{"id":15332,"date":"2018-04-16T08:33:01","date_gmt":"2018-04-16T13:33:01","guid":{"rendered":"http:\/\/huewhite.com\/umb\/?p=15332"},"modified":"2018-04-16T08:33:01","modified_gmt":"2018-04-16T13:33:01","slug":"were-after-the-unsavvy","status":"publish","type":"post","link":"https:\/\/huewhite.com\/umb\/2018\/04\/16\/were-after-the-unsavvy\/","title":{"rendered":"We’re After The Unsavvy"},"content":{"rendered":"

On Lawfare<\/strong><\/em> Alan Rozenshtein\u00a0talks<\/a> about the encryption debate and just who’s the target – not terrorists<\/em>:<\/p>\n

My experience\u2014which accords with what I\u2019ve heard from many seasoned prosecutors\u2014illustrates the critical importance of default settings. It\u2019s been widely\u00a0known for decades<\/a>\u00a0that only a sliver of users ever change the settings on their devices, or even know that the settings are there for the changing. And if users can\u2019t be bothered to change easily accessible settings, they certainly won\u2019t go to the trouble of switching smartphones or messaging apps just to frustrate law enforcement. But when\u00a0WhatsApp decides<\/a>\u00a0to make end-to-end encryption a default setting on its already immensely popular messaging program, the communications of a billion people are suddenly warrant proof. That\u2019s the stuff of law-enforcement nightmares.<\/p>\n

There\u2019s no question that sophisticated bad actors\u2014whether terrorists or spies\u2014won\u2019t just settle for the default setting. They\u2019ll always find a way to encrypt their communications, whether by adopting products that don\u2019t fall under national laws mandating third-party access or by taking technological countermeasures. (For instance, bad actors can sideload secure messaging apps that might otherwise be restricted from the Apple or Android app stores).<\/p>\n

But end-to-end encryption won\u2019t cripple counterterrorism investigations. (If this were a serious concern, one would expect a former NSA director to lead the charge against end-to-end encryption, not\u00a0support its wide deployment<\/a>.) There aren\u2019t that many would-be terrorists, and the ones who exist get ample attention from the FBI and U.S. intelligence agencies. At such a high ratio of good guys to bad guys, the government can generally get around encryption where it needs to, whether by paying\u00a0millions of dollars for third-party hacking tools<\/a>, exploiting software and hardware vulnerabilities to\u00a0hack devices<\/a>, or engaging in physical surveillance. (The same logic also applies to counterintelligence investigations.)<\/p><\/blockquote>\n

So, rather than 3rd party access to encrypted data, simply make sure the defaults are off and make the criminals figure it out. This will work for the petty, dumb criminals, as Alan points out, but organized crime may figure it out, and sophisticated terrorists will be on the spectrum from “may figure it out” to “will use immune solutions.”<\/p>\n

Given Alan’s discussion, I’m having trouble figuring out if there’s any point to 3rd party access. The math & coding skills necessary for nearly impossible to break communication isn’t confined to the security or commercial worlds. Only if a quantum computing solution is found will the government have a one size fits all potential solution to the problem. So far, I have not seen any reports of an actually capable quantum computer.<\/p>\n","protected":false},"excerpt":{"rendered":"

On Lawfare Alan Rozenshtein\u00a0talks about the encryption debate and just who’s the target – not terrorists: My experience\u2014which accords with what I\u2019ve heard from many seasoned prosecutors\u2014illustrates the critical importance of default settings. It\u2019s been widely\u00a0known for decades\u00a0that only a sliver of users ever change the settings on their devices, \u2026 Continue reading → <\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15332","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/15332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/comments?post=15332"}],"version-history":[{"count":1,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/15332\/revisions"}],"predecessor-version":[{"id":15333,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/15332\/revisions\/15333"}],"wp:attachment":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/media?parent=15332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/categories?post=15332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/tags?post=15332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}