---------- Forwarded message ---------- From: Michael Kjörling <michael@kjorling.se> Date: Sun, Jul 12, 2015 at 11:16 AM Subject: Re: [Cryptography] Ad hoc "exceptional access" discussion at Crypto'15 ? To: cryptography@metzdowd.com On 11 Jul 2015 21:36 -0700, from hbaker1@pipeline.com (Henry Baker):
"Exceptional access" is the term used in the recent MIT "Keys under Doormats" report. One reason for a discussion session is to come up with better arguments to explain to non-tekkies what the issues are, and why the FBI should be careful what it wishes for.
There's always the possibility of just asking said non-tekkies: - If the government can't keep their secrets safe (even ignoring various insider attacks like Manning or Snowden, let alone that which happens at the hands of disgruntled law enforcement officers or curious medical practitioners; see e.g. the recent US _Office of Personnel Management_ breach, or the illicit telephone wiretapping mess in Greece a few years ago which AFAIK hasn't ever been attributed to anyone), - If the companies that make software designed to allow spying on people can't maintain security (see e.g. the recent _Hacking Team_ episode), - If large multinational corporations can't maintain security (see e.g. the recent _Sony_ episode), - _Then why_ should we trust any of those to, in addition to their own secrets, keep _our_ secrets safe? Why should _I_ trust them to keep _my_ secrets safe? I obviously might not be able to do _better_ (and frankly, am unlikely to be able to do significantly better) than any of the above, but at least I'm not creating an _additional_ extreme-value-target treasure trove which I then fail to adequately protect. I sometimes compare data encryption to locking your house. (Most people accept that, even though they aren't doing anything illicit in their homes, they don't want strangers rummaging through their belongings.) In that comparison, "exceptional access" would be a sort of global master key that allows trivial unlocking of _any_ locked door, in such a way that does not trigger any alarm system or anything else similar that the home owner might have installed. -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography