Encryption methods are far easier to transport and spread illegally than gun are.
Rand Paul is pretty openly pro-encryption. Hillary Clinton is equivocating; I think she's probably anti-encryption. These may be exceptions that prove the rule but I think what we're really seeing is a combination of ignorance, pandering and authoritarianism across the spectrum.
Damn, we need her on our side as a proven expert in computer security and privacy.
At the time I wrote to my representative Bob Stump and he went and talked with Hollings and sent me a synopsis of their conversation.
It was Warren Buffett who said that we have had class warfare, and that his class won. So true.
Rand Paul is libertarian and mostly anti-gov. We need more people like him in Washington.
He introduced the campaign finance bill that forced the government to argue before the Supreme Court that it had the power to ban books with political opinions it didn't agree with, the same argument that led to the Citizens United decision.
He made up a song about bombing Iran and sang it at campaign stops. (Tune of Beach Boys' Barbara Ann)
That's just the start. This encryption but is of a piece with his whole career. McCain is as bad as they come.
I won't go that far, I would say that getting a Gun in the US or even in Europe (especially since the eastern European and Balkan states have joined (officially or unofficially Schengen) is by far easier than setting up your own secure crypto from scratch.
This isn't an argument in favor of banning crypto, just a hard simple truth that the number of people that can setup a secure cryptographic system is small, the amount of people that can design them is even smaller, and a single operational mistake can ruin your entire encryption.
Don't get me wrong at this moment in time it's "fairly" easy to get off the shelf (FOSS or commercial) encryption software that would prevent law enforcement from accessing the data, and it's possible to implement encryption that would also foil full state level (intelligence agencies, military intelligence etc.) actors from breaking your crypto in any given timely manner at least.
But there are quite a few cutting edge attacks already on RSA, AES and other ciphers for key extraction, quite a few cryptographic systems were discovered to have horrific flaws in them, and some commercial solutions also have a backdoor/work reducer in them for lawful (and unlawful) access.
That said if you currently eliminate the existing eco-system of "non-backdoored / non-broken" encryption don't expect for it to be easily revived, it will not be that hard to crush existing even FOSS crypto working groups and as time passes and agencies like the NSA can break existing encryption ciphers more easily it will only be harder and harder to build safe crypto without going into new cipher suits, and most cryptographers in the world today work for governments, or are heavily watched.
So the dream of having the worlds most prominent math and computer science prodigies raising up to the challenge and building new cryptography in a dusky basement of a Berlin bar is a fairly romantic fantasy. Just look at how hard it was to get decent (for the time) encryption software when the US and most countries treated it as highly regulated commodities, and that was without an intentional crackdown on everyone who writes and distributes such software.
No, it is far easier to download an openbsd cd image from canada than it is to physically carry a gun.
This is laughable. Getting a gun legally or illegally is harder than downloading a basic Tails live cd.
Um, I assure you that the US Government was quite serious about preventing encryption export.
You are also ignoring history. It was far harder to get an operating system image, period. It was more cost effective for me to drive to a store and buy a physical CD than download over an internet connection in 1996. The retail channel is fairly easy to control--nobody is going to spend the money to press CD's and publish something that will get them raided by US marshals.
This has changed. Dramatically. Between higher bandwidth and bittorrent, you probably couldn't stop the distribution on an OS image, nowadays.
And it seems possible to build a system that detects such illegal usage ona web scale.
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
Dianne Feinstein, who is supposed to be representing the interests of Silicon Valley, has been beating the anti-encryption drum for some time now.
At least McCain's constituency doesn't include the people who are decrying this.
DiFi is not only worse and earlier than McCain on this issue, but she's intentionally ignoring the people it is her job to represent.
And you cry "Republicans!". Okay.
It's clear to me that these people have no idea what encryption actually is and only have a cursory understanding of what it does. They're aware that criminals and terrorists can use encryption to communicate covertly. That's why they want to ban it. Are they also aware that the exact same technology is used to protect their online banking? To protect against attacks like the Sony hack? Do they know that there is a huge segment of the economy that relies on strong encryption to do business?
It's pretty clear at this point that they don't care about privacy. Perhaps if the ramifications are explained to them in a different way they would be more open to dissenting points of view.
EDIT: The recent news stories have motivated me to renew my support for the EFF. I'd encourage anyone with disposable income to do the same.
I'm sure they are.
The problem is, I suspect, more the delusion that if there are backdoors, only MURICA will be able to exploit them because GODDAMN GREATEST COUNTRY IN THE WORLD! They would find the idea that there are talented individuals and groups, outside the US, who are capable of exploiting these facilities, absolutely incomprehensible.
Moreover, the civil servants who they should be able to rely on to provide accurate information about why it doesn't work that way (e.g. the NSA) will be actively encouraging that ignorance for their own benefits.
I don't think that's it at all. I think it's because they expect everything to work the way the phone system did. For a long time, tapping a phone was just a warrant away. And it really was significantly harder for anyone except the government to listen in on phone conversations. Now, the world has moved on from POTS to connections that allow arbitrary data to be sent instead of just sound. In that world, the control in the system shifts to the endpoints and away from the network. We (the kind that reads HN) understand why that has to be the case, but lawmakers and law enforcement are struggling with that paradigm shift.
I see it as being very similar to the problems encountered by the record companies in the late 90s/early 00s. They were comfortable selling CDs and understood CD copying well enough to deal with what little piracy there was. But then Napster came along and showed that their product was just bits that could easily be transferred freely across the globe. We all understood this reality, but the industry spent the better part of a decade trying to make uncopyable bits (DRM) and to stamp out piracy in a torrent of lawsuits. At this point, they've mostly come to terms with the new reality and are adjusting.
Government is going to need to come to terms with that same new reality and adjust.
So now Washington is suffering from a similar delusion: you can build encryption to keep criminals out of your banking website, but still allow the feds access to whatever they choose.
I've got no idea how to do that though so I'll let you guys start...
I'm not so sure. Even if McCain (and other politicians) have a perfect understanding of encryption, I would expect some of them to make statements like this. I interpret it as pandering to their audience in an attempt to look tough on terrorism. It is unfortunate that if this pandering becomes a reality that it will do real harm to our security and economy.
Yes they are -- that's why it's not a matter of passing a one-page bill overnight, but rather a more complex piece of legislation that in order to be done right, need time and bi-partisan involvement.
And I found it hard to believe you don't see a difference between encrypting your bank transaction, and encrypting your online conversation.
Disclosure: I'm against all type of bans on any encryption.
How is my online conversation with the bank any different than my other online conversations? Sure the content is different, but it's all the same medium, using the same sort of technology.
What's being discussed here is the Apple strategy, where the service provider can provide a service to the public without the ability to retrieve information generated by the service.
The desire for companies to provide such services was likely spurred by the government's insistence that they provide private encryption keys, even in the event that they provide access to encrypted information not limited to the direct subject of a warrant, and the federal courts' repeated confirmation of the government's power to enforce such requests. See the demise of Lavabit [1].
There are numerous technical workarounds to this problem; for example, a private-key infrastructure that generates one key pair per message, or per customer. However, none of those workarounds allow a service provider to market products that are end-to-end secure from eavesdropping or the later revelation of the customer's information to empowered third parties.
So in essence, the argument I'm making is that it doesn't matter if there is a fundamental difference between banking and a chat application, because in either case the government either already has or is actively seeking the power to obtain the information you generate.
As it's hard to imagine a world where malicious parties would not be able to obtain encrypted communication mechanisms (unless you ban open-source, computers, pens, and the human brain), it's difficult to reconcile the above with the proposed effect this law would have, and it's very difficult to imagine the government restricting the application of these new powers to terrorist organizations only. See the history of the Patriot Act, for example [2].
[1] https://en.wikipedia.org/wiki/Lavabit
[2] https://www.washingtonpost.com/news/the-watch/wp/2014/10/29/...
> We have a huge operation in New York City working closely with the Joint Terrorism Task Force where we’re monitoring and they go dark, because basically they go onto an encrypted app, they’re going onto sites that we can’t access.
The problem is how do you prevent the next Boston Bombing or Paris.
Since we don't have a good answer to that, what else do expect them to do?
You can do the obvious things like stop bombing the living shit out of Middle East, etc. but that would only reduce the amount of radicalized people. The best you can do is to push it down below the "crazy noise floor" - because you ultimately can't prevent random people with a particularly destructive mental condition or an axe to grind from shooting people up. Not even if you turn the country into a police state.
Then there's the premise of your argument: that he doesn't know what he's talking about. I counter that just like David Cameron of the UK, McCain knows full-well what he's proposing, but he just doesn't care about the cost. It's not about being out of the loop, it's about having a different agenda than the one you're seeing. His goal isn't to ban encryption so "terrorists" can't communicate, his goal is to ban encryption so that when someone currently not committing any crimes and without the intention of committing any crimes either does "something bad" in the future or otherwise falls afoul with the powers that be, decades of digital surveillance and intercepted communications would be instantly available for whatever nefarious (or otherwise) purposes the NSA, NSC, FBI, CIA, or whomever would have to serve their needs.
EDIT: Part of my argument seems to have been misunderstood, my response about 79 vs 85 was just in direct counter to passing a maximum age limit; I don't believe we should have a minimum age limit, either.
If one person is an idiot at 35, that does not mean that another cannot be well-informed and in-touch at the age of 30
John McCain is a good man, I think he has good intentions, and is very qualified for certain positions. This is just not one of them, and it isn't because I disagree with him (I do), it is because he isn't qualified to make decisions about computer science or technology.
A degree certifies that you can learn to learn what you are aware you don't know. That is all it does.
I don't think an age limit makes sense though, as his knowledge of encryption is not likely to be any worse than the vast majority of the population anyway.
* Edward Snowden declared war against terrorists.
* Edward Snowden started indescriminently bombing villages in the middle east.
* Edward Snowden created massive ill will against America, then left a huge power vacuum in the region by pulling out after, dare I say it, conducting terrorism against the native inhabitants.
So, Ed, wherever you are, this is your fault.
I led a platoon in Iraq, and we did nothing of the sort.
I'm fine with opposition to U.S. foreign policy; this is just lazy slander, and it shows a very shallow understanding of what actually happened.
I fought in Fallujah; I would be very surprised to hear from the residents that they did not feel terrorized or modify their behavior in response to our activities. I have no doubt that you don't see yourself in that light, but your intents mean very little to those people.
Putting too much weight on either perspective, the action's originator or recipient, leads to all sorts of silliness (the concept of hate crimes, donglegate, etc). Try to detach yourself and just consider the facts.
Like adding, subtracting, multiplying, and dividing, encrypting is a mathematical operation that transforms numbers into other numbers.
Compressing plutonium beyond its point of criticality is a chemical & physical operation that transforms matter into energy.
But building or possessing nuclear weapons is still illegal for civilians and most countries.
i.e. they will dismiss such objections by saying it's not the principle or fundamentals they're banning but the specific application
I disagree with him too, but this is a lousy argument.
How would it even be possible to enforce it?
On the other hand, some media companies are also ISPs now (Comcast, TWC). They don't really have destination sites collecting your general behavior, but they have something better - all your traffic in transit. Shame it's encrypted.
Encourage website owners to use TLS, and to get a good grade on ssllabs.com.
Let's make it ubiquitous.
From opensecrets.org:
Industry Favorite
John McCain is a top recipient from the following industries in 2015-2016:
Cable & satellite TV production (#1)
Defense Aerospace (#1)
Defense Electronics (#1)
For-profit Education (#1)
Misc Defense (#1)
Ideological/Single-Issue $185,900
Defense $116,800
Communications/Electronics $61,600
Energy & Natural Resources $75,300
Finance, Insurance & Real Estate $71,500
Lawyers & Lobbyists $51,400https://www.techdirt.com/articles/20151118/08474732854/after...
"B-b-but they could have, and if they had we wouldn't have been able to intercept it."
> CIA director John Brennan said that "there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it ... And I do hope that this is going to be a wake-up call."
"...A valid search warrant must meet four requirements: (1) the warrant must be filed in good faith by a law enforcement officer; (2) the warrant must be based on reliable information showing probable cause to search; (3) the warrant must be issued by a neutral and detached magistrate; and (4) the warrant must state specifically the place to be searched and the items to be seized..."
https://www.justia.com/criminal/docs/search-seizure-faq.html
This McCain B.S. implies that the defendant will never be served with a warrant. This secret warrant will be issued by eleven secret judges, serving a seven year term, picked by one man "...without any supplemental confirmation from the other two branches of government."
This does not meet the standards of being neutral per point number 3 above. WOW!
Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment.
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
"This move towards stronger encryption was largely brought about by
the revelations of now-exiled NSA whistleblower Edward Snowden..."
To outlaw encryption that "the US govt can't crack" they have to outlaw random numbers hah, yeah.. I totally can imagine a future where PRNGs must be approved by the US government.
...and it's illegal.
The US government is a monolithic institution that is governed by the mandate "move slow and break things". They can only legislate what they can enforce. They can't stop people sharing music, they can't stop people sharing data, and they sure as fuck won't be able to stop encryption.
They definitely will be able to drive it underground and limit the average American's privacy though. It is just that, as far as anyone can be a typical America, they aren't a hardened radicalized terrorist. Let's take stock of the wars against nouns:
* War on Drugs, massive failure.
* War on Terror, not only failure, likely made problem worse.
* War on Math, if we measure this by people prevented from using encryption, then we are losing. However, if we measure this by student test scores relative to other nations, we are def. winning the war against math.
I'd hate to live in a world where only criminals could be secure.
Doesn't this mean their citizens would be less safe from foreign (and domestic) spies than foreigners are from their spies? Doesn't this mean that foreign businesses who actually care about their security would abandon their software and IT services? If they can crack it, others can, or will learn soon to, crack it.
> Obama administration says it has no plans to legislate against strong encryption, and the UK government says it doesn't either.
So It doesn't look like we have to worry. The argument for legislation is idiotic. Terrorists won't care if it's legal or not to use strong encryption. You would only be forcing law abiding citizens to use weak encryption.
Also, such a mechanism will only catch unwitting gmail like app using terrorists (assuming google co-operates with USA). I would guess vast majority of terrorists will still encrypt the data themselves without relying on underlying app to do so?
Why do politicians not have identical positions on both guns and privacy? The root argument is the same: that citizen can, or can't, be trusted.
Yet almost all the pro guns are anti privacy and vice versa.
So either we give - by adjusting our attitude or if we choose to stay entrenched on our position, then go all the way and nuke the crap out of them.
I don't like middle of the road solutions... maybe it's just me.
Other countries like Russia will be able to laughably crack US citizens bank accounts, email accounts etc if this was actually done.
It will be a massive public relations nightmare for anyone who actually tries to make this reality.
We had this argument in 1993. https://en.wikipedia.org/wiki/Clipper_chip
There's plenty of discussion from then around the problems caused by this arrangement, so it might be a good idea to find the best of it, and dust it off.
This is the guy who gave us Sarah Palin. He needs to go away.
If real encryption is outlawed, only criminals will have real encryption.
Nice to have, but something we need to give up in order to live in a safer society?
