Tag Archives: DEFCON

Schneier, Bruce - Backdoors will not stop ISIS, but maybe outlawing general purpose computers will - DEFCON 23 20150807

Take away from Bruce Schneier - Q & A - DEFCON 23 20150807 - Backdoors will not stop ISIS, but maybe outlawing general purpose computers will

Questioner: I wanted to see your opinion on the backdoor that Obama wants.

Schneier: Which one does he want ... You know so, so I'm not sure Obama personally has an opinion here! [Laughter] ...

I'm not sure Obama personally has an opinion here - it's interesting. This is ... this is the same backdoor that the FBI has been wanting since the mid-90s. In the mid-90s we called it "The Crypto War" - now we call that "The First Crypto War" - so Number Three - I'm done - it is you guys! I only do two Crypto Wars per lifetime. It's interesting ...

FBI Director Comey gave a really interesting talk - a Q & A at the Aspen Security Forum. Actually, I recommend listening to these talks. This is a very high level - mostly government - discussions about security, cyber security, national security - really interesting stuff. He was interviewed by, I think, by Wolf Blitzer, who actually asked a great question - saying, what did he say, "This is kind of personal, but why don't you like the term 'lone-wolf terrorist'?" That was kind of funny.

He was talking about the "going dark" problem and the need for a backdoor, and this is the scenario he is worried about. And he's very explicit. It is an ISIS scenario. ISIS is a new kind of adversary, in the government's eyes, because of the way it uses social media. Unlike Al Queda, which was like your normal terrorist organization, that would recruit terrorists to go to Afghanistan, get trained, and come back, ISIS does it with Twitter. And this freaks the government out.

So, this story - and they swear up and down this happens - is that ISIS is really good at social media, at Twitter and YouTube and various other websites. They get people to talk to them, who are in the US - like you guys, except, you know, a little less socially-adept, and maybe kind of a little crazier, and a little, you know. But they find these marginal people, and they talk to them, and the FBI can monitor this. And "Go FBI! Rah-rah!" But then, they say "Go use this secure App." And then this radicalized American does, they talk more securely, and the FBI can't listen. And then this ... and then dot-dot-dot-explosion. [Laughter] So this is the scenario that the FBI is worried about - very explicitly. And they've used this story again and again. And they say "This is real. This is happening." OK? Now, ...

It's sort of interesting. If this is true, I mean, let's take it as read that it's true. The other phrase that they use, it's actually a new phrase, that I recommend, they talk about the time between "flash" to "bang". "Flash" is when they find the guy, "bang" is when the explosion happens. And that time is decreasing. So the FBI has to be able to monitor. So they are pissed off that things like iMessage and other Apps cannot be monitored, even if they get a warrant. And this really bugs them! "I have a warrant, dammit! Why can't I listen? I can get the metadata. I can't listen."

So, if you think about that as a scenario - and assume that it's true - it is not a scenario that any kind of mandatory backdoor solves. Because the problem isn't that the main security Apps are encrypted. The problem is, there exists one security App that is encrypted. Because the ISIS handler can say "Go download Signal. Go download Mujaheddin Secrets. Go download this random file encryption App I've just uploaded on GitHub ten minutes ago."

So the problem is not what he thinks it is. The problem is, general purpose computers. The problem is, an international market in software.

So, I think the backdoor is a really bad idea for a whole bunch of reasons. I've written papers about this. But what I've come to realize in the past few weeks is - it's not going to solve the problem the FBI claims it has. And I think we need to start talking about that, because otherwise we're going to get some really bad policy.