Why Are We Fighting the Crypto Wars Again? — Backchannel — Medium

Why Are We Fighting the Crypto Wars Again?

The iPhone Crisis reignited a conflict that should have been settled in the 90s. The loser is our national security.

https://backchannel.com/why-are-we-fighting-the-crypto-wars-again-b5310a423295#.m4ysbpcv1

Posted from WordPress for Android

6 Comments

  1. Tomi Engdahl says:

    Steven Levy / Backchannel:
    US government reigniting the crypto wars of the 90s as tech companies implement strong encryption by default post-Snowden
    https://backchannel.com/why-are-we-fighting-the-crypto-wars-again-b5310a423295#.ezcv8a3wb

    Reply
  2. Tomi Engdahl says:

    New York Times:
    Some key Apple engineers tell NYT they would refuse to undermine iPhone security to help the FBI, or even quit — Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist — If the F.B.I. wins its court fight to force Apple’s help in unlocking an iPhone …

    Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist
    http://www.nytimes.com/2016/03/18/technology/apple-encryption-engineers-if-ordered-to-unlock-iphone-might-resist.html?_r=0

    If the F.B.I. wins its court fight to force Apple’s help in unlocking an iPhone, the agency may run into yet another roadblock: Apple’s engineers.

    Apple employees are already discussing what they will do if ordered to help law enforcement authorities. Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created, according to more than a half-dozen current and former Apple employees.

    The potential resistance adds a wrinkle to a very public fight between Apple, the world’s most valuable company, and the authorities over access to an iPhone used by one of the attackers in the December mass killing in San Bernardino, Calif.

    It also speaks directly to arguments Apple has made in legal documents that the government’s demand curbs free speech by asking the company to order people to do things that they consider offensive.

    “It’s an independent culture and a rebellious one,”

    Reply
  3. Tomi Engdahl says:

    Sen. Lindsey Graham Demands That Silicon Valley Offer Backdoors to Its Encrypted Information
    http://recode.net/2015/12/09/sen-lindsey-graham-demands-that-silicon-valley-offer-backdoors-to-its-encrypted-information/

    Republican South Carolina Sen. Lindsey Graham renewed his calls on technology companies to give law enforcement entry into its encrypted information to fight terrorism. His message to Silicon Valley: “Change your business model tomorrow.”

    Graham said encryption on consumer devices is leaving the U.S. vulnerable to attacks. He cited an incident from May of this year when two gunmen opened fire outside a Prophet Muhammad cartoon contest in Garland, Texas. The FBI argued encryption stymied the probe.

    “Here is my message to Silicon Valley,” Graham said. “Change your business model tomorrow.”

    The senator’s challenge isn’t new, but the terror attacks in San Bernardino and Paris, just weeks apart, have heightened the rhetoric, with encryption coming to the forefront. Still, critics argue the tech industry itself has become a convenient political mark.

    Apple, Google and Facebook have all been under mounting pressure to create backdoor keys that would allow law enforcement access to encrypted communications. The companies maintain that this change would make consumers vulnerable to hackers and cyber crime.

    Reply
  4. Tomi Engdahl says:

    ISIS urges fighters in Belgium to use encryption in wake of Brussels attacks
    http://www.dailydot.com/politics/brussels-isis-focus-telegram/

    Minutes after the Islamic State claimed responsibility for deadly terror attacks in Brussels on Tuesday, the militant group’s cybersecurity experts began advising jihadists still in Belgium on how to stay safe and beat police and intelligence investigations.

    Reply
  5. Tomi Engdahl says:

    This war on math is still bullshit
    http://techcrunch.com/2016/03/26/this-war-on-math-is-still-bullshit/?ncid=rss&cps=gravity_1462_7875794000089808195

    In the wake of Paris, San Bernardino, and now Brussels, the encryption debate has become such a potent cocktail of horror, idiocy, and farce that it has become hard to tease out any rational threads of discussion. There is so much stupidity that I hardly know where to begin; but let’s start with the farce. Everybody loves a farce, right?

    To recap: immediately after the San Bernardino attack, the FBI acquired the attacker’s work phone, which (unlike his personal phone) he had not bothered to destroy, and promptly locked themselves out of it. Months later, they / the San Bernardino DA decided to try to use the 200-year-old All Writs Act to force Apple to hack into it, claiming — I am not making this up —

    ” The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino’s infrastructure”

    Can we all just pause for a moment to bask, once again, in the breathtaking idiocy of that statement?

    So did sanity return to the discussion? Did it hell. First, word broke out that the US government is seriously considering attempting to legally force WhatsApp to cripple its end-to-end encryption in the name of wiretaps

    Then, days after the awful attacks on Brussels, the New York Times — which had previously published-and-then-retracted quotes from anonymous sources who (completely wrongly) blamed the Paris attacks on encryption

    Let me explain. First, many of my pro-encryption, anti-back-door allies are arguing from a nakedly American-libertarian, government-oversight-is-bad stance.

    And, indeed, if we were to have back doors / escrowed keys, I prefer his partner Albert Wenger’s approach — a unique key for every single device — to a master “golden key” that would open everything. (This doesn’t mean I think that this is remotely a good idea, though;

    Second, my pro-encryption allies keep yammering on, loudly and pointlessly, about how what’s happening today is just another version of the “crypto wars” that were fought in the 90s. That may well be the case.

    What we should be talking about, loudly and ceaselessly, is the fact that even if the tech industry did give the government everything they wanted, this would be completely ineffective. We need to explain this as often as we can

    encryption is not a munition

    Anyone who wants strong end-to-end encryption can get it, for free, with very little effort. Some people seem to have a misconception that Apple’s encryption is especially strong. It isn’t. The state-of-the-art of end-to-end encryption software is Signal, which is free and open-source. (WhatsApp adopted their technology.)

    The day Apple allows any government to insist on back doors is the day every remotely competent bad actor in the world switches to third-party encrypted apps which require their own separate access codes.

    Any attempt to fight encryption with back doors is Whack-a-Mole with an infinite number of moles, unless the powers that be are willing to expand it into an all-out war on general-purpose computing.

    But guess who will be affected by back doors on default / widely used messaging systems? Everyone else who uses them — ie all the innocent ordinary people — because adding back doors, again by definition, hurts everyone’s security. (There is a long, sad, compelling history of “secure” back doors ultimately being used for unauthorized access. Even mighty Google has been successfully attacked in that way — by the Chinese, no less.)

    et’s focus on how encryption is merely math, which anyone can do, and let’s explain how world-class “military-grade” implementations of that math are already available, for free, to anyone and everyone.

    Reply
  6. Tomi Engdahl says:

    The Strange Origins of TrueCrypt, ISIS’s Favored Encryption Tool
    http://www.newyorker.com/news/news-desk/the-strange-origins-of-truecrypt-isiss-favored-encryption-tool

    On Tuesday, the Times reporter Rukmini Callimachi published the latest in a series of blockbuster stories about the inner workings of the Islamic State. The piece focussed on the logistics of the group’s deployment of terrorists in Europe, but also included a significant revelation in an ongoing debate about encryption. In ISIS’s training and operational planning, Callimachi reported, the group appeared to routinely use a piece of software called TrueCrypt. When one would-be bomber was dispatched from Syria to France, Callimachi writes, “an Islamic State computer specialist handed him a USB key. It contained CCleaner, a program used to erase a user’s online history on a given computer, as well as TrueCrypt, an encryption program that was widely available at the time and that experts say has not yet been cracked.”

    TrueCrypt and programs like it were the primary means for securing files and disks by those with a privacy bent of whatever stripe. Free to download and relatively user-friendly, TrueCrypt has been considered by experts to be among the strongest file-encryption programs available, since its release in 2004.

    Without the user’s password, the software has long been viewed as uncrackable. Included in the information that Edward Snowden provided to Glenn Greenwald, Laura Poitras, and other reporters in 2013 was a document showing that the National Security Agency had “major problems” breaking TrueCrypt.

    The genesis of TrueCrypt turns out to be as full of intrigue as the uses of it. The encryption software came up in my own reporting, in a story I’ve been researching for two years about a programmer named Paul Le Roux, who built a global drug, arms, and money-laundering cartel out of a base in the Philippines.

    Both E4M and its progeny, TrueCrypt, are “open source” software. Their code is available to anyone to examine or to build upon, with some restrictions. The developers who expanded upon E4M to improve and maintain TrueCrypt over the years have remained anonymous. “The origin of TrueCrypt has always been very mysterious,”

    In May, 2014, however, the anonymous developers behind TrueCrypt abruptly announced on their Web site that they would no longer support—or vouch for the security of—the software. Theories abound in the encryption community as to why

    TrueCrypt shows is how impractical those back doors and requests are. TrueCrypt is an open-source program, maintained by mysterious, anonymous developers who are generally assumed to be outside the U.S. They likely have no legal incentive to help any government, and every practical incentive not to.

    We now know that the original creator of E4M was not a company looking to curry favor with the U.S. government, but a man who went on to become one of its most wanted criminals. Negotiating back doors with such developers is almost certainly not an option. And TrueCrypt is just one of many open-source encryption programs available.

    In 2015, Green and some colleagues completed a security audit of TrueCrypt, concluding that, the developers’ shutdown notwithstanding, the software remained secure from back doors or cracking. ISIS certainly seems to think so.

    How ISIS Built the Machinery of Terror Under Europe’s Gaze
    http://www.nytimes.com/2016/03/29/world/europe/isis-attacks-paris-brussels.html?_r=0

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*