IETF Logo Mail Archive

Re: [saag] CNN Says: Encryption a growing threat to security

Bernard Aboba <bernard_aboba@hotmail.com> Tue, 04 August 2015 07:56 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06ADB1B36E8 for <saag@ietfa.amsl.com>; Tue, 4 Aug 2015 00:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xc6XQS2-lhWI for <saag@ietfa.amsl.com>; Tue, 4 Aug 2015 00:56:57 -0700 (PDT)
Received: from BLU004-OMC4S29.hotmail.com (blu004-omc4s29.hotmail.com [65.55.111.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5956B1B36FA for <saag@ietf.org>; Tue, 4 Aug 2015 00:56:56 -0700 (PDT)
Received: from BLU406-EAS350 ([65.55.111.135]) by BLU004-OMC4S29.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 4 Aug 2015 00:56:55 -0700
X-TMN: [wJWPenAdQT17bH7NkuSpCUpgrZeK+46Zil5g8Co7LG8=]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU406-EAS35078047FB794D725DA4A9093760@phx.gbl>
Content-Type: multipart/related; boundary="_6220d5bc-2a1e-4f75-a806-c4b454bb295e_"
References: <29B747CA-4723-47B4-9588-A81A89DCEB07@gmail.com>
From: Bernard Aboba <bernard_aboba@hotmail.com>
MIME-Version: 1.0 (1.0)
In-Reply-To: <29B747CA-4723-47B4-9588-A81A89DCEB07@gmail.com>
Date: Tue, 04 Aug 2015 00:56:50 -0700
To: Yoav Nir <ynir.ietf@gmail.com>
X-OriginalArrivalTime: 04 Aug 2015 07:56:55.0684 (UTC) FILETIME=[21D09C40:01D0CE8B]
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/feZdKa0aYDk2MR3OYHC_tUBtdx0>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] CNN Says: Encryption a growing threat to security
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 07:56:59 -0000

It is important to read between the lines of these statements, which concern data at rest, not in transit. Encryption of data at rest is simultaneously not widely deployed enough and at the same time, difficult to overcome for law enforcement agencies lacking the funding and sophistication of military and surveillance agencies.

Those agencies, who understand the technology and trade offs much better, have either been silent on the subject, or have alumni who now openly oppose the proposals from
Law enforcement. 

We have seen this movie before. It matters little if CNN pretends it is a new release rather than a remake.



On Aug 3, 2015, at 11:41 PM, Yoav Nir <ynir.ietf@gmail.com> wrote:
> 
> http://edition.cnn.com/2015/08/01/opinions/rogers-encryption-security-risk/index.html
> 
> If encryption is so dangerous to security, why does the US government use it so much?
> 
> Both the article and the video contain a bunch of nonsense, but I worry a lot about this kind of message being sent to the public by a trusted source such as CNN.
> 
> I think the worst of this is presenting the issue as if this “master key” scheme is in the interest of the public, whereas the only downside is the bottom-line of corporations. So all those tech companies resisting such mandates are just heartlessly putting profits before the safety of the people. It’s a powerful message, and I’m afraid a lot of people, even well-educated ones, are buying it.
> 
> IMO key escrow with a private corporation is marginally worse than key escrow with the government, but both mean that we can’t trust the encryption. In the old Perry Mason novels, private detective Paul Drake would go to his friend at the phone company, slip him some money and get the phone records for whoever Perry Mason suspected. I guess in this brave new world that Mike Rogers is advocating the new Paul Drake would go to his friend at Google and get their TLS keys. In such a world, I don’t know if it’s prudent for my doctor to send me the result of my blood test over HTTPS, or for companies to move personnel records from one data center to another over the Internet. Back to a guy with a briefcase handcuffed to his wrist?
> 
> Yoav
> 
> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email