The smoke had barely begun to clear from the horrific attacks in Paris, in a neighborhood where I used to live, before the usual suspects started trying to twist the facts to fit their authoritarian agenda. CIA director John Brennan hoped it would be ‘a “wake-up call” that will highlight the technical obstacles to gathering intelligence from tech-savvy terrorists,’ to quote The Atlantic. He was only one of many posturing grandstanders hoping to use the slaughter as a political tool to attack secure encryption.
A it turned out, this strategy–which included a darkly ridiculous, if short-lived, attempt to blame terrorism on the PlayStation 4–suffered from one slight flaw:
Why, it almost seems like this anti-encryption outrage was a pre-planned response–
probably because it was.
Did the facts change the course of the debate? Come on. When does that ever happen?
Not least because, as ever, most media figures don’t understand what they’re talking about when they talk about encryption.
The most egregious example of which was this comically awful and ignorant piece in The Telegraph–written by a speechwriter for UK prime minister David Cameron–who then doubled down on her ignorance by invoking it as a strength:
Call me crazy, but yes, I do indeed have the nagging sense that people who clearly don’t understand technology shouldn’t write about it. That might help to avoid this kind of outcome:
It’s not actually important whether or not the Paris attackers didn’t use encryption, except that the canned and pre-planned reaction to the attacks shows the disingenuous bad faith of the authoritarians who want back doors and “secure golden keys.” The important thing is to realize how useless those back doors would be even if they were implemented.
Consider the metaphor of TSA luggage locks, which keep your checked bagged ‘secure’ against everyone who doesn’t have either your key or the TSA’s master keys. Many back-door “golden key” advocates think that all they want is the online equivalent. Simple and reasonable enough, right?
Wrong. Encryption is simply math. You cannot ban math. You cannot stop math. All you can do is make people perform the calculations themselves, which, in case you haven’t noticed, is not especially difficult these days. What proponents of mandated back doors are actually asking for is, to extend the TSA luggage-lock metaphor:
- Mandate that all luggage everywhere can only be locked with TSA luggage locks.
- Except that anyone with a modicum of technical ability can replace those locks with ones the TSA cannot open. (Much, if not most, world-class encryption software is open-source.) However the TSA must still convey such luggage to its destination. Note that this alone defeats the entire point of the exercise.
- Furthermore, any authority of any government–including oppressive regimes, and/or those the West looks on as rivals or adversaries, eg China or Pakistan–can also demand a copy of those TSA master keys. What could possibly go wrong?
- As could anyone who had a copy of them. Although surely the TSA wouldn’t be dumb enough to make them available for anyone to copy, right? Oh, wait.
- All this despite the metaphorical-TSA‘s long history of ignoring the restrictions placed on them, and lying to Congress about this, while systematically ransacking all of the luggage placed in their care.
- None of which we would have evidence of if not for a whistleblower, incidentally.
What actual good would such a program do? That is a very good question indeed. I don’t have an answer. I don’t believe that one exists. But such a program is exactly what is being proposed by those who want to mandate “secure golden keys,” i.e. uncontrollable back doors, for online data.