

Keys Under Doormats [pdf] - tptacek
http://www.crypto.com/papers/Keys_Under_Doormats_FINAL.pdf

======
rm_-rf_slash
I may be skeptical of the NSA, but at least they're capable of cracking things
most others wouldn't have the capability to achieve.

But asking for special encryption keys to be made just for you is like a
magician saying "Everybody close your eyes while I look for this rabbit."

~~~
logicallee
This is an _incredibly_ subtle and very important point!! (Many people
disagree with me.)

Firstly, let's get one thing straight: if the state acknowledges constant
surveillance, then nothing separates this from the Stasi. It's all the worst
parts of 1984.

So we can say, 100%, _definitively_ that acknowledged state surveillance has a
chilling effect and creates a police state.

This is what I think everybody can easily agree with.

Now, the difficulty (and my disagreement with others) comes when you look at
the magician's work. i.e., unacknowledged special and extraordinary skills
that don't change the "protocol" of free, open, and unmonitored communication.

These special and unacknowledged powers can deter and prevent actual, real,
crime, so that law-abiding people can focus on living their lives, not arming
up against cyber-criminals.

We'll have to save that philosophical discussion (I'm undecided). But what
you've said _certainly_ , I am quite sure, captures a lot of this important
nuance.

(Another thing to think about is the relationship among state actors, i.e.
cooperation versus competition and sabotaging each other's work. That is
another difficult issue. If the Chinese government is keeping the Chinese from
kidnapping each other for ransom the minute someone builds an important
innovative business - which does happen! - and the FBI is doing the same
within America, then what is the relationship to be between these countries'
services? America can't be, and doesn't want to be, a worldwide monopoly on
any government service protecting freedom around the world. For one thing, its
population is outnumbered 20:1, and the rest of the world doesn't pay it
taxes.)

~~~
scotty79
> if the state acknowledges constant surveillance, then nothing separates this
> from the Stasi. It's all the worst parts of 1984.

Why do you equate the act of surveillance with enforcing totalitarian rule
with the use of surveillance?

~~~
logicallee
There are a lot of ways to answer this question (for example: by appealing to
human nature of those in power; appealing to 1984's description; appealing to
history, such as all the governments where anybody had to watch what they say
over the telephone.)

But the simplest is this: suppose someone gets to watch whenever my girlfriend
and I have sex, and make comments about us (interrupting, us, etc.) and
suppose that someone is the government and we have no choice about whether to
have a live commentary. Is it possible that this does not equate to
totalitarian rule?

No, it is not possible, because nobody would choose to have that happen,
people have an expectation of privacy and so it is totalitarian for the
government to have a say into this private communication and relationship.

This is a generalization of private communication and privacy: people simply
have a right to a "protocol" of privacy. That means the government is
_automatically_ by definition totalitarian if it removes the possibility of
this protocol, by acknowledging that it is overseeing it. (This is an extreme
example, but imagine you can no longer tell your friend a joke, because you
have to include the government in on the joke. If they don't get it they will
just come up to you later ask, "Hi, I'm the one who was surveilling you. Could
you explain the joke about the blonde and the physicist, I didn't get it.")

You may think that my two examples are extreme: but they're _not_ \- on a
human protocol level, this is _exactly_ what happens when surveillance of
private communication and relationships occurs and is acknowledged. It's not
_possible_ for it not to be authoritarian.

That's why I am very happy that these things are denied by the government. It
would be a much scarier, and far worse world, if they weren't. People simply
have a right to privacy, that you and I and everyone enjoys, it's best if it
is never broken by anyone. They relinquish that right only when they do
something like create a ransomware virus or some brazen criminal act that
hurts everyone. You can't say it doesn't happen, because it does every day.

If the government has no extraordinary powers in these cases, that means it's
up to everyone to personally armor up. That's a ridiculous waste of resources,
and one of the primary reasons we have a government to begin with! (Public
safety.)

~~~
scotty79
> Is it possible that this does not equate to totalitarian rule?

Sure. Totalitarian rule is when government persecutes political opponents to
ensure that power does not change hands. It has little to do with
surveillance. Surveillance is just one of the means to achieve this goal. All
it, does it helps to lower the cost of enforcement. No totalitarian rule so
far collapsed because enforcement was too costly.

Besides what providing you with the commentary has to do with the surveillance
itself?

------
Ianvdl
For those who would like a summary of the paper:
[http://www.theregister.co.uk/2015/07/08/security_giants_publ...](http://www.theregister.co.uk/2015/07/08/security_giants_publish_paper_destroying_government_encryption_plans/)

I'm grateful for the fact that these pioneers took the time and effort to
gather write this paper. If anyone had the ability to send a strong message,
it's them.

------
gruez
duplicate of
[https://news.ycombinator.com/item?id=9845328](https://news.ycombinator.com/item?id=9845328)
?

~~~
madez
This version of the document is different — arguably better —, it has links.

~~~
gohrt
FYI [http://www.thepunctuationguide.com/em-
dash.html](http://www.thepunctuationguide.com/em-dash.html)

