Interesting People mailing list archives
Re What if (ir)Responsible Encryption Back-Doors Were Possible?
From: "Dave Farber" <farber () gmail com>
Date: Mon, 10 Dec 2018 16:41:48 +0900
Begin forwarded message: From: Henry Baker <hbaker1 () pipeline com> Subject: Re: [Cryptography] What if (ir)Responsible Encryption Back-Doors Were Possible? Date: December 9, 2018 5:32:19 JST To: Ray Dillinger <bear () sonic net> Cc: cryptography () metzdowd com At 02:21 PM 12/7/2018, Ray Dillinger wrote:From: Ray Dillinger <bear () sonic net> For what it's worth I believe the only "responsible" backdoor suitable for government use - particularly if it is something that can be automated - is one that does not allow even one single use of that backdoor to remain indefinitely secret. We need a system for accessing the systems of a few dangerous criminals that allows the government to PROVE at any point that it has not been invasively scooping absolutely everything that belongs to absolutely everybody. In Broad Fuzzy Outlines leaving a million hard details and a hundred refinements to be designed.... In order to get their backdoor key, perhaps, they have to interact with a public block chain creating a blinded transaction. And no valid block can be created without unblinding the access transactions of blocks that are turning more than (say) 180 days old. Because I get the idea that sometimes you have to have covert access for the sake of a specific investigation, of a specific person for evidence of a specific crime. But if that access never becomes known to the public, or if people CAN use it in the belief that their use of it will never be known, then it is guaranteed to be abused. Every morning, political and business reporters (and inevitably gossip and tabloid reporters) and courtroom attorneys (and inevitably mobsters) should be waking up, having a healthy breakfast, and consulting the chain to see the backdoor accesses unmasked this morning. Every morning, paranoids and tinfoil-hats who irrationally fear the government (and inevitably mobsters and shysters and spies who have good cause to fear the government) should be able to reassure themselves by checking the chain to see whether it reveals today that a while ago their own data was accessed. Unmasking shouldn't be required for accesses less than 6 months old, so that a legitimate law enforcement purpose can be served before the targets become aware. But unmasking must become absolutely certain after some time so that people cannot be deceived about the extent or nature of the access. Unmasking a backdoor access should reveal whose data was accessed, who accessed it, when it was accessed, what specifically they were looking for, why they had probable cause to believe it was there, and what judge signed the search warrant. Even the masked transactions on the chain must be known to exist; Nobody should ever be able to authorize some program that harvests 330 million people's data one morning without it becoming known, on the same morning, that 330 million accesses were made.Why don't we call a spade a spade? The proper term is "IRresponsible encryption", since it opens up a vulnerability to essentially *everyone*, regardless of their situation or culpability. But, of course, this proposal follows the age-old rule that the *name of a bill/law* is precisely the opposite of its intended purpose, which is why everyone thinks that legislators are all liars. Re: "2) No one wants to be in a position where a mass murderer has encrypted data that cannot be revealed to law enforcement" Joe Stalin said "a single death is a tragedy; a million deaths is a statistic". We've seen Stalin's rule operate recently with the murder of Khashoggi, where the press is all up in arms about a single murder, when more than 50,000 people have already died as a result of Saudi's attacks in Yemen. Apparently, more than just one person thinks that there are 110 billion reasons why 50,000 people don't matter. To better understand the FBI's "mass murderer" fetish, you also have to understand the concept of *bootleggers and Baptists*, as explained by Bruce Yandle to Russ Roberts on his Econtalk podcast back in 2007. Basically, Prohibition was made possible in 1919 by a combination of the interests of bootleggers (who would make huge profits from the lack of legal competition) and Baptists (who don't believe in drinking alcohol). While the reality was more complicated than this, "bootleggers and Baptists" has become the label for strange bedfellows who get together to pass a law otherwise unthinkable for the rest of the population. Thus, the bootleggers put forward Baptists to carry their water, because no one is going to (publicly) support bootleggers. http://www.econtalk.org/bruce-yandle-on-bootleggers-and-baptists/ <http://www.econtalk.org/bruce-yandle-on-bootleggers-and-baptists/> Another similar situation was that of mothers who voted for Wilson in 1916 because "he kept [our sons] out of war (so far)" (yes, women were allowed to vote in 6 western states; see Michael Beschloss's book on Presidents of War). Alice Paul, the radical suffragette, effectively traded her support for Wilson's war for Wilson's support for the 19th Amendment -- she presumed that the ~117k deaths and ~320k wounded were costs worth paying for its passage. Yet another example is that of U.S. gun deaths, where ~34k people were killed in 2013, *2/3's of which were suicides*. To keep things in perspective, ~33k people died in auto accidents in 2013. Yet gun control advocates continue to inflate gun deaths with suicide statistics, while simultaneously voting against physician- assisted suicide. The FBI and its apologists are attempting to use Joe Stalin's rule and create a "Megan's Law" for encryption backdoors by pulling out a single sympathetic individual to sway public opinion, when the losers from such are *all the rest of us*. The plural of "anecdote" is not "data" ! (The plural of "backdoor" is not "responsible" ?!?) The FBI is also playing the Baptist for the Deep State "bootleggers" who want to continue unrestricted & unwarranted mass surveillance. Such bootleggers include the subject of a now-playing movie which just won 6 Golden Globe nominations, and a judge who recently joined the Supreme Court. We're currently asking the designers of autonomous vehicles to solve the "Trolley Problem", wherein a runaway trolley (or autonomous vehicle) gets into a situation where 1 or 5 people will die, and the autonomous vehicle must decide who will die. Yet legislators themselves continuously pass laws which benefit a vanishly small percentage of the electorate, while disadvantaging everyone else. https://en.wikipedia.org/wiki/Trolley_problem <https://en.wikipedia.org/wiki/Trolley_problem> I'm sorry, but the tradeoff of making billions of cellphones, laptops, routers, and other IoT devices vulnerable to save a handful of people isn't worth it; among other reasons, we can be sure that the vulnerabilities themselves will cause additional deaths -- dead reporters, dead dissidents, dead spies, etc. One supreme court justice is supposed to have suggested that a flush toilet is the drug dealer's best friend. Yet not even the FBI is suggesting that toilet manufacturers include a "back door" in every toilet to catch a handful of drug dealers. _______________________________________________ The cryptography mailing list cryptography () metzdowd com <mailto:cryptography () metzdowd com> http://www.metzdowd.com/mailman/listinfo/cryptography <http://www.metzdowd.com/mailman/listinfo/cryptography>
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20181210024204:12DE67EE-FC4F-11E8-9412-A4443787CC1A Powered by Listbox: https://www.listbox.com
Current thread:
- Re What if (ir)Responsible Encryption Back-Doors Were Possible? Dave Farber (Dec 10)