Encryption Workarounds Paper Shows Why 'Going Dark' Is Not A Problem, And In Fact Is As Old As Humanity Itself
from the you-don't-know-what-I-know dept
It was October 2014 when FBI Director James Comey made his famous claim that things were "going dark" in the world of law enforcement because of the increasing use of encryption. Since then, Techdirt has had dozens of posts on the topic, many of them reporting on further dire warnings that the very fabric of civilization was under threat thanks to what was claimed to be a frightening new ability to keep things secret. Many others pointed out that the resulting calls for backdoors to encryption systems were a stunningly foolish idea that only people unable to understand the underlying technology could make.
One Techdirt post on the topic mentioned a great paper with the title "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications," which ran through all the problems with the backdoor idea. It was written by many of the top experts in this field, including Bruce Schneier. He's just published another paper, co-authored with Orin Kerr, who is a professor at George Washington University Law School, which looks at the other side of things -- how to circumvent encryption:
The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target's data that has been concealed by encryption. This essay provides an overview of encryption workaround.
The various possibilities are largely self-explanatory:
We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use.
What's interesting is not so much what the workarounds are, as is the fact that there are a number of them, and that they can all work in the right circumstances. This gives the lie to the idea that we are entering a terrible new era where things are "going dark," and it is simply impossible to obtain important information. But as the authors point out:
there is no magic way for the government to get around encryption. The nature of the problem is one of probabilities rather than certainty. Different approaches will work more or less often in different kinds of cases.
Schneier and Kerr go on to draw an analogy:
When the police have a suspect and want a confession, the law gives the police a set of tools they may use in an effort to persuade the suspect to confess. None of the interrogation methods work every time. In some cases, no matter what the government does, suspects will confess. In other cases, no matter what the government does, suspects will assert their rights and refuse to speak. The government must work with the inherently probabilistic nature of obtaining confessions. Similarly, the government must work with the inherently probabilistic nature of encryption workarounds.
That analogy reveals something profound: that the supposedly new problem of "going dark" -- of not being able to find out information -- has existed as long as humans have been around. After all, there is no way -- yet, at least -- of accessing information held in a person's mind unless some kind of interrogation technique is used to extract it. And as the analogy shows us, that is exactly like needing to find some encryption workaround when information is held on a digital device. It may be possible, or it may not; but the only difference between the problems faced by those demanding answers thousands of years ago and today is that some of the required information may be held external to the mind in an encrypted digital form. Asking for guaranteed backdoors to that digital data is as unreasonable as demanding a foolproof method to extract information from any person's mind. We accept that it may not be possible to do the latter, so why not accept the former may not be feasible either?
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bruce schneier, encryption, encryption workarounds, going dark, orin kerr
Reader Comments
Subscribe: RSS
View by: Time | Thread
Kudos
[ link to this | view in thread ]
People need to remember, it never has been about 'justice', just closing cases.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
on the basis of an individual case,
Which is to say the feds beef isn't that it can't investigate. It's beef is that it can't snuffle everybody's traffic at will and then use parallel construction to selectively persecute whomever it wants.
Which really seams to be driven by Comey himself rather than the FBI as an institution. Where this guy gets off thinking the FBI is a tool for his god appointed role as a king maker, I will never know.
[ link to this | view in thread ]
Getting convictions
No more than the average person, I don't want to die in an attack. But on the flip side, I don't want to give up privacy.
Many say that if you're not breaking the law, then why are you so concerned about being monitored? On the surface, and without thinking about it, that's a pretty strong argument for a total surveillance state. Afterall, if it's illegal, then why should someone expect their "doin's" to be private?
The reason, for those that don't see it, is that not everything the state thinks is wrong is a crime. At one point, dating someone of a race other than your own was criminal. Smoking pot is illegal according to Federal law, but is legal in many state laws.
What is reprehensible is that if one dares to raise the issue of Jury Nullification, that is a felony in many states.
I've no answers. I wish I did.
[ link to this | view in thread ]
always been about power
"...never been about encryption... It has always been about power.."
Yup. Our politicians insist that they ("government") have an inherent “right to know” about all the private matters of the entire American citizenry. They do not say that openly, but it is obvious from their daily actions ("collect it all"). Obstacles like citizen 'encryption' MUST be neutralized across the board... to secure the government's perceived "right to know"!
But politicians/judges/bureaucrats have no "rights" whatsoever-- only very limited authorities granted by the citizenry in legal form (Constitution). There is no general "right to know" for government, even in the courts.
There NO exceptions to the 4th Amendment for national security, law enforcement, or border searches. Politicians sitting on the US Supreme Court blatantly ignores that fact.
Despite this fundamental truth, our self-imagined rulers arrogantly demand that Americans acquiesce to massive invasions of privacy... due to whatever the latest political crusade happens to be for these rulers --- yet they insist on strictly maintaining their own state secrets privilege from the very people who hired them (citizenry).
U.S. government obvious desire to closely watch & control the American populace is self-evidently an extreme dangerous to liberty.
[ link to this | view in thread ]
Re: Getting convictions
The first risk is due to the isolating effect of a surveillance state, people who are dissatisfied with the state think that, and with some justification, talking about their dissatisfaction and trying to organize change is liable to get them into trouble. This drives some people into seeking out those organization that will help them to take violent action, or simply claiming affiliation to magnify the effect of the action that they take.
People need a degree of privacy, and need to feel that they can talk about their dissatisfaction with governments without being promptly targeted as a potential terrorist.
[ link to this | view in thread ]
[another matter: it's time to give some thanks around here.
thanks to the russians for showing us we have traitors in government and in business.
thanks to the traitors for showing us the wisdom of the founding fathers (and mothers).
thanks to the founding fathers and mothers for giving us a nation with the resilience that can withstand even this treachery.]
[ link to this | view in thread ]
Re: on the basis of an individual case,
The second step is USING the power for more...personal gains than just the security of the nation.
Step One has been ongoing for quite a while, not surprising to see the intelligence community flex its power now.
[ link to this | view in thread ]