How not to free the Internet

    Good afternoon, dear Khabrovites. I woke up today at fourteen in the morning, I found two articles on the hub: the US government betrayed the Internet. We need to return it to our hands and How specifically to free the Internet . Frankly, their message surprised me to such an extent that I decided to create this post without even finishing my morning tea.

    I feel very uncomfortable having to argue with Bruce Schneier. But there is an opinion that, despite his enormous authority, he is now critically wrong.


    What exactly is offered to us in these two articles? This can be described in three words: "protection of everything somehow." Any data on the Internet should be encrypted, but not so good that the power structures could not crack the cipher with a great desire. I affirm that this is an approach diametrically opposed to the true.

    Let's face it: significant (if not forMost) part of the information passing through the Internet is not private, and most of the private information is not secret. Personally, I can go to the main square of my city and with the feeling to recite 90% of my correspondence over the past week. Another 9% is what I consider personal. I will not share this with everyone, but I am clearly aware that if this data appears in a huge pile of other possible data available to the special services, then nothing terrible, bad or even just unpleasant will happen. Most likely, they simply will not pay attention.

    The remaining percentage is something that may need to be encrypted. If we assume that the figures I have given are true for the average person, then “protecting everything” in practice means a hundredfold increase in the costs associated with information security.

    Now let's move on from “everything” to “somehow”. Bruce Schneier and the author of the second article, chainik , agree on allowing law enforcement agencies to decrypt messages of “villains”. Here, firstly, I’ll take the word “villains” in big, big quotes (I’ll have to do it mentally because I didn’t find where the “increase font” button is in the habr’s). Secondly, I will allow myself to refer to another article on information security: Tools for high treason .

    If your algorithm does not allow the pedophile to irreparably ruin your hard drive and avoid punishment, it will not help people under ideological pressure to store forbidden books. If your messenger application doesn’t allow you to calmly plan a terrorist attack at the World Championship, then it will not help the activist talk about human rights violations. If your card does not allow poachers to catch rhinos without attracting the attention of environmental organizations, it will not be able to be used by national minorities to avoid “purges”. The power of the tool determines the very possibility of these things, and this is a very, very old question about the purpose of which this tool will be used. And the answer, as usual, will be "for those and for others."

    The main direction of the state’s work is homeostasis, maintaining the status quo. And the possibility of targeted decryption in the first place will turn against those who are trying to change the existing order of things. Against people like Snowden and Assange. Simply put - against the "political." There are no resources for the villains (without the quotes).

    The report is over.

    PS Weak encryption “just in case” is, in principle, not a bad idea. But not to the detriment of anything. I want the photos of the cats to be downloaded and sent as quickly as possible, and I do not mind that they are viewed by special services or even Putin himself.

    PPS I expressed my opinion about the leak of “compromising” materials into the network here .

    Also popular now: