Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Thomas Leavitt <thomas () thomasleavitt org>
> Date: December 2, 2018 at 5:24:22 PM GMT+9
> To: Dave Farber <dave () farber net>
> Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
>
> Dave,
>
> I truly don't understand the motivations of folks asking for "responsible encryption". Surely they realize that the 
> bad actors (at least the smart ones) to which whose data this is intended to permit access will simply, as the 
> original article points out, layer in their own DIY security? I don't see the win... other than from being able to 
> prosecute people who do this, in the absence of any other direct evidence of criminality. The systemic risks induced 
> by the potential for wholesale exposure of ostensibly secure data seem overwhelming for such a small "win". I don't 
> even see this as a "policy judgment", because once you concede that a system is less secure, you're also conceding 
> that compromise is possible, and I don't see how you can rationally argue that any risk of such is acceptable, given 
> the nature of the entities and systems who would be compelled to use "responsible encryption".
>
> Regards,
> Thomas Leavitt
>
> > On Sat, Dec 1, 2018 at 10:42 PM Dave Farber <farber () gmail com> wrote:
> >
> >
> >
> > Begin forwarded message:
> >
> > > From: Herb Lin <herblin () stanford edu>
> > > Date: December 2, 2018 15:25:49 JST
> > > To: "dave () farber net" <dave () farber net>, ip <ip () listbox com>
> > > Cc: "ross.stapletongray () gmail com" <ross.stapletongray () gmail com>
> > > Subject: RE: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
> > >
> > > Here’s the industry event to which Ross refers (https://youtu.be/tH7pHJAO1t8).  Ross is right that I said some 
> > > things that were said during the Clipper debate.  That’s because some of the things said in favor of Clipper were 
> > > valid.  That doesn’t mean that Clipper was a good idea. 
> > >
> > >  
> > >
> > > If someone wants to challenge me on something specific that I said during that talk, I’m happy to engage in that 
> > > discussion.  That includes Ross, by the way.
> > >
> > >  
> > >
> > > The short version of what I said – or what I was trying to say, in any case—was that the technical debate is over 
> > > as far as I am concerned – I fully accept the conclusion that it is impossible to develop an encryption system with 
> > > exceptional access that is as secure as one without it.   But the advocates of responsible encryption are asking 
> > > for something else—they are asking for the most secure system possible subject to the constraint that exceptional 
> > > access is possible.  Whatever system comes out of that process *will* be less secure than what is possible without 
> > > exceptional access.
> > >
> > >  
> > >
> > > Whether the diminished security is or is not worth the benefits to law enforcement is a policy question, not a 
> > > technical question.  Advocates of exceptional access say “yes”, privacy advocates say “no.”  Both are reasonable 
> > > answers, but neither should pretend that their judgments are technically based—they are policy judgments.  For 
> > > myself, I note that policy judgments – unlike technical conclusions – are necessarily made in the particular 
> > > societal and political circumstances extant at the moment of that judgment, and so anyone making a policy judgment 
> > > ought to take those circumstances into account.
> > >
> > >  
> > >
> > > I confess to being surprised at Ross’s assertion that I am “fine with the potential to arm fascists in the 
> > > information age,” which is as close to an ad hominem attack as I’ve ever heard him make on me or anyone else.  If 
> > > intellectual honesty is part of the that potential, then I regret that I have to plead guilty.  But by the same 
> > > token, I think that anyone who works to develop better information technology also has to plead guilty, since it’s 
> > > impossible to make information technology unusable by fascists.
> > >
> > >  
> > >
> > > Herb
> > >
> > >  
> > >
> > >  
> > >
> > > =======================================================================
> > >
> > > Herb Lin
> > >
> > > Senior Research Scholar, Center for International Security and Cooperation
> > >
> > > Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution
> > >
> > > Stanford University
> > >
> > > Stanford, CA  94305  USA
> > >
> > > herblin () stanford edu
> > >
> > > Twitter @HerbLinCyber
> > >
> > >  
> > >
> > > From: Dave Farber <farber () gmail com> 
> > > Sent: December 1, 2018 7:27 PM
> > > To: ip <ip () listbox com>
> > > Subject: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
> > >
> > >  
> > >
> > >
> > >
> > >
> > > Begin forwarded message:
> > >
> > > From: Ross Stapleton-Gray <ross.stapletongray () gmail com>
> > > Date: December 2, 2018 10:46:39 JST
> > > To: DAVID FARBER <dave () farber net>
> > > Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
> > >
> > > On Sat, Dec 1, 2018 at 5:38 PM Dave Farber <farber () gmail com> wrote:
> > >
> > > Haven’t we been around this idea many many times like Clipper chip etc
> > >
> > > Is there no memory in the system?
> > >
> > >  
> > >
> > > We have been. There's just a dogged persistence among those who would like the first-order job of the government 
> > > knowing things for control to be easy. I heard Herb Lin speak on this at an industry event, and it was like Clipper 
> > > all over again. Stu Baker similarly. I'm not exactly sure what drives either, as Baker hasn't been working for the 
> > > NSA for decades, and Herb is at Stanford. But both are fine with the potential to arm fascists in the information 
> > > age.
> > >
> > >  
> > >
> > > Meanwhile, I'm back looking for work, as Rocket Lawyer (which had been a fascinating four months) seems to be 
> > > imploding, and let a lot of us go. But the market is great... I've got a site interview with a Kleiner-backed 
> > > tech-start up in a week, and interviews for a privacy engineer position with a major non-profit.
> > >
> > >  
> > >
> > > But ideas for where else to look always solicited gratefully!
> > >
> > >  
> > >
> > > Ross
> > >
> > >  
> > >
> > >  
> > >
> > >  
> > >
> > >  
> > >
> > >  
> > >
> > >  
> >
> > Archives | Modify Your Subscription | Unsubscribe Now         
>
>
> -- 
> Thomas Leavitt
> Internet enabled since 1990



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20181202034932:2DFDC830-F60F-11E8-A329-E450495B656A
Powered by Listbox: https://www.listbox.com