Encryption Workarounds Paper Shows Why 'Going Dark' Is Not A Problem, And In Fact Is As Old As Humanity Itself

from the you-don't-know-what-I-know dept

It was October 2014 when FBI Director James Comey made his famous claim that things were “going dark” in the world of law enforcement because of the increasing use of encryption. Since then, Techdirt has had dozens of posts on the topic, many of them reporting on further dire warnings that the very fabric of civilization was under threat thanks to what was claimed to be a frightening new ability to keep things secret. Many others pointed out that the resulting calls for backdoors to encryption systems were a stunningly foolish idea that only people unable to understand the underlying technology could make.

One Techdirt post on the topic mentioned a great paper with the title “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications,” which ran through all the problems with the backdoor idea. It was written by many of the top experts in this field, including Bruce Schneier. He’s just published another paper, co-authored with Orin Kerr, who is a professor at George Washington University Law School, which looks at the other side of things — how to circumvent encryption:

The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target’s data that has been concealed by encryption. This essay provides an overview of encryption workaround.

The various possibilities are largely self-explanatory:

We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use.

What’s interesting is not so much what the workarounds are, as is the fact that there are a number of them, and that they can all work in the right circumstances. This gives the lie to the idea that we are entering a terrible new era where things are “going dark,” and it is simply impossible to obtain important information. But as the authors point out:

there is no magic way for the government to get around encryption. The nature of the problem is one of probabilities rather than certainty. Different approaches will work more or less often in different kinds of cases.

Schneier and Kerr go on to draw an analogy:

When the police have a suspect and want a confession, the law gives the police a set of tools they may use in an effort to persuade the suspect to confess. None of the interrogation methods work every time. In some cases, no matter what the government does, suspects will confess. In other cases, no matter what the government does, suspects will assert their rights and refuse to speak. The government must work with the inherently probabilistic nature of obtaining confessions. Similarly, the government must work with the inherently probabilistic nature of encryption workarounds.

That analogy reveals something profound: that the supposedly new problem of “going dark” — of not being able to find out information — has existed as long as humans have been around. After all, there is no way — yet, at least — of accessing information held in a person’s mind unless some kind of interrogation technique is used to extract it. And as the analogy shows us, that is exactly like needing to find some encryption workaround when information is held on a digital device. It may be possible, or it may not; but the only difference between the problems faced by those demanding answers thousands of years ago and today is that some of the required information may be held external to the mind in an encrypted digital form. Asking for guaranteed backdoors to that digital data is as unreasonable as demanding a foolproof method to extract information from any person’s mind. We accept that it may not be possible to do the latter, so why not accept the former may not be feasible either?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Encryption Workarounds Paper Shows Why 'Going Dark' Is Not A Problem, And In Fact Is As Old As Humanity Itself”

Subscribe: RSS Leave a comment
11 Comments
discordian_erissays:

It has never been about encryption per se. It has always been about power and essentially, laziness. Why actually investigate something when you don’t have to? Easier to coerce a confession, false or real doesn’t matter. Just a conviction. If breaking someones encryption is the easiest APPARENT way to ‘solve’ a crime, it’s a no-brainer from the LEO perspective.

People need to remember, it never has been about ‘justice’, just closing cases.

Anonymoussays:

Re: always been about power

|

“…never been about encryption… It has always been about power..”

Yup. Our politicians insist that they (“government”) have an inherent ?right to know? about all the private matters of the entire American citizenry. They do not say that openly, but it is obvious from their daily actions (“collect it all”). Obstacles like citizen ‘encryption’ MUST be neutralized across the board… to secure the government’s perceived “right to know”!

But politicians/judges/bureaucrats have no “rights” whatsoever– only very limited authorities granted by the citizenry in legal form (Constitution). There is no general “right to know” for government, even in the courts.

There NO exceptions to the 4th Amendment for national security, law enforcement, or border searches. Politicians sitting on the US Supreme Court blatantly ignores that fact.

Despite this fundamental truth, our self-imagined rulers arrogantly demand that Americans acquiesce to massive invasions of privacy… due to whatever the latest political crusade happens to be for these rulers — yet they insist on strictly maintaining their own state secrets privilege from the very people who hired them (citizenry).

U.S. government obvious desire to closely watch & control the American populace is self-evidently an extreme dangerous to liberty.

Anonymoussays:

on the basis of an individual case,

the transmission or storage medium has never been the weakest point. It has only ever been the penetration point easiest to automate.

Which is to say the feds beef isn’t that it can’t investigate. It’s beef is that it can’t snuffle everybody’s traffic at will and then use parallel construction to selectively persecute whomever it wants.

Which really seams to be driven by Comey himself rather than the FBI as an institution. Where this guy gets off thinking the FBI is a tool for his god appointed role as a king maker, I will never know.

trollificussays:

Re: Re: on the basis of an individual case,

Well, the first step is obtaining the power, under the guise of, of course, national security.

The second step is USING the power for more…personal gains than just the security of the nation.

Step One has been ongoing for quite a while, not surprising to see the intelligence community flex its power now.

Anonymoussays:

Getting convictions

Let’s not fool ourselves. The angst and fear tsunami from LEO is not about anything other than low hanging fruit convictions. What is evident to me, as wrong or right as it may be, is that LEO wants easy work. Well, I’d like that too, but hey, it’s just not happening.

No more than the average person, I don’t want to die in an attack. But on the flip side, I don’t want to give up privacy.

Many say that if you’re not breaking the law, then why are you so concerned about being monitored? On the surface, and without thinking about it, that’s a pretty strong argument for a total surveillance state. Afterall, if it’s illegal, then why should someone expect their “doin’s” to be private?

The reason, for those that don’t see it, is that not everything the state thinks is wrong is a crime. At one point, dating someone of a race other than your own was criminal. Smoking pot is illegal according to Federal law, but is legal in many state laws.

What is reprehensible is that if one dares to raise the issue of Jury Nullification, that is a felony in many states.

I’ve no answers. I wish I did.

Anonymoussays:

Re: Re: Getting convictions

As has been demonstrated recently in the U.K., total surveillance does not prevent attacks, even when the person who carried it out was known to the security services. Indeed total surveillance is counterproductive at two levels, it increases the risk of individuals taking violent action, and it overloads the security service with false leads, taking their eyes of of known risks.

The first risk is due to the isolating effect of a surveillance state, people who are dissatisfied with the state think that, and with some justification, talking about their dissatisfaction and trying to organize change is liable to get them into trouble. This drives some people into seeking out those organization that will help them to take violent action, or simply claiming affiliation to magnify the effect of the action that they take.

People need a degree of privacy, and need to feel that they can talk about their dissatisfaction with governments without being promptly targeted as a potential terrorist.

Anonymoussays:

totally agree with the laziness assertions. people who don’t really want to work but want all the credit and reward for having done it.

[another matter: it’s time to give some thanks around here.
thanks to the russians for showing us we have traitors in government and in business.
thanks to the traitors for showing us the wisdom of the founding fathers (and mothers).
thanks to the founding fathers and mothers for giving us a nation with the resilience that can withstand even this treachery.]

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow