Earlier this month, FBI Director James Comey gave a speech arguing that the "post-Snowden pendulum has swung too far,"
There's a post-Snowden pendulum? And it's swung too far? In my country at least, the pendulum's swing appears to be unchanged from the way it was going pre-Snowden. If anything its swung further out - still in the same direction - post-Snowden.
Has there been some significant news in other countries that I've missed?
>The US already makes the USSR look like amateur hour...
Kind of a hard comparison to make, considering the USSR dissolved in 1991. That was well before internet access and mobile devices became a part of daily life, let alone existed in non-primitive form.
Well, it's hard to make the comparison "the US today is even worse than the USSR today". But it's pretty easy to make a comparison between the US today and the USSR in 1985.
If the USSR was bad, and we're worse, who cares if the hypothetical USSR of today would be even worse than we are today? It's still easy to see that we're (1) worse than something that was (2) awful. The reason for our surpassing awfulness being new technological developments isn't relevant to the idea that we've gone bad.
(Obviously, the USSR of then was much worse than the US of today along a whole host of vastly-more-important dimensions. I'm not talking about that.)
Worse than something that was, but only in a technological sense.
Surveillance today is more invasive, and pervasive. This is a direct result of technological advancement. So, unless you're talking strictly in those terms, then how the underlying surveillance capability is used must be taken into account.
For example, the United States probably has the most advanced surveillance capability of any nation on Earth. Certainly, this capability has the potential for abuse. In fact, I'm sure it is abused, and that's bad. However, the underlying use is more or less in line with other Western governments.
Contrast this with say, any hardcore authoritarian regime today using comparable technology, and it's a completely different magnitude of bad.
So, I wouldn't say the U.S. is worse than the former Soviet Union in terms of surveillance, at least not in any moral sense.
>For example, the United States probably has the most advanced surveillance capability of any nation on Earth. Certainly, this capability has the potential for abuse.
Why, does it have any other potential?
>However, the underlying use is more or less in line with other Western governments.
Nothing of the above is comforting.
>Contrast this with say, any hardcore authoritarian regime today using comparable technology, and it's a completely different magnitude of bad.
I dunno, at least most "authoritarian regimes" only mess with their residents. Whereas the US messes with its residents (somewhat for some groups, full on assault if you are black, see for e.g. incarceration rates), with 4-5 countries directly (invasion, etc), with 10-20 countries indirectly (threats, special "deals" from friendly lackeys put in power, etc), and all the world diplomatically.
> In the wake of the Edward Snowden leaks, most lawmakers seem more interested in reining in government surveillance than expanding it.
Is there evidence for this? Walking out of Citizen Four tonight, my immediate thoughts were on how seemingly underplayed the issue has been this election cycle.
tl;dr: Comey: "The Bill of Rights is inconvenient. We'd like to wipe our backside with it, and we need Congress to make that legal. Support such a law because $BOGEYMAN. Thank you, citizen."
It's easy to demonize and misconstrue people, but it's vastly more useful to actually understand them. In all likelihood, James Comey is genuinely worried about public safety.
Think about this from his point of view. As head of the FBI, his days are inundated with threats. Most of them are bunk, but a few might be credible. He worries his subordinates don't have the tools necessary to adequately follow-up on everything. If only they could tap network devices like phones (and really, there's no practical difference between the two these days), they'd be so much more effective. "Yes," he thinks, "there are privacy concerns, but we're the good guys. We could follow-up on so many more threats. We could keep everyone safer."
Now think about what happens if there's a successful attack. Mr. Comey is from Yonkers, so he almost certainly went to some funerals after September 11th. Think of how a repeat of that haunts him. He'd feel personally responsible for failing the American people. Lives lost, families broken, because of him. So he asks Congress for help. Maybe he punches-up the rhetoric a little to make his case more compelling.
That's a much more likely version of what's going through his head. He may be mistaken, but he's not malicious.
While it is convenient to pull out the quote "never attribute to malice..." the malice here has both mens rea and solid evidence. This is not about fighting criminals, judicial process, or even vague threats to national security.
Malice, n: the intention or desire to do evil. Ill will.
I will list a few, but I'm not going to debate the point or google the sources on these. If you don't see the malice here or want to disagree on minutiae, please do it briefly and then let's let it drop.
It seems like malice plain and simple when:
1. Keith Alexander lies to Congress about whether the NSA routinely intercepts totally domestic communications (bear in mind the NSA's stated charter).
2. The CIA deletes their records after it comes to light that they captured surveillance of Congress when Congress started an inquiry into the CIA for illegally putting surveillance on Congress.
3. James Woolsey publicly declares Snowden should be hanged for treason.
4. David Miranda is held inhumanely for 9 hours in Heathrow. He has never been implicated in the Snowden investigation or charged with anything else, for that matter.
5. The Guardian chooses to physically destroy their copies of Snowden's files when pressured by GCHQ. They can at least film the process.
6. NSA programs deliberately weaken encryption, subvert standard committees, infiltrate US businesses, sabotage hardware shipped through the US, and record all traffic at major internet switching points around globe. The stated intent is surveillance completely at odds with all major recognized statements of inalienable human rights.
A note to those reading this exchange: sounds is using the tactic of replying with a list of tangentially-related, denotationally true but connotationally not-so-accurate points. If I don't spend an inordinate amount of time responding to every one of them, he can say, "Ah-ha, but you didn't address points 2, 4 and 5."
I don't like taking things meta, but it's impossible to engage in a debate when confronted with such a mess. The sad thing is unless you've been on the receiving end of this tactic before, it usually works.
Yes, all kinds of bad things have been done by the NSA, CIA, and GCHQ. But I (and the article) was talking about one man: James Comey, and one organization: the FBI. I don't see either mentioned in your reply.
I think maybe you are both right. You can have individuals who think they are doing good working within the confines of a body that is sometimes and in some capacity malignant.
Law enforcement as a practice is ultimately the act of treating your own citizens as enemies. I think for the most part we have extremely well intentioned people in those roles. I don't think Hoover had outwardly malicious intentions - for example - but I do think an agency with an agenda to disrupt civilians that have political ideas that run contrary to policy goals or administrative priorities, even if its composed of nuns, will inevitably be malicious.
Seeking to directly and intentionally harm the rights of the very citizens you're supposed to be protecting, makes you malicious. It is that simple.
It doesn't matter whether Comey is a nice guy or whether he thinks he is doing right. What matters is what the guy actually does. His actions make him malicious. Putin might be insane or delusional and think what he does benefits the Russian people - that doesn't mean he isn't malicious.
Remember the corollary, sufficiently advanced incompetence is indistinguishable from malice.
If he's genuinely worried about public safety and as a result thinks this is a good idea, he should be demonized and driven out of his job, and any related job. If he believes that certain things should be allowed for the good guys but not for the bad guys, he is the bad guys.
But all that is beside the point. I don't live in James Comey's mind, and its internal state is totally irrelevant to me. What he does matters. If he's doing it for what he thinks are good reasons, that just means he's evil and he has terrible judgment -- which doesn't seem like much of a step up from "he's evil".
pleasently surprised to hear something like this on HN.
I am not super convinced that public servants are "out to get us", but probably woefully uninformed and living in a certain bubble. Just like how we're in a bubble filled with images of totalitarianism that makes us react so violently to comments like this.
I'm always reminded of Adam Curtis' blog post on the history of MI5(http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER). An absolute must-read. Basically MI5 was lead by people in an alternate reality to what was already happening. Their objectives were not malicious in itself, but their worldview was so insane that what they ended up doing was pretty head-scratching.
Here, the FBI spends their time running after kidnappers or something, and suddenly they can't get text messages from the kid's phone (which is probably the best lead in these sorts of situations), it could be extremely frustrating.
Just by the way, kidnappings are a very real thing that happen extremely often in the US (250000 a year in the USA). Only 115 are of the "stranger kidnapping a kid" variety, most are people they know, so of course the police would like to see the text messages.
"Think of the children" is a tired trope, and I don't think that it's a real argument, but the FBI works on a lot of these cases, and this will hinder their job. It's normal for them to speak up about it. Doesn't mean they should get access though.
I am sure that whether he was malicious or mistaken will be interesting for historians while studying "The slide of the US into police state in the late 2020s", but not for the rest.
The US currently supports intelligence, domestic and external security forces that are totally out of line with any credible treat. With too broad power. A lot of it in the dark or shade. That concentration of power and force makes me feel uncomfortable.
Either you believe police should have access (with warrants) to anyone's information or not.
You can argue all day about warrant-less wiretaps, but that's a red herring.
If the law should have power to discover data, denying them the power to do so via poor tools is a half-ass way to hamstring a policy that we agree is necessary.
Or we don't agree, and you want to bar the law from private information at any cost.
The reality is that police and federal law enforcement are able to acquire private information using other means including knocking on doors, physically bugging devices and people, hacking into devices and other ground work.
The law can have the power to discover data, but this power can be separate from compulsion statutes that force large corporations to surveil, store and copy customer data as a default.
What if there was a law that required you as a private citizen to spy on other private citizens? You would have to keep files on people, but you would only need to give them up if a search warrant or other court order was given to you. Wouldn't that be wrong? The only difference in this case is that Apple and Google and whomever else have filed to be incorporated.
Yes law enforcement should be able to access individual's data. No, it doesn't have to come in the form of a compulsory digital surveillance apparatus.
> What if there was a law that required you as a private citizen to spy on other private citizens?
I really don't see how any of this is incompatible with the checks of warranted search.
Compulsory digital surveillance sucks, don't do it, but if it's required else the data is lost forever then it's required. (if you agree with the legal access to private data)
This is not complicated, you don't need to make it so.
I'm not sure I get what you mean. Can you confirm?
What I think you are saying: it would be okay to force private citizens to keep tabs on each other so long as the warrant/subpoena and court system were trustworthy and in working order (i.e. in the case where there are very few abuses and mistakes by law enforcement).
I was looking through his site. Seems like he curates news articles relevant to a couple stories he's following and this one is just one of the ones that made it in.
Agreed it should be changed to reflect the original source.
This is where some well-phrased xenophobia would be really helpful. "Comey wants to hand your texts over to the Chinese" or something like that.
It has the benefit of being more or less accurate; there is no way, if the architecture technically supports it, that it won't be forced by any legal jurisdiction that can bring sufficient pressure. This happened already with Blackberry Messenger.
Can someone explain how can this - you must build surveillance in should be supposed to work? It is trivial to build encrypted message platform on top of current FB chat.
To me it seems that this kind of bills are pointed towards not the tech savy people that intend to break the law but everyone else.
Moral of the story: Use iMessage to text and use FaceTime Audio for your phone conversations.
It really makes me wonder where Apple will end up in all of this.
With the Australian Government pushing through a bill to allow for 2 years worth of metadata to be stored for every person in the country in a 30 minute rushed meeting... I really hope Apple strives for a technological solution to allow for the same type of user protection with all web browsing as well.
Is it technically a possibility that Apple could say, route ALL traffic from Apple devices through a secure non-trackable network before going out to the internet?
(by non-trackable, I really mean non-user-identifiable)
route ALL traffic from Apple devices through a secure non-trackable network before going out to the internet
I.e. make all connections through something like Tor by default? Apple technically could do that, but given the performance of the Tor network, I don't think it would be a good idea. (I think the similar idea of having every one of their desktops be a Tor relay by default would also face some strong opposition.)
And this lobbying is not so "secret" anymore now, is it...
Imagine if this was the meaning of the "Do Not Track" switch in OS preference panes. (And that the OSes that had it enabled by default, continued to do so.)
Yeah - those honestly-not-at-all-over-reaching "gotta catch the terrorists" data retention laws for criminal investigations. Which will "absolutely" be used against copyright infringements: http://www.theregister.co.uk/2014/11/02/oz_gov_lets_slip_tel...
There's a very simple solution to this. Use strong encryption and obscure or otherwise hide the private keys. We're trying to develop a future conscious messaging client:
Is it NSA proof? Probably not, but it will thwart most prying eyes, including LEOs. The idea isn't to make data impossible to get to (this in and of itself is impossible). But rather to make it exceptionally expensive to get to, this forces the people with prying eyes to be much more selective.
>The critics also argue that police often have other ways of legally obtaining information, such as getting warrants for data stored on company servers.
Isn't the whole issue that the data would not be readable on company servers anymore?
"iCloud is Apple’s cloud service that allows users to access their music, photos, documents, and more from all their devices. iCloud also enables subscribers to back up their iOS devices to iCloud. With the iCloud service, subscribers can set up an iCloud.com email account. iCloud email domains can be @icloud.com, @me.com and @mac.com. iCloud data is encrypted 3wherever an iCloud server is located. When third-party vendors are used to store data, Apple never gives them the keys. Apple retains the encryption keys in its U.S. data centers. The following information may be available from iCloud..."
"...i. Subscriber Information ... name, physical address, email address, and telephone number ... iCloud subscriber information and connection logs with IP addresses ... Mail Logs ... Email Content ... Other iCloud Content. Photo Stream, Docs, Contacts, Calendars, Bookmarks, iOS Device Backups ... photos, documents, contacts, calendars, bookmarks ... photos and videos in the users’ camera roll, device settings, app data, iMessage, SMS, and MMS messages and voicemail.
iCloud content may be provided in response to a search warrant issued upon a showing of probable cause."
It is only data stored directly on devices that Apple claims it can no longer give access for. Note that a lot of data gets synced without user knowledge including working drafts of documents: http://mjtsai.com/blog/2014/10/26/yosemite-uploads-unsaved-d...
One of the things this missed is that there are other laws on the books besides CALEA that do apply to electronic and digital communications. Some do not apply specifically to Apple or Google, while others will.
* Contents of Wire or Electronic Communications in Electronic Storage.
* Contents of Wire or Electronic Communications in a Remote Computing Service.
* Records Concerning Electronic Communication Service or Remote Computing Service.
* Requirement To Preserve Evidence
For example, you can see Apple's handling of this in their legal process guidelines, where they admit to being able to give "subscriber information ... mail logs ... photos and videos in the users’ camera roll, device settings, app data, iMessage, SMS, and MMS messages and voicemail" information from iCloud synced iOS8 devices:
* Section 202 - Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses
* Section 204 ("Clarification of intelligence exceptions from limitations on interception and disclosure of wire, oral, and electronic communication") both removed restrictions put in place on the Foreign Intelligence Surveillance Act and broadened the law to include electronic communications. The FISA concerns itself with communications that travel internationally as sometimes happens with domestic electronic communications. It is also complicated legal issue with regard to foreign datacenters and international geo-redundancy.
* Section 2703, applicable to a "provider of electronic communication services" forces the disclose the contents of stored communications and in addition allows this to be done with a search rather than a wiretap order.
* Section 210 - "Scope of subpoenas for records of electronic communications" sets some rules for electronic records including things like IP addresses and session records.
* Section 211 expands the ability of the US to get records from cable television.
* Section 215 - Access to records and other items under the Foreign Intelligence Surveillance Act expands the list of records to include 'tangible things' such as "books, records, papers, documents, and other items".
* Section 216 "Authority to issue pen registers and trap and trace devices" applies to electronic communications as much of Bush era legislation expanded 'pen registers' to the digital domain.
That's just the Patriot Act. Here's Wikipedia's first paragraph on the Stored Communications Act:
`The Stored Communications Act (SCA, codified at 18 U.S.C. Chapter 121 §§ 2701–2712) is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third-party internet service providers (ISPs).`
The Stored Communications Act defines the legal framework used for digital pen registers and wiretaps on an ISP level.
Part of that is by diktat - the CALEA law means that they're obligated to have backdoors for law enforcement. This is probably the angle that the feds are trying for, to get things like iMessage covered under the same law.
>On 28 April 2001, IPoAC was actually implemented by the Bergen Linux user group. They sent nine packets over a distance of approximately five kilometers (three miles), each carried by an individual pigeon and containing one ping (ICMP Echo Request), and received four responses.
If you look at the design of the Secure Enclave's Key Derivation Function it pulls in data from a unique ID burned in by the manufacturer and a small pin code provided by the customer. Apple claims it can not get the data because it knows neither the UID or the code.
However, the manufacturer of the Secure Enclave does/will know the UID and a user passcode can easily be brute forced. If law enforcement have enough leverage to get UIDs then the system is moot.
My impression of Apple's UID is that it's a physical unclonable function[1] whose output is directly connected to the key derivation circuitry. This means that there is, absent physically destructive attacks or side-channel vulnerabilities in the key derivation circuitry, no way to recover the UID/PUF output. Since PUFs typically get their values from random process variation, their values cannot be known before manufacturing. Since it can be used, in very well-defined operations with inherent rate limiting, but cannot be read out directly, there is no economically-feasible way to recover their values after manufacturing, either.
Of course, this is mostly speculation and would need some serious ChipWorks-style reverse engineering to determine if it's true, but that's my impression given what I've read from Apple's security documentation.
> Since PUFs typically get their values from random process variation
How sure are we that this is the case, and how can we verify it? You can burn in whatever bits you want to the PUF. If there is a list, a product to UID mapping, a deterministic UID generation process or even PRNG that isn't strong enough the Secure Enclave falls.
Well, again, I can't be sure, and you can't verify without reverse engineering the chip.
But that's not how PUFs work. The whole point of a "physical unclonable function" is that it's not just a set of bits that can be programmed to an arbitrary value; it's a part of a circuit which, based on physical characteristics of the apparatus, deterministically generates a response to a given challenge. The idea is that there is no such list for the PUF internal values--they're not controllable, and it would be extremely difficult to read their internal state without destroying the chip. Making lists would be very awkward: according to the Apple iOS Security Guide[1], the KDF takes 80ms per passcode attempt. So, generating a list of PUF outputs for all 10,000 4-digit numeric passcode would take Apple ~14 minutes--and it must be done on each device.
So, it's theoretically possible that Apple spends 14 minutes per device making a list of PUF outputs given all 4-digit numeric passcodes. However, a user who uses any other passcode would be completely unaffected (except having the search space reduced by 10,000), and I consider it highly unlikely that Apple can afford 14 minutes per device just for potential nefarious use given the volumes they produce.
Also, note that almost all other keys are 'tangled' with the output of the PUF, so a PRNG failure is not likely to cause predictable keys, depending on the failure mode and what PUF stimuli Apple records.
Of course, this is all a moot point, as none of this is verifiable (at least, to me and you).
Actually, it does not look like the UID is a PUF - although it's a very interesting idea!
"Unique ID (UID) - A 256-bit AES key that’s burned into each processor at manufacture. It cannot be read by firmware or software, and is used only by the processor’s hardware AES engine. To obtain the actual key, an attacker would have to mount a highly sophisticated and expensive physical attack against the processor’s silicon. The UID is not related to any other identifier on the device including, but not limited to, the UDID." - https://www.apple.com/ipad/business/docs/iOS_Security_Feb14....
> "To obtain the actual key, an attacker would have to mount a highly sophisticated and expensive physical attack against the processor’s silicon."
This is not true if the UID is generated in some way that allows pilfering by the manufacturer.
> So, generating a list of PUF outputs for all 10,000 4-digit numeric passcode would take Apple ~14 minutes--and it must be done on each device.
The threat model here is not Apple, but the manufacturer. In this case the options I mentioned earlier would allow very fast attacks that could be launched selectively at target devices later on.
> Of course, this is all a moot point, as none of this is verifiable (at least, to me and you).
Definitely not verifiable of falsifiable by you or by me. I would suggest however that the claims and reputation of the Secure Enclave is not deserved. Finally, in crypto, skepticism is a feature.
@xnull: interesting, my download of that file has slightly different text:
The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys *fused* into the application processor during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed using them. The UID is unique to each device and is not recorded by Apple or any of its suppliers.
(emphasis added)
That language, along with this gem later:
The passcode is “tangled” with the device’s UID, so brute-force attempts must be performed on the device under attack
lead me to believe they're describing a PUF.
By the way, can you save a local copy of that file? My SHA256 is b9d1f5290ebe56780af692e2b12037d6b7e085ef1f6050c1e27ea8426f94bfcc, what's yours?
>The threat model here is not Apple, but the manufacturer. In this case the options I mentioned earlier would allow very fast attacks that could be launched selectively at target devices later on.
Right, I understand. No matter what Apple says, you can't verify, so you can't trust.
>Definitely not verifiable of falsifiable by you or by me. I would suggest however that the claims and reputation of the Secure Enclave is not deserved. Finally, in crypto, skepticism is a feature.
Well, who am I to say whether Secure Enclave lives up to its hype? But definitely agreed about skepticism...
There's a post-Snowden pendulum? And it's swung too far? In my country at least, the pendulum's swing appears to be unchanged from the way it was going pre-Snowden. If anything its swung further out - still in the same direction - post-Snowden.
Has there been some significant news in other countries that I've missed?