryption has already been invented and is available in the public domain. Even if every service provider built backdoors into every encryption scheme they ever used from this point forward, that would not prevent you from pre-encrypting data with your own key and attaching that as your message.
posted by tylerkaraszewski at 9:40 AM on February 22, 2011 [1 favorite]

to comply wouldn't companies just prevent encrypted communication?
posted by Shit Parade at 9:46 AM on February 22, 2011

How would they do that? Encrypted data is pretty much indistinguishable from random data.
posted by mrgoat at 9:49 AM on February 22, 2011

If they are capable of complying, that means that somebody in the company can read your everything

There are axe murderers out there in that crazy frontier no man's land, y'know, all anonnymouse and shit.

Wait a minute... I heard that in 1995

The playground just shrunk and expanded infinitesimally in the singular moment it takes you to shift your perspective of the online landscape. Our map of it is obsolete, the platform plateaued around 4 years ago and its not just matured, its Limburger.

Once I see that, I shake loose my frame of reference which has been tacitly underpinning my browsing all these here years and step back to refresh the view in order to adapt to the new environment. After all, San Francisco of the gold rush era it ain't and there aren't any laundries left on Stockton.
posted by infini at 9:50 AM on February 22, 2011

can read your everything


As an aside, I'm sure its sick adn perverted, I read those words and my first thought was oh, how romantic, someone can read my everything ;p
posted by infini at 9:52 AM on February 22, 2011 [1 favorite]

Probably not sick and perverted. I'll bet we end up with a song appearing in Music with that as a lyric before the week is out.
posted by hippybear at 9:56 AM on February 22, 2011

After all, San Francisco of the gold rush era it ain't and there aren't any laundries left on Stockton.

Maybe, but I hear tell there are still pawn shops south of Market.
posted by blucevalo at 10:10 AM on February 22, 2011 [1 favorite]

hippybear, now that's a bet I'd be willing to pawn my phone for, say $5 bucks donated to the house for beers
posted by infini at 10:12 AM on February 22, 2011

well then, someone better make an app for it chop-chop. i absolutely demand freedom and loathe hypocrisy; an app would be the perfect way for me to make the world a better place. i would totally pay for this because i will do anything to make a difference with the exception of unplugging my gizmos or getting out of my comfy armchair.
posted by the aloha at 10:16 AM on February 22, 2011 [2 favorites]

comfy armchairs for all!
posted by Shit Parade at 10:21 AM on February 22, 2011

Clearly, the US government doesn't understand this technology as well as it should if it intends to regulate it.
posted by willhopkins at 10:21 AM on February 22, 2011

How would they do that? Encrypted data is pretty much indistinguishable from random data.

The data is, but it's generally wrapped in a file format that tells the decryptor which algorithm was used, etc.

Yes, strictly speaking it's impossible to prevent people from exchanging encrypted information (possibly disguised as something else). It's easy to make it so inconvenient that nobody would do it, though - hell, that's the way it is right now, even without any legal restrictions.
posted by cdward at 10:27 AM on February 22, 2011

How would they do that? Encrypted data is pretty much indistinguishable from random data.

Right, if you let someone send arbitrary data over a system it's basically impossible to filter out encrypted data much less decrypt it. The "intercept and unscramble encrypted messages" line quoted above makes it sound like that is what the proposed legislation aims to do, but really the goals are different. Here are the main points listed in the article:

Communications services that encrypt messages must have a way to unscramble them.

Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.

Developers of software that enables peer-to-peer communication must redesign their service to allow interception.

So basically if a company like RIM is based outside of the US and uses encryption for its communication system, they would be required to add in a way for a wiretap to be installed to monitor that traffic. Of course the end user could use another device to create an encrypted message and manually enter it into the Blackberry keypad or something, but the default plaintext traffic over the system would be vulnerable.

More importantly they would be attempting to make it illegal for a service to offer private peer-to-peer communication via their system. So something like Hushmail that lets users create a one-to-one private encrypted conversation that even Hushmail can't read would be illegal. Again this could be done completely on the client side without Hushmail's help, but there are existing laws like the DMCA that are similarly unenforceable on an individual level.

Also once you throw in the concept of locked down devices that only allow certain types of apps to run, it's not inconceivable to imagine that you wouldn't be able to have private conversations on a system without using an elaborate and cumbersome process to do the encryption outside of the system itself. Given that most people (including many of the targets of wiretaps) don't bother to install something like PGP that is free and takes a few minutes to set up, it's unlikely that there would be a lot of encrypted traffic on such a system.
posted by burnmp3s at 10:37 AM on February 22, 2011 [2 favorites]

GOVERNMENT REQUIRES EVERYONE TO LIVE IN GLASS HOUSES, MANDATES STONES.
posted by blue_beetle at 10:39 AM on February 22, 2011 [5 favorites]

I can't help but think that this GRAR is directed at the privacy of the Wikileaks folks: if this were stolen credit cards, child pornographers, or other politically-incorrect actors, nobody would give a half damn. Amount of outrage about Jared Loughner's dox bein' run by the federales: zero.

Also, Sterling's piece, WTF:
Social benefits maybe — but ECONOMIC benefits? Where? To whom?

...says a guy I'm sure sees some economic benefit monthly.
posted by Ogre Lawless at 10:47 AM on February 22, 2011

Well of course. We've had this discussion on the blue before, and I'm at least a little versed in it. My point was just that you can't "simply not allow encrypted traffic".

I see the danger in legislation like this, I'm not arguing that it wouldn't make it more difficult to communication via encrypted channels, just that it's not particularly easy for a service provider to just filter out encrypted traffic.

What really gets me though, is that the cat's out of the bag on encrypted channels. As tylerkaraszewski pointed out, public-key encryption has been invented. They shouldn't be worrying about having the ability to tap the communications of people who are already too lazy to encrypt, and this kind of legislation does absolutely nothing about people who aren't. They also can't make it illegal to do your own client-side encryption without breaking every electronic banking protocol in existence. All they can really do, is make it harder to make money selling encryption products.
posted by mrgoat at 11:06 AM on February 22, 2011 [1 favorite]

No mention of the 70-something George McGovern who was arrested for merely TURNING HIS BACK during said speech.

fuck the technology, there are still 'lack of humanity' issues that we can address first
posted by lslelel at 11:48 AM on February 22, 2011

They also can't make it illegal to do your own client-side encryption without breaking every electronic banking protocol in existence. All they can really do, is make it harder to make money selling encryption products.

If by "client-side" you mean on the actual communication device itself, it's not a huge stretch to imagine a scenario where SSL/TLS is used for client to server communication (which can be decrypted and provided to law enforcement on the server side), but could not be used for client to client connections. There are plenty of devices out there already that do not allow arbitrary code to be executed so it's not a given that client-side peer to peer encryption logic can be implemented by individuals without support of the manufacturers and service operators.

As I said before it would be impossible to prevent previously encrypted information from being entered into the device and sent, but creating a legal and technological climate that makes it much more difficult to encrypt everyday communication is not unthinkable. Of course such a plan could backfire spectacularly and provoke the creation of a huge unregulated darknet that would be much harder to monitor than the current system.
posted by burnmp3s at 12:00 PM on February 22, 2011 [1 favorite]

It was actually Ray McGovern who was arrested. Here is an article about the incident.
posted by hippybear at 12:00 PM on February 22, 2011 [3 favorites]

No mention of the 70-something George McGovern who was arrested for merely TURNING HIS BACK during said speech.

fuck the technology, there are still 'lack of humanity' issues that we can address first

Ray McGovern?
posted by dougrayrankin at 12:00 PM on February 22, 2011

Blind-sided by security officers who pounced upon him, McGovern remarked, as he was hauled out the door, "So this is America?"

Huh. That is about the single most bad-ass way to deal with that scenario. If I had a hat, it would be thoroughly tipped.
posted by thsmchnekllsfascists at 12:11 PM on February 22, 2011 [2 favorites]

Of course such a plan could backfire spectacularly and provoke the creation of a huge unregulated darknet that would be much harder to monitor than the current system.

If introduced gradually it almost certainly wouldn't (or the darknet would appear, be the talk of the web for a week, and then be forgotten when the fad loses novelty). It all comes down to the aforementioned gizmo/sofa attitude.
posted by cdward at 12:20 PM on February 22, 2011

As I said before it would be impossible to prevent previously encrypted information from being entered into the device and sent, but creating a legal and technological climate that makes it much more difficult to encrypt everyday communication is not unthinkable.


This. Yes, public key crypto may already be out in the wild, but the government can make it almost impossible for common people to use it.

First, mandate that all communication providers implement backdoors and CALEA-like network tapping points

Second, mandate that every consumer device manufacturer implement a "Trusted Computing" initiative. We're doing it to protect intellectual property, or prevent child pornography. You're against child pornography, aren't you?

At that point, you can only run "trusted" code on your information device, be it a computer or Blu-Ray player. PGP is no longer an option, unless you have an older computer that can run it. Or you can root your device, which according to the DMCA, is illegal.

Sure, a few hackers and extremely knowledgeable individuals can circumvent these things, but at that point it's much easier to pinpoint who these individuals are and focus the massive decryption compute ability on them. Or just "kick them off the network", much like Microsoft and Sony do now for modded devices. But most people don't circumvent their devices.

Remember, the US PATRIOT act just got renewed. Laws like this aren't as unlikely as they seem.
posted by formless at 12:23 PM on February 22, 2011 [1 favorite]

The Ray McGovern beating and drag-off happened in front of Hilary as she was speaking about freedom of speech. It's all just words to these people. They don't actually believe any of it.
posted by Kirth Gerson at 12:35 PM on February 22, 2011 [5 favorites]

At that point, you can only run "trusted" code on your information device, be it a computer or Blu-Ray player. PGP is no longer an option, unless you have an older computer that can run it. Or you can root your device, which according to the DMCA, is illegal.

Well, yes, if you make general-purpose computers illegal and require government authorization for every piece of code, you could keep people from using encryption. Duh.

What you're talking about though, is not really feasible. You're essentially talking about getting rid of computers entirely. Removing any possibility of an end-user running any sort of their own code? Even your spreadsheet software would become illegal, or useless, since it would no longer be allowed to do arbitrary math based on user input.
posted by mrgoat at 12:53 PM on February 22, 2011

Thanks for posting that McGovern link Hippybear. This does not suprise me and that bothers the heck out of me. I would like to get more data before saying HOW PISSED OFF I AM because the sec. of State could not address a protester like a person. Screw the blah-blah, she should have addressed him and if he became distruptive, then he should have been asked to leave for all to hear.

If I had a hat, it would be thoroughly tipped.

It's hat day and mine is tipped.
posted by clavdivs at 12:54 PM on February 22, 2011

I'm curious, aren't Apple devices already much like what is being described in that nothing wild can grow in that orchard?
posted by infini at 12:56 PM on February 22, 2011 [1 favorite]

I'm curious, aren't Apple devices already much like what is being described in that nothing wild can grow in that orchard?

I think they can still run javascript.
posted by mrgoat at 1:00 PM on February 22, 2011

As an Australian i'm more worried about the proposed Internet filter
posted by Lovecraft In Brooklyn at 1:16 PM on February 22, 2011

But they aren't capable of complying. It's impossible because public key encryption has already been invented and is available in the public domain.

I agree with this entirely. However, most people don't use encryption for personal communication. Companies can't comply 100%, but they can hand over everything non-encrypted and they can offer easy encryption that has a backdoor. In practice, most people's "everything" would be vulnerable.
posted by callmejay at 1:17 PM on February 22, 2011

In other news: Feds Appealing Warrantless Wiretapping Defeat
posted by homunculus at 1:33 PM on February 22, 2011

What you're talking about though, is not really feasible. You're essentially talking about getting rid of computers entirely. Removing any possibility of an end-user running any sort of their own code?

As infini brought up, originally Apple prohibited interpreted code for iPhone apps in the app store. As a developer of a mobile LOGO app, this hit me personally. They've relaxed the restrictions, but they still don't let users run downloaded code. The user must type the code in directly. See this stackoverflow question about interpreted iPhone code.

A combination of corporate policies and the move toward walled-off app stores and government restrictions could very easily remove the ability for normal users to run encryption code.
posted by formless at 2:46 PM on February 22, 2011

hippybear's video and link are incredible. He should sue the government.

I am an American and I am afraid of my government.
posted by Shit Parade at 3:14 PM on February 22, 2011 [1 favorite]

cdward: "

How would they do that? Encrypted data is pretty much indistinguishable from random data.

The data is, but it's generally wrapped in a file format that tells the decryptor which algorithm was used, etc.

Yes, strictly speaking it's impossible to prevent people from exchanging encrypted information (possibly disguised as something else). It's easy to make it so inconvenient that nobody would do it, though - hell, that's the way it is right now, even without any legal restrictions"

Looks like I picked the wrong week to give up steganography.
posted by Splunge at 3:19 PM on February 22, 2011

A combination of corporate policies and the move toward walled-off app stores and government restrictions could very easily remove the ability for normal users to run encryption code.

A government restriction on all machines though? Businesses would go apeshit. They'd have to get government approval every time they wanted to do a new bit of custom analysis on their own data.

Although, the more I think about it, you guys are changing my mind. With enough regulation, you can do anything, and I was hopeful there'd be a pushback, but I can see a little more clearly now how the progression goes. Americans almost never push back against our government in any meaningful way. First, you need to be a business to run arbitrary code, so no hobbyist market. ESR (and some colleges) flip out, the DoD and airforce Cybercommand put out a press release calling him, and them, hippies, and the story goes away. Second, require licensing as a software developer. A good portion of the developer community, and some colleges flip out. They are fired and lose federal grant money, the story goes away. Third, a developer has to personally sign off on their code, with huge penalties for code that can be used illegally. The few people remaining who write code agree with this, likening it to engineers and bridges. Fourth, penalties for owning hardware that can execute unsigned code, because what are you, a fucking pirate hippie?

It would completely cripple the US economy, I would think. Not a lot of research would go into things like encryption, a field where the US is most definitely not the only contender. Work would go overseas - China has a number of good cryptographers, for instance. We quickly lose our place as the top tech country in the world.

But why would they care about that? They're already trying to turn this country back into serfs and masters.

Thanks for killing some of my optimism, metafilter!
posted by mrgoat at 3:40 PM on February 22, 2011

This has been going on forever and they won't be able to do a darned thing about it. PGP and the crypto wars of the early 90s proved that there is no way to stop this technology.
posted by humanfont at 3:58 PM on February 22, 2011

there is no way to stop this technology.

They don't need to, nobody's using it.

The question of whether it would be effective to ban strong cryptography is a red herring. If the government wants to spy on us (and the whole point of this article is that they do), the tiny percentage of traffic that's encrypted end-to-end isn't going to stop them from trawling Facebook, Twitter, etc.
posted by cdward at 5:09 PM on February 22, 2011

It would completely cripple the US economy, I would think. Not a lot of research would go into things like encryption, a field where the US is most definitely not the only contender. Work would go overseas - China has a number of good cryptographers, for instance. We quickly lose our place as the top tech country in the world.

As the recent revolutions in the middle east have shown, the ruling classes of their respective nations actually care very little about the
economy compared to retaining their hold on power. Ghadaffi is currently in the process of leveling
his entire country so that he might remain King of the ruins.

Our leaders aren't quite as brutal (hopefully) but have no doubt that they would utterly destroy our economy to retain a position of privilege in whatever society is left in the aftermath. Nationalists want their nation to be #1, capitalists (of any nationality) just want to be powerful. Sometimes those goals work together, oftentimes they don't.

Bananna Republic: you're living in it.
posted by Avenger at 6:05 PM on February 22, 2011

It all comes down to the aforementioned gizmo/sofa attitude.

I'm curious what it would take to overcome their apathy and ditch IE, use strong passwords, and learn about Tor/PGP. Would the introduction of government backdoors into every single communication system be enough? Somehow I doubt it. I don't think the public will ever believe it could happen to them.
posted by willhopkins at 9:57 PM on February 22, 2011

I'm curious what it would take to overcome their apathy and ditch IE, use strong passwords, and learn about Tor/PGP.

It'll happen when software makes it all transparent for them so they don't have to worry about it.
posted by callmejay at 7:48 AM on February 23, 2011

there is no way to stop this technology.
They don't need to, nobody's using it.

Except for the TLS encryption everytime you go to https. Or the VPN, use VoIP calling, etc. Apparently you ate unaware that this strong crypto was illegal to export and initially one could not export software with key sizes larger than 40bits.
posted by humanfont at 7:38 PM on February 24, 2011

Kirth Gerson ... and therein lies the problem. The mindblowing hypocrisy of what happened there leaves me completely stunned. This was 10 days ago and not one major news source mentions it.
The Land of the Free.
posted by adamvasco at 2:01 AM on February 25, 2011