What Mix of Approaches Should We Use to Keep Cyber Space Safe?

President Obama gave a pretty crummy answer on Apple vs FBI at South by Southwest yesterday (I’ve put the entire exchange below the line). The question was posed as one pitting “privacy” versus security, and with the exception of this passage, Obama accepted that frame.

What makes it even more complicated is the fact we also want really strong encryption, because part of us preventing terrorism, or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitalized is that hackers, state or non-state, can just get in there and mess them up.

Obama also bracketed two related issues: how our decisions will affect what happens in other countries, and how they’ll affect our economic vitality (which is ultimately a cornerstone to America’s hegemonic place in the world).

And so the question now becomes, we as a society — setting aside the specific case between the FBI and Apple, setting aside the commercial interests, concerns about what could the Chinese government do with this even if we trusted the U.S. government — setting aside all those questions, we’re going to have to make some decisions about how do we balance these respective risks.

Along the way he threw out some absurd examples, such as the security theater of TSA, or the claim that we need to break into smart phones for tax enforcement when we still haven’t shut down shell companies which are a bigger threat to tax enforcement, not to mention a tool used by big time criminals.

But underlying it all is an assumption, one shared by many of those taking the law enforcement side of this debate: that the police are the ones that keep us safe.

Don’t get me wrong, what cops do is critical to keeping us safe, and there have definitely been times in my life I’ve been grateful to them (even if the time I was most victimized by crime, the cops also engaged in egregious racial profiling that made me angry).

But the cops are not the only thing that keeps us safe in this country — and our country relies on cops far more than many other countries and far more than we probably should. We probably rely on cops, in part, because we don’t use armies to sustain domestic order, we have stark wealth differences (which are getting starker), and we also have used police to enforce racial caste in a way that few other countries expect their cops to do.

In addition to cops, however, we rely on other things to keep ourselves safe: common tools like door locks, operational security (after I got mugged I became far more aware of how and where I was walking at night), norms and civil society that serve as self-policing mechanisms, some alternative policing in privately owned public spaces. We do not ask cops to patrol inside our homes to keep burglars out (we do tolerate private guards, of a variety of types, patrolling commercial spaces, though they usually have far more limited authority), but rely instead primarily on other tools that work most of the time.

In meat space, I think the current state of affairs evolved over time (and again, is clearly a product of our economic and racial history); we’re actually in a period of reassessment whether we’ve gotten the balance correct. But as we debate how to keep law and order in “cyber” space, we seem to have forgotten that it takes more than police to keep us safe, even in meat space — and we certainly haven’t considered whether the same balance as we have settled on in meat space is appropriate in cyber space.

Meanwhile, the debate about law and order in cyber space takes place against the backdrop of national security in cyber space, with little clear differentiation between the two. It’s not an accident that those tasked primarily with national security are more supportive of real device encryption, partly for technical reasons, but partly because real device encryption negatively affects law enforcement far more than it negatively affects national security (and encryption definitely helps national security more than it hurts).

But one thing never happens in either of those worlds: accountability.

On the national security side, I have long noted that people like then Homeland Security Czar John Brennan or Director of National Security Keith Alexander never get held responsible when the US gets badly pawned. The Chinese were basically able to steal the better part of the F-35 program, yet we still don’t demand good cyber practices from defense contractors or question the approach the NSA used on cyber defense. A few people lost their job because of the OPM hack, but not the people who have a larger mandate for counterintelligence or cybersecurity. Indeed, the National Security Council apparently considers cyber a third category, in addition to public safety and national security.

As a result, whereas we assume (wrongly) that we should expect the NatSec establishment to prevent all terrorist attacks, no one thinks to hold our NatSec establishment responsible if China manages to steal databases of all our cleared personnel.

On the law enforcement side it’s not much better: most cities have large numbers of crimes that never get cleared, including some of the crimes (like murder) that Jim Comey now says we can only solve if law enforcement can get inside your smart phone. And those uncleared crimes go back well before the time of smart phones. So the cops say they won’t be able to solve crimes unless they can get inside your smart phone, but they’re not, at the same time, being held accountable for the crimes they’re not solving.

One thing is clear though: the OPM hack, not to mention the Target hack and the Sony hack and the Apple selfie hack, have made it clear that the government is not competent, by itself, to keep us safe in cyberspace. Even if it were true that we could or did rely exclusively on policing to keep us safe in meat space, the track record of “law enforcement” broadly defined may be even worse in cyber space. Or it may just be that the impact a few criminals can do is far more widespread (and also, far more likely to affect white victims).

One more thing: by merging Information Assurance Division with the rest of the NSA, the government recently made a decision to default to an even more offensive-minded posture on national security policing of the cyber world than it already had. I guess the idea is to aim for complete visibility in cyberspace and take out attackers that way. Maybe that’s what needs to happen, maybe it’s not. But the equivalent decision (even ignoring the privacy problems of OmniCISA) — expecting law enforcement to acquire total awareness of everything going on in cyber space — would be untenable in domestic cyber law enforcement.

I raise all this to point to a debate we’re not having: one about what the proper means to keep cyber space safe is.

The assumption from people like President Obama is that ultimately self-defense, of which real encryption is a key part, must cede to police transparency. Yet that assumption comes with zero indication that that police transparency will actually do much to keep cyber safe space.

I don’t pretend to know the answer to what the proper model of public safety is. But I’m cognizant that we’re assuming we know what it should be when in fact the evidence suggests that model is not keeping us safe. 

Q A bunch of people wanted me to ask you about Apple and the situation with Apple and the FBI. (Applause.) You’re trying to persuade the tech community that they should work with government. But it looks to the tech community — at least some in the tech community — that government is the enemy of the tech community in the way that it’s dealing with Apple. Some in the tech community.

The question I want to ask you is, putting aside the specifics of this specific case, the legal fight between the company and the FBI, there are big questions around the idea of how you balance the need for law enforcement to conduct investigations and the needs of citizens to protect their privacy. This is the old privacy versus security debate. Mr. President, where do you come down on the privacy versus security debate?

THE PRESIDENT: Well, first of all, I can’t comment on the specific case. So let’s set that aside.

All of us value our privacy, and this is a society that is built on a Constitution and a Bill of Rights and a healthy skepticism about overreaching government power. Before smartphones were invented, and to this day, if there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear before your — at your doorstep and say, we have a warrant to search your home, and they can go into your bedroom and into your bedroom doors and rifle through your underwear to see if there’s any evidence of wrongdoing.

And we agree on that, because we recognize that just like all of our other rights — freedom of speech, freedom of religion, et cetera — that there are going to be some constraints that we impose in order to make sure that we are safe, secure and living in a civilized society.

Now, technology is evolving so rapidly that new questions are being asked. And I am of the view that there are very real reasons why we want to make sure that government cannot just willy-nilly get into everybody’s iPhones that is full of — or smartphones that are full of very personal information and very personal data. And let’s face it, the whole Snowden disclosure episode elevated people’s suspicions of this. So does popular culture, by the way, which makes it appear as if I’m in the Sit Room and I’m moving things — (laughter) —

Q You’ve been watching Homeland.

THE PRESIDENT: There’s like half a fingerprint and half an hour later, I’m tracking the guy in the streets of Istanbul. (Laughter.)

Q It’s not really that cool?

THE PRESIDENT: It turns out it doesn’t work that way. Sometimes I’m just trying to get a connection. (Laughter and applause.) But, look, that was a real issue. I will say, by the way, that — and I don’t want to go too far afield — but the Snowden issue vastly overstated the dangers to U.S. citizens in terms of spying, because the fact of the matter is, is that actually our intelligence agencies are pretty scrupulous about U.S. persons, people on U.S. soil. What those disclosures did identify were accesses overseas with respect to people who are not in this country.

A lot of those have been fixed. Don’t take my word for it. There was a panel that was constituted, an independent panel that just graded all the reforms that we set up to avoid those charges.

But I understand that that raised suspicions. All right. So we’re concerned about privacy. We don’t want government to be looking through everybody’s phones, willy-nilly, without any kind of oversight or probable cause or a clear sense that it’s targeted at somebody who might be a wrong-doer.

What makes it even more complicated is the fact we also want really strong encryption, because part of us preventing terrorism, or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitalized is that hackers, state or non-state, can just get in there and mess them up.

So we’ve got two values, both of which are important. Right?

Q Right.

THE PRESIDENT: And the question we now have to ask is, if technologically, it is possible to make an impenetrable device or system where the encryption is so strong that there’s no key, there’s no door at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available to even do simple things like tax enforcement? Because, if, in fact, you can’t crack that at all, government can’t get in, then everybody is walking around with a Swiss bank account in their pocket — right? So there has to be some concession to the need to be able to get into that information somehow.

Now, what folks who are on the encryption side will argue is any key whatsoever, even if it starts off as just being directed at one device could end up being used on every device. That’s just the nature of these systems. That is a technical question. I’m not a software engineer. It is, I think, technically true, but I think it can be overstated.

And so the question now becomes, we as a society — setting aside the specific case between the FBI and Apple, setting aside the commercial interests, concerns about what could the Chinese government do with this even if we trusted the U.S. government — setting aside all those questions, we’re going to have to make some decisions about how do we balance these respective risks.

And I’ve got a bunch of smart people sitting there, talking about it, thinking about it. We have engaged the tech community aggressively to help solve this problem. My conclusion so far is that you cannot take an absolutist view on this. So if your argument is strong encryption, no matter what, and we can and should, in fact, create black boxes, then that I think does not strike the kind of balance that we have lived with for 200, 300 years. And it’s fetishizing our phones above every other value. And that can’t be the right answer.

I suspect that the answer is going to come down to how do we create a system where the encryption is as strong as possible, the key is as secure as possible, it is accessible by the smallest number of people possible for a subset of issues that we agree are important. How we design that is not something that I have the expertise to do.

But I caution — I am way on the civil liberties side of this thing. Bill McRaven will tell you that I anguish a lot over the decisions we make in terms of how to keep this country safe, and I am not interested in overthrowing the values that have made us an exceptional and great nation simply for expediency. But the dangers are real. Maintaining law and order and a civilized society is important. Protecting our kids is important. And so I would just caution against taking an absolutist perspective on this.

Because we make compromises all the time. I haven’t flown commercial in a while — (laughter) — but my understanding is it’s not great fun —

Q It’s not great. It’s not great.

THE PRESIDENT: — going through security. But we make the concession because — it’s a big intrusion on our privacy, but we recognize it as important. We have stops for drunk drivers. It’s an intrusion, but we think it’s the right thing to do. And this notion that somehow our data is different and can be walled off from those other tradeoffs we make I believe is incorrect.

We do have to make sure, given the power of the Internet and how much our lives are digitalized, that it is narrow and it is constrained and that there’s oversight. And I’m confident this is something that we can solve. But we’re going to need the tech community — software designers, people who care deeply about this stuff — to help us solve it.

Because what will happen is if everybody goes to their respective corners and the tech community says, you know what, either we have strong, perfect encryption, or else it’s Big Brother and an Orwellian world — what you’ll find is that after something really bad happens, the politics of this will swing and it will become sloppy and rushed, and it will go through Congress in ways that have not been thought through. And then you really will have dangers to our civil liberties because we will have not done — the people who understand this best and who care most about privacy and civil liberties have sort of disengaged or taken a position that is not sustainable for the general public as a whole over time.

26 replies
  1. bloopie2 says:

    Great point to bring up, thank you. I would note also that O didn’t seem to address the issue of who decides — more specifically, and put another way, who works for who (whom?). Are the people subservient to the government, or does the government work for the people? Does he believe that he and the DOJ and the FBI are the servants of the American people, doing what they want, even if it’s not what “law enforcement” wants? Or does he believe that, once elected, he no longer has to pay attention to hoi polloi?

    • pdaly says:

      Yes, along your line of questioning, “Who watches the watchers?” (other than the Chinese hackers who haven’t shared their findings with the rest of the world as far as I know).
      Obama’s unprecedented use of the Espionage Act to prosecute government whistleblowers and the recent articles stating the FBI does not want an updated whistleblower option for its employees undermines Obama’s ‘trust us’ position about giving government more snooping powers.
      Obama chose not to agree with what security experts say. They say there is no safety in ‘sort-of-encrypted’ data or encryption with back doors.
      Obama conveniently fails to mention in his speech that the government already gleans significant metadata that leaks even from encrypted devices interacting with cell towers and internet routers.

      • pdaly says:

        correction: Obama’s DOJ (if not the FBI) wishes to avoid updates in the whistleblower protections for FBI employees.

  2. jerryy says:

    When he (B. Obama) became president, so the story goes, the Secret Service came and took his beloved (Blackberry) phone away and soon it was replaced with a (secured) phone.
    Now there must have been a reason for them to do that.
    His exposition at SxSW sounded like the most inane and inept speech he has ever given.

    • Ian says:

      Yet because Blackberry is a Canadian HQ’s corporation & because Mr Snowden’s documents had already shown that GCHQ & its Canadian equivalent had already re-learnt how to read the modified transmissions even from Blackberry’s—after an period of going dark [which would explain why Mr Snowden was insistent that “the intelligence services (of numerous countries-not just the Five Eyes) were always able to get into a Smartphone if they wanted to] you will not be surprised to find that US President Obama was able to keep his
      Blackberry as this Canadian TV network’s report shows–not just in Washington but a number of other countries also–including Mrs Merkel in Berlin it seems.
      HRC was famously imaged/photographed inside a USAF C-17 transport aircraft joking about various politicians comments about her–holding her Blackberry.

      • jerryy says:

        Yup, it had been known for some time, even then, the Blackberry could be cracked. That was why the SS traded his phone in for a new ‘secured’ version of the model.
        His hypocrisy on the subject is quite glaring, he knows why these issues cannot be swept under the hubris of law enforcement doing their job. I have mentioned before in other comments some of the really bad things that happen when there are entry methods available. Actually understated, I have not emphasized them enough. The arithmetic behind the ideas do not allow for just one key for the cops that no one else can get. Impossible.
        In passing, keep in mind that in addition to the Fourth Amendment Denis touches upon in his comment higher up in this thread, there is also the Fifth Amendment. The government(s) can NOT compel you to testify against yourself. They cannot go inside your head and search for evidence.
        Of course, Justice Alito has tried to overturn this one by way of his attacks on the ‘Miranda Rights’. And there is that bit about torture. Not to mention, this administration thinks that it and it alone knows what constitutes ‘due process’. Still, the Constitution is followed by most. The divine right of kings does not hold here.
        As I said, the most inane and inept speech he has ever given.

        • Denis says:

          You know, jerryy, Apple did raise a 5th Amend defense in the Farook case. Apple dedicated a small penultimate paragraph arguing 5th Amend substantive due process, tacked onto a brief of 34 pages. The DoJ responded with what I recall as being a single sentence.
          The argument was that the government was arbitrarily depriving Apple of its liberty. I think these defenses are sort of universal hail Mary passes into a stiff wind in proceedings involving government entities. They’re almost always stuck on the end of a brief where the weakest arguments go.
          As for self-incrimination, given that Apple isn’t (yet) a target or a defendant in a criminal matter, I don’t know that there is a self-incrimination issue for Apple to plead. The California case is actually sort of against the iPhone, although the case number in that court is a CM number, which is “Criminal Matter.” In the analogous ED New York case against the drug dealer, the style actually names Apple [In re order requiring Apple . . .] and the clerk assigned an MC number, which is “Miscellaneous Case.” But Apple is not a criminal target or defendant in any of these cases so far as I am aware.
          I think what I’m saying is that I don’t see how Apple could plead self-incrimination. Writing code to hack the phone is not going to incriminate Apple in any crime, although what’s inside the phone may incriminate others in the underlying crimes.
          OTOH, the way US Aty Decker is rattling the saber in California, it sounds to me like she’s setting the stage for an obstruction of justice charge if Apple doesn’t cooperate. That would blow the frickin’ lid off of this whole thing and would, of course, open up access to 5th Amend protections against self-incrimination. I believe she would have to file a separate case.
          And note the redneck, dick of a sheriff in Polk County, FL who is going into full bluster and bullshit mode saying he’ll bust Tim Cook if the iPhone issue arises in his jurisdiction. Geezus, the loonies in America.
          It’s wacko America, 2016. A violent, racist prick with faux-hair is leading a diminishing crowd in the run for the presidency; an ex-secretary of state is claiming that Nancy Reagan led the war against AIDS; and Brady was forced to play with fully inflated balls and didn’t even make it to the SuperBowl. Nothing surprises me at this point.

          • martin says:

            quote”It’s wacko America, 2016. “unquote

            I’m nominating that for this years Great Moments in Summation award.

          • jerryy says:

            Weapon manufacturers (gun makers in particular) were given special immunity by Congress from prosecution on various accessory, conspiracy, etc. charges. Cell phone makers have not so far been granted the same.
            Of course encryption was declared a weapon and thus subject to export control back in the 90s. Those Second Amendment worshipers will probably suffer serious headaches over trying to split that baby. How will they reconcile thing??? :^)

  3. Denis says:

    #1- – – –
    I hope you are able to put this up on Slate or somewhere it gets the national attention it deserves.
    #2- – – –
    BO: “law enforcement can appear before your — at your doorstep and say, we have a warrant to search your home, and they can go into your bedroom and into your bedroom doors and rifle through your underwear to see if there’s any evidence of wrongdoing.”
    This is absolutely shocking, not just because it is wrong as a matter of constitutional law – which BO purports to know something about – but also because it obviously serves as the predicate of his entire view of Americans’ rights Americans to be secure against unreasonable searches and seizures.
    And the reason I say it is that there is no generalized search warrant for “any evidence of wrongdoing” that lets the cops go through your bedroom and underwear, not even the underwear in your drawers, which, if it’s like mine, has no elastic left anyway.
    A search warrant is for particular evidence and must specify what the cops are permitted to search for, which, in turn, limits where they can look. If the search warrant is for an AR-15 they can’t look for it where it could not reasonably be found, like in your underwear, your underwear drawer, your medicine cabinet, or your iPhone. Yes, if during the search for the AR-15 they spot a ripe bong sitting in plain sight on your night stand, they can seize that and use it as evidence of a crime not associated with the search warrant. But the warrant is not a carte blanche for the cops to bust in and search for anything.
    IOW, there is no generalized search warrant that, as BO implies, gives the government the right or power to “see if there’s any evidence of wrongdoing.” And yet that is, apparently, what they are doing with electronic devices – there is no restriction on what digital property government can seize or look at. I guess this is an extension of the “plain sight” doctrine: once the cops have a warrant to search for, say, kiddie porn, in your computer or phone, if they just happen to find evidence of tax evasion along the way, you’re double cooked. I don’t see any way for the plain sight doctrine NOT to apply to all data on a device.
    There are US attorneys on the right-wing edge of this controversy who hold that the USG has a right to demand and to see all data that is now on any of your devices, or that has ever been on any of your devices. Under this theory, any time a person writes a file to a drive or server and later erases the file without retaining a copy, he/she could be prosecuted for obstruction of justice if that file is ever later determined to relevant to an investigation – even if the file was written/erased before the alleged crime was committed. IOW, these people claim that the government has a right to access your data the moment it is created and forever after.
    3- – – –
    Note how subtly BO shifted the context of the question, which was about the Apple/FBI stand-off. BO’s hee-haw was about search warrants, which is an issue about the government’s search/seizure powers viz a viz a suspect’s 4th Amend rights. BO: “We don’t want government to be looking through everybody’s phones, willy-nilly, without any kind of oversight or probable cause or a clear sense that it’s targeted at somebody who might be a wrong-doer.” That is not the issue here.
    There is not now and has never been any contest over the validity of the search warrant in the Farook case. For one thing, Apple has no standing – and has not asserted any standing – to contest the search warrant for a phone owned by Farook or the county.
    The only relevant controversy in the FBI/Apple stand-off is to what extent can the government strong-arm an innocent third party who has no connection to a crime to participate in investigating the crime or criminal. Nobody says the FBI had no right to the search warrant; rather, the argument is that the government does not have the power under the AWA to force a private company to assist in executing the warrant. BO artfully dodged the question, which suggests to me that he is too stupid to have understood the question or too dishonest to have answered it.

    • earlofhuntingdon says:

      Thanks for reminding us that the govt is claiming not to be bound by the 4th Amendment’s search and seizure requirements. Cheney-Bush shot holes through the Bill of Rights, especially the 4th Amendment, until it looked like a flag run down in haste as the ambassador ran for the last chopper taking off from the embassy rooftop. Mr. Obama might have run up a clean new one. Instead, he has neatly folded the old flag and stuffed it on a dusty shelf by institutionalizing his predecessor’s ad hoc dismissals of constitutional requirements. Ironically, those are also designed to protect us – from the government abuse that is inevitable in their absence.

    • emptywheel says:

      Great point about “search for any evidence of wrong-doing.”

      I still believe that one reason the FBI, et al, hate Riley and encryption together so much is they can no longer conduct fishing expeditions in smart phones. I pointed out some time back that the numbers suggest FBI, at least, would be more affected by border searches than actual LE contexts.

      • earlofhuntingdon says:

        One suspects that the DoJ and its FBI are targeting not just the occasional criminals, such as money launderers, always a good thing, but technologies it doesn’t like. It then searches for the most egregious cases to use in order to challenge such technologies – and the cultures that support them. Rather like looking for evidence of disruptive technologies instead of evidence of criminal conduct.
        Once upon a time, the government was supposed to have evidence of wrongdoing, probable cause that a crime had been committed, in hand before starting an investigation. (All references to fairy tales and defunct standards, such as putting the crime horse ahead of the investigatory cart, are intentional.) Now, it helps build an industry around looking for evidence of wrongdoing among the daily lives of hundreds of millions of people. I’d rather Mr. Comey issue charge cards to Cabela’s if he wants his people to spend so much time fishing.

  4. Ian says:

    But one thing never happens in either of those worlds: accountability
    If it is any comfort your view(that nobody in Washington DC is ever held to account for their failures in National Security & the conduct of Foreign Policy) is shared by the Foreign Policy establishments of London & Paris who have complained (amongst themselves) continually since 1945 and is probably, I suspect, best expressed by the (in October 2015) French Ambassador to the United States, based in Washington, in an interview with the FINANCIAL TIMES Oct 15,2015(ft.com) under the headline:
    HEADLINE: Gérard Araud, the French ambassador ruffling feathers in Washington DC

    ……..Araud says he tries to provoke at such events[meetings at the Ambassador’s residence] as he does on Twitter. “What is striking is that in this city, [Washington DC] there is a conformism. A lot of people are thinking the same. It’s very easy to destabilise them with a small hand grenade,” he says. “I think the strength of this country — and here I have to tiptoe — is its extraordinary unity. You don’t have the sense they are trying to contest the roots of society. Everyone is thinking inside the box. The box is that ‘We’re the greatest country in the world and our system is the best’. Period. There are no metaphysical doubts.”
    Unfortunately these “made-in-America-by-Americans” collection of problems are, I submit, extremely deep-seated & go all the way back to the death of George Washington (1799) and the a) rise of the Jacobin-Slave-owner Presidents (Jefferson(*), Madison (**) & Munroe) with the imposition of some “very American” practices ( but profoundly anti-Western & certainly not wise) that b) the US electorate/general public have neither repudiated, nor indeed learnt to repudiate—possibly because they prefer to believe the Fools Paradise that the Jacobin’s (whether American or French) offered to their host populations which was best summarized, I feel, by a widely read English historian. Writing in 1942 & retelling before his compatriots Great Britain’s role in providing the financial means (from the Industrial Revolution and the City of London) & ideological rebuttal (provided by Edmund Burke) to Jacobins (and later to Marxist-Leninists & National Socialists) he cautioned his compatriots not to underestimate the offerings of Jacobins (whether called Jefferson or Robespierre) :
    “For having discarded religion as an offence against reason, victorious France fell into the most perilous of ALL heresies: that of self-worship”” (***)
    What the French Ambassador was alluding to was the extreme insularity that this country’s population is notorious for—and so ignoring other [European heritage] countries—and relying solely on US based opinions– produces for this country’s population a whole series of problems.
    Some examples would include:
    “Not only must Justice be done; it must also be seen to be done.”
    Obviously not a US Court opinion where 36 States of the Union allow some or all of the their judges to be elected—but told to all English school students before they leave High School–& repeated endlessly through the nation’s popular press

    “No freeman is to be taken or imprisoned or disseised of his free tenement or of his liberties or free customs, or outlawed or exiled or in any way ruined, nor will we go against such a man or send against him save by lawful judgement of his peers or by the law of the land. To no one will we sell or deny of delay right or justice.” Magna Carta, June 1215
    Again the Magna Carta is a foreigners document—it merely “inspires” the US Constitution–& if the US President wants to cancel a US Passport because he thinks Mr Snowden is very naughty, or-as Papers Please is reporting any native born citizen who refuses to provide a Social Security Number to the Passport Office or who the IRS claim [fraudulently or accurately] owes $50,000 in taxes can also be exiled.
    So in the case of Washington v Apple & the USA ‘s High Tech industry:
    Can I draw your attention to a comment made through the ACLU website by By Daniel Kahn Gillmor, Technology Fellow, ACLU Speech, Privacy, and Technology Project under the headline:
    One of the FBI’s Major Claims in the iPhone Case Is Fraudulent
    Where the explanation is provided that ” both “ the FBI (& unspoken) surely Apple also know that because the actual programs on the iPhone in question don’t actually work in the way that the Marketing Dept say they do—there is a way, says the claimant, that physically dis-assembling the device will allow the ACTUAL program restraints to be by-passed
    Should the FBI be required to create within their forensic laboratory a “learn how to extract from any Android & Apple & mobile device all necessary information in accordance with Court-issued warrants”?—Well again can I suggest you look outside the USA for an answer to that question—once more to the land that produced all those legal documents & quotes listed above?

    The British Government allows telecommunication carriers in the UK to use [Chinese manufacturer] Huawei [pronounced Hee-Way it seems] networking & telecom equipment provided Huawei pay for the Huawei Center for British Government security certification which is facility in Great Britain staffed by ex-GCHQ staffers & the manufacturer is required to allow its “source code” to be examined closely by those ex-GCHQ staff prior to the government issue a certificate which a network & telecom provider in Great Britain must hold in order to continue in business in that country. If by some strange chance the ex-GCHQ staffers should tell their old employers how to bypass the security/privacy procedures embedded in Huawei’s source code, well who is to say that this is wrong?. With the NSA & GCHQ celebrating their 75th year of co-operation 8 Feb 1941-8 Feb 2016 I assume the NSA has a copy of their reports—no?.
    As you know, in this country, by the will of the electorate, anyone who suggests Huawei is NOT a supporter of General Benedict Arnold is obviously a Communist themselves.
    Silent Circle Ô with its Blackphone & Silentphone Smartphone products (the Gold Standard of Secrecy/Privacy in Smartphones) gained US DOD acceptance because they also submitted their source code to their customers review.
    In the 1980’s IBM Mainframes Division accused Japanese computer manufacturer Fujitsu of stealing much of the operating system used to run Fujitsu’s IBM-compatible mainframe’s & as part of the agreement to settle IBM agreed to allow its own Operating System to be reviewed by Fujitsu programmers in a “Secure Facility”
    So again, if Apple’s secrecy/privacy programs are actual coded restrictions—rather than Marketing Dept’s boasts—why not let the National Academy of Sciences or the National Academy of Engineering perhaps, create & staff a Center for Analysis of Mobile Devices with the task of creating the necessary tools for civilian (rather than NSA use).
    You would not want the FBI to have that skill because they are willing to commit perjury about their use of the false science of hair analysis amongst other criminal law scandals.
    . .
    (*)US Head of State Tommy Jefferson (1807) that advised Head of Government President Jefferson that in order to have executed the politician Aaron Burr
    who had beaten Mr Jefferson in the popular vote (Nov 1801) for the position of US President, the US President should advise the US Attorney for Virginia (Mr Hays) that a US citizen offering to seek Governmental Office in another country (Empire of His Most Catholic Majesty the King of Spain) & breaching the Neutrality Act in doing so (just like most of the founders of the Republic of Texas (1836-1846)) should be charged (USA in 2016= “should be overcharged”) with Treason & in order to gain the conviction the perjured testimony of [US Army] General Wilkinson should be relied upon “to win at all costs”.
    Numerous US politicians who called for the death & trial on the charge of treason for Mr Edward Snowden were merely being “very Jeffersonian”
    (**) By personality alone, James Madison was “Unfit for the post of Commander-in-Chief of ANY countries Armed Forces, not just the Land of his own birth”–& his conduct in his attempt to conquer Canada not only brought financial ruin upon this country but also caused him to be listed as this country’s 1st “War Criminal President” (1)waging aggressively illegally ii)Acts contrary to the usages of war ii)tolerating [with the infamous Kentucky militia] a criminal organization (At Nurembourg the charges’s against the Waffen-SS).
    (***) Arthur Bryant-The Years of Endurance-1942-Chapter Six
    (****) R v Sussex Justices, ex p McCarthy/a>

    • Ian says:

      I HAD SAID:
      The British Government allows telecommunication carriers in the UK to use [Chinese manufacturer] Huawei [pronounced Hee-Way it seems] networking & telecom equipment provided Huawei pay for the Huawei Center for British Government security certification which is facility in Great Britain staffed by ex-GCHQ staffers & the manufacturer is required to allow its “source code” to be examined closely by those ex-GCHQ staff prior to the government issue a certificate which a network & telecom provider in Great Britain must hold in order to continue in business in that country.

  5. orionATL says:

    1) how to keep whose cyber space safe is the first question?

    mine, my family’s, my friends, my small business’

    or “cyberspace” used by large organizations – corporations and government.

    i am getting tired of having my security needs ignored.

    2) how to keep anybody’s or entity’s cyberspace secure is the second question.

    there will be no security for any entity, large or small, until

    – the machines (ic, integrated circuit platforms),

    – the means of communication (cell phone, telephone, cable), and

    – the communication languages, e. g., apple OS, windows, html,

    are all redesigned.

    isn’t this obvious? isn’t this transparently obvious?

    every damned week another incredible hacking.

    every damned week one or two or a dozen new mandatory security fixes for our machines, e. g., thru the notorious adobe flash.

    every damned week someone millions of individuals like rayne have to chase thru their computesr for some malware or another. or don’t know enough to know they need to.

    every damned week we learn the nsa/fbi either have more unauthorized access or want more authorized access to our ic machines. and this doesn’t count russian brigands or chinese soldiers.

    every damned week a jupiter systems, serving thousands of organization, has a designed or inserted security “vulnerability”.

    evert damned week some policing. muck-tgmuck wants more legally legitimized access to one or the other class of our ic’s.

    this is fucking insane.

    sure it helps to disconnect, de-sync, isolate, stay away from the cloud.

    but that’s SO inconvenient and convience trumps security in the u. s. right now.


    very clearly, the machines and languages from 1980 to 2016 are incompetent to protect the information they can create and transmit.

    but how to redesign?

  6. earlofhuntingdon says:

    Accountability? That would be great. Companies and govts do an excellent job of avoiding it, building that avoidance into the system and making it a positive attribute instead of a systemic failure. Edward Bernays must be smiling, and sad that he can no longer bill for some of those achievements.
    As you elegantly say, “security”, Sicherheit, is not an objective. It’s a process, one we influence by our own efforts, such as the ways and means we empower govts to protect us. It is not something we might passively enjoy like a computer game or basketball extravaganza. It’s also a priority, one of many competing ones. Sadly, it’s also jargon for abuse and for building – also unaccountably – a massive industry that profits from ever more intrusion into our daily lives without any hint of criminal or wrongful conduct, the usual reasons we allow such intrusions.

  7. person1597 says:

    Design and implementation of IT equipment used to be the seminal act of conscience-ensconced engineers.

    Based on cost / performance objectives, manufacturability and in-situ reliability, this tri-limma constrained product offerings to what could fit into the target form-factor. That was then…

    Thanks to CALEA and MIC standardized coercion, the engineering act is not an independent function. Your platform hardware and application inevitably receive code from above…

    CALEA’s purpose is to enhance the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to wiretap any telephone traffic; it has since been extended to cover broadband Internet and VoIP traffic. Some government agencies argue that it covers monitoring communications rather than just tapping specific lines and that not all CALEA-based access requires a warrant.

    IT gear is no longer proprietary and consumer confidence suffers… Juniper for example.

    Balancing the needs of the individual against the convenience of law enforcement used to be a battle of wits and gumption. Perhaps it will thrust us headlong into quantum key distribution.

    Nevertheless, free exchange of ideas within a communications domain can secured by conjugate observables. Once purely imaginary, Quantum cryptography is real and so far, un-decryptable.

    Sarte gave much thought to the nature of groups-in-fusion who revolt in freedom and conquer alienation through the imagination. This critique explains the tension:

    In other words, the group must continually recreate itself in each given situation of exigence in order to resist ever having to settle into being this or that. There is an openness that must come to characterize the social order, one that lives in both the real world and the imaginary state. That is, human praxis must try to tether that balance between that which is and that which might be, with the hope that by tending toward the latter a constant creation of affectivity will actually force the creation of the novel in new unforeseeable situations. In this way, we might call for a derealization of the political, or even better, we ought to revel in the imaginary.

  8. orionATL says:

    actually, the wise (i didn’t say the politically wisest) solution is this:

    1) first you design the most secure ic (integrated circuit) machines, os languages, and communications machinery and languages possible. you make no compromises with individual privacy. the fables and hypotheticals of policing/nat sec bureaucracies are set aside.

    2) next, with operational high privacy communications equipment in place, you insist that the policing/nat sec bureaucracies demonstrate with multiple substantial examples of their failure, a genuine need for a particular vulnerability which they insist must be inserted into a new secure communications network.

    in short, you never, ever allow a policing/nat sec orgaization to make a mere pre-hoc, solely verbal argument based on hypotheticals for inserting security vulnerabilities.

    the policing/nat sec bureaucracies have made these types of verbal argument based on hypotheticals for 16 years and not once have their assertions of needed security vulnerabilities been supported by substantial available data and analysis proving that that security vulnerability was absolutely necessary.

    president obama’s “i see both sides positions” approach puts individual, constitutionally mandated privacy at the mercy of clever bureaucratic hypotheticals story-spinners like “big scare” comey and sen. feinstein.

  9. orionATL says:


    “… Amendment V

    No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation… ”

    i don’t know how far i’d get with it, but were i to use the 5th, i’d focus on the last portion beginning with “nor be deprived of… “. maybe kelo would be reconsidered. compensation could be vast. could one have a 5th amendment class-action suit on behalf of apple product users?

  10. orionATL says:

    one thing needs to be kept clearly in mind. whenever you talk or listen to policing/nat sec bureaucrats talk about “safety” or “security”, they are really not talking about your public safety, be you individual or corporation/organization. they are talking about making their policing/nat sec jobs easier to do, making their professional work easier for themselves. that’s what the apple de-encryption fight is about.

    when was the last time you heard a policing/natsec bureaucrat say, “well, it would be easier for us if we could get around this or that law, or this or that privision of the constitution, but we realize that would not be appropriate behavior on our part because it would foreshorten citizens’ liberties or set a bad precedent for policing behavior? ”

    making cyber space secure is not the fbi/nsa’s intetest. their interest is in hunting, in catching bad guys (cf, comey), almost always after the fact.

    cyber space has not been secure, is becoming less secure by the day, and nothing proposed now that i am aware of will change that.

    what will apple de-encryption for the fbi’s convenience do to prevent chinese military or russian or chinese criminal gangs from working worldwide? nothing at all.

    what will apple de-encryption do for preventing another terrorist or psuedo-terrorist attack? nothing at all if the past provides examples.

    what will apple de-encryption do for the fbi. nothing constructive about public safety. nothing at all.

    it will merely allow the fbi to go before congress and not be given a bad time about not knowing every lasr detail of the psuedo-terrorism attack in san bernardino.

    but exploiting the san bernardino attack as a lever against apple will allow the fbi more opportunities to spy. will that improve cyber space security? it might. but precisely how might it? policing/nat sec types never seem to face data and anytical scrutiny. orcat least not publicly.

    all is anecdotal. all is hypothetical. all is policing/nat sec self-focused.

Comments are closed.