Moving The Encryption Debate Forward
Mike Masnick at techdirt just published a story that gave me some hope of a little possible sanity in the debate about law enforcement having the right or ability to disrupt encryption as we know it. As he frames it, “You have people who understand encryption who keep pointing out that what is being asked of them is impossible to do without jeopardizing some fairly fundamental security principles, and then a bunch of folks who respond with ‘well, just nerd harder.'”
My god that framing is perfect. People, even one’s who should know far better, tend to make the argument of authority, not of possibility. In his book The Four, NYU proff. Scott Galloway argues that apple could have built a backdoor into the iOS encryption of the San Bernardino shooter. His statement “It’s just a small door” was possibly the dumbest thing I’ve ever read written by someone I think of as smart.
The Carnegie Endowment assembled a group of real experts with a variety of viewpoints to find some sort of consensus and maybe move this conversation forward. The group says they
“reject two straw men—absolutist positions not actually held by serious participants, but sometimes used as caricatures of opponents—(1) that we should stop seeking approaches to enable access to encrypted information; or (2) that law enforcement will be unable to protect the public unless it can obtain access to all encrypted data through lawful process. We believe it is time to abandon these and other such straw men.”
No knowledgeable person from John McAfee, to Brian Krebs , holds those positions. Law enforcement have more data now with access to basically every communication possible, with plenty of tools and ways to get information. Some info may stay encrypted. Because encrypted means protection for everyone. You, me, and governments. Security flaws, like the one project zero disclosed of the iPhone, hurt everyone.
We are tracked, and targeted in every possible way, if an ad tech company knows it, law enforcement can get it.. People this week had to write post explains how Facebook knows what freaking period tracking apps know. The idea that some data, should stay encrypted, without building backdoors that hackers will exploit is a fundamental idea that tech folks need to stick to our guns about. It’s bad when a company leaks millions of records they left unencrypted. It’s way worse, when no encryption is safe from hackers.
The Carnegie Endowment group listed a framework of how to weigh costs and benefits. They provided many use cases which all proposal should be tested against. Good! That’s a start but stupid people including those on the NYtimes best selling list with respected jobs, need to stop muddying the damn waters.
Encryption, must be built to work 100% of the time, otherwise it will end up working 0% of the time. Despite best efforts flaws have been found in every human system. Making encryption weeker is an analogy akin to making locks suck, because sometimes police have a warrant and need in. A lock, even the best safe will fail in some way, same with encryption. Why should we start out with the idea of making the lock fail fast. A backdoor, is just a way to make security fail fast for everyone.
Some added crap, ICE Cellebrite And the death of privacy. U.S. Immigration and Customs Enforcement is paying at least 3$0 million Cellebrite for tools to bypass smartphone security.