Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Encryption, Padlocks, and Back Doors

Become a Patron of Ask Leo! and go ad-free!


Show Transcript

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

196 comments on “Encryption, Padlocks, and Back Doors”

    • very nice article , thanks Leo!
      to compromise a suitcase with a ” backdoor ” key
      can be acceptable…
      but not personal information on a handset etc. !!!
      it’s too risky!
      today, more and more “our lives are in our hands”!
      for assistance in tracking/detecting criminal activities
      there has to be specific legal requirements
      for specific crimes!
      no universal backdoor to anyone!!

    • Actually, I was surprised, by all means, that exactly Apple wouldn’t have any back door in their system. After all, wasn’t it Angela Merkel’s iPhone that was used to spy on her by the NSA ? (or does the NSA only want to use their exploits/backdoors for international espionage, and not to the FBI for domestic affairs ?)

      However, it is true that in as much as the iPhone encryption is correctly described (which we can never really know with a propriety system such as that from Apple or that from Microsoft), it is true that it is extremely powerful.

      If the description is true, then only the same iPhone that was used to encrypt the file system, can be used to decrypt it, because part of the encryption is based upon a unique burned-in key (burned in the processor chip itself). Now, of course, there is a suspicion that Apple knows which key it burned into which iPhone, so this unique burned-in key is only a protection for non-Apple intruders.
      However, when using data encryption on top of that, the encryption key is a mangled key between that burned in key and the user password. Actually, the data is encrypted with a *random key* which is itself encrypted using this mangled key. This key stays in memory for as long as the iPhone is switched on, but is erased when one reboots the iPhone (which is necessary to try to access the file system with an external system). In order to decrypt the data, one would need to decrypt this random key with the mangled key.

      As such, even if one has access to the file system (with the encrypted data, and the encrypted random key), one would need to decrypt the random key. The normal thing to do would be a brute force: trying many different user keys to see which one can decrypt the random key. And here’s the catch, and the great trick Apple applied *if true*:
      the user key needs to be mangled with the unique chip-burned key to find the decryption key. As this unique chip-burned key is only available on the chip, this combination can only happen on-chip. And the system that does this, has a build-in temporisation: 5 seconds.

      As such, the chip itself allows you only to try one code every 5 seconds, which makes brute-forcing impossible. If true. If the 5 seconds are however not hardware-done but software done, then Apple is lying about its security and this could be undone. If Apple is not lying about its system, then even for apple it is impossible to do this.

      • If a person has an iPhone and does not have it secured with a complicated password then it’s easy for almost anyone to grab the information off it.

        • It is much harder with an i-phone than with any other encryption device, even with a weak password, because of this backed-in temporisation of 5 seconds (according to Apple’s sayings). Even a 6-digit code is already a rather good protection on an i-phone, while it is ridiculous as a password. Indeed, to be able to guess it, one should on average try 5 million codes. But if each trial takes 5 seconds, that is still 25 million seconds which will keep you busy for the better part of a year.
          Most devices, when encrypted, allow you to try the key on them “offline”. You copy the encrypted data, you try a key on an external powerful machine, and you try it. If it fails, you guess another key. Repeat.
          But what’s done by Apple is that you need the chip of the phone itself to do so, because it contains this unique identifier with which you have to mix the key, and you do not have access to that unique identifier externally (it is only mixed on-chip). That same machinery, on-chip, does only one operation every 5 seconds.
          If you would really like to brute-force it externally, without the chip, then you’d have to guess, not only the key of the user (which may be easy), but also the on-chip unique identifier, which is a 256 bits long random number (unless apple put a caveat there, and this number is not so random as they claim).

          • The warrant to Apple asks for Apple to provide software that will replace or patch the OS to 1) defeat the 10 try pass code limit, 2) remove the required delay between pass code tries, and 3) provide a connection via cable or blue tooth for introducing pass codes from an external source.

            It does not ask Apple to go further and try various pass codes or attempt to brute force entry to the phone, the FBI will do that. But, given that most folks would have used the Quick pass code option vs the longer pass code option, once/if Apple complies decryption is trivial. So the protection isn’t in the pass code it’s in the other features of the phone; the 10 try limit, manual entry and the delay between attempts.

            The FBI isn’t asking for Apple to produce information that is in it’s possession like iCloud data. They are asking for Apple to create a new tool where none now exists to bypass or defeat security features in their phone.

            But, that brings up another issue. Is the FBI looking for evidence on the phone of a crime that might be used in a trial? If so the questions change.

            My feeling is that at trial no evidence recovered from the phone would be admitted without verifying the tools used to obtain it, namely the new software from Apple. It would probably have to be given to some experts to verify that it does what Apple says it does and nothing else. Does it really allow for access to everything on the phone without changing anything? If it does change something to gain access, what, why? Do we know what that thing was before it was changed?

            If used at trial the defense will certainly want a copy so they could have their experts examine it. Apple could not destroy the software after trial because it might be an issue in an appeal. The cat would most definitely be out of the bag. Many, many people would have access to this software if a trial was involved.

            Another issue is that the backdoor controversy itself would induce a terrorist to adopt security measures that are not part of the phone’s operating system. There are lots of encryption programs out there, some authored by terrorist groups for their own use. The ubiquitous 7zip allows for passwords and several encryption methods. This would be only a little more complicated and would probably require entering a long pass code for use but, as Leo mentioned, there are good encryption programs out there and if used correctly un-crackable for all practical purposes.

          • @H Davis said, “The cat would most definitely be out of the bag.” – And that’s the crux of the matter. There would be absolutely no way to keep this particular cat in the bag: one way or another, it would end up escaping.

            “The FBI isn’t asking for Apple to produce information that is in it’s possession like iCloud data.” – That would be much less problematic. I don’t think that any right-minded person feels that the San Bernardino shooters have a right to privacy and that the would be no objections to their iCloud data being handed over. But, of course, that’s not what’s being requested. What *is* being requested is a backdoor solution that would be extremely damaging to the mechanisms that people and businesses use to protect and secure their data.

          • @H Davis
            “that will replace or patch the OS to 1) defeat the 10 try pass code limit, 2) remove the required delay between pass code tries, and 3) provide a connection via cable or blue tooth for introducing pass codes from an external source.”

            I think that the problem Apple is facing, is this:
            in as much as Apple has not been lying about the security of an i-phone, then only point 1) and 3) are possible. 2) is hard-wired (according to Apple’s sayings) in the chip containing the unique user ID encryption key which is not accessible from the outside. If what Apple said about their devices is correct, then what is asked in 2) is simply impossible, also for Apple. Because the delay (5 seconds per trial) is hard-coded in the chip that composes the UUID with the user password.

            in as much as this is actually only done in the OS software, Apple is caught lying about its specific security features. This would imply 2 things: a) that unique user ID is accessible from the outside, making it totally moot as a security issue and just a way to annoy users to replace parts of their i-phones. b) anyone can patch the iOS to fiddle with the way the security on an i-phone is done with some reverse engineering.

            Now, I’m rather baffled that the FBI asks such a silly question to Apple. Or they are mightily ignorant about the Apple system because then they ask something impossible, or they know that Apply is lying about the security of i-phones. But if they know that, it is strange that they haven’t (with the aid of the NSA ?) opened this box themselves. In other words, if what they ask Apple to do, is possible, they could have done it themselves, and there would have been no need to embarrass Apple publicly over their lying. And if Apple is not lying, then what they ask is simply impossible.

  1. As always Leo, great advice/comment.
    You can be assured that even here in Australia, if the govt, any govt was allowed to access your stored info, they could NOT be trusted to act in good faith.
    They lie to us & fudge things now and that is on a good day.
    Sure we will hear more about encryption, but as always govts get what they want.
    They just make us trust them less and for good reason.

  2. Brilliant exposé, Leo !

    You touched upon the essential reasons for people not to be subjected to fake backdoor encryption.
    It is true that this issue is more political than technical, but as you say so rightly, it is extremely important
    and all of us should feel concerned.
    Of course, most of us would like law enforcement to be able to track efficiently criminals like murderers and pedophiles,
    and knowing that encryption can protect these kind of people may make people erroneously choose to want to “give up liberty
    to gain temporary security” (in which case, they won’t obtain, nor deserve, either of them, according to a famous US president).

    Living in Europe, there is an issue that US citizens are maybe less aware off. Of course, what we call “terrorism” is something terrible,
    and the horrors that happened recently in Paris illustrate that, yet again. It can be frustrating for good honest law enforcement to not be able to
    decrypt material that might track this kind of horrible people.

    But during WW II, in that same France, there were heroes of the resistance that smuggled out British pilots under Nazi occupation.
    These people would have been considered “terrorists” under the ruling (Nazi) authorities at that time too. Let us not forget that the Nazi
    occupation had access to all the state machinery and law enforcement when during that period. Transpose this situation to today: how
    would it be when something like a Nazi occupation had access to a backdoor to all our electronic data ? Would you like them to efficiently
    trace all kinds of “terrorists” trying to smuggle out British pilots, or giving important strategic information to the Allied forces ?

    We have seen, in Eastern Europe, another example of global surveillance: the East-German communist regime and their law enforcement,
    the STASI. Do you really want, for the sake of tracing terrorists, such a STASI be able to read all your data on your devices ?

    As you point out so rightly, giving a universal back door to a government or law enforcement is too much power of the government over the people,
    as it hurts the people over their communication and data in an asymmetric way: the people cannot control the state, but the state can control the people.
    This is something the founding fathers warned about already more than 200 years ago. We shouldn’t put in place so much power for an honest government,
    because that machinery, once in place, can always be taken over by rogue governments. Don’t think it can only happen to others. The people should always stay sufficiently in power to keep a check on their government, and people not be able to communicate securely without the prying eyes of their government, is exactly part of that power. It should not be taken away from the people.

    If the price to pay is that law enforcement will be, in some deplorable cases, less efficient, then I think that that is part of the price of freedom and democracy.

    • “As you point out so rightly, giving a universal back door to a government or law enforcement is too much power of the government over the people” – I don’t think that’s the real issue at all. Creating a backdoor wouldn’t be giving the government “too much power” any more than enabling agencies to obtain search warrants or subpoena financial records is giving them “too much power.” The real problem is that any backdoor would inevitably become public domain and used by the bad guys. Encryption with a backdoor is no encryption at all.

      • This argument is of course also a strong one, and Leo mentioned it. But my point is rather on another argument, namely the issue when the government goes rogue. Of course when a government goes rogue, it is a problem. But in order for people to resist to a government that goes rogue, the bare minimum is that they (the people) have to be able to communicate securely. Of course a (rogue) government can use force and violence to obtain many things. But one of the great things of encryption is that violence doesn’t work well on it. You can break open a padlock with force, as Leo argued. But you cannot break open a well-encrypted list of contact persons with force. Hitting an encrypted disk with a sledge hammer doesn’t help much. The thing that comes closest is torture of its owner.

        If a rogue government can just open up any encrypted system with a master key, there is no way to organise resistance. Or one should refrain from any electronic device in doing so, which cripples the ability to organise resistance to oblivion.

  3. One thing that occurred to me hearing this is that if a backdoor is included in encryption software, the creators of the software would also have a copy of the master key. So some employees of these companies would be able to steal personal copies. This is almost guaranteed to happen.

    • Yeah, there’s a whole bunch of factors that combine to make a backdoor completely non-viable. For example, who would you grant backdoor access to? The US government? The Canadian government? The Chinese? The Syrian government? Could a North Korean court order that Apple hand over data from a US military-issued iPhone?

      Encryption is what drives the internet. Without solid encryption, secure online transactions wouldn’t be possible, businesses couldn’t protect their intellectual property or customer data, hospitals couldn’t protect their patients’ data, government’s couldn’t protect the public’s data, etc., etc.

      As I said below, break encryption, and you break the internet.

  4. This is similar to what happened at when the US government wanted access to the email servers. The same one Snowden was using. I was also using their email servers, but mainly because it was a no frills service that happen to have good encryption and such which meant never lose your password because even they didn’t have access. So what happened there you can read about on their website, but the gist is they shut down the servers that included ALL clients in order to protect our privacy. Fortunately, I did not lose all my emails up to that point since I was parsing them automatically to my other email account. A sort of backup to my email.

  5. “You’re trusting that the key will always and only be owned by the right people.” – Indeed, and this is the – no pun intended – key issue. Create a backdoor and sooner or later – likely sooner – the mechanism to unlock that door will become public domain: it’ll either be discovered by hackers or leaked/sold by an internal source. Adding an extraordinary access mechanism to a system invariably makes that system less secure (remember the CALEA/DoD phone systems debacle?). Or, to put it another way, if you create a backdoor for the good guys, it’s almost inevitable that a bad guy will step through it.

    Solid encryption is absolutely essential: it’s what makes things like online banking and commerce possible. Break encryption, and you break the internet.

  6. A huge problem with mandatory backdoors is exactly that: They are MANDATORY.
    This mean that everyone do know that they exist. If it’s known to exist, then, hackers, criminals, hostile governements and terorists will invest great efforts and lot of cash into finding them.
    They can pay someone who have access to it, blackmail him, or rob his house, car and any other possession hopping to find it. They’ll work into infiltrating whoever is making the software to get that key. They will also decompile and reverse engenier, or otherwise break the application containing it to extract the backdoor’s key. Failling that, they can always use some bot net to do a brute force attack.
    It won’t take long, maybe only a few weeks, before the backdoor will be found by the wrong/worst peoples. Once found, it WILL get exploited and we all loose big time!

  7. Well, there already is a backdoor, as the courts have pointed out. The manufacturer of the product, Apple in the current case, has the ability to unlock the device. Their engineers know how to make a modification to the OS to prevent it from wiping after multiple brute force attacks. If they know, someone else could know as well. Those engineers are not always going to work for Apple, too, and there are undoubtedly other people who could hack the OS to the same effect. I would guess that if Apple doesn’t provide the backdoor, the FBI’s own engineers will do it. Personally, I would rather allow law enforcement to have access under controlled conditions with proper oversight (i.e., warrant) than pretend that denying access to law enforcement somehow makes us safer.

    • “Their engineers know how to make a modification to the OS to prevent it from wiping after multiple brute force attacks.” – They could indeed create a new/modified OS that would enable this, however, once it’s created, you’d then have a genie/bottle scenario.

      “Personally, I would rather allow law enforcement to have access under controlled conditions with proper oversight (i.e., warrant).” – I think most people would agree with that – but only if it could be done without negatively impacting everybody’s security, which, unfortunately, is not possible.

      Add a backdoor to a system, and that system becomes inherently less secure – and, when it comes to encryption, we that’s a risk we simply cannot afford to take. Without solid encryption, online commerce would be impossible and businesses would be unable to protect their data. As I said, encryption with a backdoor is no encryption at all.

    • In as much as it is really true that Apple COULD create a modified iOS that allows (fast) brute forcing of the user key, then Apple has simply been lying about their security mechanism. The increasing delay and the finite number of trials can be changed, and the input can be done by USB, because that is iOS dependent. But the fixed delay of 5 seconds is hardwired according to Apple.

      • Yeah, it’s a hardware-level security feature – enforced by the coprocessor – but I suspect it’s actually software-controlled to some extent and that Apple could disable it if they wanted to. Additionally, it would like be irrelevant were somebody to be working with a properly signed image rather than the actual device.

        • Honestly, a “hardware security feature” that is controlled by software, is not a hardware security feature any more. Imagine a disk drive with a “hardware read-only security switch” so that no matter what the software tries to do to the drive, when the switch is enabled, the disk is read-only. That is a hardware protection. Now, make this switch software-controlled or overridden, and you’ve just lost the hardware protection.
          There is strictly no point in making a hardware timing of 5 seconds for a user key trial, if this can be switched off by software. Why go through all that hassle then and not do it directly in software ? Because the hardware temporisation then depends on the right software to run. Maybe this is Apple’s little secret…

          • All hardware is controlled by software/firmware. The hardware/software responsible for the 5 second delay is the Secure Enclave which, according to Apple, can indeed be updated, “The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized *software update* separate from the application processor.”

            “Why go through all that hassle then and not do it directly in software?” – Because this mechanism is significantly more secure than a mechanism built into iOS.

          • @ Ray
            Thanks for the document. You are right. Apple’s “hardware” protection is indeed kind of bogus, because, as you rightly point out, it seems to be done in the FIRMWARE and not really in the hardware. The only thing that seems to be truly hardware, is the 80 ms delay.

            You are right that it is still somewhat more secure than directly in the iOS, but there’s nothing really very fancy about it. It is just firmware. In fact, if you look at Apple’ “security” features, it is more a way to tie the customer to Apple, than to secure the customer’s data, because in the end, Apple remains the master of the game. Everything can be adapted using the Apple root signature, and ONLY Apple’s signature.
            In fact, the back door is already there: the Apple root certificate.
            With that certificate, you can write different firmware, probably even firmware that can read out the unique identifier, and tamper with all the other security features.

          • “The only thing that seems to be truly hardware, is the 80 ms delay.” – Actually, that delay is enforced by the software-controlled Secure Enclave coprocessor too (see page 12).

            It’s really not possible to do anything with hardware alone. Even a (relatively) dumb drive like a hard drive requires software to work (it’s on the motherboard). And that software can always be altered/updated.

          • @ Ray

            Well, I have been designing nuclear safety electronics, and there, every security aspect is *true hardware* that is totally unpatchable (unless you make a new chip or a new electronics board, or alter the hardware in any way). It can take on the form of “software” in the sense that there is an engraved ROM containing instructions (“software” if you want) and a hardwired finite-state machine that executes them, but there is no way to modify it without a soldering iron. Apple could have engraved the “software” in the chip just as well as the unique user ID. In fact, before you showed me that document, I had understood (erroneously) that that was exactly what Apple had done in the i-phone. But the only thing they really seemed to have graved into silicon is the checking of the Apple root signature…

            This pure hardware security in nuclear safety is first of all required by law, and honestly, even if the law didn’t require it, I would nevertheless always design it that way, because once you’ve gone through the security audit, you know it is something you will be able to count on and that will not be modified by mistake or by malice if the hardware is physically secured.

          • @Patrick – Yes, you can indeed create systems which make it exceptionally difficult – but never impossible – to update/change the software/firmware, however, that’s not really practical in the case of mass-produced devices as, obviously, manufacturers need to be able to fix bugs , etc.

          • Well, I don’t agree that for mass production, every bit of functionality should be upgradeable. Of course, that possibility introduces great flexibility, and the capacity to ‘correct bugs’. But, long ago, when mass consumption devices still used a lot of analogue electronics, this “firmware upgrade” didn’t exist, and mass consumption products were nevertheless built and sold. Video recorders with a lot of rather complex analogue signal processing were hardwired and they were sold to the public. The functionality was sufficiently tested in the lab to ensure that the hardware was doing it correctly and that there was no essential need to be able to “upgrade the filter”. So for a limited set of essential security firmware, I don’t see why it couldn’t be graved in silicon, in the same way as the coefficients of an analogue passband filter were graved in silicon through the resistor and capacitor values.
            This is why, after looking more in detail into it, I now find Apple’s “security” system more a way of tying the customer to Apple, rather than securing the customer’s data. Of course, as you pointed out, it *does* secure, as a side-effect, the customers’ data somewhat more than simple OS protection, because Apple’s signature is needed and not every hacker in the world has access to it. But in as much as the verification of Apple’s root signature is really hardwired, one could have made the key encryption with the unique identifier just as well hardwired without possibility of firmware upgrade. Clearly, Apple’s priority has been on the root signature verification, and not on the encryption.

  8. Leo
    An alternative view. The world is a dangerous place .Encryption is used by terrorists who have damaged your and my country and will try/ are now trying to do so again. Isn’t it reasonable to consider that there should be a strictly limited way to access the information they hold.
    Great subject to discuss.

    • The key is the phrase “strictly limited”. If we could agree on what it means (we can’t), and count on it always being true forever (we can’t) without even one slip-up (it’ll happen), then MAYBE. But with all those conditions required for success, it’s a completely impossible scenario to promote. It’s simply too fragile, and the cost of failure is WAY too high.

  9. A locked device can be broken into… whereas encrypted data can not (allegedly) be decrypted. The ability to break into e.g. Angela Merkel’s phone means that her own security service did not enforce any viable encryption on the handset or while being used.

    To trust that any agency be it government or private will only use the ability to decrypt data to determine if a crime has been committed is ludicrous. The nature of an overbearing and intrusive government is to control its population by any means.

    “Snooping” into data and transmissions, allegedly to “protect” people or nations from potential terrorist threats is the same spurious argument that was central to the story of George Orwell’s “1984”. Terrorism is the “bogey-man” used to intrude further into our private lives… as was done under the likes of Edgar J Hoover, where those agencies concocted evidence against anyone “it” deems a threat to “national security”.

    Encryption is necessary to protect all transmissions and data “at rest”… The corollary is that we know that this also includes those whom wish us harm, want and to steal our personal data for financial gain. This is the price to pay for “our” privacy… It is a price worth paying if the end result is that all of us no longer have privacy, security from spurious litigation and the erosion of natural law and politically enshrined legal procedures and laws.

  10. Leo, you present a solid lists of “why nots”, but given the potential to track down others now planning similar dastardly acts, you are giving less importance to the lost of human life rather than lost of data.
    What would you do?

    • I would look to other alternatives. No, I don’t know what those are, but I can say categorically that encryption back doors are not the answer. Not even close.

    • Encryption is a critical to the working of the internet: without it, online banking, commerce, etc., etc., etc. would be impossible. Break encryption – and creating a backdoor would be breaking it – and you break the internet. It’s simply not possible to create a backdoor to something without making it less secure.

      Additionally, how much would a backdoor really help? Wouldn’t those with something to hide simply switch to other methods of communication or find other ways to obfuscate incriminating material?

  11. Always the minority, who have no regard for the law (and break it) who inconvenience the majority of law abiding citizens.
    There’s really no answer to it until society is structured to fully educate the new generation into the benefit of altruistic behaviour. I’m afraid we’re moving away from that at the moment.

  12. Mr. Leo Notenboom–I could not agree with you more. I commend your courage as a public figure to take the only thoughtful position possible by an American Citizen, on this very critical issue. A position against this Anonymous government blatant hijack attempt of American right to privacy is a stand for everyone’s freedom from the slippery slope of government oppression. American Citizens are not allowed to see the function of or government that hides more of its functions behind big wall termed, “National Security”, and “The Patriot Act –aka the world’s only “Exceptionalist” Government that accepts no accountability for its horrific global wars, stupid shortsighted invasions of poor countless and the clandestine destructions of ancient nations and their cultures. Now finally, because of the easy access to deadly technologies, even those poor countries our CIA and Pentagon has deemed unworthy to exist and so have devastated–are like “the chickens coming home to roost.” The “terrorists” are coming home to out shores to get their revenge on our self righteous imperialism of many decades. Of course all those, and ‘these endless new wars have plumped up our fat “Military Industrial Complexes” with nice paying jobs.

    Reading some of the works by the poet, Charles Eastland I felt comforted, at least someone else has eyes that see the prescience of Eric Blair’s (Orwell)vision of Thought Police present in America now…more interesting challenges to come, albeit a few more years later than Orwell projected. Truth is we as citizens are not allowed to witness the staggering waste of American Citizens Tax Money on global military bases, new clandestine (by media omissions,) massive payoffs to other countries , military waste that would shock the most ultra patriotic person with a thinking brain. But alas not so much tax money available for the retuning veterans proper care, or thousands of dangerous rusted bridges and the pot holes on the streets,

    Being an American citizen, born here…and accurately stated–self raised on the streets. It was as a fourteen your old runaway, I now can see, it has been through some higher power’s intercessions via many “coincidences” that I owe most to “the kindness of strangers” in my failures, falls and ultimately some success that has kept me alive and well. I bring up a bit of background because that street life has given me an “out of the box” view of life–of government, modern culture and our society as it has simultaintiously evolved and devolved into its current splinted condition. Take our alleged American ‘freedom of speech, our democracy–well, how can anyone not sense at some level, we the people are slyly kept in the dark by Media propaganda and trite gadgetry–all distractions that divide us, for the secret unchallenged deeds our governments doing behind the big greenback walls.

    We have no way as citizens to be part of a government by the Money, for the Money. How can people trust our government to have a key to our right to privacy using strong-arm laws and FBI threats to its people. Did all the ultra purveyance in place defend the people of Boston from being attacked? Do they in government not see they are digging deeper divides between American Citizens and our alleged people’s government?…while hurting a fabulous golden goose like Apple? Alienating the industry’s cash cows is like breaking into, and robbing your own bank. I stand with Apple and with you, Leo. I could not agree with you more Mr. Leo Notenboom on your stance against backdoor intrusions by government into our right to privacy via encryptions and any other rights. I will take the time here as well, to thank you for years of your generous help brining us along on the digital magic carpet.

    Thank You
    Alton Fox

  13. Apple, nor any other tech company, should give into the government and / or any of their agencies, period !!
    Once the “Genie is out of the bottle”, it is only a matter of time before the bad guys with bad intentions,
    including those that collect a government pay check will take / look at anything they choose to whenever
    they choose to.

  14. Very good points, of course (as expected from Leo!)
    But in addition to those, imagine the reactions of 1) other governments who would then feel empowered to make similar requirements, and 2) the market share of any devices subjected to these silly requirements. If you had a choice would you buy one of them…? In fact, financial laws for US public corporations enforce profit maximization requirements on public companies operating here. I don’t think it is possible to comply with both requirements at the same time.

    • “The market share of any devices subjected to these silly requirements.” – That’s an excellent point. Foreign entities wouldn’t use a device into which the US government had a backdoor any more than US entities would use a device into which the Chinese government had a backdoor. It’s a move that would seriously impact Apple’s ability to compete in international markets – which, I suspect, is part of the reason that they’re refusing to help the FBI.

  15. No guarantee that you don’t have it already since the government stole the “PROMIS” software some years ago and also allowed it into the hands of a foreign government “our favorite”

  16. As I understand the current Riverside shooter iPhone encryption issue, there are two levels of data protection. The data on the perpetrator’s iPhone is encrypted, and further, the access code to the iPhone is unknown. I had heard it described that the government did not want to attempt multiple iPhone access attempts because this would trigger the iPhone to delete all internal data. Thus, regardless of the issue of encryption backdoors, the government was asking Apple only to supply info as to how this “delete” function could be disabled to allow the government to obtain an image of the encrypted data. I had even heard that the government had agreed to let Apple obtain the image off the iPhone. Once the government has this image, they can have at the encryption, and good luck to them on that. I suppose that the encryption at issue is a system that, once seeded by the user, leaves no known way to decrypt the encrypted data, not even by the people who created the encryption system. And ultimately, aren’t we always in a position of having to trust some few people (or even one person) who actually know if there is a backdoor in their fancy encryption system?

    • There are indeed two levels of encryption in an i-phone, but both of them depend on a unique key engraved in the processor chip of the i-phone. That unique key cannot (according to apple) be read out, but the chip can be instructed to use that key to decrypt something. As such, the cryptographic puzzle without the chip is much harder than the cryptographic puzzle using the chip on the i-phone.
      The first level of encryption is the entire encryption of the i-phone flash disk with a random number that has been encrypted with that famous unique key, and of which the encrypted image itself is saved somewhere in a piece of flash memory. These encrypted data could without difficulty be copied by the FBI, but the AES standard used for it is so hard, that nobody knows how to brute force it before the end of the universe. However, using the i-phone chip, this can easily be done.
      However, the second level of encryption is done as follows:
      another random number is taken as a key to encrypt application data. This key (a random number) is then encrypted with a mixture of the user password and the engraved unique identifier. This encrypted random number is saved on the flash disk.
      So once the flash disk is available with the processor chip, one still has AES style encrypted application data, and the key itself is AES style encrypted with a mixture of the user password and the unique key burned into the processor.
      What would be easy, would be to try several user passwords. But the chip itself should mix this tried password with the unique engraved identifier, to try to decrypt the encrypted random number that encrypted the application data. However, this chip is constructed in such a way, that it only allows to do such a mixture (between password and unique identifier) once very 5 seconds. According to Apple.

      If all this is really true, then there’s nothing Apple can do for the FBI, even if they wanted. The best they can do is to give a modified iOS that allows the FBI to send over USB a new password to try every 5 seconds. But *this* hack of iOS mustn’t even be too terribly difficult that at the NSA, they didn’t already figure that out I would guess.

      The real nasty question however, in the whole of this history, is this:
      does Apple keep a copy of the unique identifier that it engraved in the chip of each i-phone ? Because if Apple did keep that list, then all of this fancy protection, is, in the end, moot. Because then one doesn’t need the actual processor chip. The only reason one needed it, was because it contained that unique identifier and one needed it. But if that number is available in a lookup table from Apple (as a function of the serial number of the i-phone), then all the fancy stuff above can be done on a different machine. The only thing Apple would need to give to the FBI is the engraved unique identifier. Then the FBI can copy the encrypted flash disk and the encrypted random key on another machine, and brute-force the user password without any temporisation.

  17. There seems to be a lot of emotion, paranoia, even hysteria over this issue. Privacy seems to be elevated to worshipful status, which completely ignores any actual rational resolution. First, privacy is not a “right”, it isn’t actually anything at all, it is just a word describing the effort by an individual (or like-minded group), to have information no one else has, or control revelation of that information. There is not even any ethics, morality, good, bad, evil label to apply. Information without action is actually meaningless. The real issue is how that information is used, and even that is in the eye of the beholder. One persons view that it is being used for evil intent, may well be viewed by another as good intent, and both will be right. To resolve that conundrum we employ the greater good concept, which simply means the majority decides what label is applied, and acts accordingly. To use an outrageous example to illustrate that point, consider a nuclear bomb. We assume no rational person would advocate for allowing individuals to own a nuclear bomb, yet I am absolutely sure we could find a few confused individuals who would argue why not. However the majority is large enough that it can enforce, lethally if necessary, the doctrine of no individual ownership of nuclear bombs.

    Privacy, is essentially the same thing. I doubt any rational human being would argue he has an absolute right to keep any knowledge about them-self from their fellow human beings. Essentially that is what a large part of our laws are about, uncovering actions by others we deem to be harmful, as determined by consensus of those writing an enforcing laws. For example, withholding information when entering into a contract renders the contract void (when uncovered). Human beings are often devious, self-serving, and malicious. We do not want to protect the privacy as an absolute, we all know this. The argument seems rather to be a struggle over whether individuals should be granted a tool (encryption) with extraordinary power (nuclear bomb). individuals cannot obtain this tool for them-self, they can only do so collectively through their government, as the guarantor that the tool will be allowed to be produced (so to speak). Although all government is essentially allowed by the people governed, it still is reasonable to view it as an entity in it’s own right, with all the same motivations as an individual. Therefore it is a fundamental reality there will always be struggle over the division of power between the government and the governed. Historically governments could generally eventually uncover (pierce privacy) if sufficiently motivated. Whether that resulted in the greater good is a philosophic issue, and not my point here.

    The problem we now face, in the eternal struggle between govt and individuals, is the “invention” of a tool with awesome power, the ability to completely thwart the governments ability to search out those who would harm society. This is not a trivial issue folks, it is literally life and death. We need the government to do it’s most important job (remember “we” all of us, are the government) protect us from harm that we cannot do as individuals. That is where this argument must go, how do we do that. Banal arguments about govt malfeasance, or the trite cliche about giving up power means you don’t deserve it at all (are people really that ignorant…sheesh…) . Yes, indeed we (the body politic) need to seriously consider how do insure our security, but not out of some emotional paranoia re governent. Frankly, the argument of privacy as an absolute right, is no different than advocating anarchy is the best form of govt. In a perfect world, with perfectly rational human beings, none of this would be an issue, but since we clearly do not live in such a world, absolute privacy is ridiculous.

    I do not have all the answers, but I think any rational human being should be able to clearly see the parameters of this issue, is not that difficult.
    1. However it is accomplished, the govt must have the ability to pierce the veil of privacy when needed, in a timely fashion.
    2. We absolutely need to rework our legal checks and balances so that power is not mis-used by the govt.
    3. We need to rework the legal repercussions for those who violate privacy laws. Making it extremely painful on those who do so.

    If we come at the problem with these things in mind, we will find a solution. It is acceptable (to me) that it will not be perfect, that there will be failures, and abuses. But such is life, we all seem to accept that or we wouldn’t allow drunk drivers, we would execute them so they cannot hurt anyone else (especially non-drinkers). We accept all sorts of tradeoffs in life. I am perfectly ok with knowing my private communications “could” be viewed by others, knowing if such occurs illegally, they will be found out and punished (and myself compensated if needed). If it is the government doing so, knowing that unless I am “guilty” the information is flushed and goes no further.

    Clearly this is a complex issue, including the international angles. But if we don’t solve it we are certainly empowering the criminals, terrorists, of this world, essentially giving them nuclear devices to use against us, we will have no defense, and our “right” to privacy can be engraved on our headstone. Make no mistake folks, we are in a war, get your priorities straight or you will not be around to argue your point. Let’s focus on the technical means to defeat encryption, make sure only designated authorities can do so (enforceable checks and balances), and severely punish those in and out of government who abuse privacy. For those of you who simply want to hide their adultery, or financial scams, or silly redneck militias, get over yourselves and realize there are some seriously evil people out there who will do you in along with the rest of us. Would I like the ability to totally control all information about myself, you betcha, who wouldn’t? Do I worry someone might steal my identity, or uncover medical stuff and affect my insurance etc, of course!! However, I am far more worried about how terrorists and criminals will affect my life, so I am willing to accept I may possibly be embarrassed, or inconvenienced, or even “injured” some, rather than be a victim of a much greater evil. How about you?

    Really folks, governmental checks and balance, and legal repercussions seem to me a very easily solved. The more difficult issues are technical, how to discern when private information is improperly accessed, as well as how to defeat encryption, but making it hard enough that your average joe can’t do so. And we will hunt down with a vengeance those criminal organizations who do so.

    • “Privacy seems to be elevated to worshipful status, which completely ignores any actual rational resolution.” – I certainly agree with that, however, a backdoor to encryption would do more – much more – than simply impact people’s right to privacy. Adding a backdoor to a system makes that system less secure – and that would mean our online transactions would be less secure, our banking systems would be less secure, corporate and government databases would be less secure, etc., etc., etc.

      • Yeah, I agree a readily (and easily) used tool to defeat encryption is probably not doable, unless there existed a robust and effective way to quickly identify illegal use. My goal here was to move the discussion off a lot of silliness and focus on the real issue and how to start solving it. Emotions don’t solve anything, we need to acknowledge the issue and agree that absolute privacy via encryption is not ok, not in “our” best interest at all. It would be encouraging to see posts exploring technical and legal issues, to have a dialog focused on solutions not fearfulness. If given a mandate, (and budget), I suspect there are all sorts of avenues to pursue along the lines of something like this ……..

        I am not a technical expert on encryption but I do wonder in a general sense if the solution is economic. That is make breaking encryption expensive, such that only a government could afford to do so. Gather all the chip design experts and math experts together, do this all out in the open, and design encryption that can be broken in … I dunno, say 1 hour, by employing 50 billion dollars of supercomputer. Construct the facility to do so, and voila, the govt would have to have a darn good reason (after legal checks and balances), to use such a resource in a given circumstance. Not to mention make reasonable efforts to identify likely intelligence first. They sure wouldn’t be bothered decrypting all the millions of legitimate personal/business communications floating about. Further by making the development “open” there is no hidden solution that some entity with evil intent can hide away for their own use. The “openness” insures all solutions are considered…. yeah, may have the secretive mad scientist scenario, but that would show up quickly enough, and be ruthlesslly uncovered, suppressed, whatever.

        • “make breaking encryption expensive, such that only a government could afford to do so” Not so sure I’d want my government to be spending so much of my money :-). And if only governments could crack it, so can Donald Trump or Google or the Waltons :-(. And criminals and terrorists would still be using uncrackable encryption. And I’m sure the NSA has that latest and most advanced hardware and software the world had never known. (Yes I mean never, after all there’s No Such Agency :-\).

          • Agreed, but the pool of entities capable of doing so gets smaller as the cost goes up. You simply prosecute anyone who duplicates govt methodology. Likewise we will prosecute anyone who decides to build their own private nuclear arsenal…. right? No doubt foreign governments will still spy on each other, but that is a given no matter what, and must be solved diplomatically, or with a big stick. I could be wrong, but I suspect including an economic component in the equation will be helpful in an overall solution.

          • Enjoyed your little poke at govt spending, I am regularly outraged at govt excess, not to mention stupidity, as a steward of MY money!!! However, I do appreciate the interstate highways, FAA, and competent military and so forth. My belief “we the people” need an anti-encryption defense means I will agree to (albeit reluctantly) fund whatever it costs. The consequence of not doing so will clearly cost me far more (including life itself) at some point.

          • “You simply prosecute anyone who duplicates govt methodology.” – Unfortunately, it’s not that simple. The US cannot prosecute non-US entities and nor can it prosecute anonymous hacking groups that cannot be found. Corporate espionage is already an enormous problem that results in the loss of hundreds of millions of dollars from the US economy and the loss of millions of jobs (see the links I posted elsewhere in the comments). The only way to combat the problem is by using the strongest security possible. Weakening security by creating backdoors would simply exacerbate the problem.

          • Yeah, I understand prosecuting beyond our borders is also a problem. I havn’t said much about that, but like many other issues (nuclear proliferation for example), solutions must be found, whether they be diplomatic, or threats (assuming the will to carry out the threats), but that is a whole nother discussion. Suffice to say nation states do “cooperate”.

            re corporate espionage, such has existed since beginning of time, and I don’t see that particular concern as relevant to this discussion. Those who want to do so will, whether by bribes, physical penetration, kidnapping, whatever… no encryption system will be worth a plug nickle when the holder of the key has a gun to his head (so to speak). In the end, corporations rely on our govt waging the war just as much as the rest of us, they cannot protect them-self, nor do they have the means to hunt down and eradicate criminal and terrorist enterprises.

            re anonymous hacking groups can’t be found… beg to differ, if an entity with unlimited resources wants to find you, and is willing do whatever it takes, you are dead meat. The only reason anonymity works is the “cost” to overcome the anonymity. Ditto spammers et al, I repeat my assertion, the issue is consequences, make them severe enough and you will put them out of business. The more thorny issue throughout all this is the difficulty with national borders. However, I believe there are technical solutions which would be helpful in reducing the ability to hide. Obviously that means some re-engineering of of the intern…. requiring all vehicles to have VIN and license plates comes to mind (sort of) as an analogy to making it more difficult to “hide” on our open road system. If and when we make it technically impossible to spoof license plates, or file off VIN’s, therefore making every vehicle identifiable, we reduce the criminal use of our transportation system.

            It is a war Ray, we can’t afford to just go home because it is hard to fight, or impacts our “freedoms” in some way. We have to fight it, or we lose. An absolute tool, available to anyone, is just too costly to society, solutions have to be found, and I think they can be found. But first we have to come to a consensus, and express our will to do so to our elected officials, so they can fight this battle without their hand tied behind their backs.

            I agree with using the strongest security possible. But I do not see eliminating govt oversight as a complete solution. Rather I envision oversight relying on the enormous resources of a nation state as part of the solution to criminals and terrorists having a comparable ability. Then further, suppressing any “unauthorized” encryption technology by whatever means necessary. This is really akin to nuclear proliferation. Until recent times, development and deployment of nuclear weapons was essentially only possible for a nation state. And the states with that capability saw fit to cooperate in preventing proliferation. Not perfectly of course, in the byzantine world of international politics. Personally, I would bomb n korea back to the stone age, ditto iran, et al. That is a line in the sand which is unequivocal, and would be obeyed. The greatest threat to all of us is nuclear proliferation, I am quite willing to risk world war to confront what will without doubt be used against us if we allow proliferation. Then it will be too late. MADD will not work with many of the rogue lunatic nations out there….but I digress.

          • “If an entity with unlimited resources wants to find you, and is willing do whatever it takes, you are dead meat.” – Yeah, but you can’t have a global bin Laden-style manhunt to track down every high school kid who’s torrenting a copy of TrueCrypt.

        • “That is make breaking encryption expensive, such that only a government could afford to do so.” – The problem with that, is that governments may be the very organizations you need protection from. Remember, state-sponsored hacking espionage is a very real thing. While not strictly relevant, this is an interesting read and provides an insight into sophistication of hacking groups:

          If you create any sort of backdoor to encryption systems, a bad guy will eventually find a way to step through it.

    • “we are the government”. This is a big mistake. We are not the government. The French king Louis XIV so rightly said: “the State, that’s Me ! “.
      The state is only made up of the organisation of the top deciders. You are not one of them, so you are not the government. Don’t think that because the people are forced to give an electoral mandate to a government, that you have much deciding power. After factoring out effects of propaganda and disinformation on the election result, you might eventually argue that your vote slightly increased the probability to install a government with a somewhat better hidden rogue attitude than the competition. Strictly speaking, a state with an elected government is not a democracy, but an elective aristocracy (in contrast to the old-regime hereditary aristocracy). Only a state where the laws are proposed and voted directly by the people could be argued to be a genuine democracy (“where the people rule”).
      I’m not arguing here for the good or feasibility of such a hypothetical system (somewhat like Switzerland). But don’t make the mistake to think that “the state is the people”. The state is a separate entity that rules over the people. At any time, it can misbehave. History bulks of examples. In fact, it is harder to find states that don’t misbehave.

      • “We are the government. This is a big mistake. We are not the government.” – Indeed. We get to choose between a small number of candidates, each of which is bankrolled by big business and directed by policy advisors who are influenced by deep-pocked lobbyists in the employ of big business (again). It’d be a big mistake to assume that a government will always act in the best interests of the people.

  18. Leo,
    Outstanding and timely article. As you clearly point out, “back doors” / master keys are NOT a viable alternative. My opinion, use of strong encryption is becoming mandatory in today’s world.
    Keep up the great work.

  19. You will gather from my pseudonym that I’m not in favour of the Nanny State poking its snotty nose in where it’s not wanted. I have nothing to hide but, what if, just out of badness, one used an encryption system that is new, doesn’t comply with government back door requirements, inasmuch that no back door is available, what’s a prying government going to do. So sue me and I’ll have them for every ‘privacy’ law they’ve put in place.

    They cannot plead exemption because you either have privacy or you don’t. Even government Paul Prys cannot have it both ways.

    • Actually a government could do worse than sue you. They can make the possession of strong encryption illegal and arrest you for having it. It probably wouldn’t have much effect other than to jail a few supposed example cases.

        • no no no Leo, that is for offense such as guns (everyone should have gun for defense, hence that sentiment). encryption is a defensive weapon, everyone will indeed have it, we (the people) need an offensive means to employ against criminals and terrorists hiding behind encryption. Then make sure we deny the use of that offense to criminal elements (the military weapons analogy).

          • “Everyone should have gun for defense” – I completely disagree on that point, but it’s a debate for another time and place :)

  20. Dear Leo, I read every time your articles, but is the first time I comment… The only thing I want to say is: “You did the right thing with this article, and I think you opened now a “Pandora Box” … I am very interested what will come next on us, because we should never trust any government… “Government” is a noun, not a singular people you can know before, and you can say “He is my friend, I can trust him…!” I said you opened the Pandora Box, because every government from all over the world, wants to have limitless power over their peoples, for their own purposes … And a backdoor key will be the Pandora Box for all of us. It will be the end of the internet, the end of e-mails privacy, and the end of our social privacy. And what it scared me, already a very big part of our privacy is gone… I mean that already a big part of the democratic “free will” is controlled by “the others” who control the governments and by the governments himself! The fact that we are already now all the time watched in many ways is known. A backdoor key for any encryption will be the worst thing it can happens. I can only hope that we, as peoples and as a democracy, we will preserve this freedom.

  21. A backdoor to encryption is like tagging a house key, writing “For Police, Fire Department and EMS use only” and putting it under the doormat. We know the bad guys will honor that….

  22. Excellent piece Leo, and certainly timely. I agree 100%.

    A few commentators here have brought up the Apple/FBI skirmish, but most are addressing it as a sweeping backdoor issue. However, I read that the FBI says they are not asking for a back door, but rather for a one-time solution to a one-time problem: access to the phone of a known perpetrator of violence. *On the surface* it sounds like a reasonable and lawful request. So:

    –Is it true, or just a disingenuous argument to deflect opposition?
    –Is there any way for anyone to know for sure if it’s true?
    –If Apple could indeed provide one-time access to one phone at a time, would that be a useful compromise?

    I’m sure if it were so simple it wouldn’t be the big deal that it is, and Apple wouldn’t be so adamant in refusing, so if anyone can help me understand this aspect of it, I’d be very appreciative.

    • “However, I read that the FBI says they are not asking for a back door, but rather for a one-time solution to a one-time problem: access to the phone of a known perpetrator of violence. *On the surface* it sounds like a reasonable and lawful request.” – Yeah, it does sound reasonable – on the surface. What Apple would need to do, however, is to create a new/modified OS – which they could certainly do – that would enable the security mechanisms built into the existing OS to be circumvented. And the problem is that once Apple create that OS…well, you can’t put the genie back in the bottle.

    • The belief is that this is a test case in order to set precedent for future requests leading up to the back door. (Other countries … notably the UK … are already considering the back door.)

      • Thanks Leo. I also read just today that Apple is saying that the solution they would have to supply to comply with the request could be used in other cases, so although the authorities are claiming it’s just for the one case, for practical purposes it is a back door.

  23. Don’t kid yourselves do you really believe That the knowledge to perform this kind of activity doesn’t already exist,
    Shame on you

  24. How many terrorist killings would it take for Apple to cooperate in some manner? We know it’s greater than 14 killed. So is the number 100/year, 1000/year, more?

    • As I mentioned above, corporate espionage/hacking already has a significant impact on the US economy. According to a recent 60 Minutes’ story: “The Justice Department says that the scale of China’s corporate espionage is so vast it constitutes a national security emergency, with China targeting virtually every sector of the U.S. economy, and costing American companies hundreds of billions of dollars in losses — and more than two million jobs.”

      Were backdoors/vulnerabilities to be built into the systems that companies use to protect their data, the situation would likely be a lot worse.

      Additionally, would a backdoor really help combat crime? I suspect it wouldn’t and that the bad guys would simply find other mechanisms to communicate and obfuscate.

    • Dave you sound like you’re reacting emotionally to a complex subject. The government knows there’s nothing on this iPhone they simply want to set a precedent for forcing Apple and all software vendors into providing back doors. With over a hundred apps available to encrypt everything you do digitally no terrorist is going to have a problem doing what they want over digital connections whether Apple co-operates or not.
      How many mass shootings before the NRA stop blocking even the most lax gun regulations?

      • “The government knows there’s nothing on this iPhone.” – I very much doubt that that’s the case. Realistically, at this point, the FBI have no way or knowing what details may – or may – be on the phone

        “They simply want to set a precedent for forcing Apple and all software vendors into providing back doors.” – The Director of the FBI stated, “The San Bernardino litigation isn’t about trying to set a precedent.” I don’t buy that. While precedent-setting may not be the action’s raison d’être, the FBI obviously know that a precedent would be set – and, were the action successful, it’d be a dangerous precedent too.

      • Cars are already illegal, in the sense that we need to have a license to drive them, the car itself needs to be registered, it needs to be insured properly, and ownership records must be in order. If those details are not properly handled then the car, or driving the car, is illegal.

    • Who is a terrorist?

      If some group today decided to throw all the tea in Boston harbour and declared that it was time to get rid of the government that they would be labelled terrorists. Germans occupying France 70 years ago was wrong, and yet it was acceptable a couple hundred years ago when the British and French occupied the North American continent.

  25. There is a POSSIBLE danger of outsiders reading supposed secrets. There is a PROBABLE danger of enemies conspiring to cause injury. Some people distrust governments more than terrorists. I vote for trusting governments as the lesser of two evils.

    • The issue isn’t how much confidence and trust we should have in government; it’s whether or not we should deliberately weaken the security that every person and business relies on to protect and secure their data.

    • Honestly, much much more harm has been done during history by governments than by terrorists. Most wars have been waged by governments. WW I was a government war. WW II was a government war. Yes, there are some examples of civil wars too, but their number is much lower, and the number of victims is much lower, than the number of death by governments. The Holocaust was a government deed. Stalin’s millions of death are a government affair. Hiroshima was a government affair. Compare that to the most spectacular terrorist act ever: two big buildings floored. Peanuts.

      After all, terrorists are soldiers without a government.

      Terrorists, including the 9/11 attack, the Madrid attack, and a few more have not made more death the last few decades than a couple of weeks car driving in the world. On an objective level, terrorism is a microscopically small danger to the life of people on this planet. The probability for a random person to get killed by a terrorist is infinitesimally small compared to the probability of that person to have a car accident, or to be just the victim of “normal” crime.

      Terrorism is in all objectivity a totally negligible item, blown out of proportion by those having a strong interest in pointing an invisible “bogey man”. 1984, as someone else already pointed out.

      • I agree with you that more people are killed by government waged wars than by terrorists, but that is in large part due to the fact that governments are protecting us from them. Although, to be more correct, I’d replace the word terrorists with criminals. In countries where governments are weak and can’t protect the people, criminals have a free hand and chaos rules.

        • Governments don’t protect people. Law enforcement and justice protects people against criminals. Governments dictate laws and impose administrative organization. Governments create armies to mess around abroad.
          Governments are not necessary for that function: they could be replaced by people proposing and voting *directly* the laws. Only then, one could actually speak of “democracy” and only then, the phrase “the people is the government” would make any sense. Law enforcement, directly put in place by the people, and to be revoked at any moment by the people, would put the people really in power, over law, and law enforcement. The Classic Athens democracy more or less worked like that. People would just as well be protected from criminals by their own endorsed law enforcement. *that* would be democracy, and there would not be any place for a “government” (or a parliament, congress, senate, whatever group of aristocrats that have the sole privilege to propose and vote the law, because that would be the people themselves).

          But terrorists are not necessary “criminals”. They are closer to the concept of enemy soldier than criminal. They are fighting for a cause, and attack civil and public targets of their enemies (us). Of course their enemies (we) see them as violent outlaws, but so would we perceive any enemy soldier that were to target us.

          Most of the time, there is a root cause for terrorists wanting to hit us. Usually our governments have severely messed up their place. So without a government messing around at their place, we wouldn’t even have them as terrorists either.

          Islamic terrorism is mainly a product of western governments, especially the USA starting with the endorsement of Islamic fighters in Afghanistan in the 80-ies. And of course, with the crazy Iraq invasion. But before that, essentially by the UK and the French, with all their colonial messing up in the Middle-East and North-Africa for a century or so.

          • You speak of law enforcement as being a separate entity from the government, but it’s one of the services provided by governments. I agree that terrorism is mainly due to the destabilization cause by intervention in those countries, but as bad governments as can get, in most cases, they are better than the alternative. ISIS itself is an example of what happens with no government. It sprung up when the governments in the Middle East broke down and lawlessness prevailed.

            Athens wasn’t really a democracy. It was an aristocracy (in the original meaning –, ruled by the rich. Pretty much the same kind of people who are choosing our candidates now. Hopefully, social media and the internet is changing that where candidates with little or no backing can mount a successful campaign through word of mouth. I don’t have a lot of faith in that happening, but I won’t give up trying.

          • “You speak of law enforcement as being a separate entity from the government, but it’s one of the services provided by governments.” – I think Patrick is talking about a utopic system under which the running of a country – including law enforcement – is entirely in the hands of the people. The people decide each and every law – via referenda – and are responsible for the enforcement of those laws. Like Switzerland on steroids, if you will.

          • “Hopefully, social media and the internet is changing that where candidates with little or no backing can mount a successful campaign through word of mouth. I don’t have a lot of faith in that happening..” – I do. As younger, new media-minded people start to become voters – and as network TV and big budget advertising continues to become less relevant – a shift seems inevitable.

            As I’m sure you’ll know, we recently got a new (Liberal) PM here in Canada. His messaging – about scaling back military operations, the environment, physician-assisted death and creating an ethnically- and gender-balanced cabinet – really resonated with younger voters and he won by a landslide. His campaign was also superbly orchestrated. The Consvervatives had a ran a very negative series of ads using the slogan “Justin Trudeau: just not ready.” The response….


          • @ Mark Jacobs

            Concerning ancient Greek democracy, I should have been more precise: I was talking about the direct democracy in Athens in the 5th century.

            From the Wiki: ” It was a system of direct democracy, in which participating citizens voted directly on legislation and executive bills. Participation was not open to all residents: to vote one had to be an adult, male citizen who owned land and wasn’t a slave, and the number of these “varied between 30,000 and 50,000 out of a total population of around 250,000 to 300,000.” “

          • I was referring to the direct democracy. It was not a real democracy as only about 10% were allowed to vote. That’s why I called it an aristocracy.

          • @ Mark

            It was a direct democracy, but limited to male, free, Athenian citizens. You could hence exclude slaves, women, children, and foreigners (“barbarians”). The inclusion/exclusion of people into the voting system is in any case a fundamental problem of democracy, but at least, in Athens, there was no delegation to an aristocracy of the lawmaking. If you had something to say (that is, if you were a free, male, adult citizen) you could propose laws and vote them. If you didn’t have anything to say (you were a woman, a slave, or a barbarian), well, you weren’t considered a citizen in any case. But there was not this joke of “giving a mandate without further control” to a representative aristocracy which is the basis of most western contemporary states.
            I’m not saying that it was ideal. But it had more elements of democracy in them than our current elective aristocracies.

            The most important element of direct democracy is that the people subjected to laws, vote them themselves, and are not voting for people who negotiate “package-deals” where it is not clear whose interests prime in the composition of the package.

            You can also put it information-theoretically: the baud rate of a voting contest is way way way below the choices that are sensible concerning the laws (that is, the information-content of the principles of the laws). As such, it is obvious that the people are not in control of the law, as they are not even able to provide the information for their choices.
            If there are, say, 5 or 6 potential realistic candidates who will rule administratively for over 4 of 5 years, then the voting contest will deliver not even 3 bits (one out of 6).
            However, during those 4 or 5 years, there are many many more issues that should be a genuine choice of the people, and the choices in the programs of the candidates (under the rather illusionary hypothesis that candidates would really want to put their program as presented to the voters, to execution, and that this is not just a piece of propaganda to obtain your vote) are manifold in comparison to these 3 bits of choice for the people.
            For instance: the items could be something like:
            – increasing or decreasing fiscal pressure (and the distribution of fiscal pressure)
            – foreign politics (different aspects)
            – different choices in social security/health care
            – different choices in personal freedoms like weapons
            – different choices in education
            – different choices in ecological rulings
            – different choices in market regulation
            – different choices in financial regulation
            Even just the matters of principle (not even entering more technical details) represent many more bits of information than can be given by those meager 3 bits in the vote for a candidate.

            The power of the people can be measured by how much actual information in the law system came from the people. In the current systems of elective aristocracy, this is somewhat higher than in the ancient regime (where it was zero), but it is still a negligible affair.

  26. I am not trained in logic, but I recall something about strawman arguments. Sort of means using an argument that isn’t really relevant to the issue at hand in order to win the real argument. In this case that being the government can’t be trusted…. what the heck does that even mean, we (all of us) trust the government in a multitude of ways. Our very lives and quality of life depend on the government. Should we eliminate our military, because with all those guns and bombs they will declare martial law and enslave us? Yep, they (whoever they are) might do that, but what is the alternative, anarchy? Yep, the govt abuses it’s power, no doubt about it. That is why we have a system of law and checks and balances so as to empower the individual to curb that power. Further, in regard to this fearfulness over govt abuse of our privacy, it can do so anytime it wants (assuming we the people allow our government to enslave us). Rather, what is happening is the political process works. Our government (all of us) is trying to deal with an escalation in technology that empowers criminals and terrorists, and still protect all of us from abuse. No different than the restrictions on using the military domestically. We have laws against that, and they work. We also have laws about wire taps, and illegal seizures, and a host of things, and those laws work.

    I submit that we stop talking about not trusting our government, and instead talk about how to empower our protectors to protect us. There has been mention of individuals just using alternate encryption methods. That is a non-issue, just make it illegal to do so. Likewise it is illegal to own machine guns and hand grenades to protect ourselves, we must rely on the govt. and that means sometimes we die when we didn’t have to. So yep, no doubt, some criminal will take advantage of us by illegally accessing our info. Such is life. Lets do all we can to insure our protectors have the tools to track down these criminals.

    • “There has been mention of individuals just using alternate encryption methods. That is a non-issue, just make it illegal to do so. ” – It isn’t a non-issue at all and it making it illegal to possess encryption software would have zero impact on the bad guys’ ability to obtain it. Consider, for example, the effect that Digital Millennium Copyright Act provisions have had in relation to apps that can break the copy protection. Section 1201(a)(2) of the DMCA makes it illegal to develop or distribute apps that can break copy protection but that does nothing to prevent companies outside of the US from developing and distributing such apps and, consequently, it’s still as easy as it ever was to obtain an app to strip the copy protection from a DVD or MP3.

      • I had in mind a far more draconian consequence for violation of such a law, thereby making the deterrent workable. re the DMCA et al, such laws are really about protecting commercial interests, and fraught with ambiguities, leading to conflicting outcomes. I for one welcome the loss of power to the middlemen profiting off intellectual property of individuals. I am also confident technology will lead to a solution whereby individuals can be properly compensated for their efforts. All that is needed is an unambiguous solution that pairs up the user of a such, with the originator of such, and a mechanism of guaranteeing payment. To use a crude (and in great need of improvement) example is the IRS matching up all income with recipients, and extracting a fee. The DMCA was nothing more than a bald-faced effort by greedy middlemen to protect their pocketbooks, often at the expense of the actual artists. As is proper in a functioning free market, unreasonable laws are scoffed at, at least by those who are willing to take up the fight (and the short term consequences). The Boston tea party comes to mind here … ;)

        A better example are the laws against private ownership of military grade weapons, something we just take for granted, but functionally no different. Violators of those laws will be ruthlessly suppressed, by the full power and might of a sovereign nation, and rightly so, with my full support. The DMCA, not so much.

        • “A better example are the laws against private ownership of military grade weapons, something we just take for granted, but functionally no different.” – And yet the public is still able to obtain illegal weapons. Similarly, at one point in time, we had a law that prohibited, “the manufacture, sale, or transportation of intoxicating liquors within, the importation thereof into, or the exportation thereof from the United States.” But that didn’t stop people getting their hands on alcohol. They either bought illegally imported alcohol or bought their own.

          I can’t think of a single instance in which a government had been able to stop people getting their hands on something, whether it’s weapons, alcohol drugs or apps that break DRM.

          And the situation is exactly the same when it comes to encryption. Were the US to make unbreakable encryption illegal, people would either import (or, more accurately, download) it from a country in which it wasn’t illegal or brew their own. The only people who would be hurt by weakened encryption are the honest folk.

          • A similar scenario existed not so long ago, where it was illegal to export strong encryption programs from the US. So in order to get a copy of PGP in another country, you only had to go to a mirror server which had the same software, slightly modified, in a way not affecting the working code, to make it the “international version”. If the governments can’t stop physical contraband such as alcohol, drugs or weapons, stopping illegal trafficking of software is infinitely harder. The sharing of software eg. music and movies dwarfs any amount of physical contraband and is virtually unstoppable and probably un-slowdownable.

          • I recall that someone printed the code for the core algorithm (might not have been PGP specifically, but something equivalent), and wore it when leaving the country. Technically he was wearing “munitions”.

            It’s why there was an “International Version” of Internet Explorer for many years. Https itself was, if I recall correctly, also impacted.

        • Rendering illegal cryptography is equivalent to rendering illegal parts of mathematics. It is simply impossible to render cryptography illegal without having such a deep impact on the liberty of thinking and expressing yourself, that The Ministery of Truth would be a joke compared to the world you would live in.
          After all, cryptography is nothing else but a specific calculation. The lines of code that implement such a calculation can be written in myriads of ways, by any programmer who has a basis in number theory. The exact specification of how the calculation should be performed can be found anywhere. Hell, they are even NIST normative documents ! These lines implementing these calculations represent only a few pages of code. How would you enforce such a law that renders it illegal to have a few lines of code that does calculations on big numbers ? You could just as well try to outlaw all pieces of code that calculate the number pi.
          An encrypted disk looks identical to a disk full of random numbers. Would the possession of random numbers be illegal ? Would every piece of noise signal be illegal ?
          If your house is raided, and disks full of random numbers are found, what are the accusations that would be brought in against you ? The possession of random numbers on a disk ?
          The fact that you have a few books on number theory ? The fact that you have a print out of a NIST public document ?

          This is the nice thing about cryptography, that makes governments and other violence-based power bastions grince their teeth: it is just mathematics. You cannot outlaw mathematics.

    • “empower our protectors to protect us”

      I don’t think for a minute that governments have the intention, nor the ability to protect the people. At most they want to protect themselves and their power (“protecting the state”). After all, concerning Islamic terrorism, this has been rooted in the US and other western government interventions in the middle east since more than a century. Governments have been creating islamic terrorism from A to Z. Their intentions, at that point, were not to “protect the people” but rather to increase their power.

      At a certain point, governments want to protect themselves from the people over which they rule. Crippling people’s abilities to hide data and communicate securely without the government being able to find out is part of that defence of the government and their power against the people.

      I think you should see the “protection” from government the same way as you should see the “protection” offered by the maffia to the people they extort.

      • Patrick, I don’t know where to start, are you promoting anarchy? Would you really disband our military? what would you replace government with? How would you protect yourself and your family from the warlord down the street? You sound very passionate about the uselessness of government, I am really curious what your alternative is?

        • @ Joseph
          I’ll try to give a succinct answer, although we’re getting very off topic.
          I think anarchy is an utopic ideal, that is unreachable because the state is an unavoidable evil. Not a necessary, but rather an unavoidable evil. So one has to learn to live with it. Even with bad guys, one can do business. But one has to keep in mind that it are bad guys when doing so.
          As such, my political ideal is a minarchy: the strict minimum. As all ideals, it is just that. Not something you really count on realizing, but rather some “calibration model” to check change against, whether it goes in the right or the wrong direction.
          “the warlords down the street” are just another form of government, in principle not different from the official government, with same working principles and dynamics. The only reason why a government is unavoidable, is that if you don’t have one, the biggest muscle in town will become one. So you need to fill up the vacuum, but only because otherwise the vacuum will get filled up in an uncontrolled way. It is the only use of having a government: avoiding that another government gets installed that’s worse. This is why I say that it is an unavoidable evil. One needs a government to fill in the hole that will otherwise anyhow get filled up.

          Everything else that a government does, can always be done *with mutual agreement* instead of using force to impose it and when done with mutual agreement, it will always be better.

          Let us not forget the historical origin of government: government appeared when production got specialized when farming got invented. This was the basis of the first kingdoms. For the first time in history, it became lucrative to extort the productive farmers, and amass huge wealth for a governing elite: the aristocracy. With this amassed wealth taken from those that were productive, the aristocracy built armies to ensure their supremacy over the productive people, and went to war with the neighbors. As the neighbors had kings and armies too, the king and their army justified their existence because they “protected” the people. In many cases, the other justification was religion. From the Pharaoh that was himself a god, to the Christian kings that were king by the grace of God, religion was part of the justification of the existence of government.
          The aristocracy “protected” the people, the religious “prayed for” the people, and they all took the wealth produced by those people. A “fair deal”.

          This has remained so. The only change that came with the French revolution was that the story with “by the grace of God” was replaced by the “mandate by the people” in a voting contest, and that aristocracy wasn’t hereditary any more, but one that has a few aristocracies alternating on the basis of a “random generator” called elections. The introduction of this competition between a few aristocracies has nevertheless had a seriously positive effect on weakening the power of the state over the people. But one shouldn’t forget the fundamental nature of government. It hasn’t changed since the first kingdoms. Power over people is its basis.

          So I’m not pleading any kind of revolution, but just an extreme distrust and wariness of every little bit of power to the government. The less, the better.

          To paraphrase a misogynous saying: “beat up your government every evening. If you don’t know why, they will know” :-)

          • Thx Patrick, appreciate the response, nothing there I can disagree with. I suspect the difference in our approach is one of perspective, I tend to be a very pragmatic problem solver, in this case lesser of two evils (as you sort of alluded to as well). Your presentation was skewed toward an idealism which I agree with. I have no doubt govt will “abuse” it’s power, kind of a given. However, govt (and it’s ability to project power) is the only means available to me for personal protection and an orderly society. My arguments stem from that understanding, and why I am willing to forgo empower the govt to have access to my privacy, and hope the body politic (all of us) exerts enough political power in return to minimize abuses. We have to start from some basic assumption or problems don’t get resolved very well. My assumption is that enabling communication security for criminals and terrorists is too much of a force multiplyer to allow. It demands a response. Penetrating enemy comms is generally vital, even a prerequisite to victory. So from that assumption, we lay to rest any discussion of whether govt “should” be able to have this ability, and instead, expend our energy and focus on solving the problem.

            On a side note, arguments railing against the evils of “govt” always puzzle me. It is sort of like yelling at myself in a mirror. Patrick is the govt, Joseph is the govt, we are all the govt and we get the exact govt we deserve…. that applies to all govts, over all the eons. You cannot expert power over people who refuse to comply, you can kill them but that is all you can do, then you have no one to exert power over. Further it is nigh on impossible to exert power over an entire population if they decide to resist, hence civil wars et al. At the end of the day govt is nothing more than group dynamics, and the application of power… really no different than a bully picking on anyone he thinks he can bully. All human interaction is at it’s core power bases, do what I say or I will kill you. Just the law of the jungle and the reality of individual self-aware lifeforms. The real problem of abusive govts is the irresponsibility of the governed to apply checks and balances. Although dispersed, the governed have far more power than the govt., simply by virtue of numbers. That is changing of course as we develop technology that can multiply force so much that those who control military assets can intimidate huge numbers of people. That is why it is essential we the people responsibly step to the plate and exercise our control over our govt minions (and brothers). Every single one of us needs to be fully informed, engage in vigorous dialog, and use the power of the vote to insure those we place in power do the will of the people. However, as you and I both know, that does not happen, so we get the warlord govt we deserve. That is the real problem, and I don’t know that there is a solution, human beings just seem incapable of personal responsibility on that order…. I dunno maybe it is a species genetic defect of some kind …. shrug….

            Anyways, I agree minimal govt is best, I am a republican for whatever good that does me, and I am disgusted with our “warlord” (as well as all my fellow brain dead citizens), but all things considered it is the best choice of all alternatives, so I am inclined to support it’s efforts to combat all the other warlords seeking my blood…so to speak.

          • “On a side note, arguments railing against the evils of “govt” always puzzle me. It is sort of like yelling at myself in a mirror.” – Not at all. As Patrick said, we are not the government: it’s a separate entity and one that will not necessarily act in our best interests. As Patrick also said, government and economic systems have, since their inception, been structured to transfer wealth from the majority to the minority – and to protect the interests of the minority.

            Take financial inequality in the US, for example. According to Wikipedia, “In 2011, financial inequality was greater than inequality in total wealth, with the top 1% of the population owning 42.7%, the next 19% of Americans owning 50.3%, and the bottom 80% owning 7%.”

            Assuming you’re in that bottom 80%, do you really think the government is acting in your best interests?


          • Ray..Assuming you’re in that bottom 80%, do you really think the government is acting in your best interests?

            Yes, it is quite possible. It is about assumptions vs reality. The assumption we are all supposed to be “equal” is not true. Not true in the sense that you can observe this in nature, or natural law. It is a construct arising out of the many factors relating to how can individuals co-exist so each survive. The proof is too long for this venue, suffice to say most of us understand viscerally, and genes have evolved accordingly, that we need each other to survive. ie it is in our best interest to give up a little in order to have anything at all (survive). So we cooperate socially. However, that only goes so far, most of us are quite willing to survive in greater comfort and resources than our neighbors, and so the struggle goes. The outcome and distribution of “wealth” will be determined by many things, our own individual strengths, as well as group dynamics as allegiances ebb and flow. There will be a distribution, as you noted. However, regardless of where you are in that distribution, and whatever govt is currently in power, the fact is you are alive, and protected from anarchy. That has value, and to some extent is in fact the govt acting in your interest (albeit perhaps not “best” in every sense). Since at the moment we are discussing govt protection against threats to our physical well being, every stratum of society is benefiting. Addressing economic inequality, and the govt role in favoring a given % is a discussion for another day, and a problem also begging for solution before undesirable consequences ensue.

            BTW… such a solution is not fair based, fairness has no place in govt policy, it is an ephemeral concept, and very much in the eye of the beholder, a useless concept, but a useful tool in manipulating public opinion to one’s “selfish” view. The standard for government policy should strictly be based on what best ensures social stability, and long term societal survival. I submit attempts to eliminate inequality are counter-productive without a firm understanding of the actual societal outcomes. Further, I am sure there will always be disparity, and that such disparity is essential to our survival. Personally, I think the current disparity is not healthy, and (without proof, just a gut sense), there should be no more than … um say a 10-20 fold difference between the top and bottom of the human heap. If (in monetary terms) a $50k annual income assures a comfortable middle class life, then I would structure society such that $1million is the maximum annual income for an individual. Net worth is a little more relaxed, but favors those who have invested wisely and dispose of their wealth in socially beneficial ways.

          • “Personally, I think the current disparity is not healthy.” – And I think pretty much everybody feels the exact same way – except, maybe, the top 20% who possess 93% of the wealth and, of course, the 400 wealthiest Americans share between them more wealth than 50% of all Americans combined. It would be extremely easy to address this imbalance too via things like modifications to inheritance and income tax rules and mandated salary caps. And yet we – or, more accurately, the government – make absolutely no attempt to address the disparity. Instead, the government allows working people to die prematurely or to be bankrupted and lose their homes because of medical bills they cannot possibly afford to pay while a small minority of people amass more money than they can possibly spend in their lifetimes.

            We all know that it’s a problem and yet government makes zero attempt to address it. Why? It’s because government doesn’t act in the best interests of the majority….

          • To try to bring the discussion a bit more on topic, and one of the core arguments, is the following. The comment:

            “You cannot expert power over people who refuse to comply, you can kill them but that is all you can do, then you have no one to exert power over.”

            is based on a few suppositions, because it is easily contradicted by historical fact: many people have been, and are, suppressed by very repressive governments. The Soviet system has been in place for almost a century. There is North Korea. There are many dictatorships around the world, where it is *pretty obvious* that people are violently oppressed. So the idea that if people refuse oppression, they cannot be oppressed, is factually contradicted with many examples. A relatively small elite can keep entirely in its power entire nations, with a military force that isn’t necessarily insanely huge.

            And what is the secret to that power ? It is not huge weaponry or military. It is oppressing dissident voices from the start. It is surveillance of communication and severe punishment for the slightest emission of a critical voice.

            This is why, in an age of electronic communication, it is of utmost importance for the *power of the people* to be able to communicate without the possibility of government surveillance. The secret to successful oppression is the crippling of dissident communication. It doesn’t reside in a huge police force or a huge military. Do efficient dissident communication surveillance, kill every little bit of dissident communication from the start, and your oppressive reign is guaranteed.

            Of course, the price to pay is that the “bad guys” can also communicate securely. Is that a problem ? As I pointed out, I don’t think so. “terrorism” is a very minor inconvenience when compared to state-propagated killing and violence. But is it also a minor problem compared to other technological death that we accept for the sake of comfort (such as the 1.2 million death by transport accidents every year in the world). The number of death by state-induced wars is orders and orders of magnitude larger than the number of death by “terrorist attacks”. Terrorism is a non-problem.

            In fact, I would provocatively go as far as saying that it is somehow reassuring that terrorism sometimes works out. It means that resistance is still possible. I’m not endorsing (at all!) the horrible acts of terrorists killing innocent people, but the fact that they succeeded, means that the state-oppression machinery is not total yet, and that the same tools used by terrorists are still available to the people the day the government goes totally rogue. And I repeat that, in as much that every innocent victim of a terrorist attack is sad, the number of such victims is insignificant in comparison to the number of innocent death made by states. So in as much as terrorism would be a problem, states would be a problem orders of magnitude larger.

          • I think we mean the govt “should” act in the best interest of majority, not that is actually does. Since “we” are the govt, like it or not, the onus (and failure) falls on our shoulders. The success (or failure) of a government is directly correlated to the actions of the majority. If that majority opts out (so to speak), govt will reflect the wishes of those most successful in acquiring control, and they will reward themselves accordingly.

            In fact one could argue the top 20% have the success they do because they are the most qualified to look after the rest of us, and we get what we deserve, and no more. Personally I wouldn’t argue that way. Rather I would argue we have less because we have done a poor job of exercising political power. To some extent the disparity is a consequence of genetics, I suspect there are psychological factors involved. Sort of the wolves sheep model. There are far more sheep than wolves in this world (or prey and predators), generally an 80/20 split, and the wolves control the sheep. Perhaps large numbers of people (the sheep) are simply not psychologically programmed to wield power, and simply defer to those who do seek power, and we end up with the inevitable disparity observed all societies.

            Frankly I cannot see any possible reason after I have acquired my first five or ten million, to continue to spend the remainder of my life just acquiring more, consuming it frivolously, and/or engage in endless machinations to exert power over others… essentially a slave to their appetites. In the meantime neglecting family, friendship, personal growth, enjoying life, squandering away the only thing of value we all actually have…our time.

          • That is a good analysis Patrick, and I don’t necessarily disagree. My comments about populations veer from my usual pragmatic nature and are more idealistic I suppose. I would hope populations could rise en masse simply out of reaction to oppression, a kind of give me liberty or give me death phenomena. Keep in mind that oppressive governments do perish, all of them. Whether it be by revolution, or the reaping of what their oppression sows, a less productive populace.

            The same will happen to the semi-democratic model our species is experimenting with now here and there. That model clearly favors a more even distribution of wealth, but still is vulnerable to the dark side of government, the gradual enslavement of the populace by the ignorant wolves. I really don’t think having secret encryption is going to help the masses much, the problem is apathy (or sheep mentality).

            Frankly, I am pretty sure we are doomed regardless of what we do, unless a sufficient number of wolves (and there are some) become enlightened to the fact they are better off with less disparity, and they go to war (and win) against the wolves who don’t get it. IMHO, the best strategy for the sheep is to educate and persuade as many wolves as possible to that truth, and try with whatever support the sheep can muster, to empower the “good” wolves.

            It is equally fascinating and depressing to watch this play out in America, we are the only real hope for a healthy egalitarian world. Personally I have no problem with the wolves running the show, I just want them to be enlightened wolves, then they will act in the best interests of the majority, because it will benefit them the most to do so, satisfying their wolf-ly desires. There is a lot more to this, but I think the encryption question has run it;s course. For better or worse, I have to come down on the need to empower the govt we have is more important to my well being, than some need to collaborate clandestinely with other sheep to take out the wolves. If our govt goes completely rogue and wants to enslave us, encryption is going to be of little use, as the borg say, resistance is futile. If we are really going to turn this around, it is going to be done in the open using the real game changer available to us… the internet, and therein is the tool to collaborate, share information, and effect change at the ballot box…. as well as outing govt abuse, so we can come together and resist it with the only tool that really counts, the power of the ballot.

          • I said it before, but we are not the government. It is not because there’s a funny voting contest every so many years, where you are allowed to fill in a single vote, that this puts you in power. Voting is not much more than a kind of random generator that gives alternatively the executive power to one of a few aristocracies (also called political parties).

            As long as there is a selected group of people that can propose and vote laws while most people cannot, that first group is (by definition) an aristocracy. Whether they forced the people to give them a mandate or not (out of an election *always* comes a mandate for an aristocracy, no matter how many people decide not to vote for instance), based upon a per-election discourse that has no legal binding at all, the people are not in power. There is not much difference between “God said that I am the king”, and “I have a people’s mandate”. They are simply two ways to make the people accept the government power.

          • well. governments don’t spring out of nothing, they are a subset of a population. Whether the subset seizes power by force, or by popular acclaim (some form of consensus, ie voting). Just as assuredly, they maintain rule, by force or consensus. I submit, though our govt has the means of force, the actual individuals remain in power by consensus. Unless you believe our system of granting power is rigged (possible on occassion, but not as an absolute), then we the people definitely have the means to choose different individuals, so the power of mandate is in the hands of the populace. in a less democratic circumstance power is still in the populace if they can acquire sufficient force and numbers to defeat the rulers. Although that just usually means some other flavor of tyranny takes over.

          • @ Joseph
            The problem, as I see it, with elective aristocracy (which we call “democracy”) is twofold:

            1) only people who got through a strong “aristocratic selection process” are *realistic* candidates. By this I mean (a) that before you really are going to be a candidate that can potentially be in power, you have to seduce/buy/convince one or other established aristocracy (political party) and hence be “one of them” and (b) people will only vote for a candidate they expect to be able to win, be it to *avoid* the other candidate, as they don’t want to waste their vote on a guaranteed looser. So only aristocrats can be realistic candidates. Yes, there are sometimes freelancers. They stand no chance. They only give, by their defeat, false credibility to the mandate of the elected. People didn’t really choose the elected one over the freelancer. They just didn’t want to waste their vote on a guaranteed looser, to find out that the candidate they disliked more, got in power finally. So voters will vote for the candidate they dislike the least of which they think that he can win. Not because they endorse him, but because they want to avoid more the other candidate.

            2) candidates can tell you what they like before the election. There is no legal or other binding between what they tell you they want to do, what they tell you is their agenda and their goals, and their real agenda and goals they set out to achieve once elected. There is no binding contract between what has been said before the elections, and what is actually done (public and hidden) once elected.

            I like to compare the mandate of elected officials to having to choose your executioner as a group. There’s the guy that wants to torture you slowly to death, there is the one that wants to chop your head off in one go, and then there are a fifty others that want to set you free. However, the first executioner has for sure already 3 votes, say. As you want to avoid by all means to be tortured slowly to death, you’ll vote for having your head chopped off in one go because you’re afraid that if your group’s votes get distributed amongst the 50 guys wanting to set you free, that none will get more than 3 votes and that all of you will be tortured.

            Does that mean that you really democratically decided to get your head chopped off ?

            Moreover, suppose that you vote for one of the guys that promise you to set you free. Once elected, he might decide that after all, he wants to torture you. His “setting you free” was only an electoral promise to get your vote.

          • “The power of mandate is in the hands of the populace.” – While that may be the theory, it’s not the reality. Realistically, you can’t run an election campaign without the backing of big business, and you’re not going to get the backing if you plan on doing something radical – like, for example, addressing the issue of income inequality by stripping money away from the CEOs and shareholders of those big businesses.

            I’ll say it again: *we* are not the government and *we* have extremely little control over the government. Your only role in government is to choose between a very small number of (usually exceptionally wealthy) candidates, each of which is bankrolled by big business. Once elected, those people are directed by unelected policy advisors and influenced by lobbyists in the employ of (again) big business. Who do you think really holds the power in this equation?

            “The assumption we are all supposed to be “equal” is not true.” – Indeed. We’re not all cut out to be the CEO of a Fortune 500 company – in fact, it’s impossible for us all the be CEO. Obviously, there needs to be bosses and workers – and there needs to be more of the latter than the former. However, that doesn’t mean that such enormous income inequality needs to exist.

            “In fact one could argue the top 20% have the success they do because they are the most qualified to look after the rest of us.” – But they don’t look after us, do they? The reality is that *they* build enormous wealth while *we* die because we cannot afford medical care. An interesting tidbit for you: even though the tax rate supposedly increases with earnings, you pay a higher percentage of your income in taxes than somebody in the top 20% – and somebody in the top 20% pays a higher percentage of their income in taxes than somebody n the top 1%. To quote a study by from the Institute on Taxation and Economic Policy: “On average, the poorest 20 percent of taxpayers nationwide pay more than double the effective tax rate paid by the richest 1 percent of households (10.9 percent v. 5.4 percent).”


            Let me ask you this: if *we* are the government (as you say) and *we* feel that income inequality is a problem, why isn’t it addressed? The answer is that It isn’t addressed because *we* are not the government…

  27. The government or law enforcement agencies are welcome to search my phone or computer but I am very much against back door entry without my permission or knowledge.

  28. Great introduction, Leo, to a great debate about balancing our individual right to Privacy (something we all appear to care about) and our right to safety (something we know we humans unite in societies for). To the question I read as “Are we for or against giving the FBI and other elected officials a back door ?”, you provide three convincing arguments to side with the Ask Leo opinon and reject the FBI demand on Apple. I read these three reasons (A, B and C) as:

    (A) [Are we] trusting that the key will always and only be owned by the right people ?

    (B) [Are we] trusting that whoever had the key will only use it for its intended purpose ?

    (C) Good encryption already exists.

    I agree to all three arguments, but believe we are not done with it and its consequence on our individual safety. It seems to me your presentation to the case might be oversimplified, and as such biased in the sense that the FBI may not request an actual back door as your presentation suggests but only a sterilized and still steep back door (“Steep Sterilized Back Door”) which would still require to the FBI:

    (1) After due legal process, to secure a decision to the effet of authorizing them [the FBI] to actually benefit from the Steep Sterilized Back Door as defined above; and

    (2) To then use the efforts required to brute force an encryption key using the most expensive available computer time and skills.

    Let us take these three arguments (A, B and C) and two objections (1 and 2) in order.

    Three arguments:

    (A) “[Are we] trusting that the key will always and only be owned by the right people”. I agree with the argument. I agree I cannot *entirely trust that [the key will always and only be owned by the right people]. However, I can trust that [the key will always and only be owned by the right people] for minor stuff, but *only for minor stuff. As far as major stuff is concerned, I believe in investing more in security. This argument has already been presented above. To give an example: as long as I have few valuables in my home, I can rely on cheap locks, cheap keys, cheap armored doors if any and cheap associated detection if any. If I own the Mona Lisa (la Joconde) or an equivalent extraordinarily expensive painting or any other expensive good, tangible or not, I am ready to accept the need to invest in better detection, prevention and protection devices, against more certainty that the social contract I am a part of will be efficient at ensuring my security. That means I am ready to compromise with the elected authorities (with *my vote, for or against, irrespectively) in such a way that they (these elected authorities) will be better at catching the bad guys and indirectly protecting me. Of course, if I was a bad guy (not benefitting from the protections offered by the social contract), I would invest in maximum protection for my privacy and vote for a weak social contract (vote for weak authorities). The assumption I make in my objection here is therefore that the bad guys are not a majority of the voters, which I believe is true for France where I live, or for the USA where a large proportion of Ask Leo! contributors possibly live. Were I in a rogue state (were I a North Korean, may be also simply Kurd or Muslim Shia), I may have another opinion and may lack the alternatives I currently enjoy being French and residing in France.

    (B) “[Are we] trusting that whoever had the key will only use it for its intended purpose. I agree with the argument”. I cannot *entirely trust that [whoever had the key will only use it for its intended purpose]. However, I can trust that for minor stuff, but *only for minor stuff. As far as major stuff is concerned, I believe in investing more in security. The same argument as above goes here. I do not only want privacy for myself, but do also participate to a social contract in which I can reasonably rely. I believe in paying the authorities a just remuneration for what they commit to do for me, and to trust them to this extent. Again, Were I in a rogue state (were I a North Korean, may be also simply Kurd or Muslim Shia), I may have another opinion and may lack the alternatives I currently enjoy being French and residing in France.

    (C) “Good encryption already exists”. I agree with the argument. this states the limit of what I can expect from the authorities: my private data, contained in my iPhone (an Apple device) or whatever other device, must be granted the same level of protection as the one the bad guys, when they use third party good encryption, enjoy. NOT LESS. To this extent I agree with the argument. However, do I want MORE protection than the one offered by freely available tools outside Apple, Google, Microsoft or the equivalent powerful private corporations (“Big Private Corporations”) ? My answer to that is NO, I do not want MORE protection that the one offered by freely available tools outside Big Private Corporations. I am ready to give a reasonable level of trust to these Big Private Corporations, but certainly NO MORE that what I am ready to give to the elected government of my country. After all, I have a vote for my elected officials, I have none to vote for the Directors of these Big Private Corporations; and their country of incorporation, where I can sue them may be, or become, irrespective of my desire, rogue, corrupt and/or untrustworthy.

    Two objections:

    (1) “After due legal process, to secure a decision to the effet of authorizing them [the FBI] to actually benefit from the Steep Sterilized Back Door as defined above”. What is a Steep Sterilized Back Door ? I vote for my elected authorities, I do not vote for nominations at the board of directors of the Big Private Corporations. I therefore trust my elected government, its objectives and its legal process MORE that I trust the objectives and decision process and the Big Private Corporations. I therefore offer the opinion that, as much as I would deny my elected government access to any back door easier to decrypt that a Steep Sterilized Back Door, I would trust my elected officials to enjoy against the bad guys of a Seep sterilized Back Door (or any back door harder to implement that that). After some reading and like some previous posters like H Davis, I want to believe (not being sure) that what the FBI currently requires from Apple in the current case is a Steep Sterilized Back Door and no better to them than that, then argument (C) is, for me, defeated and my vote goes in favor of the FBI argument. Otherwise, should the FBI require an easier back door that the Steep Sterilized Back Door, my vote would go against the FBI argument and in favor of the Ask Leo argument.

    (2) “To then use the efforts required to brute force an encryption key using the most expensive available computer time and skills”. This is what is required using as a standard the encryption key and associated protection offered by freely available tools outside Big Private Corporations. In pursuit of my own protection against bad guys, I accept that my elected officials must be able and authorized to use such amount of efforts to access the bad guys’ private data. No more. So I have no justification for wanting to make it harder for the authorities to access my private data contained in my iPhone. So I have no justification for allowing Big Private Corporations to enjoy and provide their customers (me and possibly the bad guys) a level of protection any greater than the one offered by a Steep Sterilized Back Door.


    All in all, I side with the minority and courageous opinon Joseph above may already have prudently suggested, I believe in offering the FBI the right to enjoy the benefits of a Steep Sterilized Back Door access to my iPhone or any similar device proprietary to a big Private Corporation. No more than that, no less than that. As my country is France, I agree to the same standard for my elected authorities. Were I in a rogue state (were I a North Korean, may be also simply Kurd or Muslim Shia), were I in a state I would not trust, at all, I believe I would nevertheless not (repeat NOT) have any better alternative. After all, why should I trust more the Big Private Corporations (which are not even registered in my country and are registered instead in a country which could be, or become, irrespective of my desire, rogue) more than my own government, as rogue, corrupt and untrustworthy as it may be.

    So, if the question is “Are we for or against giving the FBI and other elected officials a back door ?”, I side with the Ask Leo opinion. However if the question is more precisely formulated as “Are we for or against giving the FBI and other elected officials a Steep Sterilized Back Door”, then I would disagree with the Ask Leo opinion and side with the FBI instead.

    • “After all, why should I trust more the Big Private Corporations (which are not even registered in my country and are registered instead in a country which could be, or become, irrespective of my desire, rogue) more than my own government, as rogue, corrupt and untrustworthy as it may be. ” – Whether or not we should trust the US, French or any other government isn’t the question that should be asked. The question that *should* be asked is whether or not we should deliberately weaken the security systems that are used to protect data – and creating a backdoor *would* be weakening them.

      Consider this: what sort of security do you want your bank to use to protect your data (and money!)? Do you want it to be able to use the strongest security possible, or do you want it to be forced to use security that’s been deliberately weakened by the inclusion of a (potentially) exploitable backdoor? Do you want the company you work for to use the best possible security to protect its intellectual property – which could be worth millions – or do you want it to have to rely on security that’s vulnerable by design?

      I used this quote (from a recent news story) previously: “The Justice Department says that the scale of China’s corporate espionage is so vast it constitutes a national security emergency, with China targeting virtually every sector of the U.S. economy, and costing American companies hundreds of billions of dollars in losses — and more than two million jobs.”

      To combat this problem, we need security systems that are as strong as they possibly can be, not ones that have been deliberately weakened. As I said above, if we create security systems that contain backdoors, the bad guys will eventually step through them.

      • Yes yes Ray. I sided, I still side with you in what you say about the harmful effect -to me- of backdoors. I thank you for pointing out to me the fact I was not clear enough in my long argument. The core is in argument (C) “Good encryption already exists”. That is THE de-facto and always changing standard. I do not want to coerce the Big Private Companies to help the authorities to fight against that good encryption, which I qualified as being encryption available through freely available means (including as developed by rogue countries or as developed by rogue corporations) but not including those developed by Big Private Corporations. I just feel the authorities should not allow law-abiding private corporations (my “Big Private Corporations”) to privately (under the protection of intellectual property laws) market better encryption techniques than those freely available on the market; and be authorised by all legal means (which obviously includes passing ad-hoc legislation) to compel these Big Private corporations to assist the authorities, subject always to due legal process, to place the police and the prosecutors on the same footing with regards to decrypting my private data as the one they are, or would be, facing when the bad guys (or me) are using the best available encryption technologies.

        I believe that there is and should be no exception to the prohibition to kill (a “Kantian” concept). Opposing to the authorities a bigger obstacle in accessing private data owned by bad guys than the obstacle the authorities already face when the bad guys use good encryption already available, thus restraining the authorities’ means to oppose crime is not IMHO the right thing to do.

        I do not address technological means to attain that aim. Others can do that better than me.

        • “Opposing to the authorities a bigger obstacle in accessing private data owned by bad guys than the obstacle the authorities already face when the bad guys use good encryption already available, thus restraining the authorities’ means to oppose crime is not IMHO the right thing to do.” – I agree, however, it’s technically impossible to accomplish. Unbreakable encryption already exists and cannot be made to “unexist.” The only people who would be impacted by weakened iPhone security is honest users who have nothing to hide. The bad guys would simply use alternative encryption mechanisms.

          • By making the use of any non-approved encryption illegal itself, law enforcement and/or military assets put all those using such, out of business. The very use of non-approved encryption establishes a criminal act, opening the doors to the full use of all resources to further investigate what is behind those obscured doors. That is not the case now, and why encryption is so useful to criminals and terrorists, they hide right in the open amongst everyone “legally” using whatever encryption they want, because the default assumption is (and must be) the use is benign. By drawing a line in the sand we can easily then separate the bad guys from the rest of us. True? This is what governments are for, to exercise power we cannot do as individuals, to protect (all of us) against societal predators.

          • “By making the use of any non-approved encryption illegal itself, law enforcement and/or military assets put all those using such, out of business.” Sorry, but that’s wishful thinking. The Computer Fraud and Abuse Act and the Electronic Communications Privacy Act haven’t put hacking groups out of business and the CAN-SPAM Act hasn’t put spammers out of business.

            “By drawing a line in the sand we can easily then separate the bad guys from the rest of us. True?” – We already have numerous lines in the sand – called laws – but that doesn’t stop the bad guys from crossing them.

            As I said before, weakening security would only hurt honest people. It wouldn’t impact the bad guys at all.

          • @ Joseph:

            Here is such a “criminal program”:

            here is another example:

            Anyone with some programming skills and some understanding of number theory can *understand* this algorithm, and write it down in many variable ways.

            How are you going to outlaw a few lines of code that any one with some programming skills can re-write the way he likes ? Is “writing code” now something that becomes illegal ? Is the use of certain algorithms on your very own data on your very own computer going to be rendered illegal ? Are certain mathematical operations going to be illegal ?

          • I am not even remotely qualified to have a solution. I “assume” whatever technology allows, technology can defeat. So I assume if encryption (other than legal) were being used, it could be identified and investigated. If the consequences are serious enough, the deterrent will work, few (and less and less) individuals will waste time developing or deploying illegal encryption solutions. I don’t know, but I assume there is information which simply being in possession of on computer or whatever, is illegal. a more obvious example is porn being legal, but child porn not. Perhaps someone has child porn on computer (for absolutely no deviant reason, maybe some kind of research or whatever), the mere possession of such is a crime…right? So.. I dunno, possession of math algorithms relating to encryption would be a crime. is that a problem? If there are legitimate reasons to have such things for research and such, fine, get a permit, register yourself and your scope of work and have at it. I admit, this thread is an exploratory one, just adding my thoughts to the mix, and perhaps such identification is unworkable because these “fingerprints” are inherent to programming an cannot be separated out. However, moving up the ladder, NSA (the bad guys …sic..) can have filters that identify any use of unapproved encryption in communications (assuming we deploy infrastructure that examines all communication channels).

          • @Joseph – encryption is absolutely essential and a critical component of modern life. In fact, it secures pretty much every form of electronic transaction. Signing into a website, making a cell phone call, sending an email, withdrawing cash from an ATM, using a credit card in a store, shopping online, etc., etc., etc. – all use encryption. And, of course, it’s also used to protect corporate and government data, secure wireless networks, protect passwords, etc., etc. etc.

            Do you really think it’d be a good idea to start providing governments with backdoors into all of those processes? Note that I pluralized “governments” – it wouldn’t only be the US government that had access to the backdoors, other governments would require/demand it too. And then there’s the matter of who those governments may – intentionally or unintentionally – disclose the workings of the backdoors to as well as the possibility of other people working out how to exploit the backdoors.

          • @ Joseph
            Why government-back doored encryption is absolutely fatal to democratic control. One recent example: Edward Snowden. Without non-government back doored encryption, we would never have heard of him. He would have been a dead corpse since long and would never have gotten his message out. I think you can count Snowden amidst people such as the resistance leaders against the nazis in occupied Europe during WW II. He exposed part of the rogue state.

            If we want more people such as Snowden to succeed their democratic mission of resistance, then watertight encryption is an absolute necessity.

            If I were to write a book about state abuse, of course I would keep it encrypted in such a way that no state agency could decrypt it if ever it fell in their hands, before I could anonymously spread amongst sufficient readers for it to have an impact. There is a critical window in time between starting to write the stuff, and having distributed it to sufficient readers, where encryption and anonymity are an absolute must.

            Of course it would be silly to hope that they wouldn’t find me ever. But they should only find me after the message has been spread, so that when they find me, this will not hinder the message to be in the wild. Even if I have to pay for it afterwards.

            Making the means to do so illegal, would be the end of any hope for democratic control. It would be the first step to 1984.

  29. So, I guess the FBI is basically stating that knowing the “online activities” of the San Bernardino murderers would be helpful in preventing more killings.

    Maybe, maybe not.
    I think not.

    What could/would have prevented it, is a more robust screening process of the couple (and everybody else) before allowing them into the good old US of A.

    Apparently, neither had a criminal record, nor were they on any sort of “Terrorist Watch List”.
    And it seems that this type of “background information” is quickly available to an investigator via a computer search of a few data bases.
    It would be rather unfortunate if that is the bulk of a completed background check before an otherwise unknown person is allowed into this country.
    I can’t help but wonder that if the screening process included speaking with associates and family members of the couple, investigators might have gleaned information which would have resulted in denying their entry.
    As reported after the murders – Malik’s estranged relatives say that she had left the moderate Islam of her family and had become radicalized while living in Saudi Arabia.
    Regardless if any Saudi Arabian officials agree, might the “estranged relatives” have said the same to an investigator before a Visa was issued?

    Maybe, maybe not.
    But it makes me wonder about the situation as a whole, and I can’t see how having the online activity of someone could, or will, be all that informative of what an individual is “thinking” – especially if all that one needs to do is wipe the device of past activity and then visit a few goody-two-shoes websites so that anyone looking at the device later will see harmless activity.
    Even without such, people think of things that they will never do, and do things without much thought, and that behavior is also reflected in their “online activity”.

    Also of note, many employee’s of different government agencies have given false information in the past, and used their position of authority for personal gain.
    Given that people are human, I don’t see that changing in the near future.

    As such, I can only see that a backdoor into any electronic device would likely be used for illicit activities – by “bad guy’s” and the supposed “good guy’s”.


  30. Musing a bit more re the backdoor option (which is not necessarily what we need). The argument seems to be centered on economic loss by purloined bank accounts etc. We already have a system in place for that very (so to speak) scenario, called the FDIC. So just for the heck of it, we do require a backdoor, supposedly known only to the govt, who is responsible then for protecting it. We make it robust enough (gotta hire those math genius’s) that not easily used even if it flies the govt coop. In return the govt “insures” all financial instruments, accounts, etc. dependent on that technology. Whoever loses any assets gets compensated in full (assuming they followed all security procedures properly), and the govt vigorously pursues the malefactors. Does that satisfy the concerns over that fear?

    • “In return the govt “insures” all financial instruments, accounts, etc. dependent on that technology.” – So, you think the government should mandate backdoors in encryption products and then take responsibility for insuring the hundreds of billions worth of corporate intellectual property and other data that would be “protected” by those products. Really? To what end? The bad guys certainly wouldn’t be using those products; they’d be using an unbreakable encryption solution that was developed by an anonymous Russian hacking group and downloaded using Tor from a website hosted in Kyrgyzstan the owners of which are completely untraceable.

      That said, US-based companies would probably be quite happy with such a scheme. At least then they’d be compensated for the hundreds of billions of dollars worth of trade secrets and intellectual property that they’re currently losing to both domestic and foreign hackers.

  31. I wonder (technically speaking) if a decryption solution can be dependent on a physical location. In other words, whatever “backdoor” et all the govt has to pierce all encryption, can only be applied at a physical site, (some sort of hardware dependentcy), or even biometric (like nuclear codes) requiring the physical presence of designated individuals….. say at “ft knox”. Anyways the more I think about this, and discount the hysteria over loss of the imaginary right of “privacy”, it seems to me solutions are probably readily discoverable. The problem seems to me we lack the will to do so, and give a mandate to our protectors to proceed with full court press. In addition, re the issue of competing encryption standards in the wild. We have plenty of precedent to make encryption an infrastructure resource, and require all development and deployment be with govt oversight. Similar to commerce (roads, rails, air, communications etc.). I think we are really at the point where govt has to step in and put some order to the private sector development and deployment of technology that severely impacts the body politic. We need standards in place, but still allow a means for innovation, to accommodate a rapidly evolving technical landscape.

    • You could indeed keep the decryption software on a biometrically-protected and non-networked computer that’s housed in Fort Knox. Heck, you could even protect it with encryption that *didn’t* have a built-in backdoor. The software would be completely safe and no unauthorised person would ever be able to access it.

      And then along comes a nerdy high school kid who creates a program that will do the same thing. Or an Apple employee decides to leak or sell the code. Or one of the very highly-skilled hacking groups creates a program to exploit the backdoor. Or……

      Encryption is only useful if it prevents everybody except the owner of the data from accessing it. Encryption with a backdoor is no encryption at all.

      • Or authorized personnel, like Edward Snowden. (I’m not making a political statement about Snowden. I’m just making a point that authorized personnel can and do compromise systems if they go rogue.)

        • Snowden is, in my eyes, a hero, not someone who went rogue. He’s the illustration of exactly why secured communication and data, in the face of government, is an absolute democratic necessity.

          Yes, Snowden violated a contractual agreement of non-disclosure. But he did that on the basis of his intimate conviction that he was confronted to a rogue part of government, that violated the constitution.

          • I’m not criticizing Snowden. I believe he did the right thing in exposing illegal surveillance. I used his example to show that it’s impossible to safeguard against people with security clearances to just walk away with the data. I didn’t call home a rogue agent. It’s simply that a rogue agent with the same access would compromise the system. Snowden went public with his information. With arogue agent, you’d have no idea that the backdoor had been compromised.

          • Indeed, from the moment that a secret is shared by more than one person, it can always leak out :-)
            As with every security system, the weakest link is usually the human. This is BTW, why there is no fundamental problem with strong encryption for law enforcement: in those cases where encryption is important to criminals, it also means that sufficient criminals share the information so that one of them will be a weak link.
            And in as much as cryptography can hide something well from law enforcement, it probably means that law enforcement has no business with it, and that the laws that say otherwise, are wrong-headed, because pointing to victim-less crimes.

  32. And be sure not to bypass Leo’s important point, “good encryption already exists.” It’s really just a mathematical formula. It’s “out in the wild” so to speak. Governments could to ahead and outlaw unbreakable encryption and anybody that knows the math would be able to go ahead and use it at their will and whim.

    • “And be sure not to bypass Leo’s important point, “good encryption already exists.”” – And that’s really the most salient point in this discussion. It exists and cannot be made to “unexist.” Were the US to mandate backdoors in certain products, the bad guys would either use non-US products that weren’t covered by that mandate or create their own tools. The only people a backdoor would impact are the honest people whose data would be more vulnerable.

  33. I don’t care whether Law Enforcement has my stuff on my iPhone.
    What I care about are criminals having the same access to my stuff on my phone. And you have aptly described that if Apple creates a backdoor, weakens its security, than that will eventually find its way to the criminal whom will steal my identity and create credit cards or just mess with my mortgage.

  34. Assuming we want the govt to penetrate encrypted comms for all the appropriate reasons, I wonder if a technological solution would be to work the math backwards (along with some kind of physical, biometric, etc. component). in other words, specify a very expensive infrastructure (as I suggested earlier) out of which encryption is enabled (but can therefore also be decrypted). The barrier then to misuse is the cost (and access? as well) to do so. This encryption is freely available to use all, including commerce etc. So no loss there. Sort of like the interstate hwy system. Free for all to use as they please (subject to legal oversight and consequences), but not easily duplicated, or modified by anyone for evil purpose. Afterall, at the end of the day encryption is just an infrastructure, it has absolutely no value in itself.

    So the only real issues are 2-fold. (3rd issue of govt abuse of citizens is a non-starter for me, I also hope they don’t send a tank to intimate me in some way)

    1. the deployment and use of non-approved encryption solutions.
    2. potential success of criminals and terrorists acquiring access

    1. domestically that is a simple legal issue. Such use is a criminal act and will be dealt with. Generally speaking laws work, most of us comply, and those who don’t get dealt with. This still leaves the international concerns, but at least we can separate to some extent the wheat from the chaff. Further we can require (using all sorts of diplomatic/economic/military coercion), that entities dealing with the US comply with such a standard. We do this already in all sorts of ways. We are not as concerned what happens outside our borders unless American interests are involved.

    2. This is no different that what we have now, criminals are …. well criminals, they will use all the means available to defeat security. they already penetrate security all the time. At the end of the day, any security is dependent on people, and people can be compromised. So I see no particular benefit or value in the argument commerce needs encryption tools no one can overcome. They will indeed be overcome anyways, is a given, and a very false sense of safety. Not technology that is the weak point, it is human beings.

    • “So I see no particular benefit or value in the argument commerce needs encryption tools no one can overcome. They will indeed be overcome anyways, is a given, and a very false sense of safety.” – That’d be weakening security. The people can be compromised and the encryption can be compromised. And to what end? The bad guys will *always* have access to encryption solutions, even if they need to create those solutions themselves. The *only* people who would be impacted by weakened security systems are the honest folk who’s data would be left more vulnerable. The bad guys wouldn’t be impacted at all.

      • Keep in mind my premise is that the ability to break encryption must be difficult, and therefore only available to a nation-state. So all the benefits of encryption security will still be available to commerce and individuals. I agree nation-states can also be compromised, but it is much more difficult to do so, and the nation-state has the resources to respond if done so. For example, the drug problem, the cartells etc. They only exist and prosper because (for whatever reason) it suits govts to allow it. Personally I would favor US policy that empowers the military to takeout drug lords wherever they are and with no more due process than some kind of trustworthy verification of target, wherever they may hide, care less about national borders. We simply inform any sovereign power, if you harbor criminals who are attacking us (and won’t deal with it yourself), then we are going to come and get them, best stay out of our way. It is a war, we should fight it accordingly. feel the same way about cyber criminality. Albeit a more complex issue, we should not be wimpy about pressuring harboring nations to take action, or we will. I think there is some long established doctrine about hot pursuit, one can violate jurisdictions in order to capture enemies, as long as that is all you do. Obviously this can be an issue if the harboring jurisdiction is strong enough to defy you, such is life, and the realm of spec ops I suppose. But few can deny the US toe to toe. And yes yes, there are all sorts of international and diplomatic landmines, I am being simplistic to make the point we need to be more aggressive. America is viewed as a namby pamby spineless entity. The world respects strength, we can project a lot more than we do now, and it will garner mostly respect from friends and enemies alike.

        • “Keep in mind my premise is that the ability to break encryption must be difficult, and therefore only available to a nation-state. So all the benefits of encryption security will still be available to commerce and individuals.”
          Unfortunately, that is technologically impossible. Once the technology for something like that exists, it’s impossible to keep it from leaking. Large corporations have more money than many governments, and if governments have that capability, then the largest corporations, as well as hackers, would also manage to get it. And they would have a huge incentive to do so, as it would be a great tool for corporate espionage, not to mention the mining of personal data for their purposes.

          • “Keep in mind my premise is that the ability to break encryption must be difficult, and therefore only available to a nation-state.” – Hacking and espionage by nation states – and by nation state-sponsored groups – already costs the US economy hundreds or billions of dollars:


            I suspect there should be an offset too: I’d be very surprised if we didn’t hack entities in other nations too.

            The bottom line is that a nation state is probably not the best entity to trust with the key to a backdoor!

    • How would you even detect and prove the use of forbidden mathematics, without being so intrusive that your country became a worse nightmare than North Korea ?
      If I encrypt my book about state abuse with a self-written version of the AES, and on top of that, I encrypt it with a state allowed back door encryption algorithm, how is the state going to find out ?
      If ever they put their hands on my files, they will decrypt it through the back door, and find themselves with apparent random numbers on a disk. Now what ?
      You can say: yes, but they might find the source code (two pages or so) of AES code.
      I could encrypt that source code with a one time pad, hidden in a huge file of apparent noise. I only have to remember the index in the huge file where the one time pad resides. I can make many other pieces of that huge one time pad such that it generates a lot of funny pieces of code or text from my encrypted file. I could even combine three or four patches (I’d have to remember those indices) before yielding my AES source code.
      In court, it is going to be a hard time accusing me that this piece of code came out under those combinations, if so many other combinations are also possible and give sensible results (love letters to my mistress and the like). I might even prefer not keeping any electronic copy of the source code, as that source code can easily be reconstructed from any book on cryptography that I have.

      In other words, well-hidden, it is essentially impossible for the state to prove that I have been using unlawful hole-free encryption, and for that, they’d have to put a lot of effort in it.

      Unless they make the possession of seemingly random data also illegal.

      Before you know it, you’re in North Korea.

    • Interesting, thx Leo. globally speaking we need a lot more dialog if we are to raise the consciousness of our society as a whole, and thereby have any hope of evolving society for the better. Somewhat related, a while ago I read about research suggesting “crowd” sourced solutions to social problems are actually more likely to be successful, then “expert” (or perhaps small committee based) solutions. There is something about a thorough airing of an issue by a multitude of ‘non”-experts somehow results in a superior collective wisdom.

      • And I’m not saying that an unresolved discussion doesn’t have value. As a friend pointed out when I shared that link on Facebook, often discussions exist for “those who follow” – i.e. you may not change the mind of the person you’re having the (public) discussion with, but – particularly when presented thoughtfully, rationally and respectfully, it’s all valuable information for those who read it all later – should they take the time to consume it all, that is. :-)

    • Interesting study Leo !

      In fact, I think that the study missed a point. In a public discussion (such as on a forum like reddit, or like here on this thread, or in a court room or on a political TV show), the person to convince is not your discussion partner, but a third party (reader, judge, jury, spectator…). You try to bring out arguments that will convince the third party that you are right. That the opposing party doesn’t get convinced, is not necessarily the aim of your contribution. After all, in a trial, if you’re a lawyer, you’re not trying to convince the lawyer of the opposite party that you’re right: you try to convince the jury or the judge, that your arguments are superior to those of the other party. The other lawyer will never admit that he got convinced. He is even legally not allowed to (as he is supposed to defend the interests of his client). But you can still win the argument in the eyes of the judge.

  35. Absolute power, corrupts absolutely !

    the fact that this article has more comments / discussion posts than any other article I’ve viewed on AskLeo
    tells me that it’s currently an extremely important issue

    Give a back door / master key etc. and you’ll be swimming in Orwell’s 1984

  36. My congratulations go to you, Leo for setting the opening game limits within the Ask Leo presentation. They also go to the quantity of posters who, as a vast majority, fought for their assent to the arguments and conclusion of your Ask Leo analysis and for their dissent to objections, or, as a small but solid minority, asserted they dissent however limited and reasons for such dissent. I would crave for participation to this debate of other persons I would deem worthy of stating their opinion: like FBI for enforcement, some involved Supreme court Justice for Law, Michael Sandel or equivalent philosopher for Justice, representatives of allied countries, or rogue states (would not trust them) for extraterritorial long reach, or organized crime (would not trust them either) and so on. All have valid points to make. This debate IS healthy. It improves us participants, before any other effect. It is just a beginning, it must and will continue. In the US (and elsewhere outside of rogue states), as I trust that the law *must and effectively *can be formed by the people (even, I believe, in common law countries like the US where the people do not directly form the law), it should IMHO become a Supreme Court decision, instructed with the opinions of whoever would care to participate and invest in the efforts required to articulate effective opinion. I trust the Justices for their wisdom, for the US.

    I still believe (as expressed by me on the 24th and not convincingly rebutted IMHO), that opposing to the authorities a bigger obstacle in accessing private data owned by bad guys than the obstacle the authorities already face when the bad guys use good encryption already available, thus restraining the authorities’ means to oppose crime [beyond that threshold] is not IMHO the right thing to do. Therefore, I regret, Leo, you did not introduce into your opening argument the concept of threshold of protection beyond which encryption would either become illegal, prosecuted and fought with all available force, internally and possibly also extra-territorially (as advocated by Joseph, I presume). In my initial long post on the 24th morning, I called what is needed (rules and process) to decrypt our iPhones and such beyond such threshold a “Steep Sterilized Back Door”. There could be other less demanding definitions of this threshold as possibly advocated by Joseph, there could be more demanding definitions of this threshold as could possibly be advocated by the hard liners of the majority Ask Leo opinion. I do accept that this threshold is hard to characterize and that violations are hard to enforce. But I still do not accept the majority opinion’s refusal (or blind prohibition maybe ?) even to consider the existence of such a threshold and subsequently to enter rationally into the discussion of its legal characterization, the associated process of justice and further enforcement in case of violations.

    Denial of the foundations of justice, of the foundations of our social contract(s) is tantamount to me as denial to the fundamentals of civilization. I trust the debate will proceed further, here and elsewhere. Thanks to all.

    • I think that nobody is arguing to oppose *bigger* obstacles to authorities than the obstacles they already face when “bad guys” (who’s to decide when authorities are the bad guys ?) use good cryptography. I don’t even think that authorities for more than the blink of an eye, would refrain from using all the means in their physical power to do what they set out to do (it is in the nature of authorities to do as they please).
      What I’m personally vehemently opposing to, is to allow authorities (who are quite close to the concept of “bad guys” in my eyes) to cripple people’s ways of communicating securely and keeping their data secure with all the means those people can apply to protect them from authorities. In other words, I turn your phrase around:

      I think it would be very bad to put bigger obstacles to people’s right to hide their communications and data from authorities than the obstacles they already face when authorities use their inquiring power.

      You should consider “having the right to encrypt securely your data and communication” as the fundamental “right to keep silent”. I see your electronic devices as the extension of your own thinking and memories. Imposing a back door to the security of your data from prying eyes is the equivalent to allowing authorities to use drugs and/or torture to break open your mouth. Even if you are considered a “bad guy”, you have the fundamental right to remain silent. You can decide not to tell authorities the list of your friends. It would be a fundamental breach of your liberties if authorities were allowed to torture or to drug you to get that list of names. Having them impose a back door to all of your devices is similar.

      Because one day you may find yourself being called a “bad guy” because you oppose the bad behavior of the authorities (such as Snowden did).

      • Is an interesting conundrum, how to avail ourselves of a powerful tool for benign use, but at the same time deny criminals the same tool. Guns come to mind, but we all can (well mostly) own firearms and defend against criminals et al. While our govt has bigger guns and resources which are denied us, and and criminals, due to the difficulties in owning such things (economically, technically, etc.). We don’t worry much about govt turning on it’s citizens, long as they behave, nor do I feel the new to maintain an arsenal because I fear my govt may try to enslave me some day (although they might). You can only worry so much ….ya know? So we have a balance of power which seems to work. When we (the people) are sufficiently annoyed, we seem to have some success in curbing our govt peacefully, using the tools crafted by our founders to do so.

        Absolutely secure communications sort of seems like the same thing…. why do I need it? If I am conspiring against the govt why not just do it in the open (as we already do). If I am fermenting rebellion and illegal acts, why should I want my “neighbors” doing so? The argument we need this ability to wage war against our govt only comes into play when our govt actually tries to enslave us. In the meantime this tool does us no good at all, but enables our enemies. In conclusion, that portion of the argument is phony (a strawman defense).

        The argument, any means to defeat encryption has more merit, at least something needing to be addressed. If govt can’t guarantee reasonable security, as it does with weapons, then I would be concerned and conflicted. What I am hoping (and basing my opinion on), is that we can make encryption difficult to overcome, but not impossible That the means to decrypt is difficult enough in economic and technical ways as to be only doable by a nation state, not some nerdy kid in his bsmt et al.

        The argument that other entities with resources can duplicate this puzzles me… like so what? They can’t hide that effort, and would be breaking the law, so not really an issue. I don’t see boeing building it’s own fleet of fighter jets and bombers (to threaten airbus with). I don’t see lockheed-martin building it’s own in-house ballistic missles. I don’t see johnson and johnson developing it’s own private use bio-weapons. I don’t see martin-marietta building it’s own nuclear device to intimidate it’s corporate rivals…. really folks, not an issue.

        The argument foreign entities will deploy encryption only has merit if it gives them an advantage over us, otherwise it is no different than the world now, where entities seek advantage. Considering if we just allow everyone to have unbreakable encryption, then they have that advantage by default, the problem reduces down to considering the risk our “solution” can be stolen and used effectively against us. I don’t think this is a risk at all, for the caveats mentioned. Further, encryption is only part of national/military security, there is a lot more involved, and I think the likelihood anyone other than a nation-state could gain advantage is remote. Re nation-states that seems to me not really a valid worry either. They will just do what they already do, engage in espionage to get the information at it’s source, and/or the keys etc.

        So at the end of the day, I do not support the view we shouldn’t allow govt to develop the means to decrypt, and require (at least domestically) it’s citizens to comply. However, I do support an open and vigorous process to develop such tools that meet the very stringent guidelines I suggested. This may not even be possible, but we need to get past the discussion, and give our govt the mandate to proceed. If it works, great, if not probably learn a lot of useful stuff anyways. Nothing like a manhatten project, or trip to the moon, to get results.

        As an aside, I have absolutely no problem with the NSA recording every single electronic communication in the land, and applying forensic filters to root out evildoers. Subject to easily specified privacy restrictions, and legal oversights. I just don’t believe any human being involved in that technology is going to have the slightest interest in “listening” to me, or tracking me and making the info available to someone else.

        The argument foreign interests would steal/duplicate solutions is no different than we have no with arms races, and espinoage. At some point all encrypted stuff must be decrypted, so it gets compromised at that point. There is some benefit to an uncrackable comm having use in transport, so that does have to be considered. Maybe we allow the govt to have the uncrackable version for official use. ditto for our defense contractors etc., all under govt oversight. Commercial protections a little more problematic, would need to be considered. But again, if the decryption is sufficiently difficult, using it illegally would be costly enough that it would be used less than more traditional espionage techniques.

        • For all practical means, at the current state, very well-known encryption is already unbreakable, or contains the principles to make it unbreakable in the foreseeable future, caveat some unexpected mathematical breakthrough. The AES standard (which can relatively easily be extended to even longer keys) is a US government standard, but was in fact developed by Belgian university cryptographers (originally called Rijndael, by Joan Daemen and Vincent Rijmen), as they won the contest organised by NIST. So it is not something developed nor by US citizens, nor by the US government or military. There were very good competing algorithms. The success of AES is rather because it has been picked as a NIST standard, and the US government uses it for its own encryption. The AES standard itself is limited to keys of 256 bit, but the original Rijndael submission can have keys with any length, and this algorithm is publicly known. So, lest there turns out to be a mathematical solution nobody has found until today, the encryption can be made as hard as you wish. 256 bit is considered sufficiently strong for all practical purposes, but you can use, say 4096 bits and then you blind yourself even against most possible weakening that might come from unexpected mathematical breakthroughs.

          So for all practical purposes, totally unbreakable encryption already exists, is well-known (it’s on wikipedia), is rather simple to implement by any competent programmer, and wasn’t developed in the US. Moreover, several somewhat less famous alternatives exist. Usually cryptographers prefer well-known algorithms, because they have been thoroughly studied, so the chance that they are breakable by a mistake is smaller. But all the other algorithms of the NIST contest are also essentially unbreakable cryptographic systems. Combine them, and they are even better protected against mistakes or (very very subtle) back doors.

          • clarification… the issue is not whether unbreakable encryption exists (or nuclear weapons, or biowarfare, et al), but who to allow access. The question is, can the govt, by exerting power, require an ability to recover keys, and/or bypass keys. I mean can both in the policy sense, and the technical sense. It is sort of cart before the horse to argue over policy if we cannot do so technically. My point is let’s find out if this is even possible, write some specs and have at it. Then we can debate whether and/or under what circumstances the govt can do so. Doing so at the chip level is very interesting, chip factories are impossible to counterfeit, or do a homebrew, and they are readily identifiable and policed. So a hardware solution as part of the overall solution seems possible. Again there is precedent, there are a number of technologies (uranium enrichment devices/technology comes to mind), that is already rigorously controlled (or at least attempted). Once you have a hardward solution, you make the use of that solution so expensive and difficult, that only a nation-state can do so. All that leaves is espionage, sure eventually most nation-states will have it, but encryption isn’t the end of the story. We have had secrets and codes …since… uh… forever. I assume we would still have that, so decrytpting a coded message just leaves you with a code…not much help without additional intel. So that just puts us where we are now. I can also see as part of the solution the ability to modify solutions so the espionage is always playing catch-up.

          • @Joseph
            I wonder what you have in mind when you think of encryption. Encryption IS “coding”. Something like the AES (or Blowfish or whatever other algorithm) just turns data into “a coded message” for which there is simply no other solution to get the data back out of it, than by using the encryption key (the password, say). That’s all there is to it.

            I can give you a simpler example, which is BTW the only encryption algorithm of which there is a strict mathematical proof that it is perfectly unbreakable or even unrecognizable, which is old as the world, and which is impossible to forbid/track down/…

            The inconvenience is that the password is just as long as the data. The technique is called “the one time pad”.

            Say that the message is “Joe did it”.
            4A 6F 65 20 64 69 64 20 69 74
            Now, consider the password:
            which renders hexadecimal:
            57 6F 31 33 6F 6C 6C 62 6F 7A

            The encrypted message is the bitwise XOR of both:
            1D 00 54 13 0B 05 08 42 06 0E

            There’s no way to extract, from this result, the original, unless we XOR it again with the password.

            But the funny thing is that I can find passwords to turn this into anything I like.
            If I try with the password:
            54 20 38 7C 7D 60 28 3B 69 7B (which translates into T 8|}`(;i{ )
            then I “decrypt” the message into:

            “I love you”.

            This is why you cannot outlaw unbreakable encryption.

          • “Doing so at the chip level is very interesting.” – Encryption doesn’t need to be at the chip-level, or even at the software-level. I can very easily create an encrypted message that is completely unbreakable using only a pen and paper, and that exact same method (called the one-time pad) can easily be applied to electronic communications too. If you weaken electronic data encryption, it’ll make everybody more vulnerable – except, that is, for the bad guys who’ll simply start using other obfuscation/encryption mechanisms.

          • Patrick, not meaning unbreakable encryption itself, mean USE of such being controlled. Just as we do with all sorts of stuff. Yes, anyone can use illegal tools, but then there are consequences. Obviously this only applies domestically, so the govt can (with proper oversight), penetrate any communications, by any means crossing domestic infrastructure. This can (potentially is my surmise) be accomplished starting at the chip level. Ray, good point, there are all sorts of non-electronic encryption that cannot be reasonably controlled. But that is limited in scope, not scalable at all. Electronic means makes this tool ubiquitous overwhelming any govt ability to counteract such. I suppose one could use the one time pad approach, then encrypt it as well for transport, but that would at least alert the authorities someone is trying to do something probably illegal, and trigger more resources to uncover. What I like (perhaps naively) is the idea that the very use of illegal “tools” draws attention.

          • “But that is limited in scope, not scalable at all.” – Criminals do not need a scalable solution; they simply need a secure way to communicate with their cohorts. For example, you and I could plot dastardly deeds via emails that have been encrypted using the one-time pad method: there’d be no software involved, no hardware involved and the emails would be completely indecipherable.

          • @ Joseph
            Good encrypted stuff looks exactly like random data. The only way to find out that it is not actually random data, is to decrypt it with the right key. You cannot distinguish good encrypted stuff “with back door” from good encrypted stuff without back door and from truly random data, unless you actually try to decrypt it, and verify whether the result actually makes sense, or could make sense in some way or another.
            Even better, good *compressed* data (even without encryption) also looks perfectly like random data, and the only way to verify that it isn’t random data, is to decompress it with the right algorithm.

            So it is totally impossible to even NOTICE “illegal encryption” on a large scale, and distinguish it from truly random data.

            Personally, I would, as a civil action to annoy any law making good encryption illegal, promote the pumping of random numbers over the internet: I would invite every citizen to install a small open source program that makes peer-to-peer connections and exchanges random numbers over TCP/IP connections. At a rate of 10 KB/second random numbers, that wouldn’t harm my or most people’s internet bandwidth.
            I would invite people to keep at home several old USB sticks full of random numbers. The guys trying to detect illegal encryption would be, if somewhat successful, be confronted to an insolvable task of determining what of those random number fluxes, would contain encrypted data.
            In fact, they would need to violate the second law of thermodynamics.

          • Phil Zimmerman had a great idea along those line. He advocated that everybody use encryption for every email message they sent. This wouldn’t be like sending random bits, but any hackers, government of otherwise, would be so inundated in encrypted messages, they wouldn’t know which messages were in need of encryption. He compared encrypted emails to putting a letter in an envelope instead of a postcard. It’s easy for the authorities to steam open an envelope, but the sheer volume makes random checking prohibitive. Unfortunately, no one has come up with an encryption front end which would make that doable for the average person. It’s even too much work for those who understand computers to do with every email. I think the only way something like that would work is if everybody used the same email program with automatic key exchange and encryption built in, or at least the same encryption module built into every email program. In a case like that, I’d insist on open source.

          • @Joseph – To take things a step further, remember that both warfare and state-sponsored terrorism are very likely to become increasingly technical in nature. To cripple the US, a country wouldn’t need to invade – it’d simply need to interrupt the electronic/computer systems. Imagine the consequences if the US banking system and/or the supply chain or power infrastructures were to be interrupted even temporarily. Chaos would ensue extremely quickly. And it really isn’t as far-fetched a proposition as it sounds. Remember that the US is suspected to responsible for the Stuxnet worm which targeted Iranian nuclear facilities, destroying as many as 1,000 centrifuges.


            If our computer systems – and the data that they hold – are not as secure as they possibly can be, we’re simply making ourselves more vulnerable.

        • “Absolutely secure communications sort of seems like the same thing…. why do I need it?” – To be able to safely bank online? To be able to use an ATM safely? To keep your business data secure? So your bank can keep *your* data safe? Pretty much every form of communication/transaction relies on encryption to keep it secure.

          “The argument foreign entities will deploy encryption only has merit if it gives them an advantage over us.” – And it would. An enormous advantage, in fact. Foreign entities would be able to keep their data absolutely secure while our data would be vulnerable. Hacking would cost the economy trillions of dollars rather than the hundreds of billions it costs at present.

  37. IMPORTANT – Could we bring the discussion back to the topic at hand – encryption and back doors – and less about politics and nature of government? I realize that they are intertwined in many ways, but honestly … this isn’t the place for lengthy general discussions of what government should and should not be. The sheer length of this discussion is already too intimidating for anyone but the active participants (and this page is getting huge.) I’m reluctant to shut it down completely, because it’s been a very interesting and respectful conversation, but I’d like to see if we can’t keep it more closely related to the topic. Thanks!

  38. Great analogy for explaining the backdoor drawbacks.

    It also suggests the following: To use the TSA master key, you must have physical access to the lock.

    The solution the government seeks is usually (nearly always?) for dealing with phones they have in hand.

    Given the phone in hand, how about a hardware-enabled backdoor (built into future phones) through which the manufacturer, in a secure environment, could break into the phone (probably using special software known only to the manufacturer in conjunction with a special plugin).

    Wide-scale hacking no longer a problem – they can’t hack it if they don’t have it.

    • Of course, once the decryption mechanism leaked or somebody worked out how to duplicate it – and this *would* happen – any phone that was stolen, lost or imaged would then be vulnerable.

        • Exactly. Backdoors are exceptionally fragile. All it takes is one itty-bitty mistake – such as permitting somebody to snap a photo of a master key – and the entire system is compromised. And I have no doubt that a cryptographic backdoor would be compromised too. Social engineering, industrial espionage, hacking, dumb luck, an un/intentional leak, bribery, poor security practices: any of these could – and almost certainly would – result in the backdoor mechanism becoming public domain.

      • It isn’t the case, and nor does it set a precedent that the California courts must follow – but hopefully it’ll be influential.

        • If ever Apple gets publicly obliged to comply to back dooring the security of its *software*, that would make open source community software the only true potentially safe system. In fact, I’m already convinced about that, in the sense that closed-source propriety software, no matter how well it may be designed in reality, always has to live with the suspicion that the software is not doing what it is advertised to do (even if that is not the case). Open source software, on the other hand, is open, and you can look for yourself, or you can trust people will look (sometimes this hope is exaggerated, as the shell shock bug and heartbleed showed us – but at least in the end it got noticed). Of course, you have to be able to build it yourself, with a trustworthy compiler.
          So anything ultimately security related, if important, should be open source (at least, open to the people using it).
          As community driven open source software has, moreover, no “point of failure” on which law enforcement (lest becoming something like North Korea) has any handle, there’s no way to enforce a back door in community open source software. (you cannot oblige a free community to anything as people are not obliged to contribute).
          Of course, in as much as Apple secretly complies, we’ll never know (which is exactly the problem with closed source propriety software for this kind of issue).

          • I don’t claim that open source software contains less security BUGS. I claim that it contains potentially less ON PURPOSE back doors, simply because if you put a back door in it, it is traceable and you’ve committed it in the open. Of course, you can hope that it will go unnoticed for a while so that you can exploit it, but when it gets found out, it is obvious who did it.

            That doesn’t mean that it cannot happen. There is some suspicion that this was the case with the recent socat “bug”. But it was discovered quickly.

  39. lol makes me all the more happy that i don’t have a mobile phone and that my ipad stays disconnected from wifi networks. this move is nothing less than the nsa becoming more and more like the kgb, under the textbook excuse of maintaining “national security”. then again, the united states of america is drifting towards becoming the united socialist states of america every year anyway so it comes as no shock.

  40. This is not solving the terrorist/criminal problem it is actually playing into their hands.

    This saga would also make a great movie script where the family of a guy who knows the backdoor key is kidnapped and made to give it to a rogue government or master criminal. Yeah, yeah, I know, it has all been done before but wait……..

    Instead of the happy ending when all is put right, the family would be murdered and the key sold to every criminal, government or interested party with the result the whole world enters into utter chaos and eventually every democratic government collapses and the terrorists and criminals take over the world. And, of course, there would not be a solution to get back to sanity.

    Maybe I will start writing straight away and encrypt the script, or will that be a waste of time:-)

    • Indeed. My point is that the “bad guys” might just as well be the “good guys” turning bad. Like what happened in Germany in the 1930-ies.

    • “This saga would also make a great movie script where the family of a guy who knows the backdoor key is kidnapped and made to give it to a rogue government or master criminal.” – Austin Powers: Goldmember and the Rubber Hose.

      • I admit it! I had an ulterior motive in writing such a script. I thought that if I did and the U.S. security guys got to read it, they would lock me away for a considerable time and I would then get free board and lodgings, the end of my wife’s incessant nagging and no need to worry about what the kids are doing when they are out after midnight with their hoodie friends. But, dammit, I will have to think of something else that will show that the people who think up such things are just morons, or should I say well-paid morons?

        Sometimes I wish I was also a moron so I would be able to live in my own world and not the real world.
        Please don’t take my levity too seriously as I do realise the seriousness and danger of the proposals.

        Maybe Leo should be given a ‘consultation’ post in the White House as he has common sense and an extensive knowledge of the Internet, but then again I don’t think he would be happy – a fish out of water, common sense being such a rare commodity in governments.

        • “Sometimes I wish I was also a moron.” – While that’s a very lofty goal, it can be achieved. Here’s how:

          1) Extend your right arm with the palm facing upwards.
          2) Using your left hand, place a brick into the palm of your right hand.
          3) Rapidly bend your right arm until your elbow makes a 90 degree angle and the brick makes contact with your head.
          4) Re-extend your right arm and then repeat step #3.
          5) Keep on repeating steps #3 and #4 until encryption backdoors start to seem like really, really great idea.

          • My God! I never cease to be amazed at the amount of knowledge available on the Internet. No matter what problem you have, there is always a solution available:-) But, I suspect it was been taken from the President’s/Prime Minister’s weekly memo to all Governemt Officials.

            Thanks Ray, your answer is appreciated but my face is ugly enough (so my wife and ten of my eleven children say – the youngest hasn’t leaned to speak yet) so I will not take your advice on this occasion, but I will file it away for now, just in case life gets too much for me.

  41. Well explained column. Because our liberties are eroded so incrementally and slowly and the government’s power increases the same way we tend not to notice. Some, OK most, people will say I’m not doing anything wrong, they can look all they want, I’ve got nothing to hide! But that old saying is still true : Power corrupts and absolute power corrupts absolutely. Man cannot govern man without problems, things start to breakdown, more rules, bad people get in power and things get ugly real fast. History has shown this time and again.
    Again, thank you for your time and efforts on our behalf and in the care and use of our computers. The digital/technology things we have available are amazing.

    • “Some, OK most, people will say I’m not doing anything wrong, they can look all they want, I’ve got nothing to hide!” – Indeed. It’s not government having a backdoor that really concerns me; it’s that the bad guys will almost certainly discover a way to use that backdoor too. I don’t think that any reasonable person would object to the government being able to access the data on the San Bernardino shooters’ phones – but only if it could be done without risking everybody’s security. And that simply isn’t possible.

      • You should look at the “If you’ve nothing to hide, you shouldn’t care about privacy” fallacy:

        To see the hypocrisy, look at Schmidt (Google’s boss) (from the Wiki article)

        Eric Schmidt, the CEO of Google at the time, said “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.”[19] However in 2005, all CNET reporters were blacklisted from talking to Google employees after CNET published an article which disclosed personal details about Schmidt.[20]

        I go by Snowden, who puts it better than any one could say it:
        “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say”

        • That is a cute soundbite, but not really analogous. While I am generally supportive of snowden, I am NOT supportive if revelations get people killed (intel agents usually), not sure if he caused any. i do sometimes wonder if we would be better off in a world where everybody knew everything about everything. A fantasy obviously, since no way to actually insure that equality, and obviously the self-seeking nature of human beings means any such effort would be perverted. Not that self-seeking is evil, anymore than having opposing thumbs is evil (since they were used to build atom bombs and such). Self-seeking is just a necessary part of human existence… since we do exist, and natural selection is …. well natural selection, winners survive to debate about stuff.

          However, I would say privacy is more akin to the statement your right to free expression (swinging your fist), ends at my nose. There are indeed limits, and a lot of them. Likewise I am in favor of a lot less emphasis on privacy at the gain of a reduction in criminals, pedofiles, terrorists, adulterers, incompetent doctors, corporate malfeasance, govt corruption… well you get the point. Yep, if I have nothing to hide (that hurts others), then you bet I am in favor of reduced privacy that exposes a few more societal cancer cells. I am tired of getting my nose bashed, so to speak.

          • The fundamental point is that knowledge is power. Power is always power to harm. Privacy is the way to prevent others from gaining enough power to harm you, especially if there is no reciprocity. Whatever entity has information about you, while you cannot gain comparable information about them, gains power over you, to extort you and to harm you. We all think of “criminals”, but this goes as well for the state, your neighbor, your customer, your boss, …

            It is in the nature of human beings to dominate, extort, oppress, and enslave other human beings. I call that the “social nature” of a human being. As such, any information gained about you by someone, gives him/her more opportunities to do so ; but as long as this is balanced by information you gain about him/her, a power equilibrium forces both of you to not use that weapon. The MAD doctrine if you want.

            Everybody uses information about others to harm them, or to force them in a position that has an advantage for you. Using information about someone to harm him starts half-jokingly at the bar, where you make fun of someone at his expense because you know something “ridiculous” about him, and ends in fake trials where a totally fake but credible accusation is made against you, based on all the little details of your life that make the accusation credible and against which you can’t defend yourself.

            Your colleague knowing about weaknesses in your personality can use that knowledge to bring you seemingly innocently in a position where he can expose that weakness as if it were a competitive disadvantage, and gain, in the eyes of your boss, at your expense. Politicians not liking your opinion may look for information about you in order to discredit your discourse with elements from your private life to smear a nasty image on you, or to get you in trouble with justice.

            All information gained at your expense will be used against you, and the more sophisticated the analysis of that information can be, the nastier, the more damaging, that attack can and will be, and the harder it will be for you to defend yourself against it. With sufficient information about you, one can charge you of the worst crimes, and no defense you might think of will work, as the scenario of the accusation has been taking all credible defenses into account: you won’t have an alibi, it will sound as if you had a motive, several elements will be in accordance with what you actually do and say.

            And there’s no reason why your enemies (that is, most of the world) would refrain from doing so. And yes, those accusations will be something like rape, child abuse, or potential terrorist for instance, and you will be defenseless.

            This is why the right to privacy (absolute privacy) is just as important as the right to breathe air. Information, any information, about you, is handing over the stick to beat you.

        • I didn’t say that the government having a backdoor doesn’t concern me; I simply said that it concerns me less than the possibility – actually, make that probability – of bad guys discovering how to use that backdoor. I don’t think that a backdoor is a good idea in any way. shape or form.

    • As an unconditional proponent of open source code, I can hardly say that I object to that. In fact, the day that they want to read my Truecrypt encrypted pen drive, I wouldn’t mind them to look at the source code of Truecrypt :-)

      The fun thing is now that we may hope that some rogue guys at the FBI will end up leaking the full Apple OS-X source code to some or other Chinese organisation which will then sell Apple imitation computers for 150 dollars :-)

      The very delicate point in this affair for Apple, is that it will probably turn out that their “protection” is in fact nothing else but a way to tie customers to Apple, not allowing non-Apple systems to run on an i-phone, and not at all a protection of privacy. If it were truly a protection of privacy, then at no point the source code could help hackers like the FBI to get at the data.

  42. It seems to me that law-breakers (and the privacy-minded) would give an illusion of compliance. They would use the mandatory encryption-with-backdoor but only to encrypt things that have already been encrypted with real encryption. Government agents wouldn’t notice the difference until after they used their “master key.”


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.