The point of my comment wasn't that we shouldn't use technology to enforce our laws (though our drug laws are ridiculous and counterproductive). It was that our local, state, and federal governments operate as a collection of thousands of fiefdoms that run for the most part without supervision from any other agency. Each of those fiefdoms can implement programs like this in secret, and no one can challenge them because no one knows about them. Every so often one of these programs is identified and disbanded after years of litigation, but hundreds more will soon appear in its place.
The simplicity of implementing such programs combined with the near impossibility of identifying and eliminating them makes this an insurmountable problem. Our government seems to have adopted the mantra of the criminals they claim to dislike so much: If you don't get caught, it's not illegal.
Is this an argument in favor of the practice? Because, honestly, drugs should be legal to sell and to purchase. If all drugs should be legal and if the trade in drugs should be legal, then how can any program like this designed solely to enforce drug laws be justified? In that event, who cares what drug "pushers" and users know?
Yeah, you read that correctly. Black guys who use cocaine become more accurate with a gun and will attack white women! Also, Jews are selling it. Cocaine also makes it nearly impossible to kill a black man using a standard issue handgun, so let's upgrade the caliber.
"Have you seen what (crack) cocaine does to people?"
Yes: I have seen the children of the wealthy doing cocaine at college parties, then going on to get high-paying jobs on Wall St. Truly ruinous, truly!
How about we drop the boogeyman and drop the anecdotes and start citing some sources? You claim that cocaine destroys people; let's see the proof.
Might be beating dead horse, but people want to drink alcohol snort coke or shoot up heroin.
Put as many laws as you want, that is not a way to solve problem, never will.
You can't forbid people being stupid by law. Also, abuse of narcotics is a side-effect for bigger problems, ones that is easier to ignore. Will we get there when we are able to speak about it, I wonder, I wonder my friend.
Many drugs are horrible and ruin lives. But they ruin fewer lives than do the laws making the sale and purchase of drugs illegal. If every penny spent on enforcing drug laws and incarcerating drug sellers and buyers were spent on education, treatment, and poverty programs, drug use would fall in the United States by orders of magnitude.
One of the more pernicious effects of making the sale and purchase of drugs illegal is that people who sell and purchase drugs are sent to prison. Most people sent to prison for these offenses are themselves addicts either trying to feed their habit, or to pay for it. These are the people that the drug laws are intended to protect, no? But as a result of going to prison they:
* are frequently denied effective treatment for their illness, and therefore continue as addicts inside and outside of prison;
* are effectively exiled from the legitimate economy, becoming a burden on society both before and after incarceration, and increasing the likelihood of continued drug use;
* cannot take care of their families, increasing the burden that we all carry that we would not otherwise carry;
* are mixed with a violent element, whose influence will certainly cause many to commit non-drug crimes that they otherwise would not have.
The prisons turn users into addicts and addicts into career criminals.
Some people seem to believe that we need these harsh laws in order to catch, as you put it, "cocaine pushers" who are "in the business of destroying people". In fact, narcotraffickers are entirely the creation of US "Drug War" policies. Decades of supply-side enforcement has made these people so wealthy that they can purchase entire governments. The government of Mexico, the world's 14th largest economy, is populated in some percentage at almost every level by agents of the cartels. It is "Drug War" policies that create the profits to pay for this corruption.
Demand-side policies along with controlled and regulated distribution of drugs in the US will decimate the narcotraffickers. Without customers willing to pay ridiculous margins for their product, they will simply go out of business. Although some former narcos will attempt to leach off of society through kidnapping and other crimes, a lack of local community support, money and political cover will mean that aggressive policing will finally be able to stomp them out in time.
Also consider the case of Oxycontin, a legal narcotic manufactured by Perdue Pharma, "a privately held pharmaceutical company founded by physicians and now located in Stamford, Connecticut". Oxycontin is among the most destructive drugs today. Oxycontin is primarily acquired by addicts either by getting doctors to legally prescribe it, or by purchasing excess pills from individuals to whom it was legally prescribed.
"Drug War" policies are entirely ineffective a combating this kind of practice; as a result, prescription drug abuse is growing at a faster rate than nearly all other forms of drug abuse. However, it is almost certain that addiction-treatment regimes instituted to reduce the use of currently-illegal drugs will also be effective at reducing the illicit use of currently-legal drugs.
And if for some reason you think that education and treatment programs can't have a significant (if not massive) effect on addiction rates, I would ask you to take a look at the following two data points:
If every penny spent on enforcing drug laws and incarcerating drug sellers and buyers were spent on education, treatment, and poverty programs, drug use would fall in the United States by orders of magnitude.
I have no doubt that's true. But even if the war on drugs was stopped, the money wouldn't go to helping the poor. The U.S. only has right wing parties, so the money would just end up paying off debt or lowering taxes.
One of the more pernicious effects of making the sale and purchase of drugs illegal is that people who sell and purchase drugs are sent to prison.
...
The prisons turn users into addicts and addicts into career criminals.
(hard) Drugs are illegal where I live too (The Netherlands). But we don't have such harsh laws at all. Possession of drugs means a fine and perhaps a few days in a cell sobering up.
It is not the war on drugs that is destroying the U.S's lower class, it's the ridiculous prison sentences. No country in Europe has as many drug related problems as the U.S., and in no country in Europe drugs are legal (except maybe portugal?)
You are absolutely right in everything you say. But legalizing crack cocaine does not sound like an optimal solution to me, sure perhaps you'll succeed in overthrowing the drug cartels. But then you have the issue of regulating or even organizing the legal (private) distribution of drugs. I don't see that ending well at all.
The prisons and the U.S.'s messed up legal system are the problem they are what should be fixed.
"then you have the issue of regulating or even organizing the legal (private) distribution of drugs. I don't see that ending well at all."
We have been very successful at regulating tobacco and alcohol. Yes, you can find moonshine if you look really hard, but that's just the point -- almost nobody wants moonshine, people prefer regulated liquor. Sure there is black market, unregulated tobacco and teenagers manage to buy it, but the vast majority of people who smoke buy their tobacco legally.
For that matter we have also been overwhelmingly success at regulating pharmaceutical drugs, to the point where a black market exists for them as replacements for illegal drugs. There is a reason recreational opiate users want pills: the regulations on purity, dosage, etc. Even methamphetamine is available by prescription (for narcolepsy, obesity, and ADHD treatment), and the pharmaceutical stuff is a lot safer, because of regulations.
In reality we know how to regulate drugs, including extremely dangerous drugs like alcohol and tobacco, and even "hard" drugs like methamphetamine. Maintaining a regulatory system is not the problem here. The real problem is that the war on drugs is profitable. One of the most ironic facts of lobbying in today's world is that "The Partnership for a Drug-Free America" receives money from alcohol, tobacco companies, and pharmaceutical companies. There is also the matter of politicians having figured out that they can always portray themselves as "tough on crime" by pushing for drug arrests. Police officers unions are fighting for their members jobs by lobbying for maintaining or even expanding the effort. The executive branch has also figured out that the war on drugs is a great excuse for expanding executive power -- even to the point of the attorney general's office having gained the authority to declare drugs to be illegal (and then prosecute people for possessing those drugs).
Legalization and regulation are the answers our society really needs. We need to disband the DEA, repeal the controlled substances act, pass a constitutional amendment that forbids all such prohibitions, and set up a regulatory framework. It is not likely to happen, for the reasons outlined above and because we have had so many decades of propaganda that people have trouble with the idea of alcohol being drug or of methamphetamine having medicinal use.
Out of curiosity, what is it about crack cocaine that has you so terrified? There are far more dangerous drugs out there...
Out of curiosity, what is it about crack cocaine that has you so terrified? There are far more dangerous drugs out there...
Sorry for the late reply. I disagree with you, and I was a bit tired so I stopped discussing :P I'll answer your question:
The combination of accessibility, addictiveness and health effects. I live opposite to an addiction treatment center and see crack addicts every day. It's addictive like tobacco is, has stronger mental health effects than alcohol and because of its low cost is more accessible than any other hard drug.
I know alcohol is very dangerous too, but 99% of alcohol users manage their addiction in a way they can still manage their lives adequately. With crack and other hard drug addictions you will find the odds reversed.
> It is not the war on drugs that is destroying the U.S's lower class, it's the ridiculous prison sentences.
I don't see these two things as separable.
> But then you have the issue of regulating or even organizing the legal (private) distribution of drugs. I don't see that ending well at all.
Perhaps you are right, but it is my opinion that it is the very illegality of drug abuse that makes it so difficult to treat, especially for the harder drugs. If you read the Portugal study you find that addicts that are not threatened with jail time or other criminal sanction are more likely to seek and pursue treatment. And Portugal has a small fraction of the funds for treatment available as the US would have if it repurposed it's "Drug War" budgets for treatment, so you could imagine that such policies would be more effective here.
One key additional concept from Greenwald's report is that individuals who choose to avoid hard drugs are not dissuaded by their illegality just as they are not dissuaded by the harm that these drugs cause. Furthermore, individuals who would otherwise choose not to do drugs don't change their minds because the criminal sanction disappears. Choosing to do hard drugs involves a decision-making process that requires a person to disregard signifiant harm to their person. This insensitivity towards risk on the part of the addict means that criminal sanction simply does not have the deterrent effect one would expect; inversely, non-drug users are deterred primarily by the ill effects to their health and wellbeing, so drug's illegality barely enters into the equation.
Even real-world cryptography can benefit from security through obscurity. It's all a time game- how fast can my attackers attack my security, how much time do I need to buy. If security through obscurity buys you time, why not?
"Buys you time" for what? For fixing it? Why not do it right in the first place?
The danger in this line of thought is that security breaches only have to happen once for real damage to ensue. For software companies, when it happens, I always expect to see a clear explanation for why it did happen and in case of stupid architectural problems, I tend to avoid that company in the future.
Of course there's a difference between software and real world undercover operations performed by government agencies. Placing an agent undercover is both a gamble and a race against the clock. The government knows the risks involved, the agent knows the risks involved, human casualties can happen but that's part of the contract so to speak. Nobody willingly enters such operations without knowing the risks involved.
But if you're gambling with customer's data, be prepared to explain that to the angry customers when the shit hits the fan.
As far as I know, we've never yet created a cryptographic algorithm that's withstood more than 20 years of scrutiny. We could assume this trend continues into the future, and that any crypto algorithm we do create will be broken within 20 years. This means that encrypting a piece of data isn't some magical eternal protection--it just seals it in a time-capsule that'll "degrade" after 20 years or less. (Sometimes far less.)
But, so far, this property has also been pretty much irrelevant: almost all the things we want to do by passing along a secret are time-sensitive, and breaking the secret 20 years after the fact doesn't really buy you anything. Being able to impersonate the SSL key of Microsoft.com-as-it-was-in-1993 doesn't let you do anything to Microsoft.com-as-it-is-today.
This policy scales down, of course: in military comsec terms, you only need the encryption on operational details to last until the day after the operation is carried out. After that, your "secret" has become "plain" (something quite obviously blew up, etc.) and so the enemy breaking the encryption on the orders won't tell them anything they didn't already realize by hearing the explosion.
This is why the military keeps multiple different kinds of ciphers for different levels of secrecy, by the way: they assume that the more things they use a particular crypto algorithm for--the more signals the enemy gets to intercept that use that algorithm--the more enemy sigint folks will be put to the task of breaking that algorithm. So "top secret" encryption isn't meant to withstand any more scrutiny than "secret" encryption; it's just generally a bunch of orthogonal crypto primitives to the ones in the merely-secret crypto, and only used rarely, for the kinds of orders that need to stay secret long after execution (e.g. covert ops on allies.) Thus, enemy nations will have comparatively little reason to have analyzed and broken it--and breaking the secret-level ciphers won't help them, because of the orthogonal implementations.
You're right of course, however we need to make a distinction here.
First of all there's the issue of how strong is an encryption algorithm. For example RSA is based on the problem of factoring large numbers, a problem that's generally considered to be hard as we know of no efficient algorithm for solving it. But we haven't proved that factoring large numbers will remain a hard to solve problem in the future. The NSA could very well have custom hardware for efficiently factoring 1024-bit primes by now and the upcoming quantum computing is a real threat. If they haven't done it by now, 1024-bit keys will become breakable in the future, however 2048-bit keys are another issue entirely and 4096-bit keys will probably stay unbreakable.
But, even if breakthroughs in solving the integer factorization problem will be made in the future, as long as P != NP then perfect encryption is possible. In fact, we already know of encryption schemes that are provably unbreakable even with unlimited hardware at disposal, the problem being that they are also hard to implement, so we ended up with making tradeoffs.
Second, it's far easier to attack a particular implementation, to bypass the encryption algorithm entirely, e.g. attacks against the key generation system, side-channels, the protocol of the software system we are talking about, etc ... because software always has bugs, as in zero-day exploits that one could make use of.
For this reason - if indeed the military is using different encryption algorithms for different security levels, algorithms that aren't used in the wild, then to me that's a pretty bad idea, as far more often than not it's the implementation that's broken, not the algorithm. And in case of inside leaks, the implementation is always easier to get a hold of, compared to the key.
Military comsec basically has to assume the implementation will be immediately made available to enemy sigint, since they build crypto implementations into things like secure phones which can just be stolen off a dead soldier and pulled apart.
The implementations can be upgraded in the field when a flaw is found, as with any firmware (and frequently an implementation will be cycled out for a different one even if it is thought to be unbroken, just to put any time that's been put into breaking it to waste.) But enemy governments are precisely the people with enough resources, and reason, to want to break entire algorithms.
The thing is, it is a hard problem--so they only bother to break algorithms where they know they'll get big rewards for doing so ("top secret" doesn't usually mean more valuable to enemies, after all; usually it just means "fewer people should know this ever happened.") A standard secure phone will have all the Suite A and Suite B ciphers[1] built into it, but since so many more transmissions will be using Suite B ciphers, there'll be comparatively less strategic advantage in cracking the currently-used Suite A cipher before it's cycled out for the next one. So Suite B ciphers sometimes do get cracked during their "useful shelf-life" and have to be immediately switched, while Suite A ciphers are usually left alone.
Seemed to work for Skype. Took quite a while to reverse engineer the protocol, and I'm not sure there are any proper cleanroom implementations. That's a solid business win for them.
It did not work for Skype[1]. This conversation has been about security through obscurity. You're describing their competitive advantage because competitors couldn't build external interfaces to the protocol; that's not security a security win, it's a business win, as you said.
Please point out security flaws in Skype's voice protocol. That list is a list of problems and flaws with Skype's software (which is, in general, shit). It doesn't seem to document any crypto failures. The largest security failing listed there is that it pulls ads over an unencrypted connection.
For all we know, the core Skype protocol may be perfectly implemented. The Wikipedia link states there's no peer-review.
So because we can't study it we assume it's perfect? That's the essence of the fallacy of security through obscurity.
As a corollary, just because you can't do a quick Google search for 0days in iOS or Windows doesn't mean they exist. In fact they do, and they're bought and sold on black markets or are kept secret by governments and the like.
You don't assume something is secure because you can't readily access documented flaws. You assume something is secure when it has undergone rigorous peer review, which, as you stated, does not exist.
Your argument seems to be that you can't simply find a laundry list of Skype flaws floating around. This is true. But it says positively nothing about the security or lack of security regarding Skype's protocol.
You said flat-out it did NOT work. I'm saying that it's not determinable, and so far, no published security holes in Skype exist. In fact, no real good details exist, despite plenty of people trying. Skype's probably the most popular IM/Voice/Video protocol in the world.
I agree that Skype's protocol may be terrible. But you cannot state that obscurity didn't help. "No one" is even able to connect to Skype, let alone break it, at this point.
