Is Tech Making The Big-Brother Problem Irrelevant?

[Measure_for_Measure]

Der_Trihs:

By secretly installing software or hardware that sends the information to the interested government agency before it even gets encrypted. Unlike some random hacker the government is in a position to pressure or bribe manufacturers and telecommunications companies into letting them directly install surveillance devices and software on your computer and on the network. Your encryption software itself may have a subroutine that sends a clear copy off to the government.

Counter Argument: open source takes care of that. A security vulnerability is a bug, and with enough eyes all bugs are shallow.

Counter-Counter Argument: Encryption and security are incredibly technical areas, and in practice the number of eyes are manageable from the NSA’s perspective. Besides they can promote their own open source solutions, with back doors.

CA: You (CCA) are paranoid.

CCA: Really? Consider the once highly lauded open source encryption program TrueCrypt. Following the announcement of a formal and crowdfunded security audit, Truecrypt abruptly closed shop. What exactly happened is unclear. But at the very least, Multiple-Eye theory took a hit.

CA: . . .

[Steve_MB]

The plot thickens:

Apple’s new encryption to lock out government
Apple is rolling out new privacy protections for iPhones and iPads, with a new system that makes it impossible for the company to unlock a device even with a warrant…

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”…

Newest Androids will join iPhones in offering default encryption, blocking police
The next generation of Google’s Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.

Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device’s password will be able to see the pictures, videos and communications stored on those smartphones.

The move offers Android, the world’s most popular operating system for smartphones, a degree of protection that resembles what Apple on Wednesday began providing for iPhones…

Moral: You can always count on megacorps to do the right thing, after they get burned badly enough and often enough for doing the wrong thing.

[UltraVires]

As much as I deplore the NSA snooping and law enforcement browsing cell phones, I think the latest by Apple and Google go too far the other way. I think that law enforcement should be able to view these device after probable cause and applying and receiving a search warrant from a neutral and impartial magistrate.

Privacy is good, but we don’t want people plotting murders via text message secure in the knowledge that it will be impossible for anyone ever to see it.

[Justin_Bailey]

Voyager:

Big Brother did not check email, since Oceania didn’t have any. Big Brother did know where you are. Police cars have license plate scanners. Enough of them, and enough scanners mounted on bridges and light posts and they could know where you drive.

License plate scanners can be foiled by a bored teenager with a screwdriver. Or a determined and organized populace that doesn’t like them.

[JoseB]

ricksummon:

Can the NSA create an encryption scheme so powerful that even They cannot break it?

Well, technically we already have it. First described in 1882 and re-invented in 1917: It is the one-time pad.

Basically, you use a random key, make sure it is as long as the message you want to encrypt, make sure that you use it only once, and make sure to keep it secret. With those conditions, then the resulting ciphertext will be impossible to decrypt or break. Mathematically guaranteed.

The Soviets used one-time pads for diplomatic communications. Whatever decrypts were made of their chatter (especially the VENONA decrypts) happened because the Soviets broke one of the above-mentioned rules (especially the “do not reuse keys” one).

So, yeah – we have had unbreakable encryption schemes for quite a bit more than 100 years now. The problem is that using them introduces tremendous logistical problems.

[Really_Not_All_That_Bright]

jtgain:

As much as I deplore the NSA snooping and law enforcement browsing cell phones, I think the latest by Apple and Google go too far the other way. I think that law enforcement should be able to view these device after probable cause and applying and receiving a search warrant from a neutral and impartial magistrate.

Privacy is good, but we don’t want people plotting murders via text message secure in the knowledge that it will be impossible for anyone ever to see it.

You can always get a warrant requiring the owner to provide the password.

[Blaster_Master]

The big brother problem is becoming irrelevant, not because of changes in encryption, but because we’re voluntarily giving up our privacy.

For one, as mentioned upthread, in general the government isn’t reading emails in any meaningful way, they’re gathering metadata about online communication. In general, the metadata almost as useful, and in many cases even more useful than the actual text of a communication, at least from a monitoring standpoint. That is, the overwhelming amount of communication is relatively benign, and it would take resources many orders of magnitude beyond what is currently available to monitor and parse that data while still getting a decent level of accuracy.

OTOH, building social networks provides relationship information and that can help them determine who are potential threats more easily. It’s not unlike a large game of Linking to Bacon, where one person’s connection to another can be determined by how closely they link to other threats.

Personally, I still have issues with the collection of metadata by the government, as while I don’t have any particular expectation of privacy that I have a relationship of some sort with a person I may have sent an email to, but I don’t considering sending email, in general, to be consent to the government knowing the nature of all of my relationships.

That said, I have reasonably consented to that sort of stuff from other companies, but that’s in exchange for particular services. I have a Facebook account, and obviously Facebook knows all the people I’m friends with and to what degree I communicate with them. If I used Twitter, I’d reasonably expect that they’d know who I sent tweets to and who I follow. Or even for something older, I have a credit card and make most of my purchases with it, so they know when and where I shop. The key difference between these forms of monitoring and what the government may do is that I’ve made a reasonably informed consent to this monitoring, it’s a necessary part of the service, and I can use alternatives or just plain stop using it whenever I like. That is, if I don’t like Facebook monitoring my relationships, I can not friend someone on there or just stop using it. If I don’t like my credit card company knowing about my purchases, I can use another card or use cash. However, the only way to not have my online communication monitored by the government is to not use it, which is still possible, but significantly more limiting.

Unfortunately, though, this is the general trend of technology. When new technology becomes available, often it means trading some degree of privacy for other conveniences. I don’t think this is inherently a bad thing, as long as that trade off is reasonably understood and traded with informed consent, but I think it’s virtually inevitable that in order to be a functioning member of a modern society, there will come a time when one is essentially coerced into giving up privacy. That is, for now, it’s still possible to not use facebook, email, twitter, smart phones, etc. But how much longer will it be before it is all but impossible to conduct business, make purchases, find a job, or whatever without using modern technology?

[Bone]

jtgain:

As much as I deplore the NSA snooping and law enforcement browsing cell phones, I think the latest by Apple and Google go too far the other way. I think that law enforcement should be able to view these device after probable cause and applying and receiving a search warrant from a neutral and impartial magistrate.

Privacy is good, but we don’t want people plotting murders via text message secure in the knowledge that it will be impossible for anyone ever to see it.

Why is this any different than technology that allows an individual to encrypt their data? The fact that it is Apple or a corporation is irrelevant. If I use an HP laptop it’s not like there is an expectation that HP has the ability to access all of my data on that machine.

There is absolutely no reason for Apple or any company to have a backdoor into the electronic devices they sell if the customer doesn’t want them to.

[UltraVires]

Bone:

Why is this any different than technology that allows an individual to encrypt their data? The fact that it is Apple or a corporation is irrelevant. If I use an HP laptop it’s not like there is an expectation that HP has the ability to access all of my data on that machine.

There is absolutely no reason for Apple or any company to have a backdoor into the electronic devices they sell if the customer doesn’t want them to.

It’s not really that different, and I don’t propose requiring these companies to have backdoors into the data. I just think that the advanced encryption technology is troubling from the law enforcement side (and you’ll rarely see me on that side).

In 1970, absolutely nothing we had was “encrypted.” If the government got a warrant, then they could find out anything and everything about you which is, IMHO, as it should be. It is bad public policy to allow foolproof methods to hide crimes.

[bodhitreeshow]

I think every point has already been covered. So, I will just simply say that high tech doesn’t make Big Brother irrelevant, it makes it even more pervasive. We’re putting our data out there, encrypted or unencrypted and Big Brother takes it all in.

I would say that, today, low tech is the answer to avoiding Big Brother. You can encrypt eCommerce transactions all day. The only thing that has to be done is to pull up your bank statement or credit report. Pay cash for something and there is no way to trace it. Of course, you could be caught on a camera buying something, but there are ways around that too.

Ultimately, nothing is foolproof and given enough time and money anything can be cracked/hacked.

[GrumpyBunny]

wolfpup:

I would argue the exact opposite: that advancing technology has indisputably been infringing our privacy more and more as it evolves, not just privacy intrusions by government but also by commercial and other private interests, both legally and illegally. Who hasn’t been plagued by telemarketing calls, many of them specifically directed by marketing profilers; who hasn’t heard about Edward Snowden’s NSA revelations; who hasn’t been concerned about massive thefts of credit card and personal data from large numbers of private companies that keep extensive databases on us; who hasn’t been concerned about identity theft.

Anyone who uses credit or debit cards, or worse, generic loyalty cards like Air Miles or Avios, is contributing to vast databases that profile your whole shopping lifestyle, which databases are routinely data-mined for marketing information and sold to marketeers in various forms. There’s a Texas company called Alliance Data that makes almost $4 billion a year almost entirely from this kind of data mining and analytics. Google, Amazon, and many others are constantly monitoring your searches and surfing habits.

Put all those databases together with the fact that everything you have ever written or that has ever been written about you that is accessible to the Internet is almost instantaneously revealed to the world by a simple free search that anyone can do, and you have a scenario in which just about anything about you that is worth knowing increasingly becomes knowable. And then add to that the fact that under the Patriot Act, all such information held by government or by any company or entity under US jurisdiction must be made available on demand to any government agency deemed authorized to have it, and then tell me that the Big Brother problem is going away! :rolleyes:

Everything that wolfpup mentioned is spot-on, I only have to add one item.

Your personal medical data.

A company called MIB obtains all of your medical information – doctor visits, diagnoses, prescriptions, surgeries, ER visits. All of it. And that data is stored and provided to “member companies” that need data to underwrite you for insurance. These days, AFAIK, it’s just disability, long-term coverage, and life insurance. It included health insurance until the ACA kicked in and removed denying coverage for pre-existing conditions.

And not just that. It is likely that your employer allows your insurance company to release your medical claims information to a “wellness program” (the people who nag you to exercise and eat vegetables) or to a healthcare data analytics company. The software allows people to see who is using what healthcare – Viagra? It’s there. Kid have ADHD? It’s there. Everything. Depending on the setup, your employer’s HR department may have access to this information. The claim is so that they can better meet healthcare needs, but do you buy it? If layoffs come and it’s between Fred and his healthy wife, or Bob and his wife with cancer, which one has better cost savings for a self-insured company?

Honestly, the Privacy Act has more holes in it than a cheese grater.

[GrumpyBunny]

Voyager:

Police cars have license plate scanners. Enough of them, and enough scanners mounted on bridges and light posts and they could know where you drive.

If you use an EZ Pass for toll payments, they already know where you drive (if there are tolls).

That’s been a plot device on Law and Order for YEARS.

[Justin_Bailey]

GrumpyBunny:

If you use an EZ Pass for toll payments, they already know where you drive (if there are tolls).

Again, the EZ Pass devices are held up by velcro. Switching them between cars to mess with the tracking would be trivial.

[Steve_MB]

jtgain:

It’s not really that different, and I don’t propose requiring these companies to have backdoors into the data. I just think that the advanced encryption technology is troubling from the law enforcement side (and you’ll rarely see me on that side).

I don’t see how it’s any more “troubling” than the ability to put documents into a safe with a self-destruct safety. The government has the same two choices: get a court order to require the owner to open it (or go to jail for contempt) or throw enough technical resources at the problem to crack it (which has the salutary effect of forcing the government to limit itself to carefully picked and chosen cases).

Backdoors aren’t a viable option; the crooks would obtain and use them, undermining the entire tech-dependent economy.