Professional Documents
Culture Documents
Regulating Encryption Legalizing Spies
Regulating Encryption Legalizing Spies
your own.
The two main fronts one is the push to weaken and regulate encryption and the other is to legalize it
Many countries are talking about implementing policies that limits encryption and policies to legitimize
And in fact by the time you listen to this because it's moving so fast in your particular country things
may have changed and it may now be more legal to spy on you and encryption may be regulated to a
further
extent this regulation and mandating of insecurity and legalised spying is going on in many places United
The UK has got the data communications bill which includes recording 12 months of Internet history and
the Orwellian measures.
You have whatsapp being banned for 48 hours in Brazil because of the encryption by the government.
India India has some very strong ideas on limiting encryption Kazakstan legally requiring back doors
It cannot be banned.
The horse has already left the stable it's been created.
It cannot be weakened just for a terrorist or a criminal or for someone who you want to have weak
encryption.
Those people will just use the strong encryption that's already out there and everyone else will be
stuck with weakened security and weakened encryption because they're forced to use the weakened
grips.
If it is weakened or back doored is weakened for everyone including the hackers trying to compromise
our systems something like this was actually tried already as the crypto wars in the 1990s something
called the Clipper Chip was proposed by the U.S. government and the floor was found in it.
And luckily there was no widespread adoption because this chip was going to be put into you know
every
So the government could bypass encryption and look at what it is you were doing.
So if that had happened that would have been a complete disaster because of the vulnerability that was
found.
Terrorists and criminals will continue to use strong encryption even if normal citizens are banned.
And to add to all that we have no feasible technical way of achieving this.
Unfortunately all of this stuff is perhaps too complicated for people to really grasp.
Those people that make decisions on these things or maybe they do understand it but because of
political
This is Matt Bley speaking to a U.S. congressional committee on the feasibility of these plans.
Dr. Blix.
Five minutes.
As a technologist I'm finding myself in the very curious and participating in a debate over the desirability
of something that sounds wonderful which is security systems that can be bypassed by the good guys
but
that also reliably the bad guys out and we could certainly discuss that.
But as a technologist I can't ignore this stark reality which is simply that it can't be done safely.
And if we make wishful policies that assume and pretend that we can there will be terrible consequences
So it would be difficult to overstate today the importance of robust reliable computing and
communications
Modern computing and network technologies are obviously yielding great benefits to our society and we
are depending on them to be reliable and trustworthy in the same way that we depend on power and
water
But unfortunately software based system is the foundation on which all of this modern communications
technologies is based are also notoriously vulnerable to attack by criminals and by hostile nation states
large scale data breaches of course are are literally a daily occurrence and this problem is getting
worse rather than better as we build larger and more complex systems and it's really not an exaggeration
to characterize the state of software security as an emerging national crisis.
And the sad truth behind this is that computer science my field simply does not know how to build
complex
And this is not a new problem it has nothing to do with encryption or modern technology.
It's been the central focus of computing research since the dawn of the programmable computer.
And as new technology allows us to build larger and more complex systems the problem of ensuring
their
reliability becomes actually exponentially harder with more and more components interacting with each
other.
So as we integrate in secure vulnerable systems into the fabric of our economy the consequences of
those
Large systems are fundamentally risky and this is something that we can at best manage rather than
than
fix outright.
There are really only two known ways to manage the risk of unreliable and in secure software.
One is the use of encryption which allows us to process sensitive data over in secure media and in secure
And the other is to design our software systems to be as small and as simple as we possibly can to
minimize
the number of features that a malicious attacker might be able to find flaws to exploit.
And this is why proposals for law enforcement access features frighten me so much cryptographic
systems
are among the most fragile and subtle elements of modern software.
We often discover devastating weaknesses in even very simple cryptographic systems years after they're
designed and fielded with third party access requirements to do is take even very simple problems that
we don't really know how to solve and turn them into far more complex problems that we really have no
could do it.
But it's a notoriously and well-known difficult problem we've found subtle flaws even in systems
designed
Two decades ago and even if we could get the cryptography right we'd be left with the problem of
integrating
access features into the software design and requiring designers to design around third party access
requirements will basically undermine our already tenuous ability to defend against attack.
It's tempting to frame this debate as being between personal privacy and law enforcement.
We just can't do what the FBI is asking without seriously weakening our infrastructure.
Congress faces a crucial choice here to effectively legislate mandatory insecurity in our critical
infrastructure
or recognize the critical importance of robust security in preventing crime in our increasingly connected
world.
And it's from a number of top crypto experts including some of the people that actually design the crypt
that we're going to talk about on the course on why mandating insecurity is a bad idea.
Give the readers your homework and other quick Darkman that you can read is the case against
regulating
encryption technology.
And this is a good read this is the nine epic failures of regulating encryption.
It was a great report to give you an idea of the number of crypto products out there by Bruce Schneier.
This is world wide survey of encryption products give the google the PTF version which is here.
There's also an Excel version that excels pretty cool because you can sort by the type so you can look
all the different of crypto products and maybe where we get to those sections and those products you
can see all the ones that are out there it finds 865 hardware and software products and co-option
encryption
from 55 different countries so obviously if you have a law in one country something affects all the
other countries and you know people who do use the crypto from whichever country they choose to use
it for them let's move on to the legalization of spying and mass surveillance.
Now I think we can start with some quotes from Edward Snowden So we have here arguing that you
don't
care about the right to privacy because you have nothing to hide.
It's no different than saying you don't care about free speech because you have nothing to say.
The burden of justification falls on the ones seeking to infringe upon the right.
If one person chooses to disregard his right to privacy that doesn't automatically mean everyone should
follow suit.
Either you can't give away the rights of others because they're not useful to you.
More simply the majority cannot vote away the natural rights of the minority.
My view is this.
When people know they will be watch they are being spied on.
Terrorists want us to lose our freedom by creating mass surveillance to prevent terrorism by creating
mass surveillance infrastructure.
But the counter-argument to this is that we will be more secure from mass surveillance will be more
The former head of the NSA global intelligence gathering operations Garko old Bill Binney.
He says that mass surveillance interferes with the government's ability to catch bad guys and that the
The Boston bombing the Texas shooting and other terrorist attacks because it was overwhelmed with
data
For me the issue of mass surveillance is about giving away too much power to a government.
Key questions to consider and ask can you trust all the people government offices agencies companies
and contractors with your personal and private data gathered through this mass surveillance.
Can you trust that they will always have your best interests at heart and that they will act justly
This new power that they will have and not just now but in the future and with your children because
This data will be kept and any slight deviation from what is considered acceptable could be used against
If mass surveillance is going on during that political movement how would it affect a political change
Would civil rights have happened much slower more violently because of the mass surveillance.
Or would it have been crushed completely so they wouldn't even exist now if we had mass surveillance.
Things to consider.
Also consider donating to some of these privacy causes.
If privacy is something that you are particularly interested in and passionate about regulating encryption
mandating insecurity and legalizing spying is unfortunately an active threat that's potentially on your
If your ability to use encryption is reduced then your security will be reduced as well and you will