Comey's argument makes sense at first. Why not have a trusted escrow provider keep keys safe, and also respond to court orders when necessary. It feels almost like a checks and balances kind of argument, the kind that Americans find persuasive with our three-branch government.
The problem is that we now know that the government has the goal of unlawful surveillance without oversight from courts, the legislature, or the public. There is essentially an ongoing "by any means necessary" attack on civil liberties.
Why should we think that the government is not planning to infiltrate the escrow services and preemptively capture all keys?
There has been a profound breach of trust (revealed by Snowden) and we must insist upon the rule of law and basic democratic transparency before we consent to any further risks.
I try not to be cynical but I am thinking that the trend we are on is leading to strong crypto being largely criminalized. I am hoping that our decentralized systems adapt to this threat and offer solutions that cannot be shut down (like Bitcoin and Ethereum).
Incidentally, if Apple seems likely to lose the battle over a back door, it ought to offer an Ethereum smart contract that will unlock one phone every day, require a key provided by each member of congress (with 100% consent required to unlock a device), and publish all unlock key requests on the Ethereum blockchain after a 30 day delay in case an investigation is in progress.
This protects against mass surveillance, but offers a very small back door with full transparency and no potential for large scale use (or abuse).
So what do you do when the "trusted" escrow provider gets hacked, just like OPM was, and countless US corporations who've had customer records and credit card numbers stolen?
What's the point of using encryption if you're going to put the keys in the hands of some unaccountable entity which is easily hacked? You might as well not use it at all then.
> The problem is that we now know that the government has the goal of unlawful surveillance without oversight from courts, the legislature, or the public … There has been a profound breach of trust (revealed by Snowden) and we must insist upon the rule of law …
Nothing Snowden alleges is illegal or unconstitutional, despite his and his supporters' repeated assertions. 'I don't like it' does not imply 'it is illegal and unconstitutional.' Neither the law nor the constitution forbids all bad things (nor does either mandate all good things, but that's another issue).
You are correct, of course, that one major issue is that States cannot be trusted to respect their citizens' liberties. Another is that States cannot be trusted to take care of their own data: an escrowed key will shortly become a leaked key.
> Incidentally, if Apple seems likely to lose the battle over a back door, it ought to offer an Ethereum smart contract that will unlock one phone every day, require a key provided by each member of congress (with 100% consent required to unlock a device), and publish all unlock key requests on the Ethereum blockchain after a 30 day delay in case an investigation is in progress.
That doesn't make sense, since the Congress is the legislative branch and it is the executive which actually does things. What could make sense is a smart contract which is unlocked by the judiciary.
But we're a long, long way from enforced smart contracts which do things like handle succession of new members &c. I can't wait until we're there, someday, but it'll take a good long while.
> Nothing Snowden alleges is illegal or unconstitutional...
First, I did not claim it was unconstitutional or strictly illegal (since secret things can't be considered by normal courts or legislatures, everything is in a sense extralegal, which is itself a big problem).
There are protections against unlawful search and seizure. Seizure in this case is data capture, search is viewing by a human (with or without a warrant). There was not any law granting the NSA the power to do domestic surveillance unless there was some suspected behavior involving foreign nationals or international circuits.
But it's more relevant that our leaders repeatedly assured us that no such surveillance was going on. Blatant lies told to the public is as serious a breach of trust as an unconstitutional program. Thus I think the technical constitutionality (or even strict legality) of the program is more of a detail than the core issue.
My suggestion of giving keys to each member of congress is simply for Apple to force the issue into the most democratic institution, effectively giving any member of congress veto power against unlocking the data. While this doesn't fit the exact delegation of powers that we're used to for such things, it does address the terrorism/kiddie-porn argument that Obama recently made... in other words, it addresses the meat of the emotional argument that our leaders are making.
>But we're a long, long way from enforced smart contracts which do things like handle succession of new members &c. I can't wait until we're there, someday, but it'll take a good long while.
I agree, but I think it might be a good strategic move for Apple if things start to look bad for Apple offering an unfettered secure-hardware / strong encryption platform. Apple could then claim that it had offered enough of a back door to prevent any interim attack should one occur.
The government's strategy is to leverage public outrage about any attacks (large or small) to get back doors into everything. Apple does not want to be accused of stonewalling if an attack occurs and the government subsequently claims that decrypting one or two phones a few weeks ago could have prevented it.
The problem is that we now know that the government has the goal of unlawful surveillance without oversight from courts, the legislature, or the public. There is essentially an ongoing "by any means necessary" attack on civil liberties.
Why should we think that the government is not planning to infiltrate the escrow services and preemptively capture all keys?
There has been a profound breach of trust (revealed by Snowden) and we must insist upon the rule of law and basic democratic transparency before we consent to any further risks.
I try not to be cynical but I am thinking that the trend we are on is leading to strong crypto being largely criminalized. I am hoping that our decentralized systems adapt to this threat and offer solutions that cannot be shut down (like Bitcoin and Ethereum).
Incidentally, if Apple seems likely to lose the battle over a back door, it ought to offer an Ethereum smart contract that will unlock one phone every day, require a key provided by each member of congress (with 100% consent required to unlock a device), and publish all unlock key requests on the Ethereum blockchain after a 30 day delay in case an investigation is in progress.
This protects against mass surveillance, but offers a very small back door with full transparency and no potential for large scale use (or abuse).