What happened at yesterday's Congressional hearings on banning crypto?


[Read the post]


So basically they accomplished nothing.


You just need a really strong bad-guy-detection algorithm. That’s the heart of the problem right there. After that, the actual crypto is trivial.



So what’s the deeper game here? Obviously FBI and pals know that what they’re asking for is impossible - I mean, senators might be stupid, but the FBI deals with crypto enough to know better. So why keep harping on it?

Maybe the larger goal is just to demonize cryptography in general, to keep attention focused on what a problem it’s causing for the surveillance state. Even though they know they’ll never get a key escrow regime which is magically immune to compromise, long term they’re set up to push for outlawing civilian use of cryptography in general. But that’s equally oblivious…so I dunno.

Maybe they really don’t know what they’re doing, and are basically just having a tantrum and hoping someone else comes along to help.


If there’s a key somewhere, someone will be able to get it. If a BadGuy(™) gets it, you can never trust your information again. BadGuy(™) could fake info. If SupposedlyGoodGuy(™) doesn’t know, then Bad Decisions may be made.
Obviously, we know that SupposedlyGoodGuy(™) would never fake info to support an agenda. The very thought!


The implementation of which is left as an exercise for the reader.


Typical sloppy thinking. “If I want a thing to come true, then it has to be true! Reality is what I say it is, and if I say it is possible because I want it to be possible, well, then, reality had better step and provide!”


I see you’re not familiar with our congress, who, it seems, literally get paid to do nothing.


Have you heard the way the discourse deals with things like the darkweb, like it’s nothing but child porn, drugs, and illegal guns? Yes, I think this is precisely the intent. Same with the term “hacker”.


One of my occasional extravagances is sending money to the EFF. I recommend the activity, and am being reminded that it’s been a while and I get paid tomorrow.


While I have no experience with FBI types, I do write code at a large company and have found that when discussing a set of features, the hire up the chain the person I am speaking with is, the more likely it is that they will ask for a combination of features that are logically impossible. These are very smart people so it’s not an intelligence issue. I can’t read their minds but my gut feel is that they are just used to getting what they want and do not every want to hear the word no.

I imagine the head the FBI might fit a similar profile as a software executive.

This video illustrates this perfectly: 7 red lines


Let’s ask the director to add a backdoor to 935 Pennsylvania Avenue, NW in Washington DC. That way, if anyone there breaks the law the police can enter and arrest them even if they try to block the main entrance. But of course, that backdoor will only be used by legitimate law enforcement personnel. Right?


My guess, if you exclude any purely delusional demands, is that they would really like an unambiguous settlement, in their favor, of the question of whether or not crypto keys, passwords, etc. are subject to 5th amendment protection; and, if not, how stiff a penalty you can apply to anyone who won’t cough them up(analogous to what the UK did with the ‘Regulation of Investigatory Powers Act’). If possible, they’d also like to discourage, by PR if not by law, the implementation of crypto systems that are both user-friendly and impossible for the provider to circumvent on request.

Anyone who thinks that we can build Clipper 2.0 if those nerds would just try a bit harder is an idiot. However, there is no such architectural problem with the ability to demand the keys, on pain of suitably unpleasant punishment; and such a law would actually fit quite neatly into the history of various laws more or less designed to be largely unenforced; but to provide very good odds that any given undesirable that you wish to flag down is guilty of breaking them.

In their nonsense fantasies, they obviously want everything to be BCCed to the FBI, and the Evil Bit to be robustly implemented; but focusing on that is a bit of a red herring. If they can discourage the adoption of user-friendly and robust cryptosytems, they get most of what they want(since fishing expeditions will still be largely possible; and the bulk of even criminals, much less unsuspecting users, are kind of dumb, kind of sloppy, or both); and if they can make denying them access to the keys needed to decrypt something an offense; they can get most of the rest of what they want; because any time they run into a message they can’t decrypt, they have a nice legal reason to take you down to the station for a little chat.

It’s like ‘stop and frisk’ for the internet. It’s not that such a policy is terribly effective at dealing with truly advanced drug couriers or bearers of illegal weapons; but those actually-dangerous cases are largely irrelevant in practice, while the ability to conjure up some charges for almost any stop you wish to make is really handy.


Have you heard? @japhroaig hacks banks. FOR MONEY.


What Comey wants is pretty much the same thing that DRM has been trying to accomplish for years - to let the right people get access to data, without letting everyone get access to that data.

The state of the art on that front? it’s a losing battle. A spectacular amount of money has been spent, and it still doesn’t work. the difference is that when the magic keys for HDCP get broken, the bad consequences are that people can decrypt the media that they bought. If you put in skeleton keys for everything, then when they finally get broken (and they will) then we will all be well and truly screwed.

You can keep out all of the people all of the time, or you can keep out none of the people, but there’s no good way to open a door that only lets the right people through


That was painful to watch (i.e. they did a good job).


But saying that you want access to truly encrypted data without requiring a backdoor is like saying you want to travel to Mars without requiring the trip be via rocket.

The kind of asymmetrical access Comey seeks would be as convenient (and just as feasible) as being able to suspend the Laws of Thermodynamics, or Physics. Mayhaps such access will be powered by perpetual-motion devices. After all, that’s just as plausible.

I mean really, how does Comey get a pass on this? It’s like the Secretary of the Treasury making a case for alchemy as an economic solution. ‘Can’t they just try harder to make lead into gold?’


Except that you can actually make gold from lead. So we can say that making gold from lead is more feasible than good-guys-only crypto backdoors.

Edit: Also,


Let us hope that no one ever thinks to introduce Comey to former Maj. Gen. Albert Stubblebine…