[Cryptography] NSA versus DES etc.... was: iOS 8

[Stephen Farrell]

Hi Rich,

On 24/09/14 01:42, Salz, Rich wrote:
> To paraphrase Dan Geer, if you're job is to prevent something from
> happening then you have to watch everything.

I get that you're paraphrasing there, but I don't believe that
argument stands up. I do get that it has an (IMO emotional) appeal
to those who've been directly or indirectly affected by the kind
of event you mentioned, but I think we should counter such
arguments, esp. when they're catchy and quotable.

Prevention very much depends on the job. I can (sufficiently well)
prevent my kids from accessing what I consider undesirable content
from my home in various non-intrusive ways, for example threatening
various bad consequences if they're found to do the wrong thing. You
don't need to fully agree with me there and can substitute any
example you like that doesn't require pervasive monitoring. So,
there are plenty of specific bad things we can prevent (sufficiently
well) without pervasive monitoring.

So, ISTM that only if you define the "something" that needs to be
prevented nebulously enough (e.g. "all bad things", or "all spam"
or "all malware" or "all abuse") do you approach an argument that
you need to intrusively watch lots of things. And of course the
problem there is that preventing all bad things is a ridiculous
goal so the argument falls on that basis.

So a) there are plenty of bad things one can prevent without
pervasive monitoring and b) there are many things that cannot
be prevented and pervasive monitoring is about as useless as
other mitigations for those, and c) I don't think I've seen any
"something to prevent" that is well defined, really could be
prevented and that demonstrably requires pervasive monitoring.

Someone might respond that "we have the evidence, but we can't
tell you, just trust us" and that could be true or false (and
there's no way to know) but definitely does not justify the
pervasive monitoring attack for a few reasons, not least of
which is that for all possible sets of "we" there are many who
simply cannot and probably ought not trust that set of folks.

Someone else might finally say, yes, we know pervasive
monitoring isn't really needed or effective, but (my) society
makes the unreasonable demand that we prevent all bad things
so what can we do? Well, if one accepts that argument then
one should also get rid of all speed limits on roads, as
drivers everywhere demand to go faster than speed limits. It
ought be clear that pandering to such unreasonable wishes,
no matter how popular, is not good government.

So no, I at least don't agree with Geer's argument, no matter
that it was well written.

S.