WaPo's Excellent Explainer On Encryption Debunks WaPo's Stupid Editorial In Favor Of Encryption Backdoors
from the hey,-you-guys-should-talk! dept
Washington Post reporter Andrea Peterson has put together a really excellent explainer piece on what you should know about encryption. Considering the source, it's a good "general knowledge" explainer piece for people who really aren't that aware of encryption or technically savvy. That's important and useful, given how important this debate is and how many participants in it don't seem to understand the first thing about encryption. But what struck me is this little tidbit:Can the government stop terrorists from using encryption?It goes on, in some depth, to explain just what a stupid idea it would be to outlaw end-to-end encryption, noting that there are lots of non-US companies and plenty of open source offerings for encryption that would still be widely available and used.
Well, no. The most the government can probably do is bar companies from offering the most secure forms of encryption to their users. But encryption isn't just one product. Just like the math it's based on, it's really more of a concept or an idea rather than a specific technical tool.
And it's pretty impossible to outlaw ideas.
Now, compare that to the ridiculous editorial that the Washington Post put out a year ago, advocating for just such a solution:
How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.Hey, Washington Post editorial board, I hope you read your own newspaper.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: andrea peterson, backdoors, encryption, going dark, golden key
Companies: washington post
Reader Comments
Subscribe: RSS
View by: Time | Thread
Follow the money
[ link to this | view in thread ]
Honestly can't trust most of it anyway
[ link to this | view in thread ]
Maybe the financial institutions will put a stop to this
[ link to this | view in thread ]
golden key
Gold is expensive, criminals are poor and stealing gold is already illegal.
With no criminal able to afford or steal gold there is no way they can duplicate gold keys!
[ link to this | view in thread ]
Re: Honestly can't trust most of it anyway
Given that the methods and algorithms are known to the attacker, how much energy (in terms of time and resources) is required to decrypt the data? Is this greater, or less, than is required to protect the data from abuse?
Q-wave and quantum computing currently don't decrease the energy required; they just shift the energy from time to resources. Once everyone has their own quantum computing chip built in to their mobile phone, you'll have a point. Until then, traditional crypto is strong enough for many applications (such as securing your communications in transit). For data at rest, you can assume that if someone wants the data, they can probably brute force it -- but using a crypto key or long password essentially equates to a one time pad, and so is strong enough.
If you REALLY want strong encryption, you need what TrueCrypt allows for: embed multiple sets of data into the encrypted stream, such that cryptanalysis is likely to find the decoy data before it finds the real data. Of course, if they know you've done that, they can keep on looking to see what else they can find....
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: golden key
Gold in this case is just a metaphor. It's really just another password, known only to the good guys. They will probably choose something like "password" for their "golden" key, because, you know, the bad guys would never think to try that.
[ link to this | view in thread ]
Re: Honestly can't trust most of it anyway
[ link to this | view in thread ]
Re: Re: golden key
[ link to this | view in thread ]
1) The mass indiscriminate surveillance as practiced by the NSA and their friends has been declared unconstitutional, yet the Government has no plans to stop it.
2) The directors of the CIA, NSA, and FBI have a perfect track record of lying to Congress each and every time they have been required to testify about their actions and surveillance programs.
3) Companies like Apple and Google are routinely served with National Security Letters, with NO oversight required of the agencies doing the serving, and where an absolute gag order accompanies the letters.
4) The CIA, NSA, and FBI each routinely and persistently ignore the law when it gets in their way (with no penalty for breaking it).
5) The NSA has been caught secretly subverting encryption standards, hacking servers and communication lines, tapping foreign dignitaries, tapping the United Nations private conferences, exploiting zero-day vulnerabilities, planting malware, etc., single-handedly nearly destroying the overseas marketplace for internet services provided by US companies.
To be worthy of trust, one has to act trustworthy. Considering the damage that the NSA et al has done to US internet businesses, is it no wonder that we are where we are today? If the US Government insists on backdoors or some kind of key escrow for every service, all they will do is succeed in finishing the destruction of US internet companies overseas. It definitely won't stop encryption.
[ link to this | view in thread ]
Re: Re: golden key
[ link to this | view in thread ]
You can fly
[ link to this | view in thread ]
Re: golden key
a backdoor that only works in the presence of winged unicorns...
then we can limit the supply of unicorns to just the NSA
(and rich elite)
[ link to this | view in thread ]
"...the destruction of US internet companies overseas."
But not just internet companies, all US IT companies in general are being considered suspect, particularly those involved in technical infrastructure.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Maybe the financial institutions will put a stop to this
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Think maybe the driver of the Internet of Things (IoT) is not that this will help consumers (does my toaster really need to connect to the Internet?) but another way the government can know what everyone is doing?
Out of the realm of possibility? Barbie can now alert the cops if a parent is abusing their kids (or doing who knows what else).
The government was tapped into our communications long before the current issue, going back to the beginning of communications. They were hardwired in. Why should we expect today be any different? It's always been there, will be there in the future.
[ link to this | view in thread ]
Re: Honestly can't trust most of it anyway
So no, until there is a major breakthrough in quantum, most encryption is still fairly safe.
[ link to this | view in thread ]
Re:
If they can get the practice legalized however, such that they don't have to do it in secret, any limits vanish, and they would drastically increase their actions.
Put simply, even if they are already slipping backdoors into things, it's better to at least force them to do it in secret, rather than allowing them to force companies to do so on their behalf.
[ link to this | view in thread ]
Re:
um, Google does not provide automatic, end-to-end encryption. Apple does but not Google.
Google only encrypts to their servers. Google can see all the data, your chats, your video, your email.
Apple encrypts end-to-end. Only the participants, and not Apple, can see the data.
Google's method is fine against industry hackers but not against government types like NSA and FBI.
[ link to this | view in thread ]
Re:
Don't forget cops using any stop as an excuse to search through people's phones, and the TSA wanting to search devices at the airport.
[ link to this | view in thread ]
Re: Re: Honestly can't trust most of it anyway
YOU WILL NOTICE THIS everywhere,
specially in the stocks market
[ link to this | view in thread ]
Re: Re: Re: Honestly can't trust most of it anyway
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: golden key
12345 too complicated. And does not represent their belief that they can do no wrong and that they are above all else in this universe and beyond.
[ link to this | view in thread ]
Re:
So if we are to have true encryption. we need it at the main processor. and an ID to said processor that is like 32 characters long or longer With a closed system of communication between processors that no outside eyes can see.
[ link to this | view in thread ]