
An Open Letter to President Obama: This Is About Math, Not Politics - anishathalye
https://medium.com/@RaineyReitman/an-open-letter-to-president-obama-this-is-about-math-not-politics-3b73aa04aa5d
======
jack9
> We’ve also seen the ramifications of bad policies that tried to weaken
> security. In the 1990s, there was a concerted effort by certain outspoken
> law ...

Dillution of the message by polluting it with political nostalgia is annoying.
Make your argument that it's pointless from a mathematical standpoint and help
spelling it out, not from some guilt-trip by wrongs of the past.

------
aftbit
I'm growing less sympathetic of the "it's impossible" argument against digital
backdoors. We've known how to do it for a long time: just add a second signing
key to every iPhone, and give it to the government.

Sure, this increases the risk that the key will be stolen by the bad guys. But
that's also a problem with good solutions. On the hyper-paranoid end, there's
something like the DNSSEC Root Signing Ceremony[1]. On a more practical note,
there's whatever Apple does with their current signing keys. After all, those
don't seem to have been stolen and used at large so far.

Of course, this is still a terrible idea, mostly because governments are not
often working in individuals' best interests. But it's far from "impossible"
to meet the requirements being handed down by US.gov with only a reasonable
level of risk.

[1]: [https://www.cloudflare.com/dnssec/root-signing-
ceremony/](https://www.cloudflare.com/dnssec/root-signing-ceremony/)

~~~
maxsilver
> We've known how to do it for a long time: just add a second signing key to
> every iPhone, and give it to the government. It's far from "impossible" to
> meet the requirements being handed down by US.gov with a reasonable level of
> risk.

But that's the whole argument. Everyone knowledgable about encryption knows
it's not impossible to hand the government a key, they're claiming it's
impossible to do so _with a reasonable level of risk_.

There's no such thing as a "reasonable level of risk" here. If the government
has access, every human on the planet has access, so you might as well just
give up on encryption entirely because it's doing nothing of value.

For example, here's what happened when we "just give the government a second
signing key" to luggage locks
[http://www.computerworld.com/article/2983558/security/that-t...](http://www.computerworld.com/article/2983558/security/that-
tsa-approved-lock-on-your-suitcase-just-got-hacked.html)

~~~
esrauch
> If the government has access, every human on the planet has access, so you
> might as well just give up on encryption entirely because it's doing nothing
> of value.

It's a pretty extreme position to say that you trust Apple to be able to keep
secrets better than the FBI/NSA/CIA

> because it's already happened to luggage

I don't think this is actually relevant. This "vulnerability" being introduced
by the TSA is completely irrelevant: wants to get into your luggage they can
cut it open if they have to. Luggage locks have always protected against the
threat model of "some rando rifling through my stuff" not "dedicated attacker
who spends time ahead of time making devices to get into the luggage". The TSA
doesn't and shouldn't care about people having copies of TSA luggage keys, it
pragmatically doesn't change anything.

~~~
dragonwriter
It's not Apple keeping secrets vs. The FBI/NSA/CIA keeping secrets. It's
secrets being kept that Apple willfully lacks the means to access vs. secrets
being kept that Apple has been compelled to develop the means to access at the
behest of the FBI/NSA/CIA.

------
13thLetter
Are you're going to vote for Hillary in the general anyway? If so, they're not
going to pay any attention to what you want.

