[Alupis]

I risk getting a little too "meta" here, but I feel it will be constructive for us all, and I hope it's ok this one time.

> Please stop doing this

Most of your responses to myself and others begin with a line similar to this. It's meta in itself, but also puts people a little off. We're debating things here, and we seem to disagree on some points... but that's OK since that's really what we're here for. You can't ask people to stop disagreeing with you, but if you feel strongly, you may choose not to respond.

> It really bothers me when people erroneously suggest that I support crypto backdoors.

You have stated this several times, and I do believe you. The problem here is that we're not (and the government's not) just discussing backdoors, but other means such as purposefully weakening encryption, outright bans, or other methods of subverting strong encryption. Stating you don't support backdoors is only one small component of what's at stake here. It's almost a level of misdirection or a half-statement to throw this in whenever someone attacks your argument. In addition - you have made good arguments which seem to illustrate the problems with having universal default unbreakable encryption. This leads one to believe you are in opposition of such.

> My issue is that universal default unbreakable encryption doesn't just break dragnet surveillance, but also breaks discovery and evidence recovery done under a warrant in routine investigations.

This is an example of one argument that seems to favor subverting strong encryption by some means. If you do not support universal default unbreakable encryption, then you must be against it on some level. If you're against it on some level, then the logical conclusion is you support one or many of the government suggested solutions, such as banning/backdooring/weakening. As mentioned, you do not support backdooring, but that leaves two other options that are being actively pursued by the government.

> I'm going to hazard that I've done more work to help foil attempts to break crypto than you have. My bona fides here are established

This is largely irrelevant information. I am aware of your background - however one's professional view is not always the same as one's personal view. Being a security professional and thoughts on encryption are not mutually exclusive.

> no matter how you choose to misread my comments

I think this issue isn't really a misread, but rather the half statements about backdooring. I probably didn't articulate that difference properly, but I submit you failed to do the same.

In any event, it seems we mostly agree on this subject really, although we both argue it differently.

[tptacek]

My meta argument is that we will all fare better in the policy debate to come if we are honest and careful about the opposing side's arguments. Our arguments should be honed to beat their best arguments, seen in their best possible light.

I'm not making half-statements about backdoors. There is no daylight that I can perceive between "backdoor" and "weakened encryption". When I say "universal default unbreakable crypto", that is exactly what I mean.

[Alupis]

> we will all fare better in the policy debate to come if we are honest and careful about the opposing side's arguments

I think we agree on this point. The largest problem faced is making policy makers understand the ramifications of tampering with encryption in any form, be it backdooring algorithms, weakening the encryption, outright bans or some other method to subvert encryption attempts. It would be foolish to do any of the above, since the result is a less safe technology infrastructure for the country in whole.

> There is no daylight that I can perceive between "backdoor" and "weakened encryption"

When I say "weakened encryption", I'm referring to mandates on maximum key size, etc... similar to what we had back in the 90's. We learned through trial that purposefully reducing encryption strength has short term benefits, but leads to long term security problems (there's still a need for some to use SGC certs!)... why repeat this nonsense?

You mentioned something about due process and discovery in another post -- Me refusing to give the decryption key to my phone is no different than me setting fire to my "evil secrets" notebook... or refusing to give the combination to my safe. We already have laws in place that deal with this, and they work. The government doesn't need a secret key that can open any safe or door no more than they need a secret key that can open any encrypted file. Our problem is we have policy makers who fundamentally believe the government should have a master key to everything.

We should also remind our policy makers we're only discussing this now in the open because we caught the NSA red handed doing all of these things in secret, plus more. They paid RSA to deliberately weaken algorithms, they actively captured and attempted to break encrypted files without warrants, they engaged the private sector in both subvert and overt attempts to remove encryption, and when all else failed, they just circumvented the entire thing.

The public reaction to all this was to make the NSA's attempts to violate individual's privacy much harder. If the NSA had been a good citizen, people and companies may have been more receptive to working with them (although end-to-end encryption was still going to happen, because it's the right thing to do with a customer's data).

The biggest problem with the government's desire to weaken or ban encryption is the "bad guys" will still use strong encryption methods -- they don't follow the law by definition. Other nations will still develop and use strong encryption, so it won't disappear. This leaves only normal folks vulnerable to both government overreach, as well as to the "bad guys".

[tptacek]

Nobody who knows anything about me thinks that I'm OK with deliberately weakened cryptography of any sort. I'd like to ask you again to stop implying otherwise.

[Alupis]

> I'd like to ask you again to stop implying otherwise.

I don't see where I made that insinuation. I also don't see where you made that strong stand... so it doesn't really matter.

Please stop asking people to stop things - it's petty and annoying. Make your case clear, and knock off the half-speak.

[schoen]

I think tptacek's views were already made pretty clear earlier in the thread and his meta point is something quite like

http://lesswrong.com/lw/gz/policy_debates_should_not_appear_...

It's fair to argue that he overstates the benefit of surveillance to law enforcement or that it wouldn't be bad if law enforcement got harder or more expensive in various ways or that it's unfortunate that law enforcement ever came to rely on electronic surveillance in the first place, but I think he made very clear that he did not support limits on encryption, which makes it kind of unfair to challenge him on that aspect. He has been saying that he wishes fellow opponents of crypto restrictions would be more sympathetic to the view that easy availability of crypto has some disadvantages to society, so maybe it would be more helpful to engage on that point. :-)