Nerds on the Attack: The Most Important Shot in the New Crypto Wars
The nerds have shot back. For those of us who remember the “crypto wars” during the Clinton Administration, it was the technical takedown of bad encryption plans for the Clipper chip by security leaders which acted as data security discussion’s denouement. When cracking open encryption was proven at the technical level to be bad practice for everyone – government, law, business, private citizens – it was time for the snooping and surveillance advocates to take their ball and go home. Ever since, we’ve enjoyed the ability to implement encryption for better privacy and stronger business security. You can even draw a link from stronger crypto to the great tech companies that popped up and thrived before and after the Dot Com Bubble.
This week, we may have heard the first blast from the tech nerds in the new crypto wars. Weakening encryption and sharing keys at will are irresponsible and technically improbable measures, according to a paper published by a widely respected group of international encryption experts. (You can read the PDF of the paper here.)
As stated in the paper’s abstract: “We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse ‘forward secrecy’ design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.”
The 36-page report serves as a reset, a level-headed review of what would happen when cracking open encryption and doling out keys. Past the geeky breakdown of key management and today’s Internet underpinnings, experts in the paper get to the core lunacy behind a world with massively compromised data security in the sake of vague fear. It comes at a vital time in the debate – ahead of more testimony by U.S. law enforcement where it’s expected they’ll once again trot out encryption as the sole nefarious weapon used primarily by terrorists, North Korea and child predators.
As Bruce Schneier, one of the report’s authors, argued separately in a Q&A earlier in the week, law enforcement is strengthened from good encryption. While the external talk from many in U.S. government has been around finding back-doors or access, they’re plenty busy with other plans to dig into data and analyze the greatest trove of information in human history. I’m looking at you, Plan X. (Meanwhile, across the pond, the U.K. government seems content with a devil-be-damned strategy of walking into a new, unencrypted tomorrow.)
The new crypto wars have largely been a quagmire of misinformation. The experts have now provided everyone with a stark assessment on the crucial need for strong, uncompromised encryption.