US Government Will Not Force Companies To Decode Encrypted Data... For Now (washingtonpost.com) 110
Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate.
The EFF has also compiled a report showing where the major tech companies stand on encryption.
For now... bite me (Score:3)
Let's be very clear, the moment they require the ability to get into my device is the moment I encrypt everything and everything with user space tools you don't have access to.
Re:For now... bite me (Score:5, Insightful)
When they outlaw encryption, only outlaws will have encryption.
Enjoy the indefinite detention as you're held as a terrorist for failing to decrypt. A little "parallel construction"/perjury to trump up some charges if you don't play along.
See, non-compliant citizens will be presumed guilty and treated as a security risk. Just to be safe you understand.
So, I applaud the sentiment, and agree with you. But it's worth pointing out that the kinds of governments who want this shit will simply find ways to compel you, or otherwise ruin your damned life. They won't play nicely, and they won't do it publicly.
I'm not sure most Americans realize the extent to which their rights and freedoms no longer exist in the same way they believe they do.
Vote is near (Score:1)
Fortunately, the next elections aren't very far and we have a chance to elect somebody, who, for once, gets the modern-day issues and uses mobile devices and e-mail himself [arstechnica.com] — not some dinosaur, who can't even type [newsbusters.org].
Re: (Score:1)
Re: (Score:1)
Notice how it does not say anything like:
Re: (Score:1)
Re: (Score:1)
Doesn't matter, the majority of people won't do that. Let's be clear: the gov't isn't trying to prevent any serious criminals who would use hard crypto; they're just trying to maintain convenient access to everyone's devices. If everyone used hard crypto tomorrow, the 5th wouldn't apply to passwords much longer.
Re: (Score:3, Insightful)
Also, the actual motivation is at significant variance with the ostensible motivation. Ubiquitous backdoors aren't necessary for law enforcement or protection from foreign threats. But they do give specific people superior business intelligence, allowing them to further their own fortunes in ways that nobody else can.
Normal people think this is a cynical attitude. That is because normal people are stupid.
Re: (Score:1)
Lets be very clear -- they don't care.
It'll get them nearly everything they want.
The comparatively few privacy nuts like you ... well... they'll get you "the other way", if they really care to know what's on your device.
Widespread use of user space tools will never gain traction because its always going to be substantially more work to setup. And anything done by the manufacturers and vendors to make it presetup and always on (and therefore easy) will be subject to the legislation.
Re: (Score:3, Insightful)
Exactly. I love how they make it sound like they are OK'ing us to encrypt. Fuck you... thats like them OK'ing me to paint my living room a certain color. I'll encrypt (or paint) however the fuck I want to in my business or my personal dealings. If I have even the remotest reason to suspect I'm using backdoored software, I'll change the shit. They can't "allow" something they constitutionally don't have access to.. and they try to amend the laws they need to be fucking tried for treason.
Re: (Score:1)
What the gov't is going for now is killing automatic end-to-end encryption. Like Apple's iMessage, where [supposedly] the message in encrypted at each end so that only the destination devices can decrypt it, and not Apple. They want Apple to redesign the setup so that instead, when the iMessage arrives at Apple's server, it is/can be decrypted by Apple, and then re-encrypted [optional!] before being sent on to the destination device. This way, the gov't can force Apple to give up the messages [presumably
There is no 'solution' (Score:5, Insightful)
Encryption is either secure, or it's not. And no-one wants to use insecure encryption.
Correct. Including the US government. (Score:1, Troll)
And two [defenseone.com] former [vice.com] DIRNSAs agree.
So does ADM Rogers -- except that every interpretation of various US officials' arguments on encryption wildly conflate multiple issues (such as domestic law enforcement, which can and does sometimes have a foreign intelligence connection, and foreign signals intelligence purposes), or utterly misunderstand the purpose, function, and targets of foreign intelligence.
Yes, I know you (not OP, the "royal you") think you know it all, because you have taken things you think of as "pro
Re:Correct. Including the US government. (Score:5, Insightful)
And there you have it ladies and gentlemen ... you have nothing to fear if you have nothing to hide.
If you believe you defend these things by undermining what they actually mean, then I'm afraid you don't deserve to have these things defended since you've already given up on them.
If Americans are saying "well, gee, it's OK if the government has the ability to trample my rights, but it's OK because terrorists", then it's time to stop fucking pretending you have these things left to defend ... and the US should get on with failing utterly so the rest of the world can stop pretending you're not full of shit.
Because increasingly Americans seem to think them being the enemy of the freedoms of everybody on the planet is OK.
Here's a hint, it isn't.
Everything you said screams "we as Americans have already give up, but as long as we have the illusion of security we don't give a fuck about the underlying principles".
So, please, if you're going to abandon those principles, don't talk about defending them. Because it's either delusional or dishonest. Everything about this undermines those principles American claim to cling to.
Wow. Talk about misreading, and missing the point. (Score:1, Troll)
And there you have it ladies and gentlemen ... you have nothing to fear if you have nothing to hide.
No. That's not what I said, at all.
What I said was -- all arguments about crypto aside -- was precisely what I said:
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.
That is in no way, shape, or form akin
Re: (Score:2)
The last I heard there was a pen register standing order in effect for ALL cell phone metadata for all the major US carriers. It was only recently renewed in September. Unless there was an active exception for "Dave Schroeder, NSA apologist" I would s
Re: (Score:1)
Yeah, and guess what?
Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.
Until that happens, "We're pretty aggressive within the law. As a prof
Re: (Score:3)
Re: (Score:1)
Actually, with triangulation, you probably did. Albeit not willfully or knowingly for most people.
Do not misconstrue this as my accepting or advocating these policies of data collection. I do not like them, not one bit. I'm simply responding to point out that you probably did, in fact, provide that information even if you didn't want to. GPS data may even be appended - I don't know. If it is then they should make that clear as I am sure there are situations where you're not actually able to be triangulated
Re:Wow. Talk about misreading, and missing the poi (Score:4, Informative)
Yeah, and guess what?
Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.
Until that happens, "We're pretty aggressive within the law. As a professional, Iâ(TM)m troubled if I'm not using the full authority allowed by law." -- General Michael Hayden
And when the full authority of the law is insufficient to do whatever they want, they will search until they find a creative lawyer to offer a legal opinion to redefine what the law really means and justify whatever they want to do. http://www.newyorker.com/magaz... [newyorker.com]
You might also want to update your sources, Mr. apologist. The 2nd U.S. Circuit Court of Appeals ruled the law overseeing data collection could not be interpreted to have permitted the NSA to collect a "staggering" amount of phone records, contrary to claims by the Bush and Obama administrations. Lucky for them, Congress amended the law, moving the goalposts in mid game.
https://www.aclu.org/legal-doc... [aclu.org]
Hopefully, you will find this as easy to comprehend as the Smith v Maryland case. And before you start wiping the brown off your nose and begin frothing at the mouth with another justification, I know it hasn't made it to the Supreme Court yet. Hopefully, you noticed Governor Jerry Brown signed the California Electronic Communications Privacy Act law yesterday. That should give you a clue that you are on the wrong side of this issue.
Re: (Score:2)
Thing is, I don't trust the intelligence agencies. We know that some LOVEINT was going on at the NSA, but not how much (I'm not naive enough to think that the problem was accurately reported). We know that the FBI has infiltrated perfectly innocent organization, so the three-letter entities aren't limiting themselves to the probable guilty.
Also, if there's a backdoor the government can use, there's a backdoor that someone else can discover and use against me.
As far as WWII codebreakers go, I seem to
Re: (Score:3)
This may have been true at one time. Since the USA PATRIOT Act, with its relaxation on sharing of information between intelligence and law enforcement agencies, it is no longer true if it ever was. We have intelligence information used for drug busts, a
Re: (Score:2)
So, practically speaking, what does that mean? If we're all in agreement that the intelligence commun
Re:Correct. Including the US government. (Score:5, Insightful)
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data. Sounds crazy and bizarre for foreign intelligence agencies to care about things like foreign intelligence, I know, but it's true.
You would think. And, if the government lived up to our ideals for it, that would be true. Why would a government want to spy on their own citizens?
But in the real world, history shows us that sometimes governments decide that they do want to spy on their own citizens. They decide that some citizens are "dissenters" and need to be spied on [aclu.org]. They decide that court orders [thenation.com] and civil rights [thenation.com] don't apply to them. They make "enemy lists [pbs.org]" and try to dig out dirt to discredit the enemies. They wiretap reformers and try to blackmail [dailymail.co.uk] them.
Re: (Score:3)
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.
Really? I'm a bit surprised that NSA employees are allowed to enter into relationships and/or marriages with active members of foreign terrorist organizations or agents of a foreign power [wikipedia.org]. [The article says that one incident has occurred per year -- a more accurate statement would probably be that one incident has _been detected_ each year.] And with what foreign terrorist organization or foreign power was Albert Einstein [wikipedia.org] associated?
Re: (Score:2)
Then why are the hoovering up all the metadata if it does not interest them?
Re: (Score:3)
I have no doubt that the majority of the uses of the data are perfectly legitimate, but it seems to me that "taken seriously" is a bit of an overstatement here. Unless something has changed fairly recently, I think we have good reason [theguardian.com]
Re:Correct. Including the US government. (Score:5, Insightful)
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.
Then why are they collecting it? Why is the fact that they are collecting it so secretive? Why then, do they share this data with other TLAs? Are we just supposed to forget that NSA officials used the data they collected to spy on their love interests?
I've built a lot of databases in my day and I never put data in a database that I did not intend to use. You see, there would be no point in doing that.
If, as you say, the Intelligence Community DOES NOT WANT our data why are they working so hard to obtain it.? Why should American taxpayers pay to be spied on? The government is supposed to work for us, on our behalf, based on our shared goals. It must also act with strict adherence to the principles set forth in the US Constitution, and stop making up highly questionable "interpretations" of law to try to justify highly illegal actions.
Re: (Score:3)
Strange because our laws on encryption would mean fuck all to anyone except an American citizen.
Re: (Score:3, Insightful)
Re: (Score:1)
I guess I am kind of okay with them making new laws - there's at least some semblance of checks and balances in that. It's when they willfully violate the laws that really irks me.
Not really (Score:3)
Encryption is either secure, or it's not. And no-one wants to use insecure encryption.
Not really. Encryption becomes more secure or more reliably secure as you do more correct things to it--extend key length, salt hashes where used, audit code, improve algorithms, etc... and less secure as other changes are made: faster machines, better algorithms, backdoors, quantum computing, etc...
Nobody wants and few educated people trust the government to read their mail or *preserve the security* of a backdoor, so it gets more resistance in tech circles.
Painting it as black and white is a useful commu
"For now"? (Score:2)
Isn't every single possible state of affairs currently in existence, by definition, "for now"?
Why the unnecessary qualifier?
Re: (Score:3)
Because this isn't over as an immediate issue - it's not something we can forget about until an event forces it back into the arena of debate. The consideration of appropriate policy is still an issue, only one approach has been ruled out - the same ends may yet be sought by other means.
Re: (Score:3)
Isn't every single possible state of affairs currently in existence, by definition, "for now"?
Why the unnecessary qualifier?
My first guess is accidental honesty. And I don't believe them anyway.
Obviously, if the ISP holds the encryption keys and the user has no control, then the ISP can access everything _and_ decrypt the data for the Government. "We won't decrypt" could simply mean that they may just hand over the key and containers separately. This meets the verbiage they just gave us, but does not mean your data is secure. It only changes who and where your data gets decrypted.
So Facebook, Apple, Google, Amazon, Microsoft
Re:"For now"? (Score:5, Insightful)
Because the threat of the government coming in and demanding everyone install a government approved backdoor [consumerist.com] on their encrypted data is real.
That threat is the difference between "You're alive!" and "You're alive, for now!"
Re: (Score:3)
Alive. Free. Protected by the Constitution. Not living under a fascist government.
"For now".
Enjoy those freedom fries, suckers.
Re: (Score:2)
Re: (Score:3)
To go a little further into what the OP is saying, the "for now" seems to be a criticism that there is not a law outlawing the requirement. This is a false premise. A law is not permanent. It is only in effect until another government comes along and changes it. Even a constitutional amendment can be changed (see prohibition). In effect everything a government does is "for now". The only difference is how easy it is to make a change. With no law it is very easy. With a law it is a bit harder. With a constit
Re: (Score:2)
It leads into the next poll: "After reading the headline did you mentally tack on, 'Dun dun duuuunnnnnn!!!!'"
Re: (Score:1)
I see you're trying to make a funny. Would you like some help with that?
In other words ... (Score:4, Insightful)
We accept for now there is public pushback against our planned fascism, for now we will back off on this, but in the future we reserve the right to proceed further with the fascism.
I'm sorry, but if the US government is essentially just saying "fascism is only temporarily on hold", the US is already fucked.
You have nothing to fear if you have nothing to hide; give us your papers please, comrade.
So, full speed ahead! (Score:3)
Based on the track record of this administration, this means they are pushing full speed ahead on weak and backdoored encryption, but want the spotlight taken off of it. This will probably be a "SURPRISE" executive order.
Re: (Score:2)
They just have to wait for some event that triggers an increase in the fear index.
Step 1) Scare the bejeezus out of the citizenry.
Step 2) Legislate
Step 3) Repeat step 1 as needed.
President Obama, your lack of respect for individual rights and freedoms has been my greatest disappointment during your administration.
Re: (Score:2)
An executive order has precisely no authority over private individuals and corporations. There is no way a President can force Apple (for example) to make back doors without an act of Congress.
For the moment... (Score:3, Insightful)
The pattern for Obama-- and many other politicians-- is this:
1. Voice opposition to X.
2. Announce s/he will engage in discussion with Y, which is a group that is clearly in favor of X.
3. Come back months to years later, claiming s/he doesn't see any reason why X can't be implemented.
4. If Congress doesn't implement it, reminds us s/he has a phone and a pen, and mostly implements it through executive regulation and taxation.
5. Bonus step for Obama: if you oppose X, you're now racist/prejudiced even though you agreed with Obama at step 1.
Re: (Score:3)
This is certainly the way politics work, although I have to admit even I was astounded on the backpedaling Obama has done in comparison to what his campaign rhetoric was.
Mind you, I knew it was all slick marketing to begin with, but even I thought he'd try to pretend to put up more of a fight.
If you want someone who pretends really hard to look like they will follow through on their promises, the Republicans seem the better bet. Too bad what they are pretending to care about is retarded half the time.
But t
Sure I'll decode them, one sec (Score:2)
I had all the hash keys printed out in this paper file.
Hmm.
Dang, guess it's missing.
Re: (Score:2)
Strewth, Bruce! (Score:2)
I guess this works in the same way as the University of Woolamaloo's Rule 2?
Adobe ... (Score:3)
"Adobe has not built ‘backdoors’ for any government—foreign or domestic—into our products or services. "
Wrong. Adobe has built *lots* of backdoors - for government and others. Just not on purpose.
The EFF has also compiled a report (Score:2)
Solution to what? (Score:2)
Re: (Score:2)
What exactly is the problem[sic] they're trying to solve?
Freedom.
Re: (Score:2)
Right now, all the information on my iPhone is encrypted in a way Apple can't read. If I am a suspect in a crime, and the police come up with probable cause, they can search my stuff looking for clues. They can seize my iPhone, but they have no way of getting any clues off it. (US jurisprudence seems to be adopting the idea that the court can demand a key only if the court knows there's something specific on it.)
What the FBI etc. wants is a way to get information off my iPhone with a warrant and witho
Re: (Score:2)
Infect the cell network over any nation of interest. Use equipment interference to get into an interesting users cell phone to log all data in/out/entered/images/voice print/gps.
Both options work well if other nations are happy to let 5 eye nations access their own domestic networks and domestic staff help hide all traces..
The main issue is the quality staff of understanding the totality of their nations cell networks at a domestic level and talking to outside very smart
I'd use a Chinese... (Score:2)
Was any other decision even possible? (Score:2)
Suppose they had decided the other way. Just what company would have been required to crack GnuPG? The Coca Cola company? Chevrolet? The New York Times? Point guns at whatever innocent peoples' faces that you want to, and you're still not going to magically give them the ability to bruteforce AES.
Now suppose they approach someone (again, with gun in hand: "obey me or else I w
Re: (Score:2)
Remaining un-fined and/or un-imprisoned is a pretty good incentive. If you're a tech company and you continue to use the now-illegal encryption without the back-door in your products, you will be fined, daily, until you comply and/or your CEO will be thrown in jail.
looking for snakes (Score:2)
Reading the linked list of "company policies", I found a few snakes in the grass. Before anyone jumps and yells "You can't draw conclusions just because they're being vauge!"... YES I can, yes I will, and yes I should. These are major company policy announcements and an opportunity to add significant value to a company's products. If they're being vague here, they're hiding something or they are profoundly stupid. BOTH are good reasons not to do business with them.
Adobe
Adobe has not built 'backdoors' f
Re: (Score:2)