Why Governments Lie About Encryption Backdoors

Lauren Weinstein says there are smart people in government, "who fully understand the technical realities of modern strong encryption systems and how backdoors would catastrophically weaken them," but asks So why do they continue to argue for these backdoor mechanisms, now more loudly than ever? The answer appears to be that they're lying to us. Or if lying seems like too strong a word, we could alternatively say they're being 'incredibly disingenuous' in their arguments. You don't need to be a computer scientist to follow the logic of how we reach this unfortunate and frankly disheartening determination regarding governments' invocation of terrorism as an excuse for demanding crypto backdoors for authorities' use.

Lie?

I don't understand why people believe a single word from the (US) government. Every time, on nearly every topic but especially security / military, what they say turns out to be not true.

Re:Lie?

[bill_mcgonigle]

I don't understand why people believe a single word from the (US) government

It's part of their religion.

Every time, on nearly every topic but especially security / military, what they say turns out to be not true.

Talking snakes poll even better - objective truth has little relevance.

But also consider the mental load of admitting that they're being economically and culturally ruined by these people. That would imply a moral imperative to action, which would require them to get off the couch. Technology has created the best living conditions in human history which brings comfort. They don't realize that fascistic regulations prevent that technology & comfort from being many times better. That's where the flying cars are.

Re:Lie?

The SOLE reason governments (aka: not you, but the puppet masters you sheeple put into office) want backdoors and crypto bans is NOT because terrists (aka: murderers, killers, criminals, thugs), IN FACT all of them have NO real impact, look upi death rates by cause.... but because governments around the world are SCARED SHITLESS that in this new CONNECTED world where people are aware of each other and TALKING with each other and sharing ideas and solutions and futures..... that the PEOPLES OF THE WORLD are now WAKING UP and realizing that governments, especially the crony thieves of old, are UNNECESSARY.
To put it quite frankly, the US GOVT, and every other one, is AFRAID of losing their power and being REPLACED by actual effective legitimate non-corrupt totally open entities that serve ONLY the people, NOT THEMSELVES.
Do you have any FUCKING idea what kind of FALL FROM POWER and change that represents to these dynasties of elites?
So they are now trying to INVADE *your* PRIVATE communications so that they can see WHAT YOU'RE THINKING in that regard, and then MANIPULATE all of what you see, hear, read, and disintermediate your actions, steer markets, and all their old tricks.... SO THAT THE STAY IN POWER, AND TAKE MORE POWER AND RIGHTS FROM YOU.
Make NO mistake, this has nothing to do with anything but THEM and them alone.
WAKE UP WORLD... think about it... you'll realize there are more Springs needed than just the Arab Spring, fall of Berlin Wall, etc... the ones for and by you right at home.

Re:Lie?

[Z00L00K]

So you never heard of the "Microsoft Tax"? And they don't need to jail you, not physically at least. Just cut off your internet access and uninstall unwanted programs remotely in your computer if you happen to run the latest Win 10.

Notice that the corporations can afford to pay lawyers and lobbyists to bend the regulations their way. And add your name to a "no fly" list is simple.

We are already there in a world where we are monitored, controlled and manipulated. But we are held unaware. Also look at all the trackers that are accessed when you access a web page. Who do really benefit from them? In the early year of the web you had a page counter counting the number of visits to the page. Today that's done a hundred times over combined with data that's used to uniquely identify you as a person so that targeted ads can be served and they can probably identify you good enough to be able to see what kind of offers they shall provide through snail mail to your home address.

So corporations definitely know you - and probably every politician that has an important enough position to become manipulated. It's enough information collected today to get hooks into every political party that exists and then push for some support for some obscure legislation writing to get it through in a way that benefits the corporation.

Just realize that this is why many corporations hates ad-blockers because it hurts them when they try to collect data about you. The sharing of WiFi passwords in Win 10 isn't for your convenience either, it's there for them to be able to make the linking even stronger, since now you know which friends that you have - and how many outside marriage sexual relations you have.

We currently live in a world where we have a combination of Huxley's Brave New World, Orwells 1984 and Bradbury's Fahrenheit 451. OK, we don't burn books directly, but we have electronic information that's forbidden to possess.

Re:Lie?

[Opportunist]

Are you kidding? The only reason why they didn't claim that power yet is that it's simply more cost effective to offload that shit onto governments.

It's like having colonies. We realized that it's more cost effective and less of a hassle to simply put puppets in control and prop them up while at the same time keeping them fully dependent on our money. That way you can have your cake and eat it too, you can still have full control over your colonies, their raw materials and what they produce for you, while at the same time having no expenses for keeping it under control.

Same with corporations and countries.

Re: Lie?

[greenfruitsalad]

have you seen merkins touching their hearts during the anthem, saluting the flag, reciting the pledge of allegiance (to the effing flag?), treating their flag like a freshly born baby (WTF flag code???!!), displaying flags on their houses, flagpoles in frontyards, etc...? that IS a religion, if i ever saw one.

and they start this brainwashing earlier than most people start with 'normal' religion. WTF merkins?

They got used to it

[spire3661]

The government simply got used to being able to see everything at all times. Now that we can create blind spots, they are paranoid and lashing out.

Re:They got used to it

[Kjella]

Well I think it's just as much the general public not being used to early, brutal death anymore. I just checked the mortality statistics here in Norway:

0-1 years old: <0.25%
0-45 years old: <2%
0-66 years old: <10%

That is rather amazing when you consider there's still fatal accidents, diseases, murder and suicide. But we're chipping away at it bit by bit, adding safety measures, advancing medicine, reducing crime, improving mental care. Then a guy with a Kalashnikov fucks it up good, killing lots of people who with 98-99% probability should have lived decades, minimum. I'm not sure how they really coped with that during WWI and WWII when young men (and quite a few others) were dying left, right and center but I know today it's such an abomination we don't deal with it at all. We want it solved and eradicated, not just make the reasonable precautions and live with the residual risk.

Re:They got used to it

[dryeo]

Has forcible rape skyrocketed or has the number of women actually filing charges skyrocketed? It has been getting easier for a woman to charge a rapist without being put on trial herself.

The Goberments...

[MindPrison]

We've read the "Government does this, the Government doesn't do what it should, and the Government is corrupted etc." so many times it becomes both tiring and old, especially since most of it is just us - the people - voicing our opinions about things we've "heard" about, and even if it was true - we do basically NOTHING about it...but talk.

That said...even if you elected someone else - the power of knowledge is too tempting for ANYONE to resist. Therefore the way is OPEN SOURCE all the way. The safest way is actually no secrets in any source or any software, keep everything open - and then no one will be able to put in back doors or abuse bugs that are unknown as everyone will be able to peek inside and help fixing it.

What we need to do is to stop this endless paranoid game of "who do you trust?" and start producing results and solutions. We can do this together...the "gorberment" can't do anything about it, if anything - they should keep to what they do best (whatever that is) and leave the technology to enthusiasts like us, WE - the people - will pretty much make sure your privacy is safe because we'll all end up using open source software.

The only thing "goberment" is achieving with this crazy "who do you trust?" game is making sure would-be terrorist keep digging a deeper hole to hide in and grow a HUGE database of every persons private lives - kept - for their interpretation, with the kind of knowledge and power NO man should hold.

What you do with your computer or in your home - isn't government business no matter what the cause is. If you don't have the freedom to think freely, voice your opinions at will - then you don't have any freedoms at all.

Now, if they ever outlaw open source, then we'll be in trouble (or rather - they will).

How does it work

[phantomfive]

Serious question here......how would that work from a technical perspective?

Presumably they want to have a "master key" that would unencrypt any iPhone drive, but each user has to have their own unique key, as well. What kind of encryption algorithm lets either of two keys unencrypt something?

Re:How does it work

Because encryption is usually a bit more complex then just that. A common system is to encrypt the data with a a strong symmetric cipher, using a single-use key key generated on the fly, then encrypt a copy of that key with the method of the user's choice, such as a password or asymmetric cipher. This way, you lessen the impact of using a slower or weaker method, as it is encrypting what is hopefully a relatively small and utterly random packet of data. Diffie-Hellman key exchange, NTFS file encryption, and others use this principle.

The 'master key' exploit should be fairly obvious, at this point: Every time the system creates a key package, it creates another copy of the single-use key, encrypted with a hidden 'master key' supplied by whoever ordered the backdoor. This doesn't compromise the integrity of the cipher used on the data, or on the other key packages. The danger lies in the security of the Master Key itself, which must be included in some form in every single instance of the encryption system. Unless the Master Key is made truly unique for every instance - a records-keeping nightmare - then an attacker only needs to break one key to break them all.

Re:How does it work

[BradleyUffner]

Because encryption is usually a bit more complex then just that. A common system is to encrypt the data with a a strong symmetric cipher, using a single-use key key generated on the fly, then encrypt a copy of that key with the method of the user's choice, such as a password or asymmetric cipher. This way, you lessen the impact of using a slower or weaker method, as it is encrypting what is hopefully a relatively small and utterly random packet of data. Diffie-Hellman key exchange, NTFS file encryption, and others use this principle.

The 'master key' exploit should be fairly obvious, at this point: Every time the system creates a key package, it creates another copy of the single-use key, encrypted with a hidden 'master key' supplied by whoever ordered the backdoor. This doesn't compromise the integrity of the cipher used on the data, or on the other key packages. The danger lies in the security of the Master Key itself, which must be included in some form in every single instance of the encryption system. Unless the Master Key is made truly unique for every instance - a records-keeping nightmare - then an attacker only needs to break one key to break them all.

Wouldn't it then be fairly trivial for a user (or easy to use utility) to delete the 2nd copy of the key, removing the back door?

it's not the smart people, it's the PHB

Because the smart people don't drive the commentary, they just stand there in the background face-palming them selves.

Honestly government isn't any different from enterprise:

The Techs & Scientists give management a clear answer on a subject, stipulating all the factors and issues with a stance that the boss is taking, providing alternate approaches & data that shows what they want is irrelevant anyway.

The PHB doesn't like what he's hearing so just goes out and says what he thinks, regardless of the facts. "Well that's what I've promised the client, so you'll have to deliver"

Do you think that politicians & leaders in the "security" services are any different ?

Re:it's not the smart people, it's the PHB

[gtall]

Bingo, too bad you posted as an AC. Most people think of technology as FM, Fucking Magic. Most people in policy positions of government are no different because they come from the ranks of most people. They do not believe someone telling them something cannot be done because they've "consumed" too many TV shows that tell them technology is FM. Those crazy scientists and engineers are always pulling someone's nuts out of the fire at the last minute when the previous 3/4 of the show convinced them it those nuts are going fry.

The policy makers still come from the ranks of most people. Ever listen to most people calling on CSPANs morning callin show? They are nuts. Few are able to think logically much less rationally. They believe Jews control the world, WTC was an inside job, the moon landing was faked, there's a shadow government, Obama is a Muslim. Expect this lot to somehow come up with sensible policies is like asking for square eggs.

The rank and file in the government, for the most part not the policy makers, are more or less normal, can think logically and rationally, many have advanced degrees so the nutjobs got weeded out. The policy makers were mostly elected or rose to their position by stepping on qualified people to make themselves look better. They are mostly firm believers in FM because they want to believe in FM. The fact that their reasoning is circular is only reinforcing their beliefs to themselves.

Re:it's not the smart people, it's the PHB

[UnknownSoldier]

> , there's a shadow government,

Gee, and that's why the G20 summit secret law and TPP (Trans-Pacific Partnership) were held in the open, right? Oh, wait,they're weren't until WELL after the fact.

Maybe if governments would stop making bullshit reasons for secret laws maybe this conspiracy would finally die.

> WTC was an inside job,

And yet seven hours after the Twin Towers collapsed, Building 7 just "mysteriously" collapses.

What was the official report on the cause of _that_ again??

Only a fucking idiot would believe it was "the terrorists."

Re:it's not the smart people, it's the PHB

[Opportunist]

The bible containing proof that god exists is like Harry Potter containing proof that magic exists.

Focused on attack instead of defense.

[dweller_below]

Part of the problem is that many believe that we can attack our way to security. They are confused about the fundamental nature of attack and defense when applied to the internet. They don't understand the combination of global connectivity and automation. They don't understand that any action of internet attack or defense has unintended consequences.

In the old days, you could attack one thing. You could defend one thing. But, that doesn't map well to the internet. Now, we all talk to each other. We all use the same methods of defense. When one actor attacks another, the attack is exposed, analyzed, and re-used. Now, when somebody attacks, they increase the cost of defense for everybody. When somebody comes up with improved defense, we all learn how to increase the cost of attack for everybody.

For over a decade, several branches of the US government have focused almost all their energy on attacking others across the internet. The result is an internet where compromise and breach are daily events. Somehow, our protectors don't see that they are crafting the tools of our demise and handing them to our enemies. If we are honest, we are more to blame for the great compromise at the OPM than our attackers. If we had spent the last decade on creating and encouraging defense, then breach would be difficult and rare.

Now, our governments are blindly following the tradition of attack. They wish to attack the protocols we use to determine identity and create security. They don't see or care that everybody else will do likewise. They don't see the great devastation that will follow.

Since the failure of the Vietnam war

[Curlsman]

The late Ben Bradlee of the Washington Post has recalled:
"I guess it started for me with Vietnam, when the establishment felt it had to lie to justify a policy that, as it turned out, was never going to work ... [documented] hidden away in the Pentagon Papers..."
https://www.washingtonpost.com...

It seems to me we (the electorate) keep sending the people who are best at it, because they keep telling us what we want to hear, back in.

Because Santa Claus

[PPH]

... won't bring you any presents. Or Jesus will cry if you are bad. Keep asking questions and your parents will just break down and yell at you, "Because I say so! And I'm bigger than you. So shut up and mind me, you little shit!"

Keep asking the encryption question and you'll find out how far away from a democracy we've drifted. And when our government gives up with the b.s. stories and lays down the law, they'll do it with armed troops.

Because It Works

[chill]

The simple truth is that while unbreakable encryption is out there in the form of books or papers with the math, most people -- bad guys included -- are lazy and just going to use what the simple, convenient stuff. (The back-doored stuff.)

They fall into the trap of thinking "there are so many people using Facebook chat, the authorities will never find MY stuff in all that noise". In many cases they end up using simple code-book substitution and trivial code names. Instead of Abdul al-Hazred, they'll use "Mr. White". Instead of the Twin Towers they'll use "Faculty of Commerce". They think they're being clever because THEY would never catch this stuff.

I've had this argument with gov't lawyers and it boiled down to me saying "but this is trivial to bypass -- smart bad guys would just use X", and them responding "yeah, but we'll catch the stupid ones and there are a TON of those".

Anyone who has studied the history of crypto knows it is damn near impossible to get it right every last time, much less develop it without bugs. Even WITH source code samples, algorithms and coding skills people who have been doing this for a lifetime screw it up. Thus, "the horse has escaped the barn" isn't really an honest argument. That horse is going to trip of its own volition fairly quickly.

The popular cryptographer and author Bruce Schneier in his blog recalled a conversation with fellow crypto expert Matt Blaze of the University of Pennsylvania, who said the publication of the Snowden documents would begin a âoenew dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising.â

The Four Best Arguments Against Backdoors

[MarkvW]

(1) Aldrich Ames;
(2) Kim Philby;
(3) J. Edgar Hoover; and
(4) the State of Alabama (NAACP v. Button).

Sooner or later the Supreme Court is going to revisit the Fourth Amendment as it relates to wireless communications. Perhaps the feds are trying to shape the course of public opinion in this regard.

Bill of RIghts built on distrust of government

[Tony+Isaac]

The Bill of Rights recognizes that the government needs to be kept at arm's length, to be limited in its power. In the last few decades, we've been slowly giving more and more power to the government, sometimes in the name of "national security," (Patriot Act) sometimes in the name of "fairness for all" (Affordable Care Act). We've been taught to let the friendly folks at Washington take care of us. Now we're starting to see the dark side again. The government is saying, "Trust us with your data!"--either when they take it secretly (NSA/Snowden) or when they demand it publicly (backdoors). Maybe it's time for a digital Bill of Rights. The problem is, the government isn't just going to sit down and let go of the power they already have.

Re:surprised?

[kenwd0elq]

In the United States, the Constitution was written to put three branches of government IN CONFLICT with each other, so that no one - nor even any two - branches of government can become destructive of liberty. But we don't use it as written any more, and many of the "progressive" elements of the early 1900s have conspired to rip down the barriers.

The first was the 17th Amendment, allowing direct election of Senators. The Senate was DESIGNED to be the body that represented the STATES interests, while the House was directly elected. The 17th Amendment allowed for the Federal Government to tramp on the responsibilities and rights of the States. The 16th Amendment allowing for an income tax (introduced earlier, but passed with the 17th in 1913) allowed the Federal Government to grow rapidly.