[Cryptography] Trump wants to collaborate with the Russians to secure U.S. elections

Mon Jul 10 12:59:49 EDT 2017

>Do you really not see any other possible damage that this collaboration
could do other than having compromised software actually used in elections?

I'm open to other possibilities. Assuming that no actual access to other
parts of the state's tech is exposed to russian coders, no, I think this
is really not that much of a threat. I could be wrong.

>Do you really believe that there are no more effective ways of
transforming our diplomatic relations than collaborating on a matter of
national security in which the Russians have already attacked us once?

It is not really clear that the Russians have attacked the US in regards
to voting machines; the accusations of voter fraud on the part of the
Russians is not confirmed as of yet. It may be confirmed in the future,
though .

Also, there are likely plenty of more effective ways of transforming our
diplomatic relations. I don't want to go on a tangent, because we've
been reminded about trying to stick to the tech, but there are plenty of
hypothetical scenarios that would do a better job.

>I would have thought this would be obvious to the people on this list,
but maybe it needs stating: the premise behind cryptography is that you
have an adversary who is bound by technical limitations but not by any
other rules. They will lie, cheat, and steal in order to compromise you.
That includes, but is not limited to, pretending not to be your
adversary, which is the basis of the most elementary attacks: phishing
and social engineering.

Yes, and I don't see how a pet project between Russian and US-employed
programmers, even if one side or the other has nefarious intent, is
really that dangerous. The danger comes in actually *using* the software
in an election, which I don't think Trump has the ability to force, and
I don't think Russia is dumb enough to  try.

>Yes, it is true that sometimes one can turn the tables on an adversary
by accepting their false proffer of friendship (e.g. 419eater.com) but
this is fraught with peril and requires a fair amount of skill. I’m
trying very hard to keep my political views out of this discussion, but
I’m sorry, I don’t see how a reasonable person can possibly believe that
Donald Trump possesses the necessary skills.

I do not think that Trump is a genius when it comes to foreign policy; I
believe he's relatively ignorant. The only case I'm really making is,
from a security standpoint, any positive relationship with a country
that possesses H-bombs is, necessarily, preferable to a lack of a
positive relationship. Relative to the possibility of thermonuclear war,
which I consider the penultimate security vulnerability, the possibility
that America actually uses software written by Russians for our
elections is an acceptable risk when compared to the benefits of getting
any sort of diplomatic relationship between the US and Russia. At any
rate, the chances that the US does use the software is very remote, or
so I think.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170710/52f9d658/attachment.sig>