If you want to convince your friends they should support encryption, here's how I like to get past the "nothing to hide" argument.
Imagine we're sitting at a bar, chatting. None of us have anything to hide. Then the government passes a law that all conversations must be streamed on Youtube Live, so an agent comes in, sets up a camera at our table, and starts streaming.
We still don't "have anything to hide". We're just having a conversation. But the conversation used to be private--that's normal. Now it's not private, which is not normal.
Whether or not you feel like you have to "hide" anything during a bar conversation is not the point. It's whether you think we should make changes to our society where having a private conversation is never allowed.
This kind of analogy, in my experience, helps people understand that the "nothing to hide" argument assumes that privacy is only for evil people, when in reality it's the very normal default of daily life. The parable posted in another top-level comment is also great.
My nothing to hide argument is a little different;
Nothing to hide is an incomplete sentence. Nothing to hide from who? Surly you want to hide your children from abusers and predators? Don't you want to hide your banking details from con artists and fraudsters? Your identity from identity thieves.. Your ___location from burglars, your car keys from car thieves or your blood type from some rich mobsters with kidney problems..
we don't know who are any of these things. So we should protect ourselves from all of them, in effect we have everything to hide from someone, and no idea who someone is.
“My problem with quips like these – as right as they are – is that they accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.”
I completely agree with that. However, it's not always possible to go down the rabbit hole of inherent human rights during a casual lunchroom conversation while you're making a coffee.
These "quips" have their place. Hopefully, they make people think and at least consider the importance of privacy.
That argument doesn't work because some people are so conformist that every detail about their personal lives would be considered 100% unobjectionable to anyone they know or work for. (This is impossible when you know or work for diverse groups, but inside of a monoculture it's possible.)
Somebody thinking they are "safe", inside a monoculture, could easily get caught out saying or doing something that turns out (now, or in a few years) to be racist, sexist, homophobic etc., (or overly politically correct, for that matter), even as a joke, slip of the tongue, or ignorance.
Which we have witnessed with celebrities having 10 year old tweets dug up when twitter was just a stupid little website.
The safest bet is to say as little as possible when it comes to the internet.
Yet there are millions of kids who cannot legally consent uploading to Tiktok et al. I'm so glad this didn't exist when I was 9 years old. I'm not sure how 2020 9 year olds re going to feel about it in 20 years time.
Ask your political conformist, "So I'll give you $20 for a copy of your tax return, your birth certificate, financial acct numbers, and passwords. There's a guy I know who said he'd pay me if I could get them from you, and I'm willing to split it with you."
Some people are also so good at compartmentalizing that they believe this, but ask the right question and they realize they do in fact have (deeply shameful, at least to them) things to hide. Of course, you have to know the dirty secret.
Case in point: I had an ex whose grandparents lived in a mansion on a ranch in the Ozarks, and were very well off (some kind of corporate lawyers). Their public image in the community was one of great wealth and benevolence; due to some bad financial moves, they'd lost everything a few years back and their kids, grandkids, and great grandkids had scrambled to buy the house out from them, a loving gesture, so they could maintain their image. I learned of this secret (which itself isn't really shameful, people make mistakes, even big ones!) after a year or so.
They were both of the "we have nothing to hide," but one day I asked whether they'd like their neighbors to know about their penury; they told me to shut up and mind my own business.
Nothing to hide? Everyone's got something to hide, but for the most part we don't know it, because they're hiding it!!
I don't buy it. We all do things that although not wrong we still wouldn't like to share with anyone. i.e. No person wants to be seen picking their nose, although everybody does it.
If someone believes they wouldn't mind being seen picking their nose, it doesn't matter whether they are correct in that assessment. You won't convince them using such an argument because they won't agree with your premise even though you're right.
Somebody prove it by posting their email password. If we require encryption backdoors, the odds of it all ending up on Pastebin at some point is about the same.
With the poor security practices of the non-technical majority, it doesn't take an encryption backdoor for their password to end up on PasteBin. It already is on PasteBin.
What I think is that many of us in my country, where government is quite powerful (and still democratic) have reached a level of comfort such that the fact of having some state agency looking at some of my detail is totally acceptable since it doesn't change our comfort.
Now, tell those same people they'll have to pay a tax based on the destination they choose for holidays, and you'll get them in the streets (I'm exagerating a bit, but you get the picture)...
"It's not about the government having your bank account details. Do you want scammers to have your bank account details? Identity thieves? If encryption is outlawed, you won't be able to keep it from them."
I use to point out that I'm not even hiding it from the local police, today. Police here are OK.
I'm hiding it from:
- a future where the nazis or another totalitarian party wins the election
- future corrupt police personnel
- other countries intelligence (not everything I say might be compatible with doing work in North Korea/China/Israel/Saudi Arabia/Turkey (edit: added Turkey, I don't plan to go there in my holiday anyway)
- Leaks from police IT systems
And then I point to Turkey who went from approaching membership in EU to human rights hostile dictatorship in two years.
I usually say something similar, "Oh? Let me show your browser history and all your text messages to your significant other, your co-workers, and your boss."
I've used that one before. And for those who truly do believe they have nothing to hide, you can point to the ~1% of wrongfully convicted inmates in the US who probably thought they didn't have anything to hide either.
I like this. I'll offer a third approach, but yours might be better: remind the person that there are plenty of moments in normal life in which no-one is doing anything wrong, but for which privacy remains paramount. This doesn't take much imagination.
It doesn't speak to Internet surveillance directly, but it's enough to show that there's more to privacy than the desire to conceal wrongdoing.
Edit Also, there's a great 2007 paper on this kind of thing, 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy:
No offense to apeace but this is the far better argument. A conversation in a bar is public already; you have no idea if the person sitting across the room might have a microphone trained on you and recording the conversation, because you are speaking in a group within a larger group with no protections. There is no expectation of privacy so there is no argument for privacy in that analogy.
It's far better to ask why we should have encryption (for our safety, our security, and yes, our personal privacy) rather than whether we should have it. The government, with this bill, is debating whether we should have it, when it's obvious to the people that we definitely should. Turn that around on the senators proposing it; ask them if they want to build in back doors into our digital lives, can we as their employers and electors do the same thing to them?
Even if you grant "only the government has access," I think you still shouldn't be complacent, because what the government considers acceptable can change, and may not agree with what you think is acceptable.
E.g., maybe a govt comes into power that is strongly anti-gay, and punishes you for being pro-gay rights.
Or the opposite.
In general the idea that the government will always be reasonable and should have unlimited surveillance powers is unsound and unappealing.
The counter-counter-argument is the whole history of both individual (against policy) and official (by policy) abuse of surveillance in the history of government. Every expansion of monitoring must weigh the specific expected benefits against the very real cost of expanding both of those abuse surfaces.
That argument doesn't really work. You supposedly know whether you have "nothing to hide" (and don't dare to admit it if you do have something to hide), they need to look to check this.
I think the key here isn't broadcasting, it's storage. In the future (?) we might think we can detect Parkinson's or MS very early through voice/video/typing characteristics.
Your conversations were recorded, the data leaked to or purchased by a fly by night company hired by your bank, and now suddenly despite your excellent credit history you can't get a 30 year mortgage, you try to find a new job but companies are only offering 6 month contracts, etc.
It's hard to prove a database doesn't exist, better to encrypt the content beforehand and make it harder to create.
Thanks, just to be clear I made it up after clicking reply!
If you want to make more of them I just combined a plausible data analysis project with some of the creepiest insitutional aspects from previous surveillance scandals.
Even barring the legal requirement, banks already prices mortgages such that they can handle being stuck holding the title with no payment. Down payments or government guarantees prevent them from holding the bag unless the housing market takes a big downturn.
Yes they can, they just can't use your age or other protected characteristics in the calculation of those odds. The ECOA doesn't say anything about health.
Let me be more clear. Banks don’t give a fuck if you have a high chance of dying a couple of years into a mortgage. It’s no different than you walking away from your mortgage, which they already have priced in.
Additionally, the underwriter of the mortgage sells off the mortgages to other banks once everything is closed up. If a chance of death had any impact on repayment probability, this resale value would be impacted (where age discrimination doesn’t apply) and that doesn’t happen today.
Whether it works is irrelevant. If anyone buys it, the time between belief and disbelief will be longer than the time it takes to screw up individuals' lives.
"Would you give up your right to free speech just because you have nothing important to say? No? Then why would you give up your right to privacy just because you have nothing to hide?"
It raises the important point: of course you don't care about privacy now while you have nothing to hide. You should care about it because one day you might.
It might be a stalker, a corrupt government official or policeman, someone at work who is competitive with you, you might be a whistleblower or learn a family secret that would damage your reputation (lets say, your father is a pedophile) .... all these things happen to completely "regular" people who until that point had "nothing to hide" and they end up needing or wishing to hide them in at least some circumstances.
While I fully support strong privacy & encryption, there is absolutely no logic in this argument because it tries to build upon an unrelated hypothetical.
A stronger argument should have tried to explain how this violates the constitution:
It creates a committee which is extremely likely to pass policies which violate the Constitution. In fact, if there were really effective ways to reduce crime online which didn't violate it, they likely would have been passed twenty years ago without trying to piggyback on another bill.
I agree, the EFF should have elaborated more on concrete examples of how it violates the Constitution.
The potential space for bad policy is gargantuan and hard to explore without additional hints or context. Given that enumerated in rhetoric, tech company policy, recent events and the bill itself:
It may create potential for witch hunts. Think of some recent conspiracy theories here.
To censor speech which comes close to looking "suspicious" whomever is the one to define this. This is most likely the government.
It may push companies to use filters which over-censor speech and it may be impossible to get a remedy at the scale at which they operate.
Trolls could abuse mechanisms to silence opinions they disagree with. If a government decides to smear someone's reputation through a coordinated campaign, they could make the argument they are a danger to society and pressure platforms to silence them.
You'll have to explain to me how it's an "unrelated hypothetical". Both situations:
* Indicate that you have a right
* Which you probably don't have a pressing need for at the moment
* But the lack of a need in the immediate future doesn't mean you won't ever have a need for it
The only real difference between the two, as far as I can tell, is the actual right you're not-using-but-still-protecting.
Analogy != "something different entirely". If we accept such weak criteria for acceptable arguments, one could argue for or against anything by picking a convenient "analogy".
Pointing out that a weakened encryption is analogous to getting a wiretapping order for everyone without a cause is a stronger argument.
> When people say "nothing to hide" they mean nothing to hide _from Law Enforcement_.
I don't think so. I think people simply mean they have a reasonable expectation of privacy in all of their personal activities. There are lots of things I say and do that law enforcement would not be interested in at all, but that I still want to keep private, simply because I want to. I shouldn't have to give a reason; privacy should be the default. People who genuinely want to share every little detail of their personal lives already have Facebook.
I don't know, but its scary here. Police march the streets firing rubber bullets into crowds. A leader who makes repeated and sustained attacks to discredit the media with the deliberate intention of having a population with no trusted or reliable sources of information. Foreign interference in elections.
The funny thing is, the reason I support surveillance and legislation against encrypted messaging (or at least a backdoor for law enforcement) is extremist groups like ANTIFA
I mean, up to the legal statute of limitations they can do that right (eg if they had speed camera recordings that they realized were accidentally unreviewed, they could use those and issue tickets without it being much of a morality issue).
It is maybe unfair because of a sudden burden and no ability to change your behavior before it added up to a huge sum, but it doesn't seem to have anything to do with privacy.
I say, no need to look at hypotheticals. Just sit back and watch what the Chinese government likely has done with the social media posts from people in Hong Kong, who are now in a desperate rush to obliterate them. Tough look, those have already been crawled and indexed. It's not quite the same, because these social media posts weren't meant to be private at the time, but it illustrates the point what can happen when 'data is out there'.
Closer to the US, prominent activists for Mexico's soda tax were targets of a campaign to hack their phones with NSO's exploits, and given NSO only sells to governments and the Mexican government is a known NSO client, it is very likely they were targeted by the government itself: https://citizenlab.ca/2017/02/bittersweet-nso-mexico-spyware...
Americans have a sense that what happens in China (or Nazi Germany, or any other place you'd care to name) can't possibly happen here—even if it is currently happening here.
Gone are the days during the Cold War where you could say, "What is this, Soviet Russia?" and have anyone squirm at the comparison.
This is not a good analogy because if you speed on the highway you are putting other peoples lives at risk, and doing it in public. I think we probably should have a satellite tracking every car and issuing a ticket as soon as a car speeds.
That's complete BS.
Speeds have not been updated to match the technical characteristics of modern cars. There's a reason why Germany doesn't even have a speed limit - the limit itself is pointless. They only fine you for dangerous driving.
This is just misinformation. Of course, in most places, Germany has speed limits. For example, the speed limit within cities is generally 50km/h, around schools and in residentials areas it's 30km/h and outside of towns, it's usually somewhere between 60 and 100km/h. The only exception to this are highways where, in fact, 70% of the time, there is no general speed limit. Even so, specific sections will always have speed limits (e.g. around a construction site), and additionally, there are strict rules for how to behave on the highway (in particular, it's absolutely 100% forbidden to pass a car on the right and you generally have to drive as far to the right as possible unless you want to pass a slower vehicle).
From Wikipedia.
" In 2018, the autobahn rate of 1.7 fatality per billion traveled kilometer is less secure than both the French one at 1.4 per billion traveled kilometers, and the British one at 1.4 fatalities per vehicle-miles traveled[27]. This means the risk of fatalities per traveled vehicle kilometer is 20% higher in Germany than in France, and near 92% higher than in the UK. "
I can't read that one, but I did read a few newspaper articles on the topic and it sounds like there is a lot of debate around the issue. I can imagine its almost impossible to take into consideration all various factors like road conditions, and local cultural issues, and quality of cars and everything. I'd also like to know how much the spend building and maintaining the unrestricted stretches of road, I would imagine you don't want to hit a pothole at 180km/h
But my personal view is that sacrificing safety so people can get from A to B a little faster is not worth it, and perhaps it's not clear whether or not speed is a big factor, but why risk it? Whats the rush?
> But my personal view is that sacrificing safety so people can get from A to B a little faster is not worth it, and perhaps it's not clear whether or not speed is a big factor, but why risk it? Whats the rush?
It's not that simple that less speed equals more safety. Even the posted link shows no correlation.
Some people argue that speed in Germany is not risk, but a safety measure. German highways are already mostly overloaded with traffic. Decreasing the speed by introducing the artificial limits would effective make driving more dangerous because highways would be more crowded with drivers with less distance between, there would be more lane changing during driving, drivers will be more tired because of spending more time on the road. Also, driving at the uniform speed at the speed limit reduces awareness of the road conditions.
Another topic is that limit also works as a framing. On the road where limit is 120, everyone will tend to drive around 120, regardless of conditions. For the road without speed limit, people will generally drive 100 if that's optimal speed according to the current traffic conditions. And if it's safe to drive 180, why not?
> I would imagine you don't want to hit a pothole at 180km/h
You would just kinda fly over it, unless it's huge. The faster you go, the less potholes are a problem. What's more dangerous is that braking distance is quadratic in velocity.
> if you speed on the highway you are putting other peoples lives at risk
If you drive at all you are theoretically putting other people's lives at risk. Everyone always has to exercise prudence when they drive in order to mitigate that risk. If their judgment is bad and they cause an accident, they are held legally liable for the harm they cause, and that gives people a strong incentive to not cause an accident. That, in a sane society, would be considered sufficient as a matter of public policy, and the government could just stop worrying about it and move on to more important things.
But ticketing someone because of an arbitrary number posted on a sign, which might have little or no relationship to the speed a reasonable and prudent person under the actual conditions on the actual highway would choose to drive, is not protecting people's lives. It's the government tapping an alternate source of revenue because it doesn't want to just admit it needs more money and raise taxes. Not to mention decreasing everyone's respect for the law, since everyone knows that under current conditions speed limits are unenforceable (and what enforcement does exist is arbitrary), and doing what it would take to actually enforce speed limits completely would be a draconian violation of our rights that no citizen of a free society should accept.
> I think we probably should have a satellite tracking every car and issuing a ticket as soon as a car speeds.
I think the government should stop trying to micromanage every aspect of people's lives and focus on protecting our rights.
This is the same kind of self destructing thinking that has the US on the ropes right now.
So much of our society has rules and penalties because people are not very good at "exercising prudence". Instead we ask experts to think carefully about problems and set limits around what we should do so that we can all get along in a safe and peaceful society.
We don't allow doctors to practice surgery without a license and training. We don't allow tall buildings to be built without approvals. We mandate that a restaurant kitchen must be reasonably clean.
We need to have faith in our societies ability to set and review these rules and limits. If we can't trust the experts and the public servants we employ to enforce the rules, then we need to ask why not?
What we should _not_ do, is just blow off expert advice because its inconvenient or because somebody on Fox News told us to.
> So much of our society has rules and penalties because people are not very good at "exercising prudence".
Speak for yourself.
> Instead we ask experts to think carefully about problems and set limits around what we should do so that we can all get along in a safe and peaceful society.
That's a nice myth, but it's not the reality. The reality is that governments use this power for purposes that have nothing to do with a safe and peaceful society.
> We need to have faith in our societies ability to set and review these rules and limits.
Sorry, but the track record of governments and "experts" is way too poor to justify any such faith.
> If we can't trust the experts and the public servants we employ to enforce the rules, then we need to ask why not?
And what if the answer is that either there simply are no actual experts in the problem ___domain, or there is no way for any actual experts to credibly communicate their expertise, because of principal-agent problems, conflicts of interest, and other inconvenient realities?
Because that is in fact the answer in most problem domains that are relevant to public policy.
> What we should _not_ do, is just blow off expert advice because its inconvenient or because somebody on Fox News told us to.
What we should also not do is treat people as experts just because they say they are. We should demand a track record of accurate predictions. Most so-called "experts" don't have one. That's just as true of the talking heads on CNN or MSNBC as the ones on Fox News.
>What we should also not do is treat people as experts just because they say they are.
Agreed 100%. Experts should make decisions based on open data that anybody can review. Also there are a lot of grey areas, so often we look for "scientific consensus" where a community of experts can debate issues and attempt to decide whats best.
The rest of your comment is basically that government does a bad job at a lot of things, but my view is we should fix government rather than reject it.
I live in a much smaller country, and here, I feel a small group of individuals _can_ make enough noise to shape policy. Sort of. At least they have a say. A good corruption watchdog would help - we don't have it yet, but at least there is talk of one. No climate policy. The whole witness K thing. Massive expansion of Defense this week. Cuts to the ABC. Err, dark times for Australian politics, but it _could_ be all rolled back at the next election. It will be a close race. I'm rambling now.
You got me interested in the subject so I did some searching. This document, while doesn't address speed as a factor of accidents directly, does seems to show that speed cameras do push down Australia's fatality rate on the roads. (I'm Australian)
Of course, from a physics perspective, lower speeds means less force in an accident. To take an extreme example, if we set a nationwide speed limit at 1 mph (1.6 km/h in kangaroo units) and enforce it completely, we might not have any traffic fatalities. What if at a 5 mph speed limit, one person dies in total across the entire country? Do you say that driving at 1 mph is safe and driving at 5 mph is putting lives at risk? Well, I guess statistically that is the case, but only if you ignore all of the other factors that went into the crash and attribute everything to speed.
For most accidents there is more than one factor that contributed to the accident. While speed is a measurable and oft-cited factor in a crash, it is not necessarily the reason that the crash occurred. Example: Someone drives 75 in a 70 zone, stops paying attention, and drives off the road into a wall. Speed and inattention could likely both be cited by forensic examiners as a factor, but the crash may have had the same outcome regardless of the speeding and entirely determined by the inattention.
And to the other opposite, there are plenty of scenarios where someone could follow the legal speed limit of a road while operating their car at an unsafe speed. Someone could drive 65 in a 70 zone on an icy road, or past stopped traffic, etc. While they are following the legal speed limit, they are operating at a speed that puts others at risk.
Basically, speed limits are an easy to understand approximation of what is usually a good idea for most drivers in most cars under reasonable conditions. Given that, sometimes they are too high and sometimes they are too low.
Higher speed makes all road behaviours riskier. I'm also from the Kangaroo states and while I know of not a single person who likes getting a speed fine I think the vast majority agree that having some speed limits makes things safer.
Australia doesn't have the same cultural views as America with regard to freedom. We have high taxes, virtually no guns, heavily enforced traffic policing, etc. On the Wikipedia page for road death per 100000 population Australia is about 5 compared to the US at 12. A large number of Americans seem to be culturally ok with this as long as the government doesn't interfere with their life. Hacker News has an international audience and you often see the different value systems at play in the comments.
I’m not arguing that speed doesn’t increase risk, nor that we shouldn’t have speed limits.
I’m arguing that they’re approximations of safe behavior. Prevailing traffic science suggests safe traveling speeds are heavily dependent on conditions, yet most speed limits are static.
I’m okay with the idea that people should not exceed the speed limit because we’ve chosen it as a reasonable compromise. I’m less okay with saying that those who break the speed limit are unsafe by default, or that those who follow the speed limit are driving at a safe speed.
In addition, hackers from the US probably tend to lean more libertarian than the general US population. By contrast, the hacker scene in e.g. Germany, while of course being government-critical, tends to lean more traditionally left
I consider my politics left-leaning and not libertarian.
I'm making an engineering argument about risk and blame, not a political argument about freedom. I am not arguing that we shouldn't have speed limits. Speed limits are like democracy. It's a terrible system... except for all of the others.
Ideally we'd have a better measure of unsafe movement -- We could much better measure risk if the speed limit was set to an equation based on the difference in momentum vectors between vehicles, the capabilities of the drivers and vehicles involved, the weather conditions, etc... but that has a much larger weakness in that we don't have a way to effectively measure/calculate/communicate those expectations to drivers.
I am all in favor of a utilitarian solution to the problem, but I'm under no illusion that it is a rigorous benchmark of risk.
The libertarian argument is that we shouldn't penalize risk at all. I am saying we should penalize risk, but that speed limits do a mediocre job of measuring it.
Fair enough, I was just adding to the parent's comment about different cultural viewpoints, but I failed to consider your own perspective on its own. I think your point of view is valid.
That said, to get back to one of your original examples: at least where I live, even if there is a general speed limit of, say, 80km/h, you could still get in trouble for driving that speed under adverse condition, like ice, heavy rain, heavy fog or darkness. I think the rule is that you have to guarantee to be able to stop within half of the visible distance So it's not like the law is completely static either.
I'm stealing your analogy but I'm also ready for people to smugly proclaim that they would have no issue with livestreaming their entire life since they have nothing to hide.
That’s the best part. Remind them that it’s not about you. It’s about whistleblowers and journalists who need to protect their sources, and lawyers who need to communicate with their clients. That tends to bring the ego down a peg ;)
But honestly, it’s best not to be aggressive. Some people don’t care much, and you won’t convince them.
FWIW, all my non-technical friends use Signal with me, and they know about verifying safety numbers! It can be done.
Have you been to my family reunion because I think that may constitute a direct quote. Of course four years ago they espoused the opposite standpoint toward whistle-blowers because obviously the other-side was bad-wrong and this administration is right-good.
Unfortunately, as the current coronavirus case data shows, a large number of people here think everything is about them and them alone, so we'll need to make an argument that speaks to them personally. I'm not sure there is one that's universal—as suggested above, asking for their salary might be as close as we might get. That would then leave government employees.
May be it's not about 'nothing to hide' vs 'something to hide'. May be it's about inadequate responsibility level for a bar conversation.
When people make public speeches they tend to choose words more carefully because they aware about possible dramatic consequences.
The same level of awareness for each private conversation in the bar can lead to a lot of efforts. It's another level of efforts to formulate things correctly. Sometimes people just need a safe place to formulate and try ideas without worrying about being punished for consequences.
If everything is livestreaming it's hard to achieve certain level of relaxation.Because it becomes a hard work to avoid saying something they didn't mean.
This kind of hard extra work would result in overloads and intentional faking to be on the safe side.
And 'that' is the core damage effect of any mass surveillance: Inability to have a free and open private discussions.
So even when there is 'nothing to hide', there is a lot of work just to 'avoid to show' something you didn't mean.
I like to tell people about programs like "LOVEINT" (https://en.wikipedia.org/wiki/LOVEINT). Where there is personal information available to others, it can and will be abused in ways you won't approve of. Privacy might seem like an abstract concern until you or someone you know is being stalked, etc.
> Imagine we're sitting at a bar, chatting. None of us have anything to hide. Then the government passes a law that all conversations must be streamed on Youtube Live, so an agent comes in, sets up a camera at our table, and starts streaming.
If we are doing imaginary situations, the proponents of this bill can also do something like this:
Imagine there is a bar, where the police are unable to go inside. Every day, people go into the bar to plan terror attacks or to spread hate and racism. They can have whoever from across the world join them in the private bar without the police being able to find out. Sometimes they also bring young children into the bar to sexually exploit them. Other times, they bring vulnerable young men and indoctrinate them with their racist hate. The owner of the bar knows that those kinds of things are happening, but they say, a lot of people just come into the bar to talk with friends, so we never allow the police to come. In addition, before serving drinks, the owner puts on a blindfold and stuffs their ears with cotton so they won't be able to see or hear what is going on. They live by the principle: See no evil, hear no evil. The owner of the bar is making a lot of money from the people using the bar.
Don't you think we should keep the terrorists, and neo-Nazis, and child molesters from having a bar that they can go to to do and plan their evil stuff that police cannot get to? Don't you think that the bar owners, instead of stuffing their ears and covering their eyes so they are unable to see the bad stuff, should make sure that bad people aren't using their bar for evil stuff. Sure, just like in the real world, you will have your privacy just like you have in your home or at the local bar. But, you would want a real life bar owner to not close their eyes to people using their bar as a planning ground for terrorism, or who are bringing young kids with fake id's to the bar to exploit them, or who are filling young men's minds with hateful, racist lies? Also, just like the police can get a search warrant for a bad person's home or a bar where a lot of bad people are congregating and planning and doing bad things, we think they should also be allowed to do that in the online world.
Now tell me, to the average non-tech voter, which will pull the most emotional strings?
So now, the terrorists and child molesters still use the bar, but they always go into the bathroom to talk. The owner suspects that they are talking about bad things in there, and installs surveillance cameras so that if the police ever need to know what's happening in there, they have access. Would you want a real life bar owner to record you on the toilet just so that one day the police can track some bad guys easily? Probably not. Do you think it's reasonable to expect privacy on the toilet even when you're in a bar owned by someone else? Yes, even if it might one day make law enforcement a little harder. And just like we think that people have a reasonable expectation of privacy when using places intended for that in the real world, we think they should also have it online.
An open source messaging app that actually does end-to-end encryption regardless of whatever law? It might be less convenient to use, but people who feel they need to encrypt their stuff, will be able to do it anyway. So the end result will be just less privacy for people who "have nothing to hide".
People use both of them when they want to do something in privacy, instead of sharing it with the whole world.
If you invent a message app that tells everyone it posts every message to a publicly visible website, then I'd agree that people using it aren't expecting privacy. I don't see it catching on though.
> just like the police can get a search warrant for a bad person's home or a bar where a lot of bad people are congregating and planning and doing bad things, we think they should also be allowed to do that in the online world.
Bad analogy, because a search warrant for one bad person's home or bar does not require the government to have keys to everyone's home and bar, just in case they need to search it.
In other words, the problem is not the "get a search warrant" part. It's the "break strong encryption so no one's data is secure, just in case we need to search anyone's data" part.
Filling someone's head with hateful, racist lies is 100% legal so it would not be applicable to the proponents of the bill. Terrorism is another beast.
You will find a lot more people than you would like in a lot of communities are racist. I do not approve of it but preventing it would enter the realm of thought policing and would require a totalitarian police state.
But income is definitely something that people love to hide. There's a lot of things that all people would love to keep quiet, mostly because their friends or loved ones would find out and may disown them
For those who aren't convinced by this argument, you can take it a little further by introducing a hypothetical situation in which their political opponents obtain power and criminalise criticism of government or other powerful "common-good" entities. Now your recorded conversations could become evidence of sedition, and even if it wasn't criminal at the time it could certainly be used to show evidence of previous behaviour.
There's other ways. Ask them for their passwords, ask them to hand their phone and riffle through their conversations and photos. If I know they won't be offended them I'll ask them to send me nudes or if they would let me put a camera in their shower.
After all, if you're have nothing wrong you have nothing to hide, so why should you close your shower curtain?
I've used most of the arguments against 'nothing to hide' mentality mentioned in this thread, and guess what: most of the people still don't care enough to change a single one of their bad privacy habits. Their eyes glaze over, or they think you are just overly dramatic or a conspiracy thinker, or "I'm not that important" or "Small chance it happens to me", "I trust the government" (when it comes to encryption), etc. Some friends and family I educated in length, and still they are not even willing to e.g. switch their Samsung browser to FF, or install an ad-blocker.
The concept of privacy and the consequences of not having it are too abstract for them. It is like saying that climate change will lead to disaster unless we all act now. They will only act after something bad happens to them personally.
My take:
The “nothing to hide” argument is a fallacy for two reasons:
(1) The connotation that things discussed in private are bad. True, criminals may discuss illegal activity in private, but that does not mean everyone’s private conversations are illegal.
(2) The notion of what needs “hiding” is subject to opinion, and changes over time. You may not be breaking any laws today, but if the law changes and governments have access to your past data, you are now vulnerable and have nowhere to hide.
I find it much easier to argue from the moral perspective.
It's my right to hide whatever I want, regardless of whether somebody else considers it "something to hide" or not; just as it's your right to buy a 3m tall chocolate statue of yourself, regardless of whether I think it's something you need.
The question is not "is it really necessary?" but "who the #£$! gave you the right to decide whether I consider it to be necessary for myself?"
Then again, here in (east) Germany, somebody argues "I have nothnig to hide", you just tell them "Neither did people 40 years ago" and the conversation is pretty much over.
I won't try and summarise it because I think I'd do a disservice to it, but it's another really good argument, ostensibly from experience, re corrupt countries and surveillance.
Another argument is that a conversation we are having today (nothing to hide and between friends) may be used against us in the future. It could also be used against your children.
But YouTube Live is publicly accessible, it's not the same as a law enforcement warrant. I think a better analogy is whether it should be okay for a judge to allow police officers to storm into your private residence with only a few seconds warning, and then proceed to examine and even take away anything in your room.
No, because when police have a search warrant and storm your home, they can't seize the private conversation you had in bed with your partner a year earlier. They can't suck the memories out of your head. Technology like mobile phones and messaging have become an extension of us, they are used for private conversations and personal memories. Breaking encryption on these is not like search warrants of yesteryear, and not like wire taps. In traditional search warrant they would not be seizing communications. And in wire taps they would only get conversations going forward, not years in the past that they can search through, and even with conversations going forward they sometimes wouldn't be allowed to listen to personal conversations.
The Bill of Rights (first ten amendments to the constitution) is all about protecting us against abuses of government officials. It presumes people in government could be bad, and we need protecting from them. By allowing a government official to seize all our private conversations it could allow a bad government official to go fishing and find things things that they can use against their enemies. There are many, many laws. Many of them aren't enforced, but could be.
For example in some states adultery is illegal, even a felony in some states. Not just in small states, but in New York, Massachusetts, and Michigan. In Massachusetts there hasn't been an adultery conviction since 1983. But if law enforcement was allowed to decrypt an iPhone, and find private bedroom things, it could be used as an attack on a political enemy.
It isn't only "bad people" that should be worried about the government. I think pretty much everyone agrees Martin Luther King Jr. was a good person. But the government at the time didn't think so. When he was killed the first people on the scene were the police officers who were doing surveillance of him from across the street. That is the kind of government we need to be protected from.
Whether traditional search warrants or breaking end-to-end encryption violates privacy more really depends on specific cases and the details of how the end-to-end encryption gets broken. Search warrants definitely aim to seize communications and intrude into private notes, collections, offline-only meetings, affairs, and all kinds of potentially embarrassing bedroom items that were purchased anonymously.
The only real defence against government abuse is strengthening democratic institutions, respect for human rights, strong oversight, transparency etc.. End-to-end encryption is quite a shallow/weak protection since a truly tyrannical government can easily make it illegal at any time. A lot of government abuse is also possible without breaking encryption.
So I think the benefit of end-to-end encryption in protecting against abusive governments is often over-stated. But what about the costs? For example technological progress is making the world more dangerous. Should it be easy for a bunch of people to use unbreakable encryption to coordinate the development extremely dangerous genetically engineered bio-weapons from their homes? If one such person is caught should it be really impossible for 5 judges to allow the police to find all those they've been talking to?
There is no evidence to suggest people are developing extremely dangerous genetically engineered bio-weapons in their homes or will be capable of doing such in the future.
Unless this bill's critics are mistaken, if your friends are using "file encryption", i.e, encrypting the contents of the communications themselves before sending, then this bill has no effect on that.
IMO, your friends, unless they are nerds, are never going to place much value on encryption when they never actually use it themselves. When some third party tech company is doing the "end-to-end encryption" for them then your friends are really not in control of the situation, let alone having any reason to understand it. It could be a sham and they might not know it.
This bill stands to hurt tech companies but according to its critics (surprise: it's the tech companies) it does not interfere with any individual's use of encryption for communications.
No one wants third parties to have potential access their communications. However there is no law preventing a tech company that provides "encrypted messaging" from decrypting people's communications. There is not even a contract with users. If they do this, their liability is zero. There are only "promises", something like, "We promise we won't do it, unless we receive a valid subpoena" or "We have made it technically impossible to see your messages." (Nevermind metadata.)
Well, what if some other third party, like the people pushing this bill, made the same promises? Would that be "good enough"?
Of course not.
For the record, I am not taking a for/against position here. I am not a tech company nor someone trying to get access to encrypted messaging services provided by tech companies. However if something came along -- not suggesting this is it -- that created the necessary evolutionary pressure to make every person, not just "bad guys", have a basic understanding of how to encrypt a file and send it over an insecure network, without relying on a third party for the encryption, then I would think that would be a good thing.
> "We have made it technically impossible to see your messages."
That one's not actually a "promise"; it's either true and sufficient (although it's hard to imagine how if the software supports automatic updates), or a direct lie because they have not in fact made it impossible.
Seems like it is impossible to verify whether it is true because we cannot see exactly what they are doing. We are just taking their word for it. It can be nothing more than a "promise" because we are not the ones responsible for carrying out the encryption. We have to trust both (a) the encryption software, which we can examine, and (b) the third person doing the encryption, who is unfortunately operating outside our view. Even if the third person is trustworthy, if they make a mistake, they are not liable for anything. They are not even obligated to tell us they made a mistake.
Usually when we trust people to do something important for us, we have some recourse against them if things go south. It is more than just a promise. They have skin in the game.
"Promise" generally means a statement about someone's future behaviour; they're lying (or theoretically not) about something they already did (write the software in such a way that they are literally incapable of retrieving the plaintext of messages). If I say I'm not going to steal and eat your cookies, that's a promise, which I might reneg on or never have intended to keep in the first place, but ultimately it depends on future events; if I say I didn't eat your cookies, that's a statement of fact, true or false.
Edit: Er, obviously you should never trust tech companies about anything, promise or otherwise; I was making a distinction about what kind of deceit they were engaging in.
You don't feel you have anything to hide, now. But if ever the government started doing something you disagreed with, like started getting too powerful, or using that power unjustly, your ability to check that power would be significantly diminished.
While this is on the right track, one would point out that these conversations wouldn't be public they would only be visible to government authorities.
I think the due process argument is more compelling. Part of preventing abuses and corruption by law enforcement is ensuring they can only surveil people with reasonable suspicion. Yes there are people who should be under surveillance. But it's crucial that this gets approval from the courts to prevent agencies from snooping on people not for law enforcement but to gain leverage and power. Your privacy helps us prevent the next J Edgar Hoover even if you have nothing to hide.
>Yes there are people who should be under surveillance.
When I read this as you put it . It comes to me something we tend to forget that surveillance is a form of attack on a person's freedom obviously. The fact of it presence is already an insult actually.
Humans need privacy because of the selfishness of our survival biology. There simply are bad people in the world, and I wish it were different, but it's not. 'Just trust us' are words often told to us by people who only want power - at our expense.
The best sentiment I've ever heard about privacy is from Shoshana Zuboff, and it's now influenced my thoughts. It's at the end of her amazing 2018 book 'Surveillance Capitalism', the best book on tech I have ever read. She shares a conclusion along this line: To be private and free from surveillance is to be human. If we have no privacy, we lose our humanity.
She explains that there is a direct connection between being watched, and being controlled. We need freedom of diversity - to will - to decide for ourselves. Otherwise, and now I conclude, bad actors with power lust will only bend the world to their vision.
The guilt-tripping words of "nothing to hide" come from a place of privilege - or worse, hypocrisy. It is an insult to anyone who is different from the norm, and who wants to be themselves. What you have every right to hide does not even have to be illegal, but often it is, like LGBTQ people last century. Illegal ≠ immoral.
Privacy is a core freedom to protect human diversity. It must not be shamed. It must be loved. Cherished. Treasured.
Privacy begets diversity. Surveillance begets conformity. Which one is more important for the development of life in the universe?
As a child, I instinctively knew that privacy was something natural and important in life. Now as an adult, with education and intellect I can articulate why - and resist psychological manipulation and intellectual dishonesty from others trying to tell us that privacy should die.
I'm able to see the insanity of my own age. And I will guard privacy with my life on the street, if I have to.
> To be private and free from surveillance is to be human. If we have no privacy, we lose our humanity.
>there is a direct connection between being watched, and being controlled.
I would agree. Those are very important points.
When people being watched they are not as free as they could be in their actions and exploration of ideas, because they measure what to say and what is forbidden to say.
This can have a huge damaging effect in creativity ___domain.
> This can have a huge damaging effect in creativity ___domain.
If this is true, then Apple's privacy brand has some long-term legs and some pretty powerful ads in their future - showing creators not being tracked while they freely, privately explore their art on an Apple device.
>I'm able to see the insanity of my own age. And I will guard privacy with my life on the street, if I have to.
I think what we may not realise yet is that we are possibly under new attack of 'modern communism'. They changed clothes and they do not call themselves communists, but their actions and principles they protect are revealing who they are and we know how many people died in 20 century because of this ideology.
>It is an insult to anyone who is different from the norm
And now they attack the basic principles of a free society.
>Privacy is a core freedom to protect human diversity. It must not be shamed. It must be loved. Cherished. Treasured.
I would also add it's a core freedom to protect a free society respecting human rights.
You could move that a notch up and say that only the owner of the bar and their friends get to watch all these conversations and they keep copies. That should really freak out some people.
I'm not really sure this is a good argument at all. In your scenario, if the two people have nothing to hide why would they care?
You're better of appealing to things that they normally might want to hide, like an embarrassing act or things that are said that are questionable out of context, etc.
A person who truly has nothing to hide, by definition, would not care about privacy. The entire point of privacy is that there are things that we do not want to share, for whatever reason.
People tend to feel attacked when you argue that they do, in fact, have something to hide. Even when you come from the perspective that everyone has something to hide, mostly small things.
I've had the best success with the argument I posted. It helps people understand that privacy isn't "hiding", it's normal. What's not normal is guaranteeing your government can see everything you do all the time, and we should think about whether that's what we want.
Actually it reveals a twist in those in favour of surveillance . What they do they falsely accuse you of 'hiding' while you simply naturally expected not to be invaded.
They invade you and then they they kind of ask you what is the problem? you have something to hide? And some people say : Oh, we have nothing to hide. But the problem is the fact of invasion, not wether they have to hide something or not.
It's like someone invades your territory or takes your stuff and you say, oh, i don't really need those.
It's not the problem wether you need those or not. The problem is that you can't decide about it anymore, you right to decide was taken away.
In case of property you loose right to private property.
In case of free speech you loose your right for free speech.
In case of privacy you loose your right choose not to be watched. You loose ability to decide to be private if you wish. That is the problem.
What's actually happening is that Facebook, Google, et.al. can read your messages and the Government can do so with a warrant. Nobody is planning on broadcasting everything to everyone. We don't have to ask people if they would do that or not. The vast majority of them do that today.
Strong encryption is another tool of the rich and powerful to help evade public oversight and scrutiny. Unpopular thought here, cuz, well, most people commenting here are the top wealthy 5-10%, the rich and powerful. It would be a cognitive dissonance to blieve otherwise.
Having a conversation in a bar thinking it's private..
Anyway, it might at well be Pleasantville 1950s for a lot of people. They are both hiding everything and being suspicious AF of anybody with something to hide.
Basically it isn't about having anything to hide but the instability of democracy and what power bad actors have.
Do I have anything to hide from Google? Not really. But do I want that same data that Google has to be in the hands of someone like Putin? No. I don't even want it in the hands of the NSA. The issue is that if we say that ads can manipulate people to buy things, why can't they manipulate people to do things like vote or divide. Russia's strategy since the Cold War has been to divide and prod The West, to sow disruption. That disruption has caused consolidation of power but also makes it difficult for coalitions to get things done.
It is clear that anger generates more clicks, so why is it unrealistic to think bad actors can use that data to better divide us and sow discontent?
The next factor is that democracy relies on a distribution of power. Data collection is a means to consolidate power. There's the term "turnkey tyranny" that's thrown around. The reason isn't because we think a tyrant is going to come to power and destroy our way of life, but rather that we recognize that such a thing is possible and want to ensure that such actions would be infeasible if a malicious actor gained power. In democracy power is distributed. This has pros and cons. But the point of distribution is so that consolidation is difficult and we can never have a monarch or tyrant.
So it has never been about having something to hide (which btw, do people know they are referencing Goebbels?), but about stability in democracy. Distribution of power that was inherent to the system in the past is no longer built in. Technology has changed and enabled things we never previously imagined.
Sadly I've come to the conclusion that people don't really actually care about the stability of democracy so long as they have food on the table and a warm bed at night. No matter the fact that a stable democracy free from the tyrannical rule of a monarch is what gave rise to their entire lifestyle as they know it. But people forget so quickly what we sacrifice for democracy. It's almost irrelevant, though. Our once pristine western democracy has been slowly eroded by the forces free markets. So I don't know who's crazier, the people who seem to care less about the values required to maintain a democracy, or the people who still think we participate in one...
I believe you are right. In fact, I think China serves as a perfect example of this (so does 1930's Germany, but I don't want to draw too much parallelism there). When there's massive growth and you're substantially better off than your parents, who cares what the government does? Clearly you're doing better, so they must be doing good. Right?
I think part of the unrest we have is that we're NOT better off than our parents. But another key component is that covid made it so that we have to worry about food on our table and we have an abundant amount of time to worry.
At the same time this is a great opportunity to talk about democratic stability. Discussing things like why privacy matters and not just to bad guys or with the silly "you wear clothes" analogies. It is also a great time to talk about structural reforms like switching to better voting methods, such as STAR (see my comments for rants on why you should not use IRV/"RCV"). At this time people have the time to think and research, but there is also the drawback that it is hard to think when you are worried about food and future. But this time to also talk about solving problems while they are small. If the Great Depression taught us anything it is that those people learned a lot about frugality but their children forgot. Luckily it appears that each time we do this we get slightly better (think like a damped harmonic oscillator). So don't give up hope, help the dampening coefficient.
That might be technically true if you consider woke cancel culture as a single entity and compare it individually to each of the 200-ish less-than-median-size countries (and is definitely (technically) true if you count each state/province/city/county/etc government), but we don't actually care about the average government, we care about the governments that are the biggest threat to honest people, like America, Russia, and China.
Speaking for the Third Reich, the Gestapo heavily relied on Blockwarte, the equivalent of the modern SJW,people who have been manipulated into believing snitching on other people is morally good. A fascist state cannot work against unwilling people.
> There was once a far away land called Ruritania, and in Ruritania there was a strange phenonmenon -- all the trees that grew in Ruritainia were transparent. Now, in the days when people had lived in mud huts, this had not been a problem, but now high-tech wood technology had been developed, and in the new age of wood, everyone in Ruritania found that their homes were all 100% see through...
> One day, a smart man invented paint -- and if you painted your house, suddenly the police couldn't watch all your actions at will...
> Indignant, the state decided to try to require that all homes have video cameras installed in every nook and cranny. "After all", they said, "with this new development crime could run rampant. Installing video cameras doesn't mean that the police get any new capability -- they are just keeping the old one." [...]
> Some agencies of the United States Government (notably the Federal Bureau of Investigation (FBI)), want to prevent the deployment of encryption technology. They want either encryption so weak that just about anyone can break it, or they want a copy of every key used with strong encryption.
The people who want a skeleton key to open all electronic doors are the same people who compiled a blackmail database on their own high-clearance employees and failed to keep it safe (the OPM data breach).
> Mujahedeen Secrets (first release: 2007), Al-Queda’s own encrypted messaging software. Those developers aren’t going to respond to a US court order.
Even with that, you are now forcing the terrorists to roll their own encryption. The likelihood of finding an exploit in Mujahadeen Secrets is likely much higher than finding an exploit in Apple Messenger or WhatsApp or something by djb or Moxie, etc. In addition, Mujahadeen is likely having to be side loaded - you won't find it in the App Store. This gives a chance to try to hack a single storage ___location to have a trojan horse version spread through their network. Finally, it affects recruiting. Basically only someone already comitted will go to the trouble of having Mujahadeen Secrets on their device, whereas a lot more people could be expected to have a common end-to-end messenger on their device. So overall, thinking from a purely law enforcement, anti-terrorist perspective, it would still be better for them to not have e2e in widely used apps, even if the terrorists tried to develop their own app.
The point is that the EARN IT act primarily affects the general population. Al-Queda hasn’t used American-made encryption software for the past 13 years.
> This would be equivalent to a town with no locks on the front doors, or where the sheriff has a copy of every door key (just in case he has to search the house).
To be accurate though that's not exactly true. The sheriff doesn't even need a key to enter your house, he can get a warrant and bust your door down.
This is a town where your house is indestructible and un-enterable without a key.
The problem with the doors and locks analogies is that it's not really what this is about.
This isn't about their ability to seize things you have after they get a warrant. It's that they want the ability to seize things you have before they get a warrant, just in case they get one later.
It's like requiring everyone to have video cameras in their house with recordings sent to law enforcement no matter whether they're under suspicion or not, and then claiming that it's fine because they pinky swear not to look at them without a warrant. (Never mind that then you can't prove that they're not cheating, and that it would be the world's largest target for organized crime and foreign powers.)
I included the clock.org homepage because I found it surprising how closely it describes the EARN IT act, despite being published before 1998. It’s a warning from over 20 years ago.
I agree that their analogy isn’t particularly strong, so I removed that part from my comment.
> The sheriff doesn't even need a key to enter your house, he can get a warrant and bust your door down.
That requires following due process, the presumption of innocence, and observing the right to privacy. You have to convince a judge, in the context of the existing laws, that a certain individual or group are suspicious enough to call for (specific) further investigation.
Mass surveillance and forcing weak encryption bypass or overturn all that. It's a radically different view when you assume everybody is guilty of something by default and that they have no right to privacy.
It is worse than just crazy. Government is made of people, and people are corruptible. If the encryption backdoor key leaks from the government to a bad actor, it will create a "national security" issue of magnitude never seen before. If this line of reasoning is correct, then proposing an encryption backdoor is akin to committing an act of treason in itself, because it is purposely weakening the technological infrastructure of the businesses and people in the country and thus the country itself. Attempts like these are either doomed to fail, or they will doom the country to fail.
They don't even have to be corruptible. People are fallible. Someone could just make a mistake. No bad actors needed. (Bad actors exist, and make the problem worse. But the problem exists even without bad actors.)
The TSA used essentially this system for luggage locks. You could have a lock on your luggage, but the TSA had a master key that could open any luggage lock.
This is an apt reminder that the question is not "how likely is it that backdoor keys will be leaked/stolen?", but rather "how soon until the first backdoor keys are leaked/stolen, and how frequently after that?"
And to make it much worse, we would now also have to ask "how soon until the required systemic weaknesses themselves are used an attack vector for a mass breach?".
Just for a moment, ignore all arguments about citizens' rights to privacy, potential for abuse by the organizations authorized to access the secrets (and their many fallible and corruptible employees), and so on. Of course all that _is_ important, but just for the sake of argument, ignore it. The problem remains that if anything resembling the "EARN IT" bill passes, then attacks against encryption will _scale too effectively_, and the USA will have exposed itself to having the secrets of thousands of politicians and civil servants leaked to an adversary at once. What do you think happens to democracy when that happens?
I get that many people are short-sighted, or even simply apathetic to the long-term consequences of a law that might make their job easier today. But it seems that whenever computers are involved, lawmakers become _so_ incredibly short-sighted that it verges on madness.
Consider this: a bill requiring a small GPS and remote-controlled bomb to be installed in the engine of every car would allow the police to entirely avoid dangerous high-speed pursuits. If it could be done cheaply enough, should it be done? It's pretty easy to understand the myriad ways this could be abused, so it would never happen. But add computers to the mix, and suddenly any kind of foresight goes out the window.
You're completely correct. I think the deeper issue is that the people responsible for directing US policy right now (and for the last few decades by varying amounts) generally do not care about the welfare of the country or the rights of an average person relative to how much they care about preserving and increasing their own power and advancing an ideological agenda to the same end.
The game is different than it once was; They aren't out murdering like Genghis Khan, but they are no less indifferent towards the people they harm in their conquest. The extent of their love for their country and it's people is the extent to which they can control it all. I've gotten to know this kind of sociopathic power-obsessed personality up close, and have no doubt certain mega-rich assholes out there influencing the political sphere have the same "defect".
Fear-mongering is strong. Look at all the freedoms we lost after 9/11. Pedophiles and terrorists and porn are always the scapegoats.
It is also a very electable sound bite. Everyone is against the "bad people". Re-election at any cost is the goal. We have government of the people and by the people but we stopped being for the people long long ago.
The fearmongering list has also been expanded to Russia and the far-right. As the list of perceived threats grows more varied, so does bipartisan support for undermining encryption.
With communists, especially in the 50s you would have been arguably justified in being extremely sceptical of them in power. Not to the extents of McCarthy but keep in mind that around that time the KGB were really flexing their muscles.
In the UK, the soviets were almost totally successful largely because the British establishment could not believe that someone who came from the right place and went to the right place could really be a communist spy. Even after, with or without hindsight, it was obvious Kim Philby was almost exonerated and re-entered MI6 to an extent purely because the people above him decided it was simultaneously too damaging and unlikely for a Cambridge man to be a communist.
Of course everyone wants those bad people stopped. But every law that claims to be "to stop the bad people and save the children" end up not actually getting used to that end, but instead to further harm the people. They all have far more collateral damage.
I used to investigate computer crime. You know what would have made my job really easy? Unlimited access to all computers worldwide.
Luckily I had to learn alternative investigative methods because we value privacy more than we value catching criminals, which is a good thing. I'd rather a criminal go free once in a while than a complete loss of privacy.
Isn't that more-or-less what the NSA have already?
What I mean is, Edward Snowden revealed that the NSA already have most criminals' dirty laundry. The only thing keeping the law from rolling 'em up wholesale is the Overton window around parallel construction.
Do you remember the bipartisan consensus on SOPA/PIPA?
"This bill, COICA, was introduced on September 20, 2010, a Monday. And in the press release heralding the introduction of this bill, way at the bottom, it said it was scheduled for a vote on September 23 — just three days later.
And while of course there had to be a vote — you can't pass a bill without a vote — the results of that vote were a foregone conclusion. Because if you looked at the introduction of the law, it wasn't just introduced by one, rogue, eccentric member of Congress. It was introduced by the chair of the committee — and co-sponsored by nearly all the other members — Republicans and Democrats. So there would be a vote, but it wouldn't be much of a surprise, because nearly everyone who was voting had signed their name to the bill — before it was even introduced.
I can't stress enough how unusual this is. This is emphatically not how Congress works. I'm not talking about how Congress should work, the way you see on Schoolhouse Rock. I mean the way it really works. I think we all know that Congress is a dead zone of deadlock and dysfunction. There are months of debates and horse-trading and hearings and stall tactics.
I'm most curious on when they'll be knocking on the door of open source projects next. Notably, anyone who uses any crypto.
As much as I hate it, I can at least understand the back door argument from a [ignorant] lawmaker perspective. If I pretend and say their intentions are noble, I understand.
What concerns me though, beyond the obvious backdoor problems, is the who is next? Because I doubt big corporations will satisfy their greed for power and information. Especially since anyone who has anything to hide or cares about security will move into open source.
As a developer with a passion for developing distributed, encrypted software - when are they going to threaten me? Worse yet, the software I write I purposefully do not have control over. So am I going to be held liable for the fact that I literally cannot help them?
No matter what they threaten me with, the best I could do is break the application for future users. So what are they going to do to control these distributed systems? Especially ones who truly aim to be distributed, P2P & self hosted by every user?
As terrifying as the current anti-encryption behavior is, I'm oddly more concerned about the move after this.
>I guess I’m biased since this is essentially my whole livelihood, but this is crazy, right?
There's clearly a valid argument from the other side. For example:
>Facebook announced in March plans to encrypt Messenger, which last year was responsible for nearly 12 million of the 18.4 million worldwide reports of child sexual abuse material, according to people familiar with the reports.
It's not clear how many of those lead to convictions but even a tiny fraction of a percent represents a significant number of children being rescued. Encrypting Messenger, as an example, will stop 3/4s of abuse reports and make it much safer and easier for paedophiles to exchange images. There's a pretty direct line from that decision to an increase in abuses like:
>“inserting an ice cube into the vagina” of a young girl, the documents said, before tying her ankles together, taping her mouth shut and suspending her upside down. As the video continued, the girl was beaten, slapped and burned with a match or candle.
>“The predominant sound is the child screaming and crying,” according to a federal agent quoted in the documents.
as horrible as this is do you think that banning encryption will put an end to the abuse itself? I'm actually convinced that all this does is reduce the sharing of such material, e.g. what people are outraged with is usually not only the act in itself but the fact that some sickos get off on this material. but I wouldn't think for a moment that because of some law less kids will be abused.
I'm actually fine with some kids biting the dust (yes literally being killed) to prevent the greater evil which is that of normalization of mass-surveillance within society (any more than it is already) which will ultimately destroy more lives. I'm not saying these kids don't deserve justice but more power to cops never solves anything (especially in poor volatile countries where cops are in fact part of the problem and happy to look away ...)
>as horrible as this is do you think that banning encryption will put an end to the abuse itself?
No, but there's a huge excluded middle between the level of abuse with easy E2E encryption and no abuse.
>prevent the greater evil which is that of normalization of mass-surveillance within society (any more than it is already) which will ultimately destroy more lives.
Facebook has been around for 15 years now without E2E encryption. I have not noticed lives being destroyed but perhaps you can share examples?
>I'm not saying these kids don't deserve justice but more power to cops never solves anything
Facebook helped develop a zero day exploit that the FBI used to catch a predator that abused dozens of girls. In this one specific case clearly more power to the cops solved something.
I can't cite any numbers, but it seems the majority of convictions I've read have some variation of evidence being found on phones, computers, or from sites like Facebook. It stands to reason that if we saw default E2E encryption across the board it would be a lot harder for the police to get evidence and would lead to a lot fewer convictions.
> It stands to reason that if we saw default E2E encryption across the board it would be a lot harder for the police to get evidence and would lead to a lot fewer convictions.
I am firmly-albeit-reluctantly OK with this, if the alternative is widespread surveillance of what should logically be private correspondence/communication among private citizens.
I value the privacy of the hundreds of millions of the citizen population over a slight increase in the conviction rate of the tens to hundreds of thousands predators.
For people like Hernandez, and I don't know how many there are, as it is never mentioned anywhere. You could think of restricting Tor anonymity with children you have no shared contacts with. I would be very, very wary of going a step further than that as it's very easy to justify "just another step.
To prevent someone from growing dependent on or vulnerable to an external abuser, we could invest in mental healthcare and counselling for conditions like depression which is all too common in teenagers nowadays.
Facebook should not be in the business of writing malware. Malware which could well be used against activists.
To my knowledge, a vast majority of crimes are committed in the home and without uploading evidence of it online. It would never be dealt with by outlawing any sort of encryption.
Would it not be better to figure out ways we could tackle that? Counsellors taking a close look at children? Teachers trained to identify abused children? CPS making a closer examination of suspicious households?
I know you're coming from but online crime really is a tip of an iceberg. An iceberg that is easy to spot but one which masks the true scope of the insidiousness going on below and makes it all too easy to say mission accomplished.
Agreed.
Making encryption the boogeyman is the wrong way, too broad. Ensuring the easily accessible comm channels are accessible to law enforcement, seems like an OK compromise. What those channels are should be the focus of the discussion imo.
This is my issue with the act, it doesnt spell out who would be subject to this rather leaves it up to the DOJ to spell out the rules later.
I am probably in the minority here on HN but I think bundling together encryption with platforms like Facebook/IG is a bad idea given how easy those platforms make it for bad actors to meet/identify potential victims. Signal/whatsapp etc I am ok with since they dont provide that same ability.
> No, but there's a huge excluded middle between the level of abuse with easy E2E encryption and no abuse.
call me old fashioned but every time I look at porn (which is very rare these days) I am disgusted by the meta-data that is added to these videos. It shows that people love to click on videos that read "stepdad and stepdaughter ..." and similar taglines. America has a problem with the whole "call me daddy" fetish. I never understood what this is about. It's deeply pedophelic imho and it's the main reason why I hate porn. It looks like it's hard to find videos where some form of domination (rough sex) isn't part of it. the way women are treated is IMO the gateway which normalizes violence first against women (even pretend rape is a genre here pushed by pornhub & co). why do people get off on this and why do porn companies get away with it ?? <- my opinion is to start the crackdown on this type of messaging here and before even cracking down have a discussion about wtf is wrong with people? why do they have to strangle each other during sex?
> Facebook has been around for 15 years now without E2E encryption. I have not noticed lives being destroyed but perhaps you can share examples?
the problem with FB is mostly that it many countries FB _is_ the Internet. Myanmar (the Rohinga's) would be a fitting example. Also the Philipines where the Duarte government is currently using it on their brutal war on drugs. If there would be justice Zuck and anyone working at FB would be rotting in jail even before we discuss pedophelia. thousands in the Philipines have been killed thanks to Duarte's messaging. FB literally kills and gets away with it.
FB agreeing to develop 0days to crack down on a few cases doesn't make them the good guys. I believe the world would be better off if FB wouldn't exist at all.
Vice is also known to push a pro-cop pro-LE agenda. I stopped watching their videos and reading their content when they showed how cannabis production in Albania hurts Europe (wtf) ... they are a pro-cop & ultra-conservative outlet. Screw vice and screw cops.
> I can't cite any numbers, but it seems the majority of convictions I've read have some variation of evidence being found on phones,
I know security companies love to cite their work with law-enforcement and how they help fight crime. when I had an interview with the biggest Swiss security company few years ago they bragged about their work with Interpol and how they help fight the bad guys. But nobody ever mentions that the software companies like NSO, Gamma, HackingTeam makes doesn't just allow LS to compromise phones (people assume it's read-only) when reality is the features are always read-write. Putting things on these devices is possible because from an engineering pov why would you limit a feature and not allow write access ... I know enough cops who brag about how they abuse their power . So why would I trust them not to plant shit on these phones (especially when they're convinced that they're dealing with a bad guy).
> America has a problem with the whole "call me daddy" fetish. I never understood what this is about. It's deeply pedophelic imho
I would challenge that. I would argue that it is a that there are a lot of people (regardless of country) that get a rise out of things that are taboo. One of those things is the step-parent/child thing (because parent/child is too far for many people).
> America has a problem with the whole "call me daddy" fetish. I never understood what this is about. It's deeply pedophelic imho
It is impossible to have a discussion on this topic when some people use the word Pedophilia to cover "babies and small children" and others are using it to cover zero to eighteen year olds. While it might be immoral or illegal if a 55 year old is having sex with a 16 year old it isn't pedophilia. A Daddy kink is incest, again not pedophilia. Please use the correct terms. Otherwise it muddies the discussion until no one can discuss it at all.
>why do they have to strangle each other during sex?
Okay, now it smells like SJW and white-knighting. Many women fantasize about being raped, dominated and strangled. There's nothing bad or wrong in living out those fantasies. It doesn't normalize violence or cause rape.
How many of these images are re-circulations? How many of them are new images? How much abuse is actually facilitated on the platform? Does directing more resources towards this take away resources and mind share which could be used to tackle more serious crime than someone posting images over and over?
> I cannot believe that the one thing we have bipartisan consensus on is destroying strong encryption.
Most differences between republicans and democrats are superficial. Republicans don't really believe in small government no more than Democrats really believe in social justice.
It’s one of those things that people think is a grand idea, right up until it’s been in force for a few weeks and it turns out that China is reading all the internal US message traffic.
Then everyone will be like “Whoa?! Who would have thought something like this could happen!”. I feel like this is a tale as old as time.
There is always bipartisan consensus in whatever gives more actual power to powerful people. It's just that some would rather the power be for billionaires and others for the government.
Doesn't surprise me at all and it was painted on the wall pretty clearly in my opinion. It is of course a sad state of affairs. I think it shouldn't need to be mentioned but apparently it does.
I can. Our representative government represent corporations and the deep state, in the original Peter Dale Scott sense of the term (as opposed to the more recent abuse of it), and not the people.
They have continually made moves like this, in a boiling frog fashion. Until we the people wake up from the two party divide and conquer system, very little will change, excepting very rare circumstances of pressure exerted en masse (SOPA/PIPA is a good example outlier).
I've thought about solutions to this problem for a long time, and my conclusion is the things needed are the following (in order to prevent a long term overton window shift as has been happening):
1. Renewed participation in local politics and elections, especially at the state level, but also county, city, etc.
2. Once that is achieved, voting in ranked choice voting initiatives. This will enable the next step.
3. Stop voting for anyone based on party, in particular the main power structure is based on the majority rule in the house and senate... the end goal would be to take away the majority from both parties. This is a huge undertaking, so I'm not saying it would be easy, or even possible, but I think it is what is required. I think those paying attention enough and not enured to the tribalism of the parties understands they cannot be reformed from the inside. They are simply too entrenched, and have too many mechanisms to get rid of those who seek to do so. The point is that we don't need to gain a majority with this new coalition party of independents and third parties, we simply need to take the majority away from the two main parties. To get this done though, [1] must be done, because many of the state laws have been manipulated by the duopoly to prevent third parties and independents.
3.1 To avoid fracturing of the coalition, there should be some very rudimentary and base document that all persons running can agree on. This is also difficult but, since all congresspeople swear an oath to the constitution (5 U.S. Code § 3331), something that reaffirms the principles of the constitution would be the best start. If they violate this, the coalition should work to remove them immediately. (something similar to Gingrich's "Contract with America")
4. Currently, and many don't know this, congresspeople have to sign an affidavit (5 U.S. Code § 3333) confirming their oath. I think we should then work towards enforcement of the laws against violation thereof, the primary one being perjury, or something similar (18 U.S. Code § 1918, 5 U.S. Code § 7311). For example, how many people have straight up lied to congress and had no action taken against them? (Clapper is one of the more egregious ones that comes to mind, but the point is congress is in dereliction of duty in enforcing perjury laws)
This would give the people a real opportunity to start passing laws that represent the people (such as term limits), but are still constitutionally sound.
The legislative is the branch closest to the people, and this is why it should be the focus. From a cleaned up legislative we can begin to resurrect the separation of power between the branches that has been egregiously eroded, primarily by the executive. The current checks and balances system is crumbling. A huge part of this erosion is the surveillance system, which enables compromise of congresspeople by the executive and the MICC. We must fight for privacy, both encryption and anonymity, as a fundamental part of protecting the checks and balances system.
Dear lord man. You've actually thought about this. I'm flabbergasted to see someone actually attempting to solve this problem. Out-grouping for the sake of sharing logic.
Oh geez, it's been at least a decade since I did a MBTI, but probably you are right on the money.
I've thought about it because I honestly considered running for POTUS, but even that is because I consider my oath the the constitution still valid even though I've been out of the military for a long time, though I'm still recovering my brain.
I'm pretty sure it is designed that way on purpose. Nothing will ever change as long as both sides are fighting each other and no one is willing to fight the system.
Just a quick reminder that in California, a bill allowing statewide ranked-choice voting in all cities (not just charter ones) was passed by both the state assembly and senate by a wide margin, before being vetoed by Gov. Newsom last year.
RCV or any voting system isn't better than what the current prescription is for CVRA lawsuits: having districts. It enables more local elections, lower cost of campaigning, and more minority representation. Edit: It's also easier to have neutral district lines drawn (like in CA and a few states by boards) than to pick a voting system that might not achieve the objectives of the CVRA.
If you're wondering why it was vetoed, maybe look at the history of CVRA lawsuits and how having districts has helped communities more than RCV. RCV is an apportioning method, which doesn't necessarily make it a good voting method.
Major this. Also plug for CGP Grey's "politics in the animal kingdom" video series that explains exactly why we have that 'lesser of two evils' problem, and how exactly RCV and Alternative vote systems resolve that problem, in a very simple, understandable way.
The problem with Fair Vote and the CGP Grey videos, while I like them for an introduction to the subject, both have two very misleading points.
1) When they say RCV they specifically mean Instant Runoff Voting (IRV). There are many other, and better, RCV methods.
2) They overclaim IRV's ability to solve the spoiler effect (see my other comment for links). While other RCV methods have strong resistance to spoiler effects, IRV has a weak resistance. CGP actually hints to this when he talks about that IRV doesn't prevent a trend towards two party systems.
I think when people talk about RCV (in the context of single-winner elections), they're almost always talking about the same thing as IRV.
"Ranked voting" is the more general term.
> Ranked voting is any election voting system in which voters use a ranked (or preferential) ballot to rank choices in a sequence on the ordinal scale: 1st, 2nd, 3rd, etc. There are multiple ways in which the rankings can be counted to determine which candidate (or candidates) is (or are) elected (and different methods may choose different winners from the same set of ballots). The other major branch of voting systems is cardinal voting, where candidates are independently rated, rather than ranked.[1]
> The similar term "Ranked Choice Voting" (RCV) is used by the US organization FairVote to refer to the use of ranked ballots with specific counting methods: either instant-runoff voting for single-winner elections or single transferable vote for multi-winner elections. In some locations, the term "preferential voting" is used to refer to this combination of ballot type and counting method, while in other locations this term has various more-specialized meanings.
I share your frustration with FairVote and CGP Grey (and recently an episode of Patriot Act) painting an unrealistically rosy picture of RCV/IRV as the solution to our voting problems.
There are some other systems that aren't ranked voting at all that I think would be significantly better than IRV, such as approval voting, range voting, and STAR voting (which is basically range voting with an immediate runoff between the top two).
For some reason, FairVote persists in claiming that in approval voting (which is like traditional first-past-the-post voting except that you can vote for more than one candidate), you somehow maximize your voting influence by voting for only one candidate. They call this bullet voting. I don't know what possible reason one could have for believing this.
They show "resistance to strategic voting" as "high" under RCV and "low" under approval voting. This is somewhat subjective, but I think they've got it backwards. Under approval voting, strategic voting and honest voting are basically the same: you vote for as many of the candidates as you can tolerate, and maybe if there's a candidate you really don't want to win you vote for everyone but them. Under RCV, it's only safe to put you first choice first if they are either clearly in the lead or so far behind they have no hope of winning. If the outcome is in doubt, it's possible to cause your first place candidate to lose by putting them first. (That's a weird problem for any voting system to have.)
For this reason, I don't trust FairVote; I don't think they're presenting their preferred voting system or the alternatives honestly. They're more of an advocacy/PR organization that's pushing their chosen solution out of a sense of inertia or something.
The Center for Election Science is a smaller, less-well funded group that advocates for approval voting (and similar methods) that I donate to from time to time. They had a successful campaign to convert Fargo ND to approval voting back in 2018.
"Resistance to tactical voting" is a dumb, essentially nonsensical, concept. What we care about is how well the voting method performs given there is some amount of strategic voting. I made a simple chart here to visualize this fallacy.
Thanks for donating to CES. I'm the co-founder who filed the 501(c)3 incorporation paperwork back in 2011. We've come a long way, and Fargo was very exciting indeed.
> This is somewhat subjective, but I think they've got it backwards. Under approval voting, strategic voting and honest voting are basically the same: you vote for as many of the candidates as you can tolerate, and maybe if there's a candidate you really don't want to win you vote for everyone but them.
Except elections rarely work like that. There isn't a set of options I can tolerate and a set I can't. I want my preferred candidate to win more than I want any of the "fine I guess" candidates. And if I have to pick between "bad" and "horrible" I still want to vote for "bad".
With approval voting, I am forced to vote strategically, considering what point in my preference order to draw the line at in order to maximize my chance of causing the highest possible position in my preference order to win.
I realise that IRV isn't perfect, but it's a lot better than any non-ranked choice voting method as far as I can see, and honestly I think the risk of the situations where honest voting results in a sub-optimal outcome is massively overblown, though I don't have data to back that up.
I would note that IRV has the advantage of being actually put into practice at scale (Australia, Maine), and also comes with the nice property that it can be fairly easily adjusted to work with multiple winners (ie. STV), so you can have systems like Australia where IRV is used in single-winner races and STV in multi-winner ones without the voting public needing to learn two systems.
STAR, the system we're advocating, solves a lot of these issues though. Score voting is "like" approval voting but with more precision (really approval is just the binary version of score). STAR05 is often suggested because experimentation shows that it has enough expressiveness to generate good winners but is simple. You can always add more expressiveness by increasing the range in which you can score candidates, but there's diminishing returns as you increase it and added complexity (I don't think people will have a problem rating 0-10 though since we actually do that a lot).
I cannot think of any way that IRV beats out STAR. In STAR's worst case scenario (1-sided strategy) it still has a VSE equal to IRV's best scenario (100% honest). Any more honesty that people have in STAR just improves peoples' satisfaction. This is actually one of the main arguments of cardinal systems over ordinal systems (e.g. STAR vs RP/IRV).
If you're really into the ordinal camp, I'd also strongly encourage you to look into Ranked Pairs. The satisfaction is A LOT higher than IRV does. On the ballot side it is no different than what the voter sees in IRV (really this is fairly consistent for ordinal systems, by definition).
But I want to stress that STAR and Approval are not equivalent. I also want to stress that scoring is an extremely familiar concept to most people. "Rate this drive out of 5 stars." "On a scale of 1 to 10 how would you rate..." etc. So I'd argue that STAR is fairly expressive (which seems to be your major complaint) and is a simple and easy concept for voters to understand (since they are already familiar with it).
I'm a co-inventor of STAR voting. I explain it as, STAR voting is score voting on a 0-5 scale followed by an automatic ("instant") top two runoff. Whereas approval voting is score voting on a 0-1 binary scale. STAR voting performs a tiny bit better in computer simulations of voter satisfaction, but approval voting has the practical benefit of being super simple and requiring no voting machine upgrades. Both are superior to IRV.
Here's the first email I received from Mark Frohnmayer where he discussed STAR voting, following my speaking at his conference at University of Oregon, that gave birth to it. :)
https://twitter.com/ClayShentrup/status/1278118075972202496
STAR sounds very reasonable. And yeah, I'm definitely open to ordinal systems besides IRV. I guess my argument is about letting the perfect be the enemy of the good (which is of course the whole point of voting systems to begin with). I'd consider IRV or MMP vastly better than FPTP, and something like STAR or Ranked Pairs only slightly better than that. Which is a good example of a preference that STAR would be good for expressing :P
> I guess my argument is about letting the perfect be the enemy of the good
I see this as more when you're creating something. Like if you're writing software if it is good enough then don't continue if you have other pressing matters. Essentially this saying is about Pareto.
But when you already have things invented and you're just selecting things, this saying doesn't apply. We have 3 options: option 1 sucks, option 2 is meh, option 3 is pretty good. Which do you choose? It is pretty obvious that you should choose option 3. There's no other conditions on this problem. You don't have to spend more resources to get option 3. Option 3 is just objectively better, so why not pick it?
And if you think I'm exaggerating, I'll note that IRV is a 6% VSE improvement on plurality. STAR and RP are both 15% improvements on plurality. This is part of why people are frustrated. There's options that are objectively better, so why pick the worse one? And it isn't like they are differing in "betterness" by small amounts, we're talking about a pretty big amount!
You're calling 6% "vastly better" so doesn't that make 15% "astronomically better?"
> and also comes with the nice property that it can be fairly easily adjusted to work with multiple winners (ie. STV)
Score voting (and by extension STAR voting and approval voting) have a proportional multi-winner analog that's much simpler than STV and arguably better.
I'm basically agreeing with literally everything you are saying, I just want to expand on certain things.
> RV vs RCV
These terms are too similar and really just confuse people, which is why I push back against it. I try to use "ordinal" a lot, but it is best for places like HN but not when I'm discussing with family. RCV makes people think that this is the only way you can rank people.
> STAR
Anyone who is advocating for STAR has my approval. It is the preferred system in my mind. I want to plug my longer post that has a lot of links and expands on all the topics you described
I think this is a style of argument that is increasingly becoming more common and is destructive. Pushing the your argument past the point of validity in an effort to make it stronger. Their use of broad classes is a gross mischaracterization. When they discuss Condorcet methods they discuss several types, lumping together the worst features from different ones. But they ignore the good methods like RP and Schulze. The comparisons are unfair. But then again, they aren't trying to appeal to people that are informed on the subject, they are trying to appeal to the masses which are completely unfamiliar with the subjects. But I do not think this justifies the outright lying and mischaracterizations.
> Spoilers and Strategy
In my other post I actually link an example of where IRV fails, and it is the specific type of spoiling that we are about: when similar candidates spoil (e.g. Bernie and Biden, not Stein and Biden). IRV doesn't solve this (but FV claims otherwise).
For strategy, this is the argument that I get into with the Condorcet camp (though we're clearly on the same side and these are nuanced friendly arguments not hostile). To me STAR is good because its range of VSE is more compact (i.e. resistant to strategies). The Condorcet camp claims that there is enough dis-incentivization to not vote strategically therefore just maximize VSE (VSE is only slightly different between STAR05 and RP). So for anyone listening on the sidelines, this is really what we're arguing, minutia. I'm certain everyone in the Condorcet camp would vote for STAR and everyone in the STAR/Score/Approval camp would vote for Condorcet (specifically RP) if given the chance.
> I'm certain everyone in the Condorcet camp would vote for STAR and everyone in the STAR/Score/Approval camp would vote for Condorcet (specifically RP) if given the chance.
Eh... I'm in the STAR/Score/Approval camp and I would be somewhat inclined to vote strategically against Condorcet, because it's worse than what I want and once it was implemented it would be even harder to dislodge in favor of STAR/Score/Approval than the status quo.
It's also a false compromise because the opponents aren't generally people who benefit from the worse voting method, only people who haven't yet understood why it's worse.
Of course, if we were using STAR/Score/Approval to vote on which voting system to use then I could express my preferences more accurately.
This is fair and I won't really push back against it. This is the reason I push so hard against IRV. Because once IRV is the status quo it will be hard to continue moving forward. After all, we already have the capabilities. If you have to chose to eat acid, plain oatmeal, or chocolate pudding you don't eat the oatmeal then the pudding, you just jump straight to the pudding.
> It's also a false compromise because the opponents aren't generally people who benefit from the worse voting method, only people who haven't yet understood why it's worse.
While I'm in this camp I do think it is unfair to completely rule out Condorcet methods. The interview I linked to with Dr. Arrow I think expands on this well. If asked to advocate for a system, advocate for score (STAR). But that isn't to recognize that there's so much uncertainty in Social Choice Theory that we can trust theory alone. There's smaller experiments that have been done, but nothing on the scale we are advocating for. Of course we expect the theory and experiments to be relatively accurate, but we must acknowledge the lack of empirical large scale data. Frankly, you can only get that by doing it.
> Of course, if we were using STAR/Score/Approval to vote on which voting system to use then I could express my preferences more accurately.
I'm pretty similar. I like STAR and score about the same because I like simplicity, and don't see STAR as that huge an improvement over score. So maybe:
What I, as a European from a country that elects proportionally (which isn't perfect, but anyway), cannot understand is the blank stare Americans give me when people point out that the two-party system and FPTP are the things that need to be fixed for the US to have a democratic future. It's like so many of them cannot wrap their heads around something being fundamentally broken. The same goes for Canadians and UKians.
Americans are deliberately and explicitly indoctrinated from a very young age to believe our system is the best system in every way: most democratic, most free, etc. It’s not surprising that even the slightest challenge to those beliefs would be met with blank stares by many Americans.
We've literally been brainwashed from birth to believe that we have, by far, the best government that's ever been built. It's a major part of the school system.
Cognitive dissonance around the idea that there is room for improvement is inevitable.
I'm surprised that this attitude survives along side the attitude of "the government sucks at everything and it should be made as small as possible" that seems to be so pervasive in the US.
And I'm surprised that I get the same blank stares from Americans that have lived for a decade in Europe. It's like they've never contemplated any other way of electing. Of course it's not true about everyone. I'm generalizing a lot here, but it still surprises me.
Most people who believe the “the government sucks at everything and should be as small as possible” probably still worship the Constitution and “the forefathers” and believe it’s completely compatible.
Well I guess I am not part of most people, as I believe Government is inherently inefficient, and should be microscopic..
I also believe that "whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist." -- Lysander Spooner
To be fair, the UK did have the "Alternative Vote Referendum" where we got the second-worst voting system proposed as an alternative to the worst voting system (FPTP). That might explain why nobody thinks "alternative voting systems" are any good; they just think of instant run-off.
This frustrates me to no end. IRV has a 6% improvement of VSE over plurality. But STAR and RP have 15% improvements. Not only that, but both are strongly resistant to spoiler effects and the trend to two coalitions dominance (in the States that's the two party system, outside the states that's two major parties being the dominant ruler over their coalitions).
The conspiracy theorist in me thinks it is because IRV doesn't effectively change things. The realist in me thinks it is just trendy.
For others: See me other comment (it is large, you can't miss it) explaining these topics in more detail (with links!)
> Lesser evils aren't inevitable; they're a product of a bad voting system.
It's made much worse by the bad voting system, but it's perfectly possible that I simply disagree with enough of my fellow citizens that any compromise we can reach will be some "lesser evil".
I think that's probably the case. Nonetheless, I would claim "lesser evilism" would be greatly reduced due to RCV (and Approval) being better at capturing preferences: you get to vote for your favorite option, and against your least favorite option.
I think there's a strong argument that RCV/Approval would shift the incentives and game-theoretic landscape away from polarization and turnout, and towards big-tent coalition building, to appeal to the greatest quantity of left, right, center, and independent. That does mean compromise, and likely policy concessions; but i think that would be a huge improvement over (a) taking turns at obstructionism, and (b) a de-facto one-party system regarding corporate interests, the military-industrial complex, etc.
> would be greatly reduced due to RCV (and Approval) being better at capturing preferences
The problem is that IRV/RCV doesn't capture your preferences, because it ignores all your preferences except your top choice, until your top choice is eliminated. IRV is reasonably good at making sure that third-parties can't prevent first-parties from being elected, but very bad at actually allowing third parties to actually be elected even if they have widespread approval.
Approval is a good compromise, and fully ranked systems (e.g. Condorcet) would be even better but much harder to enact. I would happily support universal adoption of Approval.
While I’d take approval voting over FPTP, to me it exacerbates the issue of voting being highly tactical. Checking approve on someone I believe to be more popular than my favorite candidate lowers the chance my favorite candidate wins. If there’s someone I believe to be an existential threat to the country on the ballot, my best choice might be to check everyone other than them even if that means checking the box of someone I dislike. Essentially, you again have to choose how much you care about voting for your favorite option vs voting against your least favorite option. If I truly did check the box for anyone I was okay with being President then approval voting would be okay, but that would never be the right way to vote on the ballot given my preferences. In this way I prefer IRV, despite it’s shortcomings.
That all said, full ranking systems are definitely the superior option, and I’d certainly take approval over our current state.
> it exacerbates the issue of voting being highly tactical.
No. Approval voting has been extensively studied by game theory experts like NYU political science professor Steven Brams, and found to be one of the most resistant to tactical voting. Computer simulations show it performing exceptionally well even with highly strategic voters.
There's even a mathematical theorem (proof) that, given plausible strategic behavior by voters, approval voting always elects a beats-all "Condorcet winner" when one exists. This is mild (some would say GOOD) reaction to strategy.
> Checking approve on someone I believe to be more popular than my favorite candidate lowers the chance my favorite candidate wins.
Yes, this is beneficial not harmful. The alternative is that the voting method must ignore all preference data about the relative support of X vs. Y as long as the voter prefers X to Y. That causes big problems.
It is precisely why ranked voting methods like Instant Runoff Voting are so vulnerable to tactics. If I prefer the Green, my general best strategy is to tactically rank the Democrat in 1st place, thus "burying" the Green and making the mere appearance of un-electability a self-fulfilling prophecy.
The major moral of voting theory is to AVOID RANKED VOTING METHODS, favoring RATED voting methods like score voting, STAR voting, and approval voting. Here's a presentation I gave in 2015 to the Colorado League of Women Voters explaining more.
I would disagree about Condorcet. Score voting and variants, such as STAR voting and approval voting, are vastly simpler than any ranked method, and perform better in voter satisfaction efficiency calculations, and plausibly make better Condorcet methods than real Condorcet methods.
> I think there's a strong argument that RCV/Approval would shift the incentives and game-theoretic landscape away from polarization and turnout, and towards big-tent coalition building, to appeal to the greatest quantity of left, right, center, and independent.
I think most people wildly overestimate the popular appeal for compromise. Only about 20% of the population would support an opposite-side moderate over a near-side extremist. A true centrist party is doomed to lose in any system that knocks out unviable candidates, since it's the first choice of almost nobody.
It's almost as if you didn't even imagine what a "no 'opposite side' per se" would even look like.
I think there's a LOT more room for nuance than "this" or "that" even among the ignorant and/or unengaged. Just look at sports-team divides in the US for evidence.
Except there ARE two sides. Capital controlled means of production, and worker owned means of production. These two systems are diametrically opposed to each other. This just comes across as enlightened centrism. I am vehemently opposed to the economic system of capitalism, and I think that it stands in opposition to the very concept of democracy. How am I supposed to see the capitalist as "the same side"?
Workers owning the means of production is not in fact one of the major factions in US politics, regardless of how much Twitter leftists and Republicans would like you to believe that.
Lesser evils aren't inevitable; they're a product of a bad voting system.
Other countries with other systems don't really do much better.
The fundamental problem is that the people who want this sort of power are the last ones who should ever be allowed to wield it. When people are willing to spend hundreds of millions of dollars to get a job that pays $500K a year, you have to wonder what's really going on.
Does "select a president [senator, etc] uniformly at random from the voting population" count as a voting system? I feel like that's about the only way to fix things at this point.
(I'm partial to approval voting (vote "yes" or "no" for each cantidate separately and if the winner doesn't have at least 50% "yes", the office is vacant until the next election), but I suspect the party line would immediately become "you're a traitor if you approve anyone but the Party's candidate".)
Also, yes, approval voting is a great approach and we should absolutely use it. We'd still get people who vote party-line, and it'd take a while for people to truly internalize that they can safely vote for other candidates they like, but it'd be a massive improvement.
I want to push back against this, and specifically fair vote.
- What they are referring to as RCV is called Instant Runoff Voting (IRV). IRV is a RCV, but RCV isn't IRV. Think "Rock and Roll is The Beatles" vs "The Beatles are a Rock and Roll group."
- IRV isn't that great when it comes to Voter Satisfaction Efficiency (VSE)[0]. There's even other RCV methods like Ranked Pair[1] that are exactly the same for the voter. Essentially IRV is a 6% improvement upon plurality (what we currently use) but RP is a 15% increase from plurality. So I ask, why go to IRV when we can do twice as good? (or better! Keep reading)
- Fair Vote claims that IRV has a high resistance to spoiler candidates (a candidate that takes away votes from another similar candidate). This is actually why the distinction from RCV and IRV is important and why Fair Vote is misleading. While RCV is better than plurality in this respect, some RCVs are better than others. IRV doesn't adequately solve this issue (but there are other RCVs that do!). IRV fails when two candidates are similar in positions and similar in popularity. [2] This is specifically the kind of spoiling that we are trying to prevent. We're trying to prevent a candidate like Sanders from spoiling Biden (or vise versa) not Jill Stein spoiling Biden. IRV prevents the latter, but not the former. I am specifically upset with Fair Vote because they are misleading in this context. Because they claim IRV := RCV, they take all the things different RCV methods solve and claim IRV solves them. This is simply not true (and why I make the first bullet).
- There are just better methods besides ranking (also called "ordinal" methods). There's a class called Cardinal[3], that is actually simpler. The simplest is called approval. An example of approval is Netflix's rating system (binary). It does pretty well. Better yet is range/score voting. This would be the old Netflix system where you rated out of 5 stars. The difference in ranked vs cardinal is that you rate each candidate or policy independent of the others. This allows you to be more precise/honest (you may actually like two candidates equally!). It also reduces complexity because a common accident in ranking is rating two candidates the same. In ordinal systems this is a bug, in cardinal this is a feature.
- I want to specifically mention STAR voting[4]. While STAR isn't perfect, it much better handles various types of spoiler candidates, has a high VSE (similar to that of RP), and handles strategic voting well. The last is the major reason you should choose STAR over RP (and there's no reason you should choose IRV over RP, because RP is strictly better). While all three systems encourage honest voting (in a single agent scenario) strategic voting is always an issue. Under no circumstance is STAR worse than IRV because STAR handles strategic voting. Specifically the most important kind is the "1-sided strategy"[5] which is arguably very common.
- Lastly, I want to appeal to authority. Kennith Arrow (who you may be familiar with from Arrow's Impossibility theorem and Gibbard's extension) is a Nobel Laureate and said cardinal systems are "probably right."[6] And I think many of us know science speak into the confidence that conveys. That link is a full interview with him from Election Science. It is a good read/listen.
TLDR: We want a good voting system, use STAR, not IRV.
Thanks for your post, I'll dig into your links. I hadn't heard of STAR in particular.
Two counterpoints:
- I'm aware of Arrow, but I file it under "perfect being the enemy of the good". :) Whatever the flaws of IRV, it still represents an order of magnitude improvement over FPTP at capturing political preferences. (We suffer so much status quo bias, it takes a lot of activation energy just to communicate to the average voter that better options exist at all!) But I happily cede the point: IRV is not the best choice of all the available options.
- My favorite is actually Approval, and I don't always bring it up because it has lower mindshare and is less self-descriptive / "sticky-branding" compared to Ranked Choice. My reasons for the preference:
(a) There's no nitpicking over counting methods: whoever gets the most votes wins.
(b) Easy to explain to voters (including the counting system), and degrades gracefully for those who still want to vote for only one candidate. (I've heard objections that some voters hit a cheater-detection trigger, that "some people get more votes than others"; this can be solved by reframing as "Y/N" per candidate, so X candidates = X Y/N votes per voter).
(c) I believe it largely sidesteps Arrow by redefining the success condition: rather than attempt to perfectly measure ideal preferences, it definitionally represents "Consent of the Governed": not who's your favorite, but who are you willing to live with? This would make it more difficult for bolder and more unconventional candidates, but at the benefit of rewarding coalitions and consensus-building. Polarization and sowing distrust would cease to be a viable strategy.
(As an aside, in a perfect world, a blank ballot would be counted as a meta-vote for "None of the Above"; and if it wins, a whole new election of all-new candidates must be held.)
> I file it under "perfect being the enemy of the good"
This is 100% how you should think about it. But what I'm trying to say is that we already have substantially better methods, so why not use them? Perfect is the enemy of good, but if I have the choice of eating acid, a bowl of oatmeal, and chocolate pudding, I'm going with the pudding. Perfect is the enemy of good when we don't already have the choices sitting right in front of us.
> [IRV] still represents an order of magnitude improvement over FPTP at capturing political preferences
And here's where I'm disagreeing, but only slightly. It is definitely better, but not an order of magnitude.
> Approval voting
I love approval voting. It is great because of its simplicity. That's why they use it in systems like Netflix. Easy to collect and gather results from. Honestly I use it all the time. It is how I solve the "where do you want to eat" problem with friends. You just list things until you get a unanimous vote or if you exhaust your list you just take the most approvals. Simple and easy.
The reason I don't like it for elections is that it makes tying easy and I do not believe it has enough precision. The interview I linked Arrow talks about this so I'll deffer to him (he's clearly smarter than me). In elections you need a clear winner.
Why I like score voting (and Condorcet methods, like RP, which is again RCV) is because I actually hate party systems, but I recognize that they can't be destroyed. But these methods drastically reduce their power (I don't think IRV does).
And I highly encourage you to dig more into the subject and am happy to provide links. I also highly suggest looking deep into everything that the Fair Vote chart discusses, mainly because I believe you will be as frustrated as me (and others, like Condorcet proponents) when you learn what each of those topics are. Everyone I know that is well read in the subject is frustrated by Fair Vote's mischaracterizations.
> in a perfect world, a blank ballot would be counted as a meta-vote for "None of the Above"; and if it wins, a whole new election of all-new candidates must be held
I think this, all by itself, would be a great thing to have in elections. If this had existed in every election in which I have voted, I think I would have used it at least half the time, quite possibly more.
I think the argument against would be pragmatic: the cost and time it takes to run a new election, and the mad scramble for new candidates, presumably leaving the incumbent in office in the interim. (For more local elections, where running unopposed is not uncommon, there's also an interesting conundrum: should that candidate be rejected if they only receive a plurality, ie under 50%? What if literally no one else wants the job?)
At any rate, I'm very much in agreement, I think it's a sound policy across the board, even in the context of FPTP. One thing our election system fails to do is disambiguate between voter apathy, and the implicit protest vote of staying home (Australia's mandatory voting being another solution, albeit lacking the teeth of a "None of the Above" reboot).
> presumably leaving the incumbent in office in the interim
An alternative for many posts would be to have no one in the office once the incumbent's term expires. For example, suppose no one wins a race for a seat in the House of Representatives: when the incumbent's term expires, that seat could simply be vacant, and could be deemed to have voted "abstain" for all votes during the term in which it is empty (or until a new special election is held to hopefully fill the seat).
(For an office like the President, there might have to be some other provision made.)
This would also handle the other case you mention:
> For more local elections, where running unopposed is not uncommon, there's also an interesting conundrum: should that candidate be rejected if they only receive a plurality, ie under 50%?
I would say yes: that counts as no one winning the election, so the seat remains vacant until a new special election is held (assuming someone does win that).
> What if literally no one else wants the job?
Then I would say the will of the people is that they prefer to have no one doing it, if they do not approve of anyone who wants it.
Most of what you write is good, but I want to point out that non-ordinal methods suffer from a problem that is at a level more fundamental than most analyses address, to wit, that there is no objective question about preferences that they ask, and thus no clear “correct” honest ballot marking given a set of voter preferences.
There are conditions which resolve this (e.g., when ballot markings in a method like score voting represent the amount of some valuable resource the voter commits to paying if the given choice is elected, or where markings in approval represent a binding commitment to not participate if an non-approved option is chosen and/or to participate if an approved options is chosen.) But these resolutions are typically not available or desirable in most public elections.
> that there is no objective question about preferences that they ask
I don't see this as an issue. I also don't see it as a problem to specifically non-ordinal, but to every system. I like to try to explain a STAR05 ballot simply to people with a forum they are very familiar with. A ballot might look like below
How do you feel about ___x___ candidate?
Very Unfavorably, unfavorably, neutral, favorably, very favorably
Those are your 5 options. Yes, this isn't exact, but we can't have an infinite score. But as we understand distributions, we know that the fluctuations won't matter much. If a group of people have an "honest" opinion that a candidate is rated "favorably" (or a 4) we'll see a distribution around this (a fairly tight distribution). So you'll get some 3's and 5's, but most people will give 4's and the average will be 4. So it isn't an issue. Similarly, if you are ranking people and view two candidates equally 50% of people will put candidate A in front of B and vise versa (well real world there'd be a bias for things like: who is listed first, "nicer" sounding name, familiarity, etc. But still, that's not too big of an issue because at the end we get pretty close to the optimal efficiency that the system can provide). You have to remember that there is no perfect system, Arrow and Gibbard showed that. But the question is if we statistically come close to the optimal (that the system can provide).
I want to point out that simple approval voting is VERY effective, even though it is low precision. You're literally choosing "like" and "dislike." Analysts aren't that concerned with the lack of objectivity in the difference between a 4 and 5 or a 3 and 4 because it is much more refined. If this is a major concern, then extend the expressiveness by increasing the range, e.g. 0-10.
I would also encourage you to listen to that interview that I linked. Arrow briefly discusses this topic. He makes some criticisms of score voting but also says it is the option he would push (question is which he'd advocate for). Remember, there is no such thing as a perfect voting system. There's always a trade-off. We're just trying to minimize the trade-offs.
And personally, if someone made RP popular I would gladly advocate for it. But because we're trying to trade one shitty system (plurality) for something only slightly less shitty (IRV) I am going to be vocal about the issues and lying that is happening. I don't really have an issue with RCVs, but specifically IRV. This is why I wanted to make a clear distinction between the two. Because when the discussions come up we end up using different languages, using the same words to describe different things. This may have been a smart move by Fair Vote, but we're on Hacker News and there's an expectation of more nuance than we'd have in other places like Reddit or in person.
Social Choice has been a hobby of mine ever since I saw the CGP Grey videos back when it first came out (2011!!!). The issues I have are that when you dig deeper you realize how much was lost.
So I am happy to try my best to answer questions and provide more resources. If you like game theory, this is a great subject to learn and has clear and immediate applications (even outside of elections).
Then we're choosing the lesser of five evils, except now, none of the evil parties alone have a strong enough electorate to squash any sixth party that emerges from the disenfranchised of the other five. That's completely unlike the current two-party system, where no third party can gain any traction due to not having a sizable enough electorate to take on "the big kids".
> to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness
The two major American parties have more in common than not. They agree on most political issues, particularly defense and economics, and make a big show of arguing over a tiny corner of issues in order to desperately try to differentiate themselves.
The two parties do not significantly differ on indefinite detention of American citizens on US soil.
The two parties do not significantly differ on domestic spying, dragnet-style data collection and warrantless wiretapping.
The two parties do not differ on their support for backdoors in encryption.
The two parties do not significantly differ on allowing extra-judicial targeted killings.
The two parties do not significantly differ on the use of unmanned drones, either for combat or domestic surveillance.
The two parties both support pre-emptive "cyber" war and non-defensive hacking.
The two parties do not significantly differ on their support for continuing the War On Terror and War On Drugs.
The two parties both support maintaining US military bases around the world.
The two parties do not significantly differ on favoring Keynesian economics.
The two parties support delegating monetary policy decisions to the Federal Reserve, including support for quantitative easing.
The two parties do not significantly differ on their use of earmarks and pork barrel spending.
Neither of the two parties have (recently) proposed plans for balancing the budget.
Neither of the two parties plans to significantly cut defense spending.
The two parties both favor taxpayer-funded foreign aid.
The two parties are largely backed by the same corporate sponsors and special interest groups, with a few key differences.
The two parties both backed TARP and in general favor bailing out companies too big to fail.
The two parties do not significantly differ on their general support of "economic stimulus" as a tool to prop up the economy.
The two parties do not significantly differ on their support for and allegiance to Israel.
The two parties both favor and continue sanctions on Iran.
The two parties do not significantly differ on their use of super PAC funding and their support of unlimited spending from corporations and special interest groups.
The two parties do not significantly differ on their use of gerrymandering to gain political advantage.
The two parties oppose any measures that would strengthen the viability of a third party.
As an American, I don’t see any country in the world that doesn’t have exactly the same problems.
The EU has been considering similar anti-encryption legislation for years. Primarily supported by France, UK and Germany. The main opponents to it in the EU have been NGOs, which mirrors the American experience on this issue.
The cynic in me speculates the reason the EU parliament hasn’t pushed the issue further is simply because it’s waiting for it’s influential members states (or the US) to pass the legislation required to gut these services, so that they won’t have the potentially unpopular task of doing so themselves.
EU doesn't have the authority to deal with things like encryption. American federal government is much more powerful and much less dependent on the states.
Also Germany is very, very, pro privacy. Germans would probably lynch any government official that suggested anything resembling Stazi surveillance programs.
> EU doesn't have the authority to deal with things like encryption.
It most certainly does. Security and Justice are very clearly established as areas of “shared responsibilities” in the EU, granting the EU parliament has full authority legislate.
> Also Germany is very, very, pro privacy. Germans would probably lynch any government official that suggested anything resembling Stazi surveillance programs.
The EU has also explored a number of backdoor-by-another-name options, including a very concerning Function Encryption initiative [0], and forcing E2EE service providers to refresh secrets to insert government actors into conversations.
My primary motivation for posting the parent comment was that any EU resident who thinks their governments are above this sort of thing is absolutely wrong, and if you’re complacent and fail to hold your governments to account, this is exactly the sort of thing that’s going to happen. You can’t just read the feel-good press releases and hope for the best. European politicians are politicians too, and if there’s anything politicians of all stripes have always been good at, it’s accumulating power and lying.
It literally doesn't. EU authority over the national security is very limited and the treaties only state that member states should cooperate amongst themselves.
Define "regular people's interest". American values? Health and security? There are governments that are pro-people (as opposed to pro-money) but they are generally not big global players, or if they are, they are designated Enemies of the West and it is enormously politically incorrect to discuss critically about them.
Section 215 is the major one. Allows government to obtain secret warrants for surveillance via a secret court system(FISC, FISA).
Lindsey Graham(R) tried to extend this- but Trump has been somewhat vocally against this extension due to his own allegations that the FISA courts were misused to spy on him.
Exactly, we need way more political parties with direct representation. However, power seems to do a great job of consolidating itself so that won't be an easy task.
First past the post voting tends toward a two party system, because there are strong incentives for smaller parties to consolidate to get to a majority.
Since this is a subject I find fascinating, I'll add this link that I first encountered here on HN long ago: http://zesty.ca/voting/sim/
It's a mathematical model and accompanying explanation that shows that simple plurality (first past the post) voting produces bi-polarization, while other voting methods like approval voting do not. It also shows that the instant-runoff voting method that people are trying to replace FPTP with is non-monotonic, meaning that gaining a few points of support can actually hurt a candidate.
Torture was heavily repelled by Democrats, and was only "legalized" in that John McCain intentionally put in loop holes into his own bill that allowed the CIA to continue it because Bush threatened to veto the bill otherwise. Those loop holes were later closed under Obama both by legislation and an executive order. This was very much a partisan issue.
Trump threatened to veto the Patriot renewal bill, which includes the FISA court, despite bipartisan support. The bill is now withdrawn pending rewrite.
> As a european, I don't see any party that actually have american people's interest in mind.
To be fair, us Europeans have the same issues with our politicians, with the exception of socialists, communists and Greens. Just look for the article13 fiasco.
We have bipartisan consensus[1] that tech companies have acted badly and that Section 230 should be repealed or significantly amended. I think EARN IT will probably kill Section 230, not strong encryption, so I think EARN IT is pretty great. Tech companies probably should be coming to the realization by now that it's only a matter of time (probably 4-8 years) before we close the 230 loophole: So if they're given a choice, they should choose to protect strong encryption, and forego Section 230 protection, since it's going away anyhow.
[1]Kind of, Democrats think tech companies got Trump elected, Republicans think tech companies are suppressing conservative viewpoints, but either way, they agree on the problem.
What is the problem here? Having federal interference in tech is a terrible idea as any laws are usually overbroad and stifle large amounts of innovation that we haven't imagined yet as an unintended consequence.
What multiuser system would survive a libel-law attack from a highly unfriendly jurisdiction? Email, forums, comments, and other forms of posting opinions would immediately cause any small operator to shutdown.
You just need a friend to make libelous comments on discus and then sue any site you want. 230 isn't a loophole, it's essential for speech on the Internet.
Then the platforms that host social media need to stop suppressing speech.
The President wants to kill 230 because Twitter is censoring his tweets. His response was to suspend their protection from liability lawsuits under 230.
It's politics; everything's always about politics. Whether this will be good for the industry and society is another question.
> Then the platforms that host social media need to stop suppressing speech.
They clearly state in their ToS that speech is limited on their platform.
> His response was to suspend their protection from liability lawsuits under 230.
Well, his response was to state he was "looking to see if he could suspend their protection". There is nothing to be worried here, because anyone can tell him that the answer is that he can't suspend their protection.
It was just infantile bluffing that in most other situations would cause the person bluffing to lose face, but not in the current political reality. In most situations, it's best to not state orders that you can't possible enforce and that reveal your weakness.
They have a right to suppress speech on their platform. If I show up at your house and demand to install campaign signs in your yard because of my first amendment rights what are you going to say?
I suspect “get off my property”.
Twitter and Facebook and everyone else have those same rights.
Honest question, why do you think that Section 230 should be repealed?
I myself believe that companies should be doing a better job at moderating the contents they host in their websites, but also that by repealing such provision, smaller ventures with not enough money to enforce the rules, would either go bankrupt or simply suppress any third party content to avoid issues with the law enforcement.
Tech companies don't just host harmful content: They make money off of it. The fact that Google and Facebook take a cut off malware, scams, and fraud perpetrated over their advertising platforms, while bearing no responsibility or liability for them gives them an incredible disincentive to shut down bad actors.
A huge portion of Google Ad income is malicious content, and as long as they can't be sued or indited for it, they're going to continue to automatically approve and profit off criminal activity.
The problem with Section 230 isn't about one guy who posts something bad, the problem is with systemic abuse on platforms which are financially motivated to allow the abuse to continue.
> A huge portion of Google Ad income is malicious content, and as long as they can't be sued or indited for it, they're going to continue to automatically approve and profit off criminal activity.
Citation needed.
Also, wouldn't this also apply to broadcasting companies? Say, potentially harmful commercials airing on prime time.
I was going to challenge you to find me a company selling malware on CBS or NBC, but then I remembered Google runs TV ads, so fair point. /s
And importantly, broadcast television doesn't get Section 230 protections, and does just fine. A great example of why tech companies don't need immunity. Broadcast TV ads are sold on a smaller scale, such that humans are involved in the process and bad actors are caught early.
> Citation needed.
The general problem here is that Google is the only one with meaningful data, and obviously they're very motivated not to reveal how big a market illegal activity is on their platform. Note that even in legitimate verticals, scams push the bidding higher for advertising on their platforms. So not only does Google make money directly off scammers, they also make more money off legitimate advertisers because the bidding was higher. Google both claims that there's no data proving their business is illegitimate, while keeping all the data secret. So we have to rely on the evidence we can see.
A great example is what The Verge uncovered in 2017 with rehab scams: https://www.theverge.com/2017/9/7/16257412/rehabs-near-me-go... where they found some insane CPCs: "If you’re in Arizona, and you click on the top ad, you’ll cost that advertiser around $221", and Google was actively soliciting business in this extremely valuable market: "The search giant actively courts treatment centers, both online and off. In May, a Google “digital ambassador” was a featured speaker at the Treatment Center Executive & Marketing Retreat". They had multiple people directly focused on cultivating business in this particular market. Scammers were both harming consumers directly, and also pushing the CPCs up to insane levels for real drug rehab centers, hurting consumers indirectly as well.
You can also see an interesting way Google helps bad actors stay hidden here: "The 800 number was ephemeral. ...Google offers advertisers unique “tracking” phone numbers that forward to a company’s phones, so they can understand which ads are bringing in the most clients. The phone numbers only stay up as long as the ad does." So you can't even meaningfully trace out a phone number on a scam ad back to the company that pays for it. Everything is laundered through Google accounts.
After this piece, of course, Google finally acted and more or less shut down their entire drug rehab vertical for a while, and retooled it. I'm sure it's drastically less profitable now. But the problem is, they got to keep the millions and millions of dollars profit they got from engaging in a business practice that was directly harmful to people.
My long time example, which Google still refuses to address, is searches for "mapquest". MapQuest is a top search term for seniors, who don't realize that other directions sites exist. To it's credit, MapQuest is still pretty decent. Problem is, Google sells ads for "Maps Quest" that look like the real site, but redirect you to sites that require you install browser-hijacking add-ons in order to proceed (add-ons hosted in the Chrome Web Store, I might add). No matter how many times I've attempted to report them, these sites are allowed to continue doing this. A Googler actually had them removed once, and Google re-enabled the same sites' ads within a couple of hours.
Another fun part of this, is that if MapQuest wants to be presented above those malicious ads, MapQuest has to outbid them... for it's own trademarked brand name! Ad squatting is another way Google rakes in massive revenues via essentially blackmail: Pay us or we'll let scammers place higher than you for your own name.
I wouldn't hazard a statistic, because it'd be a guess, but I imagine if Google were forced to disclose advertisers and spends, you'd find a substantial portion of Google's profits were ill-gotten gains.
This doesn't address my question though: is it true that a significant percentage of Google's Adsense revenue comes from such ads?
I'm not denying that Google profits from these, that would be silly. My point is that broadcast companies run morally questionable ads all the time, yet it seems that we should be holding Google for a higher level of accountability.
Take for example drug commercials. If you are concerned about scams targeting seniors, then you must have reservations about these, since the way they portray drug positive effects, and downplay the adverse ones, is clearly misleading. Or, say, political ads. Facebook is taking a lot of flak because of these, but local TV stations have been running misleading and often borderline hateful commercials for ages, e.g.
I did address it, though the answer is disappointing: Only Google (or someone with Google's private business data) could give you that number. But it's absolutely much higher than they'd like you to believe. I just can't tell you if it's 30%, 60%, or 90% of their revenue, the public doesn't have access to that information. I'm confident that how ever much you believe it is, it's higher.
> yet it seems that we should be holding Google for a higher level of accountability
On the contrary, repealing Section 230 would place Google on the same level of accountability as broadcast companies. Section 230 carves out a special immunity to prosecution and lawsuit that only applies to online platforms. Broadcast companies are already held to all of the laws and risks that Section 230 is protecting Google and Facebook from.
> I did address it, though the answer is disappointing: Only Google (or someone with Google's private business data) could give you that number. But it's absolutely much higher than they'd like you to believe.
Well, that's pretty much wishful thinking.
> Broadcast companies are already held to all of the laws and risks that Section 230 is protecting Google and Facebook from.
Are they now.
Let's put it this way: section 230 protects Facebook from being held accountable for the anachronistic opinion about Jewish people, and violent tendencies derived from it, of a random user. Such random user, as a TV show guest, could spout a call to arms to an audience of 2,5 million spectators, and the broadcaster would not suffer any legal consequences.
Repealing section 230 _without_ a reasonable alternative would indeed held Google for a higher level of accountability than, say, Fox News.
> Repealing section 230 _without_ a reasonable alternative would indeed held Google for a higher level of accountability than, say, Fox News.
Under what law? Section 230 is a special exemption for tech companies. Without it, Google is indeed subject to the same laws as Fox News. Now, it's possible those laws aren't strong enough... but they'd be equally not strong enough upon both Google and Fox News.
Currently, Fox News is held accountable poorly, and Google is not held accountable at all whatsoever.
Section 230 protects companies by not making them responsible for what third party actors publish in their platforms.
Name a single US based TV station prosecuted because some of their guests made false or hateful comments on air. Heck, it is in fact easier for the FCC to nail a broadcast company for "indecency", rather than hate speech.
I am going to stop here and not reply further, because I think we're going in circles. Again: Section 230 is an exception for tech companies. It allows them less accountability than other businesses. There is no law enforcing stricter responsibility for tech companies than broadcast companies.
Which means, if Fox News isn't held accountable enough, you shouldn't see any reason for Section 230 to exist: It's not protecting tech companies from any effective law as it is, so removing it won't harm anyone.
Can you clarify what you mean by the "230 Loophole"? Many believe that tech companies should be fully responsible for anything said on their platforms. If this were the case, I believe this would have an extraordinary chilling effect on speech.
There are already extraordinary chilling effects on speech -- try criticizing Black Lives Matter on any major social media, for example, and you will likely be censored, doxxed, and even receive death threats.
Up until now, major social media (FB, Twitter, Youtube etc.) have been free to suppress conservative voices in the name of opposing racism and white supremacists. The tech platforms have been shielded from lawsuits by 230. Once 230 is suspended or repealed, they will no longer be shielded from lawsuits.
As a result, someone gets doxxed, fired from his job, threatened with violence etc., he now has the wherewithal to go after the platform that facilitated the cancel mob.
You are suggesting a technical solution to a cultural problem.
Speech is supposed to have consequences. How else could it be?
> Up until now, major social media (FB, Twitter, Youtube etc.) have been free to suppress conservative voices in the name of opposing racism and white supremacists.
I guess nazis can be seen as conservative voices by definition. But isn't that the same thing as Fox in the other direction? Corporations suppress viewpoints they don't like. Have you read the ToS?
> As a result, someone gets doxxed, fired from his job, threatened with violence etc., he now has the wherewithal to go after the platform that facilitated the cancel mob
So newspapers will be unable to report the news because people might lose their jobs? People lose their job all of the time when newspapers report on their crimes/actions.
Cancel cultural is a bad cultural phenomenon. We need to develop a healthier culture to fix this problem. Hamfisted Federal laws are not going to make a significant difference here without causing significant harm.
> Cancel cultural is a bad cultural phenomenon. We need to develop a healthier culture to fix this problem. Hamfisted Federal laws are not going to make a significant difference here without causing significant harm.
I started writing a reply to parent before I saw yours but I stopped when I saw this sentence because there's no way I could put it better.
So imagine 230 is repealed. Facebook can now be sued for what crazy people say on their platform. Do you think this will be better or worse for free speech on the internet?
To the extent that a cancel mob was created by the editorialization of a company (eg promoting specific posts), they can already sue the company for its part - section 230 does not apply to the data that the company itself publishes. And to the extent that the cancel mob organized itself organically, attacking a company for providing a conduit is a direct attack on free speech.
That said if this does pass, we can only hope that the attractive nuisances of webapps will fall out of fashion. User-advocating client software is the real anti-censorship future. Of course what will likely happen is the frog will slowly continue to boil, and the censorship regime will be extended to p2p communications as well.
It dangerously goes two ways. Twitter tried to claim their banners on Trump's (and other public officials Tweets) were allowing because of 230! They're trying to have it both ways and it's a very very dangerous game to play. Viva Frei, a Canadian litigator, does a great breakdown of 230:
> Twitter tried to claim their banners on Trump's (and other public officials Tweets) were allowing because of 230
I doubt it (though feel free to link to a statement), because they aren't "allowed" to put labels on tweets because of Section 230, they're allowed to do so by the first amendment.
Repealing 230 would give them an even greater incentive to suppress conservative views as someone could argue they're looking the other at people being radicalised by hate speech. You could say 230 is what protects platforms like Gab who knowingly host conservative speech.
To Californians, Dianne Feinstein is one of the cosponsors of the bill in the Senate. It really grinds my gears seeing our senior leadership from California take actions that directly harm our interests, both towards our peoples' freedom and our businesses.
I feel vindicated for voting against her in 2018, because I thought she'd be out of touch with our interests as a state.
Feinstein is easily the worst Democratic Senator. It's absolutely bonkers to me that a state where tech is as important as it is keeps re-electing her. Surely there's someone out there who wants to primary her?
CA has a blanket primary, which means that all candidates from all parties take part in the primary and then the top 2 compete in the general election, regardless of party affiliation.
Feinstein wiped the floor with everyone in the primary in 2018. She took 44% of the vote, and the next leading candidate (Kevin de Leon) took 12%. When they ran against each other, de Leon lost by a fairly large margin but turnout kind of sucked.
de Leon wasn't a good candidate by any means, and I voted for the guy. He always struck me as a bit of a smarmy huckster who didn't stand for anything but reelection. But I knew that Feinstein was probably running for her last term and only cared about serving the national party's interests, and not our state. I'll take the guy that wants my next vote over someone that probably won't live long enough to get it.
Getting to the point you were responding to: in fact Feinstein won on the back of a bunch of "republican" votes, cast strategically in a "blue" state where a traditional candidate wasn't likely to win. Which is to say: nonpartisan voting did exactly what it was advertised to do and resulted in the election of a centrist candidate.
Obviously there are other externalities to consider (Feinstein is very senior), etc... But I don't know why anyone is so upset that she's the "worst democrat". She'd be the "worst republican" too.
You want consensus-building nonpartisan elections, you get candidates that reflect social consensus and not your particular party's priorities.
Calling a democrat that won't even pretend to support blue team freedoms the "worst democrat" makes a lot of sense.
What is called "centrist" is nowhere near the center, but is actually straight up authoritarianism. If you look at both the blue team's and red team's grassroots messages, individuals are not happy with how much control the government exerts over us. Each political team markets a half-libertarian message and lures individual voters in by focusing on those gripes. They then channel their supporters' energy into going after the "other team", and "compromise" by enacting the fully authoritarian policies their sponsors paid for.
I don't necessarily disagree with any of that. In general, a "centrist", in common usage, is a person who broadly supports existing social structures. So yes, they're going to support law enforcement over privacy, the media industry over public access concerns, etc... So to anyone who cares deeply about some issue of social change, a centrist is going to look "just as bad as" the "other side".
But calling them (sigh) "authoritarian" isn't helping your case when they come back at you to persecute a (sigh) "revolutionary" or "extremist". Work with people. Centrists aren't idiots. Their constituency is real, and has concerns too.
> a person who broadly supports existing social structures. So yes, they're going to support law enforcement over privacy, the media industry over public access concerns
We already have a word for this - conservative. And I do agree that conservatives have consistent and valid points, even if I do not agree.
I don't know what other word to use besides "authoritarian" as in the two-dimensional political space with red-blue on one axis, and authoritarian-libertarian on the other.
To me "centrist" implies some middle of the road. I do not agree that someone who supports (this bill, the patriot act, elective wars, drone strikes, etc) deserves the label centrist, as they're nowhere near the entire libertarian half of the political spectrum. Allowing this to be called centrism is privileging and cloaking authoritarianism.
Again, you're playing semantic games. That's not what "conservative" means in modern political discourse, at all. And I'm sure you know this. In fact when journalists want to use the sense you cited they generally have to call it out explicitly (c.f. "small-c conservative", by reference to the Conservative parties in commonwealth nations).
> I don't know what other word to use besides "authoritarian"
And for the same reasons, it doesn't help your case to invent new jargon here either. The word you're looking for, describing people generally predisposed to agreement with existing social and government structures, is "centrist". It's what I use, it's what everyone in journalism uses. It's probabaly what you use too when you're talking to people in the real world and not trying to score points with hyperbole on HN by likening centrists to Nazis and Communists.
First, I'm not "trying to score points with hyperbole on HN by likening centrists to Nazis and Communists", nor "playing semantic games". The meanings of terms we use are important, as they carry latent bias.
> That's not what "conservative" means in modern political discourse, at all. And I'm sure you know this
I honestly don't know what "conservative" is supposed to mean in the modern political discourse, besides simply referring to people who support the red team. Therefore, I think it's instructive to fall back to its general abstract meaning. For example, current Trump supporters are in no way actually conservative. Hence seeing ideological conservatives distancing themselves from that populist-reactionary ship of destruction.
> ["centrist" is] probably what you use too when you're talking to people in the real world
I've never heard the word "centrist" in the real world. As I said, it seems like a mainstream media term shifting the Overton window towards authoritarianism (away from libertarianism), following the idea that increased centralized control can be used to solve societal problems. I apologize for using this word that you are reacting strongly to, but I've yet to hear a different straightforward technical term that refers to ever-growing government involvement.
Misusing terms like that makes it harder to have a meaningful conversation about political beliefs. Someone might say "I'm not conservative, I'm liberal". But that is nonsensical. Liberal and conservative are on different spectrums. It would be like saying "I don't like white things, I like sweet things". The color/light spectrum is different from the taste spectrum, and vanilla ice cream is both white and sweet. Someone can be liberal and conservative.
The three political spectrums are:
- Progressive <-> Conservative
- Liberal <-> Fascist (Authoritarian)
- Left-wing <-> Right-wing
Progressive is someone who pushes are for change, major change, and rapid change. Conservative is someone who likes things how they are, wants to make changes slowly and carefully. People can be progressive on some topics (like pushing for civil rights), and conservative on others (like being careful about changing fiscal policy). But lots of people will default to one or the other.
Liberal is to allow, a true liberal would allow things they disagree with. A fascist (authoritarian) forces everyone to be like them, and passes laws to force everyone to do as they believe.
Left-wing and right-wing is less a spectrum and more clustering of ideologies.
Left-wing ideologies generally favor the community as a whole over the individual, and support those with less power or who are less well off. That results in things like pro environment, minority rights, and social welfare. Internationally left-wing could include going to war overseas to protect people from oppression and powerful aggressors.
Right-wing ideologies tend to favor the individual and those in power, more everyone for themselves. This could mean freedom to make individual choices that hurt the environment, pro big business, lack of social services. In the extreme it can be racism against minorities. Internationally it could result in isolationist policies.
I think if people actually understand the terms, and they are well defined, people can thinks about how they as an individual feel. And maybe that can help us break away from the two-party fighting we have now.
I think if people actually analyze there beliefs, they may come to better understand themselves, and people can better understand each other. For example I think some people that call themselves "Progressive Liberals" will find out they they are "Progressive Left-wing Fascist", and some people who call themselves "Conservative" will find that they are "Conservative Left-wing Liberals".
> fact Feinstein won on the back of a bunch of "republican" votes, cast strategically in a "blue" state where a traditional candidate wasn't likely to win
Except de Leon carried the red districts. Not Feinstein.
I didn't say she carried all the republicans, just that she carried enough of them to put her above any of the more "typical" democratic candidates you'd expect to see from a state with the demographics of California. You can't feasibly elect a progressive with a non-partisan election, even in California.
She’ll send a smarmy response about how you’re clearly an idiot for thinking it has anything to do with encryption, and how she’s proud to be a co-sponsor.
She’s been completely ignoring voter complaints for decades. Before open primaries, it was essentially impossible for her to lose an election, and she knew it.
I’m extremely liberal, but if the “recall governor Newsom” crowd went after Feinstein instead, I’d sign on in a heartbeat.
She will be 91 the next time she is up for re-election. Hopefully she’ll finally retire instead. I’ve been hoping for that for over a decade.
Feinstein could not have been re-elected if it weren’t for overwhelmingly strong support for her in Silicon Valley.
If she is up for re-election again, please vote for the other candidate (who will probably also be a Democrat!). Also, tell your friends.
She wants to ban encryption. Her voting record is further to the right than many republicans. She votes according to Trump’s wishes more than any other Democrat in the senate.
I think you’re misreading it. It’s sorted by Trump affinity, and there is only one Democrat higher than her (she used to be at the top, but has been dethroned by a large margin by one Democrat).
No, the default sort is "Trump plus-minus" which takes into account what percentage of the state voted for Trump. The idea is that if 50% of the state voted for Trump, a senator from that state should vote along with Trump 50% of the time, giving a zero plus-minus.
Such a low percentage of people in CA voted for Trump (2nd lowest after Hawaii) that a middle of the pack Democrat will be high in the default sort. The same for senators from Hawaii, who are 4th and 5th with the default sort.
We need to vote out the people pushing for backdoors. They seem to want backdoors at any cost, without any technical understanding of why its a terrible idea. Vote them out!
California is not as progressive as you might hope. The cities are full of progressives, but outside the cities is very conservative. You have to be fairly moderate to win statewide office.
Newsom was a reaction to Trump, but sort of an aberration. More than half of our governors have been Republicans, including Regan, who went on be President and a paragon of the GOP.
Since the 80s 14 out of 30 years has been Republicans, and Jerry Brown was 10 of the remaining 16 years, and he's pretty moderate as far as Democrats go.
I mean, yes. Feinstein is better than the alternative in the General. The Primaries are the way to get rid of her, I can't believe no one has booted her out yet.
You don't seem to understand the California Jungle/Blanket primary system... All candidates from any/all parties run against each other in the primary, and the top two are the contenders for the general election. Recently this has led to two Democrats always being facing each other in the general election.
The most recent general election was Dem vs Dem (due to the unique way that CA primaries work). Feinstein still won a strong majority of the statewide vote. :|
In American politics, voting really doesn't make a difference as much as just having opinions alighted with those of the top 10% of income earners[0]. Making noise and protests are more effective in some ways, but the sad reality is that most of senate/congress is not beholden to the selectorate of all voters, but rather the smaller selectorate of influences that control the advertising and narrative that allows them to continue to be re-elected.
The video there talks about a study about how people feel about a policy and whether the policy gets passed or not. Then it goes on to extrapolate that to electing humans. The video is right that we have less influence over policy, policy that citizens do not vote on directly. We do directly vote for humans and those votes do count - electoral college is a special case.
Also, I'd bet there are a lot of folks that read HN that are already in the top 10% of income earners. So maybe I'm speaking directly to some of the 10% now.
Maybe OP means both the bailouts in 2008 plus the Iraq war in 2003? Or the fact that the US is still actively involve militarily in predator bombing seven nations?
Everyone vowed to vote out the representatives that bailed out Wall Street and left home owners holding the bag. Then whatever came along and poof, that didn't matter.
Same (and more importantly) with the Iraq war. IMO, you voted for it, you're out. Doesn't matter why, doesn't matter what you believed at the time, you're out.
There's been zero accountability on death and destruction on the grandest scale this century, so I don't expect anyone to remotely lift a finger about some IT bill.
Where are my elected representatives that represent my privacy rights on bills like this? Maybe I need to run for office since I care about end2end encryption, free software, and the rights of free people and information to freely travel around the world...
You can run, and with that platform your opponent will conveniently turn it around into "my opponent supports child molestors and terrorists". Because if you think you'll simply walk up to the podium talking about something most folks could not give a working definition for, boy, are you going to be in for a shock when your opponent "dumbs it down" for the audience.
Which is how we end up with stuff like the EARN IT Act that one would reasonably think would be shot down immediately, but isn't.
"My opponent supports the attorney general having access to your porn habits. I support your privacy" is a pretty straightforward simplified riposte to your above oversimplification.
The ruling elite have a monopoly on this. They publicly opposite it via bills like this and use media giants to crush 'conspiracy theories' involving people like Epstein and all the people he was closely associated with in Washington and Hollywood.
I think if we actually got evidence and leaks on how bad child abuse within politicians are, Americans would be absolutely horrified by the straight up hypocrisy.
Indeed, but think about who is running those blackmail ops... the three letters, well, how is it that Schumer put it, "you take on the intelligence community, they have six ways from sunday at getting back at you..."
Lesser of two evils is a common tactic to push authoritarian bills in some countries. They don't expect LAED to pass and it has practically no supporters.
In that case we need to provide working definitions advocating for privacy and information freedom that the average consumer can appreciate and support. I'm open to ideas. One approach is to explain that without private encrypted communications your information cannot be free: instead it will be monitored and censored by the many parties that believe we should not see or say one thing or another. Privacy enables freedom.
My reply: "Government is trying to spy on every aspect of your life. There are more government employees that can spy on your children than there are child molestors in the country."
Do you want creepy gov't contractors spying on your kids?
Bill Maher may be right -- you have to fight fire with fire. Once mud has been thrown your only option is to throw more mud back. Point out the Cosbys, Epsteins, Trumps, warmongers, etc. "The untouchable elite are the terrorists and molestors"
In Europe quite a few "pirate parties" popped up about a decade ago. None of them were too successful as far as I know, at least in The Netherlands they didn't mention to gain a single seat (out of 150).
You should call their offices. Give your qualifications and make their staff listen to you explain all the reasons why its a terrible idea. It can move the needle if enough people do it. If you have the energy to run for office then you should start by lobbying for these issues, it's good practice
Awkwardly enough the only Senator I have even the smallest amount of respect for these days did add a bunch of amendments to try and fix parts of it....but I think its a shit bill from top to bottom and I expect him to vote against it anyway.
Perhaps instead of supporting politicians who "say" they're going to do X, Y, and Z we should support politicians who have a track record of doing exactly X, Y and Z regardless of how politically convenient it is to do something else.
More laws will not fix the problem of having too many bad laws, in my opinion.
I trust the Mozilla foundation has good reason to oppose this, as likely do I, but I'm sad to not see a "learn more" button on this page to add your name to some opposition list. I'd certainly like to learn more about what I'm signing up against, and I can do that myself, but I feel as if they would also have a responsibility to further educate if they're asking for my support.
In one sense, the anti-crypto forces are not yet being as crazy as they have been at certain times in the past. People often forget that the federal government wanted to put Phil Zimmerman in prison over PGP in the nineties. [1]
In another sense, this is much crazier. There wasn't much at stake commercially in the nineties, but today, legislatively screwing up crypto could compromise trillions of dollars worth of commercial transactions if something goes wrong.
It's more or less the same thing. PGP was used as an example of why the Clipper chip was pointless and futile. PGP is an example of why the Earn IT act is pointless and futile.
The Earn IT act is just another instance of the sort of incomplete thinking that produced the Clipper chip.
The point I was getting at in my second paragraph is, the consequences of screwing up everyone's cryptography today include wrecking the modern economy. This wasn't true 30 years ago.
I took the opportunity to donate to Mozilla as well. I'd encourage you to do the same! They are one of the "good guys" on the internet and they need our support to stay alive.
This is the consequence of companies like Discord letting child predators run rampant on their platform and doing nothing about it. There are two sides to every story. You can imagine how the government would react after seeing hundreds and hundreds of cases coming out of Discord, Snap, even FB.
Reading the actual bill[1] rather than sensational headlines, you can see this is mostly about creating a tip line and bureauracy for reporting CP. Ctrl+F "encrypt" 0 results. Me no care. Deal with it Discord. Pass it.
I initially thought you couldn't possibly be right about this, but what you stated does seem to be the case. After skimming through the full text, the main point of this seems to be about setting up a committee that will come up with "best practices" that online service providers can follow to reduce/eliminate the exploitation of children on their platform. Can someone explain how this "creates a threat to strong encryption".
If they determine that "best practice" no longer includes secure end-to-end encryption that a service provider can't decrypt independently of the user, they'll use that as political leverage. "See, our self-selected panel of experts said that this isn't a best practice, yet Apple and Facebook are still doing it anyway!"
I suspect that Apple and Facebook will control said committee. They just need to donate more money to the campaign funds of people lucky enough to be on that committee.
The bill also offers legal protections for companies that follow those best practices. It’s not hard to imagine that 1. The best practices include not using strong encryption, 2. An environment with lots of lawsuits directed at companies not following those practices .
>>>Not later than 1 year after the date on which a bill that contains recommended best practices submitted to Congress ... and annually thereafter, an officer of a provider of an interactive computer service may submit a written certification to the Attorney General stating that the provider (1) has conducted a thorough review of the implementation and operation of the best practices; and (2) has a reasonable basis to conclude that review does not reveal any material non-compliance with the requirements of the best practices
>>>Whenever the Attorney General has reason to believe that an officer of a provider of an interactive computer service has filed a false certification ... the Attorney General may issue ... a civil investigative demand requiring the provider to (i) produce any documentary material ... answer in writing written interrogatories ... give oral testimony ... furnish any combination of such material, answers, or testimony.
>>>The Attorney General shall maintain on the website of the Department of Justice a public list of each provider of an interactive computer service for which a certification has been submitted ...
>>>The best practices required to be developed and submitted ... shall include alternatives that take into consideration ... the transmission and storage of information on behalf of other interactive computer services ... provides the capability to transmit data to and receive data from all or substantially all internet endpoints on behalf of a consumer
For the last 10 years, encryption/privacy has become the watchword for people around the globe. I remember back when gmail was the first to use HTTPS for email and people freaked out. Today it's an expectation for everything and every service.
I think there are competing concerns here. The need for privacy and the need for safety. In order to keep everyone safe, we need to monitor what your doing. Some people will buy this, others wont. I think it depends on if you trust the monitor.
Its back to the 'do you have anything to hide' conversation, which I think misses the point. The point, I think, is that there is a fundamental right to privacy, that in some sense, is frustrating and annoying. It's the battles over WhatsApp, Apple IPhones, etc.
Safety and Freedom don't always go hand-in-hand. I remember watching TV shows/movies back in the day where there Soviets with AK-47s asking people for their 'papers' as they get on a train. Today there are armed police walking the hallways of my kids schools, at concert venues, TSA screeners at the airport, etc. There is a price for safety imho. There's a price for freedom too.
I'm not sure what the right answer is, but i wholly support petitions like this because they are the voice of the people.
The primary impediment to combating child sexual abuse material is the scarcity of law enforcement agents relative to the scale of offenders.[0] Law enforcement agencies are already at the limit of how many offenders they can prosecute because offenders are primarily detected by agents who are posing as offenders or by agents who are posing as victims.
The solution proposed by the researchers in the referenced documentary is to create AI agents that can automate the work of posing as offenders or posing as victims. This solves the scaling problem of the law enforcement agencies.
That scares me. If that entrapment-at-scale is legal, it could be deployed to throw huge numbers of people in jail for buying drugs or supporting terrorism.
Note that the AI is used to automate the work of the law enforcement agents, not the work of the judges and juries. The AI collects evidence that prosecutors use to build cases against defendants. The defendants still have the right to public trial in a court of law in front of a human judge and human jury.
edit: It seems there is a misunderstanding of what the AI does. It simulates human traffickers in text or video chat in order to find people who try to exchange money with them, and it simulates children in text and video chat in order to find people who try to groom them. It does not simulate child sexual abuse material or proliferate child sexual abuse material.
If I hit reply to tell you to go to hell, did I just participate in the exchange of pictures of minors? (since your pictures will be quoted in my email)
So, create some dog-and-ponies AI start-up for this in the districts of the most influential lawmakers, with stated job counts (for AI-mechanical turk work that hires lots of people).
Tie the "correct" solution to their real political motivations and it will get done in a heartbeat. It has to be something they can sell to their base though.
Well, it's being realistic. The politicians aren't choosing the best choice for us, they are choosing the choice that looks like the best choice for the hordes weighed against the interests of their powerful lobbyists.
If privacy (as partially defined as crypto) looked important to the hordes of people and/or the lobbyists, we wouldn't have anything to worry about. Think about the children is a much easier platform to get elected for though.
I reached out to my representatives on this when the Act was first proposed. I'm confused about the changes that have happened since that time and the post does not say anything about what has changed. What does "Advancing" mean in this case? If I have already contacted all of my legislators about strong encryption and opposition to this bill, what is the latest change that requires re-engaging?
I haven't followed the specifics, either, but it looks like it was introduced back in March. When I reached out to my Senators and Reps back then I got a reply from my House Rep (who I believe was supportive of the bill). The bill is currently in the Senate and only this week is getting "marked up" in the Judiciary Committee--I imagine if your Senator is on that committee it's more important to reach out.
Sadly, I think issues need constant re-engaging since they pop up under different names and in different forms.
I've struggled a bit to find resources helping to describe what section 230 protections are actually for, however. Many of the examples explaining section 230 protections seem to revolve around things like defamation in Youtube comments or product reviews, but I'm having trouble making the leap from that to why messengers are so concerned about this bill. Why do tools like messengers need section 230 protections to begin with? AFAICT they still have to submit to things like national security letters, so what does section 230 buy, say, Whatsapp or Signal?
not to mention that the TBD requirements have to be approved and voted on by congress to become law.
that said, there is also some text that changes specific wording in other existing laws that may have an impact on future court cases, e.g.: “(2) CIVIL REMEDY FOR CERTAIN ACTIVITIES RELATING TO MATERIAL INVOLVING THE SEXUAL EXPLOITATION OF MINORS.—Conduct by a provider of an interactive computer service (as defined in section 230 of the Communications Act of 1934 (47 U.S.C. 230)) that would violate section 2252 or section 2252A if that section were applied by substituting ‘recklessly’ for ‘knowingly’ each place that term appears shall be considered a violation of section 2252 or section 2252A for purposes of paragraph (1) of this subsection.”.
We could be charitable about what 'recklessly' means, but given the tendency of pre-digital judges to misunderstand technology - I can understand why there is a pushback against this kind of language.
"What do you mean you don't keep a history of your clients' internet activity? I would construe that as reckless behavior."
1. It puts our national security at risk. It opens up American cyber-security at large to nation states like China, Russia, and Iran, as well as more sophisticated terrorist groups.
2. It hampers innovation and competition in the tech industry. Compliance will increase costs, especially for startups, especially in a Covid19 environment, and the global market will not be able trust the cyber-security of American networks.
I am not sure if someone else already posted this in the comments here or not, but the EFF has a form letter available, as well as a way of finding your representatives/senators:
Just enter an address in the box on the right and it will find your representatives/senators for you, select the right options for contacting them and then present you an editable form letter for sending to them.
Note that your senators and representatives may abuse your email address and phone number if you provide it: after having sent letters to Diane Feinstein and Kamala Harris' offices this way, I've received a lot more political spam calls and emails.
"Earn IT" is going to help someone. Dont ask why, but ask who. Who is going to benefit out of this? Ask more Why's. What was the missing piece that they are trying to put together by passing this ACT. How we were at disadvantage so long that now passing this ACT is going to empower us.
Thankful for Mozilla and EFF, but have any tech elites spoken out against this or put money into defeating it? Thiel, Musk, Altman, Graham... hello? Should we assume SV is complicit?
Not even touching on those individuals, it's been bothering me that it feels like mostly silence from Google, Apple, Facebook (who this would presumably really hit at), etc.
I'd really love to be missing something. It feels like this is just fading into the background... and while I can acknowledge the idea that you might just try to fight this as unconstitutional after it passes, that feels inherently risky given this administration (if not downright stupid).
because apple, google, facebook already comply with this. they have built ways for the government to access their data. any company with an important enough set of information is going to get this request and you can’t say no
I know what you're saying, but where do you think you are? Please have enough common sense to assume I asked the question knowing how that works.
The primary thing with this bill that the companies seem explicitly quiet on is the fact that the use case it opens up for the government (sidestepping user privacy/encryption) coupled with the level of power it more or less places in the Attorney General's hands.
I can't in good faith assume that these companies are comfortable with this, and I'd like to know why they're not speaking up.
At least for Apple, they claim the iPhone (at least devices post-checkm8) has not been compromised. iCloud is required to comply with records requests, but the data isn’t in iCloud the feds can’t get it. Even with checkm8, the Secure Enclave still has not been compromised.
If they were in bed with the feds, the FBI/NYPD wouldn’t keep asking them for keys that Apple doesn’t have.
Privacy aside, even if they "ban" it, people cannot just stop using it the next day. Almost every company has encrypted information, like passwords etc. This is what I LOVE about technology. They cannot stop it unless they want to bring entire systems down - some of which run govt business (like aws). So how are they really going to stop / enforce it?
It has been used encryptions and ciphers have been used for a long time, you cannot stop people from using a math function. It's like DO NOT USE multiplication from now on.
It is interesting how this dovetails with the trade war with China. When the media got all hot and heavy about evil Huawei and how the would use their communication equipment to spy on America, my response was simple. They can't spy on us if we encrypt everything. If they want to give us cheap subsidized telecom equipment, let them, we will just use encryption for everything.
Then the government decided to ban encryption and then things started to get clearer.
Well, they can if it gets onto their hardware before being encrypted or after being decrypted, such as if it is encrypted or decrypted on their hardware, and since Huawei makes a lot of consumer gear...
One of the groups that signed on for updates on such laws sent me a link over SMS. It automated calling 22 senators to ask them to reject Earn IT. I spoke to staff or left messages with 20. Two had full voicemail. One of this was my local rep, Feinstein. Figures.
There is a fantastic book that covers all of these topics and goes straight to the heart of the "nothing to hide" arguments both pro and con.
In fact, the book is titled "Nothing to Hide: The False Tradeoff between Privacy and Security" by Daniel J. Solove. I would highly recommend for those who are security and privacy conscious.
By the same logic, I would like to see every senator's crotch streamed live 24/7 please. Just to make sure there are no child abusers among them. Why stop at Senate, do the same to every law enforcement officer as well please. I'm sure that they, of all people, have nothing to hide.
Because what you're describing is a method for violating the rights of one person, and they know it's happening. What's described in the article is a method for violating the rights of anyone, and they won't even know.
Maybe it would be a fair deal if all members of the government equally open all their communication, including all their private matters to the entire world. Equal monks, equal hoods. They are honest people that have nothing to hide, not? I mean, exemplary people should be an example to the people.
Just from a technical point of view can these sort of encryption back doors ever actually work, I can’t think of a scheme where it does.
I mean people should have a right to know who has had access to this information and why, right? Surely the constitution says something about illegal searches?
It looks like all the different attempts of analogies overwhelm real discussion of of the effects of the bill.
Why do we need all these analogies? Why not discuss real-life repercussions and pros cons of the choices before us, and based on that, decide what society we would rather live in?
Many years ago, I read an article about some proposal to creating and using alternative dns root zones. Organizations certainly do this but how feasible would it be to maintain a 'separate' internet?
After years of ever-deepening privacy violations in the US, I'm surprised that this hasn't passed yet.
I mean, the government already legally demands that all the large corporations make them a copy of all of your communications that pass through them. So why should it be legal for you to encrypt any of it without them being able to decrypt it? How are they supposed to spy on you effectively with just the meta-data, you know?
Earn It act is adorable little attempt at institutional police state policy.
One would argue that terrorists will simply use other inventive ways to get around lack of main stream encrypted tech (and they will). Or that a back door for the govt is a back door for anyone (which is true). Both are logical points.
I posit that this is known among backers of Earn It - they're not that dumb. Therefore, this isn't about child porn or terrorists, its about dissenters of established institutions (government, corporations, media, etc). That's the move - the "party of Davos" sees the populist wave from both left and right (AOC, Bernie, BLM, Trump, Bannon, etc) and this how they think they will stop it.
The next AOC, BLM, or any populist movement will be labeled as threats to the established order, maybe as domestic terrorists. With Earn It, you can see who they organize with, when they meet, how they strategize, etc. This is COINTELPRO with smart phones [1]. Very slick, very effective. It's what I would do in their shoes.
The only flaw is that it is poorly marketed. It's so transparent, it's cute.
J Edgar Hoover is smiling somewhere in the after life.
Do yourself a favor, treat your phone and email like CIA recording device. We'll be fine.
I don't really understand what about the bill is distinctly bad for encryption. Reading the Library of Congress summary, it's mostly just creating a body to draft guidelines. It seems like it's mostly just Congress punting the issue over to the executive branch, so there aren't any actual guidelines to oppose yet.
The problem in this case is allowing the executive to draft “guidelines” with the force of law. If the whims of the executive decide what laws we abide by, it’ll be an ever-changing landscape used to harass political opponents, various racial groups, and whomever are the current administration’s less-desirables.
There's another good reason for term limits, how many of these VERY OLD people don't even understand what encryption is and couldn't possibly understand the concept that this is like passing a law demanding that you leave your house key at the local police station, unless you let them search your house every second Tuesday.
Analogies to physical security are not helpful, because they're easily countered with "but you support someone getting into a house with a warrant, right?". Encryption is nothing like physical security. There is no analogue to busting down a door. Correctly built encryption has no way to get in without the key; anything else has fundamental, unfixable security flaws.
I've been impressed by the insight, or occasionally, lack, of awareness of the potential perils of comprehensive data archives by pioneers within the data field.
Paul Baran, co-inventer of packet-based networking, wrote "On the Engineer's Responsibility in Protecting Privacy" (https://www.rand.org/pubs/papers/P3829.html) in 1968, some 51 years ago. In it he remarked on both the risks, and industry attitudes:
There are many amongst us who would not hesitate to build equipment to compromise the privacy of any given individual provided the price is right. These are the whores of industry. They would not hesitate building systems and devices contrary to the public interest; their only concern is the buck.
The full paper, and in fact, all of Baran's RAND publications, are online in full-text, following my request to RAND. I remain grateful to them for this.
Baran was also interviewed for a 1966 BBC documentary:
"Well, he who has access to information controls the game. This is very dangerous. I think both your country and mine have never trusted the government completely. We do so for good reason. Here we have a mechanism that could be abused. Here we have a mechanism that would allow the creation of a dictator. . .
I've yet to see an expression by anyone in Congress about this new type of danger. In fact, we see proposals for centralizing information, we see proposals for rushing ahead into new, more efficient computer information systems, and very little thought is being given to the dangers of the misuse of these systems. . . I ask a lot of people about privacy, why they valued it, and I was surprised by the number of people who said "Well, I don't do anything wrong. Why should I worry about privacy?" And then, on the other hand, I think there's a more wise group that says, 'Privacy is really the right to be wrong, then go on and live the rest of your life, without having it mark you forever.' I tend to think this latter view is the view we should hold.
The video is, unfortunately, no longer online, though it was previously at:
Another view was expressed by AI pioneer and Nobel Laureate (economics) Herbert Simon:
"The privacy issue has been raised most insistently with respect to the creation and maintenance of longitudinal data files that assemble information about persons from a multitude of sources. Files of this kind would be highly valueable for many kinds of economic and social research, but they are bought at too high a price if they endanger human freedom or seriously enhance the opportunities of blackmailers. While such dangers should not be ignored, it should be noted that the lack of comprehensive data files has never been the limiting barrier to the suppression of human freedom. The Watergate criminals made extensive, if unskillful, use of electronics, but no computer played a role in their conspiracy. The Nazis operated with horrifying effectiveness and thoroughness without the benefits of any kind of mechanized data processing."
There is, of course, one slight problem with Simon's argument: The Nazis did make heavy use of mechanised data processing, provided and supported by IBM. Edwin Black documents this meticulously in his book IBM and the Holocaust:
Warrant-proof encryption is not compatible with a society that accepts the principle that we are accountable to the law. There is nothing sacred about your cell phone.
That's a very bold claim. We already have warrant-proof toilets for flushing drugs down. Why do you think crypto should be illegal because old-technology warrants don't work very easily with it?
We've had warrant-proof encryption for a long time now in our society (at least 20 years?).
- Undercover police work and informants, which is how most large busts already happen now. The worst offenders are not swapping child porn on Facebook or Dropbox
- Encourage marriage and remove benefits penalties for two-parent households, as children are substantially more likely to be abused when their biological father is not in the household
- Institute the death penalty for child sexual abuse and make sure it is performed swiftly and publicly
These bad bills keep coming up in an effort to address serious real problems, like child porn. People are going to keep proposing bills to address these problems until something passes.
By just concentrating on shooting down bad bill after bad bill without devoting any effort to getting good bills proposed the next bill after each defeated bad bill will be another bill from the same general set of people. Maybe the new one will address some of the issues in the prior ones but the chances are good that it won't address all of them.
Just telling everyone else what is wrong with their approach to solving a problem instead of also offering up your own better solutions tends to not work well in the long run.
Child porn is a serious problem in that it is abhorrent.
I have not seen any evidence that it is a serious problem in that it has significant impact at a societal level.
These bills are not being introduced to significantly reduce child porn. They're meant to further enhance surveillance powers or earn easy political points. Any actual effect on crime is a side benefit.
Let's not forget that the same people that propose these bills are the ones hanging out at Epstein's private island.
Your comment seemed to imply that a network of pedophiles in Congress was tailoring these laws specifically to weaken law enforcement's ability to prosecute people like them. That would certainly lead to a societal impact, as it would by design empower and entrench child pornographers and pedophiles across the board.
Ah I see. What I meant to express was that based on the fact that there appears to be a higher preponderance of child abusers among the rich and powerful, it's unlikely that actions they take are actually "to protect the children"
> to address serious real problems, like child porn
Can you quantify the size of this problem? It sounds like military defense spending during the cold war. "You just have to take our word for it that child porn is a massive problem affecting 1 out of 4 children, so we need to crush the tech industry."
> Just telling everyone else what is wrong with their approach to solving a problem instead of also offering up your own better solutions tends to not work well in the long run.
How would you think the introduction of a competing bill would fare, if it still needs the support of the first bill proponents? Wouldn't they believe that anything short than the original bill is not worth supporting?
I don't think the issue is that there are no better ways to deal with, say, child porn. I do believe that many politicians, if not most, refuse to acknowledge that there are better solutions out there, and for that there are several factors.
I don't think it is the real problem. It is a problem in the sense that it is disgusting but it isn't worth destroying a free society over and I don't think it is possible to stop.
What you can crackdown on are the producers.
You can infiltrate the places where it is originally disseminated.
You can run face and voice recognition on the content.
You can flip lower level mass distributors into informants to gather evidence on the producers.
For rapists.
You can train teachers and counsellors to identify children who have been abused and to handle other psychological problems like depression which are endemic in our society.
You can train police officers to better spot criminals on a basis other than race or status.
You can better fund the CPS.
You can conduct assessments on parents who appear to be mentally unstable.
Before you think that's too harsh, consider that the other options are to ban encryption or to not try to stop it at all (quasi-decriminalization).
I don't think anyone would oppose a bill to make CP carry the death penalty. The problem is they won't ever make this law because then they won't be able to milk the cow anymore.
Has anyone considered that maybe there are actually people in this world that want to be able to catch criminals and terrorists? Even if the bill does result in adding backdoors (which is all based on speculation anyway), you don't think people and technology would recalibrate itself to overcome issues caused by backdoors? I find it insane that people think technology is so much more important than the potential for saving human lives.
Alternately, we could recalibrate the methods used to catch criminals and terrorists so that we did _not_ have to yield up all of our information to the gov, as well as every script kiddie with an internet connection.
Imagine we're sitting at a bar, chatting. None of us have anything to hide. Then the government passes a law that all conversations must be streamed on Youtube Live, so an agent comes in, sets up a camera at our table, and starts streaming.
We still don't "have anything to hide". We're just having a conversation. But the conversation used to be private--that's normal. Now it's not private, which is not normal.
Whether or not you feel like you have to "hide" anything during a bar conversation is not the point. It's whether you think we should make changes to our society where having a private conversation is never allowed.
This kind of analogy, in my experience, helps people understand that the "nothing to hide" argument assumes that privacy is only for evil people, when in reality it's the very normal default of daily life. The parable posted in another top-level comment is also great.