New Warhorn Media post by Joseph Bayly:
New Warhorn Media post by Joseph Bayly:
So good. Thank you, son.
This is something that I’ve never even thought about but I think I immediately agree completely.
There is precedent for treating encryption as a munition: before about 2000, the US Government restricted export of strong encryption outside the US. Phil Zimmerman, the author of PGP, got jammed up in the legal system because the program had been distributed on the internet. He took a First Amendment approach and printed out the source code as a book and exported that.
AFAIK, no one ever took a Second Amendment approach to encryption, probably because strong encryption was never restricted inside the US. Plus, the Second Amendment withered on the jurisprudential vine until 2006, whereas the mid-20th century took an almost unlimited view of the First Amendment.
Joseph, I totally agree on the critical importance of encryption, but I think that your title overstates the case. If someone is coming to your home to harm you and your family, it’s too late for encryption… you need a gun. We live in an information environment that is perpetually engaging in “soft coercion” and encouraging us to voluntarily disclose huge amounts of personal data on a daily basis. It doesn’t really help much if the .gov isn’t allowed to read your emails, so long as they can still mine all the data that we hand over to FB, Pinterest, Instagram, Twitter, etc. Encryption and arms are different tools for different problems. Both are essential.
I’m following IT security and encryption now for at least 20 years. I still use my 1997 PGP key. I used to agree with you until a few years ago, but so many things have changed.
It is important to note that it is very hard to do encryption right. One mistake and all the security based on encryption is gone. You can have the best encryption, but if your endpoints have a vulnerabilty, it’s all that’s stored on the device is in the open. The endpoints are getting attacked, not the transport of the operation. Mr Snowden said that you can still trust the math, but the edges are the problem. Example: When he enters a password on his computer, he puts a towel over his head before his face if he knows or suspected that he is filmed: The reflection in his eyes can give away the password.
To make the correct use of encryption easier and convenient we turned to the big players: Apple, Intel, AMD, Google, Samsung, etc. Their hardware and software we need to trust, there is no way around it today. Do you trust these entities more than your (the US) government? Apple put up a great publicity fight a while ago during an investigation of a phone used in a terror attack, stating they will not provide a backdoor to their products to the government. The government relented because - tada - they could crack the phone in question anyway. The endpoint was still vulnerable, despite Apple having a excellent concept (Security Enclave). The others are much less “secure”, notably Intel with their “Management Engine”.
It is very important to distinguish between the government case and the “all others” case: Yes, you don’t want anybody to know that you are moving your gold stagecoach between two cities, but a lot of people will still know that you are rich and at some point you will move that stagecoach. Encryption protects you from the bad guys, but recent history shows that the bad guys will infiltrate your operation and find out the movement (attacking the edges).
The government may or may not find out by cracking your encryption but it is largely not interested in it. It knows you have a lot of gold (you pay taxes, right?), but it will not hold up your train. It will simply make it illegal to move it, or put a tax on it.
Your example is using encryption to protect from “all others”, the bad guys. If you do not have this protection, you will go out of business. The government will not let that happen. It depends on you doing business or the government will not survive, because it gets no taxes. (In a totalitarian state you don’t need this, the economy is run by the government completely.)
You linked to the EARN IT Act. I only briefly looked at the article, it seems say that the government wants to make end to end encryption impossible. That’s of course not true: They want to require the providers (see the big player above) to make their “products” so that the messages are not encrypted. That’s a difference: Even if this goes through, I (Andreas) can still send you (Joseph) an pgp-encrypted file via Whatsapp. It’s not as easy and convenient as the current state of affairs, and hard to get right, but it would still be legal. We lose convenience. It’s just back to square one. But on the other hand we don’t have to trust Whatsapp.
The kicker of course is that the bad guys know this too, this renders the EARN IT Act useless: The law-abiding people get less security, the bad guys do it anyway AND are secure. Same with arms: Of course firearms are forbidden in Chicago, but a lot of people get killed anyway!
As a christian I do need to protect my business secrets. I also need to communicate confidentially in a situation when I confess something to somebody else. But to rely on the government or on a company to keep this private is naive IMHO. The government is the one with the sword and we rely on it in its protection far more than being protected from it.
That there’s some bona fides!
I agree with much of what you’ve written, but I hope to convince you that you’re wrong, at least in part.
One man with a gun, even in 1776, didn’t stand a chance against the federal army. So it is today. One man with encryption doesn’t stand a chance if the fed wants to know what he’s saying. But the government can’t take everybody’s phones, or… nobody would have phones. And besides causing economic destruction, that would also be counterproductive to tracking down the theoretical criminals.
So, yes, the edge is hard to secure, and people are bad at operational security (ie using encryption effectively). The same is true of most people with guns. They’re not experts at using them. They shoot ourselves in the foot, etc.
If you are targeted by the government, yes. But the EARN IT act is actually an attack on the transport, as you basically pointed out.
Yesterday in the US, the Senate almost managed to require the government to get a warrant to search through the browser and search history of every single citizen in the country. Think about that for a minute.
That is the definition of unreasonable search and seizure.
It is precisely for this reason, @AndrewHenry and @andrm, that I think you’re missing the big picture of what I’m trying to say. The federal government is not using the army to oppress the people. If it were, you would “know” that your house could be commandeered from you to billet soldiers at any time, and you would act accordingly. But instead what we all “know” is that the NSA knows everything we do or say online or on our phones.
The fact that Facebook knows a lot of what we do or say, is very different from the government knowing all of it. The fact that the government could get a warrant to look at your FB activity is a totally different thing, and not even a problem. That’s how it’s supposed to work.
Just like guns, encryption has all kinds of uses. But the purpose of the Second Amendment was not really so you could protect your own house from an intruder. It was so that the states couldn’t be bullied by the federal army. Personal gun ownership and all the other benefits that come with that are only secondary effects. In spite of the Civil War, or maybe because of it, I think it’s actually working. Nobody wants another civil war, and the feds aren’t going to risk starting one, as we saw with recent events out west.
It is through encryption (and Snowden’s revelations) that the government had a large portion of internet traffic cut off from its roving eye when Google started encrypting the traffic between its datacenters.
My point is not that soft coercion won’t continue, much less that it doesn’t exist. My point is that the government is overreaching precisely in information collection, and it is harmful to our freedom, and it is being effectively shut down through the wide scale adoption of encryption. It is exactly that wide scale adoption that the EARN IT Act is attempting to take down.
Well, i have no gold stage coaches, or silver, copper or even aluminum. I’ve got pretty much nothing worth taking…except our lives. For that I need a gun. I suspect that is true of most people. There is simply a demographic disparity between who benefits most from those respective tools.
Not at all. I should have spent time explaining the purpose of encryption. It’s not about your money. It’s about your secrets.
Bad ones! You’re supposed to change your keys every year or so. See? It’s hard to get right!
I hope that I did understand you correctly, you are saying
A: If the government wants information about a citizen, it should get a warrant (your Facebook example)
B: Government should not collect (too much) information about its citizens.
EARN IT negates those two points, correct? I guess I would agree with you, that would be very nice.
But I guess it would pretty much automate all aspects around A (one click for the judge).
B is nice, but it’s done on foreign communication anyway.
I don’t really disagree with you, maybe I’m just tired of having this discussion every 10 years only to see the ratchet go up one more step.
I still stand by my assertion that this time, it concerns itself with the “providers” because people love their convenient “platforms” and “ecosystems” so much and give away a lot more freedoms that privacy from the government.
Maybe the tech/privacy people should figure out how to separate the infrastructure from the software, real, independent ownership of a device. Moxie Marlinspike, the founder/creator/programmer of Signal and the encryption behind Whatsapp does not like decentralised, federated systems. But I think that is something we desperately need.
Well, I did wonder why you were still using the same one. Lol. But I’ve had several that I never used and lost!
Well, as long as real encryption is allowed, your private messages stay private unless they compromise one of the end points (targeted hack of your phone or just come and take it).
The evidence of the fact that widespread use of encryption prevents them from doing nearly as much widespread snooping is in the fact that they are trying to get rid of it.
I’m also tired, and a lot of the reading that @ldweeks has done recently on the topic of privacy has been even more depressing than I expected. But that’s precisely why I don’t want people unaware of how important encryption is. My messages on my iPhone are private. My text messages aren’t. The difference is simply that the former are encrypted, but the latter aren’t.
To give it up would be like giving up the second amendment right when the Bill of Rights was being written. Everybody knew they needed a central army, but they didn’t throw up their hands and say, “I guess we’ll just have to trust them.”
I don’t disagree with anything written here. It is a very important topic. But assume for a second that all Christians, Conservatives, etc. were completely denied access to a “secure” digital world. Wouldn’t this just be going back to 1987 or so? Perhaps this justifiable worry is also an indication that our digital lives have become too ingrained in our beings. I mean, there’s always homing pigeons, no?
I don’t think so. It is partially because we use digital technology that we need encryption. But I would contend that it is also partially because of the changes that have taken place in society that have put everybody under constant surveillance (whether they use any digital technology or not).
It speaks to Joseph’s farsightedness that he has thought about this and posted this article, and my own ignorance that this has never occurred to me as a problem. Like most people, when I hear about surveillance, I’m troubled by it but I more or less believe that such surveillance is just the way things are. I would have quite a few nickels if I had a nickel for every time I have been told “Nothing you do is private in a digital age.”
Conservatives instinctively want to look to the past, but this proposal is forward-looking. It has an eye on development. Conservatives tend to be suspicious of all development. It will be interesting to watch how the debate unfolds. Unfortunately, the amendment process is very cumbersome, and it’s hard to imagine 2/3 of the House and Senate and 3/4 of the states agreeing on anything, much less this.
Too true. But the interesting thing in this case is that there is a fair bit of liberal support for encryption. I figure I can do my part among conservatives. I’ve not seen anybody advocate for an amendment before, though. Probably that’s because, as noted above, it’s not technically new. It’s just speech. But the danger of losing it is real.
The free speech aspect is nothing new. But I understood your stagecoach analogy to be about more than speech. I took it to be referring to our “data,” which includes speech but is also more than speech.
Maybe I misunderstood? It’s definitely something worth fleshing out.
Joseph, now I think that you’ve completely missed what I’ve been trying to say, both here, and in our phone call. The right to self-defense is innate, and the 2nd Amendment codifies a particular application of that right. We are lawfully permitted to use any necessary means to protect our lives from those who would harm us, including agents of the government. To call personal protection a “secondary effect” is get the entire thing totally backward.
I’m in total agreement on the necessity of encryption, I just think that you’ve positioned your argument in contrast to a strawman of the 2nd Amendment, and that doesn’t do justice to the real value of the discussion of encryption…
From a rhetoric standpoint, if you want to convince conservatives, framing your argument as, “This is more important than the Second Amendment” is a great way to get into arguments about the history and purpose of the Second Amendment, rather than getting people to consider your points as such. Putting the worst possible spin on it makes your argument sound a little like the old chestnut of “If Christians were really pro-life, they’d sign up for my pet cause of [anti-death penalty activism | stricter gun laws | welfare policies].”
Perhaps I have, and I am definitely not an expert on the the Second Amendment. I’m sure this quote is what you object to, right?
I think I’ve chosen my words poorly, but I maintain my basic point. Let me try again.
Self defense is a basic right. The right to own a gun is related but different. I just went and looked at Wikipedia, and sure enough, I read: “Sir William Blackstone described this right as an auxiliary right, supporting the natural rights of self-defense and resistance to oppression, and the civic duty to act in concert in defense of the state.”
My point was not to say that the 2A doesn’t protect the right of self-protection. It does. My point is that the right of self-protection against private attacks was a given. They weren’t worried that would be prohibited. What they were worried about was an overly powerful federal government oppressing people. I shouldn’t have summarized it as “states” being bullied, though that was clearly part of their concern. If you disarm the people in the state, you have disarmed the state. To protect against government oppression, they guaranteed the people power: arms.
According to Wikipedia, the Supreme Court in Heller made a similar point:
In District of Columbia v. Heller (2008), the Supreme Court remark[ed] that the English right at the time of the passing of the English Bill of Rights was a right not to be disarmed by the Crown and was not the granting of a new right to have arms.
And remember that Heller was a huge outcome supporting self-defense.
There are many benefits to the 2A. Without it, we might well be in a much worse spot for personal protection against private attacks. But its central purpose was always to be a protection against abuse by the federal government. Guaranteed gun ownership was just the means to that end. The people already had guns, as was their right, so the threat was the government passing a law to take away their guns.
Likewise, privacy is a basic right. But right now the government is actively abusing the people through its power to collect vast amounts of private information. Widespread use of encryption is power in the hands of the people. It is an auxiliary right. It has many other benefits, too, including protection against private attacks, but the only reason you need a constitutional amendment is really because of the government threat.
Fair enough, @FaithAlone, and it’s happened. Lol. But I actually think that all the thinking conservatives have done about the second amendment will stand them in good stead in beginning to seeing this issue clearly.
Have I overstated my case? Perhaps. I don’t feel the argument has made it far enough to see yet.