Oh hush. Thereâs no possibility government employees would abuse this. It says so right in the law.
This is a non-sequitir. What do TSA locks with master keys have to do with people smashing locks open? Isnât the problem there all about people failing to take advantage of the backdoor, not that the backdoor was there? Further, the point about theft seems questionable - are we implying nothing was stolen before the invention of Travelsentry bags? Or from airports in other countries? Can we actually even connect those thefts to the existence of the backdoor, given that locks can be smashed off, and the majority of thefts identified by CNN were by baggage handlers without (apparently) access to the master key?
Personally I donât think the technology is there yet to make backdoor-encryption viable. (I donât think itâs totally unworkable, you just need to make it so that the backdoorâs access is impractical to abuse and really inconvenient, perhaps requiring physical access/disassembly of the machine and some kind of physical device to do the unlocking. From an individual liberty point of view, this would maintain the present situation with respect to security/privacy - an individual can lock stuff in a safe, but a court can order someone to go at the safe with a drill.) But this TSA-lock analogy just fails.
I thought the same thing while reading the first time, and it does seem a little out of place. But after another read, the point of the paragraph itâs in is about unaccountability and buck-passing, which is definitely a related issue.
Required backdoors in encryption would be more like requiring every safe to have its combination registered in a big list (or⌠requiring every luggage lock to have a master keyâŚ). No drill required - if you have access to the list and the safe, you can get in with ease and thereâs no evidence afterwards that you did. And since weâre also talking about bits that fly across the internet, thereâs never going to be a way to require physical access.
There are already ways to go at encryption with a drill. The problem is that the government is saying thatâs too difficult, and they want a nice easy way in at all times.
Well, my point is that it comes down to how these backdoors are implemented. The assumption seems to be that backdoors = like you say, the ability to backdoor access over the internet. Which is certainly silly and a bad idea. But law enforcement - at least, reasonable law enforcement under judicial oversight does not need that. Backdoors that work on physical access would be a reasonable counter to things like phones with encrypt-by-default.
In terms of the drill-analogy, the problem is that it is getting harder. Strong encryption could take many years to brute force, and that is certainly an escalation from the existing situation before the internet where once you get a search warrant, most locks can be legally broken with a box of basic tools and an afternoon.
Of course you can say that law enforcement have other things they can do nowadays (like interception and survelliance), but personally Iâd rather ban mass interception and work for a return to the old model of âcrack a safe once you get a warrantâ, than the new method of âcollect everything in case it becomes usefulâ.
Also my first thought, but, it also points out that even if you do use encryption the government can still use a hammer to get what it wants with impunity and that itâs âwho will think of the childrenâ (or something) hyperbole about encryption is BS. That and the TSA is stupid. Generally, though, this is Cory at his best - compelling and visceral essay on an abstract topic.
Bits are bits. It doesnât matter whether theyâre sitting on a device the owner physically has, flying across the internet, or sitting on a companyâs server. You canât put a backdoor in for one of those cases that wonât impact the security of the others, unless you somehow require only a specific case to use a specific type of encryption.
And in either case, theyâre not asking for them to be separate. Cameron has been talking about any âmeans of communication between two peopleâ. So even if this hypothetical physical-access-backdoor-encryption were possible, itâs not whatâs being discussed.
Requiring a specific case to use a specific type of encryption is the exact point. If for example your private keys are stored in a location on your hard drive whose protection can be overridden by setting a physical switch, then you have something that requires physical access to break but is still secure when crossing the internet. Iâm not saying thatâs a solution, Iâm saying that this does not seem like a technologically insurmountable issue.
Youâll have no argument from me that Cameron is a doo-doo-head. But I canât help but think thereâs a failure of imagination with respect to whether we can have a reasonable compromise that still preserves secure communications, but also grants law-abiding, due process following, authorities no more and no less access than they have, and are supposed to have.
âŚthen you have something that is insecure against anyone who has physical access to the device, and have removed the whole point of local encryption. And you still donât satisfy all the officials (not just Cameron) who are calling for the ability to open up and read any communications.
Itâs said that a good compromise is disliked by both parties, but that doesnât mean that anything that both parties dislike is a good compromise.
[edit]
Hereâs the problem with this: I can do all kinds of things with information I physically store to make it inaccessible both to law enforcement and to others, and thereâs nothing they can (or should be able to) do about it. I can seal it in impractically-thick layers of metal that would take days to get through, or drop it to the bottom of the ocean. I can write it in a language of my own devising that no one else knows. I can encrypt it with a sufficiently large one-time pad. I could even manually use the available encryption algorithms and write down an encrypted version.
What theyâre trying to say is that, only in the case of digital information, you arenât allowed to do that last thing, unless you also provide us a key to it that we can use at any time. Thatâs not giving them access that theyâre supposed to have, thatâs severely cutting back the security that we are supposed to have.
I think that the issue isnât making so much making it be easier but untraceable. Apparently one of the thing that will ensure that the TSA will open your bags is putting a seal* on them like zip tiesâŚ
- a lock is a device to make opening something difficult and a seal is designed to provide evidence that it has been opened. Sometimes there is overlap that theyâre not the same function.
No, no, no. With crypto you canât have it both ways. If you have an input into the algorithm that specifies âoh, this is a local law enforcement personâ that can and will be forged by others. Thereâs also no way to say âoh, this is local access but that is notâ. Crypto is flat out a mathematical formula. There is really no way to make things secure all the time but insecure to law enforcement.
Frankly, I donât want law enforcement to have the keys to my information at all, anyway. Theyâve completely blown my trust. From the constant systemic racism to them having the ability to trump up charges against you just because they donât like your face, or you were a slight bit standoffish against their authority.
This gambit for backdoors is not for âwe found this guy committing a crime, now we need enough evidenceâ, this is also entirely for fishing expeditions to find people who they can lock up. Regular law enforcement almost never needs to break someoneâs crypto. Police have been putting people away when those conversations happened away from anyone else and were lost to the nonexistent ether. They have plenty of other tools, this is nothing but a power gambit over the populous.
âŚthen you have something that is insecure against anyone who has physical access to the device, and have removed the whole point of local encryption. And you still donât satisfy all the officials (not just Cameron) who are calling for the ability to open up and read any communications.
I already said that I gave this purely as an example, and the particular thing I am giving this as an example of is the fact that something can be made to have different levels of security depending on the level of physical access to a device. In this scheme, we have something with zero physical security, yet perfect online security. It is far from the only example I could have given, Iâm just saying the idea that idea that âencryption is just encryptionâ is wrong. It really should be obvious: how many of us have strongly encrypted stuff, and then wrote down our password on a piece of paper?
Iâm not saying this is exactly how youâd do things. But I would argue that in terms of protecting our data from criminals, online security is generally much more important than physical security. A security system that is crackable over the internet in a week is hugely broken. A 4 digit PIN on a device that could be cracked in a week, with physical possession of the device? Most of us accept that degree of insecurity. And that degree of security would be sufficient to also discourage fishing operations.
Yes you can, but itâs awkward, inconvenient, and no one does it for you by default. The fact that youâve gone to extreme lengths to secure the document could be used against you.
This is different in the digital sphere. Firstly, with the rise of encryption by default, it gets much easier and more common to encrypt everything, and the decision to encrypt itself confers no useful information. Secondly, the fifth amendment provides a legal protection to refusal to decrypt that it does not grant to refusal to grant a key to a safe, because of the rules on testimony against oneself.
Finally, I donât propose that a move to introduce backdoors means that non-backdoored devices become illegal. I mean instead that standards be introduced whereupon physical backdoor systems become commonplace and simple to implement, and that legal guideline be set that enables juries to consider the use of circumvention of backdoors in deliberations. This would establish a direct parity with the existing legal practice for non-digital documents.
Crypto is a mathematical formula, but implementation of crypto is not. My rsa private key is 16 kb of random ASCII, but if you could get to my computer keyboard you only need to type in a 4-12 letter password. Or, heck, my hard drive is unencrypted anyway, so if you take it out and scan it youâll have everything. It doesnât mean I have zero security. I am also pretty well protected from fishing operations because visiting every PC and stripping their hard drives is a pain in the arse!
Feel free to hate law enforcement (I disagree). But the idea that backdoors are a black and white thing that can only be implemented one way is rather naive.
The implementation is the cornerstone here. But we, who trust the law enforcement as much as their past performance allows, are aware of that, Thatâs why I expect key storage devices to appear that will destroy the uncrackable long key if the PIN is entered wrongly for too many times, and to be tamper-resistant.
The data are mine. I am the highest authority that decides who will get the access; not a cop, not a judge, not a president, just me. This should be my little domain, my little kingdom, where no one else has the right to intrude even if theyâd have more paperwork than they weigh, even if the papers would carry the Big Round Stamp.
Encryption is not a safe. Encryption is more like writing something in only a language you know. Comparing it to a safe with a key is a really bad analogy, especially when youâre talking about things which impact the protection they provide.
And (ignoring that this specific article is talking about UK policy, where the fifth amendment doesnât apply), if the fifth amendment provides a legal protection, then why would it be a good thing to bypass that protection for every American regardless of whether theyâre suspected of a crime?
Nobody wants any backdoors, except for the people who want to view our documents without our permission! Whether those people are law enforcement or criminals is completely immaterial.
So you want âyou wouldnât complain if you had nothing to hideâ to be enshrined into our legal system as direct evidence of guilt? This is really going off the rails now.
Not at all. When it comes to security back doors are a security flaw. Period. They are like a screen door on a submarine. And your analogy to vulnerabilities to physical access is bunk because with back doors, you donât need physical access.
[quote=âNonentity, post:15, topic:56609â]
Encryption is not a safe. Encryption is more like writing something in only a language you know. Comparing it to a safe with a key is a really bad analogy, especially when youâre talking about things which impact the protection they provide.
And (ignoring that this specific article is talking about UK policy, where the fifth amendment doesnât apply), if the fifth amendment provides a legal protection, then why would it be a good thing to bypass that protection for every American regardless of whether theyâre suspected of a crime?[/quote]
I never said regardless of whether theyâre suspected, Iâm saying there needs to be a way for warranted searches to break encryption in practical periods of time.
Why is encryption not like a safe? The reason for a fifth amendment protection to password protected files is that by unlocking the files, the suspect admits ownership of them. The point of a physical backdoor is to obtain access to the files without making the suspect make that admission.
Nobody at all? While some people believe otherwise, the vast majority of people approve of some limited concessions to privacy to allow criminal investigations. I concede your right to violate my privacy at times, in return for a right for my representatives to violate yours.
I want a consistent set of rules for acts that constitute apparent concealment or destruction of evidence, yes. âI have an encrypted file and I refuse to shareâ should be treated absolutely equivalently to âwhen we raided the offices, we found the suspect stuffing documents into a shredderâ. There is no material difference between them.
Hardware backdoors are a thing that exists. You can make a backdoor that requires physical access. Thatâs the sort of back door I am talking about. If you donât think that should be called a âback doorâ, then what should I call it? Because this is an useless semantic argument.
I didnât say those acces points donât exist, rather that your analogy to physical access misstates the scope of the kinds of back doors government wants, which include remote access, not merely the ability to decrypt hard drives in person with physical access.
Insofar as dumb idiots like Cameron want silly types of backdoors, I think thatâs a mistake. But I am not Cameron, and Iâm not saying Cameron is not an idiot, or defending a single word that man says. Iâm saying that âback doorsâ includes types of back doors that are more secure and practical, and that might confer some of the possibilities criminal investigations can take advantage of, while not opening things up to criminals and mass-survelliance.
