These bills terrify me. A lot of stuff happens in politics that’s frustrating, and much of it doesn’t catch my attention. There’s something about the pure ignorance that goes into breaking encryption that I can’t comprehend. I can understand when bills come through and the extreme differences in opinion are the result of different interpretations of facts and truth, but when it comes to encryption, there is no safe party. We will all suffer equally, every political party and apolitical individual alike, once these idiots make math illegal.
Whatever your political affiliations may be, these are grounds for r/pcm level unity.
I agree. If I had the ability to make one change in government, it would be that bills must be focused on a single topic and resolution. I don't want my members of my government voting to pass bad bills which compromised their integrity with a million small inclusions.
I think ironically a bill like this passing would lead to more decentralization of services -- making their goals of monitoring information even harder.
They don't want to track people who will use those decentralized services. Simple as that.
They want control over majority. Nothing else. Any legal business will be required to do what law requires them and it will affect every citizen.
I have no hope given the stupidity of my country to do something against acts like [1] personal data protection law or the decryption act. US going towards that road only means it's easier to justify our country and many others to go even higher. Soon a mandatory camera inside house for legal citizen.
Nailed this. This is about controlling the 99% of folks who aren't going to take the extra step of using a decentralized service. Think about how hard it is to get friends and family members on board with something super easy to use like Signal. Open source decentralized services are DOA for the overwhelming majority of people.
Absolutely. Anybody who wants to skirt this can simply use an instance of any number of open source end-to-end encrypted apps and servers. This is not for catching sophisticated criminals.
Maybe the way this plays out is it becomes very difficult for companies to innovate in communications, so open source peer-to-peer tech will end up dominating.
Of course then they'll probably legally attack the open source model.
As would EU, South American and Asian businesses, they would VPN to another continent VPN to finally have nested encryption for key stakeholders communication.
I think it will have the Gab effect. Gab advertises as a free-speech service. However, those that are already in the mainstream are generally on Twitter. Thus, the people that are on Gab are the people who got kicked off of Twitter, and and thus Gab is in general a cesspool.
The decentralized services won't be able to provide as smooth a service as the centralized ones, if for no other reason than network effects. Most people don't really care about end to end encryption. What percentage of WhatsApp users or Apple Messages users will quit the service if Facebook or Apple dropped end to end encryption. It will be pretty close to 0%. Thus what you will have is that the majority of people on the decentralized services are there because they are doing shady stuff. Thus the decentralized services will become hives of scams, dick pics, terrorists, child porn, alt right, etc. After a while, even being on one of those services will be seen as suspicious.
General Alexander was very precise in his choice of words when he repeatedly stated "in the United States". What went unasked was whether these operations take-place against U.S. citizens outside of the borders of the United States.
Plus even when they do need a warrant, it doesn't do much good when there is literally a closed-access secret court specifically for handling surveillance requests which very rarely denies said requests and has a known history of enabling abuse.
The dragnet surveillance apparati searching through all your communications have warrants to do so? Certainly not. They redefined what "search" means so that it's only a search if the dragnet finds something and an analyst retrieves it. This loophole lets them conduct searches with complete disregard for the 4th amendment.
So long as the courts entertain the loophole, it's more accurate to say that searches do not require a warrant than to say that they do.
As an ignorant non-lawyer, it seems to me that the "illegal search" argument won't hold up. Laypeople see encryption as a lock on a safe that the govt should be able to compel you to open.
Why not use a 1st Amendment approach? Doesn't my freedom to speak also cover the "language" (i.e. encrypted bits) I'm using?
I still don't get why they're burdening the service providers with this? Like I know why but I'm surprised a bill that says that police can compel you to unlock your device hasn't come around.
A service provider like Google or Apple (a) provides a single point of access to many devices, and (b) is very likely to comply with law enforcement requests if compliance is legally required.
Yes, the same as any unrecorded conversation is inaccessible by warrant after it happens. Law enforcement doesn't need omniscience, but we do need freedom to associate and privacy in a democracy.
A law abiding citizen might comply at the advise of their lawyer. My point is, E2E will at least ensure that warrants are used and not warrantless tactics, which seems to be an ever growing issue.
But encrypted conversations, by definition, are recorded.
With a warrant, law enforcement is permitted to search a safe containing written records of a conversation; why shouldn't they be allowed to search an encrypted consumer electronic device containing the same?
The difference is that a safe can be "brute forced"; you don't need to know the combination in order to be able to get in, with enough resources (i.e. a large enough drill). The same cannot be said about encrypted data, which is (as far as we know) literally impossible to break into no matter how much money you throw at the problem. If the same were true of safes—if they were physically impossible to get into without the key—then this same conversation would apply. Do you think, in that scenario, that safe manufacturers should be required to make a master key and distribute it to law enforcement?
IANAL, but as far as I know, if the police can't physically break into your safe, there is nothing saying that they have any legal recourse to compel you to open it. Why should encrypted data be any different? Any why should it be the responsibility of the manufacturer/service provider to supply law enforcement with a key? The government can always pass a law allowing law enforcement to legally require you to unlock your device, but that is not what they are doing.
> Do you think, in that scenario, that safe manufacturers should be required to make a master key and distribute it to law enforcement?
I'm not sure, to be honest, but I think it's certainly a reasonable position to take.
> IANAL, but as far as I know, if the police can't physically break into your safe, there is nothing saying that they have any legal recourse to compel you to open it.
If it can be established that the safe is yours and that you possess the key or know the combination, I believe a court can indeed order you to open it or to produce the contents, punishable by contempt of court.
> Any why should it be the responsibility of the manufacturer/service provider to supply law enforcement with a key?
Because the state has a compelling public interest in ensuring that law enforcement can successfully execute lawful search warrants. The existence of indestructible safes would constitute a significant impediment to achieving that goal, so manufacturers of such safes have the responsibility of ensuring that law enforcement can access them.
I don't necessarily agree with that argument, but I don't think it's unreasonable.
> If it can be established that the safe is yours and that you possess the key or know the combination, I believe a court can indeed order you to open it or to produce the contents, punishable by contempt of court.
I got curious about this, so I did some quick research. Again, IANAL, but my understanding is that, in the US, the court can order you to give up the physical key (if it is determined that you have it) but not the combination. The latter is protected by the Fifth Amendment right against self incrimination, in the same way as sharing knowledge verbally. So then the question becomes, is an encryption key (or passcode, etc) more like a physical key, or a combination? If the former, then you would be legally compelled to decrypt it if law enforcement asked you to do so. If the latter, however, then there is no legal way for law enforcement to force you to decrypt the device.
The legal framework for deciding how to handle encrypted data already exists, it's just ambiguous. Instead of passing a law that completely changes the scope and usefulness of encryption, doesn't it make much more sense to simply disambiguate and update existing laws accordingly? I don't know the full repercussions of that, but it seems that there exist less drastic solutions to the problem.
> I don't necessarily agree with that argument, but I don't think it's unreasonable.
I think it is unreasonable because it's asking companies to willfully violate their user's privacy and trust, and to severely undermine encryption as a whole. There is zero chance that this does not get abused.
> The latter is protected by the Fifth Amendment right against self incrimination, in the same way as sharing knowledge verbally. ... If the latter, however, then there is no legal way for law enforcement to force you to decrypt the device.
Not exactly. Yes, revealing the combination requires the person to implicitly admit that they know the what the combination is. But if the government can prove that they already know this "testimony" -- which they can in most cases -- then the "foregone conclusion" doctrine applies and the 5th Amendment privilege cannot be asserted. See, for example, the Massachusetts Supreme Court's decision in Commonwealth v. Jones. [1]
There is also conflicting 11th Circuit precedent that further requires the government to establish with "reasonable particularity" what is on the encrypted device. [2] In my opinion this is not correct; the contents of the drive have nothing to do with the testimonial value of the combination. In any event, this issue will eventually need to be resolved at the Supreme Court.
> I think it is unreasonable because it's asking companies to willfully violate their user's privacy and trust, and to severely undermine encryption as a whole. There is zero chance that this does not get abused.
I don't see how it violates user privacy or trust. In general, you don't have the right to keep records secure from law enforcement if they have a warrant. If this law is passed, these companies should simply disclose to their customers that they will provide law enforcement with the means to decrypt their data, as many already do.
I also don't see how it severely undermines encryption. Yes, end-to-end encryption is more secure, but it's not the industry norm. Security is relative, but I wouldn't call Gmail "insecure" just because Google allows law enforcement to read emails with a warrant.
> Not exactly. Yes, revealing the combination requires the person to implicitly admit that they know the what the combination is. But if the government can prove that they already know this "testimony" -- which they can in most cases -- then the "foregone conclusion" doctrine applies and the 5th Amendment privilege cannot be asserted.
That's fascinating, thank you for sharing! That helps make my point, though, that the legal framework for handling encryption already exists and just needs to be clarified a little bit, instead of making new, far-reaching laws with serious implications on the landscape.
> I don't see how it violates user privacy or trust. In general, you don't have the right to keep records secure from law enforcement if they have a warrant. If this law is passed, these companies should simply disclose to their customers that they will provide law enforcement with the means to decrypt their data, as many already do.
It will get abused. Just like wire tapping got abused, just like NSA surveillance got abused. Furthermore, having a master key floating around means that at some point, inevitably, a foreign government or organization will get ahold of it. If this were implemented correctly—over a special, secure channel that only law enforcement could access (with a warrant!)—that would be mostly harmless, but I simply don't trust our government and businesses to implement anything correctly that has to do with the privacy and security of user data. There have simply been too many previous violations.
> I also don't see how it severely undermines encryption. Yes, end-to-end encryption is more secure, but it's not the industry norm. Security is relative, but I wouldn't call Gmail "insecure" just because Google allows law enforcement to read emails with a warrant.
But the issue with bills like the EARN IT Act is that they make end-to-end encryption completely infeasible for any company to implement. That's the problem: you can't even have E2EE in the first place if it passes, because it conflicts with the requirement to allow law enforcement to be able to read messages.
> That helps make my point, though, that the legal framework for handling encryption already exists and just needs to be clarified a little bit, instead of making new, far-reaching laws with serious implications on the landscape.
I think this can be a reasonable argument, but it depends on whether criminal suspects generally comply with decryption orders. If most don't, then it is understandable that the government also wants the keys to reside with parties that almost certainly will comply: OEMs and service providers.
> It will get abused. Just like wire tapping got abused, just like NSA surveillance got abused.
Yes, warrants get abused, but they're necessary for the criminal justice system to function.
I think we need to be careful not to conflate this issue with warrantless surveillance, which is a different beast.
> Furthermore, having a master key floating around means that at some point, inevitably, a foreign government or organization will get ahold of it.
I don't see why this is necessarily true, and many Internet services are premised on it not being true. HTTPS requires that you trust the ability of CAs to keep their master keys secret. Gmail and Outlook require that you trust that Google and Microsoft will keep their master keys secret.
> But the issue with bills like the EARN IT Act is that they make end-to-end encryption completely infeasible for any company to implement.
I realize that. My point was that there's an argument to be made that in practice, most people don't use E2EE or even need it in the first place.
E2EE is probably necessary in certain cases -- for example, if you're a dissident in an authoritarian regime. But that doesn't mean it needs to come standard on every iPhone.
To be honest, I'm undecided on this issue. Maybe the security benefits of standard E2EE are worth making it more difficult for law enforcement to execute lawful search warrants. But to me the answer isn't obvious.
That's fair. It's definitely a tradeoff. I guess I'm sensitive to it because I strongly value freedom of speech and the right to privacy, and generally like governments having as little power as possible (to lower instances of abuse). I realize that you have to draw a line somewhere, though, and I don't have enough data to make any judgement on whether something like this is necessary. But in any case, I certainly hope it isn't!
If impenetrable safes existed, the government stance would certainly not just be to say "oh well, guess we gotta let criminals store whatever contraband they want".
Sure, but don't you think there are less drastic solutions than to require the manufacturer to create a master key, distribute it to law enforcement, and cross their fingers hoping that it doesn't get exploited?
Pass a law that would allow law enforcement to legally require you to open the safe, just like they can currently compel you to hand over a physical key.
One of the long term consequence of legally dismantling our Constitution (which is the US equivalent to "company values", both in terms of how often they are invoked and by how often the same people ignore them) is that it dramatically reduces our soft power on the world stage.
Right now China is engaging in textbook "secret war" with Hong Kong as well as a variety of other human rights abuses. It used to be that we, the U.S., could speak up, and have dozens of allies rush to our side on the principle that we are to be trusted. Consider how shoddy the evidence for justifying Iraq was, and the fact that most countries still chose to send their troops with ours. Our word used to mean something.
But now? How can we hold a higher ground than China when our own police forces use the very same tactics against our own protesters? How can we accuse the other side of building concentration camps when we have our own?
Backdooring encryption is just another attack on our basic freedoms. It is crazy that at a time we should be touting our values as proof they are objectively better compared to our competitors', we are also trying to take them apart and bring us down to the same level as our competitors. It's like a vast cargo ship encountering a dinghy, and the captain tells the dinghy "you need to change your construction materials, you're shooting yourself in the foot by making poor choices" while his crewmen are hard at work drilling holes into the windows below deck.
> Our word used to mean something.
> But now? How can we hold a higher ground than China when our own police forces use the very same tactics against our own protesters? How can we accuse the other side of building concentration camps when we have our own?
But we’ve had things like this for a long time. The police have acted like they do for generations, we had concentration camps for Japanese people during World War II, and we’ve always done a variety of other reprehensible things (propping up brutal dictators, destroying native civilizations, institutional racism of every possible flavor.) Frankly, I’m shocked that our word ever meant something.
It's called media manipulation: US government has perfected a way to manipulate knowing and unknowing media outlets to spill out the news that serves their goals. Unsuspecting public just goes for it, especially since it's all too easy too fall into the self-righteousness (look at those nasty people doing that, they are nothing like us).
Internet was a tool that allowed all sides to be equally heard (the fact that it was abused to disseminate fake news supports that claim even more), so only now it's too obvious what's going on.
Oh, and other governments and organizations are catching up quickly with the same practice.
> we had concentration camps for Japanese people during World War II
I study WW2, and it's important to be factual.
The correct term is internment camps. Japanese-Americans usually lost their property, but the purpose was to locate them in central locations, not to re-educate or liquidate them, as our enemies did to the Allies.
For that time in history, it could be argued that the decision made sense. Japanese subs did shell the US mainland, and Japanese-Americans in Hawaii did help a Japanese aircrew try to escape after Pearl Harbor. Japan planned to return to Hawaii after Midway to occupy Hawaii.
I think using the term "moral high ground" is not helpful for a number of reasons. However, the US did rebuild the world economy after WW2, mostly to prevent it from becoming aligned with the Soviet Union. Most of the world's national borders are descended from WW2.
As leading historian Dr. Victor Davis Hanson says, "[WW2 was German and Japanese soldiers machine-gunning unarmed civilians by the tens of millions.]"
That's what concentration camp is for. To concentrate and control.
There were separate death camps (sometimes combined) that involved direct train-to-killing-field pipelines, and most concentration camps involved work in horrible conditions, but that's because of further goals above relocation.
That some concentration camps in other countries were also death camps is entirely the point. They are not the same thing, but they're just one step removed. In fact, thousands of people died in the American camps even though there was not an official policy of extermination.
Camps are a very whitewashed aspect of US history. Look at the forced marches and internment of Native Americans, POWs at Andersonville or anybody unfortunate enough to be in the custody of Joe Arpaio.
We have a nasty habit of creating scenarios where death is an inevitable consequence without it being the official policy.
From some light research, it looks like 120,000 Japanese-Americans were put in these camps for 2-3 years and 1,862 died. In the country at large, if I'm reading this [1] right, 1,459,000 people died outside of the camps in the US, which had a population of 136,700,000. That's a ~1% base death rate per year, which would account for ~2/3 of these deaths in a year.
This could be investigated further; was the average length of imprisonment less than a year, were the causes of death different than in the larger population, did economic conditions and racism increase the base death rate among Japanese-Americans in the first place, was the age distribution different among those the US bothered to move to camps, pushing their base rate lower?
Evidently people died because of these camps, and it is incredibly likely that many of those deaths were racist hate crimes committed by US employees on US citizens. Even that aside, it was very much wrong it imprison innocent civilians on the basis of their race. 'Thousands died' does seem like a substantial overstatement when the only number I can find is less than 2,000 (it's from the US, so it may be biased). Probably a few hundred died as a result of these camps, mostly from disease.
That's true. If you count the Alaskan camps [1] you get another 118 American citizens who died in U.S. government camps, which would put us at 1980 dead - leaving us 20 short of thousands. I stand corrected.
I had not heard of the Aleutian internment, and it is clear that the evacuation was mismanaged and the people were mistreated. It's honestly horrific. They were on the front, so it doesn't read as much like racism, but it could have and should have been handled orders of magnitude better.
I'm not pedantically quibbling over whether it was 1980 or 2000 who died. I'm saying that if you took a random sample of 120,000 people at the beginning of 1943 and checked back at the end, 1,300-1,400 would have died. That leave hundreds, not thousands, who died in internment that wouldn't have died otherwise. These are arguable numbers, as I stated above, but they have more substance than I think you're implying.
Additionally, the US invested considerable resources into keeping these people alive. There were on-site hospitals, and not like the ones in Auschwitz where people were held until they died. These camps shouldn't have existed, but they were completely different animals from death camps and are not just a step away.
They’re not a step away from each other. Numerous countries, including those with strong norms against mass murder, intern suspected enemy sympathizers in times of war.
During the Gulf War (1992) the UK interned Iraqi citizens in the UK, just as they did with German citizens in WWII.
>That's what concentration camp is for. To concentrate and control.
The problem is that these words have taken on entirely different meanings that perhaps what they once meant and there are those who take advantage of that disparity. When people hear about concentration camps, they think death camps, even if that isn't specifically what the word once meant.
There are many such ways to twist words like this and rarely do I find them being used for positive reasons. It is like when someone lists all the large name chemicals in a vaccine. They might be factually correct, but what is the chance they are doing that to scare people who have a misunderstanding of chemicals thinking that large name means harmful chemical?
The most famous concentration camp was for all practical purposes a combined one (when people talk of Aushwitz they generally conflate a pretty big complex of camps together).
It doesn't change the part where concentration camps were modeled after British and US approaches of dealing with "undesirables"
Victor Davis Hanson says a lot of things, including that Iraq II was a good idea - he was a minor but still fairly significant public relations voice in the neoconservative bloc that pushed that war into existence, to the enormous detriment of US interests in the Middle East and worldwide.
As a classicist he's tolerable, if no more than that; in any century where the years count up instead of down, the man seems entirely at sea.
Using a new weapon to end an existing war is one thing. Using a new weapon to start new wars is another. That delineation is independent of one's judgement of the weapon per se. They're both bad. But one is worse than the other.
The U.S. had the opportunity to go on a mission of global military conquest. There was military support for nuclear war with Russia and China. The United States didn't do that, and I think that's a unique and admirable trait.
Yes, that's a fact. I can't tell whether you approve of that or not, but here's the background.
After the failure of the Treaty of Versailles at the end of of WW1, resulting in WW2, the Allies learned that unconditional surrender was needed to prevent future wars.
The Japanese military command preferred that their troops never surrender.
So the 2 options the US had were:
1) Curtis LeMay would use 10,000 bombers to napalm those cities, and every last village in Japan.
2) Use 2 nuclear weapons and demand a surrender. The military commanders in Washington debated the ethics of using such weapons, so this wasn't done lightly.
Having studied this over a period of years, #2 makes the most sense to me.
Except the Japanese didn't have the context to know the implications of the nuclear bombs. And the contemporaries noted that it was the Soviet declaration of war and invasion of Manchuria that forced their hand. The use of atomic bombs was superfluous.
>For that time in history, it could be argued that the decision made sense. Japanese subs did shell the US mainland, and Japanese-Americans in Hawaii did help a Japanese aircrew try to escape after Pearl Harbor. Japan planned to return to Hawaii after Midway to occupy Hawaii.
It could also be argued that it made sense to do the same for Germans since we had a minority of Germans siding with Hitler and even holding Nazi rallies before we got involved in WWII. We weren't exactly good arbiters of fairness when it came to race either.
There were American companies inclined towards blacklisting German Americans at least. FDR made it illegal for them to do that with Executive Order 8802, probably because German Americans were such a large portion of the population that blacklisting them (let alone interning them) would have threatened the war effort.
Note that in Hawaii, Japanese-Americans were a significant portion of the local population, about one-third. Of the 150k+ Japanese-Americans living in Hawaii, only 1,200 to 1,800, or about 1%, were interned. On the mainland US where they were a smaller portion of the population, far more Japanese Americans were interned. This discrepancy probably comes down to a matter of practicality again; one third of the population is just too many to intern.
I believe that US citizens of German descent were actually placed in internment camps during WW2. I don't think it was at the same scale as Japanese citizens but it did happen.
A very small number did, relative to their portion of the population (which was large.)
Anti-German sentiment was certainly present in America and the UK during the world wars. In response to Anti-German sentiment, the British royal family anglicized their name during WWI, changing it from House of Saxe-Coburg and Gotha to House of Windsor. In America, German Americans largely stopped speaking German in public (German was the second most common language in America and was spoken particularly often in Pennsylvania, remnants of which can still be seen today in "Pennsylvanian Dutch" culture.) However, treating German Americans as severely as Japanese Americans were treated, at least on the mainland, was probably too impractical to be considered.
But now? How can we hold a higher ground than China when our own police forces use the very same tactics against our own protesters? How can we accuse the other side of building concentration camps when we have our own?
It's called having protestors in the first place. China wouldn't let you hear about it, or all you get is distorted information, which means you don't know what's going on in their society.
OP's point is that protests happen in rural areas outside the central government's control. They are very much not allowed and usually crushed when found.
> They absolutely are allowed.
So you and I can go to tiananmen square tomorrow for a healthy protest and drum circle?
r/PoliticalCompassMemes, a subreddit that's been gaining popularity recently. (I only discovered it oh, maybe 2-3 months ago? Wouldn't be surprised if the quarantine had a big impact.)
Joe Rogan recently released an episode with the comedian Andrew Schultz which I found very relevant. So many of us share common ground. It's the extremes that push us to be more extreme.
r/pcm has been a rare instance of unity, blunt kindness, and understanding in these times, and I greatly appreciate it.
It may be ignorance for most of the politicians that support the bill, but it's not ignorance for those creating and co-sponsoring the bill, but pure maliciousness. They want to give the government the power to read every single thing you say online, any consequences (or constitutionality) be damned.
Feinstein, Burr, and others like them haven't been champions of mass surveillance powers extensions for the past 20 years out of "ignorance". They know exactly what they're doing.
I still remember a video from the Senate floor showing how ruthlessly and in bad faith Feinstein argued FOR FISA 702 extension back in 2012 using lazy fearmongering about terrorists - the same kind of bad faith fearmongering used to allow the Iraq war, etc.
It boggles my mind that Feinstein has remained a senator for so long in California, but I suspect it may have something to do with the electronic voting machines there. I mean, you could say she has more than enough friends that could help her out with that, especially if she continues doing what she's been doing in the Senate.
Whatever your political affiliations may be, these are grounds for r/pcm level unity.