I ran across this from the Cyberlaw Podcast notes[0]. Their brief description of it is why I thought it'd be interesting for the HN crowd:
>The National Academy report on encryption access has demonstrated that access is well within the zone of plausible technology policy, with support from a group of prominent tech experts, such as Ray Ozzie, all of whom know math.
I certainly don't agree with that statement, but I'm a long way from a cryptographer or security expert. I'm mostly looking forward to the EFF refutation, though I'm a little surprised it isn't already up...
It's possible to design a system that lets the government decrypt (essentially) everything. The same technology that lets you send a PGP e-mail with two recipients allows you to send a message that can be decrypted by the NSA as well as your recipient.
What's not possible is protecting against bad actors within government; preventing the oppressive governments from insisting on the same powers, allowing them to further oppress their citizens; and eliminating the backdoor-free encryption that evildoers will instantly move over to, which has to be eliminated if trained terrorists are the true targets of the back doors.
But it's possible legislators don't care about these issues as much as freedom advocates do.
> It's possible to design a system that lets the government decrypt (essentially) everything. The same technology that lets you send a PGP e-mail with two recipients allows you to send a message that can be decrypted by the NSA as well as your recipient.
It's not that simple. That "solution" has the government key as a single point of failure: when it leaks, everything is compromised.
So put it in a Hardware Security Module [1] and store it in Fort Knox.
Competent certificate authorities manage to store their private keys and not leak them. And the security community loves SSL, even though it depends on that.
You don't need crypto or security expertise, just rhetoric. What are they not mentioning?
AFAICT "a backdoor" vs. "a backdoor that gives the FBI access while keeping both Putin and El Chapo out, and works on phones bought via mail order from China".
The debate about "technical plausibility" should not even be on the table.
Nowhere under US law does the government have any right to mandate that individuals must communicate via mediums that allow for surveillance. The idea that such a government right exists is absurd.
Maybe the NSA and CIA should figure out how to secure their own illegal digital operations first and then get back to this when they have less pressing matters on their hands.
The writing style of the Cyberlaw Podcast certainly makes it hard to take them seriously:
> ...but by the collapse of the left-lib claim that building law enforcement access into IT devices is impossible because, uh, math.
Except no-one is claiming that building law enforcement access into IT devices is impossible because of mathematics. The claim is that there is no way of doing so that doesn't create a general vulnerability.
Also, let's assume this "solution" gets implemented into every smartphone out there. And then we discover that it actually doesn't work as well as theorized, and it can now be abused by hackers.
What then? Will the FBI agree to put that genie back in the bottle and have all OEMs remove support for this solution? Or will they go whine to the media and Congress that this solution can't be removed because "it's been so helpful in catching criminals and that odd kidnapper out of 1,000 cases", as they usually do when defending surveillance powers they've already had for a decade, whether illegally or legally, and then someone tries to rein in on those powers?
Criminals are not "going dark". If anything, there's been an Enlightenment Age of Surveillance over the past two decades. They have more data and more tools than ever (including the recent FISA law that allows the FBI to see all raw data going through ISP cables). And perhaps that's the problem, and why they keep missing so many cases. Too much noise that's captured.
It doesn't look like the FBI and the US government will ever be satisfied with anything other than complete surveillance of everything US citizens are doing - which is exactly what China is implementing right now.
(By the way, in relation to that article, the FBI is already seeking access to whatever Alexa and other such devices are recording, which could be increasingly more data as the tech improves).
Does anyone here actually believe that this is not actually FBI's goal? Or do they think that if this solution will be implemented, they won't find some other thing to complain about? Maybe open source encryption?
> If anything, there's been an Enlightenment Age of Surveillance over the past two decades.
For me, a watershed moment was the suppression of the Green Revolution in Iran. Organizing on social media got the world to notice, but it also provided the Iranian government with an indelible audit trail leading back to the dissidents.
That sounds like a good endorsement. Those of use who are competent and honest have been pretty tired of the FUD and downright lies around the benefits of single-user encryption.
Specifically, if admin master keys are so dangerous, why does Google, Microsoft, and every other tech company have one into the employee's hard drives?
The claim made by that article isn't nearly as strong as what you're saying it claims. Two-user encryption obviously can be made secure.
But when one of the keys that can decrypt something is shared by every message using that protocol, it is fragile - a leak breaks everything using that protocol. This is what that article actually says, and seems to also be correct.
A related point is that two-user encryption is insecure when one of the parties has no stake in the contents staying private, which is the case when the government can decrypt your data.
Your splitting of the hair on "secure but fragile" depends on the assertion that the US government has no interest in maintaining the security of conversations of all US devices? That's inane and insane, respectively.
Because the problem corporations face is pretty much the reverse of the problem at issue here. In a corporation, the only entity being protected is the corporation itself. Master keys exist to provide access to all of a corp's devices, even if employees forget their passcodes etc. The entity controlling the master keys is the entity being protected, and while having those keys compromised would not be great, the loss of data from not having master keys is a much bigger threat.
OTOH, for citizens, a master key with access to their private data is a problem. The data owner is not the owner of the master key in this context and therefore the very existence of such a key is much more problematic even if the key is never leaked to unauthorized parties.
Neat argument. That's a totally different one than "backdoors can never be secure", right? Like, we've established that all that hub-bub [1] was a complete farce and we've now moved on to a different point of discussion, right? Cool, thanks.
My bad for missing this when I did a quick search of your website. Glad to see you guys still sticking up for the good fight, even if it is never ending. Do you see any particular clear legislation coming out of this that I can call my representatives over? Any call to action to refute this report in particular?
You can write to your Congressional representatives telling them that, as a computer professional, you know how vital encryption is for our online security, and you don't want to see any restrictions introduced on what kind of security tools technologists can provide for computer users.
If "decision makers" don't already respect the framework of personal liberty and individual rights, then they have no business being "decision makers" in the first place.
28 comments
[ 2.4 ms ] story [ 67.5 ms ] threadNo payment is required, or even a real email address.
I ran across this from the Cyberlaw Podcast notes[0]. Their brief description of it is why I thought it'd be interesting for the HN crowd:
>The National Academy report on encryption access has demonstrated that access is well within the zone of plausible technology policy, with support from a group of prominent tech experts, such as Ray Ozzie, all of whom know math.
I certainly don't agree with that statement, but I'm a long way from a cryptographer or security expert. I'm mostly looking forward to the EFF refutation, though I'm a little surprised it isn't already up...
[0] http://reason.com/volokh/2018/04/02/keeper-loser-weeper
What's not possible is protecting against bad actors within government; preventing the oppressive governments from insisting on the same powers, allowing them to further oppress their citizens; and eliminating the backdoor-free encryption that evildoers will instantly move over to, which has to be eliminated if trained terrorists are the true targets of the back doors.
But it's possible legislators don't care about these issues as much as freedom advocates do.
It's not that simple. That "solution" has the government key as a single point of failure: when it leaks, everything is compromised.
Competent certificate authorities manage to store their private keys and not leak them. And the security community loves SSL, even though it depends on that.
[1] https://en.wikipedia.org/wiki/Hardware_security_module
AFAICT "a backdoor" vs. "a backdoor that gives the FBI access while keeping both Putin and El Chapo out, and works on phones bought via mail order from China".
Nowhere under US law does the government have any right to mandate that individuals must communicate via mediums that allow for surveillance. The idea that such a government right exists is absurd.
Maybe the NSA and CIA should figure out how to secure their own illegal digital operations first and then get back to this when they have less pressing matters on their hands.
> ...but by the collapse of the left-lib claim that building law enforcement access into IT devices is impossible because, uh, math.
Except no-one is claiming that building law enforcement access into IT devices is impossible because of mathematics. The claim is that there is no way of doing so that doesn't create a general vulnerability.
https://assets.documentcloud.org/documents/4424780/Fbi-Iphon...
Also, let's assume this "solution" gets implemented into every smartphone out there. And then we discover that it actually doesn't work as well as theorized, and it can now be abused by hackers.
What then? Will the FBI agree to put that genie back in the bottle and have all OEMs remove support for this solution? Or will they go whine to the media and Congress that this solution can't be removed because "it's been so helpful in catching criminals and that odd kidnapper out of 1,000 cases", as they usually do when defending surveillance powers they've already had for a decade, whether illegally or legally, and then someone tries to rein in on those powers?
Criminals are not "going dark". If anything, there's been an Enlightenment Age of Surveillance over the past two decades. They have more data and more tools than ever (including the recent FISA law that allows the FBI to see all raw data going through ISP cables). And perhaps that's the problem, and why they keep missing so many cases. Too much noise that's captured.
It doesn't look like the FBI and the US government will ever be satisfied with anything other than complete surveillance of everything US citizens are doing - which is exactly what China is implementing right now.
https://www.rfa.org/english/news/china/surveillance-03302018...
(By the way, in relation to that article, the FBI is already seeking access to whatever Alexa and other such devices are recording, which could be increasingly more data as the tech improves).
Does anyone here actually believe that this is not actually FBI's goal? Or do they think that if this solution will be implemented, they won't find some other thing to complain about? Maybe open source encryption?
For me, a watershed moment was the suppression of the Green Revolution in Iran. Organizing on social media got the world to notice, but it also provided the Iranian government with an indelible audit trail leading back to the dissidents.
Specifically, if admin master keys are so dangerous, why does Google, Microsoft, and every other tech company have one into the employee's hard drives?
Do you have an argument to the contrary?
But when one of the keys that can decrypt something is shared by every message using that protocol, it is fragile - a leak breaks everything using that protocol. This is what that article actually says, and seems to also be correct.
A related point is that two-user encryption is insecure when one of the parties has no stake in the contents staying private, which is the case when the government can decrypt your data.
I think we're done here.
Your splitting of the hair on "secure but fragile" depends on the assertion that the US government has no interest in maintaining the security of conversations of all US devices? That's inane and insane, respectively.
OTOH, for citizens, a master key with access to their private data is a problem. The data owner is not the owner of the master key in this context and therefore the very existence of such a key is much more problematic even if the key is never leaked to unauthorized parties.
1. https://www.schneier.com/blog/archives/2015/09/tsa_master_ke...
Thanks for chiming in!
https://en.m.wikipedia.org/wiki/Clipper_chip