Tag Archives: encryption

Comey vs. Crypto: The Last Banzai Charge

 

Imperial Japanese Army soldiers give a banzai ...
Imperial Japanese Army soldiers give a banzai cheer. (Photo credit: Wikipedia)

At the end of World War II, Second Lieutenant Hiro Onoda of the Imperial Japanese Army dismissed rumors of his country’s surrender, fading into the Philippine jungle to fight on.  He held out for 29 years before, still dressed in his dilapidated uniform, he surrendered his sword to his former commanding officer in 1974.

Every time an American politician or bureaucrat floats some cockamamie new scheme to ban, handicap or regulate strong encryption of computer data, I think of Onoda.

The Crypto Wars began in 1991 when Phil Zimmerman released the first version of PGP (“Pretty Good Privacy”), a tool that made strong encryption available to the masses worldwide. The wars essentially ended at the same time.  A few bitter dead-enders held out until the mid-1990s, firing off silly proposals for programs like the Clipper Chip and “key escrow,” but it quickly became apparent to most that the strong encryption genie isn’t going back into the bottle.

So here comes FBI director James Comey, waving a rusty samurai sword and screaming “banzai!” as he once again charges the enemy lines, 24 years after his side’s defeat.

Testifying before the US Senate’s intelligence committee in early July,  Comey trotted out the latest alleged threat —  Islamic State militants using strong crypto to protect their communications — and complained that “[i]n recent months … we have on a new scale seen mainstream products and services designed in a way that gives users sole control over access to their data.”

He says that like it’s a bad thing. It isn’t.

He envisions a “solution” in which software and communications providers use strong encryption that works, except when Comey wants to read your email. Even if empowering him to read your email wasn’t a very bad idea, no such solution exists.

A back door for James Comey is a back door for everyone else, too. If the encryption is broken, it’s broken.

The bad guys will always have encryption. Encryption is math and computer code. It’s free, it’s in the wild, and it will remain so. If American companies hobble their encryption, those who don’t like their encryption hobbled will get good crypto elsewhere. Shikata ga nai (“it can’t be helped”).

As for the rest of us, Comey tends toward the “if you have nothing to hide, you have nothing to fear” line. Oddly, I never hear that line coming from him when Wikileaks, Chelsea Manning or Edward Snowden reveal HIS organization’s secrets.

We use encryption for the same reason we put our snail mail in envelopes: We only want it to be read by the intended recipient. Dealing with that is Comey’s job. Catering to his voyeurism with “back doors” isn’t our obligation.

Thomas L. Knapp is director and senior news analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism (thegarrisoncenter.org). He lives and works in north central Florida.

AUDIO VERSION

 
 

PUBLICATION/CITATION HISTORY

 

Cybersecurity: Beware Untrustworthy Partners

RGBStock.com LockBefore the ink had time to dry on his February 12 executive order “promoting private sector cybersecurity information sharing,” US president Barack Obama launched a campaign to re-write history and make the case for trusting government to bolster network security and data privacy.

“The Snowden disclosures,” Obama told Re / code’s Kara Swisher in an interview the next day, “were really harmful in terms of the trust between the government and many of these companies.”

Well, no. It was the government — Obama’s administration and its predecessors — which betrayed the trust of American enterprise, the American people and the world. Edward Snowden is mere heroic messenger, telling us what we should have already known: That any such trust was misplaced.

The executive order itself raises two key questions: Does Obama not understand network security and data privacy issues? Or is he insincere in his claims to want improved network security and data privacy?

The obvious answer, based on decades of experience, is yes to both questions. Obama’s assurances, “with almost complete confidence, that there haven’t been abuses on US soil,” don’t pass the laugh test.

The US intelligence community has a long history of doing its best to hobble communications security, going back at least as far as 1977’s “Federal Information Processing Standard,” adopted only after the National Security Agency talked IBM into hobbling its Data Encryption Algorithm to make it more vulnerable to the kinds of brute force attacks that NSA could bring to bear.

As the 20th century drew to a close, NSA fought losing rear-guard actions to prevent widespread access to and adoption of strong cryptography. Among the Snowden revelations was that coming out of that period, NSA took its efforts to a stealthier level, spending billions to subvert the crypto they couldn’t stop.  For example, we learned that a leading encryption company (RSA) worked at NSA’s behest to “[i]nsert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets.”

Anyone who believes that these efforts stopped at any point,  don’t continue to this very day, or won’t continue into the foreseeable future  is living in a fantasy world. The US government always has been, and remains, the single worst global  and domestic threat to network security and data privacy. Those two laudable goals are inherently incompatible with trust in Barack Obama or the organization he represents.

If American politicians want real privacy/cybersecurity reforms, here are some suggestions:

First, dismantle the Department of Homeland Security, drastically cut the budgets of US intelligence agencies, and levy draconian penalties for rogue operations targeting Americans for any reason or foreign “cyber warfare” operations absent a congressional declaration of war.

Secondly, repeal the US PATRIOT Act, “Know Your Customer” rules, and other laws putting personal  and business information at risk by requiring its transmission to government.

Finally, forbid government interference or “consultation” in development of private sector encryption standards or algorithms.

That would be a start. Anything less is mere theater.

Thomas L. Knapp is director and senior news analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism (thegarrisoncenter.org). He lives and works in north central Florida.

PUBLICATION/CITATION HISTORY