[Cryptography] Unbreakable crypto

[Henry Baker]

At 05:23 PM 12/28/2015, Tom Mitchell wrote:
>On Sat, Dec 19, 2015 at 11:22 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
>One topic to discuss would be doors, curtains and lights.
>
>Not just locks on doors, shades and lights but who controls
>the locks, the deadbolts, the doors, the shades and the lights.
>
>Most of us have doors on our bathroom -- but how is one door
>different from another.  Stall doors in schools...
>
>Then there is the diary of a a 10-18 year old girl.  Most classic
>hard bound diaries had a lock.  Not a sturdy lock but the lock was
>the expression and expectation of privacy.  The diary is not just
>private in the home today the internet allows anyone from any time zone
>to try and look, anyone.
>
>This any timezone reach or wrong number phone call from space makes it difficult to
>model big iron doors of walk in bank vaults or layers of security for
>Fort Knox or household silver in a locked cabinet.

All true, but Comey/Vance would say: -- once it has obtained a warrant -- the govt is allowed to utilize as much force as it is willing to devote to opening doors, pulling down shades, opening diaries, opening bank vaults.

So the real question is: what happens when the combined power of the state is ineffective against doors, shades, diaries and bank vaults ?

We have examples: the govt can't beat laws of physics: gravity, electromagnetism, etc.  But the atomic bombs, Oak Ridge, Hanford and Las Alamos show the resources a govt is willing to devote to try to beat those laws of physics.

The U.S. govt was willing to *drain a (small) lake* in San Bernardino to recover several GBytes of computer files (DVD's, USB sticks, SD cards).  I think that they didn't, either 1) they found what they were looking for; or 2) decided that draining the lake might be ineffective and actually destroy or lose the very evidence they were trying to find.  But if they had thought it might work, that lake would be dry right now.

In one sense, you can't blame the govt for attempting impossible things; that's the nature of people and govts.

But -- so far -- it appears that govts can't break crypto currently considered "strong" by unclassified experts.

So think about what is going on behind the closed doors of govts today.

After Snowden, but accelerated by massive hacking attacks -- e.g., OPM, the Internet industry *is* getting its act together.  Significant fractions of the Internet are now being "protected" by decent HTTPS.  The "trusted platforms" (TPM's) *can* be hacked, but their existence raises the cost of such hacking substantially.

The days of casual passive tapping of unencrypted fiber optic cables are over.  The days of passively accessing cellphone traffic and stealing messages, voice traffic, location data, etc. are over.

 From now on, purely passive attacks will probably be quite rare.  But active attacks -- i.e., most likely MITM attacks -- substantially raise the profile of the attacks, so they are more expensive in terms of dollars and in terms of possible blowback.

In short, Bluffdale is now filling up with unbreakably encrypted *hay*, while actual needles remain as rare as unicorns.

The NSA can't admit its current impotence to unclassified voters, so they get the FBI, DHS, etc., to do their political dirty work for them.  Besides, voters don't get very excited about govt-sponsored listening in on phone sex -- even if it is phone sex among criminals.  So the FBI, DHS, etc., trot out the 4 Horsemen of the Cyber Apocalypse:

"Beware the Four Horsemen of the [Cyber] Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers.  Seems like you can scare any public into allowing the government to do anything with those four."  -- Bruce Schneier

https://www.schneier.com/blog/archives/2005/12/computer_crime_1.html

Since those on this list know that the encryption is holding strong for the moment, we also know what's coming next.  If you can't *break* encryption, then the only thing left to do is to *bypass* it -- i.e., purposely leak unencrypted data into special govt receptacles for access by the govt "only with a warrant".  :-)

In addition to recycling, we'll all have another receptacle to add to our trash bin collection: green for organic waste, blue for paper & plastic waste, and now battleship grey to give the govt our "data".  The next generation Monty Python won't cry "Bring out your dead!", but will instead call "Bring out your data!"

So far, the Supreme Court hasn't been very impressed by the govt's casual access to all that cellphone data w/o a warrant.

But -- as the FBI & DHS keep reminding us -- we're only one dirty bomb away from Poindexter's Total Information Awareness, where we will gladly surrender *all* of our data in order to keep that infinitesimally likely asteroid from hitting *our* house.

Of course, Total Information Awareness means the end of the First, Fourth and Fifth Amendments.  But when the plain text of these Amendments are used in polling potential voters, they don't poll very well -- even among students at elite universities.  It's highly unlikely that a Congress or a President is going to have the guts to stand on the Constitution as a reason for "not protecting the American people".  So these Amendments are likely gone already -- causing the spirits of the dead soldiers who died protecting that Constitution to spin forever in their graves.

Given the FBI's penchant for "manufacturing" terrorist incidents, one can only imagine how the next FBI-manufactured terrorist will act:

* he/she will use an iPhone (take that, Tim!)
* he/she will use an end2end encrypted app developed by Silicon Valley
* he/she will use Facebook & Twitter
* he/she will use Tor
* he/she will use a drone (take that, DJI!)
* he/she will be a "lone wolf", providing a rationale for dragneting *everybody*

As long as they're at it, the FBI will try to "run the tables" on all the HW/SW/apps/companies they find irritating.

And the Constitution will be Trumped and considered Hillarious by the various presidential candidates.

If anyone here thinks that there is a better trajectory for this encryption "conversation", please chime in.