
Why Are We Fighting the Crypto Wars Again? - steven
https://medium.com/@stevenlevy/b5310a423295#.v775mh4mp
======
cantrevealname
The premise of the crypto wars are that we don't really have a _right_ to
encryption.

Shouldn't we stop pussyfooting around this issue and instead demand that
encryption is a fundamental right just as freedom of speech is a fundamental
right?

Since everything we say and do today involves computers and the Internet, we
can't have free speech, privacy, liberty, or personal security without
encryption.

We should assert that right. We should have the right to use encryption for
our communications and to secure our documents at rest, and never be compelled
to reveal a key or passphrase. Doesn't this sound like something that would
have been in the Bill of Rights if it were written today?

We can still mention all the other reasons why encryption is good and
beneficial, but always starting our conversations with the words: encryption
is a fundamental right.

~~~
alfiedotwtf
The right to encryption falls under Article 19 of The Universal Declaration of
Human Rights:

"Everyone has the right to freedom of opinion and expression; this right
includes freedom to hold opinions without interference and to seek, receive
and impart information and ideas through any media and regardless of
frontiers."

~~~
thomasahle
It appears to be more about being allowed to communicate, than being allowed
to do so privately.

~~~
MajesticHobo
The line of reasoning, is, IMO:

You have the right to communicate freely -> encryption is just a form of
(ostensibly garbled) communication -> you have the right to use encryption
freely.

Nothing in that clause says the communication must be understandable or even
interpretable by all people.

~~~
alkonaut
You _could_ argue that freedom to communicate covers the use of encryption. If
encryption was outlawed however, it wouldn't be the right for individuals to
use it that would be outlawed, it would be the right for companies to sell
products with strong encryption, or to do so without backdoors. That in turn
would deny many the use of crypto, but it would not deny them the freedom to
communicate.

I don't think outlawing maths or outlawing companies from making an iPhone
that they themselves can't break into is even remotely possible. The
conclusion from that is that what we have can't really be a _war_ on crypto,
it must simply be the noise of people who realized they already lost.

------
aftbit
We will fight this battle over and over every few years until we lose, just
like every battle for our civil rights.

~~~
mc32
This may be an unpopular take but I think it has some merit.

Cryptography is not the answer to surveillance. It has its place but that
place is not to keep everyone's data secret _and_ irretrievable as plaintext
except by its holder (never mind owner), if they retain the key.

The answer will be legal and political.

I cannot see the endgame where all data is forever gone, with the exception
where people proactively plaintext their data for future generations.

Let's say instead of iPhone contacts or chat conversations we begin keeping
tax records, transactions, commerce, etc. secret, except for the person or
entity encrypting the data (who may or may not be the owner). What if the
heirs need that data or third parties, lawfully? What about discovery in court
cases? What if someone comes up with malware which encrypts your data and you
have no backup?

How do we reconcile wanting data to be available (free) with also wanting
everything encrypted for posteriority --do we just forgo that treasure trove
of data?

I'm not saying don't encrypt on transmission, or even at rest, simply (or
complicatedly) that we have a way to data once it's lawfully determined it can
be should be made available to second and third parties, including the public.

~~~
thwarted
I don't see irretrievable data as being significantly different than data that
never existed to begin with, the only real difference is the _belief_ that
something valuable is hidden behind encryption. If and until the encrypted
data is made plain, there's no telling what it contains, it could be tax
records, transactions, commerce, or it could be a copy of the 1987 American
action comedy film "Ishtar".

In the case of tax records (and ignoring that government would have a copy of
said records), consider a dispute with the government who claims that a
deceased person didn't pay taxes while the heirs claim taxes were paid
(obviously a contrived example). If the "proof" is unavailable because the
deceased encrypted it, then the result is the same as if the encrypted data
never existed. The heirs could say that any random noise is encrypted data
that provides proof of payment, but without any way to decrypt (and, arguably,
to authenticate it) that random noise into actionable data, any claims the
encrypted data contains the necessary "proof" is meaningless.

In other words, it's not the fault of encryption that the heirs have to deal
with this beef from the government, but rather the fault of the deceased who
encrypted things valuable to the heirs without a way for the heirs to access
it (via sharing a key or explicit, chosen key escrow with a third party, etc).
We like to say the answer will be legal and political, and it definitely has
legal and political influences and impact, but given that the encryption is
unbreakable, or the value of the dispute isn't worth the effort to undertake
breaking it, we won't be able to legislate math to, uh, "not work".

Even if the government is the trusted entity of last resort and maintains a
"legal" way to access encrypted content, there's nothing stopping the deceased
in the above contrived example to have encrypted it using an unsanctioned
algorithm or not have shared the key with the government, or whathaveyou. Then
they die. Not only is the data inaccessible, but the responsible party is
dead, and unable to have legal retribution rendered unto them for breaking the
law. In this respect, the data is just as good as not having ever existed
(which may very well have been the reason the now deceased encrypted it in the
first place).

~~~
mc32
I understand your point. Mine is that if it were to become ubiquitous as Apple
and others foresee it, it won't be just a few people or the paranoid or the
ones who want things to remain hidden, but it will also encompass all the
others who had no intention to keep things from others.

As personal computing continues the migration towards mobile devices and away
from PCs, most people's personal data will be on systems where there is no way
to get around a lost key. I'm actually interested to see how Apple plans to
manage the accidental lockouts and data destruction when all of a person's
information is on their mobile computing devices.

There won't be any "oh, let me take it to the Genius Bar" solution.

------
lukifer
Good fences make good neighbors, and encryption is the _only_ way to reliably
create barriers around data and devices. Encryption deserves to be every bit
as normalized as other social technologies like private property or personal
space. [http://www.meltingasphalt.com/border-
stories/](http://www.meltingasphalt.com/border-stories/)

~~~
Jtsummers
OT: The point of that poem was that they were _not_ good neighbors. The
neighbor is indifferent to the narrator except in expressing that sentiment
and in the task of building a wall between them.

EDIT:

Poem text, "Mending Wall" by Robert Frost, for those not familiar with it:

[https://www.poets.org/poetsorg/poem/mending-
wall](https://www.poets.org/poetsorg/poem/mending-wall)

~~~
sounds
That's correct. But in this case the indifferent neighbor who insisted on
putting up walls and gates was an overreaching federal government.

Now they want to be able to ignore the boundaries when it suits them. They
naturally will be encrypting their own data.

John Perry Barlow:

"Governments of the Industrial World, you weary giants of flesh and steel, I
come from Cyberspace, the new home of Mind. On behalf of the future, I ask you
of the past to leave us alone. You are not welcome among us. You have no
sovereignty where we gather.

"We have no elected government, nor are we likely to have one, so I address
you with no greater authority than that with which liberty itself always
speaks. I declare the global social space we are building to be naturally
independent of the tyrannies you seek to impose on us. You have no moral right
to rule us nor do you possess any methods of enforcement we have true reason
to fear.

"Governments derive their just powers from the consent of the governed. You
have neither solicited nor received ours. We did not invite you. You do not
know us, nor do you know our world. Cyberspace does not lie within your
borders. Do not think that you can build it, as though it were a public
construction project. You cannot. It is an act of nature and it grows itself
through our collective actions.

"You have not engaged in our great and gathering conversation, nor did you
create the wealth of our marketplaces. You do not know our culture, our
ethics, or the unwritten codes that already provide our society more order
than could be obtained by any of your impositions.

"You claim there are problems among us that you need to solve. You use this
claim as an excuse to invade our precincts. Many of these problems don't
exist. Where there are real conflicts, where there are wrongs, we will
identify them and address them by our means. We are forming our own Social
Contract. This governance will arise according to the conditions of our world,
not yours. Our world is different.

"Cyberspace consists of transactions, relationships, and thought itself,
arrayed like a standing wave in the web of our communications. Ours is a world
that is both everywhere and nowhere, but it is not where bodies live.

"We are creating a world that all may enter without privilege or prejudice
accorded by race, economic power, military force, or station of birth.

"We are creating a world where anyone, anywhere may express his or her
beliefs, no matter how singular, without fear of being coerced into silence or
conformity.

"Your legal concepts of property, expression, identity, movement, and context
do not apply to us. They are all based on matter, and there is no matter here.

"Our identities have no bodies, so, unlike you, we cannot obtain order by
physical coercion. We believe that from ethics, enlightened self-interest, and
the commonweal, our governance will emerge. Our identities may be distributed
across many of your jurisdictions. The only law that all our constituent
cultures would generally recognize is the Golden Rule. We hope we will be able
to build our particular solutions on that basis. But we cannot accept the
solutions you are attempting to impose.

"In the United States, you have today created a law, the Telecommunications
Reform Act, which repudiates your own Constitution and insults the dreams of
Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams
must now be born anew in us.

"You are terrified of your own children, since they are natives in a world
where you will always be immigrants. Because you fear them, you entrust your
bureaucracies with the parental responsibilities you are too cowardly to
confront yourselves. In our world, all the sentiments and expressions of
humanity, from the debasing to the angelic, are parts of a seamless whole, the
global conversation of bits. We cannot separate the air that chokes from the
air upon which wings beat.

"In China, Germany, France, Russia, Singapore, Italy and the United States,
you are trying to ward off the virus of liberty by erecting guard posts at the
frontiers of Cyberspace. These may keep out the contagion for a small time,
but they will not work in a world that will soon be blanketed in bit-bearing
media.

"Your increasingly obsolete information industries would perpetuate themselves
by proposing laws, in America and elsewhere, that claim to own speech itself
throughout the world. These laws would declare ideas to be another industrial
product, no more noble than pig iron. In our world, whatever the human mind
may create can be reproduced and distributed infinitely at no cost. The global
conveyance of thought no longer requires your factories to accomplish.

"These increasingly hostile and colonial measures place us in the same
position as those previous lovers of freedom and self-determination who had to
reject the authorities of distant, uninformed powers. We must declare our
virtual selves immune to your sovereignty, even as we continue to consent to
your rule over our bodies. We will spread ourselves across the Planet so that
no one can arrest our thoughts.

"We will create a civilization of the Mind in Cyberspace. May it be more
humane and fair than the world your governments have made before.

Davos, Switzerland February 8, 1996"

------
Falkon1313
We're fighting 'the crypto wars' again because we've become complacent and
content in the belief that a few experts have solved everything for us by
providing a few systems. We didn't bother to fight before, we sat back and got
lazy.

It's not a tech thing, cryptography has been in use since before the Roman
Empire. But in recent decades, everyone only speaks of it in terms of tech.
And we assume only a few tech wizards are smart enough to make it work.

For years, the standard line has been "never write your own crypto, use
something written by the experts". So only a few algorithms are actually in
use. That makes them big high-value targets. But almost everything that the
experts have written or recommended has been backdoored, rainbow tabled,
compromised, or worked around, and what hasn't, the government can demand to
be broken.

Most websites used to store passwords as MD5 hashes (if not plaintext) because
that was the standard recommendation. Minor changes in hardware to lead to
rainbow tables that rendered that world-wide obsolete instantaneously for
everyone. That was a mess. But what if only one site had used MD5? Even if it
had been worth attacking, the results wouldn't have been nearly as bad. Flash
was present in 98% of browsers, which made it a huge target for crackers, with
constant zero-day exploits. It is now on life support and we know that we
don't want something like that again. Something that everyone uses is an easy
and valuable target.

Perhaps we should flip conventional wisdom on its head and go back to writing
our own crypto. Maybe layer it with the stuff from the experts, so they can
cover our weaknesses, but probably best not to trust them entirely. If there
were thousands or millions of different crypto algorithms in use instead of
just a few, they might not individually be stronger, but collectively, it
would be harder to attack them. Mix that with steganography and codes, and the
possibilities could be exponentially greater than if everyone is just using
plaintext passed through the same standard government-approved cipher.

We need to be less lazy.

------
djillionsmix
Because the government correctly perceives unbreakable crypto as an assault on
its sovereignty.

Sovereignty is the principle that the government can do whatever it decides to
do. Stuff like the 10A doesn't infringe on sovereignty because that's the
government itself deciding that it _shouldn 't_ do certain things. Like if the
goverment decided to, it could kick your door in, find your private diary, and
read everything you've written in it. Our government has regulations
moderating the use of that power, because it has decided that in most
circumstances it _shouldn 't_ do that. But if the government has good reason
to suspect that you're using your diary to, say, make plans for murdering
people? Then the government can go right ahead and break your door down and
read your diary and see if you're doing that.

(unbreakable) Crypto is different. Crypto is an infinitely high, infinitely
deep wall around your house that the government can never breach, no matter
how justified the government decides it is in breaching that wall. Crypto is
the government sending combined might of the entire US army, navy, air force,
and national guard to breach your wall, and failing. Are you within your wall
engaging in acts of political speech? The government cannot stop you. Are you
within your wall raping your child slaves? The government cannot stop you. Are
you within your wall building a nuclear weapon that you plan to use to blow up
everyone outside your wall? The government cannot stop you.

Within the cryptographic envelope, government can't govern. This isn't
something the government can tolerate, because governments that can't govern
aren't governments, they're just a bunch of people with opinions. So yes, the
government will continue to fight these battles, because for the government
these battles are an existential concern.

------
julie1
PKI is a silver bullet.

The weakness of the chain are human beings. For the same reasons the young
coders are still making SQL injections, people keep bad practices for
security.

Our human brain cannot store too much stress and secrets. So every human make
shortcuts.

They forgot to check public keys and identity during key signing parties or
accept to put in their ring of trusts people refusing to justify their
identities.

PKI à la PGP like bitcoin is weak to local majority attack.

And human are still the weak point. Just target the vulnerable to take down
the ring of trust.

Information technology requires better education. Not more expertise. Just the
basics.

~~~
nickpsecurity
"Our human brain cannot store too much stress and secrets. So every human make
shortcuts."

Well put. Russians used to say some of the best info came from just before or
after a secure phone went encrypted. People couldn't let themselves wait or
double-check even that much.

Economics and productivity do even more damage. People griped that B3/A1
secure systems didnt have development pace or features for price paid vs
insecure competition. Plus insecure did lock-in nicely. Result: almost no
investment into secure alternatives to crud we're locked into.

Defence, Comp Sci, and what's left of high assurance commercial are still
cranking out useful stuff at least.

------
freethrow
Personally, I have avoided technology products built in US because there's a
chance they might be backdoored. I'm sure others have done the same.

~~~
jkaunisv1
How do you reconcile that with the fact most electronic components are made in
China? To me the odds of something coming out of China being backdoored are a
lot higher than well...anywhere else. Where do you get your gear?

~~~
mordocai
Truthfully the truly privacy conscious are going to have to start joining the
open hardware + open software movement.

Edit: AFAIK it isn't yet established enough to setup a full range of your
average first world consumer's products though.

------
jacquesm
Because the ratchet hasn't 'clicked' yet. So if this round gets won by the
good guys you can certainly expect another one.

------
bunkydoo
Here's the thing on this - I think this will be ultimately what happens too.
Apple will likely proceed to build future iPhones with extreme privacy in mind
and eventually reach a point where they have a product they have prepared that
once it reaches consumer hands, it has few if any backdoors (yes even current
iPhones do to some extent) once the device 'pairs' with their identity and
they consciously encrypt it using open source standards - it's on the consumer
to comply with any government warrants, not the manufacturer. (also it wouldnt
hurt if they dreamt up something a little less err 'logical' than a 4-6 digit
passcode as a fallback that can be brute forced with enough attempts) I don't
doubt apple will spend a lot of money, time, and resources fighting this over
the next few years and will probably be muscled into opening the San
Bernardino shooter's phone along with any currently available iPhones.

------
w8rbt
Some day, only governments and criminals will have access to strong
encryption.

~~~
mattkevan
And the difference is..?

~~~
recursive
Government has a lot of paperwork.

------
EvanPlaice
Bitcoin and other forms of non-standard currency depend on crypto.

1\. The central banking system feels threatened by competition.

2\. Government is afraid that people will use it to launder funds and dodge
taxes.

3\. Law enforcement, Homeland Security, and the NSA are afraid of losing the
ability to effectively search __and __seize electronic assets; despite the
fact that their current practices are a clear violation of the 4th Amendment.

------
adamc
If you care about this and are an American citizen, please consider signing
the apple-privacy-petition: [https://petitions.whitehouse.gov/petition/apple-
privacy-peti...](https://petitions.whitehouse.gov/petition/apple-privacy-
petition)

~~~
garrettgrimsley
Why do people still make these things?

------
ikeboy
Forcing Apple to exploit a backdoor they created in an existing product is
qualitatively different from forcing them to create and include a backdoor in
new products, and claiming the two are equal is dishonest.

The former places no constraints on what products anyone is allowed to make
and sell.

