Vetch December 22, 2015 7:26 AM

The second post seems to state that one may get rid of the issue of allowing exceptional access interfering with forward secrecy by having the government store a copy of the forward secrecy keys. I may be misunderstanding, but doesn’t that pretty much get rid of forward secrecy anyway?

CJD December 22, 2015 7:51 AM

As a related comment, as a conservative-libertarian, I have been watching the R debates quite closely, and in last weeks, I had to turn off the channel not long into it because of the talks of encryption. It made me sick to sit there and listen to these candidates spewing about needing access to all data and into encryption, even Carly Fiorina, who should know better, was in on it.

But what is more frightening is my wifes reaction – she doesn’t understand why I even care, and unfortunately, I think she probably represents the public as a whole more than I do. We need to continue to fight, but I fear that it may not matter.

aikimark December 22, 2015 9:07 AM


I offer my condolences. We are watching the R party fracture and implode from a variety of sources. Now it will begin to eat itself. Unfortunately, both the house and senate are majority red — all of these R party problems affect EVERYONE.

Jason December 22, 2015 9:31 AM

You’re the experts. As such, it’s your job to put yourselves out there and educate the public on the matter. Otherwise, only one side of the story ever gets told, how we need to back-door encryption to catch terrorists. The public will never hear the story of how installing back doors only makes us less secure from cybercriminals and foreign governments.

Posting articles on this blog, publishing papers in security journals, sharing links on hackernews, you’re only reaching a very specific audience. The information shared on these places never reaches politicians and the general public at large.

When I go to a public place and they have FOX news on the TV, all I hear is “terrorism” and “9/11” over and over again. As I drive along the highway, I see innumerable billboards for and against abortion. If you really want to sway public opinion on issues that matter to you, these are the places to do it.

"Fair and Balanced" TM December 22, 2015 11:17 AM

Never lose sight of the fact that authorities mindlessly repeat baseless propaganda linking terrorist plots with unbreakable encryption, when this has never been demonstrated in ONE SINGLE CASE:

“Clinton continued to say that “law enforcement is blind — blind before, blind during, and unfortunately, in many instances, blind after” a crime because of encryption.

Yet the government has never presented a clear case where encryption has crippled a critical terrorism investigation, and law enforcement has other investigative tools in its arsenal — like traditional informants and tips, for example. Even when encryption is present, there is evidence that the FBI and other government agencies can hack into suspects’ computers and phones — bypassing encryption entirely.”

This attack on crypto is really about social control, identifying free thinkers (the new enemies of the state), enforcing compliance with the new oligarchic norms, police fishing expeditions, and annihilating enemies who pose any threat to the status quo.

Terrorists have commonly used social media, SMS, standard phone calls, spouted threats on social media etc, yet were missed by the authorities in the high profile cases of Paris and elsewhere – highlighting the total incompetence of the Stasi brigade and their expensive and shiny new cyber-toys.

If co-conspirators took a long walk, deep in the woods, without a single electronic device near / on their person (old school style), the Police-surveillance state has almost zero chance of knowing their plans, short of old-fashioned intel-gathering and tip-offs from family / friends.

Therefore, this is where they should focus their efforts if they truly want to address the (miniscule) threat of a terrorist attack, instead of further undermining the principles of democracy and law with the Panopticon in waiting.

Bob December 22, 2015 11:32 AM

Give me a copy and paste paragraph (short and concise and not “attack” sounding) and we will post it everywhere possible, Hell I will post it to Facebook on a daily basis if needed.

A website link to go along with it would also be a good idea.

Anyone already doing this?

OtherBob December 22, 2015 1:02 PM

That second paper lists a bunch of ways that government access would break encryption and then insists that it’s not actually breaking encryption. Does this guy actually read what he writes?

rgaff December 22, 2015 4:35 PM


No, he’s not saying backdoors don’t break encryption… he’s saying that as bad as those arguments are, they are far weaker than the moral and social and political reasons why that’s a bad idea…

Unless you mean that morally/socially/politically it would be fine, just there’s a technicality why we can’t? That just invites some bright guy to (eventually) solve a technical problem…

cmurf December 22, 2015 5:49 PM

How does this stuff work with iOS and Android in China? Presumably there is no PFS, and the product is using a Chinese government public key on all devices? So if it’s OK to roll over for China, why not the U.K.? And then if the U.K. why not to the U.S.?

No Such Agency December 22, 2015 7:44 PM

@cmurf: I have often pondered that question, too. I can only assume that these companies are building “Chinese Edition” models, in order to be able to sell their products.

They are businesses first, and who is going to let morals get in the way of allowing ~30% of the population of the planet to access products?

This is worth a read:

Surveillance comes to UK Schools:

trsm.mckay December 22, 2015 8:59 PM

My comments on Jaap-Henk Hoepman (second link). I may be doing Jaap-Henk a disservice, but it seems to me like he does not have much real world implementation experience; and hence dismisses the technical arguments too quickly.

Despite some interesting theoretical approaches to overcoming problems, I think you are dismissing the technical arguments too quickly. How much experience do you have with implementation, provisioning, deployment, securely managing remote software components and hardware devices, or of designing and operating compromise recovery processes?

Can you provide any example of a system with similar levels of complexity that has withstood the test of time? One that has components from multiple vendors, independently designed and implemented? The only systems I know of that come even close, are dedicated-purpose systems with a strong central authority that controls the top of the cryptographic key hierarchy; and precisely dictates the crypto protocols and design/implementation (like AACS for BlueRay, or EMV chip cards).

And even these well established centralized systems are hardly perfect, so you also need some method of recovering from attacks. How are you going to update every bit of crypto out there for a population unwilling to help. When the inevitable HW bug that can’t be fixed remotely shows up, there will be a pool of devices that are no longer controlled (unless the combined governments can either disable all such devices despite the successful attacks against them, or use some other mechanism to force an upgrade). So unless these real world issues are addressed; I still find the technical arguments to be pretty convincing.

Product assurance is another major problem (part technical, part political) that should be considered. Assuming all the Western governments agreed upon the design of the protocol, and the management of the exceptional access keys (this in itself would be no small accomplishment); how would they ensure ALL products containing crypto correctly implemented the mandated system? It would take something like a hyper Common Criteria evaluation at EAL 5+ (with through code and hardware inspections) for every product that contains crypto. Our current process, with much lower rigor, takes over a year for certification and typically costs at least US $ 150,000. And that does not even address how creators of the products would test them (by the nature of developing complex crypto, your product has to have some methods of bypassing parts of the crypto during development; but once those flags are built-in, you would have to ensure that bypassed version of the SW would never get out). So that means the development process itself would have to be strictly controlled. I have worked on some crypto products that high enough security goals that we put up with this type of mess (but it was costly and greatly increased our development time); for most people and companies it would be a costly ongoing nightmare that would result in crypto being yanked out of products leaving everyone less secure.

And the usual kicker, it won’t help at all with terrorists who are willing to break the rules.

Wael December 22, 2015 10:05 PM

I read the first link. For some reason I just couldn’t finish the second link. A few sentences into the text and I just left… Here are some comments…

It’s this that makes online banking and commerce possible, and it’s this that allowed the Internet to become an unprecedented driver of economic and social progress.

Perhaps it’s the Internet that’s under attack, not just the keys — Delenda est Carthago[1]

implementation errors and resulting security vulnerabilities are much more likely in complex systems. Adding exceptional access for law-enforcement is an addition of complexity par excellence.

Right on!

These risks are not theoretical: we know of no case where such an addition of exceptional access capabilities has not resulted in weakened security.


Put another way–however much it might appear like exceptional access is a silver bullet, it is not. Instead such a path would weaken our collective security.

That’s the goal. I’ll add this as well. Isn’t that also a vector of tampering with evidence? If they can read encrypted data, they might as well create and write it! Who’s word will they believe? And conversely, why can’t a person under investigation say: hey, this isn’t my file! You guys put it there, you have exceptional remote access to my device. In fact, you impersonated me in this communication clip as well and set me up. Basically in addition to eroding “Privacy”, non-repudiation is also weakened. So even if the back (or front) door is technically feasible, other complexities need to be considered…

I only read the first four pages of Keys under doormats: mandating insecurity by requiring government access to all data and communications. I thought I would have finished the 11 pages in a shorter time, but… I didn’t.

[1] I have a familiar sensation that some Latin git will say something about this. @Dirk Praet, I remembered this expression from a chess book I read many years ago. It referred to a principle known as “removal of the defender”. The Internet has expressions like “Delenda Carthago est”, and other permutations. If I got it wrong, you have the explanation here… ducking under the chair before you throw something at me 😉 Now I know how you feel when you talk about “pigs” (knowing I’ll pounce on yo’ a$$)… I gotta be careful when I use some Latin words. Lol…

Clive Robinson December 22, 2015 11:44 PM

@ Wael,

I have a familiar sensation that some Latin git will say something about this.

So do I…

The problem with words is they can be part of a “living language” or a dead or dying language.

In a living language word meanings evolve with the society they are spoken in, in a dead language their meaning was fossilized, to later be reinterpreted by eyes that know not what the society was, just it’s artifacts. Thus as the artifacts provide insight into one aspect of a dead society, writings that jibe with the current view of that long dead society change the future view of that society.

It’s the ‘nearly dead’ languages that cause most problems. This is because as with latin and greek they are used as a “class differentiator” which George Orwell wrote about in his book “1984”. The words are reused in new ways to define new meanings and thus provide a barrier to understanding to outsiders, to maintain either privilege or control.

But even every day language moves as society does. Take the word “manufacture” the meaning in your head from the use in your current society, is likely to disagree with that in a dictionary, where the definition is essentialy “made by hand”…

There is a line in “Alice in Wonderland” about this problem,

    “When I use a word,” Humpty Dumpty said in rather a scornful tone, “it means just what I choose it to mean — neither more nor less.” “The question is,” said Alice, “whether you can make words mean so many different things.”

Wael December 23, 2015 12:37 AM

@Clive Robinson,

The problem with words…

You’re talking to someone who’s idea of spending fun time was to read a thesaurus. Speaking of that, what’s another word for a “thesaurus”[1]? And is there such a thing as a “thesaurus attack”? You know, something analogous to a dictionary attack ? 🙂

This is because as with latin and greek they are used as a “class differentiator”

That was true since the Middle Ages. Scholars and philosophers used Latin to obscure the details of the subject from laymen. These days we do the same thing. We inject French or Latin words in English (to show sophistication)… Déjà vu, C’est la vie, et cetera (double usage here)… I do that sometimes

But even every day language moves as society does

Also different use of a shared language, Mr(s) Eddie Izard talks about it a bit. I like the “Herb” explanation.

whether you can make words mean so many different thing

I can agree to that. Long time ago, when I studied poetry (hopefully it shows, doesn’t it?) in school the teacher would say: look at this line of poetry! The poet meant this and that. All of a sudden that line of poetry became three or four pages of eloquent meanings and hidden messages,… I always thought: holly sh*t! The poet really meant all of this? But such poets were long dead, so we couldn’t ask them. I suspect if they were alive they’d be shocked what people can extract out of the few words they wrote.

[1] None other than Steven Wright

Dirk Praet December 23, 2015 5:58 AM

@ Clive, @ Wael

I have a familiar sensation that some Latin git will say something about this.

“Delenda est Carthago” not only is gramatically correct, it’s also used in the right context. As in elaborate speech on topic ‘X’, concluded with “and for the rest I still maintain we need golden keys to defeat encryption”.

Speaking of that, what’s another word for a “thesaurus”[1]? And is there such a thing as a “thesaurus attack”? You know, something analogous to a dictionary attack ? 🙂

Thesaurus is the Latin word for “treasure”. Someone just slipped in an ‘r’. Looking at a dictionary as a “treasure of words”, I guess there would be nothing wrong in considering “thesaurus attack” a perfectly valid synonym for “dictionary attack”. It just sounds more high-brow.

Wm December 23, 2015 6:50 AM

The backdoor argument is really not an argument at all. There are already many secure encryption programs out. I think with this is about is going to the next level of making it unlawful for anyone to use encryption that is not backdoored and government approved. Of course, terrorist and criminals will not comply.

Clive Robinson December 23, 2015 11:26 AM

@ Wael, Dirk Praet,

And is there such a thing as a “thesaurus attack”? You know, something analogous to a dictionary attack ?

Strangely enough yes there has been as part of other cryptoanalytic work.

As you maybe know one of the earlier forms of transmitting messages was by flags, for which a “code” was needed. Whilst the likes of semaphore could spell out words letter by letter this was not considered “efficient”, thus words were translated into shorter forms or codes. Printed “Comercial Codes” were available in the 1800’s with the development of the telegraph to keep down costs, some were of fixed length, others importantly made the same observation that Samual Morse had and used short codes for common words and longer codes for less common words. This caused various problems and eventually a fixed length standard was agreed, and it’s why we have “five letter groupings” known as words and typing / Sending given in “words per minute”.

Well at some point long before five letter groupings were agreed somebody realised if you “randomly numbered” your word list you could send secret messages. In essence a simple subsititution cipher not on charecters but words. But humans are both lazy and very bad at random thus many codes could be broken with a little thought.

But an inherent problem with code books was found, which was how did you code up words not in the code book… Well you tried to find one of similar meaning or you spelled it out using a cipher, that was often a simple substitution.

The way such code books are broken is to find the number to word correspondence often by repeated trial and error with many messages. This is augmented by feeding in known plaintext with “word markers” that would be unlikely to be in the code book, thus forcing an odd word substitution or a cipher spelling. Either could “fix a message” and probable word to number relations thus found for the rest of the words.

A thesaurus would be used as a tool to attack word substitution. Somewhere I have a book describing some of the methods used in the early part of the 20th Century with Diplomatic codes. Surprisingly even at that late stage of the game the need for “super encipherment” was not considered necessary by many, and it was only after Churchill’s book about WWI that gave away a number of secrets of the Admiralty decoding “room 40” that let the cat out of the bag that other nations changed their point of view.

Marcos El Malo December 23, 2015 12:30 PM

You’re talking to someone who’s idea of spending fun time was to read a thesaurus. Speaking of that, what’s another word for a “thesaurus”[1]? And is there such a thing as a “thesaurus attack”? You know, something analogous to a dictionary attack ? 🙂

Sometimes I wish there was an upvote button.

When I was high school age, I kept a thesaurus next to the toilet. It was a Roget’s, with the old style conceptual organization. Probably helped boost my verbal test scores.

whiff December 23, 2015 12:37 PM

This topic really brought the Ayn Rand cultists out the woodwork.

“So you too proudly subscribe to statist superstition — that the only thing holding our society together and keeping it safe… are the noble & selfless government regulators (politicians & bureaucrats) — those horrible greedy businessmen & private citizens would generate chaos & death if left alone.”

Right, instead we’re going to trust fine upstanding corporations, like Juniper!

Incidental high comedy in that article as the author ties himself in knots to avoid saying the obvious: Juniper sold you out to NSA. All it needs is the mandatory JFK-assassination last line, ‘…we’ll never know.”

Look, when you hit bottom in Galt’s Gulch and you’re ready to to deprogram yourself, the sure-fire way to do it is think of a pitted-out Ayn Rand boofing Alan Greenspan. When your PTSD subsides in 20 years, you’ll be cured.

Wael December 23, 2015 1:58 PM

@Marcos El Malo,

Sometimes I wish there was an upvote button.

One of these days, Marcos! One of these days[1]. Have faith that the Moderator will hear your prayer some day…

[1] In a year or so!

tyr December 23, 2015 6:49 PM

Delenda est Carthago

The current version of this is “Assad must go”. If
something is repeated enough in high places it begins
to sound reasonable. Poor blinded law enforcement
can’t shoot anyone they like with impunity from the
dreaded demonstrators if they can’t listen in on the
plans of the demonstrators beforehand.

Fortunately we aren’t the Romans. They would pave
Syria with radioactive glass while the wind was in
the direction of Saudi Arabia. Maybe we have become
slightly more civilized as a polity even though the
average seems to be just as dim with an Iphone.

I have not seen any evidence that government can’t
get cooperation from a telecomm or other business
if they use the proper legal channels. The whining
about not being able to bypass legal constraints
and grab it without such fripperies as civil liberties
is ridiculously false and hollow.

Wael December 24, 2015 1:38 AM

@ Clive Robinson,

Strangely enough yes there has been as part of other cryptoanalytic work

Amazing, I didn’t know that. I was thinking more in terms of a HASH collision table as opposed to a rainbow table (an instance of a dictionary attack.)

Somewhere I have a book describing some of the methods used in the early part of the 20th Century with Diplomatic codes.

Yes! It’s this Between Silk and Cyanid… book, right? Still haven’t finished it. The author’s style is most boring. By the way, have you read the first book — The Florentine Deception?

Wael December 24, 2015 2:21 AM

@Dirk Praet, @Clive Robinson,

not only is gramatically correct, it’s also used in the right context.

Now that’s the kind of pleasant feedback I like to hear. A lot better than the other depressing, blood pressure elevating kind.

Curious December 25, 2015 11:13 AM

Whenever someone makes a point about how government access isn’t that bad so to speak, I can’t but help thinking that, given the untrustworthiness of say US gov, making a case in a crypto debate for wanting to include government access seem not only silly, but something entirely false in a way, because the most important aspect of debating for an inclusion of government access into crypto solution/communications/data, seem to be strengthening any government’s position for being able to perform any kinds of abuse or even questionable practices.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.