One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
Not really? The ACA is and has been a far more transparent phenomenon than the growth of NSA surveillance, and proponents of health care reform have clearly stated their case for necessity and desirability of government action.
edit- Honestly I'm not really seeing how the two relate
1) PRISM et all was not passed in secret. While you can argue that the original patriot act was passed in bad faith it has been repeatedly reauthorized which renders that issue moot.
2) the power of the government to search with a warrant is not under question. This is literally one of the reasons why we have courts. This isn't even a figuratively literally. We fucking wrote it down, this is why we have courts.
The degree of power and funding we allow the government's searching apparatus, and the legal framework governing it, are under question. The current surveillance architecture entails a large amount of both. Do you feel that the current degree of funding and capability is necessary or desirable? Would you be opposed to repealing some of the post-2001 laws, such as the PATRIOT Act, which lay the foundation for the modern surveillance policies?
The short answer is "well we had that discussion and you lost"
But i would suppose the answer is that, as far as i can tell the current security apparatus is pretty decent
The degree of power and funding we allow the government's searching apparatus, and the legal framework governing it, are under question.
Also currently under question:
1) Benghazi.
2) Why did we close up the Veterans memorial during the government shutdown?
3) The Voting Rights Act.
The current surveillance architecture entails a large amount of both. Do you feel that the current degree of funding and capability is necessary or desirable?
Really? You want people to judge the right amount of funding based on feeling?
Would you be opposed to repealing some of the post-2001 laws, such as the PATRIOT Act, which lay the foundation for the modern surveillance policies?
The PATRIOT Act is a big, big law.
List specific provisions for meaningful discussion.
One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
Not really? The ACA is and has been a far more transparent phenomenon than the growth of NSA surveillance, and proponents of health care reform have clearly stated their case for necessity and desirability of government action.
edit- Honestly I'm not really seeing how the two relate
The short answer is "well we had that discussion and you lost"
Everything people talk about has been around for awhile now and if not passed openly (I think the NSA was organized secretly originally) has at least been public since the beginning or for decades now.
So much of the current debate is sound and fury and nothing else. It's gobbledeegook about things we already knew, but now phrased more alarmingly. The impetus to it (Greenwald and Snowden largely) counted on that. The way the story developed and the things that were released long ago showed this was about forwarding an anti-surveillance political position, not any sort of illegal activity. It's just dressed up as scary bad "illegal" activity because that's the only way they can sell the political agenda.
If you don't believe that, just look at the outrage over the US government spying on foreigners. Think about what the complaint is for a second and then ask your what you thought the NSA was for? What do you think it's been doing for the past few decades?
The degree of power and funding we allow the government's searching apparatus, and the legal framework governing it, are under question.
Also currently under question:
1) Benghazi.
2) Why did we close up the Veterans memorial during the government shutdown?
3) The Voting Rights Act.
So are you giving up on debating in good faith and just trying to associate opponents with Republicans now? None of this has any relevance to the conversation.
The current surveillance architecture entails a large amount of both. Do you feel that the current degree of funding and capability is necessary or desirable?
Really? You want people to judge the right amount of funding based on feeling?
This is painfully nit-picky, "judge" or "believe" would work in place of "feel" if it bothers you that much.
Would you be opposed to repealing some of the post-2001 laws, such as the PATRIOT Act, which lay the foundation for the modern surveillance policies?
The PATRIOT Act is a big, big law.
List specific provisions for meaningful discussion.
No, the burden of proof is on you. I'm fine with government surveillance being reverted to its Clinton administration levels; if you think a greater degree of surveillance is necessary or desirable, and that the PATRIOT Act should not be repealed in full, then you need to tell us which parts are worthwhile and why.
So are you giving up on debating in good faith and just trying to associate opponents with Republicans now? None of this has any relevance to the conversation.
I'm pointing out that simply pointing out that we should be concerned on the grounds that something is currently being questioned is a massive fallacy. It's the same fallacy creationists use when they insist "Oh, there are scientists who question evolution."
It's not enough to point out that something is being questioned. You have to present an actual argument.
The current surveillance architecture entails a large amount of both. Do you feel that the current degree of funding and capability is necessary or desirable?
Really? You want people to judge the right amount of funding based on feeling?
This is painfully nit-picky, "judge" or "believe" would work in place of "feel" if it bothers you that much.
Give us specific examples of where you think spending should be cut. Otherwise, it's impossible for anyone to make an educated judgement.
You're line of reasoning is identical to the shutdown argument. "Oh, government spends too much and taxes too much based on my completely arbitrary assessment of how much too much is."
Would you be opposed to repealing some of the post-2001 laws, such as the PATRIOT Act, which lay the foundation for the modern surveillance policies?
The PATRIOT Act is a big, big law.
List specific provisions for meaningful discussion.
No, the burden of proof is on you. I'm fine with government surveillance being reverted to its Clinton administration levels; if you think a greater degree of surveillance is necessary or desirable then you need to tell us which parts and why.
This is silly.
It would be equivalent to me asking, "Do you agree with the constitution?" And then if you say yes, I challenge you to defend every sentence and every line, insisting that the burden of proof is on you to defend every line as valid. Because if you don't, then it means that you don't really believe in the constitution.
If you have us to discuss your specific objections to the PATRIOT Act, then tell us your specific objections. You can't expect us to be mind readers.
One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
Not really? The ACA is and has been a far more transparent phenomenon than the growth of NSA surveillance, and proponents of health care reform have clearly stated their case for necessity and desirability of government action.
edit- Honestly I'm not really seeing how the two relate
The short answer is "well we had that discussion and you lost"
Who is the "we" here? The Bush administration led that "discussion" after 9/11 and the ensuing propaganda whipped the nation into a frenzy. "We" (mostly left-wing Democrats at the time) lost, but in our opinion the merits of the PATRIOT Act were never adequately espoused. We lost on Afghanistan and Iraq too, and for similar reasons; unfortunately those decisions cannot be reversed.
One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
Not really? The ACA is and has been a far more transparent phenomenon than the growth of NSA surveillance, and proponents of health care reform have clearly stated their case for necessity and desirability of government action.
edit- Honestly I'm not really seeing how the two relate
The short answer is "well we had that discussion and you lost"
Who is the "we" here? The Bush administration led that "discussion" after 9/11 and the ensuing propaganda whipped the nation into a frenzy. "We" (mostly left-wing Democrats at the time) lost, but in our opinion the merits of the PATRIOT Act were never adequately espoused. We lost on Afghanistan and Iraq too, and for similar reasons; unfortunately those decisions cannot be reversed.
And you can do that. Legislatively. The same way the argument was won the first time.
One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
Not really? The ACA is and has been a far more transparent phenomenon than the growth of NSA surveillance, and proponents of health care reform have clearly stated their case for necessity and desirability of government action.
edit- Honestly I'm not really seeing how the two relate
The short answer is "well we had that discussion and you lost"
Who is the "we" here? The Bush administration led that "discussion" after 9/11 and the ensuing propaganda whipped the nation into a frenzy. "We" (mostly left-wing Democrats at the time) lost, but in our opinion the merits of the PATRIOT Act were never adequately espoused. We lost on Afghanistan and Iraq too, and for similar reasons; unfortunately those decisions cannot be reversed.
And you can do that. Legislatively. The same way the argument was won the first time.
So are we in agreement then? I'm advocating a repeal of post-9/11 legislation enabling the expansion of US government surveillance.
You're arguing that the NSA having backdoors to this RNG (or crypto in general) implies that other people can access those backdoors. However the situtation we are discussion is one in which even if the NSA has a backdoor, in order for someone else to exploit such a backdoor they would have to be capable of breaking the entire system. That is, accessing the back door is not as trivial as finding it(which itself is not trivial for non-math definitions of trivial)
This implies that no, backdoors are not symmetric in the manner you're suggesting. And if they aren't then the argument that we should not have backdoors because it makes our allies weaker goes out the window.
Other people can use this backdoor just as soon as they get access to the missing "key". Of course, this is impossible since no one has ever sold or publicized secret information.
The first three SP800-90 proposals used standard symmetric components like hash functions and block ciphers. Dual_EC_DRBG was the odd one out, since it employed mathematics more that are typically used to construct public-key cryptosystems. This had some immediate consequences for the generator: Dual-EC is slow in a way that its cousins aren't. Up to a thousand times slower.
Now before you panic about this, the inefficiency of Dual_EC is not necessarily one of its flaws! Indeed, the inclusion of an algebraic generator actually makes a certain amount of sense. The academic literature includes a distinguished history of provably secure PRGs based on on number theoretic assumptions, and it certainly didn't hurt to consider one such construction for standardization. Most developers would probably use the faster symmetric alternatives, but perhaps a small number would prefer the added confidence of a provably-secure construction.
Note that Dual_EC_DRBG is actually provably secure under two circumstances which the article lines up for you.
I.E. you drop >16 bits and if you're concerned about the NSA you generate your own Q.
...and the NIST standard includes a fixed Q and doesn't require dropping >16 bits, which is why it's broken. Is that so hard to understand?
EDIT: Just a few posts above you tried to argue that Dual_EC_DRBG with a fixed Q and without dropping enough bits behaved just like all PRNGs. Make up your mind.
The way I see it, it's basically like expecting Tony Stark not to have a contingency plan in case some bad guy manages to steal his armor.
Only instead of "bad guy steals his armor," it's more like "bad guys can have open access to his armor whenever they want."
Tony Stark owns his armor and can control who has access to it. The US government does not own and did not create most crypto algorithms and is in no position to control who has access to them. Putting a huge hole in his armor just in case someone steals it also seems out of character for Stark.
EDIT: Did you even read my earlier response to you or are we doing this thing again where you repeat the same point over and over again and ignore peoples' responses?
I mean you do realize it's a US government agency, and the Advanced Encryption Standard is a US government specification (which is used by everyone because if it's good enough for top secret, it's probably good enough for whatever you're doing).
You do not seem to understand how encryption standards work.
Missed this post earlier. I do understand how they work, but unlike you I also understand where the algorithms that are being standardised actually come from in the first place. Look at my post again, I said the US government does not own the algorithms, not the standards. Yes, AES is very, very obviously a US government standard. Rijndael is something some guys from Belgium came up with and very, very obviously not owned by the US government.
No you clearly don't. Rjindael isn't AES. AES is AES - which is based (1 to 1) on Rjindael. The US government can't backdoor a standard they don't release, because the Belgium's can simply say "well, we don't like those changes, this is the one we think you should use". Do you trust Belgium?
Hell, this is whyBlowfish and Twofish came into existence - they were both dissenting submissions for the AES standard which the authors felt were better then the ones being offered. Many people implemented them as a means by which people could choose a non-NIST standard with a strong advocate. (but you know - at a cost. Blowfish has known attacks and is considered outdated which why no one bothers with it).
So again, arguing about who owns the algorithm makes as much sense as arguing about the dimensions of a square circle.
EDIT: Annnnd this is also exactly what I was ranting about previously. This is not an intelligent discussion about surveillance. It does not deal with reality in a manner which you know, acknowledges it. Instead it's an argument about minutae which most people don't understand but which sounds dramatic and scary because the mundane side of the story - that the NSA would have a big database of common implementation flaws and exploits (similar to that freely available from any number of hacker/security researcher papers sites) isn't exciting or scary, it's exactly what you'd expect a signals intercept agency to have.
Missing my point. Schrodinger was talking about "letting other countries have access" to crypto stuff etc. I pointed out that, since the US government doesn't own or control or came up with the underlying algorithms, and people are capable of coming up with this stuff on their own, they are in no position to do that. Giving people a credible reason not to trust AES or SHA-3 or whatever would just mean that they would come up with a different standard. That's a big part of the reason why introducing backdoors in widely used NIST standards would be so stupid, which is what I've been saying the whole time.
I'm not, I'm talking about why any such hypothetical weakness would be a really fucking stupid idea. Again, something that is costly but practical for a government to exploit today is going to be feasible to exploit for a lot of other entities within a few years. You are also making the false assumption that a potential attacker (China, Russia...) isn't going to be able to dedicate similar resources to the attack even now. There is no possible scenario where a backdoor would be practical for the US government but impossible to exploit for anyone else. Which is why backdoors are stupid.
Jesus, and this is why I can't participate in these threads. Lets spend our time arguing about legal and technical minutiae which we clearly don't understand (as evidenced by this reply), while constantly obfuscating real discussion about the various concerns people may have with the NSA spying on [subject of the week].
Xrdd wants me to care about this awful back door that any foreign hacker could supposedly exploit, but he can't actually tell me the nature of this backdoor or how much time and computing power it would take to exploit this backdoor, or how much inside knowledge they would require before they even knew where to look for a potential backdoor.
Instead, all he's really said is that mathematically, it might be possible. Which is technically true, but pretty much useless for the sake of the discussion.
The XKCD comic is amusing because it goes over this delusion that encryption needs to be absolutely unbreakable, even to people who are willing to invest in multi-million dollar clusters. Which, let's face it, the NSA is not going to bother with just for the sake of hacking your twitter account or whatever.
It's also relevant in response to the comments of, "I'm sure the Chinese can find and exploit this backdoor, since big companies get hacked all the time!" When big companies get hacked, it's usually some sort of failure at the human level. Hence, $5 wrench.
FFS, I don't want you to care about any backdoor, I pointed out to you why any hypothetical backdoor is a really dumb idea. I'm also not responding to you any more, since we are apparently doing this thing again where you don't understand the discussion you are participating in and ignore the content of my responses to you.
One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
Not really? The ACA is and has been a far more transparent phenomenon than the growth of NSA surveillance, and proponents of health care reform have clearly stated their case for necessity and desirability of government action.
edit- Honestly I'm not really seeing how the two relate
The short answer is "well we had that discussion and you lost"
Who is the "we" here? The Bush administration led that "discussion" after 9/11 and the ensuing propaganda whipped the nation into a frenzy. "We" (mostly left-wing Democrats at the time) lost, but in our opinion the merits of the PATRIOT Act were never adequately espoused. We lost on Afghanistan and Iraq too, and for similar reasons; unfortunately those decisions cannot be reversed.
And you can do that. Legislatively. The same way the argument was won the first time.
So are we in agreement then? I'm advocating a repeal of post-9/11 legislation enabling the expansion of US government surveillance.
OK, well is there any particular reason why you're advocating for that?
Because the more i keep reading about the issue the more i become convinced that the security apparatus which was in place before the Patriot act was insufficient to deal with the expanding space in which people operate.
Simply put, I am not comfortable creating a space in which the United States has no police authority. Prior to the provisions in the PATRIOT ACT which expanded wiretapping laws and the FISA courts to cover types of electronic surveillance which are not land line telephones we were most definitely in such a space for sophisticated enough users. Without said updating we would almost assuredly be in a space today where the vast majority of the population had the sophistication to carry out whatever illegal activities they wanted and leave the evidence for this in an effectively unsearchable space. As I understand
This is especially problematic when we are talking about the national security apparatus because we expect the people that we have to work against will be more sophisticated in general. I don't find that the additional metadata searches (roughly equivalent to noting who comes/goes from a particular location and making a list of known acquaintances) are either particularly invasive or threatening with regards to some theoretical Orwellian state
Other people can use this backdoor just as soon as they get access to the missing "key". Of course, this is impossible since no one has ever sold or publicized secret information.
Yes as soon as you have the private key its amazingly easy to break encryption. They still have to get the key first and that seems to be particularly hard because the crypto's who found this bug in 2007 would have almost assuredly published finding such a breach.
Other people can use this backdoor just as soon as they get access to the missing "key". Of course, this is impossible since no one has ever sold or publicized secret information.
Yes as soon as you have the private key its amazingly easy to break encryption. They still have to get the key first and that seems to be particularly hard because the crypto's who found this bug in 2007 would have almost assuredly published finding such a breach.
Getting access to the key is mathematically very difficult in this case. It is very easy if the next Snowden decides to walk out the door with it. Are you seriously arguing that the fixed Q, insecure version of Dual_EC_DRBG should be part of the standard?
Yes it is amazingly easy, just as easy as if someone walks out with your private key. Nothing can protect against that attack, not even one time pads.
And yet, it doesn't apply to other PRNGs or the secure version of Dual_EC_DRBG. That's why the insecure version of Dual_EC_DRBG is, you know, insecure.
In general, if someone wants my private key in asymmetric crypto stuff, he has to get it from me and can compromise me. This is fundamentally different, as a PRNG isn't asymmetric crypto, the "private key" in this case is held by someone else and someone who gets it can compromise anyone who uses the fixed Q. In a secure implementation, with a random Q, no one has it in the first place. That's why a standard that allows a fixed Q is broken (also, Dual_EC_DRBG sucks as a PRNG).
Yes it is amazingly easy, just as easy as if someone walks out with your private key. Nothing can protect against that attack, not even one time pads.
And yet, it doesn't apply to other PRNGs or the secure version of Dual_EC_DRBG. That's why the insecure version of Dual_EC_DRBG is, you know, insecure.
In general, if someone wants my private key in asymmetric crypto stuff, he has to get it from me and can compromise me. This is fundamentally different, as a PRNG isn't asymmetric crypto, the "private key" in this case is held by someone else and someone who gets it can compromise anyone who uses the fixed Q. In a secure implementation, with a random Q, no one has it in the first place. That's why a standard that allows a fixed Q is broken (also, Dual_EC_DRBG sucks as a PRNG).
Yes, in this case if someone wants your private key in asymmetric crypto they can simply compromise the NSA instead of you(supposing that the NSA generated the constants in such a way as to let them do this). Congratulations you've identified an amazingly efficient line of attack!
It is also the case that all three of the other methods published in the NIST dispatch which this is in are subject to the same type of attack. That is, if you know the start value you use for your cypher based generation then you're done
Yes it is amazingly easy, just as easy as if someone walks out with your private key. Nothing can protect against that attack, not even one time pads.
And yet, it doesn't apply to other PRNGs or the secure version of Dual_EC_DRBG. That's why the insecure version of Dual_EC_DRBG is, you know, insecure.
In general, if someone wants my private key in asymmetric crypto stuff, he has to get it from me and can compromise me. This is fundamentally different, as a PRNG isn't asymmetric crypto, the "private key" in this case is held by someone else and someone who gets it can compromise anyone who uses the fixed Q. In a secure implementation, with a random Q, no one has it in the first place. That's why a standard that allows a fixed Q is broken (also, Dual_EC_DRBG sucks as a PRNG).
Yes, in this case if someone wants your private key in asymmetric crypto they can simply compromise the NSA instead of you(supposing that the NSA generated the constants in such a way as to let them do this). Congratulations you've identified an amazingly efficient line of attack!
It is also the case that all three of the other methods published in the NIST dispatch which this is in are subject to the same type of attack. That is, if you know the start value you use for your cypher based generation then you're done
You are being incredibly silly now. Someone leaks the key, everyone who uses the fixed Q version is screwed. There is no reason for that shit to be part of the standard.
The second part of your post is just wrong, you seem to be confusing constants used in the PRNG for the seed. They're not the same thing. Not even Dual_EC_DRBG is subject to this type of attack if you use a random Q. You keep claiming that this vulnerability is a normal part of how PRNGs work. It absolutely isn't, and in claiming otherwise, you are either still misunderstanding the attack or deliberately trying to mislead people.
Why? That's like the perfect example of when you should REQUIRE parallel construction. As long as they can construct a fully legal chain of reasoning, what's the problem?
Hell, there's like 5 dozen episodes of Law and Order about this shit.
Fruit of the poisonous tree is a legal metaphor in the United States used to describe evidence that is obtained illegally.[1] The logic of the terminology is that if the source of the evidence or evidence itself (the "tree") is tainted, then anything gained from it (the "fruit") is tainted as well. The term fruit of the poisonous tree was first used in Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920).[2][3]
Such evidence is not generally admissible in court.[4] For example, if a police officer conducted an unconstitutional (Fourth Amendment) search of a home and obtained a key to a train station locker, and evidence of a crime came from the locker, that evidence would most likely be excluded under the fruit of the poisonous tree legal doctrine. The discovery of a witness is not evidence in itself because the witness is attenuated by separate interviews, in-court testimony and his or her own statements.
The doctrine is an extension of the exclusionary rule, which, subject to some exceptions, prevents evidence obtained in violation of the Fourth Amendment from being admitted in a criminal trial. Like the exclusionary rule, the fruit of the poisonous tree doctrine is intended to deter police from using illegal means to obtain evidence.
The whole point of this is to prevent law enforcement from using illegal searches, by harshly preventing them from gaining any benefit from it. Parallel construction to hide illegal searches means that they can break the law and get away with it.
Are you arguing that illegal searches aren't inherently a problem in and of themselves? Or disagree that there should be limitations on what the state is allowed to do, with regard to searches? Because if not, it would seem that finding a way to bypass the primary enforcement method against them would be a problem.
Essentially: All DRBG's are subject to be broken by solving their primary algorithm(or an instance of their primary algorithm). They're deterministic, that is what deterministic means.
No, not at all. A properly designed one would not be broken by solving a single instance of it, otherwise encryption would be basically impossible. Being able to solve a single instance should not help you to solve a different instance of it. The point of a good encryption algorithm is that it can still be secure even if you know the algorithm completely. Algorithms that are designed to only work as long as they're secret are derisively referred to as Security through obscurity. Including NIST recommending against it:
Security through obscurity has never achieved engineering acceptance as an approach to securing a system, as it contradicts the principle of "keeping it simple". The United States National Institute of Standards and Technology (NIST) specifically recommends against security through obscurity in more than one document. Quoting from one, "System security should not depend on the secrecy of the implementation or its components."[1]
Essentially finding the backdoor does not necessarily get you access, you have to actually be able to break in the front door in order to get access to the backdoor so described.
No, finding or having the backdoor does get you access. What it was saying, is essentially: if you broke down the front door to a single house, you would be able to find the backdoor to every house.
WASHINGTON — The Justice Department for the first time has notified a criminal defendant that evidence being used against him came from a warrantless wiretap, a move that is expected to set up a Supreme Court test of whether such eavesdropping is constitutional.
The whole point of this is to prevent law enforcement from using illegal searches, by harshly preventing them from gaining any benefit from it. Parallel construction to hide illegal searches means that they can break the law and get away with it.
The Wikipedia article you posted cites Silverthorne Lumber Co. V. United States.
Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920), was a U.S. Supreme Court Case in which Silverthorne attempted to evade paying taxes. Federal agents illegally seized tax books from Silverthorne and created copies of the records. The issue in this case is whether or not derivatives of illegal evidence are permissible in court. The ruling was that to permit derivatives would encourage police to circumvent the Fourth Amendment, so the illegal copied evidence was held tainted and inadmissible. This precedent later became known as the "fruit of the poisonous tree doctrine,"[1] and is an extension of the exclusionary rule.
Fruit of a poisonous tree says that you can't steal documents illegally, make copies of those documents, and then admit those copies as separate evidence.
It does not say that anyone who's found to be guilty via potentially (but not confirmed) illegally obtained evidence is now immune from any future investigation, on the grounds that all future investigation is based on illegally obtained evidence of his guilt.
Are you arguing that illegal searches aren't inherently a problem in and of themselves?
Illegal searches are a problem. We remedy that problem by no admitting that evidence in court. We do not remedy the problem by making all victims immune from future investigation. If that were the case, then every crime boss in the country would hire a dirty cop to violate his fourth amendment rights, and then use that fourth amendment violation to dismiss all future charges.
No, finding or having the backdoor does get you access. What it was saying, is essentially: if you broke down the front door to a single house, you would be able to find the backdoor to every house.
Is there an actual source to back this up?
And a bit of new news:
Federal Prosecutors, in a Policy Shift, Cite Warrantless Wiretaps as Evidence
That's prosecutors trying to admit warrantless wiretaps from the Bush era, when the executive branch tried to argue that warrantless wiretaps were legal.
It's also unclear from the article whether they actually engaged in parallel construction, or if they actually tried to use warrantless wiretaps as part of the chain of evidence.
0
Options
jmcdonaldI voted, did you?DC(ish)Registered Userregular
Oh look. Its this thread again...
Let's summarize how this will likely go (again):
1. Lookit this shit! Can you believe this?
2. Uhhhhh. Yeah? Where have you been for the past 100 years?
3. Well this is inexcusable and it should be stopped!
4. K. Be that as it may, it certainly appears legal under current law. So you're going to have to get a bunch of folks who agree with you and start lobbying to get that done.
5. We shouldn't have to! Alternately: that's too hard
Why? That's like the perfect example of when you should REQUIRE parallel construction. As long as they can construct a fully legal chain of reasoning, what's the problem?
Hell, there's like 5 dozen episodes of Law and Order about this shit.
Fruit of the poisonous tree is a legal metaphor in the United States used to describe evidence that is obtained illegally.[1] The logic of the terminology is that if the source of the evidence or evidence itself (the "tree") is tainted, then anything gained from it (the "fruit") is tainted as well. The term fruit of the poisonous tree was first used in Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920).[2][3]
Such evidence is not generally admissible in court.[4] For example, if a police officer conducted an unconstitutional (Fourth Amendment) search of a home and obtained a key to a train station locker, and evidence of a crime came from the locker, that evidence would most likely be excluded under the fruit of the poisonous tree legal doctrine. The discovery of a witness is not evidence in itself because the witness is attenuated by separate interviews, in-court testimony and his or her own statements.
The doctrine is an extension of the exclusionary rule, which, subject to some exceptions, prevents evidence obtained in violation of the Fourth Amendment from being admitted in a criminal trial. Like the exclusionary rule, the fruit of the poisonous tree doctrine is intended to deter police from using illegal means to obtain evidence.
The whole point of this is to prevent law enforcement from using illegal searches, by harshly preventing them from gaining any benefit from it. Parallel construction to hide illegal searches means that they can break the law and get away with it.
Are you arguing that illegal searches aren't inherently a problem in and of themselves? Or disagree that there should be limitations on what the state is allowed to do, with regard to searches? Because if not, it would seem that finding a way to bypass the primary enforcement method against them would be a problem.
Wait, what? No-one is arguing that illegal searches aren't a problem, nor that their should be no limitations on what the state is allowed to do, with regard to searches.
There is a clearly defined process to searches - that is, if it involves a person's privacy then a court warrant is needed. This process is true even for parallel construction - if evidence is illegally obtained, and therefore that line of investigation deemed inadmissible under the Fruits of the Poisonous Tree doctrine, then a second line of investigation built on information that is either publicly available or gained through the warrant process is required.
The warrant process addresses your "limitations on what the state is allowed to do" question, and the Office of Inspector General addresses your "are illegal searches inherently a problem in and of themselves" question. The direct answers are "the state still needs to follow due process" and "yes", respectively (at least, as in the order that I presented the questions).
Parallel construction does not bypass the primary enforcement method against illegal searches. The two common arguments regarding parallel construction seen in previous versions of this thread are:
1 - "It weakens due process". Contrary to popular opinion, neither warrants nor probable cause to gain a warrant grow on trees (unless the probable cause IS a tree...) Just because a law enforcement officer "knows where to look" from an illegal search does not necessarily mean they can satisfy the requirements for a legal warrant search; the probable cause must still either be publicly available or gained from witness statements. While it is true that "anonymous tips" can be used to obtain a warrant, they are the exception rather the rule - in general, law enforcement officers must vouch for the reliability of both the information and the witness submitting the information. If a law enforcement individual or office systematically attempts to obtain warrants based on anonymous tips, they are likely to be subject to investigation. Which leads me to the second argument...
2 - "Law enforcement officers are incentivised to perform illegal searches to obtain convictions". While it's true that arrests and convictions play an important part in law enforcement careers, there are a number of disincentives as well. Chief among them being that if you are caught performing illegal searches or falsifying evidence to obtain a warrant, you face suspension, fines, loss of your job, or even civil or criminal prosecution. While it's true that if its thought that the infringement was unintentional or was believed to be legal (or was legislated as legal at the time of the investigation, such as with Patriot Act warrantless wiretaps) then the result is likely to be a slap on the wrist, the abovementioned Office of Inspector General takes a dim view of systematic 4th Amendment violations. And when it comes to internal auditing, even the NSA provides accounts of when its own investigations were found to have been improper or even unconstitutional. There may be a "boys club" for one officer covering up for another, but it is not systematic in the respect that internal audits still identify and take appropriate action for violations.
ETA: The one thing that isn't clear is if the subject of an illegal search is required to be notified that their 4th amendment rights were violated. Certainly in the Warrantless Wiretap article linked earlier the subjects weren't notified, but the sentiment seems to be trending towards notifying the subject in addition to taking internal action against the law enforcement officers involved.
4. K. Be that as it may, it certainly appears legal under current law. So you're going to have to get a bunch of folks who agree with you and start lobbying to get that done.
I see this a lot, and it never makes any sense. Whether or not the spying is "legal" is of little concern to me; history has demonstrated the government's ability to invent complex legalistic justifications for all sorts of horrible things. That said, aren't some of the legal justifications for the surveillance still secret? It's hard to say that it appears legal when the interpretations are classified.
The point of these threads is to attempt to reach some sort of agreement through debate, or at least to learn more about the issue at hand through discourse. You're engaging in some weird meta-discussion which is equally applicable to every single political debate on this forum, but for good reason is never brought up in any other thread. What would be your reaction if I went into every LGBT thread and posted "K, well gay marriage is still illegal in most states, so you're going to have to get a bunch of folks who agree with you and start lobbying to get that done." Pretty unhelpful, right?
0
Options
jmcdonaldI voted, did you?DC(ish)Registered Userregular
edited October 2013
The point is this. Arguing that past performance equals future results is not accurate. Additionally there is a method already in place for the changes you seek. So, if after this vigorous discussion you feel that the status quo is unacceptable go do something about it.
Until then this will continue to be a masturbatory exercise in futility.
No, finding or having the backdoor does get you access. What it was saying, is essentially: if you broke down the front door to a single house, you would be able to find the backdoor to every house.
Is there an actual source to back this up?
The presentation by Shumow and Ferguson (original source) or the articles by Schneier or Green, all of which were linked in this thread. Breaking down the front door in this case amounts to solving an elliptic curve discrete logarithm problem (or someone leaking the solution...), which gets you the e for which P=Q^e. This allows you to determine the internal state of any Dual_EC_DRBG instance using this P and Q with just 32 bytes of output, which allows you to predict all future outputs, completely and thoroughly breaking the PRNG.
The point is this. Arguing that past performance equals future results is not accurate. Additionally there is a method already in place for the changes you seek. So, if after this vigorous discussion you feel that the status quo is unacceptable go do something about it.
Until then this will continue to be a masturbatory exercise in futility.
By this logic, every single political discussion on this forum is a 'masturbatory exercise in futility,' so I'm not really sure why you post here if you see it that way.
I vote in primaries and harass the shit out of my elected representatives on both the state and federal level, and encourage others to do the same. I spent the better part of a year canvassing my state full-time for progressive causes; at this point I've talked with a large percentage of the state legislature and have gone door to door in most towns in Maine. I attend political rallies and protests for causes I support. I suppose you can criticize me for not running for office or not donating enough to political campaigns, but neither of those options are financially feasible for me. I also engage in political discussion on the internet because it is enjoyable and often informative.
Edit- From my perspective it looks as though you simply want to stifle discussion on this topic because it is at odds with your political agenda. Otherwise, why don't you make the same post in every thread?
One advantage to instituting surveillance programs and legislation in secret is that it changes the framing of the debate entirely. If the administration or some group of Senators had openly proposed, say, PRISM and phone record collection, proponents would have had to persuade others of the necessity and efficacy of such programs. When passed in secret, these laws and programs are debated in terms of whether or not they should be repealed/abolished, rather than whether or not they should be instituted. Opponents of the law are left attempting to prove beyond a shadow of a doubt that it is harmful, and defenders don't even have to defend the law on its merits.
If a surveillance apparatus of this scale is to be tolerated, proponents need to show that it is necessary or at least desirable, and that it is effective in its goals. I read most of the last thread and don't really feel that anyone did so, though it was pretty long so I may be mistaken.
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
Not really? The ACA is and has been a far more transparent phenomenon than the growth of NSA surveillance, and proponents of health care reform have clearly stated their case for necessity and desirability of government action.
edit- Honestly I'm not really seeing how the two relate
The short answer is "well we had that discussion and you lost"
Who is the "we" here? The Bush administration led that "discussion" after 9/11 and the ensuing propaganda whipped the nation into a frenzy. "We" (mostly left-wing Democrats at the time) lost, but in our opinion the merits of the PATRIOT Act were never adequately espoused. We lost on Afghanistan and Iraq too, and for similar reasons; unfortunately those decisions cannot be reversed.
And you can do that. Legislatively. The same way the argument was won the first time.
So are we in agreement then? I'm advocating a repeal of post-9/11 legislation enabling the expansion of US government surveillance.
OK, well is there any particular reason why you're advocating for that?
Because the more i keep reading about the issue the more i become convinced that the security apparatus which was in place before the Patriot act was insufficient to deal with the expanding space in which people operate.
Simply put, I am not comfortable creating a space in which the United States has no police authority. Prior to the provisions in the PATRIOT ACT which expanded wiretapping laws and the FISA courts to cover types of electronic surveillance which are not land line telephones we were most definitely in such a space for sophisticated enough users. Without said updating we would almost assuredly be in a space today where the vast majority of the population had the sophistication to carry out whatever illegal activities they wanted and leave the evidence for this in an effectively unsearchable space. As I understand
This is especially problematic when we are talking about the national security apparatus because we expect the people that we have to work against will be more sophisticated in general. I don't find that the additional metadata searches (roughly equivalent to noting who comes/goes from a particular location and making a list of known acquaintances) are either particularly invasive or threatening with regards to some theoretical Orwellian state
In theory, I am comfortable creating a space in which the US has no police authority. In order for me to be uncomfortable with this, I have to be convinced that that space is being used or is very likely to be used to endanger my person or other people, and that giving police authority over that space will be a significant impediment to such endangerment. The rationale for police patrolling neighborhoods is not that a neighborhood without police is bad in and of itself, but that, without police, worse evils like murder and theft will become rampant.
The collection of phone metadata works fine as an example case. If the government did not have the technical or legal ability to acquire such data from cell phone corporations, would my life or the lives of others be in danger to an appreciably greater degree? Has this capability been demonstrated to significantly make us safer and to be worth the expense and possibilities for abuse?
I disagree with the notion that government access to data on people's locations/movement and who they associate with is not invasive or potentially threatening. You don't think access to such information would make it easier to crack down on the activities of, say, radical labor unions, environmentalist groups, or anti-war movements? How about Muslims in general? The NYPD has already demonstrated its willingness to hold Muslim-Americans to a highly invasive degree of surveillance, and IIRC was coordinating such efforts with the federal government. Most of this applies fairly well to PRISM as well.
When we're discussing these programs in the context of a country which imprisons a higher percentage of its population than any other nation for which data is available, and whose justice system is notoriously biased against racial minorities and the poor, a higher degree of skepticism is warranted when the state attempts to expand its police abilities. I'm not opposed to the expansion of surveillance on the grounds that our government may one day become oppressive, but because it historically has been and currently is oppressive, with minorities disproportionately bearing the brunt of that oppression.
It does not say that anyone who's found to be guilty via potentially (but not confirmed) illegally obtained evidence is now immune from any future investigation, on the grounds that all future investigation is based on illegally obtained evidence of his guilt.
I didn't say that it was, nor that it should be that way. What I'm saying is specifically related to this:
Illegal searches are a problem. We remedy that problem by no admitting that evidence in court.
I'm arguing that it does not remedy the problem, as evidenced by parallel construction to hide illegal searches. Basically, it's harder to find that someone, somewhere has done something, then it is to find a legal route by which to verify that a specific individual has done something specific. As long as that's true, there will still exist a benefit to using illegal searches. As a result, just not admitting illegal evidence in court, while parallel construction exists, is insufficient to deter it alone.
+1
Options
jmcdonaldI voted, did you?DC(ish)Registered Userregular
The point is this. Arguing that past performance equals future results is not accurate. Additionally there is a method already in place for the changes you seek. So, if after this vigorous discussion you feel that the status quo is unacceptable go do something about it.
Until then this will continue to be a masturbatory exercise in futility.
Edit- From my perspective it looks as though you simply want to stifle discussion on this topic because it is at odds with your political agenda. Otherwise, why don't you make the same post in every thread?
I'm not, I'm talking about why any such hypothetical weakness would be a really fucking stupid idea. Again, something that is costly but practical for a government to exploit today is going to be feasible to exploit for a lot of other entities within a few years. You are also making the false assumption that a potential attacker (China, Russia...) isn't going to be able to dedicate similar resources to the attack even now. There is no possible scenario where a backdoor would be practical for the US government but impossible to exploit for anyone else. Which is why backdoors are stupid.
Jesus, and this is why I can't participate in these threads. Lets spend our time arguing about legal and technical minutiae which we clearly don't understand (as evidenced by this reply), while constantly obfuscating real discussion about the various concerns people may have with the NSA spying on [subject of the week].
Xrdd wants me to care about this awful back door that any foreign hacker could supposedly exploit, but he can't actually tell me the nature of this backdoor or how much time and computing power it would take to exploit this backdoor, or how much inside knowledge they would require before they even knew where to look for a potential backdoor.
Instead, all he's really said is that mathematically, it might be possible. Which is technically true, but pretty much useless for the sake of the discussion.
The XKCD comic is amusing because it goes over this delusion that encryption needs to be absolutely unbreakable, even to people who are willing to invest in multi-million dollar clusters. Which, let's face it, the NSA is not going to bother with just for the sake of hacking your twitter account or whatever.
It's also relevant in response to the comments of, "I'm sure the Chinese can find and exploit this backdoor, since big companies get hacked all the time!" When big companies get hacked, it's usually some sort of failure at the human level. Hence, $5 wrench.
So you demand Xrdd to give you technical details about secret backdoors placed in software, while admitting you know nothing at all about the subject and are completely unable to parse the technical details that you ask for.
You say most errors occur at the human level, as though this somehow means that cryptography isn't important. That these backdoors aren't a big deal after all, because most problems are at the human level, right? It must be true, you read an xkcd comic about it.
Obfuscate, obfuscate, obfuscate. You demand minutiae about top secret programs buried in laws a mile long. How in the world is anyone here going to know the computing power required to exploit a backdoor in cryptographic software? Without these minutiae, there can be no valid arguments, which means the status-quo is and must be acceptable. Which is why this thread and its previous iteration are jokes.
Instead of demanding information from others, try reading a book on the subject. You'll learn stuff.
It does not say that anyone who's found to be guilty via potentially (but not confirmed) illegally obtained evidence is now immune from any future investigation, on the grounds that all future investigation is based on illegally obtained evidence of his guilt.
I didn't say that it was, nor that it should be that way. What I'm saying is specifically related to this:
Illegal searches are a problem. We remedy that problem by no admitting that evidence in court.
I'm arguing that it does not remedy the problem, as evidenced by parallel construction to hide illegal searches. Basically, it's harder to find that someone, somewhere has done something, then it is to find a legal route by which to verify that a specific individual has done something specific. As long as that's true, there will still exist a benefit to using illegal searches. As a result, just not admitting illegal evidence in court, while parallel construction exists, is insufficient to deter it alone.
To be clear, parallel construction does not "hide" illegal searches - it provides an alternative line of investigation that can be used for prosecution. The illegal search can still prompt an internal investigation - just because that evidence is inadmissable in court does not mean a blind eye is turned to the fact that rights were infringed. As I mentioned above the obligation for law enforcement to inform subjects of illegal searches is not clear, but the Warrantless Wiretap link indicates that at least some of the subjects are informed - making the "hiding" term even less applicable.
The point is this. Arguing that past performance equals future results is not accurate. Additionally there is a method already in place for the changes you seek. So, if after this vigorous discussion you feel that the status quo is unacceptable go do something about it.
Until then this will continue to be a masturbatory exercise in futility.
Edit- From my perspective it looks as though you simply want to stifle discussion on this topic because it is at odds with your political agenda. Otherwise, why don't you make the same post in every thread?
Hey, look. Number six!
That doesn't actually refute the accusation. I think it's pretty telling you chose not to respond to the substance of Kaputa's post, though.
+2
Options
jmcdonaldI voted, did you?DC(ish)Registered Userregular
The point is this. Arguing that past performance equals future results is not accurate. Additionally there is a method already in place for the changes you seek. So, if after this vigorous discussion you feel that the status quo is unacceptable go do something about it.
Until then this will continue to be a masturbatory exercise in futility.
Edit- From my perspective it looks as though you simply want to stifle discussion on this topic because it is at odds with your political agenda. Otherwise, why don't you make the same post in every thread?
Hey, look. Number six!
That doesn't actually refute the accusation. I think it's pretty telling you chose not to respond to the substance of Kaputa's post, though.
There's nothing to refute. These discussions are never about how to fix the perceived issues. They are always about why one sides opinion is wrong and the other sides opinion is correct.
Good for Kaputa getting involved. Having said that, perhaps the reason he's not seeing any success is because the general populace doesn't share his opinion!
I'm not, I'm talking about why any such hypothetical weakness would be a really fucking stupid idea. Again, something that is costly but practical for a government to exploit today is going to be feasible to exploit for a lot of other entities within a few years. You are also making the false assumption that a potential attacker (China, Russia...) isn't going to be able to dedicate similar resources to the attack even now. There is no possible scenario where a backdoor would be practical for the US government but impossible to exploit for anyone else. Which is why backdoors are stupid.
Jesus, and this is why I can't participate in these threads. Lets spend our time arguing about legal and technical minutiae which we clearly don't understand (as evidenced by this reply), while constantly obfuscating real discussion about the various concerns people may have with the NSA spying on [subject of the week].
Xrdd wants me to care about this awful back door that any foreign hacker could supposedly exploit, but he can't actually tell me the nature of this backdoor or how much time and computing power it would take to exploit this backdoor, or how much inside knowledge they would require before they even knew where to look for a potential backdoor.
Instead, all he's really said is that mathematically, it might be possible. Which is technically true, but pretty much useless for the sake of the discussion.
The XKCD comic is amusing because it goes over this delusion that encryption needs to be absolutely unbreakable, even to people who are willing to invest in multi-million dollar clusters. Which, let's face it, the NSA is not going to bother with just for the sake of hacking your twitter account or whatever.
It's also relevant in response to the comments of, "I'm sure the Chinese can find and exploit this backdoor, since big companies get hacked all the time!" When big companies get hacked, it's usually some sort of failure at the human level. Hence, $5 wrench.
So you demand Xrdd to give you technical details about secret backdoors placed in software, while admitting you know nothing at all about the subject and are completely unable to parse the technical details that you ask for.
Any policy change advocacy will have to go through congress, which means being able to translate these ideas to plain English and putting them into some sort of meaningful perspective. If you can't do that, then that's a failure on your part.
Suppose a libertarian automaker insists that government standards have made cars less secure and less safe. How does the government respond? Well, chances are, they would ask for these safety concerns to be put in perspective, in real world terms.
You say most errors occur at the human level, as though this somehow means that cryptography isn't important. That these backdoors aren't a big deal after all, because most problems are at the human level, right? It must be true, you read an xkcd comic about it.
Look at the bitcoining world, where you have a lot of crypto nerds absolutely convinced that they have the most secure form of currency ever known to man. That doesn't stop them from getting ripped off and scammed on a regular basis, however.
Obfuscate, obfuscate, obfuscate. You demand minutiae about top secret programs buried in laws a mile long. How in the world is anyone here going to know the computing power required to exploit a backdoor in cryptographic software? Without these minutiae, there can be no valid arguments, which means the status-quo is and must be acceptable. Which is why this thread and its previous iteration are jokes.
You're trying to argue a point on an unknown unknown.
How exactly does someone refute an unknown unknown in meaningful discussion?
Instead of demanding information from others, try reading a book on the subject. You'll learn stuff.
This might be a valid point if Xrdd's position was generally uncontroversial within the field. However, we seem to have a lot of people in this thread who are familiar with the math who insist, "No, dude, that's not what the math implies." So how do I know who to believe?
It should be noted that this isn't a cryptography thread. This isn't a math thread. It's a thread on general surveillance policy.
This is all crap from Merkel because it plays well with a whole bunch of people who don't realize they don't actually understand the basis of nations existing, or international politics, or even the idea that countries aren't people.
It is exactly the type of outrage you get from people who don't realize they're going outside of their field of expertise - it's a whole bunch of people thinking "international politics is just talking, I know how to do that".
Spying on foreign leaders is exactly what the NSA exists for, and you know, was what the British did at the WTC conference (and you know, also what everyone else who didn't get caught and disclosed in the Snowden infodump).
This is all being argued in bad faith: there's a group of people who want no intelligence agencies to exist. This is why this is getting any traction because it's pretty clear that it's got nothing to do with domestic spying, and a lot to do with any spying. It's pretty apparent that most of them have no idea what the status quo is, and give precisely zero thought to why it's like that - i.e. "they spied on Congress" - well, you know, except that Congress's emails would already be audited and stored by the Secret Service and probably a few other agencies for the precise purpose of accountability.
ITT audit trail = spying.
I think it's probably a good time to mention that if it were a Republican president routinely violating sovereignty to carry out targeted assassinations with orders coming directly from the President, engaging in a massive domestic spying program and lying about it to Congress and the American people...
well you'd have... a response from the left that isn't justification and apology. I remember what that looked like!
+1
Options
jmcdonaldI voted, did you?DC(ish)Registered Userregular
1. Not one person has defended the administration here. The chip on your shoulder is showing.
2. This is not "A separate goddamned thread for your argument about drone strikes." That would be a good thread. Go make one if you'd like to discuss it.
3. Please stop with the false dichotomy. Bush's illegal wiretapping was just that. Illegal. Nothing shown in any of the multiple iterations of this thread has been shown to be illegal.
Why? That's like the perfect example of when you should REQUIRE parallel construction. As long as they can construct a fully legal chain of reasoning, what's the problem?
Hell, there's like 5 dozen episodes of Law and Order about this shit.
Fruit of the poisonous tree is a legal metaphor in the United States used to describe evidence that is obtained illegally.[1] The logic of the terminology is that if the source of the evidence or evidence itself (the "tree") is tainted, then anything gained from it (the "fruit") is tainted as well. The term fruit of the poisonous tree was first used in Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920).[2][3]
Such evidence is not generally admissible in court.[4] For example, if a police officer conducted an unconstitutional (Fourth Amendment) search of a home and obtained a key to a train station locker, and evidence of a crime came from the locker, that evidence would most likely be excluded under the fruit of the poisonous tree legal doctrine. The discovery of a witness is not evidence in itself because the witness is attenuated by separate interviews, in-court testimony and his or her own statements.
The doctrine is an extension of the exclusionary rule, which, subject to some exceptions, prevents evidence obtained in violation of the Fourth Amendment from being admitted in a criminal trial. Like the exclusionary rule, the fruit of the poisonous tree doctrine is intended to deter police from using illegal means to obtain evidence.
The whole point of this is to prevent law enforcement from using illegal searches, by harshly preventing them from gaining any benefit from it. Parallel construction to hide illegal searches means that they can break the law and get away with it.
Are you arguing that illegal searches aren't inherently a problem in and of themselves? Or disagree that there should be limitations on what the state is allowed to do, with regard to searches? Because if not, it would seem that finding a way to bypass the primary enforcement method against them would be a problem.
Wait, what? No-one is arguing that illegal searches aren't a problem, nor that their should be no limitations on what the state is allowed to do, with regard to searches.
There is a clearly defined process to searches - that is, if it involves a person's privacy then a court warrant is needed. This process is true even for parallel construction - if evidence is illegally obtained, and therefore that line of investigation deemed inadmissible under the Fruits of the Poisonous Tree doctrine, then a second line of investigation built on information that is either publicly available or gained through the warrant process is required.
The warrant process addresses your "limitations on what the state is allowed to do" question, and the Office of Inspector General addresses your "are illegal searches inherently a problem in and of themselves" question. The direct answers are "the state still needs to follow due process" and "yes", respectively (at least, as in the order that I presented the questions).
Parallel construction does not bypass the primary enforcement method against illegal searches. The two common arguments regarding parallel construction seen in previous versions of this thread are:
1 - "It weakens due process". Contrary to popular opinion, neither warrants nor probable cause to gain a warrant grow on trees (unless the probable cause IS a tree...) Just because a law enforcement officer "knows where to look" from an illegal search does not necessarily mean they can satisfy the requirements for a legal warrant search; the probable cause must still either be publicly available or gained from witness statements. While it is true that "anonymous tips" can be used to obtain a warrant, they are the exception rather the rule - in general, law enforcement officers must vouch for the reliability of both the information and the witness submitting the information. If a law enforcement individual or office systematically attempts to obtain warrants based on anonymous tips, they are likely to be subject to investigation. Which leads me to the second argument...
2 - "Law enforcement officers are incentivised to perform illegal searches to obtain convictions". While it's true that arrests and convictions play an important part in law enforcement careers, there are a number of disincentives as well. Chief among them being that if you are caught performing illegal searches or falsifying evidence to obtain a warrant, you face suspension, fines, loss of your job, or even civil or criminal prosecution. While it's true that if its thought that the infringement was unintentional or was believed to be legal (or was legislated as legal at the time of the investigation, such as with Patriot Act warrantless wiretaps) then the result is likely to be a slap on the wrist, the abovementioned Office of Inspector General takes a dim view of systematic 4th Amendment violations. And when it comes to internal auditing, even the NSA provides accounts of when its own investigations were found to have been improper or even unconstitutional. There may be a "boys club" for one officer covering up for another, but it is not systematic in the respect that internal audits still identify and take appropriate action for violations.
ETA: The one thing that isn't clear is if the subject of an illegal search is required to be notified that their 4th amendment rights were violated. Certainly in the Warrantless Wiretap article linked earlier the subjects weren't notified, but the sentiment seems to be trending towards notifying the subject in addition to taking internal action against the law enforcement officers involved.
Um... yes, it does. That's the entire point of it.
Fruit of the poisonous tree basically means that warrantless wiretaps, and all evidence obtained directly as a result of them (that wouldn't have been found but for them) is inadmissable in court.
When the NSA dials the DEA and says "so and so will have drugs in their truck at 10:00 PM tomorrow on highway such and such", and the DEA performs a "random" stop and "just happens" to discover drugs, that evidence would normally be suppressed under the doctrine, because the stop would not have happened but for illegally obtained evidence. Any evidence obtained from warrants as a result of the stop is suppressed, because it would not have been obtained but for the stop, which has been suppressed under the 4th. This could easily destroy a case altogether, and possibly result in a criminal walking free under double jeopardy.
Parallel construction is performed for the sole purpose of lying to the court and the defense about where evidence came from. There is no conceivable reason to construct a fictitious account of what led you to make a search or justified a warrant other than to conceal the truth, and no reason to conceal the truth other than that the truth will harm you. The only ways the truth can harm you are either by revealing sources (irrelevant, the FBI has used moles and defectors for decades), technology (unless the NSA has actually broken RSA or something, there's no damage to be done here), or it would lead to evidence suppression. Logically, there is thus no reason for parallel construction aside from the fear that the truth will destroy the case.
The NSA has a history of avoiding any court scrutiny of the legality of its actions and then claiming they are justified by laws. This in itself is appalling. Parallel construction is just more of the same crap.
Also the people protesting and defending this are both differing groups of liberals. It is this forum, after all.
I don't really participate in these threads anymore because there aren't new arguments and Feral says what I would anyway. I do think the people defending NSA are overly curt and dismissive in these threads though, and that bothers me.
Self-righteousness is incompatible with coalition building.
Posts
And this is the sort of logic that resulted in a 24 billion dollar government shut down earlier this month.
edit- Honestly I'm not really seeing how the two relate
The short answer is "well we had that discussion and you lost"
But i would suppose the answer is that, as far as i can tell the current security apparatus is pretty decent
Also currently under question:
1) Benghazi.
2) Why did we close up the Veterans memorial during the government shutdown?
3) The Voting Rights Act.
Really? You want people to judge the right amount of funding based on feeling?
The PATRIOT Act is a big, big law.
List specific provisions for meaningful discussion.
Everything people talk about has been around for awhile now and if not passed openly (I think the NSA was organized secretly originally) has at least been public since the beginning or for decades now.
So much of the current debate is sound and fury and nothing else. It's gobbledeegook about things we already knew, but now phrased more alarmingly. The impetus to it (Greenwald and Snowden largely) counted on that. The way the story developed and the things that were released long ago showed this was about forwarding an anti-surveillance political position, not any sort of illegal activity. It's just dressed up as scary bad "illegal" activity because that's the only way they can sell the political agenda.
If you don't believe that, just look at the outrage over the US government spying on foreigners. Think about what the complaint is for a second and then ask your what you thought the NSA was for? What do you think it's been doing for the past few decades?
This is painfully nit-picky, "judge" or "believe" would work in place of "feel" if it bothers you that much.
No, the burden of proof is on you. I'm fine with government surveillance being reverted to its Clinton administration levels; if you think a greater degree of surveillance is necessary or desirable, and that the PATRIOT Act should not be repealed in full, then you need to tell us which parts are worthwhile and why.
I'm pointing out that simply pointing out that we should be concerned on the grounds that something is currently being questioned is a massive fallacy. It's the same fallacy creationists use when they insist "Oh, there are scientists who question evolution."
It's not enough to point out that something is being questioned. You have to present an actual argument.
Give us specific examples of where you think spending should be cut. Otherwise, it's impossible for anyone to make an educated judgement.
You're line of reasoning is identical to the shutdown argument. "Oh, government spends too much and taxes too much based on my completely arbitrary assessment of how much too much is."
This is silly.
It would be equivalent to me asking, "Do you agree with the constitution?" And then if you say yes, I challenge you to defend every sentence and every line, insisting that the burden of proof is on you to defend every line as valid. Because if you don't, then it means that you don't really believe in the constitution.
If you have us to discuss your specific objections to the PATRIOT Act, then tell us your specific objections. You can't expect us to be mind readers.
This was true the first time the PATRIOT Act was signed.
It's since been revised and renewed.
There's nothing stopping you from espousing your objections right now.
And you can do that. Legislatively. The same way the argument was won the first time.
Other people can use this backdoor just as soon as they get access to the missing "key". Of course, this is impossible since no one has ever sold or publicized secret information.
...and the NIST standard includes a fixed Q and doesn't require dropping >16 bits, which is why it's broken. Is that so hard to understand?
EDIT: Just a few posts above you tried to argue that Dual_EC_DRBG with a fixed Q and without dropping enough bits behaved just like all PRNGs. Make up your mind.
Missing my point. Schrodinger was talking about "letting other countries have access" to crypto stuff etc. I pointed out that, since the US government doesn't own or control or came up with the underlying algorithms, and people are capable of coming up with this stuff on their own, they are in no position to do that. Giving people a credible reason not to trust AES or SHA-3 or whatever would just mean that they would come up with a different standard. That's a big part of the reason why introducing backdoors in widely used NIST standards would be so stupid, which is what I've been saying the whole time.
FFS, I don't want you to care about any backdoor, I pointed out to you why any hypothetical backdoor is a really dumb idea. I'm also not responding to you any more, since we are apparently doing this thing again where you don't understand the discussion you are participating in and ignore the content of my responses to you.
OK, well is there any particular reason why you're advocating for that?
Because the more i keep reading about the issue the more i become convinced that the security apparatus which was in place before the Patriot act was insufficient to deal with the expanding space in which people operate.
Simply put, I am not comfortable creating a space in which the United States has no police authority. Prior to the provisions in the PATRIOT ACT which expanded wiretapping laws and the FISA courts to cover types of electronic surveillance which are not land line telephones we were most definitely in such a space for sophisticated enough users. Without said updating we would almost assuredly be in a space today where the vast majority of the population had the sophistication to carry out whatever illegal activities they wanted and leave the evidence for this in an effectively unsearchable space. As I understand
This is especially problematic when we are talking about the national security apparatus because we expect the people that we have to work against will be more sophisticated in general. I don't find that the additional metadata searches (roughly equivalent to noting who comes/goes from a particular location and making a list of known acquaintances) are either particularly invasive or threatening with regards to some theoretical Orwellian state
http://www.gpo.gov/fdsys/pkg/BILLS-109hr3199enr/pdf/BILLS-109hr3199enr.pdf
Is there objectionable material buried in there somewhere? Probably.
But if you don't cite specifics, then there's really no discussion.
Yes as soon as you have the private key its amazingly easy to break encryption. They still have to get the key first and that seems to be particularly hard because the crypto's who found this bug in 2007 would have almost assuredly published finding such a breach.
Getting access to the key is mathematically very difficult in this case. It is very easy if the next Snowden decides to walk out the door with it. Are you seriously arguing that the fixed Q, insecure version of Dual_EC_DRBG should be part of the standard?
In general, if someone wants my private key in asymmetric crypto stuff, he has to get it from me and can compromise me. This is fundamentally different, as a PRNG isn't asymmetric crypto, the "private key" in this case is held by someone else and someone who gets it can compromise anyone who uses the fixed Q. In a secure implementation, with a random Q, no one has it in the first place. That's why a standard that allows a fixed Q is broken (also, Dual_EC_DRBG sucks as a PRNG).
Yes, in this case if someone wants your private key in asymmetric crypto they can simply compromise the NSA instead of you(supposing that the NSA generated the constants in such a way as to let them do this). Congratulations you've identified an amazingly efficient line of attack!
It is also the case that all three of the other methods published in the NIST dispatch which this is in are subject to the same type of attack. That is, if you know the start value you use for your cypher based generation then you're done
You are being incredibly silly now. Someone leaks the key, everyone who uses the fixed Q version is screwed. There is no reason for that shit to be part of the standard.
The second part of your post is just wrong, you seem to be confusing constants used in the PRNG for the seed. They're not the same thing. Not even Dual_EC_DRBG is subject to this type of attack if you use a random Q. You keep claiming that this vulnerability is a normal part of how PRNGs work. It absolutely isn't, and in claiming otherwise, you are either still misunderstanding the attack or deliberately trying to mislead people.
Are you arguing that illegal searches aren't inherently a problem in and of themselves? Or disagree that there should be limitations on what the state is allowed to do, with regard to searches? Because if not, it would seem that finding a way to bypass the primary enforcement method against them would be a problem.
No, not at all. A properly designed one would not be broken by solving a single instance of it, otherwise encryption would be basically impossible. Being able to solve a single instance should not help you to solve a different instance of it. The point of a good encryption algorithm is that it can still be secure even if you know the algorithm completely. Algorithms that are designed to only work as long as they're secret are derisively referred to as Security through obscurity. Including NIST recommending against it: No, finding or having the backdoor does get you access. What it was saying, is essentially: if you broke down the front door to a single house, you would be able to find the backdoor to every house.
And a bit of new news:
Federal Prosecutors, in a Policy Shift, Cite Warrantless Wiretaps as Evidence
The Wikipedia article you posted cites Silverthorne Lumber Co. V. United States.
Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920), was a U.S. Supreme Court Case in which Silverthorne attempted to evade paying taxes. Federal agents illegally seized tax books from Silverthorne and created copies of the records. The issue in this case is whether or not derivatives of illegal evidence are permissible in court. The ruling was that to permit derivatives would encourage police to circumvent the Fourth Amendment, so the illegal copied evidence was held tainted and inadmissible. This precedent later became known as the "fruit of the poisonous tree doctrine,"[1] and is an extension of the exclusionary rule.
Fruit of a poisonous tree says that you can't steal documents illegally, make copies of those documents, and then admit those copies as separate evidence.
It does not say that anyone who's found to be guilty via potentially (but not confirmed) illegally obtained evidence is now immune from any future investigation, on the grounds that all future investigation is based on illegally obtained evidence of his guilt.
Illegal searches are a problem. We remedy that problem by no admitting that evidence in court. We do not remedy the problem by making all victims immune from future investigation. If that were the case, then every crime boss in the country would hire a dirty cop to violate his fourth amendment rights, and then use that fourth amendment violation to dismiss all future charges.
Is there an actual source to back this up?
That's prosecutors trying to admit warrantless wiretaps from the Bush era, when the executive branch tried to argue that warrantless wiretaps were legal.
It's also unclear from the article whether they actually engaged in parallel construction, or if they actually tried to use warrantless wiretaps as part of the chain of evidence.
Let's summarize how this will likely go (again):
1. Lookit this shit! Can you believe this?
2. Uhhhhh. Yeah? Where have you been for the past 100 years?
3. Well this is inexcusable and it should be stopped!
4. K. Be that as it may, it certainly appears legal under current law. So you're going to have to get a bunch of folks who agree with you and start lobbying to get that done.
5. We shouldn't have to! Alternately: that's too hard
6. Multiple accusations of arguing in bad faith.
7. Repeat Ad Nauseum
There is a clearly defined process to searches - that is, if it involves a person's privacy then a court warrant is needed. This process is true even for parallel construction - if evidence is illegally obtained, and therefore that line of investigation deemed inadmissible under the Fruits of the Poisonous Tree doctrine, then a second line of investigation built on information that is either publicly available or gained through the warrant process is required.
The warrant process addresses your "limitations on what the state is allowed to do" question, and the Office of Inspector General addresses your "are illegal searches inherently a problem in and of themselves" question. The direct answers are "the state still needs to follow due process" and "yes", respectively (at least, as in the order that I presented the questions).
Parallel construction does not bypass the primary enforcement method against illegal searches. The two common arguments regarding parallel construction seen in previous versions of this thread are:
1 - "It weakens due process". Contrary to popular opinion, neither warrants nor probable cause to gain a warrant grow on trees (unless the probable cause IS a tree...) Just because a law enforcement officer "knows where to look" from an illegal search does not necessarily mean they can satisfy the requirements for a legal warrant search; the probable cause must still either be publicly available or gained from witness statements. While it is true that "anonymous tips" can be used to obtain a warrant, they are the exception rather the rule - in general, law enforcement officers must vouch for the reliability of both the information and the witness submitting the information. If a law enforcement individual or office systematically attempts to obtain warrants based on anonymous tips, they are likely to be subject to investigation. Which leads me to the second argument...
2 - "Law enforcement officers are incentivised to perform illegal searches to obtain convictions". While it's true that arrests and convictions play an important part in law enforcement careers, there are a number of disincentives as well. Chief among them being that if you are caught performing illegal searches or falsifying evidence to obtain a warrant, you face suspension, fines, loss of your job, or even civil or criminal prosecution. While it's true that if its thought that the infringement was unintentional or was believed to be legal (or was legislated as legal at the time of the investigation, such as with Patriot Act warrantless wiretaps) then the result is likely to be a slap on the wrist, the abovementioned Office of Inspector General takes a dim view of systematic 4th Amendment violations. And when it comes to internal auditing, even the NSA provides accounts of when its own investigations were found to have been improper or even unconstitutional. There may be a "boys club" for one officer covering up for another, but it is not systematic in the respect that internal audits still identify and take appropriate action for violations.
ETA: The one thing that isn't clear is if the subject of an illegal search is required to be notified that their 4th amendment rights were violated. Certainly in the Warrantless Wiretap article linked earlier the subjects weren't notified, but the sentiment seems to be trending towards notifying the subject in addition to taking internal action against the law enforcement officers involved.
The point of these threads is to attempt to reach some sort of agreement through debate, or at least to learn more about the issue at hand through discourse. You're engaging in some weird meta-discussion which is equally applicable to every single political debate on this forum, but for good reason is never brought up in any other thread. What would be your reaction if I went into every LGBT thread and posted "K, well gay marriage is still illegal in most states, so you're going to have to get a bunch of folks who agree with you and start lobbying to get that done." Pretty unhelpful, right?
Until then this will continue to be a masturbatory exercise in futility.
edit:
Or, see number five!
The presentation by Shumow and Ferguson (original source) or the articles by Schneier or Green, all of which were linked in this thread. Breaking down the front door in this case amounts to solving an elliptic curve discrete logarithm problem (or someone leaking the solution...), which gets you the e for which P=Q^e. This allows you to determine the internal state of any Dual_EC_DRBG instance using this P and Q with just 32 bytes of output, which allows you to predict all future outputs, completely and thoroughly breaking the PRNG.
I vote in primaries and harass the shit out of my elected representatives on both the state and federal level, and encourage others to do the same. I spent the better part of a year canvassing my state full-time for progressive causes; at this point I've talked with a large percentage of the state legislature and have gone door to door in most towns in Maine. I attend political rallies and protests for causes I support. I suppose you can criticize me for not running for office or not donating enough to political campaigns, but neither of those options are financially feasible for me. I also engage in political discussion on the internet because it is enjoyable and often informative.
Edit- From my perspective it looks as though you simply want to stifle discussion on this topic because it is at odds with your political agenda. Otherwise, why don't you make the same post in every thread?
The collection of phone metadata works fine as an example case. If the government did not have the technical or legal ability to acquire such data from cell phone corporations, would my life or the lives of others be in danger to an appreciably greater degree? Has this capability been demonstrated to significantly make us safer and to be worth the expense and possibilities for abuse?
I disagree with the notion that government access to data on people's locations/movement and who they associate with is not invasive or potentially threatening. You don't think access to such information would make it easier to crack down on the activities of, say, radical labor unions, environmentalist groups, or anti-war movements? How about Muslims in general? The NYPD has already demonstrated its willingness to hold Muslim-Americans to a highly invasive degree of surveillance, and IIRC was coordinating such efforts with the federal government. Most of this applies fairly well to PRISM as well.
When we're discussing these programs in the context of a country which imprisons a higher percentage of its population than any other nation for which data is available, and whose justice system is notoriously biased against racial minorities and the poor, a higher degree of skepticism is warranted when the state attempts to expand its police abilities. I'm not opposed to the expansion of surveillance on the grounds that our government may one day become oppressive, but because it historically has been and currently is oppressive, with minorities disproportionately bearing the brunt of that oppression.
Hey, look. Number six!
So you demand Xrdd to give you technical details about secret backdoors placed in software, while admitting you know nothing at all about the subject and are completely unable to parse the technical details that you ask for.
You say most errors occur at the human level, as though this somehow means that cryptography isn't important. That these backdoors aren't a big deal after all, because most problems are at the human level, right? It must be true, you read an xkcd comic about it.
Obfuscate, obfuscate, obfuscate. You demand minutiae about top secret programs buried in laws a mile long. How in the world is anyone here going to know the computing power required to exploit a backdoor in cryptographic software? Without these minutiae, there can be no valid arguments, which means the status-quo is and must be acceptable. Which is why this thread and its previous iteration are jokes.
Instead of demanding information from others, try reading a book on the subject. You'll learn stuff.
That doesn't actually refute the accusation. I think it's pretty telling you chose not to respond to the substance of Kaputa's post, though.
There's nothing to refute. These discussions are never about how to fix the perceived issues. They are always about why one sides opinion is wrong and the other sides opinion is correct.
Good for Kaputa getting involved. Having said that, perhaps the reason he's not seeing any success is because the general populace doesn't share his opinion!
Any policy change advocacy will have to go through congress, which means being able to translate these ideas to plain English and putting them into some sort of meaningful perspective. If you can't do that, then that's a failure on your part.
Suppose a libertarian automaker insists that government standards have made cars less secure and less safe. How does the government respond? Well, chances are, they would ask for these safety concerns to be put in perspective, in real world terms.
Look at the bitcoining world, where you have a lot of crypto nerds absolutely convinced that they have the most secure form of currency ever known to man. That doesn't stop them from getting ripped off and scammed on a regular basis, however.
You're trying to argue a point on an unknown unknown.
How exactly does someone refute an unknown unknown in meaningful discussion?
This might be a valid point if Xrdd's position was generally uncontroversial within the field. However, we seem to have a lot of people in this thread who are familiar with the math who insist, "No, dude, that's not what the math implies." So how do I know who to believe?
It should be noted that this isn't a cryptography thread. This isn't a math thread. It's a thread on general surveillance policy.
ITT audit trail = spying.
I think it's probably a good time to mention that if it were a Republican president routinely violating sovereignty to carry out targeted assassinations with orders coming directly from the President, engaging in a massive domestic spying program and lying about it to Congress and the American people...
well you'd have... a response from the left that isn't justification and apology. I remember what that looked like!
2. This is not "A separate goddamned thread for your argument about drone strikes." That would be a good thread. Go make one if you'd like to discuss it.
3. Please stop with the false dichotomy. Bush's illegal wiretapping was just that. Illegal. Nothing shown in any of the multiple iterations of this thread has been shown to be illegal.
Um... yes, it does. That's the entire point of it.
Fruit of the poisonous tree basically means that warrantless wiretaps, and all evidence obtained directly as a result of them (that wouldn't have been found but for them) is inadmissable in court.
When the NSA dials the DEA and says "so and so will have drugs in their truck at 10:00 PM tomorrow on highway such and such", and the DEA performs a "random" stop and "just happens" to discover drugs, that evidence would normally be suppressed under the doctrine, because the stop would not have happened but for illegally obtained evidence. Any evidence obtained from warrants as a result of the stop is suppressed, because it would not have been obtained but for the stop, which has been suppressed under the 4th. This could easily destroy a case altogether, and possibly result in a criminal walking free under double jeopardy.
Parallel construction is performed for the sole purpose of lying to the court and the defense about where evidence came from. There is no conceivable reason to construct a fictitious account of what led you to make a search or justified a warrant other than to conceal the truth, and no reason to conceal the truth other than that the truth will harm you. The only ways the truth can harm you are either by revealing sources (irrelevant, the FBI has used moles and defectors for decades), technology (unless the NSA has actually broken RSA or something, there's no damage to be done here), or it would lead to evidence suppression. Logically, there is thus no reason for parallel construction aside from the fear that the truth will destroy the case.
The NSA has a history of avoiding any court scrutiny of the legality of its actions and then claiming they are justified by laws. This in itself is appalling. Parallel construction is just more of the same crap.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
I don't really participate in these threads anymore because there aren't new arguments and Feral says what I would anyway. I do think the people defending NSA are overly curt and dismissive in these threads though, and that bothers me.