from the we're-going-to-take-this-stupidity-and-DOUBLE-it dept
Last October -- following Apple and Google's announcements of encryption-by-default for iOS and Android devices -- was greeted with law enforcement panic, spearheaded by FBI director James Comey, who has yet to find the perfect dead child to force these companies' hands.
The Washington Post editorial board found Comey's diatribes super-effective! It published a post calling for some sort of law enforcement-only, magical hole in Apple and Google's encryption.
How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.When is a "backdoor" not a "backdoor?" Well, apparently when an editorial board spells it G-O-L-D-E-N K-E-Y. It's the same thing, but in this particular pitch, it magically isn't, because good intentions. Or something.
Months later, the debate is still raging. But it's boiled down to two arguments:
1. This is impossible. You can't create a "law enforcement only" backdoor in encryption. It's simply not possible because a backdoor is a backdoor and can be used by anyone who can locate the door handle.
2. No, it isn't. Please see below for citations and references:
The FBI is at an impasse. Comey firmly believes this is possible, despite openly admitting he has zero evidence to back this claim up. When asked for specifics, Comey defers to "smart tech guys" and their warlock-like skills.
Sensing James Comey might be struggling a bit, the editorial board of the Washington Post is once again riding to the rescue. And they've brought the same level of cluelessness with them. (h/t to Techdirt reader Steve R.)
Mr. Comey’s assertions should be taken seriously. A rule-of-law society cannot allow sanctuary for those who wreak harm. But there are legitimate and valid counter arguments from software engineers, privacy advocates and companies that make the smartphones and software. They say that any decision to give law enforcement a key — known as “exceptional access” — would endanger the integrity of all online encryption, and that would mean weakness everywhere in a digital universe that already is awash in cyberattacks, thefts and intrusions. They say that a compromise isn’t possible, since one crack in encryption — even if for a good actor, like the police — is still a crack that could be exploited by a bad actor. A recent report from the Massachusetts Institute of Technology warned that granting exceptional access would bring on “grave” security risks that outweigh the benefits.After providing some statements opposing its view on the matter -- most notably an actual research paper written by actual security researchers -- the editorial board continues on to declare this all irrelevant.
The tech companies are right about the overall importance of encryption, protecting consumers and insuring privacy. But these companies ought to more forthrightly acknowledge the legitimate needs of U.S. law enforcement.And by "forthrightly acknowledge," the board means "give law enforcement what it wants, no matter the potential damage." After all, what's PERSONAL safety, security and a handful of civil liberties compared to "legitimate needs of law enforcement?"
All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society.Your rights end where law enforcement's "legitimate needs" begin. Except they don't. The needs of law enforcement don't trump the Bill of Rights. The needs of law enforcement don't automatically allow it to define the acceptable parameters of the communications of US citizens.
The editorial finally wraps up by calling for experts in the field to resolve this issue:
This conflict should not be left unattended. Nineteen years ago, the National Academy of Sciences studied the encryption issue; technology has evolved rapidly since then. It would be wise to ask the academy to undertake a new study, with special focus on technical matters, and recommendations on how to reconcile the competing imperatives.The WaPo editorial board is no better than James Comey. It can cite nothing in support of its view but yet still believes it's right. And just like Comey, the board is being wholly disingenuous in its "deferral" to security researchers and tech companies. It, like Comey, wants to hold two contradictory views.
Tech/security researchers are dumb when they say this problem can't be solved.So, they (the board and Comey) want to ignore the "smart guys" when they say this is impossible, but both are willing to listen if they like the answers they're hearing.
Tech/security researchers are super-smart and can solve this problem.