Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Charles Arthur <charles.arthur () gmail com>
> Date: December 2, 2018 at 6:08:42 PM GMT+9
> To: dave () farber net
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
>
> There is memory in the system, though the writer of the essay is carefully not using words like Clipper so as to 
> argue a priori. 
>
> I was puzzled on seeing that it was written by a senior cryptographer at Microsoft. Then I read it. It’s is a 
> carefully argued piece pointing out that this genie has escaped the bottle and isn’t going back. 
>
> The final sentence: ‘Make no mistake: Even if it could be built, “responsible” law enforcement access technology is 
> not responsible at all.’
>
> It’s pointing out to those who wish for it that you can’t have a thermodynamic-second-law-violating machine, and that 
> it might not be good even if you did. 
>
>
>
> best
> Charles
>
> > On 2 Dec 2018, at 01:37, Dave Farber <farber () gmail com> wrote:
> >
> >
> > Haven’t we been around this idea many many times like Clipper chip etc
> >
> > Is there no memory in the system?
> >
> > Dave
> >
> > Begin forwarded message:
> >
> > > From: Bob Hinden <bob.hinden () gmail com>
> > > Date: December 2, 2018 7:45:56 JST
> > > To: Dave Farber <dave () farber net>
> > > Cc: Bob Hinden <bob.hinden () gmail com>
> > > Subject: Re: [IP] What if Responsible Encryption Back-Doors Were Possible? - Lawfare
> > >
> > > Might as have asked “If pigs could fly”.   IMHO it is not possible to have encryption backdoors that won’t be 
> > > abused beyond their intended users.
> > >
> > > Bob
> > >
> > > > On Nov 29, 2018, at 10:10 PM, Dave Farber <farber () gmail com> wrote:
> > > >
> > > >
> > > > > https://www.lawfareblog.com/what-if-responsible-encryption-back-doors-were-possible
> > > > >
> > > > > What if Responsible Encryption Back-Doors Were Possible?
> > > > > This is part of a series of essays from the Crypto 2018 Workshop on Encryption and Surveillance.
> > > > >
> > > > > One of the fundamental constitutional precepts that the U.S. Supreme Court has recognized is the presumption of 
> > > > > privacy. This presumption is manifested as limits on government intrusion into the private lives of American 
> > > > > citizens. But these limits are not an absolute in American jurisprudence, nor are they present in all 
> > > > > democracies. For instance, my conversation in a public place may be overheard, but there is nothing to stop me 
> > > > > from taking actions and employing tools to enhance the privacy of my effects and communications. Absent 
> > > > > extraordinary circumstances, I have a right to hide my artifacts and conceal my conversations, and I may also 
> > > > > engage the assistance of a third party as an agent in doing so. Manufacturers of curtains and blinds may sell 
> > > > > their products without building in features that make them transparent to law enforcement authorities; safes may 
> > > > > be sold without retaining keys or combinations to provide exceptional access against the will of the purchaser; 
> > > > > and encryption products may be sold that protect the privacy of data without restriction.
> > > > >
> > > > > Under exceptional circumstances and with appropriate judicial review, law enforcement may be permitted to attempt 
> > > > > to violate my privacy. But a search warrant is so-named because it grants a right to search—not a guarantee to 
> > > > > find. Law enforcement authorities may also request and even compel my agent to provide information on any 
> > > > > assistance rendered to me. But there is no prior restriction on the advice or tools that my agent may offer.
> > > > >
> > > > > Let us now posit the existence of a responsible exceptional access technology, one that secures and protects the 
> > > > > privacy of data with encryption, but also provides law enforcement authorities with access to that data. 
> > > > > “Responsible” here describes a technology that achieves the desired effect of providing designated authorities 
> > > > > with controlled access to data without creating undue risks of data being released to unauthorized parties. It 
> > > > > should be noted that data breaches are all too frequent today and that complexity is regarded as the enemy of 
> > > > > security. Thus, despite the dearth of proposals to provide responsible access and the expert analyses that 
> > > > > enumerate reasons why it is likely unattainable, let us assume that such technology is possible. The next step is 
> > > > > to consider the consequences of mandating its use. Even if we could build it, the question remains of whether we 
> > > > > should build it.
> > > > >
> > > > > In the current landscape, the security interests of technology vendors and their customers are generally aligned. 
> > > > > Vendors act as their customers’ advocates. The relationship is, of course, imperfect. There are cases where 
> > > > > vendors fail to adequately protect their customers and suffer consequences in the marketplace. Just as an 
> > > > > attorney who provides poor counsel may not fare well, vendors who are careless with their customers’ data may not 
> > > > > survive. Vendors have incentives to secure their customers’ data, and customers have incentives to purchase 
> > > > > products and services from vendors who protect them well. Prices are certainly a consideration, and customers 
> > > > > will not always pay a premium for better security, but all other things being equal, a rational consumer will 
> > > > > select a vendor that provides better security.
> > > > >
> > > > > Privacy and security are partners, but they are not interchangeable. An agent who is incented to protect my 
> > > > > security may also have incentives to violate my privacy. However, when I seek to engage an agent to maintain the 
> > > > > confidentiality of my data, an agent who does so steadfastly will be more valuable to me than one who protects my 
> > > > > confidentiality only with caveats and conditions.
> > > > >
> > > > > Introducing exceptional access technology alters the marketplace by increasing costs and reducing protections. It 
> > > > > transforms the vendor from its role as an unqualified advocate to that of an equivocal actor who may or may not 
> > > > > betray the confidence of its customers. The trust relationship is compromised, and vendors are prevented from 
> > > > > serving as unambiguous and full-throated advocates of their customers and their interests.
> > > > >
> > > > > If customers can choose between vendors offering products that are otherwise comparable, those that include 
> > > > > provisions for law enforcement access will be at a competitive disadvantage. To be effective, therefore, all 
> > > > > comparable products within a market (e.g. all mobile phones purchased or used with the U.S.) must be required to 
> > > > > incorporate the technology.
> > > > >
> > > > > A government could ban the sale of curtains and window shades and instead insist that those who want to block the 
> > > > > view must purchase windows which can be made opaque electronically—with the stipulation that exceptional access 
> > > > > features allow for the opacity to be overridden remotely. This is not impossible, but it would add significant 
> > > > > costs, create a risk of windows becoming transparent at inopportune times (either due to malfunction or malicious 
> > > > > attack), and establish a booming market for fabric stores to sell other materials that happen to be sized to 
> > > > > perfectly fit windows.
> > > > >
> > > > > The analogy to encryption is not far afield. The greatest difference may be that encryption technologies are 
> > > > > virtual and are therefore easier to reproduce and transport. Ciphers that are beyond the ability of governments 
> > > > > to break are described in detail in millions of textbooks that have been used to teach untold numbers of students 
> > > > > around the globe.
> > > > >
> > > > > The point here is that a customer who wants privacy can still utilize a device in which a law enforcement access 
> > > > > technology has been embedded. A customer need only pre-encrypt sensitive data before using the device. The device 
> > > > > can then be used precisely as intended, and a second layer of encryption will be applied. If a lawful exceptional 
> > > > > access process is undergone, only the second encryption layer will be removed—revealing not the clear data but 
> > > > > instead the pre-encrypted data produced by the customer.
> > > > >
> > > > > The interesting question is the extent to which vendors will go to facilitate this alternative, and the likely 
> > > > > answer is that many will go as far as legally permitted. Their customers will demand nothing less. Twenty years 
> > > > > ago, U.S. regulators used export controls to thwart dissemination of encryption tools. Such tools were classified 
> > > > > as munitions, and vendors were required to register as arms dealers to export them. This had a chilling effect on 
> > > > > domestic distribution of encryption tools since U.S. vendors did not want to risk the legal jeopardy that might 
> > > > > ensue should a single instance of a product be exported—whether inadvertently by vendors themselves or by third 
> > > > > parties.
> > > > >
> > > > > Americans could freely import and use products that included strong encryption, and U.S. vendors could not 
> > > > > effectively compete with these imports. This allowed overseas vendors to be better advocates for U.S. customers 
> > > > > than domestic vendors. In 2000, the export control regime was largely abandoned due to the harm it caused to U.S. 
> > > > > vendors and the negative impact on data security. An exceptional access mandate today would sever the advocacy 
> > > > > that vendors currently offer their customers and do substantial harm to both. The impact would be worse than it 
> > > > > was in the pre-2000 era, when vendors were simply limited in the kinds of security they were able to offer—not 
> > > > > required to provide explicit exceptional access.
> > > > >
> > > > > As we have seen from numerous accounts, law enforcement authorities already have access today to unencrypted 
> > > > > data. Keyloggers and other malware can be surreptitiously placed on devices of targeted individuals, and tools 
> > > > > exist to crack open locked mobile phones. These means of access can be resource intensive, but that is a 
> > > > > desirable property. The plea to mandate exceptional access technology is an attempt to remove these resource 
> > > > > constraints and enable simple, economical, push-button access. But whether they recognize such or not, what 
> > > > > officials are seeking when they call for easier access is mass-surveillance capabilities. This may not be their 
> > > > > intent, but if it is easy and inexpensive to surveil one individual, then surveilling many is affordable and 
> > > > > manageable, and the temptation will be great.
> > > > >
> > > > > Americans should have an unfettered right to protect their own data, vendors should have the right to provide 
> > > > > law-abiding citizens with tools and services to support their rights, and law enforcement authorities should have 
> > > > > to expend resources when they are authorized to attempt to circumvent these protections. Make no mistake: Even if 
> > > > > it could be built, “responsible” law enforcement access technology is not responsible at all.
> > > > Archives | Modify Your Subscription | Unsubscribe Now
>
> This message was sent to the list address and trashed, but can be found online.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20181202095847:C3A3B47A-F642-11E8-84CA-925BF7F6645A
Powered by Listbox: https://www.listbox.com