January 20, 2016

The Politicians' Encryption Backdoor Fantasies Continue -- and Legislating Pi

"I Got You Babe."

I've written about law enforcement, politicians, and their hopeless fantasies of "safe" encryption backdoors so many times -- and have become so disgusted at the endlessly repeating nature of the situation -- that I really do feel like I'm hearing that old Sonny and Cher song in much the way Bill Murray did in his 1993 classic film "Groundhog Day" -- again, and again ... and yet again.

But the crypto backdoor "hits" just keep on comin' -- and today is no exception.

Now comes word that a bipartisan pair of lawmakers is introducing federal legislation to establish a national commission to figure out "how police can get at encrypted data of honest citizens without endangering those citizen's privacy at the same time."

The usual slogans are being bandied about: "What we're trying to do is get that collaboration started," said Sen. Mark Warner (D-Va.), who joined [Republican] McCaul on the call and will sponsor the upper chamber bill. "Let's get the experts in the room."

We keep hearing stuff like this from the usual suspects. Just get those brainiacs together! Get "Bill Gates" working on it! Lock all those liberal LGBT-lovin' software engineers in a basement somewhere and they'll solve the problem. Or they'll never eat pizza again!

OK, that's more of the GOP line. The Democrats also pushing crypto backdoors are wording it a bit differently.

Though some crypto backdoor proponents have laudable motives, the end result must be the same.

Perhaps "Scotty" from the original "Star Trek" said it best, when he noted that the laws of physics were immutable ("I can't change the laws of physics") -- or, I might add, of mathematics.

Not that politicians haven't tried to break these laws before. As far back as 1897, the Indiana legislature came very close to passing legislation that would have had the effect of setting the transcendental ("never ending") value of the constant "Pi" to an incorrect and fixed 3.2.

So the fact that politicians and law enforcement continue to try bend physics, math, and computer science to their wills -- irrespective of the realities -- should come as no surprise.

Any attempt to backdoor strong encryption systems will by definition make them immensely vulnerable not only to abuse by authorities, but also to outside hacking -- including by sophisticated terrorist groups! -- that would put all honest users at immense risk as ever more of our financial and other aspects of our personal lives are online.

It doesn't matter if you break up the backdoor key into a thousand pieces and distribute them to Boy and Girl Scouts sworn to only use them in a national emergency.

The mere act of creating any backdoor to these systems weakens them enormously and catastrophically. Even Einstein wouldn't be able to change that. And he'd be far too intelligent to ever try.

Yet, most of the law enforcement officials and politicians pushing for these "meetings of the experts" on backdoored encryption aren't actually stupid either.

So what's really going on?

In my view, most of them already realize that they would have to fundamentally weaken crypto to get backdoors, and that the industry overall quite rightly will never voluntarily go along with doing that.

Google, Facebook, Apple, and the others will be polite -- as they should be -- but will not willingly betray the security and privacy of their users with encryption backdoors.

So the odds are that what's actually going on currently with the "voluntary" backdoor crypto push is essentially a smokescreen.

It's an attempt to provide political cover for the next step, when proponents begin the "well, we tried to get cooperation first!" push for legislation that would mandate backdoors in these USA crypto systems, whether the firms want to do it or not, and irrespective of the risks to honest users.

Nor will the fact that strong encryption systems from firms outside the U.S., and from independent third parties, will continue to be available and will be the encryption systems of choice for terrorists and other criminals, who won't willingly make use of backdoored crypto once the word gets around.

This suggests that ultimately it's mostly a game of political cover, of politicians being willing to massively weaken the security and privacy of us all to ensure themselves an excuse to spout at the press when bad things happen.

That sort of attitude is sad. And depressing. And so very, very wrong.

And about as realistic as declaring Pi to be 3.2.

I think I'm going back to bed ... ... ... ... ...

"Then put your little hand in mine.
There ain't no hill or mountain,
We can't climb.
I got you babe.
I got you babe ..."

- - -

I have consulted to Google, but I am not currently doing so -- my opinions expressed here are mine alone.

Posted by Lauren at January 20, 2016 09:41 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein