Credit: Alicia Kubista / Andrij Borys Associates
When Edward Snowden made it known to the world that pretty much all traffic on the Internet was collected and searched by the U.S. National Security Agency (NSA), the U.K. Government Communications Headquarters (GCHQ), and various other countries' secret services as well, the IT and networking communities were furious and felt betrayed.
A wave of activism followed to get traffic encrypted so as to make it impossible for NSA to indiscriminately snoop on the entire world population. When all you have is a hammer, all problems look like nails, and the available hammer was the SSL/TLS encryption protocol, so the battle cry was "SSL/TLS/HTTPS everywhere." A lot of nails have been hit with that!
If the legal system got a warrant to seize all your correspondence, but some of it was in a language none of them read, they don't have the right to compel you to translate it for them. Similarly, if they can break your encryption and have a proper warrant, the can do so. They don't (at least by the US constitution) have the right to force you to decrypt it and they don't have the right to force third parties to intentionally break their products and lie to you about their security. That does not mean it won't happen, but in our system, it should not.
That said, those with sufficient motivation will always be able to create encryption or other obsfucation to meet their needs. If Apple is compelled to sell broken encryption they will develop their own. If SSL has to use a given root certificate, then they will not use SSL.
In the end, the bad guys can avoid these government intrusions into our privacy, but we generally cannot and any broken encryption will eventually end up in the hands of criminals as has been proven repeatedly.
Nowhere in this article has Poul-Henning, the author, claimed that the solution is broken encryption. In my view, the last two sentences are the gist and main takeaway here, which Richard seems to have missed, going by his comment above. Those sentences are:
"Slapping unbreakable crypto onto more and more packets is just going to make matters worse. The only way to retain any amount of electronic privacy is through political engagement."
The solution to this problem has not yet been found, but there has to enough political will in the technology community to solve it. Moreover, the solution has to include the law enforcement perspective. I am yet to see any political will in the technology community to find a solution.
I am the inventor (at CMU and later as Chief Technologist for Seagate) on self-encrypting drives, now used everyday by over a billion people on earth.
I am very concerned by this article in ACM Communications. I have fought for many years for strong encryption by every man woman and child on earth, and this article plainly fights against it. (BTW:It should have referenced the Art of War in your second to last paragraph).
It say, "political engagement"...I have been on the American Bar Association Digital Evidence and eForensics committee since 2009. I am nearly the only technical person on the committee promoting strong encryption, people with technical expertise can just show up, you would be welcome. However, the lawyers, judges, etc., who show up are widely in favor of my views. There are those of use fighting the political side for years.
Got to www.drivetrust.com , top of the page is my 4 minute live interview on Fox News a few weeks ago, and please read the two pager at the top of that page ('Front Doors not Back Doors').
Giving a backdoor is a bad idea. There should only be Front Doors, and the law should reflect that...as it does by the way already in Medical privacy laws. All iPhones, iPads, TCG standard storage self-encrypting devices, and many other hardware encryption systems support Front door central management and have for many many years. The SSL/TLS proxy mechnism is a front door (but I wish Microsoft and others would make it easier for the user to monitor the certificates installed.) There is a community that has been very involved politically but we are usually ignored as "too techie" -- as Einstein said, roughly, 'simple but not too simple'. The article should really focus on the problem that people shut down their brains when they think you are being too complex but the front door mechanisms provide opportunity for better laws, as it has already happened in Medical PII privacy laws.
Displaying all 3 comments