
Code Specialists Oppose U.S. and British Access to Encrypted Communication - conover
http://www.nytimes.com/2015/07/08/technology/code-specialists-oppose-us-and-british-government-access-to-encrypted-communication.html
======
phkahler
This debate seems like a manifestation of a problem with governments: They
think they can legislate anything they want. Need access to some
communications - green light for massive data collection. Some of it is
encrypted - just mandate a back door. School shooting - new gun laws. Any
problem activity - we'll just make it illegal. Something not getting done -
we'll just mandate someone take care of it. They really don't know how to stay
at a higher level, it's all micromanagement. Some things are just not
possible, but they'll try to make it so with the stroke of a pen.

~~~
de_Selby
> School shooting - new gun laws.

I agree with the sentiment of your post, but as a non-American this one jumps
out at me. I don't think it fits the rest of your argument, adding more
control and checks for something as dangerous as gun ownership is a good
thing.. in particular, it would take a lot to convince me that private
ownership of assault rifles is anything but bad news.

I have read some arguments about private protection against excessive
government excesses, but I don't really buy it.

~~~
pjc50
I think this comes down to the difference between banning things that nobody
really wants (lead in paint) versus things that people really want (drugs,
alcohol). In America, guns are in the second category.

Politicians think encryption is in the first category.

Edit: given how this discussion is going, I think we're back to the idea that
encryption should be classified as a weapon in the US _and subject to second
amendment protection_ , as the 2nd is much more strongly defended than the 4th
or 5th or even the 1st. (This argument obviously doesn't make any sense in the
UK, where we should lean on article 1 and 6 ECHR). A country where you can
have an AR-15 but not AES-CBC makes no sense, but we have to work with the
politics as they are.

[http://www.pcworld.com/article/2044529/decryption-orders-
cou...](http://www.pcworld.com/article/2044529/decryption-orders-could-
violate-human-rights-dutch-judiciary-council-says.html)

~~~
JupiterMoon
> Politicians think encryption is in the first category.

This -- until people realise that their online banking is not secure without
encryption. That puts it firmly into the second category for many people.

(It's my experience that people are more worried about their money than their
dick pics.)

~~~
jessaustin
_(It 's my experience that people are more worried about their money than
their dick pics.)_

For one thing, most people have at least some money, while the desire to
photograph one's genitals (and especially, after having done so, to keep the
results private) is relatively rare.

~~~
dpeck
honestly, with the economy as it is today and the growth of social media based
image/sexting/hookup services I'd argue the opposite is true.

~~~
elektromekatron
They'll probably be the next generation of internet currency.

------
beedogs
The way I see it, law enforcement has had it far too easy for far too long.
The Snowden revalations finally turned over all the rocks and people saw that
they have been _grossly_ overstepping both ethical and legal boundaries, and
encryption is finally getting the mindshare it desperately needs.

So to their petulant cries of being unable to read our communications anymore,
I say: fuck 'em. Time to _earn_ your keep now, boys. You're not going to
destroy our Internet just so you can keep feeding the mass-surveillance beast.

~~~
tremon
I have a lot of trouble viewing anything involving the NSA as "law
enforcement". Like the CIA, aren't they specifically created to subvert the
law in other countries and not operate in their own jurisdiction?

~~~
WildUtah
There's no high tech terror for the NSA to fight. So-called intelligence about
what Angela Merkel is thinking is of no diplomatic or economic use.

The NSA has almost no purpose in practical government.

But the NSA does do a lot and has a mission. It's the same mission US law
enforcement always invents for itself. The NSA provides lots of leads to cops
to arrest innocent drug dealers. Aside from parallel construction, the NSA
does the same thing most FBI, DEA, and Border Patrol dollars go to: small time
non-violent drug offender persecution.

~~~
pluma
The NSA is also heavily engaged in industrial espionage.

What Angela Merkel has to say may be irrelevant, but having insights into
trade deals before they are signed certainly isn't.

~~~
mike_hearn
Only if you want to try and unfairly tip the balance towards yourselves by
outmanouvering your opponents, in which case the unfairness of the resulting
trade deals will be obvious to all who read them. Attempting to fuck with an
economy the size of Europe's by spying in trade negotiations only leads to
problems in the long run.

------
Titanous
Here's the actual paper:
[http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-
CSAI...](http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-
TR-2015-026.pdf)

------
a3n
> “Such access will open doors through which criminals and malicious nation-
> states can attack the very individuals law enforcement seeks to defend,”

And there's the nut. The concern of law enforcement is not protection of
citizens, it's ease of prosecution and resume building.

No one can claim credit for a general environment of ongoing secure
communication, but cops and prosecutors can definitely claim credit for
specific arrests and prosecutions, even if that general security environment
is all but destroyed.

In fact, the more breaches, the more crimes, the more cops and prosecutors are
needed. Job protection.

------
gnu8
The headline belies the utter ridiculousness of the idea. Why would the United
States and United Kingdom be singled out to have backdoor access to all
communications? To hang onto the tattered remnants of their empires while
keeping their own people in line despite their declining political legitimacy.

~~~
jebblue
The united States isn't an empire, that's what it was formed to get away from.
It's a collection of people, living in different communities called states
that strive to stay united to form a more perfect union. It isn't a perfect
experiment because people are not perfect but it's the best effort history has
seen so far.

~~~
Someone1234
Tell that to the countries the US keeps invading. At the very least Grenada,
Iraq (2003), and Panama. But the list is far longer and more complicated (and
stretches back fifty years or more).

Nobody would call the US an "empire" if all it did was keep in its own
territory and stay out of other country's internal affairs. Nobody calls
Canada an empire for example. But the US keeps deciding to outright attack
other countries or uses the CIA to subvert internal politics (and sometimes to
overthrow democratically elected governments e.g. Iran).

The US deserves to be accused of having imperial intent, even if just based on
their interest in other country's oil.

~~~
vinceguidry
> The US deserves to be accused of having empirical intent, even if just based
> on their interest in other country's oil.

The word you're looking for is "imperial." "Empirical" means something else
entirely.

------
graycat
They can "oppose" all they want.

That's why we have PGP, in open source.

And that's why in the US we have:

"Amendment IV

"The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized."

I know; I know: Various people working for the people are all wound up about
_wanting to know_ and _wanting to be sure_ , wanting to be sure they know just
what is in all those e-mail messages. Their thinking might go:

"Those messages, they are sending lots of messages, are they planning
something? Are those people up to something? Are we at threat? We want to
know. Why do they encrypt their e-mail messages if they have nothing to hide?

"If they have something to hide, then definitely for the good of everyone we
should know about it and they shouldn't use encryption. Else they might be
planning something. If they have nothing to hide, then they shouldn't mind our
knowing and shouldn't use encryption.

"Yes, definitely we should have full access to all e-mail and other
communications, computer hard disks, private conversations, private thoughts,
etc."

That's what some people working for the people think.

Sorry, guys, I'm one of the people you are working for, and you will just have
to do your job without violating the Constitution. It's an old story, as is
encryption, and e-mail, the Internet do not fundamentally change the
situation.

~~~
cortesoft
Your first part is why I always find these talks silly. Encryption (at least
the kind they are talking about) is just math - all the laws in the world
aren't going to change the math. You can't legislate away the knowledge of
that math; even if you force Apple or Google to insert your backdoor into
THEIR implementation of the crypto, that doesn't mean that a 'terrorist'
couldn't just use their own implementation of the readily available and widely
known algorithms. That cat is out of the bag; you can't legislate it back in.

~~~
graycat
Fully correct. I have

Bruce Schneier, _Applied Cryptography, Second Edition: Protocols, Algorithms,
and Source Code in C,_ ISBN 0-471-11709-9, John Wiley and Sons, New York,
1996.

That material's not going away.

And, in addition, I have some nicely short, not difficult to read, source
code. About all the math needed for PGP is in an elementary number theory book
-- I have several sufficient references.

> That cat is out of the bag; you can't legislate it back in.

Did you mean "The toothpaste is out of the tube"? -- supposedly the phrase
used in the Nixon Watergate scandal!

When Zimmerman made PGP public, he also gave what I thought was a good
description of the issues with the bottom line, whatever the pros and cons,
net in plenty of cases it's important for individuals to have access to strong
encryption.

Yes, no doubt there's no shortage of people in government who don't like PGP.
I'll send some people in government some toothpaste and an empty tube and let
them try their hand!

~~~
selimthegrim
Schneier has a newer and more useful update to that book with a co-author

------
conover
Despite the political element, there is a poor history of keeping these kind
of keys/methods secret. See the AACS encryption fiasco, the cable card hacking
wars over the last decade, Clipper chip mentioned in the article, etc.

~~~
venomsnake
I am also not sure that I want to entrust the keys to the internet to the same
government that kept its nukes with launch codes of "00000000"

~~~
mikeash
I don't see the connection. The all-zeroes launch code wasn't an instance of
idiocy, it was a deliberate choice by military commanders who felt that codes
would make things less safe, not more, because they saw the Soviets as a far
greater threat than a rogue launch by their own men, whom they trusted
completely. It's not like the code could be entered by random people on the
street, if only they had known the power they held. You still needed physical
access to the launch control rooms, which had a great deal of physical
security and were always staffed by at least two people at any given moment.

------
domfletcher
My favourite quote on this (from the UK perspective) from Ross Anderson (one
of the co-authors): “A point I would like to make to the prime minister and
his circle is: whoever put the prime minister up to this should get a complete
bollocking. The proposals are wrong in principle and unworkable in practice.”

There is no quicker way of alienating people who understand complex things
than by pretending that you know better and have thought of a brilliant
solution.

------
rm_-rf_slash
Being HN I'm sure many of us have dreams about future computers that are
seamless extensions of our bodies, doing more than we could ever imagine with
a phone or a watch.

Do we also have nightmares about a hacker stealing a government's back door
key and giving us a heart attack in our sleep?

~~~
gonzo41
Have you seen Ghost in the Shell? I'm don't more integrated computers are the
answer.

But on the encryption front, the more the better. If everyone adds complexity
then 'they' have to discriminate more. Which is good for everyone.

~~~
rm_-rf_slash
I have seen Ghost in the Shell, although I'm not clear at what you're getting
at.

~~~
logfromblammo
One thing that stands out in my mind is the ability for someone to make
himself invisible or unidentifiable to you by hacking your eyes. If someone
can take control of your sensory inputs, they can put you into the "dark
dream" to test, model, and eventually control your behavior.

When your eyes are hackable, you cannot take the VR headset off. Even closing
your eyelids won't help.

Would you want _anyone_ besides yourself having authorized access to your
sensory bus? Would it make you feel any better if the person doing it had a
valid court order?

~~~
xenophonf

      Would you want anyone besides yourself having
      authorized access to your sensory bus?
    

Banks' Culture novels touch on similar topics. In _Excession_ , a Culture
warship comments how the brain-computer interface (in-universe called a
"neural lace") is the most effective torture device ever devised. And in
_Surface Detail_ , a firefight turns on the fact that Culture warships write
their own completely-customized operating systems, with this heterogeneity
making hacking attempts more difficult and consequently less successful.

------
jakeogh
The attack on our ability to encrypt is in the end an attack on the right to
private thought. Loosing this, while we merge with our digital creations, is
an existential threat.

------
jackgavigan
Perhaps governments need to apporach the problem from a different angle: _How
can we limit the extent to which bad actors (e.g. terrorists, organisaed
crime, etc.) can benefit from private /secure communications technologies
without compromising civil liberties and our citizens' right to privacy?_

If anyone can solve that problem, surely it's us - the technologists, the
problem-solvers?

------
adestefan
How is there no mention of CALEA[0] in this document? They even hint at it in
the Executive Summary:

Indeed, in 1992, the FBI’s Advanced Telephony Unit warned that within three
years Title III wiretaps would be useless: no more than 40% would be
intelligible and that in the worst case all might be rendered useless [2]. The
world did not “go dark.” On the contrary, law enforcement has much better and
more effective surveillance capabilities now than it did then.

[0]
[https://en.wikipedia.org/wiki/Communications_Assistance_for_...](https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)

------
mc808
"Michael S. Rogers, the director of the N.S.A., has proposed that technology
companies be required to create a digital key that could unlock encrypted
communications, but divide and secure the key into pieces so that no one
person or government agency could use it alone."

Conveniently, Microsoft has a patent on just that.
[http://www.google.com/patents/US8891772](http://www.google.com/patents/US8891772)

Michael S. Rogers should disclose any financial interest he may have in
Microsoft. Or does he have something to hide?

~~~
michaelt
Shamir's Secret Sharing was published in 1979. I would be surprised if
Microsoft has a monopoly on it, given that patent was published in 2011.

------
tptacek
Here's the paper:

[https://news.ycombinator.com/item?id=9846414](https://news.ycombinator.com/item?id=9846414)

------
naveen99
They already ban encryption on ham radio... :(

Maybe somebody can start a pay to broadcast service using namecoin atomic name
changes [https://wiki.namecoin.info/?title=Atomic_Name-
Trading](https://wiki.namecoin.info/?title=Atomic_Name-Trading) 1\. Service
announces public nmc pay to address. 2\. People mail them a message as a name
update transaction combined with payment to that address using snailmail. 3\.
They broadcast if the perceived risk of broadcasting is less than the value of
fee provided.

This could be anonymous and encrypted if the source name coins are
sufficiently anonymous.

~~~
forgottenpass
_They already ban encryption on ham radio... :(_

This bugged me too, but ham is already not general purpose. I've come to
accept it as the cost of preventing a disallowed uses of the ham bands inside
an impenetrable envelope of allowed use.

And besides, it's usually possible (but less fun) to set up (or use existing)
radio networking links in different bands.

------
d_theorist
Would it have killed them to link to the paper?

------
johanneskanybal
Can we stop the sharing of pay-walled content please, just pick another
source?

ot: What do they (cameron and c/o) think the best case scenario is for this
folly? Disrupt a few mainstream services while pissing everyone off in the
process whilst the real criminals move on to slightly more obscure services?

------
a3n
> The costs to the developed countries’ soft power and to our moral authority
> would also be considerable.”

That moral authority undermined in part from the risk of secure government
data being exposed, and government operations then being exposed.

Breakable encryption is definitely a double-edged sword.

------
EGreg
How would they feel if China and Russia was given the same backdoors? What
would they legislate then? It's not as if internet traffic can be quarantined.

~~~
delinka
Can't it? The Great Firewall is a shining example.

(all irony intended.)

------
hellbanner
Right - and "the government" isn't a single entity. Members can defect (ala:
Snowden and others).

~~~
logfromblammo
Members can also corrupt, or even just operate too long without the moderating
effects of effective oversight.

