[Cryptography] On the false choice between privacy and security

Mike Lisanke mikelisanke at gmail.com
Sun Feb 21 05:52:17 EST 2016 

On Fri, Feb 19, 2016 at 5:43 PM, Perry E. Metzger <perry at piermont.com>
wrote:

> Many commentators are referring to the current fracas over strong
> encryption and other security technologies, including especially
> Apple's refusal to provide the FBI with hacking tools for the iPhone,
> as a trade-off between privacy and security.
>
> Even people who feel that strong security technologies are a good
> thing often position things as a trade-off of this sort.
>
> I would like to reiterate something many of us already know: *this is
> an entirely false dichotomy.*
>
> Backdoors in security systems don't just eliminate privacy, *they also
> make systems insecure*.
>
> The current fight isn't just to make sure that the government cannot
> learn that you're reading dissident publications or to make sure the
> government cannot automatically find everyone who has opinions it
> doesn't like, although those are certainly worthy things to want.
>
> The current fight is about whether we will impose a technological
> infrastructure which will be exceptionally vulnerable to attackers in
> order to provide nothing more useful than some very, very short-term
> advantages to people investigating crimes.
>
> This pits the interests of everyone in society who depends on
> technology for their safety, which is to say, more or less everyone,
> against a tiny group of law enforcement officials who find their jobs
> somewhat more difficult.
>
> We should remember that the damage caused by insecurity in our
> critical systems is not theoretical -- it is pervasive problem even
> today. We saw only this last week a hospital forced to pay ransom to
> restore its computer systems.  We've seen instances in the last year
> of the US federal government losing data on literally everyone with a
> recent security clearance to enemies unknown who presumably are very,
> very interested in knowing who all those US government agents might
> be. Untold millions of dollars are stolen every day in various sorts
> of computer fraud -- everything from credit card fraud to fraudulent
> IRS e-file refunds. We already know that you can do horrible things to
> SCADA systems and the like that could potentially kill people, and
> whether you believe that's already happened or not, it is clearly
> only a matter of time before people die that way.
>
> All of this is because of lack of security in computer systems -- a
> lack of security that the FBI, Cyrus Vance Jr., and other special
> interests *propose to make dramatically worse on a permanent basis*,
> in order to make their jobs somewhat easier for the short term.
> Imagine what things will be like in a world where Cyrus Vance has a
> slightly easier job but maniacs who have stolen US government master
> crypto keys can cause thousands or millions of automated cars to
> crash, killing their occupants.
>
> So, please stop making it sound like it is merely the right to privacy
> that is at stake. Certainly the right to privacy is crucial for our
> society, but even those who do not agree with privacy should
> understand that back doors are not about making a trade-off in favor
> of increased security but in favor of pervasive *insecurity*.
>
> This is not about security vs. privacy. We're talking about nothing
> less than deranged short-term thinking that privileges the convenience
> of a small part of the machinery of law enforcement over the safety of
> almost everyone in our entire society.
>
>
> Perry
> --
> Perry E. Metzger                perry at piermont.com
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography



Perry, It's too bad we can't get one or two people on MSM echoing your
concern for security, over just the belief Apple is standing only on moral
high ground. Yes, Apple has explained generally there are security problems
with the FBI's request, but; nobody has explained in layman's terms Why the
FBI's demands make their request security absurd. Also, nobody has argue
that this problem (breaking strong encryption on known cipher-text) is an
FBI problem, not Apple's and certainly not Apple phone users' problem. IMO,
Apple should tell FBI to offload raw encrypted phone data and break it on
high powered machines. Perhaps, FBI is too ignorant to realize that
cracking a password on the target machine is actually more computationally
difficult than on an array of processors in a supercomputer network :-p...
I don't think that's the case... what they want is cracked iPhone software
which can be sprinkled into cyberspace and onto phones that agents can
field-crack (for example). Too bad, that's not the way FBI forensic
investigation is suppose to work, and not the way the law US Code is
written either.
-- 
Best regards,  Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160221/313124e4/attachment.html>

More information about the cryptography mailing list