This is pretty much the conclusion reached by one of the major players:
I’m inclined to suspect that he’s right, because this is one of those “issues” that isn’t really an issue at all, like evolution and climate change – there’s no real debate, just one side with facts and logic (the techies, in this case) and another side with emotionalism and bullshit (the government, in this case). However, it may take a while, since emotionalism and bullshit have demonstrated staying power.
I kind of always figured it was a foolish tact by the govt. because the encryption can always be developed outside of the US and imported. If they got their back doors, people who cared about their encryption would sensibly stop using the protocols with back doors.
So even if they won, they’d lose in the long term.
In my experience, the U.S. government often has a hard time remembering that other countries exist.
No, this isn’t a debate about facts versus bullshit. It’s a debate over society’s view of whether there are limits to privacy. The technology that can keep our private photos safe on our computers away from prying eyes is the same technology that can keep the details of drug transactions or murders for hire.
If this were a debate about paranoids who think the NSA wants to read your complaints to HR versus giving cops the ability to shut down the Silk Road, you lose in the eyes of the public.
But of course, that same technology also means security for banking, etc so I agree: in the long term, there aren’t going to be restrictions on encryption. Government will have to find new ways to carry out these type of investigations.
But let this be clear: encryption isn’t going to win because you are smarter or better or more scientific that those who understand there are public policy issues at stake. The belief that it is should be taken as evidence of a subscription to a fringe political ideology, no different than, say, survivalists or evangelicals, who genuinely believe that facts indicate society is going to collapse soon. There’s definitely a cult that holds that technology is basically always right that demonstrates religious zeal anytime someone questions the power of the Almighty Bit, but that fervor doesn’t equate to being factually correct.
Not so. The underlying issue of fact is stated just after the point I cut off the first quote – since the issue has come up, I think I can get away with one more paragraph and still remain within fair-use limits:
The government argument is not stated as “people should accept lack of pricacy and vulnerability to cybercrime as the price of maintaining government backdoor access” (which would be a Policy Preference A versus Policy Preference B argument). The government argument is stated as “if the techies would just work with us they could create a back door that only good guys can ever use” (which is, as I said, an “argument” between the fact that this is simply not possible and the bullshit of the government wanting to pretend that it is). See, for instance, this sad performance, in which NSA Director Mike Rogers was reduced to repeatedly declaring “I think we can work through this.” as if that phrase was the incantation that would make his magickal thinking work in the real world.
The similarity to the climate-change “debate” is striking – in that case, the other side doesn’t (generally) argue that it’s preferable to let it happen rather than pay the costs of mitigating it (another debate about two competing preferences); instead, it generally denies that it’s happening or that human activity has anything to do with causing it to happen (another fact-versus-bullshit pseudo-debate). The main difference is that there are a few people honestly taking the former tack in the climate-change case but not one government official (to my knowledge) doing so in the encryption case.
As usual, some people try to cast the debate over these sorts as simply a matter of engineers trying to demonstrate something about the performance of the technology. Of course engineers are going to have a narrow minded focus on making any technology the best it can be, but the important debate is what its use means to society.
Take, for example, nuclear power. Someone can make endless points about the general benefits of nuclear power, how clean it is, how efficient it is, and so on. Their calculations are correct. But that does not address the difficulty in figuring out what to do with nuclear waste, or what expanding use of nuclear power means for efforts to keep nuclear weapons out of the hands of crazy countries. Maybe those who simply want to debate the scientific or engineering principles think that such matters aren’t important, or maybe they wish them away as being not their department.
As I’ve said before, strong encryption will win over time. But it’s foolish and shortsighted to extol the benefits of it while dismissing the costs, such as that dangerous criminals and terrorists are going to be harder to catch in the future, and that fact shouldn’t be dismissed with a “that’s not my problem” or “some other engineer will figure it out later” type of answer.
Yes, theoretically the debate could be framed as one between competing policy preferences. That doesn’t change the fact that the actually existing “debate” is, as I noted, occurring between one side that acknowledges reality and one side that doesn’t. While that continues to be the case, it simply doesn’t make sense to take the latter side’s complaints seriously.
Yes yes, you are more concerned with the “fact” of the elegance of unbreakable cryptography than letting the occasional murderer or terrorist go free. That’s what I’m saying. We’re in violent agreement, you just don’t like how I’m phrasing things.
No, the “fact” is that once you have a backdoor it’s not really encrypted because soon enough terrorists and Chinese or Russian hackers will learn to exploit it. That’s not some ivory tower musings about elegance.
Precisely. Ravenman’s argument is potentially true in theory (the government could choose to argue that opening gaping holes in digital security is an acceptable price to pay for maintaining government access), but not in practice (since the government insists on resting its case upon the patently absurd claim that it can require backdoors without causing that outcome).
Presumably this is done for the same reasons the fossil-fuel industry (mostly) engages in outright denial rather than arguing that the cost of allowing global warming isn’t as bad as the cost of trying to mitigate it (i.e. a pragmatic calculation that the argument can’t be won on policy grounds, and must therefore be waged by smoke and mirrors).
It is not just keeping our pictures from prying eyes. It is keeping our financial transactions secure from criminals. If the government subverts encryption via back doors or mandating less effective crypto it also opens these back doors to governments and criminals hostile to our national interest as well.
Not to mention that the “some other engineer will figure it out later” is more NSA’s side of the argument. Don’t worry someone will come up with a back door that only the good guys can use!
I totally agree. That’s the absolute number one reason why strong encryption is going to win: because business demands it. But not being able to collect information on criminals inside the country, or threats from outside the country is hostile to our national interest, too. I’m not sure why this is so difficult for techies to state.
I understand that you and many experts assert encryption is basically a binary equation for security: either it is strong and secure, but if there’s one flaw it is insecure. I’m not arguing with your assessment of the technology, but I am curious whether you believe other security measures are also all-or-nothing?
Because that’s the rule regarding any form of security. I mean, have the guards watch all the fort’s gates… except for one. Lock your house… but leave the window open. Wear a breastplate… but cut out a window to display your cleavage.
Any defense is only as strong as its weakest point, because that’s where any reasonably intelligent enemy will attack. All security really is binary - either it won’t work, or it might.
I don’t think anyone in their right mind thinks anything is truly secure. I Lock my doors and don’t leave windows open, but if someone wants in my house, they can get in. So I’d say my house is secure against teenagers walking around the neighborhood testing doorknobs, but not an actual burglar. Everyone who has half a noodle banging around their noggin understands that security is a trade off between protection, cost, convienience, and other factors. If you truly believe security is a binary calculation, nothing can possibly meet that test.
I think when most people on the encryption side are talking about strong security, they’re talking about something strong enough to keep out a highly sophisticated intruder. In that case either you succeed or fail. Unfortunately many people fail to explain who they’re trying to keep out and lead to this confusion.
Every house in the world has a different lock. If a burglar invades your home, your security has been breached, but the rest of us are still safe. But there are only a few forms of encryption. If someone breaks one of them, every bank account, email and medical record on earth easily available to the person who broke it.
There is no tradeoff. The government wants to break the only secure digital lock that exists.
Yes, and using measures of security like this can lead to absurd conclusions. Like for instance, the bullet proof vests used by police are worthless because they don’t stand a chance against SEAL Team 6.
I think the fact that the FBI and NSA is asking for a back door tells you about the level of security current encryption gives.Think bullet proof bear suit.