Sunday, March 06, 2016

More bad arguments for privacy

Bruce Schneier argues:
The FBI wants the ability to bypass encryption in the course of criminal investigations. This is known as a "backdoor," because it's a way at the encrypted information that bypasses the normal encryption mechanisms. I am sympathetic to such claims, but as a technologist I can tell you that there is no way to give the FBI that capability without weakening the encryption against all adversaries. This is crucial to understand. I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn't work that way.

If a backdoor exists, then anyone can exploit it. All it takes is knowledge of the backdoor and the capability to exploit it. And while it might temporarily be a secret, it's a fragile secret. Backdoors are how everyone attacks computer systems.

This means that if the FBI can eavesdrop on your conversations or get into your computers without your consent, so can cybercriminals. So can the Chinese. So can terrorists.
I am sympathetic to his privacy goals, but sooner or later the public is going to figure out this argument is incorrect. Backdoor technology is feasible.

The SSL/TLS protocol that everyone uses for secure web pages has backdoors. There are about 150 root certificates with super-secret keys in private hands. If a bad guy got access to one of these and intercepted web traffic, then he could subvert the system.

The system depends on the holders of these super-secret keys keeping them secret. No, they cannot be guessed and they are extremely difficult to steal. Some bad certificates have been issued, but the system works pretty well.

The US Govt can and does keep some military secrets very well.

Nate Cardoza, a staff attorney for the EFF, said on NPR Radio Ashbrook On Point:
Every computer scientist, every mathematician, every cryptographyer that has looked at the question has said: You cannot give the FBI what it is asking for here without endangering the security of all of us.
No, this is false.

Apple's main argument against the current subpoena is that it would be burdensome to assign a programmer to spend a couple of weeks supplying what the FBI wants. (Apple also argues that it has a free speech right to not comply with federal regulations, but I cannot see a court accepting that.)

Once Apple customizes its unlock program for the FBI, Apple complains that it will have no good argument against future subpoenas. That is, the work will have already been done, and so Apple cannot claim that it is burdensome.

Apple has a crappy argument. It makes about $200B a year on iphones, so I don't see how it can be burdensome to spend a couple of programmer-weeks to comply with the FBI. It is spending millions on lawyers and public relations on this issue.

I am all for individual privacy rights. But Apple is anti-privacy, and is fighting this on the basis of maximizing its profits. Apple has conned the public on this issue, and conned the leftist privacy groups as well.

Famous Israeli crypto expert Adi Shamir sides with the FBI over Apple.

I do not think that the govt should force any backdoors, but when companies like Apple put backdoors in for business reasons, they should comply with govt warrants.

No comments: