why encryption is an all or nothing affair - [ weird things ]

why encryption is an all or nothing affair

District Attorneys are going to try mandating encryption backdoors again and refuse to understand why it can't be done without cratering the modern economy.
encryption lock

Among the many rough and scary things we’ll have to look forward to next year, a renewed battle over encryption is likely to be one of them. A whole lot of politicians who demanded that tech companies build a very special backdoor for government agencies with a warrant, haven’t gone anywhere, and they’re likely to double down on this still unresolved issue for obvious reasons. It plays to their base, it makes them look tough on crime, and it’s probably satisfying for them to try and bring the unruly techies to heel. But this push for backdoors into encrypted communications, fueled largely by shocking technical illiteracy, is bound to end badly no matter what happens and it’s one of those rare cases where we’ll have to sacrifice for the sake of real security, so it’s downright horrifying that politicians who could compel tech companies to create such backdoors, and the judges who could uphold their demands as perfectly reasonable, are woefully ignorant of what will be involved and exactly why it’s such a horrible, awful, no good idea.

Whenever you bring up the issue of how impossible it is to build a backdoor that can’t be abused, politicians brim with superlatives and optimism. They say that engineers put humans on the Moon and found a way to really teach computers things that would take years to program with conventional code, so of course if all these smart people work hard enough, they can figure this problem out. Except they can’t. No matter how smart you are, you just can’t break the laws of nature. A popular retort to the “if they can put a man on the Moon, they can give us exclusive access” argument is Matt Blaze’s “this is the same as ‘if we can put a man on the Moon, we can put a man on the Sun,’” which is technically true, but isn’t clear to a non-techie. The problem is that encryption is based around math and software meant to circumvent it or decrypt data, also based on math, won’t be able to discriminate between criminals using it to steal someone’s identity and a government agent trying to stop a terrorist in action, and can’t be made to do so reliably, ever.

In reality, what all these chipper politicians who just cannot believe that the nerds can’t be fed enough pizza and plied with enough beer to give them the desired magical decryption key is to make the same equations end up with different solutions based on who is using it. This is literally what they want: for a proper government agent to add two and two and get four, and for any thieves, spies, terrorists, or hackers to get 5.3789, if not an undefined. There is absolutely no way to make this happen unless the equation could read the mind of the person about to use it, make a value judgment consistent with a certain set of ethical criteria, and alter itself accordingly, which is why law enforcement’s search for a perfect backdoor that won’t get out into the wild and facilitate countless new crimes by compromising the already shaky basic security of every digital device used today, is a better fit for the researchers at The Ministry of Magic than coders in Silicon Valley.

Now, I can conceive of a system that could try to step in to prevent you from unlawful uses of encryption backdoors, but to have even a prayer of success, it would require access to every facet of your life, much like a ratings system proposed by the Chinese government to gamify life for its citizens, and use a lot of terribly invasive and private data to calculate the probability that you are doing something you really shouldn’t be. However, it would still be quite imperfect, allow a lot of false positives and negatives in the real world since the model it would use is guaranteed to be biased and deficient, and as soon as a government agent with a warrant is denied access based on some tidbit of data the model didn’t like, we would have law enforcement demanding a special override, and this whole debate will start over again. And meantime, all the hackers able to hide from this system to look like proper, law-abiding citizens, then trick it to see them as agents of the law, could clean out bank account after bank account, and max out credit card after credit card.

Here’s the bottom line. Politicians need to educate themselves about how all the technology they want to police actually works. They don’t need to learn code, or the OSI model, or the mathematics of encryption. In fact only PhDs in math and computer science really understand that last one, the rest of us just use it. But they should be able to recite the basics of what code is and if something is even within the realm of plausibility, and trust the experts who are telling them how it all fits together. Inspiring talk about how awesome engineers are is flattering, but completely irrelevant to the subject at hand, especially when going along with their ideas could cause billions in damage to the lives of millions. And if they’re not willing to take a page from Senator Lindsay Graham to really sit down and listen to those of us who spent many years studying this stuff, their opinions simply shouldn’t count because they are ignorant and dangerous, trying to help cops and the FBI solve dozens of crimes while enabling countless others on a global scale…

Editor’s note: Here at Weird Things, we strive for accuracy, so I did in fact check that in the Harry Potter universe there was a research committee in the Ministry of Magic while there’s no explicit note of one for its American counterpart, which is why I defaulted to the British fictional entity. Yeah, it seems like I may have went a little too far fact checking myself here…

# tech // crime / cybersecurity / encryption / privacy

  Show Comments