[Cryptography] Ad hoc "exceptional access" discussion at Crypto'15 ?

Peter Fairbrother peter at m-o-o-t.org
Tue Jul 14 02:43:25 EDT 2015


On 14/07/15 02:14, Henry Baker wrote:
> FYI -- This is the sort of thing that needs to be discussed:
>
> (Not that Stewart Baker -- no relation -- would ever be swayed by the Keys Under Doormats arguments.)
>
> But the Keys Under Doormats authors have to do a MUCH better job to convince the general public.

Hell, they wouldn't have convinced me.

Paper was a load of rubbish and waffle. It didn't even define 
"exceptional access" in a meaningful way.

Result of a committee approach, I suspect.




There are at least five valid arguments against "exceptional access".

[] First: holes for "good guys" are holes for "bad guys" too.

Incidentally, this includes things like default and maintenance 
passwords, alarm codes, safe combinations, and so on, not just 
government access.

"Good guys" and "bad guys" are in quotations here, as they are used in 
ways which do not fit our convention - good guys defend access to 
information, bad guys try to obtain it.



[] Second: the costs pro and ante are wildly disproportionate - it would 
cost a lot more than it would be worth. Think of internet banking ..



[] Third: why should people trust those who are authorised, as they work 
in secret and are, by the unavoidable nature of that secrecy, 
unaccountable to the people?



[] Fourth: making it impossible for terrorists to communicate securely 
is an impossible pipedream. They can. "Exceptional access" will not stop 
them from doing it.

You can make it harder, but they will learn how to get around any 
difficulties quickly; and the cost of making it harder is not worth paying.



[] Fifth, one especially for leftpondians but still universally 
applicable: "exceptional access" is searching the papers of innocent 
people - whether or not anyone actually looks at them.

If you don't like the last bit of that sentence, then consider - The 
people are less secure in their persons, houses, papers and effects if 
an "exceptional access" backdoor exists.

More, "exceptional access" violates that right to privacy and peaceful 
enjoyment without probable cause - most of the people affected will be 
innocent.




-- Peter Fairbrother


More information about the cryptography mailing list