Recently there as been quite a bit of outrage theater over the fact that iOS 8 has some form of encryption enabled by default. Let us ignore that iOS 8 encryption as inspired a bunch of panic theater without introducing any security at all. Oh, you ask what is "panic theater?" well let me show you.
Panic theater is why neither you nor your descendants will ever have good things. It's closest relative is security theater, also know as the reason why you take a plastic shiv through American Airports when you value your knee space. At least security theater offers measure that almost improve security. Panic theater on the other hand tries to get you to actively embrace insecurity. Is your local police department offering you a software download to "protect your children" while the software actually makes the product of your seed more vulnerable to pedophiles? If you live in the United States and trust your local county mounties for software recommendations this could actually be the case.
So there exists a piece of commercial computer software known as ComputerCop. The market for this piece of software is not end users, but local and county police departments that then offer the software to end users with their own logos substituted in. You local 5-0 gives the developers money, the developers give the 5-0 their own branded version of the program, and who needs a Heartbleed or Shell Shock because this software includes little more than a keylogger which exists to send you and your children's keystrokes across the Internet completely unencrypted. The Chicoms, Kim Jung Un, that creepy fucker with half a mustache... This police branded software makes you passwords and any other information you pass through a keyboard fair game for the whole bunch of the malefactors.
Problems like this never happen in isolation though. Eric Holder wants to open a war against consumer electronics using any encryption at all, even though the devices spurring this declaration have so many fucking side channels that even Barney Fife could not fuck up the process of seizing a device and keeping its contents available to law enforcement.1 Eric Holder and every other mother fucker who has decided to rally around encryption now is cribbing around the exact same "think of the children" playbook they did in the 1990's when the battle was over key escrow. How about instead of thinking about computing hardware we turn our attention to the actual problem in the war on pedophiles, the children.
First off, pedophiles are rare. Rarer than abortion if you base your measure using the number of protesters each phenomena generates.
Second, pedophiles have a clear target they desire and that target is not general purpose computing devices. Oh no. What the pedophile wants is children.
So how about instead of trying to put controls on computers, let us put the controls around the pedophile's actual targets... the children. Digital Rights Management while it has failed the music and film industries could undergo a new Renaissance among parents who want nothing more than to keep their children from falling victim to Pedobear or their Parish priest. The potential mechanisms that could be leveraged are endless. Imagine an explosive collar around a child's neck that detonates when a pervert tries to snap their picture without the parents explicitly allowing the picture. Instead of years of therapy and victimization to relive the child without pain to themself offers the aspiring pervert decades of nightmares when the alarm fires in their collar.
Is this an extreme solution? Well it isn't as extreme as handing over your information to the local police, hearing a thump in the night, and still finding a pervert firmly inside of your beloved spawn. Sure it won't be too late to end the pervert's ability to walk among the living with your trusted Remingtom 870 shotgun in 12 gauge with 3 1/2" magnum shells leaded with depleted uranium, but... it will be too late to avoid the years of therapy. Why not just destroy the object of the pervert's desire while they are still scouting targets?
- Note that iOS 8 devices generate their keys based on a short PIN and a value stored in hardware. Since the non-PIN value is stored in hardware... unless the hardware has a self destruct function the encryption keys are going to be exactly as weak as the weak PIN codes. [↩]
[…] police actively demand you compromise your security in the name of the children. Not necessarily your own children mind you, but the idea of children in the abstract. Because what […]