Earlier this week, we noted that a huge list of companies, non-profits and cybersecurity experts had signed a letter
to the White House about the stupidity and danger of trying to order backdoors into encryption (disclaimer: we signed the letter as well). While many in the press focused on the companies that had signed onto the letter (including Google, Apple, Cisco, Microsoft, Twitter and Facebook), as we noted, what was much more
interesting was the long list of cybersecurity/encryption experts who signed onto the letter. Just in case you don't feel like searching it out, I'll post the entire list of those experts after this post.
It's a who's who of the brightest minds in encryption and cryptography. Whitfield Diffie invented
public key cryptography. Phil Zimmermann created PGP. Ron Rivest is the "R" in "RSA." Peter Neumann has been working on these issues for decades before I was even born. And many more on the list are just as impressive.
So how do you think FBI director James Comey -- who has been leading the charge
on backdooring encryption -- responded to these experts?
By calling them uninformed
I wish I was joking.
A group of tech companies and some prominent folks wrote a letter to the President yesterday that I frankly found depressing. Because their letter contains no acknowledgment that there are societal costs to universal encryption. Look, I recognize the challenges facing our tech companies. Competitive challenges, regulatory challenges overseas, all kinds of challenges. I recognize the benefits of encryption, but I think fair-minded people also have to recognize the costs associated with that. And I read this letter and I think, “Either these folks don’t see what I see or they’re not fair-minded.” And either one of those things is depressing to me. So I’ve just got to continue to have the conversation.
First of all, it's kind of hilarious for the FBI director to be arguing that the people who signed that letter haven't done a cost-benefit analysis, since we've noted that the intelligence and law enforcement communities almost never
do such an analysis. They always insist "more surveillance" must be better, without considering the costs involved.
And then there's this, showing that Comey still doesn't understand
the letter at all:
We’ve got to have a conversation long before the logic of strong encryption takes us to that place. And smart people, reasonable people will disagree mightily. Technical people will say it’s too hard. My reaction to that is: Really? Too hard? Too hard for the people we have in this country to figure something out? I’m not that pessimistic. I think we ought to have a conversation.
Hey, Comey! No one is saying it's "too hard." They're saying it's IMPOSSIBLE to do this without weakening everyone's security. Impossible. It's not a "hard" problem, it's an impossible problem. Because if you weaken security to let the FBI in, by definition
you are weakening the security to let others in as well. That's the point that was being made.
And this is important. For all of the ridiculous claims by Comey and others that we need to "have a conversation" on this, we do not
. A conversation is counterproductive. All of these people can and should
be working on systems to make us all more safe and secure. But if they have to keep explaining to ignorant folks like Comey why this is a bad idea, then they are taken away from making us safer
. You can have a discussion over things that are hard. But there is no point
in having a discussion over things that are impossible