YetanotherHackerNewsdigest.com
HN Theater | HN Academy | HN Books

HN Theater @HNTheaterMonth

The best talks and videos of Hacker News.
Rankings: this week · month (apr/may) · year (2024) · all time
digests · search

Hacker News Comments on
USENIX Enigma 2016 - Keys Under Doormats: Mandating Insecurity...

USENIX Enigma Conference · Youtube · 53 HN points · 0 HN comments
HN Theater has aggregated all Hacker News stories and comments that mention USENIX Enigma Conference's video "USENIX Enigma 2016 - Keys Under Doormats: Mandating Insecurity...".
Youtube Summary
Ronald Rivest, Massachusetts Institute of Technology

Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels “going dark,” these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates.

We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

Sign up to find out more about Enigma conferences:
https://www.usenix.org/conference/enigma2016#signup

Watch all Enigma 2016 videos at:
http://enigma.usenix.org/youtube
HN Theater Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this video.
Mar 30, 2016 · 53 points, 4 comments · submitted by mzl
Intermernet
This talk is (as expected) a very level headed summary of why exceptional access in encryption is a very bad idea.

The only point I think it's worth adding to those in the talk (which may be covered in the original paper) is one of temporal trust. That is, even if you manage to convince yourself that there could be a way to safely solve the technical problems of setting up exceptional access in the current world, and you decide that all LE agencies that get access are currently trustworthy, and you believe that other issues such as LE agency corruption and spying are currently minimal to non-existent, There is no way to ensure that this "ideal" (and somewhat naive) world will continue into the future.

I think any person or government that tries to argue that exceptional access is a good idea either hasn't considered historical precedent, hasn't thought the situation through to it's logical conclusion, or is being deliberately disingenuous.

diskcat
b-but terrorists and pedophiles
a_imho
lovejoy's game: when you invoke lovejoy's law, you lost the argument
pdkl95
A warning: beware legislation (or non-legislative regulation or order) that attempts to accommodate the problems inherent in exceptional access. Tech-focused people often use strict logic-based categories when considering if something is good/bad/useful/whatever. "Exceptional access" would create serious problems in many areas, so the entire concept should be abandoned. While this is true, legislators often add exceptions to legislation.

For example, it would be a lot harder to argue that there is a national security risk in legislation that only mandated exceptional access to the crypto used in consumer-level phones. Law enforcement, business, etc gets real crypto with the excuse "why would a business owner be a terrorist?" or similar nonsense.

> deliberately disingenuous

At a minimum, this has to be the case for the people that were arguing against encryption since the first crypto war.

HN Theater is an independent project and is not operated by Y Combinator or any of the video hosting platforms linked to on this site.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.