WaPo's Excellent Explainer On Encryption Debunks WaPo's Stupid Editorial In Favor Of Encryption Backdoors

from the hey,-you-guys-should-talk! dept

Washington Post reporter Andrea Peterson has put together a really excellent explainer piece on what you should know about encryption. Considering the source, it’s a good “general knowledge” explainer piece for people who really aren’t that aware of encryption or technically savvy. That’s important and useful, given how important this debate is and how many participants in it don’t seem to understand the first thing about encryption. But what struck me is this little tidbit:

Can the government stop terrorists from using encryption?

Well, no. The most the government can probably do is bar companies from offering the most secure forms of encryption to their users. But encryption isn’t just one product. Just like the math it’s based on, it’s really more of a concept or an idea rather than a specific technical tool.

And it’s pretty impossible to outlaw ideas.

It goes on, in some depth, to explain just what a stupid idea it would be to outlaw end-to-end encryption, noting that there are lots of non-US companies and plenty of open source offerings for encryption that would still be widely available and used.

Now, compare that to the ridiculous editorial that the Washington Post put out a year ago, advocating for just such a solution:

How to resolve this? A police ?back door? for all smartphones is undesirable ? a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we?d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.

Hey, Washington Post editorial board, I hope you read your own newspaper.

Filed Under: , , , ,
Companies: washington post

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “WaPo's Excellent Explainer On Encryption Debunks WaPo's Stupid Editorial In Favor Of Encryption Backdoors”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Honestly can't trust most of it anyway

With the Q-wave and probable alternative quantum computers already in the world, anything that could potentially be brute force cracked, can assume to be vulnerable. One time ciphers and other non crackable methods have to be assumed to be the very minimum now and anything else is just smoke and mirrors.

Anonymous Coward says:

Re: Honestly can't trust most of it anyway

The real measure of encryption is:
Given that the methods and algorithms are known to the attacker, how much energy (in terms of time and resources) is required to decrypt the data? Is this greater, or less, than is required to protect the data from abuse?

Q-wave and quantum computing currently don’t decrease the energy required; they just shift the energy from time to resources. Once everyone has their own quantum computing chip built in to their mobile phone, you’ll have a point. Until then, traditional crypto is strong enough for many applications (such as securing your communications in transit). For data at rest, you can assume that if someone wants the data, they can probably brute force it — but using a crypto key or long password essentially equates to a one time pad, and so is strong enough.

If you REALLY want strong encryption, you need what TrueCrypt allows for: embed multiple sets of data into the encrypted stream, such that cryptanalysis is likely to find the decoy data before it finds the real data. Of course, if they know you’ve done that, they can keep on looking to see what else they can find….

Anonymous Coward says:

Re: Honestly can't trust most of it anyway

No. D-Wave computers are adiabatic, which aren’t the kind of quantum computer that can break encryption. Futhermore, even the right kind of quantum computer can trivially break only assymetric encription; breaking symmetric encryption is faster, but will still take far longer than our lifetimes.

Ruben says:

Re: Honestly can't trust most of it anyway

All quantum computing does is speed up factoring of large numbers. Using a quantum computer to crack encryption has a basic effect of halving your keyspace due to the speed at which they’re able to factor.

So no, until there is a major breakthrough in quantum, most encryption is still fairly safe.

Mike Brown (profile) says:

Re: golden key

Well hello there Ms. Feinstein! I’m so glad to see you’re reading Techdirt!

Gold in this case is just a metaphor. It’s really just another password, known only to the good guys. They will probably choose something like “password” for their “golden” key, because, you know, the bad guys would never think to try that.

DavidMxx (profile) says:

Lest we forget why Apple, Google, and others have worked to provide automatic, end-to-end, strong encryption…

1) The mass indiscriminate surveillance as practiced by the NSA and their friends has been declared unconstitutional, yet the Government has no plans to stop it.
2) The directors of the CIA, NSA, and FBI have a perfect track record of lying to Congress each and every time they have been required to testify about their actions and surveillance programs.
3) Companies like Apple and Google are routinely served with National Security Letters, with NO oversight required of the agencies doing the serving, and where an absolute gag order accompanies the letters.
4) The CIA, NSA, and FBI each routinely and persistently ignore the law when it gets in their way (with no penalty for breaking it).
5) The NSA has been caught secretly subverting encryption standards, hacking servers and communication lines, tapping foreign dignitaries, tapping the United Nations private conferences, exploiting zero-day vulnerabilities, planting malware, etc., single-handedly nearly destroying the overseas marketplace for internet services provided by US companies.

To be worthy of trust, one has to act trustworthy. Considering the damage that the NSA et al has done to US internet businesses, is it no wonder that we are where we are today? If the US Government insists on backdoors or some kind of key escrow for every service, all they will do is succeed in finishing the destruction of US internet companies overseas. It definitely won’t stop encryption.

Anonymous Coward says:

Re: Re:


um, Google does not provide automatic, end-to-end encryption. Apple does but not Google.

Google only encrypts to their servers. Google can see all the data, your chats, your video, your email.

Apple encrypts end-to-end. Only the participants, and not Apple, can see the data.

Google’s method is fine against industry hackers but not against government types like NSA and FBI.

Anonymous Coward says:

Is all this talk about needing a backdoor into communications subterfuge? What makes people think that the government doesn’t already have this? Rumor has it that the government has worked with Intel and AMD to hardwire interception means into the brains of devices, including computers, cars, phones and tablets.

Think maybe the driver of the Internet of Things (IoT) is not that this will help consumers (does my toaster really need to connect to the Internet?) but another way the government can know what everyone is doing?

Out of the realm of possibility? Barbie can now alert the cops if a parent is abusing their kids (or doing who knows what else).

The government was tapped into our communications long before the current issue, going back to the beginning of communications. They were hardwired in. Why should we expect today be any different? It’s always been there, will be there in the future.

That One Guy (profile) says:

Re: Re:

Assume for a moment that that’s true, currently at least they have to do it in secret, which imposes some limits on their actions, as if it got out they might face some politicians bucking for some PR points that could make some noise about investigating the matter.

If they can get the practice legalized however, such that they don’t have to do it in secret, any limits vanish, and they would drastically increase their actions.

Put simply, even if they are already slipping backdoors into things, it’s better to at least force them to do it in secret, rather than allowing them to force companies to do so on their behalf.

corey says:

Re: Re:

yea its “hardwired backdoor” to the brains of all devices before the encryption ever occurs.

So if we are to have true encryption. we need it at the main processor. and an ID to said processor that is like 32 characters long or longer With a closed system of communication between processors that no outside eyes can see.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...