Tuesday, July 4, 2017

Don’t Steal
Governments
Hate the Competition
The Australian officials will demand that their surveillance partners join with them in a plan to force "service providers to ensure reasonable assistance is provided to law enforcement and security agencies" when spies and police want to read messages that have been encrypted. 
The encryption technologies under description are widely implemented in products and services that are often run by volunteer communities, or by companies who operate entirely outside 5 Eyes borders, but whose products can be used by anyone, anywhere in the world. 
Working encryption is how we ensure that malicious parties don't hack our voting machines, pacemakers, home cameras, telephones, banking systems, power grids, and other key systems.  
There is no way to make working cryptography that can defend these applications against "bad guys" but fail catastrophically the moment a police officer or spy needs to defeat them. 
That’s a technical argument, and it’s a good one, but you don’t have to be a cryptographer to understand the second problem with back doors: 
Security services are really bad at overseeing their own behavior. 
Once these same people have a back door that gives them access to everything that encryption protects, from the digital locks on your home or office to the information needed to clean out your bank account or read all your email, there will be lots more people who’ll want to subvert the vast cohort that is authorised to use the back door, and the incentives for betraying our trust will be much more lavish than anything a tabloid reporter could afford. 
If you want a preview of what a back door looks like, just look at the US Transportation Security Administration’s “master keys” for the locks on our luggage. Since 2003, the TSA has required all locked baggage travelling within, or transiting through, the USA to be equipped with Travelsentry locks, which have been designed to allow anyone with a widely held master key to open them. 
What happened after Travelsentry went into effect? Stuff started going missing from bags. Lots and lots of stuff. A CNN investigation into thefts from bags checked in US airports found thousands of incidents of theft committed by TSA workers and baggage handlers. And though “aggressive investigation work” has cut back on theft at some airports, insider thieves are still operating with impunity throughout the country, even managing to smuggle stolen goods off the airfield in airports where all employees are searched on their way in and out of their work areas. 
Making it possible for the state to open your locks in secret means that anyone who works for the state, or anyone who can bribe or coerce anyone who works for the state, can have the run of your life. 
Cryptographic locks don’t just protect our mundane communications: cryptography is the reason why thieves can’t impersonate your fob to your car’s keyless ignition system; 
It’s the reason you can bank online; and it’s the basis for all trust and security in the 21st century.
 DYI

No comments:

Post a Comment