Journalism Professor Dan Gillmor On Why You Should Support Techdirt's Crowdfunding Campaign
from the important-issues dept
With a little more than a week remaining in our crowdfunding campaign to support our coverage of the encryption fight, well known media commentator and professor Dan Gillmor offers his thoughts on why Techdirt’s coverage is so important.
Help Techdirt Cut Through The Confusion In The Crypto Fight
The “FBI-versus-Apple” story of recent weeks has brought a vital issue to the front burner: whether we will have secure technology in the future?or at least the chance to have secure technology?or not.
In reality, this isn’t only about Apple or the FBI. It’s about the considerable weight of government in its zeal to have access to everything we say and do in the digital realm?which is to say, increasingly, almost everything we say and do.
The Obama administration, and governments around the world, believe they have an innate right to whatever information they want. This is a law-enforcement-first mentality, and in many ways an understandable one in a sometimes dangerous environment. But governments also want something they assuredly cannot have: a way to crack open our devices and communications, willy-nilly, when we’re using encryption tools that make it difficult if not impossible to do so without users turning over the keys to their digital locks.
They call this a “privacy versus security” debate. It is, in fact, a “security versus security” issue: If they get backdoors into our devices, software and networks, they will?according to just about every reputable non-government security and encryption expert?guarantee that we will all be less secure in the end, because malicious hackers and criminals (some of whom work for government) will ultimately get access, too. Governments want magic math, and they can’t have it. It’s also a free speech issue, a huge one, because the government is telling Apple it has to write new code and sign it with a digital signature.
Sorry, this is binary. We have to choose. One choice is to acknowledge that bad guys have a way to have some secure conversations using encryption, thereby forcing law enforcement and spies to come up with other ways to find out what the bad guys are doing. The other choice is to reduce everyone’s security, on the principle that we simply can’t afford to let bad people use these tools.
Sadly, the journalism about this has been reprehensibly bad, at least until recently, outside of the tech press. Traditional Big Media basically parrot government people, including most recently President Obama himself, even though they’re finally starting to wake up to what’s happening. John Oliver’s HBO program last Sunday was a sterling example of how media can treat this complex topic in a way that a) tells the truth; and b) explains things with great clarity.
Mike Masnick and his site, Techdirt, have been leaders in covering the way various liberties and technology intersect. Now they’re crowdfunding to add more coverage of encryption and its ramifications. I’m supporting this initiative and hope you’ll give it some thought as well. We need more such coverage, and we can depend on Mike and team to provide it.
Reposted from Dan Gillmor’s blog
Help Techdirt Cut Through The Confusion In The Crypto Fight
Filed Under: crowdfunding, dan gillmor, encryption, going dark
Comments on “Journalism Professor Dan Gillmor On Why You Should Support Techdirt's Crowdfunding Campaign”
Thanks!
Thanks for writing this, Professor.
What I find more interesting is that this discussion is useless. If Apple and whoever is forced to weaken their encryption you can always find awesome encryption software outside of US jurisdiction. Or do we honestly think the paranoid criminal (or terrorist as the Government likes to call the criminals that mass murder people) will only use US companies and US software?
Weakening US made encryption only serves to harm the US itself. And maybe the clueless criminals Tim loves to write about.
Re: Re:
FBI: But dat precedent.
Re: Re:
Not a useless discussion by any measure. Have you seen what law enforcement can do with prohibition? At all? They’d just as soon see countless lives destroyed for using “unauthorized” encryption as they have for using the pot.
Quite simply, law enforcement must not prevail and forcing speech out of Apple is only a very small portion as to why.
One day
Like many gone by
It will become
Encrypt or die
And this will hold true
For you or I [sic, frig off, poetic licenseez]
So smash it up
And let if fly
You’re a journalism professor, yet you believe this issue is “binary”?
Do you teach your students that it’s good journalism to say that complex issues are binary?
Re: Re:
Do you teach your students that it’s good journalism to say that complex issues are binary?
The point he’s making is exactly right. Too many people — especially on the policy side — continue to believe that there is some sort of “middle ground.” The point that Dan is making is that, in THIS case, it’s not. If you weaken security, you weaken security for everyone. It is a binary decision.
He is not saying that all complex news stories are binary. But some of them are. This one is.
Re: Re: Re:
“He is not saying that all complex news stories are binary. But some of them are. This one is.”
LIAR! This case isn’t different from any other topic and does have a non binary solution which you fail to mention each and every time you write about the story.
THE GOLDEN KEY!
All you have to do to solve this problem is say the magic words, turn around 3 times, burn some sacred herbs (without inhaling ofc!) and the problem is solved. I really don’t see how you or anyone else can miss that rather easy solution
Re: Re: Re:
He is not saying that all complex news stories are binary. But some of them are. This one is.
While it’s strange that you have to answer for the professor, it’s clear that neither he nor you has not explained why THIS issue issue is so incredibly special that it’s binary. Honestly, I’d rather him explain it, as you’re proved over and over again that you abhor subtlety and make a living presenting most things as binary. Can the professor not speak for himself? Or is he too busy to explain anything–just like you always pretend to be?
Re: Re: Re: Re:
It’s not ‘special’, it’s just how it works, such that there is only two options, with no ‘middle ground’.
Let me see if I can explain it with an example.
You have a lock on your door. This lock is as secure as the manufacturer can make it, designed to keep ‘bad guys’ out of your house such that ideally only you, who has the key, can open it.
However, this lock can also keep out the ‘good guys’ who might want to have the ability to enter your house without a) you knowing about it, or b) having to ask you to unlock it. In response they claim that the lock maker specifically designed and marketed their locks as ‘anti-good guy’ locks, and demand that the lock maker make the lock weaker so that they can gain access, and/or create a special ‘key’ that they can use to unlock it themselves.
Here’s where the problem lies. Any weakness introduced to the lock to allow the ‘good guys’ easier access makes it easier for the ‘bad guys’ to have access as well. Any key created for the ‘good guys’ is just one theft, or one ‘misplacement’ away from being in the hands of the ‘bad guys’ as well.
And the real kicker, the ‘Nothing was gained but worse security’ bit? While the general public is likely to still use the now vulnerable lock to protect their houses, whether because they don’t know it’s been weakened, or because of other factors, the bad guys can and will easily switch to a lock that doesn’t have those weaknesses, putting the ‘good guys’ right back at square one when it comes to them.
The tl;dr version: Any security vulnerability can be used by ‘bad guys’ just as easily as it can be used by ‘good guys’. There is not, and never will be, ‘good guys only’ security, and demanding it just because secure encryption stops both is demanding that security in general be weakened, making everything and everyone less secure.
Re: Re: Re:2 Re:
This particular claim, “just as easily”, may be shown to be not entirely correct by counterexample.
Just to take my own practices—for a long time, I had a policy in place that machines were secured against remote threats, but not so locked down that an admin with physical access and time could not break in—and recover (most) data. During that period, I generally evaluated the risks from accidental data loss as greater than the risk of undetected physical intrusion.
The problem is that threat environments vary dynamically. A server with a 24/7 guard lives in a different world than a mobile device.
You can make it easier for authorized personnel to gain access than unauthorized intruders in specific situations, for limited periods of time. But you can’t do that in general, forever. Advantages are temporary. When circumstances change, the policies need to change in response. Attacks get better over time, and defenses must adjust to that reality.
Today, individual citizens face nation-state level attackers.
Re: Re: Re: Re:
While it’s strange that you have to answer for the professor, it’s clear that neither he nor you has not explained why THIS issue issue is so incredibly special that it’s binary. Honestly, I’d rather him explain it, as you’re proved over and over again that you abhor subtlety and make a living presenting most things as binary. Can the professor not speak for himself? Or is he too busy to explain anything–just like you always pretend to be?
Ah, didn’t realize it was you. Should have figured you’d resort to insults. But for someone who continually (wrongly) insists that I speak from an area of ignorance, it’s kind of funny to see you now so sure that it’s not a binary situation at all, which is only displaying your ignorance of cryptography.
The issue was already well explained by That One Guy, but to add to his response even further: cryptography is not easy. The whole point of strong cryptography is building system that only let the intended person (singular) in. But there are always vulnerabilities or the possibility of vulnerabilities, and the job of cryptographers/security professionals is to block all of those. But any time you make any change to a cryptographic solution, you are almost certainly introducing new vulnerabilities.
That’s the part of this that so few people seem to understand. The government is asking for:
(1) Apple to add in a new vulnerability, which will be added without significant or widespread testing to make sure it’s truly safe.
(2) That new vulnerability almost certainly will create other vulnerabilities. This is just a fundamental thing in cryptography.
(3) However, rather than with any other system whereby there would be a targeted effort to fix those vulnerabilities, that won’t be possible here, because the vulnerability will be demanded by the courts and purposely put into place.
The level of disaster this can cause for everyone could be massive. You’re basically undermining how computer security itself works, and handcuffing the people who fix things.
The end result is that you and everyone else are almost certainly less safe. And that’s why this choice is binary. People who don’t know any better think that there are shades of gray here. And in lots of situations there are shades of gray. But in cryptography, if it’s not fully encrypted, it’s like it’s not encrypted at all. It’s open. This isn’t “oh, open a tiny door and then throw away the key.” This is “punch a giant hole in the damn” and then pretend it won’t wipe out all the lands downstream.
Re: Re: Re:2 Re:
Hate to step in here—but this particular claim is not true in general. Further, making a claim which is false in general, unnecessarily weakens the argument.
In cryptographically-secured communication, as is true with communication in general, both signal and context are necessary to receive a message. An eavesdropper may decrypt a coded signal, but lack a critical piece of context.
Or, considering just the coded signal, there are quite a few known examples of systems partially broken. One rather well-known example, is the identification of “AF” during WWII:
Re: Re: Re:2 Re:
The end result is that you and everyone else are almost certainly less safe. And that’s why this choice is binary. People who don’t know any better think that there are shades of gray here. And in lots of situations there are shades of gray. But in cryptography, if it’s not fully encrypted, it’s like it’s not encrypted at all. It’s open. This isn’t “oh, open a tiny door and then throw away the key.” This is “punch a giant hole in the damn” and then pretend it won’t wipe out all the lands downstream.
Let’s start with first principles: Why do you suppose that being able to encrypt my iPhone such that no one else in the world can ever see what’s on it makes me safer in the first place? Safer from what? How do you know that letting the government get into any iPhone with a warrant doesn’t make me safer? You just assume that more cryptography is always better. Why?
That said, isn’t it true that this vulnerability already exists? Apple already has the key that can sign the update that can disable the iPhone self-destruct. Why is it that everything is fine now if the potential to break the dam is already sitting there in Cupertino?
Re: Re: Re: Re:
Are we seriously back to the whole standing-in-a-corner-screaming-“y u no debate me”-while-stamping-your-foot shtick again?
Re: Re: Re:2 Re:
It’s average_joe/antidirt. What did you expect?
Re: Re:
Should Magistrate Judge Pym’s Feb 16, 2016 Order Compelling Apple, Inc. To Agents Assist In Search be upheld?
That’s a fairly binary question, phrased in those legal terms.
Yes or no?
Re: Re:
Would it be OK for a journalism professor to teach his students that 2 + 2 = 4? Or that witness is spelled w-i-t-n-e-s-s? Because some things are like that, just facts.
And when there are facts -mathematical realities- that only go one way, it is good journalism to report that they can only go one way, and to dispel the false position that there is a middle ground, or a legit debate around the issue.
You, AC, are basically demanding Gillmor adopt a “false equivalency” approach, because he’s a journalism prof.
Re: Re: Re:
No. Not at all appropriate to teach university students that.
Either they’ve had a typical math education already, and can already do simple arithmetic adequately. Or, less likely, but still possible, they’re now moving on into university-level mathematics, where algebra starts to get fun. Either way, not appropriate teaching material for a journalism professor.
So, no. Not ok.
Re: Re:
No, journalism professors teach their students something much subtler: that while it is important to get all sides of a story, that does not mean all sides are equally valid or correct.
Re: Re:
Well, to be fair, Apple vs. the FBI is complex because Apple has deliberately cultivated an image as a wizard that can do anything, and now that’s come back to bite them in the rear. The question of encryption is binary though.
Re: Re:
Pool’s closed.
.. maybe try again tomorrow?
Re: Re:
“You’re a journalism professor, yet you believe this issue is “binary”?”
You offer no reason for why these two things are mutually exclusive. While many or even most topics have a middle ground between extreme points, this one does not.
“Do you teach your students that it’s good journalism to say that complex issues are binary?”
You think it would be better to teach that no topic can be binary? That in itself would be an extreme position to take on a non-binary topic, making you a hypocrite.
Re: Re:
It is binary.
Re: Re:
It is, in fact, binary. A collection of the best cryptographers and security people in the world made that clear in this report: http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=8
Do take a look.
Is there much evidence that Techdirt has influence or appeal beyond its already informed readership? Maybe money would be better spent towards proven advocacy organizations like EFF?
Re: Re:
Is there much evidence that Techdirt has influence or appeal beyond its already informed readership? Maybe money would be better spent towards proven advocacy organizations like EFF?
Study from Berkman Center at Harvard found that Techdirt had the most impact of any media property in the SOPA fight (see page 42, which lists us above EFF):
http://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/files/MediaCloud_Social_Mobilization_and_the_Networked_Public_Sphere_0.pdf
And, EFF Director Cindy Cohn has also recommended supporting our campaign:
https://www.techdirt.com/articles/20160301/17121133777/eff-director-cindy-cohn-why-you-should-support-techdirts-encryption-crowdfunding-campaign.shtml
EFF and Techdirt are two different types of organizations, and we can work together quite well. Techdirt’s reporting is helpful to the EFF in activating more people. But they need the kind of reporting that we can do.
Re: Re: Re:
Excellent response, thanks!
For the more privacy minded, would you take a check? And how should it be made out?
Re: Re:
For the more privacy minded, would you take a check? And how should it be made out?
Sure. You can make it out to Floor64 Inc and send it to our address listed on this page: http://www.floor64.com/contact.php
If you put it to my attention that probably doesn’t hurt either.