Encryption: Roars from Stage Left

Let us subject today's Times Story "13 Aged Cryptographers Lament" to a little scrutiny.   It (or its subject) looks  like something sculpted up to fit an agenda, not a complete assessment of the problem.  Start with two reference points:

-- No system is impenetrable.  We are talking about how much it costs to get in. Raising the cost of hacking is a good goal, but this will never be a risk free environment.

-- Nobody will use encryption when they know a third party can get access to their communications.  Most people don't know what happens to their data now, and I'm not sure most of them care.

-- Much of what drives the debate is not keeping government out, it's keeping the US government out, reflecting a larger distrust (and willful ignorance of foreign activities and intentions).

The encryption debate is about a trade.  More crypto makes American communications and data more secure, but it increases the risk of criminal or terrorist action.  How much is open to debate.  My sense is that we gain more than we lose for national security by letting people use encryption, but this doesn't come without risk and if there is someway to mitigate that risk (noting point two above) we should do it.

The cryptos opine that after OPM, we can't trust government to hold the keys.  A better way to say this is that after big tech companies, banks, and giant retailers have been routinely hacked and tens of millions of records swiped, nobody is particularity good at security.   If you use a reliable cloud service provider, if you worked with them on a secure architecture, you encrypt your data and use strong authentication for access to it and the keys, you're probably safe.  So the answer to how can agencies securely hold keys is they should outsource it.  The literary reference is to Harry Potter and the character who roared 'Constant Vigilance!" to defend from the dark arts.  Most amateurs and many companies aren't up to this when it comes to networks.  

Note that data held by government agencies other than OPM wasn't lost, so maybe we should stop talking about "gummint" as if it was a single entity. 

The cryptos  argue that if the US pursues government access, other countries will do the same.  They really need to get out more.  Other countries will do what they want, and if the US does something, it will just be used as justification for what they would have done anyway.   It should not be a surprise to learn that some foreign encryption products may already have back doors for government access.  Government mandated back doors are risky, because there is a chance that a skilled foreign opponent will find them.   Opponents with less to lose than the US think that taking this risk in order to gain more access (if only to those resident in their country) is a good trade. 

This points to an unhappy fact.  FBI, which is a very law abiding agency, has trouble dealing with encryption because it follows the rules.   There are other parties who aren't so scrupulous about rule-breaking.  They (think of foreign intelligence agencies) won't scruple to bribe your cleaning crews, purloin your device, rig it, and return it,  or sit in the airport and wait for you to use the wireless connection in some lounge.  These are basic tricks.  Intelligence agencies won't waste their time on Sam the Citizen - they weren't looking at the average user anyhow - but if you are of interest they will make the effort.  There is always a point between your eyeballs and the eyeballs at the other end of the network where the traffic is unencrypted, and somewhere in that chain there are opportunities.  As in the 1990s, access is an engineering problem and with enough time and money, those who are in now will get back in. 

The story notes that this group takes credit for defeating proposals for government access in the 1990s.   The Snowden leaks make clear that they didn't block government access, they were just persuaded to think that they had.  The years after their victory were a golden age for sigint, for NSA, but also for FSB, PLA and others.   This is usually conveniently ignored in the surveillance critique, because crypto-libertarians have no ability to influence these external parties and are unwilling to admit they were hoodwinked.  

Being snarky to western governments doesn't make networks more secure, and we should not pretend that keeping FBI out is a victory if people have not much more privacy after than they did before.   Knowing that only four countries are reading your traffic instead of five, and that the one you've blocked was the only one subject o oversight and rules, is a bit too Pyrrhic for me. 

If you talk about encryption with other countries, you learn that most regard espionage as a sovereign prerogative exercised without the need for oversight, there are very few protections for their own citizens and none for foreigners, and that if necessary they will exploit physical access or anything else to overcome defenses.  They are reluctant to negotiate constraints on their action, and they dislike encryption.  Only if there is some honest international agreement on privacy can we expect to reduce the problem of government access to private data.  This would  have to into account law enforcement needs and the reality that there will always be spying, and it would need to be much less hypocritical about foreign espionage than the NSA surveillance debate.  Reaching agreement on data protection would be difficult, but not impossible and it's ultimately necessary for a world connected by one big network.  The alternative to a rule based approach, the geek dream that some technology will make you secure, is an illusion.