Categories
Politics

Encryption Bad, Police Good; Upvotes to the Left

I am exhausted. This whole anti-encryption rant is such a crappy straw man that I am actually surprised it works on people. Barr should drop the shtick and tell people what is really going on: The Government want unfettered access to anyone’s device on a moment’s notice. Granted, this is prohibited by the constitution, but why not try anyway?

Honestly, we live in times when encryption is the rule, instead of the exception. It’s in all of our tools, on all of our machines, wrapping all of our traffic and it comes in a tremendous number of flavors. Saying encryption on iPhones is bad is like saying curtains in houses are bad because they stop you from seeing in. It’s a stupid argument because the premise is stupid. We have a right to private communications, we don’t have to let government in.

Exploitative FBI

This comes at a time when some iPhone hacking groups and exploit — ahem, I mean, security groups are not buying new iPhone exploits because they claim they have a surplus of them. So how is it that the FBI, a national agency that has connections to the NSA, CIA and more cannot get into an iPhone they have physical access to when there is a glut of iOS exploits in the market? Does this make sense?

Of course not.

Hmmm…

They want the access because they don’t want to have to pay for exploits, or the talent to find them. Maybe they’re behind? Maybe it’s just a power play to grab more rights back from the people. I don’t know. It’s odd they haven’t mentioned any Android devices or the BitLocker encryption on millions more devices that should, in theory, be as hard to access, and yet no word from AG Barr on those devices.

I’m honestly glad that they’re being so blunt about it. It’s easier to see the real intention behind it. Though people will still fall for it. I see no end to the “Punisher Skull”/”Thin Blue Line” stickers on people’s vehicles. People want to be told what’s best for them, rather than looking for themselves. Including those ninnies who show up to various state capitals, protesting stay-at-home orders, heavily armed (“open carry”) because they can’t get their hair cut.

Categories
Rants

FBI vs. Apple: Round 2

Ah, the good old false trade-off: Security or Letting the Terrorists Win and Kill Your Children. Once again, we have Apple being asked by the FBI to unlock or build back doors that “only law enforcement” (read: any bad guy) can use.

Look: I’m sympathetic to law enforcement. They have a tough enough time dealing with the literal worst of humanity and having to piece together the crimes that are comited by said. This is made more difficult when one of their suspects (or criminals) has encrypted some information. Because we have a codified right to privacy, it is reasonable to argue that giving up passcodes and other privacy stripping keys is not something we should have to do, no matter the case, as we’re all equal under the law (the Constitution being the “highest” of those laws).

This fight is further exacerbated by the fact that this is not the first time that Apple has reasonably denied these requests. It would damage their brand, their customer’s security and give an already powerful governmental department sweeping access to stuff it wouldn’t (and shouldn’t) have access to on it’s own. All in the name of “security”. The subtext of all of this is some what sadder: Despite all the massive surveillance that is being done on Americans, we still cannot stop domestic terrorism from happening. Giving the FBI or any entity, aside from the consumer, access to a device that has become the epicenter (for better or worse) of many people’s lives goes counter to our rights.

What about providing a sort of “key escrow” for law enforcement? It would be a semi-reasonable method of giving everything they want, in theory. Law enforcement would have the ability to decrypt data that they would presumably have proven their need to access. The user would still have encryption that is difficult to impossible to break in a reasonable manner and their rights are respected.

The main problems with this scenario are:

  • Who do you give these keys to?
  • What legal recourse do you have if they loose, leak or otherwise provide (willingly or not) keys to someone who should not have it?
  • How do you get millions of people, companies and devices to enroll in this system when free, strong and cryptographically secure code and systems exist in the wild and aren’t going anywhere?
  • Criminals are obviously not going to enroll, so it defeats the point.

Not to mention the massive organizational nightmare it would be to ensure keys are tied to the right person, device or organization. The whole idea is infeasible on any sizable scale.

I wish the general public would be more aware of the erosion of rights. All too often we just allow our government to trample over us because it’s convenient or we’re lead to believe that it’s “for the greater good”. When in actuality we could take some pointers from France, England and Italy where when their governments do wrong, people protest. We need some of that fire back in America, not this anesthetized complacency.

Categories
Politics Rants

Break Encryption … For the Children!

“W-whut about the children?!

That old chestnut. This was brought up a while ago, and I’m pretty sure I covered it — though it’s been lost to the ether (or rather, a zipped up Git repo somewhere). The Government super double pinkie swears that it will never let their backdoor key to encryption be used for nefarious purposes and that military and banking solutions won’t be affected.

Yeah. That sounds awesome. If you live in a fantasy. In a perfect world, we wouldn’t need encryption at all, because no one would poke into shit that isn’t theirs. Unfortunately we live in a world where world leaders act like teenagers and the rest of the adult population is scarcely above that. The idea that the government would have a double-plus good backdoor key that could never be used by anyone except them, and only for lawful purposes is so laughable, I’m not even sure how it became a talking point.

This, you need to remember, is using it’s allies to spy on it’s own citizens. Hoovers up as much data as it can (especially encrypted data) and stores it on scales scarcely seen before. That information could never be used to bully someone or even creep on women. I’m sure the secret FISA court, that doesn’t have any public records, has the public’s best interests at heart. Well, we’ll just have to trust them, because it’s all top secret.

So, no, I don’t think that the government can be trusted with a secret backdoor that unlocks all my communications, no matter how benign. No one should. You need only to look at Saudi Arabia, China or Russia and even the UK for regimes who routinely abuse their power to bully and influence people with information gathered by massive dragnet systems.

I am, however, afraid that this might already be too late. We’re already willing enough to hand this information over to private corporations, who only have a duty to their shareholders. We see breach after breech happen, spilling all of our personal and private information across the Internet — all to an apathetic public. Maybe I’m just part of the last generation going through the throes of rejection before privacy is fully eradicated.

Update: Can’t forget about them just bypassing normal law to request information from companies. Wouldn’t want that pesky legal process to get in the way of their investigations.

Categories
Computers

PGP’s Longevity

I recently came across an article on Mastodon regarding the state of PGP/GPG.

It lists out some really compelling reasons why PGP shouldn’t be used as well as providing alternatives. Many of these tools are easier to use than GPG/PGP and are, frankly, more popular. Thinking about this, it had been absolutely forever since I had actually used my GPG key for anything other than signing my git commits. While I guess that is still a good use for it, I may not bother anymore. Are we in a post-GPG encryption era?