Stories
Slash Boxes
Comments

SoylentNews is people

New Paper on The Risks of "Responsible Encryption"

posted by mrpg on Sunday February 18 2018, @11:06AM   Printer-friendly
from the double-speak dept.

canopic jug writes:

Riana Pfefferkorn, a Cryptography Fellow at the Center for Internet and Society at Stanford Law School, has published a whitepaper on the risks of so-called "responsible encryption". This refers to inclusion of a mechanism for exceptional access by law enforcement to the cleartext content of encrypted messages. It also goes by the names "back door", "key escrow", and "golden key".

Federal law enforcement officials in the United States have recently renewed their periodic demands for legislation to regulate encryption. While they offer few technical specifics, their general proposal—that vendors must retain the ability to decrypt for law enforcement the devices they manufacture or communications their services transmit—presents intractable problems that would-be regulators must not ignore.

However, with all that said, a lot more is said than done. Some others would make the case that active participation is needed in the democratic process by people knowledgeable in use of actual ICT. As RMS has many times pointed out much to the chagrin of more than a few geeks, "geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone." Again, participation is needed rather than ceding the whole process, and thus its outcome, to the loonies.

Source : New Paper on The Risks of "Responsible Encryption"

Related:
EFF : New National Academy of Sciences Report on Encryption Asks the Wrong Questions
Great, Now There's "Responsible Encryption"

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Paper on The Risks of "Responsible Encryption" | Log In/Create an Account | Top | 52 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by NotSanguine on Sunday February 18 2018, @06:24PM (2 children)

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Sunday February 18 2018, @06:24PM (#639767) Homepage Journal

    Thanks! You made my point for me.

    Secure communication requires that those for whom such communications are intended have access to the means of encryption/decryption.

    As long as those folks are the *only* ones with those means, communication *can* be secure.

    Despite what others may think or blather on about, secure communications are not only possible, but actually happen all the time.

    What's more, even having the *decrypted* version of such a message doesn't necessarily compromise those means.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 4, Interesting) by frojack on Sunday February 18 2018, @09:06PM (1 child)

    by frojack (1554) on Sunday February 18 2018, @09:06PM (#639811) Journal

    Despite what others may think or blather on about, secure communications are not only possible, but actually happen all the time.

    Sure, even SoylentNews uses TLS as a default. Technically it meets your definition of encryption. Is it secure? Chuckle.....

    My email mua is set up to use opportunistic encryption when ever it can. For mMaybe 5 people I know, this works all the time, every time. For the others, they ask me to resent every once in a while because they can't figure out how to get GPG/PGP working on their iPhone or their tablet. or some new toy, and they are away from their main computer.

    Every secure texting platform has been cracked. Some directly by decrypting the transmission, others by compromising the servers or device it runs on.

    So, NO secure communications do NOT happen all the time. The illusion of secure communication is alive and well, at least among some.

    --
    No, you are mistaken. I've always had this sig.

    • (Score: 3, Insightful) by NotSanguine on Sunday February 18 2018, @11:08PM

      by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Sunday February 18 2018, @11:08PM (#639842) Homepage Journal

      Despite what others may think or blather on about, secure communications are not only possible, but actually happen all the time.

      Sure, even SoylentNews uses TLS as a default. Technically it meets your definition of encryption. Is it secure? Chuckle.....

      My email mua is set up to use opportunistic encryption when ever it can. For mMaybe 5 people I know, this works all the time, every time. For the others, they ask me to resent every once in a while because they can't figure out how to get GPG/PGP working on their iPhone or their tablet. or some new toy, and they are away from their main computer.

      Every secure texting platform has been cracked. Some directly by decrypting the transmission, others by compromising the servers or device it runs on.

      So, NO secure communications do NOT happen all the time. The illusion of secure communication is alive and well, at least among some.

      Your points are certainly valid ones. I do however, disagree with your conclusion.

      What is secure communication [wikipedia.org]?

      Secure communication is when two entities are communicating and do not want a third party to listen in. For that they need to communicate in a way not susceptible to eavesdropping or interception.[1][2] Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what was said. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed secure in this sense, although practical obstacles such as legislation, resources, technical issues (interception and encryption), and the sheer volume of communication serve to limit surveillance.

      So yes, the idea that communication can be compromised in most circumstances is absolutely correct. As to the practicality of compromising communication that uses tools that make confidentiality (whispering, hand signals, encryption -- both of content and communications channels, etc., etc.) and/or integrity (face-to-face meetings, recognition signals, handwriting, digital signatures, etc.), that's pretty varied, depending on the methods and mechanisms of such "secure" communication.

      However, the likelihood of a compromise in inversely proportional to the quality of the security mechanisms *and* the effort used to apply them. Given the state of current knowledge and technology, I'm very comfortable saying that communications that *aren't* compromised (hence secure) happen all the time. Perhaps that's splitting hairs, but if so, that's a pretty important hair to split IMHO.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr