[liberationtech] What would you reply to this?

Tim McNamara paperless at timmcnamara.co.nz
Mon Jun 15 01:04:33 CEST 2020 

If you're a nation state, you often don't need to break the encryption. If
you can store the device/data until you can hold someone in custody, you'll
be able to "apply pressure" for the key to be provided.

Even without an arrest, patience is usually all that's required. People's
operational security is generally terrible.

On Mon, 15 Jun 2020 at 10:59, Klein, Hans K <hans at gatech.edu> wrote:

> The claim, "[US, China, etc.] can crack any encryption" needs to be
> unpacked.
>
>
>
> The ability to do something *in fact* differs from the ability to do
> something *in practice*.
>
>
>
> If you can crack any encryption, but it is costly to do so, then in
> practice you may not be able to crack the encryption. Even though you can
> do it, you may not have the budget to do so.  Thus if all users are using
> encryption, then the cost of cracking everyone's encryption may be
> prohibitive.
>
>
>
> Of course, the surveilling party will presumably optimize their efforts
> based on budgetary constraints.  If it is too costly to crack e2e, they
> might invest in cracking the device, they might invest in physical
> interrogation of the communicating person, they might invest in less-costly
> cracking technology, they might use heuristics to focus on just a subset of
> e2e, etc., etc.
>
>
>
> They go where the costs are lowest.
>
>
>
> By thinking in terms of costs, it is easier to recognize the equivalence
> of encryption technology and blunt objects <https://xkcd.com/538/>.
>
>
>
> - Hans
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: LT [mailto:lt-bounces at lists.liberationtech.org] On Behalf Of Bill
> Woodcock
> Sent: Sunday, June 14, 2020 5:29 PM
> To: Ali-Reza Anghaie <ali at packetknife.com>; Yosem Companys <
> yosem at techlantis.com>; lt at lists.liberationtech.org
> Subject: Re: [liberationtech] What would you reply to this?
>
>
>
> >> On Sun, Jun 14, 2020 at 2:38 PM Yosem Companys <yosem at techlantis.com>
> wrote:
>
> >> Alex Nicholson  10:43 AM
>
> >> Curious what others think about this... this past week @Jason Calacanis
> (launch.co) talked about the need for all-user end-to-end encryption on
> services like Zoom in China, and basically anyone operating in or through
> China, because of the Chinese govt’s likelihood of intercepting and/or
> interfering with communications as it likes. However, I would argue that
> the conversation is severely under-estimating the sophistication of the
> Chinese govt. The US’s NSA can crack any encryption in the world and listen
> to any communications it wants. Why would we think China’s version of the
> NSA is any less sophisticated? Commercial encryption prevents interception
> by hackers and criminals, low-level operations without the budgets or
> resources of state actors. The intelligence services of major world powers
> have the skills and tools to crack any company’s best attempt at
> encryption. So what does it matter if a service like Zoom or anything
> touching China is encrypted or not? If it touches Chinese soil, fibers, or
> airspace, it can be read by their govt. If it’s encrypted, it prob won’t be
> read by criminals and civilian hackers only. Thoughts?
>
>
>
> > On Jun 14, 2020, at 8:46 PM, Ali-Reza Anghaie <ali at packetknife.com>
> wrote:
>
> > I think people still don't understand what risk surfaces are actually
> worth attacking - and they latch onto encryption without any of the other
> OPSEC considerations, side-channel attacks on the information and groups
> being protected, etc.
>
> > This XKCD still applies:  https://xkcd.com/538/ The problem is the
>
> > companies and politics still should _strive_ for the best in each
> applicable area but people are deluding themselves when they consider a
> Nation State threat model as their baseline.
>
>
>
> Yeah, I mostly agree with that.
>
>
>
> On the one hand, there is no uncrackable encryption… the passage of time,
> Moore’s law, quantum computing, it’ll all get decrypted, it’s just a
> question of when.  Symmetric encryption works as long as the keys are used
> 1:1, get destroyed after use, and are communicated securely in the first
> place. Quantum communication of symmetric keys seems promising.
>
>
>
> But there are so many other, easier attacks, in the short run, that
> getting idiots to focus on key-length and ignore all the real attacks just
> makes governments’ work easier.
>
>
>
>                                -Bill
>
>
> --
> Liberationtech is public & archives are searchable from any major
> commercial search engine. Violations of list guidelines will get you
> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> change to digest mode, or change password by emailing
> lt-owner at lists.liberationtech.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200615/d90ae62a/attachment.html>

More information about the LT mailing list