Journalism Professor Dan Gillmor On Why You Should Support Techdirt's Crowdfunding Campaign

from the important-issues dept

With a little more than a week remaining in our crowdfunding campaign to support our coverage of the encryption fight, well known media commentator and professor Dan Gillmor offers his thoughts on why Techdirt's coverage is so important.

Help Techdirt Cut Through The Confusion In The Crypto Fight

The "FBI-versus-Apple" story of recent weeks has brought a vital issue to the front burner: whether we will have secure technology in the future–or at least the chance to have secure technology–or not.

In reality, this isn't only about Apple or the FBI. It's about the considerable weight of government in its zeal to have access to everything we say and do in the digital realm–which is to say, increasingly, almost everything we say and do.

The Obama administration, and governments around the world, believe they have an innate right to whatever information they want. This is a law-enforcement-first mentality, and in many ways an understandable one in a sometimes dangerous environment. But governments also want something they assuredly cannot have: a way to crack open our devices and communications, willy-nilly, when we're using encryption tools that make it difficult if not impossible to do so without users turning over the keys to their digital locks.

They call this a "privacy versus security" debate. It is, in fact, a "security versus security" issue: If they get backdoors into our devices, software and networks, they will–according to just about every reputable non-government security and encryption expert–guarantee that we will all be less secure in the end, because malicious hackers and criminals (some of whom work for government) will ultimately get access, too. Governments want magic math, and they can't have it. It's also a free speech issue, a huge one, because the government is telling Apple it has to write new code and sign it with a digital signature.

Sorry, this is binary. We have to choose. One choice is to acknowledge that bad guys have a way to have some secure conversations using encryption, thereby forcing law enforcement and spies to come up with other ways to find out what the bad guys are doing. The other choice is to reduce everyone's security, on the principle that we simply can't afford to let bad people use these tools.

Sadly, the journalism about this has been reprehensibly bad, at least until recently, outside of the tech press. Traditional Big Media basically parrot government people, including most recently President Obama himself, even though they're finally starting to wake up to what's happening. John Oliver's HBO program last Sunday was a sterling example of how media can treat this complex topic in a way that a) tells the truth; and b) explains things with great clarity.

Mike Masnick and his site, Techdirt, have been leaders in covering the way various liberties and technology intersect. Now they're crowdfunding to add more coverage of encryption and its ramifications. I'm supporting this initiative and hope you'll give it some thought as well. We need more such coverage, and we can depend on Mike and team to provide it.

Reposted from Dan Gillmor's blog

Help Techdirt Cut Through The Confusion In The Crypto Fight


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 16 Mar 2016 @ 11:54am

    Thanks!

    Thanks for writing this, Professor.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 16 Mar 2016 @ 12:02pm

    What I find more interesting is that this discussion is useless. If Apple and whoever is forced to weaken their encryption you can always find awesome encryption software outside of US jurisdiction. Or do we honestly think the paranoid criminal (or terrorist as the Government likes to call the criminals that mass murder people) will only use US companies and US software?

    Weakening US made encryption only serves to harm the US itself. And maybe the clueless criminals Tim loves to write about.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Mar 2016 @ 2:53pm

      Re:

      FBI: But dat precedent.

      reply to this | link to this | view in chronology ]

    • icon
      Rapnel (profile), 16 Mar 2016 @ 3:16pm

      Re:

      Not a useless discussion by any measure. Have you seen what law enforcement can do with prohibition? At all? They'd just as soon see countless lives destroyed for using "unauthorized" encryption as they have for using the pot.

      Quite simply, law enforcement must not prevail and forcing speech out of Apple is only a very small portion as to why.

      One day
      Like many gone by
      It will become
      Encrypt or die
      And this will hold true
      For you or I [sic, frig off, poetic licenseez]
      So smash it up
      And let if fly

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Mar 2016 @ 1:32pm

    You're a journalism professor, yet you believe this issue is "binary"?

    Do you teach your students that it's good journalism to say that complex issues are binary?

    reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 16 Mar 2016 @ 1:44pm

      Re:

      Do you teach your students that it's good journalism to say that complex issues are binary?


      The point he's making is exactly right. Too many people -- especially on the policy side -- continue to believe that there is some sort of "middle ground." The point that Dan is making is that, in THIS case, it's not. If you weaken security, you weaken security for everyone. It is a binary decision.

      He is not saying that all complex news stories are binary. But some of them are. This one is.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Mar 2016 @ 2:19pm

        Re: Re:

        "He is not saying that all complex news stories are binary. But some of them are. This one is."

        LIAR! This case isn't different from any other topic and does have a non binary solution which you fail to mention each and every time you write about the story.

        THE GOLDEN KEY!

        All you have to do to solve this problem is say the magic words, turn around 3 times, burn some sacred herbs (without inhaling ofc!) and the problem is solved. I really don't see how you or anyone else can miss that rather easy solution

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Mar 2016 @ 5:55pm

        Re: Re:

        He is not saying that all complex news stories are binary. But some of them are. This one is.

        While it's strange that you have to answer for the professor, it's clear that neither he nor you has not explained why THIS issue issue is so incredibly special that it's binary. Honestly, I'd rather him explain it, as you're proved over and over again that you abhor subtlety and make a living presenting most things as binary. Can the professor not speak for himself? Or is he too busy to explain anything--just like you always pretend to be?

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 16 Mar 2016 @ 11:06pm

          Re: Re: Re:

          It's not 'special', it's just how it works, such that there is only two options, with no 'middle ground'.

          Let me see if I can explain it with an example.

          You have a lock on your door. This lock is as secure as the manufacturer can make it, designed to keep 'bad guys' out of your house such that ideally only you, who has the key, can open it.

          However, this lock can also keep out the 'good guys' who might want to have the ability to enter your house without a) you knowing about it, or b) having to ask you to unlock it. In response they claim that the lock maker specifically designed and marketed their locks as 'anti-good guy' locks, and demand that the lock maker make the lock weaker so that they can gain access, and/or create a special 'key' that they can use to unlock it themselves.

          Here's where the problem lies. Any weakness introduced to the lock to allow the 'good guys' easier access makes it easier for the 'bad guys' to have access as well. Any key created for the 'good guys' is just one theft, or one 'misplacement' away from being in the hands of the 'bad guys' as well.

          And the real kicker, the 'Nothing was gained but worse security' bit? While the general public is likely to still use the now vulnerable lock to protect their houses, whether because they don't know it's been weakened, or because of other factors, the bad guys can and will easily switch to a lock that doesn't have those weaknesses, putting the 'good guys' right back at square one when it comes to them.

          The tl;dr version: Any security vulnerability can be used by 'bad guys' just as easily as it can be used by 'good guys'. There is not, and never will be, 'good guys only' security, and demanding it just because secure encryption stops both is demanding that security in general be weakened, making everything and everyone less secure.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 17 Mar 2016 @ 8:07am

            Re: Re: Re: Re:

            Any security vulnerability can be used by 'bad guys' just as easily as it can be used by 'good guys'.
            This particular claim, “just as easily”, may be shown to be not entirely correct by counterexample.

            Just to take my own practices—for a long time, I had a policy in place that machines were secured against remote threats, but not so locked down that an admin with physical access and time could not break in—and recover (most) data. During that period, I generally evaluated the risks from accidental data loss as greater than the risk of undetected physical intrusion.

            The problem is that threat environments vary dynamically. A server with a 24/7 guard lives in a different world than a mobile device.

            You can make it easier for authorized personnel to gain access than unauthorized intruders in specific situations, for limited periods of time. But you can't do that in general, forever. Advantages are temporary. When circumstances change, the policies need to change in response. Attacks get better over time, and defenses must adjust to that reality.

            Today, individual citizens face nation-state level attackers.

            reply to this | link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 16 Mar 2016 @ 11:27pm

          Re: Re: Re:

          While it's strange that you have to answer for the professor, it's clear that neither he nor you has not explained why THIS issue issue is so incredibly special that it's binary. Honestly, I'd rather him explain it, as you're proved over and over again that you abhor subtlety and make a living presenting most things as binary. Can the professor not speak for himself? Or is he too busy to explain anything--just like you always pretend to be?

          Ah, didn't realize it was you. Should have figured you'd resort to insults. But for someone who continually (wrongly) insists that I speak from an area of ignorance, it's kind of funny to see you now so sure that it's not a binary situation at all, which is only displaying your ignorance of cryptography.

          The issue was already well explained by That One Guy, but to add to his response even further: cryptography is not easy. The whole point of strong cryptography is building system that only let the intended person (singular) in. But there are always vulnerabilities or the possibility of vulnerabilities, and the job of cryptographers/security professionals is to block all of those. But any time you make any change to a cryptographic solution, you are almost certainly introducing new vulnerabilities.

          That's the part of this that so few people seem to understand. The government is asking for:

          (1) Apple to add in a new vulnerability, which will be added without significant or widespread testing to make sure it's truly safe.
          (2) That new vulnerability almost certainly will create other vulnerabilities. This is just a fundamental thing in cryptography.
          (3) However, rather than with any other system whereby there would be a targeted effort to fix those vulnerabilities, that won't be possible here, because the vulnerability will be demanded by the courts and purposely put into place.

          The level of disaster this can cause for everyone could be massive. You're basically undermining how *computer security itself* works, and handcuffing the people who fix things.

          The end result is that you and everyone else are almost certainly less safe. And that's why this choice is binary. People who don't know any better *think* that there are shades of gray here. And in lots of situations there are shades of gray. But in cryptography, if it's not fully encrypted, it's like it's not encrypted at all. It's open. This isn't "oh, open a tiny door and then throw away the key." This is "punch a giant hole in the damn" and then pretend it won't wipe out all the lands downstream.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 17 Mar 2016 @ 7:17am

            Re: Re: Re: Re:

            [I]n cryptography, if it's not fully encrypted, it's like it's not encrypted at all. It's open.
            Hate to step in here—but this particular claim is not true in general. Further, making a claim which is false in general, unnecessarily weakens the argument.

            In cryptographically-secured communication, as is true with communication in general, both signal and context are necessary to receive a message. An eavesdropper may decrypt a coded signal, but lack a critical piece of context.

            Or, considering just the coded signal, there are quite a few known examples of systems partially broken. One rather well-known example, is the identification of “AF” during WWII:
            While the Pacific centers were convinced that the identity of AF was Midway because of its position in the “A” or American digraphs in the Japanese designator system, various persons at OP-20-G and in Washington thought it might be Johnston Island, Samoa, the U.S. West Coast or even Hawaii itself. HYPO was aware of this lack of agreement on AF in Washington. In order to rid themselves of this annoying backbiting, Rochefort approved a ruse that was probably thought up by Jasper Holmes, the author of Double Edged Secrets. Nimitz approved the message to be sent in the clear from Midway complaining of a water shortage. Rochefort let Melbourne make the first report of the decrypt from Tokyo Naval Intelligence advising of a “water shortage at AF.” Even the naysayers in Washington could not argue with this confirming evidence.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 18 Mar 2016 @ 4:35pm

            Re: Re: Re: Re:

            The end result is that you and everyone else are almost certainly less safe. And that's why this choice is binary. People who don't know any better *think* that there are shades of gray here. And in lots of situations there are shades of gray. But in cryptography, if it's not fully encrypted, it's like it's not encrypted at all. It's open. This isn't "oh, open a tiny door and then throw away the key." This is "punch a giant hole in the damn" and then pretend it won't wipe out all the lands downstream.

            Let's start with first principles: Why do you suppose that being able to encrypt my iPhone such that no one else in the world can ever see what's on it makes me safer in the first place? Safer from what? How do you know that letting the government get into any iPhone with a warrant doesn't make me safer? You just assume that more cryptography is always better. Why?

            That said, isn't it true that this vulnerability already exists? Apple already has the key that can sign the update that can disable the iPhone self-destruct. Why is it that everything is fine now if the potential to break the dam is already sitting there in Cupertino?

            reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 17 Mar 2016 @ 12:07am

          Re: Re: Re:

          Are we seriously back to the whole standing-in-a-corner-screaming-"y u no debate me"-while-stamping-your-foot shtick again?

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Mar 2016 @ 1:57pm

      Re:

      … to say that complex issues are binary?
      Should Magistrate Judge Pym's Feb 16, 2016 Order Compelling Apple, Inc. To Agents Assist In Search be upheld?

      That's a fairly binary question, phrased in those legal terms.

      Yes or no?

      reply to this | link to this | view in chronology ]

    • icon
      Derek Kerton (profile), 16 Mar 2016 @ 2:17pm

      Re:

      Would it be OK for a journalism professor to teach his students that 2 + 2 = 4? Or that witness is spelled w-i-t-n-e-s-s? Because some things are like that, just facts.

      And when there are facts -mathematical realities- that only go one way, it is good journalism to report that they can only go one way, and to dispel the false position that there is a middle ground, or a legit debate around the issue.

      You, AC, are basically demanding Gillmor adopt a "false equivalency" approach, because he's a journalism prof.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Mar 2016 @ 2:31pm

        Re: Re:

        Would it be OK for a journalism professor to teach his students that 2 + 2 = 4?
        No. Not at all appropriate to teach university students that.

        Either they've had a typical math education already, and can already do simple arithmetic adequately. Or, less likely, but still possible, they're now moving on into university-level mathematics, where algebra starts to get fun. Either way, not appropriate teaching material for a journalism professor.

        So, no. Not ok.

        reply to this | link to this | view in chronology ]

    • icon
      Leigh Beadon (profile), 16 Mar 2016 @ 2:23pm

      Re:

      No, journalism professors teach their students something much subtler: that while it is important to get all sides of a story, that does not mean all sides are equally valid or correct.

      reply to this | link to this | view in chronology ]

    • icon
      CK20XX (profile), 16 Mar 2016 @ 2:32pm

      Re:

      Well, to be fair, Apple vs. the FBI is complex because Apple has deliberately cultivated an image as a wizard that can do anything, and now that's come back to bite them in the rear. The question of encryption is binary though.

      reply to this | link to this | view in chronology ]

    • icon
      Rapnel (profile), 16 Mar 2016 @ 3:19pm

      Re:

      Pool's closed.

      .. maybe try again tomorrow?

      reply to this | link to this | view in chronology ]

    • icon
      JMT (profile), 16 Mar 2016 @ 4:06pm

      Re:

      "You're a journalism professor, yet you believe this issue is "binary"?"

      You offer no reason for why these two things are mutually exclusive. While many or even most topics have a middle ground between extreme points, this one does not.

      "Do you teach your students that it's good journalism to say that complex issues are binary?"

      You think it would be better to teach that no topic can be binary? That in itself would be an extreme position to take on a non-binary topic, making you a hypocrite.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Mar 2016 @ 4:44pm

      Re:

      It is binary.

      reply to this | link to this | view in chronology ]

    • identicon
      Dan Gillmor, 19 Mar 2016 @ 3:18am

      Re:

      It is, in fact, binary. A collection of the best cryptographers and security people in the world made that clear in this report: http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=8

      Do take a look.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Mar 2016 @ 3:51pm

    Is there much evidence that Techdirt has influence or appeal beyond its already informed readership? Maybe money would be better spent towards proven advocacy organizations like EFF?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Mar 2016 @ 4:45pm

    For the more privacy minded, would you take a check? And how should it be made out?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.