Washington Post Observes Encryption War 2.0 For Several Months, Learns Absolutely Nothing
from the we're-going-to-take-this-stupidity-and-DOUBLE-it dept
Last October -- following Apple and Google's announcements of encryption-by-default for iOS and Android devices -- was greeted with law enforcement panic, spearheaded by FBI director James Comey, who has yet to find the perfect dead child to force these companies' hands.
The Washington Post editorial board found Comey's diatribes super-effective! It published a post calling for some sort of law enforcement-only, magical hole in Apple and Google's encryption.
How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.When is a "backdoor" not a "backdoor?" Well, apparently when an editorial board spells it G-O-L-D-E-N K-E-Y. It's the same thing, but in this particular pitch, it magically isn't, because good intentions. Or something.
Months later, the debate is still raging. But it's boiled down to two arguments:
1. This is impossible. You can't create a "law enforcement only" backdoor in encryption. It's simply not possible because a backdoor is a backdoor and can be used by anyone who can locate the door handle.
2. No, it isn't. Please see below for citations and references:
The FBI is at an impasse. Comey firmly believes this is possible, despite openly admitting he has zero evidence to back this claim up. When asked for specifics, Comey defers to "smart tech guys" and their warlock-like skills.
Sensing James Comey might be struggling a bit, the editorial board of the Washington Post is once again riding to the rescue. And they've brought the same level of cluelessness with them. (h/t to Techdirt reader Steve R.)
Mr. Comey’s assertions should be taken seriously. A rule-of-law society cannot allow sanctuary for those who wreak harm. But there are legitimate and valid counter arguments from software engineers, privacy advocates and companies that make the smartphones and software. They say that any decision to give law enforcement a key — known as “exceptional access” — would endanger the integrity of all online encryption, and that would mean weakness everywhere in a digital universe that already is awash in cyberattacks, thefts and intrusions. They say that a compromise isn’t possible, since one crack in encryption — even if for a good actor, like the police — is still a crack that could be exploited by a bad actor. A recent report from the Massachusetts Institute of Technology warned that granting exceptional access would bring on “grave” security risks that outweigh the benefits.After providing some statements opposing its view on the matter -- most notably an actual research paper written by actual security researchers -- the editorial board continues on to declare this all irrelevant.
The tech companies are right about the overall importance of encryption, protecting consumers and insuring privacy. But these companies ought to more forthrightly acknowledge the legitimate needs of U.S. law enforcement.And by "forthrightly acknowledge," the board means "give law enforcement what it wants, no matter the potential damage." After all, what's PERSONAL safety, security and a handful of civil liberties compared to "legitimate needs of law enforcement?"
All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society.Your rights end where law enforcement's "legitimate needs" begin. Except they don't. The needs of law enforcement don't trump the Bill of Rights. The needs of law enforcement don't automatically allow it to define the acceptable parameters of the communications of US citizens.
The editorial finally wraps up by calling for experts in the field to resolve this issue:
This conflict should not be left unattended. Nineteen years ago, the National Academy of Sciences studied the encryption issue; technology has evolved rapidly since then. It would be wise to ask the academy to undertake a new study, with special focus on technical matters, and recommendations on how to reconcile the competing imperatives.The WaPo editorial board is no better than James Comey. It can cite nothing in support of its view but yet still believes it's right. And just like Comey, the board is being wholly disingenuous in its "deferral" to security researchers and tech companies. It, like Comey, wants to hold two contradictory views.
Tech/security researchers are dumb when they say this problem can't be solved.So, they (the board and Comey) want to ignore the "smart guys" when they say this is impossible, but both are willing to listen if they like the answers they're hearing.
Tech/security researchers are super-smart and can solve this problem.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, encryption, golden key, james comey, mobile encryption
Companies: washington post
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
This is interesting. If an investigation is ongoing with authorization from the judiciary and there is real crime going on most companies will help, regardless of encryption involved. And because there is no way of adding Golden Key™ without making encryption completely useless it does not mean those companies don't acknowledge law enforcement needs, it's just that these needs are outweighed by the need of working encryption for a large and essential part of the internet to work properly. Essential as: banking, health services, Government activities etc. And that's not even considering that people will simply flock to other encryption alternatives once the Govt gets its ways with what we have nowadays. Heck, there are automated installers for custom mods for Android devices already, no real deep knowledge needed.
All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society.
For God sake, couldn't they think before publishing such idiocy? Law enforcement CANNOT have access to everything one does/has in the physical world as well. There are several steps to be taken before law enforcement can go and, say, open a safe to see what's inside. Due process. And it mostly includes investigative work that leads to what they want in the first place. No instant access.
And honestly, there is no limit for freedom. We decided as a society that if somebody uses their freedom to harm others they will be punished, sure. The same way we decided as a society that the Government can't be fully trusted all the time and that it must abide by rules to avoid abuse. Warrants, Constitutional protections etc. But there is no limit to freedom as long as you are not harming anyone. And if you do harm somebody then the Government has tools to go after you and protect others. Even if it means taking months to investigate.
Nineteen years ago, the National Academy of Sciences studied the encryption issue
And reached the conclusion that it is impossible to have backdoors. Why are we being dumb and discussing it again if it is independent of how advanced encryption is?
It takes 2 minutes and a brain to read this and notice how flawed and often paradoxical the points expressed are. And these people insist that traditional journalism is much better than the many investigative blogs that are clearly doing a better job out there.
[ link to this | view in chronology ]
I'd be crying
http://www.wired.com/2012/03/ff_nsadatacenter/all/1
a sprawling, multi-million-dollar data collection compound was built in Utah. It also houses supercomputers that could dis-encrypt encrypted files much faster than regular computers could. The latter could take million of years to break the code with turtle speed CPUs.
Please put yourself in their shoes and imagine how you'd feel if the big techs are going to use end-to-end encryption from now on. I'd be crying if I were the data collectors...
[ link to this | view in chronology ]
Re: I'd be crying
But nope, they went straight for the 'l2pn00b' excuse.
[ link to this | view in chronology ]
Re: I'd be crying
I think the word you're looking for is decrypt. :)
[ link to this | view in chronology ]
Re: I'd be crying
The problem the governments have is that any reasonable strength crypto limits their ability to spy on everyone, and forces them to target their spying. So while crypto may not protect targeted individuals, it does make gathering everything rather useless.
[ link to this | view in chronology ]
Re: Re: I'd be crying
Their own reports on the situation admits good crypto stopped them *once*, and they were still able to convict the perp using other methods. They have no need to be able to decrypt everything.
Gathering everything is useless. Making the haystack bigger makes it harder for them to find the needle hidden within it. We're being governed by thick skulled imbeciles who're convinced they're experts, and all they can do when we point out how foolish they're being is insert fingers into ears and go "Can't hear you. La la la ..."
We *all* deserve much better than what these fools are offering everyone.
[ link to this | view in chronology ]
where did this crazy idea come from?
I think i understand now why they think that a 2 key system is perfect. no one likes to use suitcase luggage; especially if it has 2 key holes, and you are only sold one key.
[ link to this | view in chronology ]
Re: where did this crazy idea come from?
CNN
And as we know it'll be the same in the computer world, if they get their way. So while they argue about "State Actors" attacking OPM, I guess they would rather make it easier for them to attack everyone.
[ link to this | view in chronology ]
Re: where did this crazy idea come from?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The problem, as I see it, is that politicians and the media are not capable of thinking in binary terms. They can not understand that encryption and back doors are mutually exclusive.
[ link to this | view in chronology ]
Re:
Reminds me of a joke...
There are 10 types of people in the world; those who understand binary and those who do not.
[ link to this | view in chronology ]
Re: Re:
... and those who know that this is actually a trinary joke.
:)
[ link to this | view in chronology ]
The only thing that has changed is the ability to implement the algorithms economically; neither the math nor the politics has changed.
Why don't you, the Washington Post or some government agency, undertake a new study; then it can say whatever you want and we can avoid the whole argument about bias since we will already know neither of you can be trusted.
There is nothing to reconcile; pass the law that law enforcement wants and let's see the results.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Those who says there are no unicorns just haven't looked hard enough!
[ link to this | view in chronology ]
The fundamental argument is flawed
>>A rule-of-law society cannot allow sanctuary for those
>>who wreak harm.
Thus, since there might be
[ link to this | view in chronology ]
Re: The fundamental argument is flawed
[ link to this | view in chronology ]
Re: The fundamental argument is flawed
I think the British PM should charge them with copyright infringement.
[ link to this | view in chronology ]
Re: The fundamental argument is flawed
It's kind of circular, since as soon as you start to do mass-surveillance (or stripping away the rights to communicate without being monitored), you're basically turning everyone into suspects, which makes you not a rule-of-law society anymore, thus undermining the very premise you started with.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Response to: Anonymous Coward on Jul 20th, 2015 @ 7:17am
[ link to this | view in chronology ]
Rule of law.
Except if you're an investment bank. Or a company avoiding taxes with legal offshore entities. Then it's okay.
[ link to this | view in chronology ]
Re: Rule of law.
[ link to this | view in chronology ]
Hollywood
Hollywood has already 'solved' the problem. Please ask them to share their Tech for DRM... it magically allows only those who have paid for the content to view it.
I hope it works as well for you as it has for Hollywood.
Cheers,
Joe 'I got gut' Sixpack
[ link to this | view in chronology ]
After all, just such a strategy prevents millions of movies from being copied, right?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Logical issue
A single universal point of failure, which is highly likely to have a flaw, and once that flaw is discovered, instead of affecting a subset of everyone, it will affect everyone.
[ link to this | view in chronology ]
A "golden key" system violates Kerckhoff's Principle--it assumes that only the good guys know about it and the adversary won't find out--and therefore can never be considered secure. Period. Sometimes things really are that simple, and this is one of them.
[ link to this | view in chronology ]
Security through obscurity
But much of our species is really dumb about the long game.
[ link to this | view in chronology ]
Golden Key
[ link to this | view in chronology ]
Re: Golden Key
Comey could probably make that argument with a straight face.
[ link to this | view in chronology ]
so force it already and kill what little trust we have left in these corps.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Good Actor
Indeed. They're some of the best actors I know.
[ link to this | view in chronology ]
The other fallacy
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The "Bad" Guys Can Develop Their Own Encryption
[ link to this | view in chronology ]
Washington Post wants to be spied upon
[ link to this | view in chronology ]
All viewpoints are equally valid
[ link to this | view in chronology ]
Re: All viewpoints are equally valid
[ link to this | view in chronology ]
A [brief] history of backdoors
“A history of backdoors”, A Few Thoughts on Cryptographic Engineering, July 20, 2015
His history, though, is just a little bit too brief. For instance, he makes no mention of the “Story of the Greek Wiretapping Scandal”.
[ link to this | view in chronology ]
Right now I could get PGP and hook it up to a email client and hook it up to a friend's client and share our public keys and we can send completely private emails. Are we talking about having that built into gmail?
Is the idea that there be a law that you always have a backdoor to any encryption software implementation?
It is like they are talking about some hypothetical universal encryption thing that doesn't even exist.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"Crypto War 2.0" is a lie!
We need to nuke this until it glows, then salt the ground so this weed doesn't come back to bite us again!
[ link to this | view in chronology ]
Re: "Crypto War 2.0" is a lie!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I want an Oompa Loompa NOW Daddy!
Encryption is not an easy topic. I get that. What I don't understand is the hubris of some people to think they don't need to consult with real experts in a complex field before spewing their drivel.
[ link to this | view in chronology ]
Re: I want an Oompa Loompa NOW Daddy!
[ link to this | view in chronology ]
Re: I want an Oompa Loompa NOW Daddy!
For the progressive left, the purpose of law is to further their political objectives. Not in agreement with their mantra? You are then designated an "enemy of the state". Consequently, using a "Golden Key" is the perfect tool to find out what "enemies of the State" (terrorists) are doing. The NSA may soon be charged with monitoring internet/cell phone conversations to locate all outstanding Confederate flags.
[ link to this | view in chronology ]
Re: Re: I want an Oompa Loompa NOW Daddy!
I am so tired of hearing garbage like this, from shallow as a pane of glass thinkers like you, from "both sides of the aisle."
I'm Canadian. Do you know what "We, the people" sounds like to me? It's socialist. It's defending the little people; the individual rights of the man on the street as defined in the Constitution from both thieves *and* government overreach, as opposed to princes and kings and statist power empire builders like the British establishment as embodied in their House of Lords (their version of the Senate appointed by the royalty for life); perfidious Albion.
Granted, now the Neocons are in charge and Obama (as are the GOP, and Clinton, and Bush) appears to be wholly on board with their agenda, these ideas are getting horribly muddled. Now, neither the Democrats nor Republicans can claim to be defenders of "We the people", yet you can still spit on those who claim to defend "We, the people" (Democrats), and you actively support reactionary, military industrial complex big government, big military, tough on crime, conservative, bible thumping pseudo patriots (Republicans), including southern crackers who defend (still!) the confederacy.
I don't get it. What's wrong with all of you that you can't see this bizarre dichotomy? Your "progressive left" is every bit as meaningless as their "reactionary right", yet you keep on playing that silly "pick a side, and fight" pointless game.
This's why the world laughs at your country these days, when they're not spitting on you.
[ link to this | view in chronology ]
Re: Re: Re: I want an Oompa Loompa NOW Daddy!
[ link to this | view in chronology ]
I'm sure his deals with the CIA have nothing to do with WaPo editorial policy.
[ link to this | view in chronology ]
The Last Word
“"Crypto War 2.0" is a lie!
This is not the second crypto war. It's the same damned war we won and they folded on in the '90s. This is just them demanding a do-over. They resent the fact that those in charge back then folded. Now, they want to resurrect it and continue fighting it. For it to be a new war, they'd have to come up with new arguments for their "point of view", which they haven't! There's nothing new here that wasn't in the last one, other than the fact that those calling for it again are more tyrannical and far less honest, utterly unwilling to accept the reality of the situation!We need to nuke this until it glows, then salt the ground so this weed doesn't come back to bite us again!