Going Dark Crypto Debate Going Nowhere (threatpost.com) 111
msm1267 writes: FBI general counsel James Baker reiterated a theme his boss James Comey started months ago, that Silicon Valley needs to find a solution to the "Going Dark" encryption problem. Two crypto and security experts, however, pointed out during a security event in Boston that encryption remains the best defense against the government's surveillance overreach and espionage hacking targeting intellectual property. “If we were able to engineer a mechanism where we’re splitting a key and having a third party escrow it where the government could ask for it, the very next thing that would happen is that China et al will ask for the same solution. And we’re unlikely to give them the same solution,” Eric Wenger, director of cybersecurity and privacy, said. “Complexity kills, and the more complex you make a system, the more difficult it is to secure it. I don’t see how developing a key-bases solution secures things the way you want it to without creating a great deal of complexity and having other governments demand the same thing.”
Fuck the government! (Score:3, Insightful)
Do what is best.
Re:Fuck the government! (Score:5, Insightful)
Going dark is the solution, not the problem.
Re: (Score:1)
Re: (Score:3)
Show us some evidence, GCHQ. Otherwise fuck off with your propaganda, we are not buying it.
Re: (Score:1)
What do you think?
Paris attacks: At least 153 killed in gunfire and blasts, French officials say [cnn.com]
Re: (Score:2)
That's evidence that the spying doesn't work and isn't justified.
Re: (Score:2)
Re: (Score:2)
Because you know, when APK says he "wins" an argument, we all know he won the argument. Unfortunately, when APK "wins" an argument, it is because people stop responding to him, because they have already made their point, and the only point left to make is that APK missed the point entirely, just like the 3-4 responses this statement will have in response.
Re: (Score:2)
So you have nothing different to say about:
http://slashdot.org/comments.p... [slashdot.org]
Just linking to numerous Virus scanners not marking your software as malicious despite that most virus scanners don't identify malware?
You are still marked as malware all over the Internet APK, and since you aren't willing to share your source code (even though a high schooler could likely write the code), it will remain marked as malware.
Re: (Score:2)
So, pointing out facts is in your mind raving, is that why you come across as a raving lunatic?
Re: (Score:2)
I see, so you have nothing to say about what I said. In other words, you got bitch slapped, and are now ignoring the argument. Good to see you lose arguments so gracefully.
What makes you think I am a Filipino or a woman? You are nuttier than squirrel poop.
Re: (Score:2)
I see, so you are afraid to respond. You have been bitch slapped APK, throw in the towel, it is all over.
"Check box on this sheet that you got a warrant." (Score:1)
“If we were able to engineer a mechanism where we’re splitting a key and having a third party escrow it where the government could ask for it, the very next thing that would happen is that China et al will ask for the same solution. And we’re unlikely to give them the same solution,”
You're likely to give them the same, or a similar solution.
And the first thing they will use it for is to crack open all messaging to spy on political threats to them. This stuff is regularly abused in the US, with no technological barriers to a political operative misusing the system currently (i.e. without a warrant.) But at least they'd have to hide it or get in severe trouble. In China, Russia, many other countries, there is no fear because it's official policy.
Re: (Score:2)
Why do they have to hide it in the US? There is nobody actually watching the system to make sure it is not abused. How much did Snowden download and nobody caught on. Hell, did they even 'catch' any of the people doing loveint or were they all self-reported?
They aren't even remotely interested in catching people abusing the system.
I think it's worse than you describe (Score:3, Interesting)
I think this is actually backwards compared to how it may actually play out. This month's *Harper's Magazine* has an interesting essay about American businesses operating in China. (*Harper's* is paywalled, but you get a few free views per month.) The essay can be found here:
"The New China Syndrome: American business meets its new master" [harpers.org]
The gist of the essay is that China's authoritarian government strong-arms
I'll add to that (Score:2)
Re: (Score:2)
But then China will have the same conundrum: If they ask for it, and are granted it, now the NSA will have the potential mechanism to spy on THEM.
Re: (Score:2)
Actually knowing how incompetent american companies are. Not only will they give the China govt the same thing it will have the SAME FUCKING KEYS.
Re: (Score:2)
" This stuff is regularly abused in the US, with no technological barriers to a political operative misusing the system currently (i.e. without a warrant.)"
Reference or are you just talking out of your ass?
Re: (Score:2)
While i disagree with GP on some of his points and tone, his overall question and point is valid.
"There is no solution."
And the US government really cannot be trusted any longer. Neither can any other government as they have all grown to the point that none really seem to be always acting in the best interests of citizens/subjects.
Not quite... (Score:5, Insightful)
...the very next thing that would happen is that China et al will ask for the same solution...
No, that would be second. The first thing would be US agencies demanding keys without warrants and with gag orders.
Re: (Score:2)
What do we want? (Score:5, Insightful)
Yes, Mr. Baker, it is about the relationship between the people and the government. What we wanted you to do was to treat the Fourth Amendment as a law, not as an obstacle to be circumvented. You have demonstrated yourselves incapable of obeying the laws you profess to uphold. So, what we want now is for you to go away. If that means a terrorist kills a few of us every now and then, so be it. Right now the terrorists are killing a lot fewer civilians than our policemen, so frankly, if I've gotta take the risk, I'd rather take my chances with the bad guys than the good guys.
Until then, remember this is professional, not personal. You Feebs actually pretty good at police work when you get off your asses and go do it. Maybe if we make it hard enough for you to spy on us illegally, you'll be forced to resort to good old-fashioned HUMINT-style police work for the rest of your cases. Try serving and protecting the public for a change. You might even start to enjoy it. And we might, after a few decades, start to trust you again.
Re: (Score:2)
And yet, the vast majority claiming to be on the side of the innocent being gunned down are also the ones trying to take away the only effective means of resistance (anonymity, encryption and arms).
LOL, keep hope alive! (Score:1)
The simple fact is, government, in all its forms, requires access to everything in your life. Accept it, you are a plebe with your ass hanging out. Yay, modernization? Get real people, understand your place in the universe.
This is a message to those in control: You have won this battle but you will will never break us. The true "us". Those that fight your tyranny and everyone that can't understand. Your days are numbered.
end-to-end encrypt it all (Score:5, Informative)
There's no reason for normal email, IMs, video chats, web surfing, etc to be available at all to anybody who isn't among the intended recipients.
These protocols are in the clear for historical reasons: people didn't imagine that the government would be a bad actor. Since they now are, it's time to add strong encryption to all of those things.
The whole internet needs to "go dark" from the perspective of the Stasi fucks.
Re: (Score:1)
There's no reason for normal email, IMs, video chats, web surfing, etc to be available at all to anybody who isn't among the intended recipients.
Yes there is. To catch criminals and to solve crimes.
Re: (Score:1)
Ah. So you obviously gave the police a spare key to your house, just in case they get a warrant and need to enter more easily?
Re: (Score:2)
They don't need a key, they can break the door down.
Re: (Score:2)
If you truly believe that then surely any and *all* conversations should be recorded or minuted and submitted to the government for examination.
Having a chat with a buddy over a beer on a Saturday afternoon -- better write down exactly what was said and (e)mail it off -- or you're a damned commie spy and terrorist!
Sorry, but regardless the cost, the right to privacy ought to be an inalienable one that can not be usurped by a small bunch of paranoid politicians and bureaucrats who have proven themselves (tim
A quick reminder, Mr. Comey - (Score:3)
All structures are, in the end, flammable. Literally or figuratively.
Even panopticons.
Alternate Headline Idea (Score:3, Informative)
Wants Privileged Data Access
intrusive government spying (Score:5, Insightful)
This debate isn't about "terrorists"; any sophisticated organization with something substantial to hide isn't going to rely on Apple's or Google's encryption, they are going to be using their own, something that is easy enough to do.
The entire debate is about day-to-day police work: police want to be able to search your phone and your E-mail with the same ease with which they can open your car's trunk. The problem with that isn't that they may or may not use it against minor offenders, the problem is that if you put that capability in the hands of a million law enforcement officers and government investigators, they will invariably abuse it for personal and political gain, blackmail, and amusement.
Re: (Score:1)
No. The real issue is do we want the police to search email in order to solve crimes or do we want the police to search email in order to find crimes. The whole issue of warrants is that they are used in order to solve and not find crimes.
The terrorism issue is relevant in that the only effective way to stop terrorists is to search email of vast numbers of persons before any crime has been committed.
Re: (Score:2)
"the only effective way to stop terrorists is to search email of vast numbers of persons before any crime has been committed."
False.
Re: (Score:3)
"No" what?
Correct. And that is by design.
That's bullshit. And even if it were true, it still wouldn't be a justification for destroying the foundations of a free society.
Re:intrusive government spying (Score:4, Insightful)
What terrorists? There have been well-publicised cases where people have breached airport perimeters. If there were any serious terrorists, they would have planted a bomb on a plane, or, an even better target, the queue for the security check.
We should put the threat into context. How many people die every year in traffic accidents? How many people die because of lack of access to affordable healthcare? More lives could be saved through access to healthcare, support for the homeless, etc. than through the vast spending on "security".
No, the spending on security is really just spending on keeping the security apparatus in place. It's the self-sustaining and self-justifying military-industrial-intelligence complex.
Re: (Score:3)
Other than attacks from foreign powers or things that otherwise come to light, the government's job is not to stop crimes before they happen. Doing so means, arbitrarily, lost freedoms. The government's job is the prosecution of criminal acts - not prevention of them. This doesn't mean that they can't prevent crimes before they happen. It means that they can't restrict our liberties in order to do so.
You are the problem.
Re: (Score:2)
Re: (Score:2)
Yes, yes I did mean intrinsically. I blame maybe being a little high, tired, and stupid. :D
Re: (Score:3)
I think the only way email surveillance is going to help against "terrorists" is that it makes it easier to find idiots that the FBI can then turn into fake terrorists. No actual terrorists will or was ever be caught this way. They do know that the NSA/GCHQ/Stasi/GeStaPo can read email, you know.
Nothing new here (Score:2, Informative)
Bullshit. If anything, the US state department will demand they implement the same flawed solution, or worse, a less secure implementation.
Leaving aside the honesty of this statement, a court order doesn't open safes, or reveal where the suspect's off-site storage is either. The real problem is encryption offers near-perfect secrecy for a low, low price, so everyone has it. Plus, the bad behaviour of most governments over the last decade motivates everyone to use it. An information device offers a detai
When a petulant child stomps their foot (Score:1)
This is an ancient problem, or ancient feature (Score:1)
Terrorists etc. who wanted to have been able to use one-time pads or personal couriers who memorized their messages since well before modern cryptography.
Sure, it was a bit more cumbersome and not always practical, and when implemented naively, it was vulnerable to rubber-hose cryptanalysis [xkcd.com] but then again, so is an encrypted smart-phone when you have access to someone who knows the password.
So, tell me again, if bad guys will continue to have these options, why is it a good idea to weaken all other forms o
Re: (Score:2)
Aehm, SHA1 is not a cipher, hence no key?
Other than that, I fully agree.
Re: (Score:2)
No, it cannot. It can be used to create some half-assed (and today likely insecure) stream cipher, but that is it. It is not a cipher by itself. Look up what a cipher, an one-time-pad, a stream cipher and counter-mode is before posting something that is wrong in every regard.
Governments brought this on themselves (Score:5, Insightful)
The FBI and NSA are right that good default crypto will make it harder to catch criminals and the extremely rare terrorists. It will also make it harder to catch people doing quite a number of other bad things.
However, they also brought this on themselves. Overall this is like the response to ads online. Ads got so extremely bad that people just installed adblockers that block everything. Now many sites are finding it hard to even survive due to ads being blocked. If you unblock the ads on the site though you find out the ads are extreme with sound, video, taking over clicks, and with dozens of ads on a page and so you go back to blocking.
If the Ad industry had stayed to banner ads and maybe one or two small ads on the sidebars of a page and with no music or video then it is likely that people would not have gone to the effort to block them. They created this mess all on their own.
If the NSA had not started watching everyone in a fairly blatant violation of the law and the courts made it so you can't even try to stop them since they rule you have not standing since you can't prove you where watched then this reaction would not be happening. What the NSA did damaged Apple, Microsoft, Google, Facebook and many others along with pissing off average people a lot. When the average person thought the NSA was just going after evil people outside the country they where okay with it. Finding out they go after citizens in the country also is unacceptable.
I have no idea how to deal with the actual legitimate concerns of the NSA and FBI and also deal with their abuse. We all know that they will keep abusing their powers if they can. If you compromise encryption in any way then others will find the backdoors also and use them.
This is not a good situation and in the end I don't know how it will play out. It should be possible for the NSA and FBI to get access to data upon probably cause and with a court order I just don't see any realistic way to do that anymore given what they have done.
Re: (Score:2)
No I am saying that it should be possible for them to get a warrant and perform a search upon probable cause and a warrant but that it is incompatible with end-to-end encryption and end-to-end encryption is more important.
I wish there was a way to do both but I just don't see a way to do it.
Re: (Score:2)
No, don't buy into this argument. With probable cause and a warrant it is and has always been possible to bug an apartment or a machine, provided that the crime is serious enough. Moreover, the endpoints are technically insecure and this won't change any time soon, not with the contemporary lax security practises and expenses at companies like Microsoft and Apple, so it is also possible to do this in software (e.g. a trojan) if absolutely necessary.
It's perfectly feasible to have targeted surveillance with
Re: (Score:2)
I'm not sure what you mean by the end points being insecure. An iPhone is pretty damned secure and hard to bug.
Re:Governments brought this on themselves (Score:4, Insightful)
I have no idea how to deal with the actual legitimate concerns of the NSA and FBI and also deal with their abuse. We all know that they will keep abusing their powers if they can. If you compromise encryption in any way then others will find the backdoors also and use them.
Just what ARE their legitimate concerns? How many homacidal rapists, armed robbers, etc are out there RIGHT NOW that could have been caught if only their phones could have been cracked, but since they weren't, they had to let them go?
I see this first and foremost being used against the political enemies of whoever runs the FBI these days, whether its journalists, domestic antigovernment activists, NGOs, etc. And then after that as a way to score cheap points efficiently going after low-level crooks whose prosection would otherise require the FBI to work instead of charging a bunch of people with crimes like lying to the FBI and conspiring to lie to the FBI.
I just don't buy any "because terrorists" arguments. If a cell of terrorists wanted to plan a Mumbai/Nairobi style attack on a mall or something, it'd be easy, but it never happens and I doubt it has to do with cracking smartphones.
The NSA is supposed to by gathering intelligence outside our borders, and no amount of mandatory key escrow within the US will force overseas users to not use encryption. Banning the practice here doesn't magically make the technology disappear.
And I can only guess that the NSA has a whole array of clandestine, cloak and dagger operations to supplement their data acquisition.
Dear Mr. Baker (Score:5, Interesting)
Dear Mr. Baker,
I have an interest in this discussion as an engineer on a product that uses encryption. Here's a small sample of my companies customer list:
- Federal Bureau of Investigation
- US Department of Defense
- US Department of State
- US Department of Homeland Security
- US Air Force
- US Army
- Naval Air Warfare Center Weapons Division
- Northrop Grumman
- Lockheed Martin
- Raytheon
I am sure these organizations would love to hear why you need access to their data. I am sure the governments of China and Russia would never dream of hacking into your key repository, honest.
Disclaimer: opinions expressed here are mine and do not represent my employer.
Crypto could mean end of goverment (Score:2)
When we can trust the Gov't... (Score:3)
...to not abuse the powers we granted it in good faith for the common defense and the public good we can have this discussion about how to deal with legally granted search warrants in pursuit of a legitimate and well targeted crime. Until then I feel for these people in criminal justice trying to do what I am sure is a hard job, but its a non starter. This situation is a direct result of abuse and corruption. You broke it, you bought it.
Hidden secrets (Score:3)
“This is about rule of law and the fundamental rights we have from the Constitution, creating laws that enable government to obtain the results of surveillance in ways that are consistent with constitutional rights,” Baker said. “Today, that’s not happening. We are not able to use what’s available today with a 4th Amendment warrant. We do what the law requires, show up with a court order, and can’t get the fruits of surveillance because of encryption.”
Without encryption, what happens when they show up with their warrant and I say "Sorry, I don't have any secrets here, they are hidden in a land far far away and you'll never find them".
How is that any different than if I say "Sorry, my secrets are encrypted, and you'll never decrypt them".
Besides, if commercially available encrypted products are required to have a back door, the smart criminals are just going to use real (i.e. "illegal") encryption to store up their secrets.
And, incidentally, this does not work anyways (Score:2)
Just use layered encryption. If they come after you, you know they have been snooping on you. Then just reveal harmless data. If the do not come after you, they get nothing. So, as so often, outlawing secure crypto or mandating backdoors only means that only the criminals will have secure crypto. In a sane state of affairs, everybody will have it. And the clinically paranoid "servants of the people" will just have to get over themselves and realize people are not so willing anymore to accommodate them after
Wait, what? (Score:2)
"Going Dark" encryption problem.
This isn't a problem.
--
BMO
Re: (Score:2)
it's much simpler than that. theres guys who have a job of reading the crap nsa intercepts. these guys push for more money&work for themselves and there you have it.
add to that the exceptionalism that once somebody is in power then they don't mind it because it keeps them in power, theoretically.
then there's the normal coppers who rightfully think that they could catch a few more crooks if they just had a little bit more of power and could at will search through peoples cellphones just when they feel li