{"id":1983,"date":"2016-08-30T21:32:04","date_gmt":"2016-08-30T20:32:04","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=1983"},"modified":"2016-08-30T21:32:04","modified_gmt":"2016-08-30T20:32:04","slug":"comey-and-adult-conversations-about-encryption","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=1983","title":{"rendered":"Comey and Adult Conversations About Encryption"},"content":{"rendered":"<p>AP and others are reporting that FBI director James Comey has asked for \u201can adult conversation about encryption.\u201d As I\u2019ve previously <a href=\"https:\/\/www.ofcourseimright.com\/?p=1863\" target=\"_blank\">opined<\/a>, we need just such a dialog between policy makers, the technical community, and the law enforcement community, so that the technical community has a clear understanding of what it is that investigators really want, and policy makers and law enforcement have a clear understanding of the limits of technology.\u00a0 At the moment, however, it cannot be about give and take.\u00a0 Just as no one cannot legislate that \u03c0 = 3, no one can legislate that lawful intercept can be done in a perfectly secure way.\u00a0 Mr. Comey\u2019s comments do not quite seem to grasp that notion.\u00a0 At the same time, some in the technical community do not want to give policy makers to even evaluate the risks for themselves.\u00a0 We have <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2016\/08\/the_nsa_is_hoar.html\">recently seen stories<\/a> of the government stockpiling malware kits.\u00a0 This should not be too surprising, given that at the moment there are few alternatives to accomplish their goals (whatever they are).<\/p>\n<p>So where to start?\u00a0 It would be helpful to have from Mr. Comey and friends a concise statement as to what access they believe they need, and what problem they think they are solving with that access.\u00a0 Throughout All of This, such a statement has been conspicuous in its absence.\u00a0 In its place we have seen sweeping assertions about grand bargains involving the Fourth Amendment.\u00a0 We need to be specific about what the actual demand from the LI community is before we can have those sorts of debates.\u00a0 Does Mr. Comey want to be able to crack traffic on the wire?\u00a0 Does he want access to end user devices?\u00a0 Does he want access to data that has been encrypted in the cloud?\u00a0 It would be helpful for him to clarify.<\/p>\n<p>Once we have such a statement, the technical community can provide a view as to what the risks of various mechanisms to accomplish policy goals are.\u00a0 We&#8217;ve assuredly been around the block on this a few times.\u00a0 The law enforcement community will never obtain a perfect solution.\u00a0 They may not need perfection.\u00a0 So what\u2019s good enough for them and what is safe enough for the Internet?\u00a0 How can we implement such a mechanism in a global context?\u00a0 And how would the mechanism be abused by adversaries?<\/p>\n<p>The devil is assuredly in the details.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What does an adult conversation over encryption look like?  To start we need to understand what Mr. Comey is seeking.  Then we can talk about the risks.<\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50,87,4,9],"tags":[172,81,525,37],"class_list":["post-1983","post","type-post","status-publish","format-standard","hentry","category-complexity","category-internet","category-politics","category-security","tag-encryption","tag-law-enforcement","tag-lawful-intercept","tag-privacy"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1983"}],"version-history":[{"count":2,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1983\/revisions"}],"predecessor-version":[{"id":1985,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1983\/revisions\/1985"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}