![\"Mercutio\"](\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/b\/bc\/Death_of_Mercutio.png\")
I like to say that engineers make lousy politicians and politicians make lousy engineers.\u00a0 When we each try to do the other one’s job, it’s time to admit that we have a problem.<\/p>\nI like to say that engineers make lousy politicians and politicians make lousy engineers.\u00a0 When we each try to do the other one’s job, it’s time to admit that we have a problem.<\/p>\n
Even before the Paris attacks, the British Prime Minister David Cameron was already reacting to Apple and Google refusing to hold in escrow encryption keys necessary to decrypt data on their devices.\u00a0 In the wake of those attacks, the UK, the FBI and CIA directors have increased the drum beating<\/a>.\u00a0 At the same time, some members of the technical community have come to conclude that the sun shines out of the posterior of Edward Snowden<\/a>, and that all government requirements are illegitimate.\u00a0 This came to a remarkable climax in July when Snowden appeared at an unofficial event<\/a> at the\u00a0 Internet Engineering Task Force\u00a0 (IETF<\/a>) meeting in Prague.<\/p>\n A lot of the current heat being generated is over the notion of key escrow, where someone holds encryption keys such that private communications can be accessed under some circumstances, such as life or death situations or when a crime has been committed.<\/p>\n Now is the perfect time for both sides to take a deep breath, and to take stock of the current situation.<\/p>\n 1. We cannot say whether any sort of encryption rules would have prevented the Paris attacks.<\/strong><\/p>\n There are conflicting reports about whether or not the terrorists used encryption.\u00a0 What might have been is impossible to know, especially when we do not intimately know the decision makers, at least some of whom are now dead.\u00a0 We do know that Osama bin Laden refused to use a cell phone long before any of the Snowden revelations were made.\u00a0 He knew that he was being watched, and he knew that he had a technical disadvantage as compared to the U.S. eyes in the sky.\u00a0 It is a sure bet that even if these attackers didn’t use encryption, some attackers in the future will.<\/p>\n On the other hand, we also know that people tend to not secure their communications, even when the ability to do so is freely available.\u00a0 As a case and point, even though it has been perfectly possible to encrypt voice and email communications for decades, both continue to this day, and have been instrumental in unraveling the Petrobras scandal<\/a> that rattled the Brazilian government.<\/p>\n 2.\u00a0 Encryption is hard.<\/strong><\/p>\n We’ve been trying to get encryption right for many decades, and still the best we can say is that we have confidence that for a time, the best encryption approaches are likely to be secure from casual attacks, and that is only when those approaches are flawlessly implemented.\u00a0 A corollary to this point is that almost all software and hardware programs have vulnerabilities.\u00a0 The probability of discovery of a vulnerability in any<\/strong> deployed encryption system approaches 100% over time.\u00a0 Knowing this, one test policy makers can apply regarding key escrow is whether they themselves would be comfortable with the inevitability that their most private personal communications being made public, or whether they would be comfortable knowing that some of their peers at some point in the future will be blackmailed to keep their communications private.<\/p>\n To make matters worse, once a technology is deployed, it may be out there for a very long time.\u00a0 Windows 95 is still out there, lurking in the corners of the network.\u00a0 It’s important to recognize\u00a0 that any risk that legislation introduces may well outlast the policy makers who wrote the rules.\u00a0 Because we are dealing with the core of Internet security, a “go slow and get it right” approach will be critical.<\/p>\n 3.\u00a0 There are different forms of encryption, and some are easier to \u201cback door\u201d than others.<\/strong><\/p>\n When we speak of encryption let us talk of two different forms: encryption of data in flight, such as when a web server sends you information or when you and your friends communicate on Skype<\/a>, and encryption of data at rest, such as the files you save on your disk, or the information stored in your smart phone or tablet.\u00a0 Many enterprises implement key escrow mechanisms today for data at rest.<\/p>\n Escrowing keys of data in flight introduces substantial risks.\u00a0 Each communication uses session keys that exist for very short periods of time, perhaps seconds, and then are forgotten or destroyed.\u00a0 Unlike data at rest, escrowing of keys for encryption of data in flight has\u00a0not<\/em> been done at scale, and has barely been done at all<\/em>.\u00a0 To retain such keys or any means to regenerate them would risk allowing anyone \u2013 bad or good \u2013 to reconstruct communications.<\/p>\n 4.\u00a0 Engineers and scientists are both advisers and citizens.\u00a0 Policy makers represent the People.<\/strong><\/p>\n It has been perfectly possible for Russia and the United States to destroy the world several times over, and yet to date policy makers have stopped that from happening.\u00a0 Because something is possible doesn’t necessarily mean it is something we do.\u00a0 Even for data at rest, any time a private key is required anywhere<\/em> in the system it becomes a focal point for attack.\u00a0 But new functionality often introduces fragility.\u00a0 The question of whether it is worth fragility is inherently political and not<\/em> technical.<\/p>\n The technical community that consists of scientists and engineers serve a dual role when it comes to deciding on the use of technology for a given purpose.\u00a0 First, they can advise policy makers as to the limits and tradeoffs of various technology.\u00a0 Members of the technical community are also citizens who have political views, just like other citizens.\u00a0 It’s important for that they make clear which voice they are speaking with.<\/p>\n Professor Lawrence Lessig famously wrote<\/a> that code (as in computer code) is law.\u00a0 While it is true in a natural sense that those who develop the tools we use can limit their use by their design, it is also the case that, to the extent possible, in a democratic society, it is the People who have the last word on what is law.\u00a0 Who else should get to decide, for instance, how members of society behave and how that behavior should be monitored and enforced?\u00a0 Who should get to decide on the value of privacy versus the need to detect bad behavior?\u00a0 In a democracy the People or their elected representatives make those sorts of decisions.<\/p>\n 5.\u00a0 Perfect isn’t the goal.<\/strong><\/p>\n Any<\/strong> discussion of security by its very nature involves risk assessment.\u00a0 How much a person spends on a door lock very much depends on the value of the goods behind the door and the perceived likelihood of attacker trying to open that door.<\/p>\n Some people in the technical community have made the argument that because bad guys can re-encrypt, no escrow solution is appropriate.\u00a0 But that negates the entire notion of a risk assessment.\u00a0 I suspect that many law enforcement officials would be quite happy with an approach that worked even half the time.\u00a0 But if a solution only works half the time, is it worth the risk that is introduced by new components in the system that include new central stores for many millions of keys?\u00a0 That is a risk assessment that needs to be considered by policy makers.<\/p>\n 6.\u00a0 No one is perfectly good nor perfectly evil.<\/strong><\/p>\n By highlighting weaknesses in the Internet architecture, Edward Snowden showed the On the other hand, while it is beyond an open secret that So What Is To Be Done?<\/strong><\/p>\n History tells us that policy made in a crisis is bad.\u00a0 The Patriot Act is a good example of this.\u00a0 So too was the internment of millions of Americans of Japanese descent in World War II.\u00a0 The birth of the Cold War gave birth of a new concept: McCarthyism.<\/p>\n And so my first<\/strong> bit of advice is this: let’s consult and not confront one another as we try to find solutions that serve the interests of justice and yet provide confidence in the use of the Internet.\u00a0 Policy makers should consult the technical community and the technical community should provide clear technical advice in return.<\/p>\n Second<\/strong>, let’s acknowledge each others’ expertise: people in law enforcement understand criminology.\u00a0 The technical community understands what is both possible and practicable\u00a0 to implement, and what is not.\u00a0 Policy makers should take all of this into account as they\u00a0 work with each of these communities and their constituents to find the right balance of interests.<\/p>\n Third<\/strong>, let’s recognize that this is going to take a while.\u00a0 When someone asserts that something is impossible or impracticable, we are left with research questions.\u00a0 Let’s answer them.\u00a0 Let’s be in it for the long haul and invest in research that tests what is possible and what is not.\u00a0 While not ultimate<\/em> proof, researching various approaches will expose their strengths and weaknesses.\u00a0 Ultimate proof comes in the form of experience, or as my friends in the IETF like to say, running code.\u00a0 Even if we get beyond the technical issues involved with escrow, policy makers will have to answer the question as to who gets to hold the keys such that people can be reasonably assured that they’re only being released in very limited circumstances.\u00a0 That’s likely to be a challenging problem in and of itself.<\/p>\n Fourth<\/strong>, the law of unintended consequences applies.\u00a0 Suppose policy makers find common cause with a specific group of countries.\u00a0 The other countries are still going to want a solution.\u00a0 How will businesses cater to one group of countries but not another?\u00a0 Policy makers need to be aware that any sort of key escrow system may put businesses in an impossible situation.<\/p>\n Finally I would be remiss if I didn’t make clear that everyone has a stake in this game.\u00a0 Citizens are worried about privacy; governments are worried about security; industry is concerned about delivering products to market in a timely fashion that help the Internet grow and thrive.\u00a0 Bad guys also have interests.\u00a0 Sometimes we end up assisting them when we strike balances.\u00a0 What is important is that we do this consciously, and that when necessary, we correct that balance.<\/p>\n","protected":false},"excerpt":{"rendered":" I like to say that engineers make lousy politicians and politicians make lousy engineers.\u00a0 When we each try to do the other one’s job, it’s time to admit that we have a problem. Even before the Paris attacks, the British Prime Minister David Cameron was already reacting to Apple and Google refusing to hold in … Continue reading “Closing the Cultural Chasm on Crypto”<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,87,4,9],"tags":[504,505],"class_list":["post-1813","post","type-post","status-publish","format-standard","hentry","category-humanity","category-internet","category-politics","category-security","tag-crypto","tag-escrow"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1813"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1813\/revisions"}],"predecessor-version":[{"id":1858,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1813\/revisions\/1858"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Screen](\"https:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2015\/11\/Screen-Shot-2015-11-19-at-2.47.37-PM-300x201.png\")
RFC 1984<\/a> famously makes the point that there is an inherent challenge with key escrow, that if one country mandates it, then other countries can also mandate it; and that there will be conflicts as to who should hold the keys and when they should be released.\u00a0 Those questions are important, and they are inherently political as well.\u00a0 To the left is a Venn diagram of just a handful of countries- the United States, Iran, China, and France.\u00a0 Imagine what that diagram would look like with 192 countries.<\/p>\n![\"Edward](\"https:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2015\/11\/Screen-Shot-2015-11-19-at-3.09.32-PM.png\")
technical community that we had not properly designed our systems to withstand pervasive surveillance.\u00a0 Whether we choose to design such a system is up to us.\u00a0 The IETF is attempting to do so, and there is good reason for that logic: even if you believe that the NSA is full of good people, if the NSA can read your communications, then others can do it as well, and may be doing so right now.\u00a0 And some of those others are not likely to fit anyone’s definition of “good”.<\/p>\n![\"A](\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/7\/7f\/Fallen_angels_belial_francis_barrett_the_magus.jpg\")
governments spy on one another, Snowden’s release of information that demonstrated that we were successfully spying on specific governments did nothing more than embarrass those governments and harm U.S. relations with their leaders.\u00a0 Also, that the NSA’s capability was made public could<\/em> have contributed to convincing ISIS to take stronger measures, but as I mentioned above, we will never know.<\/p>\n