Encryption: Politicians Try to Outlaw Math (Again)

Three Republican Senators are the latest Canutian lawmakers to float the “lawful access to encryption” balloon. As we all know by now, it’s impossible to meet the irreconcilable aims of data security and government backdoors.

It either requires pretending math doesn’t exist or solving gnarly key-management problems that decades of computer science have failed to fix. And then there’s the issue of criminals switching to foreign encryption software.

So the Lawful Access to Encrypted Data Act would achieve less than nothing—just like EARN IT and all the previous tries. In today’s SB Blogwatch, we watch dead horses being flogged.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Zen.


Think of the Children!

What’s the craic? Alfred Ng reports—“Republicans push bill requiring tech companies to help access encrypted data”:

 The Lawful Access to Encrypted Data Act … calls for an end to “warrant-proof” encryption that’s disrupted criminal investigations. The bill was proposed by Sen. Lindsey Graham, chairman of the Senate Judiciary committee, along with Sens. Tom Cotton and Marsha Blackburn.

Lawmakers and the US Justice Department have long battled with tech companies over encryption. … The [DoJ] argues that encryption prevents investigators from getting necessary evidence from suspects’ devices and has requested that tech giants provide “lawful access.”

Giving access specifically to government agencies when requested is often referred to as an “encryption backdoor,” something tech experts and privacy advocates have long argued endangers more people than it helps. [But the bill] stops short of explicitly requesting … a backdoor, noting that the attorney general is prohibited from giving specific steps on how tech companies need to comply.

Security experts have long noted that this is an impossible request.

Never one to understate an issue, Mike Masnick mithers, “Senators Launch Full On Nuclear War Against Encryption”:

 It’s 51 pages of insanity that would effectively destroy privacy and security on the internet. This is five-alarm fire bad.

The announcement … includes all the usual “think of the children” nonsense, claiming that we can’t have encryption because some bad people might use it. … Head-bangingly wrong, but designed to do the usual tugging at the emotional strings.

The problems with this should be evident. … But the quick summary: installing a “backdoor” or “lawful access” to encrypted communications is not a simple technical problem. [It] literally breaks the encryption and opens up a huge host of other problems … each of which makes everyone less secure.

That’s … a lot of backdoors. Every Alexa device. Every smart TV. … Every phone. [And] a lot of websites.

This whole thing is so incredibly dangerous, and it’s not even clear that encryption is a real problem for law enforcement. … If they answer like Bill Barr by saying “smart techies can figure it out” they should have their views discounted for being idiots.

These three Senators (and the Attorney General) deserve mockery for a technically ignorant, totally clueless and dangerous bill that would … destroy both privacy and security, because some law enforcement agencies are too lazy to do their jobs.

What do lawyers think? Mark Rasch puts the case—“Recent Cases Question Backdoor Encryption”:

 Law enforcement raises the specter of unbridled pedophiles, child kidnappers, terrorists, drug gangs and organized crime running through the Information Superhighway. Human sacrifice, dogs and cats living together … mass hysteria!

The solution? A backdoor for encryption. … A magic backdoor. One which … can only be wielded by one who is pure of heart and worthy.

We have to decide whether we are willing to … weaken the security of everyone to be able to conduct surveillance on a few. Of course, that’s not how the Department of Justice would put it—the department believes there’s a magic technology that only works for good guys catching bad guys. That, I would love to see.

Such words. Many verbose. Wow. Philip Elmer-DeWitt calls it, “Lindsey Graham’s stupid bill”:

 Shameless political posturing built on a premise that is provably, mathematically false. To quote Tim Cook: “There is no such thing as a backdoor just for the good guys.”

Wait. Pause.? Shawn Willden retorts, “This is the wrong way to respond”:

 Anyone with a clue will recognize that the response is disingenuous. It absolutely is possible to create cryptographic schemes which encrypt to a “law enforcement access” (LEA) key, as well as to the intended recipients. … It doesn’t even add much complexity.

The problem isn’t with the encryption, the problem is with key management. … We don’t know how to … build a key management system that … allows law enforcement to execute hundreds of warrants every day [but] prevent [criminals] from using this access to … decrypt messages they shouldn’t be able to access.

And then … what would be the obvious response of criminals? To use an app that doesn’t provide LEA. Strong cryptography is universally and trivially available to everyone. You can’t put that cat back into the bag.

So respect Deputy Cartman’s authority (over similes):

 The phrase “limited encryption loopholes” makes as much sense as diet fried chicken or halal pork.

If they’re somehow able to pass this and get this abomination signed into law, I see anyone hosting data in the US suddenly treating it like I treat AWS’ China based regions; NOPE! and everyone flees. To say nothing of all US-hosted services which use or offer encryption moving operations to Europe, Australia, etc. … because otherwise no one will trust them.

But he has competition. Here’s Albert Fox Cahn—@FoxCahn:

 Banning strong #encryption to prevent cybercrime is dumber than:
burning books to stop spelling errors;
ending air travel to stop plane crashes; or
outlawing cars to stop getaway drivers.

Should we blame the party or just ignorant politicians in general? richj120 (no relation) is sorry:

 As a Republican, I apologize for the ignorance of the politicians elected. They do have big egos, and that seems to make them believe they can legislate just about anything.

Some ignorant FBI, Justice or other agent … has convinced them that the only way to encrypt something is through these companies, and that effective encryption can have a back door. It can’t, and all any legislation does is make the bad actors use a different encryption source and algorithm.

They jeopardise every bank transaction, make everyone insecure to those bad actors that want to steal our identities, and increase crime. Shame on the LEO’s and Government Bureauocrats.

There are more questions than answers. aerinai is asking more questions:

 So … they also want to break HTTPS? … A standard that has so many moving pieces that prevent a man-in-the-middle attack? And they want to redesign it to allow a blue-man-in-the-middle-attack?

My brain is melting trying to figure out how you do it without completely rewriting every security protocol we’ve developed over the last 40 years.

Meanwhile, pyrrho burns, victoriously:

 They’re just trying to free your speech! Because America!

And Finally:

Zen: Blockbuster and Chill

Hat tip: Seamus Bellamy

Previously in And Finally


You have been reading SB   by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: DonkeyHotey (cc:by)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 435 posts and counting.See all posts by richi