I can't find the citation right now, so treat this as apocryphal, but...
I've read an explanation that the USA's focus on security has changed in the days since 9/11/2001. At one time, the philosophy was that the country was more secure when we could all be assured that the privacy of our communications was intact.
But in the last decade we've changed that philosophy. The government's security philosophy now is that the most important thing is for the government to be able to tell what's going on.
So it may be that the parent post's anecdote is quite correct, and reflects the policy of that time. But in the days of the War On Terror, we can't trust that anymore.
(And OT, I believe it reflects a fundamental change in the philosophy of governance that is against the founding principles of the country, and a pretty bad thing. I believe that our strength derives from ... us -- we the people. And so strengthening the government by weakening us in fact weakens the nation.)
> At one time, the philosophy was that the country was more secure when we could all be assured that the privacy of our communications was intact.
That's never really been the view of the U.S. government. It's always been the view that you should be able to have communications with your neighbor that are secure from everyone except the US government, who obviously need to snoop in order to protect us all.
The security agencies and the police agencies have always pushed for more comprehensive and more invasive surveillance. We've had wiretapping for as long as we've had wires to tap. We crippled Internet security for years. I remember the days of separate US and international Netscape releases, due to crypto export restrictions. It wasn't until 2000 that the restrictions were truly relaxed.
US and international Netscape releases (as well as Windows and various other tools) rather indicate that the US govt was interested in secure communication for US citizens and corporations, while being able to snoop on the rest of the world.
If you need an example, pick the Clipper chip - and even that doesn't _quite_ work out, given how publically that proposal was shot down.
I think it's rather an example of how the Judicial branch keeps the other branches in check. If the NSA had its way, they'd be able to listen in on every conversation you ever have, track every site you visit, record every communication you ever make. They would do the same for everyone internationally as well. The difference is that we have the Supreme Court protecting US citizens to some extent, so the NSA cannot legally wiretap your phone just for kicks, but the Supreme Court doesn't extend the same protection to citizens of other countries.
And you believe the NSA when you can't see the warrants, know who issued them, what they contain, etc.? How would we know they weren't tapping domestic communication? You wouldn't. Any whistleblowers would be roughed-up or locked-up... much like Thomas Drake.
I said that the judicial branch keeps the other branches is check. I didn't say that are completely effective or that their checks are sufficient. And I certainly didn't say that the NSA wasn't engaging in any domestic wiretapping.
The thing is that they can not bring the result of this warrantless wiretapping into court. But they probably don't want to.
From what I've seen the FBI is a lot more vocal in complaining about the impact of encryption because their mandate involves bringing cases to court so they want a formalized, legitimate way of breaking encryption when they have warrants. They would also love to have the dragnet that the NSA has to know who to watch, and I don't know to what extent they do, but the bigger difference that I see is that the NSA is not interested in launching court battles (any more) whereas that is the primary endgame for the FBI.
The problem of course is that an encryption system which can be broken in a formalized way is open to the possibility of being broken by the wrong people. You can't have your cake and eat it too by having strong encryption that can be broken by the "right" people because there is no way to theoretically describe who the "right" people are. The encryption has to work the same for everyone.
Like all big issues in society there are competing rights; the need for law enforcement bumps up against the freedom of the individual. I believe that we are comfortable enough pushing this balance more heavily towards the freedom of the individual in America that a policy of embracing strong encryption is in the best interests of everyone, but I am aware that I don't have as much knowledge about this issue as some others.
You can have an encryption system that can only be broken by the 'right' people. We already have crypto systems where any 1 of n people can decrypt the message. If you embed a public key into the algorithm, then only the algorithm's designers would know the private key needed for decryption.
Doing this in a non-obvious way seems much more difficult, but if the NSA did have a weakness to DES, it could very possibly require knowing a secret key.
Actually it is a reflection of the law. The US government had the authority to prohibit export of crypto (at the time), but did not have the authority to limit it domestically.
If they had been given that authority things may have been different.
I always thought that the clipper chip died in the court of public opinion and not in a court of law. However, I do not understand your interpretation of circular reasoning.
Lets look at the case where X is regulate the sale of switchblades. The federal government has the authority to regulate the sale (commerce) of switchblade knives between states, the federal government does not have the authority to regulate the sale of a switchblade within a state.
> The federal government has the authority to regulate the sale (commerce) of switchblade knives between states, the federal government does not have the authority to regulate the sale of a switchblade within a state.
Let's look at the case of guns. Do you really think that Montana could say "you can sell Montana-made machineguns in Montan without satisfying federal law"? (The feds don't much care about switchblades. They care about guns.)
Well the feds did care about switchblades, that is why they passed a law banning the interstate sale of switchblades, "the Switchblade Knife Act, (Pub.L. 85-623, 72 Stat. 562, enacted on August 12, 1958, and codified in 15 U.S.C. §§ 1241–1245), prohibits the manufacture, importation, distribution, transportation, and sale of switchblade knives in commercial transactions substantially affecting interstate commerce[56] between any state."[1] Evidence for a continued interest in switchblades can be found in the recent exemption carved out for assisted opening knives in 5 USC § 1244.[2] (I think the exemptions in 1244 were passed within the last 5 years as part of a Homeland Security appropriations bill, but I'm fuzzy on the exact date.)
Wickard was 70 years ago, interstate commerce doctrine has evolved a lot in the intervening years. In fact I'm a little surprised that you used it as an example. It has been a while since ConLaw I, but I think Wickard is often used as an example of the height of the broad interpretation of the commerce clause. Are you arguing that there is no limit on the power of the the commerce clause? Or that Wickard is the controlling case? Lopez is one of many cases since Wickard where the Supremes walked back such a broad interpretation of the commerce clause.
> Wickard was 70 years ago, interstate commerce doctrine has evolved a lot in the intervening years.
The Supremes haven't overturned Wickard.
Yes, they did decide that the first version of the Gun Free School Zones Act didn't have a commerce nexus, but they seem quite content with the current version, which affects only those guns that have gone interstate.
However, the relevant question is whether the Supremes have ever decided that something sold can be exempt from the federal power to regulate interstate commerce.
Take machine guns. A Montana statute that allows unrestricted sale of machine guns made in Montana clearly affects "commerce" (in Montana at the very least) of guns not made in Montana, aka "interstate guns".
Do you really think that the Supremes would reject that argument? On what basis?
And, if they accept that argument wrt guns, why wouldn't they accept it wrt cantalope?
"Today...they simply pass a law that puts you in jail for its sale"
Today? They have always done that. Which is why the USC reads as follows:
"Whoever knowingly introduces, or manufactures for introduction, into interstate commerce, or transports or distributes in interstate commerce, any switchblade knife, shall be fined not more than $2,000 or imprisoned not more than five years, or both."
It is not circular. Interest and authority are two very different things. For example, the Federal government has the authority to wage war -- this has no bearing on a discussion as to whether they are philosophically correct in doing so.
The suggestion that policy is justified merely because it subsists upon formal authority is nonsense.
The point is that the government may not have the authority to do X or to create a law to do X. They may have the ability, but the supreme court decides if the authority exists.
The United States Constitution is the highest law, and provides for different treatment of foreign and domestic matters, so your statement is obviously false even under the most broad interpretation of "the government".
The President/Executive (closest to what many other countries would consider "the government") is also limited in most matters by the laws passed by Congress, so even assuming domestic regulation of cryptography were Constitutional (and I don't personally believe it would be), if Congress has not passed a law giving the Executive the authority to regulate it, the Executive cannot do so.
And? Cryptography is much easier to build, test, ship, and even export after 9/11 than it was before it. I shipped commercial security products before 9/11 and it was a nightmare. A huge portion of all desktops ran insecure crypto simply because it was too logistically challenging to ensure that they had good crypto and were easy to sell in Europe and Japan.
There is simply nothing to this analysis. The crypto policy fight happened in the late '90s, and crypto won.
Yes, the crypto fight was fought and seems to have been won by the people. But crypto is only one facet of a broader communications security policy.
It should be clear from recent controversies about "how private is your cellphone"; warrantless wiretapping and retro-active legalization of the same; various proposals for granting government authorities over the Internet (including a "kill switch" and a rumored upcoming Executive Order since he can't get it through Congress); that in the broader context, the US government is very much interested in monitoring communications.
We're talking about crypto on this thread. I see the controversies over government access to communications differently than you do, but I'm not particularly interested in litigating the issue. The federal government has not subverted cryptography in any meaningful way; industry does a perfectly great job of doing that job for them.
You have a lot more to fear from the Linux devs "cleaning up" OpenSSL's CSPRNG than you do from the NSA.
But this is not true. David Wagner and Ian Goldberg (the cryptographers who cracked GSM) have documented that the encryption used was purposefully weakened to enable realtime software decryption of voice calls.
That happened in the 1990s. At the same time, the US Government tried to directly criminalize unregulated sales of encryption. They lost both fights: in 2012, it is easier than it has ever been to encrypt phone calls in a manner that prevents LEOs from eavesdropping on them.
That's true for phone calls for people that know how to do this. However:
1. Most people are unable to do this technically.
2. The fact that you do it may constitute prima facie evidence of being a person of interest.
3. The government is trying very hard to get the means to wiretap VoIP.
4. It doesn't address traffic analysis at all. I know you said you aren't concerned about this, but there are plenty of people who are, and the government is going like gangbusters (literally, I guess) toward this.
What does "prima facie evidence of being a person of interest" even mean? You can be a person of interest simply by virtue of build and hair color.
The US Government hasn't restricted traffic analysis, and indeed nothing they have ever proposed W.R.T. encryption could have controlled traffic analysis.
Just correcting the parent, they said 2011 not 2001.
As to pure software crypto it's not really that important vs securing the endpoints. Consider WoW uses encryption when logging in, but a significant % of accounts are hacked before they add an authentication either as a key-chain or on your cellphone. I suspect if it ever became mainstream pure client side bitcoins would be DOA for more or less the same reasons.
I've read an explanation that the USA's focus on security has changed in the days since 9/11/2001. At one time, the philosophy was that the country was more secure when we could all be assured that the privacy of our communications was intact.
But in the last decade we've changed that philosophy. The government's security philosophy now is that the most important thing is for the government to be able to tell what's going on.
So it may be that the parent post's anecdote is quite correct, and reflects the policy of that time. But in the days of the War On Terror, we can't trust that anymore.
(And OT, I believe it reflects a fundamental change in the philosophy of governance that is against the founding principles of the country, and a pretty bad thing. I believe that our strength derives from ... us -- we the people. And so strengthening the government by weakening us in fact weakens the nation.)
EDIT: fix date. Thanks, Retric.