In their never-ending quest to eavesdrop on you, the NSA now wants to mandate that all encrypted communications must allow them access. As Joel Hruska explains in an article in Extreme Tech, there are many reasons why this will not work. The two big ones are that it isn’t possible to guarantee only authorized government agents will use the access, and because we currently have no effective means of oversight and accountability.
Dean Landsman recently posed the question “how does one go about preventing/protecting or just enabling security against such intrusion?” The only answer is to do so in the legislature and in the various international bodies. If the NSA proposals and others of its ilk become law, products like Blackphone and Qredo will become illegal. However, this will not stop criminals from using crypto that the government cannot break and which is readily available. It is true in the most literal sense that when unbreakable crypto is outlawed, only outlaws will have unbreakable crypto.
Considering the triviality of obtaining unbreakable crypto, only law-abiding citizens will use the NSA-accessbile stuff. Combine that with the power imbalance inherent in such a scheme and the inevitable conclusion is this:
Of all possible uses to which such a law can be put, the only ones we can predict with 100% confidence to be implemented are those that abuse the privacy of law-abiding citizens.
The corollary to this is that the higher value a criminal target, the more likely they are to use readily available unbreakable crypto. That means the people the government most wants to catch are those least likely to be vulnerable to eavesdropping if the proposed legislation is enacted. Such a law would be unfit for its stated purpose. It would be broken at birth, defective by design.
There are a few possible technological controls that can be imposed. For example, when using blinded tokens it is possible to design them in such a way that they can be un-blinded but doing so is detectable. It is doubtful any government would agree to using that technology though, since their investigation would revealed immediately upon the unblinding of the token.
However, even if enforceable accountability were implemented as a compromise, the government’s strategy could be to simply unblind everything. Sort of a mass Denial-of-Privacy attack. Or perhaps a Denial-of-Privacy-Enhancement (DOPE) attack if you want the acronym to accurately describe the people who would do such a thing.
This also illustrates one of the primary weapons brought to bear against personal liberty around the world: fatigue. All that is necessary to pass such laws is to keep submitting them to the legislature. The people impacted will object the first time. A few less of them the second time. When it comes down to just the die-hard activists, the legislature can be confident they are one bill away from victory.
Thomas Jefferson once said “The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.” That was before digital communications were invented. Can we perhaps try to refresh the tree of liberty with a call or FAX to our representative before we go off and start killing people?