18 thoughts on “My RedState post on Tom Cotton vs. Apple CEO Tim Cook is up.”

  1. I gotta go with Tim on this one. Especially with Hillary knocking at the door (not that she’ll gain entry, but still good to cover the bases).

  2. You can either have pretty much broken encryption or fairly secure encryption. There’s no magic “good guys only” encryption, now or ever. Tom Cotton is demanding magic beans. To the extent that Tim Cook sticks to his guns, he’s simply refusing to supply something that’s mathematically impossible. And yes, I DO know what I’m talking about. This ain’t rocket science. (Obligatory SpaceX reference here.)
    .
    As far as “terrorists use encryption sometimes, therefore we should ban it”, heck, terrorists use soap sometimes too. Your point?

    1. So, let’s go back to treating it like a munition .. require some level of certification to use, similar to a FOIA.
      .
      Mew

      1. No. Just no. Encryption is math, and mathematical papers describing very, very , very, very hard to break encryption have been out for decades. Perfectly unbreakable encryption has been known for even longer, but it isn’t as convenient. What are we going to do, treat XOR as a munition?

        Cook is right on this subject, and Cotton is wrong. So say all the cryptographers. And we’ve had this conversation before, just google “Clipper chip.”

        1. Amen. Not only is the math absolutely clear, but since when does the First Amendment come with a “but if the government can’t read what you’re writing (or understand what you’re saying) you’re going to need a license for that” exception?
          .
          FOIAs are bad enough (and, of course, a foreign concept to those of us lucky enough to live where we don’t get the scarlet “G” for “gun owner”).

          1. If you’ll stop arguing with a straw cat of your own creation, I’ll stop thinking you’ve a weak mind.
            .
            I *never* said the government *should* be able to read your stuff .. I *did* suggest that Cotton has a point – *perhaps* selling Apple products with strong crypto to unfriendly persons is a bad idea?
            .
            Mew

          2. Eh, the crypto horse has long left the barn, cat… If Apple either decides not to provide usable crypto or is forbidden to do so, other developers will provide it – I’m certain that ISIS has hackers on staff.
            .
            And as far as export rules go, it’s hard to see where a product built in China, and direct-shipped everywhere around the world, would be impacted by US export rules in the slightest.

          3. Funny thing about crypto, Skip .. what used to take a room full of gear to crack “in a usable time” now takes a couple pizza-box sized machines in someone’s garage.
            .
            Unless Moore’s Law goes away, it’s *unlikely* we’ve seen the end of the horse, in other words – today’s “good” crypto is tomorrow’s ROT-13 ..
            .
            Mew

          4. Not really, cat. Sure, the 56 bit government standard DES is easily broken with a home PC these days, but RSA? Cracking RSA boils down to factoring a very large number. There was a group that cracked exactly one 768 bit key back in 2009 or so, as I recall it took about 1500 CPU years then of a reasonable desktop, though they estimated they could have done it in about half that with some optimizations. We’ve gone through 3-4 Moore’s Law iterations since then, so, say it’s down to ~100 CPU years. But hey, that’s well within NSA’s capability to crack, though not someone’s garage. Someone’s garage is about 15 Moore’s Law iterations away from being feasible, barring new math or new physics.
            .
            RSA-1024 is about a thousand times harder. RSA-2048? Mind-bogglingly harder.
            RSA-10240? We’re talking ‘heat death of the universe’ difficult.
            .
            Now, quantum computers may, just may provide a faster way of doing them, but as I said, that requires new math and new physics.
            .
            BTW, the 56 bit DES? It’s still government-approved through 2030, even though it’s been practically cracked since 1998. That’s one of many reasons I want the government to stay the Hell away from encryption regulations.

          5. Ummm.. you *do* realize Moore’s Law iterates yearly, yes?
            .
            So .. it’s 2015 .. by 2030, RSA-1024 will be crackable, by your own statement.
            .
            RSA-4096 or larger is one possible direction, my bet is on a different mathematical solution.
            .
            Oh, and I’ll just point out that a one-time pad that’s actually *used* just one time can both be communicated in the clear – if the nature of the pad is agreed upon up front – and is pretty much not hackable by anyone who doesn’t have the pad.
            .
            For example, if someone I wish to engage in crypto with knows we’re going to use ‘kindle editions of books’ as our one-time pad, I can just say “Hey person, did you see that title Moe Lane was recommending back on Oct. 31st?” .. and we’ve immediately got ourselves a hard lock.
            .
            Mew

          6. Bingo.
            But it’s even easier than that. Most Muslim terrorists will be communicating in Arabic or Farsi to begin with, That’s pretty tough for a computer to crack. The small grammatical discrepancies that would indicate an encrypted message is contained within would require fluent HumanInt to pick up on (not to mention that literacy is even worse among Muslims than among millennials). Contained within a horrible signal:noise ratio of public postings on the internet.
            .
            You’re not looking for a needle in a haystack, you’re looking for a specific piece of hay in a haystack, when you’ve only heard a vague description of the piece of hay in question.
            .
            I love tech as much as the next nerd, but tech can’t fix this.
            (Well, unless that new NSA center contains an AI named SkyNet, in which case, we have other problems.)

          7. Moore’s law on planar silicon is just about done, FWIW. Nobody even has good ideas for producing anything at less than 7nm in volume right now, and 7nm is two die shrinks from where Intel is **now** (current Intel desktop and laptop CPUs and some current server CPUs are fabbed at 14nm; next die shrink — which has been delayed by at least a year — is to 10nm).

  3. Tim Cook is pond scum.
    But on this subject he’s right.
    .
    Tom Cotton is an honorable man.
    But on this subject, he’s emotional, irrational, and outright destructive.
    .
    FFS, we want them to use encryption.
    It’s based on an algorithm developed by the NSA, the same agency has the brute force computing power to break the encryption if they want to (that’s if you don’t believe they stacked the deck when they developed the algorithm, which we know they did).
    Just as importantly, encryption is a easy marker to sift for. Sorting signal from noise would be the hardest part of an investigation, in which case, the who is much more important than the what, and they were nice enough to flag this for us.
    There are no shortage of low-tech ways to pass information that are much more secure and leave little in the way of footprints. (And many of them can be done in an online environment.)

  4. Moe, I’m glad to see that your readers are pretty much united in their position on this (though calling Tim Cook pond scum is a tad far, but I’ll take the end result). While I don’t have the technical expertise to weigh in on the matter, I do have the professional expertise to, and trust me when I say that Apple’s position (and its not just Tim Cook that is dictating this) is pretty rock solid on this. Here’s how I explain it to people:

    Apple wants to charge you a lot of money for their products and services, so they want to keep your information as secure as possible. Its really that simple.

    1. One would imagine the Microsoft/Intel Complex has a similar goal .. they charge less, but not *that much* less .. and yet, that side seems to have so many holes …
      .
      Mew

      1. Eh, MS is largely in the “good enough” category. Our secure information is more vulnerable at the vendors that collect it than distributed over millions of addresses with wildly varying amounts of security. (At least, so long as we take basic precautions.)
        .
        If we wanted to be paranoid, we’d use Linux and maintain an air gap.

        1. Given that hackers have moved on to credit card readers – the Great Target Hack of 2013 – I am inclined to agree…
          .
          Information Security works roughly like any other kind .. if you don’t want your car broken into, don’t park in bad neighborhoods with your new iPhone on the dashboard .. if you don’t want your house broken into, have security as good as or slightly better than your neighbors .. if you don’t want to lose your data, use horse staple batteries for passwords, and change ’em when you change the smoke detector batteries.
          .
          Mew
          .
          .
          .
          .
          https://xkcd.com/936/

Comments are closed.