FBI to Approve All Software?

Sounds implausible, I know. But how else do you explain this FCC ruling (from September -- I missed it until now):

The Federal Communications Commission thinks you have the right to use software on your computer only if the FBI approves.

No, really. In an obscure "policy" document released around 9 p.m. ET last Friday, the FCC announced this remarkable decision.

According to the three-page document, to preserve the openness that characterizes today's Internet, "consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement." Read the last seven words again.

The FCC didn't offer much in the way of clarification. But the clearest reading of the pronouncement is that some unelected bureaucrats at the commission have decreeed that Americans don't have the right to use software such as Skype or PGPfone if it doesn't support mandatory backdoors for wiretapping. (That interpretation was confirmed by an FCC spokesman on Monday, who asked not to be identified by name. Also, the announcement came at the same time as the FCC posted its wiretapping rules for Internet telephony.)

Posted on December 2, 2005 at 11:24 AM • 77 Comments

Comments

ARLDecember 2, 2005 11:32 AM

I don't know how the FCC gets to make this call but it could stick until if/when the SCOTUS kicks it out.

The Internet has many problems, this makes things much worse.

Pat CahalanDecember 2, 2005 11:42 AM

Everytime I read about something like this, I wonder...

Our system of government has somehow devolved to the point where decisions on issues like this can be made by unelected, "over-authorized" personnel and the public has to sit around and wait for redress through the legal system.

Shouldn't a decision making process require authorization before implementation, instead of the bass-ackwards current arrangement of implementation followed by revocation?

This is an obvious overreaching of both the FCC and the FBI's authority. Somewhere some legal expert had to say, "This will never fly past a SCOTUS review" and the response was, "Well, we'll just start doing it and get away with it as long as we can..."

ZwackDecember 2, 2005 11:56 AM

And only Americans use the Internet?

Given the nature of the Internet, and the state of non-american software development, this is one of those stupid rulings that if anything is an attempt to drive the US back into the stone age.

Time for all sensible people to decide which civilised country to move to.

Z.

Pat CahalanDecember 2, 2005 12:10 PM

> Time for all sensible people to decide which civilised country to move to.

So far, (admittedly anecdotally), the only country that I don't hear people bad-mouth on a fairly regular basis for one reason or another is Canada, and it's too damn cold up there most of the year :)

CassandraDecember 2, 2005 12:15 PM

Surely, if you are doing nothing illegal, you can have no objection to law enforcement wiretapping your calls? If non-wiretappable IP phones are made illegal, then only felons will use them, and tracking down the endpoint of the unwiretappable stream will lead you to the miscreants. Simple really. Why the fuss?

Cassandra

Pat CahalanDecember 2, 2005 12:21 PM

@ Cassandra

Heh. You're named "backwards"... from http://www.loggia.com/myth/cassandra.html:

> Cassandra accepted Apollo as a teacher, but not as a lover. Naturally, the god was insulted by this refusal.
> So he punished Cassandra. Apollo caused the gift that he gave Cassandra to be twisted, making everyone who
> heard her true and accurate foretellings of future events believe that they were instead hearing lies.

Your post instead should be something along the lines of "Law enforcement will abuse these powers! Why won't you all listen to me?!??!"

Richard SchwartzDecember 2, 2005 12:36 PM

Bear in mind that this is the same FCC whose Chairman went on record in front of Congress with the following statement: "You can always turn the television off and, of course, block the channels you don't want, but why should you have to?"

Source: http://www.foxnews.com/story/0,2933,177055,00.html

Why should you have to? Why, indeed?! Why should a little detail like the first amendment rights of others cause anyone to have to take overt action to avoid being exposed to programming they don't like? It's the FCC and Congress' job to do that on behalf of everyone, and Donald Wildmon will be all to happy to help out with this!

Sigh.

That's how the FCC thinks these days.

-rich

Adam GatesDecember 2, 2005 12:43 PM

Todays Internet 360 Million people.

Internet of the future? 1 Billion? 4 Billion? etc.

Law enforcement CANNOT keep up with this.

Erik W.December 2, 2005 12:43 PM

@ Cassandra

Assume for the moment that you are not a troll.
Assume further that you are someone whose political ideology is at odds with the current government. Also assume that the current government has been shown to not be very trustworthy in it's use of invetegatory powers in the recent past.

Now, what would happen if a rule just like this were passed making speaking against the government a crime? Yes, it's unconstitutional. But when they catch you doing it on your tap-enabled phone, they'll still lock you up for it and it'll be your responsibility to fight it if you can...
"The innocent have nothing to fear" is a really old defense. It's been thoroughly debunked elsewhere.

Actaully, I'm pretty sure my first assumption is not correct.

stacyDecember 2, 2005 1:13 PM

@Pat
"So far, (admittedly anecdotally), the only country that I don't hear people bad-mouth on a fairly regular basis for one reason or another is Canada, and it's too damn cold up there most of the year :)"

Sadly, most of these same issues exist up here in the Great White North. We too have politician, bureaucrats and law enforcement agencies who want to be able to shove a probe up your you-know-what and have a good look around. I find it amazing how much influence US policy has up here (partially due to the Canadian desire to be a good neighbor, but also partially due the view apparently held by many branches of the US government that international borders shouldn't influence their jurisdiction); the US thinks Canada should have a no-fly-list we start building a no-fly-list, the US thinks Canada needs tougher anti-terrorism laws, we start locking up people for no apparent reason and give them no access to due process. Sorry, you can’t hide here :-)

For a Canadian point of view (and a legal view not security) try http://www.michaelgeist.ca/

xDecember 2, 2005 1:21 PM

Yes, people of the USA, keep voting for the Fascist party. The past 5 years have done soooo much for civil rights.

WooDecember 2, 2005 1:26 PM

@Zwack/Nick: Since a few months (or make it a year or two, I don't recall exactly when the first braindead politician decided to control the internet) I am strongly considering Australia as destination. Any opinions on their internet and general life freedoms?

USA is under pressure of FCC, DMCA, Homeland Security, Bush and various other things that make digital life unbearable.
Europe (and seemingly especially my current home Germany) is under pressure of several dumb ministers talking openly about censorship, legislation that gives the media industries free hand in torturing their customers, laws that allow lawyers to mass-blackmail website owners etc...
Asia has the downturn of the language and generally weaker internet infrastructure..

ARLDecember 2, 2005 1:43 PM

The preocupation some have with "Fascist" party while ignoring the "Socialist" party bothers me. Many of the people makeing these rules came in long before "W" was in power.

As for Canada and Oz, well they have their problems. Both have had their citizens disarmed and both are getting the same kinds of abuse of power.

I think the root of all of this is that attitude that "we want security" along with "thats the governments job" (aka "thats not my problem"). If you ask/allow the government to fix a problem then they will use government techniques.

First and foremost demand that you be allowed to handle the parts of security that you can. Only let the government handle the big stuff.

JosephDecember 2, 2005 1:47 PM

@Woo

"Asia has the downturn of the language and generally weaker internet infrastructure.."

Are you suggesting that, unlike the USA and Europe, they have no censorship or internet controls? Please tell me you are joking.

WooDecember 2, 2005 1:54 PM

@Joseph: I know that China has, I don't know about the other asian states. Just because I omitted that fact doesn't mean it's not present. Just the language barrier and the known weak internet infrastructure are the problems I chose to mention. (or feel free to put their internet censorship under the infrastructure topic..)

SimplistictonDecember 2, 2005 1:55 PM

ARL: "As for Canada and Oz, well they have their problems. Both have had their citizens disarmed..."

You are misinformed. Canadians have not been "disarmed". We have been required to register a legally purchased implement in the same way you register your car every year.

dennisDecember 2, 2005 2:14 PM

Language I'll give ya, but South Korea has the U.S. beat by a wide margin on internet infrastructure....last I read, 80% of the population had broadband, which they defined as 20 megabits/sec.

In any case, it's hard to imagine the feds managing to enforce this, particularly regarding opensource software. Not that I don't think they'd like to try.

Lou the trollDecember 2, 2005 2:19 PM

I really try to not open my mouth as much as possible, but I thought I'd chime in here since I'm wondering if anyone else out there is getting tired of the increasingly "guilty until proven innocent" environment which is currently being fosted in the US? It seems that more and more we are being viewed as criminals first and law abiding citizens as, well never...

OK, back to life under my bridge,
Lou the troll

WooDecember 2, 2005 2:28 PM

@dennis: The lines to the homes are one thing, but what I remember from the last time I've looked at an internet bandwidth map, their connections to the outside world are by far not sufficient for the number of users. My attempts on getting data from .kr/.jp/.tw servers confirms that every time... :(
Korea as such would be quite interesting from the jurisdictional viewpoint.. at least they do anything not to please the USA's desires ;)

WooDecember 2, 2005 2:31 PM

@Lou the troll: You are by far not the only one getting tired of this development.. and if you've read the comments here, you will find yourself in good company. However, "try not to open my mouth" is the wrong way to get anything changed. People (and even politicians are people.. at least that's what I was told) tend to assume their actions are approved if no objections are voiced.

ARLDecember 2, 2005 2:42 PM

@Simplisticton

Maybe so but friends who once owned and carried handguns up there seem to be painting a different picture.

My car does not need to be kept in a locked safe with the authorities having a right to inspection at their whim. I understand the difference you are putting forward but I am pretty sure that it won't be long before registration is used to seize what was once legal without compensation.

CassandraDecember 2, 2005 2:44 PM

@ Vicki

Yes, there was a level of sarcasm in my post, but also a couple of hidden serious points.

@ Erik W.

No I'm not a troll (but a troll would say that, wouldn't they).

1) This argument will be put forward by many, many people, and it is always useful to have a cogently argued, clear, short rebuttal. There aren't many such rebuttals. Why should 'Joe Sixpack' care? What can we do to encourage him (and 'Jane Alcopop') to care.

2) No matter which country we live in, to an extent, we get the government we deserve. If you think your government is going to hell in a handbasket, it's time to start *doing* something. Yes, that means you.

3) Scott McNealy famously said something along the lines of "We all have no privacy now, get over it." Perhaps we should be working towards a (liberal) society where all of our actions and conversations were public. Lack of privacy is normally depicted as a tool of oppression, but with the right attitudes, it could be very liberating. Societies where free thought is more common tend to have been more highly regarded.

So, a kneejerk reaction of 'wiretapping bad' isn'nt necessarily the best approach - not everyone will agree with you, or even think it is important.

Cassandra

BLDecember 2, 2005 3:28 PM

Whoah.

That's really stupid IMO. The problem is that bad guys will be able to hide whatever they want regardless of wiretapping. Just using good old technique of saying "you're invited to Bob and Mary 's marriage" that has kinda special meaning.

It's the bad guys that absolutely don't have to worry about such rules. If you are a bad guy and are planning something really bad, will it present much trouble to you? i don't think so.

also it's not wiretapping that matters but that this is about what software you can and can't run on your PC. Next day operating systems will need to provide backdoor, houses will need to provide cameras and phones, strong encryption will be prohibited, and so on.

Y.L.December 2, 2005 3:43 PM

@Cassandra
1) Here's one possible argument aginst wiretapping: the law enforcement agences could be corrupt. If the police could search your house without a warrant, how would you know that they are not searching your house for personal reasons or for harassment? The same logic applies for wiretapping: if the police has the power to wiretap you, they could abuse this power for personal gain or because the government is corrupt.
2) Bruce Schneier is 'doing something' by raising public awareness on this topic. As for the others reading this blog, being informed about our government is 'doing something'.
3) 'Perhaps we should be working towards a (liberal) society where all of our actions and conversations were public.' All? Really? Do you lock your doors? Would you want people to be able to see what's going on in your bedroom and bathrooms? Information of finacial value? (I mean, source code for a program, etc, etc.) We all have a right to keep secrets, period. Besides, privacy and anonymity is fundamental to a democratic government. I wouldn't repeat arguments made elsewhere, please see the Freenet philosophy page. (http://freenet.sourceforge.net/index.php?page=philosophy)

Roy OwensDecember 2, 2005 3:55 PM

(sarcasm detected)

Bruce,

Does Twofish have the FBI seal of approval?

I have a lot of shell scripts and Perl scripts I neglected to get approval on. Is there a Bureau of Software Approval I can apply to?

(sarcasm signal lost)

Seriously, this is going to get laughable soon. Just think what will happen when a lightweight like the FBI tries tangling with the heavyweight, Microsoft, who won't reveal their secrets to anyone, not even at gunpoint.

averrosDecember 2, 2005 4:16 PM

Folks, it is all laughable until you get a knock on the door at 4 am. It is an experience one never forgets.

If you think that's far away, think of these guys locked up without trial for the crime of being Muslim. Now, people involved with cryptography are automatically suspect, and there's more than a little chance that some of us will be implicated in creating "tools of terrorism" after some of crypto software we make will be found on Psycho ibn Someshit's seized laptop.

Pat CahalanDecember 2, 2005 4:21 PM

Someday, I hope somebody is dumb enough to serve a warrant to Bruce to give up the logs on the blog's webserver, so that they can find out our originating IPs. We're all clearly dangerous personnel.

Hilarity will ensue.

Sour GrapesDecember 2, 2005 4:23 PM

I don't mind raining on anyone's parade ....

In the USA the class of people most frequently targeted for illegal wiretaps and searches and other illegal surveillance, and the most heavily surveilled on average, at the federal, state, and local level, are not terrorists or criminals, nor are they disloyal or antisocial.

No, they are the real straight arrows -- the whistleblowers, those people who rat out corruption in government -- federal, state, and local -- and in corporations. They are the ones diming on our political backrooms, on our Enrons.

The particularly guillible whistleblowers are naive enough to first report 'ethical breaches' to the ethics officer, or the ombudsman, or whatever they call the damage control front man, whose job it is to find out what they know and where they are vulnerable, so that the vulnerabilities can be patched and the do-gooder destroyed. (Remember the humble 'hero' of Watergate? Forget what happened to his life?)

Governments assume for themselves additional powers to protect their interests, and corporations are doing the same thing, with governmental approval.

Does anyone want to be in the position of defending a government or corporate policy of silencing their rats?

stacyDecember 2, 2005 4:51 PM

@Roy

"Just think what will happen when a lightweight like the FBI tries tangling with the heavyweight, Microsoft, who won't reveal their secrets to anyone, not even at gunpoint."

They don't have to reveal their secrets, they just have to ensure that IE logs all the urls you visit to the FBI data warehouse and that outlook forwards along a copy of all your email. OK, maybe I exagerate just a little bit :-)

jammitDecember 2, 2005 5:31 PM

This has got to be a poorly written document. I know of one FCC "law" everyone has seen that makes no sense. On every piece of electronic equipment there is a tag that says (paraphrasing) that you can not generate any electromagnetic interference that interferes with other systems, and you must accept any interference from other sources.

Jim LyonDecember 2, 2005 6:36 PM

Adam Gates says, paraphrasing loosely, that we don't need to worry about this because law enforcement won't be able to keep up with billions of Internet users.

He's right in one sense: a regulation like this won't prevent the use of unauthorized software, and won't prevent the transmission of unauthorized data or speech.

But he's wrong in a different sense: If the government can cause the logging of all of everyone's IP traffic, then when they later decide they don't like you for some reason, they will then go through the old logs looking for violations. The net result is that you'll get put away for a computer crime (which would be legal) rather than for the real reason (which might be illegal and/or embarrassing).

Then again, you'll be safe if you can be sure that you'll never piss off anyone in a position of power. I find this scant consolation.

damonDecember 2, 2005 7:21 PM

Eventually we'll hear the canard, "I've got nothing to hide so why should I care?"

If everyone in government was 100% virtuous and scrupulous, and was never motivated by revenge or fear or jealousy or greed or religion or politics or anything except the law, and NEVER made mistakes, and accidents didn't happen, OK, but until then, I prefer to have my privacy.

-- Damon

SteveDecember 2, 2005 10:22 PM

@Cassandra
While I agree that people get the government they deserve, and if everyone were actually pro-survival in their activities, this could be perfectly acceptable.
But I can tell you that as much as I don't really worry about it, I'm nevertheless not in agreement with being treated as a criminal.
Then past that point. We all know any system put in place will be abused. May it be a government employee or not, it will be abused.
So the question here is, is it causing more damage than help?
It seems pretty clear that Bush is undercutting tons of privacy issues towards a police state. This is just one more step in the wrong direction as it does not actually do what it's officially supposed to.

jnfDecember 2, 2005 10:25 PM

@Pat
Shouldn't a decision making process require authorization before implementation, instead of the bass-ackwards current arrangement of implementation followed by revocation?'

We have that, its called an election.
'

RobDecember 3, 2005 1:30 AM

While certainly the idea of having everything pass by the authorities before we are allowed to use it is highly alarming, I am kind of interested in the practicalities. Off the top of my head I can't think of too many ways that this would be enforceable, but then again, I could be very wrong.

Woo - if you are used to broadband in a country like Sth Korea or Japan then the broadband down in Oz is going to be a BIG disappointment to you.

MozDecember 3, 2005 3:23 AM

Approved software... like PGP, you mean?

Smaller countries might be a better bet - Nuke Freeland[1] is always fun, if you are Muslim Indonesia has its good side. Parts of Europe are good too, although their laws are in places worse than the US.

Oz and NZ also require a license for various lethal hobbies - driving, shooting, open heart surgery type things. But then, few people get shot in either country, and relatively few die in car crashes. (I can't vouch for the surgeons).

[1] That's New Zealand if you haven't been paying attention.

Delores QuadeDecember 3, 2005 7:12 AM

@ damon:

"Eventually we'll hear the canard, "I've got nothing to hide so why should I care?"

If everyone in government was 100% virtuous and scrupulous, and was never motivated by revenge or fear or jealousy or greed or religion or politics or anything except the law, and NEVER made mistakes, and accidents didn't happen, OK, but until then, I prefer to have my privacy."

:-\ ... Agreed. (Not that I'm happy about it. I think we can also add to the list of motivators: corruption, guilt, ego, super-ego, territorial pissing, and past historical "mis-haps"). To name a few. :-(

dq.

Delores QuadeDecember 3, 2005 7:15 AM

@ Jim Lyon:

"Adam Gates says, paraphrasing loosely, that we don't need to worry about this because law enforcement won't be able to keep up with billions of Internet users.

He's right in one sense: a regulation like this won't prevent the use of unauthorized software, and won't prevent the transmission of unauthorized data or speech.

But he's wrong in a different sense: If the government can cause the logging of all of everyone's IP traffic, then when they later decide they don't like you for some reason, they will then go through the old logs looking for violations. The net result is that you'll get put away for a computer crime (which would be legal) rather than for the real reason (which might be illegal and/or embarrassing).

Then again, you'll be safe if you can be sure that you'll never piss off anyone in a position of power. I find this scant consolation."

That is a very powerful statement. Where do we go from here?

dq.

Delores QuadeDecember 3, 2005 8:10 AM

@ averros:

"Folks, it is all laughable until you get a knock on the door at 4 am. It is an experience one never forgets.

If you think that's far away, think of these guys locked up without trial for the crime of being Muslim. Now, people involved with cryptography are automatically suspect, and there's more than a little chance that some of us will be implicated in creating "tools of terrorism" after some of crypto software we make will be found on Psycho ibn Someshit's seized laptop."

Some of us will never forget those experiences, even if we have only lived through them vicariously through kindred spirits, mentors, trusted advisors, and/or just friends.

I'd like to see the scenario above happen just one more time. I really would. There is such a thing as raising Holy Hell, and there are millions of us prepared for that battle. I do not wish that to occur, however I _will_ battle if and when it does occur again.

dq.

Delores QuadeDecember 3, 2005 8:14 AM

Furthermore, there is the theory of the Mobius.

A twist, in the fabric of space, where time becomes a Loop.

When you reach that point, whatever happens _will_ happen again.

dq.

Delores QuadeDecember 3, 2005 8:32 AM

I despise the flurry of connection attempts to my little computer that ironically occur after my blogging.

If the truth hurts, and it is the only weapon that I have, O, how I wield it!

dq.

jammitDecember 3, 2005 11:03 AM

@Cassandra
I have nothing to hide either, but just like you I didn't supply my email address to this list.

Ari HeikkinenDecember 3, 2005 5:13 PM

Well, security is personal. There actually are people who don't care about their privacy and will be fine with someone else reading their personal email, phone records or even conversations.

In my opinion, that's simply stupid. Anything, especially in written form, no matter how irrelevant you think it is, can be used against you in your life and in court a long time afterwards (I mean, who knows what you're going to be accused of years from now and what could be relevant to that).

It's also often forgotten that even governments are people at the lowest level.

Bruce SchneierDecember 4, 2005 7:14 AM

"Scott McNealy famously said something along the lines of 'We all have no privacy now, get over it.' Perhaps we should be working towards a (liberal) society where all of our actions and conversations were public. Lack of privacy is normally depicted as a tool of oppression, but with the right attitudes, it could be very liberating. Societies where free thought is more common tend to have been more highly regarded."

This is pretty much the argument that David Brin makes in "The Transparent Society." I think it's a very wrong one. Basically, the problem is that there are still power imbalances in society, and privacy is one way to deal with those imbalances. (If a policeman demands to see your ID, demanding to see his first does not make the situation "fair.")

I will write something about this. But in the menetime, I recommend you read "A Taxonomy of Privacy" by Daniel Solove. He discusses the many different types of privacy in our society. It's easy to see their value. The link is here:

http://www.schneier.com/blog/archives/2005/04/a_taxonomy_of_p.html

Bruce SchneierDecember 4, 2005 7:15 AM

"I have nothing to hide either, but just like you I didn't supply my email address to this list."

An excellent point. "Nothing to hide" is not the same thing as "wants everyone to know everything."

Bruce SchneierDecember 4, 2005 7:16 AM

"Surely, if you are doing nothing illegal, you can have no objection to law enforcement wiretapping your calls?"

That might possibly true if you believe that law enforcement is 100% honorable and honest, and would never be corrupted by power. But as long as human beings are law enforcement officers, that simply isn't going to be true. It is not better to live in a police state, even though -- in theory -- if you are doing nothing illegal you shouldn't object to living in one.

Delores QuadeDecember 4, 2005 7:47 AM

@ Ari:

"Well, security is personal. There actually are people who don't care about their privacy and will be fine with someone else reading their personal email, phone records or even conversations."

Well... I certainly care a lot about my personal security.

Once I realized "someone else" had been reading my personal email, phone records, and conversations (around 1994 simply because a very rich and famous technologist thought "it might be nice to know more about" me), I suppose I just got used to it.

:-/

dq.

CassandraDecember 4, 2005 8:40 AM

Bruce,

first of all, thank-you for taking my contributions seriously. Like you, I would like some clear and simple debunkings of "The innocent have nothing to fear".

The closest I can find is that no matter what guarantee of good behaviour is given by a current governement, no government can bind its successors to not exercise, to the fullest extent possible, the powers granted to it.

For example, during the Second World War, the Dutch had a very good database of who was Jewish in the Netherlands. This governmental database was exploited by the successor Nazi administration. If the database had not existed, it could not have been exploited.

The possibility to publish political leaflets anonymously has been used in the past - which allows both justified and unjustified criticism of administrations. If anonymous publication and/or dissemenination is prevented by either or both of legal and technological means, legitimate dissent is curtailed. I think this is a bad thing.

In the modern world, could emails be regarded as 'anonymous pamphlets' - or how about anonymous streamed audio and/or video?

I believe that some of the possible abuses to which wiretap information and the like are subject to can be curtailed by required public oversight of the operation of wiretaps, surveillance, etc. Where no such oversight exists, abuses can flourish untrammelled.

Overall, I believe governments should be working to minimise the amount of information held on individuals, and maximise public oversight of their activities. One hard area is to determine when, where ,and to what extent 'National Security' can be used as a trump card to steamroller objections. I hear it too often these days.

One area that needs clarifying is the distinction between philosphical objections to 'lack of privacy', and practical or pragmatic objections to the same. Some people would regard a completely open socety with no privacy whatsoever as a good thing. We are a long way from implementing that. As you point out, partial implementations suffer from the human failings that lead to abuse; which is a practical concern.

This is rambling a bit - I've haven't been able to read the paper you recommended as the link doesn't work for me right now, but I'll keep trying.

Regards,

Cassandra

JonathanDecember 4, 2005 10:35 AM

ARL,
"Fascist" is basically correct. "Socialist" is not. All one has to do is look at the actual positions and policies promoted by each to realize where each party stands.

JonathanDecember 4, 2005 10:38 AM

Really, enough of the "pox on both their houses" crap. Time to start thinking a little bit.

Bruce SchneierDecember 4, 2005 11:02 AM

"Like you, I would like some clear and simple debunkings of 'The innocent have nothing to fear.'"

Sorry. You misunderstood me. I have all sorts of debunkings. They seem pretty clear and simple to me, but there's always room for improvement. And I would very much like to read what others have written before me, so I can steal any good ideas I haven't heard before.

Roy OwensDecember 4, 2005 11:18 AM

We do not have a case of 'privacy is over'. The government conducts the public business in complete privacy while the public must conduct their business in vanishing privacy.

If privacy is a bad thing, let us first strip the government of all of it and see how that suits them.

Bruce SchneierDecember 4, 2005 12:38 PM

"We do not have a case of 'privacy is over'. The government conducts the public business in complete privacy while the public must conduct their business in vanishing privacy."

This is a critical point. Privacy is about power. Removing privacy is a way to address power imbalances.

Privacy of the people from the government is good. Privacy of the government from the people is bad.

hash1babyDecember 4, 2005 7:31 PM

@Woo - "any opinions on [Australia's] internet and general life freedoms"

The parliament of the Commonwealth of Australia recently outlawed "possessing, controlling, producing, supplying or obtaining suicide related material for use through a carriage service. [in particular the internet]." This is to stop people promoting particular methods of euthanasia.

Davi OttenheimerDecember 4, 2005 10:05 PM

"'Surely, if you are doing nothing illegal, you can have no objection to law enforcement wiretapping your calls?'

That might possibly true if you believe that law enforcement is 100% honorable and honest, and would never be corrupted by power."

Misunderstandings and simple error, such as mistaken identities, are even more frightening than corruption if you think about the likelihood of being convicted of something even when innocent. Even if you think you have no need for confidentiality, data integrity should still be a real concern.

Consider the Michgan Department of Corrections, for example, who recently discovered that they had released 23 prisoners either too early or too late due to unchecked errors in their database:

http://davi.ottenheimer.com/blog/?p=58

Pat CahalanDecember 4, 2005 10:53 PM

@ Bruce

> And I would very much like to read what others have written before me, so I can steal any
> good ideas I haven't heard before.

Now you sound less like a CTO and more like an academic, albeit an up-front one ;)

Pat CahalanDecember 4, 2005 11:00 PM

@ jnf

> We have that, its called an election.

Precisely my point. Non-elected officials of bureaucracies should not have legal framework powers (enforcement powers, sure. But they shouldn't be making, changing, or bypassing the legislative process).

The FCC should not have the ability to make decrees like this.

Troy LaurinDecember 4, 2005 11:16 PM

@Woo/hash1baby ("any opinions on [Australia's] internet and general life freedoms")

Australia came very close to requiring ISPs to filter all access to (primarily) pornographic materials:
http://www.efa.org.au/Issues/Censor/cens3.html#aust

We have also just finished (I believe) passing anti-terrorism laws giving ASIO (Australia's security agency) extended powers, such as being able to hold suspects for weeks without charge or recourse.
http://www.schneier.com/blog/archives/2005/10/australias_new.html

The biggest problem at the moment (depending on which side of the fence you sit) is that the same political party currently holds a majority in both the parliament and the senate, meaning that they don't actually need to negotiate with anyone to get anything they like passed! Combine that with the fact that our prime minister is serving the end of his maximum term and so has no personal interest (read: only party interest) in winning the next election, and he has an unprecedented free reign on the Australian political scene for the next few years.

Maybe in a few more years, once the backwash of all of this has blown over (or not)...

Thomas SprinkmeierDecember 5, 2005 1:23 AM

""""Does Twofish have the FBI seal of approval?"

If it does, they haven't told me."""

Don't worry, it's approved.
After all, CTU have a program that can crack Twofish.

I saw it on 24.

Christian KaiserDecember 5, 2005 2:05 AM

Anybody see "Windows (TM) DRMS" only running FCC/FBI signed software pretending it's for our own protection?

Ch.

joseDecember 5, 2005 9:25 AM

they are crazy , extremely sik and drunk , anyway encryption always will be produce in other countrys any tha EEUU , not only there are good cryptographers only in EEUU, by this reason this sofware not will be , subjet to this stupid class of useless security

Richard SchwartzDecember 5, 2005 9:52 AM

@Pat: Congress routinely delegates powers to make regulations to federal agencies. It's really unworkable otherwise, so saying that the FCC shouldn't have the power to make regulations like this isn't particularly useful. No matter how specific Congress makes the laws, there will always be grey areas. Furthermore, with the passage of time things that Congress never dreamed of putting into law do become issues. Most of the grey areas and most of the things Congress never dreamed of are not particularly controversial, and it's perfectly reasonable for the FCC to make decisions about them. Therein lies the problem: where's the line between the routine stuff that the FCC handles, and the non-routine that should be debated in Congress and put into law?

Sure, we could say that it's just obvious that this particular case is one that should be decided by Congress rather than by the FCC, but who get's to decide that? Well... Congress does, but as slow as the FCC is to act, Congress is even slower. Until Congress says that this is something that they want to put explicitly into law, the FCC has to assume otherwise.

But that's why we have more checks and balances than just Congressional oversight of federal agencies. The President can issue an order that directs the FCC to change a regulation -- though in this case it's probable that the Executive branch would not do that. The Courts can also rule that an FCC regulation is unconstitutional. Congress can pass a law that restricts the FCC's regulatory powers.

Call me a realist, I guess. And an optimist, too. For 99% of what the FCC does, my guess is that they do a better, less repressive job of it than Congress ever would.

Chase VentersDecember 5, 2005 2:55 PM

How long until we're to the point where all these things it is now "illegal" to own simply get rolled into one category and one government message?

Pot is already treated much the same as Heroin by much of the government.

So what becomes the new message? Something against "contraband", which includes:

* "Intellectual property" that might have been developed by someone else before you thought of it
* "Intellectual property" that you thought of first, but Microsoft got a first-to-file patent on.
* Video games depicting violence or sex
* Textbooks that do not acknowledge Intelligent Design
* Music or video files, even if you own the physical album, unless you bought the exact digital media file from the publisher
* All existing "illicit substances" (I'm sure Alcohol and Nicotine will remain free though, because society must be able to kill itself)
* Software / hardware / devices that don't have the industry-standard Government Access Port (GAP).

Lump it all together, call it all contraband, slap a big fat criminal penalty on it (how about life in prison on your third offense?), spend billions each year tracking it down and destroying it world-wide, put programs in schools to tell kids why contraband is bad, reallocate all your anti-terrorism funds and personnel to police contraband, while claiming you are doing so to defend against terrorism, and finally, find ways to make any information in support of the legalization of contraband, well, contraband itself.

Sound crazy? Keep in mind that much of what I described above has already happened with our nation's drug war.

Delores QuadeDecember 5, 2005 4:22 PM

@ Chase Ventures

"... Lump it all together, call it all contraband, slap a big fat criminal penalty on it (how about life in prison on your third offense?), spend billions each year tracking it down and destroying it world-wide, put programs in schools to tell kids why contraband is bad, reallocate all your anti-terrorism funds and personnel to police contraband, while claiming you are doing so to defend against terrorism, and finally, find ways to make any information in support of the legalization of contraband, well, contraband itself.

Sound crazy?"

Of course it doesn't sound crazy - I just hope the folks reading this blog who are a part of or report back to, the "government agencies" in support of the "new message" (as well as those that receive the reports) realize you were being sarcastic! :-)

LOL

dq.

Former Australian residentDecember 5, 2005 6:08 PM

Greetings Woo,

Australia is just passing (as I write) sedition laws. Please don't move there and expect to be be to criticise the government and be safe. Assuming you have a right to free speech there is probably also a bad idea.

New Zealand has quite a bit of sand in the machinery of government due to an electoral system known as "MMP", which means that all governements have to be minority coalitions.

Also on NZ, the chief anti-terrorism cop said in an interview recently that he didn't see any need for new, stronger laws at present.

I make no claims whatsoever of perfection in any way, but the government does seem to be less concerned with frightening its citizens (& residents) than those of several other english-speaking countries.

What happened to the saying "It's MY computer"?

Nick LancasterDecember 6, 2005 12:29 AM

Add to the eventual list of items needing approval: books. Whether that's Bruce's textbook or something like Helen Foucher's 'Cryptanalysis,' or Simon Singh's 'The Code Book' ... knowledge of encryption procedures - though, admittedly, ROT-13 won't cause the NSA to lose much sleep - could, in a world of fear-based legislation, be just as bad as owning the actual program. It's still not approved.

And then there are books like Neal Stephenson's 'Cryptonomicon,' which include details on the Solitaire protocol. And, of course, someone like me who has numerous decks of cards lying around (I've a mild interest in sleight-of-hand), *must* be using them for something illegal.

Fact is, I like living in a country where I don't need someone's permission or approval to read a book, watch a program, or use software.

Intellectual curiousity is not the same as terrorism.

radiantmatrixDecember 6, 2005 12:55 PM

Re: debunking of 'if I am not doing anything illegal, I have nothing to fear'

There are three main forks to describing the problem with this line of thought.

First is the potential for abuse. Governments are, after all, composed of people. People are power-hungry and fallible. If a government has access to, say, every e-mail I've ever written, it only takes one unscrupulous person working for that government to reveal the details of my e-mail to others. This could be bad. Imagine a person is worried that they might have cancer, and is asking a friend for advice, but has not yet gone to the doctor. The government has no use for this information, but an unscrupulous person with access could provide an insurance company or employer with the information, and suddenly someone finds themselves without health insurance.

Secondly, there is the changing landscape of legality. Imagine you are planning a protest. Protests are legal. The government monitors your e-mail, and one stupid person in the group makes an ill-concieved joke about being violent. Everyone on the group might know it's a joke, but the authorties now have the ammo they need to prevent the protest and arrest everyone planning to attend. And you'll have no recourse, because everything they did was legal.

Thirdly, and to me most important, is the separation between moral and legal. An example: it's a breach of contract for me to reveal anything about my employer's business practices, but I discover unethical behavior on their part -- behavior that will seriously hurt many people. I know a reporter who will publish this information without revealing my name. If the governement requires open access to tap my phones and read my e-mail, how can I securely do this?

I'm sure you can think of more examples. Privacy is a buffer between power and its abuse, and should only be encroached upon following due process. Further, it's hard to argue that I'm not allowed to use technology to protect my privacy because the same technology *might* protect criminals. It's wrong for the same reason that it's wrong to keep me from explaining how nuclear fission works because someone might use the knowledge in a dangerous way.

Pat CahalanDecember 6, 2005 3:44 PM

@ Richard

I agree that delegated authority is necessary to keep things moving. Delegated authority is fine, provided there are some sanity checks to it.

I can't imagine that a lawyer versed in Constitutional law is going to put a stamp of approval on this.

What I'm saying is, if you're delegating authority to an entity, that entity needs some sort of oversight. If somebody wants to decree law that quite obviously won't stand up to a SCOTUS review, that should be nipped in the bud.

Richard SchwartzDecember 7, 2005 12:41 PM

@Pat: That's what we're here for.. to nip it in the bud :-) It's all of our jobs. You can't rely on an organization's own internal watchdogs -- whether you're talking about the government or a private sector entity -- to keep the people in charge from trying to bend every rule, take advantage of every ambiguity, and squeeze through every gap in the system to promote their own agenda. The only real watchdog is us and our ability to go to the courts. We can't empower a watchdog to do this for us, because as soon as we give the watchdog the authority to intervene we have to start worrying about the watchdog's own agenda.

JessyDecember 10, 2005 8:44 AM

It's really not good! Why I can't use Skype, etc.? Or it MUST be on audition by FBI? As I know without decision of court my privacy must be saved. Or the talking just about possibility to audition?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..