Washington Post Observes Encryption War 2.0 For Several Months, Learns Absolutely Nothing

from the we're-going-to-take-this-stupidity-and-DOUBLE-it dept

Last October — following Apple and Google’s announcements of encryption-by-default for iOS and Android devices — was greeted with law enforcement panic, spearheaded by FBI director James Comey, who has yet to find the perfect dead child to force these companies’ hands.

The Washington Post editorial board found Comey’s diatribes super-effective! It published a post calling for some sort of law enforcement-only, magical hole in Apple and Google’s encryption.

How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.

When is a “backdoor” not a “backdoor?” Well, apparently when an editorial board spells it G-O-L-D-E-N K-E-Y. It’s the same thing, but in this particular pitch, it magically isn’t, because good intentions. Or something.

Months later, the debate is still raging. But it’s boiled down to two arguments:

1. This is impossible. You can’t create a “law enforcement only” backdoor in encryption. It’s simply not possible because a backdoor is a backdoor and can be used by anyone who can locate the door handle.

2. No, it isn’t. Please see below for citations and references:

The FBI is at an impasse. Comey firmly believes this is possible, despite openly admitting he has zero evidence to back this claim up. When asked for specifics, Comey defers to “smart tech guys” and their warlock-like skills.

Sensing James Comey might be struggling a bit, the editorial board of the Washington Post is once again riding to the rescue. And they’ve brought the same level of cluelessness with them. (h/t to Techdirt reader Steve R.)

Mr. Comey’s assertions should be taken seriously. A rule-of-law society cannot allow sanctuary for those who wreak harm. But there are legitimate and valid counter arguments from software engineers, privacy advocates and companies that make the smartphones and software. They say that any decision to give law enforcement a key — known as “exceptional access” — would endanger the integrity of all online encryption, and that would mean weakness everywhere in a digital universe that already is awash in cyberattacks, thefts and intrusions. They say that a compromise isn’t possible, since one crack in encryption — even if for a good actor, like the police — is still a crack that could be exploited by a bad actor. A recent report from the Massachusetts Institute of Technology warned that granting exceptional access would bring on “grave” security risks that outweigh the benefits.

After providing some statements opposing its view on the matter — most notably an actual research paper written by actual security researchers — the editorial board continues on to declare this all irrelevant.

The tech companies are right about the overall importance of encryption, protecting consumers and insuring privacy. But these companies ought to more forthrightly acknowledge the legitimate needs of U.S. law enforcement.

And by “forthrightly acknowledge,” the board means “give law enforcement what it wants, no matter the potential damage.” After all, what’s PERSONAL safety, security and a handful of civil liberties compared to “legitimate needs of law enforcement?”

All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society.

Your rights end where law enforcement’s “legitimate needs” begin. Except they don’t. The needs of law enforcement don’t trump the Bill of Rights. The needs of law enforcement don’t automatically allow it to define the acceptable parameters of the communications of US citizens.

The editorial finally wraps up by calling for experts in the field to resolve this issue:

This conflict should not be left unattended. Nineteen years ago, the National Academy of Sciences studied the encryption issue; technology has evolved rapidly since then. It would be wise to ask the academy to undertake a new study, with special focus on technical matters, and recommendations on how to reconcile the competing imperatives.

The WaPo editorial board is no better than James Comey. It can cite nothing in support of its view but yet still believes it’s right. And just like Comey, the board is being wholly disingenuous in its “deferral” to security researchers and tech companies. It, like Comey, wants to hold two contradictory views.

Tech/security researchers are dumb when they say this problem can’t be solved.

Tech/security researchers are super-smart and can solve this problem.

So, they (the board and Comey) want to ignore the “smart guys” when they say this is impossible, but both are willing to listen if they like the answers they’re hearing.

Filed Under: , , , ,
Companies: washington post

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Washington Post Observes Encryption War 2.0 For Several Months, Learns Absolutely Nothing”

Subscribe: RSS Leave a comment
56 Comments
Ninja (profile) says:

But these companies ought to more forthrightly acknowledge the legitimate needs of U.S. law enforcement.

This is interesting. If an investigation is ongoing with authorization from the judiciary and there is real crime going on most companies will help, regardless of encryption involved. And because there is no way of adding Golden Key™ without making encryption completely useless it does not mean those companies don’t acknowledge law enforcement needs, it’s just that these needs are outweighed by the need of working encryption for a large and essential part of the internet to work properly. Essential as: banking, health services, Government activities etc. And that’s not even considering that people will simply flock to other encryption alternatives once the Govt gets its ways with what we have nowadays. Heck, there are automated installers for custom mods for Android devices already, no real deep knowledge needed.

All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society.

For God sake, couldn’t they think before publishing such idiocy? Law enforcement CANNOT have access to everything one does/has in the physical world as well. There are several steps to be taken before law enforcement can go and, say, open a safe to see what’s inside. Due process. And it mostly includes investigative work that leads to what they want in the first place. No instant access.

And honestly, there is no limit for freedom. We decided as a society that if somebody uses their freedom to harm others they will be punished, sure. The same way we decided as a society that the Government can’t be fully trusted all the time and that it must abide by rules to avoid abuse. Warrants, Constitutional protections etc. But there is no limit to freedom as long as you are not harming anyone. And if you do harm somebody then the Government has tools to go after you and protect others. Even if it means taking months to investigate.

Nineteen years ago, the National Academy of Sciences studied the encryption issue

And reached the conclusion that it is impossible to have backdoors. Why are we being dumb and discussing it again if it is independent of how advanced encryption is?

It takes 2 minutes and a brain to read this and notice how flawed and often paradoxical the points expressed are. And these people insist that traditional journalism is much better than the many investigative blogs that are clearly doing a better job out there.

Sucked Dry says:

I'd be crying

According to an article in Wired magazine,
http://www.wired.com/2012/03/ff_nsadatacenter/all/1

a sprawling, multi-million-dollar data collection compound was built in Utah. It also houses supercomputers that could dis-encrypt encrypted files much faster than regular computers could. The latter could take million of years to break the code with turtle speed CPUs.

Please put yourself in their shoes and imagine how you’d feel if the big techs are going to use end-to-end encryption from now on. I’d be crying if I were the data collectors…

Anonymous Coward says:

Re: I'd be crying

Being able to decrypt one file using the massive computing power of a data centre is one thing, decrypting millions of files at the same time requires millions of data centres. Further strong crypto takes a very long time to crack using every computer on earth.
The problem the governments have is that any reasonable strength crypto limits their ability to spy on everyone, and forces them to target their spying. So while crypto may not protect targeted individuals, it does make gathering everything rather useless.

tqk (profile) says:

Re: Re: I'd be crying

Being able to decrypt one file using the massive computing power of a data centre is one thing, decrypting millions of files at the same time requires millions of data centres.

Their own reports on the situation admits good crypto stopped them once, and they were still able to convict the perp using other methods. They have no need to be able to decrypt everything.

So while crypto may not protect targeted individuals, it does make gathering everything rather useless.

Gathering everything is useless. Making the haystack bigger makes it harder for them to find the needle hidden within it. We’re being governed by thick skulled imbeciles who’re convinced they’re experts, and all they can do when we point out how foolish they’re being is insert fingers into ears and go “Can’t hear you. La la la …”

We all deserve much better than what these fools are offering everyone.

Anonymous Coward says:

where did this crazy idea come from?

getting to fly international. there is a store that sells luggage, and TSA Approved locks. The locks are almost standard locks; they have 2 key holes – one for the mere mortal, and one for the TSA.

I think i understand now why they think that a 2 key system is perfect. no one likes to use suitcase luggage; especially if it has 2 key holes, and you are only sold one key.

Anonymous Coward says:

Re: where did this crazy idea come from?

Oh yes, the two key system is perfect for underpaid TSA employees to supplement their income off of customers.
CNN

And as we know it’ll be the same in the computer world, if they get their way. So while they argue about “State Actors” attacking OPM, I guess they would rather make it easier for them to attack everyone.

Anonymous Coward says:

Encryption is binary and when discussing encryption and back doors the thinking must also be binary. Either we have encryption or we do not.

The problem, as I see it, is that politicians and the media are not capable of thinking in binary terms. They can not understand that encryption and back doors are mutually exclusive.

kallethen says:

Re: Re:

Encryption is binary and when discussing encryption and back doors the thinking must also be binary. Either we have encryption or we do not.

The problem, as I see it, is that politicians and the media are not capable of thinking in binary terms. They can not understand that encryption and back doors are mutually exclusive.

Reminds me of a joke…

There are 10 types of people in the world; those who understand binary and those who do not.

David (profile) says:

This conflict should not be left unattended. Nineteen years ago, the National Academy of Sciences studied the encryption issue; technology has evolved rapidly since then.

The only thing that has changed is the ability to implement the algorithms economically; neither the math nor the politics has changed.

It would be wise to ask the academy to undertake a new study, with special focus on technical matters, and recommendations on how to reconcile the competing imperatives.

Why don’t you, the Washington Post or some government agency, undertake a new study; then it can say whatever you want and we can avoid the whole argument about bias since we will already know neither of you can be trusted.

There is nothing to reconcile; pass the law that law enforcement wants and let’s see the results.

mcinsand (profile) says:

Re: The fundamental argument is flawed

Well that was weird. Most of my message got chopped off. The point that I wanted to make was that the argument against ‘allowing sanctuary’ could apply to just about any medium capable of supporting communication. That argument would also apply to installing microphones in every room of every home, since people determined to ‘wreak harm’ probably have kitchens, living rooms, etc. And, sure, those people are under

Seegras (profile) says:

Re: The fundamental argument is flawed

A rule-of-law society cannot allow sanctuary for those who wreak harm.

It’s kind of circular, since as soon as you start to do mass-surveillance (or stripping away the rights to communicate without being monitored), you’re basically turning everyone into suspects, which makes you not a rule-of-law society anymore, thus undermining the very premise you started with.

Bengie says:

Logical issue

There are hundreds of billions of keys and it’s impossible with current technology to target all keys. Having a golden key means you can break all encryption if you target this one key. That’s the problem.

A single universal point of failure, which is highly likely to have a flaw, and once that flaw is discovered, instead of affecting a subset of everyone, it will affect everyone.

Mason Wheeler (profile) says:

Anyone who thinks a “golden key” is possible does not know the first thing about information security. I say this literally, because literally the first thing anyone should know is Kerckhoff’s Principle: the adversary knows the system. You must begin from the core assumption that the adversary knows all the details of how the system works, everything except the key. If there is any secondary way in, you have to assume by default that the bad guys know all about it.

A “golden key” system violates Kerckhoff’s Principle–it assumes that only the good guys know about it and the adversary won’t find out–and therefore can never be considered secure. Period. Sometimes things really are that simple, and this is one of them.

Anonymous Coward says:

A [brief] history of backdoors

Ran across this blog post via Twitter just a few minutes ago, from the (maybe well-known? known in certain circles? I know who he is at any rate…)   Matthew Green (Johns Hopkins University):

A history of backdoors”, A Few Thoughts on Cryptographic Engineering, July 20, 2015

… I’m going to spend the rest of this post talking about how real-world government access proposals have fared in practice — and how the actual record is worse than any technologist could have imagined…

His history, though, is just a little bit too brief. For instance, he makes no mention of the “Story of the Greek Wiretapping Scandal”.

Simple Mind (profile) says:

What exactly are they even talking about encrypting? When I am using SSH all the data between my client and the server is encrypted. Are we talking about making that encryption stronger?

Right now I could get PGP and hook it up to a email client and hook it up to a friend’s client and share our public keys and we can send completely private emails. Are we talking about having that built into gmail?

Is the idea that there be a law that you always have a backdoor to any encryption software implementation?

It is like they are talking about some hypothetical universal encryption thing that doesn’t even exist.

tqk (profile) says:

"Crypto War 2.0" is a lie!

This is not the second crypto war. It’s the same damned war we won and they folded on in the ’90s. This is just them demanding a do-over. They resent the fact that those in charge back then folded. Now, they want to resurrect it and continue fighting it. For it to be a new war, they’d have to come up with new arguments for their “point of view”, which they haven’t! There’s nothing new here that wasn’t in the last one, other than the fact that those calling for it again are more tyrannical and far less honest, utterly unwilling to accept the reality of the situation!

We need to nuke this until it glows, then salt the ground so this weed doesn’t come back to bite us again!

New Mexico Mark says:

I want an Oompa Loompa NOW Daddy!

The politically connected but technologically ignorant are not only screaming for a unicorn, they want it to be energized by a perpetual motion machine and funded by Monopoly money.

Encryption is not an easy topic. I get that. What I don’t understand is the hubris of some people to think they don’t need to consult with real experts in a complex field before spewing their drivel.

Steve R. (profile) says:

Re: I want an Oompa Loompa NOW Daddy!

Now that Obama has been mentioned. The presence of a so-called “Golden Key” opens the door to using it for blatant political gain.

For the progressive left, the purpose of law is to further their political objectives. Not in agreement with their mantra? You are then designated an “enemy of the state”. Consequently, using a “Golden Key” is the perfect tool to find out what “enemies of the State” (terrorists) are doing. The NSA may soon be charged with monitoring internet/cell phone conversations to locate all outstanding Confederate flags.

tqk (profile) says:

Re: Re: I want an Oompa Loompa NOW Daddy!

For the progressive left …

I am so tired of hearing garbage like this, from shallow as a pane of glass thinkers like you, from “both sides of the aisle.”

I’m Canadian. Do you know what “We, the people” sounds like to me? It’s socialist. It’s defending the little people; the individual rights of the man on the street as defined in the Constitution from both thieves and government overreach, as opposed to princes and kings and statist power empire builders like the British establishment as embodied in their House of Lords (their version of the Senate appointed by the royalty for life); perfidious Albion.

Granted, now the Neocons are in charge and Obama (as are the GOP, and Clinton, and Bush) appears to be wholly on board with their agenda, these ideas are getting horribly muddled. Now, neither the Democrats nor Republicans can claim to be defenders of “We the people”, yet you can still spit on those who claim to defend “We, the people” (Democrats), and you actively support reactionary, military industrial complex big government, big military, tough on crime, conservative, bible thumping pseudo patriots (Republicans), including southern crackers who defend (still!) the confederacy.

I don’t get it. What’s wrong with all of you that you can’t see this bizarre dichotomy? Your “progressive left” is every bit as meaningless as their “reactionary right”, yet you keep on playing that silly “pick a side, and fight” pointless game.

This’s why the world laughs at your country these days, when they’re not spitting on you.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...