Encryption and Safety

Posted on 2 May 2016 by eehines

Senators Richard Burr (R, NC) and Dianne Feinstein (C, CA), in their op-ed in The Wall Street Journal, demonstrated their lack of understanding of the relationship between security and safety. Their piece’s title, Encryption Without Tears, illustrates their basic misunderstanding of the inherent tension between the two, here encryption and safety.

In an increasingly digital world, strong encryption of devices is needed to prevent criminal misuse of data. But technological innovation must not mean placing individuals or companies above the law.

Neither can technological backdoors be allowed to place government above the law.

Over the past year the two of us have explored the challenges associated with criminal and terrorist use of encrypted communications.

But they’ve apparently spent not a red sou on exploring the challenges of a private citizens or private enterprises need for and use of encryption to protect themselves from criminal, and terrorist, and yes government misbehaviors.

Then they cited a couple of examples to illustrate their thesis; I’ll cite one of those below, because it so clearly illustrate the opposite and some interlinkage of the Left’s position on American safety (and disappointingly, Burr’s lack of thought).

…the Islamic State-inspired terrorist attack last year in Garland, Texas. FBI Director Jim Comey said the attackers “exchanged 109 messages with an overseas terrorist” the morning of the shooting, but the FBI cannot access those messages to determine the exact role of Islamic State in the shooting and how to help prevent future attacks.

There’s no doubt that being able to read those messages would have been very useful. However, Burr and Feinstein carefully neglect to mention that the Islamic State-inspired terrorist attack was stopped in its tracks and the terrorists killed on the spot by armed American citizens who were alert, on the scene, and unafraid to act. The San Bernardino attack, for which Comey went to court to try to force Apple to break its own security algorithms (under the false claim that Apple’s efforts were absolutely necessary, mind you—until the FBI broke the algorithms with other means), occurred in a by-government-mandate gun-free zone, which ensured that only the terrorists had guns. We’re left to speculate on how far the casualty list would have been reduced had the victim population been allowed to be armed themselves. As the Left likes to say, though, “If it saves only one life….”

Yet Burr and Feinstein are “circulating” a draft bill:

The draft proposal requires a person or a company—when served with a court order—to provide law enforcement with information (in readable form) or appropriate technical assistance that is responsive to the judicial request. This will enable law enforcement to conduct investigations using the communications involved in criminal and terrorist activities.

Our draft bill wouldn’t impose a one-size-fits-all solution on all covered entities….

The judicial request. Carefully vague. It may be the case, though, that their bill wouldn’t impose a one-size-fits-all solution. No, it’ll just require an ex post back door to be created, one that’s usable for future “situations,” too, and the aggregation of which will allow government snooping.

It’s just this sort of Government arrogance, or even merely disingenuousness, against which we have such extensive protections against overreaching government men. The government isn’t even pretending to act in good faith on this matter, as Comey’s behavior in that Apple case demonstrates.

Private encryption, with no backdoors, and an armed population. That permits an optimum mix of security and safety and encryption with a minimum of tears. Backdoors on Government demand permits the least mix of security and safety, broken encryption guaranteed to generate tears.

Cyberthreat Information Sharing

Posted on 29 April 2016 by eehines

The public and private sectors need to increasingly declassify and divulge critical information if the U.S. is to set up effective cyberthreat organizations, according to a report released Wednesday by PwC that sets out a blueprint for how those groups could be set up.

That would certainly lead to faster responses to hack attempts—committed by anyone, whether governments foreign or domestic or criminals—and to more efficient hardening against present and future hack attempts.

Unfortunately, FBI Director James Comey has already written off the concept of public sector—at the Federal government level, anyway—cyberthreat sharing.

That’s a very clear indication of what this administration and its potential Progressive-Democrat successor administration thinks about Government controls.

Government Arrogance Should Disqualify It

Posted on 22 February 2016 by eehines

…in its case trying to force Apple to disable encryption on its iPhones.

Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this Court’s Order of February 16, 2016, Apple has responded by publicly repudiating that Order…Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation.

Never mind that under free American jurisprudence, Apple is allowed to appeal the lower court’s order to a higher court and to seek relief from complying—irreversibly, mind you—with the lower court’s order until Apple’s appeals are adjudicated. No: Apple disobeyed the high and mighty and must be punished for its impertinence.

Never mind that Apple is rightfully concerned with the sanctity of its customers’ privacy and with the ability of Americans generally to be free of the prying eyes of government. Apple disagrees with the awesome personages of FBI agents, and so it cannot possibly be behaving honestly.

DoJ’s lawyers are projecting their own failings.

Where Apple designed its software and that design interferes with the execution of search warrants, where it manufactured and sold a phone used by an ISIL-inspired terrorist, where it owns and licensed the software used to further the criminal enterprise, where it retains exclusive control over the source code necessary to modify and install the software, and where that very software now must be used to enable the search ordered by the warrant, compulsion of Apple is permissible under New York Telephone Co.

This is plainly, dishonestly specious. Apple designed its software and…manufactured and sold a phone used by…millions of American citizens, where it owns and licensed the software used to further the private affairs of American citizens…. It is plain from the careful construction of the government’s argument that it intends to expand it to pry into all of our private affairs whenever it takes a notion to.

…the Order will facilitate only the FBI’s efforts to search the phone; it does not require Apple to conduct the search or access any content on the phone. Nor is compliance with the Order a threat to other users of Apple products. Apple may maintain custody of the software, destroy it after its purpose under the Order has been served, refuse to disseminate it outside of Apple, and make clear to the world that it does not apply to other devices or users without lawful court orders….

This is deliberately disingenuous. No one is arguing that Apple is being required to conduct the government’s search. Of course, compliance with the order is a threat to other users of Apple products: the encryption, once broken or a way once found to bypass entry controls, is permanently and everywhere defeated. The FBI’s IT personnel know this. So do the government’s NSA personnel. Neither can Apple make clear to the world that it does not apply to other devices or users without those personnel making such statements being guilty of lying. Breaking an encryption algorithm or producing a way past its entry controls permanently and everywhere destroys the security of that algorithm. Without lawful court orders is just as disingenuous, as the second quote above demonstrates.

Apple is not above the law in that regard….

[M]arketing or general policy concerns are not legally cognizable objections to the Order…. This Court should not entertain an argument that fulfilling basic civic responsibilities of any American citizen or company—complying with a lawful court order—could be obviated because that company prefers to market itself as providing privacy protections….

Neither is the government above the law, and these government lawyers know full well that Apple is engaging in purely legal, solely legal, behavior in appealing the court’s order. That this is inconvenient to the government’s lawyers is their problem. Furthermore, here is the government’s lawyers repeating their reprehensible, not to say unethical, claims that because Apple is so impertinent as to dispute with them, Apple cannot possibly be acting entirely honorably and entirely out of valid concerns for Americans’ privacy—especially when that privacy is at risk of so blatantly arrogant and overreaching a government as this one is presenting itself to be.

The government’s case should be dismissed in its entirety and with prejudice over this arrogance.

Security Tradeoffs

Posted on 19 February 2016 by eehines

Here’s one.

A federal judge has ordered Apple Inc to provide software to the Justice Department to help it unlock a phone used by one of the suspects in the San Bernardino, CA, terror attack because investigators suspect the device may hold critical details of the plotting behind the mass murder.

The government’s justification is this:

Law-enforcement agencies say companies such as Apple make it harder to solve crimes including terrorist attacks, child abuse and murder by putting security measures on phones that make it difficult or impossible for investigators to open them and examine data inside.

That’s an entirely valid concern.

The problem, though, is that forcing a back door into citizens’ communications encryption utterly destroys citizens’ privacy and security. There’s nothing to prevent Government from abusing that back door to engage in snooping on general principles and then actively and maliciously snooping in order to preserve the power of the men then in Government. The lawlessness of the present administration demonstrates that progression.

Of immediate effect, though, is that a backdoor for Government is a backdoor for hackers, whether these be script kiddies, terrorist hackers, financial or identity theft hackers, or any other sort.

The privacy and the security of our private identities, of our finances, of our health records, of any aspect of our lives we find useful to protect from prying eyes are critical to our ability to engage with our neighbors and our businesses and our government free from threats or attack.

The privacy of our communications, the security of our speech, must absolutely be preserved. There is no security at all without our individual liberties, of which speech is one, held secure.

“Law-enforcement agencies” and this Federal judge know this full well. And they know full well the truth of Apple CEO Tim Cook’s statement in his letter posted to Apple’s Web site:

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack.

Gross Incompetence?

Posted on 5 February 2016 by eehines

As if we didn’t need another reason to disband the Department of Education (see its Dear Colleague letter for an example of its gross dishonesty), here’s another, of utter failure to perform. DoE isn’t taking care of its digital data.

The Education Department doesn’t hold nuclear launch codes. But its vast data trove on student-loan borrowers and their parents—and the nearly $100 billion it disburses in new loans every year—are reason enough to want the bureaucrats to prevent digital intrusions. ….
The stakes go well beyond personal privacy. Federal student loans outstanding exceed $1 trillion, and Team Obama is trying to forgive those debts. It would add injury to injury if cyber-fraudsters were able to pile on for a taxpayer plundering.

It isn’t a matter of an isolated error, even a serious one, which can happen in any large enterprise, either.

Department of Education Inspector General Kathleen Tighe reported in November that her team has been “finding the same deficiencies over and over again” regarding information security. Since 2009 independent auditors “have found persistent IT control deficiencies in key financial systems,” she said.

For six years, auditors have found persistent DoE IT failure. This is not an inability to achieve perfection in personal digital data handling; this is a conscious and deliberate refusal to bother.

We don’t need a Federal government Department of this sort. Not at all.

TANSTAAFL

2 + 2 must always = 4
–Polish proverb

Be not intimidated… nor suffer yourselves to be wheedled out of your liberties by any pretense of politeness, delicacy, or decency. These, as they are often used, are but three different names for hypocrisy, chicanery and cowardice.
–John Adams

Nothing in the universe has a shorter half-life than a politician’s memory for inconvenient facts.
–Admiral Hamish Alexander, RMN

Dawn is nature’s way of telling you to go to bed.
And to just stay there until the evil yellow disk is gone again.
–Anonymous

In a polity, each citizen is to possess his own arms, which are not supplied or owned by the state.
–Aristotle

The way to stop discrimination on the basis of race is to stop discriminating on the basis of race.
–Chief Justice John Roberts.

A yawn is a silent scream for coffee.
–Shane Mclean

If I had eight hours to chop down a tree, I’d spend six hours sharpening my ax.
–Abraham Lincoln

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

A Plebe's Site

Quam bene vivas referre, non quam diu.

Tag Archives: privacy

Encryption and Safety

Cyberthreat Information Sharing

Government Arrogance Should Disqualify It

Security Tradeoffs

Gross Incompetence?