44 comments

  • rgbrenner 2285 days ago
    Barr is just the latest to advocate backdoors at the DOJ. Here's an incomplete list:

    Rosenstein: https://www.justice.gov/opa/speech/deputy-attorney-general-r...

    Sessions: https://www.justice.gov/opa/speech/attorney-general-sessions...

    Comey: https://www.theguardian.com/technology/2015/jul/08/fbi-chief...

    Comey engaged in a long running campaign on this from at least 2014, until he was fired.

    Lynch: https://www.networkworld.com/article/3040224/attorney-genera...

    Holder: https://www.washingtonpost.com/news/the-switch/wp/2014/09/30...

    Let's all hope they continue to fail.

    • domnomnom 2285 days ago
      It’s almost as if access to high levels of intelligence has an influence on ones perspective.

      Not that I’m taking a position on things either way really. The likes of apple should be able to do what they please — just not be surprised when they find the government installing the backdoors themselves.

      • rgbrenner 2285 days ago
        I can't tell if you're for or against backdoors with that statement. Either way, I disagree. I don't think those for or against it are dumb people.

        They're just in a different position... In the DOJ, encryption gets in the way of their job--catching criminals... while the penalties for a backdoor fall on others (those responsible for the data). There's no downside to them personally (and very little for the DOJ itself) for getting a backdoor.

        The opposite is true for those not in the DOJ... the protection for our data is compromised.. and in exchange, the DOJ is able to prosecute some criminal we've never known, met, or had any contact with.

        To those in the DOJ who deal with criminals everyday, their ability to prosecute criminals is of the upmost importance to them personally... and for the rest of us, unless we're a victim of a crime, there's only downsides to a backdoor.

        • magduf 2285 days ago
          >There's no downside to them personally (and very little for the DOJ itself) for getting a backdoor.

          There is if the people in the DOJ suffer from identity theft and get their bank accounts cleaned out because some nefarious people exploited the backdoors.

          • grimjack00 2285 days ago
            Except legislation requiring backdoors will either exempt systems used by government workers of a certain level, or provide much higher penalties if those workers experience a breach.
            • magduf 2285 days ago
              That only works if the government is going to set up its own bank for use by government employees.
          • random023987 2285 days ago
            > There is if the people in the DOJ suffer from identity theft and get their bank accounts cleaned out because some nefarious people exploited the backdoors

            People in the DOJ have more options available to them if they choose to try to find or punish an identity thief than the general public.

            Also, the direct fear of not being able to do your job because of strong encryption is more focused than a nebulous fear of possible identity theft.

        • dllthomas 2284 days ago
          I was thrown by the "dumb people", not having got that from the parent comment. Then I realized I'd read "high levels of intelligence" in the sense of "military intelligence" rather than IQ. I think my initial reading was the intended one, but I'm not sure.
      • api 2284 days ago
        Being a cop (at any level) does very much bias your view of things. Nobody calls the cops (or the FBI, DOJ, CIA, etc.) when things are great. Police tend to only see the absolute worst of human nature and the worst things that people do and develop biases accordingly.

        I've known a few cops and they all have stories that are hard to hear and are worse than what you hear on most true crime shows. I assume access to high level intelligence involves endlessly seeing cases where people were caught attempting to purchase weapons grade nuclear materials, endless plots that never happened but are very scary to read about, etc.

        That being said, it is bias and it shouldn't be allowed to unilaterally influence politics. Banning strong encryption is both impractical and destructive to our society and economy.

      • naturlich 2285 days ago
        It's strongly possible the causality goes the other way.
    • extra88 2285 days ago
      And Janet Reno (who succeeded William Barr) in the 90's, back in the days of the Clipper chip and encryption software being treated as munitions.

      https://en.wikipedia.org/wiki/Clipper_chip

    • aussieguy1234 2285 days ago
      Do they really think terrorists will stop using strong encryption if they ban it?
      • dTal 2284 days ago
        Do terrorists even use it now? As far as I'm aware, the 2015 Paris attackers used unencrypted SMS and burner phones. Despite France supposedly being on "high alert" over Charlie Hebdo, they still evaded detection. But the anti-encryption handwringing brigade didn't let truth get in the way of a good story.
      • api 2284 days ago
        The majority of terrorist attacks in America in the last ten years were carried out by lone wolf attackers who were mentally ill or motivated by extreme political ideologies. They didn't use encryption because they weren't talking to anyone.
      • dllthomas 2284 days ago
        They think that if they can jail people for using encryption then one of two things happen: terrorists stop using it (with the presumed good that entails) or terrorists don't stop using it. If the latter, they hope they can jail the terrorists for the use of illegal encryption - maybe even before any successful attack - without the need to show anything but the use of illegal encryption. If all you're focused on is short-term tactical progress in fighting terrorism, it's a win; I don't think it helps our argument to pretend like that's not the case.
        • HappyDreamer 2284 days ago
          Or maybe no? What if this isn't primarily about terrorism; instead, what if the lawmakers and government people want more and more power to themselves, by gradually getting access to more and more private conversations, step by step turning the US into sth like Russia and China? Then they would use the same arguments about terrorism, as they do now, wouldn't they.
          • dllthomas 2284 days ago
            "They"'re not a single individual with coherent motivation. It's a bunch of people that want a bunch of different things. I fully expect quite a few aren't terribly interested in a police state. We need to be sure our arguments make sense and we're not willfully blind to concerns that, on their face (if narrowly) make sense.

            "But terrorists will just ignore the law" is a bad argument. It ignores the fact that the ban still increases the power of the government to act against terrorists. The problem with the law isn't that it's useless against terrorists. The problem is that it also increases the power of the government against the innocent, and possibly the power of some non-governmental criminals as well (depending on implementation).

            • HappyDreamer 2284 days ago
              Ok that's a good point.

              A problem could be that people in general don't care about: "increases the power of the government against the innocent" -- because that's a theoretical problem in the "distant" future?

              Personally I think the US gov getting too much power and gradually in small steps get access to "everyone's" communication, is like 1000 times more dangerous than "encrypted terrorism messages",

              and, what can be a good way to make people in general better understand the risks & dangers with small steps towards a dictatorship? Maybe if everyone reads 1984 :- / or if everyone was better educated about what happens if you're in China an critizise the government there?

              I didn't mean literally all lawmakers etc (although that's what I wrote). The next time I can try to write "some of them" instead.

              • dllthomas 2282 days ago
                One part of the solution is probably to raise awareness of the ways that systems justified in these ways are already being abused. For instance, spying on romantic interests at the NSA was apparently common enough that they had a cutesy name for it.
  • pavel_lishin 2285 days ago
    > But law enforcement says encryption thwarts their access to communications they claim they need to prosecute criminals.

    I think I have more to fear from the government than I do from the types of criminals that encryption backdoors would thwart.

    • scottlocklin 2285 days ago
      >>> But law enforcement says encryption thwarts their access to communications they claim they need to prosecute criminals.

      There's already freaking 1% of the population in jail; how many more do these assholes want to imprison?

      • t34543 2285 days ago
        It should be very difficult to prosecute, convict, and land someone in prison. I say that as a victim of a violent crime. It’s a huge parasitic drain on the entire country. It’s peddled under the guise of justice.

        The Philadelphia DA Larry Krasner is setting a fine example we all need to take note of.

      • dirtmerchant 2285 days ago
        A lot more. Despite the fact that the US already imprisons a disproportionate percentage of its populate, AG Barr is a vocal advocate of vastly increasing the use of detention. https://www.aclu.org/blog/smart-justice/mass-incarceration/w...
    • ChrisCinelli 2285 days ago
      It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into some conversations early on: massive shootings, terroristic activities, nuclear weapon programs of countries that should not be trusted with them, drugs that may have killed users and mere stupidity that may have started new wars.

      I think that the only way agencies were able to keep postponing the end of the Patriot act and related laws ( https://en.wikipedia.org/wiki/Patriot_Act ) is presenting massive evidence to the congress of the tragedies they were able to avoid with the power granted by those laws.

      Somebody that was publicly martyred by a country of great power makes more noise than a war that was avoided.

      Weakening strong cryptography is not the solution but I think we sometimes grossly underestimate the other face of the coin.

      • icebraining 2285 days ago
        Cryptography and secure messaging systems are not all under US jurisdiction. If access to backdoors alone has kept multiple massive criminal activities from being executed, then surely we should see some being successfully executed by the groups not using backdoored encryption.

        The fact that we don't suggests either that (1) backdoors aren't that essential to thwart them or (2) there are no such regular massive attacks.

        Further, as people like the US Attorney General helps to publicize those backdoors, more criminals will choose alternative messaging systems (fewer of which are backdoored), making the US less safe.

        • ChrisCinelli 2285 days ago
          That is why I wrote "Weakening strong cryptography is not the solution."
      • pavel_lishin 2285 days ago
        > It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into some conversations early on

        Sure, because we're never told. And you know what? Maybe there's good reasons. But "we can't tell you why, but trust us, it's super effective!" isn't enough of an argument.

      • jjoonathan 2285 days ago
        Do we?

        Law enforcement seems overeager to label anything and everything terrorism if they possibly can. For instance, someone at my previous workplace vandalized prod in a fit of rage when he left and they called it terrorism because the system had utility companies as customers. Why would law enforcement be so interested in juicing their terrorism numbers if the real thing was plentiful?

        My hypothesis: real terrorism isn't plentiful, but the budget to go after it became plentiful after 9/11, and the people who benefit from the budget do what they can to keep it that way. Erosion of freedoms and judicial overreach are side-effects.

        • ChrisCinelli 2285 days ago
          From their point of view, if technically possible, they would like to listen to any conversation and being able to spot in seconds conversations about any country security threat.

          It is easy to see that the risk is that if plaintext data is available, the data can be mined for a lot of other purposes including illegal or not ethical ones. It is also possible that eventually that data could leak to the wrong entities.

          And yes, in any big organization, the left hand may not know what the right hand is doing and, while one is concern in matters of public safety, the other may be primary concerned with the hegemony of its own power.

          So it is complex.

          But just assuming that you do not need them and they are just evil is a massive over generalization.

          • pavel_lishin 2285 days ago
            > But just assuming that you do not need them and they are just evil is a massive over generalization.

            Fine, but assuming that they'll abuse any amount of power given is completely reasonable, in light of plentiful examples in the past.

      • u801e 2285 days ago
        > It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into some conversations early on

        Aren't the ones we hear of are the ones where the FBI set the whole scenario up?

        • ChrisCinelli 2285 days ago
          Lack of transparency is indeed what make people second guess their intentions. And I have to agree that "being lied to" is the number one reason why people do not trust them.

          I mildly prefer the "neither confirm nor deny" responses https://en.wikipedia.org/wiki/Glomar_response

          I am not an expert but I think the general feeling most of people have is we are hearing a lot of constructed lies. Is there a list of stories told to the public that were proven to be lies? Did they even come out and say "Yes, we lied and this is why..." ?

      • phkahler 2285 days ago
        >> It is fair to assume that the general public knows very little about how many dreadful criminal activities they were able to avoid because they could tap into the conversation early on

        I'd like to see more of that made public.

      • smolder 2285 days ago
        I don’t think it’s fair to assume that at all. Without evidence, I’m unconvinced the governments need for information access is motivated by justice rather than the interests of a few.
      • tjalfi 2285 days ago
        Renewing the Patriot Act and other such laws is easily explained by self-interest.

        Renewal: The best case is it foils a terrorist attack. The worst case (Snowden) has already occurred.

        Nonrenewal: The best case is no terrorist attacks. The worst case is a terrorist attack that may have been prevented with Patriot Act level wiretapping.

        No one wants to be blamed for a terrorist attack at the next election so the Patriot Act is renewed.

    • claudiawerner 2285 days ago
      How can this be true when it seems the deadliest attacks really are coordinated through end-to-end encrypted platforms such as WhatsApp? I'm not in favour of backdoors, but I have a hard time believing that I should rationally fear the government of most Western nations more than the people who carried out the Nice attacks when it comes to my personal safety.
      • pavel_lishin 2285 days ago
        > the deadliest attacks really are coordinated through end-to-end encrypted platforms such as WhatsApp?

        Most of the recent attacks in America were carried out by lone-wolf far-right extremists. Some of the ones who were caught were actual government employees.

        Furthermore, there's more to fear than someone spraying bullets into a crowd; ICE is performing 3am Gestapo raids and imprisoning citizens.

        So you bet your ass I'm more afraid of the government than a guy driving a semi-truck. The government can hurt more people in a day than a terror group can in a year.

        • bilbo0s 2285 days ago
          Don't be hyperbolic.

          The reality is that we should be just as concerned by a guy blowing up a truck at the Apple Store as we should about ICE raids at 3 in the morning. With both right wing terrorists and the government, scope creep has a way of ensnaring us all eventually.

          Same is true of any terrorist, and any government.

          So look, the question is not: Whether or not compromising my personal privacy will bring me more or less security? But rather the question is: Whether or not compromising my personal privacy is consistent with American Ideals?

          I say no. So in my personal opinion we, as a nation, have no business mandating that people compromise their personal privacy.

          • dclowd9901 2285 days ago
            > The reality is that we should be just as concerned by a guy blowing up a truck at the Apple Store as we should about ICE raids at 3 in the morning.

            I can't be the only person completely unconcerned by events like this taking place. And I'm not someone without copious anxiety in their life.

            • ben_w 2285 days ago
              You’re probably not literally the only person is unconcerned, but the overwhelming majority of the population seems to suffer from the availability heuristic, which means they’re concerned simply because it’s in the news, and it’s in the news simply because of its emotional affect.
          • pavel_lishin 2285 days ago
            > The reality is that we should be just as concerned by a guy blowing up a truck at the Apple Store as we should about ICE raids at 3 in the morning..

            I disagree.

            > With both right wing terrorists and the government, scope creep has a way of ensnaring us all eventually.

            What's an example of a terrorist group's scope creep?

            > So look, the question is not: Whether or not compromising my personal privacy will bring me more or less security? But rather the question is: Whether or not compromising my personal privacy is consistent with American Ideals?

            Disagree.

            > So in my personal opinion we, as a nation, have no business mandating that people compromise their personal privacy.

            Agree.

            Good talk.

          • brighter2morrow 2285 days ago
            >right wing terrorists

            /s?

        • TrumpSucks 2285 days ago
          Sorry, you have to enter the United States of America legally. Please learn the rules. Thanks!
        • jesssse 2285 days ago
          I looked up the word Gestapo; your usage is incorrect.
          • ben_w 2285 days ago
            In the sense that they were the secret police of the Nazis, sure that’s incorrect usage. In the sense that ICE camps are being compared to WW2 concentration camps by people who were in WW2 concentration camps, and in the sense that the Gestapo played a key role in the WW2 camps, it’s uncomfortably accurate. After all, when it comes to who to detain and how, most of them are just following orders…
        • ChrisCinelli 2285 days ago
          > "The government can hurt more people in a day than a terror group can in a year"

          Of course. But we need to remind myself this: what it is the probability that they are going to willingly hurt innocent people on a massive scale at the moment?

          Aligned with your comment:

          I have to admit that one of my paranoid fears is that this will change in the future and who is supposed to protect us is actually going to be our enemy. This was also one of the founding fathers.I guess, we are in a good company.

          History is full of examples of good kings that die and their successors are very wicked men.

          At the moment I think that "being able to find out what they need to" is net positive for the world ( see https://news.ycombinator.com/item?id=20509347 ) but what really bother me is that if in a future (hopefully remote) this change, there is no way to undo the past.

          From my prospective the security that they are able to provide because of being able to tap in any conversation and the risk of citizen data being used against innocent people is clearly a huge compromise.

          • pfisch 2285 days ago
            So the same attorney general that believes the FBI was infected by the "deep state" and is vulnerable to widescale corruption also thinks that same group should be able to remove encryption from anything?

            How can a man even hold both of those viewpoints?

            • nofollow 2285 days ago
              "In the field of psychology, cognitive dissonance is the mental discomfort (psychological stress) experienced by a person who holds two or more contradictory beliefs, ideas, or values."
          • pavel_lishin 2285 days ago
            > what it is the probability that they are going to willingly hurt innocent people on a massive scale at the moment?

            Well, given that they're doing it now, I'd say somewhere near 100%.

          • ChrisCinelli 2285 days ago
            For downvoters and everybody else: can you help suggesting some viable ways to overcome the tradeoff?
      • tux3 2285 days ago
        I think the usual devil's advocate argument is that those attacks are not a practical concern at all to anyone's life (except the extremely unfortunate — thoughts & prayers). It barely registers when compared to boring old regular crime and homicide, all of which is of dwarfed by road accidents. All of which combined is itself still single-digit chances of dying, the rest being cancer, disease and strokes.

        So the argument goes, you should focus on the much more direct and practical impact that laws & politics can have on your life.

      • kromem 2285 days ago
        A OTP is extremely easy to use for a terror network (just distribute several GB of pad on a thumb drive, have a shared secret for pad generation, etc) and completely unbreakable in the perfect use case, and feasibly unbreakable before an attack in the lazy-use case.

        Just because they opted to go with low-hanging fruit doesn't mean the fruit needs to be low-hanging for them to make use of it.

        • ben_w 2285 days ago
          I have tried arguing this directly with members of the British parliament and failed abysmally. with the benefit of hindsight, I suggest a different approach.

          Untested hypothesis: what we consider to be trivial, politicians consider to be advanced magic.

          Alternative hypothesis: politicians understand the skill level required perfectly, but they also have good reason to believe the terrorists are complete morons who wouldn’t be able to find, generate, or use a one-time pad if their life depended on it (and in this case their life literally would depend on it).

          • pilsetnieks 2285 days ago
            There's a story from Daniel Ellsberg about how access to secret information can make politicians (seemingly) stupid. It's possible that it's still very applicable here.

            > “You will deal with a person who doesn’t have those clearances only from the point of view of what you want him to believe and what impression you want him to go away with, since you’ll have to lie carefully to him about what you know. In effect, you will have to manipulate him. You’ll give up trying to assess what he has to say. The danger is, you’ll become something like a moron. You’ll become incapable of learning from most people in the world, no matter how much experience they may have in their particular areas that may be much greater than yours.”

            https://www.motherjones.com/kevin-drum/2010/02/daniel-ellsbe...

            • sitkack 2285 days ago
              As some wonk deep in the machine that wants to get their project pushed through, generate a fantastical story, mark it super extra unbelievably stop secret, and then parade around the politicians that have clearance. They _feel_ it, but can't share it and they use those thought terminating feelings to push through kooky-dooks legislation. Preferably using secret laws.
          • ChrisCinelli 2285 days ago
            On average it is fair to assume, politicians do not know anything and just believe what they are told to by their direct reports and advisors. And it is fair to assume that some of those do not know a lot of what is going on in the trenches. I see a lot of analogies with what is happening in big corporations.
      • Zak 2285 days ago
        On the face of it, I'd sort of agree with you, but a government wanting the ability to spy on anyone and seeking bans on technology that enables private communication should be terrifying. That's an enabling step for totalitarianism and should be treated as a red flag.

        It might be less of a red flag if regulation was likely to be able to prevent terrorists from using encrypted communication technology, but that's absurd as long as we have general-purpose computers and access to the open internet.

        • domnomnom 2285 days ago
          How is it any different than busting down your door though? I agree the government shouldn’t be able to collect data randomly, but the slippy totalitarianism slope seems like a silly way to blame technology.

          Personally, I fear all advancements it cryptology will be classified in the future.

          • pavel_lishin 2285 days ago
            > How is it any different than busting down your door though?

            Well, it's hacker news, so let me pull a word we like to bandy about: "scale".

      • scottlocklin 2285 days ago
        You mean the governments of Western nations who let the evil Nice dipshit into their country?

        "We need pervasive surveillance to protect you from the cannibals we imported to lower your salaries, peasants."

      • BubRoss 2285 days ago
        You might need a source showing that attacks would be stopped by backdoors in encryption, since anyone could make encrypted communication using software off of GitHub.
  • apo 2285 days ago
    > The risk, he [Barr] said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”

    Two things about this odd quote, which dances on the edge of the Orwellian "nothing to hide" argument:

    1. I'd put the odds that current president has in fact stored the nuclear launch codes on a "consumer product" at 50:50. He's shown a shocking disregard and disdain for protocol. The way in which diplomacy is carried out through Twitter suggests he's not capable of evaluating the threats posed his uses of consumer-grade technology.

    2. Barr assumes a threat model involving petty criminals. The real threat is the US federal government, which has demonstrated repeated disregard, under multiple administrations, for search and seizure boundaries set by the Constitution.

    • vermilingua 2285 days ago
      I highly doubt that any president has any authority over the storage medium of nuclear launch codes.
      • ben_w 2285 days ago
        What was the phrase before the election? “But her emails”? I’m not American, but that phrase seems to have shown up a lot and been about inappropriate storage of classified material.

        One can store material inappropriately even without authorisation.

      • mulmen 2285 days ago
        I'm really struggling to understand how you can think that.

        The launch codes are used by the president. If a party has access to data then that data can be replicated and stored anywhere else that party can access.

        The president is the authority that decides how the codes are stored, they exist primarily for his use.

      • packet_nerd 2285 days ago
        It's not hard to imagine him snapping a picture with his phone.. you know, just in case.
        • dx034 2285 days ago
          Aren't they sealed? As soon as the Secret service would detect codes to be unsealed, they'd probably have to be replaced immediately.
  • I_am_neo 2285 days ago
    “Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,” he (U.S. attorney general William Barr) said

    Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

    • tzs 2285 days ago
      The context when Franklin said that is interesting. Pennsylvania was having trouble on the western frontier due to the French and Indian War, and the legislature wanted to put a tax on land to raise money for arms for defense.

      The governor was blocking this, because the Penn family, which owned a lot of Pennsylvania land, objected. The Penn family did recognize the need for defense (although they were largely absentee landlords so not in personal danger), and offered to donate a lump sum for the arms if the legislator would agree that it did not have the power to tax Penn land.

      Franklin's quote was in a letter he wrote to the governor arguing for rejection of this offer.

      The "essential Liberty" he was referring to was the liberty of the legislature to legislate how it saw fit, including taxing Penn land to pay for security, and the "purchase a little temporary Safety" was the one time lump sum for arms.

      That was in 1755. He did re-use the phrase 20 years later in 1775 in a more general context, closer to what people quote it for nowadays.

      • cmroanirgo 2285 days ago
        Thanks. A little context goes a long way!
    • pavel_lishin 2285 days ago
      I was confused by your quotation, because I thought surely Barr wouldn't be arguing against his own point.

      But it turns out that his opinion of what constitutes security and safety is completely opposite my own.

      • mehrdadn 2285 days ago
        Same exact reaction here. Had to re-read it several times. For anyone else confused: I think by "security" he's referring to infosec and by "safety" he's referring to physical safety. (As opposed to my initial reading, where I thought "security" meant physical security and "safety" meant online safety.)
    • anbop 2285 days ago
      That’s not a logical argument by Franklin, it’s his opinion. There’s no axiomatic reason why Ben Franklin’s opinion is more correct than anyone else’s, even William Barr’s.
      • salawat 2285 days ago
        Says the rhetoritician; cleverly trying to blur the issue. Opinion or no, the principle is consistent through much of the intellectual environ's of the time. If both statememt's are read as opinion's neither wins. If both are construed as statements of fact, Franklin's still holds the more portentous conclusion. Namely that the being willing to sacrifice his capacity to guide himself to live longer , will inevitably result in neither goal being attained. Everyone dies.

        So that's really a bit of a non-starter. I would say that Franklin has more credibility however; if only because of the man's legendary common sense.

        I'll also point out, Franklin's sentiment can be traced back to the principle that "Vigilia aeterna est pretium libertatis". A consequence of which is, sorry Mr. Barr. Tell your police to do some actual investigative work. It is not the job of the populace to relinquish essential liberty to make tyranny in the making that much further realized.

        It is what we do with our Liberty that elevates us as angels, or drops us to the level of daemonic debasement.

        Law enforcement needs to understand their job should never be made trivial as their very existence in and of itself is as the sole means to rescension of that which culturally we value most; hich should absolutely be as burdensome a process as possible in the light of what is being taken.

        Never mind that making unbackdoored encryption illegal just adds a token charge to a long list of other charges, which to me is an absolute anti-pattern, of the same level as most firearm regulation in light of the second amendment; which I'll admit to being a bit of a hard-liner on.

        My 2 cents.

        • ratmice 2285 days ago
          Your comparison to the second amendment is not just "on the same level", but entirely accurate.

          To this day the United States Munitions List, classifies cryptographic devices under Category XIII Materials and Miscellaneous Articles.

          All the way back to the pre-constitution 1784 Virgina General Assembly, to some extent recognizes the need for secure communications channels in a militia. "There shall be a private muster of every company once in every three months", and setting forth those in charge of initiating and communicating the time and place of the muster.

          People often focus on the first amendment right to encryption. But I at least feel that the second amendment right is equally strong, with the governments own position on arms control behind it, legal interpretation should if anything not tolerate it's own inconsistency.

      • tbirrell 2285 days ago
        Benjamin Franklin is a Founding Father and has been generally accepted as an authority for more than 200 years, especially on the subject of freedoms and rights. He was a renown political theorist, politician, civic activist, statesman, and diplomat in his own day, not to mention the fact his reputation has stood the test of time.

        William Barr is none of these thing.

        • EpicEng 2285 days ago
          So... Appeal to authority then?
          • noja 2285 days ago
            Can you call it that though?

            One is a person with a well-earned a reputation, the other.. well you get the point.

            • EpicEng 2285 days ago
              >Can you call it that though? >One is a person with a well-earned a reputation, the other.. well you get the point.

              Yes

              >An argument from authority, also called an appeal to authority, or argumentum ad verecundiam, is a form of defeasible argument in which a claimed authority's support is used as evidence for an argument's conclusion

              You're not defending the point logically; you're only supporting argument is that someone with a good reputation supports it as well.

              • kryogen1c 2285 days ago
                > You're not defending the point logically;

                He absolutely is

                The annoying thing about "logical fallacies" is that if anyone season argument they disagree with that resembles a "fallacy", that quote it and act like theyve won.

                He is not saying that everything Benjamin Franklin has ever said is true. Obviously. However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct. That's not what an appeal to Authority is

                • EpicEng 2285 days ago
                  >He absolutely is

                  Show me where that happened.

                  >The annoying thing about "logical fallacies" is that if anyone season argument they disagree with that resembles a "fallacy", that quote it and act like theyve won.

                  That is annoying and I agree, but that's not what's going on here.

                  >He is not saying that everything Benjamin Franklin has ever said is true.

                  No one said he was.

                  >However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct.

                  No it doesn't. It absolutely _does not_. Reputation isn't irrelevant in so far as it lends credibility to a person's statements, but the discussion doesn't stop there. If you're going to defend a quote then defend it. Saying "this is true because X is trustworthy and Y is an 'evil schmuck'" is not an argument.

                  If this is not a prime example of Appeal to Authority then show me why it's not and provide an example. You're just throwing out your opinions as if they were fact.

                  • tbirrell 2285 days ago
                    This is not an example of Appeal to Authority because Ben Franklin is an accepted authority. If all parties agree on the reliability of an authority in the given context it becomes a valid inductive argument. Otherwise every Citation or Source or Bibliography would be a "logical fallacy". An Appeal to Authority would be if the quote was attributed to someone like James Polk. Sure he was president, but he has no authority on this sort of subject.
                    • EpicEng 2285 days ago
                      >This is not an example of Appeal to Authority because Ben Franklin is an accepted authority.

                      ...huh?

                      >If all parties agree on the reliability of an authority in the given context it becomes a valid inductive argument.

                      No, it doesn't. Why do you believe that? How do you feel about quantum mechanics? Do you realize that Einstein fought tooth and nail against it for years?

                      >Otherwise every Citation or Source or Bibliography would be a "logical fallacy".

                      Citations link to works, not authorities. A citation may link to, say, an academic paper which provides evidence to support its assertions. No one is linking to random comments made by so-called authorities, that would never be accepted (unless the citation was to literally show that a quote is legitimate, i.e., made by the person claimed to have made it.)

                      • anbop 2285 days ago
                        But given a hypothetical question like “What play should a football team run when they are on 2nd down and 3 with 2:19 in the 3rd Quarter while leading by 3 points” — wouldn’t a professional NFL coach’s opinion be given more credence than mine? Einstein may have been wrong on quantum mechanics but if you had 1000 physics question it would be hard to think of a better person to ask.
                        • EpicEng 2285 days ago
                          You're proving my point. When examining an argument you should do so based on the merits of said argument. That's literally the basis of Appeal to Authority. It doesn't get more clear cut than this.

                          I'd also like to point out you have yet to provide a single fact in support of anything you're saying.

                          • anbop 2284 days ago
                            I’m not the person you’ve been talking to earlier
                            • EpicEng 2284 days ago
                              Sorry, lost track. Doesn't change my point though.
                  • kryogen1c 2285 days ago
                    >Saying "this is true because X is trustworthy and Y is an 'evil schmuck'" is not an argument

                    Great! I didnt say that and neither did the gp you originally replied to. Whats your point?

                    • EpicEng 2284 days ago
                      >However, if a well renowned and respected Authority has an opinion that some evil schmuck disagrees with, it provides evidence as to who is more likely to be correct.

                      That's you as you seem to have forgotten.

                      • kryogen1c 2284 days ago
                        Providing evidence towards the likelihood of truth, as I said, and saying "this is true because X is trustworthy and Y is an 'evil schmuck'", as you said, are not equivalent.

                        Are you actually trying to argue you can't tell the opinion of children and subject matter experts apart because gathering evidence based on reputation is a logical fallacy?

        • zknz 2285 days ago
          And yet he owned slaves.
          • onetimemanytime 2285 days ago
            and...? For example, you can be a Nazi and a great mathematician or be a pedophile and a great philosopher....etc etc
      • raverbashing 2285 days ago
        Correct, I just roll my eyes whenever this is quoted

        But if people disagree they can go ride a bike without a helmet, people in the transplant list will thank you.

        • dang 2285 days ago
          If you keep posting unsubstantive comments and flamebait here we are going to ban you. I don't want to do that, because you've also posted good comments. Would you please fix this?

          https://news.ycombinator.com/newsguidelines.html

          • raverbashing 2285 days ago
            Agreed, I could have expressed my concerns with that quote differently.
    • Tomte 2285 days ago
      Benjamin Franklin did say (or rather write) this, but it meant something else than you think: https://www.lawfareblog.com/what-ben-franklin-really-said#.U...
    • yongjik 2285 days ago
      But, "Only the Sith deal in absolutes." - Obi-Wan Kenobi

      I don't think opinions of people who were born before telegraphs matter much in today's political discourse. Basically, it boils down to, "I found a quote I agree with, and when I attach $(some famous dead person)'s name on to it, it sounds really great and authoritative."

      • vermilingua 2285 days ago
        If you really think that we aren’t facing the same problems today, that didn’t exist 300 years ago; you need to take a far harder look at the problems.
        • yongjik 2285 days ago
          I kinda agree with you, but quoting Benjamin Franklin as a solution is not exactly "taking a harder look" at the problem. How is it any better than "because the Bible says so!"?
          • mulmen 2285 days ago
            Well Benjamin Franklin was a founder so his thinking is more relevant in a secular nation than the stories in a religious text.
    • mrguyorama 2285 days ago
      As much as I disagree with Barr and I've repeated that quote countless times, I can't help but think it's utterly stupid. Did Ben Franklin really think we should throw out things like the rule of law and the police? They are an explicit trade of Liberty for Safety. Was he some sort of fundamentalist anarchist?
      • coderzach 2285 days ago
        "All Property, indeed, except the Savage's temporary Cabin, his Bow, his Matchcoat, and other little Acquisitions, absolutely necessary for his Subsistence, seems to me to be the Creature of public Convention. Hence the Public has the Right of Regulating Descents, and all other Conveyances of Property, and even of limiting the Quantity and the Uses of it. All the Property that is necessary to a Man, for the Conservation of the Individual and the Propagation of the Species, is his natural Right, which none can justly deprive him of: But all Property superfluous to such purposes is the Property of the Publick, who, by their Laws, have created it, and who may therefore by other Laws dispose of it, whenever the Welfare of the Publick shall demand such Disposition. He that does not like civil Society on these Terms, let him retire and live among Savages. He can have no right to the benefits of Society, who will not pay his Club towards the Support of it."

        He also didn't think much of private property.

        [1] http://press-pubs.uchicago.edu/founders/documents/v1ch16s12....

        • shsh 2285 days ago
          You are intentionally misinterpreting his quote. He doesn't think much of excessive property. Yes, you probably don't need a 3rd home while other people have no homes...
          • ska 2285 days ago
            His bar for "excessive" is pretty low though. We aren't talking 3rd home, plausibly we aren't even talking 1 home.
            • 1000units 2285 days ago
              Indeed it isn't even one. He says right there, "temporary Cabin".
            • nybble41 2285 days ago
              Yes, and the distinction is completely artificial. Worse, he gets the relationship between property and law exactly backwards. Property rights, even for what some here are calling "excessive" property, were not created "by the public" (meaning by legislators) through the passage of laws. Rather, property rights existed first and laws were passed to rationalize the abridgement of those rights when they proved inconvenient to those in power.

              If you take someone else's property for your own use by force without their permission, they are perfectly justified in using force to take your property without your permission. That is the fundamental natural law which underlies property rights, as well as all other natural rights: reciprocation. It doesn't matter who the property belongs to, how much other property they have, or who is doing the taking.

              • ska 2285 days ago
                The "fundamental natural law" you appeal to is none of those things, so it would be disingenuous to hold him to it. I'm not sure how I feel about the quote and don't have enough context on his thinking to really judge it, but your rejection sounds dogmatic, not reasoned.
                • nybble41 2285 days ago
                  I'm not "holding him to" anything. I'm just stating a fact. It is not logical to claim that it is simultaneously right for you to be able to do something unilaterally to someone else but wrong for that person to do exactly the same thing to you. Not unless you're arguing against the universality of rights in general, anyway, and if you're taking that approach then you can't make any meaningful statements at all about what rights other people may or may not have.

                  If you take someone's property without their permission there are three possibilities: (1) you admit that it's wrong and deserving of punishment; (2) you claim that taking property without permission is universally right (i.e. that there are no property rights), in which case you can't complain when others take your property; or (3) you claim that rights are not universal, in which case others can claim the right to take your property just as easily as you claim the right to take theirs. Whichever path you choose, the act of theft justifies its own proportional punishment. The same reasoning applies to any other natural right, as they are all based on the principle of reciprocation.

                  This is neither the time nor the place, but if you're interested in a more complete treatment of the topic I would recommend this paper: http://www.mises.org/journals/jls/12_1/12_1_3.pdf

                  • ska 2285 days ago
                    I agree this isn't the time or place, but you are not stating a fact; rather you are choosing a particular framing which is neither unique nor universally accepted.

                    It doesn't matter whether or not I agree with you or Franklin (or neither) here - I was noting that your attempt at pointing out his "error" is itself logically flawed and does not demonstrate any such error on his part.

                    • nybble41 2284 days ago
                      You claim that I am "not stating a fact" but it is a fact that any claim that an action is right when done by one person but wrong when done by another is either an internal contradiction or a repudiation of any universal standard for right and wrong. Either way, you can't consistently argue that a proportional response would be wrong after taking that same action yourself.

                      I should hope that this argument is not "unique", since it's just an application of basic logic, and I really couldn't care less whether the conclusions are universally accepted. The logic is sound whether you accept it or not.

                      • ska 2284 days ago
                        Ah, we seem to be focused on different parts of your state to. The problem you ran into is axiomatic, not logical. You are asserting a concept of property that is not the same as Franklins, and then attempting to refute him based on that framework. He (I thinks least, based on those quotes alone) is proposing a quite different framework, so you have fallen into a type of category error. That is what I was pointing out. It’s all fair to argue that his framework is inferior, but it is illogical to just claim he got it wrong because it doesn’t fit the framework you prefer.

                        I think this has run its course, it’s not a good media to get into something like this at depth.

          • liability 2285 days ago
            The point should be obvious from the context, that Franklin was very far from any sort of anarcho-capitalist/libertarian extremist.

            > Was he some sort of fundamentalist anarchist?

            The quote plainly refutes that idea.

      • mikestew 2285 days ago
        Keywords being "essential" and "temporary" in the original quote. Granted, that leaves a lot of room for interpretation, but Franklin was not advocating doing away with, for example, law enforcement.

        Though I would agree it's a quote of triteness and "just so" convenience that gets massively abused.

        • mrguyorama 2285 days ago
          I wonder how Benjamin Franklin would feel about its common usage nowadays. For specific context I used to use this quote in relation to my dislike of the PATRIOT act and similar, and I never really took any introspection as to whether I was truly defending my position through the use/abuse of the quote. Granted I was literally in middle school at the time, so maybe my lack of a more nuanced position could be forgiven, but a quote is not an argument.
  • mortenjorck 2285 days ago
    In a perverse way, this is progress: At least the false premise of "we can have both secure encryption and key escrow" has finally been dropped and Barr is making the more blunt assertion that the need for eavesdropping outweighs all other needs in cybersecurity.
  • LinuxBender 2285 days ago
    This will be a taboo and unpopular option. My theory is that these discussions are theater. More often than not people store and access their data from their cell phones. Between CarrierIQ and OTA updates/access, there is no such things as end-to-end encryption on a cell phone. People get really upset when I bring this up. I suspect it is a matter of denial and not providing links to public documents, which will never exist. I would suggest that very few people have the patience to implement proper OpSec with their own data.

    You don't even need "backdoors" in encryption. Existing lawful-intercept on Slack, Discord, Facebook, Google and all the wireless carriers will net just about anything you could ever want to know.

    • liability 2285 days ago
      > People get really upset when I bring this up. I suspect it is a matter of denial and not providing links to public documents, which will never exist.

      The last time I saw this matter being discussed here, tptacek was getting pretty upset at people who were suggesting that baseband processors presented a security threat. He's a security expert with a reputation to uphold so I expect he's probably right, but I would still like to see a detailed explanation of why he's right.

      For a reason I don't understand, this topic seems to illicit a lot of insults, when calmly assuaging fears would doubtlessly be more effective.

    • rank0 2285 days ago
      Is there somewhere I could read some more on this point?

      I was under the impression that iMessage was end-end encrypted. So unless Apple has a secret backdoor built into their systems, nobody should be able to access those messages correct? Wireless carriers are just sending my encrypted messages over their networks.

      What am I missing?

      Do you believe my cell service provider could decrypt my HTTPS connections to my bank?

      • ender89 2285 days ago
        I'm pretty sure he's just referring to the fact that if someone can push an ota update and you have something like iMessage that has encryption keys on the device, there's nothing stopping a company from pushing an update out that compromises your security. End to end isn't compromised, it's potentially compromised. Smartphones are the schrodinger's cat of security because while they're considered "secure" right now, they could be blown wide open via automatic update any second. Telegram is encrypted end-to-end, but if you have automatic updates on, there's nothing from stopping the developer or rogue actors (or states, like russia) from pushing an update out that uploads all of the encryption keys to their servers and decrypts everyone's messages. Automatic updates are fundamentally insecure because they can instantly compromise your security. If you want true security, go with open source and review (or wait for reviews) of all code changes that happen in the apps you use, and you want a distro that either doesn't have an os ota system or allows you to disable it. Also, there is potential for baseband attacks because we're all at the mercy of telecoms and no one runs custom firmware or opensource code on their baseband processor so who knows what vulnerabilities lie there.
      • mjevans 2285 days ago
        It doesn't matter if the apps try to be secure. If any point in the communication holds the key-data in memory and is not on a //user// trusted device then the key is compromised.

        Since cellphones have a BMC that isn't user owned, which does have access to the full system memory (rather than being an isolated peripheral modem), and since OTA firmware updates can be pushed by the "infrastructure" (including fake 'towers' setup by TLAs, criminal hackers of other sorts, and hobbyists) containing code to compromise and silently ex-filtrate any data (including those keys, or even just the conversation directly); it is an inherently insecure environment.

        • passivepinetree 2285 days ago
          What should the average security-conscious person do then? Resort to one-time pads? Is there any way to be truly secure, or should we just stop trying?
          • mjevans 2284 days ago
            If we want secure tools for democracy then that's going to mean a completely open and thus verifiable (audit-able) platform.

            This needs to be from the PCB traces, all of the component tolerances, all of the chips, all of the firmware (even the ROMs that are actually baked in ROMs on the chips), the bootloader, OS, and entire userland.

            This is required not just for the host system but also the human interfaces and peripherals.

            I hope we will be able to reach that point with a RISKV system at some point; but the various proprietary interfaces that require licences for implementation/etc might make this problematic. I am for standards, preferably completely free, but FRAND and non-restrictive on meeting the above goals might be good enough. The platform has to be fully open-book, but some of that book can be covered by reproduction limitations for a limited time. (I'd prefer standard patent duration at most, as this stuff NEEDS to become the digital version of paper at some point; and within my lifetime would be nice.)

      • ChrisCinelli 2285 days ago
        Not sure why this comment by robdachshund is dead: "Why bother trying to break encryption when you have backdoors in the hardware and OS? It's far easier to just use a keylogger on your OS keyboard, take a screenshot, access RAM buffers, etc."

        To answer to that. Maybe the problem is in those hardwares and operating systems that do not have backdoors?

      • vermilingua 2285 days ago
        I think the point is that the govt can sidestep https by just going to the bank; as they can to most services.
      • tfha 2285 days ago
        Apple showed that they are capable and willing to perform silent over the air updates to operating systems to address security concerns. The specific incident I am referring to is with Zoom.

        If you can read your message history from an iPhone, Apple is just one silent update away from reading it as well.

      • aaron_m04 2285 days ago
        You're missing that Apple has the ability to put backdoors in kernel updates, and these can reach right into process memory and get your unencrypted messages.
      • robdachshund 2285 days ago
        Why bother trying to break encryption when you have backdoors in the hardware and OS? It's far easier to just use a keylogger on your OS keyboard, take a screenshot, access RAM buffers, etc.
    • pslam 2285 days ago
      > Between CarrierIQ and OTA updates/access, there is no such things as end-to-end encryption on a cell phone.

      I don't think you understand what end-to-end means.

      • kevinsundar 2285 days ago
        Even with end to end at some point the information needs to be displayed to the user and especially on Android at that point you can collect anything you'd like. Unless there is some way of encrypting data all the way to the display controller I don't know about. But that will never happen as it would be the end of so many other features.

        So he's right theres no such thing as true end to end on common cell phones.

        • nitrogen 2285 days ago
          Unless there is some way of encrypting data all the way to the display controller I don't know about.

          That's kind of what HDCP is, so it could be done on an embedded display too.

          • SomeOldThrow 2285 days ago
            IIUC you'd have to encrypt the text rendering, not the rendered text, for the message to be e2e encrypted and inaccessible through memory.
            • nitrogen 2285 days ago
              In theory you could run the decryption and rendering in the GPU (as is done for video), which would re-encrypt for display.
        • ska 2285 days ago
          > no such thing as true end to end on common cell phones.

          Hardly the only application though, is it?

      • LinuxBender 2285 days ago
        I most certainly do. CarrierIQ (former name) negates it. HTTPS and GPG can't hide anything from it. Any phone app will be entirely transparent. There are other debug apps embeded in different phones that can be triggered to start gathering data in the background. They can even tell the velocity you swiped in what direction and what angle you were holding the phone.
        • eitland 2285 days ago
          > I most certainly do.

          I do not find that this comment proven, neither in your profile, nor in the context of this thread.

    • wysifnwyg 2285 days ago
      The article doesn't seem to indicate which devices are communicating, just generally referring to communication. Medical devices which communicate should certainly not be an acceptable communication to risk.
  • Zhenya 2285 days ago
    Mr. Barr,

    Unfortunately such a mechanism requires that we trust the government. That trust was broken with the Revelations from Snowden.

    For now, the average citizen fears the government more than criminals and this is the easy calculation folks are making and will continue to make at the ballot box.

    -An American

    • mjevans 2285 days ago
      More clearly phrased:

      Snowden provided evidence (to the fourth estate) proving that trust has been already been broken.

  • acomjean 2285 days ago
    Ah, the clipper chip from the 1990s debate over again. They didn't get it then and the world is still ok (kinda, but encryption seems to be low on the list of pressing problems)

    The only place they seem to have gotten their way is anti-counterfitting thats injected into scanner silicon.

    " From the moment Diffie and Hellman published their findings in 1976, the National Security Agency's crypto monopoly was effectively terminated. In short order, three M.I.T. mathematicians -- Ronald L. Rivest, Adi Shamir and Leonard M. Adleman -- developed a system with which to put the Diffie and Hellman findings into practice. It was known by their initials, RSA. It seemed capable of creating codes that even the N.S.A. could not break. They formed a company to sell their new system; it was only a matter of time before thousands and then millions of people began using strong encryption.

    That was the National Security Agency's greatest nightmare. Every company, every citizen now had routine access to the sorts of cryptographic technology.....

    The genie was out of the bottle. Next question: Could the genie be made to wear a leash and collar? Enter the Clipper chip."

    [1] https://www.nytimes.com/1994/06/12/magazine/battle-of-the-cl...

    • zerocrates 2285 days ago
      Interesting to see RSA portrayed as a foe of the government and a thorn in the NSA's side here, knowing what's been reported about their involvement with "Project Bullrun."

      Leash and collar indeed...

      • spopejoy 2282 days ago
        Right especially given their 20-year advance understanding of differential cryptanalysis ...

        My impression is the NSA of today is very different than that of the 70s and 80s.

  • pseudolus 2285 days ago
    So when the backdoor is hacked, as it inevitably will be, whom will I have legal recourse against to recover damages? I'm assuming that any company incorporating such a backdoor would be afforded some immunity against civil lawsuits arising from successful hacks. Also if such compensation is forthcoming won't I essentially be contributing towards it with my own tax dollars?
  • ska 2285 days ago
    “Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,”

    And I expect some would argue that the "slight incremental" and "massive" are incorrectly placed in that statement.

  • chuckgreenman 2285 days ago
    > The risk, he said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”

    There's a good reason not to use encryption schemes that have backdoors, they aren't safe and this pull quote betrays the fact that Barr knows that.

    I'd be willing to wager that the government isn't going to use backdoor-able encryption because the risk of failure is too great. While not being critical to national security, safety in storing your medical, financial records and your conversations with other is mission critical to citizens. Hopefully folks on capital hill see that.

    • 0xDEFC0DE 2285 days ago
      >While not being critical to national security, safety in storing your medical, financial records and your conversations with other is mission critical to citizens. Hopefully folks on capital hill see that.

      They aren't going to see it. The government will just use the non-backdoored version. If a company gets its data popped because of the backdoor, the government will just blame the company, or it's acceptable losses because they catch some bad guys.

      Everyone should be super, super, super pessimistic that attempts like these will be handled in the interests of citizens.

  • csours 2285 days ago
    I made this comment in a previous thread, but I think it applies here as well:

    If you ask the government to do something impossible, such as provide COMPLETE safety and security, they will try to do that. I think the news media bears some responsibility in this regard, as they always blame or call out whatever agency that fails to maintain safety and security, thus leading to severe measures to try to mitigate the previous failure.

  • kevin_b_er 2285 days ago
    I'm afraid even Senator Ron Wyden misunderstands it. It isn't that we give them the "power" to break encryption, its that we fundamentally weaken it. We must build the encryption with tissue paper in order to let a person walk through it.
    • gnode 2285 days ago
      Most discussion of backdoors these days is no longer about weakening the encryption itself, but prohibiting its private use. It's about data retention, key escrow, key disclosure and man-in-the-middle attacking everyone like Kazakhstan is trying to do.

      Cryptography technology is public knowledge now; there's no putting the cat back in the bag, so now it's about making the non-government approved use of it criminal / basis to assume guilt.

  • mullingitover 2285 days ago
    One could make a good case that strong encryption is a form of Arms (certainly the US did, as "Auxiliary Military Equipment"[1]). So if encryption is a form of Arms, then Barr should probably keep his mouth shut or else he's making a case against the holy Second Amendment.

    [1] https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

  • torified 2285 days ago
    Australia has already passed draconian secret mass-surveillance laws, and also is part of five eyes so everyone (including American citizens) are subject to draconian mass-surveillance which is shared with the US when their data goes through any computer on Australian soil.

    Australian Federal police are busy attacking journalists right now for exposing a coverup of their soldiers murdering children.

    Americans should fight this with everything they have.

    Make no mistake, the "free" world is well on its way to becoming a surveillance dystopia.

    The nazis could only have dreamed about having the secret and unfettered surveillance apparatus politicians have created, and they are targeting that apparatus towards journalists and citizens.

    It's not about terrorists or pedophiles, it's about you and I, and anyone else who could potentially expose government or military incompetence/wrongdoing.

  • ryacko 2285 days ago
    Without encryption backdoors, how will you know if people are illegally using high-strength encryption? Everything must be decrypted on demand to determine if illegal cryptography is being used.
    • magduf 2285 days ago
      That doesn't seem hard: just make sure everything is plaintext (i.e., a known and approved protocol, like FTP, telnet, HTTP/HTML, etc.), or make sure it's an approved encryption protocol that has a built-in backdoor (and the data within, again, being one of those approved protocols). Of course, people could be hiding high-strength encryption within the backdoored protocol, but they could do random checks for that.

      Basically, the only way to really hide data is to either use steganography, or to use an unapproved data-transfer protocol (and using unapproved protocols can be banned).

  • exabrial 2285 days ago
    I've seen this posted several places. It's a bit of a clickbaity title because it sounds like a quote. As far as I can tell, it can't be attributed to him.

    The exact quote is:

    "Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety"

    I'm purely making a statement on the article title.

    • ska 2285 days ago
      If you follow the next few quotes from him in the article, the article title sounds accurate.
      • exabrial 2285 days ago
        You completely missed my point. It's not a quote
        • ska 2285 days ago
          I don't think I did. The title is not a quote, but it seems to be a reasonable summary of what he said, directly from more than one quote. What is it that you are objecting to, you think the formatting of the title makes it look like a direct quote? Fwiw, in that case I don't agree.
  • tzs 2285 days ago
    > The risk, he said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”

    When the government stops caring about my race, where my ancestors came from, my sexual orientation, my religion, my gender, my political leanings, and probably a few more I'm forgetting, and puts robust steps in place to ensure that it won't start caring about them again later, then maybe I'll consider entertaining the idea of allowing the government to peek at my messages.

  • commandlinefan 2285 days ago
    Study cryptography now, because at the rate we're going, even teaching/studying it will be restricted in the near future.
    • ssully 2285 days ago
      Considering the export controls on cryptography in the not so distant past [1], I think things have been worse for cryptography. This isn't to say I don't think Barr's comments are alarming, but he is continuing a push by DOJ that has been going for years now and has made little progress.

      [1]: https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

  • ori_b 2285 days ago
    I really want someone who is testifying in congress to put this in terms that affect the congressmen personally, explaining to them that it will make it easier for state actors to gain compromising information from their email addresses and personal devices.
    • alluro2 2285 days ago
      I think government officials would obviously want to have access to non-backdoor versions of software, so they can exchange their highly sophisticated and ultimately important state business discussions on WhatsApp secure.
      • magduf 2285 days ago
        Government officials still have their bank accounts with privately-owned institutions, which wouldn't have these non-backdoor versions.
  • clamprecht 2285 days ago
    I'd rather accept the security risks of not having encryption backdoors
  • harshreality 2285 days ago
    Passing over for a moment the (lack of) ability of the government to keep secret the means of using the backdoor...

    Most encryption software (including crypto libraries) is open source. Is he proposing banning open source or just mandating that it only be distributed as binaries by compromised companies?

    Does he, and does anyone else proposing this, have the slightest notion what banning good encryption would actually entail?

    • gattr 2285 days ago
      Banning open source software is probably not feasible (you can distribute the code as a printed book after all). They would have to:

      - ban all Internet traffic that uses non-backdoored encryption (all ISPs would be required to report it)

      - ban all amateur radio equipment, including all products one could use to build a satellite dish (like aluminium foil?..); keep a fleet of radio-direction-finding vans circling the streets

      Eventually, maybe also ban general-purpose non-backdoored computers.

      • naveen99 2285 days ago
        Also ban hashing algorithms ?

        Ban random data ?

        And ban the universe from being quantum ?

  • nyxtom 2285 days ago
    Surveillance 2030: It is now illegal to own or operate your own home server for the purposes of distributed communication
  • gumby 2285 days ago
    > “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”

    Talk about putting the cart before the horse! The USA is made of people, not hardware.

  • dclowd9901 2285 days ago
    Am I wrong to believe the government is, in fact, capable of cracking encryption on individual bases, but not on _many_ cases? Isn't this what we want? For the limits of encryption to keep mass snooping at bay?

    In other words, I think the "ticking time bomb" scenario often used to justify a backdoor is a fallacy. If the government really wanted or needed to, they could easily decrypt or break into a device (rubber hose method comes to mind).

    Don't let fear rule your life, and convince others not to as well. That is our job.

  • stunt 2285 days ago
    This is ultimately bad for people. It gives too much power to the government. It is same as saying government can disable all guns remotely.

    And also no matter how much regulation and monitoring there is a big risk from government employees. It will be exploited by others.

    And at the end of day, criminals are going to find a solution for themselves when they have to and this will only leave people vulnerable. And usually government itself will use a different tech for obvious reasons and leaves this for citizens only.

  • kemiller2002 2285 days ago
    It is at least slightly ironic that the person saying this is from the very same group a lot people are concerned with being protected from.
  • ga-vu 2285 days ago
    This is not what he said. You can read his speech here: https://www.justice.gov/opa/speech/attorney-general-william-...

    TC piece takes a way to harsh stance. He made some good points in there.

    • nybble41 2285 days ago
      This is exactly what he said. I've read Barr's speech, and if anything I think the TC article went to easy on him.
  • FourierTformed 2285 days ago
    Are there any existing cryptographic algorithms which allow for two keys to un-encrypt a piece of cipher text?
    • michaelmrose 2285 days ago
      Its trivial and common to have one or more than one key that unlocks the actual key that is in fact used to decrypt data see LUKS the standard for full disk encryption on Linux for example. This trivially lets you change your passphrase without rewriting all your data on disk.

      It's also useful for recovering data that the user has forgotten their self set passphrase or wont share it in case of a hostile ex employee. Furthermore one can have multiple passphrases and revoke one if it is known to be compromised.

      For the governments concept on it see "key escrow" and the clipper chip fiasco

      https://en.wikipedia.org/wiki/Clipper_chip

      Problems are legion and multifaceted. To put it briefly based on past actions no reasonable party would trust the US government to be respectful of their rights and privacy nor even competent enough to keep a secret.

      It would force the entire world of computer security to be shackled and standardized upon what an incompetent bureaucracy understands and it would be a disaster inside a year.

      If one recalls a lot of current woes with malware can be traced back to one of their geniuses that took home a hard drive full of tools and lost it all to the bad guys.

      https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-balti...

      If a golden key that unlocked everything in existence came into being it would be in the hands of state actors within 30 days and everywhere next year.

      It has always required monumental arrogance and profound lack of foresight to suggest we should backdoor all security for the benefit of the keystone cops and their current fearless leader Sergeant Shultz here.

      As the iconic tv character used to say "I know nothing. Nothing!!"

    • xyzzyz 2285 days ago
      Government generates a public/private key pair Gpub/Gpriv, and publishes the public part. It also requires the following scheme to be used: if you want encrypt a message M with a key P, you generate random key K, encrypt M with K to obtain Enc_K(M), encrypt K with Gpub to obtain Enc_Gpub(K), and encrypt K with P to obtain Enc_P(K), and then send this triple (Enc_K(M), Enc_Gpub(K), Enc_P(K)). This way, either of the P or Gpriv can be used to decrypt M (you just use it to first decrypt K, and then decrypt M). This scheme is as strong as the scheme used for encryption is, and no cryptography is weakened by its use, except of course a huge negative impact in case Gpriv leaks. With stakes this high though, you could bring likelihood of leak to be very low, and you could modify the scheme to mitigate the impact of the leak.

      I don't like it as much as anyone else, but unfortunately I think this is viable in practice. Of course, nothing stops you, a hacker, from using non-backdoored encryption, but government is fine with that, as long as Google, Apple, Facebook etc. are forced to use backdoors.

      • nybble41 2285 days ago
        > Of course, nothing stops you, a hacker, from using non-backdoored encryption, but government is fine with that, as long as Google, Apple, Facebook etc. are forced to use backdoors.

        Which just goes to show that this isn't actually about catching hardened criminals (who will just use non-backdoored encryption, either alone or layered on top of the compromised channels) but rather about enabling pervasive surveillance of ordinary citizens.

        • xyzzyz 2285 days ago
          Not necessarily. There is a middle ground between the two: common criminals that simply use the tools that Google, Apple etc create to make security for normal people easy. If it's effortless to enable full end to end encryption on your phone, then not only will your grandpa enjoy benefits of it, but also a cocaine dealer or a burglar trying to fence stolen goods.

          But yes, I think that there are lower-hanging fruits available for pick up here. I wish we lived in a reality where backdooring encryption was the best available path to reduce crime.

          • nybble41 2285 days ago
            The lazy sort of criminal that relies on commonplace, corporate-controlled communications apps would be caught using a traditional investigative approach regardless of any end-to-end encryption. It's the more sophisticated ones that they're using as justification for these backdoors—exactly the type that might be mildly inconvenienced at most by backdoors in standard communications services.

            If what these criminals are doing is causing actual harm then there must be sufficient offline physical evidence to track and convict them by without direct access to their communications networks. Far from reducing crime, the enforcement of compulsory backdoors would itself be a crime committed by the government against its own citizens on a massive scale.

      • cesarb 2285 days ago
        > Government generates a public/private key pair Gpub/Gpriv [...]

        Isn't that exactly the Clipper Chip scheme? The arguments against it are as valid now as they were then. If you haven't seen them before, they can be found at the 1997 paper "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", and its 2015 followup "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications".

        • xyzzyz 2285 days ago
          Not exactly the same, it offers slightly different trade-off between the benefits and the drawbacks. But yes, the idea is clearly not new or non-obvious. There are plenty arguments against doing that, and thank you for the references (I wasn't aware of the second one). Nevertheless, just because it has some (in fact, many) drawbacks, doesn't mean it's completely broken and useless, and that means that we shouldn't expect that something like this won't ever materialize.
    • danShumway 2285 days ago
      I can think of setups that would allow this, but I don't understand what the advantage would be over sharing keys.

      Honest question, if I have a key that can unencrypt all of your data, why is it important that it not literally be your key?

      • extropy 2285 days ago
        It's useful to have a master key that decrypts everything. For each message that means encrypting for two keys - the recepient and the master key.

        The obvious drawback being the huge damage when a master key is inevitably leaked.

      • scarejunba 2285 days ago
        Because then I need a way of giving you my key that doesn’t give the bad guy the key.
    • rubbingalcohol 2285 days ago
      PGP
  • siculars 2284 days ago
    Year is 2040. Candidate for Senate was linked to foreign agent for some innocuous reason. FISA court grants warrant. Justice find nudes, because obviously. Incumbent administration leaks to Twitter.

    This is such a bad move the tragedy/comedy writes itself.

  • rotrux 2285 days ago
    Right because that wouldn't become a massive problem at the worst possible time.
  • solotronics 2285 days ago
    Question.. if you make encryption illegal would that actually stop a "criminal" from using it? This seems like making guns illegal, it only stops law abiding citizens.
    • perl4ever 2285 days ago
      The advantage of making something illegal that a lot of law-abiding people would otherwise use, is that, even though criminals by definition ignore the law, law enforcement now knows anyone using that thing is a criminal. It has a tremendous effect on how easy it is to identify the criminals.
  • droithomme 2285 days ago
    I'd just as soon not accept those risks, thanks.
  • techntoke 2285 days ago
    Explains why they always make electronic voting blackboxes instead of an open source blockchain.
  • BubRoss 2285 days ago
    We will get access to all of Bob Barr's communications if this passes right?
    • atemerev 2285 days ago
      As we Russians bitterly say in such situations, "why shouldn't we trust our comrade major?" ("Нет причин не доверять товарищу майору").
    • perl4ever 2285 days ago
      I believe the President is currently suing the Ways and Means panel to prevent disclosure of his tax returns.
  • hnruss 2285 days ago
    Encrypted data that can be decrypted without the key is merely obfuscated.
  • maximente 2285 days ago
    are there any countries who aren't clamoring for backdoors/weakening encryption/etc?

    i'm interested in knowing the attitudes other governments have.

  • floki999 2285 days ago
    Gimme you house keys Billy, I promise, I’ll be good.
  • sirmike_ 2285 days ago
    "fuck off", said the slightly above average, technically inclined American.
  • golemotron 2285 days ago
    He should accept the risk of giving everyone his house keys to show he's serious.
    • pixelrevision 2285 days ago
      Or at least give them to the house over-site committee for safekeeping.
    • barberousse 2285 days ago
      When Taleb's "Skin in the game" principle applies
  • british_india 2285 days ago
    What an evil man, Attorney General Barr is.
  • beezlebubba 2285 days ago
    Backdoor my comms and I will speak jive.
  • jimbob45 2285 days ago
    Would you trade another 9/11 for backdoors? Genuine question.
    • phil248 2285 days ago
      Declaring it a "genuine question" does not change the fact that you are baiting people with a logical fallacy.
      • jimbob45 2285 days ago
        In all probability, some sort of 9/11 will happen again and this is the question that will be asked.
    • rank0 2285 days ago
      I like to believe we could prevent another 9/11 without government mandated backdoors.
      • tbirrell 2285 days ago
        More importantly, I don't believe we could prevent another 9/11 even with government mandated backdoors.
        • spacebear 2285 days ago
          Government-mandated backdoors seem more likely to enable terrorist attacks than prevent them, honestly.
    • SkyBelow 2285 days ago
      Given how much government incompetence led to the first one, I'm not sure how more government is going to prevent the next one.
    • ChrisCinelli 2285 days ago
      I think the right questions would be: "How can we reduce of orders of magnitude the probability of another 9/11?" and assuming monitor communication being a critical matter, "How could we reduce the probability of communications between terrorist going unnoticed and being able to understand what they are talking about?"
      • frickinLasers 2285 days ago
        They already had all the pieces to the puzzle when the first attack happened, and they failed to prevent it. Allowing pervasive surveillance of our private communications would throw magnitudes more hay on the stack. So, this is probably not the way to go about it.
    • dmitrygr 2285 days ago
      Yes. We all need to be prepared to take the risk in return for a free society.