Hacker News new | ask | show | jobs
by breakall 3989 days ago
Isn't their a fair distinction between an undocumented weakness ("back door") to which LEOs have access, and a provider providing a key ("front door") upon a lawful order, maintaining the strength of the encryption scheme?

It seems some believe that Comey is playing with semantics in order to obfuscate, or doesn't understand the argument he's making -- I don't.
2 comments
EthanHeilman 3989 days ago
Neither backdoor nor frontdoor are well defined (backdoor does not always imply secrecy). I never heard the word "front door" until this recent push, and generally key escrow has been referred to as a backdoor despite being public knowledge.

My personal definitional taste would be:

* Backdoor - an additional way to decrypt a communication without the consent of the communicating parties.

* Secret Backdoor - a backdoor which the communicating parties are not aware of (DUAL_EC).

* Public Backdoor - a backdoor which is built into the public description the of the encryption system so that the communication parties are aware of it (lotus email backdoor).

* Frontdoor - a type of public backdoor which requires a warrant to access and whose key is controlled by a neutral (disinterested) third party. I'm not sure this is exactly what the FBI wants.

Thus, frontdoors are a very specific form of backdoors.

link
AgentME 3989 days ago
I would have thought "front door" would mean to get the intended recipient of the message to decrypt it for you.
link
AnthonyMouse 3989 days ago
Exactly. The front door is what the end user uses in the regular operation of the system. If there is another "door" imposed under penalty of law then it isn't the front door.
link
htns 3989 days ago
Every user downloads and runs arbitrary code constantly, as updates. In the far future updates might come with a formal proof of their security, machine-verified on download, but for quite a few years still we will be stuck with just cryptography.

A front door would be using Microsoft's signing keys. As long as you don't leak the keys, you aren't diluting security in general. A back door would be just leaving vulnerabilities around. It's a meaningful distinction.

link
AnthonyMouse 3989 days ago
There is a meaningful distinction between lawful imprisonment and false imprisonment; that doesn't make it accurate to call lawful imprisonment freedom.

Moreover, the ability of software vendors to push malicious updates is a security vulnerability. Just because we haven't eradicated it yet doesn't mean we should codify our inability to address it in the future, e.g. by allowing users to choose what party they trust to verify and sign updates.

link
cb18 3989 days ago
Language is power.

I say we refrain from adopting any new silly terminology that anyone attempts to foist upon us regarding this issue.

Something is either cryptographically secure, or it isn't. A "cryptographic" method that allows access to anyone not authorized by the one doing the encryption is not cryptographically secure. And in that case, what's the point in using it or even calling it cryptography?

link
harshreality 3989 days ago
That's some semantic gymnastics. So a "Public backdoor" is a "Frontdoor" when used by a law enforcement agency with a warrant. What about when the "neutral" third party uses the keys for some purpose without a warrant? What about when the third party is hacked? It seems confusing to refer to the same system as both a frontdoor and a backdoor.

The FBI would probably be happy with a front door. Unfortunately, a "frontdoor" means some "neutral" third party (or anyone who hacks it) then has the ability to decrypt all your communications. Furthermore, a "neutral" third party isn't necessarily that trustworthy. The saving grace of the CA system is that non-targeted attacks are likely to be detected, because the CAs don't have the certificates' private keys, and use of alternate keys is detectable, or even preventable (only in advance) with pinning.

Everyone would balk at a CA system where the CAs had all the servers' private keys. No matter how trustworthy the CA. It would be undetectable, and pinning wouldn't mitigate it. And that's exactly what the FBI wants for Google, Facebook, Microsoft, and Whatsapp communication products.

If a neutral third party holds the keys, then you have the company (1) that makes the communications products having the keys, transferring them to the neutral third party (2) and deleting them ("we promise!"), so only the third party holds them for possible eventual use by the FBI (3). That's three entities that may potentially have access to key material in the future, not to mention anyone who hacks those three entities.

link
EthanHeilman 3989 days ago
I'm not advocating such a system and I agree with the points you make. I don't think a "frontdoor" would be effectively secure against either government abuse or key compromise. Its a bad idea. Not only that but since it is publicly known, such products would have a competitive disadvantage.
link
username 3989 days ago
They already have a front door. It's called "get a warrant".
link
afar 3989 days ago
Why is getting a warrant not enough? Seems the level of access and cooperation is as much or greater than a key or backdoor.

Isn't it relatively speedy to get a warrant? In some cases just hours?

link
bradleyjg 3989 days ago
Divulging a password, in some circumstances, has been found by some courts to be covered by the fifth amendment right against self incrimination.

https://en.m.wikipedia.org/wiki/Fifth_Amendment_to_the_Unite...

link
nmrm2 3989 days ago
To the extent that this is true (which I think is only in rather specific circumstances), backdoors also also ways of routing around constitutional protections.
link
leereeves 3989 days ago
Obtaining evidence while "routing around [AKA respecting] constitutional protections" is the essence of police work in America.
link
nmrm2 3989 days ago
First of all, encouraging Congress to change laws is not police work. It's political work.

Second, in this case, "routing around" is distinct from "respecting".

The courts and constitution state that in some circumstances, a person has the right to encrypt messages and not divulge the encryption key. The fundamental right here is the right to a private internal dialogue -- the state can't compel you to speak on certain questions. The FBI is trying to route around that fundamental right by creating a technical mechanism that allows them to never have to ask you to hear your internal dialog.

In short, the existence of a technical means for violating the intent of an guaranteed right without technically violating the letter of constitutional law is a game that the courts eventually shut down as unconstitutional bullshit. But a lot of people get hurt in the in-between.

But again, just to be extremely clear on the most important issue here, encouraging Congress to pass laws is not in any way police work...

link
rakoo 3989 days ago
Because you still need the user's willfull cooperation. It doesn't work if the user doesn't cooperate or if he's not supposed to be aware that he is being listened to, which is I believe the case in most terrorism cases.
link
username 3989 days ago
> you still need the user's willfull cooperation.

Not always, especially when law enforcement can request data straight from the provider, which I would imagine happens in the majority of internet crime investigations. Because let's be real, how many internet companies have a zero knowledge policy towards their users' data?

link
rakoo 3989 days ago
> Because let's be real, how many internet companies have a zero knowledge policy towards their users' data?

Well, the whole point of TFA is that Apple, Google, Yahoo and the likes want to progressively move in that direction (not totally for sure, but just enough so that the FBI/NSA doesn't like it).

link