Whenever this conversation appears in the news and I listen to various law enforcement and political folks defend some sort of need for breakable encryption, I always jump to the logical end. Or at least one possible one.
In the future there WILL be brain computer interfaces. Memory offloading, recording of visual and auditory cortex data, and other more mundane uses. This may seem like fantasy/scifi. But barring some societal/technological collapse, this will eventually happen. If the precident is set for breakable encryption/back doors, this will absolutely be used to "supoena" people's "brain information" in that context. The invasive-ness will have no end.
> If the precident is set for breakable encryption/back doors, this will absolutely be used to "supoena" people's "brain information" in that context.
I believe this would be a terrible idea because people's recollection of events isn't going to magically improve just because someone connects to their brains directly instead of asking them some questions under oath. Add dreams and other literally crazy things that go in people's minds and there's a big filtering problem. Judicial systems that take "brain dumps" to be the truth would remove the need for human judges, and so we'd end up with a "Minority Report" plus "1984" plus "Skynet"/"Terminator" situation...people's brains being dumped (or "hacked") all the time and any information in that dump used against them to detect pre-crime and stop it. The logical conclusion is that all humans in the future are going to be in prisons run by robots, unless they're wiped out like we've seen in many books and movies already.
The scary thing is that a large number of people (sometimes in Australia I feel like it’s more than 50%) _would_ give access to their brain, vote for it even. People crave feedback, they can be scared of themselves, so something in their heads monitoring everything could actually be reassuring in an almost religious sense
Australians also don’t think a lot in general (many exist who do but as a general populace we’re culturally weak and short on history), so the long term effects of such reassurance just never really makes it into the discussion
Anecdotally there’s been a slight uptick in my social circles recently about people genuinely caring about privacy, so maybe there’s hope
This is the argument I've made to people over the last few years, and I think is far better and more substantial then the technical based ones that so typically come up (and have in the comments here already, the whole "well a key will of course leak thing"). It's risky and unnecessary to go to technical arguments for something that's a moral matter, because technology changes. If you base your entire opposition around the key, what if at some point someone does have an entirely formally verified stack and strong measures and can reasonably argue that keys aren't going to leak? Apple's master key for example, it becoming available would be an enormous thing for both criminals and ordinary owners of iOS devices. Yet while there have been plenty of flaws that have been exploited to bypass a need for it, the private root key remains unleaked.
The real question that I would want to see some Congress person put to agencies is
>"Do you believe there should be any inherent limits at all? If we developed the technology someday to read people's minds, should it be permissible to go through their brains with a warrant? It would certainly let you find the guilty of some 'crimes', where for 'crimes' we should keep in mind that gay sex and interracial relations were felonies in the near past."
I mean that's the real thing, if security agencies could root through people's brains I see no need to beat around the bush that likely at least a few truly horrific crimes would be stopped or solved. There would be children saved, terrorists stopped, murderers caught. But I think not just the abuse of it, but even the use of it to eliminate any gray area for a human society would be so horrific that it's just plain not worth it. That yes, some children will be abused/kill, some murderers will escape, some terrorists succeed, and that really is the price we need to pay. That we should try to reduce it as much as possible but only in opposition to strong privacy and an inviolable personal sphere. And that should include artificial augmentations to our minds, which typical mobile devices are already arguably at the point of.
The incentive structures right now for law enforcement agencies and intel agencies remains geared always towards more more more, and paying attention to singular big harms rather then small harms across enormous swaths of the population. It hasn't evolved much from decades and centuries in the past arguably. I think that's the ground to fight on though, will they argue that total erasure of the private sphere is worth it? Will the public agree? I think the answer is no, and with that established it's a lot easier to argue back against "think of the children/terrorists/drugs" typical attack.
Beyond that I would expect legal precedence set to sanitize inappropriate thoughts. I don't see any of this as far fetched. People will do what people can do.
That is very unreliable, because humans can easily invent memories of events that did not occur. And it may even fool any lie detecting technology, if they truly believe it themselves.
For example, I was 100% sure that some event in 10 years past did happen, because I was there and saw it. Then a friend of mine said that it did not happen. I did not believe and checked the recording - and yes, it did not happen. What I thought I remembered actually happened at another time with a completely different person.
I was at this conference yesterday. The keynote was Kevin Mitnick giving step by step demos on how to steal gmail session cookies and clone prox access cards, but apparently discussions of anonymous digital dropboxes are out of bounds
That's crazy -- nothing should be out of bounds when trying to understand security for the purpose of improving security. It would be like trying to reduce unplanned pregnancies while not sharing information about how women get pregnant.
I wish more non-technical people understood the fundamental point that many security measures are binary. Either they are secure and no-one has a back door that can compromise them, or they are not and anyone could have a back door that can compromise them, but there is no middle ground where only a politician's preferred government agents have a back door.
When I see comments like former Australian PM Malcolm Turnbull's "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia", I despair. Such profound ignorance should be kept well away from any sort of power. Regrettably, we haven't yet found a modern King Canute who can demonstrate the principle to our politicians and leave them without any doubt.
One amazing thing is that the "key under the mat" idea has been floated for decades[1], keeps getting discredited and keeps reappearing. It feels like we're going to be having the same discussion forever.
Another fundamental point that Schneier is very strong on is that in most countries, cybersecurity responsibilities have been co-opted by the military. Being that the military thinks in offensive terms (even when considering defence), that's the position they take here as well, which explains why they would rather hoard zero days to use as weapons than disclose them so that everybody can patch and be secure.
Tho a counter-point can be made to the end that communication providers have been mandated to give law-enforcement special surveillance access for decades already, when most of it was analog. In most countries, these laws are still in effect, and in many there are very much like "API specifications".
On that end there's the inherent expectation of "If we can do it with analog phone, why can't we do it with digital?" by law&order politics. Another big part is also the false assumption that people have a perfect right to privacy.
In theory, people may have a right to privacy, but in practice, communication providers which actually facilitate communication are also bound by government actions [0].
So true, and E2E doesn't matter if they force a patched binary that also sends the data to the government. This is EXACTLY what the Australian laws saws they must do, oh and it is a gag order so they can't disclose it. I think it is going to come down to this kind of attack. If you want to see your product in their country, you have to let them patch binaries. Look at what is happening in China right now with Hearthstone and the NBA and more. CEOs don't want to walk away from $BB of revenue and the growth they need to get their next bonus.
The PM wasn't ignorant, he was making the correct point that you can outlaw things that mathematically are unbreakable. Criminals can unbreakably use them, but will be violating the law. I even think he was making a joke. The laws of physics allow me to kill someone by dropping a heavy weight on them, but that is outlawed in Australia.
Now, I disagree with him as to what the law should be. But I think people have been ridiculously uncharitable by implying he believes ... you know, I don't even know what people are implying. They are just pointing and laughing and not making a coherent point.
> Either they are secure and no-one has a back door that can compromise them, or they are not and anyone could have a back door that can compromise them, but there is no middle ground where only a politician's preferred government agents have a back door
Can you clarify? Wouldn't just having a second key which the government keeps in escrow in case they need to decrypt a message achieve exactly what you are saying is impossible?
(Note: I don't agree with the laws being created to undermine encryption ... but I think it undermines the argument against it to overstate the case.)
Whenever a non-technical person makes these claims I wish someone would standup and ask what sort of repercussions they believe would be acceptable for breaking the law and using the key illegally. Equifax royally screwed 147 million people, and no one did any time for it. Even if they had we'd be talking microseconds per person they screwed over.
It becomes unfathomable how huge of a problem this could cause and then when it happens it get swept under the rug and not a big deal. If the PM thinks its ok to have a key under the mat then I wanna know how much time he should be doing when someone gets my personal information and makes me have to deal with identity theft. Would 10 seconds of jail time for my life long struggle be acceptable? For the Equifax CEO that would have been half a year.
But they may say something illegal, and there are enough people who want to make that impossible that they are willing to sacrifice their rights to ensure the laws on illegal information are enforced.
Some people are fundamentally willing to sacrifice rights they don't view as necessary for some temporary gain, and trying to oppose this in any more direct way can result in having one's own moral standing challenged.
The conclusion I always reach in these discussions is that if people truly want encryption, they will have to do it themselves and not rely on others. Others can always be forced or otherwise coerced, legally or otherwise.
The "censored" talks immediately had their slides put online and were extensively advertised with Schneier in particular, stating it's your duty to read them now. Nobody was arrested because the courts would not even allow a prosecution as there's no law that has been broken. The rule of law, while imperfect, means something in Australia.
Let's be very critical of what has happened here by all means, that's how we preserve a rule of law and equality before it.
Doesn't Schneier miss the mark here. Even if the US, Australia or all of the Five Eyes nations stop spying, that does not ensure encryption is unbroken or safe from spying eyes. If it is possible to break encryption, it will be broken by someone. It better be by us...
As far as designing in weaknesses and/or golded keys. Well, it does not add to security, but assuming that the other nation states are already able to break encryption and read what they want, it does not weaken it either for national security reasons. What it does provide however are easy means to stop terrorists, pedos and drug dealers from conducting business. That power in the right hands is good for society, just like having people with lethal weapons in law enforcement is good for society.
Remains the risk that some bad guys could get their hands on the golden keys. Yes, design to handle that?
> If it is possible to break encryption, it will be broken by someone. It better be by us...
The option isn't encryption broken by them or broken by us. It's secure encryption or encryption that can be broken by everybody with sufficient resources.
> Remains the risk that some bad guys could get their hands on the golden keys. Yes, design to handle that?
Yes, because secure systems are so secure that we should be trusting them to base all of the world's encryption on. It takes a single bug or intrusion to undermine everything. There's no way to design for a key that needs to be usable/accessible for when you need to access encrypted anything, while keeping it secure from bad actors.
That's even before considering how the US government and US institutions have, over the course of the past decades, pissed away any and all good will and trust that the public may have had in them. Why would anybody want to give the FBI or NSA free access to all of their data? After seeing enough stories of employees looking at naked pictures, stalking ex-girlfriends, dragnet surveillance or other gross abuses of power, there's no way these people can be trusted.
> As far as designing in weaknesses and/or golded keys. Well, it does not add to security, but assuming that the other nation states are already able to break encryption and read what they want, it does not weaken it either for national security reasons.
You are correct in exactly the same way that, if one assumes that the Earth is flat then it is impossible to fly around it in an airplane.
There exist cryptographic security measures that have flaws and can be broken by nation states. But there are also plenty of encryption techniques that will easily resist the efforts of even the most effective nation states (at least for the present day). The question is not whether such codes exist but whether we will pass laws preventing any law-abiding person or company from using them.
If you were right and the NSA could break these codes then they wouldn't be advocating for back doors, they would be encouraging everyone to encrypt their communications (to protect against everyone ELSE), then using their abilities to stop terrorists, pedis and drug dealers.
> As far as designing in weaknesses and/or golded keys. Well, it does not add to security, but assuming that the other nation states are already able to break encryption and read what they want, it does not weaken it either for national security reasons.
Except that it's only your country whose encryption gets broken. You're basically giving your enemies free reign to spy on you and your country if you force a golden key system into use. Do you think China will use your custom crypto system? Or any other country for that matter? You end up in a situation where you _lose_ power because you want to spy on journalists, human rights activists and undesirable parts of the population.
> What it does provide however are easy means to stop terrorists, pedos and drug dealers from conducting business.
I can't remember the last time a law passed to hunt down the pedos/terrorists/drug dealers hasn't been used to surpress or hurt some part of the population.
Remember when drug dealers just used SMS? When pedos exchanged magazines and floppies? When terrorists just called each other? And how the government, with all its wiretapping power, couldn't stop any of them? Encryption is a nice bonus for these people, but a lack of it is not stopping anyone.
Tangentially, if a country would focus on properly treating addiction instead of making boogeymen out of those darn drug dealers we might actually get anywhere as a species.
> Remains the risk that some bad guys could get their hands on the golden keys. Yes, design to handle that?
How would that even work in a crypto system? If you have the key, you can decrypt. That's the basis of cryptography. Wishing away the glaringly obvious problem with the proposed system by telling people to "design it not to break like that" doesn't work.
As far as designing in weaknesses and/or golded keys. Well, it does not add to security, but assuming that the other nation states are already able to break encryption and read what they want, it does not weaken it either for national security reasons.
That assumption is the weakness in your argument. If you design in a systemic back door, it becomes a known fact that a hostile actor could find a way into your system, because you have created one for them. Not only that, but in the case of a golden key, if it leaks then anyone can get in.
Of course there is no guarantee that any encryption scheme is 100% unbreakable. Such is the nature of mathematics and research. But there is a fundamental difference between needing to discover a systemic weakness in an encryption scheme, say an efficient solution to the discrete logarithm problem or a side channel attack on a given implementation, and merely needing to know some master password that will work even if the mathematics of the encryption method and its practical implementation are sound.
[+] [-] ickwabe|6 years ago|reply
In the future there WILL be brain computer interfaces. Memory offloading, recording of visual and auditory cortex data, and other more mundane uses. This may seem like fantasy/scifi. But barring some societal/technological collapse, this will eventually happen. If the precident is set for breakable encryption/back doors, this will absolutely be used to "supoena" people's "brain information" in that context. The invasive-ness will have no end.
[+] [-] newscracker|6 years ago|reply
I believe this would be a terrible idea because people's recollection of events isn't going to magically improve just because someone connects to their brains directly instead of asking them some questions under oath. Add dreams and other literally crazy things that go in people's minds and there's a big filtering problem. Judicial systems that take "brain dumps" to be the truth would remove the need for human judges, and so we'd end up with a "Minority Report" plus "1984" plus "Skynet"/"Terminator" situation...people's brains being dumped (or "hacked") all the time and any information in that dump used against them to detect pre-crime and stop it. The logical conclusion is that all humans in the future are going to be in prisons run by robots, unless they're wiped out like we've seen in many books and movies already.
[+] [-] ENGNR|6 years ago|reply
Australians also don’t think a lot in general (many exist who do but as a general populace we’re culturally weak and short on history), so the long term effects of such reassurance just never really makes it into the discussion
Anecdotally there’s been a slight uptick in my social circles recently about people genuinely caring about privacy, so maybe there’s hope
[+] [-] TallGuyShort|6 years ago|reply
[+] [-] xoa|6 years ago|reply
The real question that I would want to see some Congress person put to agencies is
>"Do you believe there should be any inherent limits at all? If we developed the technology someday to read people's minds, should it be permissible to go through their brains with a warrant? It would certainly let you find the guilty of some 'crimes', where for 'crimes' we should keep in mind that gay sex and interracial relations were felonies in the near past."
I mean that's the real thing, if security agencies could root through people's brains I see no need to beat around the bush that likely at least a few truly horrific crimes would be stopped or solved. There would be children saved, terrorists stopped, murderers caught. But I think not just the abuse of it, but even the use of it to eliminate any gray area for a human society would be so horrific that it's just plain not worth it. That yes, some children will be abused/kill, some murderers will escape, some terrorists succeed, and that really is the price we need to pay. That we should try to reduce it as much as possible but only in opposition to strong privacy and an inviolable personal sphere. And that should include artificial augmentations to our minds, which typical mobile devices are already arguably at the point of.
The incentive structures right now for law enforcement agencies and intel agencies remains geared always towards more more more, and paying attention to singular big harms rather then small harms across enormous swaths of the population. It hasn't evolved much from decades and centuries in the past arguably. I think that's the ground to fight on though, will they argue that total erasure of the private sphere is worth it? Will the public agree? I think the answer is no, and with that established it's a lot easier to argue back against "think of the children/terrorists/drugs" typical attack.
[+] [-] LinuxBender|6 years ago|reply
[+] [-] Darth_Hobo|6 years ago|reply
For example, I was 100% sure that some event in 10 years past did happen, because I was there and saw it. Then a friend of mine said that it did not happen. I did not believe and checked the recording - and yes, it did not happen. What I thought I remembered actually happened at another time with a completely different person.
[+] [-] ngngngng|6 years ago|reply
[+] [-] not_a_cop75|6 years ago|reply
[+] [-] cookie_monsta|6 years ago|reply
[+] [-] bonestamp2|6 years ago|reply
[+] [-] LinuxBender|6 years ago|reply
Step 1. Create a file sharing mechanism. (http / https / sftp / rsyncd / nntp(s) / smtp(s) / whatever)
Step 2. Start Tor.
Step 3. Share link.
[+] [-] Silhouette|6 years ago|reply
When I see comments like former Australian PM Malcolm Turnbull's "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia", I despair. Such profound ignorance should be kept well away from any sort of power. Regrettably, we haven't yet found a modern King Canute who can demonstrate the principle to our politicians and leave them without any doubt.
[+] [-] cookie_monsta|6 years ago|reply
Another fundamental point that Schneier is very strong on is that in most countries, cybersecurity responsibilities have been co-opted by the military. Being that the military thinks in offensive terms (even when considering defence), that's the position they take here as well, which explains why they would rather hoard zero days to use as weapons than disclose them so that everybody can patch and be secure.
[1]https://www.schneier.com/academic/archives/1997/04/the_risks...
[+] [-] freeflight|6 years ago|reply
On that end there's the inherent expectation of "If we can do it with analog phone, why can't we do it with digital?" by law&order politics. Another big part is also the false assumption that people have a perfect right to privacy.
In theory, people may have a right to privacy, but in practice, communication providers which actually facilitate communication are also bound by government actions [0].
[0] https://en.wikipedia.org/wiki/National_security_letter
[+] [-] snarf21|6 years ago|reply
[+] [-] doubleunplussed|6 years ago|reply
Now, I disagree with him as to what the law should be. But I think people have been ridiculously uncharitable by implying he believes ... you know, I don't even know what people are implying. They are just pointing and laughing and not making a coherent point.
[+] [-] zmmmmm|6 years ago|reply
Can you clarify? Wouldn't just having a second key which the government keeps in escrow in case they need to decrypt a message achieve exactly what you are saying is impossible?
(Note: I don't agree with the laws being created to undermine encryption ... but I think it undermines the argument against it to overstate the case.)
[+] [-] jecxjo|6 years ago|reply
It becomes unfathomable how huge of a problem this could cause and then when it happens it get swept under the rug and not a big deal. If the PM thinks its ok to have a key under the mat then I wanna know how much time he should be doing when someone gets my personal information and makes me have to deal with identity theft. Would 10 seconds of jail time for my life long struggle be acceptable? For the Equifax CEO that would have been half a year.
[+] [-] notreall1238123|6 years ago|reply
[+] [-] SkyBelow|6 years ago|reply
Some people are fundamentally willing to sacrifice rights they don't view as necessary for some temporary gain, and trying to oppose this in any more direct way can result in having one's own moral standing challenged.
[+] [-] LinuxBender|6 years ago|reply
[+] [-] alexnewman|6 years ago|reply
[+] [-] harry8|6 years ago|reply
The "censored" talks immediately had their slides put online and were extensively advertised with Schneier in particular, stating it's your duty to read them now. Nobody was arrested because the courts would not even allow a prosecution as there's no law that has been broken. The rule of law, while imperfect, means something in Australia.
Let's be very critical of what has happened here by all means, that's how we preserve a rule of law and equality before it.
[+] [-] jhare|6 years ago|reply
Conferences are nearly all in-person live ads, cloud ads disguised as talks, or tutorial talks so shallow a Googling is better.
Triple that for infosec industry.
[+] [-] draugadrotten|6 years ago|reply
As far as designing in weaknesses and/or golded keys. Well, it does not add to security, but assuming that the other nation states are already able to break encryption and read what they want, it does not weaken it either for national security reasons. What it does provide however are easy means to stop terrorists, pedos and drug dealers from conducting business. That power in the right hands is good for society, just like having people with lethal weapons in law enforcement is good for society.
Remains the risk that some bad guys could get their hands on the golden keys. Yes, design to handle that?
What else?
[+] [-] jplayer01|6 years ago|reply
The option isn't encryption broken by them or broken by us. It's secure encryption or encryption that can be broken by everybody with sufficient resources.
> Remains the risk that some bad guys could get their hands on the golden keys. Yes, design to handle that?
Yes, because secure systems are so secure that we should be trusting them to base all of the world's encryption on. It takes a single bug or intrusion to undermine everything. There's no way to design for a key that needs to be usable/accessible for when you need to access encrypted anything, while keeping it secure from bad actors.
That's even before considering how the US government and US institutions have, over the course of the past decades, pissed away any and all good will and trust that the public may have had in them. Why would anybody want to give the FBI or NSA free access to all of their data? After seeing enough stories of employees looking at naked pictures, stalking ex-girlfriends, dragnet surveillance or other gross abuses of power, there's no way these people can be trusted.
[+] [-] mcherm|6 years ago|reply
You are correct in exactly the same way that, if one assumes that the Earth is flat then it is impossible to fly around it in an airplane.
There exist cryptographic security measures that have flaws and can be broken by nation states. But there are also plenty of encryption techniques that will easily resist the efforts of even the most effective nation states (at least for the present day). The question is not whether such codes exist but whether we will pass laws preventing any law-abiding person or company from using them.
If you were right and the NSA could break these codes then they wouldn't be advocating for back doors, they would be encouraging everyone to encrypt their communications (to protect against everyone ELSE), then using their abilities to stop terrorists, pedis and drug dealers.
[+] [-] shakna|6 years ago|reply
You can't. That's pretty simple and solid.
If you have design a master key, then it's the master key. Once it's out, it's out.
[+] [-] jeroenhd|6 years ago|reply
> What it does provide however are easy means to stop terrorists, pedos and drug dealers from conducting business.
I can't remember the last time a law passed to hunt down the pedos/terrorists/drug dealers hasn't been used to surpress or hurt some part of the population. Remember when drug dealers just used SMS? When pedos exchanged magazines and floppies? When terrorists just called each other? And how the government, with all its wiretapping power, couldn't stop any of them? Encryption is a nice bonus for these people, but a lack of it is not stopping anyone. Tangentially, if a country would focus on properly treating addiction instead of making boogeymen out of those darn drug dealers we might actually get anywhere as a species.
> Remains the risk that some bad guys could get their hands on the golden keys. Yes, design to handle that?
How would that even work in a crypto system? If you have the key, you can decrypt. That's the basis of cryptography. Wishing away the glaringly obvious problem with the proposed system by telling people to "design it not to break like that" doesn't work.
[+] [-] Silhouette|6 years ago|reply
That assumption is the weakness in your argument. If you design in a systemic back door, it becomes a known fact that a hostile actor could find a way into your system, because you have created one for them. Not only that, but in the case of a golden key, if it leaks then anyone can get in.
Of course there is no guarantee that any encryption scheme is 100% unbreakable. Such is the nature of mathematics and research. But there is a fundamental difference between needing to discover a systemic weakness in an encryption scheme, say an efficient solution to the discrete logarithm problem or a side channel attack on a given implementation, and merely needing to know some master password that will work even if the mathematics of the encryption method and its practical implementation are sound.
[+] [-] binarnosp|6 years ago|reply
after all, it worked so well for the TSA security key: https://techcrunch.com/2016/07/27/security-experts-have-clon...