
The Crypto Warrior - ColinWright
http://www.politico.com/agenda/story/2015/12/crypto-war-cyber-security-encryption-000334
======
ohthehugemanate
The Economist also has a piece advocating strong crypto and opposing backdoors
:

The Economist | Internet security: When back doors backfire
[http://www.economist.com/news/leaders/21684783-some-spy-
agen...](http://www.economist.com/news/leaders/21684783-some-spy-agencies-
favour-back-doors-encryption-software-who-will-use-them-when-back?frsc=dg%7Cd)

One important aspect that is missing from all of these articles though, is
that strong encryption doesn't actually lock spooks out. It prevents them from
conducting bulk surveillance, but not surveillance in general. One of the most
important things we learned from the Snowden revelations is the existence and
efficacy of the NSA Tailored Access Operations group, which brags that it can
hack into any device, anywhere in the world. They use software bugs and
backdoors to get into devices and install keyloggers, remote control software,
and similar. They get around encryption by using the rest of the attack
surface.

Many HN readers are involved enough in software and hardware to understand
that it approaches impossible to protect yourself indefinitely against an
advanced persistent threat like the TAO.

So if NSA can already get around encryption when they have a specific target,
the only thing encryption blocks them from doing is Orwellian mass
surveillance... Something which statisticians agree is useless, technologists
agree is dangerous, and voters agree is intrusive.

It kind of blows up the whole security vs privacy false dichotomy, and I wish
I saw it in the dialog more.

~~~
panarky
How can an arcane, complex, technical argument ever prevail against raw
emotional appeals?

"the iPhone will become the phone of choice for the pedophile" [1] (see also
terrorist, serial killer, etc.)

Immediately after the Paris attacks: "If you create a product that allows
these monsters to behave in this way, that’s a big problem." [2]

Atrocities are inevitable, and whether the perpetrators use encryption or not,
our leaders seize each disaster as an opportunity to push their surveillance
agenda.

All the informed discussions on HN are worthless against this kind of
emotional propaganda.

[1] [https://www.washingtonpost.com/news/volokh-
conspiracy/wp/201...](https://www.washingtonpost.com/news/volokh-
conspiracy/wp/2014/09/26/the-phone-of-choice-for-the-pedophile/)

[2] [http://www.theguardian.com/world/2015/nov/16/cia-director-
jo...](http://www.theguardian.com/world/2015/nov/16/cia-director-john-brennan-
criticises-surveillance-reform-paris-attacks)

------
kbart
We need more experts like Matt Blaze (or Bruce Schneier) that do understand
technical side of the problem, but can also communicate with non-technical
people without going too deep to win this "crypto war". A very good point:

 _" MB: It may be true that encryption makes certain investigations of crime
more difficult. It can close down certain investigative techniques or make it
harder to get access to certain kinds of electronic evidence.

But it also prevents crime by making our computers, our infrastructure, our
medical records, our financial records, more robust against criminals. It
prevents crime. On balance, the use of encryption, just like the use of good
locks on doors, has the net effect of preventing a lot more crime than it
might assist."_

------
alexandrerond
Today 32c3 had a session on the same topic by EFF Deputy Executive Director
and General Counsel Kurt Opsahl.

Video:
[https://www.youtube.com/watch?v=BweBCNBxJxM](https://www.youtube.com/watch?v=BweBCNBxJxM)

Session description:
[https://events.ccc.de/congress/2015/Fahrplan/events/7386.htm...](https://events.ccc.de/congress/2015/Fahrplan/events/7386.html)

------
jrapdx3
The recurring debate described in the article comes down to prevention vs.
cure, a dichotomy very familiar to medical practitioners. Prevention of
dysfunction has been a principle of particular merit, the "gold standard".
That is, preservation of healthy status, is worth far more than mitigating
damage after it occurs.

In the health arena, immunization is a great example. Preventing a disease
reduces suffering and costs of care by orders of magnitude. The few bad
reactions, even the cost of rare fatal outcomes pale in comparison to the
upside benefit. (I'm told it's a _good_ year for flu vaccine, I got my flu
shot last month. If it lets me avoid _having_ the flu that's very beneficial
to me.)

As Blaze convincingly remarks the value of preventing crime is enormous in
terms of the benefit that it yields. In my world, one that Blaze talks about,
breaches of confidential health records are matters of great concern for the
tremendous negative impact caused.

From what's reported (and comments from people I know in the EHR industry),
those systems are _vulnerable_ to intrusions. If secure non-backdoored
encryption adds even a shallow layer of protection, that would give a worthy
benefit.

Blaze implies even good encryption models are no guarantee that will solve the
problems. Often said here on HN, "security is hard, very hard" to get right.
But to the extent its application prevents criminals from actually committing
crimes it will far outweigh to damage done by criminals that aren't caught
because they could keep their destructive activity secret.

I could add quite a long riff on the near impossibility of humans keeping
secrets, anyway it seems not in our nature to be good at it. Too much reader
torment to go on about it now, prevention is definitely the key.

------
dawnbreez
I like to allude to the TSA's keys when talking about this. It took, what, a
week for a TSA agent to post a closeup of their "secure" keys, and for someone
to replicate them with a 3D printer?

It's absurd.

------
2close4comfort
Matt Blaze is the man! I remember reading the cypherpunks mailing list and
following the clipper chip saga, there is no better person to be on the good
side of the Crypto War.

