
Americans' Access to Strong Encryption Is at Risk, an Open Letter to Congress - rietta
https://rietta.com/blog/2017/05/03/americans-access-to-strong-encryption-is-at-risk/
======
Nomentatus
The irony here is that simple one-time-pad solutions (OTP) will continue to be
available to securely encrypt the sort of messaging that's of use to
terrorists (relatively short infrequent messages), instead it's the general
communications (including for banking) that the rest of us perform online that
will be made vulnerable.

You don't even have to program or use a computer to create these OTP
solutions, for limited messages you could just flip a coin to create the OTP
if necessary (although there are lots of more automated solutions available as
well.)

Airgapped computers at both ends provide another way 'round restrictions for
more sophisticated actors. Their backdoors won't be accessible (remotely.)

So taking away secure encryption from the rest of us is just security theatre;
a destructive, narcissistic legislative exercise designed to make it look like
the pompous powerful doing something when they're doing nothing of any real
use while creating terrible risks.

This is why, I think, legislators have consistently ignoring logic and math
from professionals such as the OP - they don't care. They know perfectly well
they're pissing into the wind doing nothing useful; that it's all theatre;
they just think the fallout is going to land on someone else's pants after
they're out of office. But tech works (and fails) faster than that.

[Counterargument: if everything else is breakable, securely encrypted messages
really stand out. One answer: But very short messages (in an unknown format)
aren't generally breakable, anyway, and that's the likely case.]

~~~
rietta
One time pads are perfect! Everything less than that trades security for
convenience. So true.

~~~
_jal
Of course, that perfection is achieved by shifting all your risk to key
distribution.

I think of OTPs as a form of time-shifting. Think of it this way: if you and
your correspondent have viable OTPs, that implies that, at some point in the
past, you securely communicated that OTP. Since it is (at least) the length of
a future message, you could have just passed a secure message then. Instead,
you passed something that enables passing a secure message now.

~~~
libeclipse
Imagine implementing your amazing solution in real life.

I don't see a situation being frequent where you'd know the message weeks or
months in advance of when you send it. If we follow your scheme, there's no
encryption; we just meet up when we need to communicate. What if we're on
opposite sides of the earth? If we had exchanged keys months earlier, this
wouldn't be a problem.

~~~
_jal
I must have explained poorly. I was not proposing "just communicate securely
in advance". I was highlighting the problem with OTPs.

The fact that your key material is the same size as the message means all your
security is in the key, thus in your key distribution method. Among other
problems, this means no rekeying without replicating your original hand-off -
you can communicate exactly as many bits as your previously securely
exchanged, no more.

~~~
libeclipse
> means all of your security is in the key

...erm, isn't that the point?

~~~
_jal
Speaking of points, I can't tell if you're intentionally missing mine, but
either way this is unproductive. If you're sincerely confused, please read up
a bit. The Wikipedia page isn't a terrible place to start.

~~~
libeclipse
No I mean I understand where OTP falls short, but you're either really bad at
conveying your viewpoint, or you're simply plain wrong.

Yes, with OTP you need to exchange keys and this shifts all of the security to
key exchange, and while this wouldn't be a problem in other ciphers, it's a
problem in OTP because of its other properties and shortfalls.

So at most I feel as though it's a security/convenience tradeoff; a tradeoff
that's substantial or even dangerous in certain situations.

------
xupybd
Just think of the outrage if the government required master keys to everyone's
homes? I know there is a difference, but it's not a huge leap to compare the
two. We don't want the government to have such easy access to our homes
because we can't trust every government employee not to abuse it. I think the
same goes here. No mater what safe guards you put in place it's a scary
thought that you simply can't keep the government out of your affair's. Sure
now you think you have nothing to hide. But what if your political views
become criminal, what if your religious views become hate speech? We're not
there yet but times can change quickly.

~~~
sanderjd
Disclaimer: I agree with you but I always struggle to convince people that
this line of reasoning makes sense.

The government can already enter anybody's home upon receiving a warrant to do
so. If you don't let them in, they can bust through a door or tear down a
wall. We trust the government not to do this without court oversight. We trust
courts to provide good and honest oversight. It is far from a perfect system,
but we set up lots of human-level checks and balances to keep power
distributed enough that this basically works.

The problem with strong encryption is that this is impossible. Even if there
is a very good reason signed off by an honest court, it is impossible to get
in. This breaks that human-level checks-and-balances system. What replaces it?

~~~
xupybd
Personally I think you can make it a crime not to produce a key if a warrant
has been issued to search what ever you've encrypted.

That is a lot more out in the open than a "back door". When the government
bashes through the door at least it's in plain site and the house owner knows
it's happening. But with encryption how would you know if the government has
used their access?

~~~
jungletek
>Personally I think you can make it a crime not to produce a key if a warrant
has been issued to search what ever you've encrypted.

Personally, I find that suggestion repugnant.

~~~
xupybd
How is this different to getting a warrant to search say a safe deposit box at
a bank? Is there something about encrypted data that should be beyond the
reach of the law?

~~~
Thiez
I already have so many different accounts on various websites that I regularly
forget a password, the same can happen with an encryption key. Should that be
a crime?

~~~
MichaelBurge
We already require corporations to preserve all their email, voice, and other
electronic communications in case the government wants to investigate it.
Maybe you're irresponsible for losing your key, and need to be held
accountable.

We also require people to document their finances to accurately tax them.
You're presumed 'guilty until proven innocent' in the sense that you're taxed
on income unless you can document that it's untaxable(a business expense).
There are penalties for failing to document things. What's wrong with
requiring you to document your private keys, along with your receipts?

If you sell apples under the name "Loving Apples", you have to pay your state
government to register that name. You can be fined for not registering your
name, and your bank or other financial provider will want to see the
government approval document. You could have the government maintain a central
registry of all private keys, and make it a crime to encrypt a document with a
key not documented in a state agency.

If you receive a document that is encrypted, you may be further required to
tell the government who gave it to you, to ensure compliance with the
encryption law; similar to how giving someone money requires you to tell the
government about the transaction for compliance with tax law.

~~~
Thiez
Wouldn't the same reasoning apply to all communication? Do you keep
transcripts and/or recordings of all private conversations you have (in
meatspace) so that you can hand those to the government when they show up with
a warrant? Would you like to live in a society where not keeping such records
is a crime? If not, why should communication "on a computer" be held to a
different standard?

~~~
MichaelBurge
"One man's modus ponens is another man's modus tollens"

Which direction of the implication you take is a matter of preference. People
who agree with giving the government full power(and trust them not to abuse
it) or who agree with not giving the government any of this power are both
logically consistent with my argument.

I'm only attempting to rule out people who are okay with all of the existing
documentation requirements, but balk at documenting their encryption keys.

------
1001101
Does anyone here remember the clipper chip? If you don't, I'd recommend boning
up on this chapter of the crypto wars.

The 'because terrorism' excuse falls a bit flat with me.

Thought experiment: how hard would it be for a terrorist organization with
access to 100's of millions of dollars (eg. ISIS) to come up with a secure
communications scheme? One time pad. A reasonable cipher that hasn't had any
'help' during development. Even run an encrypted channel over a backdoored
product. I'm sure many of us could come up with something in a day (with
decryption over an airgap). How about a hostile government with multi-billion
dollar budgets (and who have been using OTP already for decades).

Is this about terrorists, or is this about citizens? My bet is on the latter.

[https://en.wikipedia.org/wiki/Clipper_chip](https://en.wikipedia.org/wiki/Clipper_chip)
[https://en.wikipedia.org/wiki/Crypto_Wars](https://en.wikipedia.org/wiki/Crypto_Wars)

~~~
sitkack
The Clintons and Al Gore have their paws all over the Clipper Chip.

~~~
acdha
It's a grave mistake to demonize a single politician you dislike: if it were
that simple, they'd have dropped it as soon as that one person left office. In
reality, there's a large community pushing for things which they perceive as
making their job easier and that persists across administrations — that
started well before Clinton ran for office and certainly didn't end after he
left.

~~~
sitkack
You are putting words in my mouth. I demonize no one.

My feelings about them (The Clintons) have indeed declined over the years. I
_mostly_ have huge respect for Al Gore. But my personal feelings have
absolutely nothing do to with their material involvement with the Clipper
Chip. Nor do I care when it started. They all carried the baton of government
key escrow which is not something I am going to forget. It is a grave mistake
to not hold people accountable for their actions, to not take a stand while
the bureaucracy pushes you along with the current.

~~~
acdha
“paws” isn't a neutral term – it has strong negative connotations.

My point was simply that while, yes, Bill Clinton ultimately owns his official
actions, it's naive to ignore the massive weight of the entire U.S.
intelligence apparatus, especially coming off of the Cold War footing, on a
subject where he was hearing from a lot of experts in government and business
saying this was a good move.

------
rietta
I'm going to have to go back to listen to the entirety of the Senate hearing
at some point. With so much talk about Russia hacking and influence and then
they flip the switch and want backdoors into encryption even though any
mandated tool the government demands for so called lawful intercept can be
hacked by or ordered by the judges in Russia! There is a strange disconnect
and I think it hurts us that the public discourse is security vs privacy
rather than being about the personal security off all citizens.

------
libeclipse
I did my Extended Project Qualification (EPQ) [1] on this issue, and it
actually surprised me how many people think that the governments are right in
this debate.

When presenting the work, I had a chance to ask ordinary people, and they all
pretty much agreed that the government should be able to "break" encryption
with a warrant.

This is a scary prospect, and I feel that educating citizens as well as the
government is important.

[1]
[https://github.com/libeclipse/EPQ/blob/master/paper.pdf](https://github.com/libeclipse/EPQ/blob/master/paper.pdf)

~~~
braveo
They're right, they just don't understand it doesn't really work like that.

In theory, being able to break encryption with a warrant is exactly the right
scenario.

In practice, if you an break it with a warrant, someone else can break it
without a warrant and can do so without your knowledge.

~~~
libeclipse
You're absolutely right. Encryption is either strong for everyone all of the
time, or it isn't.

------
sandworm101
Access is under no risk whatsoever. Encryption is math. It is open source. It
will always be there. What is at risk is the legal right to use it, the
government's permission for the public to use that math. My point: people with
good reason to fear the government will still access and use encryption. This
therefore isn't about terrorists. It is about watching the everyday people who
want to abide by the law.

------
_jal
The Four Horseman of the Infocalypse[1] ride again!

[1]
[https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...](https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse)

------
nom
The greatest problem right now is our hardware, not our software. We can
always devise secure encryption schemes without backdoors. Nobody can do
anything against it.

Our hardware on the other hand... is probably backdoored already.

------
WalterBright
It isn't just our privacy at issue. With more and more critical infrastructure
on the internet, having unbreakable encryption is a major national economic
and national security requirement.

It's unrealistic to think that if there is a means for access by the
government, that foreign enemies and criminal organizations won't be able to
access it, too, and cause havoc.

~~~
rietta
Very, very true!

------
pinaceae
As if they'd give a shit.

Right now they want to un-insure 24mil people, re-introduce the whole pre-
existing condition scam.

you really think a ruling class that has no qualms being "pro-life" while
denying young mothers healthcare will care about your nerd bullshit?

------
notliketherest
This is not a battle they can win. Most American's DGAF if their shit is
encrypted, until the PSA campaign fighting against laws like these tells them
the government is taking away their rights and able to snoop on their lives.
Just like SOPA and others this will be defeated.

~~~
jliptzin
I would not be so sure of that. I really believe the President's guiding
principle is to do whatever it is that will enrage liberals the most. If
Republicans see that liberals want strong encryption, they might decide to
oppose it just to piss off liberals. It's amazing to me that a lot of the same
people advocating gun rights are also the ones that support government
mandated encryption backdoors.

~~~
PKop
Eh.. it's messy isn't it. Politically motivated libertarians strongly support
both 2nd amendment and oppose back doors. Generally speaking, the govt is
always seen as the biggest threat to guard against.

Probabaly the ones supportive of backdoors are as you said, simply "trusting"
of the current leader they voted for but would immediately oppose the same
policy coming from a Democrat.

...which is the exact impulse and logic that should push all partisans to
distrust government power to snoop on communications. There will always be
someone in charge somewhere that you don't trust.

~~~
NoGravitas
As a libertarian socialist, I continually struggle to get US progressives to
understand this argument.

------
natch
For congressional consumption, I suspect arguments like this need to be dumbed
way, way, down.

Tim Cook's "software equivalent of cancer" is an example of an effective
dumbed down take on it, but it need not be the last one. The more ways the
point can be re-worded concisely so that lay people will understand it, the
better.

------
shmerl
Some just never learn. How many times will they bring up this "let's make a
backdoor but we don't really want a backdoor" stupidity?

------
paulddraper
Encryption will never be intentionally backdoored on a large scale.

I think one of RSA argued this, basically "Do you really think the government
will want to review and approve everything on the app store?"

Forcing big players to divulge data, making accused people decrypt their
devices -- those are things the government could do. Encryption per se isn't
in any danger.

~~~
CoryG89
I don't think it is the encryption protocols at risk really. Secure protocols
exist now, they will continue to exist. It is the future hardware
implementations and closed source software implementations that we will no
longer be able to trust.

~~~
bumblebeard
Are we currently able to trust hardware and closed source software
implementations?

~~~
kakarot
That's a negative, Ghost Rider

------
threepipeproblm
I read that Sen. Diane Feinsetin is supporting an anti-encryption bill. It's
never been completely clear to me if she, and those like her, fall more on the
stupid side, or more on the evil side.

But the arguments against this aren't that difficult... so I have to guess
it's the evil. Power corrupts.

------
spilk
The US Department of Defense arguably runs the most extensive key escrow
system in the world. Every DoD employee and many contractors have Common
Access Cards (CAC) that contain email encryption keys that are escrowed with
DISA.

~~~
sitkack
God I love Starship Troopers. Heinlein was a true patriot.

------
nickpsecurity
A better example of work that Congress might be interested in would be
Schneier and Kerr's writeup on encryption workarounds showing government tools
they have available with legal considerations of current or expanded ones.
That's the kind of practical stuff that can influence powerful people's
opinion as they're always looking at grey areas to balance many conflicting
interests.

[https://www.schneier.com/blog/archives/2017/03/new_paper_on_...](https://www.schneier.com/blog/archives/2017/03/new_paper_on_en.html)

------
feld
Bernstein v. United States

------
deepnet
> ... "protected being being stolen."

repetition error.

~~~
rietta
Deploying an update to remove the duplicate word now. Thank you.

~~~
Myrmornis
Also,

> The cybersecurity threats that face our nation are very important to my wife
> and I.

"to my wife and me"

~~~
andyjohnson0
"my wife and I" is fine.

[https://en.oxforddictionaries.com/usage/i-or-
me](https://en.oxforddictionaries.com/usage/i-or-me)

~~~
Myrmornis
Um, what? You have linked to an explanation of why it's not fine. This mistake
is getting more and more common, even among educated people. It's quite
embarrassing/funny because it stems from a belief that "I" is inherently more
"educated", and the result sounds anything but. I know us English speakers
can't speak any non-English languages, in contrast to the rest of the educated
world, but it's really not too much to ask for us to be able to comprehend the
concept of subject of a sentence. Our parents' and grandparents' generations
managed it fine, in fact would have been mortified to make a mistake like
this.

~~~
logfromblammo
This is actually one of my fury triggers whenever the spouse is watching
trashy reality shows on television.

I recall from my early public education that my peers and I were all taught
incorrectly. They told me and my classmates to use "I" rather than "me" in all
compound nouns, rather than to use the correct pronoun. This is burned in my
memory. It happened. Don't try to gaslight it. At least one teacher taught
every last one of their students the wrong grammar.

For instance, this would be correct. "She and I [1] went to the theater, and
the ticket-agent told her and me [2] that matinee prices ended at 4 PM."
Countless fools would put "her and I" in position [2], sparking a righteous,
impotent rage in my soul.

Also, it's "I know _we_ English speakers can't speak...". Try taking out the
descriptive. "I know us can't speak..." versus "I know we can't speak..."
Select the correct pronoun, then put the descriptor back in.

~~~
Myrmornis
Haha fair enough! And thanks for pointing out that it's actually been
propagated by school teachers sometimes. I definitely deserve to be corrected
publicly on the "us English speakers" thing. I could try to defend myself on
the basis that I was deliberately affecting a more popular mode of speaking at
that point, at the expense of correctness, but the truth is I've never said or
written "we X doers". I'll bear it in mind for the future!

------
I_am_neo
As a sovereign I demand my privacy!

------
microcolonel
Good sentiment, and better cause...

but _please, for the love of god, proofread your writing!_

~~~
rietta
Thank you.

------
azinman2
Wait does he have a Masters in Information Security from the College of
Computing at the Georgia Institute of Technology???!

Joking aside, unfortunately it takes deep problems to motivate people/the US
to change. It'll swing this way, and there will be dramatic consequences. Only
then will things swing back the other way.

It's too bad there isn't any balance here -- it does make sense in many
situations that the police/courts should be able to gain access to
information. But encryption doesn't care about the situation. Encryption
doesn't care who you are. Encryption has no contextual morales of its own.

If data had physical weight, where things that were important we're really
hard to steal, then it'd function like the real world. But data does not, and
it's too easy to download gigs of data one should never have access to. It's
very difficult to gain a middle ground as suggested by Pelosi. I don't know if
she understands that.

~~~
xapata
It looks like you forgot to pay your Squarespace bill: "This account has
expired. ( [http://empiric.al](http://empiric.al) )"

Joking aside, I guess you're saying that leading with credentials in an
article is unnecessary if that article is relatively short and you've got a
bio blurb at the bottom of the page?

~~~
rietta
That's actually a good point. I originally wrote this as a private message to
each of the Congressional candidates in the Georgia 6th district and in that
format there was not the bio and all the surrounding blog template. It feels
weird to be to lead with it too, but I'm trying to answer real quick to a
politician who does not know the science why he or she should read on to the
next paragraph.

~~~
xapata
I think you're discovering that text written for one medium might benefit from
revision when published elsewhere. :-)

Also, I think it's reasonable these days to write hardcopy letters that look
more like websites -- multiple columns, a bio section, etc. Don't restrict
yourself to obsolete and arbitrary etiquette.

