NSA Apologist Offers Solutions To 'Encryption' Problem, All Of Which Are Basically 'Have The Govt Make Them Do It'
from the wishful-thinking dept
Benjamin Wittes, one of the NSA apologists ensconced at Lawfare, has written a long piece in defense of FBI head James Comey's assertions that there must be some way tech companies can give him what he wants without compromising the privacy and security of every non-terrorist/criminal utilizing the same broken encryption.
What he suggests is highly problematic, although he obviously pronounces that word as "pragmatic." He implies the solution is already known to tech companies, but that their self-interest outweighs the FBI's push for a "greater good" fix.
The theory is that companies have every incentive for market reasons to protect consumer privacy, but no incentives at all to figure out how to provide law enforcement access in the context of doing so.There's some truth to this theory. Tech companies are particularly wary of appearing to be complicit in government surveillance programs as a couple of years of leaks have done considerable damage to their prospects in foreign markets.
Wittes suggests the government isn't doing much to sell this broken encryption plan, despite Comey's multiple statements on the dangers posed by encrypted communications. And he's right. If the government truly wants a "fix," it needs to start laying the groundwork. It can't just be various intel/law enforcement heads stating "we're not really tech guys" and suggesting tech companies put the time and effort into solving their problems for them.
If we begin—as the computer scientists do—with a posture of great skepticism as to the plausibility of any scheme and we place the burden of persuasion on Comey, law enforcement, and the intelligence community to demonstrate the viability of any system, the obvious course is government-sponsored research. What we need here is not a Clipper Chip-type initiative, in which the government would develop and produce a complete system, but a set of intellectual and technical answers to the challenges the technologists have posed. The goal here should be an elaborated concept paper laying out how a secure extraordinary access system would work in sufficient detail that it can be evaluated, critiqued, and vetted; think of the bitcoin paper here as a model. Only after a period of public vetting, discussion, and refinement would the process turn to the question of what sorts of companies we might ask to implement such a system and by what legal means we might ask.Thus ends the intelligent suggestions in Wittes' thinkpiece. Everything else is exactly the sort of thing Comey keeps hinting at, but seems unwilling to actually put in motion. It's the government-power elephant in the room. Actually, several elephants. It's the underlying, unvocalized threat that lies just below the surface of Comey's government-slanted PR efforts. Wittes just goes through the trouble of vocalizing them.
First, he gives Comey's chickenshit, ignorant sales pitch a completely disingenuous, self-serving reading. Comey has refused to acknowledge the fact that what he's seeking is not actually possible. He claims he doesn't have the tech background to make more informed assertions while simultaneously insisting the solution exists -- and could easily be found if only these tech companies were willing to apply themselves.
[Comey] is talking in very different language: the language of performance requirements. He wants to leave the development task to Silicon Valley to figure out how to implement government's requirements. He wants to describe what he needs—decrypted signal when he has a warrant—and leave the companies to figure out how to deliver it while still providing secure communications in other circumstances to their customers.In Wittes' estimation, Comey is being wise and promoting open innovation, rather than just refusing to openly acknowledge that his desire to access and intercept communications far exceeds his desire to allow millions of non-criminals access to safer connections and communications.
The advantage to this approach is that it potentially lets a thousand flowers bloom. Each company might do it differently. They would compete to provide the most security consistent with the performance standard. They could learn from each other. And government would not be in the position of developing and promoting specific algorithms. It wouldn't even need to know how the task was being done.
Wittes goes on to offer a handful of "solutions" to the Second Crypto War. Not a single one includes the government growing up and learning to deal with the new, encrypted status quo. He follows up the one useful suggestion -- government research exploring the feasibility of the proposed encryption bypass -- with one of his worst ideas:
If you simply require the latter [law enforcement access] as a matter of law, [tech companies] will devote resources to the question of how to do so while still providing consumer security. And while the problems are hard, they will prove manageable once the tech giants decide to work them hard—rather than protesting their impossibility.There's not a worse idea out there than making certain forms of encryption illegal to use in the United States. But Wittes tries his hardest to find equally awful ideas. Like this one, which would open tech companies to an entire new area of liability.
Another, perhaps softer, possibility is to rely on the possibility of civil liability to incentivize companies to focus on these issues. At the Senate Judiciary Committee hearing this past week, the always interesting Senator Sheldon Whitehouse posed a question to Deputy Attorney General Sally Yates about which I've been thinking as well: "A girl goes missing. A neighbor reports that they saw her being taken into a van out in front of the house. The police are called. They come to the home. The parents are frantic. The girl's phone is still at home." The phone, however, is encrypted.Wittes quotes Whitehouse's statements, in which he compares encryption to industrial pollution and suggests tech companies -- not the criminal in question; not the investigators who are seemingly unable to explore other options -- be held liable for the criminal's actions. Wittes poses a rhetorical question -- one that assumes most of America wants what Comey wants.
Might a victim of an ISIS attack domestically committed by someone who communicated and plotted using communications architecture specifically designed to be immune, and specifically marketed as immune, from law enforcement surveillance have a claim against the provider who offered that service even after the director of the FBI began specifically warning that ISIS was using such infrastructure to plan attacks? To the extent such companies have no liability in such circumstances, is that the distribution of risk that we as a society want?Holding companies responsible for the actions of criminals is completely stupid. Providing encryption to all shouldn't put companies at risk of civil suits. The encryption isn't being provided solely for use by bad guys. It makes no more sense than holding FedEx responsible for shipments of counterfeit drugs. And yet, we've seen our government do exactly that, in essence requiring every affected private company to act as deputized law enforcement entities, despite there being no logical reason to put them in this position. Wittes feels the best solutions involve the government forcing companies to bend to its will, and provide compromised encryption under duress.
The final solution proposed by Wittes is to let everything go to hell and assume the political landscape -- along with tech companies' "sympathies" -- will shift accordingly. This would be the "let's hope for the tragic death of a child" plan:
[W]e have an end-to-end encryption issue, in significant part, because companies are trying to assure customers worldwide that they have their backs privacy-wise and are not simply tools of NSA. I think those politics are likely to change. If Comey is right and we start seeing law enforcement and intelligence agencies blind in investigating and preventing horrible crimes and significant threats, the pressure on the companies is going to shift. And it may shift fast and hard. Whereas the companies now feel intense pressure to assure customers that their data is safe from NSA, the kidnapped kid with the encrypted iPhone is going to generate a very different sort of political response. In extraordinary circumstances, extraordinary access may well seem reasonable.If this does happen, Wittes' assumption will likely be correct. Politicians have never been shy about capitalizing on tragedies to nudge the government power needle. This will be no different. One wonders why no one has come forward with a significantly compelling tragedy by this point, considering the wealth of encryption options currently on the market. A logical person would assume this lack of compelling anecdotal evidence would suggest encryption really hasn't posed a problem yet -- especially considering the highly-motivated sales pitches that have been offered nonstop since Google and Apple's announcement of their encryption-by-default plans. The "problem" Comey and others so desperately wish to "solve" remains almost entirely theoretical at this point.
But the FBI and others aren't going to wait until the next tragedy. They want the path of least resistance now. The solutions proposed by Wittes are exactly the sort of thing they'd be interested in: expanded government power and increased private sector liability. This is why Comey has no solution to offer. There is none. There is only the option of making companies do what he wants, but he's too wary of public backlash to actually say these things out loud. Wittes has saved him the trouble and proven himself no more trustworthy than those who want easy access, no matter the negative implications or unintended consequences of these actions.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, ben wittes, encryption, going dark, nsa, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
Unicorns
[ link to this | view in chronology ]
Re: Unicorns
[ link to this | view in chronology ]
Re: Re: Unicorns
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Tin Foil Hat
Consider this possibility:
The women shot in SF by the illegal immigrant was setup by federal agents.
1) ICE transferred a mentally unstable man to the SF sheriff based on an ancient warrant that they should have known wouldn't be enough to hold him on.
2) A BLM agent gave his weapon to ICE agents and reported it stolen.
3) The ICE agents rigged the weapon to go off and then planted it near the illegal immigrant.
4) The illegal immigrant picked up the weapon, it went off as planned, and Homeland Security got a lot of people blaming SF about their policy of non-cooperation.
A few years ago, I would have immediately dismissed such a theory as being totally tin foil hat territory. Now, I can't be so sure.
Because of what we know has happened, we must assume the official investigation procedure for missing children is something like:
1) Determine if phone is encrypted.
a) If not, continue investigation.
b) If so, hold press conferences to lament that there is nothing you can do. Then wait until your are confident child is dead to find body.
Therefore, we, the people, must hold the authorities culpable if they fail to recover a child when their cell phone has been encrypted.
If that's not fair to the authorities investigating, so sad, too bad. That's what happens when you abuse the trust people have placed in you, even if you are a government.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Never mind that it lays things wide open for abuse. The goverment would never abuse its power, right?
[ link to this | view in chronology ]
A key that cannot be abused.
If our _magical_ encryption system cannot be used to encrypt evidence of crime, then law enforcement, even the government need not concern themselves with end-to-end encrypted data.
That would be a relief to all and solve all problems.
I bet we could go one further and make a data transmission protocol that cannot be used only for good purposes. Then the government never need go online.
[ link to this | view in chronology ]
Re: A key that cannot be abused.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
If tech companies are liable in the kidnapped kid+encrypted iPhone, wouldn't the same logic hold firearms manufacturers liable for crimes caused by the use of their product?
And now removing the fork from the light socket, a serious question.
The NSA employes many, many mathematicians and cryptographers. The NSA and GCHQ had public-key cryptography years before their re-discovery by public research. So if the government is so interested in finding a unicorn, why don't they foot the bill for searching for the unicorn?
[ link to this | view in chronology ]
Re:
What about the manufacturer of a car used in a kid napping?
[ link to this | view in chronology ]
Re: Re:
Had they never procreated their would not have been a kid with an encrypted iPhone to get kidnapped in the first place!
If we just stop the root cause of these problems we could achieve global peace in about 1 century!
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Kidnapping is particularly rare.
For the rest of us, we're far more susceptible to abduction by the police because they think we're ugly and the local DA is hungry for convictions, than we are to be abducted off the street into human trafficking.
Remember that. If they arrest you and get into your phone, all your data will be used to convict you and put you into jail, probably for some detail you didn't realize was a legal offense.
And unless you're someone famous, they won't consider it a missing person for days, and presume little Suzie ran away from home to try to get to grandmas house.
[ link to this | view in chronology ]
Pachyderm alert!
In fact, strong crypto used to be controlled under ITAR, considering it little different from sophisticated weapons which were not to be marketed to foreign entities.
I wish these guys would just admit the elephant in the room: that strong crypto gets in the way of their continued attempt to enforce Prohibition (known today as "The War On Drugs"). That's their real problem. I don't believe them when they say they're just trying to protect everyone from terrorists and child pornographers! They're really just trying to prop up their failed business model, Prohibition. The DEA's getting no nearer to winning that war, and are in fact losing it badly, just as badly as Prohibition was originally lost. They've militarized the police, come to consider themselves fighting a war against domestic insurgents, are tapping the communications of damned near everyone on the planet, are pissing off even (nominal) allies with their nozyness, yet can't bring themselves to accept the truth: Prohibition didn't work and was actually a disaster, and considering crypto to be as dangerous as offensive weapons is still as foolish today as it was in the '90s. Saddling ordinary law abiding people with crippled crypto won't help them win it either.
Finally, I'll just suggest they consider what all my past employers told their people: "If you can't do your job, then quit!" There's plenty of people out here who'd love to pull down the kind of salaries these people get.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
In the case where the phone is left at home there is another option: If this is a young girl she may consider the phone to be "hers", when in reality it is probably the parents that bought it for her and are paying for her service. In that case the parents could (and should) require their daughter to give them the unlock code/key/password/whatever as a condition for having the phone. Call it "parental key escrow". In that case the police would probably not even need a warrant as the parents would likely give them access without even being asked.
[ link to this | view in chronology ]
What does the phone have anything to do with it.
So in other words, bringing up kidnapping and phone encryption is nothing more than a lame attempt to make the audience emotionally receptive to an idiot's argument.
[ link to this | view in chronology ]
You don't trade secure communication (relatively) for the "Maybe" the FBI offers that it will "possibly" be useful in the future to have the FBI break into systems. What kind of shit deal is that?
They are offering us literally NOTHING and asking to take away secure communication just to have another "Tool in their bag" its absurd and what they are asking for is dangerously ignorant.
[ link to this | view in chronology ]
The debate they're avoiding
And no, the requirement to get a warrant does not address the issue.
This is the fundamental debate we need to have before any technological discussion can have any importance. And it is exactly the debate that those in favor of spying are trying their hardest to avoid.
[ link to this | view in chronology ]
Re: The debate they're avoiding
Think about all the benefits; you don't even need a phone to find where the bad guys are. If someone breaks into your house, there is now video evidence. Domestic violence? Video evidence. And it will only be used to protect you!
How could anyone possibly object? If you have an issue, you must have something to hide!
[ link to this | view in chronology ]
Re: Re: The debate they're avoiding
::always look on the bright side of life::
[ link to this | view in chronology ]
Re: Re: Re: The debate they're avoiding
Not necessarily. 320x200 video, at 1/5 time (so, about six frames a second,) mp4 encoded, doesn't use that much bandwidth. I routinely push 12 streams to a remote site using around 1-1.5 mbps. That works perfectly fine on a 10 mbps connection. Sucks if you actually want to use the line for something else (like watch netflix,) but it is do-able. Whether that would be enough for prosecution (usually all they need is a single frame showing the suspect and the victim,) would depend on the courts, the video is pretty watchable and should be useful.
As much as I'd love gig, this probably wouldn't need that much bandwidth.
[ link to this | view in chronology ]
Re: Re: Re: Re: The debate they're avoiding
[ link to this | view in chronology ]
Re: Re: The debate they're avoiding
That has already been proposed by the chief of police of Houston, Texas. Seriously.
[ link to this | view in chronology ]
Re: Re: Re: The debate they're avoiding
And if that isn't evidence it's an awful idea, I don't know what is!
[ link to this | view in chronology ]
Re: Re: Re: The debate they're avoiding
hee hee hee
why not everybody be their own reality show star ! ! !
ho ho ho
then everybody can watch everybody...
ha ha ha
and won't nobody get away with nuthin'...
ak ak ak
[ link to this | view in chronology ]
Re: Re: Re: Re: The debate they're avoiding
[ link to this | view in chronology ]
Re: The debate they're avoiding
[ link to this | view in chronology ]
Re: The debate they're avoiding
Alternate problem - other governments will want their magic key, too. What then?
[ link to this | view in chronology ]
Re: Re: The debate they're avoiding
But then, as Jamie Zawinski would say, "now you have two problems".
[ link to this | view in chronology ]
Re: Re: Re: The debate they're avoiding
Or money. money is also compelling. Especially when you've got a country sized bank account. Ask the staff over at the Hacking Team.
Also on the list of compelling things: blackmail, drugs, a gun to your significant other(s) (and/or children(s) ) heads, etc. In fact, most people would find any of these more compelling on a personal, visceral basis than a little piece of paper with "warrant" printed on it.
And if you're going to build in a master key that unlocks pretty much all of the interesting crypto in the country, none of the above items are melodramatic scenarios.
[ link to this | view in chronology ]
Re: The debate they're avoiding
Now suppose one difference. This tool has a public blockchain built into it recording the use of the tool.
Okay government, here's your backdoor. Except, everyone gets to see when and how that backdoor is used. Everyone!
Just a thought experiment, not saying possible, but could such a tool guide better use and behavior?
[ link to this | view in chronology ]
Re: Re: The debate they're avoiding
Technically, it might be possible. However, you'd very quickly learn the ins and outs of what the terms "state secrets" and "gag order" mean.
[ link to this | view in chronology ]
Let me take a guess as how this would end...
He preaches that the solution should be discussed and viable, but when months has passed and the solution to an impossible problem hasn't presented itself, he is simply just gonna blame the tech companies and go "just give us the damn bloddy keys to everything. Viable solution be damned".
There is NO solution, but they are not going to give up and reconsider when none are found. Instead they are going to go for the "best" solution at the time which will put all of us at major risk.
[ link to this | view in chronology ]
The Government needs to put it in their contracts
[ link to this | view in chronology ]
Signed,
Santa
[ link to this | view in chronology ]
[ link to this | view in chronology ]
End to end?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Mr Comey said that he considers it a desirable outcome if the PRC obtains access to your data. It was a dishonest answer, though, because he qualified it by saying that he would be overjoyed if the PRC used a warrant process overseen by a neutral magistrate to get your data. But he knows that's not going to happen.
So all we're left with is that— Mr Comey feels comfortable with the PRC having access to your data.
[ link to this | view in chronology ]
Re: Re:
"Mr. Comey, please state for the record that you are comfortable with law enforcement and intelligence community members (whom have a legitimate interest, albeit under an entirely separate justice system) from Russia and China utilizing the Unicorn-key you're suggesting we mandate to decrypt all of your personnel correspondence and financial information, at will and without your knowledge."
or maybe one better:
"Mr. Comey, are you prepared to explain to Mr. Chaney that staffers at the International Court of Justice in The Hague, Netherlands, utilized your mandated Unicorn-key to acquire sufficient privileged information to indict Mr. Chaney on War Crimes related charges which led to the extradition warrant in front of me?"
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
In the real world, he doesn't get to implement that caveat. The Chinese pass a law, which is as entirely valid as a law passed in the US, and now they have an entirely legal reason to demand the unicorn-key.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Actually, the problem is that these people think they're in some sort of Hollywood movie but haven't yet graduated to the likes of spaghetti westerns and Dirty Harry which thrived on how grey the real world is. They're still acting out the kind of black hat/white hat fantasy that the generation before mine (at least) rejected as childish.
[ link to this | view in chronology ]
The Big Country
It's a good gateway film to bridge frin the clean dileations in horse opera to the complex haikus of spaghetti western.
[ link to this | view in chronology ]
Learn how to communicate in code, now
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Just a Though
[ link to this | view in chronology ]
government is NOT unhackable
The government has already demonstrated their inability to create unhackable systems.
Therefore the government is not worthy of having access to everyone's keys.
When the government can demonstrate an unhackable system where data cannot be stolen even through rogue workers they can ask for a conversation about storing everyone's keys. Until then they can piss off.
[ link to this | view in chronology ]
Police state supporters
People like them learn nothing from history. Nothing at all. "This time it will be different!" Fools...
[ link to this | view in chronology ]
But they do care....
-Hot Fuzz
http://m.youtube.com/watch?v=yUpbOliTHJY
[ link to this | view in chronology ]
Re: But they do care....
[ link to this | view in chronology ]
It's not just the appearance of being complicit that's bad for business...
It's not just the perception of being complicit that's a problem for companies - the odds of being able to stay secretly complicit are decreasing by the week:
Oh, and apparently to a variety of US Government agencies (state and federal levels).
It warms my heart to to see that the good, well-meaning folks at Hacking Team were only selling their law-enforcement friendly spyware to US Designated "good guys", and weren't in any way influenced by the potential for financial gain by any countries listed by the US as repressive regimes. Oh. Wait...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
To be blunt, the tech companies need to take the same hardass attitude as the gun industry (i.e. "dead-child shmed-child") and pull enough strings to make it officially not their problem (again, just like the gun industry did).
[ link to this | view in chronology ]
Consider this
The solution to this would be to design a kill switch into our weapons. But this isn't happening, probably because the military and manufacturers rightly realize that the technology would not be infallible, and the military worries that somehow the technology could fail or be subverted, putting American lives at risk.
So let's table this discussion of backdoor access to encrypted data until the military solves the kill switch dilemma. They've got smart people, they should simply solve this problem to demonstrate how to take a seemingly intractable technology challenge and use the sheer force of intellect to overcome it. Then our encryption experts will be humbled and will dedicate themselves to designing an infallible backdoor to encrypted data.
[ link to this | view in chronology ]
Re: Consider this
[ link to this | view in chronology ]
Re: Re: Consider this
You want to know how you deal with the enemy using your gear against you? First, take care of your shit, and don't leave it unguarded, so they can't get much of it in the first place. Second, if they do get it, kill them.
Lots of people believe that the U.S. military is the strongest in the world because of our technology, but while it helps, that's not really the primary reason we win wars. Our military is strongest because of two things; training and number of troops. The best gear in the world with someone who isn't trained properly and doesn't have the resource support structure will be overcome by someone with moderate gear that has better training and/or more people.
I know the military is unpopular with a lot of people on this site...no problem, you can have your own opinion. But the U.S. military is not respected around the world purely because of our toys; there is real training and skill behind our forces.
It's really too bad we keep getting used for stupid crap that we shouldn't be doing. We're very effective at winning wars and moderately effective at pointless policing actions. The fact that our mission is political BS isn't really the fault of the military.
[ link to this | view in chronology ]
Re: Re: Re: Consider this
It also explains why the U.S. won in Viet Nam. And on the Korean peninsula.
In fact, everywhere the U.S. Army goes, they're always the good guys, and they always win the war. And if we ever forget that, then the nightly network news makes sure to let us know. And if we ever begin to doubt, then Hollywood comes back with a feel-good movie to tell us the truth.
[ link to this | view in chronology ]
Weasel Word Wizard of the month
It's obvious he couldn't say what he really means, which is, "...by what draconian fines and terms of imprisonment we might impose to force our totalitarian vision upon these companies." But that's sort of unpalatable in this country, so instead we get this shyster BS.
Congratulations, Mr. Comey, you could describe the nuking of a city as a "pop-bottle rocket glitch."
[ link to this | view in chronology ]
The government would never abuse such a system to secretly spy on say, heads of state (Merkel cough cough), or decrypt messages for the purpose of economic espionage.
Who would believe such far fetched claims! Of course that would never happen! We can "trust" them with total access to all global communications. What could possible go wrong?
[ link to this | view in chronology ]
OK then. Lets try that!
If they do that, then they are going to hold every gun company liable for every murder done with a gun. How is that different? What if someone gets stabbed? Are they going to sue Victorianox for making a "weapon"?
Are they going to sue Ford for making the car that that kidnapper used?
The government better be careful what it wishes for. If if gets it, it is going to bit them in the ass.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Fascism 101 : The art of misdirection.
The fact that they even mentioned this "idea" to the public means they have already initiated a secondary backdoor process that will remain in effect secretly after this publically discussed "idea" gets repeatedly shot down in flames and is finally loudly dropped with much fanfare and tooting of horns.
Its the Amurikin Vay, doncha know.
---
[ link to this | view in chronology ]
Re: Fascism 101 : The art of misdirection.
But for Google to do that would annihilate any trust that remained after their name was all over the Snowden releases. They still haven't been able to be completely transparent about their cooperation with the FBI.
If they were super-sharp about it, they'd make the Android crypto open source, and implement a means where people can choose one of several crypto modules.
That way individuals can opt-in to a unicorn keyed crypto if they so chose.
[ link to this | view in chronology ]
Re: Re: Fascism 101 : The art of misdirection.
I suspect the real backdoor will be accomplished through hardware, secretly implanted at the factory level by corporations and businesses due to secret Government Enforcement and financed at least partially through taxpayer funding, and the debate over backdoors for police use will end with the government apparently losing the battle and dropping the idea.
I think the game plan is to make the public think that these "discussions" about how companies "should" allow a police based backdoor be installed into their devices to protect the public from terrorists, means that a universal Magic Key software-based backdoor system is the only plan for public-owned device surveillance that the USG is fielding.
The Feds never bring the public into these kinds of debates unless its to pull the wool over their eyes.
By allowing the dialogue to end eventually with the technologists winning the debate via simple logic -
ANY NON-WHITE RABBIT CAN ENTER ANY RABBIT-SIZED HOLE WHETHER ITS MARKED WHITE RABBITS ONLY OR NOT
- the debate's end is supposed to make the general public think it has won the day and that no such backdoors will be forthcoming.
As with all the other "Secret" dealings the USG has with Corporate America, the real backdoors are already being installed, willingly, or under duress, as a hardware component, cleverly disguised as something everyone who might examine the device in question, would expect to find in such a device.
This is also the way to establish a "fool the terrorist" ploy - by making everyone believe the USG has decided to NOT use backdoors, the government can secretly argue to each Corporate B. of D., that the companies are doing a "patriotic" thing via the secret hardware add-on, because the terrorists will also think the USG dropped the universal backdoor idea and not look for one to exploit.
This is their Sneaky Real Magic Backdoor Key - an invisible Keyhole that nobody knows exists.
Sorry about that. It always hurts my head when I try and think in government mode. Its that old "ends justify means" thing that gets that loop of loopie logic started going in a circle.
---
[ link to this | view in chronology ]
Worse is that if the phone was not encrypted, or the encryption was so weak that anyone with a standard backdoor passcode could decrypt it, then if she were to lose or leave it anywhere that a kidnapper could access it they would have all the information that they would need to kidnap her. A list of all her friends and family, her daily routine and travel patterns, what school she goes to, when she is normally alone and vulnerable, what things she likes, and much more.
What's more, I wouldn't trust Comey not to abduct the girl himself just to try to justify making the rest of us vulnerable to intrusion on all of our electronic devices.
[ link to this | view in chronology ]