Backdoors won’t work. Just ask the TSA. (Or the NSC)


Very nice openDemocracy piece by my colleague Julian Huppert on why putting backdoors in encryption systems is a very bad idea:

This was demonstrated recently with a security disaster involving the US Transport Security Administration. They want to be able to search through people’s luggage, if they think there is contraband inside. But sometimes people quite reasonably want to lock their luggage, so that people cannot just take things from it. So a system was created with TSA approved locks, so that TSA officials can unlock them using a master key. In theory, no one else can, so your luggage is safe.

You might ask: what if someone got hold of these master keys? But the TSA had an even bigger disaster to come. In a piece in the Washington Post praising their work, someone foolishly posed with a set of master keys. The photo was of a high enough resolution that people can now 3D print copies, and use them to open any TSA approved lock. The backdoor is wide open, and security breached.

This fate can happen to any backdoor system, and probably will. That is why the US National Security Council has been quite clear in their draft options paper.

The relevant excerpt from the NSC ‘Options’ paper reads: “the Administration will not seek legislation that compels providers to design their products to enable government access to encrypted information”.

Two things are interesting about this. The first is how useful it is to have a mundane, everyday illustration of an important idea. We have been telling people for ages that backdoors in encryption software is a bad idea, but this gets nowhere with non-geeks because they have no personal experience to which that proposition can be related. But they know about suitcase locks.

This reminds me of all the years I wasted trying to persuade lay audiences about the importance of open source software. My argument was that software that affects our lives should never be impenetrable or unalterable ‘black boxes’ — the the “freedom to tinker” was vital. This argument got precisely nowhere.

And then, one day, I suddenly understood why: my audiences had never written a line of software. It was an entirely alien concept to them. So the next time I gave the talk I brought a copy of my favourite recipe book with me. Before starting, I asked who in the audience cooked or baked? Every hand went up. So then I turned to a particular recipe that had 300ml of double cream as one ingredient. “Now”, I said, “double cream if not good for a guy like me, so I’d like to replace it with creme fraiche. But imagine that we lived in a world where, if I wanted to do that, I would have to write to the authoress to seek her permission, and perhaps to pay a fee. What would you think of that?” And of course they all said that it would be nuts. “Well then”, was the payoff line, “now you understand why open source software is important.”

The second thought raised by Julian’s post is that while the UK government is unlikely to pay much attention to the geek view of the absurdity of backdoors in encryption systems, it’s much more likely to pay attention to the considered view of the US National Security Agency.

A confederacy of dunces

NYT editorial neatly sums up the Republican candidates.

It felt at times as if the speakers were no longer living in a fact-based world where actions have consequences, programs take money and money has to come from somewhere. Where basic laws — like physics and the Constitution — constrain wishes. Where Congress and the public, allies and enemies, markets and militaries don’t just do what you want them to, just because you say they will.

Start with immigration, and the idea that any president could or should engineer the mass expulsion of 11 million unauthorized immigrants. Not one candidate said that a 21st-century trail of tears, deploying railroad cars, federal troops and police dogs on a continental scale, cannot happen and would be morally obscene. Ben Carson said, “If anybody knows how to do that, that I would be willing to listen.” They accepted the need to “control our borders” with a 2,000-mile fence. Even Senator Marco Rubio of Florida, once an immigration moderate, endorsed the fence. Mr. Carson actually suggested two fences, for double security, with a road in between. Do these people have to be sent to the Rio Grande Valley to see how ludicrous a border fence — over mountains, vast deserts, remote valleys and private property — would be? And it won’t solve the problem they are railing against, which doesn’t exist anyway. Illegal immigration has fallen essentially to zero.

On foreign affairs, there was a lot of talk about not talking with bad people. Senator Ted Cruz of Texas said his first act would be to tear up the Iran deal, throwing the nuclear race back to the ayatollahs and rupturing global alliances — but making a point! Carly Fiorina said: “What I would do, immediately, is begin rebuilding the Sixth Fleet, I would begin rebuilding the missile defense program in Poland, I would conduct regular, aggressive military exercises in the Baltic States. I’d probably send a few thousand more troops into Germany. Vladimir Putin would get the message.”

We get the message, and it’s scary.

Porsche goes electric


I saw a guy the other day in a Tesla S and was puzzled, because in the past I’ve known him to be a Porsche driver. People who own 911s in particular are notoriously reluctant to change — which is why they tend to be such good customers for dealers. On the other hand, propelling oneself around via a series of controlled explosions — no matter how well-engineered the engine is — is clearly a daft idea in the long run. Electric vehicles are the future. Which, of course, is what Porsche have figured out all by themselves — as the New York Times reports this morning:

On Monday, at the Frankfurt Auto Show in Germany, Porsche unveiled its all-electric Mission E concept car. A four-door, four-seat luxury performance sedan with futuristic 911 design cues, Mission E will be the first all-electric model Porsche will offer to the public.

Porsche, a German brand, maintains that the vehicle, though it is a concept car, is firmly based in reality and is expected to arrive in showrooms within five years. At the same time, it provides a window into the future of all-electric cars — more range, faster charging and more speed.

With a debut alongside the latest iteration of the classic 911, the Mission E is meant to convey the message that performance and efficiency are not mutually exclusive.

And, for those who really will miss the growl of the 911 engine, I’m sure Porsche can rig up an audio system that produces the same noise electronically.

Creative nonfiction: the craft of writing

If you think ‘creative nonfiction’ is an oxymoron, then can I suggest that you read John McPhee’s wonderful essay in the New Yorker on the craft of writing? Here’s a snippet:

Creative nonfiction is a term that is currently having its day. When I was in college, anyone who put those two words together would have been looked on as a comedian or a fool. Today, Creative Nonfiction is the name of the college course I teach. Same college. Required to give the course a title, I named it for a quarterly edited and published by Lee Gutkind, then at the University of Pittsburgh. The title asks an obvious question: What is creative about nonfiction? It takes a whole semester to try to answer that, but here are a few points: The creativity lies in what you choose to write about, how you go about doing it, the arrangement through which you present things, the skill and the touch with which you describe people and succeed in developing them as characters, the rhythms of your prose, the integrity of the composition, the anatomy of the piece (does it get up and walk around on its own?), the extent to which you see and tell the story that exists in your material, and so forth. Creative nonfiction is not making something up but making the most of what you have.

It’s a lovely, thought-provoking piece. Musing on the craft of writing, two ideas come to mind.

The first is something I got from reading E.M. Forster who says in one of his essays (I forget which one) that there are two kinds of writer: those who know what they think and then set it down in writing; and those who find out what they think by trying to write it. I’m the latter, and so, I suspect, was Forster (whose 90th birthday party I attended, by the way, when I was a student). But I’ve worked with people who could — and sometimes did — write an entire book in a single continuous draft. (I hate these people, but they exist.)

The second is the distinction I’ve often experienced — between short pieces (like newspaper columns or blog posts: 1,000 words or less), and longer pieces (5,000-10,000 words). Writing a column is like sculpting: you have a lump of clay and you gradually and tentatively lick in into some kind of shape — adding a bit here, taking something away there until you have something that looks about right.

Writing long pieces is a very different business — more akin to construction: you have these various components and then the task (and the art) is in finding an intelligent or satisfactory way to get them into a sequence and then (the really hard part) writing the ‘bridges’ that link the components in such a way that the reader feels that the path from one component to the next is natural and easy.

Quote of the Day

“The compensation of growing old is that the passions remain as strong as ever, but one has gained – at last! – the power which adds the supreme flavour to existence, – the power of taking hold of experience, of turning it around, slowly, in the light.”

-Virginia Woolf, Mrs Dalloway.

The significance of eBay

This morning’s Observer column:

Twenty years ago this month, a French-born Iranian-American computer programmer named Pierre Omidyar added an experimental online auction section to his personal website, which at that time focused mainly on the Ebola virus. He called it AuctionWeb because it enabled people to bid to purchase items that other people were advertising for sale. One of the earliest, and most puzzling, sales on the site was of a broken laser pointer, which went for $14.83. The story goes that Omidyar wrote to the buyer asking if he understood that the laser pointer was broken. The guy replied that he was a collector of broken laser pointers. At this point, Omidyar realised he might be on to something.

He was: he called it eBay…

Read on

‘Authentic’ voices vs manufactured politics

Interesting comment by Gideon Lichfield of Quartz on the significance of Jeremy Corbyn and Donald Trump:

All the two men really share, of course, is that they’ve gained a following by emerging as “authentic” voices in an era of manufactured politics. Aside from being political opposites, they’re also in quite different roles vis-a-vis their respective parties. Corbyn is a sincere and consistent dissident—a lot more like the US’s Bernie Sanders than like Trump, who is mainly a provocateur. And the notoriously thrifty Corbyn can fairly claim to represent a lost ideal of Labour values—while Trump, though perhaps a bit less rich than he claims, is about as far removed both from Republican working-class voters and from his party’s own core beliefs (paywall) as can be.

Superficial as the Trump-Corbyn parallel may be, however, it speaks to a broader commonality. Each man embodies a crisis, both in his party and in his country’s broader politics. Like all such crises, these schisms present opportunities. They’ll spur the parties to seek out fresh blood and ideas and rediscover what voters want. In other words, this is healthy. The main question is how much upset it takes for a party to truly grasp that it has lost its way. Judging by its responses to Trump, the Republican party hasn’t grasped it yet. Judging by Corbyn’s impact, Trump may yet win the nomination before it does.