I've been thinking about the big disconnect among cryptography / security people on the encryption wars.
Like so many things, I think it all boils down to threat models. 1/🧵
Like so many things, I think it all boils down to threat models. 1/🧵
How do we think governments are going to act?
That is the big question. How you answer determines how you think we should best prepare.
That is the big question. How you answer determines how you think we should best prepare.
Most of our community looks backwards, to the 1990s, for their model of the conflict.
The US government introduced a backdoored system, the infamous Clipper Chip, in 1993. They were going to make it mandatory.
en.wikipedia.org/wiki/Clipper_c…
The US government introduced a backdoored system, the infamous Clipper Chip, in 1993. They were going to make it mandatory.
en.wikipedia.org/wiki/Clipper_c…
Fortunately Matt Blaze saved the day in 1994 by showing fundamental weaknesses in the design.
mattblaze.org/papers/eesprot…
Later work by Frankel and Yung illustrated even more problems.
The Clinton administration backed down, and encryption lived to fight another day. 🎉
mattblaze.org/papers/eesprot…
Later work by Frankel and Yung illustrated even more problems.
The Clinton administration backed down, and encryption lived to fight another day. 🎉
So, awesome work by Matt Blaze and everyone else involved, and we all owe them a huge debt of gratitude for making the modern Internet possible.
But I think it's a mistake to assume that the next conflict will play out just like the last one.
But I think it's a mistake to assume that the next conflict will play out just like the last one.
In military terms, they call this "fighting the last war".
It's usually a pretty reliable way to lose.
quora.com/What-does-it-m…
For example: The Maginot Line
en.wikipedia.org/wiki/Maginot_L…
It's usually a pretty reliable way to lose.
quora.com/What-does-it-m…
For example: The Maginot Line
en.wikipedia.org/wiki/Maginot_L…
Just like WW2 was different from WW1, we can't assume that Crypto War 2 will proceed exactly as before.
For one thing, I think this model relies on an overly optimistic model of the US government as an intelligent entity that makes rational decisions and that cares about trifling things such as facts, logic, or technological feasibility.
Maybe that was the US government in 1996, under the Clinton administration, when the Internet was still kind of a fringe thing that didn't have much impact on the "real world".
But post 9/11, everything is very different.
But post 9/11, everything is very different.
The post-9/11 US government is a different beast entirely.
It's amazing that you can build an organization with tons of smart, motivated, caring individuals, and still come out with an entity that's like something out of a story co-written by Franz Kafka and HP Lovecraft.
It's amazing that you can build an organization with tons of smart, motivated, caring individuals, and still come out with an entity that's like something out of a story co-written by Franz Kafka and HP Lovecraft.
It's a massive machine that mindlessly consumes or steps on anything that gets in its way. Like some combination of an Eldritch horror and Douglas Adams' Vogon Constructor Fleet.
I'm still technically under NDA, so I can't share any details of my own experiences. But that's OK, because all the craziest stories are from other people I know and trust.
If you know somebody who used to wear a uniform, buy them a couple of beers, and you can hear stories too.
If you know somebody who used to wear a uniform, buy them a couple of beers, and you can hear stories too.
Again, avoiding details, I'll just say that some of the best adversarial thinkers I've ever met are people who spend all day figuring out how to accomplish their assigned duties despite rules that plainly state "YOU ARE NOT ALLOWED TO DO YOUR JOB".
Reason? Logic? Facts? What are those?
"F your logic. The rules are the rules."
"F your logic. The rules are the rules."
This is an institution that would put "NO DOGS ALLOWED" signs all over a K-9 unit.
(I have no knowledge of actual K-9 units. It's a metaphor. But for all I know, they might really do this somewhere.)
(I have no knowledge of actual K-9 units. It's a metaphor. But for all I know, they might really do this somewhere.)
Most of our community is still operating under the assumption that the way to avoid encryption backdoors is to make a rational argument that we don't know how to do it safely.
I think this is dangerously naive.
I think this is dangerously naive.
If the Vogons decide they need a backdoor into your encryption, are they going to care about whether that's technologically feasible? Do they care about the adverse impact on everyone else's security and privacy? Not at all.
So this is the crux of the debate. If you think we can reason with the monster, then it makes sense that you want to avoid giving any ground at all in the argument.
If you think the monster is going to attack regardless, then you should start fortifying your fallback position.
If you think the monster is going to attack regardless, then you should start fortifying your fallback position.
Coda: So what does a huge faceless beast like the US government care about?
A few things: Public opinion. Money. Saving face.
A few things: Public opinion. Money. Saving face.
We can't do much on the Money front.
And Saving Face could go either way.
So all our leverage needs to come from Public Opinion.
And Saving Face could go either way.
So all our leverage needs to come from Public Opinion.
Is public opinion swayed by cold, hard facts? Elegant mathematical proof? Reason?
I think the best we can do here is a very weak "maybe". C'mon, we're all reading the same news. It's bad.
I think the best we can do here is a very weak "maybe". C'mon, we're all reading the same news. It's bad.
Public opinion hinges on emotion. That's why Alex Stamos's stories of constantly fighting CSAM material on Facebook are so powerful.
If we're going to push back against surveillance and censorship, we need a powerful emotional argument too.
If we're going to push back against surveillance and censorship, we need a powerful emotional argument too.
So for example, this Apple PSI thing is the perfect mechanism for cracking down on political memes.
There's a non-zero risk that this thing could be used to prevent the emergence of another Bernie Sanders or Barack Obama.
*That* is what we should be screaming about.
There's a non-zero risk that this thing could be used to prevent the emergence of another Bernie Sanders or Barack Obama.
*That* is what we should be screaming about.
There are also alternative ways to fight CSAM. For one, you can analyze patterns in how images are shared, and when, and with whom. For another, you can run sting operations and send undercover agents (eg FBI) to infiltrate the networks.
None of these let you block Bernie memes.
None of these let you block Bernie memes.
Similarly, in the encryption wars, we're going to need a set of minimally-invasive, technologically robust to abuse, and above all *politically defensible* fallback mechanisms.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
