While the politicians in Washington and elsewhere are arguing the merits of FORCING Google and Apple to add crypto backdoors into their devices (and Facebook and whoever to add crypto backdoors to their applications), Daesh (aka isis) has already come up with a solution to that problem.
Washington seems to have forgotten the lesson the British learned during the Revolutionary War. Attempting to solve new problems (in this case crypto, in the Brits’ case fighting an unconventional enemy) using old techniques (in this casing passing a law trying to outlaw activities you don’t like, in the Brit’s case in 1775, standing in a straight while wearing bright red coats) will not work. It did not work in 1775 (think the Americans hiding behind trees while wearing dark clothing) and it will not work in 2015 (think Daesh).
Daesh has already figured out that the various slow moving reactionary governments might pass a law making Apple put a backdoor in iMessage so they have thought outside the box.
They have created their own encrypted app. It runs on Android phones – Apple phones are likely too yuppie for them. It is not distributed through the Play Store. Instead it is distributed via the dark web and, though the Daesh help desk. Yes, they have a 24×7 help desk. How corporate.
So after the government’s argue about this for months and then tell the vendors to add a back door if they do, the non U.S., non E.U. vendors will tell the governments to go F%^&*@k off and nothing will be accomplished other than law abiding citizens privacy will be incrementally diminished.
As we learned with Snowden and the Office Of Personnel Management as two examples – and there are plenty of others – the government’s ability to keep secrets in the world of the Internet is, shall we say, somewhat lacking. So, if the governments get what they want – a skeleton key to our communications, what will happen is this.
The dumb terrorists will likely get caught – which is certainly good.
The smart terrorists will use software that doesn’t have a back door and no one will realize that until they try to decrypt it and discover that none of the billions of keys that they have happen to fit this lock.
The government will eventually (probably sooner rather than later) will lose control of the skeleton key and everyone’s communications since the beginning of time will be compromised – because that is could happen if the government gets a skeleton key. Except for the bad guys’ commincations. Those will still be secure because there is no skeleton key for it. The law of unintended consequences.
It is a futile exercise and the sooner people recognize that and come up with different solutions the better.
Its not like this is news – that crypto is here. To stay. People that I know inside the CIA have been telling the Agency for years that this problem is coming and they better work on a solution. Hopefully they have and hopefully, the answer to whether they have is classified and we (and the terrorists) don’t find out.
For all we know, all the noise coming from FBI Director Comey is just that – noise – and they have already figured out how to bypass the encryption but they want the terrorists to think that it is a problem for them. Likely, if they have bypassed it, it is not because they have figured out how to solve some extremely difficult mathematical problems of factoring really large numbers but instead it is because the software is buggy. Not that Apple or Google write buggy software. Really. Come On. Adobe and Microsoft just released patches today to over 140 bugs. That’s just for this month and just for those two vendors. But I am sure that everyone else’s software is bug free.
While I would prefer my communications to be as secure as possible, I also understand that a nation state, with the resources of one, has the ability to do things that the average – or even good – hacker cannot do. We need to continue to improve the security of applications and the intelligence community needs to continue to improve their efforts – an old fashioned arms race that I am fine with.
But Washington and London need to figure out that trying to legislate the problem away will not work.
My two cents.