HN Theater @HNTheaterMonth

maybe not relevant here but my first thought to your question out of context is scale. My house can be easy entered by anyone determined to enter it. They can bust the door down, break the windows, crash a vehicle into it. And yet, almost no one is actually trying to get into my house. Conversely, 1000s of people and possibly hundreds of thousands of bots are trying to break into any software they can that is exposed on the internet (or possibly exposed in other ways like I have no idea if every app on my PC/Mac/Phone/Tablet is scanning my network for devices with known exploits)

So, the security of my house (at least where I live) does not have to be so resilient but the security of much of my software does.

https://www.youtube.com/watch?v=VPBH1eW28mo

> The entire US constitution is built on the premise that people have rights.

As much as I'm near-absolutist on civil liberties, I think it's also valuable to recognize that the intrinsic good of individual rights are only one part of the story; the other is the balance of power between government and the governed.

I recently heard Sam Harris opine that from a utilitarian perspective, an absolutist right to privacy pales in comparison to allowing harm to come to children, and so the tech community needs to flex a little on the privacy question, and meet law enforcement halfway. Through that reductionist lens, it's hard to find fault in the argument.

The problem isn't limited to privacy, though. Unbreakable digital locks exist, and they aren't going anywhere. [0] And there is power in the ability to keep secrets. You can bet the Feds have little interest in a Panopticon, where they too are obstructed from keeping digital secrets, as "meeting us halfway" for some greater good. Rather, they want to hoard that asymmetric power as their exclusive purview. No matter how well-intentioned, that asymmetry of raw power is something We The People have a vested interest in taking seriously, far beyond some abstract notion of "I want to Google ${CONSENTING_ADULT_SEXUAL_ACTIVITY} without worrying the neighbors will find out".

[0] https://www.youtube.com/watch?v=VPBH1eW28mo

⬐ michaelmrose

There is never any logical reason to suppose that the right solution lies in between 2 extremes. If the question is the answer to 2 + 2 the answer isn't halfway between 0 and 9000.

Secondly when a party consistently pushes for an extreme position if you meet them halfway as a matter of policy you will shortly find yourself within spitting distance. The only productive position is extreme obstinacy.

⬐ _0ffh

Yes! Sometimes if you compromise, you still loose - just more slowly.

⬐ someguyorother

> I recently heard Sam Harris opine that from a utilitarian perspective, an absolutist right to privacy pales in comparison to allowing harm to come to children, and so the tech community needs to flex a little on the privacy question, and meet law enforcement halfway. Through that reductionist lens, it's hard to find fault in the argument.

I'd say it's pretty easy. For utilitarianism to make sense, it has to take the future into account. And what looks like an absolutist right to privacy might be a utilitarian argument of the type that if you grant a monopoly of power (private or public) the right to make use of your private information, then it could well use that private information against you later.

An integral utilitarian might then say "it's worth some harm to children today to ensure there won't be great harm tomorrow". That kind of being able to trade off different scenarios of harm without regard to absolute principle is pretty much what characterizes (act) utilitarianism.

⬐ 8note

If privacy isn't an issue, we could insert tracking chips into the children and give them identifying tattoos, then track their locations.

⬐ DeathArrow

I don't know about US but in EU electronic passports and electronic IDs are becoming mandatory. So all people will have an RFID device with them all the time. And let's not forget the mobile phones which can be localized with high accuracy even without GPS, usually because the device can be seen by more than 3 base stations at a time.

The Chinese made mass surveillance even simpler: they have lots of cameras and face detection.

We don't have much privacy these days.

⬐ feanaro

Just because it's possible to use something as a source of information, it doesn't mean it is used as part of a massive dragnet. Yes, it's possible to track phones, but most countries don't have a dragnet implemented based on this information, as far as I'm aware. It's not a lost battle and we still need to push back to ensure it is not.

As much as guns have grown deadlier since 2A was penned, they ultimately scaled linearly; we don't currently have weapons available to citizens which can destroy a city. If the police need to counter a citizen's misuse of guns, they can easily deploy 10x guns of their own.

This used to be true of secrets: if there was a legitimate reason for police to crack a safe, it was difficult, but possible. But with encryption, you no longer need 10x force; you need closer to (10^100)x force (not an expert, but close enough for illustration).

What's neglected/forgotten is that weakened crypto creates a power asymmetry in the other direction: while there's no way to scale safe-cracking to (10^100), such that the feds can auto-crack every safe at will, that is absolutely feasible for digital locks, if those locks are forced to be arbitrarily weak. The NSA would have the resources to pre-crack and cache every single encrypted signal, "just in case".

The nature of the mathematical asymmetry leaves no middle ground: either every citizen has access to unbreakable locks, or no one will [0] (except for the Feds themselves, of course): https://www.youtube.com/watch?v=VPBH1eW28mo

[0] There is one cogent comparison to the arguments of 2A advocates here: "if you outlaw crypto, only outlaws have crypto". In fact, it's even worse: hypothetically the feds can track gun-running, and guns are (currently) non-trivial to manufacture oneself. But all it takes is a small snippet of GitHub code and/or a white paper to craft an unbreakable lock, and disguise the data as noise, regardless what violence governments threaten. The only people affected by restrictions would be law-abiding citizens.

CGP Grey's "Should all locks have keys?" says it better than I ever could: https://www.youtube.com/watch?v=VPBH1eW28mo (4m)

If you need to explain to non-technical friends and family exactly why this is a terrible idea, CGP Grey offers an easily digestible 5-minute primer: https://www.youtube.com/watch?v=VPBH1eW28mo

Computers either have unbreakable locks, or no locks whatsoever. There's no stable middle ground.

⬐ stronglikedan

> unbreakable locks

Replace that with "locks that have yet to be broken", and I agree.

> The FBI asked Apple to put a build on a phone that would allow them to brute force the passcode, leaving the device and the build on Apple's premises the entire time.

It doesn't matter how well it might be locked down or secured. If the government coerced them into building it, it wouldn't be difficult to go one more step and require apple to hand over the modified OS.

This [1] does a great job of explaining why building a master key is just a bad idea. This is a pandora's box we do not need to open.

[1] https://www.youtube.com/watch?v=VPBH1eW28mo

⬐ lern_too_spel

The master key already exists. It is the key used to sign builds.

Edit: downvotes of easily verifiable facts are causing hn to block me from responding. At the time Apple made the false marketing claims, no passcode was required to install a signed build. Hence, the FBI's request.

The FBI was asking for no more than what Apple could already do, and it was letting Apple control the whole process. The problem was that what Apple could already do disagreed with what Apple told its customers that it could do.

⬐ Lownin

Except in the case that the device will not accept the build without the user's passcode, right?

⬐ zaroth

Correct. This may not have been perfectly locked down before the secure element, but Apple’s design goal has always been that the device hardware prevents even Apple itself from retrieving encrypted data without the passcode, and that passcode should have a strictly limited number of attempts to guess.

Bugs will always be found and it’s a mistake to think even the latest iPhone is immune to attack. In particular, the baseband continues to be a large attack surface, and IMO is the vector most likely used by the Saudis to remotely access iPhones on their cellular network.

I’d feel safer if a powered off iPhone did not connect to any network (WiFi, Cell, or USB) after booting until the passcode is entered.

Yes.

https://www.youtube.com/watch?v=VPBH1eW28mo is a pretty good video for persuading people why this legislation is a bad idea. We might still be able to beat it by rallying support.

⬐ pdkl95

Susan Landau's congressional testimony - with Comey siting one table away - applies to this as well. She explains in detail not only the problem with backdoors, but also how the FBI badly needs to update their methods. The quote from the NSA that legal access doesn't mean that access will be easy should have ended this brouhaha last year.

https://www.youtube.com/watch?v=g1GgnbN9oNw&t=3h35m50s

Very similar argument to lovely CPG Grey video: https://www.youtube.com/watch?v=VPBH1eW28mo

If you have five minutes, please see this short video from CGPGrey, which summarizes succinctly why access to your phone is akin to access to brain:

> https://www.youtube.com/watch?v=VPBH1eW28mo

⬐ harryh

I don't think it makes that point well at all. It says that (kinda) but doesn't support the idea with any form of reasoning. In fact, it's a relatively minor point and not really the main point of the video at all.

If you had access to my phone you could learn a great many things about me (most of them banal) but there are many many many thoughts in my head that don't exist on my phone in any form.

Continued nerd insistence of your point is little more than fetishization of technology. There's a reason Obama used that word at sxsw. It connotes a level of obsession and overfocus that is, quite frankly, pretty creepy.

⬐ slg

This is a very good video that gives you insight into both sides of the debate, but I'm not sure it will change many minds because the central idea of the video isn't really supported by anything. The entire thing rests on on argument, "There is no way to build a digital lock that only angels can open and demons cannot." However, there is nothing in the video to back up why that argument is true now and/or will continue to be true in the future. That is where Clinton's whole "Manhattan Project of Encryption" idea comes from that she mentioned a few months back.

It also makes the entire debate black and white which isn't the case in the rest of our legal system. Nothing there is 100% accurate. There are guilty people who get off and innocent people who are convicted. If we could devise a lock that keeps out nearly all demons and lets in most angels, would that satisfy both sides of the debate?

⬐ cb18

the central idea of the video isn't really supported by anything.

You missed the point of the video.

Thinking of encryption as a 'lock' is only a metaphor, it isn't actually a 'lock'.

There aren't 2 sides to this 'debate.' There is no debate here.

Something is either encrypted or it isn't. There is no in between.

If you want to take an opposing side in a debate, you would have to say something like "encryption is a bad idea and shouldn't be allowed to exist, we must wipe it from the face of the earth."

Yeah... good luck with that.

Not only would attempting such a task be futile and foolhardy, but the vast majority of political will would be aligned against attempting such an idea since so much of the modern world rests upon encryption.

in the rest of our legal system. Nothing there is 100% accurate.

Our legal system doesn't rest on the absolutes of mathematical thinking in the way that encryption does.

2+2 = 4 is '100% accurate'

⬐ anexprogrammer

> If we could devise a lock that keeps out nearly all demons and lets in most angels, would that satisfy both sides of the debate?

How to have confidence angels will remain angelic and not be susceptible to demonic blackmail and bribery?

⬐ slg

The same way we do with everything else, democracy, laws, and the legal system. I'm not sure why encryption would have to be different in that regard.

⬐ pixl97

The legal system describes punishment, not protection. The legal system only works inside of said country and does not pertain to outside actors, individual or state level that are beyond your prosecution. Even the government itself protects itself from itself by using compartmentalization. By giving the government the keys to everything we have ruined said compartmentalization and put everyone at risk.

⬐ BinaryIdiot

> However, there is nothing in the video to back up why that argument is true now and/or will continue to be true in the future. That is where Clinton's whole "Manhattan Project of Encryption" idea comes from that she mentioned a few months back.

Completely agree; it could have done better to reinforce the why it's not possible.

> If we could devise a lock that keeps out nearly all demons and lets in most angels, would that satisfy both sides of the debate?

No because that would also collapse our entire e-commerce industry in America. Why would any company do business here if they are now liable for people using a back door into their software / network and stealing all of their data? Plus this is the information age; if you keep out nearly all of the demons then that means at least SOME demons are getting in which is the same as ALL demons getting in.

Think about it. One bad person gets in and...all the data is now in a torrent. It only takes a single demon getting in. One.

⬐ CapitalistCartr

No, it wouldn't, because we have different ideas of which people comprise each group. I would apply strict scrutiny and the tightest limits to the angels group. Its obvious from past behavior the government, especially prosecutors, favor adding to both groups at their convenience.

⬐ slg

This is not an argument for encryption. This is an argument for who has the keys. It is much easier to reach a compromise on the latter than the former.

⬐ Retric

I don't think so. Personally I think breaking encryption should be setup to cost ~100 million in computer time at a minimum each time. IMO, this represents a reasonable compromise where rogue agents are simply not going to stalk their ex.

The point is this needs to be the kind of choice where the president is in on the call. Not simply a secret that can be sold to foreign governments within a week.

⬐ pixl97

>setup to cost ~100 million in computer time at a minimum each time.

Which means every X months that cost drops by half. Hopefully you don't need to keep your secrets very long. In 10 years with the rate of Moores law it will cost you a few thousand dollars at most to crack it.

Your idea is bad and puts peoples lives at danger.

⬐ Retric

Moors law is dead.

https://asteroidsathome.net/boinc/cpu_list.php

  Q1 2011 330$ i7 2600k 29.64 GFLOPS / computer.
  Q1 2016 336$ i7-4790K 43.78 GFLOPS / computer.

Five years < 50% speed boost. And let's not forget some people can overclocked that 2600k from 3.4ghz to 5.2+ Ghz where people are having issues getting the 4790K that high even with a 4ghz base clock. GPU's got faster for longer, but they where using older processes.

Also, for live systems you can always re encrypt.

⬐ jasode

>However, there is nothing in the video to back up why that argument is true now and/or will continue to be true in the future.

It seems obvious to me why it's trivially true but maybe you had something else in mind.

Let's say you have an equation like this: x+3=10.

How do we make it so the answer of "x=7" is only given by angels but never by demons? Cryptography is mathematics and for the entire period of its existence, there's no math that only the good guys can perform but the bad guys can't. Math and numbers don't have a concept of angels vs demons acting on it. Same idea as a physical key not knowing if the hand using it is a legitimate police officer or a criminal.[1]

Also, the distinction of angels-vs-demons is not as simple mapping it to government-vs-terrorists. What if the actors in government are the demons?!?" Examples are police officers using their computers to digitally stalk people or CIA officers probing into citizen's private files that they're not authorized for.

Clinton said, "There must be some way. I don't know enough about the technology,"[2]

Ok, it seems like someone can just sit down with Clinton and outline the math above. Or, if we really really wanted to play along with the "there must be a way" idea, I suppose we could postulate a math device that only performed mathematics after scanning the users brain and determining that the neural patterns constitute a "good guy" with lawful intentions. Well, what about all the electronics and math unrelated to the biometric verification? Just bypass it.

[1]https://www.google.com/search?q=tsa+keys+leaked

[2]http://arstechnica.com/tech-policy/2015/12/hillary-clinton-w...

⬐ slg

I think the obvious response to your first argument is that encryption already works on the angels vs demons system. Except with the current technology the angels are the owner of the data and anyone with which they share the data. Why does the mathematics work for that but you can't expand it to a larger group of angels.

As I have said elsewhere in this thread, your second point isn't an argument involving encryption. You are arguing that we can't trust the government. While that might be true, that is an entirely different debate that is relevant in a whole bunch of other areas and not specifically encryption.

⬐ jasode

>but you can't expand it to a larger group of angels.

Your phrasing and labeling of "angels" is not the same as mine. We are starting from different assumptions.

In my opinion, you've made a leap of logic and a priori called the abstract actors in the government, "angels".

I would weaken your sentence to say: "but you can't expand it to a larger group of 3rd-parties."

It's critical that I call them 3rd-parties because it is not yet known if they will behave with angel or demon intentions. It's also impossible for technology to determine that.

>You are arguing that we can't trust the government. While that might be true, that is an entirely different debate

I respect that you consider it a separate issue but I think that bad actors (or sometimes incompetence without malice[1]) within the government is intertwined with what an "angel" is.

To not get bogged down on "angel", let's say we just consider if there's a way for technology to create a backdoor that only works for the government but not non-government. Again, the answer would be no.

[1]such as the leaks of SSN, mothers maiden name, etc from OPM backround checks: https://www.google.com/search?q=opm+background+checks+leaked

⬐ slg

I think you just proved my point of why no one is changing their mind on this issue. You went from saying you had a trivial mathematical argument to debating semantics and disagreeing on the meaning of the word "angel". Politicians thrive on those type of semantic arguments. If you want to change their minds, you have to get better at explaining that mathematical argument more convincingly than this video did or you did in your first post.

⬐ jasode

>You went from ...

I went from Math to Semantics because I was engaging with your points specifically... and you mentioned the technology angle because... CodeGrey mentioned it in the video. I wasn't making a universal treatise about government backdoors such that anyone from anti-vaccination parents to moon landing deniers will be convinced of the merits.

The technology impossibility of digital locks used by angels-vs-demons mentioned by CodeGrey is a red herring and not really part of the debate that I've heard.

Instead, people like Obama/FBI/NSA already know that a backdoor provided to the government is impossible to keep out of criminals' hands. They knowingly avoid mentioning the misuse by criminals and only highlight the benefits of catching terrorists. They don't need to be convinced of math proofs because that part was never the stumbling point.

⬐ BookmarkSaver

There are ways to make perfectly secure (from a mathematical standpoint) backdoors. Theoretically, there is no reason that every encryption couldn't have a second key known to the government that doesn't weaken the encryption by any significant standard.

The problem is about trusting the government, which can mean (at least) two things. Either you don't trust them to use the key properly. Which is a valid concern. Or you don't trust them to keep their official backdoor key secure. Which is also valid, secure data is stolen all the time and we can't even be sure that they'd notice or admit if it did get stolen.

Again, the technical challenge here is that in the real world keys can be stolen. The "system" can be secure from non-government actors even if the system comes installed with a backdoor that the government has access to. The weakness isn't in the theoretical "system", it is in the fact that now instead of one point of weakness (you yourself protecting your own key) there are two real-world points of weakness (your key and the government's key). The "system" is still impregnable to the same types of attacks, but now rather than tricking you out of your key someone might be able to trick the government out of theirs too.

⬐ slg

Now hypothetically, what if you divide the "government key" in half. Give half of that key to the vendor controlling the encryption and half to the legal system. As long as you don't restrict the company from speaking out about its cooperation, that would seeming prevent abuse as well as minimize damage if one key leaked.