U.S. Gov't Grapples With Clash Between Privacy, Security

schwit1 writes: WaPo: "For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee U.S. government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?"

NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:

"The odds of passing a new law appear slim, given a divided Congress and the increased attention to privacy in the aftermath of leaks by former NSA contractor Edward Snowden. There are bills pending to ban government back doors into communications devices. So far, there is no legislation proposed by the government or lawmakers to require Internet and tech firms to make their services and devices wiretap-ready."

What's the acceptable limit?

[Anonymous Coward]

So what's the acceptable limit?

Should they be allowed to watch you urinate?

Should they be allowed to watch you defecate?

Is it okay if they do this with a device that has an "Internet of Things" sticker on it?

Re:

[__aabppq7737]

I wouldn't doubt thaht the NSA has broken iPhone's encryption. https://firstlook.org/theinter... [firstlook.org]

Re:What's the acceptable limit?

[Jane Q. Public]

I wouldn't doubt thaht the NSA has broken iPhone's encryption.

This proposal by NSA mirrors the Clipper Chip/Skipjack + Key Escrow system proposed back in the early 90s. People didn't trust the government with their keys THEN... why the hell should they do so NOW, given that government intrusion into our lives has only increased in the interim?

Unlike the 90s, by now they have proved they can't be trusted.

Re:

[fustakrakich]

Should they be allowed to watch you urinate?

Should they be allowed to watch you defecate?

Sure! If can watch them fornicate...

Re:

[fustakrakich]

*sigh* some day I will see the things that are missing, oh wait, I do see things that are missing, until it's too late of course. I should be a procurement officer for the Pentagon.

Re:

[Opportunist]

They should be required to! That might make them learn.

Think Clockwork Orange like...

Re:

[MrBigInThePants]

Oh please. That is a false dichotomy.

The only thing "clashing" here is the high tech political donations vs the military and surveillance dollars.

Its funny how the only "clashes" follow this same pattern...ok not funny at all.

Re:

[Hognoxious]

Should they be allowed to watch you urinate?

Should they be allowed to watch you defecate?

The government? Hell no.

But if Twiglebook and their selected partners wish to serve up targeted ads to enhance my waste elimination experience then sign me up!

Re:

[Anonymous Coward]

This Admiral is a treasonous POS. He took an oath to defend the constitution and here he is undermining it.

Re:

[HiThere]

With a gradation in punishment. Probably exponential. The current head of the NSA should be slowly boiled in tar. It's difficult to imagine something appropriate for his boss.

Break the key apart?

[__aabppq7737]

, but divide the key into pieces so that no one person or agency alone could decide to use it.

Exactly how do they intend to split a key; by piling layers of encryption atop each other or by splitting the RSA public key modulo's factors into multiple authorities?

Given the option of piling layers of encryption on top of each other, it would seem that private keys would need to be divulged to create this encrypted comm. system

Re:

[The New Guy 2.0]

There's no such thing as a secret law in the USA... it's either in Lexis or it never existed.

Re:

[davester666]

But there are secret interpretations of the law, where the gov't basically does lawyer-shopping, going from one lawyer to the next [whom they hire], to write a legal opinion about something, and they just keep going through lawyers until they get the 'opinion' they want, and then use it as a legal justification for doing something.

You would think they would at least have to run it by a judge, but no. It only gets looked at by a judge:

-if someone finds out about it [hard to do when it is classified as top s

Re:

[Shakrai]

You would think they would at least have to run it by a judge

That's not how the American judicial system works. Courts can only rule on cases and controversies [wikipedia.org], you can't go to a Federal Judge to get his opinion on the legality of a desired course of action. That's what lawyers are for, both in private and government practice. Lawyer-shopping as you describe does happen, both in the private sector and in Government, but it's generally considered ill advised to ignore the mainstream legal consensus in favor of fringe opinions. If the matter does ultimately end up

Re:

[anagama]

We all know how it is _supposed_ to work. We also know how it _actually_ works.

For example: GWB used secret legal memos to get around the due process clause when locking people up in Gitmo. Obama used secret legal memos to get around the due process clause when executing people. And the courts were less than useless in doing anything about it, bowing out over litigant's standing.

So ultimately, the law is basically whatever the President says it is. Yep -- that's authoritarian and fails to fit our mythi

Re:

[davester666]

That's not the kind of thing I'm talking about. More like the "we can kill an American anywhere on Earth except within the US, if we think he is a bad person". Or "the president or someone he delegates to, can decide you are a bad person, and can have you secretly detained and removed from US soil, without any judicial oversight or notification to anyone, and then keep you secretly detained for as long as they want".

But he also pinky-swears not to abuse this power.

Re:

[Shakrai]

More like the "we can kill an American anywhere on Earth except within the US, if we think he is a bad person"

That's not the power that the Executive has actually claimed for itself. They've claimed the power to kill Americans engaged in hostilities against the United States on foreign battlefields. Devil's Advocate: Benedict Arnold led enemy troops [wikipedia.org] on the battlefield. If a solider in the Continental Army had the opportunity to take a shot at him would you regard it as murder?

Or "the president or someone he delegates to, can decide you are a bad person, and can have you secretly detained and removed from US soil, without any judicial oversight or notification to anyone, and then keep you secretly detained for as long as they want"

Citation needed.

Re:

[davester666]

The battlefield for the war on terror is "everywhere". And it's just a couple of guys in a room, none of whom are particularly impartial.

And this is a nice summary:
http://americablog.com/2014/05/post-constitutional-era-scotus-allows-capture-rendition-u-s-citizens-ndaa.html [americablog.com]

Re:

[Shakrai]

The law that he linked does not say what he thinks it says. The notion that people captured on the battlefield can be held without trial until the end of hostilities is not a new one. Nor is the notion that unlawful combatants can be held accountable for their actions.

I see nothing in that legislation that authorizes military custody for people on American soil. Such an action is arguably permissible [wikipedia.org] in limited instances, but I'm not seeing it within the legislation that random blog you linked is gripin

Re:

[MechaStreisand]

If you don't see a difference between shooting down a warplane in a time of war, and attacking people just walking around without a declaration of war, thus extending it to potentially anyone on the planet, at any time, in a "war" that has no objectives, no defined enemy, and will never end, you are a truly evil person. Which you are.

Re:

[anagama]

Succinct. Eloquent. Perfect.

Re:

[murkwood7]

Disclaimer: IANAL. This post is, however, legal advice, and creates an attorney-client relationship.

By claiming to be an attorney, (as in you are giving legal advice, thus laying claim to the attorney side of the attorney-client phrase), you _are_ claiming to be a lawyer:

http://www.lawyeredu.org/attorney-vs-lawyer.html

Thus, YOU are the evil one :)

Re:

[Shakrai]

The war has a clearly defined enemy, which you would know if you had actually bothered to read the legislation that we're discussing. It defines the enemy as Al Quada, the Taliban, and those persons or groups that support them.

The Executive neither has nor has claimed a blank check. You may disagree with the drone campaign, I'm not entirely certain that I support it, but let us at least agree to confine our discussion to the facts rather than making shit up.

Re:

[davester666]

Except that is a blank check. They can declare ANYONE to be a member of that set of people, without any oversight by anyone. And they can also have you killed on sight for being a member of that group. And there isn't anything anyone can do about it, either before or after you are killed.

It amounts to "that guy standing over there is bad. kill him now."

Re:

[Shakrai]

I hate to break it to you but that's pretty much how war works, by definition. You don't get judicial review on the battlefield. You get shot at. If you don't like it then don't take up arms.

Re:

[davester666]

So, to avoid being killed as part of the war on terror, we have to leave the planet, because the US population has lost control of it's government...

Re:

[Shakrai]

No, certain people think we've lost control of our Government. I am a member of the American electorate, more informed than most, and I'm content with the oversight that exists. I don't particularly care for our current President, or the one that preceded him, but on this particular issue I'm satisfied with the decisions they've made.

We could talk about the oversight mechanisms that exist, if you'd like, though I'm skeptical that you would approach the issue with an open mind based on your comments to da

Re:

[davester666]

It's only acceptable to you because you don't happen to live where they are killing a bunch of their 'targets'. There, if you happen to have gone to the wrong funeral, or the child of the wrong person, or just sitting in the wrong cafe, or walking on your own property with a rifle, oops, you get to be posthumously declared a terrorist. Hope you weren't with your wife and children.

Re:

[Shakrai]

That kind of shit has always happened during wartime. I fail to see how some non-combatant dying in a drone strike is any worse than the non-combatants that died in Tokyo and Dresden. We aren't deliberately trying to kill them, sometimes they're too close to legitimate targets, other times we misidentify them.

Newsflash: War is a messy business. I'd just as soon prefer we didn't have to engage in it at all, but I'm not the one refusing to live by the rules of the civilized world. Why don't you save some

Re:

[Zontar The Mindless]

At one time, there were no secret courts in the USA. And we see what happened to that.

Just something to think about.

Re:Break the key apart?

[PopeRatzo]

There's no such thing as a secret law in the USA... it's either in Lexis or it never existed.

There's not supposed to be, but there are. Every time a secret court like FISA makes a secret decision, new secret law is created on the fly. Secret precedent.

And by the way, there's also supposed to be no such thing as anonymous local police in the USA, but they take off their ID and pull balaclavas over their faces at the sight of three black people walking down the street with a protest sign.

There are a lot of things in the USA that are not supposed to exist. Secret laws, secret courts, secret trade agreements. Secret police. Secret police blacksites. Secret "crowd control" weapons for the secret police to use domestically. Torture. Rendition. Off-shore prisons. Extrajudicial assassination.

And secret donors, of course. That's what it's all for. There was a secret coup in the US decades ago, and we were collateral damage.

Re:

[Agripa]

There are a lot of things in the USA that are not supposed to exist. Secret laws, secret courts, secret trade agreements. Secret police. Secret police blacksites. Secret "crowd control" weapons for the secret police to use domestically. Torture. Rendition. Off-shore prisons. Extrajudicial assassination.

Secret interrogation centers:

http://www.theguardian.com/us-... [theguardian.com]

Re:

[The New Guy 2.0]

FISA creates a "sealed record"... they'll have to reveal it eventually if they want to use it in other courts.

Re:

[PopeRatzo]

The other possibility, there have been countless accidents and it is just pure coincidence the U.S. lost its way and is just a little bit confused.

Never underestimate the perfidy inherent in a system that's designed around profits. Never underestimate the greed of those who already have wealth beyond the dreams of avarice.

There is a reason someone who has 100 million strives to get a billion. It's a pathology that tells them they should have a billion because they're "worth it". And when you're "worth i

Re:

[Anonymous Coward]

Unfortunately, the doctrine of parallel construction, which has been upheld in Federal court, means that there is. There have been several high-profile cases in Federal court settled based on secret case law, in which the judge's ruling itself was partially sealed. That's basically the definition of secret law. Case in point:

https://firstlook.org/theintercept/2015/03/26/new-low-obama-doj-federal-courts-abusing-state-secrets-privilege/

Unfortunately, Congress itself often does not have access to informatio

Re:

[Agripa]

Parallel construction also gets around 4th amendment restrictions on searches and seizures. The remedy for an unlawful search or seizure is exclusion of evidence but that does not apply when parallel construction is used.

Re:

[Pseudonym]

Regulations don't always appear in Lexis. They aren't laws, but they are laws.

Re:

[The New Guy 2.0]

Regulations aren't law... they're Executive branch policies, under authority granted by a previous law. Mostly they set numbers on things that the law left to a range... and courts don't hold up most others.

Re:

[bohmt]

, but divide the key into pieces so that no one person or agency alone could decide to use it.

Exactly how do they intend to split a key; by piling layers of encryption atop each other or by splitting the RSA public key modulo's factors into multiple authorities?

Given the option of piling layers of encryption on top of each other, it would seem that private keys would need to be divulged to create this encrypted comm. system

The modulo is a semiprime number, so it has only 2 factors. I think he wants a Threshold cryptosystem, where m out of n parties need to use their keys for it to work.

Re:

[__aabppq7737]

splitting the RSA public key modulo's factors

The user generates 64 bits of the first key, the US Govt. generates the next 64 bits, the Canadian govt. generates the next 64 bits, et cetera. Apply same process for both keys, then use a one-way conversion process to create a new key from the old one such that only govt.s whose random numbers went into the making can reverse the new key in a finite amount of time. Of course, this would get hurt by FREAK-like vulnerabilities.

Re:

[The New Guy 2.0]

Yep, they don't understand "digital tear point"...

It's a way of sending a block to a lower-level person that gives them the headline and some of the story, enough to convince them to hand it to the high-level authorities that get the rest of the story by decrypting a second block that's only for them.

Breaking a key apart just means they have to get together and they they have everybody's secrets... that's not how it's supposed to be done.

Re:

[dbIII]

I'd say they understand all right and this is just PR. Remember the big fuss about needing a launch code, and then the launch code was all zeros so that it was just the same as if there was no launch code.

Breaking a key apart just means they have to get together and they they have everybody's secrets

Yes. I give it fifteen minutes, only because somebody will be making coffee before sharing the key in the first morning.

Re:

[Lennie]

I believe I've seen Bitcoin Multi-Signature wallets use Shamir's algorithm:

https://en.wikipedia.org/wiki/... [wikipedia.org]

A Bitcoin 'wallet' is the private key which allows you to spend your the Bitcoin you own.
A Multi-Signature wallet is a wallet for which you need 2 out of 3 keys to spend the Bitcoin.

How something like that could be used in a secure system in this case I'm not so sure about.

Re:

[JesseMcDonald]

You could use Shamir's Algorithm, but the recommended way to create a multi-signature Bitcoin address is to use a transaction script which separately checks each of the desired keys. That way each key holder can sign the transaction independently of the others, and—more importantly—there is no need to get all the key fragments together in one place to reconstruct a master key.

That last point, incidently, happens to be one of the problems with this proposal; once the master key has been reconstru

Re:

[PopeRatzo]

Exactly how do they intend to split a key

They don't. This is just for public consumption. They have no intention of slowing themselves down with any privacy safeguards.

They just think everybody's stupid. And, they would be right, except post-Snowden the number of people paying attention has gone up.

Re:

[dbIII]

Easy, they give the key parts to other agencies and then the NSA seconds people from those other agencies so that they've got the full key fifteen minutes after the parts are sent out.
There's so much pissing in each others pockets and "retiring to private enterprise" but getting millions of dollars in government work that there's no clear line between agencies and between government and private companies (eg. those Booz losers Snowden worked for). If the Chinese, Iranians, Russians etc don't have top level

Parts of a key?

[Chris Katko]

Introducing my super clever hack:

Wait till the key is needed.

Write the key down.

Use it whenever we want from then on, but make sure we tell everyone we're not.

The Math

[Lord Duran]

An example of how to do cryptographically secure secret sharing:
Shamir's secret sharing [wikipedia.org].

There are other secret sharing schemes there, follow the link to the main article.

Re:

[The New Guy 2.0]

The problem here is that when the SSL snoops get credit card data, they become the cracker that's supposed to be arrested. These warrentless wiretap losers don't last long, yet they always seem to be making more of them.

No legislation is needed

[fustakrakich]

They will just do it anyway. It doesn't matter. Most people prefer to feel secure, they don't care how it's done.

Collecting more noise does not help signal/noise!

[Anonymous Coward]

I think most people fear a SWAT team coming in and shooting them in their own homes, than jihadist terrorists.

NSA has not measurably made anyone more secure since they started this big brother program. You assume it works, but collecting more noise does not make the signal stronger.

This idea of 'secure' you have, indicates a nice trust of the perfect nature of your leaders (i.e. the NSA), but those of us in foreign countries know where that leads to.

Really, swap NSA for KGB and you've got the situation you'

Why shouldn't we trust them? They sound legit!

[Anonymous Coward]

NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:

Sure. I totally believe that you're going to do that. I mean, it's not like you scum have a history of blatantly lying to the American people and doing the complete opposite of what you say you will, right?

How about no. Just fuck off and stop invading my privacy. You have absolutely no right there, whether you split that responsibility with other criminal--I mean, government-- organizations or not (not that I believe you'd even do that much).

Re:

[The New Guy 2.0]

[Quote]NSA director Adm. Michael S. Rogers wants to require technology companies to create... But progress is nonexistent:[/Quote]

Nobody's helping him, so he's complaining to the media... nothing to see here, move along.

Re:

[anagama]

you don't get to throw the rules out the window just because it's on a shared server or it's part of the "cloud"

Actually, at least according to the Supreme Court, they do get to throw out the rules. It's called the Third Party Doctrine.

http://www.abajournal.com/maga... [abajournal.com]

For too long, application of the third-party records doctrine has permitted absurd results. A person who stores documents and items in a physical space controlled by a third party in the business of renting it out retains a Fourth Amendment

Re:

[Pseudonym]

To put it another way: There is no clash between privacy and security. Privacy is security.

The word "security", or any variant thereof, appears exactly once in the US Constitution: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated [...]"

Not a key, it's a password...

[The New Guy 2.0]

The problem here is that uncrackable-without-the-secret crypto poses a problem for the "give us everything!" police investigators... these are the guys who want warrentless wiretaps and other gifts from the tech industry.

There's no master key that can solve all crypto... what they really want is a password that causes the device to give up its locks.

Perspective

[laing]

When considering whether or not it should be okay for the US government to have backdoor access to any device, one should also consider whether other [techdirt.com] governments should also have that same access. The answer shouldn't depend upon which government you support.

One should also remember that government employees with privileged access are people, and people can misuse [cnn.com]the access they have.

We should recognize that the Fourth Amendment of the US Constitution was created to prevent this exact scenario. Law abiding people encrypt sensitive information to protect it from misuse by criminals, but the information can be misused by ANYONE with access.

Dividing a backdoor key between multiple parties simply creates a requirement that all parties agree to access the information before it can be accessed. It doesn't guarantee that the access will be lawful.

Re:

[MobSwatter]

You can't install a back door to anything without weakening the security for the less than lawful crowd, when taken into context it would appear that the entire surveillance thing is not only unconstitutional, unconstitutional is also unlawful beyond not being that smart. It also concludes that not only the NSA and the elite are above the law, but every other law enforcement agency is going make a play for it because the NSA got away with it. Now take all that and add the element of organized crime that w

Keeping Secrets

[Dutch Gun]

So... what makes the NSA think that anyone could actually keep these ultimate "keys to the kingdom" secret? I mean, just about everything else of theirs that was secret has leaked out thanks to a single contractor. Can you imagine how valuable these keys are, and how much money could be made by selling them? Hell, the US couldn't even keep our nuclear weapon plans under wraps.

And what's awesome about this scheme is that once the secret is out, every single smartphone in the US is compromised all at once. Whee!

Re:Keeping Secrets

[Jaime2]

It goes further... their scheme requires that the people holding the parts of the key work together regularly whenever access is needed. This is likely to be thousands of times every year. There's no way to keep a secret that needs to be accessed so often by so many. Enigma was broken due to poor operational security, not poor technology. Venona [wikipedia.org] broke one-time pads due to poor OpSec. An encryption scheme used by all authorities wanting decrypts of cell phones would involve tens of thousands of people and would be impossible to carry out without making egregious operational errors. Add to that the fact that none of those who hold the keys have much to lose when they screw up. War time operatives know their way of life depends on them not screwing up. The local FBI office only cares about decrypting the phone, if they screw up, it doesn't hurt them, but it hurts me.

Re:

[dcollins117]

So... what makes the NSA think that anyone could actually keep these ultimate "keys to the kingdom" secret?

Hubris, most likely. If Bruce Schneier is correct there appear to be a number of NSA and CIA leakers still active. Not to mention the foreign spies within the NSA and CIA that we don't hear about because they are doing their job correctly.

7 people who hold the keys to the internet

[auric_dude]

The idea could work. Meet the seven people who hold the keys to worldwide internet security http://www.theguardian.com/tec... [theguardian.com]

Re:

[Culture20]

I smell a summer blockbuster action movie!

Dear NSA

[Opportunist]

No matter how many US agencies you distribute the key over, one thing is absolute certain: If you require US companies to make any and all contents on mobile devices available to US government (and, considering who owns it, US corporations), absolutely NO non-US company could sensibly buy anything anymore from a US tech company.

Hell, the chance to not be spied on would be bigger if you bought Chinese crap!

Quite seriously, why should anyone trust a country that has a worse record when it comes to industrial spying than China?

Re:

[zedaroca]

Times, Guardian, Post, Intercept and Der Spiegel are credible sources that the US is doing worst than China.
From your link:

"I don't know if there are backdoors - but it doesn't matter since there are so many vulnerabilities."

It was on the news that the NSA was hacking on Huawei. Maybe China was using the vulnerabilities and spying, but the US definitely was doing that. Now they want to put actual backdoors on American devices.

Since then they said they would start using more open source and open their systems for being audited by third parties. The Chinese government didn't complain about increasing the sec

Re:

[Opportunist]

http://www.reuters.com/article... [reuters.com]
http://www.bbc.com/news/259075... [bbc.com]
http://www.cnet.com/news/snowd... [cnet.com]

If you can't be assed to google for 5 minutes, I cannot be assed to provide proper links.

This is not a new problem

[Anonymous Coward]

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."

----Benjamin Franklin, Historical Review of Pennsylvania, 1759

How far would this law go?

[BitterOak]

Does this only apply to cellphones which are regulated telecommunications devices? Or would it also apply to tablets, which are really personal computing devices? And if it applies to tablets, would it apply to other personal computing devices such as laptops and desktop PCs? And if so, does it only apply to encryption software sold with the device, or also to third-party supplied encryption software? And if it does apply to 3rd party software, does it only apply to commercial software, or free open source software as well? Are there 1st Amendment issues involved in regulating the distribution of free software, and if so do they apply only to compiled machine code, or to source code as well? The devil is in the details and I'm not really sure where dividing lines would be drawn.

Re:

[Thor Ablestar]

As I know there is a thing named Arduino. Also, there is a thing named Arduino GSM shield. Basically it means that it's possible to make a primitive communication device with almost totally user-controlled code. (Almost - because the GSM shield has a firmware in it, but it's interface can be controlled). You can use it to make an encrypted communication between parties but unfortunately it doesn't save you from collecting metadata; it still needs a solution (Such as "Diverter" in good old days of blueboxing

Re:

[currently_awake]

How do they avoid conflict with America's medical records privacy laws? Also, this is a death warrant for America's computer industry. Rule number one of spying: it must be done in secret, or you can't trust anything you get.

No Problem...

[CharlieG]

They can have a back door to my phone - as soon as they give me the key to all THEIR systems (up to and including the President and IRS etc) so that when WE have the right to data, they can't say "we lost it". What? Its only fair - they watch me, I watch them

Re:

[VanessaE]

And you war-obsessed, money-blinded, overly-religious conservatives are saying what, exactly, about the current president? That he's some kind of angel of sunlight? No. You guys are currently calling him the worst president ever, claiming he's gonna make himself dictator (despite the 22nd Amendment to the US Constitution), comparing his administration to ... well let's not Godwin this. Notice I did NOT single out any current or past US political party.

Here's a newsflash: since before this country was f

There's only a clash in the minds of Republicans..

[Anonymous Coward]

For normal people, we recognize the right to privacy so there is no clash. The title is misleading. The Republicans don't recognize the average person as human thus they believe we have no rights. They strongly believe in the Constitution, but don't think it applies to the average person.

Naw

[Dunbal]

There's no clash. The law is perfectly clear on that subject. Only the government is choosing to ignore it.

Two Keys?

[PPH]

Dr. Petrov: [Ramius has taken the Political officers Missile key and kept it] Sir! The reason for having two keys is so that no one man may...

Captain Ramius: May what, Doctor?

Dr. Petrov: Arm the missiles Captain.

Captain Ramius: Mmm, thank you for your concern Doctor

Re:

[Shakrai]

"Russians don't take a dump son without a plan."

Anchoring

[Iamthecheese]

Offer someone an extreme choice, "Here's a car for only $60,000!" and they'll be more likely to accept a more moderate choice (Here's a car for $30,000!) because it's better by contrast, not objectively. Today we're reading, "should the government get to read everything, everywhere?" and your answer is obviously "fuck no". But that immediate answer isn't the point.

Later you'll be presented with, "Should the government get extra-legal access to some things?" and because of this framing you'll be more likely

Re:

[Iamthecheese]

No, I'm pretty sure it's anchoring. But I applaud your efforts to associate my post with Beck's insanity. Anyone reading your comment will discount my own by association. Very clever.

Bullshit!

[BrendaEM]

In what manner was the US government concerned with privacy?

After 9-11, we were supposed to just stop being Americans and give up the whole idea of what our founding fathers wanted.
Be a coward, and given them all the power they want, and see where that will get you.

Divide the key

[manu0601]

Dividing the key makes sure a single individual cannot have access. But since all individual workers obey to their employer, it does not prevent any NSA access.

This is just a measure against rogue NSA employee access, not against NSA access.

The FBI isn't the only law enforcement agency

[ZeroWaiteState]

If a backdoor key exists, then the company that created it must by law give it to any lawful government authority that requests it. For example, if a company does business in Saudi Arabia, and a backdoor key exists, they may be compelled under Saudi law to give that key to the Saudi's. If a company does business in Russia, they may be compelled by the Russian government to give them the key. That's the nature of a backdoor. You can't just give it to only one entity. And let's not forget about Gemalto. They have cellphone encryption keys for the SIM cards they produced, which were held on their servers so that law enforcement agencies could obtain backdoor access to cellular communications via the legal process. However, the NSA broke into their servers and stole all of their secret keys, and then used them to mass decrypt cellular traffic. That's a real example of key escrow in action, and it completely failed to protect anyone.

There's no good way to compromise a system...

[Chas]

Sorry, but if you create a system with a security compromising flaw in it, even a well hidden, obfuscated, extremely well guarded flaw, someone aside from the "intended" users of said compromise are going to use it to break in.

The government's "need to know" does NOT trump my right to privacy. And if there's a real problem with that, they'd better be overtly bringing soldiers in to try to make me comply.

I call BS

[jodido]

The only thing they're "grappling" with is how to continue unlimited spying while convincing you they're respecting your privacy.

whatever govs can do, crooks will do better

[e**(i pi)-1]

It is in the interest of anybody to help in providing the best possible encryption because "Whatever govs can do, crooks will do better". It not only helps the industry or privacy. It also protects itself as it is likely that such mandatory back doors will be technically outdated and hacked quickly after put in place. Weak Encryption has decided the fate of Mary Queen, the deciphering of the Zimmerman telegram a hundred ago played a role in the outcome of WWI and weaknesses in the use of the enigma cryptology was important in WW2. Since then, technology has exploded and become more important everywhere. Any government proposing to weaken its own communication infrastructure by mandatory crippling their own industries will be in a disadvantage. The dream is of course that high up, secure systems are going to be used. As they will not have been well tested, they are likely to be hacked even faster than a device for the masses with a backdoor which has withstood standard attacks and gone through peer review by hackers. And if some really sweet military grade encryption will remain to be safe, it will be a goldmine for a company selling devices with such additions abroad.