And yet, tomorrow they'll have no qualms making the case that, of course, the government can securely keep backdoor keys to investigate encrypted communications.
Have the secret backdoor keys for Dual EC DRBG leaked yet? Nuclear launch codes and authenticators?
Analogies are useful but don't get carried away, especially when talking about something as broad as "the government" (as if it were one singular thing). The fact that a BLM federal officer lost his firearm doesn't instantly mean that all of our Tomahawk cruise missiles are next to be stolen.
The closest thing to the proposed encryption backdoor is the clipper chip proposal of the 90s, and that did have severe vulnerabilities that the authors completely overlooked.
And I'd recommend you watch John Oliver's segment about nuclear launch codes to recalibrate your trust in those officials. We've come scarily close to Armageddon multiple times over the last few decades, which was prevented only by sheer dumb luck. Just because it's the scariest thing known to man doesn't mean the people responsible for it aren't incompetent.
Why do we think they haven't been stolen? Why do we think that the OPM was the first or the biggest or the most valuable attack, and not just the biggest one that happened to be noticed?
The fact that a BLM officer lost his firearm doesn't instantly mean that all the cruise missiles are next, but yes, the fact that the USG is unable to maintain sensitive records of twenty million cleared personnel does say something about their ability to keep secret information safe.
I was listening to the Senate hearing on Wednesday where they were asking the FBI director questions about this issue. They were talking about how they need to include the tech community in the conversation about how to best solve the problem of making sure the govt can access encrypted messages, etc. when they're conducting an investigation.
Senator McCain started asking questions about how it was possible to maintain citizens' privacy, but at the same time be able to access private data. Then he made it clear what his feelings were on the subject. Basically, his argument boiled down to "But, ISIS!".
"Is ISIS trying to kill Americans?", he asked the FBI director. The director said "yes". Then he said that b/c of ISIS, the govt has to be able to access keys so they can read encrypted data.
Well, "But, ISIS!" is not a real argument, that should be clear.
Backdoors make the situation worse, not better. We'll still have ISIS, we'll be even less secure, and we'll have lost whatever is left of our right to privacy.
Pretty much a lose-lose for everyone involved (except maybe ISIS).
The answer to "But, ISIS!" is not backdoors, it's foreign policy.
US Foreign Policy is not considered to be a matter for democratic concern and consideration. Any time it's brought up as a reason, it's always to be translated to "because we said so and we're the only ones who have the power to affect it."
US Gov isn't a monolith. Interesting to think about in light of all of the recent articles on HN about the challenges of building out microservices or SOA. Just with human action instead of 10gig fiber, eventual consistency takes a lot longer, if it ever happens.
Sure, you could in theory have a highly distributed system with multiple keys, but then you can't use it day to day for monitoring communications, which is the whole purpose of the backdoor.
The government may be able to keep the nuclear codes safe in such a fashion, but it wouldn't if ten different government agencies wanted to use them on a daily basis.
Security is a hard thing for large organizations. Much of the time they simply don't have the expertise they need to know what their vulnerabilities are.
Analogies are useful but don't get carried away, especially when talking about something as broad as "the government" (as if it were one singular thing). The fact that a BLM federal officer lost his firearm doesn't instantly mean that all of our Tomahawk cruise missiles are next to be stolen.