| > view it from NIST's (/ NSA's) perspective for the sake of
argument. Maybe there's a specific threat where NIST (or presumably
the NSA) believes it has a mandate to insert a backdoor. Without any /sarcasm tags I have to take that on face value, and
frankly there are few words to fully describe what a colossally stupid
idea (not your idea, I am sure) that is. Belief in containable
backdoors is the height of naivety and recklessly playing fast and
loose with everyone's personal security, our entire economy and
national security. That is to say, even taking Hollywood Terror Plots into consideration
[0], I don't believe there is ever a "mandate to insert a backdoor". > In order to successfully do this, NIST needs to maintain a very
large bank of social capital and industry trust that it can spend on
very narrow issues. Having some "trust to burn" is great for lone operatives, undercover
mercs, double agents and crooks that John le Carre described as
fugitives living by the seat of expedient alliances and fast
goodbyes. Fine if you can disappear tomorrow, reinvent yourself and
pop up somewhere else anew. But absolutely no use for institutions holding on to any hope for
permanence and the power that brings. > The inevitable outcome is that NIST loses much of its influence on
the industry, which certainly is not in its own interest. Exactly this. And corrosion of institutional trust is a massive
loss. Not for NIST or a bunch of corrupt academics who'd stop getting
brown envelopes to stuff their pockets, but for the entire world. But since you obliquely raise an interesting question... what is
NIST's "interest" here? Surely we're not saying that by spending trust "on very narrow issues"
it's ultimate ploy is to deceive, defect and double-cross everything
the public believe it was created to protect? [1] I'm all for the game, subterfuge and craft, but sometimes you just
bump up against the brute reality of principles and this is one of
those cases. Backdoors always cost you more than you ever thought
you'd save, and I've always assumed the people at a place like NIST
are smart enough to know that. [0] https://www.schneier.com/essays/archives/2005/09/terrorists_... [1] https://cybershow.uk/episodes.php?id=16 |
What if it is acceptable for potential enemies to (eventually) also have access to that backdoor, and your goal in providing the backdoor is just to give the masses a false belief that they can communicate secretly?
Obviously those in the know would not use the flawed system, but instead would have a similar/better one without the intentional flaws.