1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
* The Moral Character of Cryptographic Work :crypto:society:
An appeal to cryptographers to ponder on the [[https://en.wikipedia.org/wiki/Russell%E2%80%93Einstein_Manifesto][Russell-Einstein
manifesto]], consider the moral implications of their work, take a step
back from "crypto-for-crypto", and focus on "crypto-for-privacy" (or,
to name the threat more explicitly, "anti-surveillance research").
Harps on FBI Director James Comey's "law-enforcement framing":
#+begin_quote
1. Privacy is /personal/ good. It's about your desire to control
personal information about you.
2. Security, on the other hand, is a /collective/ good. It's about
living in a safe and secure world.
3. Privacy and security are inherently in conflict. As you strengthen
one, you weaken the other. We need to find the right /balance/.
4. Modern communications technology has destroyed the former balance.
It's been a boon to privacy, and a blow to security. Encryption is
especially threatening. Our laws just haven't kept up.
5. Because of this, /bad guys/ may win. The bad guys are terrorists,
murderers, child pornographers, drug traffickers, and money
launderers. The technology that we good guys use - the bad guys
use it too, to escape detection.
6. At this point, we run the risk of Going Dark. Warrants will be
issued, but, due to encryption, they'll be meaningless. We're
becoming a country of unopenable closets. Default encryption may
make a good marketing pitch, but it's reckless design. It will
lead us to a very dark place.
#+end_quote
This framing is dismissed as "inconsistent with the history of
intelligence gathering, and with the NSA's own mission statement",
without further explanation.
I wish the author had spent some prose explaining how exactly this
framing is fallacious. There is a footnote providing some references,
but as far as I can tell these references mainly reinforce the point
that the NSA's surveillance methods are a threat to privacy; it is not
obvious how "the NSA overreaches" contradicts "it's harder to catch
bad guys once they get better crypto".
For what it's worth, I found that [[#banning-encryption-to-stop-terrorists-a-worse-than-futile-exercise][Aaron Brantly's article]] does a
better job at showing the shortsightedness of this line of reasoning,
as does this footnote:
#+begin_quote
When crypto is outlawed only outlaws will have crypto.
#+end_quote
* Banning Encryption to Stop Terrorists: A Worse than Futile Exercise :crypto:society:
The debate can be phrased as follows:
#+begin_quote
Is increasing security in one narrow area worth degrading it in every
other?
#+end_quote
Answering "yes" overlooks two things:
1. Weakening officially distributed encryption will not impact
terrorists, who will simply move to new, unregulated platforms.
2. Once they have done that, we end up in a situation where lawful
citizens are stuck with insecure communication channels, and
terrorists are the only ones benefiting from state-of-the-art
confidentiality/integrity/authenticity.
* [[https://arxiv.org/abs/2011.06171][The Usability of Ownership]] :rust:
I'm glad I learned "incompleteness" as a more concise way to express
"the borrow checker not being smart enough to accept code that does
not violate Rust's theoretical ownership rules".
|
