{"id":390,"date":"2015-07-13T01:28:30","date_gmt":"2015-07-13T01:28:30","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=390"},"modified":"2024-12-23T07:52:09","modified_gmt":"2024-12-23T07:52:09","slug":"encryption-if-this-is-the-best-his-opponents-can-do-maybe-jim-comey-has-a-point","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/encryption-if-this-is-the-best-his-opponents-can-do-maybe-jim-comey-has-a-point-390\/","title":{"rendered":"Encryption: if this is the best his opponents can do, maybe Jim Comey has a point"},"content":{"rendered":"<ul style=\"font: 14px\/20px FranklinITCProLight, HelveticaNeue, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #111111; text-transform: none; text-indent: 0px; letter-spacing: normal; padding-bottom: 10px; margin-bottom: 5px; word-spacing: 0px; white-space: normal; widows: 1; font-size-adjust: none; font-stretch: normal; -webkit-text-stroke-width: 0px;\">\n<li>\u201cWe share EPA\u2019s commitment to ending pollution,\u201d said a group of utility executives. \u201cBut before the government makes us stop burning coal, it needs to put forward detailed plans for a power plant that is better for the environment and just as cheap as today\u2019s plants. We don\u2019t think it can be done, but we\u2019re happy to consider the government\u2019s design \u2013 if it can come up with one.\u201d<\/li>\n<li>\u201cWe take no issue here with law enforcement\u2019s desire to execute lawful surveillance orders when they meet the requirements of human rights and the rule of law,\u201d said a group of private sector encryption experts, \u201cOur strong recommendation is that anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical weaknesses and for hidden costs.\u201d<\/li>\n<li>\u201cBuilding an airbag that doesn\u2019t explode on occasion is practically impossible,\u201d declared a panel of safety researchers who work for industry. \u201cWe have no quarrel with the regulators\u2019 goal of 100% safety. But if the government thinks that goal is achievable, it needs to present a concrete technical design for us to review. Until then, we urge that industry stick with its current, proven design.\u201d<\/li>\n<\/ul>\n<p>Which of these anti-regulation arguments is being put forward with a straight face today? Right. It\u2019s the middle one. Troubled by the likely social costs of ubiquitous strong encryption, the FBI and other law enforcement agencies are asking industry to ensure access to communications and data when the government has a warrant. And their opponents are making arguments that would be dismissed out of hand if they were offered by any other industry facing regulation.<\/p>\n<p>Behind the opponents\u2019 demand for \u201cconcrete technical requirements\u201d is the argument that any method of guaranteeing government access to encrypted communications should be treated as a security flaw that inevitably puts everyone\u2019s data at risk. In principle, of course, adding a mechanism for government access introduces a risk that the mechanism will not work as intended. But it\u2019s also true that adding a thousand lines of code to a program will greatly increase the risk of adding at least one security flaw to the program. Yet security experts do not demand that companies stop adding code to their programs. The cost to industry of freezing innovation is deemed so great that the introduction of new security flaws must be tolerated and managed with tactics such as internal code reviews, red-team testing, and bug bounties.<\/p>\n<p>That same calculus should apply to the FBI\u2019s plea for access. There are certainly social and economic costs to giving perfect communications and storage security to everyone \u2013 from the best to the worst in society. Whether those costs are so great that we should accept and manage the risks that come with government access is a legitimate topic for debate.<\/p>\n<p>Unfortunately, if you want to know how great those risks are, you can\u2019t really rely on mainstream media, which is quietly sympathetic to opponents of the FBI, or on the internet press, which doesn\u2019t even pretend to be evenhanded on this issue. A good example is the media\u2019s distorted history of NSA\u2019s 1994 Clipper chip. That chip embodied the Clinton administration\u2019s proposal for strong encryption that \u201cescrowed\u201d the encryption keys to allow government access with a warrant.<\/p>\n<p>(Full disclosure: the Clipper chip helped to spur the Crypto War of the 1990s, in which I was a combatant on the government side. Now, like a veteran of the Great War, I am bemused and a little disconcerted to find that the outbreak of a second conflict has demoted mine to \u201cCrypto War I.\u201d)<\/p>\n<p>The Clipper chip and its key escrow mechanism were heavily scrutinized by hostile technologists, and one, Matthew Blaze\uff0cdiscovered that it was possible with considerable effort to use the encryption offered by the chip while bypassing the mechanism that escrowed the key and thus guaranteed government access. Whether this flaw was a serious one can be debated. (Bypassing escrow certainly took more effort than simply downloading and using an unescrowed strong encryption program like PGP, so the flaw may have been more theoretical than real.) In any event, nothing about Matt Blaze\u2019s paper questioned the security being offered by the chip, as his paper candidly admitted.\u00a0 Blaze said, \u201cNone of the methods given here permit an attacker to discover the contents of encrypted traffic or compromise the integrity of signed messages. Nothing here affects the strength of the system from the point of view of the communicating parties.\u201d In other words, he may have found a flaw in the Clipper chip, but not in the security it provided to users.<\/p>\n<p>The press has largely ignored Blaze\u2019s caveat.\u00a0 It doesn\u2019t fit the anti-FBI narrative, which is that government access always creates new security holes. I don\u2019t think it\u2019s an accident that no one talks these days about what Matt Blaze actually found except to say that he discovered \u201csecurity flaws\u201d in Clipper.\u00a0 This formulation allows the reader to (falsely) assume that Blaze\u2019s research shows that government access always undermines security.<\/p>\n<p>The success of this tactic is shown by the many journalists who have fallen prey to this false assumption.\u00a0 Among the reporters fooled by this line Craig Timberg of the Washington Post\uff0c\u201cThe eventually failed amid political opposition but not before Blaze \u2026 discovered that the \u201cClipper Chip\u201d produced by the NSA had crucial security flaws. It turned out to be a back door that a skilled hacker could easily break through.\u201d Also taken in was Nicole Perlroth of the New York Times: \u201cThe final blow [to Clipper]was the discovery by Matt Blaze\u2026 of a flaw in the system that would have allowed anyone with technical expertise to gain access to the key to Clipper-encrypted communications.\u201d<\/p>\n<p>To her credit, Nicole Perlroth tells me that the New York Times will issue a correction after a three-way Twitter exchange between me, her, and Matt Blaze. But the fact that the error has also cropped up in the Washington Post suggests a larger problem: Reporters are so sympathetic to one side of this debate that we simply cannot rely on them for a straight story on the security risks of government access.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cWe share EPA\u2019s commitment to ending pollution,\u201d said a group of utility executives. \u201cBut before the government makes us stop burning coal, it needs to put forward detailed plans for a power plant that is better for the environment and just as cheap as today\u2019s plants. We don\u2019t think it can be done, but we\u2019re &hellip; <a href=\"https:\/\/www.dogoodsoft.com\/blog\/encryption-if-this-is-the-best-his-opponents-can-do-maybe-jim-comey-has-a-point-390\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Encryption: if this is the best his opponents can do, maybe Jim Comey has a point<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[52,88,147],"class_list":["post-390","post","type-post","status-publish","format-standard","hentry","category-news","tag-encryption","tag-fbi","tag-jim-comey"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=390"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/390\/revisions"}],"predecessor-version":[{"id":391,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/390\/revisions\/391"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}