The Intel and DoD establishment has been coming out
against the FBI’s campaign to weaken or backdoor encryption programs. We
can speculate why but the inside fighting first became public at a corporate
forum and now has reached the Editorial page of the govt. “hometown” paper.
Once its been accepted there, then the decisions have been made at the head
office and its just an announcement to the factory floor. Sure there will
still be hearings and “think” pieces and long winded interviews but Money
Talks, Bullshit Walks. And there is MONEY to be made if the fact (or
illusion) of program integrity is maintained. And those who are the white
knights fighting on the side of good? They left the secret part of the govt
to become “consultants” in technology and security. Other words, they are
recognized “experts” who have gravitas with the inhabitants of official
Washington from being”in the trenches”.. “If only I could tell you what I
know but I can’t, so just believe me.” Well, they are now the mouthpieces
of the software giants and sell both the big programs and grease the way for
the public/private intelligence services. All of which could be much less
profitable if the FBI proposal gets its big, flat, policeman’s shoes in
game. No thanks.
Or another cynical take could be that that openly creating the hole would push
suspect individuals or organizations away from public applications and create private ones
which would not have the backdoors or strenghtened in other ways.
Otherwords, shut up about backdoors and let us carry one with what we are
doing.
R
————excerpt—————-
“Why the fear over ubiquitous data encryption is overblown “
By Mike McConnell, Michael Chertoff and William Lynn July 28
Mike McConnell is a former director of the National Security Agency and
director of national intelligence. Michael Chertoff is a former homeland
security secretary and is executive chairman of the Chertoff Group, a
security and risk management advisory firm with clients in the technology
sector. William Lynn is a former deputy defense secretary and is chief
executive of Finmeccanica North America and DRS Technologies.
“…..We recognize the importance our officials attach to being able to
decrypt a coded communication under a warrant or similar legal authority.
But the issue that has not been addressed is the competing priorities that
support the companies’ resistance to building in a back door or duplicated
key for decryption. We believe that the greater public good is a secure
communications infrastructure protected by ubiquitous encryption at the
device, server and enterprise level without building in means for government
monitoring.
First, such an encryption system would protect individual privacy and
business information from exploitation at a much higher level than exists
today. As a recent MIT paper explains, requiring duplicate keys introduces
vulnerabilities in encryption that raise the risk of compromise and theft by
bad actors. If third-party key holders have less than perfect security, they
may be hacked and the duplicate key exposed. This is no theoretical
possibility, as evidenced by major cyberintrusions into supposedly secure
government databases and the successful compromise of security tokens held
by a major information security firm. Furthermore, requiring a duplicate key
rules out security techniques, such as one-time-only private keys.
Second, a requirement that U.S. technology providers create a duplicate key
will not prevent malicious actors from finding other technology providers
who will furnish ubiquitous encryption. The smart bad guys will find ways
and technologies to avoid access, and we can be sure that the “dark Web”
marketplace will offer myriad such capabilities. This could lead to a
perverse outcome in which law-abiding organizations and individuals lack
protected communications but malicious actors have them.
Finally, and most significantly, if the United States can demand that
companies make available a duplicate key, other nations such as China will
insist on the same. There will be no principled basis to resist that legal
demand. The result will be to expose business, political and personal
communications to a wide spectrum of governmental access regimes with
varying degrees of due process.
Strategically, the interests of U.S. businesses are essential to protecting
U.S. national security interests. After all, political power and military
power are derived from economic strength. If the United States is to
maintain its global role and influence, protecting business interests from
massive economic espionage is essential. And that imperative may outweigh
the tactical benefit of making encrypted communications more easily
accessible to Western authorities. ….
https://www.washingtonpost.com/opinions/the-need-for-ubiquitous-data-encryption/2015/07/28/3d145952-
324e-11e5-8353-1215475949f4_story.html
