
Attorney General William P. Barr Delivers Address Conference on Cyber Security - bellinom
https://www.justice.gov/opa/speech/attorney-general-william-p-barr-delivers-keynote-address-international-conference-cyber
======
daveslash
Modern encryption is really just math. Cryptography in consumer and off-the-
shelf products (which Barr is targeting with his discussion) theoretically
_could_ be modified in such a way that the government could decrypt it. The
two ways of which I can think are (1) Encryption "backdoors" \-- fancy math
known only to the government; this would require new encryption ciphers or (b)
key escrow. Both approaches have their shortcomings and I'm against both, but
it's plausible that the government might try it anyway. All that said, because
encryption is just math, any individual or group could employ their own
encryption by implementing one of any known existing ciphers -- one without a
known "fancy math back door" and refuse to follow the "key escrow" guidelines.
In these discussions about the government being able to decrypt stuff, are we,
in effect, suggesting that certain math be made illegal? If that's really
what's being proposed, I'd urge people to consider "Illegal Numbers" and how
effective that's been.
[https://en.wikipedia.org/wiki/Illegal_number](https://en.wikipedia.org/wiki/Illegal_number)

~~~
MrLeap
Breaking encryption for the government is so furiously stupid it blows my mind
every time it is suggested. Especially here, where people actually give the
idea merit. It makes me miss oldschool /. where 100% of everyone was on the
same page. Your point illustrates a huge reason as to why.

Backdooring stupid.crypt and forcing law abiding people to use it just insures
that big badguys will use any other kind of encryption. All you've really
accomplished is adding an extra charge of illegal encryption use at the
expense of security for every human.

This potentially creates all sorts of pathologies. Is it illegal now for me
not to update an old computer? If your backdoors are implemented in hardware,
is it illegal to use old computers?

When people are against gun control, a common thread is "make guns illegal and
only criminals will have guns." This argument has merit, but if we DID amend
out #2 and make guns illegal, over time firearm proliferation would decrease.

Not so with encryption. Other, more free countries will constantly be
developing better security methodologies, and reproducing those methods is
effectively free. "Fuck up encryption, then only bad guys will have
encryption" is a much stronger argument, because it's emphatically true.

The ignorant hubris of this is massively disheartening.

~~~
thetrumanshow
> This argument has merit, but if we DID amend out #2 and make guns illegal,
> over time firearm proliferation would decrease.

Hmm, then wouldn't some people just make their own firearms, just as you are
describing with encryption, right?

~~~
QuotedForTruth
Some people would, yes. Especially rudimentary single shot weapons. However,
its much harder to make a reliable gun than it is to make reliable tough
encryption. There are designs available for both and there always will be,
illegal or not. But making a gun is manufacturing whereas using encryption
would just require installing some software. Trivial.

~~~
salawat
I want to point out, that manufacturing a gun is not "non-trivial".

Given blueprints, (publicly available) or a template and accurate enough
measures, a lathe, and a mill, anyone can make a firearm or parts for one in
their garage.

Is there reading involved? Yes. But any argument you make w.r.t. The futility
of illegalizing encryption is immediately portable to firearms manufacture.

~~~
pokeymcsnatch
I mean... manufacturing a working modern firearm in their garage is probably
much more achievable to the general population than rolling out any kind of
encryption software. Anyone with some basic hands-on competency can make a
gun.

~~~
jki275
All you really need is a drill press and some basic tools. People made Sten
guns in WWII and that's still a perfectly valid firearm design (fully
automatic even) that requires almost no work to make.

------
phkahler
He claims encryption is "warrant proof" which is not true. You can have a
court order someone to open the lock. They want the ability to dig through
people's stuff without them knowing. That's what it's really about.

~~~
ngngngng
Sure, but I can just refuse to decrypt my data. They can just break physical
locks.

~~~
slg
This is what a lot of people in our community seemingly refuse to recognize.
For all intents and purposes, encryption is a unbreakable lock that can serve
to perfectly hide valuable criminal evidence. Such a thing wasn't possible
when our laws were written and has never before been possible in the physical
world. Its existence has potential to be a huge shift in how we enforce the
law. Regardless of our views on encryption, we need to have a conversation
about that shift. Refusing to have that discussion is likely a quicker path to
things like government enforced backdoors than if we engaged with government
and law enforcement on possible alternatives.

~~~
gregmac
Cryptography has existed for over 3000 years [1], steganography [2] has been
documented in use over 2000 years ago and it's possible it has been used much
longer (the entire point is we wouldn't know).

If encryption is being used to hide "valuable criminal evidence", how is that
different from someone hiding evidence by burying it somewhere or simply
destroying it?

We don't detain random people and force them to give up locations of bodies
they may or may not have buried, and we don't randomly search people's houses
and posesssions -- and we shouldn't be doing the same for encrypted data (and
this includes requiring backdoors). If there is other evidence to believe a
particular person committed a crime, then get a warrant that compels them to
give up the location of the body or the encryption key. If they refuse, then
depending on the other evidence used for the warrant it might make sense to
hold them in contempt.

In my mind, decrypting data to prove your innocence (in the face of other
evidence) is vastly different than decrypting your data because law
enforcement is on a fishing expedition (no other evidence).

[1]
[https://en.wikipedia.org/wiki/History_of_cryptography#Antiqu...](https://en.wikipedia.org/wiki/History_of_cryptography#Antiquity)

[2]
[https://en.wikipedia.org/wiki/Steganography](https://en.wikipedia.org/wiki/Steganography)

~~~
slg
Lots of people are bringing up these type of issues, so let me just address
them generally. Defaults are important. Yes, it was always possible to build
some elaborate booby trapped safe, bury the evidence in the middle of the
Mojave Desert, or cook up some home made encryption algorithm to hide
evidence. However that wasn't the default. It took elaborate planning and
dedication that most people simply didn't have. For example if the average
person jotted down an offhanded note, they probably did it in plain English on
a regular piece of paper and left it on their desk at home. Now the same note
would by default be encrypted on their phone and protected against warrants.

~~~
adamc
In the same way that private verbal communications are protected by the fifth
amendment -- we cannot force people to testify against themselves about
possibly incriminating things.

This is a slippery slope.

------
rplst8
Did he basically just announce a false flag?

"Obviously, the Department would like to engage with the private sector in
exploring solutions that will provide lawful access. While we remain open to a
cooperative approach, the time to achieve that may be limited. Key countries,
including important allies, have been moving toward legislative and regulatory
solutions. _I think it is prudent to anticipate that a major incident may well
occur at any time that will galvanize public opinion on these issues._ Whether
we end up with legislation or not, the best course for everyone involved is to
work soberly and in good faith together to craft appropriate solutions,
_rather than have outcomes dictated during a crisis._ "

~~~
smacktoward
I'm no fan of Bill Barr, but I don't read this that way, no. It reads to me
more like he's saying that from a planning perspective it's better to figure
the worst thing that could happen and have a plan already developed that could
handle that, rather than being caught by surprise and then having law and
policy made in a mad, panicked rush.

(In other words, let's not do with cybersecurity policy what we did with
counter-terrorism policy in the weeks after 9/11.)

~~~
shawnz
> have a plan already developed that could handle that

But... we do have a plan, which is to just not do it in spite of any crisis or
whatever. He is misleadingly framing it here like we don't _have the ability_
to backdoor encryption which has never been the problem.

He clearly states that what we need to be weary about is _public opinion
changing_ , which is basically like saying that we should just get ready to
compromise our standards in preparation for the day where reactionary desire
is able to overcome our "sober" thinking of the present, or else fear the
government coming in and doing it sloppily and by force.

Clearly that's irrational. We should resist it now and we should resist it
then too, for just the same reasons we resist it now. There's no technology
issue here, just an ethical/political one.

~~~
dmix
San Bernardino also already happened. And it wasn't a big deal. They
eventually got the phone broken, and there was nothing of value on it. But
that's besides the point, it's an example of the type of thing they are
talking about.

From my perspective life would not have been any meaningfully different either
way if that phone stayed locked. I also can't image some future scenario where
it makes such a big deal. What type of information is going to be on some
laptop or smartphone that is so important it's worth compromising our general
civil rights? There is almost always a hundred human errors around the crime
already that they can piece it all together without godmode on every
electronic device. A smartphone is rarely an all encompassing security
mechanism for any big evil plot.

There is no 'backdoor' technology solution here that makes sense and they need
to get used to it.

------
gumby
The most concerning part to me is that this speech now prioritizes the
interests of individuals (he calls "consumers") below that of large
corporations and governments.

A country is made of people. In some ways we of course act as "consumers" but
that is not the beginning and end of what it means to be human. The
government's needs are not endogenous; the government's justification for
doing certain things is ultimately because people will be better off for it
(otherwise it's simply "might makes right)". In addition, corporations, at the
end of the day, get certain protections (and additional requirements as well)
as they are they are machines to help people achieve various ends (e.g.
providing goods, providing jobs, providing an opportunity to create wealth);
they are not primary actors in themselves.

BTW my observation is not a comment on the specific politics of the past few
years; past AsG and FBI heads have given similar talks and inherently will
desire to achieve their job's objectives with the minimum of barriers. This
scary formulation just shows how the terms of discussion have shifted.

------
jamesmadison66
The discussion on this from the pro-encryption team has to move towards
explaining it in terms of national security, as national security is the
reasoning the anti-encryption group uses.

National security is a major trump card across parties and administration, and
will have to be responded to versus ignored, as that's where the argument is
coming from.

It's easy enough to explain that Russia has mathematicians, ISIS has
mathematicians the same way they had chemical engineers for the oil fields,
China/PLA has mathematicians, etc.

The same fear mongering that is allowing an anti-encryption argument to
advance can be used to fear monger right back towards encryption and be based
in truth: Russia and terrorists can access my chats.

For the pro-encryption crowd, we know this is actually feasible technically
and the end result of backdoors. We just have to explain it on common ground,
where the argument lives.

------
kbd
Matt Blaze spent yesterday discussing this on Twitter:

[https://twitter.com/mattblaze/status/1153708198718840832](https://twitter.com/mattblaze/status/1153708198718840832)

His Twitter feed is well worth a follow if you care about these issues.

~~~
justin66
_You know how every cryptographer and security person feels when this comes
up? Like the poor schmuck at NASA who signed up to explore space but instead
has to spend their day explaining why the moon landing wasn 't a hoax. Again
and again._

------
deogeo
Even without encryption back-doors, people are under unprecedented levels of
surveillance, and it's only getting more pervasive.

So I find it very hard to believe the job of law-enforcement is getting
harder, not easier, just because we have some tiny scrap of privacy left.

------
ryacko
It is quite certain that law enforcement has more capabilities than they are
willing to reveal in courts. Even if encryption backdoors were available, it
is dubious they would routinely submit it in evidence.

Encryption is not an impediment to an investigation into an ongoing activity,
files need to be decrypted, there are side channels everywhere, etc. Metadata
and physical surveillance is enough to convict or put a person in a position
where they could be convicted under some other law if there is no convincing
explanation for why they were where they were.

Usually the point of mass surveillance is to retroactively look up a person of
interest and blackmail them.

~~~
masscrypteria
Strong encryption absolutely impedes investigations. And, what indication is
there that the primary purpose of mass surveillance is blackmail?

------
makerofspoons
The cat's out of the bag. All this would lead to is law-abiding citizens
having their information at risk while criminals continue to use crypto
without backdoors.

~~~
kromem
I wish laypeople hearing this stuff realized how easy it would be for the "bad
guys" to use one time pads.

It would be trivial to have terror cells be distributed a USB with several GB
of a OTP, and that would be unbreakable even into the age of quantum computing
if used properly.

Thus isn't at all about terrorism or the "really bad guys." It's 100% about
accessing the average Joe Blow's communications.

~~~
masscrypteria
Bad guys already do use such schemes and more.

If the government can’t crack strong encryption as-is, the problem is that
strong encryption is deployed at scale.

------
pgodzin
> The Department has made clear what we are seeking. We believe that when
> technology providers deploy encryption in their products, services, and
> platforms they need to maintain an appropriate mechanism for lawful access.
> This means a way for government entities, when they have appropriate legal
> authority, to access data securely, promptly, and in an intelligible format,
> whether it is stored on a device or in transmission. We do not seek to
> prescribe any particular solution. Our private-sector technology providers
> have immensely talented engineers who have built the very products and
> services that we are talking about. They are in the best position to
> determine what methods of lawful access work best for their technology. But
> there have been enough dogmatic pronouncements that lawful access simply
> cannot be done. It can be, and it must be.

This seems to be the key part. He doesn't believe technologists who claim both
goals cannot be achieved at once, he claims they can

~~~
sb057
Is "technologists" a new term for someone who has a basic understanding of how
math and computers function?

------
throw0101a
Over and over:

* [https://en.wikipedia.org/wiki/Crypto_Wars](https://en.wikipedia.org/wiki/Crypto_Wars)

The open source folks have worked around this before:

* [https://wiki.debian.org/non-US](https://wiki.debian.org/non-US)

------
snowwrestler
A specific claim of the AG, and one that I've seen relatively smart people
assert before, is that software update systems could be adapted to insert
these backdoors into individual phones, securely and reliably, upon receipt of
a valid warrant.

Software update systems have been successfully exploited to deliver malware:

> On a normal day, these servers push out routine updates—bug fixes, security
> patches, new features—to a piece of accounting software called M.E.Doc,
> which is more or less Ukraine’s equivalent of TurboTax or Quicken. It’s used
> by nearly anyone who files taxes or does business in the country. But for a
> moment in 2017, those machines served as ground zero for the most
> devastating cyberattack since the invention of the internet—an attack that
> began, at least, as an assault on one nation by another.

[https://www.wired.com/story/notpetya-cyberattack-ukraine-
rus...](https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-
crashed-the-world/)

Presumably the software update systems for major operating systems, like for
Android or iOS, are typically more heavily secured than M.E.Doc.

But they are also targets of limited value. To insert malware into iOS, you
would need not only access to their software update system, you would need
access to (and understanding of) their source code and build system, and
access to their code signing key.

And even then, it's not clear that these software update systems are even
capable of targeting patches down to the level of the phone of an individual
person. There's no reason for it now. The central system really just needs to
make the update available in its various OS flavors, and each client can
request what it needs.

If we force these OS companies to create a targeted backdoor system, all the
hard work will be done for the bad guys. They need only achieve access to the
special "law enforcement access" system, they will have everything they need
all ready to go.

Under these conditions, could Google or Apple keep out the bad guys with 100%
success? I have great respect for these teams, but those are very long odds.

It's far safer, for them and for us, to just not build that functionality.
This was the point that Apple so forcefully made when Jim Comey came after
them to decrypt the San Bernadino iPhone.

EDIT to add: these companies operate in more than just the U.S. If they build
a targeted backdoor system, you don't think other countries will demand access
to that system as well? Look: Apple already compromised on iCloud hosting to
maintain access to the Chinese market.

~~~
AnthonyMouse
> And even then, it's not clear that these software update systems are even
> capable of targeting patches down to the level of the phone of an individual
> person. There's no reason for it now.

There is reason _against_ it now, because it makes it impossible to do things
like reproducible builds or other security checks like comparing the software
being offered to other devices to verify that none of them is being offered
compromised updates before installing any of them.

It would also require prohibiting the transparency necessary to implement any
of those checks independently, or anyone could do so and then use that to
detect the attack regardless of whether or not the attackers are domestic
state sponsored.

------
xenadu02
If the US Government succeeds in requiring a backdoor then so will every other
government.

Does anyone really think China won’t immediately demand backdoors?

~~~
mattnewton
I thought they already did, but in the layers they control, like Chinese apps
and telecoms.

~~~
smacktoward
So, not that different from AT&T's infamous Room 641A
([https://en.wikipedia.org/wiki/Room_641A](https://en.wikipedia.org/wiki/Room_641A)).

~~~
mattnewton
Right, just with more people onboard and also owning the apps in user space.

------
carapace
He talks about the Fourth Amendment, but not the Second.

If encryption is a weapon then I would think the Second Amendment applies, eh?

------
athenot
Ultimately, enforcing agencies want privacy for themselves and transparency
for everyone else. At the scale and speed of digital services, this asymmetry
can go down very fast towards an authoritarian path.

There can only be 2 solutions:

\- enshrine a right to privacy. Individuals should have a way to communicate
in a way that is completely secure and free of evesdropping because they are
believed to be innocent until proven guilty. Likewise, enforcement agencies
should be granted the same to do their work.

\- adopt symmetric transparency. Individuals will then be allowed to follow
the intimate communications of any leaders or enforcement agencies, _with the
same level of ease_. So if you want me to have to file a FOI to get info about
an official, an equally difficult/time-consuming process should exist the
other way around. OR if you want an officer to be able to monitor any
individual in real time, then I should be able to monitor any officer in real
time.

That second case should be automatic anytime the "nothing to hide" argument is
invoked.

------
sdrinf
The cost-benefit analysis is interesting:

> If one already has an effective level of security — say, by way of
> illustration, one that protects against 99 percent of foreseeable threats —
> is it reasonable to incur massive further costs to move slightly closer to
> optimality and attain a 99.5 percent level of protection even where the risk
> addressed is extremely remote?

> if the choice is between a world where we can achieve a 99 percent assurance
> against cyber threats to consumers, while still providing law enforcement 80
> percent of the access it might seek; or a world, where we have boosted our
> cybersecurity to 99.5 percent but at a cost reducing law enforcements access
> to zero percent — the choice for society is clear.

One issue with all proposals around this, is risk = probability X impact.
While the above speaks to the risk, the impact of malicious actors having
their hands on masterkeys would be insta-access to any & all gov-mandated
communication channels, to the exact same access level as warrants would
afford.

While the attorney is right, that so far most corp master certificates have
not been compromised, none of those had this pricetag attached to it. And the
impact of this would be retroactively applicable -ie for any present-day
communication, we'll be taking on faith that no future masterkeys will be
leaked, ever.

I would not take that bet; and so far, neither did insurance companies.

------
40acres
In general, I agree with the government stance that "warrant proof"
communication is not in the best interests of US citizens. I believe that
there is some precedent and established law that can be built upon to provide
a compromise that allows for encryption to remain a strong privacy tool for
society but one that does not hinder the state from lawful access.

I believe that the US should establish a court similar to the Foreign
Intelligence Surveillance Court created under the FISA Act. The government
must make a case to a judge establishing probable cause, and if approved a
warrant can be issued to a 3rd party communications provider to disable
encryption on suspected devices such that lawful interception (i.e wiretap)
can be executed.

Warrants are subject to renewal every 90 days and access to encrypted
communications prior to the date of warrant approval and not provided by the
platform specified in the warrant are prohibited (ie, obtaining a warrant to
disable and intercept WhatsApp does not mean you can disable and intercept
Signal as well).

I believe this balances the interests of individuals, governments and
communication providers evenly.

~~~
ericns
The FISA Court isn't a legitimate court of law. Why would you want another
one? There is no adversary there, it's one branch arguing to violate the
Constitution while that same branch pretends to defend the target. It the Star
Chamber of Technology.
[https://en.wikipedia.org/wiki/Star_Chamber](https://en.wikipedia.org/wiki/Star_Chamber)

How often are the people making the arguments from the same political party?
This problem extends to pretty much every court, as we currently have 3
branches being gamed by 2 political parties.

This will be one of the fracture lines that break the country.

------
duxup
If a given nation requires back-doors or compromising encryption in any
way....

It seems inevitable that it would help that given nation's "enemies" more than
that given nation. Their "enemies" will get a hold of them, and they can make
use of them however they want free of restrictions unlike the given nation.

I don't see anyway around that problem.

------
masscrypteria
There’s no discussion of how to build exceptional access encryption that
solves the weakening issue, just that it “can’t be done”.

The spirit of this initiative in 2019 is likely more about stopping strong
encryption at scale, which is certain to be a frustrating black hole for LEO
and the IC.

Perhaps HN would do well to ask how to solve the problem from a technical
perspective, given the requirements. This includes both how to build a better
mousetrap (one that doesn’t have a “backdoor” or significantly weakens the
encryption mechanism), and how to solve concerns about abuse of exceptional
access.

~~~
kyboren
> This includes both how to build a better mousetrap (one that doesn’t have a
> “backdoor” or significantly weakens the encryption mechanism), and how to
> solve concerns about abuse of exceptional access.

There is a simple way to solve concerns about abuse of "exceptional access":
Not to include any "exceptional access" mechanisms. Securely implementing a
cryptosystem is a daunting task almost never achieved. Intentionally creating
a human-controlled mechanism to access plaintext makes the problem much, much
worse.

> There’s no discussion of how to build exceptional access encryption that
> solves the weakening issue, just that it “can’t be done”.

Please consider that _there is fundamentally no way to solve concerns about
exceptional access_. "Exceptional access" means that there is necessarily a
human attack vector: Those humans who control whatever mechanism exists to
provide LEO access to plaintext. This necessarily weakens any cryptosystem. If
those people are compromised, "exceptional access" will simply be "routine
access". Further, because decryption of data emits no obvious signs of
physical tampering, even citizens who _trust_ that "exceptional access" is not
being abused cannot _verify_ that.

I actually appreciate the name of your 5 hour old account. You're correct. We
are experiencing mass hysteria over cryptography. However, it is not security
professionals who are hysterical: it's people like you, who apparently never
met an argument against liberty that they didn't like.

~~~
masscrypteria
Let’s leave politics and assumptions about me out of it, please.

Same point: figure out a technological and procedural solution to the human
attack vector. If “security professionals” all agree on ideology or theory
that it’s not possible and thus refuse to help solve the problem, then
exceptional access solutions generally will be worse off for it. It’s
independent of whether they actually are deployed.

~~~
jki275
You've missed the point.

There is no solution. If you build in your "exceptional access" exception,
then the system is broken by design and no one will use it. That's the end of
the discussion, there's nothing more to discuss. You can rube goldberg
"solutions" all day long, but in the end you're just figuring out ways to
deploy a broken system.

~~~
masscrypteria
The government has a different idea of what constitutes “broken” in this case.
Of course adding a third party introduces additional risks. Two parties versus
three parties: All can access the clear info; neither scenario is without
risk. The goal is to find a solution that minimizes the risks of providing
exceptional access.

Again, simply arguing that “it can’t be done”, which is of course
theoretically true if the goal is to have zero additional risk by introducing
a third party, isn’t going to stop such systems from being deployed, it will
simply reduce the quality of such solutions due to talent refusing to work on
the problem.

An idea that comes to mind: third party can’t trivially decrypt the data
(maybe it requires substantial computation to decrypt) thus reducing
practicality of bulk decryption. Make the exceptional access truly
exceptional.

I agree that having a trivial way for governments to access encrypted comms at
scale is bad; I don’t agree that governments should be completely locked out,
without exception, of all comms deployed at scale by mega tech corporations.

~~~
jki275
You're describing a broken and unusable cryptosystem. What you believe
requires "substantial computation" to break today requires a consumer GPU
tomorrow.

There is no minimizing the risk. Your concept is broken. It does not -- and
cannot -- provide security of any use. And I don't care what the government
thinks about it.

~~~
masscrypteria
Pre quantum algos have this shortcoming built in

~~~
jki275
Word salad.

------
partingshots
I’d like to petition for the usage of all prime numbers to be restricted as
well. Far too dangerous and capable of harm in my opinion. We need to secure
ourselves against these threats!

------
newsreview1
There is absolutely no way for the DMCA to keep up with the growth that may
flow under it! How anyone expects the AG to prosecute every illegal infringer
or posessor of illegal numbers is beyond me. There is a good article at
[https://www.natlawreview.com/article/digital-millennium-
copy...](https://www.natlawreview.com/article/digital-millennium-copyright-
act-scope-reach-and-safe-harbors)

------
glitchc
Shared secret keys may work, with one key shard in the hands of the user
themselves. That way a court order may compel the user to give up the key
shard, but no govt. agency or other authority can unilaterally access the
device.

~~~
rossng
Then the shard _is_ the secret key. The court has no more power to compel you
to give it up than any other secret key. I'm not sure what you're proposing
here.

~~~
glitchc
Not true. The shard alone is insufficient to unlock the secret. But to your
point, the scheme could be designed in an n of m fashion. The simplest scheme
is comprised of three shards: 1) You 2) Org 3) Govt. (ideally DoJ)

Any two can be used in concert to unlock the secret. You and the Org combine
shards to access account. You or Org can be compelled by Govt. to reveal
shard, through a warrant. The third shard is held at the DoJ, and also
requires a warrant.

------
ilaksh
This is another clear demonstration that traditional government has become
obsolete in the technological era. This is one reason that decentralized
solutions such as distributed autonomous organizations are so interesting.

