Another Salvo in the Second Crypto War (of Words)

Prosecutors from New York, London, Paris, and Madrid wrote an op-ed in yesterday's New York Times in favor of backdoors in cell phone encryption. There are a number of flaws in their argument, ranging from how easy it is to get data off an encrypted phone to the dangers of designing a backdoor in the first place, but all of that has been said before. And since anecdote can be more persuasive than data, the op-ed started with one:

In June, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.

With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple's iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google's Android operating system. Both devices were passcode protected.

You can guess the rest. A judge issued a warrant, but neither Apple nor Google could unlock the phones. "The homicide remains unsolved. The killer remains at large."

The Intercept researched the example, and it seems to be real. The phones belonged to the victim, and...

According to Commander Joseph Dugan of the Evanston Police Department, investigators were able to obtain records of the calls to and from the phones, but those records did not prove useful. By contrast, interviews with people who knew Owens suggested that he communicated mainly through text messages -- the kind that travel as encrypted data -- and had made plans to meet someone shortly before he was shot.

The information on his phone was not backed up automatically on Apple's servers -- apparently because he didn't use wi-fi, which backups require.

[...]

But Dugan also wasn't as quick to lay the blame solely on the encrypted phones. "I don't know if getting in there, getting the information, would solve the case," he said, "but it definitely would give us more investigative leads to follow up on."

This is the first actual example I've seen illustrating the value of a backdoor. Unlike the increasingly common example of an ISIL handler abroad communicating securely with a radicalized person in the US, it's an example where a backdoor might have helped. I say "might have," because the Galaxy S6 is not encrypted by default, which means the victim deliberately turned the encryption on. If the native smartphone encryption had been backdoored, we don't know if the victim would have turned it on nevertheless, or if he would have employed a different, non-backdoored, app.

The authors' other examples are much sloppier:

Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney's office -- despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.

[...]

In France, smartphone data was vital to the swift investigation of the Charlie Hebdo terrorist attacks in January, and the deadly attack on a gas facility at Saint-Quentin-Fallavier, near Lyon, in June. And on a daily basis, our agencies rely on evidence lawfully retrieved from smartphones to fight sex crimes, child abuse, cybercrime, robberies or homicides.

We've heard that 74 number before. It's over nine months, in an office that handles about 100,000 cases a year: less than 0.1% of the time. Details about those cases would be useful, so we can determine if encryption was just an impediment to investigation, or resulted in a criminal going free. The government needs to do a better job of presenting empirical data to support its case for backdoors. That they're unable to do so suggests very strongly that an empirical analysis wouldn't favor the government's case.

As to the Charlie Hebdo case, it's not clear how much of that vital smartphone data was actual data, and how much of it was unable-to-be-encrypted metadata. I am reminded of the examples that then-FBI-Director Louis Freeh would give during the First Crypto Wars in the 1990s. The big one used to illustrate the dangers of encryption was Mafia boss John Gotti. But the surveillance that convicted him was a room bug, not a wiretap. Given that the examples from FBI Director James Comey's "going dark" speech last year were bogus, skepticism in the face of anecdote seems prudent.

So much of this "going dark" versus the "golden age of surveillance" debate depends on where you start from. Referring to that first Evanston example and the inability to get evidence from the victim's phones, the op-ed authors write: "Until very recently, this situation would not have occurred." That's utter nonsense. From the beginning of time until very recently, this was the only situation that could have occurred. Objects in the vicinity of an event were largely mute about the past. Few things, save for eyewitnesses, could ever reach back in time and produce evidence. Even 15 years ago, the victim's cell phone would have had no evidence on it that couldn't have been obtained elsewhere, and that's if the victim had been carrying a cell phone at all.

For most of human history, surveillance has been expensive. Over the last couple of decades, it has become incredibly cheap and almost ubiquitous. That a few bits and pieces are becoming expensive again isn't a cause for alarm.

This essay originally appeared on Lawfare.

EDITED TO ADD (8/13): Excellent parody/commentary: "When Curtains Block Justice."

Posted on August 12, 2015 at 2:18 PM • 72 Comments

Comments

Keira FerrariAugust 12, 2015 3:49 PM

I think that "But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes." should read "But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the benefits of full-disk encryption and the marginal need for local law enforcement to obtain that data to solve and prosecute crimes."

Luke S.August 12, 2015 4:05 PM

Uh, if he used text messaging surely the metadata of who he was texting with is logged somewhere. I don't get why they didn't follow up on that? Just glad my Nexus 6 came encrypted out of the box.

Thomas JeffersonAugust 12, 2015 4:13 PM

The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants. It is its natural manure.

-- tj

(Ed: Nowhere did he say the patriots knew they would be doing this, or even that they knew ahead of time that they were the patriots. We might need to accept that sometimes, in the land of liberty, a few people will die pointless deaths so that liberty can be maintained for all.)

Dave Z.August 12, 2015 4:13 PM

Sometimes the protection of liberty is ugly.
The absence of liberty is never pretty.

paid_to_be_arrestedAugust 12, 2015 4:44 PM

The entire notion of committing enormous amounts of resources to domestic spying and back doors and all the rest is hinging on almost nothing.

As a general reminder, the few arrests made of individuals accused of being "radicalized" or whatever the Feds call it, would not have actually done anything without the Feds giving them the resources (money) and encouragement/incentives to break the law.

Even if you want to continue domestic spying using real or imagined enemies, you can be guaranteed it would be abused within a few months anyway. It's just human nature.

No doubt in my mind at this point there are unofficial backdoors on mobile device networks. See gemalto disclosure.

AnuraAugust 12, 2015 4:58 PM

@Luke S.

The entire contents of text messages can be stored by the phone company, since they aren't encrypted at all. The article implies they were using an end-to-end encrypted messaging app, but they don't really go into enough detail.

zAugust 12, 2015 4:59 PM

Bruce, I agree with your position, but not with how it's argued. The way this is argued at the moment leaves open the acceptance of a backdoor if it could be done securely and if it could be shown to have a significant effect on catching/stopping criminals and terrorists.

We should not be arguing that encryption doesn't often impede law enforcement or that backdoors would not necessarily be useful in prosecution. Sooner or later, there will be a high profile case where a backdoor might very well have been useful or where encryption did prevent LE from stopping a terrorist plot. Perhaps as encryption becomes more widely used, it will become more and more of a problem for LE. We know it's difficult to design backdoors securely, but what if it could be done? Would we then accept them? I wouldn't.

The principle is more important. Do we want a world where governments have unfettered access to all of our communication and data storage? I don't. Even if a perfect backdoor could be designed such that only the government could possibly have access, I would oppose it. The government that might only use it to go after bad guys today might be the bad guys tomorrow. We don't know who will be in power.

Think of it this way: the 4th and 5th amendments will sometimes let bad people go free. We could probably put every bad guy behind bars by getting rid of them, but we defend their existence anyway because we recognize that the alternative is far worse.

ScottAugust 12, 2015 5:02 PM

The article says the victim was found shot in his car. If we required every single car in the country to have cameras recording what happens in the car, then the case would be solved. Therefore I guess we should put video cameras in everyone's car.

Bob S,August 12, 2015 5:26 PM

IF evidence from a cell phone is the KEY to a conviction that means police have a very weak case in the first place. Also, there is no assurance that backdoor access to cell data will result in persuasive evidence at all. The data is literally an unknown.

But, the real problem is: The military/corporations/police are NOT looking for a warrantless backdoor to specific cases or issues at all, they want carte blanche access to EVERYTHING ALL THE TIME without a warrant, done secretly and with complete impunity. They want it for criminal cases, political reasons and corporate espionage besides the usual suspects.

IF CISA passes, and it almost did a week ago, and will likely pass soon, they will have, in the USA, license to complete and legal access to all electronic data. The stumbling block is encryption.

I say: Encrypt everything all the time everywhere and make it work. I'll take my chances with evil doers and keep my rights and liberty, thank you.

Luke S.August 12, 2015 5:32 PM

Anura, even if it is an encryption program the meta data of origination and destination IP addresses are still available through the cell phone companies. Not rocket science. Everything we do on a cell phone goes through a proxy that has an access.log file.

65535August 12, 2015 5:50 PM

Top of NYT OpEd:

“...a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago...” –NYT

It’s at the top of the pyramid [article] and is used for shock value.

Bottom of NYT OpEd

“Cyrus R. Vance Jr. is the Manhattan district attorney. François Molins is the Paris chief prosecutor. Adrian Leppard is the commissioner of the City of London Police. Javier Zaragoza is the chief prosecutor of the High Court of Spain.” – NYT

http://www.nytimes.com/2015/08/12/opinion/apple-google-when-phone-encryption-blocks-justice.html

These people have their own addenda and have no regard for the Fourth Amendment. Some of the authors are not bound by it yet comment on a Chicago murder [or appear to]. It’s a compendium of violence that has been distilled for shock value.

Thus, I can only conclude it is FUD [Fear, Uncertainty and Doubt]. This is designed to make spying easier for Law Enforcement and tramples the Fourth Amendment.

AnuraAugust 12, 2015 5:55 PM

@Luke S.

Unless they are using public WiFi, VPN, Tor, or maybe the app uses I2p or routes messages through a server that is outside of US jurisdiction. There are plenty of ways to keep significant metadata out of phone company records.

tyrAugust 12, 2015 6:35 PM


So the murderer didn't bother to grab the phones
but left them behind at the scene of the crime.
You'd think that if the victims phones had some
evidence worth looking at they would be at the
bottom of the nearby lake.instead of readily
available to the cops. Obviously these needed
to be searched for non-existent clues before
the next donut stop.

High schoolery my dear Watson.

Dirk PraetAugust 12, 2015 7:36 PM

The last line in the op-ed says it all: The safety of our communities depends on it.

In absence of any meaningful empirical analysis that encryption is impeding significant amounts of investigations and LE's coveted "golden key" in practice the digital equivalent of a unicorn, the simple fact of the matter is that the safety of our communities is far better served WITH strong encryption than without.

In this golden age of surveillance, we have two choices: we either give in to the current hysteria and evolve into an Orwellian society where governments, corporations and criminals are lurking over our shoulders 24/7, or we accept the fact that the benefits of encryption also come with a downside in the sense that LE - as in the past - will not always be able to solve cases by means of digital surveillance only.

Perhaps these folks should really try and consider for once that for every example of lives lost or crimes unsolved due to strong encryption, there's probably a thousand others that can be given for crimes avoided and lives saved.

Alien JerkyAugust 12, 2015 8:04 PM

Amazing how in the history of mankind, no case has ever been solved. That is until the invention of the cell phone. Police had no possible way of getting any evidence or information until those devices were invented. To think just a scant 30 years ago, police had no ability to do anything because cell phones were not yet available.

Coyne TibbetsAugust 12, 2015 9:19 PM

I don't think it matters if it might happen in 1 in (3↑↑↑3) times. In fact, I don't think it matters if theres a 1 in (3↑↑↑3) chance of 1 case happening before the heat death of the universe. They just want it because they are the "authoritah" and must have access to everything.

It's so very important to take that mindset into consideration with respect to not only this, but the other things they will do.

For example, if they want this, they will also want recordings of all private conversations. Functionally,

     Accessibility(PrivateConversation) ≡ Accessibility(EncryptedPhone)

Therefore, all private conversations must be recorded:. Every voice phone call, if they can; every second of every day of our lives, if they can. Otherwise, we might communicate something that they cannot overhear, and for them that is simply unacceptable.

And it won't end there, because you might scribble a note, or use sign language, or something else that isn't verbal. So you must be video recorded every second of every day, if they can.

Just as soon as they can, they will place smell sensors downwind of your house (already proposed); chemical sensors in your sewer (already proposed); and microwave radar to watch you through your walls (technology available, merely requires deployment).

Eventually, they will insert a monitoring probe in your brain; all it takes is feasible technology and a pliant legislature.

As the singularity gets nearer, all of these things will become feasible--one by one--and you should just know these people are absolutely slavering at the possibilities for surveillance.

It should scare the pants off you.

no murder victim left behindAugust 12, 2015 9:34 PM

@Alien Jerky, that's an excellent point.

For some reason those facts from the past have been forgotten.

Or maybe the modern coppers are just so incompetent that they need an un-encrypted cell phone on every death scene?

Or maybe there's a general tendency toward a form of "technical totalitarianism", "just because we can (technically), we should (do this-and-that to provide police more info on what happened)".

But eventually this tendency could lead to some "minority report" type of system that attempts to solve crime nearly even before it happens.

I wonder how did they solve murders in 1970s? There must have been some similar case(s) back then as well. Did they track peoples phone calls? I bet not.

no murder victim left behindAugust 12, 2015 9:38 PM

@scott

I think we should have sound and video recording cameras and un-encrypted cell phones everywhere, all connected to some data center (in Utah, I presume).

Then the law enforcement and the rest of the government would be happy and we could forget the rest of this Second Crypto War (of Words).

AlexAugust 12, 2015 10:21 PM

"alongside the body of the deceased: an iPhone 6 running on Apple's iOS 8 operating system"

So, did they even attempt to see if any of his fingerprints unlocked the phone with Touch ID? I don't think I know any iPhone users with Touch ID available that don't use it.

One Time Pad Solution?August 13, 2015 1:23 AM

@Clive, Bob S et al.

Can the Linux home user use the following method for one-time pad encryption?

1. Use /dev/random to retrieve random bits from the entropy pool i.e. not use /dev/urandom due to its non-blocking status

2. Make sure # of random retrieved bits is greater than length of future message e.g. 150 characters or another size

For example in terminal, I imagine something like this for the first two steps

a) cat /proc/sys/kernel/random/entropy_avail

b)

3) Use unique keys produced as one-time encryption keys for future communication purposes i.e. written on single sheet of paper, on hard surface, destroyed after use, never used more than once.

For this purpose in step 3, we elimate any special characters from the series produced.

4) Wiki tells me that modulo 26 can simply be used for encryption/decryption purposes then i.e.

"The material on the selected sheet is the key for this message. Each letter from the pad will be combined in a predetermined way with one letter of the message. (It is common, but not required, to assign each letter a numerical value, e.g., "A" is 0, "B" is 1, and so on.)

In this example, the technique is to combine the key and the message using modular addition. The numerical values of corresponding message and key letters are added together, modulo 26."

So, in their example for encrytion, I would take my new /dev/random key and use as follows:

If key material begins with "XMCKL" and the message is "HELLO", then the coding would be done as follows:

H E L L O message
7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message
+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key
= 30 16 13 21 25 message + key
= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) message + key (mod 26)
E Q N V Z → ciphertext

If a number is larger than 26, then the remainder after subtraction of 26 is taken in modular arithmetic fashion. This simply means that if the computations "go past" Z, the sequence starts again at A.

And the reverse process for decryption:

The ciphertext to be sent to Bob is thus "EQNVZ". Bob uses the matching key page and the same process, but in reverse, to obtain the plaintext. Here the key is subtracted from the ciphertext, again using modular arithmetic:

E Q N V Z ciphertext
4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) ciphertext
- 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key
= -19 4 11 11 14 ciphertext – key
= 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) ciphertext – key (mod 26)
H E L L O → message

5) Communicate with secret person which one-time pad is being over a session of OTR e.g. pg 17 or whatever

6) Send email/document with encrypted message to associate.

Given Perfect Forward Secrecy, I can even use yahoo or gmail and the Stasi with infinite time and resources cannot break down the encryption due to the laws of physics?

Right?

Your input is appreciated.

One time pad?August 13, 2015 1:26 AM

Sorry, that second Linux command to generate random bits was:

/dev/random stdbuf -o0 strings --bytes 1 | stdbuf -o0 tr -d '\n\t '

Simon UnsworthAugust 13, 2015 1:54 AM

Random numbers?? Soon they will have to be banned. You might have to use /dev/nsa_random, which picks a random place to start in the predefined list of random numbers stored at the NSA.

WinterAugust 13, 2015 2:48 AM

They never talk about the cost of backdoors. Not just the monetary cost of the infrastructure. But also the cost of theft and embezzlement, or even murder because people were unable to protect their private lives.

How many people have been victims of serious crimes because their phones where tapped and tracked? How many billions did businesses lose because of espionage by way of weak securities of phones?

Alien JerkyAugust 13, 2015 2:59 AM

@Simon Unsworth

Congress will probably pass a bill requiring all random numbers to consist of sequential numbers starting at 1.

Clive RobinsonAugust 13, 2015 3:24 AM

@ Alien Jerky, Simon Unsworth,

Congress will probably pass a bill requiring all random numbers to consist of sequential numbers starting at 1.

I guess that's marginally better than legislating Pi to 3...

But technicaly there are no "Random Numbers" just "Random sequences of Numbers", and for obvious reasons there's a lot more of those than there are natural numbers.

How ever I suspect even Congress critters will have a think on it when somebody points out to them that "Random Numbers" are what keep the "riff raff" out of their re-election "slush fund" accounts. Then again maybe the good old "Brown Envelope" is back in fashion with lots of green padding, even though it would take an 18wheeler to move it...

Clive RobinsonAugust 13, 2015 3:40 AM

@ Winter,

How many billions did businesses lose because of espionage by way of weak securities of phones?

At least enough to feed the Russian people bread from the grain the KBG manipulated the price down to. Then there are the French... How long a list do you need?

However, it's not a one way street, the US has played dirty politics in business economics for so long now, on the "Do Unto others First" Doctrine, that a cork screw looks straight and true in comparison.

Basicaly any one who can raise the price of a ticket are at this game one way or another, and the ticket price drops at the same rate as the price of technology, so soon your neighbors K12 kids will be watching your every move... Maybe we should just put it on the curriculum like reading, writing and car driving.

PTAugust 13, 2015 3:59 AM

It looks to me that secure encryption will be outlawed sooner than later, no matter how bravely you fight in this war. But it will result in the rise of hidden encryption (like truecrypt hidden containers) and in the coming of age for steganography. Evolution, that's simple.

Btw, anyone interested in injecting some venture capital into a steganography startup? :)

WinterAugust 13, 2015 4:45 AM

@PT
"It looks to me that secure encryption will be outlawed sooner than later, no matter how bravely you fight in this war. "

I think there will be a backlash.

Eventually, it will sink in to those in "charge" of the economy that security matters to the bottom line. Also, it will become common knowledge that the "Metadata do not lie", but the content always does. Therefore, eavesdropping will only work for the innocent.

It is already appearing in discussions that the TLAs of the world spend noticeable fractions of the world's GDP in surveillance and making us insecure, but negligible amounts to protecting their own citizens from common criminals and foreign powers.

That last point will at a certain moment become the center of the discussion.

Because, at the foundation of the nation state lies the duty of the government to protect its citizens.

But I know, in the long term we are all dead.

Clive RobinsonAugust 13, 2015 6:00 AM

@ Bruce,

Perhaps a look at the MO of the police and not the criminal will tell you something about why they are scared of technology in other peoples hands.

What most people think incorrectly --and encoraged by LEOs-- is that the police find pieces of evidence and perform scientific analysis on them and when the criminal is presented with the scientific facts he caves in and admits to the crime.

The common place truth is way way different to this, the simple fact is even though evidence might be collecymted most crimes are not investigated that way. No the police go out and "shake the tree" and wait to see what drops. Most often a criminal is so blatent that the police know who they are, or are stupid enough to brag about their crime and get "grassed up" by another criminal.

The mistake most criminals make is not planning what to do after their crime to avoid these problems, worse many hang onto the proceads of their crime as they have not worked out how to get rid of it quickly and for sufficient money, so they get caught with the proceads on them or in their homes etc.

Basicaly the police succeed by being slightly less stupid than the criminals. And I'm not being unfair here the simple fact is forensic examination is eye wateringly expensive and is normaly only used as a last resort when the police are fairly sure they can justify the expense and not have the results side stepped by a clever legal representative. The exception being political cost crimes, that is high profile that newspapers front page it and politicos get asked questions.

Thus what realy scares the LEOs when they talk about "going dark" is technology that makes rank and file criminals effectivly smarter and thus make their OpSec better.

As you point out 15years ago mobile phones were not ubiquitous and the Police realy did run scared of "burner phones" because they did not understand the technology sufficiently to see it's weak points. Now they understand them better than the majority of criminals and thus have the upper hand again, due to the criminals lack of understanding. However in that gap where criminals stopped meeting face to face and thus did not get seen or overheard by potential grasses "shaking the tree" stopped working.

Thus one of the primary drivers of the crypto-wars is "fear of the unknown" by the LEOs, and this often gets hitched to "rent seeking" behaviour by those who wish to profit by stiring up that fear.

It does not matter how many of these crypto-wars we win because it will just come back again and again and again, with every step technology takes there will be LEOs with a "fear of the unknown". There are three things we can do,

1, Keep fighting.
2, Slow or stop technology developing.
3, Capitulation.

Nobody realy wants option 2, and only the power crazed tyrants want option 3. Thus the first option is the only sensible course of action.

The problem with fighting is it's usually very destructive and grossly inefficient and the outcome is usually not what either belligerent wants. Because just as technology is the cause of the war by creating the driving fear by it's uncertainty, it's that uncertainty that causes battle plans to fail. Usually the victors are those that embrace the technology in the best way, though these days victories are usually piric in nature because the mastery of the technology is evenly matched.

As has been noted in the past the best way to win a war is to not fight it in the first place hence such statments about "winning the peace". Almost invariably the way to stop a war before it starts is to modify behaviour to remove the driving fear, and that is usually best done by education. Unfortunately in any two sided conflict there is one or more third party players proffiting by it, so education alone is not sufficient, you have to remove the profit as well.

Thus we have to identify primarily who is profiting and what their profit is and remove it in some way, at the same time as demonstrating the fears are groundless or manageable.

Endlessly demonstraiting that a proposed solution can not work is preaching to the choir not wining the hearts and minds of those with fears, nor is it negating the profit the rent seekers are chasing.

The best solution usualy involves ridicule of the rent seakers. Clipper got defeated because it was shown to be a stage managed lie with significant vested interests, those pushing it realised the game was up and just how much more potentialy they had to lose, so they voluntarily left the field to regroup and protect what they had knowing there would be future less public wars they could and did win which is why we are where we are.

Thus the question we should be looking to answer is why are they asking for the impossible, what is their real target they hope to archive by it. Because one thing I'm sure of this "front door", "Golden Key" nonsense is at best a side show, more probably a lightening rod, on the theory of "give a hollow victory to steal the real prize" it is after all what stage magicians and shell game con artists do all the time.

WinterAugust 13, 2015 7:27 AM

@Clive
"No the police go out and "shake the tree" and wait to see what drops."

And far too often the police are not very discriminate about whether what drops is actually guilty or not.

When the police is pressed for "success", the question becomes sometimes not so much whether there is a suspect who can be proved to be guilty, but whether someone can be found whom the police can get convicted in court.

There have been horrendous tales about such LEO behavior during the Thatcher years in the UK.

Aeyoss AntelopeAugust 13, 2015 11:19 AM

I just re-read the piece on "Cost of Key Recovery" Abelson, et.al. from the 90s...no new arguments now...no new issues now (except maybe Moore's Law)

blakeAugust 13, 2015 12:04 PM

@Winter, @Clive:

The Adversarial legal system we have (at least in the US / UK) makes the role of the court less about finding the truth, and more about deciding between two stories from very opposed parties. The police answer to the state prosecutors, who are providing one of these stories, and have no vested interest in establishing the innocence of the defendant because someone else is working on that.

It would be interesting to get a view from France. There the courts apparently operate in the Inquisitorial manner of being directly involved in obtaining the facts of the case, rather than just trying to decide which of two polar opposed stories carries more weight.

"Peter Murphy in his Practical Guide to Evidence recounts an instructive example. A frustrated judge in an English (adversarial) court finally asked a barrister after witnesses had produced conflicting accounts, 'Am I never to hear the truth?' 'No, my lord, merely the evidence', replied counsel." - https://en.wikipedia.org/wiki/Adversarial_system

albertAugust 13, 2015 12:31 PM

Boo-Hoo, I can't solve a crime, because the whole world isn't cooperating with me.

This op-ed is a clear example of propaganda at work. Aside from mentioning 'terrorism' twice (which is de rigueur nowadays), here's an example:
.
"...The new encryption policies of Apple and Google have made it harder to protect people from crime...". LOL, how does that protect Ray C. Owens? Oh, it doesn't. The next guy? He's as good as dead, if the perp continues his MO. No, it might 'make it harder' for prosecutors to punish the perps.

While we're at it, let's take: "...The safety of our communities depends on it....".

I'm not going to take the time to pick apart the whole thing. Yet again, here's a situation where all the facts aren't known to us.

A sales manager once said to his salesmen: "Now I'm tired of hearing all your excuses about why you can't sell. Can anyone tell me why you CAN sell?" Apparently, none had ever thought about it.

Oh, and they left out "think of the children", an oversight, I'm sure...maybe next time...

. .. . .. o

Clive RobinsonAugust 13, 2015 1:03 PM

@ Winter,

There have been horrendous tales about such LEO behavior during the Thatcher years in the UK.

The reason we got to hear about them, was that the methods the Police used to do it were well behind the times, and had the assumption that judges would not alow the police to be properly examined in court. Thus the police got caught by the changing times, and thus they had to up their game. The simple fact is that the police still fit people up, but it's getting harder to show.

For instance a police officer decided to have a "we know you did it and we will lock you up forever" chat with a young suspect in the back of the waggon on the way to the station. The officer made certain threats to the suspect and then denied them in court under repeated cross questioning and colleagues backed the officer up. It was only when the young suspects barister played the mobile phone audio recording of the conversation back in court that the judge wised up as it where.

It's to stop this sort of self defence that some police officers want backdoors into phones etc, so they can destroy evidence that can be used by a defendent to show their innocence.

@ Blake,

The police answer to the state prosecutors, who are providing one of these stories, and have no vested interest in establishing the innocence of the defendant because someone else is working on that.

You are well behind the times on that. These days the Police "answer" to their "pay masters" not the "prosecuters", never ever make the make of thinking the police are impartial they are not, they have politicaly set quotas to meet, just like teachers, doctors, and all others payed from central taxation.

Further for most defendents they have to use "state aid" for their defence, thus they have no say in what happens, again it's the "pay masters" calling the tune via politicaly set quotas. So again never ever assume those representing the defendent have any interest in establishing their innocence, they are by and large just "going through the motions" to get onto the next case "to fill their quota".

If you look in the UK you will find that those who provide legal services to ordinary defendants from the public purse often earn less than London Transport drivers, and work considerably longer hours as well. And the current Justice secretary, has no legal training and is looking to reduce the legal aid bill to zero or less as political ideology.

There is an expression called "rights stripping" the current political ideology is that this is a good thing. Or in other words justice is just another "free market" where you get what you pay for and the Goverment takes a slice of the action one way or another, and if you can not pay the piper tough you go to jail. Thus jails are now being turned into private "debtors prisons", by which others profit vastly, something history tells us is very very bad, not just for those imprisoned but the majority of society as well.

Sancho_PAugust 13, 2015 5:48 PM

@Clive Robinson wrote:

”1, Keep fighting.
2, Slow or stop technology developing.
3, Capitulation.”

There is another option:
4, Ignore it.
('cause they can't stop it)

DaveNAugust 13, 2015 6:02 PM

How long does it take to clone a locked cell phone, and brute force the 4-digit PIN against the clone? I'll bet it's not as long as it took Vance and his cronies to write that op-ed.

cynicalAugust 13, 2015 9:58 PM

Crime solving is methodological as we know. The police keeps lists of known criminals, prime suspects, and persons of interest, which the cross examine with field evidence. It is as much about profiling as it is about forensics.

Thus laying a web has been a well practiced paradigm when it comes to catching, or luring, crime bugs out of their hideouts.

rgaffAugust 14, 2015 12:19 AM

@no murder victim left behind

Storage of the world's data doesn't need the massive data center in Utah. Massive storage is perfectly happy being distributed all over the world in massive numbers of far cheaper smaller data centers, and any time you need to query it, your query simply goes around the world and you get back all the results, easy peasy. What needs massive storage in one place is a giant factoring sieve to break all weakish-but-thought-secure-enough encryption, I'm sure. This is the purpose of the distraction of "hey, we gotta have unicorns, we're going dark" to keep us from investigating that!

MikeAugust 14, 2015 2:11 AM

Short of the Ill. victim taking a picture of his assailant with his iPhone before the crime, I don't see much evidence that could be obtained by examining his cell phone that would be of value. They obviously have the last-known contacts and metadata--what other evidence could be on the phone, aside from maybe people he associated with and places he'd been? Good old-fashioned police work could be used to figure that stuff out.

Clive RobinsonAugust 14, 2015 2:58 AM

@ rgaff,

... your query simply goes around the world and you get back all the results, easy peasy.

There is a problem with this, which is you have to consider what another similarly equiped attacker could learn.

In the case of a massive data store, all you see are vast collections of data going in, much like an astronomer views a black hole. And little or nothing coming out, thus your ability to infer further information is extreamly limited.

In the case of distributed points, the attacker can see the much more limited information going in, and also queries going in and results coming out. Whilst the queries and results may be encrypted the limited raw data is not.

Thus the third party can in theory correlate enquires across several nodes and look for commonalities in the raw data that could quite easily leak information on the enquires, thus there is a much greater scope for inference with a distributed system for an external passive attacker.

At the turn of the last century, I used to work for a company that was involved with citation and other databases used by research companies. Protecting enquires from "industrial espionage" is a very major concern for drugs companies and likewise other commercial research organisations. Thus they were happy to pay top dollar to get their own private copies of otherwise public databases to keep any knowledge of their search queries private. Back then I was looking at the design of globe spanning fault tolerant multi user databases and their complex access, licence and security models. I was hoping to use the work as a PhD thesis, however I had troubles finding an academic supervisor for various reasons I've mentioned in the past, so what would have otherwise been a golden oportunity for both them and I was lost...

rgaffAugust 14, 2015 12:11 PM

To be fair though, I was thinking of all-government-controlled end points in my distributed search example, so end-to-end encryption would control outside attacker view of it to a great degree... outsider attackers would still see volume of queries/results though, just not the contents. And then there is still the issue of weak end points, where the outsider gets inside...

Oh! So encryption is valuable to the government after all? hmmm... :)

SkepticalAugust 15, 2015 3:49 PM

We've heard that 74 number before. It's over nine months, in an office that handles about 100,000 cases a year: less than 0.1% of the time.

The total number of cases handled by the Manhattan DA's office isn't the relevant number here. The 74 cases cited apparently include at least one involving attempted murder - there are a few orders of magnitude less than 100,000 cases involving attempted murder.

More generally, their point isn't about the 74 cases, or the case from Illinois, but rather what we can extrapolate. Suppose nearly all phones implemented security that could not be penetrated by law enforcement, save by the application of immense resources over a significant period of time.

Is that a desireable state of affairs? If not, why not? What prevents that state of affairs from becoming reality, other than the voluntary actions of companies?

I also think the standard you're using to measure the potential damage - whether one could not collect sufficient evidence to identify and convict criminals but for access to encrypted data - will underestimate that damage.

Investigations are not perfect, mistakes happen, opportunities are missed. Law enforcement resources in many localities are limited, even and especially those with high rates of violence. So anything that significantly increases the difficulty of collecting sufficient evidence could also increase the number of crimes that go unpunished.

None of that of course is conclusive as to any question concerning public policy. Lots of things that make it harder to identify, arrest, and convict criminals are also things that we value very highly and that we believe are worth the cost.

But this should be a category of costs that is given real consideration by those making, selling, and otherwise publishing certain products. Contrary the impression certain media outlets give, this isn't all about evil-NSA vs. righteous-civil-libertarians.

Gerard van VoorenAugust 15, 2015 4:35 PM

@ Skeptical,

Is that backdoor only limited to the FBI or NSA? What about The Netherlands? Should the AIVD has access or the local police? Now what about dictatorial regimes?

If FBI or NSA only, why should I buy American phones?

Gerard van VoorenAugust 16, 2015 2:49 AM

@ Sancho_P,

Ignoring is an option, but then I would still prefer the opt-out option. If it isn't there it also can't be misused. Besides that, it also doesn't feel like "surrendering to the system", which ignoring does.

SkepticalAugust 16, 2015 11:11 AM


@Gerard: Whether a company is legally required to include some type of access to a government depends upon the laws of each country in question. The PRC and Russia likely have very different requirements than the Netherlands or the United States, for example.

But note that I did not include any particular policy prescription. I simply said that the trends are worth considering, that it's worth considering what type of world we want, and that the category of costs described in the op-ed are real and should be factored into the design of any public policy or product design.

From an ethical vantage, and assuming that data and communications could still be secured at a satisfactory level of confidence (big assumption, hence italics), I have no problem with a company providing lawful access to the US Government, since commercial espionage is not an issue and the US has a robust legal framework that is highly protective of individual rights. The same would be the case for many other - though not all - democratic governments.

Indeed, quite frankly, using the same assumption above, I think it to be ethically obligatory to help provide lawful access in certain places and in certain cases.

The ethical question becomes much more complicated for other countries. In some cases, the best decision may simply be not to sell one's product in certain countries.

@Sancho: It’s not what you / we / whoever want, it’s what is realistic.

It's both.

We need to evaluate both what is feasible and what is desirable. And remember that these two things are intertwined.

So I think it's a reasonable question to ask whether we would want a world where most communications and data is inaccessible to law enforcement with a warrant. If we really don't want such a world, we should ask what stops us from reaching it, other than voluntary decisions by companies and developers or the actions of governments.

Gerard van VoorenAugust 16, 2015 12:19 PM

@ Skeptical,

I am not talking about ethics. Ethics are entirely blown away today. I am also not talking about laws. Laws can and will be changed at any times.

I am talking about practicality. The world is a lot larger than the US. I am from the Netherlands which is part of the EU. I have nothing to do with the US.

So let's return to the issue. From what I am reading is that you say that each country should have it's own back door. Russia and China have "very different requirements". How do you think this should be implemented? Let's say I buy a phone in Switzerland and I drive home by car to The Netherlands. Should the Swiss handle over their keys? When I drive home I pass 4 countries. France, Belgium, Luxembourg and Germany (a small bit of country seeing). Should the Belgians have access? Which Belgians? Am I being informed about this? And what if the phone company head quarters is based in Qatar? Now I visit Russia. Can you guarantee the mafia isn't watching?

This looks to me like an universal back door that anyone but me can spy on. This is the question that should be solved. After that the ethical and legal questions. I am waiting for clear answers.

Clive RobinsonAugust 16, 2015 2:48 PM

@ Gerard van Vooren, Skeptical,

I am not talking about ethics. Ethics are entirely blown away today. I am also not talking about laws. Laws can and will be changed at any times.

You should be talking about "capabilities" and "defence" which are given as the root causes for the race to the bottom we see.

No matter how immoral, vile or evil something may be there is always some one who is going to go there. Unfortunatly such people tend to sit towards the top of hierarchies of power such as Church, State and International Corporations. They stay there because they tend to ensure that they have sufficint like minded or authoritarian followers around them.

The problem is that once one of them develops what is or can be portrayed as an offensive weapon of this form "the cat quickly gets out of the bag" and the clamour starts.

Even if people of better moral concence are going to say "no" they will be easily woked around or removed. One such method is FUD, you put a fear in the common mind, and you keep it there by various tricks, and anyone who opposes it is quickly portrayed as a villain of some sort most often one who is selling out on "saving the children" or other logical fallacy. The problem is those peddeling the FUD appeal to illogical emotion not logical fact. Few people run by logical fact, and if they do they are seen as "cold" thus calculating, thus evil...

The clamour usually works on the "if they've got it I need it" principle which is also called "proliferation" because everybody assumes if you have a capability you will use it (otherwise why did you develope it in the first place?). The problem is that even if the capability is a "bag of broken bolts" other people will develope their own version on the assumption "we've just got to get it right" or "it needs more input" etc etc etc.

And thus proliferation is usually acompanied by "escalation".

However another element enters the picture at some point somebody asks "the doomsday machine question" of "How do we stop others getting this new capability we are developing?". The answer is of course secrecy oppressively enforced. And such secrecy stops the usuall response to any "bag of broken bolts" projects.

There is another aspect to consider which is the mental process that underlies "a gamblers lucky streak delusion". No matter how bad a bag of broken bolts any given project is it will have random successes, such is the way nature usually works. A gambler will obsesivly see such random wins as proof their idea is right and just needs adjustment... When tied to secrecy it enables them to show just the random wins as successes not the billions of fails... And if challenged they will start talking about complexity and how the chalanger does not have sufficient information yardy yardy... and if the questioner pushes for that information they get stymied / checked by the necessary secrecy because we don't want other people using this capability against us...

I could go on further, but this is the way things tend to work.

SkepticalAugust 16, 2015 5:36 PM


@Gerard: From what I am reading is that you say that each country should have it's own back door.

No. I did not say that, and in fact I said that I think companies should decline certain types of cooperation with certain governments altogether, even if it means that company is excluded from a given geographic market (some people tell me that this would be a violation of management's duty to shareholders to maximize profits - which is true neither legally nor ethically, and is more often than not used by management as a convenient excuse for avoiding what is in fact a moral choice for which they are responsible).

So we clearly have a failure to communicate. Let's rewind.

I made no policy prescription here. I did not say that any country should, or should not, legislate the inclusion of some form of lawful access into the design of certain products. I made points about whether the concerns raised in the op-ed are valid.

You then asked me that - assuming that legislation mandating some type of lawful access DID exist - how would the problem of access by foreign govvernments be handled. Would foreign governments be able to use the same lawful mechanism that - hypothetically in your question - were implemented in the United States?

My answer is that different nations already have different laws and requirements regarding the degree to which certain classes of product must be accessible to law enforcement. What the Netherlands requires differs from what Qatar requires which differs from what Russia or China might require.

Thus the company formerly known as RIM made certain modifications to the usual operation of certain classes of its mobile products and services in order to be able to sell them in Qatar and India (and others, if memory serves). But those modifications did not apply elsewhere.

I don't see why this would be any different for the type of US-specific mandate vaguely alluded to in your question.

So let me emphasize that point again: Nations already have in place different laws and requirements regarding the kind of access to a product that a company must provide them in order for that company to legally sell or distribute the product within the respective jurisdictions of each nation. Companies already deal with those differences.

There are many ways for a company, or a non-profit, or an informally associated group of developers, to design things such as that - if needed, if lawful - they are able, with the assistance of law enforcement who will have capabilities that they do not, to enable lawful access in targeted cases. That might vary by the existing design and characteristics of the product, and it might vary by the additional law enforcement resources needed to facilitate the access.

There are two big questions: (1) what types of design would provide satisfactory security against unlawful access, and (2) given the constraint of (1), what would the benefits of those designs actually be?

Now... there is no free lunch. It may be that, subject to the constraints we would want to impose, such designs are only feasible for certain classes of product and information, and for certain levels of government assistance, e.g. perhaps for mobile communications when the FBI or NSA is able to provide substantial assistance but not for data at rest period and not for mobile communications if the only assistance available is that of a local and underfunded police department.

As to countries from which you'd want to purchase products where privacy is concern... well, obviously supply chain risk isn't as easy as looking at the country where a product may have been assembled. But let's say that it is. If I were concerned about commercial espionage, I'd be wary of buying from nations the governments of which practice commercial espionage in my industry. If I had relatives or friends in non-democratic countries who could easily be imperiled by speech critical of the governments or important persons in those countries, I'd be wary of buying from those countries.

Sancho_PAugust 16, 2015 6:37 PM

@Gerard van Vooren,

There might be a misunderstanding, I don’t mean surrendering (point 3 of @Clive’s options), but likely I did not understand what you wrote. Probably my post was too short.

I meant to ignore the questions / requests for lawful access / backdoored encryption because the whole idea is so absurd that it’s not worth the time.

The protagonists avoid to clearly define (“prescribe”) what they mean and hint to “consider” the consequences if we not … Additionally they ignore any and all arguments that clearly show that the basic idea is insane in the first place.
The whole “discussion” distracts from the very urgent question “Why are people increasingly aggressive and can we stop that before doomsday?”.

@Skeptical

Sorry I think your question isn’t reasonable because you ask for “most” comm and data but you mean “the very sensitive = evil” comm data which is quite a difference.
You want to access Mahmud’s comm but you go for Alice and Bob.

What stops you from reading my comm is that it is mine, not yours.

Gerard van VoorenAugust 17, 2015 5:31 AM

@ Skeptical,

> There are two big questions: (1) what types of design would provide satisfactory
> security against unlawful access, and (2) given the constraint of (1), what would the
> benefits of those designs actually be?

Like I said before, laws can and will be changed at any times.

But okay, I know your position. Let's take it one step further. Tomorrow the FBI or any nations equivalent wants full access to all encrypted drives because they want "100% security" (ever heard of that one?). What is your position when it comes to that? More in general, at what point do you think they go too far? They are the ones that are pushing the envelope right now. Can they go too far? What liberty are you willing to give up?

SkepticalAugust 18, 2015 12:44 AM


@Gerard: Like I said before, laws can and will be changed at any times.

No, they can't. You're not ascribing sufficient reality to cultural, economic, and ultimately political constraints. That law X can be changed by a vote of z/6ths of a legislature doesn't tell you much about whether the law is likely to change. The legal requirements for repealing Prohibition were the same as repealing the First Amendment, but I assure you that they were never remotely close to being equally likely.

There is a false assumption lurking in many writings on these topics that somehow policy and legal limitations on powers should be less respected or are less important than technical limitations. They're not.

We're human beings. We live in a social reality. Those policy, legal, and cultural limitations are just as real, and frequently more powerful.

You cannot design a technology that ensures individual rights will be protected regardless of what government does. But you can leverage a robust civil society, tradition of humanism and liberalism, and strong institutions that support rule of law, to provide that protection.

Tomorrow the FBI or any nations equivalent wants full access to all encrypted drives because they want "100% security" (ever heard of that one?). What is your position when it comes to that?

I think the FBI would be the first to say that 100% security is not achievable. And I think everyone would agree that one must weigh the costs of lawful access mechanisms against benefits.

More in general, at what point do you think they go too far? They are the ones that are pushing the envelope right now. Can they go too far? What liberty are you willing to give up?

I've yet to give up any liberties Gerard. As to your other quesions, of course parts of government can go too far - that's why it's important to have checks and balances. Parts of government went too far in the US before, a story frequently told. Less frequently emphasized is what happened next: the other parts of government checked them - indeed, they quite frankly eviscerated the capabilities of certain intelligence services.

Dirk PraetAugust 18, 2015 4:05 PM

@ Skeptical, @ Gerard van Vooren


Like I said before, laws can and will be changed at any times.

No, they can't.

Oh, come on. Stellar Winds was illegal. It was retroactively legalised years after it was instated, including immunity for the telecoms doing the NSA's dirty work for them. No one in office was ever held accountable. The FISC secretly (re)interpreted sections of the Patriot Act, and undoubtedly of other laws too. When some of them were recently struck down, the FISC simply overruled them. USA Freedom replaced other portions of it. CISA is lurking around the corner. Never in the history of the US has there been such a surveillance-friendly legislative framework. And because of a major shift in societal and political perceptions of reality post 9/11 (referred to by some as "post-traumatic stress disorder").

The US is not even alone. France has recently adopted draconian surveillance legislation. The Netherlands are in the process of doing the same. There's the Snooper's Charter (DRIPA) in the UK. And the list goes on.

But you can leverage a robust civil society, tradition of humanism and liberalism, and strong institutions that support rule of law, to provide that protection.

I'm sure Julian Assange, Chelsea Manning and the scores of unarmed folks getting shot by US police on a nearly daily basis will agree to that. So will the likes of Aaron Swartz and anyone who in recent history saw fit to snitch on the USG. Occupy Wall Street ? Domestic terrorism, according to some TLA and LE manuals. Short of overtly terminating said folks (err, wait ...), I don't see a lot of difference with what Chinese and Russian authorities are doing.

... the other parts of government checked them - indeed, they quite frankly eviscerated the capabilities of certain intelligence services.

As far as I know, the last time that happened was in the seventies with the Church Committee. We've come a long way since. In the Iran-Contra gate affair, Ollie North received immunity and Weinberger was pardoned by Bush. Today, the DNI can lie before Congress and get away with it. Enhanced interrogation techniques, abductions, secret prisons ? No problemo. The congressional select committees in charge of overseeing the IC are their biggest fans (with some notable exceptions). Last time they roared was when the CIA got caught red handed spying on their own activities. And you know what? They too got away with it. Not even a formal apology from Brennan (only a draft). The message being conveyed here is very clear: the IC is above the law and no one either in the executive or the agencies themselves can be held accountable. Because of - drumroll - terrorists !

You then asked me that - assuming that legislation mandating some type of lawful access DID exist - how would the problem of access by foreign governments be handled.

I believe @Gerard has a valid point asking which jurisdiction - and consequently which "legal access" - will apply in the case of, say, a US citizen living in Belgium, working for a Japanese company and traveling through Poland using an iPhone bought in Finland with an Icelandic ISP.

And I think everyone would agree that one must weigh the costs of lawful access mechanisms against benefits.

Yes, indeed. Comey and Cameron have been asking a series of pertinent questions regarding lawful access to encrypted communications and devices. Bruce & co. have given them a clear answer: it's neither feasible nor desirable. I have yet to hear any subject matter expert testify to the contrary. It's really up to LE to come up with valid solutions that do not compromise the safety and security of the public at large. And it would definitely not hurt to perhaps provide some additional empirical analysis and statistics for their case, because at this time it does appear that the risks associated with any type of "lawful access" far outweigh the small amount of cases where such access would have been essential.

BoppingAroundAugust 19, 2015 9:14 AM

[Off-topic] Dirk Praet,
> The Netherlands are in the process of doing the same

What's going on there?

SkepticalAugust 19, 2015 9:48 PM


@Dirk: Stellar Winds was illegal. It was retroactively legalised ... The FISC secretly (re)interpreted sections of the Patriot Act, ... CISA is lurking around the corner.

None of which weakens my point. Laws cannot be changed on a whim - the FISC decisions were neither whimsical nor beyond appeal - and it required 9/11 for the Patriot Act to come into existence at all.

Never in the history of the US has there been such a surveillance-friendly legislative framework.

Completely wrong. Some decades ago surveillance for national security purposes could occur without oversight from either of the other two branches of the US Government, and decades before that restrictions on wiretapping were minimal. Even with the turmoil wrought by 9/11 and the challenges posed by modern communication, there's a thick mesh of law and regulation that limits and shapes how the US Government can carry out domestic surveillance.

Foreign surveillance is a different creature entirely, but that's nothing new.

I wrote: But you can leverage a robust civil society, tradition of humanism and liberalism, and strong institutions that support rule of law, to provide that protection.

You replied: I'm sure Julian Assange, Chelsea Manning and the scores of unarmed folks getting shot by US police on a nearly daily basis will agree to that. So will the likes of Aaron Swartz and anyone who in recent history saw fit to snitch on the USG.

That's a bit like saying that Putin enjoys freedom from government oppression, so therefore most Russians do as well.

Look, most police officers in the US will never discharge their weapon in the line of duty.

Assange is in Britain, in the Ecuadorean Embassy, evading a Swedish warrant to question him in connection with allegations of criminal acts in Sweden.

Manning released hundreds of thousands of cables containing no evidence of wrongdoing - quite the contrary, showing the US to be genuinely concerned about human rights - but revealing classified information, violating his oath, failing in his duties, and betraying his country and those with whom he served. Schwartz is a tragic case, but was offered minimal jail time by prosecutors - they did not pursue a draconian punishment.

As for whistleblowers, the attorney for the Department of Justice who dropped a line to the New York Times regarding the warrantless wiretapping program faced no criminal charges.

Occupy Wall Street ? Domestic terrorism, according to some TLA and LE manuals. Short of overtly terminating said folks (err, wait ...), I don't see a lot of difference with what Chinese and Russian authorities ...

Forgive me, but what utter bullshit. Do you know how many months Occupy Wall Street took over a public park? How many resources were deployed to protect those protesters from being the TARGETS of violence? Do you know of the US Government encouraging private gangs to attack the protesters, of the US Government censoring twitter and social media accounts from those events, or of the US Government simply banning references to certain events and principles as incompatible with state security?

It NEVER looks good when the police ultimately have to clear a public park by force, particularly when many in the crowd were intent on provoking a violent confrontation - and I really don't care to read any bullshit to the contrary, having seen more than sufficient evidence of the fact.

But comparing it to the way the PRC handles protests, or Russia, is really absurd. I encourage you to speak to some in those countries who have actually attempted as much.

As far as I know, the last time that happened was in the seventies with the Church Committee. We've come a long way since. In the Iran-Contra gate affair, Ollie North received immunity and Weinberger was pardoned by Bush. Today, the DNI can lie before Congress and get away with it. Enhanced interrogation techniques, abductions, secret prisons ? No problemo.

Yes, that's when the time of an intelligence community without oversight came to an end - and the counter-reaction quite nearly eviscerated their capabilities. As to Iran-Contra - yes, it's an example of a scandal, which ended careers, enabled high-ranking officials to barely escape prison by virtue of a not-certain pardon, and resulted in massive shakeup at CIA. Unfortunately the death of Casey precludes some of the details from being filled in. It's hardly a tale of officials flouting the law without consequence or risk. But - in any case - this is a complicated subject. Suffice to say that even well-regulated systems will have their share of scandals.

The congressional select committees in charge of overseeing the IC are their biggest fans (with some notable exceptions).

This varies by the personalities on the committees and those from the IC who speak to them. I can say that while things seem to have improved from earlier days, the relationship frequently - based on what I've read - seemed to me to be antagonistic, and one rife with breakdowns in communication.

Last time they roared was when the CIA got caught red handed spying on their own activities. And you know what? They too got away with it. Not even a formal apology from Brennan (only a draft). The message being conveyed here is very clear: the IC is above the law and no one either in the executive or the agencies themselves can be held accountable. Because of - drumroll - terrorists !

Dirk, the enhanced interrogation program ended. Several criminal investigations took years to close. Some were prosecuted. Others lost careers - others lost much less. Thousands of pages of reports, detailing some fairly awful (if also fairly isolated) practices, were compiled and released to the general public.

Think you'll find that in a nation like Russia? Good luck. Think it means that the IC is untouchable? Not if you're one of the people subject to having your career stunted, possibly ended, and facing criminal investigations (which are not fun, regardless of outcome).

Listen - it is vital to the IC that they obtain Congressional buy-in to many of their programs. Vital. Congress has enormous leverage over what the IC does and does not do.

I believe @Gerard has a valid point asking which jurisdiction - and consequently which "legal access" - will apply in the case of, say, a US citizen living in Belgium, working for a Japanese company and traveling through Poland using an iPhone bought in Finland with an Icelandic ISP.

I'm not sure why you assume that a lawful access mechanism must be designed to work with every government in every conceivable situation.

SkepticalAugust 19, 2015 9:51 PM


@Dirk: Yes, indeed. Comey and Cameron have been asking a series of pertinent questions regarding lawful access to encrypted communications and devices. Bruce & co. have given them a clear answer: it's neither feasible nor desirable.

No, they've been told by one group - who to their credit stated at the outset that their criticisms were limited and based upon certain assumptions, as there currently are no specifics - that certain requirements of lawful access systems would carry heavy costs. Many of those points are good. However those points may not apply for lawful access systems not considered by the paper. That's not a criticism of the paper - the authors can't be expected to examine every possible system - but it is a genuine limitation.

What's telling to me though is that they did not bother to offer an alternative. "Hey, law enforcement and intelligence community - your dream system isn't possible. But here's a second-best solution that might actually work...." I never see opponents of lawful access systems making such proposals - in fact I usually see them denying that there's even the possibility of a looming problem.

But look, we can either try to design secure systems that also give due weight to the legitimate needs of law enforcement and intelligence (yes, intelligence - because not every government exists on an equal moral standing), or we can design systems and let governments do what their duty compels them to do: find covert and clandestine means of obtaining access to those systems anyway.

That's a recipe for an arms race.

Here's what people don't get:

the system that no one seems to be even bothering to research or brainstorm is one that ENDS the war and that produces a COINCIDENCE OF INTEREST among various parties.

It's a system worth trying to develop - not something that should be dismissed out of hand on the basis of a few far-reaching assumptions about its necessary capabilities and design features.

Gerard van VoorenAugust 20, 2015 2:37 AM

@ Skeptical,

> None of which weakens my point. Laws cannot be changed on a whim - the FISC decisions
> were neither whimsical nor beyond appeal - and it required 9/11 for the Patriot Act to
> come into existence at all.

So desperate times call for desperate needs? Aren't you forgetting the tremendous amount of fear mongering and the invasion of Iraq, which did cost at least **30 times** as many lives than 9/11 did cost? And 9/11 was by itself an act of revenge. And the fact that the aftermath of the US led Iraq war is today still clearly visible, with millions of people on the run. Why isn't the US taking any of these refugees btw?

But the point I want to make is that laws are there for a reason and they shouldn't be allowed to change when idiot fear mongers like G.W.Bush and Cheney are looking for opportunities. It's *then* when laws should be abided, not altered. The same with rights.

> But look, we can either try to design secure systems that also give due weight to the
> legitimate needs of law enforcement and intelligence (yes, intelligence - because not
> every government exists on an equal moral standing), or we can design systems and let
> governments do what their duty compels them to do: find covert and clandestine means
> of obtaining access to those systems anyway.

An equal moral understanding to what? Don't kid yourself. Do I have to repeat the word Iraq and the trajectory to that? And you even re-elected that murdering and lying administration. Moral? Yeah right.

But you do want governmental access of encrypted systems. Then I ask: Can the government itself protect their own systems? At the moment this question has been answered with "Yes, we have formal proof that these systems are unbreakable, even from a 5 dollar monkey wrench threat or from social engineering," maybe then you could start to think about your request. Or do you want another OPM hack?

The thing is, if there were solid solutions they would have been suggested already.

Gerard van VoorenAugust 20, 2015 2:56 AM

@ @ BoppingAround, Dirk,

Here is a picture of the Dutch administration ;-) The guy in the middle of back row is Secretary of Interior Ronald Plasterk (look at the wire). I have to say he has some scary ideas. Another guy who is fooling himself is the guy on the right in front row, Secretary of Justice and Security Ard van der Steur. Just look at his Twitter account and search for the word wiet (weed).

Clive RobinsonAugust 20, 2015 4:11 AM

@ Skeptical,

However those points may not apply for lawful access systems not considered by the paper. That's not a criticism of the paper - the authors can't be expected to examine every possible system - but it is a genuine limitation

Stop uselessly clutching at straws, your argument does not fly and is actually quite insulting.

It is long known that there can not be a reliable technical solution to lawful access to the information in communications as long as humans remain humans.

Any method of encryption is actually a method of information transport or communication, this is a fundemental axiom.

Any method of information transport or communication can carry another method of information transport or communication, which is another fundemental axiom.

The number of ways of transforming information by encryption is unbounded, yet another axiom.

Thus it can clearly be seen that not only is any communication capable of carrying another communication it is capable of carrying an encrypted communication from an unknown --to an observer-- method of encryption.

But importantly there is no theoretical limit on just how often you can put a communication within a communication, so it is not possible to know when you have reached the actual information.

That is, as the number of ways of encrypting information is unbounded then the number of channels within channels is also unbounded.

Thus if I were to send a single bit pattern or number to another person, which you observed, you have no way of knowing what it means as all meanings are equiprobable (look up One Time Pad proof of security).

That is not only could the number represent a charecter from an alphabet unknown to you, it can also be a key to whole sentance, paragrah, book, etc which is also unknown to you. Without further knowledge you have no way to know it's meaning, because the number of meanings is unbounded.

So what ever technical solution you come up with a pair of colluding humans could game it to carry a secret or covert message. (look up the communicating "prisoners problem" and the work of Gustavus J. Simmons and others that gave rise to covert and sublimina channels).

The only way to stop this "gaming" is to prevent the use of the human mind...

Thus the simple and brutal truth is their can be no lawful access via backdoors or other technical means.

So as this is actually well known you have to ask what Comey and Cammeron are / upto. Because it's impossible to do what they are asking...

Nick PAugust 20, 2015 12:01 PM

@ Gerard

"Then I ask: Can the government itself protect their own systems? At the moment this question has been answered with "Yes, we have formal proof that these systems are unbreakable, even from a 5 dollar monkey wrench threat or from social engineering," maybe then you could start to think about your request. Or do you want another OPM hack?"

Oh no, it won't be that good. Check out their new Commercial Solutions for Classified Program. Common Criteria and GOTS (esp Type 1) have been too cumbersome. They need to speed up use of COTS products in high risk situations. So, the fact sheet says new program certifies against a Protection Profile (EAL1), spends only 90 days of black-box evaluation, and they're replacing Type 1 devices with these as much as possible. That is the same EAL1 category that's so insecure that one Common Criteria expert dedicated a whole, conference paper to question of whether it should even exist. And they're trying to use that assurance level across the board? WTF?

One of the organizations even had this bizarre quote:

"replacing up to 99 tye-1 devices across our coalition networks significantly reduced our COMSEC risk throughout the AOR"

Replacing the most hacker-resistant products Defense industry ever built with EAL1 products "throughout the AOR" *reduced* their COMSEC risk? That's so retarded it's mind-boggling. They actually increased risk due to easy hacks every time they deployed an EAL1 product. Only way the statement makes sense is if the policies & associated costs of Type 1 gear were so restrictive that they selectively used them. Then, replacing them would let more solutions get used in more places. However, that's a policy problem that can be solved by a different, policy change that says "use good stuff in more places." Instead, they said "replace good stuff with bad stuff and use that everywhere." ?!

So, the Manning leak proved U.S. government security was horrendous where an Army private could breach about everything related to the wars and even all State Dept cables without detection. Then, as if not even trying, Snowden bypasses Booz and NSA's lower-than-commercial defences to leak their best TS/SCI data. Then, as if not trying, the U.S. government lost 10 years worth of blackmail material to hackers. Now, they're replacing their most secure devices throughout Defence with literally the lowest, security possible.

Across the board, they are failing to protect their systems and policy changes indicate it's on purpose. They have no excuse given the large number of INFOSEC pro's in their ranks telling them about the problems, offering solutions, and citing the leaks. I keep saying "not even trying," but it's starting to look like they *want* a cyber 9/11. Nonetheless, there's ample evidence that anyone saying "trust FBI/NSA/CIA with secrets/access" is foolish in thinking they can or will protect it. They haven't, they didn't try harder after failing, they've aided future hackers by removing obstacles to their goals, and will probably do the same for any program.

Burden of proof is on other side to prove why they believe any U.S. TLA will be competent, honest, or lawful. I think we should push this notion in courts as well.

Dirk PraetAugust 20, 2015 3:32 PM

@ Skeptical

What's telling to me though is that they did not bother to offer an alternative.

Not only is that not their job, perhaps it's also telling of the fact that there is no (simple) alternative: either everyone is secure, or no one is. I also have yet to hear any other expert or non-expert group coming up with one. If the USG and other governments want "lawful access", can they please first come up with a better business case than they have done so far, and then propose something themselves ? And preferably something that does not rely on secretly subverting crypto standards or resorting to secret orders from secret courts using secret interpretations of the law.

Never in the history of the US has there been such a surveillance-friendly legislative framework. - Completely wrong.

Only a willfully blind man does not recognize the US spying practices revealed by Snowden as the most impressive surveillance dragnet in the history of mankind. And most of it, if not all, seems to be perfectly legal, enabled by technology and the collusion between authorities and private sector, either voluntary or coerced. So where am I wrong?

Admittedly, in times before the Church committee, the CIA and certain other TLA's were totally out of control and some of their activities righteously curtailed as they had become a liability for the entire nation. But back then, they just didn't have the technological means to do what's being done today. Our differences mainly boil down to the system of checks and balances. Whereas you keep maintaining that there are rigorous rules and oversight in place, I say that there isn't, the FISC being a kangaroo court, the PCLOB a figleaf and the select committees on intelligence in their current incarnation a mere rubber stamp with only a few dissident voices like Wyden and Paul.

Look, most police officers in the US will never discharge their weapon in the line of duty.

The point being that - compared to other civilised nations - it is happening way too often, and that it's a complete disgrace to a nation that calls itself a "civil society with a tradition of humanism and liberalism, and strong institutions that support rule of law".

Assange is in Britain, in the Ecuadorean Embassy, evading a Swedish warrant to question him in connection with allegations of criminal acts in Sweden.

Please. The man has never been formally indicted, neither in Britain or Sweden. Both women he has allegedly raped have publicly stated that he didn't. Prosecutor Marianne Ny has dragged the investigation for 5 years, refusing to question him, to the point that she got reprimanded by her own boss and the Swedish Supreme Court. Everyone knows that he's holed up in the Ecuadorian embassy in London for only one reason: because of the US and the UK/Swedish minions doing its bidding. The man may be a narcissistic git, but no application whatsoever of the rule of law is happening here.

Manning released hundreds of thousands of cables containing no evidence of wrongdoing ...

Nope. You're forgetting the "Collateral Murder" video footage. Although Manning, an obviously very troubled individual, did violate his oath in stealing government secrets, his biggest crime is that not only did he make the US lose face but also its moral high ground in the process. His treatment at the hands of the nation calling itself the champion of freedom and human rights was called "cruel, inhuman and degrading" by Juan Mendez, the UN's special rapporteur on torture.


How many resources were deployed to protect those protesters from being the TARGETS of violence?

I may be totally wrong, but I am not aware of any violent actions directed against OWS protesters on behalf of other parties than LE, so this sounds a bit like an elephant powder argument to me. I am however aware of quite some clubbing, shooting and pepper-spraying incidents of peaceful and unarmed folks by (paramilitary) police in full riot gear. And it has been sufficiently documented that the FBI indeed looked and acted upon the movement as a form of domestic terrorism. You may remember it differently, but the images of two fat b*st*rds with delusions of entitlement pepper-spraying completely harmless women in NYC and silent students at a college sit-in are still burned on my retina. And yes, that's the sort of thing I expect to happen in Russia or China, regardless of what you call it.

As to Iran-Contra - yes, it's an example of a scandal, which ended careers, enabled high-ranking officials to barely escape prison by virtue of a not-certain pardon

But with the emphasis on that they did escape. Some careers were undoubtedly ended, but eventually those at the top of the pyramid got their get-out-of-jail-free card. The way it usually goes, as also shown in the aftermath of Abu Ghraib. Some low-level staffers like Pvt. Lynndie England got thrown under a bus, but those actually responsible for what was going on were never even indicted. The same goes for the black sites and enhanced interrogation programs. Those who authorised it - in direct breach of the Geneva Convention and War Crimes Act - never got indicted. Some pawns were sacrificed because in the light of overwhelming evidence eventually someone had to go to jail, but that's about the only difference with China and Russia.

I could ramble on about the treatment of those still imprisoned at Guantanamo, how they have been treated and how after all these years a lot of these folks are still there - without trial or indictment - , even after having been cleared but with no place to go because of some stupid power play between POTUS and Congress. Rule of law? Again not applicable here.

I'm not sure why you assume that a lawful access mechanism must be designed to work with every government in every conceivable situation.

What do you exactly mean with this? That only the US needs one?

SkepticalAugust 23, 2015 2:36 PM

@Clive: Thus if I were to send a single bit pattern or number to another person, which you observed, you have no way of knowing what it means as all meanings are equiprobable (look up One Time Pad proof of security).

No one is asking for some magical decryption device that can decipher everything.

The question is here one of mitigation, i.e. reducing the probability of undesired event X occurring, not one of perfect prevention, i.e. reducing that same probability to zero.

@Dirk: perhaps it's also telling of the fact that there is no (simple) alternative: either everyone is secure, or no one is.

That's a slogan, not an argument, and one that seems to be contradicted by reality. I'll certainly agree that this isn't simple, though.

The target design would occur at the intersection of various disciplines, all requiring expertise, and one would need to develop a fair familiarity with each to evaluate the worth any proposed design.

The considerations raised by the paper you refer to, and the problems raised with certain types of designs, are entirely fair. But it's not a paper that ends the discussion, and, unfortunately, it's not a paper that suggests any means of mitigating the problem that has many concerned - I think in part because the authors of the paper, perhaps due to past experience, may not think those concerns genuine or justified but rather to be mere excuses. And also in part because it would require considerably more work to develop any such suggestions, and these are all very busy people with many of their own projects and research to focus upon.

the US spying practices revealed by Snowden as the most impressive surveillance dragnet in the history of mankind. And most of it, if not all, seems to be perfectly legal, enabled by technology and the collusion between authorities and private sector, either voluntary or coerced. So where am I wrong?

You made a claim about the law regulating US surveillance activities, Dirk, not about their technical capabilities. You claimed that "never in history" had there been such a "surveillance-friendly legislative framework." You're wrong on the law. There is vastly more regulation today, and restriction today, of their domestic surveillance activities than in the past.

Nope. You're forgetting the "Collateral Murder" video footage. Although Manning, an obviously very troubled individual, did violate his oath in stealing government secrets, his biggest crime is that not only did he make the US lose face but also its moral high ground in the process.

Dirk, even if one were to say that the video revealed a war crime, which after watching the full footage (not the edited video) and understanding the context in which the engagement occurred, it did not, the hundreds of thousands of cables he also released absolutely DID NOT. So, sorry, my statement regarding Manning remains completely correct - he released hundreds of thousands of cables revealing no war crimes, or for that matter criminal acts of any nature.

As to the moral high ground, any intelligent reader of the cables would actually find that the US had its moral high ground CONFIRMED by those cables.

And it has been sufficiently documented that the FBI indeed looked and acted upon the movement as a form of domestic terrorism.

The OWS encampment in New York City was reportedly permitted to occupy a public park for months, and multiple demonstrations and marches were held - peacefully - in conjunction with it.

As to the FBI, the OWS movement was not a single, well-organized entity. It attracted many different organizations and persons, many peaceful, a few not.

Violent elements have hijacked peaceful demonstrations in the past, using the events as an opportunity to undertake violent action. Surveillance therefore - so long as it is tailored to the end of identifying criminal activity, and so long as any special surveillance (e.g. wiretaps) is within the law - is not only reasonable, but quite frankly is the responsible thing to do in these cases. I assure you that you do not want a large mobilized police force, in a dense urban environment that is consistently on high alert for terrorist actions, caught by surprise by an outbreak of violence during a mass-demonstration. No one wins in that scenario, except for those who wanted to cause chaos and violence.

Bear in mind as well that there were extremist groups and individuals who viewed OWS with hatred and as a potential target, and that - as various documents have shown (no link convenient at the moment) - these threats were investigated and countermeasures were put in place should any of the potential attacks of concern materialize.

Understand that in the United States, the First Amendment is indeed first in the secular religion of US civic culture. Part of the explicit duty of law enforcement in the case of political demonstrations is to protect the demonstration itself from attacks.

For the most part, the police walked an appropriate line between protecting the demonstrations and protecting the communities in which the demonstrations occurred - and this, despite the fact that various persons in at least some demonstrations acted very deliberately to provoke officers to break discipline, and acted very deliberately to disrupt and damage the communities in which the demonstrations occurred.

So when I read your comparison to Russia or China, I'm simply very struck by how inapt and frankly false the comparison is. I may be taking the comparison more seriously or further than you intended, but it disturbed me, given how enormously different the approaches of those countries are to free expression.

Some pawns were sacrificed because in the light of overwhelming evidence eventually someone had to go to jail, but that's about the only difference with China and Russia.

This is also so at odds with reality that I'm puzzled as to how you can make such a claim. Do you realize that the overwhelming evidence with respect to Abu Ghraib, for example, was a result of a soldier reporting the abuse and handing two CDs filled with photographic evidence to the US Army CID, and the ensuing, rigorous, investigation. In China or Russia there simply wouldn't be a criminal investigation, and God help the soldier who reported it.

As to the CIA interrogation program, do you realize how absurd the notion is of a branch of the Russian or Chinese government investigating their intelligence agencies for abuses that occurred as part of a highly classified interrogation program - and how even more absurd it is to imagine either of those governments then taking steps to PUBLISH much of the report?

This is a distinction between open societies and closed societies, between societies with strong (NOT perfect!) rule of law, and societies with weak rule of law.

An open society with strong rule of law will still produce cases where the law was not well applied (a presidential pardon is in fact a legal act). It will still produce instances of corruption and abuse.

The difference is that in an open society, it is much more likely that such cases will be exposed, and that in an open society with strong rule of law, it is more likely that the perpetrators will be pursued by institutions charged with enforcing the law, regardless of wealth or position.

Sancho_PAugust 23, 2015 6:22 PM

@Skeptical:

”No one is asking for some magical decryption device that can decipher everything.”
So you’re asking for Alice’s love letters and not for Mahmud’s plot, OK.

”… that the US had its moral high ground CONFIRMED by those cables.”
If true they should thank Manning, but I hear it’s the opposite?

Why are such “high ground” cables secret in the first place?

Clive RobinsonAugust 23, 2015 7:24 PM

@ Skeptical,

The question here is one of mitigation, i.e. reducing the probability of undesired event X occurring, not one of perfect prevention, i.e. reducing that same probability to zero.

Unfortunatly that will not work.

The probability of stoping event X is based on you discovering the plot for the event. Unless those ploting are stupid, they will be well aware that their communications are likely to be monitored. And most ploters these days will assume that any encryption app that comes from a Western source is back doored, this is why Mujahideen Secrets (Asrar al-Mujahideen) has been around for some time.

But those you realy want to eavesdrop on have also been aware for quite some time that traffic analysis is being used thus they don't use electronic communications in a way that makes traffic analysis simple or reliable (hence the "drone murders" of innocent individuals).

We have seen this knowledge spread ever since the Russians took out what they considered a terrorist leader, by flying an anti radar missile "down the beam" of the satellite phone he was using, it's why OBL stopped using his. All of this avoiding surveillance was in place pre-Snowden revelations, we are aware of this by the claims of the use of stenography going back a decade or so prior.

But there is evidence --also pre-Snowden-- that such ploters were also aware of hardware backdoors and were running "air gapped" systems for communications. Thus taking that extra tiny step to "hand" code and super encipher is almost certainly happening as is the known use of obscure coded speach, revealed by a UK anti-terror trial long pre-Snowden.

So this "golden key" "front door" idea is not going to help in the slightest for discovering and mitigating plots pre-event X. The Bostom Bombing showed the inability of the authorities to stop people that allegedly were a known terrorist risk from plotting and carrying out their plot.

The same is true of half way intelligent criminals, the communications methods used by the "maffia" were written about back in the 1980's. Further the arrest of an "East London" drug "king pin" because of the Dutch tapping phones etc was as much of a pre-Snowden heads up to SOC criminals as the satellite phone missile was for terrorist organisations.

So you realy have to ask what Comey and Cameron are upto, unless they are both stupid, or think the electorate are. Very little or most probibly nothing of consequence is going to be detected let alone mitigated by such schemes. Just the same as most current surveillance systems the score of which is one man sending a very small amount of money back home...

Dirk PraetAugust 23, 2015 7:51 PM

@ Skeptical

That's a slogan, not an argument, and one that seems to be contradicted by reality.

Err, no. Let me reiterate my position:

1) The entire principle of what Comey & co. have been asking for has been deemed both unfeasible and undesirable not only by the authors of previously referred paper, but by pretty much every other subject matter expert.

2) As the government is the requesting party, it is only logical that they come up with a decent proposal themselves. Me thinks they have plenty of resources, monetary and other, to do so.

3) Mandating a frontdoor, backdoor or any other mechanism crippling or banning encryption is most likely unconstitutional as a prior restraint to free speech, thus in violation of your First Amendment.

4) The government has thus far not come up with any serious business case for its request based on compelling statistics and other empirical analysis why this capability is so indispensable to LE.

5) The USG has proven itself to be utterly incapable of keeping secrets. I refer to Manning, Snowden, the much touted Chinese APT's, OPM and more recently the exposed TSA master baggage keys.

There is vastly more regulation today, and restriction today, of their domestic surveillance activities than in the past.

I believe we agree on the fact that the legislative framework in place today is much bigger than it ever was before. Where we disagree is on the system of checks and balances. You maintain that there is plenty of regulation and restrictions in place, where my take is that in practice most, if not all of them can be or have been worked around. Hence my claim of "surveillance-friendly" legislative framework.

even if one were to say that the video revealed a war crime, which after watching the full footage (not the edited video) and understanding the context in which the engagement occurred, it did not ...

I strongly disagree with the military reports that found nothing wrong with what happened. So do many other people. And even more with your claim that none of the cables revealed any wrongdoing. Not only did they reveal civilian killings, but also military cover ups and widespread lack of accountability in the Iraq and Afghanistan wars.

Let me quote John Kerry, then chair of the Foreign Relations Committee : "However illegally these documents came to light, they raise serious questions about the reality of America’s policy toward Pakistan and Afghanistan. Those policies are at a critical stage, and these documents may very well underscore the stakes and make the calibrations needed to get the policy right more urgent." Needless to say, only a few days later he made a 180, falling in-line with the rest of the US's political elite.

As to the moral high ground, any intelligent reader of the cables would actually find that the US had its moral high ground CONFIRMED by those cables.

Nobody outside USG circles did. Especially abroad. Ask any diplomat.

Part of the explicit duty of law enforcement in the case of political demonstrations is to protect the demonstration itself from attacks.

By pepper-spraying harmless women and a silent student sit-in? Much of what many people saw on TV was completely disproportionate use of force by paramilitary police. And yes, every protest has some violent elements in it. But given the fact that a small group of banksters out of pure greed nearly brought down the financial system and ruined the lives and livelihoods of hundreds of thousands of people, I'd say that all in all the entire OWS movement was remarkably peaceful. Even more so because the failure to prosecute those responsible is probably one of the most egregious failures of the criminal justice system in many years. They all got bailed out with a get-out-of-jail-free card on top.

Do you realize that the overwhelming evidence with respect to Abu Ghraib, for example, was a result of a soldier reporting the abuse and handing two CDs filled with photographic evidence to the US Army CID ...

The way I recall it is that the entire affair came to light by several Amnesty International reports in 2003, soon followed by an Associated Press report. The highest official to be reprimanded was a general who got demoted to colonel. Those who authorised the practices (Donald Rumsfeld and the DoJ folks behind the Torture Memos) went free.

I'm not denying that there have been rigorous investigations into Abu Ghraib and other "enhanced interrogation" practices, and that these would probably never have occurred in China or Russia. But the fact of the matter remains that not only did these practices take place, they were also authorised by the highest levels in the USG. And which is not compatible at all with a humane and democratic society under the rule of law.

Open or closed society, there is no rule of law if those at the top cannot be held accountable for their actions and can get away with anything whatsoever. And that's exactly what is going on in your country, which a growing number of observers are perceiving as an oligarchic surveillance state, not a democracy. Even China has a better record of dealing with high-ranking officials that go off the deep end.

Dirk PraetAugust 23, 2015 8:04 PM

@ Clive

The Bostom Bombing showed the inability of the authorities to stop people that allegedly were a known terrorist risk from plotting and carrying out their plot.

But that's the case with (nearly) every recent terrorist attack, including the Charlie Hebdo murders and the foiled attack on the Amsterdam-Paris train. It is beyond me that a radicalised moron known by intelligence services in three countries can board a train with an AK-47, nine clips, a handgun and a box cutter.

Sancho_PAugust 24, 2015 5:24 PM

”It is beyond me that a radicalised moron known by intelligence services in three countries can board a train with an AK-47, nine clips, a handgun … [Dirk Praet]

The reason is:
If he wouldn’t, the whole monkey business of “War On Terror” wouldn’t fly.
I do not want to imagine what will happen when this Ponzi scheme collapses.
We dearly need terrorists and enemies, we can’t live without.
Next year we need more of them, say, 9% ?

thevoidAugust 25, 2015 12:40 PM

@Sancho_P

yes, we deserve the Best Enemy Money Can Buy (Sutton, 1986). and our new one is much better than that old one.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.