Saturday, July 11, 2015

FBI wants your crypto keys

FBI Director James Comey writes:
But my job is to try to keep people safe. In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job. It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimize privacy and safety in this particular context, or that public safety folks will be able to do their job well enough in the world of universal strong encryption. Those are decisions Americans should make, but I think part of my job is make sure the debate is informed by a reasonable understanding of the costs.
See this SciAm article for background.

Some prominent cryptologists have written an essay on The Risks of Mandating Backdoors in Encryption Products. They say that the govt plan cannot work, and and the NY Times says that a previous Clinton administration plan was shown to not work either.

I am inclined to agree that giving the Obama administration everything they want would infringe our civil liberties, but the cryptologist argument is nonsense. The Clinton administration plan was defeated politically, not by technical weaknesses.

Every other country spies on its citizens, and does it without any statutory limitation or due process. Apple, Google, credit bureaus, Obamacare, and others collect vast amounts of privacy invading data on us, and we have very few protections. The main forces against encryption are businesses who profit from selling our private data.

It would be possible to give the feds what they ask, and give citizens better protections than they have today. There are no technical barriers to this.

These cryptologists are saying something that is popular with civil libertarians, and with big data companies who would like to keep spying on us. But those big data companies are eager to give the false impression that all of your data can be trusted with them, and that the FBI is the real threat to your privacy.

Here is a bigger threat, from a Latina political appointment in the Obama administration:
Katherine Archuleta, the director of the Office of Personnel Management, resigned under pressure on Friday, one day after the government revealed that two sweeping cyberintrusions at the agency had resulted in the theft of the personal information of more than 22 million people, including those who had applied for sensitive security clearances.
I think that it is just a matter of time before massive files on everyone get put on the web, with Social Security numbers, addresses, and health info. Once that happens, people will see little point in making that info secret anymore.

Update: James Baker says that he convinced the NY Times to issue a correction about the supposed technical weaknesses of the Clinton administration plan.

While I was on the opposite side of Baker in the 1990s crypto wars, I agree with him that the press has fallen for lame arguments from cryptologists.

No comments: