Tuesday, December 22, 2015

Guns and Crypto

“We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat,” said a spokesperson from Smith & Wesson on the recent calls for increased gun control.

The quote was actually from Apple on a proposed British law that would require the company to devise methods to break into iPhone communications.

In the wake of Paris and San Bernardino we've heard calls for controls on both guns and cryptography with eerily similar arguments coming from defenders. If we ban guns/crypto then only bad people will have guns/crypto. Any attempts to limit guns/crypto is a slippery slope that takes away our constitutional rights and our freedoms.

I don't have a gun but I do use encryption, built into the iPhone and the various apps and browsers I use to communicate. Fat lot of good it does me as hackers stole my personal information because I shopped at Home Depot and Target. Because my health insurance runs through Anthem. Because I voted in the State of Georgia.

I am a strong believer in individual rights, a person should be able to use cryptography to protect their communications and a gun, if they wish, to protect their family. But I do see the value in gaining access in communications to stop a terrorist as well as making it harder for them to get the weapons to carry out their acts. Why can't the fingerprint technology that unlocks my iPhone also unlock a gun? The gun/crypto advocates don't trust to government to implement any restrictions reasonably and thus fight any changes.

No laws can completely eliminate or even restrict guns or crypto but they can make it harder to use. The challenges aren't technological, we can create guns or crypto protocols that perform as we want them to perform. The challenges are social, finding the right balance between rights and security and governments we can trust to enforce that balance.

11 comments:

  1. The defenders' arguments do sound similar, at least at a "syntactic" level. However, as with all comparisons between the physical and digital worlds, the analogies quickly fall apart once one looks a bit closer.

    A gun is inherently a tool for exercising force (or the threat of force) against another person. I mean this as a value-neutral statement -- the force could be defensive or offensive, justified or unjustified, but it is force just the same.

    Using crypto is not an exercise of force -- in the words of Thomas Jefferson, it neither picks my pocket nor breaks my leg. The problem with a terrorist using crypto is not the crypto, it's the terror -- the use of force against innocents/non-combatants.

    A better digital/real-world analogy would be crypto and curtains, as explored here. (Un?)fortunately, Big Curtain has so far successfully lobbied against all attempted bans of their terror-enabling products.

    As a practical matter, mandating wholesale backdoors in crypto leaves us vulnerable to "good guys" and "bad guys" alike. A timely example of this appears in Matt Green's blog post from this morning.

    Key quote: "One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a back door intended for law enforcement could somehow become a backdoor for people who we don't trust to read our messages. Normally when we talk about this, we're concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.

    The problem with cryptographic backdoors is not that they're the only way that an attacker can break intro our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes."

    ReplyDelete
  2. Another issue which is often neglected in the whole debate is that implementing good backdoor-free cryptography is simple. Basic programming skills and good understanding of a crypto textbook are enough to get something which is hard to break.

    Thus, by implementing backdoors, we may end up with the worst of both worlds: Weaker security for individuals and corporations, and terrorists / criminals using proprietary solutions which are even harder to detect and control.

    Other than that, I completely fail to see any analogy between guns and crypto. A gun's primary purpose is that of eliminating someone's life. This is hardly cryptography's goal.

    ReplyDelete
  3. I think you are missing the point about crypto. A crypto protocol with a backdoor (that is what FBI has been demanding for a long time) means that if someone finds the backdoor (and hacker do find these things) that would make all communication insecure.

    Also, NSA and FBI can break into a device they are really really interested in. What they want is being able to do so in a massive scale. A backdoor in crypto is like allowing nuclear weapons to be sold in gun shops.

    The issue with proponents of mass surveillance is not just privacy and rights of individuals to be protected from government and other parties having a 7/24 surveillance of their private lives without no probably cause for any kind of criminal activity. It is also the fact that NSA, FBI, ... has not been able to demonstrate a single case where their mass surveillance tools helped (check the report by the senate committee). If we let security agencies decide what tools they need and how they use them without any supervision (remind yourself that NSA and FBI directors have been very coercive to put it in mild terms in answering to the senate committee's questions) they would like to put a chip in the brain of every American to monitor their thoughts 7/24.

    I hope that people will not go for the ridiculous "why do you care if you have nothing to hide?" argument. The information about our lives and thoughts gives power to those holding that information and without proper supervision (which we know we don't have) is very dangerous. It is used to pressure unwanted entities who challenge the system even peacefully. A prime example of abuse of these kind of information is FBI threats to MLK about revealing his private life.

    By the way, France already forbids strong encryption. It didn't help, did it?

    ReplyDelete
  4. Even if we trust our government foreign governments, companies, and individuals from Brazil, China, Germany, Russia, ... do not. They expect reasonable protection from the US government demands to access their data. NSA does not spy to prevent terror attacks, they do so for national interest interpreted in the broadest sense possible. In other words, NSA carries out economic espionage in massive scale.

    The issue of protection from the US government demands of access to private data is a very hot and challenging issue. Different companies are dealing with it in different ways. Microsoft is fighting the US government's request to access data in their European data centers. They try to follow data locality requirement laws. Amazon also has been allowing its costumers to determine the location where their data is stored. Google on the other hand fights those laws and tried unsuccessfully to convince EU that the data locality restrictions are unreasonable. Google doesn't want to build a data center in each legal justification. Also data locality laws decreases their ability to exploit the full potential of their worldwide infrastructure for utilization. They lost a major battle recently and following the ruling by EU they were forced to changed their cloud service ToS and policies to be compatible with EU laws. Facebook has even worse relations with the EU than Google on individual data privacy. This is just EU where the US is a friendly ally. Consider the situation in countries like Brazil and India which are not allies, or China and Russia which view the US as strategic threat.

    On the individual level, a person who has lived all of his life in a democratic country like the US with reasonably independent judiciary protecting his forth amendment rights might not understand the sensitiveness of people who have lived in authoritarian regimes like East Germany or USSR or China.

    ReplyDelete
  5. It is extremely reassuring to know that one of our super well-funded agencies which is supposed to keep us secure aggressively tries to make us less secure by secretly putting backdoors inside security software.

    Matthew Green has written a fantastic article on the Juniper backdoor: http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html

    ReplyDelete
  6. The right analogy is not between crypto and a gun but crypto and a door. I don't know of a serious "door control" movement.

    ReplyDelete
    Replies
    1. As a thought experiment, I always suggest to those who do not understand the crypto debate to think about what would happen if we could build "perfectly secure doors". This would in particular mean that there would be no way, not even for a heavily armored SWAT team, to break into your house.

      Now, one should think about what would happen if we were forced to introduce "backdoors" in our homes, to which only the FBI had a key. The only reason why this isn't happening is that, given a warrant, it is far too easy to break into someone's residence. But if we had to come to this point, in a country that refuses to have a national ID card, I would be surprised if people would agree to such backdoors.

      The issue is really that politicians (republicans and democrats alike) and the general population fail to understand what cryptography is about.

      It may also be worth noticing that the TSA has already introduced a backdoor for opening luggage -- as a result of this, one can now even 3d print the master key and this has already been used by countless thieves at airports and hotels.

      A side note: Maybe it is just because I am European, but I find the analogy between cryptography and guns somewhat disturbing. As if crypto defended your data by killing eavesdroppers. But then, over here, we are used to seeing guns as a way to prevent freedom, rather than to enforce it.

      Delete
    2. This is not a good analogy. Digital security is very different from physical security. Physical world has limitations that the digital world does not.

      Would you be fine if the government decided to install cameras in every location in the country including every room in every house? Would you be fine if they said the access to those cameras requires a special code hold by some government agency? Some might be fine with government agents having visual access to their private rooms, most probably won't. Some might fear abuse of the power. Some might have concerns about handling of the code.

      The arguments used against secure crypto can also be used against postal service. Anyone who wants to meaningfully contribute to the legal discussion on crypto should first understand the Fourth Amendment and the rational behind enacting such an amendment into the constitution. Living in times which are relatively mundane politically we forget the rational for these amendments and why people need protection from their government.

      Delete
  7. I don't understand how

    "No laws can completely eliminate or even restrict guns or crypto"

    is even remotely true. Don't many examples, such as the U.S.A. versus Japan, show that laws can dramatically restrict guns?

    I also don't see how

    "we can create guns or crypto protocols that perform as we want them to perform"

    is remotely true. I (and I'm sure many other people) want guns that won't fire when aimed at children; can't be used to fire indiscriminately into a crowd; can only be used in self-defense against an armed assailant who poses an imminent threat; etc. Can we create guns that perform in this way?

    As other commenters have pointed out, this post's strained analogy between guns and crypto falls apart on many levels.

    ReplyDelete
  8. Those who see government security agencies as potential adversaries against social and political change (after all the goal of security forces are to preserve the existing order and status quo and we know they are prepared to do whatever it takes to preserve that order even if it means going outside legal limits) and see political activities as essential for a functioning democracy, see the erosion of privacy rights as very dangerous trend. A main concern about the requests by security forces for increased ability to intrude in our lives is this will remain limited to terrorism but will proliferate and extend to nonviolent activities considered unwelcome by the security agencies.

    ReplyDelete
  9. Very nice post Lance,
    This is not a good analogy. Digital security is very different from physical security. Physical world has limitations that the digital world does not.

    Would you be fine if the government decided to install cameras in every location in the country including every room in every house? Would you be fine if they said the access to those cameras requires a special code hold by some government agency? Some might be fine with government agents having visual access to their private rooms, most probably won't. Some might fear abuse of the power. Some might have concerns about handling of the code.

    ReplyDelete