Backdooring stupid.crypt and forcing law abiding people to use it just insures that big badguys will use any other kind of encryption. All you've really accomplished is adding an extra charge of illegal encryption use at the expense of security for every human.
This potentially creates all sorts of pathologies. Is it illegal now for me not to update an old computer? If your backdoors are implemented in hardware, is it illegal to use old computers?
When people are against gun control, a common thread is "make guns illegal and only criminals will have guns." This argument has merit, but if we DID amend out #2 and make guns illegal, over time firearm proliferation would decrease.
Not so with encryption. Other, more free countries will constantly be developing better security methodologies, and reproducing those methods is effectively free. "Fuck up encryption, then only bad guys will have encryption" is a much stronger argument, because it's emphatically true.
The ignorant hubris of this is massively disheartening.
Yeah. There's no distinction whatsoever between encryption with backdoors and no encryption at all. Imagine our current web with no encryption. Your logins are all effectively plaintext; your online shopping is effectively plaintext; your emails are all effectively plaintext. "Furiously stupid" is a good way to describe this whole proposition.
Hmm, then wouldn't some people just make their own firearms, just as you are describing with encryption, right?
Even if that is true, "decrease" is not remotely equivalent to "eliminate".
The problem is that as law-abiding citizens, and those who have their weapons forcibly taken by law enforcement are left completely unable to defend themselves; while criminals are not completely unable to acquire firearms.
I keep seeing this "implausibility" of enforcing illegal encryption brought up, and I really think it's wishful thinking. If such encryption algorithms ever are made illegal in some manner, it will be trivial for the government to get the result they want.
It won't be about completely stopping people from using AES, nor will it be about imprisoning every person who continues to use it. What it will be about is turning "this target of our investigation is using illegal encryption" into an immediate cause for search/arrest warrant. And that will be more than enough for 95%+ of the purposes they're looking for.
Back doors are worse though - build a back door and it will be used, just not necessarily by the agency it was built for. There are a lot of groups with a lot of resources oriented around taking advantage of this, and few are legitimate. (and some are enemy nations).
There's a third problem - doing it in such a way that it can't be blocked from monitoring. (see "clipper chip" for more on that).
False.
Also "technical solutions" makes it sound like the issue is in inventing the correct encryption scheme. Whereas in reality the issue exists because we have discovered (currently) unbreakable codes, and the invention of broken (backdoored) schemes does little to change that.
If we break all known forms of encryption, and find a reasonable proof that they are no longer possible, then I'll be more interested in this line of reasoning. And that's a pretty big if.
That basically means we have to entirely get rid of copyright, since all data (books, movies, software, corporate secrets, state secrets, etc) are just very large numbers.
Do we believe that there should be no restriction on the sharing of any data? I can see the appeal, but there are far reaching consequences if we say that.
Words are just data. Are there illegal combinations of words to exchange? The law says, YES. Some speech is absolutely illegal, including making credible death threats, conspiring to break other laws, or disclosing certain state secrets to foreign powers.
Very few people argue that since words are easily available to everyone, that it is futile to make some combinations of words illegal.
In that sense, copyright = data, and encryption = functions.
All images are binary. All binary is just a number. We have made many such numbers illegal and even have software that will detect them and report you when you share the number with such number sharing services (dropbox, facebook, etc).
So making math illegal sounds entirely possible.
Math can be represented in a variety of ways, but the pattern being described is immutable.
What A.G. Barr is insinuating is not that we make implementations illegal, but that we make the use of algorithms categorically illegal.
The target here is not nerds able to pull code from GitHub or run open source or enterprise software. The target here is consumer stuff by companies like Apple and Google. The government doesn't want it to be easy to do end-to-end encryption.
For the average user, easy equals possible. The average user has neither the time nor the expertise to roll their own solution or run nerd tools. Look at how PGP/GPG's complexity and absolutely horrible UX (even for technical users!) has prevented e-mail encryption from ever taking off.
This reminds me of what a government guy told me about crypto export controls. Yes, they know that crypto export controls won't stop nerds using GitHub. What they want to do is to stop IBM, Google, Apple, Cisco, Juniper, etc. from selling ready-made polished crypto products to blacklisted countries.
In both cases I think the target is large corporations not individuals and the goal is to make crypto hard and keep it out of the hands of the average user or less-technical foreign organization.
That being said I still don't think it'll work. Just pointing out the thinking that's going on here.
The problem is that this either shows a stunning amount of ignorance or deliberate malice.
Let's just go back and consider that the government does not want the average user to have strong encryption. What is the play here? The average user is almost by definition not the bad guy, unless we consider the population at large to be criminals by default. Is the government trying to dragnet the entire population and keep everyone under the thumb for minor infractions? Because that's the only feasible target here. Barr can froth at the mouth, mad as the dickens, it won't prevent Bad Guys from using strong encryption. So his only feasible target is the (mostly) law abiding population.
The other point, preventing the likes of Google, IBM, Apple, et. al. of selling devices with strong encryption to blacklisted countries again shows either ignorance or malice. As parent wrote, encryption is just math. Are the government agencies so shockingly uninformerd that they think that in absence of secure IDevices, north korea will be forced to use backdoored technology?
The spread of physical goods can be controlled (to some degree), but the spread of information can at best be slowed down, but not stopped. Doubly so if there are already existing methods of secure communications that the government cannot efficiently crack.
The only conclusion I can come to is that they are well aware that they cannot catch any serious Bad Guy using mandated backdoors. Serious Bad Guys will use strong encryption anyway, they will cover their tracks and won't care what is legal or illegal (in the US). Furthermore, against targets like these, there are already time proven methods of infiltration, social engineering and good old fashioned bribery.
This only leaves the option of taking secure communications away from the population at large, perhaps because the government feels threatened from too many people being able to share ideas? I was never one for tinfoil hattery, so my hope is that I'm wrong.
If you have not handed your private keys over to anyone, they should be yours alone, but once you have uploaded your private keys to a coroprate cloud server, you may have to accept that law enforcement will be able to get warrant access.
This won't solve the problem for law enforcement, but it will make it easier to catch lazy people while preserving the option for full security for those who want to control their own data.
By banning 'the masses' from using encrypted communications, it'll sort the haystack and everyone who continues to do so can be profiled, plus they're already involved in illegal behavior.
Worse, for secrets we actually care about (nuclear codes?) we must still research proper encryption schemes since backdoors are admissions of weakness in a security protocol fundamentally as far as I've come to understand.
> We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement without materially weakening the security provided by encryption. Such encryption regimes already exist. For example, providers design their products to allow access for software updates using centrally managed security keys. We know of no instance where encryption has been defeated by compromise of those provider-maintained keys. Providers have been able to protect them.
This quote from the article seems to contradict itself. First it claims "... without materially weakening the security provided by encryption" then goes on to state "We know of no instance where encryption has been defeated by compromise of those provider-maintained keys" implying that there is a possibility of this kind of breach.
This whole thing seems like an oligarch's attempt to spy on it's people pretty plainly to me. Where is the liberty and freedom in this?
Encrypted data is information.
Encryption algorithms are math. Math can be expressed with data, but the immutable intangible reality that is being expressed is not information, nor property.
By your logic, the government can argue banning encrypted data, and encryption algorithm implementations.
The latter hits close to the mark of what A.G. Barr is insinuating. It would still be a significant for a government, especially the U.S. government, to ban the implementation of specific algorithms. That would equate to banning the writing of specific mathematical formulae, which is equivalent to censoring speech.
They are just too lazy to do that. They want to go on fishing expeditions and are mad they cant.
Yes it is incomprehensibly expensive for the government to do investigations on everyone, thats the point and how it was before everyone had digital artifacts
Encryption relies on a secret. It's like burying a treasure in a place only you know, and keeping the location a secret (e.g. in your head). Encryption just gives you a huge digital space where you can bury your treasure instead of a physical space where you can bury it.
Sure, people can just search everywhere for your pirate gold (brute-force attack), use advanced reasoning to narrow the search space, like "you lacked the means to 'bury' it in solid stone" (cryptanalysis), develop technology to speed up the search like ground-penetrating radar (e.g. GPUs, asic, special purpose programs) or try to coerce you to reveal the location (monkeywrench-to-knee passphrase cracking).
What the governments wants is that the maker of the shovel you used to bury your treasure not only has to track where you took that shovel but also has to tell the government that information without you telling the government got the information.
Edit: this doesn’t help in cases like terrorism where the owner of the device has already been killed of course.
The sender uses the public key to encrypt the plaintext, and the receiver uses their private key to decipher the ciphertext, as usual. But, on being compelled, the receiver can also choose an arbitrary target plaintext, and efficiently compute a new private key that maps the ciphertext to the chosen target plaintext.
When a decryption has a backdoor, who knows when it's been decrypted?
You're gambling on the temperament of your judge if you do this.
Barr is specifically addressing cases where people refuse orders to decrypt their phones or messages and just go to jail instead. That's what he means by warantless.
"Obviously, the Department would like to engage with the private sector in exploring solutions that will provide lawful access. While we remain open to a cooperative approach, the time to achieve that may be limited. Key countries, including important allies, have been moving toward legislative and regulatory solutions. I think it is prudent to anticipate that a major incident may well occur at any time that will galvanize public opinion on these issues. Whether we end up with legislation or not, the best course for everyone involved is to work soberly and in good faith together to craft appropriate solutions, rather than have outcomes dictated during a crisis. "
(In other words, let's not do with cybersecurity policy what we did with counter-terrorism policy in the weeks after 9/11.)
But... we do have a plan, which is to just not do it in spite of any crisis or whatever. He is misleadingly framing it here like we don't have the ability to backdoor encryption which has never been the problem.
He clearly states that what we need to be weary about is public opinion changing, which is basically like saying that we should just get ready to compromise our standards in preparation for the day where reactionary desire is able to overcome our "sober" thinking of the present, or else fear the government coming in and doing it sloppily and by force.
Clearly that's irrational. We should resist it now and we should resist it then too, for just the same reasons we resist it now. There's no technology issue here, just an ethical/political one.
"Don't do anything until we have a big problem" is how we got the TSA, Homeland Security, and the Patriot Act.
But notice how the label of “terrorist” is uniquely applied to the ethnic “other”, and now consider the first real gun control legislation — the Mulford Act:
https://www.history.com/news/black-panthers-gun-control-nra-...
> We think our tech sector has the ingenuity to develop effective ways to provide secure encryption while also providing secure legal access.
Yeah, may be he can also claim, tech sector can achive perpetuum mobile. This just keeps coming back all over again. He should get over the fact that it's impossible, and move on to dealing with it. Next time he should consult actual security expects before producing the above nonsense.
Which is also bad and gross.
"Further, the process of transformation, even if it brings revolutionary change, is likely to be a long one, absent some catastrophic and catalyzing event – like a new Pearl Harbor."
[0] https://en.wikipedia.org/wiki/Project_for_the_New_American_C...
A country is made of people. In some ways we of course act as "consumers" but that is not the beginning and end of what it means to be human. The government's needs are not endogenous; the government's justification for doing certain things is ultimately because people will be better off for it (otherwise it's simply "might makes right)". In addition, corporations, at the end of the day, get certain protections (and additional requirements as well) as they are they are machines to help people achieve various ends (e.g. providing goods, providing jobs, providing an opportunity to create wealth); they are not primary actors in themselves.
BTW my observation is not a comment on the specific politics of the past few years; past AsG and FBI heads have given similar talks and inherently will desire to achieve their job's objectives with the minimum of barriers. This scary formulation just shows how the terms of discussion have shifted.
National security is a major trump card across parties and administration, and will have to be responded to versus ignored, as that's where the argument is coming from.
It's easy enough to explain that Russia has mathematicians, ISIS has mathematicians the same way they had chemical engineers for the oil fields, China/PLA has mathematicians, etc.
The same fear mongering that is allowing an anti-encryption argument to advance can be used to fear monger right back towards encryption and be based in truth: Russia and terrorists can access my chats.
For the pro-encryption crowd, we know this is actually feasible technically and the end result of backdoors. We just have to explain it on common ground, where the argument lives.
https://twitter.com/mattblaze/status/1153708198718840832
His Twitter feed is well worth a follow if you care about these issues.
So I find it very hard to believe the job of law-enforcement is getting harder, not easier, just because we have some tiny scrap of privacy left.
Encryption is not an impediment to an investigation into an ongoing activity, files need to be decrypted, there are side channels everywhere, etc. Metadata and physical surveillance is enough to convict or put a person in a position where they could be convicted under some other law if there is no convincing explanation for why they were where they were.
Usually the point of mass surveillance is to retroactively look up a person of interest and blackmail them.
It would be trivial to have terror cells be distributed a USB with several GB of a OTP, and that would be unbreakable even into the age of quantum computing if used properly.
Thus isn't at all about terrorism or the "really bad guys." It's 100% about accessing the average Joe Blow's communications.
If the government can’t crack strong encryption as-is, the problem is that strong encryption is deployed at scale.
Removing strong encryption at scale would have far more effect than what you’ve described.
This seems to be the key part. He doesn't believe technologists who claim both goals cannot be achieved at once, he claims they can
* https://en.wikipedia.org/wiki/Crypto_Wars
The open source folks have worked around this before:
Software update systems have been successfully exploited to deliver malware:
> On a normal day, these servers push out routine updates—bug fixes, security patches, new features—to a piece of accounting software called M.E.Doc, which is more or less Ukraine’s equivalent of TurboTax or Quicken. It’s used by nearly anyone who files taxes or does business in the country. But for a moment in 2017, those machines served as ground zero for the most devastating cyberattack since the invention of the internet—an attack that began, at least, as an assault on one nation by another.
https://www.wired.com/story/notpetya-cyberattack-ukraine-rus...
Presumably the software update systems for major operating systems, like for Android or iOS, are typically more heavily secured than M.E.Doc.
But they are also targets of limited value. To insert malware into iOS, you would need not only access to their software update system, you would need access to (and understanding of) their source code and build system, and access to their code signing key.
And even then, it's not clear that these software update systems are even capable of targeting patches down to the level of the phone of an individual person. There's no reason for it now. The central system really just needs to make the update available in its various OS flavors, and each client can request what it needs.
If we force these OS companies to create a targeted backdoor system, all the hard work will be done for the bad guys. They need only achieve access to the special "law enforcement access" system, they will have everything they need all ready to go.
Under these conditions, could Google or Apple keep out the bad guys with 100% success? I have great respect for these teams, but those are very long odds.
It's far safer, for them and for us, to just not build that functionality. This was the point that Apple so forcefully made when Jim Comey came after them to decrypt the San Bernadino iPhone.
EDIT to add: these companies operate in more than just the U.S. If they build a targeted backdoor system, you don't think other countries will demand access to that system as well? Look: Apple already compromised on iCloud hosting to maintain access to the Chinese market.
There is reason against it now, because it makes it impossible to do things like reproducible builds or other security checks like comparing the software being offered to other devices to verify that none of them is being offered compromised updates before installing any of them.
It would also require prohibiting the transparency necessary to implement any of those checks independently, or anyone could do so and then use that to detect the attack regardless of whether or not the attackers are domestic state sponsored.
Does anyone really think China won’t immediately demand backdoors?
I think it's disgusting how supposed "democracies" have been trying to emulate China, both in terms of surveillance and censorship. UK is one of the worst offenders here -- sometimes they didn't even hide the fact they were using China as a role model.
There used to be a time when the U.S. government and other countries would condemn China for this sort of stuff.
If encryption is a weapon then I would think the Second Amendment applies, eh?
There can only be 2 solutions:
- enshrine a right to privacy. Individuals should have a way to communicate in a way that is completely secure and free of evesdropping because they are believed to be innocent until proven guilty. Likewise, enforcement agencies should be granted the same to do their work.
- adopt symmetric transparency. Individuals will then be allowed to follow the intimate communications of any leaders or enforcement agencies, with the same level of ease. So if you want me to have to file a FOI to get info about an official, an equally difficult/time-consuming process should exist the other way around. OR if you want an officer to be able to monitor any individual in real time, then I should be able to monitor any officer in real time.
That second case should be automatic anytime the "nothing to hide" argument is invoked.
> If one already has an effective level of security — say, by way of illustration, one that protects against 99 percent of foreseeable threats — is it reasonable to incur massive further costs to move slightly closer to optimality and attain a 99.5 percent level of protection even where the risk addressed is extremely remote?
> if the choice is between a world where we can achieve a 99 percent assurance against cyber threats to consumers, while still providing law enforcement 80 percent of the access it might seek; or a world, where we have boosted our cybersecurity to 99.5 percent but at a cost reducing law enforcements access to zero percent — the choice for society is clear.
One issue with all proposals around this, is risk = probability X impact. While the above speaks to the risk, the impact of malicious actors having their hands on masterkeys would be insta-access to any & all gov-mandated communication channels, to the exact same access level as warrants would afford.
While the attorney is right, that so far most corp master certificates have not been compromised, none of those had this pricetag attached to it. And the impact of this would be retroactively applicable -ie for any present-day communication, we'll be taking on faith that no future masterkeys will be leaked, ever.
I would not take that bet; and so far, neither did insurance companies.
I believe that the US should establish a court similar to the Foreign Intelligence Surveillance Court created under the FISA Act. The government must make a case to a judge establishing probable cause, and if approved a warrant can be issued to a 3rd party communications provider to disable encryption on suspected devices such that lawful interception (i.e wiretap) can be executed.
Warrants are subject to renewal every 90 days and access to encrypted communications prior to the date of warrant approval and not provided by the platform specified in the warrant are prohibited (ie, obtaining a warrant to disable and intercept WhatsApp does not mean you can disable and intercept Signal as well).
I believe this balances the interests of individuals, governments and communication providers evenly.
How often are the people making the arguments from the same political party? This problem extends to pretty much every court, as we currently have 3 branches being gamed by 2 political parties.
This will be one of the fracture lines that break the country.
It seems inevitable that it would help that given nation's "enemies" more than that given nation. Their "enemies" will get a hold of them, and they can make use of them however they want free of restrictions unlike the given nation.
I don't see anyway around that problem.
The spirit of this initiative in 2019 is likely more about stopping strong encryption at scale, which is certain to be a frustrating black hole for LEO and the IC.
Perhaps HN would do well to ask how to solve the problem from a technical perspective, given the requirements. This includes both how to build a better mousetrap (one that doesn’t have a “backdoor” or significantly weakens the encryption mechanism), and how to solve concerns about abuse of exceptional access.
There is a simple way to solve concerns about abuse of "exceptional access": Not to include any "exceptional access" mechanisms. Securely implementing a cryptosystem is a daunting task almost never achieved. Intentionally creating a human-controlled mechanism to access plaintext makes the problem much, much worse.
> There’s no discussion of how to build exceptional access encryption that solves the weakening issue, just that it “can’t be done”.
Please consider that there is fundamentally no way to solve concerns about exceptional access. "Exceptional access" means that there is necessarily a human attack vector: Those humans who control whatever mechanism exists to provide LEO access to plaintext. This necessarily weakens any cryptosystem. If those people are compromised, "exceptional access" will simply be "routine access". Further, because decryption of data emits no obvious signs of physical tampering, even citizens who trust that "exceptional access" is not being abused cannot verify that.
I actually appreciate the name of your 5 hour old account. You're correct. We are experiencing mass hysteria over cryptography. However, it is not security professionals who are hysterical: it's people like you, who apparently never met an argument against liberty that they didn't like.
Same point: figure out a technological and procedural solution to the human attack vector. If “security professionals” all agree on ideology or theory that it’s not possible and thus refuse to help solve the problem, then exceptional access solutions generally will be worse off for it. It’s independent of whether they actually are deployed.
Any two can be used in concert to unlock the secret. You and the Org combine shards to access account. You or Org can be compelled by Govt. to reveal shard, through a warrant. The third shard is held at the DoJ, and also requires a warrant.
