Responding to the most tempting target even though it is several
days old...
--On Saturday, December 07, 2013 10:01 +1300 Brian E Carpenter
<brian.e.carpenter@xxxxxxxxx> wrote:
>...
> ...this is a social, economic and political issue outside the
> IETF's scope. Our ethical obligation as engineers is clear to
> me: make the Internet as secure as possible, from all security
> points of view including privacy. Actually the recent
> revelations don't change a thing except that they have brought
> a well understood attack model into public view and underlined
> that we need to defend against it.
While I favor the principle, I'm not so sure about the ethical
obligation, especially from the perspective of my background in
political communications and their effects.
Consider the following scenario:
(1) We conclude that access to the free flow of
information, including across national boundaries, and
access to the Internet as a medium for such flows, are
desirable. Note that this is implicit in
frequently-repeated statements such as "The Internet is
for Everyone".
(2) Some government concludes that, as a matter of
national security (its definition), it should declare
the use of encryption illegal [1] and block all Internet
traffic and connections that involve pervasive
encryption.
Now, keeping in mind the conclusion in the first statement, the
very long history of transmission and sharing of coded
information in apparently clear-text messages, and that
application of the second statement would essentially disconnect
the population of that country from the Internet if encryption
were pervasive, are you sure that:
(i) Trying to insist on pervasive encryption is an
ethical obligation?
(ii) That population, including but not limited to
whatever subset of it wants to openly discuss or change
the behavior of the relevant government, is better
served by pervasive encryption (and hence being cut off
from the Internet) than being left connected and with
alternatives that have historically included encoding
information into seemingly-innocuous message flows?
I want to stress that I'm not arguing for or against pervasive
encryption here. I'm also a long term advocate of encouraging
countries who want to disconnect to do so, especially when their
doing that would have obvious and severe negative economic or
political consequences. I just think we should be careful about
starting to base our reasoning and conclusions on perceived
ethical imperatives, especially without sorting through the
possible scenarios consequent of such conclusions.
I also want to suggest a thought experiment as an exercise
before I go back to lurking. One of the more frequent arguments
for pervasive encryption of traffic passing over the Internet is
to drive up the costs of those who would engage in pervasive
surveillance by forcing them to decrypt everything. Suppose
instead that everyone adopted the practice of including either
encrypted message components or seemingly-random blocks of text
or strings or seemingly-random words in every message, web
pages, or other protocol transaction while leaving other
portions of those messages, etc., in the clear, taking advantage
of the observation that a really well-encrypted message is, with
the exception of header or envelope information, superficially
indistinguishable from noise. That would make it harder to
block traffic simply because it was encrypted but would still
require the surveillance agency to attempt to decrypt those
blocks of text (many of which could not be decrypted even with
unlimited resources because they contained no information) to
determine whether they carried messages of interest.
Of course the use of that approach would not prevent the use of
strong encryption, just as today, if someone thought it
necessary.
With the understanding that these questions are part of that
thought experiment but otherwise purely rhetorical,
-- Would we be more or less secure as a result of that
sort of practice?
-- Would the Internet be accessible to more or fewer
people with that approach than with pervasive encryption?
-- Especially noting that some code-breaking techniques
become easier with larger bodies of crypto-text and that
content-free noise that is superficially
indistinguishable from encrypted text may be worst
nightmare for some other techniques, how would that
approach compare to pervasive encryption from the
standpoint of costs to the would-be surveillance agency?
--john
X416q9zYedFlZIMPw/6jL+tfT+omtap3A9xg1s8aXxI6IfaQ6zcwLGDW/iuKMDXa
PKQ2eekXgg7m5pJ6tCpCD8lvH26rnS3R0NYdPyCivwB6l/dIHd9jUfPkOEnzx5rB
/V95CLCVopT/z2CRLR9g3+wI3BBSaG5jwR6xTvAJ5mpGMyVNFFuRx5xtL5QgYFYF
cXDQggDq7OR2NGN8U9kUrUqzkpCpWLVezMYk9oiiUEH+EXw4YBMZj1vX7JotkV43
lK1oBQMf4cFyEPqix0bAx6HoHFOpMHXSNzShzssLNDGlF8v8GsaExngqvQcuGzO1
OUJddtJK9A3p+up6S7EFiqNb6a3/wVZdzF7xlszJXF3fXc09JzUNuvuzJr/klRGJ
oVa0c90ga553i2yxzqAKOilAeV192j7O6GXQMzI3IFTGUyB92nh3wR7xB+A9esLG
efDXBvci3pQLSkIRKTiP4C/zL1pgcCU631hyaNcfAZYK0ch59EbeZbPtj+IUCgCT
pN20WVuoVjXQ8K9j7KEgFgJpFeKH7AC7cm4WSwGnlxywEkoNhNs80aSkcTN2jjJ/
ROuozyFKPfhMuExii84WLM+BfSBTTWESK+w2xBfpX5KVsD6ybenNgjaCxVJE90n6
Y7QTAeqihkogo53dPBl6D+L7JIlh+nVkIGh4bkImTKwjUAdtOYM7hDiaj+eUfJIw
5eYjDlWup53uGdcSGg5WsaT5uUQhHbg/l8GgKNniMFaYdG2TLUSK2ZbJ6FfBTZIB
1wsrNBw7NAliBzjxyvZZ1KMA0ZZyPzM32FdtNlb/DpZxr5WoZWNmeij2F0tZ5evL
4YMsKtw8PWp6lGfuzIVFqL2zZJKASzEMUpjBGhCD658NuHFNNX94Mc6e5wes+DHy
biXkzAxj+2zzGxMfNa1DRrRW8ENzjTuaPQCeOdD9je3sAXRl4gqaCBkMczx3CYWt
:-)
[1] There is lots of precedent for conclusions of that type,
including among governments usually considered friendly to
individual freedom.
>
> We don't solve (e.g.) consumer protection issues by allowing
> the Internet to trivially breach privacy.
>
> Brian