donderdag 17 december 2015

Take my crypto from my cold dead hands

As much as our society today relies on technology, very few people actually understand how it works. This isn't only reflected in the fact that many of us geeks spend the holidays fixing random computer/smartphone/tablet problems during the holidays but also in the fact that legislators are making assumptions about technology that are ridiculous, if not asinine.

I've heard from several people that calling things ridiculous (or asinine) is not conducive to dialogue. "We need to meet them where they are", they say. "We need to talk in their language", they say.

I have the benefit of playing my euro card. My euro card allows me to be direct, maybe somewhat rude, and to the point. I don't play it often because I like to get along with people but I play it when it is needed. At this point, it is needed.

This week I find myself in the United States and I happened to watch the Republican presidential debates. The candidates were, among other things, adamant about the fact that a government should have access to encrypted communications. It's a debate that has been ongoing for a while now and it always boils down to the same thing : Encryption hampers law enforcement from doing their job. Encryption should be weakened so law enforcement can do their job.

My good friend Meredith Patterson already covered the technical impossibilities of weakening encryption here :

My questions for today are : When did we become lazy? When did we we forget to use science to our advantage rather than our detriment?

Our society has made great strides forward thanks to encryption, and despite of it. The fact that you, today, can do bank transactions, exchange personal and health information, submit online taxes, etc. without having your data compromised is thanks to the advances in encryption. If done right, and not everybody is doing it right, your data is safe and you won't be running to the bank for new credit cards every week or you won't have your personal data exposed in the next breach.

It is the same encryption that is used for good, that could be used for bad. There isn't a single argument one can make that would justify weakening the encryption we use for good. Enabling a government, or any actor for this matter, to intercept or read encrypted data from bad guys weakens encryption for the good guys too. There is no way around that.

Now, the argument is that this is a new problem. This isn't true. It is a lie used by people that don't understand technology and that refuse to acknowledge our history.

The scytale was an encryption method used by the Greeks as far back as 300 B.C. It allowed confidential communications between parties and relied on a piece of paper wrapped around a stick. There is not a single piece of evidence that the Greeks considered to ban access to paper and sticks from the general population because they could use it to send hidden messages.

More recently, during World War II, the Germans used a thing called an enigma machine to encrypt messages. This made it insanely difficult for the allied troops to know what was going on. In fact, they considered they might lose the war due to this. At no point did any of the governments consider to ban encryption because the Germans were using it. At no point did the legislators, in that era, become stupid. No, they relied on science and technology to resolve the problem. They hired a guy called Alan Turing to enable them to read the Enigma-encrypted messages. Technology helped them win World War II.

Now, although the presidential debate I watched tried hard to prove me wrong, I don't think that people - in general - have become more stupid. We need to understand that encryption is necessary for our society to thrive. We need to acknowledge that turning back the clock has never helped a society to make advances.

If we are forced to live in a society that fears technology, the bad guys have won. If we are forced to live in a society that fears encryption, the bad guys have won. Our leaders (and I'm not sure if we call them that today) have a duty to protect us. You don't protect your house by taking out the locks.

Today I take a stance in this debate. You can come and take my encryption from my cold dead hands.

Geen opmerkingen:

Een reactie posten