The battle over encryption...

in #technology9 years ago (edited)

tl;dr - discuss the pro's and con's of encryption

With the recent news of an Israeli firm unlocking an iPhone for the U.S. government, many arguments have been raised both in support of, and against, encryption.

  • Should we allow backdoors for the government?
  • Will these backdoors actually have any benefit in preventing crimes?
  • Should companies comply with the government and assist with cracking their own devices?

Would love to hear your thoughts as primarily cryptocurrency users (as of time of writing) who are generally more technology proficient than the general public.

Sort:  

No backdoors, for anyone, EVER!!!. No good can come of this...
Even if it could be used to prevent crimes, it wont be used for that reason, I see it being used more for political gains and blackmail.
Companies should not comply with unreasonable and unconstitutional demands.

This is a cat and mouse game,, if the companies can not provide the privacy at hardware level, users will provide their own at software level. Demand breaths innovation.

On that note, I wonder if Samsungs KNOX security component already has a backdoor... puts on thinfoil hat

You can make a case for classified/secret backdoors in times of war. Enigma was backdoored. The NSA used backdoors to crack does during WW2. The difference is these backdoors were top secret and were not justified to be used merely to do law enforcement but were to win a war. So from a practical perspective in a time of war it can be expected that all sides will attempt to create secret backdoors and crack codes.

But that has nothing to do with announcing the creation of backdoors and mandating backdoors in US products. All that will do is make it so the rest of the world cannot trust US companies or US products. Any terrorist would simply stop using US products knowing that our government mandates backdoors in them. So it would not do anything to stop terrorism or help in a war effort if it's known to the enemy.

On the other hand law enforcement would have it and whatever law enforcement can access it would also be possible for foreign intelligence to access. So what security do we gain by giving out backdoors for law enforcement? If it's about terrorism then statistically you are more likely to be struck by lightening, die in a car accident, etc. So the actual risk from terrorism doesn't justify the proposed reaction. It can only be a power grab.

Backdoors might or might not exist but if they do exist they should remain top secret. Additionally there should be no expectation for civilians to provide backdoors to help law enforcement. Private companies have their own missions and those missions aren't to be agents of the FBI. Finally, if Apple or any company were to be an obvious agent of the FBI then the targets wouldn't use their products which would reduce the influence of these companies and also hurt shareholders.

So whether you take a nationalist pro government or an anti government perspective the backdoor makes little sense. If China started putting backdoors in their products and announced it how would we react?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I saw an interview by an FBI agent the other day about how the agency used a 3rd party hacker (so-called grey hats) to obtain the iPhone information from the San Bernardino shooter. Here's a link :

http://www.nytimes.com/2016/04/20/technology/fbi-iphone-apple-house-encryption-hearing.html?_r=0 .

I think a particular useful comment was that we should have a public debate on it. She seems a bit less intense than the current Director of the FBI.

All in all, encryption is a tool. We use it all the time for ordering items off the internet and rely on it for security. Also, we know from Snowden that "Encryption works." The biggest threat to security is not the government creating quantum computers or having enough computational power to brute force an attack (they will do this if they are bent on obtaining your private key). Rather the human element and the potential for mistakes and, in general, poor operational security are the biggest factors that contribute to this.

As users of new and innovative technology that relies on various encryption schemes to work, we need to address this topic. In doing so, we can educate the public and teach individuals the difference between encrypting a message and signing a message to prove authenticity. However, I think one of the first steps is to always sign messages. This has the side effect of permeating society's mind about the existence of digitally signed messages, which is a prelude to full-blown encryption.

-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlcZe6cACgkQrXhoUZB1ALtNagD/cv53Y9XX19q/FxPnKlroWnro
HkDh6rbfI9K7Kt0ufigA/3BPoc9eQWvPMBiayzXpKZRo7PExOuifuGs+Jd28HWgD
=oTcA
-----END PGP SIGNATURE-----

Apologies to anyone who finds out that this signed message doesn't verify. Formatting reasons exist within Markdown. A signature of the above message can be found at www.matthewniemerg.com/STEEMIT/Comments/justin.encryption.comment.1.asc .

Since STEEMIT requires a login with a private key, it is implicit that you are signing a message. I am only signing these comments and a few posts to prove authenticity, which can be verified with my other public key that is hosted on MIT's public GPG servers.

There aren't any cons. The only ones arguing against encryption, are those who want to read your mails.

A backdoor into your computer today could be a backdoor into your brain tomorrow. Why create the dystopia of tomorrow with the unwise decisions made today? It's just not worth it.

Look into extended mind theory to understand why privacy should be protected. If the owner doesn't want to give their password or private key then it's just lost. In the case of the terrorists who killed themselves and we can't retrieve information from their phones? But if they are dead we can't retrieve it from their brains either so in a way it's an incentive not to kill terrorists and maybe it's best we encourage people to sell their data rather than use threats.

As far as backdoors go from a practical and less philosophical or ethical perspective, a backdoor is not effective at all once it's known. So a secret backdoor might be useful to stop terrorists but if it's known then it's just going to hurt everyone, including businesses, and not help terrorist investigations at all. So whether you take a philosophical ethical stance or a practical stance it is not wise to announce a backdoor.

In WW2 there was a backdoor in Enigma but it was not announced.