Attacks on encrypted communicxatiopn rising in Europe

Ben McGinnes ben at adversary.org
Wed Aug 24 20:35:23 CEST 2016


On Wed, Aug 24, 2016 at 10:37:35AM -0400, Robert J. Hansen wrote:
>>
>> P.S.  We may be in the Second Crypto Wars, but the genie is out of
>>       the bottle, so that sense of "oh noes, the governments is
>>       coming for my cryptoes" just isn't there so much.
> 
> Yeah, which is why I find both sides of the privacy absolutist
> debate to be ... pretty much comically missing the point.

It's even more amusing if you've ever run the numbers on any country's
direct economic benefit from Internet commerce (which usually doesn't
count things like banking online).  I did for a white paper released
in 2009 during Australia's "clean feed" Internet censorship debate and
the figures were massive and growing at a ridiculous rate.

For any country with an equivalent GDP or larger (and most smaller),
mandatory backdooring of encryption is economic suicide.

> Tor, cgiproxy, GnuPG, Signal, and other such tools are out there and
> aren't going to go away.  All proposals to require backdoors are
> silly, because so long as just one nation has no such requirement
> those tools will continue to exist and development will continue
> pretty much without interruption.  So the "backdoor everything!"
> crowd is completely barmy.

Exactly.  Sometimes governments will produce some ridiculous things
which nearly become law, my own came precariously close to it a year
or two ago ... which is why one of the first things I added to any of
my commits for the GPGME stuff was a completed ITAR questionnaire.

So much confusion and FUD simply because the term "public domain"
means "no copyright/no license" to most civilians, but means "publicly
available" to DoD.

> But so too are the privacy absolutists who believe that law-enforcement
> is doing something morally wrong when they try to break Tor's anonymity
> in the pursuit of awful people.

Ah, but if they were true absolutists then they wouldn't need these
things because it would be absolutely sacrosanct.  ;)

> I find the current state of detente to be pretty good, actually.
> We're allowed to design the best systems we can, and governments are
> allowed to discover where we're not as clever as we think we are.
> If there's a flaw in Tor and the FBI uses it to pierce anonymity and
> go after a bad guy, I can get behind that.  Way to go, FBI, you did
> it right, now please hold on while we figure out how you did this
> and write a patch to keep you from doing it again.

Right.  Then there's the recent-ish revelation that SSL/TLS was doing
stupid things with sharing primes (maybe SSH was too), which was
almost certainly why all the NSA docs we've seen so far from Ed
Snowden kept referring to SSL as breakable and not so with GPG.

> I guess you could say my preferred solution to the crypto wars is to
> encourage an ongoing escalating crypto arms race.  It's crazy, but
> it seems to work.

It works because it accepts the reality that one side will keep trying
to take power and hoard it, while the rest of us instinctively reject
it (no matter how much we may or may not agree with those attempting
to seize that power).

It starts becoming a problem, however, when I'm viewed as an evil
bastard because I don't show enough loyalty to the United States by
objecting to the NSA reading everything I write no matter what it is
or who it is intended for.  Even though I'm not an American citizen,
or resident ... and the last time I was in America was 30 years ago
(30 years, this month actually).  Because really, that's just stupid,
but I've lost count of the times I've heard it.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: </pipermail/attachments/20160825/65b4b0e2/attachment.sig>


More information about the Gnupg-users mailing list