Techdirt Podcast Episode 67: The Great Encryption Debate: Should There Be Back Doors?
from the guess-which-side-we're-on dept
Anyone who reads Techdirt knows our opinion on encryption: stronger is better, and giving the government (or anyone else) a back door is a dangerous idea. We’ve decried a lot of the stupid arguments that we’ve heard in favor of back doors — usually coming from technologically clueless politicians and law enforcement officers — but that doesn’t mean we aren’t open to considering some smart ones. This week, we’ve invited Albert Wenger (who you may recall from a discussion about basic income way back in Episode 16) to share his pro-backdoor position and engage in some friendly debate.
Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.
Filed Under: albert wenger, encryption, podcast, privacy
Comments on “Techdirt Podcast Episode 67: The Great Encryption Debate: Should There Be Back Doors?”
Back doors, of course
I’ll take back doors into the back doors for $100 please Alex.
Absolutely not
The possessors may say we will only use it for this, but history has shown every such promise to be broken. Plus, if the key to the backdoor falls into malicious hands, its all over for security.
Backdoors are just another name for flaws (aka bugs) when it comes to software. Implementing them purposefully means now they are “features” that the company should advertise.
Unfortunately, most people aren’t educated enough to care if their software has a backdoor, And even if they did, a lot of people subscribe to the “it’s fine for me to be under surveillance since I didn’t do anything wrong” line of thought and will easily jump to to “its fine for backdoors to be there, since I didn’t do anything to warrant a backdoor being against on me”
Is it even possible to have encryption without a backdoor? After all that was written during the Apple vs FBI, I’m now pretty much convinced that bullet proof encryption is impossible.
It’s just math: Remember high school algebra? They’d give you problems like “3x + 5 = 29” and you have to find x? Math isn’t a philosophical or moral question. If I find the right answer and you find the right answer, they’ll always be the same, because math is objective. It works the same way for everyone.
Encryption, for all the complexity involved in getting the details right, boils down to math problems. With these variables, the message and the key, find the cyphertext. With these variables, the cyphertext and the key, find the original message.
A well-designed cryptographic algorithm is a math problem with three properties:
1) If you know the key, it is easy to convert between message and cyphertext.
2) If you know the cyphertext but do not know the key, calculating the value of the message is computationally unfeasible.
3) If you know the cyphertext but do not know the key, calculating the value of the key is computationally unfeasible.
Backdoor systems involve weakening point 2 and/or 3 above: finding a way to make it easier to either retrieve the key or retrieve the message without having to possess the key. But the thing is, encryption is a math problem. If one person can solve for X, so can other people, and it doesn’t matter whether they’re cops, spies, cybercriminals or some hacker kid just doing it for the lulz, because the right answer to a math problem is the right answer to a math problem for everybody.
Albert Wenger is completely right that we need to be very suspicious of Apple in this, both because their code is un-auditable and also because of their past behavior, but I don’t see how any rational person can say “because this is bad, we should do this other thing over there that makes it worse because hey, it’s not like it’s perfect anyway.” At one point Mike said “I think we’re talking about different things,” and that’s totally the impression I got listening to this.
WRT the “we have this huge edifice and altering one thing will bring it all crumbling down” line, if we’re using a metaphor of buildings, any architect can tell you there’s a big difference between messing with a common wall and a load-bearing wall. Encryption is a load-bearing member when it comes to privacy and security, in ways that most ordinary system components are not.
Re: Re:
No Mason… Wagner is clearly an Applephoebe, as are you. I don’t have a problem with that, but ethically you have to declare yourselves as non independent.
Re: Re: Re:
Yeah I got that too – this was a tense podcast.
This Wager fellow was really anti Apple and I don’t know why
Re: Jesus Mason
Mason, No, no, no, no, no….. you said
“If I find the right answer and you find the right answer, they’ll always be the same, because math is objective.’
Mason. Math can lead you to multiple solutions. 8 seconds search on google, man, I found this. http://mathandmultimedia.com/2011/07/29/handshake-problem/
I can go at length ad nauseam about this, please don’t argue because… embarrassment
http://mathandmultimedia.com/2011/07/29/handshake-problem/
Re: Re: Jesus Mason, have you ever done math?????
Yes – have you ever done Calculus? Integration is dripping with multiple solutions. We talk of solution SETS…..
Happy to give you examples…… The SET of solutions, where you have the MOA disagreement….. I can give valid proofs, but you’re well into argument territory – nearly three centuries and it’s not settled
I couldn't even finish listening to this...
—- LANGUAGE WARNING!!! —-
Mike,
That idiot you are talking with is knowingly walking, eyes wide shut, into the ( FBI / Law Enforcement / Foreign Governments ) being able to use a “Frame-O-Matic” type system. The moron has no clue just how much the govt is bypassing ( law / courts / warrants ).
I don’t know what his tech background is, but it isn’t anything to do with software ( programming / development ).
When you hardcode any type of ID, password, or crypto key ( backdoor ) into a system …. you are dropping your pants, smearing lube on your ass, bending over, and begging for it … don’t be surprised when someone uses a power auger!
When one Govt gets a Master Key, all other Govts will demand one as well. Does he seriously expect ALL Govts to “play nice”?
Key Escrow ??? Get Real! The key will be in the wild in under 24hrs. from the time it is distributed to all the LEOs / Agencies / Foreign Governments. A world record for competitive thievery / hacking will be set. I have yet to hear a remotely workable suggestion for how to update EVERYTHING … EVERY TIME THE KEY IS STOLEN!
Requiring every company to have a backdoor into their products has the same problems.
Has he ever heard of something called “FOSS / Open Source” software? How will a mandatory backdoor work in those software projects? What about the software from outside the US?
Just how does he think all the “Internet of Things” devices will be made or kept secure??? They are NEVER updated, tested or validated.
No patch, modify, or upgrade paths — NONE.
He has never had to setup and secure a Wireless/WiFi LAN. Again, no updates, no patches, no fixes. ( i.e. routers ) The security of WiFi is a joke … is he still mystified why the police are raiding his home, looking for child pornography, when its the pedophile, using his WiFi to download it remotely?
He doesn’t have an Android phone, or he would know about update problems ( i.e. “when Hell freezes over!” )
He either loves Windows 10 or uses an Apple. Microsoft burned a bridge when they decided to FORCE people that PAID for Win 7,8,8.1 to use Win 10 on the forth coming Subscription Model. Does he even know what Windows Update is OR why lots of people don’t trust it now?
Serious Question : How many times has he bought that bridge in Brooklyn, anyways?
Re: I couldn't even finish listening to this...
I have an Android phone and I’ve never seen any such update problem with it. It gets updates pretty regularly.
Re: Re: I couldn't even finish listening to this...
What brand?
Is it the carrier doing an update, or the OS being upgraded?
Most upgrades are by carrier and “cosmetic”. Watch the “jail breaks” and who does what in response. As for OS fixes, unless the carrier goes for a new version of OS on the device, its “cosmetic”.
Android is Java based.
Think of all the “breakage” that you are constantly upgrading the JREs / JDKs on desktops to fix. And when they are upgraded, how many of your apps stop working? Do you remember what happened when Java went to 1.6, 1.7, 1.8 ? Do you know what happened to the apps written for the old standard?
Interpreter languages with no version support are a nightmare to debug / fix / support.
Samsung uses Enlightenment and Webkit. Apple uses Webkit for Safari. Google has abandoned Webkit and is developing something else. ( Can’t remember the name. )
Webkit gets no security fixes pushed downstream. Why? most vendors are happy just getting one version of Webkit to compile and never go back to update.
Webkit-qt is dead. Webkit-gtk is getting more and more difficult to successfully compile.
Webkit-gtk, 8 CPU 5.0Ghz machine with 32Gigs of DDR3, takes two to three hours to compile. Think about it.
Re: Re: Re: I couldn't even finish listening to this...
Blackberry Priv. I see updates coming in, both over Google Play and from Blackberry, on a regular basis. I haven’t seen anything that appears to be pushed directly from T-Mobile, but I don’t know if I would recognize such an update as distinct from the other two if one did some. (Would they use their own updater, or send it via the Google or BB mechanism?)
To be completely honest, I’m pretty much entirely ignorant of the mess you’re invoking here, because I have never in my life (that I know of) used a Java desktop program, except for a few narrow-purpose coding tools such as ANTLR, which I have never seen break with a Java update.
I do know, though, that Android does not run on Java as such; it runs on Dalvik, which is a completely redesigned VM that can import JVM code. And recent versions (as of a few years ago) have done away with the Dalvik engine as much as possible, moving to a fully AOT-compiled model instead, so calling it an “interpreter language” is not all that accurate anymore.
Re: Re: Re:2 I couldn't even finish listening to this...
If you have worked corporate IT you will be all too familiar with the Java breakage. Hospitals seem to be the worst IT shops for that right now.
Have no idea what ?RIMM? / Blackberry support is. I was under the impression that they were not Android. ( Wrote their own OS )
Doesn’t the Govt of India have a backdoor into the Blackberry? ( Seem to remember ?RIMM? having to hand over crypto keys. )
AOT? Going machine code … hmmmm. Partial though, limited coverage. Similar to pre-linking it seems.
Be interesting to see if that gets around lack of versioning support. Bytecode always needs an interpreter environment.
Thanks for the Info.
Re: Re: Re:3 I couldn't even finish listening to this...
Yeah, 100% agree with you Also on India, we shed Blackberry 2 years ago because of the India situation, where they capitulated.
Also yes, Blackberry is 100% not Android
Re: I couldn't even finish listening to this...
I was not a fan of his either, but I would not go quite as far as you.
He had horribly weak arguments. He repeatedly just waived off Mike’s points as “not relevant” without actually addressing them. He also kept bringing up the point of not making any general arguments or bringing up hypothetical “this will get broken” or “this makes things weaker” arguments but completely avoided the entire question of what “problem” is solved by forcing companies to create a backdoor into their devices.
There was also the horrible argument that since encryption was not perfect, there was no real harm in making it worse. He lost me completely when he got there. He also was very close to saying that Apple must be able to implement key escrow because, you know, they write software. If a software developer tells me that they cannot do something safely and securely, I’m not going to look back at them and say “well, I think you can do it, so you must be wrong”.
Mike – my hat is off to you for keeping cool most of that podcast, but I would really love to hear one with a security researcher that actually knows what they are talking about and can make reasoned arguments.
While I do think the arguments about the practicality of backdoors is important, the one thing I really agree with this guest on is that it’s important to discuss whether governments should have access to what’s on our phones and who we discuss with.
To me the answer is a clear NO. There’s no evidence that law enforcement needs the backdoors*, because what’s in our phones/laptops were traditionally in our brains (or shredded papers). And when all our communications were face-to-face there were no means to collect metadata on all of that communications.
Instead law enforcement should rely on, as they always have: published documents (on the web) and questioning the individuals and businesses involved.
And last comment here, I’m not just concerned about other countries developing these technologies if the US doesn’t. I’m concerned about terrorists implementing their own (imperfect) stuff in-house, that’s the software that needs to be attacked.
* I’m happy to take that back if efforts to create a more perfectly secure device does infact hinder law enforcement.
Not so much
The NSA likes their encryption like they like their women, with big back doors. Bootylicious. Great for one night, long term…not so much.
This is a bit of a double edged argument here. The DOJ/FBI/Cops come to the tech sector and expect them to wave a magic wand to allow access so they aren’t totally screwed in some investigations. Except the implications of that kind of access would blow a huge hole in the tech industry, but at the same time everyone expects law enforcement to wave a magic wand and amazingly “catch the bad guys” somehow when shit hits the fan (swatting, fraud, kiddy pics, etc).
So far the only reasonable sounding compromise in all this sounds like the NAND Mirroring attack, as its an invasive localized physical attack against an individual device that doesn’t pose an immediate threat to other networked devices or weaken the encryption directly. Sure, a third party could potentially still access it if they get their hands on it, but the same could be said for someone lifting your wallet and maxing out your credit cards, or snatching an address book and combing through all your phone numbers/contacts. It would also mean though that law enforcement would have a bit of an easier time catching people who do that sort of thing, and ideally a better system for invalidating all the kinds of personal information contained on said devices should be put in place, much like flagging a credit card as stolen.
But the real problem here in finding a compromise like this largely has to do with the absolute 0% trust in the DOJ / FBI / NSA because of just how far they’ve stepped over the line and lied about it, to the public, to the oversite commitee’s, and in open court (all the noise about local law enforcement corruption/racism/violence isn’t helping either). Then we get this open hostility towards the tech sector for pushing back, nobody is ever going to go for any of this because the public can’t even have an honest transparent discussion with anyone in law enforcement or government (although you could argue thats what were tentively having right now), or find any kind of accountability from anybody. A society cannot function without Trust, and you can’t build trust without transparency, honesty, and accountability.
Debate completely misses the point
I like others couldn’t suffer through the entire podcast. The debate seemed completely besides the point. I don’t think the technical arguments are the heart of the issue. Of course we can create a key escrow or similar system. The question is should we and I think the clear answer is no! I think there are three key points that were completely missing from the podcast:
-“It’s just math.” This, to me, means, sure you can create a system with key escrow (a backdoor) but criminals and anyone that values their privacy just won’t use it. It will drive people to open source (yeah!) or other privately rolled systems (using off the shelf tech) that don’t have known back doors. Only law abiding people and fools will be harmed by government tools.
-Even if we trust the US gov’t (we don’t) do we really want this technology in the hands of China, Syria, North Korea or any other despot? You can’t say only the good guys (however you define them) can have these tools. All gov’ts good and bad will demand it.
-If the US gov’t gets it’s way they are practically signing the death knell for US corporations as their international sales plummet. Foreign gov’ts and citizens aren’t going to want to use systems that the US can easily surveil. And what about foreign companies. Does Mr Wenger support the idea of Samsung having keys to all their phones in a vault in Korea? Or Huawei in China? I’m sure the US gov’t wouldn’t.
I think we all recognize the dangers that are posed by pervasive and omniscient surveillance. If you want to say no to the bad guys having these capabilities then you have to be willing to abstain yourself.
A separate discussion is about whether Apple can be trusted (it can’t).
Nope. Backdoors are dangerous.
Simple
We can boil this down to very simple logic:
-A more secure system is better than a less secure system.
-A system without a backdoor is more secure than a system with a backdoor.
-Therefore, systems without backdoors are better than systems with backdoors.
I believe the opposition argues against one or more of these three points, but all three of them are self-evident.
(You can prove all of them through induction if necessary.)
Oh, there is one exception to the first point. A perfectly secure system is worthless. (A perfectly secure system simply doesn’t allow any access, ever.) However, just because we can never have a perfectly secure system does not mean we should accept a less secure system when offered.