A voice in the wilderness....
Sadly, the points won't be taken seriously by anyone writing regulations or laws. But, she deserves a pint for speaking out.
The US Federal Trade Commission (FTC) has fired a second shot at the FBI over its demand for backdoors in encryption systems. Following a blog post last month by the regulator's CTO in which he outlined why he was glad to have strong firmware encryption after his laptop was stolen, today FTC Commissioner Terrell McSweeny has …
Some (internet) time ago, we had two different encryption regimes allowed. The local one (US) and the everyone else one (international) one. The extreme "oops!" we keep seeing (beating our head with a sledgehammer about) lately is we had a provision to switch between the two. Rather than attack the hard encryption, attackers tell a computer to stop using that "unhackable" procedure and use the difficult then, easy now encryption. Or to put it in simpler terms, a feature in the past is a (drive a truck through it) bug now. What makes anyone in government, even the vaunted NSA has blind spots as above, think that a 'front door' won't bite us in the ass and become a back door.
Humans don't handle complexity well and have never done the 'plan for the future' aspects even minimally decent. That's why we have developed so many bog simple financial planning instruments that have at least a modicum chance of working. Other examples can be found throughout history, provisioning a granary, vaccines.... Every expert with a proven track record agrees this almost certainly can not be done. And every expert that the NSA consults with (to my knowledge) says the same thing as well.
So. There we are posised on the dialectic of which of these things to do: front door or no. I can't discern a workable synthesis here; I could be wrong. As well as the people whose reputations, and very livelihoods, depend on this topic (e. g. Bruce Schneier).
The rest of mankind will get totally pwned in no time.
And the time between the creation of the front/back door and criminals using it for their own purposes will be a few weeks at most, unless TLA's know a fail proof method to identify rotten apples in their staff, which strong evidence suggests is not the case.
The only explanations for security agencies promoting this crap is that a) they're stupid, b) they're criminals themselves, or c) they're both fools and criminals.
And the "bad guys" have motivation ($$$) to break whatever system the "good guys" (beltway bandits and gov't hacks) put in place. Actually, the "good guys" probably want their security broken so they can sell more of it to the chumps (the taxpayers.)
Besides, why does anyone need encryption? If the gov'ts have nothing to hide....
Apple is fighting this one not for their customers, but the the product group that contributes the most to their bottom line. If IOS is compromised by a backdoor (security flaw), the company's stock will drop like a brick as customers switch to another OS.
It might be a good time for Apple to encourage developers in a tiny off-shore country to create strong encryption apps to market in the AppStore. Apple could then capitulate and encourage users to purchase (at a stupid low price) a third party application that does the same thing.
We have one that government wants in the system, There's the idiot in the chair hitting "yes.. download and install that XXXXX (fill in name) video I was just emailed. There's a few here and there in the network routers and firewalls. Then there's the unknown number of built-in openings in the OS and apps.
The more I think about this, will one more hurt? Yes. Ecryption is the big one. It's key to the magic kingdom of data, emails, etc. Encryption done right would make the rest of the posterns useless.
This post has been deleted by its author
Ultimately, this will backfire.
Hackers, terrorists (not lumping the two together, just listing), and other cyber-criminals will simply use illegal encryption methods again, no different than they did in the era of bans on cryptography exports (1990s).
Those who don't want to bother, but are still concerned about surveillance will in many cases stop using digital communications altogether, embracing the adage made famous by the film "Enemy of the state", in which it was said by John Voit, "pretty soon, the only privacy you'll have left is what's in your head... and maybe that's enough".
I personally know people who have left the net entirely since the Snowden Disclosures. Some of them have sworn to never return until they have quantum cryptography to keep *all* elements out of their systems, forever. Personally, I make a living from my tech knowledge, so I'm here to stay. But this should be something that should concern the feds more than cryptography, is the possibility that if they keep pushing, they'll just scare away the people that they're trying to catch, that those people will go underground and never be found.
Biting the hand that feeds IT © 1998–2020