NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Feds seek new ways to bypass encryption

Regarding what Law Enforcement can do, most security experts know that there is no perfect technical protection - it comes down to increasing the "work factor". A decade or two ago, the idea of "unbreakable encryption" was overhyped. The egos of certain "cryppies" led them to grandiose claims, and too many people have bought into the idea that "strong crypto" is unbreakable.


In some ways it's great that criminal enterprises seem to think that - assuming that they are smarter than Law Enforcement (or any other organization with access to resources and power) is a nice fantasy, and the contra-fantasy that presumes that ordinary citizens are somehow benefited only by encryption that cannot be broken by Law Enforcement at all seems to somehow be the only way to achieve our personal desires for privacy.


The citizen's right to privacy is of a very different kind.  Yes, "pretty strong" encryption helps a lot. And I am NOT in favor, nor am I arguing for "built-in weakness" or key escrow for LE, because LE has shown itself to be untrustworthy when given routine ways to spy on citizens without needing to get permission from the citizens themselves (i.e. to get a warrant in a *transparent*, *public* process), and these "weaknesses by design" give power to the wrong people by design.


But what really scares me is that people think that PGP or any other crypto solution is "all  you should need" for security.  It's well known how to violate your laptop, trivially, even if the entire disk is "encrypted", if you ever leave it for a few minutes out of sight (in your hotel room).   It's also well known how to read most of what your laptop is doing from the other side of a wall (unless you have insulated the room for sound, radio waves, and light).  The tools needed are not sold in Best Buy or the Apple Store, but they are not that expensive, and I am sure they have been built, hopefully by "our guys".


However, if those tools get used routinely by LE, we are screwed.  Do you trust Joe Arpaio, with his bluster and attitude, to really not share any tools he has with, say, some private Arizona "militia types"?  He probably hires the militia members because they flatter him.


Thus, we probably need more rule of law, more judges willing to say that evidence derived by searches without warrants should be thrown out, no matter what, and so forth.


And maybe civilians need to call on their government to keep out of the digital safecracking business, and stop paying for more and more burglary tools that are handed to the police.


Do we really think that because there are bad guys with lots of firepower out there that our police need to carry tactical nuclear weapons in their police cars, specially designed by nuclear designers to fit in police cars?


This is the issue that actually calls for some deep, principled thinking and policy.  I pray.





nnsquad mailing list