[Infowarrior] - Let's have an argument about encryption
Richard Forno
rforno at infowarrior.org
Fri Nov 20 09:40:58 CST 2015
Let's have an argument about encryption
by Violet Blue | @violetblue | 18 hours ago
http://www.engadget.com/2015/11/19/lets-have-an-argument-about-encryption/
Government officials have been vexed for quite some time now that they can't surveil communications that use end-to-end encryption. Never mind that to crack encrypted platforms open for one spy would mean to open them up for all spies. Just being able to roll WhatsApp, Telegram and iMessage into the Pentagon's bulk surveillance programs is good enough for them, thanks. Worrying about what that might mean to the intelligence gathering capabilities of their adversaries is apparently "not in their department."
After the devastating attacks in Paris last Friday, U.S. officials wasted no time in using fear to insist that messaging apps using end-to-end encryption be "backdoored" for surveillance access, and rolled into the Pentagon's bulk surveillance programs.
The internet, rather than treating the officials like children who want to smash the family piggy bank to collect copper pennies, has decided to argue with them.
Oh boy, you must be thinking, a giant public argument about encryption. I'm sure this will end well in the court of public opinion, especially at a time in our history when the fictional crimes and criminals on CSI: Cyber are cited as the foundation for "cyberpsychology" and securing its new role in criminal psychology.
Actually, I can think of many ways in which it could end well. Except instead of having a serious debate about encrypted comms, and capitalizing on the critical opportunity to talk about how to prevent atrocities like those in Paris, we got served a slice of scare tactics with a side of tinfoil hat.
The whole embarrassing sideshow kicked off Monday when U.S. officials hit the media circuit looking like Old Man Jenkins trying to scare the public with the boogeyman of encryption. (He'd be getting away with backdoors if it weren't for those pesky privacy kids.) Specifically, CIA Director John Brennan gave a press conference Monday in Washington where he said multi-department information gathering ops were "hampered" by concerns about privacy, and blamed public "hand wringing" over its surveillance programs as an obstacle to catching the bad guys.
Privacy is a serious concern. But don't get distracted by finger pointing; the bigger concern is security.
The struggle for the U.S. defense industrial complex to comprehend cyber is real. Despite the Pentagon's insistence that malware is analogous to missile strikes, backdooring encryption is not the same as wiretapping. Because of the way you'd have to break end-to-end encryption, bulk data collection would be the only type of operational access possible. If we viewed the DoD as an attacker on a network, this could be called giving them "persistent access."
Since WhatsApp has in the neighborhood of 450 million users and Telegram has around 62 million users, so much data would be collected that scale and cost will require analysis to be automated. Meaning, if the DHS gets their way with encrypted messaging apps, we'd once again be cast into the NSA Pit of Despair when it came to expectations of accuracy -- or privacy.
I doubt they'll get their way. Tech companies are unwilling to budge on breaking product security -- even before the Paris attacks, Tim Cook had to patiently explain like a seasoned parent that "any backdoor is a backdoor for everyone. Opening a backdoor can have very dire consequences."
Still, the lack of confirmed reports didn't keep officials from hyping terrorist use of encrypted messaging products. Some officials told press the terrorists "probably" used encrypted apps like WhatsApp, which led outlets like NBC News to run bizarre mashups of conjecture like "ISIS Uses WhatsApp, PlayStation to 'Go Dark' and Elude Surveillance."
Needless to say, I was crestfallen when we all found out Sony's gaming console was not, in fact, used for covert cyber-communications, and the PS4 on my holiday wish list wasn't going to be "research" write-off after all.
Until I can write off my PS4, I've got popcorn ready for our front row seats to what's now a giant media flamewar, festooned with the tinfoil hats and scare tactics I mentioned earlier.
One side is a pile-on of infosec professionals, tech reporters, digital civil liberties activists, topped by an NYT Editorial Board op-ed condemning mass surveillance.
The other side believes if you're against encryption backdoors then you're "with the terrorists." Like California Sen. Dianne Feinstein who told MSNBC, "I think Silicon Valley has to take a look at their products because if you create a product that allows evil monsters to operate in this way ... that can't be pierced even with a court order ... That is a big problem."
To me, it's an even bigger problem that officials think their idea is in any way safe.
--
It's better to burn out than fade away.
More information about the Infowarrior
mailing list