Data security and the FBI’s attempts to screw it up

I can’t believe we’re even having this discussion in the USA.

This recent article in National Journal reports on a recent discussion hosted by Christian Science Monitor with Amy Hess, the executive assistant director of the FBI’s science and technology branch. The crux of this discussion was that encryption with “back doors” in it is an acceptable tradeoff for law enforcement.

The problem with Ms. Hess’s (and I would assume also the FBI’s) view is that when it comes down to it, computers are stupid. Example: when I type in my login ID “skquinn” and my password into a computer I have an account on, the computer gives me access based on that password. It’s going to give anyone access who has that password matching up with that login ID, it doesn’t matter whether it’s really me, my mom, a friend of mine, or some bozo that just stole my computer (for all values of “stole” whether it’s basic theft, burglary, or a cop with a warrant). There are ways around that password check, though, and this is why I keep my home directories encrypted (in my case, with eCryptfs).

Ms. Hess’s proposal would ask encryption software developers (such as the developers of eCryptfs) to include alternate ways of accessing the keys to decode my home directory, assumably for law enforcement use pursuant to a valid search warrant. The problem with that is that, again, computers are stupid, and the computer won’t be able to tell if it’s legitimate or not. The key can still be used to compromise my privacy; it’s bad enough if it’s a legitimate law enforcement use, but let’s say it’s some rogue cops who would like to see this blog disappear off the face of the Internet for good?

Real data security, whether the government likes it or not, means it is secure against even law enforcement access without the consent of the owner. Perhaps it could be said, especially against law enforcement access. While I would like to think the government acts in our best interests, there are quite a few instances from around the world past and present where this has not been the case. Present-day China, Nazi-era Germany, and recent governments in the Middle East (Iran, Iraq, Afghanistan) all come to mind. I’m certain that if computing technology like this had existed in the 1940s, Adolf Hitler would have loved to have backdoors like that for surveillance purposes.

It’s not our problem if the FBI or any other law enforcement agency can’t spy on us. I concur with the quote of John Basil Barnhill (mis-attributed to Thomas Jefferson): “When government fears the people, there is liberty. When the people fear the government, there is tyranny.”

I don’t want tyranny. And last I checked, that’s not the Statue of Tyranny standing in New York Harbor, either.