Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law—or something like that. The EFF’s Kurt Opsahl takes it apart pretty thoroughly.
Last week, FBI Director Christopher Wray said much the same thing.
This is an idea that will not die.
Rhys • October 27, 2017 3:35 PM
I see this as a problem with boundaries. Not security.
Challenge for FBI is that built over-promised capability in law enforcement intervention to prevent crime.
Problem for Law Enforcement- w/in any community of crime, there is a context. Known well to the participants, hidden or obscure to witnesses. Encryption is but “A” tool.
Cipher tech is not the only tool. Perpetual game of ‘whack-a-mole’.
Even with a Navajo Code Talker, knowing the language will not expose the idiomatic usages.
Edward • October 27, 2017 3:36 PM
No problem. All they have to do is outlaw mathematics. Problem solved.
But if that’s not feasible, then this desire of theirs is a waste of mental energy.
Tõnis • October 27, 2017 4:16 PM
“But the problem persists. Today, thousands of seized devices sit in storage, impervious to search warrants. Over the past year, the FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team …” (from the linked article)
“Thousands of seized devices” and “7,500 mobile devices submitted to its Computer Analysis and Response Team”?!? This sheer amount of devices shows that the government’s alphabet soup agencies have way too much time, money/power, and personnel. The government’s briefs in support of its motions to compel Apple contained rhetoric to the effect of “the American people deserve to know” what was on the San Bernardino shooter’s device. These were, of course, government lies. Anyone with half a brain could predict that the government would not be revealing any such information, and this became clear when the case went away: of course, there was “nothing found,” “nothing to see here.” Who believes anything these people say??? The authoritarians acting in the name of our government won’t even reveal who cracked/decrypted the shooter’s iphone (if that even happened), because their true position is that the American people don’t deserve to know. With 7,500 devices in the hands of the FBI “over the past year” it’s clear that there are too many people working for the government whose jobs should be eliminated and who should given more useful jobs like digging ditches.
RapidGeek • October 27, 2017 4:21 PM
@Edward outlawing Mathematics is not out of the realm of reality. But it will have a fancy name like:
Ecryption
Nationalizing
Extensions to
Mathematics and
Algorithms
So you’ll have to be a part of the system to have access to the knowledge, and in a few generations we will have Orwellian 1984
Moz in Oz • October 27, 2017 6:53 PM
Given the huge budget the FBI has (and US govt in general and the Senate’s great enthusiasm for funding their hobbyhorses, I am surprised there is no sudden “Federal Department of Developing Proper Cryptography” completely independent of the usual three letter agencies, tasked purely with inventing the special magic crypto that all these people are certain must exist.
Although given how easy it apparently is, they could just as easily do it using a couple of interns in a Senator’s office one summer. Over to you, Senator Wingnut…
Who? • October 27, 2017 8:02 PM
@ Edward
Outlawing maths is not as hard as it seems, see the Indiana pi bill.
Seriously, there had been too many efforts to ban the use of [strong] encryption in the last four decades. My fear is it becoming successful some day. I supposed we won the second cryptowar, maybe I am wrong.
Evan • October 28, 2017 4:25 AM
“Responsible encryption” is neither responsible nor encryption.
Citizen 20938741 • October 28, 2017 4:51 AM
@Edward
No problem. All they have to do is outlaw mathematics. Problem solved.
Never fear! As advised here previously, Australia has already made statements to outlaw mathematics[1]. Politicians in other countries simply have to implement this policy, then everyone except those who desire to protect their health, banking and business data for legitimate reasons will be happy.
[1] The weapons in Turnbull’s war on maths are dodgy and dangerous to users and security agencies (Jun 2017) https://www.crikey.com.au/2017/07/17/malcolm-turnbulls-encryption-war-on-maths-makes-us-less-safe/
Citizen 20938741 (with guest Mrs. Malaprop) • October 28, 2017 5:29 AM
Sorry for the quick second post…
“Responsible Encryption™” is as doublethink* as “Smart X” (where X = {phone, meter, TV}). It is a soothing term to gloss over the insidious surveillance aspect. It is very well-played. Technical people who don’t want to be incarcerated are well advised to do all they can to make Responsible Encryption happen.
We can help, can’t we?… For our safety?
* Not doublespeak. (The confusion is newspeak the language, but doublespeak has nevertheless become part of the lexicon). The interested reader is advised to consult Orwell’s manual Nineteen Eighty-Four, available in the non-fiction section of your local book suppository.
Clive Robinson • October 28, 2017 5:31 AM
@ Bruce, and others,
This is an idea that will not die.
There is an argument that every organic molecule that can oxidize has a catalist that at normal room conditions causes it to in effect spontaneously ignite and burn up.
The encryption debate needs such a catalist, especialy if it makes those pushing the argument foolish.
The current FBI argument is the one based on “Scary omnipotent oponents” who are out to “Destroy Society” and thus consume all the “Apple pie” etc thus you must “Think of the children” and what a pie less future will be like…
In short it’s a complete nonsense argument.
History shows us that “standard Policing Methods” in the past worked fine in the presence of crypto, in the majority of cases without the crypto being broken or even needing to be. Which is why the FBI argument uses “scary monster” arguments that are basically “Your world will end if you do not do as we say”… In fact history shows almost the exact opposit, that the world as we know it currently will end if we do give them the powers they demand because we will move into a Police State, plain and simple.
However the truth of that argument is harder to get across than the strawman that gives the FUD “Think of the children”. Which is why they use vacuous impossible but still plausable sounding arguments with the sting in the tail that activates primal fears.
There are a number of ways to deal with this,
One is to play on other primal fears, however the FBI and those who in effect back them have ways of censoring such messages to stop them getting out.
Another is rational argument, but it suffers from the lack of “primal fear” activator. Further without being nasty most people will not form a rational opinion because they are being jerked around at the monkey brain level to head for the trees.
Which leaves us with showing the impossiblity of the FBI’s arguments via “reductio ad absurdum” like the “turtles all the way down” or “lesser fleas” argument depending on what side of the Atlantic you live. What the FBI are arguing for is access to the communication end point or the encryption key giving them the plaintext. Well what if the plaintext at the communication end point is actually cipher text? And likewise the encryption key… The point is as long as the communicating parties can keep the security end point beyond the communications end point what the FBI asks for will fail.
Which brings us back to the purpose of what the FBI wants. It follows logically that the only people susceptible to the legislation the FBI is asking for are those who do not take extra precautions (ordinary citizens). Further it follows that those who have an average IQ that are planning to carry out the crimes the FBI claim they need the legislation for are going to extend the security end point beyond the communications end point. Thus it can be seen that the legislation the FBI want will only work against ordinary citizens and criminals that do not take precautions…
From this you can draw a number of concludions, but the one that effects most citizens is “Forming a Police State”. This is far from a new idea the those who set up the basic laws of the US, did so to stop the likes of “the general warrant” to stop the eventiality of what we now call a Police State.
Thus what the FBI are asking for with their primal fear arguments is to destroy the basic foundation of the US and thus is in effect treasonous behaviour. As most accept treason is far worse in the damage it can do than terrorism or any other crime.
CallMeLateForSupper • October 28, 2017 11:19 AM
@Bruce
“FBI Increases Its Anti-Encryption Rhetoric”
I would suggest “FBI Replays Its Anti-Encryption Rhetoric”. After all, it was Dep-AG Rosenstein who waxed crafty and innovative (speech at West Point). FBI’s Wray just repeats the same-ol’-same-ol’.
I would suggest to Director Wray that FBI should try taking its own advice, i.e. nerd harder.
Spooky • October 28, 2017 11:25 AM
@ Clive,
There is an argument that every organic molecule that can oxidize has a catalyst that at normal room conditions causes it to in effect spontaneously ignite and burn up. The encryption debate needs such a catalyst, especially if it makes those pushing the argument (seem) foolish. (Ed.)
Believe it or not, there exists a single compound that meets all of your criteria: chlorine trifluoride.
You can read more about it here.
The compound is also a stronger oxidizing agent than oxygen itself, which also puts it into rare territory. That means that it can potentially go on to “burn” things that you would normally consider already burnt to hell and gone, and a practical consequence of that is that it’ll start roaring reactions with things like bricks and asbestos tile. It’s been used in the semiconductor industry to clean oxides off of surfaces, an activity at which it no doubt excels.
So then, a metaphorical dose of CTF for the encryption debate? Sounds like a party. 🙂
Cheers,
Spooky
Clive Robinson • October 28, 2017 12:10 PM
@ Spooky,
Sounds like a party. 🙂
Instant barbecue starter for a “cook out”. The only question is “who’s bringing the “wieners” along with those German sausages and a bit of English sauce to set them of nicely B-)
Jared • October 28, 2017 12:42 PM
Government once again proving that they are incompetent and unable to properly “regulate” anything, let alone the internet.
albert • October 28, 2017 2:22 PM
Why can’t the FBI stop whining and just do its job?
..
@Citizen 20938741 (with guest Mrs. Malaprop),
“…suppository…”?
I prefer my books taken aurally, thank you.
. .. . .. — ….
Jonathan Wilson • October 28, 2017 4:35 PM
If the only way for the FBI (or some other agency) to catch a given bad guy is by having backdoors or other things that weaken security for everyone then I would rather see that bad guy not get caught than see security weakened for everyone.
Clive Robinson • October 28, 2017 5:56 PM
@ Jared,
Government once again proving that they are incompetent and unable to properly “regulate” anything, let alone the internet.
The Internet as it is currently can not be regulated, in the same way as the post office can not be regulated but the press can.
The post office can put up prohibitions on what can be sent, but without the ability to “look inside the envelope” they can not stop people sending prohibited items. The press however can be regulated because what they say is generaly for public consumption and thus openly visable to all. So what they print is easily assesed against regulation, and better yet for the regulator, there is usually a named responsible person “the proprietor” who can easily be sanctioned. The proprietors know it and thus generaly they stay away from any “line drawn in the sand” by a regulator of any enforcment strength…
So to “better regulate” the Internet, the government needs to not just add Choke Points and instrument all trafic through them. They also need to be able to see into the envelopes that encryption not just creates but makes impossible for the government to view…
The potential for abuse is so massive that it will happen if the likes of encryption are not used.
It’s why encryption is seen in a negative light by governments, except for their secrets…
Al • October 28, 2017 11:21 PM
My view is, coded speech is protected by the first amendment. There’s no restriction on me telling someone to take the whats-a-ma-dingy and do the whose-a-what-ever.
Encrypted speech is coded speech. It may be a more sophisticated coded speech, but it is still coded speech. There is nothing in the first amendment abridging the freedom of speech if the speech is not understandable by the government.
I made my encoder in javascript. Base 64 is the last step, so it can be sent through the email.
Craig McQueen • October 29, 2017 5:33 PM
@Spooky, chlorine trifluoride is not a catalyst, it’s a reagent.
Clive Robinson • October 30, 2017 1:33 AM
@ Spooky,
With regards ClF3, on the Wiki page is a quote from John Dury Clark[1],
It is hypergolic with every known fuel, and so rapidly hypergolic that no ignition delay has ever been measured. It is also hypergolic with such things as cloth, wood, and test engineers, not to mention asbestos, sand, and water (with which it reacts explosively).
It can be kept in some of the ordinary structural metals —steel, copper, aluminum, etc.— because of the formation of a thin film of insoluble metal fluoride which protects the bulk of the metal, just as the invisible coat of oxide on aluminum keeps it from burning up in the atmosphere. If, however, this coat is melted or scrubbed off, and has no chance to reform, the operator is confronted with the problem of coping with a metal-fluorine fire. For dealing with this situation, I have always recommended a good pair of running shoes.
Which comes from his book “Ignition” which is about the trials and tribulations of Rocket Fuel, it is as ammusing as it is educational. Getting hold of the book could be an expensive investment however there is a PDF of it,
65535 • October 30, 2017 2:24 AM
@ albert
“Why can’t the FBI stop whining and just do its job?”
That is a good question.
Nobody ever said law enforcement was easy. It is hard and has been throughout the ages. Police work requires getting out of an overstuffed chair a doing hard slogging investigative work. I think Christopher Wray is a lazy brat who doesn’t want to leave his lavish office to catch criminals.
Mr. Wray wants an extensive dossier, recorded conversations and never ending list of movements on all Americans at a press of a button from his iPhone. He probably thinks routine police work is too exhausting to waste time with. The Fourth Amendment and privacy just are too bothersome to consider. He is just indolent and non-attentive to the laws he has sworn to uphold.
But, it is a different story with his personal privacy. Try getting cell Towner metadata on movements of Mr. Wray’s personal/business cell phone and you will hit a brick wall.
Wray wants to create a one-way mirror so he can watch Americans while hiding his own prosecution activities however dirty or parallel constructed. Most of FOIA documents from his department are half blacked out with little or no information. He mentor the NSA has to redact their definition of “meta-data” due to “National Security”. This snubbing of citizen’s privacy flow down from the NSA to the Justice Department. This shift of power to bureaucrats from the very citizens who pay salaries said bureaucrats is a travesty.
@ Tõnis
‘”Thousands of seized devices” and “7,500 mobile devices submitted to its Computer Analysis and Response Team”?!? This sheer amount of devices shows that the government’s alphabet soup agencies have way too much time, money/power, and personnel.’
That is correct.
Further, this fact may show less than honest law enforcement shaving assets from individuals and being disappointed that said assets don’t work for their new owners. Shake downs by law enforcement are not that uncommon.
This constant spying on Americans is against the Fourth Amendment and against good ethical practices. It must stop now.
Chortle • October 30, 2017 4:40 AM
Federal advocates pushing for backdoors and other flaws in encryption and other ‘secure’ systems probably do this because of collusion with organized crime.
Organized crime, particularly identity theft rings, are the main beneficiaries of shipping security software and firmware pre-crippled.
Once the Feds make solid security illegal, it will quickly become apparent to the armies of hackers employed by Organized crime and rogue nations where to expect the backdoors and exploits to be inserted.
Security flaws are a lot easier for hackers to find when it’s telegraphed to them what the flaw’s purpose will be, as the FBI et al have done repeatedly.
Since the end result is so obvious, FBI “experts” must be aware of this result, and so pushing for it possibly means they want this result — and thus are possibly in the employ of organized crime.
Citizen 20938741 • October 30, 2017 7:10 AM
@65535
Mr. Wray wants an extensive dossier, recorded conversations and never ending list of movements on all Americans at a press of a button from his iPhone. He probably thinks routine police work is too exhausting to waste time with. The Fourth Amendment and privacy just are too bothersome to consider. He is just indolent and non-attentive to the laws he has sworn to uphold.
Maybe once The Machines™ are doing the bulk of the analysis, capture, detention and arrest – ideally by drone – there might be some job cuts. Everyone hates job cuts.
I agree with the “push-button” sentiment and wouldn’t be the millionth to say that it’s time to return to “policing by consent”[1].
If investigations are performed in the spirit of a good officer / detective / Bit Runner(?) – like the respected Holmes, Poirot etc. – those entrusted with such responsibilities may again be seen in a better light as their practice would have roots in legitimacy. The modern approach involving practices such as mass-surveillance and pre-crime has steadily led us from “by the book” to “off the books” and with LEO hands in the clouds.
Crime fiction is more fun and rewarding for the soul. It’s great for the alleged guy / girl / botnet to be brought “to justice” when it’s done whilst upholding the high morals of the profession. Sometimes “to justice” means that people are found not guilty. Fancy that!
You can still witness true justice in reality, but it’s difficult to form an opinion where evidence procurement is shady (i.e.; parallel construction) and full of secret interpretations.
Ideally, a good case should be scrutable by the public – akin to the Scientific Method in its workings and openness. If certain parts of the case cannot be opened, the reasons for such and the reasons behind alternative implementation within judgement must be scrutable by the public in non-secret, public law. Increased transparency is necessary so at the very least the accused can take appropriate legal steps to exercise their right to defend themselves. It is also important so the public is aware of the chain of evidence and can form an opinion.
We just have to keep watch on the line of consent and keep with the scientific approach so that trust[2] can be audited. This won’t stop people lying, but transparency into laws which are said to be “for our benefit” has to be a good thing.
Back to “push-button policing”, it’s disappointing that the “thrill of the chase” is becoming just another script in the cloud, chewing through that yummy Big Data.
Page 2: Officer presses button, offender “droned” to jail.
Whoopdy-doo… not to mention a predictable middle and ending.
So LEOs… hypothetical job cuts, or “police by consent”?
[1] Peelian principles https://en.wikipedia.org/wiki/Peelian_principles
[2] I’m not a big fan of trust, but law enforcement needs basic trusts to be effective.
JG4 • October 30, 2017 7:18 AM
Thanks for the pointers to background reading on potential oxidizers for rocketry. an equally impressive oxidizer is F-O-O-F, where the symbols tell the story nicely, a sort of onomatopoeia. FOOF is impractical, because it spontaneously decomposed at ambient temperature. sand and similar minerals are the go-to extinguishers for Class D (metal) fires. perhaps cryolite would work as an extinguisher/sorbent for oxidizer spills, to be applied by robots.
the standard definition of catalyst is a substance that is left unchanged over the full cycle of a reaction, perhaps with the exception of some wear and tear. it usually is understood to lower the potential energy barrier for a reaction to proceed. reactants are consumed and incorporated in the products, which is the general case for oxidizers and fuels.
if we understand money to be a proxy for Gibbs free energy, then technology that lowers the cost of discussion is almost exactly a catalyst. I don’t think that it has been said often enough that for any new privacy technology to be distributed, there has to be a viable business model behind it.
this rather timely newsclip showed up in the usual compendium this morning. printing technology as a catalyst for massive social change. the internet has a long way to run. I hadn’t appreciated Luther’s business acumen until today.
https://www.theguardian.com/technology/2017/oct/29/why-we-need-a-21st-century-martin-luther-to-challenge-church-of-technology-95-theses
…[you have to understand the gain medium tensor]
What happened, in a nutshell, is that Luther understood the significance and utility of the new communication technology better than his adversaries. In that sense, he reminds me of Donald Trump, who sussed how to use Twitter and exploit the 24-hour news cycle better than anyone else. But whereas Trump contributed nothing to the communications technology that he exploited, Luther did.
His understanding of the new media ecosystem brought about by print has been expertly explored by the Reformation historian Andrew Pettegree in a brilliant book, Brand Luther: 1517, Printing, and the Making of the Reformation (Penguin, 2015). Unlike most scholars of his time, Luther was both interested in and knowledgable about the technology of printing; he knew the economics of the business, cared about the aesthetics and presentation of books and understood the importance of what we would now call building a brand.
…
Although the original 95 theses were in Latin, as were most theological books of the period, Luther decided that he would write in German. In doing so he immediately expanded his potential market by orders of magnitude. He also developed a literary style that was, as Pettegree observes, “lucid, readable and to the point”. But his masterstroke was in enabling printers to make money by publishing his works. Because paper was expensive, he channelled his output into extended pamphlets that could be printed on one or two sheets of paper, suitably folded into eight or 16 pages at most.
Nombre' • October 30, 2017 10:34 AM
Rosenstein is so far out of his lane its hilarious. What does he want, completely unsecured banking transactions, yeah right. No he wants YOU to have no security, while him and his like do. He wants YOU to have unsecured phone calls, while he has secured phone calls. He wants to read all YOUR emails, while all of his are encrypted. He is just carrying water for the Intel Community. Pathetic.
Jim A • October 30, 2017 11:20 AM
I am reminded of David Simon’s observation that the ability of the Baltimore Police Department to make cases by simply stopping and frisking miscreants led to the atrophy of good police detective work.
Clive Robinson • October 30, 2017 11:46 AM
@ parabarbarian,
… so-called “unbreakable” contracts using a blockchain. That might offer a solution to the key escrow problem.
Key escrow was and will always remain an extrodinarily bad idea. Because it makes not just a realy plumb target for those of ill intent it makes timely updating of keys difficult. It’s one of several reasons people went down the PKcert route, and unfortunatly they ended up with the almost as bad as escrow Certificate Authorities…
As for using a “blockchain” it realy does not give you the user anything, so will be a significant waste of computing resources for no gain in function or security.
The IT world appears to have lept on the hype of blockchains rather than evaluate them in a sensible fashion.
At the end of the day Key Managment (KeyMan) is a hard problem we’ve only scratched at the surface so far.
Jim • October 30, 2017 12:29 PM
I think we should ban locks on doors and curtains on windows. They impede the FBI and others from catching the bad guys. These curtains and locks make for a “world without law”.
Uh, no. What they actually do is protect regular folks, who don’t have a huge amount of money for security, from being taken advantage of by bad people.
Encryption is my curtain and lock when I shop online or do lots of other things. It keeps the bad guy from seeing what I am doing and from entering my personal cyberspace.
We continually hear about our “right to privacy”. That’s exactly what encryption provides – privacy. No matter what any rogue law enforcement agency may say about it.
John Campbell • October 30, 2017 9:18 PM
If such a system is being recommended, let us see the “people at the top” use it for all of THEIR messages. Once they show faith in the new systems– for a year or so– the rest of us may consider such a system a “good idea”.
(laughs maniacally)
Will Donald Trump, Michael Pence, Jeff Sessions and all other cabinet officials use an encryption system with “key escrow” or other back doors for all of their correspondence and filestores?
Not a chance.
Oh, wait… recalculating.
Yeah, right: NOT A F**KING CHANCE.
This was attempted back in the mid-1990s as the “Clipper” chip and it went splat even then.
Who do you trust to NOT paw through the key escrow vault? Do you really think the “vault” will be any better protected than Equifax?
65535 • October 31, 2017 1:08 AM
@ Citizen 20938741
I agree with most of your statement.
I do want to put emphasis the “non-auditable” form of power these 3 letter agencies are accumulating. Parallel construction and the push button automation of an individual’s digital life on a secret record may be quite dangerous in the wrong hands.
I also think that “backdooring” of all encryption is a horrible idea and will lead to greater criminal activity. And, I don’t like the one-way mirror effect where bureaucrats can watch you with a microscope while you cannot see them – they hide behind “redacted” documents and secret court decisions. All of this is unethical and probably illegal under the US Constitution.
CallMeLateForSupper • October 31, 2017 10:37 AM
@John Campbell
“Do you really think the ‘vault’ will be any better protected than Equifax?”
No. Full stop. Make no mistake: key escrow is a backdoor by proxy.
When I hear or read about U.S.G. allegedly securing or endeavoring to secure something, I remember the congress critters who, a decade or so ago, responded to hue and cry from citizens who perceived that budget measures would bankrupt Social Security, by gathering the media to film two congress critters declaring that Social Security funding would be “locked in a lockbox” and then dramatically turning a key in a little treasure chest. (Perhaps they thought they were addressing children?)
Clive Robinson • October 31, 2017 11:59 AM
@ John Campbell, CallMeLate…,
This was attempted back in the mid-1990s as the “Clipper” chip and it went splat even then.
No. Full stop. Make no mistake: key escrow is a backdoor by proxy.
The thing that people forget is why it went splat…
The NSA did a very naughty thing, that has been claimed by many as an accident but to be honest I don’t believe.
In the original line protocol there was something called the “Law Enforcment Access Field”. This 128bit field had a number of properties one of which was it provided the information required for LEAs to recover the keys in use. To protect the LEAF it also had a 16bit hash / checksum…
Matt Blaze published a paper in 1994 “Protocol Failure in the Escrowed Encryption Standard” which was the first of several fatal cuts…
Matt’s paper pointed out that the Clipper’s escrow system had a serious and with hind sight obvious vulnerability.
To prevent software outside the chip from tampering with the chip generated LEAF that would be transmitted, the receiving chip would not decode messages with an invalid hash/checksum.
The obvious work around for this for some one with privacy in mind would be to use the transmitter software to encrypt the 128bit LEAF that left the sending chip and decrypt it in the reciver software before sending it the receiving chip. That way the LEAs would not be able to get the LEAF to request the keys from escrow. The downside of this would be not only whould both the sender and receiver have to share device types but also somehow stop the LEAs from using a device that simply cut the communications if they did not recognise the LEAF.
Matt however went one further, he realised that the hash/checksum was way to short at 16bits to provide any kind of real security. Thus a simple and relatively quick brutforce attack to grnerate a false but valid looking LEAF was almost trivialy possible. Thus the LEAs would not get the right keys from escrow…
Thus the likes of those in the know like the NSA or various members of the US etc Government could use the chip as an encryption device, but without the key escrow functioning…
Why the NSA made the LEAF hash/checksum so short is open to debate but it blew their NOBUS secure bsckdoor out of the water
The following year a paper from Yair Frankel and Moti Yung revealed a second vector inherent to the protocol design. This was even weaker and showed that the LEAF of one device, can be attached to encryption from another device and still work. Which is almost trivial to do thus defeating the escrow mechanism in real time.
A couple of years after that in 1997 a paper was published by a group of well known cryptographers. Called “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption” it analyzed the syandards, protocols and implementation vulnerabilities arising from attempting to implement key escrow systems in thevgeneral case. This included but was by no means limited to the Clipper chip and the Skipjack protocol. Various technical flaws were described in the paper and you could only conclude in the case of Clipper that either the NSA were grossly negligent or had quite deliberatly put a series of backdoors in the system so that they and others like them could securely use the chip whilst others could not… That is they had put in the basic requirments for a Police State to opperate.
Whilst the Matt Blaze paper provided the first cut the two other papers decapitated the whole project and they were thus responsible for the demise of the chip and key escrow in general as a public policy.
The important point to take away is not only is Key Escrow a bad idea, those that implement it will almost always put hidden vulnerabilities in it so they can avoid the escrow. This is particularly important to the likes of the various IC and SigInt agencies that do not undet any circumstances want “oversight” looking ovrr their shoulder when they are upto their eyebrows in at best questionable activities, if not actually illegal as was seen thirty years ago under the Ronald Reagen administration when Marine Lieutenant Colonel Oliver North did something really, really bad which became known as the Iran–Contra scandal,
https://en.m.wikipedia.org/wiki/Iran–Contra_affair
It would be immensely silly to assume that similar things stopped happening then, and are thus in all likelyhood still happening to this day one way or another.
Handle_x • November 1, 2017 12:33 AM
All they’re seemingly doing is reducing the surface area of people who know strong encryption and can employ it using code they didn’t write.
That leaves a much smaller more torture-able pool of people with secrets they can’t access.
tyr • November 1, 2017 2:10 AM
I seem to recall someone called Walker
shovelling everything he could grab
into the soviet embassy for an embarassingly
small amount of money. The weak link
in government is the people and the failure
to supervise them. No amount of protocols
is a substitute for paying attention.
The latest flap over Africom being a classic
of the type. No backdoor will stop the
material being hauled out the front door.
A ninety percent budget cut might help, as it
is too many have far too much access to what
is a haystack of crap that shouldn’t be
classified anyway. No technical fix can get
around that problem.
Citizen 20938741 • November 3, 2017 3:29 AM
@65535
I do want to put emphasis the “non-auditable” form of power these 3 letter agencies are accumulating. Parallel construction and the push button automation of an individual’s digital life on a secret record may be quite dangerous in the wrong hands.
Parallel Construction is perjury and should not be allowed to occur in a fair society.
Ideally I would have said to “open it all”, but I’m dealing with certain realities. There may be aspects to a case identifying people with protected identities for instance – so I was more along those lines rather than having a protection of certain methods and evidence gathered.
Withholding or altering evidence – as difficult as this is to prove – will continue to be a problem as long as suitably-placed people “in the system” lack morals.
Happy to continue the discussion, particularly if I have misinterpreted your reply/additions or if I have just rattled things off blindly of a Friday evening. Thanks.
Gordon Arrrr • November 7, 2017 1:35 PM
Wow! So many great comments! A reflection on Bruce S., the topic, and youall!
I have a few different comments… sorry for the disjointedness.
A] A picture (A/K/A “meme”) of the actor Tom Hanks portraying Forrest Gump with the words superimposed “I may not be a smart man… but I know criminals don’t follow the law.” Once a government defines illegality to suit it’s purposes, what then is it to be a criminal?
B] Since 9/12/2001 people in the US of A live under a Declaration of a State of War. This is a scary legal condition where normal laws EVEN THE US CONSTITUTION can be suspended at the direction of the US President through Executive Order. (Can you say “Star Chamber”?!) Where’s the advise and consent? (It’s dead and rotting). Where’s the legal protection from an out-of-control Federal Government? (Residing in the power of King POTUS.) !st Amendment, 4th Amendment, 5th Amendment… pick one or more. They have become wind, as in `Words are wind,’ mutable in the hands of the Executive Branch and the Judges who sign warrants, like if a warrant is needed some times. (So what’s a “Star Chamber” anyway?)
We must have this Declaration of a State of War rescinded ASAP! Americans are a less-than-free people every day this is still in effect!
C] To the best of my recollection… In Europe, the individual is considered the owner of the electronic data that refers to oneself–regardless of what hard drive that data rests on. In USA the owner of the hard drive owns all the data on it, including my SSAN, DOB, full name, any Also-Known-As, list of physical residences, list of mailing addresses, bank account codes, credit card info, heath insurance account number, motor vehicle info,…. Encrypted or not. Businesses win, individuals loose. In America this must change. Data that describes me is mine, not e.g. Google’s Amazon’s, Netflix, not any governmental entity!
D.1] It’s an `arms race’ people. Us versus Big Them. Neurotic Paranoia? Hell no! Individuals need knowledge, enforced Constitutional law, software, and any other tools to keep us free, as in FREEDOM. IMHO the USA Executive Branch of government is heading too far down the path to becoming the Stassi of the 21st Century in the Western Hemisphere. This trend concerns us all, and must not continue.
D.2] `The word on the street’ can be a better shield from overreaching police powers that PKI and a 60-character funky password. An illustration from Science Fiction comes to mind in S.R. Delaney’s story “Time Considered As A Helix Of Semi-Precious Stones.”
D.3] Used to be, maybe 25 or so years ago, that encrypting your files or hard drive(s) was a red flag guaranteed to attract unwanted attention from an employer, the State Police, the FBI. Now it is a tool used by many honest law-abiding people who don’t want aspects of their personal DIGITAL property scrutinized without their express permission. Use it or loose it!
So… what positive, legal, ethical actions are we going to do about it?
PeaceHead • November 7, 2017 9:48 PM
Non Sequitor – PaleMoon is not a reliable browser in terms of peace of mind regarding url’s embedded within the About:Config. Naturally, Firefox is no better. Kinda makes you wonder… what does Mibbit.com have to do with any random user’s typical web browsing…? I don’t know either. So why is that in some of the default values for PaleMoon’s connectivity?
Back on topic…
I look forward to reading the articles linked.
Before reading the articles, I would like to say that regarding this type of issue, having thought about it before….
I think it’s not an all or nothing type of issue. However, I’d rather have basic safety rather than absolute privacy. I have a lot of private issues, however, in reality, they aren’t that important, most of them. I’m not willing to die over my sexual partner options, for example. I’d rather have peace of mind knowing that Law Enforcement has tools to combat crimes which jeopardize basic safes; Law Enforcement should be allowed to have those tools to reduce harms and to be and to spread safety and safeness … the main word being SAFE.
There’s a certain amount of tragic narcissism of those who believe that their privacy is so tantamount that the lives of the majority should be risked, just to hide their basic data.
With the exception of pre-existing Dictatorships, I think it’s quite alright and even proper for Law Enforcement, especially upper Law Enforcement to have the correct tools to combat ALL types of crime. No havens for criminals who still commit crimes.
Cryptologists and crypto users really aren’t exempt from that except in special cases, and even then, there are caveats.
Let’s not risk the entire safety of the group simply because we all have a false sense of privacy. All of that privacy is already a myth and a misconception. Let’s get on with being more safe and civil to each other and coexisting in peace.
So yeah, the FBI and similar groups ought to have our support, not heckling or naysaying. They should have our consultative help as well as our technical innovation to help them solve crimes and it is really an honor, not a problem.
I don’t comprehend why some people take issue with this type of thing.
Thanks for the articles and continued intellectual discourse.
PEACEFUL COEXISTENCE IS THE ONLY CHOICE THAT MATTERS LONG TERM.
Bill • November 11, 2017 12:42 PM
Say the Government passes a law to allow backdoors in encryption, where do we draw the line? Only felonies, only certain crimes, what probable cause is required?
As with the NSA and their interpretation of the Patriot Act and Executive Order(s) this will become another avenue of abuse the Government WILL exploit. The ridiculous idea of oversight with Government and laws is a fairy tale and they have proven they cannot be trusted with self governing, nor a willingness to cooperating with a third party to oversee.
I dread to think what extreme measures will be passed into law and what few remaining (privacy and freedom) protections will be taken away in the aftermath of another U.S terrorist attack. Our freedoms, Constitution and way of life in under attack and the majority of people have the response; “I have nothing to hide.”.
If you have nothing to hide then answer me this, why do you have locks on your doors and windows, curtains and blinds on your windows, passwords and security on your accounts, a safe/lockbox for documents and valuables, protect your PIN number, begin purchasing online without encryption, post your address, phone, DOB, social security number on social media….? Physical or virtual we all have secrets, we all have information that we want to protect. Claiming I have nothing to hide is like wearing a winter coat but protesting the idea of it being cold.
Clive Robinson • November 12, 2017 6:58 AM
@ Bill,
Say the Government passes a law to allow backdoors in encryption, where do we draw the line?
As far as legislation and the implementation of policy “we” do not draw the line they do.
But whilst they can pass any legislation they like, there are other laws that limit their abilities. The Australian Premier made a significant gaff in this respect just a very short while ago, and rightly got ridiculed for it.
The problem is that the legislators and judiciary are not exactly worldly wise at the best of times. They in effect believe in the “absolute rule by devine right” and thus what ever they decree must be the case many Centuries ago King Knut had problems with such people and set out to prove that even Kings had limits to their powers. A lesson the current crop of self important legislators and judiciary should be mindful of.
There are simple pen and paper encryption systems that have been shown to be secure both in theory and practice. During World War II the BBC used to transmit to anyone who could hear them “Messages to our friends” these were single sentences that had no meaning in of it’s self but had a secret agreed meaning between two parties[1]. Thus “The dog howled in the night” had no meaning to third parties but between the two parties who shared the secret meaning it might mean “Carry out plan C in one week” or “Expect new supplies tomorow night” or…
This is a “One time Phrase” and is technically a “One time Code” as it required the equivalent of a pre agreed “code book”. As long as the code book remained “secure” at both ends and was constructed corrrctly the system remained secure[2].
An improvment on the conventional.Code Book is to remove some of their problems, one of which is “reuse”[3] and another is the “preagreed meanings” problem. Both of which can be solved by using the “One Time Pad” or more correctly a “One Time Cipher”. It is simply a stream cipher with a truely random key stream at least as long as the message. The downside of the OTP is that looking at the cipher output makes it’s use obvious unless other techniques are used.
The point being pencil and paper ciphers do not require anything more sophisticated than a pencil, paper and the ability to reliably follow fairly simple rules. Which importanly means that no technology that could be legislated to have a “law enforcment backdoor” is required. Secondly, the pencil and paper can be moved well well beyond any electronic communications end point.
Both of which help redress the imbalance that technology has given the SigInt and Law Enforcment entities. Specifically it means they have to move back to the use of “Human Resources” which is both very expensive and quite fallible, often giving wary communicators warning they are under surveillance.
[1] Part of the security was the transmission of “null messages” that had no meaning what so ever to anyone to “pad” the channel. Thus the number of messages and their basic style was invariant to stop “traffic analysis” nd other side channel attacks.
[2] There is a true story about “code books” from World War One, one “code phrase” that was needed was one where the code book had become compromised. In order to make it both memorable and usable if the books were discovered to be lost/stolen it was printed in bold on the code book front cover and the code selected was “DAMN DAMN DAMN”, which I guess was not realy secret when used.
[3] The US Diplomatic service was prior to WWII notorious for their use of “code books” endlessly. So much so that some diplomats could code messages in their head without using the actual code book. It is known that at a retirment dinner the retiree gave his speach with jokes etc in the standard code and most present had no trouble following along…
PeaceHead • November 15, 2017 7:19 PM
Like most issues, it is NOT an “all or nothing” type of scenario.
There are so many rampant contradictions and hypocrisies and logical fallacies.
Just to reiterate, when the fire dept. saves lives, they are typically NOT sued for invasion of privacy nor even property damages, etc. This is an analogous scenario, however too many people are the types who are poised to jeopardize lives over privacy puritanism.
Let’s hope they don’t “graduate” (with sarcasm) to suing the fire dept. for breaking down a door to save lives.
This is a heavy anthropological problem and a culturual problem. It’s not even about the security techniques nor caveats either.
What's going on? • November 16, 2017 10:08 AM
Now is it Apple vs. FISA Court?
“… the most likely use of such a “technical assistance” demand would be requiring a company (cough, Apple) to back door its encryption.”
https://www.emptywheel.net/2017/11/15/yup-the-government-is-secretly-fighting-the-crypto-wars-in-the-fisa-court/
some background on Apple vs. FBI
http://dspace.mit.edu/handle/1721.1/97690
https://www.schneier.com/academic/paperfiles/paper-keys-under-doormats-CSAIL.pdf
https://www.schneier.com/blog/archives/2016/02/judge_demands_t.html
https://www.schneier.com/blog/archives/2016/02/decrypting_an_i.html
https://www.schneier.com/essays/archives/2016/02/why_you_should_side_.html
https://www.schneier.com/blog/archives/2017/02/hacker_leaks_ce.html
https://www.schneier.com/blog/archives/2016/03/another_fbi_fil.html
Clive Robinson • November 17, 2017 5:22 PM
@ Peaceheah
Just to reiterate, when the fire dept. saves lives, they are typically NOT sued for invasion of privacy nor even property damages, etc.
Realy bad analogy to use.
It is more like the police department insisting on every door and window not having any locks what so ever “just in case” they want to come in and go through the underware draw taking copies of any photos or other documents they want, oh and not carring one jot if the local street hoodlums come in to do a little raping and pillaging…
Adrian Peirson • December 2, 2017 11:57 PM
How are they going to stop encryption, they can’t the cat is out of the bag and has been for decades.
PS, I’ve been wondering about a ‘new’ (to me anyway) way of encrypting.
Everyone knows that (Mick€y_1960) is a bad password, being vulnerable to a dictionary attack with common substitutions.
But scramble that password up, and I believe it becomes much more secure, and gives you Billions of possible passwords to use, And, it’s recoverable should you forget your password, because you know the seed phrase, all you need do is brute force it.
Here are 4 passwords produced from (Mick€y_1960)
K6_0C1I(Y)€m9
€MK(IYC0)_691
k_01y(ci€m9)6
C€69M1IK0)(_Y
…
A system like this might be fine for your general use, eg, your facebook and less sensitive stuff.
More sensitive stuff could be secured by another scrambled password.
One advantage, of many is that should you ever forget your password, there exists the possibility that you can bruteforce your password, whereas an attacker cannot, because he has no idea of your original character set.
I’ve created an android App using MIT Appinventor which can be found at :-
https://play.google.com/store/apps/details?id=appinventor.ai_adrianpeirson60.Pwd_Creator
Password managers could use this system also, giving you the opportunity to be able to brute force any passwords, should something happen to your password manager.
OK, there is the 3 strikes and you’re out policy in place for most websites, meaning you couldn’t simply try billions of possible passwords, but, you could store some sort of
checksum of your password.
It should be safe to keep a record of that checksum, because an attacker again has no idea about your character set.
So your PC can brute force your character set (Eg, (Mick€y_1960) until you get an checksum match.
For more sensitive data, you would use a different Password, but, would it need to be very different, for example, could I simply use (Mick€y_1960) scrambled up.
again, an attacker has no idea what my character set is, even assuming he captures my lesser password character set, he has no idea if I’ve added 1 or 2,3… new characters, or even if I’ve gone for a completely new password format, EG [PassWord_123]
Effectively, even though I’m using a dictionary word as a password, dictionary attacks against such passwords could be made Trillions of times harder to do, while for the user, should he ever lose his password, he only needs to bruteforce billions of
possible combinations.
Clive Robinson • December 3, 2017 11:24 AM
@ Adrian Peirson,
But scramble that password up, and I believe it becomes much more secure, and gives you Billions of possible passwords to use
You are not the first person to have thought up this idea since the 1950’s, and it has issues.
To put the idea more simply, the password is plaintext and you are performing a simple permutation[1] cipher on it. Thus as the perumtation size is large –ie bytes not bits– the letter frequency statistics remain un changed.
Which might be fine for just a single password, but people are lazy and as they usually have several passwords many tend to use the same “method” for each password (if not the same password).
So if you as a targeted attacker were to believe this to be the case, which is not an unreasonable assumption. You could arange to find one pasword from a weak site by various techniques on top of a MITM attack at the base attack[2].
Having got the permed password you would take out the basic charecter groups and anagram them based on the probabilities so “€MK(IYC0)_691”,
Alpa = MKICY :~ MICKY
Numa = 0691 :~ 1960
Punc = €()_
Would then become by simple visual inspection MICK€Y_1960 as the base with the brackets going around the word the date or the whole string as first guesses.
Thus for a targeted attack just one mistake by the user at an airport, hotel or coffee shop[2] would open up possibilities for a targeted attacker. If they can MITM two or more sites then they get increasing certainty very quickly.
Thus with a little care they can start attacking other sites the user takes more care with. Thus try probable passwords occasionaly without tripping the bad password count lockout (ie it gets resset every time the user logs in correctly).
Reusable passwords are bad very bad and should be killed off once and for all. But as most readers here know that is not likely to happen unless it is with something worse far worse (Think Estonia issue). Oh and as we should know, humans in general are very bad at security for more reasons than we can sensibly list in one reply.
[1] Claude Shannon amongst others recomended simple substitution AND permutation in REPEATED fashion to build up the security bit by bit.
[2] As we know there are many attacks that can be done with MITM as the base. For instance some work places have been known to put SSL Intercept Gateways between their workers and the Internet so they can check for exfiltration of IP or infiltration of malware etc. Those who alow “Free Internet Access” have and do similar. The CIA and NSA are known to have used stolen or faked PubKey Certs as have many other Nation States and Cyber-Criminals etc. Oh and the FBI to have taken over sites to inject client side executable code to try and get original IP addresses where people have used Tor.
PeaceHead (again) • April 19, 2018 7:24 PM
Just to keep the firemen metaphor alive…
Firemen can typically get into just about any type of conventional housing/retail/commercial/residential building/house/establishment. That’s what they do for a living to save lives. You could call it “backdooring” or whatnot, but whether or not they use a battering ram or a skeleton key, or locksmithing tools or else, is not exactly relevant…
The main idea is that THEY CAN USUALLY GET IN QUICKLY as needed to save lives.
So my rhetorical question remains…
WHERE IS THE TRUE COMPLAINT?
Need we really complain about the “good guys” traversing boundaries to do “good stuff”?
Personally, I think NOT! 🙂
Clive Robinson • April 20, 2018 4:55 PM
@ PeaceHead (again),
Need we really complain about the “good guys” traversing boundaries to do “good stuff”?
Yes we must for several very good reasons.
Firstly you ignore the issue that one persons good is often another persons bad.
Which you then conflate with your using of “firemen” in the same way as “think of the children” or “fluffy kitten videos” you are in effect making an inverse strawman argument. Lipstick on a pitbull dog is not going to make it any less dangerous (infact the opposite).
The FBI want you to think of some very rare event as a reason to grant them general powers that in reality in most use cases they plan to use them –thing fake cell towers and the like– you probably would not aprove of ever as the greater harm is so easy to see.
Thus they lie about the intent over amplify the risk and filibuster all argument where they can, untill the get what they want.
They will then use the general powers for everything but that they claimed was the intent.
These are things you almost certainly would not approve of, especially if you are on their agenda of use cases, which currently appears to be atlrast 99.99% of the worlds population in a J. Edgar Hoover power grab gone global.
The fact that you don’t appear to recognise this means either you have insufficient world experience or you are trying to help the FUD along, either way your inverse strawman is unhelpfull at best.
To show why I will pick a much more numerous person to replace your “Fireman” of a “petty thief”, who also uses the same techniques as your “Fireman” strawman for quick entry into properties.
Do you see the similarity in the process, but how different the outcome?
This is because the process is technology bassed thus agnostic to the use it is put to. It is the directing mind that decides the use not the process. Neither you nor I can effect the reasoning of the directing mind, and it would appear from the numbers in prisons nor can legislation. Which means we already know that the harms arr way more likely to outweigh the goods by a significant factor with this class of process.
Thus the only sensible option is to look at all the pros and cons by all people then make a rational choice about whether you alow the process to be made “available for all” or you “out law it for all”.
But further when it comes to these sorts of process they should not need the notion of “NOBUS”, it tells you they already know where the good/bad use is going to be so they have to invent a faux safeguard to head the argument off.
NOBUS is idiotic as a safeguard as if the process is used the information required to use it will leak or be found fairly quickly by others. Thus the “petty thief” will have it very quickly, just look at TSA Keys to see that bit of NOBUS idiocy.
Also as important is the question of “insider abuse”. Unless there is a very strong judicial oversight with both sharp and long teeth, we know that the process will be abused. The evidence for this is so overwhelmingly that we also know how the legislators will respond down the line… They will be directed to find a way to make the abuse either fully legal (phone companies) or inyernal administrative correction only (NSA/FBI) which is just one step away from putting the lunatics in charge of the asylum. It’s also the current system that we can clearly see does not work.
Thus the only sane sensible course of action is to “Outlaw for all” the process now and for ever.
As for the overhyped “think of the children” arguments, the reality of life currently is it ends at some point and nothing we do is risk free, those are the inescapable facts.
You then only have to look at the number of people killed directly or indirectly due to vehicles to know that society is more than happy to except high numbers of grotesque, needless and avoidable deaths, disfigurments and injuries each and every year, just so they can drive a vehicle. Oh and that “happy” includes the US Petro Dollar that funds current terrorism the US is apparently worried about almost entirely…
JG4 • April 21, 2018 4:59 PM
@Clive – I’ve been busy or I would have been more vocal. Trust that you are mending from the latest medical difficulties. I like your construction, but I want to point out one useful addition. “Think of the children” is a canard that is intended to shut down logic and replace it with emotion. There are numerous cognitive tricks in that repetoire, as echo cites. Had an excellent week of networking, almost like the good old days. Part of the intellectual progress was recognizing that the severance of the peasants from the soil is one root cause of our gut biome problems. Others include industrial chemicals, processed food, and antibiotics. I think that I’m on the record as a conscientious objector the peasant extermination programs, whether in Ireland in the days of yore, Scotland, Congo, the Homeland, and countless other places. I’ve heard a couple of cases in recent months for psyllium husk as a healthy lifestyle choice. I’d bet my last dollar and every one that I can borrow on credit cards that plum/prune fiber, greens and bean fiber provide a complementary (and/or equivalent) bioenergetic input to feed the gut biome. It’s a lot like a compost pile. I met up yesterday with a biting wit who mentally converted dollars down under to “freedom units.” I was saddened that etiquette prevented me from pointing out that they hate us for our freedom.
Clive Robinson • April 23, 2018 2:57 AM
@ JG4,
Trust that you are mending from the latest medical difficulties. I like your construction, but I want to point out one useful addition. “Think of the children” is a canard that is intended to shut down logic and replace it with emotion.
I am improving, thanks to medical intervention but I definitely “doddged” one there in that the brain nearly got boiled and the heart was pumping to weak to push much around the reast of the near corpse. They flipped me from being an in-patient to an out-patient Thusday just before the effects of the anti-Bs wreaked havoc on my lower diatry system and surrounds.
My soloution these days is not your pro-biotics and keep your bits crossed, but a large quantity of fried vegiterian Singapore noodles followed by large quantities of brockly, chinese cabbage and french beans. I don’t know what else it does mineral and biome wise but it does plug the gap for several days. Then when the anti-b’s have stopped switch back to live Greek Yogurt.
Anyway today is last day on anti-Bs assuming blood tests come up negative so tommorow gently back into eating normalish food again.
As for “Think of the Children” yes it’s designed to suspend reasoned thinking by going to the monkey brain, sadly there is not much you can do about it using reason. Thus a unreasond but measured response is oddly the best way of dealing with them. The one thing a politician in particular can not survive is being made to look an idiot in public and a laughing stock especially when you rob them of not just authority but credability by being effectively patronizing. It’s why many politicos end up regurgitating sound bites like little yappy dogs.
There is the old addage about “location location location” thus I think the place form many modern politicians is “Humiliation humiliation humiliation” in what ever form it can be poured down on them. However as you’ve probably noticed in the US certain politicians “stage manage” their contacts with the press, specialy invited press that are known to toe the line etc. We are steadily seeing more of this sort of nonsense as the likes of the Internet alow titbits otherwise long long forgoton to be brought to the surface once more, and this scares the political classes and those they are beholdent to.
As G.K.Chesterton once noted,
If you read the original[1] in full remember that when he talked of “Christianity” and the “Church” it was back in a time when it was in effect the “moores of society” and it was more the “Hope and Charity” pillers he was refering to rather that “Faith”.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Geoffrey Kidd • October 27, 2017 2:58 PM
It will not die because there are ALWAYS those who want guarantees that they have more, both rights and powers, than others. cf. “Animal Farm” by George Orwell.