Should all locks have keys? Phones, Castles, Encryption, and You.

Should all locks have keys? Phones, Castles, Encryption, and You.

Hello Internet. We need to talk about locks The physical and the digital. In the physical world, locks aren’t as good as you think they are. The lock on your door stops worries, not burglars, As two minutes of searching will reveal. Spend more, get more; but all fail with tools and time enough. That physical locks are bad at locking mostly doesn’t matter in normal life, Because burglars are constrained by the physical world. A burglar must cruise the neighborhood, spending their time to pick a target, Which makes a house that looks secure most of the way toward being secure. Each target house can then only be attacked one at a time, And comes with a risk of being physically caught in the act. But digital is different. The constraints of the physical no longer apply. On the Internet, a digital lock must protect you from, not just the neighborhood burglar, But all burglars everywhere. For, on the Internet, there’s no such thing as distance. Internet burglars don’t crack digital locks personally, they build burglar bots That try millions of combinations just to see what opens. One lock down the street or a country-full on the other side of the world — it’s all the same. Actually, other side of the world is better — a dude in East-whatever-landia stealing your identity Has a near-zero chance of getting caught. This is bad news, but thanks to mathematics, digital locks can be made unbreakable. This is encryption — a digital lock that, without the password, cannot be opened. Burglar bots will plough through all the possibilities, but a secure password Will take longer than the heat death of the Universe to guess. No password, no entry. No matter how much of a l33t hacker your mom is Your private files stay private. Which might just be the greatest social good mathematics has done mankind. But it’s easy to imagine unbreakable digital locks as bad news. Maximum lazy: ticking time bomb, the location and off-code of which Are locked on the phone of a dead man. Now, were the information on a piece of paper in a safe room, no problem: In the physical world, if you can’t crack the lock, then you crack the wall. Society agrees, under this scenario, it’s reasonable for police to get in, no matter what it takes. Note: this means real-world locks aren’t just physically weak, but also legally weak. We could live in a world with privacy laws that forbade police to break into all locks, no matter how flimsy, but we don’t, because that would be dumb. Hmmm… This is where gears turn in government heads. If digital locks are physically invulnerable, maybe they can be made legally vulnerable: To require digital locks be built with a keyhole for which police have the key. Highly secure, top secret, for emergencies only, surely. This legal vulnerability to ban citizens from owning perfect digital locks, To require companies manufacture their devices with keyholes, is an idea That many, many governments are interested in. And governments point out that a warrant which lets police into your house and into your papers Should let police into your phone. If your home is your castle, but the need, pressing enough, the police bring a battering ram. But there’s no battering ram to crack open a well-locked phone to comply with a warrant. Not helpfully, anyway. Which is a problem: again, we all ideally want police to crack digital locks sometimes. But at our current level on the tech tree, digital locks that cannot be opened are a thing that exists. And because they are made of math, something a skilled coder can build at home, Trying to ban digital locks for everyone is pretty close to trying to ban an idea. Good luck with that. But even were it possible to successfully ban perfect digital locks in a country, remember: On the Internet, there is no such thing as distance. Even if your government is a Xanadu bureaucracy of the Seraphim Incorruptible, There are demons elsewhere. Unbreakable digital locks are the foundation upon which computing and Internet-ing is built. Banking, buying, blogging, vlogging, gaming, tweeting, beating, meeting — All of this is possible because of unbreakable digital locks. They’ve existed since computers filled rooms, but now, with computers in our pockets, We rely on those locks to protect the content of our lives — the content of our minds. Forced weakness, even with the best of intentions, places everyone in danger. The nature of a keyhole is to be cracked, And the nature of the Internet is to bring demons to the door. No matter how much we might wish it, there is no way to build a digital lock That only angels can open and demons cannot. Anyone saying otherwise is either ignorant of the mathematics, Or less of an angel than they appear. This video has been brought to you in part by, where there’s more than 180,000 audio books and spoken audio products. Get a free trial today at This time, I’m going to recommend Daemon by Daniel Suarez. I never like to say anything about fictional books, I don’t like spoilers, but if you’ve made it to the end of a video about encryption, this one’s for you. Why don’t you give it a try as part of your free 30-day trial at And show Audible that you support this channel.

100 thoughts to “Should all locks have keys? Phones, Castles, Encryption, and You.”

  1. or if it has a password just take out the whole memory chip and slowly read it off until you find the password

  2. That chart of civilization levels has a hidden joke,in the quatum computing stage it says f yo encryption and people on the information age are looking sadly at the quantum computing age ,fearing that they will be hacked easily then

  3. Why not build math in a way that the lock will open after a certain time if not renewed. Let's say after 30 years

  4. because it is technically a physical lock, police can force you to open your phone vis your fingerprint, but not via your digital password.

  5. I am not an expert but I think there is a reason it's called a lock. Because there is one combination that opens it.

  6. Not entirely true. You CAN put a physical lock on a phone that can only be used if you have possession of the phone with a key that only the police have access too.

  7. If you say you trust your government, then you must not only trust some politicians who are probably in power because their first priority is being in power, no, you must trust every government that will ever rule your country until the end of infinity, because the rules that are in place stay in place, even when government changes. And in this case, it's even worse, because not only do you have to trust every government that will ever rule your country, no, you have to trust every government that will ever rule any country on earth, because they, too, can use the weakness that is built into your phone. It is literally madness to say the government should be able to break into your phone because they won't abuse that power.

  8. What about a lock that the password could be only tried once before kicking you out.

  9. So, don't keep bomb locations and off codes locked behind digital locks.

    Problem solved.

    Grossly oversimplified, I know, but you get the idea. If it's something that someone may need to get into later for good reasons, keep a physical copy somewhere behind a physical lock.

  10. CGP Grey forgot to mention the fact that criminals with a strong enough will will always be able to circumvent encryption backdoors whether it be by using another program, making their own or using older or foreign hardware to communicate. It simply reduces privacy for the majority of the population who can't be bothered to do such things.

  11. Who else wants to see a CGP/LockpickingLawyer collab? It would be the most informative yet relaxing thing ever.

  12. This video is old, but I was wondering if it would be possible to solve this problem through some sort of physical weakness in phones? For example, having a button inside the phone that resets the password, and can only be reached by a licensed technician. Would this actually solve the problem, or is that ultimately the same as just weakening the encryption?

  13. The idea goes like this. "Eff the little people. We will make them vulnerable. We can catch petty criminals or invent petty criminals if we need to. Those who use strong encryption are punished. The wealthy and powerful are exempted. When the little people are victimized they have to suck it up." And they will.

  14. couldn't they make the "key" (absurdly huge password?) physically on the device? different for each device, hidden from normal view?

  15. Isn't the whole purpose of a lock, that it have a key that can unlock it, so only the one with the key can come in.

    A key can be literal or it can be figurative, such as a thumb scanner or a long and complicated number of digits. But seriously. If there is no key there is no lock.

  16. Thanks for getting me through an essay about the Fourth amendment of the Constitution because I was able to sort of connect it to this much more interesting topic!

  17. "We all want police to be able to crack locks sometimes" is certifiably untrue. I know many people who do not believe that.

  18. RFID locks can be defeated easily by a programmer writing a program. Think about how fast a little computer could change codes and try it on the lock? Now compare that with having to physically cut thousands of keys, carry them to the door and then physically try them all. Electronic locks are uniquely vulnerable. So are keyed locks though, watch the LockPickingLawyer. Also look at the Bowley Dead lock, never picked, bumped, forced or otherwise defeated. To defeat it you need a cutting oxy acetylene torch and turn the entire lock to slag or destroy the door.

  19. The hypothetical you propose can and should be avoided by Not writing that kind of sensitive information in an uncrackable magic rectangle. If written on paper it would fix the issue. And banning the storage and use of that type of information on smartphones for government officials. GOVERNMENT, BUTT OUT OF MAGIC RECTANGLE.

  20. well, digital locks are not uncrackable. you just have to guess the password so in the event that there is a bomb attack that can only be stoped by opening a digital lock the police could just use any existing hash cracking program that allows distributed cracking, publiisch it and ask people to help by utilizing their PCs Power.

    also they could just ask google to use one of their datacenters to crack it.

    also if someone really knew how to stop that bomb he certainly wouldnt write it down on their phone.

  21. A digital lock is not 100% perfect. The `expected` time to guess the key is longer that the heat death of the universe, but with random guessing there is still the chance that the attacker guesses correctly first time (small as it may be). You are protected on average; but you might be (very) unlucky.

  22. The sentence "the lock on your door stops worries not burglars" really threw my text proccessing algorithm for a loop. I initially heard it as "the lock on your door stops, worries not, burglars".

  23. 3:45 et seq.: "Even if your government is a Xanadu bureaucracy of the Seraphim Incorruptible, there are demons elsewhere. … The nature of a keyhole is to be cracked. … There is no way to build a digital lock that angels can open and demons cannot. Anyone saying otherwise is either ignorant of the mathematics or less of an angel than they appear."
    (end quote)

    How about having the software send and store two copies of everything, using the same unbreakable digital locks as ever, but with one copy under a lock that the user has a key to and the other under a lock that the seraphim have a key to?

    Not that I believe in the existence of a government of angels, but it seems pretty simple to give them a key if we had them. And if they're angels, that would seem to imply that they're not going to hand the key over to the demons.

  24. What if instead of Dashlane keeping you safe they just sell their password servers to some hackers in the backdoors

    *Reverse Psychology

  25. worry – a feeling of concern about something bad that might happen : the state or condition of worrying about something : anxiety

    burglar – a person who illegally enters a building in order to steal things : a person who commits burglary

    01:23 plow – to dig into or break up (dirt, soil, land, etc.) with a plow:

    The soil was freshly plowed.

    01:38 mankind – all people thought of as one group

  26. Some (if not most [if not all]) Android Devices' locks can be broken/reset with the ADB network. The gov, if they really need it, can just legally make it so that USB Debugging is always active on Android OSes.

    On Apple, however, I do not really know how they work.

  27. Corporations and the NSA collect our information and invade our privacy without a warrant and without much moral or logical reasoning. The NSA does it illegally and corporations do it legally cause we don’t put legislative protections in place to stop it

  28. You have to sacrifice personal liberties for the greater good. That’s a foundational principle of society. There should absolutely be ways to forcefully open phones, because your individual privacy means quite literally nothing in the grand scheme of things.

Leave a Reply

Your email address will not be published. Required fields are marked *