Encryption backdoors are like TSA luggage-locks for the Internet

I’ve already stated what I feel it’s more directly comparable to.

Bullshit. The point is to read the files without any need for cooperation from the suspect (or from the person the backdoor is being misused against). Ownership of the files at that point doesn’t factor into it to any meaningful degree.

Bahahahahahahahahah… Oh, wait, you’re serious?

Guess what… if that were the way things worked, then there would be absolutely no need for backdoors.

The history of the clipper chip, though, the backdoor from the 90’s, shows that in the past the government has not sought such limited, “secure and practical” back doors you hypothesize but rather seek to weaken all encryption. And, indeed, as the Snowden documents reveal, the NSA proceeded to do just that and weakened the security of multiple infrastructures so that it could get what it wanted, without regard for how that weakened the economic and security of the nation which depends on encryption for commerce.

1 Like

Look, at the end of the day, there’s two arguments here:

  1. Is it possible to achieve something in between the idea of no security, and absolute security? I think the answer is yes, because of the importance of physical access, and our existing acceptance that physical security can be a lot weaker than online security.

  2. Is it desirable to deviate from the position of absolute security? This is a whole other argument. And honestly? I think the answer is yes. I see the future as requiring us as citizens, and the government representing us, to require increasing levels of scrutiny of the emerging power of private corporations. If we want corporations to be in check at all, we need mechanisms for laws to be applied to them. In the realm of absolute security, that security would be used against you.

Not only will backdooring of crypto allow them to see all your private information, it will also allow them to backdoor everything else.

Cryptography is used to authenticate software updates. If they have access to backdoor that, then they can place anything on your system as part of a software update. As Bender would say “You are infinity Boned”.

1 Like

Some people feel safe writing their passwords on a sticky note stuck under their desk. That doesn’t mean everyone should be forced to that level of physical security.

You should weaken your own personal security because otherwise the government might not be able to go after corporations? That’s really an argument you’re going with?

2 Likes

I did not say people should be forced to do that.

Yes, it is. I’m saying the concept of a warranted search needs to continue to exist, and be relevant. That at the end of the day, we benefit from having a legal system that can investigate, because the benefits outweigh the abuses. A future without the law is not as good as the security absolutists seem to think. Corporations are composed of private individuals, there is no way to investigate corporate crime without intruding into private privacy.

The prevailing attitude around here seems to be that every suspect is innocent, that the legal system is composed solely of the government oppressing the good guy. But that isn’t even close to the reality. What the legal system is on the whole, is a system of adjudication between some of us, and some others of us. Between alleged victims, and alleged perpetrators. It is a system that is sorely required, not because it’s good, but because we have so few alternatives that aren’t even more tainted by money or the imbalance of power. This system needs tools to find out what the just solution is, to find the right balance of rights between the two sides.

While privacy is important, arbitary moves to favour and protect the suspect does not always serve society, it can move us further away from justice, which is what we really want, and which the absence of law will never, ever provide.

Ask any security researcher (I can and do, I work with them all the time) and they will tell you that the answer is an astounding no; you cannot add a crypto backdoor that can be only used in one place or another. You either can get at the data or you cannot. Adding any sort of back doors that police or any other one agency has a key to means that key can be obtained. It doesn’t matter /where/ that key is used.

Hardware backdoors (which seems to be what you’re arguing for) are just as bad. Drives are encrypted so no one can get to the data besides the authorized user. I work in an industry that it’s not uncommon to have one’s corporate devices stolen for the data. You’re saying to put in hardware backdoors that a data thief can use to go and steal everything me and my coworkers are working on building? For what, just so cops can grab nab one of these nebulous “bad guys?” Yeah, no f-ing thanks. And you can’t even secure such things as being “local only”. Not ever. There is absolutely no way you can have hardware guarantee thing x is granted directly through physical access because at any given point, software can inject signals into the hardware to mimic it.

Any backdoors into security methods are always going to be flawed and will eventually be exploited. Even your proposed “let it be physical only” is flawed because you don’t know all ways people need crypto for. Crypto is all or nothing. Full stop. Putting backdoors either via hardware or software does nothing but to make everyone exposed to attacks, data theft, espionage, etc etc.

2 Likes

Storing things in a way that is safe from attackers is not an “arbitrary move”. It has been an ongoing goal since the beginning of life.

Society isn’t served by handing the police full access to anything they want whenever they want it. Sometimes, they have to find other ways of getting evidence because what they’re looking for never existed, has been destroyed, is not where they thought it might be, or is obscured in some way. That’s how things work.

Corporate privacy is very different from private privacy, and the fifth amendment that you keep bringing up does not apply to corporations.

2 Likes

There are TSA locks which claim to indicate when master keys have been used-- which is not contemplated in many of these surveillance schemes.

1 Like

And security with a back door is not security at all. It’s a semblance. Security is when you know that the thing you secured is secure unless someone uses devious means to open it.

Kind of moot since the TSA can just put one of those little slips in your suitcase after they steal your stuff. When you complain you’ll just get one of those emails like Cory did.

I’m reminded of this recent podcast

which is about the Chubb Detector Lock.

Wait, a lock that detects chubs? Seems kind of unfair to women and old men…

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.