Has U.S. Democracy Been Trumped?

[y66]

I think you mean Plato here rather than Burke. The quote "The only thing necessary for the triumph of evil is for good men to do nothing" is often linked with him (and has been since at least 1920) but that is almost certainly erroneous, his words being "When bad men combine, the good must associate; else they will fall, one by one, an unpitied sacrifice in a contemptible struggle." The earliest known example of the modern form comes from Reverend Aked but the real original is of course "The price good men pay for indifference to public affairs is to be ruled by evil men."

 

In any case, things have changed a fair bit since the 18th century. Blair did not expect normal civilians to go to war, not only because it is politically questionable but also because it is just not really feasible at the levels of training that would be possible. In a theatre like Iraq, a conscript militia is more harmful than useful. I daresay Trump knows this too and Belgium certainly has little to gain from raising a civilian army and carting them off to Asia, Africa or the Middle East. To blame the "good men" (women?) of Belgium for any successes would be similar, perhaps worse, than blaming Burundi for climate change but with the added effect of leaving thousands dead unnecessarily.

I stand corrected on the source of that quote. Thank you.

 

It’s too absurd for words to suggest that drafting a bunch of civilians and sending them to fight and die in Africa and Asia as was suggested will hasten the end of ISIS sponsored terrorism or that ending ISIS sponsored terrorism will end fundamentalist sponsored terrorism which is also relevant. But somebody is going to have to go, fight and die. Meanwhile, sitting on your ass or worse, with your head up it, while these ISIS assholes, who are known to you, are getting stronger and being pushed harder by their ringleaders, hardly counts as good men doing something, regardless of the source of that quote.

 

I could be wrong, but I thought that sitting on your ass while others are doing the hard work of trying to figure out how to solve this problem, even if they happen to be the same guys who "own" a big part of this mess, was the gist of my friend from Chicago’s post.

[kenberg]

Cracking the cell phone in question was never the focus of this debate. (Most knowledgeable folks believed that the government code have cracked the phone had they wanted to)

 

I work in tech, I work with a lot of lawyers, and I work with a bunch of people who care very much about privacy.

 

The key issues in this case were

 

1. Can the government compel a company to do novel work (against the company's interest)

2. Can the government compel a company to speak (against the company's interest)

 

For those who don't understand the reference to speech:

 

Code is treated in much the same way as speech

The government was trying to force Apple to write code and then create a digital signature for that code

 

I have hear the argument that the gov just could have dome it themselves and they were just trying to force Apple to do it. My knowledge is limited, but I don't buy it. If they had the ability to do it earler, I would think that they would

 

a. Not tell anyone they had the phone

 

b. Not tell anyone that they could get into the phone

 

c. Get into the phone

 

d. Make good use of what they found before anyone knew they had access to it.

 

Item c might require a court order but they could probably either get around that, or ignore that, or have it done with a secret court order.

 

 

Another point: I did not hear these comments about how obviously the gov can just do it until after they just did it. A bit like obviously you should have played for the drop after the finesse loses.

 

Anything is possible, the most bizarre things today seem to be certainties tomorrow, but the idea that the gov could have gotten in but decided to make Aplle do it instead, with much publicity, seems unlikely to me. I gather that Apple plans legal action to require the gov to disclose how they did iy, so maybe things will become clearer down the road. But I would not bet on that.

 

At any rate, they say someone told them how. I am inclined to believe them. Not on the basis that they say so, I am not that naive, but rather because it fits. Or maybe the NSA was the secret helper which is of course the gov, if they ever speak to each other. Maybe the NSA guy comes over to the FBI guy and says "I can show you how to do this, but you can't tell my boss because I am not supposed to be helping." I could believe that route.

[hrothgar]

 

Another point: I did not hear these comments about how obviously the gov can just do it until after they just did it. A bit like obviously you should have played for the drop after the finesse loses.

 

 

I did. I also saw at least two well written web sites describing how the government could compromise the security model.

(I've mentioned that I am working for an InfoSec group at the moment, right?)

 

Anything is possible, the most bizarre things today seem to be certainties tomorrow, but the idea that the gov could have gotten in but decided to make Aplle

do it instead, with much publicity, seems unlikely to me. I gather that Apple plans legal action to require the gov to disclose how they did iy, so

maybe things will become clearer down the road. But I would not bet on that.

 

This was a near perfect case for the government to establish a precedent that would be extremely valuable down the road...

[kenberg]

Probably we will never find out for sure.

 

Anyway, my thought when the gov announced that someone had shown them how to do it was that I guess hackers know how to do it. Even of the gov tells Apple how they did it and if Apple fixes this, I imagine that others will find or have found other ways to get in.

 

This is a problem for all of us. No self-respecting hacker would waste his time getting into my cell phone, but for many people, and not just terrorists, this seems like a problem. I am glad that the gov can hack into a terrorist's phone, and I don't much give a damn if they hack into mine, but all in all I think we have a problem here.

 

Not just from the Chines, not just from our own gov, it seems we have a problem.

[mycroft]

the money quote for Apple v. FBI (at least if you want to read about why the tech people are freaking) is [it was] "never about just one phone".

 

Also, Ken, of course hackers would want to get into your phone. It's quantity over quality, and you have contacts and phone numbers (and probably email addresses) they can use to get more. Even if you don't have embarrassing photos, or banking information, or even your location data so they can sell "Who's not home right now" to relevant people, your contacts might. It's not a question of whether your private information is of worth to crackers, it's a question of how much it's worth.

 

Really, *everyone* has something to hide from someone. Do I trust the government? Sure. Do I trust all the people working for the government? Not really. Do I trust anyone who may ever get the particular cracking tool (handcrafted by the makers themselves, not just an exploited bug)? Hell no - there are still some people alive who tried to kill me. Am I in better shape than many? Sure, partly because I'm almost an anti-social networker, partly because I tick all the right boxes, partly because "professional IT paranoid" is a good description of my non-bridge job.

 

And it doesn't require much knowledge of history to know that just because one trusts the government of today doesn't mean that the government of tomorrow won't...be as trustworthy, or treat you as if you weren't as trustworthy.

 

But yeah, you're probably safer than most.

[hrothgar]

 

This is a problem for all of us. No self-respecting hacker would waste his time getting into my cell phone, but for many people, and not just terrorists, this seems like a problem. I am glad that the gov can hack into a terrorist's phone, and I don't much give a damn if they hack into mine, but all in all I think we have a problem here.

 

 

When you compromise your security model as to allow the government to break in to your cell phone or break TLS, you create vulnerabilities that allow hackers to do the same thing.

Most of the exploits that we're seeing in SSL and TLS date back to the US government's attempt to ensure that they had backdoors into the system.

[kenberg]

the money quote for Apple v. FBI (at least if you want to read about why the tech people are freaking) is [it was] "never about just one phone".

 

Also, Ken, of course hackers would want to get into your phone. It's quantity over quality, and you have contacts and phone numbers (and probably email addresses) they can use to get more. Even if you don't have embarrassing photos, or banking information, or even your location data so they can sell "Who's not home right now" to relevant people, your contacts might. It's not a question of whether your private information is of worth to crackers, it's a question of how much it's worth.

 

Really, *everyone* has something to hide from someone. Do I trust the government? Sure. Do I trust all the people working for the government? Not really. Do I trust anyone who may ever get the particular cracking tool (handcrafted by the makers themselves, not just an exploited bug)? Hell no - there are still some people alive who tried to kill me. Am I in better shape than many? Sure, partly because I'm almost an anti-social networker, partly because I tick all the right boxes, partly because "professional IT paranoid" is a good description of my non-bridge job.

 

And it doesn't require much knowledge of history to know that just because one trusts the government of today doesn't mean that the government of tomorrow won't...be as trustworthy, or treat you as if you weren't as trustworthy.

 

But yeah, you're probably safer than most.

 

I am safe because I am unimportant. Realism, not modesty. And I don't trust all that much, which helps. But of course I agree, I am not completely safe.

 

I will go on about this for a bit. It has to do some with politics but I think it has broader social importance. We can now find out so much more than we could before. We need social mores that forbid us to do this. We need to protect ourselves from the crooks, and I hope we can. But we also need to simply refuse to do all of the probing that modern technology allows us to do.

 

I don't know how to sort all of this out, but some sort of judgment is needed. Some years back, a person being considered for the Supreme Court was found to have smoked marijuana in college. I don't care. I have many reasons to not like Donald Trump, but the fact that his wife once posed nude for GQ is not one of them. Early in the presidential campaign I understood that Marco Rubio's wife wanted him to not run. This is not because she was a hooker or an embezzler, she simply did not want that much attention. Who does? I have never killed anyone or robbed a bank but I did once forget to draw trump.

 

Anyway, it is a cliche but modern techolgy is a mixed blessing.

[y66]

Chief Justice Roberts talked about the challenge that rapid changes in technology are creating for the courts in this February 3rd interview (at 45:15) at New England Law School last month.

 

President Obama described his position on the encryption issue -- technology executives who are “absolutist” on the issue are just wrong -- near the end of his March 11th interview (at 1:15:45) at the South by Southwest festival in Austin, Texas. He did not talk about the impossibility of "giving the good guys the access they want without also giving the bad guys access" or the problem of knowing who the good guys are anymore or what the good guys have to do to show they deserve more trust vs, say, demanding it and expecting to get it.

[mycroft]

But Ken, you are not unimportant.

 

ISTR an article pointing out a site where credit card information was being sold for US$3/number. *That's* how unimportant you have to be for this not to be a problem - your worth to somebody has to be less than US$3 minus the cost of getting your information. Also, someone with a house and who can travel to bridge tournaments *clearly* is important enough for identity fraud, even if "scooping out your bank accounts" isn't a thing.

 

Going forward, the phone companies are working very hard to make paying-by-phone a thing, which means that anyone that can break the lock has your credit card (or debit access to your bank, depending on how it's set up). While I think that's *insane*, I already use my bank's app on my tablet to do my banking; although that would require breaking both my phonelock and my password locker lock to use.

 

And of course President Obama said what he said - while I respect him for what he has done and what he has tried to do, the most complimentary thing I can say to his stance on government control (being unequivocally "good") and government accountability ("you can just trust us", even against massive evidence that you can't) is "well, less horrible than the alteRnative, anyway".

[barmar]

No one knowledgeable ever thought that the government (or others) couldn't hack into a phone if they really wanted to, it's just a matter of how easy it is. It's like locks on houses -- no one doubts that most cops know how to pick locks, but we still wouldn't just give them a skeleton key for all locks.

 

Also, the software is designed to wipe the phone if it detects too many failed attempts, so they risk the possibility of completely destroying the evidence while trying to get it. They were looking for an easy, safer way to get into it.

[mike777]

No one knowledgeable ever thought that the government (or others) couldn't hack into a phone if they really wanted to, it's just a matter of how easy it is. It's like locks on houses -- no one doubts that most cops know how to pick locks, but we still wouldn't just give them a skeleton key for all locks.

 

Also, the software is designed to wipe the phone if it detects too many failed attempts, so they risk the possibility of completely destroying the evidence while trying to get it. They were looking for an easy, safer way to get into it.

 

 

1) in fact we do give the cops all the picks to enter the house, all the locks. we can debate if we can force you, innocent you to spend billions to make a key.

2) do we give cops the ok to with a warrant to search you phone,.,...yes......now can the cops force you to spend billions to unlock a phone.....I think no...... can force you to unlock a phone with a warrant if we pay you? can you force you to make a key?

[Zelandakh]

Under what law can the authorities force me (or you) to do anything at all? They can certainly forcibly prevent a person from doing things and can arrest a person for failure to follow directions but those are quite different cases.

[hrothgar]

Under what law can the authorities force me (or you) to do anything at all? They can certainly forcibly prevent a person from doing things and can arrest a person for failure to follow directions but those are quite different cases.

 

Force you to do what?

 

Pay income tax?

Register for the draft?

Purchase health insurance?

 

The answer varies, but there are all sorts of cases where the US government is able to compel action

[Zelandakh]

No, they can compel that not taking an action leads to imprisonment and forcibly remove assets in lieu of action but they cannot actually force someone to take the action themselves. You might feel that this amounts to the same thing as the consequences of not taking the accepted action are typically far worse than complying but civil disobedience activists all over the world might tend to disagree with that.

[barmar]

Threatening to punish you for not doing something is generally considered comparable to forcing you to do that thing. Of course, if you're willing to accept the punishment then it won't actually happen, but it's the biggest hammer they have.

 

By your logic, no one can "force" anyone to do anything. Perhaps the word "force" should be replaced by "require" or "coerce". But this meaning is generally understood in context.

[mycroft]

Also, the software is designed to wipe the phone if it detects too many failed attempts, so they risk the possibility of completely destroying the evidence while trying to get it. They were looking for an easy, safer way to get into it.

And that was one of the things they were trying to require Apple to do - write a version of the OS they could sideload onto the phone that didn't have the "wipe-after-10-failed" feature.

 

The other thing they wanted in FBiOS was removal of the enforced delay after N failed attempts so that they could just bash codes into it as fast as the hardware would allow (80ms), rather than having to wait minutes (up to an hour) to try again.

 

They explicitly *weren't* telling Apple to write code that cracked or bypassed the lock itself; just restore the "brute force" option they used to have (that Apple disabled because it was too easy to brute force phones). The suggestion of the security people: use the "power" - it takes on average 11 hours to brute-force a 6-digit passcode; so 110 hours for a 7-digit one; 1100 hours for 8 digits; 11 000 hours for 9 - and that starts to get into real money. 1300 years for 12-digit...

 

If you're concerned about the FBI, well then a year isn't too long for them to let you cool your heels in jail while they run the system at the phone. If you're concerned about J. Random crimesyndicate, 1100 hours - 6.5 weeks give or take - is probably at the point where they'll just throw out the phone and go after someone else.

[Zelandakh]

Threatening to punish you for not doing something is generally considered comparable to forcing you to do that thing. Of course, if you're willing to accept the punishment then it won't actually happen, but it's the biggest hammer they have.

No, they cam also brain wash or water board you amongst other possibilities. That starts to get into real forcing but, in theory at least, Western governments do not have the right to do this to their citizens.

[blackshoe]

Governments have no rights at all. Governments are not about rights, they're about power.

[Winstonm]

Governments have no rights at all. Governments are not about rights, they're about power.

 

I don't think you have thought through your position: governments are non-entities. Governments are nothing but people - one or many - who set the standards by which a society functions. To say that governments have no power is to say people have no power, which is a position with which I happen to agree. It is our choice as civilizations to grant ourselves and our neighbors rights, thereby granting ourselves rights as a government, but those are still individual rights. We can chose to extend different rights to our form of government, granting agents of the government the power to enforce rules and laws and punishments and following through with such punishments.

[kenberg]

No one knowledgeable ever thought that the government (or others) couldn't hack into a phone if they really wanted to, it's just a matter of how easy it is. It's like locks on houses -- no one doubts that most cops know how to pick locks, but we still wouldn't just give them a skeleton key for all locks.

 

Also, the software is designed to wipe the phone if it detects too many failed attempts, so they risk the possibility of completely destroying the evidence while trying to get it. They were looking for an easy, safer way to get into it.

 

I want to make sure I understand what you are saying.There has been much talk these days as to how terrorist cells can "go dark". It has been said that secure communication among terrorists and, for that matter, other criminals, is making prevention and apprehension more difficult. Are you saying this is all hokum, the feds can get into everything, no problem? Is it really the general view of encryption experts that secure encrypted communication is a myth?

 

I am not knowledgeable. Not even semi. But I go back to a point I made earlier. If the feds could easily have cracked into the phone, I would have expected them to shut up about having it, gotten a warrant to get into it (much like the unpublicized wiretap warrants of yesterdays), gone into the phone and read the contents, and acted quickly on that knowledge. The fact that they did not do so lends credence, at least for me, to the idea that initially they were unable to do so. I am having trouble seeing the flaw in this logic.

 

Added: It seems unlikely to me that anyone, outside of a very few, knows exactly what the government capacity is. The problem in this case was not just the encryption. There were, or at least they assumed that there were, tripwires. Clumsy attempts to get in would trigger an erasure, and perhaps it was time-sensitive so that if the data was not accessed within a certain period it would be erased even if no other wire was tripped. So the problem was to get into the phone quickly without triggering an erasure. I don't know and I seriously doubt that anyone outside of a small circle knows if they could, but certainly the simplest explanation for why they didn't is that they lacked the ability to do it.

[blackshoe]

I don't think you have thought through your position: governments are non-entities. Governments are nothing but people - one or many - who set the standards by which a society functions. To say that governments have no power is to say people have no power, which is a position with which I happen to agree. It is our choice as civilizations to grant ourselves and our neighbors rights, thereby granting ourselves rights as a government, but those are still individual rights. We can chose to extend different rights to our form of government, granting agents of the government the power to enforce rules and laws and punishments and following through with such punishments.

Apparently something changed the words I wrote into something else. Or you didn't really read my post. I did not say that governments have no power, I said that power is all they're about.

[helene_t]

Of course Apple could make their phones FBI proof by using strong encryption. But what exactly are they asking Apple to do? To give them non-encrypted information stored on a password protected device? Couldn't FBI do that themselves just by putting the memory chip into some other device? Or is the Iphone a single-chip thing where CPU and storage is in the same chip and memory can't be read by other devices?

[kenberg]

Of course Apple could make their phones FBI proof by using strong encryption. But what exactly are they asking Apple to do? To give them non-encrypted information stored on a password protected device? Couldn't FBI do that themselves just by putting the memory chip into some other device? Or is the Iphone a single-chip thing where CPU and storage is in the same chip and memory can't be read by other devices?

 

Beats me. Technical details are for others. I was addressing the idea that the gov's court actions were unnecessary because, of course, they already knew how to get in w/o Apple's help. My thinking is that if they knew how to get in they would have promptly done so and made good use of the results. This is a totally non-technical argument, but it seems to me to have merit.

 

There is a sort of meta view at work here. Most of us are not top experts in anything, and few are top experts in two things. Still, as involved citizens, we have to reach conclusions. How to do this? Take six months off of other activities and study the issue thoroughly ? Or judge as best we can based on what we do know about the issue combined with watching how the major players are moving? On any one issue, perhaps the first option is viable, but in general it is not.

 

I can fantasize. Maybe the following: After they recovered the cell phone some bright guy said "They will figure we have this and close down everything that links to it. Why don't we announce that we can't get into it, ask for a court order which Apple will resist? Surely they will believe us when we say that we cannot get in so they will leave everything in place while we crack in and get them." That could be what happened, but I doubt it.

 

"They didn't get into it because they couldn't" is a simple explanation. Details as to why they couldn't are for technical people and I might, or more likely might not, be able to follow them. I still am having problems with my Android.

[Winstonm]

Apparently something changed the words I wrote into something else. Or you didn't really read my post. I did not say that governments have no power, I said that power is all they're about.

 

This is your post: "Governments have no rights at all. Governments are not about rights, they're about power"

 

Again, a government is not an entity. Government is simply a word used to describe a person or group of people. Your post translates to, "the people who make up the government have no rights and are about power."

 

 

I think you are scapegoating the government as an extension of culture when in fact it is our culture that prefers modern society to the lawlessness of the Old West. I can certainly understand how a truly self-reliant person might prefer less interference in his life but that position is an outlier rather than a norm.

[barmar]

I want to make sure I understand what you are saying.There has been much talk these days as to how terrorist cells can "go dark". It has been said that secure communication among terrorists and, for that matter, other criminals, is making prevention and apprehension more difficult. Are you saying this is all hokum, the feds can get into everything, no problem? Is it really the general view of encryption experts that secure encrypted communication is a myth?

There's no such thing as total security. The issue is how much effort it takes to break the security. The history of encryption and code breaking is a constant game of cat-and-mouse, where the code breakers develop techniques to break the encryption, and the cryptographers improve their coding, and this repeats.