Washington Post Observes Encryption War 2.0 For Several Months, Learns Absolutely Nothing
from the we're-going-to-take-this-stupidity-and-DOUBLE-it dept
Last October — following Apple and Google’s announcements of encryption-by-default for iOS and Android devices — was greeted with law enforcement panic, spearheaded by FBI director James Comey, who has yet to find the perfect dead child to force these companies’ hands.
The Washington Post editorial board found Comey’s diatribes super-effective! It published a post calling for some sort of law enforcement-only, magical hole in Apple and Google’s encryption.
How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.
When is a “backdoor” not a “backdoor?” Well, apparently when an editorial board spells it G-O-L-D-E-N K-E-Y. It’s the same thing, but in this particular pitch, it magically isn’t, because good intentions. Or something.
Months later, the debate is still raging. But it’s boiled down to two arguments:
1. This is impossible. You can’t create a “law enforcement only” backdoor in encryption. It’s simply not possible because a backdoor is a backdoor and can be used by anyone who can locate the door handle.
2. No, it isn’t. Please see below for citations and references:
The FBI is at an impasse. Comey firmly believes this is possible, despite openly admitting he has zero evidence to back this claim up. When asked for specifics, Comey defers to “smart tech guys” and their warlock-like skills.
Sensing James Comey might be struggling a bit, the editorial board of the Washington Post is once again riding to the rescue. And they’ve brought the same level of cluelessness with them. (h/t to Techdirt reader Steve R.)
Mr. Comey’s assertions should be taken seriously. A rule-of-law society cannot allow sanctuary for those who wreak harm. But there are legitimate and valid counter arguments from software engineers, privacy advocates and companies that make the smartphones and software. They say that any decision to give law enforcement a key — known as “exceptional access” — would endanger the integrity of all online encryption, and that would mean weakness everywhere in a digital universe that already is awash in cyberattacks, thefts and intrusions. They say that a compromise isn’t possible, since one crack in encryption — even if for a good actor, like the police — is still a crack that could be exploited by a bad actor. A recent report from the Massachusetts Institute of Technology warned that granting exceptional access would bring on “grave” security risks that outweigh the benefits.
After providing some statements opposing its view on the matter — most notably an actual research paper written by actual security researchers — the editorial board continues on to declare this all irrelevant.
The tech companies are right about the overall importance of encryption, protecting consumers and insuring privacy. But these companies ought to more forthrightly acknowledge the legitimate needs of U.S. law enforcement.
And by “forthrightly acknowledge,” the board means “give law enforcement what it wants, no matter the potential damage.” After all, what’s PERSONAL safety, security and a handful of civil liberties compared to “legitimate needs of law enforcement?”
All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society.
Your rights end where law enforcement’s “legitimate needs” begin. Except they don’t. The needs of law enforcement don’t trump the Bill of Rights. The needs of law enforcement don’t automatically allow it to define the acceptable parameters of the communications of US citizens.
The editorial finally wraps up by calling for experts in the field to resolve this issue:
This conflict should not be left unattended. Nineteen years ago, the National Academy of Sciences studied the encryption issue; technology has evolved rapidly since then. It would be wise to ask the academy to undertake a new study, with special focus on technical matters, and recommendations on how to reconcile the competing imperatives.
The WaPo editorial board is no better than James Comey. It can cite nothing in support of its view but yet still believes it’s right. And just like Comey, the board is being wholly disingenuous in its “deferral” to security researchers and tech companies. It, like Comey, wants to hold two contradictory views.
Tech/security researchers are dumb when they say this problem can’t be solved.
Tech/security researchers are super-smart and can solve this problem.
So, they (the board and Comey) want to ignore the “smart guys” when they say this is impossible, but both are willing to listen if they like the answers they’re hearing.
Filed Under: backdoors, encryption, golden key, james comey, mobile encryption
Companies: washington post
Comments on “Washington Post Observes Encryption War 2.0 For Several Months, Learns Absolutely Nothing”
But these companies ought to more forthrightly acknowledge the legitimate needs of U.S. law enforcement.
This is interesting. If an investigation is ongoing with authorization from the judiciary and there is real crime going on most companies will help, regardless of encryption involved. And because there is no way of adding Golden Key™ without making encryption completely useless it does not mean those companies don’t acknowledge law enforcement needs, it’s just that these needs are outweighed by the need of working encryption for a large and essential part of the internet to work properly. Essential as: banking, health services, Government activities etc. And that’s not even considering that people will simply flock to other encryption alternatives once the Govt gets its ways with what we have nowadays. Heck, there are automated installers for custom mods for Android devices already, no real deep knowledge needed.
All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society.
For God sake, couldn’t they think before publishing such idiocy? Law enforcement CANNOT have access to everything one does/has in the physical world as well. There are several steps to be taken before law enforcement can go and, say, open a safe to see what’s inside. Due process. And it mostly includes investigative work that leads to what they want in the first place. No instant access.
And honestly, there is no limit for freedom. We decided as a society that if somebody uses their freedom to harm others they will be punished, sure. The same way we decided as a society that the Government can’t be fully trusted all the time and that it must abide by rules to avoid abuse. Warrants, Constitutional protections etc. But there is no limit to freedom as long as you are not harming anyone. And if you do harm somebody then the Government has tools to go after you and protect others. Even if it means taking months to investigate.
Nineteen years ago, the National Academy of Sciences studied the encryption issue
And reached the conclusion that it is impossible to have backdoors. Why are we being dumb and discussing it again if it is independent of how advanced encryption is?
It takes 2 minutes and a brain to read this and notice how flawed and often paradoxical the points expressed are. And these people insist that traditional journalism is much better than the many investigative blogs that are clearly doing a better job out there.
I'd be crying
According to an article in Wired magazine,
http://www.wired.com/2012/03/ff_nsadatacenter/all/1
a sprawling, multi-million-dollar data collection compound was built in Utah. It also houses supercomputers that could dis-encrypt encrypted files much faster than regular computers could. The latter could take million of years to break the code with turtle speed CPUs.
Please put yourself in their shoes and imagine how you’d feel if the big techs are going to use end-to-end encryption from now on. I’d be crying if I were the data collectors…
Re: I'd be crying
The NSA should be thinking of encryption as ‘a necessary evil that we spent our money wisely on.’
But nope, they went straight for the ‘l2pn00b’ excuse.
Re: I'd be crying
“It also houses supercomputers that could dis-encrypt encrypted files…”
I think the word you’re looking for is decrypt. 🙂
Re: I'd be crying
Being able to decrypt one file using the massive computing power of a data centre is one thing, decrypting millions of files at the same time requires millions of data centres. Further strong crypto takes a very long time to crack using every computer on earth.
The problem the governments have is that any reasonable strength crypto limits their ability to spy on everyone, and forces them to target their spying. So while crypto may not protect targeted individuals, it does make gathering everything rather useless.
Re: Re: I'd be crying
Their own reports on the situation admits good crypto stopped them once, and they were still able to convict the perp using other methods. They have no need to be able to decrypt everything.
Gathering everything is useless. Making the haystack bigger makes it harder for them to find the needle hidden within it. We’re being governed by thick skulled imbeciles who’re convinced they’re experts, and all they can do when we point out how foolish they’re being is insert fingers into ears and go “Can’t hear you. La la la …”
We all deserve much better than what these fools are offering everyone.
where did this crazy idea come from?
getting to fly international. there is a store that sells luggage, and TSA Approved locks. The locks are almost standard locks; they have 2 key holes – one for the mere mortal, and one for the TSA.
I think i understand now why they think that a 2 key system is perfect. no one likes to use suitcase luggage; especially if it has 2 key holes, and you are only sold one key.
Re: where did this crazy idea come from?
Oh yes, the two key system is perfect for underpaid TSA employees to supplement their income off of customers.
CNN
And as we know it’ll be the same in the computer world, if they get their way. So while they argue about “State Actors” attacking OPM, I guess they would rather make it easier for them to attack everyone.
Re: where did this crazy idea come from?
TSA approved locks are pretty much the same as not using locks at all. So much so that while I avoid checking bags whenever possible, in those cases where it’s unavoidable, I don’t bother with locking luggage at all.
Come on guys, I’m pretty sure the Post article is satire…
Encryption is binary and when discussing encryption and back doors the thinking must also be binary. Either we have encryption or we do not.
The problem, as I see it, is that politicians and the media are not capable of thinking in binary terms. They can not understand that encryption and back doors are mutually exclusive.
Re: Re:
Reminds me of a joke…
There are 10 types of people in the world; those who understand binary and those who do not.
Re: Re: Re:
There are 10 types of people in the world; those who understand binary and those who do not.
… and those who know that this is actually a trinary joke.
🙂
The only thing that has changed is the ability to implement the algorithms economically; neither the math nor the politics has changed.
Why don’t you, the Washington Post or some government agency, undertake a new study; then it can say whatever you want and we can avoid the whole argument about bias since we will already know neither of you can be trusted.
There is nothing to reconcile; pass the law that law enforcement wants and let’s see the results.
they can gold plate the unicorn key all they want; it will always be an unicorn key.
Re: Re:
“they can gold plate the unicorn key all they want; it will always be an unicorn key.”
Those who says there are no unicorns just haven’t looked hard enough!
The fundamental argument is flawed
So this is the basis for weakened encryption:
>>A rule-of-law society cannot allow sanctuary for those
>>who wreak harm.
Thus, since there might be
Re: The fundamental argument is flawed
Well that was weird. Most of my message got chopped off. The point that I wanted to make was that the argument against ‘allowing sanctuary’ could apply to just about any medium capable of supporting communication. That argument would also apply to installing microphones in every room of every home, since people determined to ‘wreak harm’ probably have kitchens, living rooms, etc. And, sure, those people are under
Re: The fundamental argument is flawed
I think the British PM should charge them with copyright infringement.
Re: The fundamental argument is flawed
A rule-of-law society cannot allow sanctuary for those who wreak harm.
It’s kind of circular, since as soon as you start to do mass-surveillance (or stripping away the rights to communicate without being monitored), you’re basically turning everyone into suspects, which makes you not a rule-of-law society anymore, thus undermining the very premise you started with.
only drug lords and cops believe dipping keys and guns in gold makes them somehow holly
Re: Re:
With or without berries?
I cant tell what’s more disturbing; the WaPo author who wrote that or the editor who greenlit it. Freedom is not be abridged nor does rule of law trump individual rights, regardless of your laughable encryption-will-hurt-people stance. We know who’s feeding whom here..
Re: Response to: Anonymous Coward on Jul 20th, 2015 @ 7:17am
This editorial is supposedly the collective view of the entire WaPo staff. Given this paper is home to renowned morons like Thomas Sowell and Charles Krauthammer, it doesn’t surprise me in the least.
Rule of law.
” A rule-of-law society cannot allow sanctuary for those who wreak harm. “
Except if you’re an investment bank. Or a company avoiding taxes with legal offshore entities. Then it’s okay.
Re: Rule of law.
Unless it’s the government itself, wreaking harm.
Hollywood
Dear Law Enforcement,
Hollywood has already ‘solved’ the problem. Please ask them to share their Tech for DRM… it magically allows only those who have paid for the content to view it.
I hope it works as well for you as it has for Hollywood.
Cheers,
Joe ‘I got gut’ Sixpack
I have a great idea. Software companies can post an FBI warning on the encryption scheme stating that only authorized personnel are allowed to use the Golden Key.
After all, just such a strategy prevents millions of movies from being copied, right?
The NSA has more mathematicians and cryptographers working for it than anybody. Why doesn’t the FBI just ask their government buddies to create the magical system they want?
Logical issue
There are hundreds of billions of keys and it’s impossible with current technology to target all keys. Having a golden key means you can break all encryption if you target this one key. That’s the problem.
A single universal point of failure, which is highly likely to have a flaw, and once that flaw is discovered, instead of affecting a subset of everyone, it will affect everyone.
Anyone who thinks a “golden key” is possible does not know the first thing about information security. I say this literally, because literally the first thing anyone should know is Kerckhoff’s Principle: the adversary knows the system. You must begin from the core assumption that the adversary knows all the details of how the system works, everything except the key. If there is any secondary way in, you have to assume by default that the bad guys know all about it.
A “golden key” system violates Kerckhoff’s Principle–it assumes that only the good guys know about it and the adversary won’t find out–and therefore can never be considered secure. Period. Sometimes things really are that simple, and this is one of them.
Re: Security through obscurity
It seems that an awful lot of people think security through obscurity is the cat’s pajamas. Even though it only means that the security experts take longer in figuring out the weaknesses of your product.
But much of our species is really dumb about the long game.
Golden Key
The two key luggage lock is the perfect exemplar of why a government-held “golden key” is a laughable concept. Who is most likely to steal from your luggage? The same folks for whom you must provide a key.
Re: Golden Key
Sorry, having a few things stolen from your luggage is the price you should happily pay for the safety ensured by the TSA.
Comey could probably make that argument with a straight face.
“…Ultimately, Congress could act and force the issue…”
so force it already and kill what little trust we have left in these corps.
At what point does Jeff Bezos steps in and fire the whole numbnuts editorial board? After all, even Amazon is pushing for encryption lately.
Good Actor
“… even if for a good actor, like the police…”
Indeed. They’re some of the best actors I know.
The other fallacy
The editorial refers to law enforcement agencies as “good actors” despite the copious amount of evidence that they are nothing of the sort.
Is this another encryption piece from the “Golden Key” news paper? Pfff! Nuff said.
The "Bad" Guys Can Develop Their Own Encryption
Those who mistakenly believe that a supposed “Golden Key” will solve law enforcement concerns, seem to neglect the obvious counter solution. The “bad” guys can simply implement their own encryption, thereby making any supposed “Golden Key” useless.
Washington Post wants to be spied upon
The article reads as if that is its headline.
All viewpoints are equally valid
All viewpoints are equally valid, even if one viewpoint is held by dozens of security researchers with doctorates and decades of experience and the opposite viewpoint is held by Mr. Magoo.
Re: All viewpoints are equally valid
That’s the problem; people aren’t willing to call BS on stupidity (except in places like this) and it’s hurting us. WaPo needs to grow a backbone. Preferably one without a golden disc that only “good actors” can let slip.
A [brief] history of backdoors
Ran across this blog post via Twitter just a few minutes ago, from the (maybe well-known? known in certain circles? I know who he is at any rate…) Matthew Green (Johns Hopkins University):
“A history of backdoors”, A Few Thoughts on Cryptographic Engineering, July 20, 2015
His history, though, is just a little bit too brief. For instance, he makes no mention of the “Story of the Greek Wiretapping Scandal”.
What exactly are they even talking about encrypting? When I am using SSH all the data between my client and the server is encrypted. Are we talking about making that encryption stronger?
Right now I could get PGP and hook it up to a email client and hook it up to a friend’s client and share our public keys and we can send completely private emails. Are we talking about having that built into gmail?
Is the idea that there be a law that you always have a backdoor to any encryption software implementation?
It is like they are talking about some hypothetical universal encryption thing that doesn’t even exist.
Re: Re:
I believe they’re talking about the crypto schemes that are enabled by default in consumer products. I haven’t seen anyone overtly talking about backdooring all crypto yet. If they start doing that, then I’ll start laughing even harder.
what a bunch of idiots. Who cares what some editorial board of old people who don’t understand anything about code thinks about encryption. No one! Could you be any less relevant?
"Crypto War 2.0" is a lie!
This is not the second crypto war. It’s the same damned war we won and they folded on in the ’90s. This is just them demanding a do-over. They resent the fact that those in charge back then folded. Now, they want to resurrect it and continue fighting it. For it to be a new war, they’d have to come up with new arguments for their “point of view”, which they haven’t! There’s nothing new here that wasn’t in the last one, other than the fact that those calling for it again are more tyrannical and far less honest, utterly unwilling to accept the reality of the situation!
We need to nuke this until it glows, then salt the ground so this weed doesn’t come back to bite us again!
Re: "Crypto War 2.0" is a lie!
Yep. Maybe these guys could use all those abandoned Confederate flags.
They’ll sooner get a man to breathe on the moon without a spacesuit before a golden “good guy only” key encryption.
I want an Oompa Loompa NOW Daddy!
The politically connected but technologically ignorant are not only screaming for a unicorn, they want it to be energized by a perpetual motion machine and funded by Monopoly money.
Encryption is not an easy topic. I get that. What I don’t understand is the hubris of some people to think they don’t need to consult with real experts in a complex field before spewing their drivel.
Re: I want an Oompa Loompa NOW Daddy!
It’s less that they think they don’t need to consult the experts, it’s that they don’t want to, because no politician likes being told ‘No’ or ‘That’s not possible’.
Re: I want an Oompa Loompa NOW Daddy!
Now that Obama has been mentioned. The presence of a so-called “Golden Key” opens the door to using it for blatant political gain.
For the progressive left, the purpose of law is to further their political objectives. Not in agreement with their mantra? You are then designated an “enemy of the state”. Consequently, using a “Golden Key” is the perfect tool to find out what “enemies of the State” (terrorists) are doing. The NSA may soon be charged with monitoring internet/cell phone conversations to locate all outstanding Confederate flags.
Re: Re: I want an Oompa Loompa NOW Daddy!
I am so tired of hearing garbage like this, from shallow as a pane of glass thinkers like you, from “both sides of the aisle.”
I’m Canadian. Do you know what “We, the people” sounds like to me? It’s socialist. It’s defending the little people; the individual rights of the man on the street as defined in the Constitution from both thieves and government overreach, as opposed to princes and kings and statist power empire builders like the British establishment as embodied in their House of Lords (their version of the Senate appointed by the royalty for life); perfidious Albion.
Granted, now the Neocons are in charge and Obama (as are the GOP, and Clinton, and Bush) appears to be wholly on board with their agenda, these ideas are getting horribly muddled. Now, neither the Democrats nor Republicans can claim to be defenders of “We the people”, yet you can still spit on those who claim to defend “We, the people” (Democrats), and you actively support reactionary, military industrial complex big government, big military, tough on crime, conservative, bible thumping pseudo patriots (Republicans), including southern crackers who defend (still!) the confederacy.
I don’t get it. What’s wrong with all of you that you can’t see this bizarre dichotomy? Your “progressive left” is every bit as meaningless as their “reactionary right”, yet you keep on playing that silly “pick a side, and fight” pointless game.
This’s why the world laughs at your country these days, when they’re not spitting on you.
Re: Re: Re: I want an Oompa Loompa NOW Daddy!
It’s part of an intentional effort to divide the people along meaningless “left” vs “right” lines in order to distract them so they won’t resist the rise of corporatism.
Jeff Bezos (owner of WaPo, and Amazon CEO) is my least favorite oligarch.
I’m sure his deals with the CIA have nothing to do with WaPo editorial policy.