| HN Mirror

I called it a "side door" to make the point that we need a compromise between the front and back. The pro-encryption crowd doesn't want a back door, and the anti-encryption crowd doesn't want a front door. As Amnesty International recommends, we need some compromise.

Given that you think I'm clueless on many fundamental levels, I presume you disagree with Amnesty International.

link

WalterSear 3731 days ago

The pro-encryption crowd knows that a 'side-door' is mathematically impossible and the 'side-door' crowd know the power of magical belief.

link

aaronmhatch 3731 days ago

I agree that the answer is complicated, but I don't agree that we must appeal to mathematics to solve the problem. We need to have a discussion about what is a good compromise and how much security and privacy we have to sacrifice in order to ultimately strengthen them. We sacrifice some of our privacy and security by allowing government to break into our homes, yet we feel safer and more private because law enforcement and our justice system is on our side and works to thwart criminals. It isn't perfect, but I personally would feel less comfortable if our homes were impenetrable - think of the ramsomware cases with encryption. The fact that there's no way to unlock those encrypted machines without the key is a tragedy. You might say the answer is to stop the ramsomware nuts instead of undermining encryption, but that's like saying we should stop the pedophile from raping our kid in his impenetrable basement instead of making it so we can break in.

How do we solve this? It's hard to say, but there are solutions. foolshdropout's first Guardian link presents a good example with the TSA luggage lock standardization. That is essentially a backdoor and has led to many thefts. The flaw in that example, however, is that with enough force, a lock can be broken, and any luggage can be penetrated, making the need for master keys and standardized locks unnecessary. So, it's not a good analogy with encryption, which cannot realistically be broken into.

Giving the government master keys to standardized encryption methods is not a good way to do it. However, the FBI's method of getting Apple to disable the guess limit is a "lesser" backdoor, if you must call it that. That provides some compromise because it requires the government going to Apple for each warrant and having them on a case-by-case basis disable the limit. This adds a few hurdles to slow down the process, which is basically what encryption does in the first place, while allowing authorities to lawfully search and seize.

I'm not sure what the answer is, but I know that if we stick to absolutes (total encryption, no encryption), we are only hurting ourselves.

link

paraxisi 3731 days ago

The problem is that there is no encryption equivalent to your theorized 'lesser backdoor,' it works as intended or doesn't.

In the long run given how things are currently, I trust math to lie less than politicians, bad actors, etc. Math has no ill intent.

link

aaronmhatch 3731 days ago

In the article, I explain two options in the Apple case:

1. Apple could develop new software and give the FBI the key. That is the true back door.

2. Apple could disable the guess limit and let the government brute-force the code. This is the "lesser" back door.

In most encryption cases around the world, the government can get in with enough computing power. They can brute-force as they see fit, which is a problem for all people who support encryption. These people essentially are in favor of a method of privacy protection that works only as well as the math used to support it. In this case, the math is only so dependable.

The other option is to depend on due process, checks and balances, and the branches of power. Government cracking encryption is inevitable, so sticking to absolute encryption and refusing compromise is a losing battle in the long run. We might as well start today on working out a compromise, developing and implementing a federal system that appropriately handles the privacy of our communications.

link

osivertsson 3731 days ago

There is a value for me that emergency services can enter my home with force if I'm in distress.

But what is the value for me that someone else than the indended recipient can read a message I wanted to keep private?

link

aaronmhatch 3731 days ago

There is no clear value to you, just like there is no value to you that a criminal could break into your window and watch you sleeping at night. For your security and privacy, you'd be better off having no windows.

That an unintended person can read your private messages is an unfortunate consequence of compromise. What we'd have to do is figure out a way to implement a security system that detects all intruders via cyber-forensics or whatever other effective means.

I see the consequences of unrestricted encryption as more severe than the consequences of restricted encryption.

link