There's a legitimate and important need for governments (such as the US) to conduct electronic surveillance and intercept electronic communications
To protect national interests and security.
To prevent and provide evidence against violations of criminal law
Encryption makes it very difficult for these needs to be met (if those communicating encrypt their data), and decrypting most encryption algorithms is not feasible with conventional means
Even if larger software vendors provided a means by which their encryption could be circumvented, there are common algorithms that can be implemented with very little development time (hours) that make it nearly impossible to decrypt a message (such as RSA, you can implement that in an afternoon).
There's nothing theoretically impossible saying we can't just decrypt these messages. We just don't have a method yet. By definition, any message can be decrypted given a sufficient number of attempts. If we can use quantum computing to skip to the right answer (essentially), there may be a way for encryption to be secure against nearly everyone but not absolutely everyone.
I have some contentions with number 1. The government doesn't need, nor is allowed, to open and read my mail. They're not allowed to break into my house and drill open my safe. They've never been able to just do these kinds of things with it warrants, and they've never had trouble staying in control of national security.
But that's the whole point - the government can do all those things, provided that they demonstrate that there is a legitimate government interest to a court and acquire a warrant. Part of the issue here is that there are people who want to make even that functionally impossible.
If you go back some time, during the TorrentSpy case, there was a lot of criticism of the government penalizing them for interfering with the process of discovery, even though discovery rules are considered a legitimate use of government power.
I think that's a false comparison because if quantum computing is possible it's going to happen whether the US invests in it or not, and ithe would be better for security if we are on the cutting edge rather than others.
Sure - but Mrs. Clinton was talking about a Manhatten Project style intense research effort to bring about quantum computing (or some equivalent; she doesn't really specify), which is well beyond just funding schools & keeping the tech sector healthy, and she cites the current paradigm of, 'let's all be afraid of TERRORISM!' as a legitimate catalyst for such an undertaking.
I think we ought to remember that the Manhatten Project led to a stretch of years where everyone was just wondering when civilization was going to be annihilated over petty cultural differences & therefore question the wisdom of taking a crowbar over to Pandora's Box every time we decide that an existential threat to life, liberty and decadence has arisen.
There's a legitimate and important need for governments (such as the US) to conduct electronic surveillance and intercept electronic communications
To protect national interests and security.
To prevent and provide evidence against violations of criminal law
Encryption makes it very difficult for these needs to be met (if those communicating encrypt their data), and decrypting most encryption algorithms is not feasible with conventional means
Even if larger software vendors provided a means by which their encryption could be circumvented, there are common algorithms that can be implemented with very little development time (hours) that make it nearly impossible to decrypt a message (such as RSA, you can implement that in an afternoon).
There's nothing theoretically impossible saying we can't just decrypt these messages. We just don't have a method yet. By definition, any message can be decrypted given a sufficient number of attempts. If we can use quantum computing to skip to the right answer (essentially), there may be a way for encryption to be secure against nearly everyone but not absolutely everyone.
I have some contentions with number 1. The government doesn't need, nor is allowed, to open and read my mail. They're not allowed to break into my house and drill open my safe. They've never been able to just do these kinds of things with it warrants, and they've never had trouble staying in control of national security.
But that's the whole point - the government can do all those things, provided that they demonstrate that there is a legitimate government interest to a court and acquire a warrant. Part of the issue here is that there are people who want to make even that functionally impossible.
If you go back some time, during the TorrentSpy case, there was a lot of criticism of the government penalizing them for interfering with the process of discovery, even though discovery rules are considered a legitimate use of government power.
Can you explain what you mean by this?
What I mean is that there's a subset of people who want to make it difficult, if not impossible, for the government to assert authority online, even in situations where they have legitimate reason to do so.
There's a legitimate and important need for governments (such as the US) to conduct electronic surveillance and intercept electronic communications
To protect national interests and security.
To prevent and provide evidence against violations of criminal law
Encryption makes it very difficult for these needs to be met (if those communicating encrypt their data), and decrypting most encryption algorithms is not feasible with conventional means
Even if larger software vendors provided a means by which their encryption could be circumvented, there are common algorithms that can be implemented with very little development time (hours) that make it nearly impossible to decrypt a message (such as RSA, you can implement that in an afternoon).
There's nothing theoretically impossible saying we can't just decrypt these messages. We just don't have a method yet. By definition, any message can be decrypted given a sufficient number of attempts. If we can use quantum computing to skip to the right answer (essentially), there may be a way for encryption to be secure against nearly everyone but not absolutely everyone.
I have some contentions with number 1. The government doesn't need, nor is allowed, to open and read my mail. They're not allowed to break into my house and drill open my safe. They've never been able to just do these kinds of things with it warrants, and they've never had trouble staying in control of national security.
But that's the whole point - the government can do all those things, provided that they demonstrate that there is a legitimate government interest to a court and acquire a warrant. Part of the issue here is that there are people who want to make even that functionally impossible.
If you go back some time, during the TorrentSpy case, there was a lot of criticism of the government penalizing them for interfering with the process of discovery, even though discovery rules are considered a legitimate use of government power.
Torrentspy was being forced to make records it didn't normally make. That's unusual for discovery. Considering RAM as records for discovery is a bit absurd.
And again- demonstrate a warrant capable encryption system that isn't insecure and you might have a point.
Right now there is exactly one option, which is forcing the defendant to give up the keys...which runs into 5th issues.
There's a legitimate and important need for governments (such as the US) to conduct electronic surveillance and intercept electronic communications
To protect national interests and security.
To prevent and provide evidence against violations of criminal law
Encryption makes it very difficult for these needs to be met (if those communicating encrypt their data), and decrypting most encryption algorithms is not feasible with conventional means
Even if larger software vendors provided a means by which their encryption could be circumvented, there are common algorithms that can be implemented with very little development time (hours) that make it nearly impossible to decrypt a message (such as RSA, you can implement that in an afternoon).
There's nothing theoretically impossible saying we can't just decrypt these messages. We just don't have a method yet. By definition, any message can be decrypted given a sufficient number of attempts. If we can use quantum computing to skip to the right answer (essentially), there may be a way for encryption to be secure against nearly everyone but not absolutely everyone.
I have some contentions with number 1. The government doesn't need, nor is allowed, to open and read my mail. They're not allowed to break into my house and drill open my safe. They've never been able to just do these kinds of things with it warrants, and they've never had trouble staying in control of national security.
But that's the whole point - the government can do all those things, provided that they demonstrate that there is a legitimate government interest to a court and acquire a warrant. Part of the issue here is that there are people who want to make even that functionally impossible.
If you go back some time, during the TorrentSpy case, there was a lot of criticism of the government penalizing them for interfering with the process of discovery, even though discovery rules are considered a legitimate use of government power.
Can you explain what you mean by this?
What I mean is that there's a subset of people who want to make it difficult, if not impossible, for the government to assert authority online, even in situations where they have legitimate reason to do so.
There's a legitimate and important need for governments (such as the US) to conduct electronic surveillance and intercept electronic communications
To protect national interests and security.
To prevent and provide evidence against violations of criminal law
Encryption makes it very difficult for these needs to be met (if those communicating encrypt their data), and decrypting most encryption algorithms is not feasible with conventional means
Even if larger software vendors provided a means by which their encryption could be circumvented, there are common algorithms that can be implemented with very little development time (hours) that make it nearly impossible to decrypt a message (such as RSA, you can implement that in an afternoon).
There's nothing theoretically impossible saying we can't just decrypt these messages. We just don't have a method yet. By definition, any message can be decrypted given a sufficient number of attempts. If we can use quantum computing to skip to the right answer (essentially), there may be a way for encryption to be secure against nearly everyone but not absolutely everyone.
I have some contentions with number 1. The government doesn't need, nor is allowed, to open and read my mail. They're not allowed to break into my house and drill open my safe. They've never been able to just do these kinds of things with it warrants, and they've never had trouble staying in control of national security.
But that's the whole point - the government can do all those things, provided that they demonstrate that there is a legitimate government interest to a court and acquire a warrant. Part of the issue here is that there are people who want to make even that functionally impossible.
If you go back some time, during the TorrentSpy case, there was a lot of criticism of the government penalizing them for interfering with the process of discovery, even though discovery rules are considered a legitimate use of government power.
Can you explain what you mean by this?
What I mean is that there's a subset of people who want to make it difficult, if not impossible, for the government to assert authority online, even in situations where they have legitimate reason to do so.
There's a legitimate and important need for governments (such as the US) to conduct electronic surveillance and intercept electronic communications
To protect national interests and security.
To prevent and provide evidence against violations of criminal law
Encryption makes it very difficult for these needs to be met (if those communicating encrypt their data), and decrypting most encryption algorithms is not feasible with conventional means
Even if larger software vendors provided a means by which their encryption could be circumvented, there are common algorithms that can be implemented with very little development time (hours) that make it nearly impossible to decrypt a message (such as RSA, you can implement that in an afternoon).
There's nothing theoretically impossible saying we can't just decrypt these messages. We just don't have a method yet. By definition, any message can be decrypted given a sufficient number of attempts. If we can use quantum computing to skip to the right answer (essentially), there may be a way for encryption to be secure against nearly everyone but not absolutely everyone.
I have some contentions with number 1. The government doesn't need, nor is allowed, to open and read my mail. They're not allowed to break into my house and drill open my safe. They've never been able to just do these kinds of things with it warrants, and they've never had trouble staying in control of national security.
But that's the whole point - the government can do all those things, provided that they demonstrate that there is a legitimate government interest to a court and acquire a warrant. Part of the issue here is that there are people who want to make even that functionally impossible.
If you go back some time, during the TorrentSpy case, there was a lot of criticism of the government penalizing them for interfering with the process of discovery, even though discovery rules are considered a legitimate use of government power.
Torrentspy was being forced to make records it didn't normally make. That's unusual for discovery. Considering RAM as records for discovery is a bit absurd.
And again- demonstrate a warrant capable encryption system that isn't insecure and you might have a point.
Right now there is exactly one option, which is forcing the defendant to give up the keys...which runs into 5th issues.
Except that it was shown that TorrentSpy intentionally disabled recording of those records, and that the sort of logging requested was actually an industry standard. And there are a lot of ephemeral items that can be required to be retained under a discovery order. The RAM argument was a red herring to obfuscate the fact that they willfully ignored a legal retention order and were unable to demonstrate undue hardship in meeting the requirements.
1. The government cannot be trusted with a backdoor in terms of not losing it, as demonstrated by the OPM hacks. We need at least a decade, if not portions of a century from when Chinese intelligence has a list of addresses of where the kids of people who have access to nuclear launch codes sleep at night and when the government can plausibly argue they can be trusted with a skeleton key to all communications.
2. Opening a backdoor is likely to fundamentally break the crypto itself, even without the above. Writing perfect crypto is very, very, very hard, as the most subtle of problems can allow an eavesdropper to listen in. Hell, even perfect crypto is still breakable given the right workaround. The chance of having viable crypto with a backdoor that neither speaker consents to having (but for force of law) and is also secure is basically zero.
3. This ignores the problem of a global world. Sure, maybe Apple can give a backdoor to the US government, but is the EU going to want their trade minister to talk on a phone designed with NSA agents in the room? Or vice versa? Or, can we morally ask for a backdoor that will be legally requisitioned by the Saudi police and then used to execute peaceful bloggers? Encryption is what protects good guys from bad guys too, whether we're talking about criminals, or dangerous states. See also the US assistance of the development of TOR. If we allow implementation of a backdoor, oppressive states will ask for access for it being used by their own citizens, and we morally are responsible for what happens after that.
And, as a note, this is where a lot of the opposition to tools of "legitimate governance" comes in. That's all fine and dandy for generally responsible governments dealing with incontrovertible goods (stopping orphanages from being bombed), but the same information also allows for those governments to do the things they shouldn't be doing, like fighting the absurd drug war, or for other governments to jail or murder dissidents. I'm willing to give up a little privacy to avoid the difficulty of sorting which appendage goes to which body after a preventable bombing, but OTOH, no sacrifice is too small as to be worthwhile to stop some dude from smoking pot on his couch, and that is going to be one of the biggest uses of these tools.
4. And to tie in with the 3rd point, but the most important point: The NSA et al cannot do their jobs without being able to crack actual crypto without a backdoor. Because when the EU says "fuck this, we'll make our own crypto with blackjack and hookers!" then lazy fucks won't be able to waddle down to a rubber stamp judge for approval, and they'll have to do some math. While perfect crypto is very hard, we already have free, open source implementations of crypto without backdoors in it, which can be duplicated from anywhere in the world to anywhere in the world in just seconds, so enemy spies, criminals, terrorists, etc, are going to have access to real crypto, and it is the job of the government to be able to crack real crypto.
We don't want our spy apparatus to look like the cops in Demolition Man, where they ask Phoenix (the bad guy) to come along, and when he does not, they ask him again, and are totally unable to deal with him not fully and completely cooperating, and then he wreaks havoc on the city. It is not the job of bloodthirsty terrorists who want to destroy America, and in a broader senses, everything good and decent in the world, to handicap themselves enough so authorities can easily stop them, it is the job of the authorities to be good enough to stop determined, proficient threats.
Backdoors are bad policy for every and all reasons, and even if you support a strong surveillance apparatus, you still ought to oppose them, because good surveillance comes from cutting edge and difficult work. Clinton's "Manhattan Project" comment is closer to the mark, although the better point would be just talking about ww2 code-breaking, like Engima, Purple, etc. where rather than ask the Axis to talk in plaintext, we cracked their encryption in secret and used it to help win the war.
+18
Options
OrthancDeath Lite, Only 1 CalorieOff the end of the internet, just turn left.Registered User, ClubPAregular
Right now there is exactly one option, which is forcing the defendant to give up the keys...which runs into 5th issues.
Actually a few US court decisions in the past few years have dealt with the 5th amendment issues quite well. In a notable child porn case, the defendant was ordered to give up the encryption key, but it was ruled that knowing the key could not be used as proof of owernship. Just like a court order to hand over the key to a safe, having the key does not prove you are responsible for what's inside. That has to be proven by other means.
So as long as disclosing the key cannot be used to prove ownership then there is no problem with self incrimination.
This is actually an area where the law is starting to catch up quite nicely. There have also been some recent rulings that even if unencrypted, phones cannot be searched without a warrant. The reasoning being that there is fare more information in your phone than would have been generally present in your pocket before. So the protections against warent less search apply.
Of course there will always be people who refuse to give up the key when a warent is issued. This is no different from the people refusing to give up any other court required information (e.g. Refusing to disclose sources that have been ruled not protected by 1st amendment). Refusal to comply with a court order is a crime in and of it's self and people are jailed / fined.
Problem is, all of this applies only to legal cases within a jurisdiction, it does not apply to foreign intellegance gathering which is what this debate is framed as. The NSA has never needed a warent to listen to radio traffic abroad, and they're never going to need one. The leak of the Targeted Operations Catalog showed pretty effectively that if the NSA targets you, they will get your communications. For targeted operations they don't need to break the encryption, they just compromise the end points, install a key logger on your computer and all the encryption in the world won't help you.
These targeted operations are very effective, but they don't scale, the anology is having to wire tap everyone you want to listen in on. The whole encryption backdoor debate is really about preserving a mass survalence capability that intellegance agencies never had, or needed, before the digital age. There's little actual proof that the mass survalence capability actually helps fight terrorism or the other items these agencies are actually tasked with.
The amount of direction shifting in this debate is a pretty clear sign that all is not right. When proponents of back doors are asked why warrants and court orders won't suffice, they say "terrorism". But when asked for the kinds of harms that will actually be prevented, given that terrorists will just use existing algorithms without back doors the answer is "child abduction" or similar crimes where warrants and targeted operations would suffice.
Encryption has been one of the hot topics in politics lately, with Hillary Clinton ... voicing support of adding a "back door" to encrypted systems, so that the government and law enforcement can access encrypted data
It should be noted that Hillary Clinton has explicitly not supported a backdoor as the link says. Rather she hopes for technological solution, even if it requires a large scale "Manhattan Project-like" research project to do so.
The inference being (IMO) quantum computing. Such hardware would be prohibitively expensive for all but large institutions for the medium term at least. And sufficiently developed quantum computing would render most encryption relatively trivial to decrypt. If possible, and it appears to be an engineering issue/challenge rather than a question of the possibility at this point (as I understand it), this would be the middle ground of allowing governments (especially if sufficiently large devices were regulated explicitly) to have the ability to legitimately access messages while retaining the general utility of encryption.
The invention of quantum computing (it's perhaps worth noting that quantum computing is strictly theoretical at this point in time, and some experts in computer engineering have begin to question whether or not it's even possible) isn't the same as the creation of atomic weapons, though, because atomic weapons are always necessarily limited to whomever can access both fissile material and a means to assemble that fissile material into a bomb (...though, even granted these restrictions, admittedly proliferation became a problem rather quickly).
Quantum computers would no doubt become mass market items a few years out from their creation, much like conventional computers. So, after a few years of tender & loving warrantless state surveillance, you're either back to square one, because now people can make sufficiently complex encryption to defeat quantum processing power, or encryption is now a thing of the past and any 4chan user can break into anything they like. So, which is worse for U.S. national security: the government being unable to decrypt some messages that (ostensibly) would allow police / military forces to intervene against TERRORISM!, or 4chan being able to break into / edit / exploit whatever they want, however they want, whenever they want?
Not exactly. Good research is being made in the quantum computing field, with a couple of prototype versions showing actual NAND gates.
The biggest major hurdle at the the moment is the entanglement problem. The more Qbits you need to entangle the more challenging the problem becomes both to generate the entanglement matrix in the first place, and then to maintain the entanglement state after computation has been performed.
This stuff is really hard to do, and right now the best way we know how to do it is with a lot of power and strong magnetic fields in a research lab. If the current paradigm continues and scales to where we want it to be, it seems incredibly unlikely to be available for commercial use anytime soon.
To put an analogy to it - think of the manpower and resources it takes to put a satellite into space, just because NASA became successful at doing it doesn't mean that it becomes cheap and abundant anytime soon. It may well be decades if not half a century before the average person can realisticly buy one.
My two objections is that we don't force accused murderers to bring us to the body under penalty of law, because that is clearly self-incrimination, and the analogy is too close to not draw the some conclusion, despite whatever sophistry the courts are practicing on it.
But beyond that, "Tell us the password or go to jail," has the obvious problem of people not remembering their passwords, or, if the authorities are wrong about the ownership, never knowing them in the first place. Outside of cases where someone is self-declared as obstructionist, there's simply no way to overcome a reasonable doubt standard of "I forgot the password, ergo, I cannot decrypt it." Let those among you who have never used a password recovery option on any website or application in your life throw the first stone here.
My two objections is that we don't force accused murderers to bring us to the body under penalty of law, because that is clearly self-incrimination, and the analogy is too close to not draw the some conclusion, despite whatever sophistry the courts are practicing on it.
But beyond that, "Tell us the password or go to jail," has the obvious problem of people not remembering their passwords, or, if the authorities are wrong about the ownership, never knowing them in the first place. Outside of cases where someone is self-declared as obstructionist, there's simply no way to overcome a reasonable doubt standard of "I forgot the password, ergo, I cannot decrypt it." Let those among you who have never used a password recovery option on any website or application in your life throw the first stone here.
I forgot the password isn't a defense when options exist for password recovery.
My two objections is that we don't force accused murderers to bring us to the body under penalty of law, because that is clearly self-incrimination, and the analogy is too close to not draw the some conclusion, despite whatever sophistry the courts are practicing on it.
But beyond that, "Tell us the password or go to jail," has the obvious problem of people not remembering their passwords, or, if the authorities are wrong about the ownership, never knowing them in the first place. Outside of cases where someone is self-declared as obstructionist, there's simply no way to overcome a reasonable doubt standard of "I forgot the password, ergo, I cannot decrypt it." Let those among you who have never used a password recovery option on any website or application in your life throw the first stone here.
I forgot the password isn't a defense when options exist for password recovery.
What he is saying is that since we have all presumably clicked "i forgot my password" on numerous websites etc throughout the years. It would work as a defense against obstruction charges in cases where the compelled claims to have forgotten a password which is not recoverable.
eg:
Ladies and Gentle men of the jury, I have dozens of emails in my inbox from CustomerSupport@XYZ.com telling me to follow this link to reset my password. Who doesn't forget these things, with all the length and number and symbols and stuff, they are hard to remember. I know I've forgotten dozens of passwords over the years. What makes the defendant having forgotten this one the judge is asking for unreasonable?
My two objections is that we don't force accused murderers to bring us to the body under penalty of law, because that is clearly self-incrimination, and the analogy is too close to not draw the some conclusion, despite whatever sophistry the courts are practicing on it.
But beyond that, "Tell us the password or go to jail," has the obvious problem of people not remembering their passwords, or, if the authorities are wrong about the ownership, never knowing them in the first place. Outside of cases where someone is self-declared as obstructionist, there's simply no way to overcome a reasonable doubt standard of "I forgot the password, ergo, I cannot decrypt it." Let those among you who have never used a password recovery option on any website or application in your life throw the first stone here.
I forgot the password isn't a defense when options exist for password recovery.
I have accounts that I do not remember the name of with passwords I do not remember attached to email addresses that I do not remember and that have been deleted, and the account itself may not exist anymore. There is no reasonable way for me to recover that password. I can't even meaningfully confirm an account exists.
milski on
I ate an engineer
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
This is a problem in the UK - you can be jailed if made to surrender a password that you are for whatever reason unable to.
My two objections is that we don't force accused murderers to bring us to the body under penalty of law, because that is clearly self-incrimination, and the analogy is too close to not draw the some conclusion, despite whatever sophistry the courts are practicing on it.
But beyond that, "Tell us the password or go to jail," has the obvious problem of people not remembering their passwords, or, if the authorities are wrong about the ownership, never knowing them in the first place. Outside of cases where someone is self-declared as obstructionist, there's simply no way to overcome a reasonable doubt standard of "I forgot the password, ergo, I cannot decrypt it." Let those among you who have never used a password recovery option on any website or application in your life throw the first stone here.
I forgot the password isn't a defense when options exist for password recovery.
What he is saying is that since we have all presumably clicked "i forgot my password" on numerous websites etc throughout the years. It would work as a defense against obstruction charges in cases where the compelled claims to have forgotten a password which is not recoverable.
eg:
Ladies and Gentle men of the jury, I have dozens of emails in my inbox from CustomerSupport@XYZ.com telling me to follow this link to reset my password. Who doesn't forget these things, with all the length and number and symbols and stuff, they are hard to remember. I know I've forgotten dozens of passwords over the years. What makes the defendant having forgotten this one the judge is asking for unreasonable?
If access to the account is that important to a case, wouldn't they issue a warrant to the account supporter (e.g. Google)?
Compelling me to turn in evidence in on myself is clearly against the 5th amendment. It is no different than if I had been ordered by the court to turn over my hidden journals on my illegal activities (e.g. accounting books, diary, etc).
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
My two objections is that we don't force accused murderers to bring us to the body under penalty of law, because that is clearly self-incrimination, and the analogy is too close to not draw the some conclusion, despite whatever sophistry the courts are practicing on it.
But beyond that, "Tell us the password or go to jail," has the obvious problem of people not remembering their passwords, or, if the authorities are wrong about the ownership, never knowing them in the first place. Outside of cases where someone is self-declared as obstructionist, there's simply no way to overcome a reasonable doubt standard of "I forgot the password, ergo, I cannot decrypt it." Let those among you who have never used a password recovery option on any website or application in your life throw the first stone here.
I forgot the password isn't a defense when options exist for password recovery.
What he is saying is that since we have all presumably clicked "i forgot my password" on numerous websites etc throughout the years. It would work as a defense against obstruction charges in cases where the compelled claims to have forgotten a password which is not recoverable.
eg:
Ladies and Gentle men of the jury, I have dozens of emails in my inbox from CustomerSupport@XYZ.com telling me to follow this link to reset my password. Who doesn't forget these things, with all the length and number and symbols and stuff, they are hard to remember. I know I've forgotten dozens of passwords over the years. What makes the defendant having forgotten this one the judge is asking for unreasonable?
If access to the account is that important to a case, wouldn't they issue a warrant to the account supporter (e.g. Google)?
Compelling me to turn in evidence in on myself is clearly against the 5th amendment. It is no different than if I had been ordered by the court to turn over my hidden journals on my illegal activities (e.g. accounting books, diary, etc).
Interesting subject. Would it be relevantly different if the encrypted data was the crime itself (child porn) as opposed to evidence about a crime (journals)?
No. Because when you say "the crime itself" what you mean is that the evidence is also intrinsic to the illegal act, while other evidence is of a crime (for example, a journal describing how the pictures were created). The point of a court trial in this case is to determine the innocence or guilt of a party based on evidence.
Is there a technical term for the kind of encryption you'd need to make to implement a backdoor.
I'm just trying to google around and see if there have even been any theoretical ones proposed and have been hitting a wall.
I don't have any great depth of experience in crypto, but outside of the practical issues ie 'well the bad guys will just use all unbreakable and publicly available stuff now' or 'well the bad guys aren't really using cryptography anyways so why bother', is what they are asking for even theoretically possible? Encryption with >2 keys?
I mean I suppose you could just make the program append the key used to the front of the file encrypted with a set RSA key the NSA has the paired one to or something trogish like that, but you can't really have a super secret decrypt everything code known by a small handful of people and get much utility out of it. And really, even if you could get rid of all the other crypto program in the world and make everyone use the NSA Says This is Good Enough Privacy For You exclusively, stripping out the part of the program that implements the 'backdoor' wouldn't be hard than say cracking the activation for various software which people do constantly.
Is there a technical term for the kind of encryption you'd need to make to implement a backdoor.
I'm just trying to google around and see if there have even been any theoretical ones proposed and have been hitting a wall.
I don't have any great depth of experience in crypto, but outside of the practical issues ie 'well the bad guys will just use all unbreakable and publicly available stuff now' or 'well the bad guys aren't really using cryptography anyways so why bother', is what they are asking for even theoretically possible? Encryption with >2 keys?
I mean I suppose you could just make the program append the key used to the front of the file encrypted with a set RSA key the NSA has the paired one to or something trogish like that, but you can't really have a super secret decrypt everything code known by a small handful of people and get much utility out of it. And really, even if you could get rid of all the other crypto program in the world and make everyone use the NSA Says This is Good Enough Privacy For You exclusively, stripping out the part of the program that implements the 'backdoor' wouldn't be hard than say cracking the activation for various software which people do constantly.
The appended-separately-encrypted-key idea of yours is called "Key Escrow" and has been done before.
The long and the short of it is this: It is impossible to make an encryption system that uses two keys that is as secure as an equivalent system that uses only one key. Simply having two keys means it's easier to search the keyspace for a working key.
All the actual information on backdoors that I've seen has revolved around inserting secret (but known by the government) weaknesses into encryption libraries, which is such a bad idea I don't actually know where to start talking about why it's so bad.
This is a problem in the UK - you can be jailed if made to surrender a password that you are for whatever reason unable to.
In theory (and IANAL so), you cannot be held in contempt in the US if you are unable to comply (e.g. can't recall the password).
As a practical matter, there is an issue of allowing for forgetting passwords without criminals just being able to say that all the time and walk. As noted above, most sites have password recovery functions, so for things like normal email hosts a court order to open the account should suffice. If it's an encrypted file or something... then I don't think there's a good answer - you have to sacrifice something. My stand is that you accept criminals being able to lie about forgetting it as the cost of justice (from the "better to let ten guilty men go free than punish a single innocent" line of thought), and try to prove that they're lying about it. I fear that the inherent temptations of the criminal justice system to just side with the prosecution (because the other side is a criminal and who cares, no matter innocent until proven guilty, right to a fair trial, etc.) will win out though.
But the same documents or whatever could be stuck in a safe buried in their mother in law's senile sister's backyard and the criminals "don't remember" where they are. That doesn't mean they can just storm every neighborhood and dig up everyone's yards in a 10 mile radius without a good reason to do so.
Is there a technical term for the kind of encryption you'd need to make to implement a backdoor.
I'm just trying to google around and see if there have even been any theoretical ones proposed and have been hitting a wall.
I don't have any great depth of experience in crypto, but outside of the practical issues ie 'well the bad guys will just use all unbreakable and publicly available stuff now' or 'well the bad guys aren't really using cryptography anyways so why bother', is what they are asking for even theoretically possible? Encryption with >2 keys?
I mean I suppose you could just make the program append the key used to the front of the file encrypted with a set RSA key the NSA has the paired one to or something trogish like that, but you can't really have a super secret decrypt everything code known by a small handful of people and get much utility out of it. And really, even if you could get rid of all the other crypto program in the world and make everyone use the NSA Says This is Good Enough Privacy For You exclusively, stripping out the part of the program that implements the 'backdoor' wouldn't be hard than say cracking the activation for various software which people do constantly.
In addition to "key escrow", you can search for " Clipper Chip " to hear about the last time they tried this bullshit.
0
Options
OrthancDeath Lite, Only 1 CalorieOff the end of the internet, just turn left.Registered User, ClubPAregular
Is there a technical term for the kind of encryption you'd need to make to implement a backdoor.
I'm just trying to google around and see if there have even been any theoretical ones proposed and have been hitting a wall.
I don't have any great depth of experience in crypto, but outside of the practical issues ie 'well the bad guys will just use all unbreakable and publicly available stuff now' or 'well the bad guys aren't really using cryptography anyways so why bother', is what they are asking for even theoretically possible? Encryption with >2 keys?
I mean I suppose you could just make the program append the key used to the front of the file encrypted with a set RSA key the NSA has the paired one to or something trogish like that, but you can't really have a super secret decrypt everything code known by a small handful of people and get much utility out of it. And really, even if you could get rid of all the other crypto program in the world and make everyone use the NSA Says This is Good Enough Privacy For You exclusively, stripping out the part of the program that implements the 'backdoor' wouldn't be hard than say cracking the activation for various software which people do constantly.
In addition to "key escrow", you can search for " Clipper Chip " to hear about the last time they tried this bullshit.
I posted these earlier, but the following are good accessible explanations of how back doors can be inserted & the examples of how this has played out in the past
Is there a technical term for the kind of encryption you'd need to make to implement a backdoor.
I'm just trying to google around and see if there have even been any theoretical ones proposed and have been hitting a wall.
I don't have any great depth of experience in crypto, but outside of the practical issues ie 'well the bad guys will just use all unbreakable and publicly available stuff now' or 'well the bad guys aren't really using cryptography anyways so why bother', is what they are asking for even theoretically possible? Encryption with >2 keys?
I mean I suppose you could just make the program append the key used to the front of the file encrypted with a set RSA key the NSA has the paired one to or something trogish like that, but you can't really have a super secret decrypt everything code known by a small handful of people and get much utility out of it. And really, even if you could get rid of all the other crypto program in the world and make everyone use the NSA Says This is Good Enough Privacy For You exclusively, stripping out the part of the program that implements the 'backdoor' wouldn't be hard than say cracking the activation for various software which people do constantly.
In addition to "key escrow", you can search for " Clipper Chip " to hear about the last time they tried this bullshit.
I posted these earlier, but the following are good accessible explanations of how back doors can be inserted & the examples of how this has played out in the past
Awesome. Thank you. I had forgotten how weird reading crypto stuff is because there's always the background subtext of "but this could all be wrong because maybe the NSA has some secret super maths that no one outside the NSA has discovered yet"
So, another problem: how the fuck is this legally going to work?
The media likes to bloviate about "tech companies" or whatever, but the fact of the matter is that you don't need a San Francisco office and venture capital to write some crypto software. Implementing a block cipher is the kind of thing you assign to an undergraduate as a homework assignment. Any asshole can do it. Public-key crypto is harder to get right, but still.
So, you criminalize the sale of any crypto software that doesn't include the US government backdoor. Great. Is it illegal for me to write this software and give it away for free? Is it illegal for me to write this software and use it myself? Is it illegal for me to write this software and distribute the source code? What's the difference, anyway, if it's in some interpreted language? Can I write a textbook about how to write crypto software? Can that book include code samples? This is all fucked.
Right now there is exactly one option, which is forcing the defendant to give up the keys...which runs into 5th issues.
Actually a few US court decisions in the past few years have dealt with the 5th amendment issues quite well. In a notable child porn case, the defendant was ordered to give up the encryption key, but it was ruled that knowing the key could not be used as proof of owernship. Just like a court order to hand over the key to a safe, having the key does not prove you are responsible for what's inside. That has to be proven by other means.
So as long as disclosing the key cannot be used to prove ownership then there is no problem with self incrimination.
This is actually an area where the law is starting to catch up quite nicely. There have also been some recent rulings that even if unencrypted, phones cannot be searched without a warrant. The reasoning being that there is fare more information in your phone than would have been generally present in your pocket before. So the protections against warent less search apply.
Of course there will always be people who refuse to give up the key when a warent is issued. This is no different from the people refusing to give up any other court required information (e.g. Refusing to disclose sources that have been ruled not protected by 1st amendment). Refusal to comply with a court order is a crime in and of it's self and people are jailed / fined.
Problem is, all of this applies only to legal cases within a jurisdiction, it does not apply to foreign intellegance gathering which is what this debate is framed as. The NSA has never needed a warent to listen to radio traffic abroad, and they're never going to need one. The leak of the Targeted Operations Catalog showed pretty effectively that if the NSA targets you, they will get your communications. For targeted operations they don't need to break the encryption, they just compromise the end points, install a key logger on your computer and all the encryption in the world won't help you.
These targeted operations are very effective, but they don't scale, the anology is having to wire tap everyone you want to listen in on. The whole encryption backdoor debate is really about preserving a mass survalence capability that intellegance agencies never had, or needed, before the digital age. There's little actual proof that the mass survalence capability actually helps fight terrorism or the other items these agencies are actually tasked with.
The amount of direction shifting in this debate is a pretty clear sign that all is not right. When proponents of back doors are asked why warrants and court orders won't suffice, they say "terrorism". But when asked for the kinds of harms that will actually be prevented, given that terrorists will just use existing algorithms without back doors the answer is "child abduction" or similar crimes where warrants and targeted operations would suffice.
The actual answer here would be "But they probably won't".
I mean, you can talk about the technical details of cryptography till the cows come home and none of it has ever or will ever change the fact that the human element is always the weakest link.
I mean, hell, the recent Paris attack was apparently organized using no encryption at all.
The idea that "terrorists will totally switch to unbreakable encryption" seems not terribly well supported.
shryke on
0
Options
OrthancDeath Lite, Only 1 CalorieOff the end of the internet, just turn left.Registered User, ClubPAregular
So, another problem: how the fuck is this legally going to work?
The media likes to bloviate about "tech companies" or whatever, but the fact of the matter is that you don't need a San Francisco office and venture capital to write some crypto software. Implementing a block cipher is the kind of thing you assign to an undergraduate as a homework assignment. Any asshole can do it. Public-key crypto is harder to get right, but still.
So, you criminalize the sale of any crypto software that doesn't include the US government backdoor. Great. Is it illegal for me to write this software and give it away for free? Is it illegal for me to write this software and use it myself? Is it illegal for me to write this software and distribute the source code? What's the difference, anyway, if it's in some interpreted language? Can I write a textbook about how to write crypto software? Can that book include code samples? This is all fucked.
Well the way this panned out last time is that the restriction was on export. So it wasn't about sale or writing, just moving code across borders. Which was hilariously circumvented by the PGP source code book, you know, cause that's a book so could be exported, but as source it couldn't be.
This time around I doubt it would be export (since the target is as much domestic as foreign), but the constant would likely would likely still be around distribution, meaning it can be enforced against anyone regardless of whether they're charging or giving away for free.
As hinted, this is not practical to enforce this across the board, but the trick is that it doesn't matter. The major players such as Google and Apple have to comply, they're too visible and will be threatened with legal action if they hold out.
If there are a few niech producers that fly under the radar, that doesn't make a substantial difference to the kind of mass surveillance that universal encryption prevents. It doesn't matter if a few crypto nerds have unbreakable crypto, it matters that it's easily available to the masses. If I can't say to my non-tech family "just use iMessage" then crypto is going to be too hard,
So the major players will be made to comply, any app gets popular and it will be hit with sanctions if it's not complying. The rest make no substantial difference to our overall security. It's like immunisations, you need the bulk to be using good crypto, not the 5%.
With my own personally bias, a big problem is the effect of US policy on other countries that have no direct ability to influence it. Have a read of this story of trying to work out what was legal to export from NZ when the US crypto export restrictions were in effect (disclaimer: I work for the company involved, though didn't at the time of these events).
I can see those kinds of shenanigans happening again. I write software that deals with medical records for a living. That has to have strong encryption because of privacy concerns. We'd most likely have to have a US version and a non-US version, which is painful but workable. Problem is we'd start to hit issues with NZ policy aligning to US policy (we're part of 5 eyes), but with a lack of clarity that means we'd never quite be sure if we were legal when shipping the non-US version,
+2
Options
OrthancDeath Lite, Only 1 CalorieOff the end of the internet, just turn left.Registered User, ClubPAregular
Awesome. Thank you. I had forgotten how weird reading crypto stuff is because there's always the background subtext of "but this could all be wrong because maybe the NSA has some secret super maths that no one outside the NSA has discovered yet"
Disturbingly there is precedent for "the NSA has super secret math". The NSA developed differential cryptanalysis long before it was known in the outside world, and even meddled with the DES spec so it was not vunerable.
But most of the time it's implementation bugs the NSA finds and exploits ahead of the rest of us (Weak DH being my favourite example of the moment)
I'm going to stop dropping links to Cyptography Engineering now, but there is a lot of other great examples in the archives if you geek out on this stuff. One of my favourites is this bit of guesswork about what project BULLRUN (NSA breaking of SSL that was leaked in Snowden docs) actually is: http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html
I'm not sure I want to look up "A history of backdoors" on my work computer...
Meh, I read some really morbid Insider Threat training every year on government computers.
The best parts are the stories of systems administrators going insane and attempting damage only to be caught.
The thing I miss the most about having a clearance is that ridiculous counter-terror training (aka "the world's worst business trip") they made us do every year.
So, another problem: how the fuck is this legally going to work?
The media likes to bloviate about "tech companies" or whatever, but the fact of the matter is that you don't need a San Francisco office and venture capital to write some crypto software. Implementing a block cipher is the kind of thing you assign to an undergraduate as a homework assignment. Any asshole can do it. Public-key crypto is harder to get right, but still.
So, you criminalize the sale of any crypto software that doesn't include the US government backdoor. Great. Is it illegal for me to write this software and give it away for free? Is it illegal for me to write this software and use it myself? Is it illegal for me to write this software and distribute the source code? What's the difference, anyway, if it's in some interpreted language? Can I write a textbook about how to write crypto software? Can that book include code samples? This is all fucked.
Well the way this panned out last time is that the restriction was on export. So it wasn't about sale or writing, just moving code across borders. Which was hilariously circumvented by the PGP source code book, you know, cause that's a book so could be exported, but as source it couldn't be.
This time around I doubt it would be export (since the target is as much domestic as foreign), but the constant would likely would likely still be around distribution, meaning it can be enforced against anyone regardless of whether they're charging or giving away for free.
As hinted, this is not practical to enforce this across the board, but the trick is that it doesn't matter. The major players such as Google and Apple have to comply, they're too visible and will be threatened with legal action if they hold out.
If there are a few niech producers that fly under the radar, that doesn't make a substantial difference to the kind of mass surveillance that universal encryption prevents. It doesn't matter if a few crypto nerds have unbreakable crypto, it matters that it's easily available to the masses. If I can't say to my non-tech family "just use iMessage" then crypto is going to be too hard,
So the major players will be made to comply, any app gets popular and it will be hit with sanctions if it's not complying. The rest make no substantial difference to our overall security. It's like immunisations, you need the bulk to be using good crypto, not the 5%.
With my own personally bias, a big problem is the effect of US policy on other countries that have no direct ability to influence it. Have a read of this story of trying to work out what was legal to export from NZ when the US crypto export restrictions were in effect (disclaimer: I work for the company involved, though didn't at the time of these events).
I can see those kinds of shenanigans happening again. I write software that deals with medical records for a living. That has to have strong encryption because of privacy concerns. We'd most likely have to have a US version and a non-US version, which is painful but workable. Problem is we'd start to hit issues with NZ policy aligning to US policy (we're part of 5 eyes), but with a lack of clarity that means we'd never quite be sure if we were legal when shipping the non-US version,
It is probably worth noting, "few niche companies" will probably include every single Linux distribution not specifically designed for US consumption, so it will be very easy to obtain technically illegal strong encryption.
However, that will be pretty meaningless, as your bank and email provider will be using some form of broken ass encryption that eventual any hacker will be able to read(here's hoping your phone will be up to date with not yet broken government public keys....).
They moistly come out at night, moistly.
0
Options
OrthancDeath Lite, Only 1 CalorieOff the end of the internet, just turn left.Registered User, ClubPAregular
So, another problem: how the fuck is this legally going to work?
The media likes to bloviate about "tech companies" or whatever, but the fact of the matter is that you don't need a San Francisco office and venture capital to write some crypto software. Implementing a block cipher is the kind of thing you assign to an undergraduate as a homework assignment. Any asshole can do it. Public-key crypto is harder to get right, but still.
So, you criminalize the sale of any crypto software that doesn't include the US government backdoor. Great. Is it illegal for me to write this software and give it away for free? Is it illegal for me to write this software and use it myself? Is it illegal for me to write this software and distribute the source code? What's the difference, anyway, if it's in some interpreted language? Can I write a textbook about how to write crypto software? Can that book include code samples? This is all fucked.
Well the way this panned out last time is that the restriction was on export. So it wasn't about sale or writing, just moving code across borders. Which was hilariously circumvented by the PGP source code book, you know, cause that's a book so could be exported, but as source it couldn't be.
This time around I doubt it would be export (since the target is as much domestic as foreign), but the constant would likely would likely still be around distribution, meaning it can be enforced against anyone regardless of whether they're charging or giving away for free.
As hinted, this is not practical to enforce this across the board, but the trick is that it doesn't matter. The major players such as Google and Apple have to comply, they're too visible and will be threatened with legal action if they hold out.
If there are a few niech producers that fly under the radar, that doesn't make a substantial difference to the kind of mass surveillance that universal encryption prevents. It doesn't matter if a few crypto nerds have unbreakable crypto, it matters that it's easily available to the masses. If I can't say to my non-tech family "just use iMessage" then crypto is going to be too hard,
So the major players will be made to comply, any app gets popular and it will be hit with sanctions if it's not complying. The rest make no substantial difference to our overall security. It's like immunisations, you need the bulk to be using good crypto, not the 5%.
With my own personally bias, a big problem is the effect of US policy on other countries that have no direct ability to influence it. Have a read of this story of trying to work out what was legal to export from NZ when the US crypto export restrictions were in effect (disclaimer: I work for the company involved, though didn't at the time of these events).
I can see those kinds of shenanigans happening again. I write software that deals with medical records for a living. That has to have strong encryption because of privacy concerns. We'd most likely have to have a US version and a non-US version, which is painful but workable. Problem is we'd start to hit issues with NZ policy aligning to US policy (we're part of 5 eyes), but with a lack of clarity that means we'd never quite be sure if we were legal when shipping the non-US version,
It is probably worth noting, "few niche companies" will probably include every single Linux distribution not specifically designed for US consumption, so it will be very easy to obtain technically illegal strong encryption.
However, that will be pretty meaningless, as your bank and email provider will be using some form of broken ass encryption that eventual any hacker will be able to read(here's hoping your phone will be up to date with not yet broken government public keys....).
Yes, strong encryption will be easy to obtain, this post has a hilarious list of what would be required to stop that. But easy to obtain and universally used are different things. It's pretty well established that you cannot rely on consumers to take steps for security. Systems have to be secure by default of the majority of people will be vunerable. To take just a few examples:
Both iOS and Android have supported device encryption for a long time, but until it was on by default most people did not secure their phones
Many Many examples of default password being used for WiFi, Secuity Cameras and other connected devices, only solved when passwords are random out of the box.
Encrypted email has been available for a long time, how many people use it? I know I don't and I really should know better.
As mentioned earlier in this thread, even terrorists don't necessarily use encrypted communication when planning attacks.
It's well established that users do not make good decisions about security, and that it's not their fault (pdf). So while the easy avalibility of secure encryption might help you, me, the child porn traders and terrorists, it's not going to make any substantial difference to mass use of encryption.
And remember that the intelligence agencies are not really concerned with encryption applied on the server. They already have plenty of options for bypassing that, warents, national security letters and their equivalents; just ask LavaBit. The reason backdoored are being pushed is a fear of end to end encryption, which is only going to work on mass if communication products are well secured out of the box, without people needing to think about it.
Now, if these proposals were actually targeted at terrorism, then the easy avalibility of strong encryption would make a difference, in that it would make mandated back doors useless. After all, leave aside Linux, I'm pretty sure Mujahedeen Secrets won't be updated to include US mandated back doors any time soon.
But they're not targeted at terrorism. The kind of mass surveillance enabled by back doors Can't, Won't, And Never Has Stopped A Terrorist. In that context, just having encryption off by default, or slightly harder means that mass surveillance will continue because the extra steps required are too hard for most users.
Clinton's Manhattan project statement either shows she does not understand encryption particularly well or understands but thinks the details would be too wonkish for her base to understand in the space of a debate question. It does show she has advisors saying that a government backdoor is not a good idea.
If the Clinton administration wants to invent quantum computers or prove p = np, well, those have the same problem as encryption: math is neutral. It'd be a paradigm shift but one I'd rather the US be ahead on. Though those are huge assumptions on what is actually possible to do in the nearish term.
Quantum computers require a lot of infrastructure. Terrorists theoretically could have aircraft carriers too, but they don't. Countries can develop nuclear weapons but doing so requires conspicuous work that can be identified. While that wouldn't stop some countries, the barriers to entry (if you will) are huge and look to be for the foreseeable future. And even more would be needed to initially develop the necessary devices. Thus Manhattan Project.
There's nothing inherently secure about encryption. It simply relies on being very expensive computationally. Quantum computing changes that fundamentally. And I think it would require a great deal of naivette to think the NSA isn't working on that with substantial intensity. The first modern computers were invented and hidden for decades to decrypt enemy communications during WW II. As SoS Clinton would have been privy to similar quantum computing projects.
And Clinton has explicitly said she is not for a backdoor in encryption, citing the concerns voiced by the tech industry.
There's a legitimate and important need for governments (such as the US) to conduct electronic surveillance and intercept electronic communications
To protect national interests and security.
To prevent and provide evidence against violations of criminal law
Encryption makes it very difficult for these needs to be met (if those communicating encrypt their data), and decrypting most encryption algorithms is not feasible with conventional means
Even if larger software vendors provided a means by which their encryption could be circumvented, there are common algorithms that can be implemented with very little development time (hours) that make it nearly impossible to decrypt a message (such as RSA, you can implement that in an afternoon).
There's nothing theoretically impossible saying we can't just decrypt these messages. We just don't have a method yet. By definition, any message can be decrypted given a sufficient number of attempts. If we can use quantum computing to skip to the right answer (essentially), there may be a way for encryption to be secure against nearly everyone but not absolutely everyone.
I have some contentions with number 1. The government doesn't need, nor is allowed, to open and read my mail. They're not allowed to break into my house and drill open my safe. They've never been able to just do these kinds of things with it warrants, and they've never had trouble staying in control of national security.
But that's the whole point - the government can do all those things, provided that they demonstrate that there is a legitimate government interest to a court and acquire a warrant. Part of the issue here is that there are people who want to make even that functionally impossible.
If you go back some time, during the TorrentSpy case, there was a lot of criticism of the government penalizing them for interfering with the process of discovery, even though discovery rules are considered a legitimate use of government power.
It's been possible to communicate in ways beyond the reach of warrants since forever though. Cryptography isn't new. It's certainly easier, but it's not new. In-person meetings, documents destroyed after delivery... this is all centuries-old.
In what way are those beyond the reach of warrants? In person meetings can be overheard, including electronically. Documents can be intercepted and read - that would be directly analogous.
Clinton's Manhattan project statement either shows she does not understand encryption particularly well or understands but thinks the details would be too wonkish for her base to understand in the space of a debate question. It does show she has advisors saying that a government backdoor is not a good idea.
If the Clinton administration wants to invent quantum computers or prove p = np, well, those have the same problem as encryption: math is neutral. It'd be a paradigm shift but one I'd rather the US be ahead on. Though those are huge assumptions on what is actually possible to do in the nearish term.
Quantum computers require a lot of infrastructure. Terrorists theoretically could have aircraft carriers too, but they don't. Countries can develop nuclear weapons but doing so requires conspicuous work that can be identified. While that wouldn't stop some countries, the barriers to entry (if you will) are huge and look to be for the foreseeable future. And even more would be needed to initially develop the necessary devices. Thus Manhattan Project.
There's nothing inherently secure about encryption. It simply relies on being very expensive computationally. Quantum computing changes that fundamentally. And I think it would require a great deal of naivette to think the NSA isn't working on that with substantial intensity. The first modern computers were invented and hidden for decades to decrypt enemy communications during WW II. As SoS Clinton would have been privy to similar quantum computing projects.
And Clinton has explicitly said she is not for a backdoor in encryption, citing the concerns voiced by the tech industry.
Quantum computers are frequently held up as some sort of magic-encryption-breaking-machines, but reality is a bit more involved. There is an algorithm, Shor's Algorithm, which reduces some problems (integer factorization, discrete logarithm) to polynomial time on a quantum computer with a sufficient number of qubits. These problems are problems that current public key cryptosystems rely on, but they aren't the only problems suitable for such; see the Wikipedia article on post-quantum cryptography.
A much more important point, however, is the simple fact that quantum computers do not (as far as anyone knows) offer any advantage on breaking symmetric-key encryption; and, indeed, this is the order of the day: the big headline-making stuff is basically about how phones/tablets offer symmetric-key-encrypted contents which can't be broken into by the companies that make the phones (or their OSes).
Clinton's Manhattan project statement either shows she does not understand encryption particularly well or understands but thinks the details would be too wonkish for her base to understand in the space of a debate question. It does show she has advisors saying that a government backdoor is not a good idea.
If the Clinton administration wants to invent quantum computers or prove p = np, well, those have the same problem as encryption: math is neutral. It'd be a paradigm shift but one I'd rather the US be ahead on. Though those are huge assumptions on what is actually possible to do in the nearish term.
Quantum computers require a lot of infrastructure. Terrorists theoretically could have aircraft carriers too, but they don't. Countries can develop nuclear weapons but doing so requires conspicuous work that can be identified. While that wouldn't stop some countries, the barriers to entry (if you will) are huge and look to be for the foreseeable future. And even more would be needed to initially develop the necessary devices. Thus Manhattan Project.
There's nothing inherently secure about encryption. It simply relies on being very expensive computationally. Quantum computing changes that fundamentally. And I think it would require a great deal of naivette to think the NSA isn't working on that with substantial intensity. The first modern computers were invented and hidden for decades to decrypt enemy communications during WW II. As SoS Clinton would have been privy to similar quantum computing projects.
And Clinton has explicitly said she is not for a backdoor in encryption, citing the concerns voiced by the tech industry.
I think it's worth keeping in mind that travelling to the moon can be considered to have been the second "Manhattan Project" that the US engaged in. In that we made a large investment to develop new technologies to achieve specific goals, and many of these technologies were purposefully trickled down for public use.
I mean, from the original Manhattan Project, we developed tools from better approaches to quantitative measuring and analysis to smoke alarms. The Space Race gave us much of our modern technology. Each time we've engaged in this heavy research, we've advanced not just the US, but the world, by leaps and bounds.
Posts
Can you explain what you mean by this?
Sure - but Mrs. Clinton was talking about a Manhatten Project style intense research effort to bring about quantum computing (or some equivalent; she doesn't really specify), which is well beyond just funding schools & keeping the tech sector healthy, and she cites the current paradigm of, 'let's all be afraid of TERRORISM!' as a legitimate catalyst for such an undertaking.
I think we ought to remember that the Manhatten Project led to a stretch of years where everyone was just wondering when civilization was going to be annihilated over petty cultural differences & therefore question the wisdom of taking a crowbar over to Pandora's Box every time we decide that an existential threat to life, liberty and decadence has arisen.
What I mean is that there's a subset of people who want to make it difficult, if not impossible, for the government to assert authority online, even in situations where they have legitimate reason to do so.
Torrentspy was being forced to make records it didn't normally make. That's unusual for discovery. Considering RAM as records for discovery is a bit absurd.
And again- demonstrate a warrant capable encryption system that isn't insecure and you might have a point.
Right now there is exactly one option, which is forcing the defendant to give up the keys...which runs into 5th issues.
Which government?
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
...Ergo we take away security from everybody?
Except that it was shown that TorrentSpy intentionally disabled recording of those records, and that the sort of logging requested was actually an industry standard. And there are a lot of ephemeral items that can be required to be retained under a discovery order. The RAM argument was a red herring to obfuscate the fact that they willfully ignored a legal retention order and were unable to demonstrate undue hardship in meeting the requirements.
1. The government cannot be trusted with a backdoor in terms of not losing it, as demonstrated by the OPM hacks. We need at least a decade, if not portions of a century from when Chinese intelligence has a list of addresses of where the kids of people who have access to nuclear launch codes sleep at night and when the government can plausibly argue they can be trusted with a skeleton key to all communications.
2. Opening a backdoor is likely to fundamentally break the crypto itself, even without the above. Writing perfect crypto is very, very, very hard, as the most subtle of problems can allow an eavesdropper to listen in. Hell, even perfect crypto is still breakable given the right workaround. The chance of having viable crypto with a backdoor that neither speaker consents to having (but for force of law) and is also secure is basically zero.
3. This ignores the problem of a global world. Sure, maybe Apple can give a backdoor to the US government, but is the EU going to want their trade minister to talk on a phone designed with NSA agents in the room? Or vice versa? Or, can we morally ask for a backdoor that will be legally requisitioned by the Saudi police and then used to execute peaceful bloggers? Encryption is what protects good guys from bad guys too, whether we're talking about criminals, or dangerous states. See also the US assistance of the development of TOR. If we allow implementation of a backdoor, oppressive states will ask for access for it being used by their own citizens, and we morally are responsible for what happens after that.
And, as a note, this is where a lot of the opposition to tools of "legitimate governance" comes in. That's all fine and dandy for generally responsible governments dealing with incontrovertible goods (stopping orphanages from being bombed), but the same information also allows for those governments to do the things they shouldn't be doing, like fighting the absurd drug war, or for other governments to jail or murder dissidents. I'm willing to give up a little privacy to avoid the difficulty of sorting which appendage goes to which body after a preventable bombing, but OTOH, no sacrifice is too small as to be worthwhile to stop some dude from smoking pot on his couch, and that is going to be one of the biggest uses of these tools.
4. And to tie in with the 3rd point, but the most important point: The NSA et al cannot do their jobs without being able to crack actual crypto without a backdoor. Because when the EU says "fuck this, we'll make our own crypto with blackjack and hookers!" then lazy fucks won't be able to waddle down to a rubber stamp judge for approval, and they'll have to do some math. While perfect crypto is very hard, we already have free, open source implementations of crypto without backdoors in it, which can be duplicated from anywhere in the world to anywhere in the world in just seconds, so enemy spies, criminals, terrorists, etc, are going to have access to real crypto, and it is the job of the government to be able to crack real crypto.
We don't want our spy apparatus to look like the cops in Demolition Man, where they ask Phoenix (the bad guy) to come along, and when he does not, they ask him again, and are totally unable to deal with him not fully and completely cooperating, and then he wreaks havoc on the city. It is not the job of bloodthirsty terrorists who want to destroy America, and in a broader senses, everything good and decent in the world, to handicap themselves enough so authorities can easily stop them, it is the job of the authorities to be good enough to stop determined, proficient threats.
Backdoors are bad policy for every and all reasons, and even if you support a strong surveillance apparatus, you still ought to oppose them, because good surveillance comes from cutting edge and difficult work. Clinton's "Manhattan Project" comment is closer to the mark, although the better point would be just talking about ww2 code-breaking, like Engima, Purple, etc. where rather than ask the Axis to talk in plaintext, we cracked their encryption in secret and used it to help win the war.
Actually a few US court decisions in the past few years have dealt with the 5th amendment issues quite well. In a notable child porn case, the defendant was ordered to give up the encryption key, but it was ruled that knowing the key could not be used as proof of owernship. Just like a court order to hand over the key to a safe, having the key does not prove you are responsible for what's inside. That has to be proven by other means.
So as long as disclosing the key cannot be used to prove ownership then there is no problem with self incrimination.
This is actually an area where the law is starting to catch up quite nicely. There have also been some recent rulings that even if unencrypted, phones cannot be searched without a warrant. The reasoning being that there is fare more information in your phone than would have been generally present in your pocket before. So the protections against warent less search apply.
Of course there will always be people who refuse to give up the key when a warent is issued. This is no different from the people refusing to give up any other court required information (e.g. Refusing to disclose sources that have been ruled not protected by 1st amendment). Refusal to comply with a court order is a crime in and of it's self and people are jailed / fined.
Problem is, all of this applies only to legal cases within a jurisdiction, it does not apply to foreign intellegance gathering which is what this debate is framed as. The NSA has never needed a warent to listen to radio traffic abroad, and they're never going to need one. The leak of the Targeted Operations Catalog showed pretty effectively that if the NSA targets you, they will get your communications. For targeted operations they don't need to break the encryption, they just compromise the end points, install a key logger on your computer and all the encryption in the world won't help you.
These targeted operations are very effective, but they don't scale, the anology is having to wire tap everyone you want to listen in on. The whole encryption backdoor debate is really about preserving a mass survalence capability that intellegance agencies never had, or needed, before the digital age. There's little actual proof that the mass survalence capability actually helps fight terrorism or the other items these agencies are actually tasked with.
The amount of direction shifting in this debate is a pretty clear sign that all is not right. When proponents of back doors are asked why warrants and court orders won't suffice, they say "terrorism". But when asked for the kinds of harms that will actually be prevented, given that terrorists will just use existing algorithms without back doors the answer is "child abduction" or similar crimes where warrants and targeted operations would suffice.
Not exactly. Good research is being made in the quantum computing field, with a couple of prototype versions showing actual NAND gates.
The biggest major hurdle at the the moment is the entanglement problem. The more Qbits you need to entangle the more challenging the problem becomes both to generate the entanglement matrix in the first place, and then to maintain the entanglement state after computation has been performed.
This stuff is really hard to do, and right now the best way we know how to do it is with a lot of power and strong magnetic fields in a research lab. If the current paradigm continues and scales to where we want it to be, it seems incredibly unlikely to be available for commercial use anytime soon.
To put an analogy to it - think of the manpower and resources it takes to put a satellite into space, just because NASA became successful at doing it doesn't mean that it becomes cheap and abundant anytime soon. It may well be decades if not half a century before the average person can realisticly buy one.
But beyond that, "Tell us the password or go to jail," has the obvious problem of people not remembering their passwords, or, if the authorities are wrong about the ownership, never knowing them in the first place. Outside of cases where someone is self-declared as obstructionist, there's simply no way to overcome a reasonable doubt standard of "I forgot the password, ergo, I cannot decrypt it." Let those among you who have never used a password recovery option on any website or application in your life throw the first stone here.
I forgot the password isn't a defense when options exist for password recovery.
What he is saying is that since we have all presumably clicked "i forgot my password" on numerous websites etc throughout the years. It would work as a defense against obstruction charges in cases where the compelled claims to have forgotten a password which is not recoverable.
eg:
Ladies and Gentle men of the jury, I have dozens of emails in my inbox from CustomerSupport@XYZ.com telling me to follow this link to reset my password. Who doesn't forget these things, with all the length and number and symbols and stuff, they are hard to remember. I know I've forgotten dozens of passwords over the years. What makes the defendant having forgotten this one the judge is asking for unreasonable?
I have accounts that I do not remember the name of with passwords I do not remember attached to email addresses that I do not remember and that have been deleted, and the account itself may not exist anymore. There is no reasonable way for me to recover that password. I can't even meaningfully confirm an account exists.
If access to the account is that important to a case, wouldn't they issue a warrant to the account supporter (e.g. Google)?
Compelling me to turn in evidence in on myself is clearly against the 5th amendment. It is no different than if I had been ordered by the court to turn over my hidden journals on my illegal activities (e.g. accounting books, diary, etc).
Interesting subject. Would it be relevantly different if the encrypted data was the crime itself (child porn) as opposed to evidence about a crime (journals)?
I'm just trying to google around and see if there have even been any theoretical ones proposed and have been hitting a wall.
I don't have any great depth of experience in crypto, but outside of the practical issues ie 'well the bad guys will just use all unbreakable and publicly available stuff now' or 'well the bad guys aren't really using cryptography anyways so why bother', is what they are asking for even theoretically possible? Encryption with >2 keys?
I mean I suppose you could just make the program append the key used to the front of the file encrypted with a set RSA key the NSA has the paired one to or something trogish like that, but you can't really have a super secret decrypt everything code known by a small handful of people and get much utility out of it. And really, even if you could get rid of all the other crypto program in the world and make everyone use the NSA Says This is Good Enough Privacy For You exclusively, stripping out the part of the program that implements the 'backdoor' wouldn't be hard than say cracking the activation for various software which people do constantly.
The appended-separately-encrypted-key idea of yours is called "Key Escrow" and has been done before.
The long and the short of it is this: It is impossible to make an encryption system that uses two keys that is as secure as an equivalent system that uses only one key. Simply having two keys means it's easier to search the keyspace for a working key.
All the actual information on backdoors that I've seen has revolved around inserting secret (but known by the government) weaknesses into encryption libraries, which is such a bad idea I don't actually know where to start talking about why it's so bad.
In theory (and IANAL so), you cannot be held in contempt in the US if you are unable to comply (e.g. can't recall the password).
As a practical matter, there is an issue of allowing for forgetting passwords without criminals just being able to say that all the time and walk. As noted above, most sites have password recovery functions, so for things like normal email hosts a court order to open the account should suffice. If it's an encrypted file or something... then I don't think there's a good answer - you have to sacrifice something. My stand is that you accept criminals being able to lie about forgetting it as the cost of justice (from the "better to let ten guilty men go free than punish a single innocent" line of thought), and try to prove that they're lying about it. I fear that the inherent temptations of the criminal justice system to just side with the prosecution (because the other side is a criminal and who cares, no matter innocent until proven guilty, right to a fair trial, etc.) will win out though.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
In addition to "key escrow", you can search for " Clipper Chip " to hear about the last time they tried this bullshit.
I posted these earlier, but the following are good accessible explanations of how back doors can be inserted & the examples of how this has played out in the past
http://blog.cryptographyengineering.com/2015/04/how-do-we-build-encryption-backdors.html
http://blog.cryptographyengineering.com/2015/07/a-history-of-backdoors.html
Awesome. Thank you. I had forgotten how weird reading crypto stuff is because there's always the background subtext of "but this could all be wrong because maybe the NSA has some secret super maths that no one outside the NSA has discovered yet"
The media likes to bloviate about "tech companies" or whatever, but the fact of the matter is that you don't need a San Francisco office and venture capital to write some crypto software. Implementing a block cipher is the kind of thing you assign to an undergraduate as a homework assignment. Any asshole can do it. Public-key crypto is harder to get right, but still.
So, you criminalize the sale of any crypto software that doesn't include the US government backdoor. Great. Is it illegal for me to write this software and give it away for free? Is it illegal for me to write this software and use it myself? Is it illegal for me to write this software and distribute the source code? What's the difference, anyway, if it's in some interpreted language? Can I write a textbook about how to write crypto software? Can that book include code samples? This is all fucked.
The actual answer here would be "But they probably won't".
I mean, you can talk about the technical details of cryptography till the cows come home and none of it has ever or will ever change the fact that the human element is always the weakest link.
I mean, hell, the recent Paris attack was apparently organized using no encryption at all.
The idea that "terrorists will totally switch to unbreakable encryption" seems not terribly well supported.
Well the way this panned out last time is that the restriction was on export. So it wasn't about sale or writing, just moving code across borders. Which was hilariously circumvented by the PGP source code book, you know, cause that's a book so could be exported, but as source it couldn't be.
This time around I doubt it would be export (since the target is as much domestic as foreign), but the constant would likely would likely still be around distribution, meaning it can be enforced against anyone regardless of whether they're charging or giving away for free.
As hinted, this is not practical to enforce this across the board, but the trick is that it doesn't matter. The major players such as Google and Apple have to comply, they're too visible and will be threatened with legal action if they hold out.
If there are a few niech producers that fly under the radar, that doesn't make a substantial difference to the kind of mass surveillance that universal encryption prevents. It doesn't matter if a few crypto nerds have unbreakable crypto, it matters that it's easily available to the masses. If I can't say to my non-tech family "just use iMessage" then crypto is going to be too hard,
So the major players will be made to comply, any app gets popular and it will be hit with sanctions if it's not complying. The rest make no substantial difference to our overall security. It's like immunisations, you need the bulk to be using good crypto, not the 5%.
With my own personally bias, a big problem is the effect of US policy on other countries that have no direct ability to influence it. Have a read of this story of trying to work out what was legal to export from NZ when the US crypto export restrictions were in effect (disclaimer: I work for the company involved, though didn't at the time of these events).
https://www.cs.auckland.ac.nz/~pgut001/policy/
I can see those kinds of shenanigans happening again. I write software that deals with medical records for a living. That has to have strong encryption because of privacy concerns. We'd most likely have to have a US version and a non-US version, which is painful but workable. Problem is we'd start to hit issues with NZ policy aligning to US policy (we're part of 5 eyes), but with a lack of clarity that means we'd never quite be sure if we were legal when shipping the non-US version,
Disturbingly there is precedent for "the NSA has super secret math". The NSA developed differential cryptanalysis long before it was known in the outside world, and even meddled with the DES spec so it was not vunerable.
But most of the time it's implementation bugs the NSA finds and exploits ahead of the rest of us (Weak DH being my favourite example of the moment)
I'm going to stop dropping links to Cyptography Engineering now, but there is a lot of other great examples in the archives if you geek out on this stuff. One of my favourites is this bit of guesswork about what project BULLRUN (NSA breaking of SSL that was leaked in Snowden docs) actually is: http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html
Meh, I read some really morbid Insider Threat training every year on government computers.
The best parts are the stories of systems administrators going insane and attempting damage only to be caught.
The thing I miss the most about having a clearance is that ridiculous counter-terror training (aka "the world's worst business trip") they made us do every year.
It is probably worth noting, "few niche companies" will probably include every single Linux distribution not specifically designed for US consumption, so it will be very easy to obtain technically illegal strong encryption.
However, that will be pretty meaningless, as your bank and email provider will be using some form of broken ass encryption that eventual any hacker will be able to read(here's hoping your phone will be up to date with not yet broken government public keys....).
Yes, strong encryption will be easy to obtain, this post has a hilarious list of what would be required to stop that. But easy to obtain and universally used are different things. It's pretty well established that you cannot rely on consumers to take steps for security. Systems have to be secure by default of the majority of people will be vunerable. To take just a few examples:
It's well established that users do not make good decisions about security, and that it's not their fault (pdf). So while the easy avalibility of secure encryption might help you, me, the child porn traders and terrorists, it's not going to make any substantial difference to mass use of encryption.
And remember that the intelligence agencies are not really concerned with encryption applied on the server. They already have plenty of options for bypassing that, warents, national security letters and their equivalents; just ask LavaBit. The reason backdoored are being pushed is a fear of end to end encryption, which is only going to work on mass if communication products are well secured out of the box, without people needing to think about it.
Now, if these proposals were actually targeted at terrorism, then the easy avalibility of strong encryption would make a difference, in that it would make mandated back doors useless. After all, leave aside Linux, I'm pretty sure Mujahedeen Secrets won't be updated to include US mandated back doors any time soon.
But they're not targeted at terrorism. The kind of mass surveillance enabled by back doors Can't, Won't, And Never Has Stopped A Terrorist. In that context, just having encryption off by default, or slightly harder means that mass surveillance will continue because the extra steps required are too hard for most users.
Quantum computers require a lot of infrastructure. Terrorists theoretically could have aircraft carriers too, but they don't. Countries can develop nuclear weapons but doing so requires conspicuous work that can be identified. While that wouldn't stop some countries, the barriers to entry (if you will) are huge and look to be for the foreseeable future. And even more would be needed to initially develop the necessary devices. Thus Manhattan Project.
There's nothing inherently secure about encryption. It simply relies on being very expensive computationally. Quantum computing changes that fundamentally. And I think it would require a great deal of naivette to think the NSA isn't working on that with substantial intensity. The first modern computers were invented and hidden for decades to decrypt enemy communications during WW II. As SoS Clinton would have been privy to similar quantum computing projects.
And Clinton has explicitly said she is not for a backdoor in encryption, citing the concerns voiced by the tech industry.
QEDMF xbl: PantsB G+
QEDMF xbl: PantsB G+
Quantum computers are frequently held up as some sort of magic-encryption-breaking-machines, but reality is a bit more involved. There is an algorithm, Shor's Algorithm, which reduces some problems (integer factorization, discrete logarithm) to polynomial time on a quantum computer with a sufficient number of qubits. These problems are problems that current public key cryptosystems rely on, but they aren't the only problems suitable for such; see the Wikipedia article on post-quantum cryptography.
A much more important point, however, is the simple fact that quantum computers do not (as far as anyone knows) offer any advantage on breaking symmetric-key encryption; and, indeed, this is the order of the day: the big headline-making stuff is basically about how phones/tablets offer symmetric-key-encrypted contents which can't be broken into by the companies that make the phones (or their OSes).
I think it's worth keeping in mind that travelling to the moon can be considered to have been the second "Manhattan Project" that the US engaged in. In that we made a large investment to develop new technologies to achieve specific goals, and many of these technologies were purposefully trickled down for public use.
I mean, from the original Manhattan Project, we developed tools from better approaches to quantitative measuring and analysis to smoke alarms. The Space Race gave us much of our modern technology. Each time we've engaged in this heavy research, we've advanced not just the US, but the world, by leaps and bounds.