[Cryptography] Response to "I don't have anything to hide"

Tom Mitchell mitch at niftyegg.com
Fri Feb 26 16:18:56 EST 2016


On Thu, Feb 25, 2016 at 4:49 PM, Matthias Wulfeck <
matthias.wulfeck at gmail.com> wrote:

> > "Do you want the government to have free access to your phone"?
>
> > "I don't have anything to hide. They can look at they want."
>
> I'm sure many of us who have tried to explain the backdoor problem to
> their friends and family have heard this response to the question
>

How many friends understand parallel reconstruction?

How many understand that the judicial system is a contest
between storytellers?    Yes there are rules but the suspension
of disbelief is central to modern storytelling to the point that all
media marketing depends on it.    i.e. the jury of your peers has
been conditioned to accept fantacy on a daily basis.

    https://en.wikipedia.org/wiki/Suspension_of_disbelief

More importantly most schools eliminate debate or religate debate or
restrict it to a rarified few
to the point that it is the uncommon teacher that can coach and judge a
quality debate.

The debate lesson learned when two sides of a fabrication have at it and a
winner
declared is eye opening when both are championing a total fabrication.

In the case of Apple and the FBI there is an important line in the WP
article:

"However, there are authors, movie writers, and show producers who tend to
actually believe in their stories rather than suspending disbelief."

My most recent insight I have had in this is that some principals in this
are anchored in a them vs. us contest mindset.
This is insufficient in a global market context.
With global products and global deployments of hardware and software the
exact same
tools apply to both sides.   Our problems are their problems, their
problems are our
problems.

This global symmetry and equality for commerce and citizens recolors the
notion of "never say anything" when a flaw, bug or attack is discovered.
The attack that might be held tightly as a nut of power is in reality also
a vulnerability to the same side that thinks of it as power.

Thinking back on Purple and Enigma -- we did not have to discard
our Enigma machines once we discovered a way to read Enigma and
Purple messages.   This was a context where never say anything applied
to methods and capabilities.   For the billions of people on the globe this
is no longer the case because we all use the same subset of possible tools.
Open source, global products, stackexchange, ....

In a global context with the long reach of criminals any exploit is also
a liability and vulnerability to the home front.

Analysis of an individual flaw colors this.   If and only if the vector of
the attack
can be blocked and managed would one say nothing and do nothing.

So on the global Internet "see something, say something".

Re Purple:   First there was the Red code, then the Blue code then
red+blue ==> Purple.
Today... the issue is simply muddy Brown.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160226/6543d5ec/attachment.html>


More information about the cryptography mailing list