Weapons are good when they convince robbers and rapists to do something else (e.g. change their underwear) or, failing that, to stop doing something else (e.g. emitting greenhouse gases and 310K blackbody radiation).
When Edward Snowden handed over his amazing trove of documents to journalists to release as they thought best, he also placed a huge responsibility on their shoulders to do so as expeditiously as possible.
Continuing the steady drip-drip-drip approach may be more effective in the long run. It had the advantage of driving the cycle:
1. Disclose X 2. Three-letter apparatchik denies X 3. Disclose evidence for X 4. Three-letter apparatchik admits X, but double-pinky-swears that it's only X and not Y 5. Disclose Y 6. Lather-rinse-repeat
This is one of those situations that evokes an observation from Robert Heinlein's first published story ("Life-Line", in which the insurance industry freaks out about a device that predicts how long someone will live):
There has grown in the minds of certain groups in this country the idea that just because a man or corporation has made a profit out of the public for a number of years, the government and the courts are charged with guaranteeing such a profit in the future, even in the face of changing circumstances and contrary to public interest. This strange doctrine is supported by neither statute or common law. Neither corporations or individuals have the right to come into court and ask that the clock of history be stopped, or turned back.
It's quite easy to construct a scenario that would provide evidence for the government's position:
1. Government agents find encrypted smartphone. 2. Investigation flails around in circles for a while. 3. Smartphone owner or friend thereof steps forward, "Oh, yeah, the password is...." 4. Evidence on smartphone cracks case open. 5. Profit!
Get back to us when something like that actually happens.
There is no evidence that it would address institutional data breaches
This is a piece of brazen misrepresentation on a par with the "increase" of the chocolate ration to twenty grams (from a previous thirty) in 1984. Obviously, the new system (in which Apple or Google do not have access to the user's passcode) protects the user from institutional data breaches, since no data breach can expose data that the target does not possess.
I notice that this editorial, unlike most of the others, has no comment section. It's a damning admission that Vance et al know perfectly well that they have nothing but easily refuted lies and bullshit.
Actually, there were a spate of lawsuits against firearms merchants and manufacturers, until the NRA flexed its muscle and had them barred by law. It may be prudent for Silicon Valley to invest in a few coin-operated politicians and get a similar shield in place.
it's still rather surprising to see him find it worthy of a multi-part detailed legal analysis for which he brought in a Harvard Law student, Zoe Bedell, to help
If Wittes wants to turn his own name into point-and-laugh fodder, that's his business, but dragging in a student who is presumably trying to build a respectable intellectual reputation for herself is just plain evil.
Can they really do anything about it? The purse strings are in the hands of Congresscritters who for the most part would rather score cheap demagoguery points by bashing "bureaucrats" that seriously evaluate the market price of hiring competent talent.
Actually, an egomaniac like The Donald probably wouldn't bother picking up his bullhorn if he didn't get personal attention. That's yet another way "Lance Ulanoff" is wrong -- use of real names is as likely to encourage attention-seekers as to dissuade them.
I'd say if they give a minor child a smartphone and don't take basic precautions (i.e. insist that she give them the password as long as she lives under their roof and they pay her phone bill), that's negligence on their part.
This would be the "let's hope for the tragic death of a child" plan
To be blunt, the tech companies need to take the same hardass attitude as the gun industry (i.e. "dead-child shmed-child") and pull enough strings to make it officially not their problem (again, just like the gun industry did).
American ingenuity is great, so I don't really believe all these FBI directors who say that it's "too hard" to catch all the bad guys. I think they haven't really tried.
Actually, we know for a fact that they aren't trying. There are several well-known ways to bypass encryption no matter how strong it is (plant hardware or software bugs to directly intercept keystrokes and display output, intercept EM noise emissions to remotely reconstruct keystrokes and display output). The FBI prefers to pretend that these alternatives don't exist because they're too much work and effectively limit them to individual targeted surveillance (i.e. what they're supposed to be doing) rather than mass surveillance (i.e. what they want to do, laws to the contrary be damned).