Encryption/Decryption Race

The political one I mean, not the technological one.  Recall, for instance the San Bernardino terrorist attack, the FBI’s capture of one of the terrorists’ encrypted iPhones, Apple’s refusal to decrypt it (they couldn’t, by their design of the iPhone’s OS), then-FBI Director James Comey’s (yes, that Comey) cynically tear-jerking demand for future such personal device encryption back doors to decrypt at Government convenience, and Apple’s refusal to support development of that.

An expert on the subject—a technological expert I mean, not a political one—thinks he’s solved the problem.  His solution is described in a Wired article.  This expert thinks he has a way of providing Government “exceptional access” to a private person’s (or private enterprise’s) encrypted cell phone (for instance).  His solution, Clear, works this way:

The vendor—say it’s Apple in this case, but it could be Google or any other tech company—starts by generating a pair of complementary keys. One, called the vendor’s “public key,” is stored in every iPhone and iPad. The other vendor key is its “private key.” That one is stored with Apple, protected with the same maniacal care that Apple uses to protect the secret keys that certify its operating system updates. These safety measures typically involve a tamper­proof machine (known as an HSM or hardware security module) that lives in a vault in a specially protected building under biometric lock and smartcard key.

That public and private key pair can be used to encrypt and decrypt a secret PIN that each user’s device automatically generates upon activation. Think of it as an extra password to unlock the device. This secret PIN is stored on the device, and it’s protected by encrypting it with the vendor’s public key. Once this is done, no one can decode it and use the PIN to unlock the phone except the vendor, using that highly protected private key.

So, say the FBI needs the contents of an iPhone. First the Feds have to actually get the device and the proper court authorization to access the information it contains—Ozzie’s system does not allow the authorities to remotely snatch information. With the phone in its possession, they could then access, through the lock screen, the encrypted PIN and send it to Apple. Armed with that information, Apple would send highly trusted employees into the vault where they could use the private key to unlock the PIN. Apple could then send that no-longer-secret PIN back to the government, who can use it to unlock the device.

Included in the procedure is the requirement to send a judge’s search warrant to Apple along with the encrypted PIN, and Apple would first verify the warrant before sending anyone to the vault.

Hmm….

In a landmark 2015 paper called Keys Under Doormats, a group of 15 cryptographers and computer security experts argued that, while law enforcement has reasons to argue for access to encrypted data, “a careful scientific analysis of the likely impact of such demands must distinguish what might be desirable from what is technically possible.” Their analysis claimed that there was no foreseeable way to do this. If the government tried to implement exceptional access, they wrote, it would “open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend.”

Exceptional access is not desirable.  All Clear would do is add to the hackers’/criminals’/malicious nation-states’—and malicious network entities’—target lists the men and women running the companies “storing” the back doors, now working in cahoots with Government men through the screen of a Government-issue search warrant.

It’s true enough that

Using that same system to provide exceptional access…introduces no new security weaknesses that vendors don’t already deal with.

The “same system” is the various ways software developers and vendors encrypt keys that then are used, for instance, to verify the veracity of this or that application a user just downloaded or an OS update being offered—or pushed—to a user.  It’s also true that things like Clear add no new security weaknesses (assuming, arguendo, that the software of the Clears of this potential brave new world is well implemented).  But spreading those existing weaknesses around, putting them explicitly in the hands of Government and out of the hands of individuals using the devices solves nothing.  It’s still men and women who are the weak link in this politically-driven solution, however elegant and simple to execute the technological proposal.

No, it’s not so much a matter that exceptional access is a “crime against science,” Wired‘s phrasing in its misunderstanding of the proposal.  It’s that exceptional access is a crime against individual liberty.  Even against group liberty.

In another cynical representation, current FBI Director Christopher Wray, noting that his FBI “was locked out of 7,775 devices in 2017,” said

I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens.

Stipulate that Wray is pure as the driven snow with motives beyond reproach.  He’s a man.  So will be his successors.  So are all of the men and women of government and of industry.  So will be their successors.

Thus, a question for those of you to the left of center and beyond, politically: would you really want a Donald Trump’s FBI via his selection of judges to have exceptional access to your secrets?

And a question for those of you to the right of center and beyond, politically: would you really want a Hillary Clinton’s FBI via her selection of judges to have exceptional access to your secrets?  A Bernie Sanders’?

Who among you are willing to trust a James Comey FBI with any of this?  A J Edgar Hoover FBI?

Or the titans of industry, the evil 1%?  Even Tim Cook, who resisted FBI demands in the San Bernardino case, is accommodating to the demands of the People’s Republic of China government.

What the sort of solution that is Clear does is force us to trust the good offices of the men and women running a manufacturer in addition to the good offices of the men and women of government.

That’s the stuff of a socialist’s wet dream.

False Choice

Consider the kerfuffle involving corm farmer subsidies in the form of ethanol mandates and the required use of ethanol by oil refiners as they produce vehicle fuels.  The argument is being presented as a choice forced on President Donald Trump in that he “must choose” between the corn farmers and the oil companies as the kerfuffle is solved.

Oil refineries want out of a costly requirement to blend ethanol into the gasoline they produce. Corn growers say the requirement diversifies the US fuel supply, and insist Mr Trump fulfill promises to at least hold the ethanol mandate.

This is wrong, because the choice is irrelevant.  What’s good for our economy is to get government to stop distorting the market and let producers and consumers decide for themselves what they want.  The situation as it stands elevates the cost of gasoline for wholly social engineering causes having nothing to do with free choices, it elevates the cost of automobile maintenance, and it elevates the cost of food—all for reasons having nothing to do with free choices and wholly for the sake of the social engineering demands of one group.

Trump needs to get rid of the ethanol mandate.  If there’s a market for ethanol in fuel, folks will buy it.  If the non-economic argument for ethanol additives truly is valid, let the social engineers make the case for it in the public square and show why folks should pay higher prices for the additives.

State Taxation of Internet Businesses

The Supreme Court is hearing a case, South Dakota v Wayfair Inc, that seeks to overturn an older precedent that prevents States from taxing businesses doing business in the State that don’t have a physical presence there.  South Dakota is claiming that

…the 1992 precedent harms state treasuries and disadvantages taxpaying home-grown businesses.

That argument might hold water if the States were powerless. They’re not. There’s nothing at all preventing them from lowering the tax rates they impose on the brick-and-mortar and home-grown businesses resident in those States so they can compete. There’s nothing at all preventing the States from lowering their spending rates and thereby protecting their treasuries.

There’s nothing at all preventing the States from taking advantage of the increased economic activity that would result.

Union Threat

The American Federation of Teachers doesn’t like guns, gun owners, gun manufacturer, or those who support them.  That’s fine; this is America.

The union’s President, Randi Weingarten, has taken a typically union follow-on step: threatening a union boycott of Wells Fargo if the bank doesn’t end its relationship with the National Rifle Association and with those manufacturers.

We’re issuing Wells Fargo an ultimatum.  They can have a mortgage market that includes America’s teachers, or they can continue to do business with the NRA and gun manufacturers. They can’t do both.

The rest of us, including banks, have rights, too.  Wells Fargo is resisting Weingarten’s ultimatum, which if widely acceded to will leave the very people she pretends to want to protect utterly defenseless.  Wells should advise her and her union supporters to not let the door hit her in the fanny on the way out.

And the rest of us should push the harder for schools that aren’t unionized.  Wells’ products, along with the NRA’s and manufacturers’, are quality products.  The same can’t be said for the AFT’s products.

Government Surveillance by Regulation

Loosely related to a nearby post, now it seems the government is getting worried about the size of the “private” capital market, where folks can place investments in enterprises, particularly startups, without having to go through the public—stock—markets and government regulations that are broadly extensive and deeply intrusive.

The boom is transforming how companies grow, concentrating investing in fewer hands and raising concerns about oversight

The linked-to article’s subhead lays out the whole misunderstanding. Government doesn’t need to be in the business of regulating every little thing we do.  We can manage our investments just fine without Government’s “help.”  And we can suffer our own outcomes if we choose badly or fortune moves against us despite our otherwise correct decisions.

[Some] private placements require no disclosure at all, said Anna Pinedo, a partner at law firm Mayer Brown. “It’s impossible to know who’s raising money this way or from whom.”

It’s none of government’s business to know unless it’s prepared to allege specific crimes.

Michael Piwowar, a[n SEC] commissioner, questioned “the notion that nonaccredited investors are truly protected by regulations that prevent them from investing in high-risk, high-return securities….

It’s not government’s job to protect us from ourselves. That’s our job.

The way to entice investors back to the publicly traded markets is to reduce those regulations and their intrusiveness.