Thursday, December 10, 2015

Crypto Wars, Déja Vu All Over Again

Hal and I were talking recently about how sorry we were that we don't have time to bring out a new edition of Blown to Bits, which was published in 2007. Then last night a student asked me a question about cryptography and I reread Chapter 5, and this morning I read the New York Times report that F.B.I. Chief Says Texas Gunman Used Encryption to Text Overseas Terrorist. Maybe there isn't that much to revise.

September 13, 2001. Fires were still smoldering in the wreckage of the World Trade Center when Judd Gregg of New Hampshire rose to tell the Senate what had to happen. He recalled the warnings issued by the FBI years before the country had been attacked: the FBI’s most serious problem was “the encryption capability of the people who have an intention to hurt America.” “It used to be,” the senator went on, “that we had the capability to break most codes because of our sophistication.” No more. “The technology has outstripped the code breakers,” he warned. (p. 161)

The F.B.I. director, James B. Comey, said Wednesday that investigators could not read more than 100 text messages exchanged by one of the attackers in a shooting this year in Garland, Tex., because they were encrypted, adding fuel to law enforcement agencies’ contention that they need a way to circumvent commercially available encryption technology.Mr. Comey, who two months ago appeared to have lost a battle inside the Obama administration over forcing companies like Apple and Google to give investigators a way to decode messages, told the Senate Judiciary Committee that one of the attackers “exchanged 109 messages with an overseas terrorist” the morning of the shooting. “We have no idea what he said because those messages were encrypted,” Mr. Comey said. “And to this day, I can’t tell you what he said with that terrorist 109 times the morning of that attack. That is a big problem. We have to grapple with it.” 
What was needed, Senator Gregg asserted, was “the cooperation of the community that is building the software, producing the software, and build- ing the equipment that creates the encoding technology”—cooperation, that is, enforced by legislation. 
But Mr. Comey argued in his testimony on Wednesday that the technology companies’ defense of “end-to-end encryption,” in which only specific users of a phone or computer hold the keys, was rooted in business decisions.… But he asked if that model could be changed, and “if that can’t be done voluntarily, what are the other alternatives?” 
Will some major supplier of email services and software, responding to consumers wary of information theft and government surveillance, make encrypted email the default option? (p. 191)
 OK, that part needs to be updated. Now:
For Mr. Comey, whose 10-year term extends well beyond President Obama’s, the recent attacks have provided renewed arguments to pressure technology companies. Cyrus R. Vance, the Manhattan district attorney, and William J. Bratton, New York City’s police commissioner, have faulted the encryption used by Apple, Facebook and Google for thwarting terrorism investigations.
In a very real sense, the dystopian predictions of both sides of that debate are being realized: On the one hand, encryption technol- ogy is readily available around the world, and people can hide the contents of their messages, just as law enforcement feared—there is widespread specu- lation about Al Qaeda’s use of PGP, for example. At the same time, the spread of the Internet has been accompanied by an increase in surveillance, just as the opponents of encryption regulation feared. 
The bottom-line question is this: As encryption becomes as ordinary a tool for personal messages as it already is for commercial transactions, will the benefits to personal privacy, free expression, and human liberty outweigh the costs to law enforcement and national intelligence, whose capacity to eaves- drop and wiretap will be at an end?  
But even if Apple rolled back its technology — which Tim Cook, the company’s chief executive, has emphatically insisted will never happen — it is unclear whether it would make it easier for American law enforcement to track terrorists. 
Of the encrypted mobile apps recommended in the Islamic State tutorial, the top five “safest” encryption schemes recommended by the group were made by companies outside the United States — in places like Switzerland, where a United States court order would not be enforceable. “We have far more to lose by having our information attacked than gained from weakening everyone’s information security,” Mr. Kocher said. He added that rolling back encryption in those products would only drive terrorists to use other products, or create their own.
“You can’t delete encryption software off the Internet or delete all the textbooks telling people how to write it,” Mr. Kocher said. 
Amen to that.

Friday, November 20, 2015

Sunday, November 1, 2015


There has been a series of stories in the past few days about an imperative for college students not to offend while having fun. First there was a news story about colleges warning students against culturally or ethnically demeaning Hallowe'en party costumes: Halloween Costume Correctness on Campus: Feel Free to Be You, but Not Me. Then there was a report on moves to apply high standards to college mascots--specifically, a movement to get rid of "Lord Jeff," the namesake of Amherst College and its home town. At Amherst College, Some Say It's the Mascot's Turn to Embrace Diversity. The original Lord Jeff evidently treated Indians badly. And then Erika Christakis, Associate Master of one of the Yale Colleges, pushed back against an encyclical from a Yale committee to avoid those culturally insensitive costumes.
“Is there no room anymore for a child or young person to be a little bit obnoxious… a little bit inappropriate or provocative or, yes, offensive?” Christakis wrote. “American universities were once a safe space not only for maturation but also for a certain regressive, or even transgressive, experience; increasingly, it seems, they have become places of censure and prohibition.”
That, of course, caused a furious reaction and a petition demanding an apology.  Christakis, allegedly, is party to the marginalization of already marginalized students. The way we respond to defenders of unwelcome speech is … to bully them into shutting up.

Christakis is a brave woman. She was co-Master of one of the Harvard Houses until her husband Nicholas decamped from Harvard to Yale last year. She has written also about the risk of over-reaction to college sexual assault -- another unpopular and unfashionable position.

The thrust of her worry about the costume warning is that colleges are growing-up places, places from which graduates should emerged prepared to deal with the world as it is. In the real world there will be no one to mediate grievances about inconsequential matters. We do students no favor by teaching them to expect that society will protect them from seeing silly costumes, or by training them to be sensitized to slights they might not even have realized were demeaning until someone explained it to them.  We don't have to like the supposedly offensive costumes to realize that we do more harm than good by landing hard on those who wear them to parties.

Discouraged by my reading of the day's newspapers, I turned on the Notre Dame-Temple football game, where I witnessed people in the crowd dressed up as grotesque caricatures of Irishmen. Right there on national TV, in spite of this country's despicable history of "No Irish need apply" and other forms of institutionalized discrimination. And then I turned to a broadcast of our local pro basketball team, and more of those Irish caricatures. Where is the outrage?


The blog has been dark for a long time, and probably won't be very active anytime soon. I am trying to write in a longer form, and in spite of being dean no longer, I seem to be busier than ever. But after the series of stories and the attack on Christakis, I decided I had better say something.