[Cryptography] Fighting fear (of encryption) with fear (of bad encryption)

[Henry Baker]

At the risk of upsetting our ever-patient moderator, I'd like to continue to discuss how to fight this Second Crypto War.

[Note that I don't work for any cellphone company; so the only dog I have in this fight is my own personal privacy and freedom.]

As I understand the current state of play, the Comey faction has currently tabled for the moment the discussion of encryption of data-in-motion to focus on backdoors for data-at-rest.

The current Comey argument:

* the Fourth Amendment allows for access to all data on cellphones with a warrant, because
* pedophiles
* kidnap victims
* terrorists

As endlessly discussed here & elsewhere, the distinctions between access with/without a warrant and data-in-motion/data-at-rest aren't as clear as politicians would have us believe.  At the end of the day, it will be up to the phone itself to decide the validity of a "warrant", which means that an entire digital legal system -- including verifiable chains-of-trust and digitally-signed warrants -- will have to be set up.

In order to deal with "exigent circumstances" -- e.g., real-time kidnappings, terrorism -- there needs to be an entirely separate digital legal "exigency" system, complete with its own verifiable chains-of-trust, digitally verifiable proof-of-identity of the requesting federal/state/local officer, etc.

Setting up a proper digital system like this can probably be done -- given enough research funding and time -- but it is likely to take decades to develop the algorithms, the software and the legal underpinnings.

In the meantime, govts want us to *trust the manufacturers* and *trust the govts*, rather than "trust the math.*

But we haven't heard the other side of the argument.  Yes, there are societal pressures on law enforcement and politicians to catch criminals and terrorists.  But what are the current costs to their proposals?

So far, the "encryptionistas" have argued that a back door scheme would be the equivalent of "leaving the keys under the doormat".  Unfortunately, this is not a strong argument, because many people do exactly that -- they DO leave their house keys under the doormat.  They also entrust their homes to 3rd parties like ADT Security, and businesses routinely entrust their businesses to cleaning services, and the Supreme Court has ruled (so far) that once you provide access to a third party, it is fair game for the govt.

But I think that the encryptionistas haven't made their strongest case because doing so might undermine their businesses.

The real story about encryption is that *we are just one headline away from total disaster.*

It is so difficult to "do encryption right", that even extremely well funded organizations routinely make simple (in hindsight) mistakes that cost billions.

Anyone who has been paying attention to the various hacking conferences (Defcon, Black Hat, etc.) comes away marvelling at the cleverness of the attacks, and also the face-plant Monday Morning quarterbacking about the lack of defenses.  Those in the business have a sense of schadenfreude, but sober after many sleepless nights, they think to themselves, "there but for the grace of god, go I".

We study the crypto mistakes of the Japanese and the Germans in WWII, but these were extremely intelligent people, so "how could they be so stupid" simply doesn't work.

When I studied "codes" as an electrical engineering undergraduate, I was studying *error-detecting* and "error-correcting* codes, where the adversary was Maxwell's Demon.  Maxwell's Demon was a Gaussian (or other relatively simple) noise source, but not a 192-IQ math genius.  Yesterday's dumb Maxwell's Demon has now become Maxwell Demon, PhD, complete with Maxwell's own prodigious IQ.  As Nassim Nicholas Taleb might put it, computer engineers no longer live in Mediocristan, where the mean (average) is the engineer's friend, but in Extremistan; where the long fat tails will kill you.

So the strength of our codes today is measured by how many math geniuses have broken their picks on the codes.  We really don't have much more *science* or *math* on which to gauge our crypto systems.  Turing's mythical quote from the movie is essentially correct:

Cdr. Alastair Denniston: "Everyone thinks Enigma is unbreakable."
Alan Turing: "Well, let me try and we'll know for sure."

So the encryptionistas have to come clean with the public about the precarious nature of their craft.  Those secrets in your cellphone?  They could be compromised in an instant.  That money in your online bank account?  Gone in sixty seconds.  That insulin pump in your belly?  Kill you in 3 minutes.

In today's techno world, the lack of any significant *diversity* in digital systems means that almost any flaw becomes a systemic risk.  Apple iPhones now number greater than 3/4 billion, so trillions of dollars ride on the efficacy of the iPhone security *system*.  (I say *system*, because security depends on a lot more than just the encryption itself, but also the protection of the keys, etc.)

All of the digital device companies want to get into *financial transactions* because Willy Sutton.  But who's going to trust a company which admits that its encryption isn't perfect, and worse, whose products' compromise could result in hundreds of millions of victims ?

So if disaster is around the corner, but no one is going to mention this elephant in the room, how do we fight the fear of kidnappers and terrorists, with the alternative fears of losing one's identity, losing one's fortune, or losing one's life (medical device, automobile software, electrical grid meltdown, etc.) ?

*Someone*, or better yet, *everyone*, has to break the news to the politicians that all isn't sweetness and light with crypto codes.  Tampering with crypto codes is equivalent to picking the lock on Pandora's Box -- you don't really want to go there.  Politicians haven't done well at designing automobiles or running car companies; it's highly unlikely that they will be very good at designing encryption systems.

As Scotty would always say to Captain Kirk, "I can't hold her together much longer, Captain!"  We, like Scotty, have to admit as much to our "policy-makers".

The reference to Star Trek is apt.  The current Internet crypto systems are already on life-support; the best analogy is to NASA's space shuttle program.  "It hasn't failed yet" led NASA to continue to underestimate the risks until the Challenger disaster finally forced NASA to admit that the odds of a failure were much higher than previously advertised to Congress and to the American people.