[tor-project] Human rights and encryption op-ed in Foreign Policy

Cindy Cohn cindy at eff.org
Thu Sep 15 18:45:10 UTC 2016

> On Sep 14, 2016, at 11:58 PM, dawuud <dawuud at riseup.net> wrote:
> Greetings,

Hi David,

You know I didn’t write this, yes? It’s just a piece written by my partner, who is a pretty famous war crimes investigator. And you know that it already ran in Foreign Affairs magazine, yes.  So while I wasn’t really seeking comment, a few thoughts below.
> Responding inline;
>> There is no guarantee that a golden key will work, given the facility in which rogue hackers from all over the world can develop their own encryption tools. In February, a study by the Berkman Klein Center for Internet & Society at Harvard University focused on some 865 encryption products from 55 countries, two-thirds of which were built outside of the United States. Of these, roughly two-thirds are commercial and the others are open source, even though some of the free products are only libraries that contain building blocks rather than whole encryption systems. Given the resources available to ill-intentioned hackers, it would therefore be impossible to stop them from building strong encryption applications of their own.
> Might there be other valid definitions of a "golden key”?

Of course, but he starts the piece by defining what he means, by reference to the Feinstein/Burr bill:

" encryption bill that would require companies to “comply with court orders to protect Americans from criminals and terrorists.””

You might not like this definition but I don’t think the piece is confusing on that point.

> In my view a golden key is obviously an operating system software
> update signing key and it is guaranteed to work.
> http://arstechnica.com/security/2016/02/most-software-already-has-a-golden-key-backdoor-its-called-auto-update/

Also, I think this is talking to a different audience than Ars.  Honestly, the term "Golden Key” has been used by the government as well as folks like us at EFF since the 1990s to refer to a wide range ways for the government to get access to the plaintext of something that’s encrypted without the cooperation of the encryptor so I don’t think it’s misused here.

>> Instead, building encryption software with a golden key for government access would gravely compromise security for law-abiding citizens around the world, as it would encourage criminals and terrorists to build their own illegal software to frustrate the authorities and leave those without the technological skills—most of the world—more vulnerable to attack.
> Are you saying that cutting edge security software necessarily gets
> developed by criminals and terrorists?

No, that’s not what it’s saying. It says that even if you try to block strong encryption from regular people, criminals and terrorist will still get it. And then you get the worst of both worlds — ordinary people are not protected and surveilling criminals and terrorists is still hard for law enforcement.

> In that argument lie slippery
> slopes. I can tell you certainly many computer security researchers
> have been accused of criminal activity but let's not perpetuate that
> stereotype.

I certainly do.   I’ve spent now about 26 years and counting defending computer researchers, starting with Dan Bernstein in the Bernstein v. DOJ case. And of course Patrick has been offering encryption for about the same amount of time to keep people around the world safe.
> Again my point above regarding for example Debian's package signing
> keys, they weren't intended to be a "golden key" but it turns out they
> are.  Yes crypto is used but we need cryptographic group signature
> schemes to protect against key compromise.

I think you’re misreading what he’s saying.  Sorry. He’s not attacking anything called a “golden key” by anyone ever.   He’s attacking what the Feinstein/Burr bills requires.
>> Journalists in the United States are also using strong cryptography, such as an innovative program called SecureDrop, which enables whistleblowers to share information with media organizations securely and anonymously. This is especially important for whistleblowers with information on malfeasance by officials in local, state, or federal government. As in foreign countries, protecting free media requires security against government snooping.
> Actually SecureDrop doesn't have any end-to-end crypto unless the
> source encrypts the document with the journalist's PGP key.  I know
> that SecureDrop uses Tor onion services which does provide end-to-end
> transport crypto but that's not the same as application level end to
> end crypto. In the worst case scenario if the SecureDrop server were
> hacked the attacker could read these documents that were submitted
> without PGP encryption.

That’s why it says “enables” and not “always does it perfectly.”
> In Ka-Ping Yee's most excellent paper "User Interaction Design for
> Secure Systems" ( http://zesty.ca/pubs/icics-2002-uidss.pdf ) he
> describes various principles and properties that secure software
> systems should have and one of them is called the Principle of the
> Path of Least Resistance which can be summarized as "the natural way
> should be the secure way". This means that the user is going to do the
> easiest thing therefore if there is an extra action that need be taken
> for additional security then this will be neglected.

We are in strong agreement, it seems. But we’re in a very hard fight with the government which wants to effectively ban strong encryption.   That’s why people like me at EFF and Patrick from his role in the international human rights community are working hard to reach out beyond tech communities, like to the readers of Foreign Policy, to try to explain this to them in language that they can understand without having to read technical papers. Because if we stay in our technical silo, we’ll lose.


> sincerely,
> david
> _______________________________________________
> tor-project mailing list
> tor-project at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

Cindy Cohn
Executive Director
Electronic Frontier Foundation
815 Eddy Street
San Francisco, CA 94109
(415) 436-9333 x108
----Cindy at eff.org
---- www.eff.org

Join EFF! https://supporters.eff.org/donate

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160915/3a7323f2/attachment.sig>

More information about the tor-project mailing list