Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Government Privacy The Internet United States Politics

The Rise of the New Crypto War 91

blottsie writes: For more than 20 years, the U.S. government has been waging a war on encryption, with the security and privacy of all Americans at stake. Despite repeated warnings from security experts, the FBI and other agencies continue to push tech companies to add "backdoors" to their encryption. The government's efforts, which have angered tech companies and researchers, are part of a long-running campaign to pry into every secure system—no matter what the consequences. This article takes readers from the first Crypto War of the early 1990s to the present-day political battle to keep everyone who uses the Internet safe.
This discussion has been archived. No new comments can be posted.

The Rise of the New Crypto War

Comments Filter:
    • Did the fourth amendment rights ever get worked out in relation to them hacking into computer systems (or wouldn't this law be in direct violation?)?

      I ask in earnest to see if these things were ever challenged in the past.
    • Like an open back door into your home usable by the US Govt. would make you safer, right? Right FBI director James Comey?

  • by WillAffleckUW ( 858324 ) on Friday July 10, 2015 @04:30PM (#50085239) Homepage Journal

    1984 was right, it was just 20 years early, and this is the script they are working off of.

    Look, we all know where the terrorists are and who is spreading it, and how to track and follow them. Encryption is no more a threat than a candy bar behind a locked glass case in a supermarket too high for kids to reach is.

    The reason they defeat the spies is the spies are too stupid, and ignore the real threats due to the massive overkill of non-relevant data and metadata that obfuscates the actual threats.

    They already have access to your phones and already subvert them for target cases, so it's just more justification for insane stuff we don't need.

  • Just a continuation of the war, maybe a new battle?
  • Learn how things work. Learn why things work. Build things, experiment, and never make an assumption without clearly identifying it as such, even if it's only a mental note.

    Don't take someone else's word--look it up and verify it. Try it out. Play with concepts. I don't recommend using your own crypto in production (at all, since the odds are against you being a qualified cryptographer), but implementing known algorithms for educational purposes and then running attacks against them will give you a much bet

  • If that were actually true that saving lives or keeping people safe were their true priority, they could be vastly more effective by spending their money on reducing the highway traffic fatality rate. Over 30,000 people die on the roads of America every year. Reduce that by 10% and you'll save the equivalent of a 9/11 attack *every* year.

    Of course safety and saving lives is not their primary purpose -- it's entrenching their power structures. The ability to pry into everyone's communications and files is (in their opinion) essential to that.

    • by ArcadeMan ( 2766669 ) on Friday July 10, 2015 @04:39PM (#50085329)

      The same kind of numbers could be used against tobacco, alcohol, food with excessive amounts of fat/sodium/etc. Except there's money to be made with those, so the number of deaths doesn't matter.

      • by Anonymous Coward

        Users of tobacco, alcohol, unhealthy food, etc., are consciously choosing to harm themselves.

        In an automobile accident, someone who was following the rules can get harmed/killed by someone else, without consent.

        Limiting the former is a nanny state tactic, wherein the government knows better than you what choices you should make for your own life. It is not the right balance between freedom and security.

        Ensuring that people who don't follow the rules can't drive, on the other hand, is actively protecting in

    • by Anonymous Coward on Friday July 10, 2015 @05:14PM (#50085547)

      Want to know how to spend money to save lives? Stop bashing the younger generations and give them some career path.

      What I feared most, a brain drain, is already happening. Americans [1] are bailing to Latin American countries because they can't find any jobs, and student loan debt guarantees a shitty credit record for life. So, it is either live like a mendicant, commit suicide, or move to a country that wants intelligent people that will better themselves.

      We have an entire segment of disaffected people. What happens when there finally is no hope? Look at Egypt and the Arab Spring. Occupy may be dead, but those people are still there. All and all, it would be a lot cheaper to fund something like the WPA and give meaningful labor than to pay for what it would take to handle a constant, protracted insurgency.

      As for security, demanding backdoors is retarded (yes, the "R" word.) After Snowden sold out the NSA, this drove a wedge between the US and close allies. Security companies that get harassed in the US can easily set up shop in other nations, with that country's intelligence department calling the shots [2].

      Further demands on backdoors in security are just masterful foot-shooting. If this keeps being pressured, I'm sure most companies have moved their security coding offshore, or even spawned separate companies that are not under the US flag. Then, the only thing that can be done is bar secure crypto from being imported or used, which can be easily done with a stroke of a pen.

      [1]: Technically residents of the United States of America, but Americans is a phrase used here.

      [2]: Want to do business in China? Some firm over there has to own 51% of any venture on their soil.

      • Wrong, wrong, wrong. Wholly owned foreign enterprises (WOFE) have been available in China since China joined the WTO way back when. These limited corporations are fully owned by the foreign investor. There is another structure called a Joint Venture (JV) that does require a 51% share by the Chinese side, but these are typically used in restricted industries like publishing or mining where WOFEs are not allowed. They are stupid and I don't know why any foreign company ever does them.

        Americans are fleei

    • If that were actually true that saving lives or keeping people safe were their true priority, they could be vastly more effective by spending their money on reducing the highway traffic fatality...

      The most effective way to do that is put more troopers on the road and better highway design/maintenance. But that requires higher taxes, and a good portion of America would rather risk death than pay more taxes. "Freedom to die".

    • it's entrenching their power structures.

      I'm sorry but every time I see this get modded up, I have remind everybody that it cannot happen without us. If you're going to continue voting for the same old shit over and over, please understand that your complaints really can't be taken seriously.

    • by sribe ( 304414 )

      If that were actually true that saving lives or keeping people safe were their true priority, they could be vastly more effective by spending their money on reducing the highway traffic fatality rate.

      Ahem, look particularly at column 4, fatalities per 100,000,000 vehicle miles traveled [wikipedia.org].

      • by ameline ( 771895 )
        I didn't say it wasn't getting better (mainly through better safety features and better design in cars), but that spending money on the security state is an incredibly inefficient way to make people safer and save lives. Doing almost anything *other* than just lighting the money on fire (you know -- sending a message :-) would likely be a more effective way to make people safer.
    • by xelah ( 176252 )
      Health care is generally a better bet than road safety, with many interventions saving money rather than costing it, but road safety is certainly near the top. Here's an impressively comprehensive list (but, sadly, rather old): http://www.ce.cmu.edu/~hsm/bca... [cmu.edu]
  • In the header for this, your last sentence: "This article takes readers from the first Crypto War of the early 1990s to the present-day political battle to keep everyone who uses the Internet safe." The present day battle is not about keeping people safe - it's breaking down people's ability to keep secrets. The cost for this level of protection is way too high.
  • I keep saying we should call it the Third Crypto Wars because NSA + GHCQ already won the Second. They did that in a secret war on all systems and cryptography with aid from post-9/11 legislation. The Snowden leaks attest to what they accomplished. Most crypto out there doesn't deliver on its claims because they backdoored, weakened, or bypassed (endpoints) it. Now, from a position of dominance, NSA and FBI are launching a Third War on Crypto which is a mixture of public (see article) and secret (try to see

    • Bullshit. One of the most interesting things to come out of the Snowden revelations was the discovery that the NSA doesn't have any secret ways into properly done crypto -- Schneier even noted as much in his interview with Snowden.

      You're right that most people's communications aren't encrypted -- that's an artifact of people trusting large corporations like Google and Apple with their data. But dm-crypt and loop-AES on Linux have been safe for a long time, and, though I wouldn't personally trust BitLocker

      • by AHuxley ( 892839 )
        Re "revelations was the discovery that the NSA doesn't have any secret ways into properly done crypto "
        The NSA and GCHQ have enough hold over emerging academics, crypto, open source and crypto history to shape any useful standards.
        Before Snowden the idea was that some one or something to do with academics, open source, political scandal, private sector legal leadership, private sector risk, the press or very smart people or antivirus protection teams would notice "something" about weak international cry
      • by Kishin ( 2859885 )

        "Bullshit. One of the most interesting things to come out of the Snowden revelations was the discovery that the NSA doesn't have any secret ways into properly done crypto -- Schneier even noted as much in his interview with Snowden."

        I think you missed the whole point: NSA has been secretly beating many crypto you cite for years with a myriad of bypasses. They piled up attacks on applications, OS's, firmwares, and so on. They have it to the point that it's automated with QUANTUM. Linux's fragmentation gave n

        • I think we're talking past each other. Internet vulnerabilities don't really matter that much to me in the analysis; there is no reason one can't do his crypto on a computer not connected to the Internet if he's concerned about Internet exploits. And the FBI/NSA resorting to 0-days is a rearguard action. They can only afford to do that to high-value targets, because using a 0-day and getting caught means you lose the 0-day.

          And of course mainstream security is low. If we're going to say that we "lost the

          • by Kishin ( 2859885 )

            You have points on the 0-days being on the lower end compared to pervasive backdoors. Far as worst compromise, it's actually NSA compromising insane numbers of hosts using automated QUANTUM hits and drones via WiFi attacks. Much worse than manual stuff FBI does. That they continue to subvert things with little challenge is in their favor, as well. Far as crypto, NSA promoted strong algorithms while hiding all the ways their implementation could be busted (eg side channels). AES was actually more prone to th

            • The stuff you're talking about is the stuff there is less public information about, so it's hard to know how effective it is. QUANTUM certainly sounds scary in principle, but we know very little about how effective it is. And, since it's using 0-days, they can't just use it against anyone they want without potentially burning the 0-day. The exploit can be automated, but the decision to deploy it can't be. Untargeted "dragnet surveillance" -- the most politically problematic part of Snowden's revelations

  • Back door man (Score:5, Insightful)

    by PopeRatzo ( 965947 ) on Friday July 10, 2015 @05:29PM (#50085617) Journal

    If the recent Hacker Team story has taught us, there is no such thing as a "secure back door". Just when you think you're cleverly safe creeping in a back door, there's someone else peering up your back door.

    • Re:Back door man (Score:4, Insightful)

      by srmalloy ( 263556 ) on Friday July 10, 2015 @09:08PM (#50086625) Homepage

      And the OPM breach has shown us even more clearly the consequences of failing to use the strongest encryption, security tools, and IA policies available. Using encryption technology that's designed to be bypassed at need, with that 'need' determined by anyone other than the owner of the data, is the electronic equivalent of hiding a spare key under the welcome mat and believing that your home is still secure when it's locked up.

  • The EFF and other privacy groups immediately requested that the FCC stay its order. The FCC declined to do so.

    Wait a second, the EFF was just telling me the Internet is a Telecommunications Service, not an Information Service, in order to get the Title II regulations they were cheerleading for.

    When the FCC contorts CALEA, something only supposed to apply to telecommunications, against cryptography on the Internet, it's the end of days, the Internet is dead, ...

    When the FCC contorts Title II, something only

    • Wait a second, the EFF was just telling me the Internet is a Telecommunications Service, not an Information Service, in order to get the Title II regulations they were cheerleading for.

      Either the Internet is an Information Service (meaning Title II and CALEA don't apply), or it isn't (so it's a telecommunication service, and CALEA does apply), but you can't have it both ways.

      Providing access to the Internet is a telecommunications service. (Your ISP is acting as a telecommunications service)

      Offering content is an information service. (Wikipedia is an information service)

      It is also possible for a single company to act as both a telecommunications service and an information service. (Google provides Internet Access and offers Content)

      While all a part of the "Internet" here in the US each aspect is regulated differently. CAELA explicitly does not apply to information services su

      • That's a creative argument, but the problem is, the law doesn't make that distinction.

        In both cases, you're peering with another person and exchanging packets with them.

        Wikipedia exchanging packets with an ISP isn't any different than me exchanging packets with my ISP.

        Indeed, such an assertion would fly in the face of Net Neutrality that says all packets are equal. Wikipedia exchanging packets with me, isn't any different than Wikipedia exchanging packets with Cogent, isn't any different than Cogent exchang

  • The article is quite good, and later on it points out that any back door leads to all of the bad guys having just as much or more access to communications as the government or law enforcement have. Comey, FBI, etc. are wishing for visibility into communications, but are not technical enough to realize that they are actually asking for there to be no encryption at all, since the presence of the backdoor renders the communication useless for sensitive information. Another topic that isn't addressed is protec
    • by HiThere ( 15173 )

      You (and possibly the article) are making an improper distinction. Anyone who breaks into my computer or my putatively secure communications is a bad guy, whether they work for some government or other or not. And it doesn't matter which government. And, no, even if they had a warrant that wouldn't mean they weren't a bad guy, it would just mean they might not be operating illegally.

      • No, I'm not saying that anyone who breaks into your computer is a bad guy. What I am saying is that if the FBI gets a back door to do good things, then they also greatly increase the chance of crimes being committed by criminals who use the same back door the FBI uses. I am also saying that is that without back doors, a rogue FBI agent violating his authority can do damage to people and the nation, but that a rogue FBI agent violating his authority and with back doors can do extremely large amounts of dama
      • Further proof that back doors will be hacked has already happened! http://it.slashdot.org/story/1... [slashdot.org]
  • by Anonymous Coward

    I've seen arguments to the erect of "we would give a backdoor to the NSA, except, others could exploit it". NOOOOO! The NSA are demonstrated liers, perjurers, torturers, and murderers. They cannot be trusted. The US government, and pretty much any government, cannot be given this power. They will abuse it. The only good government is a government constrained from doing evil. The US government needs more constraint, not less.

  • The right wing rules the ignorant with fearful suggestions. The leadership of the right situates themselves in plush conditions and justifies their existence by claiming ever more need for security. The catch is that there is no absolute security. No matter how much spying that is done we will always be prone to either individuals or groups committing violence or mayhem. And it is obvious that terrorists are acutely aware of just how chronic terror attacks can be. Even if we get rid of all organize

It's been a business doing pleasure with you.

Working...