Bill Frezza , collaborator of many companies and technology, publications and host of Real Clear Radio Hour talked to Josh last week about mass surveillance and legislation of technology. Bill is a regular contributor to Forbes and Huffington Post, whose coverage of the controversy San Bernardino iPhone has attracted the attention of IPVanish team. Josh and Bill discussed government oversight mandated by the mass, the cat and mouse game that is the dilemma cryptographer, security versus convenience compromise and legislation of technology. Listen to the podcast now or read the full transcript below.
Transcript
Josh Welcome to the Secure Sessions Podcast , made by IPVanish . With me today Bill Frezza , collaborator of many business and technology publications, host of the Radio Hour RealClear and fellow MIT alum. Bill, thank you for joining us. (0:26)
Bill Frezza Real Clear Radio Hour :. Thank you for
Josh So, we were interested to talk to you about your coverage of the controversy San Bernardino Apple iPhone against FBI.
so I think it was an interesting case the intersection of technology and law . First of all, thank you and thank you for joining us for coverage. We are happy to see people wearing the light to security issues in the press that we think they deserve. (00:57)
Bill : Well, it is a perennial issue, and the fight against Apple FBI is far from over. You will see the burst on a periodic basis, probably until a case reaches the Supreme Court. We will see that there are other ways that the FBI can work its will on Apple backstage.
But it is something that people should think and most people are very, very confused about the real issue. People think the real issue is protecting their personal mobile phone or their individual account, they are accused of a crime or are the subject of investigation, and it's actually a decoy. The real risk here is mass monitoring . The real danger to Americans here is hoovering down all communications, all that happens on the Internet, compilation of files that can then be used against them in the future for a variety of reasons, we can discuss.
Josh: This is true and we see very similar. We all understand that there is a legitimate need for law enforcement, especially around issues of terrorism.
But to IPVanish one of the things we try to position is against what we call 'law enforcement a comfortable armchair. So a lot of the interesting aspects of technology law have to do with, when an act is actually much cheaper than it changes the nature of the act and I think we see that law enforcement and supervision dragnet (2:23)
Bill :. Absolutely. And if you really look at the history of privacy in our country and the Fourth Amendment protections that have been put in place, they obviously could not have designed these low-cost tools to use mass surveillance to spy on citizens. It is impossible that they could have built anything in the Constitution. They were literally affected by someone knocks on your door and rummage through your papers and you can not be in a wheelchair for the
Josh :. This is true, and I think we've seen repeated difficulties translate analog arguments on the papers in a safe and the combination in relation to security.
the combination of the safe over the papers in the safe, and because of some of the different nature of the encryption, I think we have seen the difficulties in translating these rules on the technological world current. (3:12)
Bill: People get so confused about data at rest and data in motion; they are two completely different technological problems. The vulnerabilities are different in both cases. Different needs of different users and different applications, different circumstances. So what tends to ruin the whole conversation.
In addition, people tend to confuse privacy in the corporate world. People fear that Google will know what deodorant I use and they will submit to advertising, which is very, very different from the government to keep an eye on me because I'm a bit of political agenda .
Josh let me ask your views on such fundamental question, which is, I heard, the application of the law makes the argument that the idea that we would restrict government access to information than we limit access corporate information is absurd, but from the perspective of individual liberty, which does not seem absurd to me at all. (04:07 )
Bill: Well, we'll put the light of this, is that when I go and give my information to a company, it is an exchange. It is not voluntary.
'Do you want my free service? I would like your free service. Well, in return, to give you a free service, this is what I want from you, here are 19 pages of stuff I want from you and if you do not give me this stuff, do not use my free service . It is an exchange that is entirely voluntary.
This is very different from the government that says, 'Oh, you want to communicate with your fellow citizens? We want to listen "
Josh :. It's true and I think I remember the freedom of assembly, you know the mentioned list somewhere
Bill [. Yeah people forget that one There is a long list that people forget
Josh :. It's true and I think you put highlight the aspect of indentured servant of the case San Bernardino iPhone because it not an amendment that we talk about every day. (4:54)
Bill : no, it is not and it is one that bothered me the most, because he was the last to come in a dialog box and I was talking to some of our media people.. saying, I have to write about it because nobody looking at the corner of, say Apple gives in. because there are a thousand ways to make Apple give behind the scenes. They might start a tax case against them they could start an antitrust lawsuit against them, they could do all kinds of things to do business pressure on Apple to make cave.
Now I am an employee, right? Apple got to put a team together to write this hacker software. Suppose I do not want to. No, I choose not to. Can they force me? Can they fire me? Can I lose my job?
So there's a whole Amendment slavery 13 and look under servitude agreement on this , which is established in fact in some recent bills that are before Congress, I am obliged to do service well beyond government to simply provide a key or information and it raises many troubling questions
Josh :. Absolutely, and we believe that a group of people questions, perhaps, have been highlighted as essentially confused so that all these issues have been brushed under the carpet. As these issues have been brushed under the carpet, we saw a bunch of points that were clearly prepared in advance, trotting out to make arguments about why such actions were necessary. (06:34)
Bill : Well, here's what's so interesting about this fight. Americans want both. If you take a poll of Americans and you say, do you want to fight against terrorism? "Oh sure, I want to fight against terrorism. Terrorism is bad. We need every tool we can to fight against terrorism. "Do you think privacy is important? "Oh yes, privacy is important.
They want both directions, so it all comes down to a battle of narratives. How do I frame the question, how can I present the problem and what you see between the FBI and Apple's Dueling narratives. It takes a long time before these stories become legal affairs, legal affairs are considered and decided cases make their way up the procedure of Appeal Supreme Court.
Meanwhile what is happening in the public court. And this is an important court as for Apple, which must appeal to its customers and the FBI, at some point needs the support of the public for his behavior. So what you'll see is a series of test cases where the FBI chooses evil. It is obvious that the terrorists were in San Bernardino as bad as you can get.
And they never really need to break Apple in this phone , they knew they could solve the problem. And besides, they did not find anything on the phone that was valuable and probably had a pretty good idea that, too. It looked like a case of very practical test from the perspective of narrative construction.
They also obtained other cases, brewing now with the drug traffickers. Of course, drug traffickers are very unpopular people, although there is some ambiguity about it now that we see the legalization nationwide. And you always have your favorite go-to, which pornographers. You can always trot if you want to create a narrative around to invade privacy.
Apple, on the other hand, is looking at this from the point of view, they are very concerned about their consumers, their consumers increased awareness of privacy. Clearly they had cooperated with the FBI quietly. And it lasts for a while. If the FBI has just come with a phone, handed them the San Bernardino phone and said, "Look, do not tell us how you do it, just break it and send us the information," they probably would have got that they wanted.
The FBI has decided to make a public spectacle out of it. a judge clued Apple saying, "Look, you have to really respect that, 'and that's what set off the firestorm. So there's this huge Kabuki dance going on right now where the real goal here is power . Then the FBI agents and surveillance, the NSA and the CIA get the power they need to continue monitoring state
Josh :? And I think my play on the fact that they asked all. We believe that if there were legitimate national security reasons to enter into this phone, some of the organizations that have a capacity slightly more technical absolutely would have helped the FBI and you would not have seen demand public.
Because we know that we have bodies that can break into these phones
Bill .! Sure
Josh : And the fact that the FBI was not assisted in this regard either means they did not require this assistance, or they requested help and the wait the information they received was not worth the potential compromise of the art.
One of the things we have worked to explain to people what we call the dilemma cryptographer or dilemma analysis to come, which means the amount of information possible drawn from this cracking share, compared with how much we would lose if the other side realized that we had an exploit and changed all the codes, or in the case of software, designed a solution such as this attack was not possible. (10:01)
Bill: Well, there's a game of cat and mouse. People think that security is an end point. It is an endless process; there are always weaknesses, there is always stronger technology, there are always new approaches. And in fact, the worst thing you can do, the absolute worst thing you can do for the security and privacy, is to have a single national mandate or set of rules. What you need is a dynamic market. You need all kinds of companies trying different things, because there is always a tradeoff between security and convenience.
I'll give you a perfect example. I had my credit card stolen recently, the number. We were traveling in Europe; within three days some server had obtained my credit card. My exposure was in fact very low, almost nothing. The banks have an exposure. They took everything away. They really understand how to make this practical world.
Yesterday, I made a bank transfer to my account, which is something I almost never do at Bank of America. I had to go through 17 security hoops before they let me do this transfer. It was really, really aggravating and as I thought, I said, you know what, it is probably appropriate that it be really, really aggravating because it's not something I do every day, and the risk is very high if someone cleans my account. So there are all these compromises you have to make and the appropriate place to make such compromises is the market, not the Congress
Josh :. Absolutely, and we see what product designers, where we try to bring the benefits of encryption and anonymous access and the right to navigate quietly without history. Often our clients with making sure they can allow these tools and understand the implications of them.
For example, the fact that cryptography involves math, slows the computer down and that means you can not be streaming video easily on the highest quality encryption with VPN, but perhaps be if all you do is video streaming, then you might be willing to downgrade to a figure lighter and go on a little to the side of convenience. So we made the surface that security versus convenience compromise our users in ways they can navigate. (12:09)
Bill: The point here is that everyone should have the right to decide the level of privacy and security that they want and deal with suppliers who provide them. It is really simple
Josh :. Absolutely. Now, not all the news is bad. There are some years we have had an interesting case. It was rare to see the 4th Amendment stalled in this day and age, but there was an interesting case of drugs, [unclear] and it was US v Kylo with someone. - I guess it was US v Kylo -. Where a marijuana grow house has been detected by a drive by using a thermal camera. And there is great pain in one of these opinions to the effect that citizens should not be in a technological arms race with their government , which at the time I find encouraging. But since I've seen almost no mention of it, and most of the news was in the opposite direction. So now in Congress, we plan to Feinstein Burr-law introduced with the almost total ignorance of security and encryption. (13:12)
Bill: This is amazing, there is a great Wired section, they get the title of the award the week. The title of the article Wired is The proposed encryption Project Senate bill is Ludicrous, dangerous and technically illiterate, 'and they absolutely nailed.
What it is, is a hedge wish, wish upon a star. And to create essentially a statue that is so vague that a prosecutor or an investigative body can do what they want out and is a direct violation of the 13th Amendment . He says in fact, if we have a court order, which is a good place to start, you need to do something in your power to make this information available to us. Which may include, in addition, do the impossible. So all this has become inverted
I think we are endangered by the legislation of the congregation . we are not helped by the legislation of the congregation. So my hope is that enough people like Senator Wyden can throw sand in the gears to stop it and at least maybe wait for the next administration to deal with it
Josh: . This is true. Senator Wyden is a rare example of cluefulness on these topics. In fact, I went out with people now access the CryptoSummit in San Francisco it a few weeks ago, when Senator Wyden came to announce its new version of the bill. The first tenant of the bill was to say that the government , stop forcing backdoors .
Now, it is simply ridiculous to see someone else in the same party proposing exactly the opposite two weeks later. So we as a service provider must absolutely ensure that we understand the rules and understand the situations in which we may have to gather information or may have to return information.
We strive to do as little collection as possible so that we have nothing to return. But reading the draft law Feinstein-Burr, if I were going to a compliance meeting and try to write procedures for a company to tell how should we follow this law, it might as well be the Candyland rules. This does not correspond to what we actually do. (3:26 p.m.)
Bill: No, it's not possible. That's where the problem is because the respect of the business becomes an impossibility and what is the cost of this.
People forget that this whole battle was a time before the dawn of the Internet age with the chip of the mower. Recall that during the Clinton administration, they proposed a solution to the encryption problem by requiring that everyone uses an NSA designed encryption algorithm. And in order to sell a device that embodies this algorithm, it was a key escrow with the government.
This is actually what started the beginning of the Electronic Frontier Foundation and the Electronic Privacy Information Center, was a huge battle in 1993. A battle won by the forces of good, because people said you have to be out of your mind. It's like requiring each manufacturer's safe to escrow combination with the government in case they needed it. And allow people to get to your information without letting you know.
This is another thing I think people are concerned, and we begin to see pushback from the likes of Microsoft, where he is a legitimate court order to investigate an account, the company must submit this information to the government, but there is a gag order letting the target know that this information was given. This is a very approach very problematic for law enforcement reminds me and the Stasi secret police in East Germany
Josh :. This is true. The secret police following the secret rules in secret tribunals . And there is not much action there. Again something on the petition the Government for a redress of grievances comes to mind. This becomes very, very difficult to do in these circumstances. (17:24)
Bill: So Josh, which is very complex, the question of the balance between the rights of citizens with the rights of government is a complex issue and I would really recommend that your listeners read a book that was written some time ago. I think back to '98 by David Brin, one of my favorite science fiction writers called The Transparent Society .
Now I do not agree with everything David said, and I support his position, but there is something very, very thoughtful to the fact that he says privacy is dead . That there is no putting the genie in the bottle, these electronic tools are getting so inexpensive that mass surveillance is almost inevitable.
We have seen in the UK there are cameras in every street corner and the real question is, goes back to the old Latin saying, which guards the guardians, who watches the watchers? This in order to protect our freedoms, we must not only recognize the fact that the government will be looking at us, but we have to look at them. We must do all this transparent thing when these powers are abused, we respond. If these powers are used to capture terrorists, terrorist legitimate, very few people will giggle. If these powers are used to punish political opponents, dragging them to court to fight the charges speech against them and force them to defend themselves, which is when we must be careful
Josh :. And I think this is an example where sometimes we see the local government to do better than the federal government. Here where IPVanish is located, we saw a local case where a deputy sheriff was sued for access inappropriately allowed the database to drive. In this case, ie the home address and cell phone number of a pretty girl at Starbucks.
And we have seen that it is an example of what I consider reasonably appropriate restrictions on the use of government information. When someone looks at the log files and say, why is this person, why this research that citizen sworn officer not accused of anything. What is happening here? I see several access, let me talk to that person and find out why they did that. As for the commands that you can find inside a bank, where their log files show how privileged access was used.
It is clear from some of the Snowden revelations that these access controls are not necessarily placed inside the NSA . Now sometimes I take heart from the fact that we see these small examples of human weakness with the Snowden revelations, we saw that look, there were NSA employees who sought their former spouses divorced people to see if they were dating someone a new, or something like that. These little moralities of human nature.
Now, I personally believe that these human weaknesses are what protects us actually a conspiracy of government. That at some point, it is difficult to put together 100 people who are actually quite fanatic that nothing escapes; However, we do against modern-examples where Germany is certainly able to set up a dragnet surveillance organization which necessarily suffer from human frailties. (21:00),
Bill: There was, at least I remember the days of the Cold War, there were very clear borderline between the NSA and the FBI.
the NSA spied strangers and they hang people in the courtyard. Their job was to keep an eye on what the Russians were doing, because you think it is bad to have a guy San Bernardino mow people down, we were worried about nuclear holocaust
Josh :. course
Bill: .. So people were perfectly happy with the NSA spying on everyone
The problem comes with sharing information. The problem comes when the information the NSA collects, when I want to spy on foreign governments. The problem comes when the information starts to leak to the application of the law and that information began to leak to overzealous prosecutors who have a political agenda. And again, who returns to mass surveillance.
So, another book that I would really recommend to your listeners is a book called Harvey Silverglate Three Felonies A Day . And what he writes is that federal laws, the federal crime list was so long that no one can actually count how many crimes there, it is tens of thousands. And any American citizen, especially those working for a company, if you have a rather zealous prosecutor, they may interpret that you committed a crime. And even if they can not pin the crime on you, the act of this survey will produce irritating enough that they can get you either to obstruction of justice and conspiracy.
Obstruction of justice and conspiracy are like catchall crimes as hooliganism used to be in the Soviet Union. The problem with mass surveillance is they got all this information on everyone. It's like the secret files J. Edgar Hoover. Whenever they want, a prosecutor may consider you for anything and this is where the risk comes down to what I think people should especially be concerned about
Josh :. If you look past some potentially bad behavior by our alma mater MIT if Aaron Swartz, it is an example where a very wide, not to computer status update from the 70s, that the we see repeatedly applied - effective if the federal government wants to make trouble for you, and you've used a computer - they can find a way to apply this law to make you a federal criminal and apply pressure. World incentives aligned or get incentives right.
A friend of mine who is a law enforcement officer shared some very interesting information that suddenly clearly how behavior works within the law enforcement community. And what he told me was that when you are a law enforcement agent, on your resume, just below your name is your account arrest crime.
0 Komentar