[Cryptography] Terror fears don't budge Obama on encryption

Tom Mitchell mitch at niftyegg.com
Fri Dec 18 20:07:55 EST 2015 

On Fri, Dec 18, 2015 at 7:48 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> FYI -- I would place "politico.com" more in the anti-encryption camp
>
.....

>
> Terror fears don't budge Obama on encryption
>
> The White House has sided with privacy groups despite law enforcement
> warnings about terrorists "going dark."

.....

>
> By David Perera
>
....

> "Initially, lawmakers thought there was an easy legislative fix ... until
> we found out that providing a back door into everyone's iPhone was not
> going to be a very good strategy," said Rep. Mike McCaul (R-Texas),
> chairman of the Homeland Security Committee.


This political issue may have run full circle back to a previous list
specific discussion.

Updates on IOT and cell phones, well the lack of updates
presents a very real problem here.

While Apple seems to be updating devices with honest fixes, other
phone and service providers view software as a mechanism of
planned apparent obsolescence.   This is especially true with Android
devices.  Samsung+AT&T seem to limit devices to one perhaps two updates
and at best two years starting at introduction (not sale).

What this presents is a context where most phones older than 18 months
are not going to be updated to include a side or back door to the OS.
Applications for the older hardware need not be installed and as
such cannot be altered.   Legislation to force pushing updates would
be seen as a massive imposition on the business plans of these companies.

What this implies is any secondary market for phones to include
phones for abused women, the elderly and more would have to
be closed for fear that untraceable devices cannot be diverted.

The previous discussion here involved methods and ethics for disabling
methods known
to be flawed.  Key length limitations, encryption methods etc.

The inability to update most devices negates the ability of system level
changes.

Application updates are interesting.   Some game vendors include complex
bit maps
in their package.   Bit maps with noise or compressions are one time pads.
Some free application vendors embed advertising content as well as hard
coded
URIs to pull content.   The embedded content is seen as an inexpensive way
to deliver content without the cost of delivery services.

GeoFencing...   I recently discovered that Apple GeoFences their devices
based on
primary payment locality.   Moving to Canada can find that content and
applications
purchased in the US cannot be updated and some are removed/ disabled.   DRM
of
audio and video content apply.   DRM hobbled content is another path for
one time
pad content.   Not authorized to be played on this device (Apple DRM) could
be any
dense binary clott masquerading as content but might be a key file or a
OTP.

Summary: one primary ask by law enforcement is impossible because of
vendor update policy world wide.  Thus assuming the impossible technical
challenge of a third reliable safe key set method... There may be no way to
deliver it.




-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151218/7111efb3/attachment.html>

More information about the cryptography mailing list