Discussion:
[IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Dave Farber
2018-12-02 01:37:05 UTC
Permalink
Haven’t we been around this idea many many times like Clipper chip etc

Is there no memory in the system?

Dave
Date: December 2, 2018 7:45:56 JST
Subject: Re: [IP] What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Might as have asked “If pigs could fly”. IMHO it is not possible to have encryption backdoors that won’t be abused beyond their intended users.
Bob
https://www.lawfareblog.com/what-if-responsible-encryption-back-doors-were-possible
What if Responsible Encryption Back-Doors Were Possible?
This is part of a series of essays from the Crypto 2018 Workshop on Encryption and Surveillance.
One of the fundamental constitutional precepts that the U.S. Supreme Court has recognized is the presumption of privacy. This presumption is manifested as limits on government intrusion into the private lives of American citizens. But these limits are not an absolute in American jurisprudence, nor are they present in all democracies. For instance, my conversation in a public place may be overheard, but there is nothing to stop me from taking actions and employing tools to enhance the privacy of my effects and communications. Absent extraordinary circumstances, I have a right to hide my artifacts and conceal my conversations, and I may also engage the assistance of a third party as an agent in doing so. Manufacturers of curtains and blinds may sell their products without building in features that make them transparent to law enforcement authorities; safes may be sold without retaining keys or combinations to provide exceptional access against the will of the purchaser; and encryption products may be sold that protect the privacy of data without restriction.
Under exceptional circumstances and with appropriate judicial review, law enforcement may be permitted to attempt to violate my privacy. But a search warrant is so-named because it grants a right to search—not a guarantee to find. Law enforcement authorities may also request and even compel my agent to provide information on any assistance rendered to me. But there is no prior restriction on the advice or tools that my agent may offer.
Let us now posit the existence of a responsible exceptional access technology, one that secures and protects the privacy of data with encryption, but also provides law enforcement authorities with access to that data. “Responsible” here describes a technology that achieves the desired effect of providing designated authorities with controlled access to data without creating undue risks of data being released to unauthorized parties. It should be noted that data breaches are all too frequent today and that complexity is regarded as the enemy of security. Thus, despite the dearth of proposals to provide responsible access and the expert analyses that enumerate reasons why it is likely unattainable, let us assume that such technology is possible. The next step is to consider the consequences of mandating its use. Even if we could build it, the question remains of whether we should build it.
In the current landscape, the security interests of technology vendors and their customers are generally aligned. Vendors act as their customers’ advocates. The relationship is, of course, imperfect. There are cases where vendors fail to adequately protect their customers and suffer consequences in the marketplace. Just as an attorney who provides poor counsel may not fare well, vendors who are careless with their customers’ data may not survive. Vendors have incentives to secure their customers’ data, and customers have incentives to purchase products and services from vendors who protect them well. Prices are certainly a consideration, and customers will not always pay a premium for better security, but all other things being equal, a rational consumer will select a vendor that provides better security.
Privacy and security are partners, but they are not interchangeable. An agent who is incented to protect my security may also have incentives to violate my privacy. However, when I seek to engage an agent to maintain the confidentiality of my data, an agent who does so steadfastly will be more valuable to me than one who protects my confidentiality only with caveats and conditions.
Introducing exceptional access technology alters the marketplace by increasing costs and reducing protections. It transforms the vendor from its role as an unqualified advocate to that of an equivocal actor who may or may not betray the confidence of its customers. The trust relationship is compromised, and vendors are prevented from serving as unambiguous and full-throated advocates of their customers and their interests.
If customers can choose between vendors offering products that are otherwise comparable, those that include provisions for law enforcement access will be at a competitive disadvantage. To be effective, therefore, all comparable products within a market (e.g. all mobile phones purchased or used with the U.S.) must be required to incorporate the technology.
A government could ban the sale of curtains and window shades and instead insist that those who want to block the view must purchase windows which can be made opaque electronically—with the stipulation that exceptional access features allow for the opacity to be overridden remotely. This is not impossible, but it would add significant costs, create a risk of windows becoming transparent at inopportune times (either due to malfunction or malicious attack), and establish a booming market for fabric stores to sell other materials that happen to be sized to perfectly fit windows.
The analogy to encryption is not far afield. The greatest difference may be that encryption technologies are virtual and are therefore easier to reproduce and transport. Ciphers that are beyond the ability of governments to break are described in detail in millions of textbooks that have been used to teach untold numbers of students around the globe.
The point here is that a customer who wants privacy can still utilize a device in which a law enforcement access technology has been embedded. A customer need only pre-encrypt sensitive data before using the device. The device can then be used precisely as intended, and a second layer of encryption will be applied. If a lawful exceptional access process is undergone, only the second encryption layer will be removed—revealing not the clear data but instead the pre-encrypted data produced by the customer.
The interesting question is the extent to which vendors will go to facilitate this alternative, and the likely answer is that many will go as far as legally permitted. Their customers will demand nothing less. Twenty years ago, U.S. regulators used export controls to thwart dissemination of encryption tools. Such tools were classified as munitions, and vendors were required to register as arms dealers to export them. This had a chilling effect on domestic distribution of encryption tools since U.S. vendors did not want to risk the legal jeopardy that might ensue should a single instance of a product be exported—whether inadvertently by vendors themselves or by third parties.
Americans could freely import and use products that included strong encryption, and U.S. vendors could not effectively compete with these imports. This allowed overseas vendors to be better advocates for U.S. customers than domestic vendors. In 2000, the export control regime was largely abandoned due to the harm it caused to U.S. vendors and the negative impact on data security. An exceptional access mandate today would sever the advocacy that vendors currently offer their customers and do substantial harm to both. The impact would be worse than it was in the pre-2000 era, when vendors were simply limited in the kinds of security they were able to offer—not required to provide explicit exceptional access.
As we have seen from numerous accounts, law enforcement authorities already have access today to unencrypted data. Keyloggers and other malware can be surreptitiously placed on devices of targeted individuals, and tools exist to crack open locked mobile phones. These means of access can be resource intensive, but that is a desirable property. The plea to mandate exceptional access technology is an attempt to remove these resource constraints and enable simple, economical, push-button access. But whether they recognize such or not, what officials are seeking when they call for easier access is mass-surveillance capabilities. This may not be their intent, but if it is easy and inexpensive to surveil one individual, then surveilling many is affordable and manageable, and the temptation will be great.
Americans should have an unfettered right to protect their own data, vendors should have the right to provide law-abiding citizens with tools and services to support their rights, and law enforcement authorities should have to expend resources when they are authorized to attempt to circumvent these protections. Make no mistake: Even if it could be built, “responsible” law enforcement access technology is not responsible at all.
Archives | Modify Your Subscription | Unsubscribe Now
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181201203718:CC2E7BEA-F5D2-11E8-A252-9D21217BACD2
Powered by Listbox: https://www.listbox.com
Dave Farber
2018-12-02 03:27:22 UTC
Permalink
Date: December 2, 2018 10:46:39 JST
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Post by Dave Farber
Haven’t we been around this idea many many times like Clipper chip etc
Is there no memory in the system?
We have been. There's just a dogged persistence among those who would like the first-order job of the government knowing things for control to be easy. I heard Herb Lin speak on this at an industry event, and it was like Clipper all over again. Stu Baker similarly. I'm not exactly sure what drives either, as Baker hasn't been working for the NSA for decades, and Herb is at Stanford. But both are fine with the potential to arm fascists in the information age.
Meanwhile, I'm back looking for work, as Rocket Lawyer (which had been a fascinating four months) seems to be imploding, and let a lot of us go. But the market is great... I've got a site interview with a Kleiner-backed tech-start up in a week, and interviews for a privacy engineer position with a major non-profit.
But ideas for where else to look always solicited gratefully!
Ross
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181201222733:32A63A48-F5E2-11E8-ABE8-84AB8E08B81E
Powered by Listbox: https://www.listbox.com
Dave Farber
2018-12-02 05:44:37 UTC
Permalink
Date: December 2, 2018 at 2:34:06 PM GMT+9
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
There is intentionally no memory in those who bastards who believe
they will eventually grind us down. Carborundum illegitimi ...
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181202004447:5EC12102-F5F5-11E8-A98F-DC0910DD1611
Powered by Listbox: https://www.listbox.com
Dave Farber
2018-12-02 06:41:33 UTC
Permalink
Date: December 2, 2018 15:25:49 JST
Subject: RE: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Here’s the industry event to which Ross refers
Ross is right that I said some things that were said during the Clipper debate. That’s because some of the things said in favor of Clipper were valid. That doesn’t mean that Clipper was a good idea.
If someone wants to challenge me on something specific that I said during that talk, I’m happy to engage in that discussion. That includes Ross, by the way.
The short version of what I said – or what I was trying to say, in any case—was that the technical debate is over as far as I am concerned – I fully accept the conclusion that it is impossible to develop an encryption system with exceptional access that is as secure as one without it. But the advocates of responsible encryption are asking for something else—they are asking for the most secure system possible subject to the constraint that exceptional access is possible. Whatever system comes out of that process *will* be less secure than what is possible without exceptional access.
Whether the diminished security is or is not worth the benefits to law enforcement is a policy question, not a technical question. Advocates of exceptional access say “yes”, privacy advocates say “no.” Both are reasonable answers, but neither should pretend that their judgments are technically based—they are policy judgments. For myself, I note that policy judgments – unlike technical conclusions – are necessarily made in the particular societal and political circumstances extant at the moment of that judgment, and so anyone making a policy judgment ought to take those circumstances into account.
I confess to being surprised at Ross’s assertion that I am “fine with the potential to arm fascists in the information age,” which is as close to an ad hominem attack as I’ve ever heard him make on me or anyone else. If intellectual honesty is part of the that potential, then I regret that I have to plead guilty. But by the same token, I think that anyone who works to develop better information technology also has to plead guilty, since it’s impossible to make information technology unusable by fascists.
Herb
=======================================================================
Herb Lin
Senior Research Scholar, Center for International Security and Cooperation
Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution
Stanford University
Stanford, CA 94305 USA
Sent: December 1, 2018 7:27 PM
Subject: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Date: December 2, 2018 10:46:39 JST
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Haven’t we been around this idea many many times like Clipper chip etc
Is there no memory in the system?
We have been. There's just a dogged persistence among those who would like the first-order job of the government knowing things for control to be easy. I heard Herb Lin speak on this at an industry event, and it was like Clipper all over again. Stu Baker similarly. I'm not exactly sure what drives either, as Baker hasn't been working for the NSA for decades, and Herb is at Stanford. But both are fine with the potential to arm fascists in the information age.
Meanwhile, I'm back looking for work, as Rocket Lawyer (which had been a fascinating four months) seems to be imploding, and let a lot of us go. But the market is great... I've got a site interview with a Kleiner-backed tech-start up in a week, and interviews for a privacy engineer position with a major non-profit.
But ideas for where else to look always solicited gratefully!
Ross
Archives | Modify Your Subscription | Unsubscribe Now
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181202014143:52B1F604-F5FD-11E8-85E6-D6E6479B74A0
Powered by Listbox: https://www.listbox.com
Dave Farber
2018-12-02 08:49:16 UTC
Permalink
Date: December 2, 2018 at 5:24:22 PM GMT+9
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Dave,
I truly don't understand the motivations of folks asking for "responsible encryption". Surely they realize that the bad actors (at least the smart ones) to which whose data this is intended to permit access will simply, as the original article points out, layer in their own DIY security? I don't see the win... other than from being able to prosecute people who do this, in the absence of any other direct evidence of criminality. The systemic risks induced by the potential for wholesale exposure of ostensibly secure data seem overwhelming for such a small "win". I don't even see this as a "policy judgment", because once you concede that a system is less secure, you're also conceding that compromise is possible, and I don't see how you can rationally argue that any risk of such is acceptable, given the nature of the entities and systems who would be compelled to use "responsible encryption".
Regards,
Thomas Leavitt
Date: December 2, 2018 15:25:49 JST
Subject: RE: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Here’s the industry event to which Ross refers http://youtu.be/tH7pHJAO1t8 Ross is right that I said some things that were said during the Clipper debate. That’s because some of the things said in favor of Clipper were valid. That doesn’t mean that Clipper was a good idea.
If someone wants to challenge me on something specific that I said during that talk, I’m happy to engage in that discussion. That includes Ross, by the way.
The short version of what I said – or what I was trying to say, in any case—was that the technical debate is over as far as I am concerned – I fully accept the conclusion that it is impossible to develop an encryption system with exceptional access that is as secure as one without it. But the advocates of responsible encryption are asking for something else—they are asking for the most secure system possible subject to the constraint that exceptional access is possible. Whatever system comes out of that process *will* be less secure than what is possible without exceptional access.
Whether the diminished security is or is not worth the benefits to law enforcement is a policy question, not a technical question. Advocates of exceptional access say “yes”, privacy advocates say “no.” Both are reasonable answers, but neither should pretend that their judgments are technically based—they are policy judgments. For myself, I note that policy judgments – unlike technical conclusions – are necessarily made in the particular societal and political circumstances extant at the moment of that judgment, and so anyone making a policy judgment ought to take those circumstances into account.
I confess to being surprised at Ross’s assertion that I am “fine with the potential to arm fascists in the information age,” which is as close to an ad hominem attack as I’ve ever heard him make on me or anyone else. If intellectual honesty is part of the that potential, then I regret that I have to plead guilty. But by the same token, I think that anyone who works to develop better information technology also has to plead guilty, since it’s impossible to make information technology unusable by fascists.
Herb
=======================================================================
Herb Lin
Senior Research Scholar, Center for International Security and Cooperation
Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution
Stanford University
Stanford, CA 94305 USA
Sent: December 1, 2018 7:27 PM
Subject: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Date: December 2, 2018 10:46:39 JST
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Haven’t we been around this idea many many times like Clipper chip etc
Is there no memory in the system?
We have been. There's just a dogged persistence among those who would like the first-order job of the government knowing things for control to be easy. I heard Herb Lin speak on this at an industry event, and it was like Clipper all over again. Stu Baker similarly. I'm not exactly sure what drives either, as Baker hasn't been working for the NSA for decades, and Herb is at Stanford. But both are fine with the potential to arm fascists in the information age.
Meanwhile, I'm back looking for work, as Rocket Lawyer (which had been a fascinating four months) seems to be imploding, and let a lot of us go. But the market is great... I've got a site interview with a Kleiner-backed tech-start up in a week, and interviews for a privacy engineer position with a major non-profit.
But ideas for where else to look always solicited gratefully!
Ross
Archives | Modify Your Subscription | Unsubscribe Now
--
Thomas Leavitt
Internet enabled since 1990
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181202034932:2DFDC830-F60F-11E8-A329-E450495B656A
Powered by Listbox: https://www.listbox.com
Dave Farber
2018-12-02 14:58:37 UTC
Permalink
Date: December 2, 2018 at 6:08:42 PM GMT+9
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
There is memory in the system, though the writer of the essay is carefully not using words like Clipper so as to argue a priori.
I was puzzled on seeing that it was written by a senior cryptographer at Microsoft. Then I read it. It’s is a carefully argued piece pointing out that this genie has escaped the bottle and isn’t going back.
The final sentence: ‘Make no mistake: Even if it could be built, “responsible” law enforcement access technology is not responsible at all.’
It’s pointing out to those who wish for it that you can’t have a thermodynamic-second-law-violating machine, and that it might not be good even if you did.
best
Charles
Post by Dave Farber
Haven’t we been around this idea many many times like Clipper chip etc
Is there no memory in the system?
Dave
Date: December 2, 2018 7:45:56 JST
Subject: Re: [IP] What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Might as have asked “If pigs could fly”. IMHO it is not possible to have encryption backdoors that won’t be abused beyond their intended users.
Bob
https://www.lawfareblog.com/what-if-responsible-encryption-back-doors-were-possible
What if Responsible Encryption Back-Doors Were Possible?
This is part of a series of essays from the Crypto 2018 Workshop on Encryption and Surveillance.
One of the fundamental constitutional precepts that the U.S. Supreme Court has recognized is the presumption of privacy. This presumption is manifested as limits on government intrusion into the private lives of American citizens. But these limits are not an absolute in American jurisprudence, nor are they present in all democracies. For instance, my conversation in a public place may be overheard, but there is nothing to stop me from taking actions and employing tools to enhance the privacy of my effects and communications. Absent extraordinary circumstances, I have a right to hide my artifacts and conceal my conversations, and I may also engage the assistance of a third party as an agent in doing so. Manufacturers of curtains and blinds may sell their products without building in features that make them transparent to law enforcement authorities; safes may be sold without retaining keys or combinations to provide exceptional access against the will of the purchaser; and encryption products may be sold that protect the privacy of data without restriction.
Under exceptional circumstances and with appropriate judicial review, law enforcement may be permitted to attempt to violate my privacy. But a search warrant is so-named because it grants a right to search—not a guarantee to find. Law enforcement authorities may also request and even compel my agent to provide information on any assistance rendered to me. But there is no prior restriction on the advice or tools that my agent may offer.
Let us now posit the existence of a responsible exceptional access technology, one that secures and protects the privacy of data with encryption, but also provides law enforcement authorities with access to that data. “Responsible” here describes a technology that achieves the desired effect of providing designated authorities with controlled access to data without creating undue risks of data being released to unauthorized parties. It should be noted that data breaches are all too frequent today and that complexity is regarded as the enemy of security. Thus, despite the dearth of proposals to provide responsible access and the expert analyses that enumerate reasons why it is likely unattainable, let us assume that such technology is possible. The next step is to consider the consequences of mandating its use. Even if we could build it, the question remains of whether we should build it.
In the current landscape, the security interests of technology vendors and their customers are generally aligned. Vendors act as their customers’ advocates. The relationship is, of course, imperfect. There are cases where vendors fail to adequately protect their customers and suffer consequences in the marketplace. Just as an attorney who provides poor counsel may not fare well, vendors who are careless with their customers’ data may not survive. Vendors have incentives to secure their customers’ data, and customers have incentives to purchase products and services from vendors who protect them well. Prices are certainly a consideration, and customers will not always pay a premium for better security, but all other things being equal, a rational consumer will select a vendor that provides better security.
Privacy and security are partners, but they are not interchangeable. An agent who is incented to protect my security may also have incentives to violate my privacy. However, when I seek to engage an agent to maintain the confidentiality of my data, an agent who does so steadfastly will be more valuable to me than one who protects my confidentiality only with caveats and conditions.
Introducing exceptional access technology alters the marketplace by increasing costs and reducing protections. It transforms the vendor from its role as an unqualified advocate to that of an equivocal actor who may or may not betray the confidence of its customers. The trust relationship is compromised, and vendors are prevented from serving as unambiguous and full-throated advocates of their customers and their interests.
If customers can choose between vendors offering products that are otherwise comparable, those that include provisions for law enforcement access will be at a competitive disadvantage. To be effective, therefore, all comparable products within a market (e.g. all mobile phones purchased or used with the U.S.) must be required to incorporate the technology.
A government could ban the sale of curtains and window shades and instead insist that those who want to block the view must purchase windows which can be made opaque electronically—with the stipulation that exceptional access features allow for the opacity to be overridden remotely. This is not impossible, but it would add significant costs, create a risk of windows becoming transparent at inopportune times (either due to malfunction or malicious attack), and establish a booming market for fabric stores to sell other materials that happen to be sized to perfectly fit windows.
The analogy to encryption is not far afield. The greatest difference may be that encryption technologies are virtual and are therefore easier to reproduce and transport. Ciphers that are beyond the ability of governments to break are described in detail in millions of textbooks that have been used to teach untold numbers of students around the globe.
The point here is that a customer who wants privacy can still utilize a device in which a law enforcement access technology has been embedded. A customer need only pre-encrypt sensitive data before using the device. The device can then be used precisely as intended, and a second layer of encryption will be applied. If a lawful exceptional access process is undergone, only the second encryption layer will be removed—revealing not the clear data but instead the pre-encrypted data produced by the customer.
The interesting question is the extent to which vendors will go to facilitate this alternative, and the likely answer is that many will go as far as legally permitted. Their customers will demand nothing less. Twenty years ago, U.S. regulators used export controls to thwart dissemination of encryption tools. Such tools were classified as munitions, and vendors were required to register as arms dealers to export them. This had a chilling effect on domestic distribution of encryption tools since U.S. vendors did not want to risk the legal jeopardy that might ensue should a single instance of a product be exported—whether inadvertently by vendors themselves or by third parties.
Americans could freely import and use products that included strong encryption, and U.S. vendors could not effectively compete with these imports. This allowed overseas vendors to be better advocates for U.S. customers than domestic vendors. In 2000, the export control regime was largely abandoned due to the harm it caused to U.S. vendors and the negative impact on data security. An exceptional access mandate today would sever the advocacy that vendors currently offer their customers and do substantial harm to both. The impact would be worse than it was in the pre-2000 era, when vendors were simply limited in the kinds of security they were able to offer—not required to provide explicit exceptional access.
As we have seen from numerous accounts, law enforcement authorities already have access today to unencrypted data. Keyloggers and other malware can be surreptitiously placed on devices of targeted individuals, and tools exist to crack open locked mobile phones. These means of access can be resource intensive, but that is a desirable property. The plea to mandate exceptional access technology is an attempt to remove these resource constraints and enable simple, economical, push-button access. But whether they recognize such or not, what officials are seeking when they call for easier access is mass-surveillance capabilities. This may not be their intent, but if it is easy and inexpensive to surveil one individual, then surveilling many is affordable and manageable, and the temptation will be great.
Americans should have an unfettered right to protect their own data, vendors should have the right to provide law-abiding citizens with tools and services to support their rights, and law enforcement authorities should have to expend resources when they are authorized to attempt to circumvent these protections. Make no mistake: Even if it could be built, “responsible” law enforcement access technology is not responsible at all.
Archives | Modify Your Subscription | Unsubscribe Now
This message was sent to the list address and trashed, but can be found online.
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181202095847:C3A3B47A-F642-11E8-84CA-925BF7F6645A
Powered by Listbox: https://www.listbox.com
Dave Farber
2018-12-02 14:56:34 UTC
Permalink
Date: December 2, 2018 at 10:27:52 PM GMT+9
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Dave
This debate reminded me of a long piece I posted to my blog in 2016 on the Apple IoS security debate
Regards
Tom
http://www.tomglocer.com/2016/03/03/apple-back-doors-and-the-city-on-a-hill/
Apple, Back Doors and the City on a Hill
Bad facts make bad law. This well-worn legal aphorism may well describe the state of American privacy law if the FBI is successful in its bid to compel Apple to write a special version of its iPhone operating system to provide a “back door” into one of its legacy devices.
Ostensibly, the question presented is whether Apple can refuse a court order to assist the FBI in gathering evidence from one specific phone provided by the employer of a dead terrorist. However, the potential precedential significance of the case is far greater.
The late Syed Rizwan Farook, together with his wife, Tashfeen Malik, killed 14 people and wounded 22 others in San Bernardino, California before meeting a swift and just end. As part of its investigation, the Federal Bureau of Investigation sought and obtained an court order under the All Writs Act of 1789 ordering Apple to write a special version of its iOS to defeat two security features included in the operating system of Farook’s legacy 5c iPhone. In its request, the FBI was at pains to stress the supposedly limited nature of the cooperation sought: just a little bit of code to be downloaded one time on a single out-of-date phone owned by the government employer of a dead terrorist-murderer. How could that be unreasonable?
In this case I believe it is, but the decision is neither an easy one nor an absolute one for all cases. Rather, as I argue below, these types of requests by law enforcement should be judged on a reasonableness standard based on their unique facts and circumstances, with personal privacy and freedom of communication given a strong but rebuttable presumption.
The Farouk case is just one of many requests the FBI has made to Apple to assist it in recovering information believed to be stored on its phones or in the iCloud. The FBI has chosen well to litigate this matter as the Farook set of facts makes an attractive test case for them. While Apple has generally complied with such requests in the past, it has refused in this instance because it argues that in balancing public safety versus our right to privacy, acceding to the FBI request in this case would set a dangerous precedent. In particular, Apple argues that it will be impossible to limit the “back door” the FBI seeks to only unlock the late terrorist’s phone without jeopardizing others. To understand why requires some additional background on Apple technology and criminal procedure.
What the FBI is asking Apple to do in the Farook case is to create a special version of the iOS (it has been dubbed “govtOS”) that once installed on Farook’s 5c will (i) allow an unlimited number of attempts to enter the four-digit passcode and (ii) eliminate the artificial and progressive delay that the standard iOS introduces after repeated failed attempts. This will allow the FBI to use what is known as a “brute force” technique to try up to all of the 10,000 possible four-key combinations needed to unlock the phone.
The FBI analogizes its request to serving a lawful search warrant on a landlord to gain access to a suspect’s apartment with a master key. I think a more apt analogy would be a request to the landlord to send a team of its handymen to replace an existing wall of the suspect’s apartment with a new fake wall that includes a secret doorway. The extraordinary nature of the request consists in forcing the recipient to build something it would not otherwise undertake and which, in fact, it believes would render the apartment (or phone) insecure. The secret doorway like the special iPhone back door would permit anyone less trustworthy than the FBI to access the contents of the apartment/phone.
As for the criminal procedure context, it is important to understand what would happen if and when the FBI gained access to Farook’s phone. In particular, to determine whether the FBI would be able to keep its promise that the special back door created for the Farook case would never become public or fall into dangerous hands. Since both prime suspects are dead, investigators probably want the phone to discover if there are accomplices who could be identified via information currently encrypted on the phone or if there is other information that would be useful in preventing future attacks or adding to our understanding of terrorist networks. There is no suggestion, however, that there exists a clear and present danger of another specific attack or lives in danger that makes access to the contents of Farook’s phone critical. This would, like in the First Amendment free speech context from which I borrow this talismanic words, convince me to overcome my presumption in favor of personal privacy and agree to the FBI request. Absent such an extreme threat, I assume the investigation might play out on the following lines: I imagine that via access to Farook’s phone, the FBI could discover, arrest and charge one or more other conspirators. What would happen next? The defense lawyers and their forensic experts would demand access to the rogue govtOS code to dispute that the system worked as alleged to implicate their client. For example, they would be free to argue that the name of their client was inserted by the FBI via the special govtOS code and not present in the original memory. Thus, at least to me, it does not sound farfetched that the back door code would then be released and pass through many hands, exposing us all to cyber insecurity.
While we are on the subject of the law, I find it ironic that all of the candidates seeking the 2016 Republican nomination extol their steadfast dedication to the Second Amendment to the US Constitution (conferring a right to bear arms), but rush quickly to condemn Apple for refusing to comply with the magistrate’s ex parte order to build a back door into the iPhone. As I understand it, a major tenet of the conservatives’ insistence on the right to carry concealed weapons or automatic rifles is that this will protect Americans from the potential tyranny of their government. However, if my goal is protecting liberty, I find it far more effective to protect our right of free speech and freedom of assembly by allowing the use of encrypted communications than maintaining an arsenal at home that I can use against a drone-equipped national military. Hence my preference for a rebuttable presumption in favor of privacy, just as I support the right of Americans to own guns, just not AR 15 automatic weapons – Constitutional rights should not be absolute when they bump up against each other.
Finally, I believe there is one additional and decisive reason to support Apple in its refusal to create even “limited” back doors. The Internet is a great force for freedom and democracy based on its ability to connect us, remove friction and rapidly disseminate information. Like most technologies, it is also “dual use” and can facilitate terrorist coordination and cybercrime. No matter how noble the motives of the FBI in seeking to crack Syed Farook’s iPhone, repressive regimes around the world are watching and will happily order Apple and other American technology companies to write potentially more dangerous and intrusive “limited” instruments to facilitate their law enforcement efforts. They may do so even if US courts ultimately support Apple’s position; however, the United States should not abandon the moral high ground.
The City on a Hill should not leave the back door open.
Published March 3, 2016, at 9:32 pm by tomglocer
Comment
Date: December 2, 2018 15:25:49 JST
Subject: RE: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Here’s the industry event to which Ross refers http://youtu.be/tH7pHJAO1t8 Ross is right that I said some things that were said during the Clipper debate. That’s because some of the things said in favor of Clipper were valid. That doesn’t mean that Clipper was a good idea.
If someone wants to challenge me on something specific that I said during that talk, I’m happy to engage in that discussion. That includes Ross, by the way.
The short version of what I said – or what I was trying to say, in any case—was that the technical debate is over as far as I am concerned – I fully accept the conclusion that it is impossible to develop an encryption system with exceptional access that is as secure as one without it. But the advocates of responsible encryption are asking for something else—they are asking for the most secure system possible subject to the constraint that exceptional access is possible. Whatever system comes out of that process *will* be less secure than what is possible without exceptional access.
Whether the diminished security is or is not worth the benefits to law enforcement is a policy question, not a technical question. Advocates of exceptional access say “yes”, privacy advocates say “no.” Both are reasonable answers, but neither should pretend that their judgments are technically based—they are policy judgments. For myself, I note that policy judgments – unlike technical conclusions – are necessarily made in the particular societal and political circumstances extant at the moment of that judgment, and so anyone making a policy judgment ought to take those circumstances into account.
I confess to being surprised at Ross’s assertion that I am “fine with the potential to arm fascists in the information age,” which is as close to an ad hominem attack as I’ve ever heard him make on me or anyone else. If intellectual honesty is part of the that potential, then I regret that I have to plead guilty. But by the same token, I think that anyone who works to develop better information technology also has to plead guilty, since it’s impossible to make information technology unusable by fascists.
Herb
=======================================================================
Herb Lin
Senior Research Scholar, Center for International Security and Cooperation
Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution
Stanford University
Stanford, CA 94305 USA
Sent: December 1, 2018 7:27 PM
Subject: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Date: December 2, 2018 10:46:39 JST
Subject: Re: [IP] Re What if Responsible Encryption Back-Doors Were Possible? - Lawfare
Haven’t we been around this idea many many times like Clipper chip etc
Is there no memory in the system?
We have been. There's just a dogged persistence among those who would like the first-order job of the government knowing things for control to be easy. I heard Herb Lin speak on this at an industry event, and it was like Clipper all over again. Stu Baker similarly. I'm not exactly sure what drives either, as Baker hasn't been working for the NSA for decades, and Herb is at Stanford. But both are fine with the potential to arm fascists in the information age.
Meanwhile, I'm back looking for work, as Rocket Lawyer (which had been a fascinating four months) seems to be imploding, and let a lot of us go. But the market is great... I've got a site interview with a Kleiner-backed tech-start up in a week, and interviews for a privacy engineer position with a major non-profit.
But ideas for where else to look always solicited gratefully!
Ross
--
Thomas Leavitt
Internet enabled since 1990
Archives | Modify Your Subscription | Unsubscribe Now
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181202095644:7A62B5F4-F642-11E8-880E-95AD6110C767
Powered by Listbox: https://www.listbox.com

Loading...