[Cryptography] EFF amicus brief in support of Apple

Ray Dillinger bear at sonic.net
Sun Mar 6 11:38:38 EST 2016 


On 03/06/2016 07:33 AM, Perry E. Metzger wrote:

> The tenor of such comments is always "there's a silver bullet here,
> and it is open systems". Well, no, sadly, there are no silver
> bullets. Security is hard, and remains (sadly) a set of trade-offs
> between alternatives that are often quite mediocre. 

The fundamental tension is that the people who want security
and the people who want to secure systems, are not the same
people.

The difference is that one is a noun - something you can get -
and the other is a verb - something you can do.

The current state of the art is that providing secure systems
for people who do not participate in working to secure their
systems is extremely hard.  To the extent that it can be made
easier, there is a further tension: People whose software effort
is for the purpose of making things easier for nonparticipants
and those uninterested in technology are mainly profit motivated.
The profit motive does not normally promote the same security
interests as people who want to secure their personal data
because that personal data is a profit center.

It is possible that a profit center can be identified outside
of selling customer data to advertisers.  Such a profit center
could bring the security interests of software providers into
alignment with those of people who want to secure their
personal data.  But if we're talking about making things easy
for nonparticipants uninterested in technology, that is a
market segment mostly unaware of or apathetic about the invasion
of their lives and the sale of their personal data.

Finally there are powerful entities other than advertisers
who have a motive to keep the same information the advertisers
want available.  By any means necessary. China, for example,
passed laws mandating backdoors in all encryption software
and devices, and people are still getting their encryption
devices - from chips with built-in AES function to smart-
phones fully assembled with network hardware and cell phone
radios - manufactured there.

What are the odds that the manufacturers whose devices are
shipped off to the round-eyed foreigners the government is
most interested in spying on get an exception to that law?
I'm calling zero.  But anyway, with governments generally
against the network "going dark", we can expect that any
business model that involves securing personal data will
be strongly discouraged in many jurisdictions and that those
entities will not be interested in telling each other or
us what holes in security they have created.

We can expect, in fact, that they will do whatever they can
to prevent the emergence of any methodology that would make
securing personal data easy for those unwilling to make
much effort or those uninterested in the technology.  Which
brings us back to the beginning.

The way forward is not at all clear.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160306/27105dfc/attachment.sig>

More information about the cryptography mailing list