The DoJ's top crypto warrior wants "strong" encryption that he can break at will

Originally published at: https://boingboing.net/2017/11/09/wanting-it-both-ways.html

…

He’s for strong but ineffective encryption? Sounds like he’s been in DC too long.

@doctorow Clipper was about telecoms devices which at that time weren’t computers yet. You may be thinking of Al Gore’s baby called “Trusted Key Escrow” which was actually far worse than Clipper.

Full disclosure: I worked for a group of Beltway types who were consulting on Trusted Key Escrow

In this whole conversation, has anyone proposed what to do with all the computers that aren’t compliant - that is, all of them? Would the government mandate rootkits for all? Would the police be knocking on doors and confiscating general-purpose computers? What about your Android phone that can run WhatsApp?

These fucken turkeys can go piss up a rope.

Why are we even discussing something like this?

Every time?

Why isn’t there a well-researched international panel report with a handout incurring a summary for decision makers?

Oh, I forgot.

This also doesn’t work for climate change.

It’s even worse. Climate change is an observed physical phenomenon. There’s nothing proving it exists other than all the evidence that it’s happening.

Math on the other hand, has proofs. And we know without the shadow of a doubt that 1+1=2, to the same certainty that we know that you can’t make “badguy proof encryption” that also submits to “good guys”.

(((THX-Clipper)))
The Government is listening

To be honest, I think it sounds like the view most people have about encryption (if they bother to think about it at all).

To a lot of people the analogy about securing your home rings true.

You want your home to be secure. You also don’t want your house to be so secure that if you lose your key, you can’t ever get in no matter what you do. You want the fire brigade or ambulance service to be able to get in if you are injured or trapped in the burning building.

To achieve that people are prepared to accept a degree of vulnerability.

Most people don’t actually want unbreakable crypto, they just want really hard to break crypto, crypto that a very small number of (the right) people do know how to break.

See for example Mark’s story about using a weakness in the security to get into his cryptocurrency wallet when he forgot his password.

With really strong security that wouldn’t have been possible.

I think most people simply don’t realise how easy computers make the process of finding and exploiting weaknesses or how reliant they are on sufficiently strong crypto.

Obviously someone who supposedly does know all about how crypto works and is trying to shape policy in that area should know better.

He probably does. It just doesn’t suit the aura of supreme government power to admit it.

At the end of the day which government is going to be prepared to make it official government policy that we can either try to protect you, your money and your business or personal secrets against hackers or try to be able to snoop on terrorists’ and paedophiles’ emails. We can’t do both. We probably can’t actually manage either of them.

People want to secure their houses, but they still need to get in and out.

so the government needs a copy of my front door key?

No, they’ve got that covered…

https://www.amronintl.com/tactical-gear/law-enforcement-sar/breaching.html

http://blackhawk.com/products/entry-tools/tools/battering-rams/

Other providers are available.

In sadly not surprising numbers.

“Strong protection that you can break at will” is the new pitch line for my novelty prophylactic, Trojan Stallion.

Ah, brute force. I wonder if that could work on computers?

Maybe when he’s cracked that problem, he can invent guns that only shoot bad people.

I don’t get how something can be strong and yet breakable. By definition that which can be broken is weak. There’s really some odd folks in the DOJ I swear.

Massive book burnings, of course.

Well, their tech equivalent, anyways.

<sarcasm: Didn’t you read the article? He says “I think logically, we have to look at these differently.” When we are defending against the bad guys we need strong security, but when we are attacking the bad guys we need weak security. It’s two different situations that require two different solutions. Divide and conquer makes it all work out. /sarcasm>

Oh! I guess we are listing imaginary things we would like. OK, I’m game. I want a pegasus/unicorn hybrid that poops rainbow icecream. Wishing is fun.

Well, it’s more “We need fairly strong crypto”.

i.e. strong enough that you peons (and my financial masters) don’t freak out at the thought of all their lovely money vanishing

but weak enough that we can look at whatever you peons are doing.