[Cryptography] Sadly predictable: Terrorism used as excuse to attack encryption

[Phillip Hallam-Baker]

On Tue, Nov 17, 2015 at 11:12 AM, Perry E. Metzger <perry at piermont.com> wrote:
> Following the Paris terrorist attacks, only hours passed before I
> saw the first article asking whether we need to ban encryption or
> provide magic impossible "golden keys" to break it. This New York
> Times article is, if anything, late to the game:
>
> http://www.nytimes.com/2015/11/17/world/europe/encrypted-messaging-apps-face-new-scrutiny-over-possible-role-in-paris-attacks.html

It is assumed that the terrorists used encryption. However other
reports mention use of a Playstation 4 and that the VOIP channel isn't
encrypted.

As Perry knows, I don't agree with him on gun control. But even I am
not going to argue that gun control would have stopped this attack. We
can argue over whether DAESH is a state or not. But what is not
disputable is the fact that they have state level resources. They are
not the resources of a rich developed state but they aren't
inconsequential either.

DAESH seems to have no difficulty obtaining AK-47s and brand new
Toyota Highlanders. They can obviously find a hacker who can vet
OpenPGP sources and compile it for them.

Limiting access to crypto ability might arguably allow Fort Meade the
opportunity to dump some crypto with a backdoor on DAESH. But we can't
base public policy on that sort of remote possibility.

The other part of the 'regulation' proposal is that there isn't any
proposal there. The idea seems to be that NSA/GCHQ makes a demand and
those clever boffins working for Microsoft and Google produce a scheme
that will meet their requirements without the requirements even being
known.

The people behind these proposals have a top down view of the world in
which the general orders something and it is done. They might as well
order us to come up with a tractor beam or a transporter. The NSA has
been unable to develop a working security scheme themselves, that is
how they were rolled by Manning and Snowden.

Are we supposed to re-engineer the platforms so that it is impossible
to run crypto code?

Are we supposed to put backdoor keys for the US into products sold to China?

How about the reverse? Backdoors for everyone?

And just what do we do if the problem we are facing in 24 months time
is the remnants of DAESH hacking into US and UK critical
infrastructure? What happens if we are trying to keep information
confidential but we can't because we have agreed to a UN sanctioned
backdoor scheme and one of the members is giving the access codes to
whoever is hacking into nuclear power stations?