How far will the government Go? Understanding Encryption legislation with Kate Knibbs

4:47 PM
How far will the government Go? Understanding Encryption legislation with Kate Knibbs -

kate knibbs

Josh Gagliardi, head of technology by IPVanish , had a chance to chat with Kate Knibbs Gizmodo. Kate is a writer whose recent stories have covered major stories in the S & P space, including Trump Hotels violation credit card and the heated battle between Apple and the FBI. During the conversation, Kate and Josh have discussed the current encryption war between the US Department of Justice and the Silicon Valley, Richard Burr (R-NC) and (D-CA) Dianne Feinstein proposed Bill anti-crypto, data leakage Panama Papers, educate politicians about encryption, Alan Alda and more! Listen to the podcast now or read the full transcript below.


Transcript

Josh IPVanish: Thank you very much for talking to us today

Kate Knibbs Gizmodo: .. Oh, no problem

JG: therefore from our point of view, we are a VPN, we are privacy-oriented, but with everything that happens with a lot of stories that you have been one of the great journalists, we just thought it would be interesting to have your grip almost beyond what has been written about how things are going and of course we had interesting news continued in the last two days with additional bills.

KK: Yeah, I'm really curious to see how far they get and how they get spinning. Because the White House has decided not to support Bill Feinstein, who do not necessarily doom or anything, but it is just an indicator that perhaps the situation Apple / FBI was the Obama administration more careful about how it addresses such questions. Because It's pretty clear that people are passionate about privacy

JG :. So, were you on to CryptoSummit or RightsCon in San Francisco last few weeks

[1945016?] KK: No

JG: it was interesting because Ron Wyden is a Democratic senator from Oregon has proposed a pro-crypto in this session law, which was precisely the opposite Bill Feinstein proposing that the US government continuing to step back force companies to weaken cryptographic systems

KK :. this kind of thing is promising, although I would say that is probably my favorite Wyden Senator digital privacy, but it's sort of a bit of an outlier in the way it strongly fate and supports. And I'm hoping that his vision of how Congress should interact with privacy issues becoming more common, but I think his bill probably less likely to pass the bill Feinstein, unfortunately, because I think a lot of people in Congress are a little confused about digital privacy

JG :. I think it abundant. And you can see that education is possible, right? You can see flip Lindsey Graham in what he believed, and recognizing explicitly, 'hey my eyes were opened and they are not quite what I thought. "Education is therefore possible, but I think increasingly we will enter into a sound bite area where real progress can stop for a while

:. KK Yeah I agree with you I'm really excited I had a lot of emotions as I watched FBI Director James Comey is grilled by Congress -... in fact I was planning grilled a much less adversarial hearing but it was very clear that many members of Congress had studied what was happening and were ready to directly question why the FBI took this approach.

technical literacy many members of Congress have shown during that hearing made me more optimistic that yes, they can learn. as they learn, we hope they will start to adopt different positions. But the election ... I think this could turn into sound clips, at least until November

JG :. We see that is quite possible, but yes, I think the contrast to say, when SOPA and HIPPA came the first time, when we still had the Congress people start declarations "I'm not nerd but I heard there is something called DNS.

and I think there was adapted backlash of the younger digital native community to say 'look, it's just not cool to be in the government and not understand the Internet. it reflects poorly on your skills. This does not mean you're not a nerd somehow

KK :. And I'm hoping that if Bill Burr and Feinstein law, compliance with court orders Act of 06, if it moves forward in Congress and I really hope I do not anticipate that there will be a movement similar to what happened with SOPA and HIPAA where the community of security and privacy can rally people on social media and make it clear and make it public to the question what is the purpose of bill and whether it will impact that weaken safety features that everyone uses. And to make it clear that these are not a few problems for the security nerds, it is an issue that affects everyone with a phone

JG :. Well yes and I think the documentation simply passed the external behavior of members of Congress, perhaps we could politely wish faced some personal reasons to feel that privacy is an important right.

I think that the more they poke the beast of privacy, the more you go to see people take a keen interest in their private lives

KK :. certainly

JG :. one of the things we were really interested in talking to you this thing was so FBI / iPhone, and have emails from a couple of years ago a few months;

We know that many of these side arguments FBI were on the peak ready to go, and they were explicitly waiting for an event to make these arguments. We even saw some outlandish claims along the way. I do not know if you remember the demand for digital pathogen or claim pathogen cyber

KK: Yes

JG :. And. Now they have unlocked the phone, I did not hear exactly speak how they saved us from this pathogen cyber, but they must have because he victimize us all

KK: No, it was very interesting. I think that - I do not think the FBI was saying. I think it was an example of - San Bernardino DA. And it was an argument he did.

And it is quite absurd. I doubt the FBI would actually put forth a ridiculous argument, but the fact is that someone working in government who worked on this case has been taken of these claims and the FBI did not actively reject prejudicial to their argument, because he has just sound silly. It shows that the FBI was clearly all going to leave this argument was there to scare people. ! Of course, we do not hear more, because it was not real

This was a strange one moment and especially surreal

JG :. And I think one of my joys, slightly on the older side of the curve in technology, is to see that people who grew up connected from day were beautifully set BS filters. This kind of thing does not really work very well. Certainly not below a certain age.

But one of the things we were interested was that this story develops, because of all the points discussed aspects of it and the fact that a group of the story was effectively orchestrated, how did you see sort of re-reporting of positions and scrambling to get the focus in the direction of the history of the process? What was it like to work, given the speed with which he was going and how continuous statement was made

KK: It was very interesting to see how quickly the FBI away from the argument that he asked for help for one phone.

it was quite immediately apparent to all who have taken a look at the documents and they asked that their request could not work for a single phone. This creation software that would weaken the security for an iPhone model would create a backdoor.

So it was interesting to be aware of this history and see the FBI backtrack on some of its initial positions and kept walking until he dropped the case. I almost did not expect it to drop the case when it did. I think it certainly exposed the underlying objectives of the Ministry of Justice and I think these goals were to create a legal precedent to force technology companies to help the government. And to normalize this precedent.

Obviously, it did not establish a legal precedent, but I am a little worried that it will fall by similar cases. I am a little worried that in the long run, it would have just made the government more savvy about choosing his battles. I do not think it is just going to give up

JG :. And many of these things are not black and white, right? I think a lot of the reason Apple tends to the direction of the protection of the strongest privacy was things like some Midwestern states that started a practice of connecting Speeders phones in an analysis unit which always takes place in the car.

And I think it was sort of a response to what level of just occasional invasion of privacy or expansion of the scope that was part of the reason it was done .

and I think the thing San Bernardino, so this is about the nuances. It is really the cost of intrusion.

One of the things that we see as a theme is that the law enforcement investigation like from a comfortable chair, right? It's cheap and Dragnet and easy to do and they should exert themselves really go find criminals in check until stopping crime head on their resume, which is the top of a CV to application of the law just after your name.

But as citizens, it seems that the extent and cost of the survey is absolutely what it is all about. If you take an absolutist view of privacy, you may end up defending very bad people very quickly. But this idea that there is plenty of room between absolutist unbreakable and brittle with a major effort.

I do not think that the real terrorists hiding behind encryption as a goal serves everybody well. But the fact that most experts agree that they were physically attacking phone to defeat the confidentiality safeguards, which could be the right place to end up

KK :. Well one of the things I noticed while I was writing these stories that concern me - that maybe I was not getting my point quite well - was some people in the comments of my stories and sent me would frame it as a matter 4th Amendment, I'm not saying that the FBI did not have the right to search the phone. He had a seized phone. It was not even Farook this was his employer. They gave permission to search the phone.

There has not been a problem FBI can not exercise, can not find the phone. He was within its rights to pick up the phone and it was a question of whether it could force Apple to weaken its security to help pick up the phone, or if it should have been able to find a way to search the phone itself.

Because, of course, law enforcement if they enter a phone legally, and they have a warrant or they have the right to pick up the phone, nobody says that they simply should not be authorized to search the phone. What people are saying is that tech companies should be able to put security measures in place and they should not be forced to weaken the security measures because the FBI is unable to do its job himself even.

This was a nuance that I feared sometimes lost on some people who followed the case. A lot of really new public bulletins were sometimes misinterpreted what was happening and saying Apple will not unlock the cell phone, and that was not what was happening. Apple could not unlock the cell phone. This is not to what the FBI called, they asked Apple to create software to help the FBI guess the password of the phone. Stuff like that, it is easier to say Apple will not help the FBI unlock the phone "than saying" Apple will not create software that will help the FBI to unlock the phone itself. "

So, when people are just reading a very short articles on the Internet or watch clips on TV, the nuance of the situation becomes really confused and I think the the influence of public opinion on what was happening. If people are just watching TV and Apple just hearing will not help the FBI only unlock this phone, "they will think

JG 'why did Tim Cook, the love of terrorist ?: right

KK: .. But if they have the opportunity to read something deeper that explains the issues better and explains what happens, their opinion could change

JG: So how can we as designers of products and privacy service providers, or you as a journalist, how can we get this nuance in the discussion

Because there are legitimate? 4th Amendment case, as with Stingray or things like that. There are times when this is what is involved. And of course, we will see in other countries, what we perceive as a matter 1st Amendment on freedom of association -. But fair, San Bernardino that was not what was at stake So how can we sharpen communication and awareness there to get people to think pragmatically about what is actually the focus

KK: Honestly, it's something I'm still trying to understand. I think it is important to communicate things as simply as possible. I do not mean that people who are not journalists safety or security product suppliers like you and me ... We just need to find a way to break the things that is easy to understand.

I wish I had a better answer, but I feel like I sometimes sometimes successfully, sometimes unsuccessfully to convey what is happening

JG :. We understand. We see it in conversations with clients where there is a lot of security, we can provide and there is a lot of privacy, we can provide. I do not know what we can ensure the security of all major governments without dedicated equipment, but on a software basis, we really believe that we are helping people, as the old joke goes, exceed the tiger, right? Have better security than the people next.

But on my list of things to continue is something called Alan Alda, star of M * A * S * H ​​and a kind of support as spokesperson for science in a little spent a lot of money to something called the Centre for science communication. It is essentially a place where scientists and engineers can go for training on how to communicate these issues with some shade and some skill. It's not something I've had time to continue to this day since I spent most of my time really as a service provider and a product of the guys

KK :. This is fascinating, I do not know that Alan Alda was doing this, but I looked up, there is Stony Brook University, which is really cool

JG: .. Yes, it looks like something the world really needs

KK: I am very interested. I will try to learn more about this because it seems very interesting

JG :. So two other points of interest for us, first of all, we have many international clients it is not only a national story for us.

So you look at a whole bunch of companies Panama arise with documents, or sort of more on this, situations like Turkey, where the head of government is at fault and reflex response is turn off the Internet, which is something we talked about access now about guys on a previous podcast. But something interesting in international assessments you were doing this story

KK: I do not understand that many international reviews, perhaps because many Gizmodo readers is in the USA. And I'm really not sure why there was not more of an international delivery. There was not much higher by readers.

I think the angle I could have expanded more and I really do not because most of our readers are based US, but it is very important, is that just because the FBI or MJ promised to keep a security weakness that force Apple to create safe, does not mean that other governments would not operate. If Apple created a security weakness to assist the Ministry of Justice, the security weakness still exist to be exploited by foreign governments. So it is not at all limited to the United States. It is for anyone who uses an Apple phone, if Google is for anyone using Android. I think the idea that the US government could somehow keep a security backdoor only for its own purposes and not for the purpose of any government is a crazy and naive thing to think.

Yeah, the case is very important for everyone, not just the United States. Because a convincing business to create a security weakness means that they create a security weakness that can be exploited by literally anyone in the world. 9:30 p.m.

JG: Many of my friends are engineers of Silicon Valley and one of the stories I've heard, if we think about the Feinstein bill in this world where everything has a back door, and there is a list of keys, etc. Many friends to these large social media companies see very qualified engineers that look a little older than their resume says they are, appear in places like China and Israel that seem very interested in working in services and network security. I think, as an engineer, it seems obvious that the more we advance in this direction, more, absolutely, other governments looking to play

KK :. We do not know who the third party that helped the FBI unlock the phone. I wrote about Cellebrite, which is an Israeli forensic unit that was one of the main suspects.

We do not know if they did, so that's definitely just speculation. Israeli newspapers said they did, but there is no hard evidence, but simply the fact that Israeli society is a prime candidate to work with the FBI is proof that this is a global problem security, and it will be a lot of intermingling. The idea that it could be contained by the United States government is false

JG :. Right. And how important are privacy and security tools on a daily basis for a journalist now

KK: They should be very important. My use of the personal computer, I put the two-factor authentication on everything. At Gawker Media, we SecureDrop as an option for sources that are concerned about the transmission of data safely. And we use SecureDrop Tails and air notched computer to access documents that are sent to us, and it is an invaluable resource.

And using Tor can come in handy. I think journalists need a lot of training with safety tips. If you remember how Glenn Greenwald did not really get in touch with Edward Snowden for a while because he did not know how to use PGP

JG: .. Right, right

KK: We've all been trained in PGP and PGP I find really useful for communicating with some sources and communicate with other journalists, but it is a bit difficult to use people who are not journalists. It was a little confusing to me and some of my colleagues before we really got the hang of it. I wish we still are moving ahead with security solutions very intuitive and easy because I'm an English Lit major. I do not understand a lot of technical nitty gritty of security tricks and OpSec things. And I have to be held in the hand when I am using new security features, which is embarrassing to admit, but it is true. And I confess

JG :. There are actually a conspiracy theory that the PGP developers were encouraged not to work on ease of use, especially to prevent it from becoming ubiquitous. Basically, to keep raising the bar on how difficult it is to make Dragnet surveillance.

I do not know if there is any truth to this. That seems a bit accomplice for me. It might just be because the job of the user interface is difficult and sometimes aggravating. But there certainly are people out there who think PGP specifically was sitting on keeping difficult

KK :. There is certainly still difficult. I'm a bit cynical so sometimes I'm inclined to give conspiracy theories ... I like a good pot of honey. But I do not know why these tools have not progressed.

But I hope they do so in the future, because there is an access barrier for people who are not journalists worried about their sources. Whenever I try to explain to my friends that PGP are PR people or my parents, why should I ever use, it seems difficult, I will not ...

JG and a recurring theme that we see with the security, safety is thrown around a single word, but it really means 6 or 7 depending on how you count. Non-repudiation is not running exactly on the language as a way to say, this person is who they say they are.

These aspects, most people do not think about traffic analysis. The idea to detect or hide two people talking to each other at all. But it becomes very important operationally from everything we read.

Well, thank you very much for talking to us today. As security minded people, it is good to talk to those who are out there exposing the ongoing drama that we all try to understand what the rules should be

KK :. Well, thank you for having me!

Previous
Next Post »
0 Komentar