[Cryptography] Decrypting the Encryption Debate

Tom Mitchell mitch at niftyegg.com
Wed Dec 12 03:13:24 EST 2018 

On Sun, Dec 9, 2018 at 3:46 PM Henry Baker <hbaker1 at pipeline.com> wrote:

> At 10:55 AM 11/28/2018, Aram Perez via cryptography wrote:
> >Hi Folks,
> >
> >If you register you can download this report for free:
> >
> >
> https://www.nap.edu/catalog/25010/decrypting-the-encryption-debate-a-framework-for-decision-makers
>
> This report is a pretty decent review of the current situation.

Yes.

It seems to lack enough science to be well anchored.

As a framework for decision makers ... it is lacking clarity of the
possible and impossible
at a technical level.

Some of the difficult technical parts are dismissed as being easy and
possible.
They are not.

The dependency tree is lacking.   i.e. A secure phone is necessary for
commerce and banking via
a portable device (common).   A universal side door master code breach
defeating the security of the entire
product line of a phone  could drain the accounts of all phone carrying
citizens.  An generic all writs attack on
Apple security is now also a defacto attack on the phone Trump owns.  If
that attack is successful and escapes then that
phone could be hacked and listened to.

The use of the language "lawful hacking" page 52 seems to ignore the
reality that most federal hacking today
is supported a little or a lot technically by the purchase of "illegal
hacking" tools on the dark web.  These tools are
sometimes purchased on international markets.  These purchases and their
use may be illegal in such a context
when not used in national defense i.e. developing bug fixes.  There is
likely an Oliver North style connection involving
asset forfeiture or hacked and stolen cash and international trade in these
criminal tools especially if the seller has a
soviet or chinese government connection.  If so, I am sure it is
cryptographically well protected ;-).

International... law and the reach of US law is ignored.   A foreign made
phone (Samsung or Chinese) would
be required to embed US secret keys and software.   Delivering those keys
places  "US secret keys"
in the hands of foreign nationals.  There is no technical goal outlined
that enables any nation to have an
equal decryption privilege equal to that of the US demands for
transparency.

It shares the observation that surveillance has gone dark.  That  implies
that there was a LOT
of listening going on at the point secure commerce (bank, iTunes, iPay,
i.e. money) became common and the
cell phone infrastructure was locked down using encryption standards
established by the feds for commerce.
Apple has sold more than one billion iPhones worldwide from 2007 to 2017
which is a rich gold mine
even if 10% tie their banking and credit to their phone.   The billion
phones if only a couple dollars was
stolen from each is many billions and perhaps trillions globally.

There is a nice discussion on complexity and bug fixes. Adding side doors
if even possible risks complexity
and thus errors.   Key management is discussed but not in a way that is a
solution for law enforcement
that want to read the ephemeral messages too.

I do still have a flip phone.










-- 
   T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181212/e36f8fdd/attachment.html>

More information about the cryptography mailing list