"Safeguard our right to privacy"
March 12, 2016 6:14 AM   Subscribe

"Law enforcement must be legally able to collect information ..." – Barack Obama, at sxsw. (Full video of talk.) Contrary to the official change.gov agenda item of "Safeguard our right to Privacy," President Obama has come out in favor of law enforcement. This comes at the heels of an article stating that NSA intercepts will be shared with other intelligence agencies, bypassing parallel construction.
posted by xcasex (186 comments total) 15 users marked this as a favorite
 
this is my surprised face
posted by entropicamericana at 6:22 AM on March 12, 2016 [17 favorites]


Okay, so as a looney leftie who is constantly told by liberals I can't dislike Obama for things like ramping up the drone war, finding legal justification to extrajudicially murder American citizens without trial, and so on and so forth, because of his "other accomplishments" that just outweigh that so much. You know, like that hand-out to the insurance industry instead of giving us Single Payer healthcare we all asked for, oh and don't forget, he's cool with gay people! So *waves hands* just forget all this icky shit happening, he loves teh gays! Isn't that just progressive?

So, for real, considering this is fucking flat out going down the 1984/Police State hole, can I officially hate Obama for such obviously fascist positions? Can I just say I hate him, just this once, and not be told that I'm not a good liberal because of it? That I need to let it go because he's done some minor stuff for regular people?

What the living hell is going on with our government? How can they make these kind of arguments with a straight face, and why am I expected to take them fucking seriously, and treat them with respect when they pull this kind of shit? How am I supposed to take Democrats seriously when this is just as bad, or worse, than anything Bush II ever pulled while in the White House?

This was a moment that the shoe incident needed a fucking repeat. Maybe a swift redwing to the noggin might make Obama realize he's being the worst he can fucking be. He may have skipped Nancy Reagan's funeral for this, but god damn did he position himself on the coattails of Reagan with this speech.

Seriously, I am so angry right now. I can hardly even contain it over this shit.

Honestly, any government official suggesting this kind of thing against their citizens should be fucking impeached.
posted by deadaluspark at 6:25 AM on March 12, 2016 [61 favorites]


Why is this Obama's surprising affront to privacy? The FBI wouldn't be seeking backdoors at all if he hadn't given the okay, tacitly or explicitly.
posted by Holy Zarquon's Singing Fish at 7:31 AM on March 12, 2016 [3 favorites]


He may have skipped Nancy Reagan's funeral for this, but god damn did he position himself on the coattails of Reagan with this speech.

Presidents don't go to former First Ladies funerals current First Ladies do.

Otherwise spot on. I wonder HOW the NSA, FBI, et al. did any spying at all before our new modern tech?!
posted by Max Power at 7:34 AM on March 12, 2016 [2 favorites]


Here's a tweet with the President's comments on encryption. Obama still thinks that there's some middle ground to be found, then throws his hands up and says "but I'm not a software engineer lol!"
posted by antonymous at 7:43 AM on March 12, 2016 [7 favorites]


How can they make these kind of arguments with a straight face, and why am I expected to take them fucking seriously, and treat them with respect when they pull this kind of shit?

because TEH TERRORS, or, if you can't get on board with that, TEH CHILDRUNS.

GET WITH THE PROGRAM, CITIZEN! THINK OF THE HOMELAND. *eyes deadaluspark warily, adds a flag to his file*
posted by entropicamericana at 7:46 AM on March 12, 2016 [7 favorites]


He does want strong encryption for important infrastructure "like banks", though.. First thing he thinks of is banks. Not power plants, hospitals, water treatment... Banks
posted by mrbigmuscles at 7:49 AM on March 12, 2016 [37 favorites]


Gruber's take
I keep thinking about a line from Orson Welles’s Touch of Evil: “A policeman’s job is only easy in a police state.”
posted by ChurchHatesTucker at 7:50 AM on March 12, 2016 [33 favorites]


*eyes deadaluspark warily, adds a flag to his file*

Ah, I see you got the memo.
posted by deadaluspark at 7:52 AM on March 12, 2016 [1 favorite]


The thing that bothers me personally, is that the enactment of these surveillance dragnets are ... ineffective by their very nature. Anyone who's done any DBA knows it.
The other side is that from all the news-sleuthing I do is that i've gotten the impression (entirely subjective) that HUMINT has gone the way of the dodo.
dragnet surveillance builds sociograms, sociograms show relationships between nodes, so imagine that odd guy you had in class in highschool that had a radical political livejournal which you once posted a comment to, mass intercepts would show you as a node to that person, but humint would say "yeah he just posted once on the guys blog in highschool" which is worse?

the whole cryptowars thing is this, and i fail to see how politicians fail to note it is, making devices backdoored enables adversaries access as well, its a problem today without ease of use how will it be WITH ease of use? yeah, that's right.

not to mention the promises made not to hand out intercepts in the reported way that they will now....
posted by xcasex at 8:04 AM on March 12, 2016 [3 favorites]


Florida sheriff pledges to arrest CEO Tim Cook if Apple resists crypto cooperation.
"You cannot create a business model to go, 'We're not paying attention to the federal judge or the state judge. You see, we're above the law,'" Judd said. "The CEO of Apple needs to know he's not above the law, and neither is anybody else in the United States."

"But believe you me, if I get a toe hold in this county and I can get the state attorney's office to prosecute, and a judge to back us up with it, I'll lock the rascal up," Judd concluded.
So we've got public officials that are what I can only assume are deliberately being obtuse determined to arrest a possible dissenter.
posted by Talez at 8:04 AM on March 12, 2016 [11 favorites]


Florida Sheriff is the new Florida Man.
posted by entropicamericana at 8:06 AM on March 12, 2016 [8 favorites]


So we've got public officials that are what I can only assume are deliberately being obtuse determined to arrest a possible dissenter.

Yeah, that's not at all worrying.
posted by xcasex at 8:07 AM on March 12, 2016 [1 favorite]



Techdirt: President Obama Is Wrong On Encryption; Claims The Realist View Is 'Absolutist'
If you watch that, the President is basically doing the same thing as all the Presidential candidates, stating that there's some sort of equivalency on both sides of the debate and that we need to find some sort of "balanced" solution short of strong encryption that will somehow let in law enforcement in some cases.

This is wrong. This is ignorant.
Also, lots of this kind of stuff in the iPhone thread.
posted by ChurchHatesTucker at 8:09 AM on March 12, 2016 [15 favorites]


"In an interview with Reuters, Obama said he was concerned about Beijing's plans for a far-reaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security "backdoors" in their systems to give Chinese authorities surveillance access."

linky
posted by xcasex at 8:11 AM on March 12, 2016 [5 favorites]


The unlocking of phones has been a routine investigative practice for some time now. It has also been a key vector for cybercrime. I'm disappointed by Obama's stance here, but I understand where its comming from. The status quo isnt one of strong universal encryption. It is difficult to argue that this creates an Orewellian distopia when it is blocking, rather than bringing a change.
posted by humanfont at 8:13 AM on March 12, 2016 [2 favorites]


I'd be a little more comfortable with Obama's position on state surveillance if it was logically extended to the citizens being able to surveil the state. But alas....
posted by srboisvert at 8:16 AM on March 12, 2016 [3 favorites]


“If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” Mr. Obama said. “How do we disrupt a terrorist plot?”
Obama goes right for the biggest and most effective vectors for state attack against civil liberties: child porn and terrorism. As long as you can paint privacy as the intent of the absolute worst people, you can convince society to give up more and more of it. They are always a camel's nose in the tent, and we've actually gone to the point where the USA does the largest scale spying on its own citizens of any country ever. Obama can never answer the question: why should we trust the government with that technology? We know that the FBI is a serial abuser of its privileges in the interest of stamping out dissent in this country; why on earth would we trust them with the ability to get into any system ever?
posted by graymouser at 8:16 AM on March 12, 2016 [35 favorites]


It is difficult to argue that this creates an Orewellian distopia when it is blocking, rather than bringing a change.

Encryption is an arms race. You block change, you block progress and we're increasingly worse off for it.
posted by ChurchHatesTucker at 8:16 AM on March 12, 2016 [4 favorites]


Some lefty comment (self proclaimed leftist) asked if it was ok now to hate or dislike Obama. Yes. But it was some time ago. But lest you think there will be an improvement under a new president, I can tell you in advance: NO. Another comment wondered how the govt spied on its citizens before our current technology. Remember the old days: the FBI took care of internal matters...keeping tabs mostly on left of center "trouble makers." The NSA kept tabs on outgoing and incoming phone calls from beyond our borders. Now internal and external. CIA, external ops but lord knows what they are up to these days. Does Obama and elected officilals even know? I doubt it.
posted by Postroad at 8:18 AM on March 12, 2016 [5 favorites]


"But believe you me, if I get a toe hold in this county and I can get the state attorney's office to prosecute, and a judge to back us up with it, I'll lock the rascal up,"

The county prosecutor stands ready to charge that rascal with attempted monkeyshines, tomfoolery in the second degree, and aggravated goings-on.

I just want to know whose TV broke open and allowed a Dukes of Hazzard character to escape into our world.
posted by dr_dank at 8:19 AM on March 12, 2016 [19 favorites]


the whole cryptowars thing is this, and i fail to see how politicians fail to note it is, making devices backdoored enables adversaries access as well, its a problem today without ease of use how will it be WITH ease of use? yeah, that's right.

The public argument is always "we'll let the boffins work that out." See Clinton's "Manhattan Project" remarks. I'd imagine the actual reasoning is that any communications intelligence agencies care about keeping safe won't go over backdoored systems, so that's not a concern to them.
posted by skymt at 8:21 AM on March 12, 2016 [3 favorites]


I just want to know whose TV broke open and allowed a Dukes of Hazzard character to escape into our world.

The Dukes of Hazzard, minus the Duke Boys themselves, could basically be a documentary of vast swathes of the country. Only now Roscoe is juicing and has permanent 'roid rage.
posted by entropicamericana at 8:25 AM on March 12, 2016 [3 favorites]


Cory Doctorow's take
If decades of attending SXSW (I leave for the airport in 30 minutes!) has taught me anything, it's that someone will be selling or giving away "phone fetishist" tees with PGP sourcecode on one side and a magic pony on the other before the week is out.
posted by ChurchHatesTucker at 8:38 AM on March 12, 2016 [1 favorite]


Yeah, the Republican alternative is almost always worse, but the Democrats are generally fucking awful.
posted by Ickster at 8:40 AM on March 12, 2016 [2 favorites]


It's not about phones, it's about privacy.

Someone needs to form a group to break down exactly why privacy is important, and then construct really awesome communication about why privacy is important.

Right now, "privacy is important" is being treated like a given by some people, and is easily ignored by other people.

The basis for the importance of privacy needs to be spelled out.
posted by amtho at 8:44 AM on March 12, 2016 [3 favorites]


I'm curious because it's been a long time since I've been in school: When they teach the Constitution nowadays, do they just skip the Fourth Amendment or do they skip the entire Bill of Rights?
posted by entropicamericana at 8:47 AM on March 12, 2016 [7 favorites]


So, for real, considering this is fucking flat out going down the 1984/Police State hole, can I officially hate Obama for such obviously fascist positions?

Here's the deal:

Both parties support mass surveillance.

Both parties support Wall Street, and are bankrolled by Wall Street.

Both parties support foreign wars of aggression.

BUT

One party is avowedly white supremacist and openly brags about the coming mass deportation / extermination of the inferior races, while the other party does not.

So, we vote for the party that does not. Is it a great choice? No. But it's the best that we've got right now.
posted by Tyrant King Porn Dragon at 9:01 AM on March 12, 2016 [18 favorites]


tl;dw: What was the audience's reaction?
posted by ZenMasterThis at 9:12 AM on March 12, 2016 [1 favorite]


[There are plenty of threads to choose from for general political discussion. This is not that thread. Stick to the phone privacy issues.]
posted by Eyebrows McGee (staff) at 9:12 AM on March 12, 2016


Someone needs to form a group to break down exactly why privacy is important, and then construct really awesome communication about why privacy is important.

Privacy is a right, like speech, enshrined in the 4th amendment*, and it is incumbent upon a party to justify the abrogation of that right, not upon a party to justify exercising that right.

It's that simple.

*Albeit with a great deal of flexible language: what is 'secure' or 'unreasonable' or 'probable'? Then again, even free speech has limits. This is why we have an independent judiciary.
posted by eclectist at 9:14 AM on March 12, 2016 [1 favorite]


dr dank

Of all the things wrong with that there's Judd's damn position, you go after his dialect?
posted by ridgerunner at 9:21 AM on March 12, 2016 [1 favorite]


Yeah, but surely we could form a coalition with more specific horror stories about how either a Trump or Clinton administration would abuse this power. Plenty of people willing to believe the worst about one or both of them.
posted by straight at 9:24 AM on March 12, 2016


Privacy is probably not the argument to make. I've just not seen enough people care, especially folks born before the digitizing of everything.

Pushing the panic button works, so maybe 'Criminals love open doors. Why does the FBI and Obama love criminals!!!' Maybe that works?

Privacy as an important right is a discussion I've had many times, and all it does is bring up visions of tin-foil among the more privileged or older folks.
posted by Strange_Robinson at 9:24 AM on March 12, 2016 [1 favorite]


What straight said
posted by Strange_Robinson at 9:26 AM on March 12, 2016


When the government is investigator, arbitror, judge and jury, your freedoms are already lost. As noted above, J. Egdar kept detailed files on politicians, D and R, that he could access if needed to protect his fiefdom. I'm sure the NSA, DOD, and CIA do as well. They know how the game is played. But the same files exist for others such as reporters, CEOs, judges, etc. - anyone in a position to push back against the state.

When the local DA announces that they have busted another child pornographer because they found images on his hard drive, or an ISIS sympathizer, or the bogeyman du jour, how can you defend yourself? The presumption of innocence is a quaint conceit. How can you, as technically adept as you may be, prove that those are not my files, when your criticisms are spun to the layperson reader or juror as further evidence that you just clumsily tried to hide or erase them.

Think this hasn't happened? Oh for the days when I could just be accused of being a Communist.
posted by sudogeek at 9:28 AM on March 12, 2016 [4 favorites]


Privacy is a right, like speech, enshrined in the 4th amendment*, and it is incumbent upon a party to justify the abrogation of that right

The 4th amendment permits warrants, doesn't protect metadata, and so on. This is a policy dispute, not a constitutional one.
posted by jpe at 9:37 AM on March 12, 2016 [3 favorites]


Rapid technological advancements “offer us enormous opportunities, but also are very disruptive and unsettling,” Obama said at the festival, where he hoped to persuade tech workers to enter public service. “They empower individuals to do things that they could have never dreamed of before, but they also empower folks who are very dangerous to spread dangerous messages.”

You know what other technological advancement got the same reaction?

Book printing.
posted by DreamerFi at 9:38 AM on March 12, 2016 [23 favorites]


It's not citizens who are fetishizing their iPhones. It's the fucking government who is fetishizing them. Citizens just want the government to respect their Constitutional Rights.

Obama is not the originator of this policy, but he is wrong to support it. With the exception of John F. Kennedy, I cannot think of any former President who would adequately and sensibly limit the powers of the executive and law enforcement.

Obama's public support of the erosion of our Civil Liberties and of our Constitutional Rights is personally shameful and a human disgrace.
posted by mistersquid at 9:38 AM on March 12, 2016 [5 favorites]


Privacy is a right, like speech, enshrined in the 4th amendment*, and it is incumbent upon a party to justify the abrogation of that right


The 4th amendment was torn to shreds a long time ago.
posted by Max Power at 9:41 AM on March 12, 2016


Not that this would ever happen but...I suppose Apple could change this game entirely by releasing relevant source code (for iOS and tool chains) to make it possible for the open source community to jump in, add whatever monster security features it wanted, and install these on the phone, eschewing a few conveniences like iCloud.

So then Tim Cook shrugs and says: "Hey, don't look at me!"
posted by Insert Clever Name Here at 9:41 AM on March 12, 2016 [3 favorites]


It is remarkable to me that law enforcement was able to catch and convict anyone before iPhones.
posted by pashdown at 9:53 AM on March 12, 2016 [6 favorites]


How can you, as technically adept as you may be, prove that those are not my files, when your criticisms are spun to the layperson reader or juror as further evidence that you just clumsily tried to hide or erase them.

Yeah ... The government's gotten lazy ... They want it so they don't even have to physically break into your house or car any more to plant "evidence."
posted by ZenMasterThis at 9:55 AM on March 12, 2016 [3 favorites]


Every single thing about this speech made me angry.

Look at the definitions of "fetish" - either we're morons who believe in spirits in our machine, but more likely he means: "a form of sexual desire in which gratification is linked to an abnormal degree to a particular object, item of clothing, part of the body, etc." - so he's basically implying we're sex perverts because we don't want the government spying on us.

The worst is that this is from a President who's been obsessed with government secrecy and who has relentlessly persecuted whistleblowers.

I cried when Mr. Obama was elected. It was rational to be relieved that McCain/Palin didn't make it - I still don't regret it one bit - but I should have listened to my own long-time advice about politicians - "Don't get to like these people. They always have their own best interests at heart, far ahead of yours. You need to harden your heart and keep their feet to the fire at all times - it's best for both of you."
posted by lupus_yonderboy at 10:07 AM on March 12, 2016 [14 favorites]


I disagree with his position here, but I think he's got a point that any encryption regime designed by uninformed, hostile reactionaries in Congress will be far more flawed and dangerous than a compromise system built in collaboration with Silicon Valley.

Of course, any backdoored encryption scheme will inevitably leak out and render the whole thing useless, so it's just a matter of time either way -- doesn't mean the industry shouldn't go down fighting, though. Obama just doesn't understand this because he is by his own admission not a software engineer. It would be nice, though, if he took his own advice here when it comes to politicians deferring to experts on technical issues.
posted by Rhaomi at 10:39 AM on March 12, 2016 [1 favorite]


Encryption needs to the left's version of gun rights. Drape it in the narrative of individual rights vs. government tyranny. Become frothing mad and paranoid about the issue. Respond to any new legislation with apocalyptic language and overwhelming political force. Accept no compromises, no matter how small or inconsequential. Make the issue completely untouchable.
posted by dephlogisticated at 10:48 AM on March 12, 2016 [13 favorites]


Not that this would ever happen but...I suppose Apple could change this game entirely by releasing relevant source code (for iOS and tool chains) to make it possible for the open source community to jump in, add whatever monster security features it wanted, and install these on the phone, eschewing a few conveniences like iCloud.

They've agreed to let the Chinese do a code review*, so it's not impossible, but more likely they're looking at something like this (posted by jeffburdges in the other thread.)
Under that model, when Apple created and signed a new update it would pause before distributing it to ask for additional “witness” signatures from other people it had granted keys to. Whether or not diverse witnesses provided their signatures would signal to the security community whether this was a routine update or something unusual, says Ford.
* Ironically, the Chinese seem more interested in actual security than the feds.
posted by ChurchHatesTucker at 10:48 AM on March 12, 2016 [1 favorite]


I'm old enough to remember the golden years when PATRIOT Act I, which started this whole particular ball of wax, was actively opposed by some Democratic Party congress-critters; some even spoke on the floors of the Senate and House and risked not being re-elected for their opposition. (Well, in the bastion of courage that was the 107th Senate, only one actually voted against: Russ Feingold.)

The Obama Administration, on the other hand, has backed renewal of PATRIOT Act provisions for quite some time, including heightened FBI surveillance of US citizens, NSL letters, the "material support" statute, and the FISA Amendment Acts of 2008 (warrantless dragnet collection of citizens' international phone calls), so the POTUS's aggressive stance on cybersecurity (oops, bolstering the ever-expanding ability of the security state to reach into every corner of our lives) should come as little surprise.

Just for the record, Hillary Clinton voted for the PATRIOT Act as a senator; Bernie Sanders, then in the House, voted against it. Same with all the renewals since 2001 on which they were eligible to cast votes.
posted by blucevalo at 10:50 AM on March 12, 2016 [22 favorites]


Obama gets information on this problem from all sides. What he seems to be doing at this point is surfacing law enforcement and his security advisors concerns. This gives us a chance to respond with education and attempting to minimize the concerns. Obama hasn't announced a policy yet, just tried to put some broad parameters in place for what the discussion needs to be. Avoid giving up on the administration yet, we have seen in other fights like net neutrality that we can win by making a stronger case.
posted by humanfont at 11:14 AM on March 12, 2016 [1 favorite]


Obama hasn't announced a policy yet

The Justice Department sure has.
posted by ChurchHatesTucker at 11:17 AM on March 12, 2016 [3 favorites]


Encryption needs to the left's version of gun rights.

Probably wouldn't be that hard to get a lot of folks from the right behind this, too ... The government's spying on ALL of us, y'know. My dad's a lifelong Republican and NRA member and he's genuinely pissed that the FBI's doing this.
posted by ZenMasterThis at 11:23 AM on March 12, 2016 [7 favorites]


Actually, from what I've seen so far, the right-leaning folks actually seem to care about this issue a hell of a lot more than any of my "liberal" friends. After the Snowden files dropped, there was that short-lived Restore the Fourth group, and it consisted of far more libertarians than liberals. For a while now it really has felt like the left has really dropped the ball when it comes to the privacy issue.
posted by deadaluspark at 11:29 AM on March 12, 2016 [6 favorites]


> What he seems to be doing at this point is surfacing law enforcement and his security advisors concerns.

Must you use weasel words like "surfacing"? If that's all it is, why doesn't he "surface" some privacy concerns too?

He isn't just "surfacing" them - he's advocating for them, and he's using emotionally loaded words to do it: "abducted a child", "fetishize", "child pornographer", "drunk drivers".

It's also very interesting that towards the end of his speech, he says, "But I caution -- I am way on the civil liberties side of this thing." and then goes back immediately to say, "But the dangers are real. Maintaining law and order and a civilized society is important. Protecting our kids is important." without ever once giving even a hint of how civil liberties might be protected or even which ones - in other words, a quite literal namecheck of the phrase "civil liberties" with no associated content.

Transcript is here.
posted by lupus_yonderboy at 11:42 AM on March 12, 2016 [11 favorites]


This is the sort of thing that could only happen under a Democratic president. If this came to light under a Republican president, people would be screaming bloody murder.

I love Obama, and I see his presidency as being mostly successful. But privacy is the one area where he legitimately screwed the pooch.

Can't wait to see how these technologies and policies are used once we've got someone genuinely scary in charge of the executive branch.
posted by panama joe at 11:52 AM on March 12, 2016 [5 favorites]


I will say, though, I tend to favor history fan Dan Carlin's take on privacy. Which is that, someday, there's going to be some kind of massive privacy disaster (he refers to it as "the 9/11 of privacy") that's going to put powerful peoples' information out there. And that's when we're going to have a national Moment of Reckoning as regards to privacy.

And I think this viewpoint has some merit. I mean, think of all the data brokers out there who can build up a profile of you based on cookies and other sneaky shit. They could probably figure out what kind of porn you're into and what other dirty secrets you have. I can't imagine all these data brokers have stellar security. Nobody really does. So what happens when one of these data brokers just straight up gets vivisected? Like, all their data, right out there in the open, for any damn fool to index and make available through a simple web app? Think the Ashley Madison hack, only bigger. Much bigger. Like "put in the name of any powerful person and find out what porn they like" bigger. What then?

Well, I think it's inevitable something like that is going to happen. I can't see how it can not happen. And when it does happen, that's when we're finally going to have this Great National Conversation about privacy.

It's going to be bigger than Snowden.
posted by panama joe at 12:05 PM on March 12, 2016 [9 favorites]


Waaaaiiit a seconnnnd ... Since the Republicans reflexively oppose everything Obama says he's in favor of ... IT'S A TRICK!!!
posted by ZenMasterThis at 12:06 PM on March 12, 2016 [3 favorites]


Information security empowers the people, and the state can't have that. No amount of reasoning with a President, nor his/her private values on the matter, will cause governments to change their view or act differently. It's an existential threat and institutions tend to counter it with the only thing they know; power.
posted by polymodus at 12:09 PM on March 12, 2016 [11 favorites]


Obama is right on at least one thing. If Apple, and the rest of the tech community treat this as just a technical issue, they have a very strong likelihood of being forced into horrible "compromises" when legislatures start making laws about this. "The boffins will work it out" will be the way this gets sold, even if everyone is telling them that's impossible.

Technological reality doesn't always have a big influence on the way policies & laws get made or interpreted (see responses to climate change, the AIDS crisis, and yeah, even gun violence). I don't think playing chicken with Congress on this is a particularly great long-term strategy.
posted by bonehead at 12:26 PM on March 12, 2016 [3 favorites]


Best case scenario is Clinton becomes president and there's enough Tea Party & libertarian types in the House to block "giving Clinton unprecedented and unaccountable power to pry into the personal lives of her political enemies."
posted by straight at 12:51 PM on March 12, 2016 [3 favorites]


Watch this space for that rare and often frightening phenomenon of 'bipartisan cooperation', where legislation is quietly moved through without public debate (see also 'Patriot Act').
posted by el io at 1:15 PM on March 12, 2016 [15 favorites]


If Apple, and the rest of the tech community treat this as just a technical issue, they have a very strong likelihood of being forced into horrible "compromises" when legislatures start making laws about this.

I don't know about that. Even the encryption hearing seemed cooly hostile to the FBI's actions. Presumably, if the FBI thought they could get legislation through they would have done it already.
posted by ChurchHatesTucker at 1:21 PM on March 12, 2016


There's always an Executive Order ... Or would that not apply in this case?
posted by ZenMasterThis at 1:48 PM on March 12, 2016


Actually the OPM hack is already pretty amazing and wonderful, panama joe.

Reproducible builds are the free software world's preparation for this, but the FBI's actions are engendering technical blow back that goes way beyond what they understand. There are going to be major efforts to better sign code and distribute trust, ala co-authorities. And more companies will adopt reproducible builds, code signing, co-authorities, etc. too, of course.

It'll be funny watching the FBI attempt this sort of shit only to be told they need signatures from human right's groups around the world, like the ACLU, Article19, etc. In fact, co-authorities have even the potential to cost the FBI their ability to seize domain names. And to cost the NSA some of their targeted operations capability.
posted by jeffburdges at 1:55 PM on March 12, 2016 [11 favorites]


Former NSA and CIA chief says Apple is right on the bigger issue:

Feb 22, 2016 - Retired General Michael Hayden, former head of both the NSA and CIA, told USA Today that, " . . . when you step back and look at the whole question of American security and safety writ large, we are a safer, more secure nation without back doors." With them, "a lot of other people would take advantage of it."
posted by 0rison at 2:53 PM on March 12, 2016 [4 favorites]


Weasal words!? That's a cheap shot.
posted by humanfont at 3:25 PM on March 12, 2016


“If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” Mr. Obama said. “How do we disrupt a terrorist plot?”
The frightening thing about this, for me, is that it's not just an argument for engineering compromised iPhones. It's an argument against general-purpose computation. It would be sad if all machines capable of strong crypto were outlawed, because in principle that includes any machine the user can program in a Turing-complete language.
posted by Coventry at 3:26 PM on March 12, 2016 [1 favorite]


Coventry, see Doctrow's prediction of "war on general-purpose computation" if you haven't already.
posted by joeyh at 3:37 PM on March 12, 2016 [1 favorite]




Glenn Fleishman: "The government intends to make illegal any encryption that can't be intercepted by the developers who designed it. That's what's at stake." [via (the just engaged ;) cheers!]
posted by kliuless at 4:15 PM on March 12, 2016


Someone needs to form a group to break down exactly why privacy is important, and then construct really awesome communication about why privacy is important. etc.

EPIC ($)
EFF ($)
posted by MikeKD at 5:19 PM on March 12, 2016 [2 favorites]


"So, for real, considering this is fucking flat out going down the 1984/Police State hole, can I officially hate Obama for such obviously fascist positions? Can I just say I hate him, just this once, and not be told that I'm not a good liberal because of it? That I need to let it go because he's done some minor stuff for regular people?"

I don't hate him, and think he's been a net positive, but this is really fucking stupid, and I've thought other policies of his, especially on civil rights, have been really fucking stupid. They're made with the certainty of ignorance, and planed down to rhetorical planks without ever needing to think about walking one.

"Someone needs to form a group to break down exactly why privacy is important, and then construct really awesome communication about why privacy is important."

The vulgar version of the longstanding constitutional argument is, "Do you want someone to watch you scratch your balls?" Imagine some cop watching you scratch your balls. If you don't think you do anything wrong, think of a cop watching you take a shit. Think about them being able to record that and play it back for anyone, ever.

Appeals to rights get abstract and don't connect with the day-to-day lives of people. Ever taken a really satisfying shit? Imagine Obama watching your face. Want privacy now? If you've ever taken a phone with you into the bathroom, you know, for Angry Birds while some Denny's works its way out of you, think about Obama listening to you shit. Or Trump, who could be our next fucking president.

[excerpted from my Columbia Law Review article, "The Scatology of the Fourth Amendment.]
posted by klangklangston at 5:31 PM on March 12, 2016 [6 favorites]


think about Obama listening to you shit

I would pay serious money for that. constitutionalscholarmyass.wav

j/k I would never use wav

My approach is usually:

"I have nothing to hide!"

"Yeah? Think your congresscritter doesn't? You see the issue here?"
posted by ChurchHatesTucker at 6:21 PM on March 12, 2016 [1 favorite]


J. Egdar kept detailed files on politicians, D and R, that he could access if needed to protect his fiefdom. I'm sure the NSA, DOD, and CIA do as well.
Somebody certainly has something on Mr. Obama.

think about Obama listening to you shit
Somewhere in the NSA there is probably an networked disk drive with nothing on it but audio and video captured from the POTUS on the john. (and there HAS to be one with an archive of everything Secretary Hillary did with her 'private server', come on)

think he's been a net positive
Sadly, many of the positive developments during his administration were things he had nothing to do with (obvious example: same sex marriage) and didn't get on board with until it was 'safe' to do so. His most 'heroic stands' were simply to hold the line against major Republican-driven disasters, and even then he made some compromise. He has slowed our downward spiral, but far from reversed it.
posted by oneswellfoop at 6:43 PM on March 12, 2016 [1 favorite]


There's always an Executive Order ... Or would that not apply in this case?

And that's not even bringing in war powers (which would be the nuclear option).
posted by acb at 6:43 PM on March 12, 2016


Steven Levy: Why Are We Fighting the Crypto Wars Again?
The government kept encryption legal, but benignly neglected it, while our infrastructure, our business plans, and our personal secrets lay exposed to thieves, vandals and foreign powers. Security flaws were a pain to users, but a useful tool for law enforcement and intelligence agencies. Now, post-Snowden, our tech companies are finally taking steps to implement strong-encryption-by-default, the best way to insure security and privacy. The FBI’s response? Clipper Chip redux.

And we’re back at square one.
posted by ChurchHatesTucker at 8:37 PM on March 12, 2016 [4 favorites]


When they teach the Constitution nowadays, do they just skip the Fourth Amendment or do they skip the entire Bill of Rights?

Doesn't matter. No school student in any free society has ever paid, is now paying or will ever pay any attention whatsoever to civics classes.
posted by flabdablet at 8:53 PM on March 12, 2016


Doesn't matter. No school student in any free society has ever paid, is now paying or will ever pay any attention whatsoever to civics classes.

I found civics to be one of the most compelling subjects in high school. I will admit this surprised me at the time.
posted by el io at 9:39 PM on March 12, 2016 [1 favorite]


That's a fairly reliable indicator that you're not living in a free society.
posted by flabdablet at 10:39 PM on March 12, 2016




Watch this space for that rare and often frightening phenomenon of 'bipartisan cooperation', where legislation is quietly moved through without public debate (see also 'Patriot Act').

See also CISA
posted by one weird trick at 6:08 AM on March 13, 2016 [1 favorite]


I don't like easy to "get" examples of why privacy is important (e.g. dick pics and sacrosanct bathroom).

A citizen's reasons for valuing privacy are none of the government's business.
posted by mistersquid at 9:08 AM on March 13, 2016 [9 favorites]


"they cling to their rights and encryption"
posted by grobstein at 5:22 PM on March 13, 2016 [2 favorites]


First thing he thinks of is banks. Not power plants, hospitals, water treatment... Banks

One of these can't exist without some form of global network infrastructure. The others...should not even be near any global network infrastructure.

Banks need strong crypto. Power plants, hospitals and water treatment plants need wire cutters.
posted by ymgve at 6:57 PM on March 13, 2016 [3 favorites]




60 Minutes did a segment on the encryption "debate" last night. It was as nuanced as you'd expect (i.e., three seconds about activists and fifteen minutes about terrorists.)
posted by ChurchHatesTucker at 8:39 AM on March 14, 2016


John Oliver shows how its done.
posted by ChurchHatesTucker at 9:23 AM on March 14, 2016 [1 favorite]


Pick your poisons, folks:

1. The occasional criminal conspiracy succeeding because phone encryption is unbreakable.

2. An adversary of the United States knocking out the electric grid over a large portion of the CONUS.

No middle ground. One of these is going to happen.
posted by ocschwar at 10:48 AM on March 14, 2016


We've just figured out why the FBI cares so much about accessing people's encrypted content :

"The hackers who accessed celeb iCloud accounts in 2014 used a forensic tool designed for cops to download the data" (via)
posted by jeffburdges at 11:42 AM on March 14, 2016 [1 favorite]


"The hackers who accessed celeb iCloud accounts in 2014 used a forensic tool designed for cops to download the data"

i'd be interested in seeing what amount of intrusions with those and similar forensic tools are lawful.

Pick your poisons, folks:

1. bollocks.
2. knocking out the grid can be done analog-wise as well, but it's yet to happen.

nice strawmen though.
posted by xcasex at 12:23 PM on March 14, 2016


knocking out the grid can be done analog-wise as well, but it's yet to happen.

Not here. (Although it's been tried.)

If you're not worried about the grid, how about cars or pacemakers? Security is tough under the best circumstances.
posted by ChurchHatesTucker at 2:19 PM on March 14, 2016


If you're not worried about the grid, how about cars or pacemakers? Security is tough under the best circumstances.


Precisely.

If we can't have security for our phones then we can't have security for our cars, pacemakers, SCADA stations, smart meters, et cetera. Pick your poison.

That said, NEITHER option is as big a danger to the average MeFite as, well, idiot drivers, lightning strikes, or old age.
posted by ocschwar at 2:27 PM on March 14, 2016 [1 favorite]


"I don't like easy to "get" examples of why privacy is important (e.g. dick pics and sacrosanct bathroom).

A citizen's reasons for valuing privacy are none of the government's business.
"

Too bad.

If most people felt like you, we wouldn't be having this discussion. There are several problem with general privacy arguments:

1) They're abstract.

What does the average voter care about privacy? They don't care about "civil rights" (something else that's too abstract to argue from — see why pro-marriage arguments switched from legalism to love), and most of them happily support torture if it stops "the ticking bomb" or whatever. Privacy from the government and corporations isn't really connected to anything day-to-day.

2) They're ambiguous.

When privacy concerns are connected to the day-to-day, it's about stuff like credit cards, ID theft and online media. People know that Facebook and Google skim all the communication they can — they still don't give a shit. It happens incrementally, invisibly, and is seen as part of the price of the internet. And when we do talk about privacy and the government, it's often (cf. Obama) immediately countered by pointing out that the "bad guys" use it while molesting children in suicide vests.

3) They're complicated.

My former coworkers could barely operate a printer competently, and would regularly store all of their access codes in Passwords.doc, which they'd then email to anyone who asked. You think they're going to wade through a complicated, nuanced argument about balancing rights and technological imperatives? These were smart enough people (lots of white shoe lawyers in c3 retirement), but if I started talking about PGP, their eyes would glaze.

Examples like not wanting a cop to watch you shit are quick, unambiguous, and visceral. In a world where very few people care about Edward Snowden or know how to make a strong password, quick, unambiguous and visceral points work better than a tweed-elbowed confab from first principles. It's not the argument that I'd make to the SCOTUS, but it'll do in a general forum.

(NB: It's also worth noting that your argument there doesn't survive a quick sniff — it's popularly accepted as valid that the government care about your reasons for wanting privacy if that reason is to conceal a crime. Otherwise the nekkid-kid-terrorist argument wouldn't convince anyone.)
posted by klangklangston at 3:16 PM on March 14, 2016 [1 favorite]


If you're not worried about the grid, how about cars or pacemakers? Security is tough under the best circumstances.

Oh, I am. its just that the goverments, are not.
posted by xcasex at 3:57 PM on March 14, 2016


Unsurprisingly, Facebook, Google, and Whatsapp are ramping up security.

its just that the goverments, are not

They are, or rather parts of them are. It's a left hand / right hand thing. E.g., the US State Department funded TOR, while the Intelligence community try to break it.
posted by ChurchHatesTucker at 4:43 PM on March 14, 2016


The others...should not even be near any global network infrastructure.

Banks need strong crypto. Power plants, hospitals and water treatment plants need wire cutters
.

Its way too late for that. Medical and utility infrastructure are already networked. How does a PT get your MRI? They dont mail it to him, let me tell you. Shutdowns, extortion, data theft already occur on a regular basis. No excuse for thinking of banks first
posted by mrbigmuscles at 5:54 PM on March 14, 2016 [1 favorite]


klangklangston, I understand that concrete examples for privacy can sway some people to the right side, but I also think such concrete examples can sway people the other way. I think constructing such arguments is more expedient but ultimately less effective than explaining to people the protections which the right to privacy grants US citizens.

The right to privacy (according to many legal experts) is enshrined in the 4th Amendment to the US Constitution, and a right to privacy is explicitly mentioned in Article 12 of the Universal Declaration of Human Rights. I think explaining how privacy protects citizens from unjust persecution is important to do, even if initial attempts cause eyes to glaze over.

Also, I think assertions regarding privacy's self-justification passes any legal sniff test one could conduct because questions posed by law enforcement about someone's valuing the right to privacy would have to be preceded by reasonable suspicion that that someone had committed a crime.

Without such suspicion, one only is presented with a law-abiding citizen exercising the right to privacy, something that is not a crime in and of itself. Less abstractly, if an officer asks to search one's home, one may refuse said search unless a search warrant is presented.
posted by mistersquid at 8:00 PM on March 14, 2016


(i.e. refusing a search is not legal cause for suspicion.)
posted by mistersquid at 8:03 PM on March 14, 2016


The argument that government cryptography-breaking tools would be a disaster if they got out into the hands of bad guys applies a lot more obviously and disastrously to nuclear weapons, but we went ahead and made a shitload of those things.
posted by straight at 9:32 PM on March 14, 2016 [2 favorites]


Nuclear weaponry and cryptographic tools are entirely different with regards to their availability. Cryptography requires only a computer and copy-paste.

That is, you can't (yet) download a nuclear weapon.
posted by mistersquid at 9:14 AM on March 15, 2016



The argument that government cryptography-breaking tools would be a disaster if they got out into the hands of bad guys applies a lot more obviously and disastrously to nuclear weapons, but we went ahead and made a shitload of those things.


They don't have to get out to the bad guys. The bad guys can write their own.

The only question is whether we restrict ourselves to using crypto that is vulnerable to such things or not.
posted by ocschwar at 10:24 AM on March 15, 2016


I think it's a decent question to ask why Apple's encryption relies on this trusted hardware update software? It seems the answer is so that they can continue to allow their customers to use bad 4-digit passwords.

If Apple really wants to remove this legal vulnerability, they need to get rid of that possibility.
posted by bonehead at 10:29 AM on March 15, 2016


I think it's a decent question to ask why Apple's encryption relies on this trusted hardware update software?

It doesn't. They just didn't anticipate "being forced to write software at government decree" as an attack vector. I'm sure they're working on fixing that.
posted by ChurchHatesTucker at 11:26 AM on March 15, 2016


It clearly does, and it's clearly a compromise.

They just didn't anticipate "being forced to write software at government decree" as an attack vector.

They should have at the very least considered the possibility that the government asking for their hardware key could happen, and would allow this sort of legal attack. "Write us some software" is likely over-reach, but "Give us your key" may not be in the court's eyes.
posted by bonehead at 11:50 AM on March 15, 2016




It doesn't. They just didn't anticipate "being forced to write software at government decree" as an attack vector. I'm sure they're working on fixing that.


And it's an easy fix. Change the OS so it requires a login before taking OS updates from the USB cable. *poof* there goes that attack vector.

Oh, and this can apply to existing iPhones. Nice going, FBI. Real nice.
posted by ocschwar at 7:49 AM on March 16, 2016 [1 favorite]


"klangklangston, I understand that concrete examples for privacy can sway some people to the right side, but I also think such concrete examples can sway people the other way."

How? There are people that want cops to watch grandma shit?

"I think constructing such arguments is more expedient but ultimately less effective than explaining to people the protections which the right to privacy grants US citizens."

Can you back that with any analogous policy change persuasion data? I mean, first off, they're not mutually exclusive. You can also have a deeper conversation after starting with visceral ones. Second off, the history of political rhetoric, right back to the sophists, does show that while reasoned, in-depth and nuanced arguments are necessary for long-term change, getting people to care about something right now and act on it is much more about emotional engagement than reasoned conversation. One of the most obvious places that this was seen was the fight for gay marriage, which started with the idea that people would respond to the abstract value of legal equality for LGBT people. And some did, sure. But not nearly enough, and the emotional appeals of the other side won again and again because they were able to short-circuit the rational discussion with appeals to emotion. One of the biggest single changes was shifting from the model of legal rights, which was only effective on people that already agreed, to a message of love and commitment. That emotional hook was far, far more powerful for persuasion than any reasoned argument, and that emotional hook was far more durable in the face of counter-rhetoric.

This is also something that's pretty obvious in debates over the catastrophic effects of climate change — it's too abstract, people think there are "two sides," and it's basically fucked the entire planet.

"The right to privacy (according to many legal experts) is enshrined in the 4th Amendment to the US Constitution, and a right to privacy is explicitly mentioned in Article 12 of the Universal Declaration of Human Rights. I think explaining how privacy protects citizens from unjust persecution is important to do, even if initial attempts cause eyes to glaze over."

Kind of. According to just as many legal experts, the right to privacy is distinct from the right to be protected from unreasonable searches and seizures, and that the entire notion of a right to privacy was developed from a Brandeis/Warren Harvard Law Review article in the 1890s. Notably, they did not base this on the Fourth Amendment, but rather on the unspecified (reserved) rights of citizens, with the implied "right to be let alone" found underlying otherwise inconsistent applications of libel, intellectual property, publication and implied breach of trust or confidence. It's a common law argument, and that lack of explicit protection for privacy is one of those things that is consistently cited by opponents of Roe v. Wade (and some proponents of a woman's right to choose, who wish the decision rested on firmer ground).

I'd love to see an explicit amendment defining the right to privacy — it'd do tremendous good in everything from protections against the police state to restoring some balance for private citizens against corporations. Because whether or not it even exists, and I believe there is a right to privacy insomuch as any "right" is a coherent concept, is a matter of serious debate among legal scholars.

As for the Declaration of Human Rights, well, I like it as an idealist statement of hope, but as a realist political document, it's basically only mildly effective in creating any international norms, and there are so many other explicit human rights abuses which, combined with the ineffectual veto-cracy of the U.N., make it hard to rely upon as a restraint for any government or power significant enough to ignore it.

"Also, I think assertions regarding privacy's self-justification passes any legal sniff test one could conduct because questions posed by law enforcement about someone's valuing the right to privacy would have to be preceded by reasonable suspicion that that someone had committed a crime."

Again, this isn't about the legal sniff test exclusively — it's also about public attitudes. Arguing that the public really cares if a child molester or terrorist has their right to privacy violated is expressing an unwarranted faith in the body politic.

"Without such suspicion, one only is presented with a law-abiding citizen exercising the right to privacy, something that is not a crime in and of itself. Less abstractly, if an officer asks to search one's home, one may refuse said search unless a search warrant is presented."

Yes, they may. But both cops and the public will often treat such refusals as suspicious in their own right. I think you're really over-estimating the public's commitment to process over results. Again, we're a nation that popularly supported torture without there even being any demonstrated benefit to it.
posted by klangklangston at 2:22 PM on March 16, 2016


"That is, you can't (yet) download a nuclear weapon."

WOULD YOU STEAL A NUKE?

"I think it's a decent question to ask why Apple's encryption relies on this trusted hardware update software? It seems the answer is so that they can continue to allow their customers to use bad 4-digit passwords."

I thought I had heard that the passcode was converted into an np-complete weighted graph problem, but now on googling I have no idea where I heard that or if it's true.
posted by klangklangston at 2:33 PM on March 16, 2016


There are people that want cops to watch grandma shit?

In the hypothetical that that would provide evidence for a criminal prosecution, and that the cops were sure enough about that to get a warrant for it, you betcha. They're called Crown Prosecutors in my neck of the woods.
posted by bonehead at 2:52 PM on March 16, 2016


It seems it's fundamental purpose is to a) guarantee a slow enough rate of trials that even 10,000 combinations is unfeasible slow and b) nuke the device's memory if the optional ten strikes security rule is turned on.

Regardless of how fancy Apple makes the hardware, they still fundamentally have the problem that the human unlocking the phones wants to provide a very low entropy unlock code. Relying on a trusted bit of hardware to do this, especially one that can be updates with a magic handshake seems like a pretty obvious point of failure to me. Hardware hacking is a thing (increasingly a sovereign-backed thing, but still a thing), but a hardware update key is hard to see as anything but an actual backdoor.
posted by bonehead at 3:27 PM on March 16, 2016




bngbng: Apple, basically: 'If it pleases the court, tell FBI to go fuck themselves' (Mostly twitisphere roundup (and mostly Zdziarski,) but there's some great ones in there.)
posted by ChurchHatesTucker at 5:29 PM on March 16, 2016 [2 favorites]




> The FBI has a new plan to spy on high school kids across the country

That is really fucked up.
posted by homunculus at 5:36 PM on March 16, 2016


Backchannel: The Law is Clear: The FBI Cannot Make Apple Rewrite its OS

Key graph:
CALEA was the subject of intense negotiation — a deal, in other words. The government won an extensive, specific list of wiretapping assistance requirements in connection with digital communications. But in exchange, in Section 1002 of that act, the Feds gave up authority to “require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer. The government can’t require companies that build phones to come to it for clearance in advance of launching a new device. Nor can the authorities ask a manufacturer to design something new — like a back door — once that device is out.
posted by ChurchHatesTucker at 5:47 PM on March 16, 2016 [1 favorite]




techdirt: How Apple Could Lose By Winning: The DOJ's Next Move Could Be Worse (aka, the Lavabits option)
posted by ChurchHatesTucker at 10:41 AM on March 17, 2016


NPR: Encryption, Privacy Are Larger Issues Than Fighting Terrorism, Clarke Says
CLARKE: Every expert I know believes that NSA could crack this phone. They want the precedent that the government can compel a computer device manufacturer to allow the government in.
Time: Inside Apple CEO Tim Cook’s Fight With the FBI
(Cook can’t completely conceal his irritation at the un-Apple-ish vagueness of the All Writs Act: “You can tell it was written over 200 years ago.” As if to say, they ought to let Jony Ive loose on that thing, get it milled to the proper tolerances, upgrade it to a respectable level of precision.)
posted by ChurchHatesTucker at 4:05 PM on March 17, 2016


The DOJ is considering wrecking a big sector of the US economy over a single iPhone.
posted by humanfont at 4:43 PM on March 17, 2016








NYT: Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist
Apple employees are already discussing what they will do if ordered to help law enforcement authorities. Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created, according to more than a half-dozen current and former Apple employees.
posted by ChurchHatesTucker at 6:44 AM on March 18, 2016


Apple USA could perhaps be compelled to sign an update, ChurchHatesTucker, but nothing limits the number of signing keys, and Apple Europe cannot necessarily be compelled so easily.

Also, the FBI wants the precedent so that they can do surveillance without depending upon the NSA's goodwill. Yet their efforts have lit a fire under reproducible builds and cothority, so even if they got the signing keys, then they might find their malware being exposed quite quickly.

Environmental protestor : "Interesting, my iOS updates are normally signed by 200 human rights organizations, including the ACLU, but this update is only signed by Apple and a couple randoms. I think I'll hand it over to an independent computer security researcher instead of installing it."

And soon thereafter : "Do you want to know if the FBI hacked your iPhone? There's an app for that!"
posted by jeffburdges at 7:34 AM on March 18, 2016 [2 favorites]


The Apple Fight Is About All of Us

A Joint Statement from Access Now, the American Civil Liberties Union, and the Electronic Frontier Foundation
posted by ChurchHatesTucker at 12:03 PM on March 18, 2016 [1 favorite]


Also, the FBI wants the precedent so that they can do surveillance without depending upon the NSA's goodwill. Yet their efforts have lit a fire under reproducible builds and cothority, so even if they got the signing keys, then they might find their malware being exposed quite quickly.

I understand where you're coming from, but I think you're conflating a bunch of cases here which are not particularly related.

This case is about forensic analysis of a phone that's been legally seized by the police. It's in their physical control as evidence. They're not going to particularly be hindered by a co-signing authority. The FBI won't care if the EFF signs the code needed to break this phone. The FBI just want to be able to access it, and they would have to have a warrant (or some other legal mechanism to have the phone like customs) to do so.

You seem to be talking about the FBI installing a remote surveillance tool. The phone user would be alerted by the lack of cosigners (and likely media attention) that something was hinky and would refuse the install. That's a phone still in the user's control legally, and so has not had a warrant for seizure against it. That's a pretty big difference.

If, in fact, that's a difference that matters, lawful seizure vs. clandestine (even perhaps lawful) surveillance, then co-authorities would do everything the FBI wants, and much of what Apple seems to want.
posted by bonehead at 12:32 PM on March 18, 2016


much of what Apple seems to want.---That is, not to be co-opted into working for the FBI.
posted by bonehead at 12:33 PM on March 18, 2016


It's clear the FBI's primary interest here is remove surveillance. We're talking about forensic analysis only because that's the terrorism case they decided to exploit. If they win this one, then they'd make Apple build them a surveillance tool, either immediately or in the near future.
posted by jeffburdges at 12:46 PM on March 18, 2016


That their end-game is about remote surveillance much less clear to me.

It is clear that they (and other LEOs) have a whole long list of phones they'd like to be able to crack. They want to be able to examine phones they already have in evidence for certain. While terrorism and child pornography is what makes the news, I suspect cases like this one in Boston are a lot more what they have in mind. Note that in this case, they already had the wiretap phone records.

I don't see how that gets them a legal precedent to force Apple to issue an update to a random person's phone.
posted by bonehead at 12:52 PM on March 18, 2016 [1 favorite]


A legal precedent to force Apple to create and sign the update is 90% of the way there...
posted by MoTLD at 1:10 PM on March 18, 2016


It's clear. There is no reason future devices need allow updates without the user being logged in. Apple could deliver that update OTA making any specific precedent they establish in this case completely useless outside currently seized devices.

There is a forensic analysis aspect of course : Any new device encryption should use Argon2 to limit an attacker's speed, so that a good passphrase cannot be circumvented, even with a device update. Yes, they'd love to prevent Apple from say using Argon2 on MacBooks. Yet, that's about preventing Apple from doing something they dislike, way beyond even the surveillance build I mentioned. It therefore appears their first goal is surveillance and forensics efforts are a distant afterthought.

There isn't much an iOS device can do to provide real security with only a four-digit passcode though. If they want it badly enough, then they can hire someone to uncap the chip, or drill into it, bypass it's security restrictions, and unlock it. All this hardened iOS hardware can do is make that more expensive. If that procedure costs say $5M due to expensive contractors, and takes 3 months, as the contractors must trash many similar devices to develop their techniques, then the FBI does not normally need to pay that as they can just use the threat, and legal coercion, or even torture, to force compliance from living suspects.
posted by jeffburdges at 1:27 PM on March 18, 2016


Apple could deliver that update OTA

Correct me if I'm wrong, but the type of update that we're talking about, the device one, not the iOS one, can't be done OTA. Apple requires it to be done via cable. So I'm not seeing how this would work in your scenario.

There isn't much an iOS device can do to provide real security with only a four-digit passcode though.

Again, that's the real issue at the heart of this particular case. Apple has left on these devices a hardware backdoor that, in combination with the weak passwords they allow their customers, gives the FBI their in. There are a number of ways Apple could fix this, and likely they are or will soon. But this generation of phone is vulnerable to a particular legal---not technical, legal---attack that the FBI is using. A legal vulnerability is still at the end of the day a vulnerability, just as much as a technical one.

However, even when Apple fixes that, as you point out, they can just use the threat, and legal coercion, or even torture, to force compliance from living suspects.. Modulo the catastrophising, that's a major reason why I think what Apple is doing here is relatively self-defeating. They're trying to finesse a legal and political problem with a technical one, and that almost never works out the way people hope.
posted by bonehead at 1:57 PM on March 18, 2016


Computerworld: Last minute request for witnesses could indicate a change in FBI thinking, Apple says
A last-minute request by the FBI to call witnesses to next week's court hearing in the San Bernardino iPhone case indicates the agency might feel some weakness in its legal arguments, Apple said.
posted by ChurchHatesTucker at 2:32 PM on March 18, 2016


Wired: Long Before the Apple-FBI Battle, Lavabit Sounded a Warning

The most detailed account I've seen. Particularly interesting as it was cited by the feds:
“The government’s citation of the Lavabit case, and their description of its outcome, is disturbingly disingenuous,” Levison wrote on Facebook. “The language used [in the footnote] is incredibly misleading, as it insinuates a precedent unsupported by the appellate court’s ruling…. This verbiage suggests the seizure of third party encryption keys was found lawful by the appellate court, which is wholly unsupported by the appellate court’s opinion.”
posted by ChurchHatesTucker at 4:34 PM on March 18, 2016 [2 favorites]


ZDnet: US government pushed tech firms to hand over source code
The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We're not naming the person as they relayed information that is likely classified.
posted by ChurchHatesTucker at 5:36 PM on March 18, 2016 [1 favorite]


Ahh, iOS needs iTunes for some updates, yes? In any case, Apple can move new devices to hiding the password hash's seed inside a HSM that counts attempts and replaces the seed after too many failures. It'll require defeating the HSM physically to break that, making the FBI's exact precedent here worthless.

It's really the larger "make our surveillance tools" precedent the FBI wants though, so they're happy pursuing this easier but useless one to get surveillance later, or really almost simultaneously.

Apple's case is certainly not self-defeating. If Apple caves or loses, then their devices become insecure consumer toys, no longer usable in a business environment. As ordinary hackers will quickly gain access to Govt OS. If the FBI just spends cash cracking the hardware, then Apple's business customers still consider their devices suitable for data up to some respectable financial value. Apple's security looks great anytime the FBI either gives up or beats the passcode out of some defendant.
posted by jeffburdges at 6:33 PM on March 18, 2016 [1 favorite]


I suspect, if the FBI's case goes their way, that Apple reorganizes in such a way that Apple Iceland (or whatever) becomes the "main" Apple.
posted by ChurchHatesTucker at 6:42 PM on March 18, 2016 [1 favorite]






Motherboard: If You Care About LGBTQ Lives, You Should Oppose the FBI on iPhone Encryption
LGBTQ people around the world depend on encryption every day to stay alive and to protect themselves from violence and discrimination, relying on the basic security features of their phones to prevent online bullies, stalkers, and others from prying into their personal lives and using their sexuality or gender identity against them.
posted by ChurchHatesTucker at 5:34 AM on March 21, 2016 [2 favorites]


Bloomberg: The Behind-The-Scenes Fight Between Apple and the FBI

In light of my last comment, I found it amusing Director Comey complained that encryption was "a closet that can't be opened."
posted by ChurchHatesTucker at 9:39 AM on March 21, 2016 [1 favorite]




Tim Cook leads off the current Apple Event with a mention of their commitment to privacy.
posted by ChurchHatesTucker at 10:05 AM on March 21, 2016


In light of my last comment, I found it amusing Director Comey complained that encryption was "a closet that can't be opened."

I'm sure J. Edgar Hoover would have found it amusing, too.
posted by entropicamericana at 10:07 AM on March 21, 2016 [1 favorite]


Whoa, DoJ moved to vacate tomorrow's hearing:
tweet
posted by strange chain at 3:39 PM on March 21, 2016 [3 favorites]


Techdirt: DOJ To Court: Hey, Can We Postpone Tomorrow's Hearing? We Want To See If We Can Use This New Hole To Hack In
Of course, that statement is more misleading bullshit from the DOJ. It's pretty clear that the DOJ is just trying to get out of this case as it's realized that the original plan completely backfired, and they were likely to lose.
posted by ChurchHatesTucker at 4:51 PM on March 21, 2016 [1 favorite]


Seems they figured out that the case was about to set a precedent, and it was the one that everyone but the FBI expected
posted by DoctorFedora at 4:51 PM on March 21, 2016 [1 favorite]


I guess maybe John McAfee came through after all, eh?
posted by valkane at 5:23 PM on March 21, 2016 [6 favorites]


Feds gain postponement of iPhone hearing

I suspect they'll postpone indefinitely so they can attempt the same stunt against someone without such good lawyers to provide a precedent.
posted by jeffburdges at 12:57 AM on March 22, 2016


Wired: The FBI Now Says It May Crack That iPhone Without Apple’s Help
The threat of revealing that vulnerability to Apple, however, may be the incentive that causes the government to drop the case entirely at this point, rather than have to disclose that information to Apple. The government has been heavily criticized in the past for withholding information about vulnerabilities in software so that law enforcement and intelligence agencies can use them to exploit.
posted by ChurchHatesTucker at 2:03 PM on March 22, 2016






Israeli firm Cellebrite helping FBI to open encrypted iPhone
via The lesson of FBI v. Apple: don't record security-critical state on components that can be overwritten.

In a sense, the FBI might actually "win" with this war when it comes to forensics on consumer devices. There is only so much you can do to secure a chip that falls into an opponents hands. I think the technology would always admit modifications albeit at great cost, say burning out specific components with a tiny laser beam.

In the far future, there are even quantum attacks on symmetric crypto that sound totally unrealistic normally, but might conceivable apply against hardware possessed by the adversary. I doubt any quantum computer that might exist in our lifetime could attack Argon2 though. Are you seriously going to keep billions of qubits in superposition?

In other words, there is no real physical security without a good pass phrase backing it. I think business users might put up with that hassle, ditto anyone who knows they are committing a crime. Yet, individuals would still choose week pass phrases usually, so the FBI remains free to target people who become interesting for political reasons.
posted by jeffburdges at 7:23 AM on March 23, 2016




Go home John, you're drunk.
posted by jamaro at 10:05 AM on March 23, 2016


Clinton calls for more surveillance, police after Brussels attacks - "We have to toughen our surveillance, our interception of communication."
posted by kliuless at 10:50 AM on March 23, 2016 [1 favorite]




Clinton calls for more surveillance

Because, clearly, the most effective way to get better at finding needles is to make the haystacks as big as possible.
posted by flabdablet at 5:09 AM on March 24, 2016 [1 favorite]


arstechnica: Report: Apple designing its own servers to avoid snooping
Apple has begun designing its own servers partly because of suspicions that hardware is being intercepted before it gets delivered to Apple, according to a report yesterday from The Information.
posted by ChurchHatesTucker at 5:59 PM on March 24, 2016 [3 favorites]








I mostly avoid sharing wired links now, as their ad-blocker blocker gets annoying, but..
Truth and Power : How the Rich and Powerful Use Tech to Silence Activists
posted by jeffburdges at 1:03 PM on March 26, 2016


He does want strong encryption for important infrastructure "like banks", though.. First thing he thinks of is banks. Not power plants, hospitals, water treatment... Banks

cstross thinks that Apple is willing to throw down over this because they're already seeing themselves as a financial institution.
Here's my theory: Apple see their long term future as including a global secure payments infrastructure that takes over the role of Visa and Mastercard's networks—and ultimately of spawning a retail banking subsidiary to provide financial services directly, backed by some of their cash stockpile.

The FBI thought they were asking for a way to unlock a mobile phone, because the FBI is myopically focussed on past criminal investigations, not the future of the technology industry, and the FBI did not understand that they were actually asking for a way to tracelessly unlock and mess with every ATM and credit card on the planet circa 2030 (if not via Apple, then via the other phone OSs, once the festering security fleapit that is Android wakes up and smells the money).

If the FBI get what they want, then the back door will be installed and the next-generation payments infrastructure will be just as prone to fraud as the last-generation card infrastructure, with its card skimmers and identity theft.

And this is why Tim Cook is willing to go to the mattresses with the US department of justice over iOS security: if nobody trusts their iPhone, nobody will be willing to trust the next-generation Apple Bank, and Apple is going to lose their best option for securing their cash pile as it climbs towards the stratosphere.
posted by zamboni at 8:06 AM on March 28, 2016 [4 favorites]


So this is all about a business Apple might get into in the future?

Not everyone thinks like a science fiction author.
posted by ChurchHatesTucker at 11:13 AM on March 28, 2016


Interesting take : Follow the money: Apple vs. the FBI
posted by jeffburdges at 11:46 AM on March 28, 2016 [1 favorite]


And vacated
posted by ChurchHatesTucker at 4:27 PM on March 28, 2016




The Justice Department now says it will not hesitate to invoke the precedent it won in its iPhone unlocking case.

"It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails," Melanie Newman, a Justice Department spokesman, wrote in an e-mail to Ars. "We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."
posted by bonehead at 2:46 PM on March 29, 2016 [1 favorite]








Just a quote from the Glen Greenwald link :

"The other interesting aspect of this is that in the 1990s, after the Timothy McVeigh attack on the Oklahoma City courthouse, the Clinton administration—what may be the first Clinton administration—actually initiated the campaign to demand a law that said that no one was allowed to sell encryption products unless it included a backdoor for the U.S. government to enter. And now, 20 years later, after that campaign was defeated—ironically, by the Republicans in the Senate on privacy grounds, who said, "We are not going to let the government have a backdoor into our encryption"—you have Hillary Clinton exploiting these terrorist attacks to insinuate—although she hasn’t said it outright—that there needs to be, quote, "greater cooperation between Silicon Valley and the government," by which she can only mean greater cooperation to allow U.S. intelligence agencies access to overcome encryption and to enter people’s private communications. And so, ultimately, the question is: Do you think there should be ever any way for people, human beings, to communicate without the U.S. government being able to access that? That really is the critical question we face. And politicians like Hillary Clinton are trying to exploit the fear of terrorism to get people to say there should never be any communications out of the reach of the U.S. government."

...

"And to the extent that he has changed Hillary Clinton’s posture politically as a result of his primary challenge to her, there’s this common perception that he’s dragged her to the left and made her become more liberal. You know, I think it’s really critical to understand that politicians—and this is the lesson we ought to have learned from Barack Obama—what they say in political campaigns doesn’t necessarily correspond to what they actually do in—once they obtain power. And so I think the effect on Sanders has been to make Clinton’s rhetoric in the Democratic primary be a little bit more left-wing, be a little bit more attentive to liberal constituencies. But I think you see her already, now that she’s confident she’s going to beat Sanders, already moving her rhetoric more to the center, and by the time she’s a general election candidate, will almost certainly revert to the kind of right-wing posture on foreign policies and civil liberties that she’s long had and the centrist approach to economics and domestic policies, other than social issues, where she tends to be a reliable liberal.

posted by jeffburdges at 11:27 AM on March 30, 2016 [3 favorites]




UK cops tell suspect to hand over crypto keys in US hacking case

It's hard not to see this as the official (over-)reaction to a strong crypto world. Is this what "traditional police work" will become if Apple (among others) makes fully encrypted devices ubiquitous? It seems so, to me.

There is already the power under law for most boarder officials to insist that one surrenders an unlocked device for search when entering most western countries. Greenwald's partner, David Miranda, was detained in a similar way at Heathrow a couple of years ago.

We may be entering a period when the choice at boarder crossings is open the phone or have it taken away from you (and possibly also face charges or fines---I linked to an on-going case in Canada of that above). Our corporate policies now are to travel abroad with pre-wiped phones and computers issued only for the purposes of travel to minimize this risk.

That's one of the reasons why I think charging into a full crypto world is going to hurt a lot of people. We're not being offered freedom of perfect privacy, that's not on the table. We're actually getting the choice between completely surrendering privacy or losing your property and facing sanctions. That's going to become the new normal.
posted by bonehead at 9:48 AM on March 31, 2016 [1 favorite]


Anyone here recall the OPM hack?

As I understand it, OPM handles the security clearance process and retains the information people tell them as part of obtaining security clearances. OPM was hacked last year, possibly by a foreign government like the Chinese. The hackers took 20 million records of security clearances processes, which frequently includes information relevant for blackmail, manipulation, etc.

How does this relate to the FBI's desire for back doors?

There is a random number generator called Dual EC_DRB created by the NSA with a special back door. And the NSA got the National Institute of Standards and Technology (NIST) to adopt it. Now nobody trusts NIST's opinions on cryptographic standards because people figured out Dual EC_DRB was back doored.

In 2008, Juniper made significant changes to their Router/VPN devices to incorporate Dual EC_DRB so as to expose the back door. I gather the NSA did this though an employee planted at the company, not say an NSL.

In 2012, Juniper was hacked by someone who changed one constant in their Dual EC_DRB implementation: the public key for the back door. Again a state level attacker sounds likely. In theory, only the NSA has the private key for the Dual EC_DRB back door, but the hackers simply changed it.

Appears OPM was using some Juniper Router/VPN devices.

As the timings match up, there are respectable odds that OPM was hacked partially because the NSA placed a back door that theoretically "only they could use" in Juniper routers. As a result, the Chinese, or someone else, knows everything significant amount about most holders of U.S. security clearances.   LOL

An iPhone is not a router of course, but the point remains : A back door can bite you worse than you'd imagine. And that goes for bug doors too.

It's kinda too bad the CIA kept their security clearances data away from OPM. I suppose the attackers know exactly what state department officials are CIA through process of elimination though. And they might posses security clearance data from before someone started with the CIA.

I'd imagine the FBI own clearance were handled by OPM, so it'll be funny if FBI counter-intelligence prosecutions of Chinese spies simply end in 2015, seemingly due to the OPM hack.

posted by jeffburdges at 5:40 PM on March 31, 2016 [1 favorite]


Appears OPM was using some Juniper Router/VPN devices.

I take your point, but I think that's possibly a bit of a long bow. As I understand it, the OPM hack was a result of OPM's user identification and authentication processes being a complete clusterfuck; mathematical deficiencies in their infrastructure's actual crypto, while certainly worth fixing, were probably not the weaknesses actually exploited.

It's kinda too bad the CIA kept their security clearances data away from OPM.

Did they, though?
posted by flabdablet at 11:55 PM on March 31, 2016 [1 favorite]


Is there much public information about the methodology of the hack? Yes, it's pure guesswork that the rekeyed Juniper back door played any role in the OPM hack. It assumes these hacks were not merely both carried out by China but by (communicating) group(s) attached to Chinese intelligence.

We might attribute more hacks to China than actually originate from there. Also, routing your attacks through China certainly helps make investigation impossible. In any case, I'd expect the rekeyed the Juniper back door was well used for industrial or other espionage, even if not created by China.
posted by jeffburdges at 2:05 AM on April 1, 2016












Leak of Senate encryption bill prompts swift backlash - "Security researchers and civil liberties advocates on Friday condemned draft legislation leaked from the U.S. Senate that would let judges order technology companies to assist law enforcement agencies in breaking into encrypted data."

-Senate encryption bill draft mandates 'technical assistance'
-Tech and Privacy Experts Erupt Over Leaked Encryption Bill
-"The thing about end-to-end crypto is that it increases the importance compromising the *ends*."
posted by kliuless at 1:56 PM on April 8, 2016






ACLU : Another Privacy Canary in the Coal Mines?
posted by jeffburdges at 2:28 PM on April 11, 2016


« Older Conway's Game of Pi   |   Plastic-Eating Bacteria Newer »


This thread has been archived and is closed to new comments