safe computing – weak case for weakening encryption

You cannot strengthen the weak by weakening the strong.

William J. H. Boetcker

This quote has been often misattributed to Abraham Lincoln.  This is actually a very relevant thought with the respect to economics.  Indeed you cannot improve everybody’s lot in life by taking from the economically strong no matter how well intentioned your goals are.

I think that this particular quote is even more meaningful with respect to improving privacy and encryption.

Some of the forward thinking political types think that in the very near future all communications will be using encryption.  They also believe that this will destroy the ability of governments to gather intelligence of evil doings.  The “Five Eyes” are at the minimum hoping that silicon valley can find a way that will support the interests of privacy and security.

The desire of these countries sounds very positive but to some ears that sounds like creating a solution that will allows the “protectors” to read encrypted solutions in situations when it is “important”.  This last sentence when properly parsed will actually mean that some backdoor will exist to allow the governments of the world (and any really clever hackers) access to your communications.

That wouldn’t be so bad except the history of man is full of situations where people abuse their positions of power.  Who wants to send out private communications knowing that some government wonk, perhaps your ex-husband, could access your messages with the universal iPhone decryption key.

That would be worrying enough but the world is filled with malicious players.  People interested in looking at more than little text messages you sent to someone special.  They would be taking advantage of weaker communication standards to eavesdrop on our financial transactions.

Weak encryption solves problems. Right?

Every time I read about governments wanting weaker encryption I think back to a specific Dilbert cartoon.  The pointy haired boss is explaining about earnings reports and how they need to be smooth for lazy analysts – the same is true for encryption.  No encryption or easily breakable encryption makes it a lot easier for security agencies to examine messages.  Yet does this really catch more plots?

Weaker standard encryption doesn’t mean that attacks will then be caught before they take place.  People can only be caught doing bad things if they are in constant communication about their plans, someone is listening in and important details are being shared.  Wouldn’t this have helped for some of the terrible incidents that have occurred in the past such as 9/11, London bombings, or Madrid bombings?

Having no encryption at all might not have made any difference at all, assuming that any encryption was used for those incidents.  In the spy novels, action adventure books and other thrillers the bad guys don’t coordinate these things long distance.  Sure, the big boss might know that a special unit has a given mission at a certain location but that is usually it. There is no communication.

Terrorist groups, well the really successful ones, appear to plan an attack and then let that unit deal with the details of the attack.  They don’t appear to be remotely controlled by their organizers.

Recent digital access is an anomaly

It is only the last twenty or so years that the masses have been sending emails and cat pictures through the ether to a recipient.

In the distant past it was possible to listen in on the telegraphs that were being transmitted.  In the recent past it was possible to have phone conversations, and it was also possible that they could also be listened in on.  However, for most of the last 100 years it has not been possible to have a permanent exact replica of every message sent or received so that they can be replayed and stored for future use.

This relatively recent access has been most undoubtedly incredibly helpful for the security services and it is understandable why they are addicted but this is not the normal state over the last century.  The ability to retroactively look through a previously encrypted phone is probably more desirable for prosecution in a case after the fact to help prove intent.

Even if all phones were unencrypted, the issue of bad people using prepaid phones would make the argument moot.  Clever criminals and terrorists would use these phones for very small transmissions of reasonably innocuous messages.

A case of Hubris

It is pure hubris to believe that only the existing security services of the large countries are capable of creating a method or cipher that cannot be broken.

Do the security services really believe that if they weaken the encryption solutions that they are the only ones who can come up secure solution?  Of course not every code slinger can create a flawlessly secure solution but there a lot of different types of other known solutions that can easily be used.

substitution cipher

public key cryptography

one time pad

Steganography

It would obviously be much easier for less talented criminals or terrorists if their Apple phone or Android phone had built in end to end encryption but any of these other methods could be used to keep secrets.

These methods are all known by the authorities so they would only keep secrets for a certain period of time but depending on the situation the secrets might only need to be kept long enough to do bad things.

Cryptography is not a secret

The internet is full of information about encryption but it isn’t even necessary to go to those lengths.  You can purchase books from Amazon about encryption.  I started to count the but there were so many books to choose from.  They all looked pretty good to me.

Besides, people are creative when trying to find a method of keeping secrets.  Good methods can be developed by prisoners much to the chagrin of their keepers.

 

Oh, here is the original quote in context.

You cannot bring about prosperity by discouraging thrift. You cannot help small men by tearing down big men. You cannot strengthen the weak by weakening the strong. You cannot lift the wage-earner by pulling down the wage-payer. You cannot help the poor man by destroying the rich. You cannot keep out of trouble by spending

William J. H. Boetcker

 

This entry was posted in Soapbox and tagged , , . Bookmark the permalink.