On 09/19/2014 09:16 PM, John Gilmore wrote:
> There must be some other reason, I'm just having trouble thinking of it.
1) As the proverb says, don't let the perfect be the
enemy of the good.
There will never be perfect security. The measure
of good security is that it imposes a cost on the
attacker, out of proportion to the cost borne by
the user.
The new practice of /not/ escrowing the keys to iOS
user data does not make the device attack-proof,
but it does raise the cost of the attack.
Forsooth, if this initiative fails, it will not
be because it didn't sufficiently raise the cost
to the attackers, but rather because it imposed
too much burden on the rightful users.
2) Another proverb goes even farther in the same
general direction: A journey of 100 miles begins
with a single step.
Suppose there is a weakest-link situation, e.g.
where locking the front door has no measurable
benefit until you also lock the back door, side
door, windows, et cetera. You still ought to lock
the front door! Even if you can't do everything
at once, take the first step and then proceed
from there.
3) It is a mistake to focus too directly on the
threat from the NSA.
Not escrowing the keys makes Apple somewhat less
of a target for the FSB, Third Directorate, etc.
etc. etc. etc. Not zero target, but less of a
target.
If you're worried about Apple Headquarters being
compelled to subvert your phone, you should also
be worried about a Clipper-like back door in the
hardware, which is made in China. Ditto for HTC
and other brands.
Probably the biggest threat from the NSA is more
/indirect/. I am referring to weakening crypto
standards and products, again and again over the
years, thereby creating conditions for a Hobbesian
war of all against all. For example, IMHO it was
both arrogant and stupid for the NSA to think they
would be the only ones who could break 56-bit DES.
Tangential remark: Interesting reference:
Michael Schwartzbeck
"The Evolution of US Government Restrictions on
Using and Exporting Encryption Technologies"
From "Studies in Intelligence" (the secret internal CIA magazine)
(date not obvious; circa 1998)
http://www.foia.cia.gov/sites/default/files/DOC_0006122418.pdf (prettier)
http://www.foia.cia.gov/sites/default/files/DOC_0006231614.pdf (same, but uglier)
Also: CIA FOIA homepage (with search feature)
http://www.foia.cia.gov/
Hundreds of "Studies in Intelligence" articles
were released last week.
4) It's bad practice to support a strong argument
with a weak one, but since the topic has already
been brought up, let me address it.
For the /subset/ of the problem that concerns
NSA versus Apple, laws matter ... somewhat. Yes,
there is a long track record of violations, but
in the spirit of item (1) above, forcing the NSA
to resort to lawless and unconstitutional methods
raises the cost to them.
In particular, if I have information about you,
I can be subpoenaed to produce it. However, if
I don't have the information, I cannot easily
be compelled to break into your house to collect
it. If somebody wants to break into your house
badly enough they can do it, but we can take
steps to raise the cost.
5) We agree that illusory security is worse than
none. Tom Mitchell pointed out yesterday that
Apple does not want to be "directly" complicit
in pillaging your data. However ... if pillage
is still going on, a big pretense of security
would be worse than nothing. It would reflect
a "Not My Job" attitude:
https://www.av8n.com/physics/not-my-job.htm
So I say let's take a step in the right direction
today ... and then take whatever additional steps
are necessary.