We have always been at war with Cryptography

As with fashion cycles, it would seem that the Crypto wars are back in style again. In an effort to protect us from the dangerous criminals who use ubiquitously available technology, the government is threatening to curb its use from those who obey the law already.

If we can just pass a few more laws, we could all be criminals!”

— some guy on the internet

Let’s put this statement in perspective. Back in the old days of the internet, a fellow, named Timothy C. May warned us about how people will be persuaded to give up their civil rights of privacy and freedom of speech. He termed the alleged boogymen the Four Horsemen of the Infocalypse and described the simple process to address them as:

1. Have a target “thing” you wish to stop, yet lack any moral, or practical reasons for doing so?
2. Pick a fear common to lots of people, something that will evoke a gut reaction: terrorists, pedophiles, money launderers.
3. Scream loudly to the media that “thing” is being used by perpetrators. (Don’t worry if this is true, or common to all other things, or less common with “thing” than with other long-established systems — payphones, paper mail, private hotel rooms, lack of bugs in all houses, etc.)
4. Say that the only way to stop perpetrators is to close down “thing”, or to regulate it to death, or to have laws forcing en masse tapability of all private communications on “thing”. Don’t worry if communicating on “thing” is a constitutionally protected right, if you have done a good job in choosing and publicizing the horsemen in 2, no one will notice, they will be too busy clamoring for you to save them from the supposed evils.

Fast forward to 2020 where senators Lindsey Graham (South Carolina) and Richard Blumenthal (Connecticut) propose the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019 dubbed the ‘‘EARN IT Act of 2019" which:

• Creates a committee that is set out to define “best practices” for providers of interactive computer services regarding the prevention of online child exploitation conduct.
• Companies that don’t adhere to these best practices lose liability protections for user-generated content.
• Without Congressional oversite, the United States Attorney General can unilaterally edit these best practices as he sees fit.

The result of this is that the United States Attorney General has the power to compel tech companies to do whatever he wants, in effect remove any form of end-to-end encryption, at the risk of revoking 47 U.S. Code 230 protections. All he has to do is wave the “it’s for the children” flag again.

Lets put this in perspective. The current Attorney General, William Barr has stated that encryption is allowing “criminals to operate with impunity” in the digital world and encrypted messaging has prevented U.S. law enforcement from tracking down criminals at the helm of drug cartels and even some responsible for murders. He encouraged the tech industry to work with law enforcement to create back doors for law enforcement. “While we remain open to a cooperative approach, the time to achieve that may be limited,”

Nice Bill of Rights you got there, be a shame if anything happened to it.

Well gosh, It looked like someone got the flux capacitor working again, we tried this back in the ’90s with the Clipper Chip and figured out that it was a bad idea.

“Software is hard to do correctly. It’s impossible to get it right the first time. Software that has a security goal that is in opposition to itself — be secure, but let certain parties break it — is even harder. It will be under attack from honest people who don’t want to be spied on. It will be under attack by criminals.”

Jon Callas — Senior Technology Fellow, ACLU

-https://www.aclu.org/blog/privacy-technology/internet-privacy/recent-ploy-break-encryption-old-idea-proven-wrong?redirect=blog/latest-ploy-break-encrypted-communications-old-idea-proven-wrong

As a guy with some 30+ years experience developing security software and veteran of the crypto wars, I will attest that Jon was being conservative; It is impossible to build a crypto back-door that won’t get exploited by bad guys.

On the other hand, I have strong empathy for the folks of law-enforcement who have to deal with these pernicious scum who traffic in child-porn. They exist and they use the same products that every-day consumers do. In the same way that both bad-guys and cops use, for instance, Glocks. They work as advertised.

Among the number of better suggestions I have heard on how to address this problem of child exploitation material, One of my favorites is is PhotoDNA. A hashing system that can test against a known database and flag such images. This kind of tech could be voluntarily integrated into an app and would go a long way into disrupting the traffic. All without actually decrypting the message.

This is just one of many. Take some time and look around. There are better ways.

The bottom line is suggesting that we weaken the locks that protect us to make us a better society is both intellectually dishonest and ineffective.

Smile and grin at the change all around
Pick up my guitar and play
Just like yesterday
Then I’ll get on my knees and pray
We don’t get fooled again
Don’t get fooled again
“The Who” — Won’t Get Fooled Again

- ZeroDark Cooperative. https://www.zerodark.coop