Of course they are going to ask, and legislators will weigh the political cost/benefit to it.
My impression from the previous crypto wars and the skirmishes that have followed is, as technologists, we take a very tactical view of technology, and underestimate the intentions of people who understand power and politics the way we understand information systems.
The way we see the security of a system, they see the sovereignty of a state. Just as incompleteness in our code can yield system level compromises, incompleteness in their ability to apply their rules to their territories and domains also yields compromises that makes the whole system untrustworthy.
I don't agree with what I perceive as their Hobbes-ean need for total control, where I think the localized, depth first absolute authority of a state becomes malignant when it is applied breadth first and in totality to all aspects of life, but you can sympathize with the urge without agreeing with it.
They should be mindful that post-Snowden, no matter how large the field we live in, people have seen the walls and bars at the perimeter, and that broad perception is likely a greater source of instability than any gaps in the ability of the state to enforce them.
Viewed this way, the 5Eyes statement seems unwise.
I often see this claim made without any supporting evidence. The Five Eyes agreement explicitly forbids its members from spying on each other. It facilitates sharing of information gained from spying in countries outside of the group.
It isn't spying if they willingly exchange the information they have intercepted. Straight from the link you posted:
Yet there have been reports in the British press — amplified most recently by former NSA contractor and leaker Edward Snowden — that that’s not the case, that the Five Eyes spy on one another’s citizens and share the information to get around laws preventing agencies from spying on their own citizens.
That would be a good story if Snowden provided any documents to back it up. He didn't.
I trust the BRUSA documents over the word of a high school dropout who failed his analyst exam for misunderstanding the course materials and misdescribed PRISM for misunderstanding the documents he leaked.
MUSCULAR, revealed by the Snowden leaks, is a program in which the UK's GCHQ broke into Google datacenters and exfiltrated information, which it handed over to the US's NSA. Because the NSA received the data from a foreign partner, they treated it as foreign data and did not scrub it for US citizen data.
For those who remember, this is the program with the famous "smiley face" drawing of where Google decrypted data at their network edge.
> MUSCULAR, revealed by the Snowden leaks, is a program in which the UK's GCHQ broke into Google datacenters and exfiltrated information, which it handed over to the US's NSA. Because the NSA received the data from a foreign partner, they treated it as foreign data and did not scrub it for US citizen data.
You misunderstood Snowden's documents. The UK tapped undersea cables entering their country. They did not break into Google's datacenters. According to Snowden's documents, the NSA is not allowed to collect and store US citizen data, no matter the source. There was at one time email metadata collection (from/to/when) from that source that was ended prior to Snowden's leaks according to his documents.
> Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.
That article's author is very confused. "Full take" is in reference to other interception programs in war zones. The documents about MUSCULAR itself show that it filtered to particular data types sent to international regions and filtered that data to just the information on selected individuals. The same source previously also provided email metadata collection on everybody, but that program ended in 2011. https://www.theguardian.com/world/2013/jun/27/nsa-data-minin...
Refer to the primary documents when you see articles like the one you posted with contradictory information like "full take" vs. "100,000 selectors" with a mere "millions of records every day."
The author is Barton Gellman, one of the reporters to whom Snowden leaked documents, and the lead at the Post for the team that shared the 2014 Pulitzer with the Guardian for the Snowden coverage.
The article you posted is not about MUSCULAR. MUSCULAR did not require FISA authorization; that was kind of the point of structuring it the way they did.
When you tell me to "refer to the primary documents when you see articles like the one you posted", it's relevant that Barton Gellman is one of a few people who have reviewed Snowden documents directly, including documents that the Post chose not to publish.
I'm done with this conversation; it's clear you're not acting in good faith.
I pointed out that the article you posted said the exact opposite of what you claimed it said (in addition to saying what you claimed it said). How is that not acting in good faith? If the article is contradictory, you need to go to the primary documents, which were available from The Guardian.
Phones shouldn't have an expectation of privacy if they're over analog lines as you have no control over the content once it leaves you. I, personally, think that they're both overreach but, legally, I think it's the difference between someone listening to a conversation you're having in a public park vs. one that you're having in your bedroom at home. If someone can hear me in a public park, that's on me as I clearly didn't put thought into how accessible I was. If someone can hear me in my bedroom, though, then I have to question the integrity of my home.
Encryption was specifically created to guarantee the integrity of an A->B interaction. If we're compelled to break that, then the whole system is no longer able to be trusted and its integrity is shot.
Of course not phones! I mean, "The President's Analyst" ;)
But from a professional, and WWII hero:
> 17. The greatest material curse to the profession, despite all its advantages, is undoubtedly the telephone. It is a constant source of temptation to slackness. And even if you do not use it carelessly yourself, the other fellow, very often will, so in any case, warn him. Always act on the principle that every conversation is listened to, that a call may always give the enemy a line. Naturally, always unplug during confidential conversations. Even better is it to have no phone in your room, or else have it in a box or cupboard.
Maybe not naive but I think never trusting your own home is just a recipe for paranoia. You have no reason not to trust your home unless some actor had reason to do so from the onset. It's not a trivial matter to bug someone's home or bedroom without their detection unless you have free and clear access.
Edit: Just now realizing that you meant we shouldn't trust encryption and phones, not our home. Whoops. Leaving my response for posterity and lulz.
Spies meet in person because they're people of interest. They take the job knowing that nothing they do is ever really done in secret.
If Apple includes an additional public key in the list of keys that can decrypt an iMessage, how are you now exposed to every other malicious actor on the internet?
There are things handset makers could do that would allow law enforcement access to a device without compromising the security of every person using that device. For example, they could add a connector to the logic board that grants access to the keys after a fuse is blown. It would only work on devices that law enforcement have in their possession and once they blow the fuse, the device is otherwise useless so you don't have to worry about using a device that's been compromised. It could even be designed so that the extracted key is encrypted and can only be decrypted by Apple after they receive physical possession of the phone and a court order.
A scheme like this would individual phones that law enforcement have in their possession to be accessed. It wouldn't allow mass decryption and so normal users are still protected. That seems like a reasonable compromise to me.
This would ruin the physical security of lost devices wherein the attacker is willing to ruin the device. This is worse than key escrow because it ruins the physical security all all devices everywhere.
At least with key escrow we could laughably pretend that the government would keep their master keys secure. You are suggesting that all portable devices ship with security that can be defeated with a screw driver and hoping nefarious people don't react by installing actual security in software.
> This would ruin the physical security of lost devices wherein the attacker is willing to ruin the device.
Only if they could also secure Apple's cooperation. That's what I was addressing when I said "the extracted key is encrypted and can only be decrypted by Apple".
Once apple has the keys to the kingdom what is stopping the government making apple give the government such keys ensuring that no warrant is required.
What is stopping users from using software that is ACTUALLY secure.
> what is stopping the government making apple give the government such keys ensuring that no warrant is required
The same thing that's stopping them from silently requiring Apple to include backdoors into every device today.
> What is stopping users from using software that is ACTUALLY secure.
It's the same as with a regular phone line. Users are free to speak in code or use an analog scrambler. Just because a particular interception technique isn't perfect doesn't mean it wouldn't be valuable to law enforcement.
No, both depend on how careful the eavesdropper is about safeguarding their special access. Both could be secure (as secure as planned, anyway) but both add some extra risk.
There are practical differences, sure, but it’s all the same principle.
One cannot automate physical wiretaps on hundreds of millions of people from Nigeria and steal their data or sabotage their infrastructure via access to their phone lines.
The apparently Hobbesian view that you have over FVEY's desire to decrypt data is misguided. Most people that work in politics or intelligence in liberal states aren't in it for the power. They are either curious, desire a life of excitement, or want to bring positive change to society.
They want to decrypt data because they want to protect people from threats. I'm not saying we should allow them to, but ascribing malintent is misguided.
Edit:
Before the reflexive downvotes ask yourself: Who is asking for the ability to decrypt? These people are making half or less what they could make in the private sector.
Do they do this because they want to enforce their own view of utopia onto others? That excuses nothing.
>Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their consciences.
Lewis never met a billionaire. The robber baron is never satiated. They are not in pursuit of money, or even power. They seek relative money and power. Their greed ends only when they are on top, at which point they become rightly paranoid of their peers. So no, I don't believe that life under the robber baron any better than under "moral" leadership.
I disagree that we should trust that their intentions are "for the greater good" or even "somewhat reasonable." Government and law enforcement agencies, from top to bottom, are staffed by individual people. As we have seen time and time again in the corporate sphere, once we get a couple committees in place it becomes easy to let things that bother an individual slide by as responsibility rests on the larger group.
And, of course, once the group has managed to squash the voices of it's individual members it is open to exploitation by external forces, like money from lobbies (designed to sway the group) or bribes to individuals (often in order to get the few who disagree to align with the group).
Some of the people in government and law enforcement want to decrypt data to protect people from threats. Some of these groups are looking at their authority and seeing it erode, they are looking to decrypt data to preserve that authority. As we have seen in practice, others are looking to extend their authority (as in the case of projects like Echelon, etc.) by having real-time access to people's data.
While you might be able to agree with some of these people some of the time, I strongly doubt you can agree with all of them all of the time. And if you find that you cannot agree with all of them all of the time then, in my opinion, they probably should not have the ability to decrypt any of your data.
I think we all would do well to remember that while government and authority love to talk about pornography, child abduction and terrorism the vast majority of people have nothing of the sort on their phones or computers. Protecting the data that everyone has should not be forgotten (financial, private, corporate, etc.)
> They want to decrypt data because they want to protect people from threats.
This is not true at all. That is the smoke screen they have put up, but the real intent is to institute pervasive surveillance and have more power over people. They're lazy and have decided that defeating encryption is the easiest way to bypass the effort required to investigate crimes properly.
Attributing this policy drive to altruism is truly naive wishful thinking.
> Attributing this policy drive to altruism is truly naive wishful thinking.
And attributing it to malice is truly naive pessimistic thinking.
The reality is that both of those positions exist. There are people in government (and anywhere) that want to help or hurt people. I find transparency more helpful than hurtful, because we are in an age where there are public repercussions for visible actions.
That misses the point of rights in the first place. A proper system operates under the assumption someone will try to abuse it and has measures to counter it. Just like a banking website designed under the assumption nobody would try to access it illicitly is hopelessly naive so is assuming it about the levers of power.
Rights and justice are based upon the same assumptions - no you can't take the prosecution's word that they are totally guilty because they look shifty and aren't from around here! They have to prove that there was a crime and that they committed it beyond a reasonable doubt.
Until they can prove say secure communication in itself can kill anyone in the world like a magic spell they have no case for this.
Pessimism is thus wise in the same sense that you shouldn't ask a stranger on the street to hold your wallet for half an hour.
Maybe so, but this transparency doesn't go both ways. Instead the government takes a paternalistic view and makes it as hard as possible to have themselves held to account (directly contradictory to the spirit of democracy.) For example, in Australia it has become more and more illegal for journalists to report on human rights abuses and material from whistleblowers about the government's activities. Earlier this year they tried to legislate 15-20 year jail sentences for journalists who broke the government's vague parameters for responsible reporting, under the guise of national security and preventing journalists working as spies for foreign agencies. Treating the free press as enemies of the state by default is deeply troubling, I hope we can both agree. This is what I see in these debates about encryption and backdooring. I'd feel much more comfortable being held to account for my communications if I felt empowered to hold my government to account in the same way.
I would say you're wrong when trying to say people are good/bad. For the most part the people in the machine don't matter. They are cogs in a machine that only see a very small amount of information and rarely know what the big picture looks like.
The output of the machine is what matters. If the output of the machine is bad, then everybody that is a part of it is and unwitting bad actor.
We have to make sure we don't make bad public policy machines.
> And attributing it to malice is truly naive pessimistic thinking.
My government is literally killing refugees in order to make a public statement that seeking asylum in our country is worse than staying in a country where you face death from bombs, lynch mobs or government execution.
I think my interpretation of this Five Eyes directive as a lazy power grab is being extremely kind to the people involved because I'm implying they have a plan and are aware of what they are doing.
> Most people that work in politics or intelligence in liberal states aren't in it for the power
This may be true, but even if so it is irrelevant. You do not need evil intentions from hundreds of thousands of worker bees to make something ugly. Just a few politicians or leaders on top are sufficient. I suspect in WW2 Germany most factory workers making gas chamber equipment were diligent, hard working, family loving fellows who did not know the full use for the product they were building.
And yes, I do not trust politicians who lie to the public "for its own good". I think most of those are in it for the power.
This is a valid point; and completely worth discussing. I was replying to someone that was saying something different, however.
In terms of lying to the public: I agree to a point. I think there are certain truths that can't be voiced for fear of enabling our adversaries. That being said, however, I think it was counter productive for our intelligence agencies to lie about the dragnet. It almost invited a Snowden like character and the inevitable public blowback wasn't worth it.
"They want to decrypt data because they want to protect people from threats."
That's "in it for the power".
Power doesn't look the same from the inside. Basically nobody (except college-age Mark Zuckerburg) goes around saying "I'm an evil Machiavellian genius that's going to fuck over the world for my personal benefit." Instead, the feeling of having power, from the inside, is the feeling of being able to make decisions for other people for their own good. It's the ability to deal with people as abstractions who should want things, whether they actually do or not. People can't be trusted to invest their own money, so we need regulations so that only the wealthy can invest. People don't know what they're searching for, so we need to correct their queries for them. People want lower prices, so we'll give it to them by turning the screws on our suppliers. People would collapse into chaos without law and order, so we enforce it.
Sometimes the powerful are even right in their views - after all, very often that's how they got to be in power in the first place. But that doesn't stop them from being resented, because the resentment stems from the fact that they are making decisions for other people that those other people neither consent to nor really want. Someone who is actually "not in it for the power" is someone who says "I trust you to live your own life how you want, as long as it doesn't prevent me from living how I want."
"Most people that work in politics or intelligence in liberal states aren't in it for the power."
True, but those directing and financing them are. Sorry but this is exactly how being in power works. You don't spy on common people because you want to arrest them all now, but rather to keep an advantage position "just in case". Power is all about maintaining an advantage position with respect to an adversary or a potential one. Should you one day, say 10 years from now, become a political figure, the pictures someone collected 5 years ago of you dancing naked and stoned in a disco would instantly become a tool to be used to either destroy your political career, or use it for their gain through blackmailing.
Knowledge is power. AI training aside, gathering all possible information about everyone is how Cardinal de Richelieu would get something enough to hang any of the 7 billions people living on this planet, or have them work for him 24/7.
That wasn't true in the case of tapping into our internet communications. There was no "targeted spying isn't working so we need dragnet surveillance", They just saw something that would make their jobs easier and ignored the obvious moral issues, and the 4th amendment, for some reason. "good guys" don't need those limitations I guess, and will never do wrong. (Except... our hegemony does do wrong by the world every day, and uses its might to resist any positive change that takes power from the powerful)
> Before the reflexive downvotes ask yourself: Who is asking for the ability to decrypt?
People who are known for running the largest spying operation known to man, with utter disregard for privacy. People who oversaw dark sites? You tell me.
> these people are making half or less what they could make in the private sector
But they couldn't get the same level of access, they couldn't see what their ex is doing, for example.
Haven't ascribed malintent at all. I will say the people you describe have moralized their authority, as we all tend to, and I have described it without that filter. It's just incentives.
> Most people that work in politics or intelligence in liberal states aren't in it for the power. They are either curious, desire a life of excitement, or want to bring positive change to society.
I suspect you're correct. However, the systems we design must be strong enough to deal with the inevitable lone wolf or corrupt regime. If we rely on average people with good intentions being the only people in power we will fall to the first outlier to show up. This isn't a matter of pessimism or distrust. It's a matter of us having to be successful at defending every attack, every time and them only having to succeed once. All it takes is one. You design the system not for the authorities you hope to have in power but for the one's you fear having power.
Governments have many tools, the most powerful of which is physical coercion, to gain access to data they have reason to believe exists. I want the serving and execution of a warrant to be expensive (and legible, except in the most rare, unique - and thus highly regulated - circumstances). If it is expensive then it will have to be targeted - resources aren't infinite. Making these powers trivially cheap and unnoticeable when exercised will only lead to widespread abuse and unwarranted violations of privacy as we have seen time and again whenever dragnet surveillance becomes cheap, easy and accepted in a population.
Nation States already have the power to inject silent updates and "hack" foreign agents -- everything they're asking for under these new laws. They generally do not need to break encryption or gain encryption back doors. They do full take on the data before and after it is encrypted and decrypted. This, for the most part, is expensive and thus targeted, for sophisticated intelligence targets. Governments now want to expand this power which has been traditionally reserved for targets which pose grave national security risks. Governments want to apply a military tool to civilian police investigations - effectively militarising police surveillance of all citizens. Are sufficient effective checks and balances even possible for such a powerful capability?
Add to that, the fact that governments want us to pay to create and maintain this surveillance directly, thus hiding the true cost and scope of their investigatory activities - and a means by which we can challenge the implementation of such a system lawfully, by compelling all private companies to build in vulnerabilities on demand. Worse, once those vulnerabilities are in place in a system, all users of that system are vulnerable, not just the targets of an investigation - in effect, making all users, except for just the first one on that platform, cheap and easy targets. Eventually, this facility will be built into every system at design time - it's just another regulatory requirement; and even that barrier, the first target, will be gone.
The fact that they want to use these extremely powerful, hard to detect tools and techniques, developed for covert surveillance against foreign powers who pose a national security risk, against us common citizens should be concerning. The fact that they are attempting to push the burden of creating these tools onto the public, the public against which they will be used, and in so doing, make exercising this power extremely cheap and - beyond the first target on a platform, anywhere - effectively free should be downright terrifying.
Again, it's not about malintent; it's about protecting from the outliers - the abusers - because, while the abuse of a single individual or community can be extremely harmful to that individual or community, widespread abuse of such an investigatory tool is almost entirely impossible to fight. These tools defeat the very means by which people organise resistance against oppression: free, open and private communications.
We should think very carefully lest we put a surveillance ratchet in place that will become very hard to coordinate against by its very nature if abused. Given the history of "exigent powers" becoming normalised introducing such a system seems extremely dangerous.
I completely agree; and I assure you I do not think that I have all the answers or have considered every angle, but I do think about this line of thinking quite frequently and I just don't know how to square it.
On the one hand, I think we need intelligence to stop a cyber 9/11 (or worse, a cyber Hiroshima or holocaust), but on the other hand you're completely right that the outliers are going to show up. I don't know man. It's a tough one.
I tend to favour prioritizing the character of the people that get into those positions and making our political systems as robust as possible, but that's just a stab in the dark. What you've outlined is a real problem that I don't know how to solve.
> Most people that work in politics or intelligence in liberal states aren't in it for the power.
Could be, but you're making a VERY dangerous assumption about their lack of gullibility.
Technology is a difficult field to understand - just look at all the asinine content filtering proposals to get a feel just how out of their depth well-meaning politicians can be. Now think about encryption, an inherently much more difficult subject. The same, or similarly well-intentioned, politicians are going to be completely out of their depth. They can be goaded, led and nudged towards a goal they do not, and indeed can not understand.
Make no mistake. This proposal and its talking points are being fed to the talking heads by parties who want to outlaw end-to-end encryption.
The politicians talking about this are probably innocent of malice, but they sure as hell are guilty of heinous ignorance.
>Who is asking for the ability to decrypt? These people are making half or less what they could make in the private sector.
Many of these people are willing to take a lower salary to help others but history has shown that many, many others take lower paying jobs in government because it affords them power over other people.
I looked into contracting in the UK for a national agency a couple of years back. The day-rates they proffering were almost double a London day-rate (before negotiation; I can only imagine what could have been secured). There's a deeply invasive interview process but they would cheerfully pay outrageous amounts to secure talent (and I wasn't even particularly good!). I assume not many people have the skill-set they're after and even fewer pass the checks. Perhaps it's different in the US but that was very much the state of affairs in the UK circa 2015
> Who is asking for the ability to decrypt? These people are making half or less what they could make in the private sector.
While I agree with your general point about not ascribing malign intent (at the very least, the misunderstanding about the security implications of weakening decryption seems primarily a case of Hanlon's Razor to me), but the "making half or less what they could make isn't convincing to me. There are those who'd happily sacrifice raw dollars for the power of being able to decrypt
My perspective is that it's all ass-covering. When the next terrorist attack comes, they want to be able to say that they did everything they could to prevent it.
If ass-covering is the goal, then the plan there is to loudly ask for information while quietly ensuring that they won't get it, then when the next attack occurs they'll have an easy scapegoat.
If they actually get the information then the next attack will make them look worse.
> I don't agree with what I perceive as their Hobbes-ean need for total control
If you asked them many would say that a state must maintain total control within its territory or someone else will fill whatever vacuum remains -- the mafia, other states or their intelligence agencies, private cartels, etc. Once such agencies get a toehold they can grow their power and eventually challenge the dominant structure. In many cases the new boss may be worse than the old boss.
Politics is all about compromises. Police and intelligence agencies always sound like they are asking for total Orwellian control because they know they'll get only 1% of what they ask for -- so ask big. It's a negotiating strategy.
That might be true in other cases. But here, there is no negotiation because we're not even allowed to know what's being negotiated. They won't tell us how often these powers are used, and they lie about how much it benefits.
What you describe already happened, it's just that the new boss moved into the old boss' office before people could object. We had an accountable system, and now we no longer do.
With mass surveillance I get the idea they know they get 99% of what they ask for, and even more, they mock us because they know they can circumvent the remaining 1% easily through parallel construction.
Remember those NSA slides where they mock the public for willingly buying smartphones that can be tracked everywhere? Yeah, we're the morons, not them who openly lie to the public and redefine language itself to make what they're doing not a crime against humanity.
It's as if they installed cameras on every street and mock people for driving, except of course, that too is now practically normalized under the guise of "safety".
>Police and intelligence agencies always sound like they are asking for total Orwellian control because they know they'll get only 1% of what they ask for -- so ask big. It's a negotiating strategy.
they have a level of surveillance that orwell could not have imagined. orwell imagined hidden microphones and highly visible cameras. we have all of those things and far more.
you see, if they negotiate 10000 times and they get 1% of what they want each of those times, things move in their direction and eventually they have more than what they originally wanted.
My impression from the previous crypto wars and the skirmishes that have followed is, as technologists, we take a very tactical view of technology, and underestimate the intentions of people who understand power and politics the way we understand information systems.
The way we see the security of a system, they see the sovereignty of a state. Just as incompleteness in our code can yield system level compromises, incompleteness in their ability to apply their rules to their territories and domains also yields compromises that makes the whole system untrustworthy.
I don't agree with what I perceive as their Hobbes-ean need for total control, where I think the localized, depth first absolute authority of a state becomes malignant when it is applied breadth first and in totality to all aspects of life, but you can sympathize with the urge without agreeing with it.
They should be mindful that post-Snowden, no matter how large the field we live in, people have seen the walls and bars at the perimeter, and that broad perception is likely a greater source of instability than any gaps in the ability of the state to enforce them.
Viewed this way, the 5Eyes statement seems unwise.