WaPo's Excellent Explainer On Encryption Debunks WaPo's Stupid Editorial In Favor Of Encryption Backdoors

from the hey,-you-guys-should-talk! dept

Washington Post reporter Andrea Peterson has put together a really excellent explainer piece on what you should know about encryption. Considering the source, it's a good "general knowledge" explainer piece for people who really aren't that aware of encryption or technically savvy. That's important and useful, given how important this debate is and how many participants in it don't seem to understand the first thing about encryption. But what struck me is this little tidbit:
Can the government stop terrorists from using encryption?

Well, no. The most the government can probably do is bar companies from offering the most secure forms of encryption to their users. But encryption isn't just one product. Just like the math it's based on, it's really more of a concept or an idea rather than a specific technical tool.

And it's pretty impossible to outlaw ideas.
It goes on, in some depth, to explain just what a stupid idea it would be to outlaw end-to-end encryption, noting that there are lots of non-US companies and plenty of open source offerings for encryption that would still be widely available and used.

Now, compare that to the ridiculous editorial that the Washington Post put out a year ago, advocating for just such a solution:
How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.
Hey, Washington Post editorial board, I hope you read your own newspaper.

Filed Under: andrea peterson, backdoors, encryption, going dark, golden key
Companies: washington post


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Capt ICE Enforcer, 9 Dec 2015 @ 3:09pm

    Follow the money

    I know who just got a nice paycheck before Christmas.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Dec 2015 @ 3:23pm

    Honestly can't trust most of it anyway

    With the Q-wave and probable alternative quantum computers already in the world, anything that could potentially be brute force cracked, can assume to be vulnerable. One time ciphers and other non crackable methods have to be assumed to be the very minimum now and anything else is just smoke and mirrors.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Dec 2015 @ 3:54pm

      Re: Honestly can't trust most of it anyway

      The real measure of encryption is:
      Given that the methods and algorithms are known to the attacker, how much energy (in terms of time and resources) is required to decrypt the data? Is this greater, or less, than is required to protect the data from abuse?

      Q-wave and quantum computing currently don't decrease the energy required; they just shift the energy from time to resources. Once everyone has their own quantum computing chip built in to their mobile phone, you'll have a point. Until then, traditional crypto is strong enough for many applications (such as securing your communications in transit). For data at rest, you can assume that if someone wants the data, they can probably brute force it -- but using a crypto key or long password essentially equates to a one time pad, and so is strong enough.

      If you REALLY want strong encryption, you need what TrueCrypt allows for: embed multiple sets of data into the encrypted stream, such that cryptanalysis is likely to find the decoy data before it finds the real data. Of course, if they know you've done that, they can keep on looking to see what else they can find....

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Dec 2015 @ 4:54pm

      Re: Honestly can't trust most of it anyway

      No. D-Wave computers are adiabatic, which aren't the kind of quantum computer that can break encryption. Futhermore, even the right kind of quantum computer can trivially break only assymetric encription; breaking symmetric encryption is faster, but will still take far longer than our lifetimes.

      reply to this | link to this | view in chronology ]

    • identicon
      Ruben, 10 Dec 2015 @ 8:33am

      Re: Honestly can't trust most of it anyway

      All quantum computing does is speed up factoring of large numbers. Using a quantum computer to crack encryption has a basic effect of halving your keyspace due to the speed at which they're able to factor.

      So no, until there is a major breakthrough in quantum, most encryption is still fairly safe.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 11 Dec 2015 @ 1:14am

        Re: Re: Honestly can't trust most of it anyway

        If somebody had a quantum computer that could crack anything digital in the planet...
        YOU WILL NOTICE THIS everywhere,

        specially in the stocks market

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Dec 2015 @ 3:38pm

    Maybe the financial institutions will put a stop to this

    Maybe, after they weaken encryption and financial institutions get hacked, the banks will pay their congress critters to back off?

    reply to this | link to this | view in chronology ]

  • identicon
    Dianne Feinstein, 9 Dec 2015 @ 3:40pm

    golden key

    A golden key would work really well.
    Gold is expensive, criminals are poor and stealing gold is already illegal.

    With no criminal able to afford or steal gold there is no way they can duplicate gold keys!

    reply to this | link to this | view in chronology ]

    • icon
      Mike Brown (profile), 9 Dec 2015 @ 4:13pm

      Re: golden key

      Well hello there Ms. Feinstein! I'm so glad to see you're reading Techdirt!

      Gold in this case is just a metaphor. It's really just another password, known only to the good guys. They will probably choose something like "password" for their "golden" key, because, you know, the bad guys would never think to try that.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Dec 2015 @ 2:42am

      Re: golden key

      how about winged unicorns?
      a backdoor that only works in the presence of winged unicorns...
      then we can limit the supply of unicorns to just the NSA
      (and rich elite)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Dec 2015 @ 3:59pm

    Huh, just noticed that the Washington Post, like Techdirt, loads over HTTPS and works perfectly without javascript. I hope this trend continues!

    reply to this | link to this | view in chronology ]

  • icon
    DavidMxx (profile), 9 Dec 2015 @ 7:11pm

    Lest we forget why Apple, Google, and others have worked to provide automatic, end-to-end, strong encryption...

    1) The mass indiscriminate surveillance as practiced by the NSA and their friends has been declared unconstitutional, yet the Government has no plans to stop it.
    2) The directors of the CIA, NSA, and FBI have a perfect track record of lying to Congress each and every time they have been required to testify about their actions and surveillance programs.
    3) Companies like Apple and Google are routinely served with National Security Letters, with NO oversight required of the agencies doing the serving, and where an absolute gag order accompanies the letters.
    4) The CIA, NSA, and FBI each routinely and persistently ignore the law when it gets in their way (with no penalty for breaking it).
    5) The NSA has been caught secretly subverting encryption standards, hacking servers and communication lines, tapping foreign dignitaries, tapping the United Nations private conferences, exploiting zero-day vulnerabilities, planting malware, etc., single-handedly nearly destroying the overseas marketplace for internet services provided by US companies.

    To be worthy of trust, one has to act trustworthy. Considering the damage that the NSA et al has done to US internet businesses, is it no wonder that we are where we are today? If the US Government insists on backdoors or some kind of key escrow for every service, all they will do is succeed in finishing the destruction of US internet companies overseas. It definitely won't stop encryption.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Dec 2015 @ 7:45am

      Re:

      Well said! Finally a concise overview of the primary reasons on why encryption is gaining use and will not be hindered, regardless of whatever legislation is pushed out.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Dec 2015 @ 11:47am

      Re:

      @DavidMxx

      um, Google does not provide automatic, end-to-end encryption. Apple does but not Google.

      Google only encrypts to their servers. Google can see all the data, your chats, your video, your email.

      Apple encrypts end-to-end. Only the participants, and not Apple, can see the data.

      Google's method is fine against industry hackers but not against government types like NSA and FBI.

      reply to this | link to this | view in chronology ]

    • identicon
      Rekrul, 10 Dec 2015 @ 5:01pm

      Re:

      Lest we forget why Apple, Google, and others have worked to provide automatic, end-to-end, strong encryption...

      Don't forget cops using any stop as an excuse to search through people's phones, and the TSA wanting to search devices at the airport.

      reply to this | link to this | view in chronology ]

  • icon
    afn29129 (profile), 9 Dec 2015 @ 11:51pm

    You can fly

    "...with all their wizardry..."; surely you can fly, you just aren't trying hard enough. Wishful thinking. I wish I had a winged unicorn.

    reply to this | link to this | view in chronology ]

  • identicon
    Klaus, 10 Dec 2015 @ 5:02am

    Well said.

    "...the destruction of US internet companies overseas."

    But not just internet companies, all US IT companies in general are being considered suspect, particularly those involved in technical infrastructure.

    reply to this | link to this | view in chronology ]

  • icon
    uberfrood (profile), 10 Dec 2015 @ 6:47am

    Reminds me of when the highest forms of encryption in Netscape couldn't be exported, as if terrorists,criminals and nefarious enemy countries would have paid attention to the geographical download restrictions.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Dec 2015 @ 7:54am

    Is all this talk about needing a backdoor into communications subterfuge? What makes people think that the government doesn't already have this? Rumor has it that the government has worked with Intel and AMD to hardwire interception means into the brains of devices, including computers, cars, phones and tablets.

    Think maybe the driver of the Internet of Things (IoT) is not that this will help consumers (does my toaster really need to connect to the Internet?) but another way the government can know what everyone is doing?

    Out of the realm of possibility? Barbie can now alert the cops if a parent is abusing their kids (or doing who knows what else).

    The government was tapped into our communications long before the current issue, going back to the beginning of communications. They were hardwired in. Why should we expect today be any different? It's always been there, will be there in the future.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 10 Dec 2015 @ 9:17am

      Re:

      Assume for a moment that that's true, currently at least they have to do it in secret, which imposes some limits on their actions, as if it got out they might face some politicians bucking for some PR points that could make some noise about investigating the matter.

      If they can get the practice legalized however, such that they don't have to do it in secret, any limits vanish, and they would drastically increase their actions.

      Put simply, even if they are already slipping backdoors into things, it's better to at least force them to do it in secret, rather than allowing them to force companies to do so on their behalf.

      reply to this | link to this | view in chronology ]

    • identicon
      corey, 8 May 2016 @ 7:50pm

      Re:

      yea its "hardwired backdoor" to the brains of all devices before the encryption ever occurs.

      So if we are to have true encryption. we need it at the main processor. and an ID to said processor that is like 32 characters long or longer With a closed system of communication between processors that no outside eyes can see.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Dec 2015 @ 1:17am

    that is why they hate the opensource BIOS idea

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.