[Cryptography] What if Responsible Encryption Back-Doors Were Possible?

[hbaker1]

-----Original Message-----
From: Jonathan Katz 
Sent: Dec 1, 2018 7:16 PM
To: Henry Baker 
Cc: John Levine , "cryptography at metzdowd.com List" 
Subject: Re: [Cryptography] What if Responsible Encryption Back-Doors Were Possible?

On Fri, Nov 30, 2018 at 1:40 AM hbaker1  wrote:
-----Original Message-----
>From: John Levine 
>Sent: Nov 29, 2018 1:40 PM
>To: cryptography at metzdowd.com
>Subject: [Cryptography] What if Responsible Encryption Back-Doors Were Possible?
>
>On the Lawfare blog, an interesting piece by Josh Benaloah here.
>
>https://www.lawfareblog.com/what-if-responsible-encryption-back-doors-were-possible
>
>If you are tempted to respond, please read the whole thing first.  In
>particular, do not waste everyone's time by replying "but they're not!"
>We know that.
>
>R's,
>John

--Baker--

I attended this "conference" and all of its sessions.

The whole thing was a setup, IMHO.  I think that they were trying to gather possible arguments against backdoors so that they could be prepared for future discussions with politicians.  They also wanted to tell these politicians that there were *some* in the crypto community that thought we all really should leave our keys under the front door mat.

A group of US ex-intel hangers-on, plus some brits, some aussies, and perhaps a kiwi; more or less the 5i's.  They may also have invited some press.  Some of these folks flew on to Australia to wreak more havoc, as best I can gather.

One result of this wannabe conference can apparently be found in the recent activity in Australia to mandate back doors.  These folks apparently wanted to find one of the 5i govts to pass the first test law requiring these back doors, and Australia must have volunteered.

Magical thinking by all.

BTW, with perhaps a handful of exceptions, no actual crypto people attended this conference, which was merely held at the same *location*, so that some of the prestige of a Crypto Conference would rub off on this sham.

The only reason I knew about this conference was that I ran into one of the participants while parking my car for Crypto, and talked with him while walking over to the main venue.

Apparently, I was the only one there who questioned this whole thing, and I asked about the "C" word (Constitution).  I simply said that some of us had pledged to uphold the Constitution, and the reason why *individuals* make such pledges is that they are expected to understand the Constitution well enough to make their own assessment about possible unconstitutional activities and refuse to engage in those activities.  Recall that "simply following legal orders" didn't absolve anyone at Nurenburg, so trusting these 5i's to interpret Constitutionality isn't going to be much of a defense, either.

BTW, the "Lawfare" blog is about as close as one can get to "the unclassified (apologist) voice of the Deep State" & I suspect that Ben Wittes would consider this tag line to be high praise!

--Katz--

It seems to me that part of the problem with this debate on the side of those who argue for "no backdoors" is that they refuse to actually engage with the arguments of the other side. The above seems to be a good example of this.

FWIW, I don't know who you count as an "actual crypto person" but I spoke to two people who publish regularly at the Crypto conference who attended. And I would count Josh Benaloh as an "actual crypto person" as well, whether I agree with his opinions or not. And since the workshop was co-located with the Crypto conference, it was open to anyone who wanted to attend.

If you read Benaloh's post, you will see that he comes out firmly against law-enforcement access.

--Baker--

What I did say at this conference was that the actual crypto folks in the other rooms were way too busy simply making crypto work *at all*, much less handle this additional impossible-to-build-or-even-specify feature.  Real crypto folk were hard at work handling Spectre, among other problems, which will be haunting all of us for at least the next decade.

What I didn't say, but probably should have, was that only ~20 nanometers and a very tenuous layer of encryption protected the cellphones in *their own pockets* from being compromised, which could allow a hacker to cause the cellphone battery to overheat and explode right next to their genitals.  It would have been interesting to see how long it took these encryption-diluters to remove their cellphones from their pants pockets!

That's my main source of concern: multiple orders of magnitude of misplaced priorities.  Wouldn't it be nice to get more than one step ahead of crappy software and crappy hardware before wasting even one nanosecond "nerding harder" on undecidable tasks?

The U.S. government cannot protect itself -- e.g., OPM, its own hacking tools, etc. -- much less its own citizens.  We U.S. citizens are *totally on our own* when we venture onto the Internet with our mobile phones, our desktop computers, our home thermostats, our home spying^H^H^H^H^H^Hsecurity systems, OK Natasha^H^H^H^H^H^H^HAlexa, our heart defibrillators, etc.  To add insult to injury, not only are U.S. citizens left totally defenseless, our government wants to make it even easier for "bad actors" to bypass what little encryption security that we currently have.

I'm surprised that no one has yet raised the possibility of a *Second Amendment* argument for preserving strong encryption security.  After all, "arms" have traditionally included *defense* -- i.e., armor -- as well as *offense*.  If the government traditionally tried to regulate encryption as an "armament", then ordinary citizens should be able to utilize the same argument under the Second Amendment to have unbreakable encryption.  After all, it is highly unlikely that a bad actor from Russia, China, Iran, N Korea, etc., will be breaking into our homes in the middle of the night, but it is *certain* that all of these bad actors are already breaking into our network accessible devices *thousands of times per second*.  We may not need that AR-15 for most normal circumstances, but we sure as heck need the best encryption that the best cryptographers can provide us on a continual basis.