Texas representative John Carter, chairman of the subcommittee on Homeland Security appropriations, and who sits on various other defense-related subcommittees, is hearing about cyber a lot these days. As he put it, “cyber is just pounding me from every direction.” That’s just the first few seconds of the very entertaining video, where Carter tries to find the right words to express his concern over new encryption standards from Apple and others.
You may laugh about this, but… These are the people running the most powerful military of the world.
“You may laugh about this, but… These are the people running the most powerful military of the world.”
Scary, isn’t it?
“That’s what she said.”
I guess he’s a Republican, else ignorance would be carefully ignored by the publishing elite.
But I watched the video, and despite “look at that stupid Republican” rejoicing I think he made some interesting points: if there is an encryption such that only the owner can access it, and no one else, why can’t we use that stuff for our military?
And the logic fails in the major premise: the FBI has been crying foul that if Apple encrypts stuff, they can’t access it. But this lawmaker caught them out: that’s nonsense obviously, because if this was true, the military would love to use it wouldn’t they.
So that supposedly unassailable phone encryption does not exist. The phone can be hacked, keys may be left in memory, and honestly, given that we now know that https has never worked since its inception due to many security flaws, we can be extremely sceptic that encryption on phones will do much.
There are two aspects to this clip.
The first is the concept that the state has a right, given the appropriate wrappings (warrants, cause, etc.) to the content of your systems and devices, specifically for criminal investigations.
In the U.S., the state doesn’t have a right to force you to divulge the contents of your head (vis-a-vis the 5th amendment), but they do have the right to compel others to divulge what they know about your activities or the contents of your head (within other limitations). They can subpoena people to testify and force of law effectively forces them the comply.
Just like they can subpoena your safe, and hire a contractor to destroy your property in order to find the contents of said safe.
This became clear in this clip with reference to encryption. That the fact that NOBODY could “crack that safe” that is a modern cell phone for the purposes of criminal investigations is a problem for the state.
Secondarily there’s the concept “if the phone is uncrackable, why aren’t the military systems uncrackable”.
That’s a naive view.
Consider the Silk Road guy, and his encrypted laptop. Likely with 10s of warning, if even that much, the FBI would have got a brick of worthless silicon and rust painted on spinny platters.
But instead, they did a social engineering hack to seize the laptop in it’s open state. They distracted him, and got the laptop in plain text.
It’s not the technology that’s preventing “uncrackable” system, it’s we humans that need access to the plain text data. We have these discussions all the time in health care.
“Why isn’t the data encrypted?”
“Because people actually like to use the data.”
Hackers exploit those system and human weaknesses that lead them to the unencrypted data. If someone were to take my daily machine, they’d get a brick. But there is a window of open ness when the machine is on and I’m using it, just like the Silk Road guy.
It is unreasonable to expect politicians to be well versed in stuff this arcane, and it IS arcane. The politicians are there because it’s a political body where politics happens. Politics is an actual process that has it’s own areas of expertise. And you need to be a politician to do well in politics. The staffers and researchers do the heavy lifting, and, ideally, though not always, help keep the member informed and engaged on specialty topics.
People wonder why Businessmen enter politics (elected, get appointed, etc.), and fail. They fail because they’re Businessmen, not politicians. Different fields. Some pick up on it quick enough and rise to the occasion. Others don’t.
The staffers are the ones that write actual legislation anyway, the member just votes on it.
Really nice post. But I doubt well reasoned arguments, common sense, and facts are going to dissuade most of the crowd here from poking fun at the stupid-old-white-male-republican-luddite-texan.
I really can’t blame anyone either. Intellectually I completely agree with everything you said, but you have to admit that guy totally won the right-wing cliche lottery or something. If The Matrix consisted entirely of Republican stereotypes, he would be Neo…
What I think is ‘interesting’:
The encryption debate is a similar debate is the gun law’s in the US.
Do you give people more power to protect themselves or do you try to prevent bad actors getting access to these technologies by creating laws which prevent the average person access to these technologies.
And in both cases technology will probably move a lot faster than the law.
In the case of guns look at Cody Wilson he was one of the people that helped create the first 3D printable gun. And the CNC mill for US $1200. Which can be used mill your own rifle lower receiver at home.
‘funny’ fact. In the US export of encryption software is regulated by the same laws as export of guns.
It’s a little different in that we have a long experience with gun ownership, but we also have put in place effective barriers to collecting data about the effects of gun ownership. Right now, outside of ‘studies’ but various trade groups, there’s no real understanding about the effect of gun ownership. For all those people who’ve purchased guns for self protection, we have no idea whether 99% of those guns will be used to effectively stop, prevent or deter an intruder (with only 1% resulting in accidental homicide or suicide), or 1% are effective at self protection (with 99% resulting in accidental homicide or suicide). We are willfully ignorant because various federal and state jurisdictions have laws that specifically prevent the collection of this information, or making grants to researchers who would study this. So if you say “I need a gun to protect myself” there’s nothing out there to say getting a dog or a good burglar alarm wouldn’t be more effective. Or for that matter, significantly reduce you or your family members’ chance of dying from self inflicted or accidental discharge. And, surprisingly enough, we have no way to uniformly collect information on police shootings, in part, because we’d rather be willfully ignorant and assume everything is okay.
Edited 2015-03-29 14:09 UTC
A couple of years ago I was against gun ownership.
Being in Europe, with very little gun-related crimes (especially compared to the US) and with laws prohibiting the general public from owning a gun in most cases. This seemed obvious.
Later on I found out there is as many guns per person in the US as there is in Canada. But their are very little gun-related crimes in Canada too.
So it looks like a society with a lot of gun ownership does work. This means in the US a lot has to do with the mentality of the people.
With technologies like 3d printed guns, I think it’s pretty clear laws will eventually be ineffective.
This is the reason I mentioned it being similar to the crypto problem.
It also means my stance (especially effectiveness) of laws which prevent gun ownership has also changed.
So w8, Americans are wilfully ignorant on the effects of gun ownership?
Yep and they are going to get faced with a lot more problems in future as these encryption systems get more widely deployed. And especially easier to use.
Actually, believe it or not but Mylar did solve that problem and it is being used for medical applications:
https://css.csail.mit.edu/mylar/
https://www.usenix.org/conference/nsdi14/technical-sessions/presenta…
[quote]
Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server (e.g., an attacker, a curious administrator, or a government) can obtain all of the data stored there.
This paper presents Mylar, a platform for building web applications, which protects data confidentiality against attackers with full access to servers.
Mylar stores sensitive data encrypted on the server, and decrypts that data only in users’ browsers. Mylar addresses three challenges in making this approach work.
First, Mylar allows the server to perform keyword search over encrypted documents, even if the documents are encrypted with different keys.
Second, Mylar allows users to share keys and encrypted data securely in the presence of an active adversary.
Finally, Mylar ensures that client-side application code is authentic, even if the server is malicious.
Results with a prototype of Mylar built on top of the Meteor framework are promising: porting 6 applications required changing just 36 lines of code on average, and the performance overheads are modest, amounting to a 17% throughput loss and a 50 ms latency increase for sending a message in a chat application.
[/quote]
Actually, in this clip they are right on the money.
Encryption is all about building the practically uncrackable safe (practically, because all that is left to do is brute forcing by trying to guess a very, very large key. If the key is large enough, it takes at least 10’s or 100’s of years with all computers on the planet or other similarly stupid large numbers).
This is a big problem for the government because they can get a warrant on your encrypted data but that doesn’t mean they can get access to the unencrypted data.
Without evidence they can’t put people in jail if they’ve done bad things.
Why else do you think the UK has a law which states: you can go to jail if you don’t give the proper authorities your encryption key/password/whatever.
This problem is going to get worse, you see more easier to use encryption.
Some examples where we see this:
– more websites are using HTTPS. And not just the crappy kind either. And more people use newer browsers which implement these protocols better and got rid of the old broken versions.
– DNSSEC is seeing wider deployment. Almost 13% of Internet users is now using a DNS-servers which validate DNSSEC-information:
http://stats.labs.apnic.net/dnssec
– we are seeing more email providers encrypt email in transit and validate certificates with DNSSEC/DANE
– more tools to make PGP encrypted email easier.
– more use of OTR (Off The Record) encryption for chat programs: https://chatsecure.org/
– more operating systems include a way to do full disk encryption. With less and less overhead to do so.
– more money gets poured into the creation of better solutions (hardware and software) for storing the keys for cryptocurrencies like Bitcoin.
[quote]In total, bitcoin firms raised $314.7m in 2014. This represents a 3.3-fold increase over the previous year, in which $93.8m was invested.[quote]
http://www.coindesk.com/venture-capital-funding-bitcoin-startups-tr…
As the software gets easier to use this also means more criminals might go unpunished.
And if the risk of jail time or even death is much lower the criminals might care even less about the possible consequences and victims of their actions.
Exactly. Perfect case study in contrast: attention given to the antics of Vice Predator Jozo Biden.
From where I’m standing, the distinction between “Republican” and “Democrat” politicians is entirely within Americans’ minds. These two groups of people both consists of mostly idiots held together by corruption and ignorance. When I posted this, I didn’t even know if this guy was Republican or Democrat.
From here in The Netherlands, American politics looks like an even bigger farce than our own. And that’s a major accomplishment, considering our own politicians aren’t exactly the sharpest knives in the drawer either.
Politicians everywhere are a farce. To say politicians from one country are worse than politicians from another country I think would be a mistake. Much of what is looked at as ridiculous is caused by ethnic or national bias.
In the US, Republicans say that they are for less government and Democrats say they are for the poor man. The truth though is that both Republicans and Democrats are very similar and do everything they can to make sure that no other groups can gain power by not passing anything and pointing the finger at the other guy. This goes for both the legislative and executive branches and the American public buys the bull sh*t Hook, Line, and Sinker.
Remember, politicians take whatever power the population will give them. Once in power they do what they can to consolidate power. Additionally some (don’t have percentage or number) work to corrupt and twist things to give themselves power that they do not have. The old saying goes, “Power Corrupts.”
In terms of how these comments relate to OSNews, I think the safe analogy that is finally reached is a good one when speaking of file system encryption. The committee member approaches his statements in an odd way, but in the end the un technology savvy guy gets there. I feel that that the government is afraid that we now are going to have the tools to protect our rights.
That is what Thom meant. Like Thom I also live in the Netherlands.
We have a some what more functioning political system.
First of all there is no 2 party system, in practice, like in the US.
In the countrywide elections of 2012 we had 12 parties which also participated in 2010. And an ever larger number of parties which were newer or didn’t have enough supporters before.
Political parties need a minimal amount of supporters to be officially assigned the status of political party.
But when you’ve been able to do that, you can participate in the elections and you get money from the government to make your voice heard to the public, which includes time on TV.
This means the difference in the amount of advertising between parties is pretty slim.
This too, to me, seems like a very different situation than in the US.
There is also no gerrymandering. All votes are counted the same in the whole country.
All this means is that to get a law approved you need 50% of the representatives. So you’ll need more than 2 or even 3 parties to agree on the new law.
This usually means parties prefer to have a coalition so they can get stuff done more easily.
The number of parties in the coalitions are getting slowly larger and thus harder to create these coalitions.
They took 54 days to create such a coalition of 2 parties in 2012. The 2010 coalition was 3 parties and fell apart because of it.
Obviously we messed up on some accounts as the European Union now dictates some of the things. Even if we have some representation in the EU. The EU is a even more parties and multiple coalitions.
So, at least it seems to me, things are more complicated there.
Thom, I think that was exactly the point. The only difference between the two is that one is made fun of in the press and the other is not.
Are you sure? I’ve seen enough of Fox News and similar stations to know that Democrats are being made fun of just as hard.
The benefits of outside-looking-in are kind of awesome. Until I realise all this causes so much suffering for Americans – and I fucking love Americans. Makes me sad.
“I’ve seen enough of Fox News and similar stations to know that Democrats are being made fun of just as hard.”
You are missing 2 vital distinctions.
1) Fox News is huge in the sphere of US cable news, but small in the sphere of US political media overall.
2) Most, but not all, of the poking at Democrats is done by hosts of opinion shows, opinion contributors, and guests, not by news hosts or political journalists.
That appears to be the very definition of “splitting hairs”.
“Splitting hairs”
Hardly. Have you spent much time absorbing the US political media or have you mostly been told about the supposedly horrific & undue influence of Fox News?
The largest ostensibly impartial news sources like NBC News, ABC News, CBS News, & the New York Times (via its wide syndication & influence on other journalists) regularly body slam GOP politicians & protects Democratic politicians, particularly Pres. Obama & his administration. Even the political news portions (not editorial portions) of the Wall Street Journal are still dominated by lefty journalists, despite its reputation.
TV entertainment shows & movies almost universally sides against the GOP when delving into politics. The leading network comedy shows heavily skew against the GOP, regardless of who’s in the White House or Congress. Comedy Central, with the influential Daily Show & Colbert Report replacement shows targets the GOP overwhelmingly.
Tax-subsidized “public” broadcasting, particularly public radio, overwhelmingly targets the GOP–both in its “impartial” news coverage and its news-oriented comedy shows, such as Wait Wait Don’t Tell Me.
Perhaps if your favored US politicians, party, & ideology were regularly assaulted (as the GOP has for around a half century), you might feel *slightly* differently.
Speaking of “corruption”,
The “impartial” US political press doesn’t serve as watchdogs for the people against the government and the politicians. They are almost always attack dogs against Republicans and both guard dogs & lap dogs for Democrats.
“Texas representative” wasn’t hint enough?
I agree. Even though he obviously doesn’t understand this stuff at a detailed level, he gets part of the basic tension. You can create really high quality encryption and you can make it difficult to decrypt data to the point where it wouldn’t be feasible for local authorities to decrypt that specific file on that specific computer.
But basically the following still holds (and what I’m afraid he doesn’t really grok, even though he alluded to it). If anyone gets a back door, eventually everyone has a back door. And every government wants their own back door, meaning encryption would be more like Swiss cheese than a safe. And really it’s not that the information is locked up in a magically impregnable fortress of bits. It would require more work and effort than law enforcement is willing to expend, meaning they couldn’t just go through your phone on a fishing expedition if they arrest you.
What I feel is not communicated to him (and other lawmakers) is if they really want the information, they’ll have to go out there and get it by other means. Maybe its worth it in a murder investigation, but maybe it’s not worth it for someone caught with a quarter ounce of weed. Everyone thinks of a child, kidnapped and in the hands of Phil Robertson, or maybe two hard-nosed cops trying to take down a major, psychopathic kingpin. But think more about an idiot meth addict also selling meth. There’s a limit as to the resources they can realistically throw at that problem.
It would be good for the committee members to remember that prosecutors and police are incentivized to make arrests and get convictions. That’s the way the system is structured. They want to be promoted, get paid well, (and for prosecutors) run for political office by showing how tough on crime you are. Anything that we do that prevents them from getting their numbers is a threat. And the constitution isn’t about making sure we get everyone that could be guilty, it’s about keeping us safe from a government that has incentives to become more brutal and vicious than it needs to be.
Agree with de Boer.
‘Heated’ arguments like this just make me smile. Discourses in between industry and government should be in another -more amiable- league.
Consumer’s secure hardware from Cupertino? With of-the-shelve components?
Cupertino quite useful on implementing useable interfaces to mil an gov interfaces, maybe.
To those of you who are not American…..you have no idea of the level of stupid that is in control of our congress right now. Trust me….you have NO idea.
Stupid in the executive branch also. How much is the US in debt and they keep wanting government to do more and nationalize even more. Insanity really.
It’s typical for politicians to have no clue on things that they are asked to vote on, which is just another reason why less government is better.
In a way though, the problem did eventually find a parallel in a less technical example that illustrated the point to the panel, however general it was illustrated.
Edited 2015-03-28 01:49 UTC
nope, not the same
Right, it’s much worse. There’s also massive incompetence, massive lack of experience, massive reality deflector, massive denial, massive arrogance and “my way or the highway” syndrome, and much more.
Historically, a dysfunctional White House leads to a dysfunctional Congress. This administration has only proven history true in that respect.
Stupid is not in the Executive Branch? Even though the US press regularly gives Jozo Biden a pass due to his party affiliation, lefty views, and being Obama’s sidekick, that does not mean he is not a juvenile buffoon who regularly says & does stupid, boorish, racist, & sexist things.
If you want a starkly clear picture of the pathetic state of “impartial” US journalism, consider the amount of coverage a handful of Quayle events received vs. the coverage of the thousands of Biden events.
nope, not the same
Same level of stupid that’s been there for at least the last two and a half decades (as long as I’ve been paying attention anyway). However, I recall as a child seeing bumper stickers proclaiming that we need to ‘take back America’, so I can only assume it’s been much longer than that …
nope, not the same
You’ve said it 3 times now. Did you remember to click your heels together?
What, did you just discover the wonders of copy and paste? Because your replies are all the same.
Stupidity, or willful ignorance so as to be mistaken for “useful idiots”?
There are times one may wonder if Dubyah was an act to avoid liability and provide a distraction while the other suits were cutting the breaks on the proverbial runaway train.
At least he’s being honest and admitting his shortcomings instead of faking knowledge.
It’s something.
Totally agree.
Also could be just this your argument, Soulbender.