Is the FBI dumb, evil, or just incompetent?

I think people have the FBIs motivations misunderstood. And I don't mean in some evil conspiracy theory sort of way, but in one that is pretty consistent with their mission.<p>Their main mission nowadays is to stop terrorism, etc... I I think that when they look at this rationally they believe are better served by being able to access these conversations.<p>The article theorizes that people with data to hide will use encryption, or otherwise would be so stupid, that one can find them easily in any case. In the real world a lot of these cases are broken on a "lucky" break or two. Someone improperly or not using their encryption software once, for example.<p>I think it seems foolish to accuse them of being dumb, evil, or incompetent. Given the stakes they deal with, and the amount of data they have to sift through, I think its very reasonable that they try to reduce the amount of work they need to do to find credible leads. And I'm sure they try to institute methods to minimize abuse, but I'm sure they are also aware that some abuse will happen.<p>While some of this feels like it may cross the line, I think it's a line that a rationale organization, with their mission, should push against.

The last line is the most important: if there is a backdoor (that is the Lawful Interception interface) there is no guarantee that it won't be used by unauthorized third parties.<p>Anyone could have predicted that something like the Google hack was going to happen. I also seem to remember that there was a similar incident involving the cellphone network in Greece.

Are there any video chat clients with end-to-end encryption?<p>I was trying to do this by piping the output of my webcam to openssl and then to netcat, which sends the packets to a publicly addressable server (Amazon instance) that relays the encrypted packets to another computer behind a firewall, that decrypts the video stream and plays it in MPlayer. It works, but the latency is about 10 seconds. To reduce the latency, I could delta-encode the video stream, leverage the GPU somehow, but I'm not sure how to get the latency down to the 200ms required for seamless conversation. Also, it should be noted that there is little code behind this, mainly just unix utilities and pipes.<p>PS: Also I could remove the Amazon piece and forge a direct P2P connection using NAT hole punching if the routers on both ends permit, but this is not always reliable and isn't a huge source of latency.

I say all of the above. There's basically one reason to work for law enforcement: Authority and its slutty sister, Power. People who are attracted to these things are susceptible to logic failures in pursuit of their interest in exerting Authority and Power.

I vote a little dumb, a little evil (you know, the banality kind) and pretty incompetent.<p>Anecdotal, but the FBI's first web site was hosted by a NASA machine. I think the FBI was traditionally an IBM shop, and mainframes and the web didn't work well together at first.<p>In more verifiable evidence of incompetence, there's the Virtual Case File epic fail (<a href="http://www.washingtonpost.com/wp-dyn/content/article/2006/08/17/AR2006081701485.html" rel="nofollow">http://www.washingtonpost.com/wp-dyn/content/article/2006/08...</a> just one of many articles about it) followed by a minor debacle in Sentinel (<a href="http://www.pcmag.com/article2/0,2817,2407922,00.asp" rel="nofollow">http://www.pcmag.com/article2/0,2817,2407922,00.asp</a>)

I've read that quantum computing is picking up, so please correct me if I'm wrong... it IS still pretty hard to factor very large primes, right?<p>This push to "stop terror" via reading the general public's email/chats/etc. seems more like Big Bro and less like a viable method to stop the next 9-11. Sure, the bros from Boston weren't exactly sophisticated, but I find it hard to believe nobody in Al Qaeda knows how to use PGP.<p>Still, I'm voting for incompetent. If they want to know what kind of porno we all like, fine.

You don't need such a long argument to prove FBI's stunning incompetence, an example like failing to prevent the Boston bombing where they couldn't find their assess with two hands would suffice.

What happens when the FBI becomes infected with people like Lerner who use their power to persecute political dissidents?

<i>So the FBI would only be able to wiretap suspects who are either too dumb to use encryption — in which case they ought to be easy enough to catch without wiretaps</i><p>I think the author under-estimates the difficultly of catching criminals.

Maybe I'm being naive, but what's preventing Google or Facebook from using their resources to launch a PR campaign against these requests from the FBI, or at the very least be a bit more outspoken about them?

Cant the companies that would be affected just split off the operational side of the business to be outside of US jurisdiction, you know like some do to avoid paying tax (not to grossly over-simplify the issues...)? You know facebook could still exist as a US corporation encompassing the intellectual side of the company but create and icelandic company that actually deploys the servers and processes the data. Or something.

I'm one of the hard-headed privacy freaks usually sharpening my pitchfork when there is an outrage against civil liberties. I'm <i>that guy</i>.<p>I once had a job that involved investigations of criminal activity (not law enforcement or government related, just a company protecting its own users and employees).<p>In this case, I had identified, with certainty, one individual that was engaging in significant fraud. He appeared to have several accounts, and it was appearing highly likely that he had a few accomplices.<p>During the investigation, I was fully willing to violate everyone's privacy to find everyone in the fraud network. This included data that was already submitted voluntarily, private communications, as well as embedding tracking objects and invisible flash objects to retrieve IP addresses of users surfing behind proxies (this used to be an effective way to unmask users). I didn't have a second thought about it. Why would I? I didn't care what the legitimate users were doing, wasn't going to stalk them, wasn't going to pay any attention to their personal affairs. But, to weed out this problem effectively, I needed to sweep everything. I'm trustworthy, just doing my job, and I certainly trust myself enough to disregard or ignore information that wasn't pertinent.<p>After being entrenched in the investigation, I had a fairly exhaustive list of the bad actors. Initially this was just basic hard data, (such as correlating IP addresses), but then there was kind of a "sixth sense" that I also started relying on, where I couldn't articulate the signal, but some behavioral cues just <i>felt</i> like they were related. You know, "gut instinct". So I ended up digging into those accounts, and confirmation bias took over. I did find many more bad actors, but I was thoroughly convinced that a few cases were also related, which ended up being suspended, and it turned out that they were actually unrelated and legitimate. That's when I started to reflect a bit.<p>I didn't go through with the most blatant of the proposed violations, although at the time I was willing to initially. I now realized how egregious that was, and noticed how easily I fell into that mindset. If asked, I think the words "If you've got nothing to hide, you've got nothing to fear" could have naturally rolled off my tongue (though, this certainly would have alerted me to the errors of my thought process).<p>So I concluded a few things:<p>- <i>Most</i> of the time, these blatant, sweeping violations, are most likely not malicious and probably do have good intentions. I very much understand what frame of mind most of those people are in. It's not an opaque three letter agency, it's made up of regular individuals with tunnel vision on their legitimate objectives (stopping crime).<p>- When you look at criminals day in and day out, and are on a mission, everybody starts to look like a criminal.<p>- The "working backwards" approach - finding signatures of bad activity, and applying it to other data, then "confirming" the new matches, is a well-understood statistical fallacy, aptly named, the prosecutor's fallacy[1]. If you spot it in court, your defense attorney can try and point it out to the jury - and good luck explaining it to your "peers" who probably play the same lotto numbers because theirs is "due eventually". But let's face it - your life is already ruined by then. You're on all the watch lists, your vehicles are bugged, you've got huge legal bills and no job, and maybe if you're extremely unlucky, you're even in Guantanamo. Everything prior had little or no judicial oversight, no way to defend yourself, and is from a system that is invariably full of investigators who are not self-aware enough to always catch themselves doing this, especially when the cost of missing an actual threat is extremely high.<p>And for bonus points:<p>The interface that a coworker created to do some of the data mining (let's call it the "lawful intercept interface") had an SQL injection bug in the logic that parsed login history. It wouldn't have been difficult to discover and exploit without even knowing this interface existed, due to the error a user would see on login if they had certain bad characters in the affected field. I found it roughly a year later and reported it to the CTO in a message from his own account, after using the bug to take his auth cookie out of the DB (we were friends, so I knew he would be a good sport).<p>tl;dr It's mostly good intentioned individuals with tunnel vision, who are very misguided, and who don't understand the side effects and costs of what they propose.<p>[1] <a href="http://en.wikipedia.org/wiki/Prosecutor%27s_fallacy" rel="nofollow">http://en.wikipedia.org/wiki/Prosecutor%27s_fallacy</a>

d) all of the above?

Why would the FBI be interested in social networks? I don't think criminals and terrorists communicate using Facebook.

i guess they don't care about anything else as long as they can do their job

I'd say they're a little of all of those things and more. They are, after all, human. They get paranoid and worry, they make mistakes, they grasp for power when they can. It never works out like they want though, because they are human.

I believe that the CIA is much much worse than the FBI.

Most of these debates seem to start from the idea of a yes or no ballot to formalize a panopticon and I think that only makes it more likely that society will go there (I mean: please, somebody, think of the children).<p>IMHO, the idea that law enforcement should have either all or no access to online data is a false dichotomy.<p>Wiretapping capability is less relevant than ever IMHO, in a time with more privately-owned cameras and personal communication devices than ever; it is more likely than ever that criminals <i>will</i> leave physical evidence of physical crimes, and so there is less reason than ever to invade people's privacy or criminalize thoughts and suspicion/conspiracy/planning of physical crimes when the damage comes from the follow-through, not the imagination. Violent crime has been declining In Canada and the US for decades. This idea of urgency simply doesn't fit those facts.<p>The Internet is basically a bunch of random thoughts. In a sense, people are having public conversations, but in another people are simply thinking out loud; the more we hold to criminalizing thoughts, the more we create problems by that process and criminalize freedom of thought.<p>I'm for warrants, and against vigilante justice, but I also really think we need to dissect this idea that only law enforcement should have, or even already has, the tools to address all dangerous situations. IMHO, the less individuals rely on institutions the better, since it is well known that power corrupts. So far Canada and the US have had pretty good luck and the public has had <i>some</i> success holding institutions accountable for abuses of power, but I don't get the impression that influence is as strong as it needs to be, going forward (and I don't know how to fix it while continuing to empower institutions that quite predictably stray from their mandates rather than close shop). IMHO, Institutions pose an unnecessary risk as they continue to grow and claw for more power - in this case, pushing for more surveillance capabilities. I would rather be responsible for myself, without the help of institutions, wherever possible.<p>As we create new potentials, and empower people to help themselves, I think the role of institutions should decrease. Take the recent article on the French police offloading missing person searches on Facebook for example. ( <a href="http://www.itworld.com/networking/357720/french-police-end-missing-persons-searches-suggest-using-facebook-instead" rel="nofollow">http://www.itworld.com/networking/357720/french-police-end-m...</a> ) As much as I don't like Facebook, I think that's the right tool for that job, and I would like to see more work to empower individuals in that sense. It's a wonderful thing to be not needed because you actually solved a problem. I, for one, would love to not need to rely on (and pay for) the police or government because I was safe and had a voice of my own.

Think like a sysadmin in a big corporation. Assume that there are devices (the BYOD trend) that you have no root to/ no way to monitor them. It will drive you crazy if you have a mild case of ODC(and in IT it comes with the profession) no matter what the real risk is. Now you are in FBI shoes.<p>With the devices so closely integrated into the cloud we are already close to the "day every iDevice was wiped irreversibly and huge part of the world stopped". Let's not make it closer.