WaPo's Excellent Explainer On Encryption Debunks WaPo's Stupid Editorial In Favor Of Encryption Backdoors
from the hey,-you-guys-should-talk! dept
Washington Post reporter Andrea Peterson has put together a really excellent explainer piece on what you should know about encryption. Considering the source, it’s a good “general knowledge” explainer piece for people who really aren’t that aware of encryption or technically savvy. That’s important and useful, given how important this debate is and how many participants in it don’t seem to understand the first thing about encryption. But what struck me is this little tidbit:
Can the government stop terrorists from using encryption?
Well, no. The most the government can probably do is bar companies from offering the most secure forms of encryption to their users. But encryption isn’t just one product. Just like the math it’s based on, it’s really more of a concept or an idea rather than a specific technical tool.
And it’s pretty impossible to outlaw ideas.
It goes on, in some depth, to explain just what a stupid idea it would be to outlaw end-to-end encryption, noting that there are lots of non-US companies and plenty of open source offerings for encryption that would still be widely available and used.
Now, compare that to the ridiculous editorial that the Washington Post put out a year ago, advocating for just such a solution:
How to resolve this? A police ?back door? for all smartphones is undesirable ? a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we?d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.
Hey, Washington Post editorial board, I hope you read your own newspaper.
Filed Under: andrea peterson, backdoors, encryption, going dark, golden key
Companies: washington post
Comments on “WaPo's Excellent Explainer On Encryption Debunks WaPo's Stupid Editorial In Favor Of Encryption Backdoors”
Follow the money
I know who just got a nice paycheck before Christmas.
Honestly can't trust most of it anyway
With the Q-wave and probable alternative quantum computers already in the world, anything that could potentially be brute force cracked, can assume to be vulnerable. One time ciphers and other non crackable methods have to be assumed to be the very minimum now and anything else is just smoke and mirrors.
Re: Honestly can't trust most of it anyway
The real measure of encryption is:
Given that the methods and algorithms are known to the attacker, how much energy (in terms of time and resources) is required to decrypt the data? Is this greater, or less, than is required to protect the data from abuse?
Q-wave and quantum computing currently don’t decrease the energy required; they just shift the energy from time to resources. Once everyone has their own quantum computing chip built in to their mobile phone, you’ll have a point. Until then, traditional crypto is strong enough for many applications (such as securing your communications in transit). For data at rest, you can assume that if someone wants the data, they can probably brute force it — but using a crypto key or long password essentially equates to a one time pad, and so is strong enough.
If you REALLY want strong encryption, you need what TrueCrypt allows for: embed multiple sets of data into the encrypted stream, such that cryptanalysis is likely to find the decoy data before it finds the real data. Of course, if they know you’ve done that, they can keep on looking to see what else they can find….
Re: Honestly can't trust most of it anyway
No. D-Wave computers are adiabatic, which aren’t the kind of quantum computer that can break encryption. Futhermore, even the right kind of quantum computer can trivially break only assymetric encription; breaking symmetric encryption is faster, but will still take far longer than our lifetimes.
Re: Honestly can't trust most of it anyway
All quantum computing does is speed up factoring of large numbers. Using a quantum computer to crack encryption has a basic effect of halving your keyspace due to the speed at which they’re able to factor.
So no, until there is a major breakthrough in quantum, most encryption is still fairly safe.
Re: Re: Honestly can't trust most of it anyway
If somebody had a quantum computer that could crack anything digital in the planet…
YOU WILL NOTICE THIS everywhere,
specially in the stocks market
Re: Re: Re: Honestly can't trust most of it anyway
because he would be a GOD
Maybe the financial institutions will put a stop to this
Maybe, after they weaken encryption and financial institutions get hacked, the banks will pay their congress critters to back off?
Re: Maybe the financial institutions will put a stop to this
They’ll just tell their customers that it’s THEIR problem, not the banks’.
golden key
A golden key would work really well.
Gold is expensive, criminals are poor and stealing gold is already illegal.
With no criminal able to afford or steal gold there is no way they can duplicate gold keys!
Re: golden key
Well hello there Ms. Feinstein! I’m so glad to see you’re reading Techdirt!
Gold in this case is just a metaphor. It’s really just another password, known only to the good guys. They will probably choose something like “password” for their “golden” key, because, you know, the bad guys would never think to try that.
Re: Re: golden key
Whoosh!
Re: Re: golden key
I suspect the FBI would use a truly fitting password like 12345.
Re: Re: Re: golden key
more like “GOD”
12345 too complicated. And does not represent their belief that they can do no wrong and that they are above all else in this universe and beyond.
Re: golden key
how about winged unicorns?
a backdoor that only works in the presence of winged unicorns…
then we can limit the supply of unicorns to just the NSA
(and rich elite)
Huh, just noticed that the Washington Post, like Techdirt, loads over HTTPS and works perfectly without javascript. I hope this trend continues!
Lest we forget why Apple, Google, and others have worked to provide automatic, end-to-end, strong encryption…
1) The mass indiscriminate surveillance as practiced by the NSA and their friends has been declared unconstitutional, yet the Government has no plans to stop it.
2) The directors of the CIA, NSA, and FBI have a perfect track record of lying to Congress each and every time they have been required to testify about their actions and surveillance programs.
3) Companies like Apple and Google are routinely served with National Security Letters, with NO oversight required of the agencies doing the serving, and where an absolute gag order accompanies the letters.
4) The CIA, NSA, and FBI each routinely and persistently ignore the law when it gets in their way (with no penalty for breaking it).
5) The NSA has been caught secretly subverting encryption standards, hacking servers and communication lines, tapping foreign dignitaries, tapping the United Nations private conferences, exploiting zero-day vulnerabilities, planting malware, etc., single-handedly nearly destroying the overseas marketplace for internet services provided by US companies.
To be worthy of trust, one has to act trustworthy. Considering the damage that the NSA et al has done to US internet businesses, is it no wonder that we are where we are today? If the US Government insists on backdoors or some kind of key escrow for every service, all they will do is succeed in finishing the destruction of US internet companies overseas. It definitely won’t stop encryption.
Re: Re:
Well said! Finally a concise overview of the primary reasons on why encryption is gaining use and will not be hindered, regardless of whatever legislation is pushed out.
Re: Re:
@DavidMxx
um, Google does not provide automatic, end-to-end encryption. Apple does but not Google.
Google only encrypts to their servers. Google can see all the data, your chats, your video, your email.
Apple encrypts end-to-end. Only the participants, and not Apple, can see the data.
Google’s method is fine against industry hackers but not against government types like NSA and FBI.
Re: Re:
Don’t forget cops using any stop as an excuse to search through people’s phones, and the TSA wanting to search devices at the airport.
You can fly
“…with all their wizardry…”; surely you can fly, you just aren’t trying hard enough. Wishful thinking. I wish I had a winged unicorn.
Well said.
“…the destruction of US internet companies overseas.”
But not just internet companies, all US IT companies in general are being considered suspect, particularly those involved in technical infrastructure.
Reminds me of when the highest forms of encryption in Netscape couldn’t be exported, as if terrorists,criminals and nefarious enemy countries would have paid attention to the geographical download restrictions.
Is all this talk about needing a backdoor into communications subterfuge? What makes people think that the government doesn’t already have this? Rumor has it that the government has worked with Intel and AMD to hardwire interception means into the brains of devices, including computers, cars, phones and tablets.
Think maybe the driver of the Internet of Things (IoT) is not that this will help consumers (does my toaster really need to connect to the Internet?) but another way the government can know what everyone is doing?
Out of the realm of possibility? Barbie can now alert the cops if a parent is abusing their kids (or doing who knows what else).
The government was tapped into our communications long before the current issue, going back to the beginning of communications. They were hardwired in. Why should we expect today be any different? It’s always been there, will be there in the future.
Re: Re:
Assume for a moment that that’s true, currently at least they have to do it in secret, which imposes some limits on their actions, as if it got out they might face some politicians bucking for some PR points that could make some noise about investigating the matter.
If they can get the practice legalized however, such that they don’t have to do it in secret, any limits vanish, and they would drastically increase their actions.
Put simply, even if they are already slipping backdoors into things, it’s better to at least force them to do it in secret, rather than allowing them to force companies to do so on their behalf.
Re: Re:
yea its “hardwired backdoor” to the brains of all devices before the encryption ever occurs.
So if we are to have true encryption. we need it at the main processor. and an ID to said processor that is like 32 characters long or longer With a closed system of communication between processors that no outside eyes can see.
that is why they hate the opensource BIOS idea