Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Encryption United States Politics

Obama Administration To Offer Full Position On Encryption By End of Year 152

blottsie writes with this story from The Daily Dot that the President met with encryption advocates on Thursday and is expected to make a statement on his official stance before the end of the year. From the story: "The Obama administration plans to clarify its stance on strong encryption before Washington shuts down for the holidays. Administration officials met Thursday with the civil-society groups behind a petition urging the White House to back strong, end-to-end encryption over the objections of some law-enforcement and intelligence professionals. Kevin Bankston, director of New America's Open Technology Institute and the coalition's organizer, told the Daily Dot that it was a 'very hopeful meeting.'"
This discussion has been archived. No new comments can be posted.

Obama Administration To Offer Full Position On Encryption By End of Year

Comments Filter:
  • by ickleberry ( 864871 ) <web@pineapple.vg> on Friday December 11, 2015 @09:19AM (#51099729) Homepage
    That means the NSA can easily crack it
    • by Joce640k ( 829181 ) on Friday December 11, 2015 @10:20AM (#51099965) Homepage

      Will it make a difference? The horse has already bolted. Encryption exists.

      Not that it's needed, I can say "The fish is in the wolf" on national TV and the FBI won't know when the attack will happen.

      Nope. This is just about not letting encryption happen by default on all our messaging. It's espionage, it's political control, it's subversion of democracy.

      (ie. the people in power know what's trending after last night's presidential speech, the opposition doesn't).

      • I honestly think there's some level of paranoia, because as techies we know what they can actually do. Whether they do it or not is where I start justifying the use of the word paranoia. As simpletons there's not much the authorities want to know about us and wasting resources to find out that we eat 3 meals a day and that are bowels are consistent or not does is just a waste of resources. After all, getting to all this information and deciphering it isn't a piece a cake and requires man hours and technical

        • Re:If he says its OK (Score:5, Interesting)

          by Joce640k ( 829181 ) on Friday December 11, 2015 @01:01PM (#51100811) Homepage

          According to the Snowdon leaks, they're tapped into just about everything. They've also probably gotten into Intel chips to weaken the RNG, etc. (https://www.schneier.com/blog/archives/2013/09/surreptitiously.html)

          They've got the budget to waste time/resources. You only have to crack a communications system once, after that you can read ALL the messages with no manpower needed.

          I'm not a conspiracy theorist but there's just too much evidence to think they aren't doing anything they can possibly do to set up a spying network. What do they use it for? I dunno, but it's definitely there.

          • I understand that they tapped directly into communication lines but that's like looking for a needle in a haystack. I also get that algorithms can help with that but considering we can barely get computers to understand sentences it's hard to believe they would be able to accurately assess even 1% of the data.

        • by Anonymous Coward

          I am not a conspiracy theorist. I am a conspiracy acceptor. Conspiracies have happened in the past, are happening now, and will happen in the future. Those in power do not care about law, only power. And will do any deed to maintain their perceived power.

      • Nope. This is just about not letting encryption happen by default on all our messaging. It's espionage, it's political control, it's subversion of democracy.

        Good point! This could result in Watergate [wikipedia.org] all over again, but no one will get caught.

    • Re:If he says its OK (Score:5, Informative)

      by Joce640k ( 829181 ) on Friday December 11, 2015 @10:44AM (#51100067) Homepage

      If the NSA controls the chain of cryptographic certificates (eg. Verisign) then they don't need to crack anything. Nothing can be authenticated. They can simply impersonate people and perform man-in-the-middle attacks. Most of the world's encryption is wide open to them.

      Do they control that certification chain? You can be pretty sure they do. It's such an obvious target.

      • Even if they did, they could not use it for mass surveillance. Signing certs on-the-fly would be detected
        by most browsers on most relevant websites (through HSTS).

        Even for targeted attacks, they would have to have performed MITM forever (i.e. since the victim's OS was installed) to
        get away with it.

    • People tend to forget that...years back, perhaps even in the 1990s, Mrs. Clinton said "Oh all encryption should be breakable. The government can hold that key."
  • Does it matter? (Score:5, Insightful)

    by Anonymous Coward on Friday December 11, 2015 @09:20AM (#51099731)

    Does it matter what his position is? Its not like he can outlaw it and enforce it, its not like Congress is going to work with him after all the name calling he has directed at them over the years. Even if he does come up with something "reasonable" why would anyone else care at this point? His administration lies constantly and he has shown the NSA can't be trusted.

    I can't think of a policy position on anything that will have less impact than this will.

    • by Anonymous Coward

      If the President says something is "common-sense", it isn't.

      • Re:Does it matter? (Score:4, Insightful)

        by Joce640k ( 829181 ) on Friday December 11, 2015 @10:49AM (#51100097) Homepage

        Call me when Microsoft adds provably secure messaging to Windows by default (ie. no man-in-the-middle attack possible).

        When that happens I'll believe the USA has relaxed its position on encryption.

        Until then? It's all just hot air and political posturing.

        • It depends on what you mean by "Windows" (client? server?) and "by default". You can generate a mail CA certificate using Windows Server [microsoft.com] and then sneakernet that certificate to the machines of your communication partners. In an era of compromised X.509 certificate authorities and compromised participants in the PGP web of trust, nothing short of sneakernet is provably free of MITM. By "by default" do you mean that Outlook should default to showing a Big Scary Warning when sending or receiving messages to or

        • Even "provably secure" algorithms (which doesn't mean what you think is does) can have weak implementations.

          Relying on closed-source (or open-source with non-repeatable builds) software for high cryptography needs is insufficient.

    • by thaylin ( 555395 )

      yea, I mean look at how bad it was when they tried to work together to replace the awful no child left behind bill, oh wait, that worked well.

      Just because you are a conspiracy nut does not mean the rest of us are.

    • by raymorris ( 2726007 ) on Friday December 11, 2015 @10:25AM (#51099981) Journal

      When you talk about the president needing Congress to pass laws, you're thinking of the old system, the Constitutional process. The Constitution is now just "an old piece of paper".

      This president has already unilaterally changed immigration law after Congress denied his request and the news today is that he plans to issue new gun laws within the next few days.

      Even before he was elected president, he pointed out that a law was unconstitutional- just before he voted to pass it. Meaning he knowingly, intentionally voted to pass a law that he knew to be unconstitutional. The Constitution is meaningless under this administration.

      • by Anonymous Coward

        can we have a credible source for the last one?

        • can we have a credible source for the last one?

          That sounds like the telecom immunity bill.

          I don't remember Obama pointing out that it was unconstitutional, but it otherwise fits the description.

          Telecoms had been spying on American citizens at the request of law enforcement with no warrant and no oversight, and telecoms were simply handing over the data. Several lawsuits against telecoms were ongoing at the time, this legislation torpedoed them. It gave telecoms immunity for all past offenses.

          It would have passed without his support, and after the vote h

      • by Anonymous Coward

        NOWHERE in the constitution does it say being a FELON prevents anyone from owning a firearm. IN FACT, the Second Amendment provides that EVERY AMERICAN has the RIGHT to KEEP and BEAR ARMS. It is very clear.

        Welcome America... home of the COWARDS and SECRET STASI WATCHLISTS and GOVT MINDERS.

        You better get up off your ass and fight this shit.

        • I'm guessing that bans on gun ownership by convicted felons follow from a premise that felons have been less than honorably discharged from their otherwise implicit membership in a particular U.S. state's "well-regulated militia". Otherwise, what does "well-regulated" mean in the context of the Second Amendment?

          • by cfalcon ( 779563 )

            The right of the people to keep and bear arms shall not be infringed. It's a right of the people, not of a militia.

            • The right of the people to keep and bear arms shall not be infringed. It's a right of the people, not of a militia.

              This has been settled, that it applies to individual rights to bear arms by the Supreme Court [wikipedia.org] .

              Done deal....the Chicago and Dist. of Columbia cases have settled this.

              Nothing to see here, please move on...

            • by tepples ( 727027 )

              So should felons be allowed to carry while in prison? (I'm mentioning an extreme position to begin bisection.)

      • When you talk about the president needing Congress to pass laws, you're thinking of the old system, the Constitutional process. The Constitution is now just "an old piece of paper".

        This president has already unilaterally changed immigration law after Congress denied his request and the news today is that he plans to issue new gun laws within the next few days.

        Even before he was elected president, he pointed out that a law was unconstitutional- just before he voted to pass it. Meaning he knowingly, intentionally voted to pass a law that he knew to be unconstitutional. The Constitution is meaningless under this administration.

        I thought that the reason for guns was the founding fathers desire to insure the British or others could not attack and destroy the new country. Today, that need rests with the army. Civilians taking up arms against tanks, airplanes, submarines and nuclear bombs seems to suggest that the Gun Laws should be extended to allow civilians to purchase said types of armoured vehicles for their personal protection.

        • Did you intend to reply to my post, or a different one? I'm not sure how your point relates to my post. I did mention that one area in which Obama is currently taking unilateral action, essentially making law in contravention of the Constitution , happens to be in regard to guns, but my point is that under the Constitution, the president wouldn't be making law at all. I suppose that fact that he does this in areas where the Congress most certainly would not make such a law, and such a law is repugnant to

    • by Anonymous Coward

      He's going to draw a thick red line between strong encryption and ROT-13 and don't you dare cross that line or there'll be comprehensive consequences.

    • ...its not like Congress is going to work with him after all the name calling he has directed at them over the years.

      If congress won't work with him, how did he get his massive education reform bill [washingtonpost.com] passed this week?

    • by SeaFox ( 739806 )

      Does it matter what his position is?

      Not really. He'll only be the President for one more year anyway.

    • Not to mention his administration is OVER in another year.
  • "Our official position on encryption is either in your handshake protocol as an intentionally watered down cipher, or alongside a trusted and suepr friendly NIST ephemeral prime."
    • by Anonymous Coward

      ephemeral prime

      ephemeral prime? Is that like a number that is prime right now, at this very moment, but it won't be prime for long?

      I guess that could make for interesting cryptography.

      • Ephemeral primes are prime numbers (typically in pairs), used to establish persistent keys (e.g. DH, J-Pake).

        So, even though you went AC to mock this commenter, you should really check your self before exposing ignorance.

        That said, the Dual_EC_DRBG trick used by the NSA involved specially crafted primes that, effectively, gave the NSA a back door by which pseudorandom sequences could be inferred with comparatively little effort. It's a brutally clever bit of math, though I'm not sure it would qualify as an

  • Full position? (Score:2, Insightful)

    by Anonymous Coward

    Where's the goatse URL when you need it? "Open wide, America!!"

    This administration has been a sad, pitiful disappointment on civil liberties, constitutional rights, and even intelligible economic and foreign policy. They've been so busy getting "consensus" on everything they've only succeeded in not being as bad as Shrub.

    • Re: (Score:3, Funny)

      by robinsonne ( 952701 )
      I never thought I could say that goatse was relevant to a discussion here, but I think that sums up the government's stance on encryption fairly well.
  • I can't wait (Score:2, Insightful)

    by Anonymous Coward

    I don't think I have anything to contribute to the discussion, but I'm waiting for our President, Barack Hussein Obama, to let us know what his stance is on this important argument so that I may follow. I understand those are very hard and complicated matters and that we citizens cannot possibily expect to have the scope and understanding to do anything but being led, and we are grateful for President Obama's leadership. I have never been, I am not and I will never be a malcontent and I have never and will

  • by jcr ( 53032 ) <jcr@m[ ]com ['ac.' in gap]> on Friday December 11, 2015 @09:39AM (#51099807) Journal

    First amendment, motherfucker. If the government doesn't want me to use strong encryption, they can go pound sand up their asses.

    -jcr

    • by Merk42 ( 1906718 )
      Wouldn't the first amendment just be that they couldn't stop you from posting shit about the government?
      If anything, you mean Fourth amendment.
      • The encrypted speech is, independently, also speech, and thus protected.

        • by Merk42 ( 1906718 )
          Only from the government preventing you from saying it, not from the government doing what it can to 'hear' it.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Over 20 years ago, the government declared encryption to be a munition.

        So not only does encryption get First and Fourth Amendment protection, it gets Second Amendment protection as well.

    • by Nidi62 ( 1525137 )

      First amendment, motherfucker. If the government doesn't want me to use strong encryption, they can go pound sand up their asses.

      -jcr

      No, the real reason it doesn't matter is because we will have a new president 14 months from now who will most likely have a completely different position on encryption.

    • How did the first amendment prevent the ban on exporting strong encryption back in the 1990s (when those of us outside the US using Netscape and IE had to make do with 40bit https encryption)? Why would it be any more effective today?

  • by NotDrWho ( 3543773 ) on Friday December 11, 2015 @09:58AM (#51099865)

    Trust us to not misuse the data.
    Trust us to act according to the Constitution, even though there is absolutely no oversight to make us.
    Trust us to secure the data so it can't be hacked.
    Trust us to never use any of it as evidence against you, since it was obtained without a warrant.
    Trust us to never use it to blackmail you.

    Trust us, we're your government.

    • by e r ( 2847683 )

      Trust us to act according to the Constitution, even though there is absolutely no oversight to make us.

      This is why we have the Second Amendment.

      YOU are the oversight.

      YOU are expected to vote in the polls, pay taxes, fight in the wars, and enforce constitutional limits on your government. That's the price of freedom. And damned grateful that you have the opportunity to pay it instead of being a tyrant's slave.

      • First, the US military has things like artillery and tanks and helicopters that will easily defeat an army relying on semi-automatic rifles.

        Second, the experiment of putting high-morale individuals against poorly armed, poorly trained, and poorly led regular infantry was tried in Yugoslavia in WWII. The regulars win.

        There's no freaking way a bunch of citizens with rifles can defeat the US Army.

        • by e r ( 2847683 )

          There's no freaking way a bunch of citizens with rifles can defeat the US Army.

          Vietnam, Iraq, Afghanistan, and Syria are all proof to the contrary. Rebels don't necessarily fold easily against even a modern tyrant's army.

          Artillery, tanks, helicopters, and drones don't hold territory. They must be used very judiciously in a civil war lest the government piss off the very citizens that it's fighting for control over.

          But beyond all that: what do you propose? Just lay down and die?

          Not everyone wants to be a tyrant's slave, even at the price of death.

  • by Anonymous Coward

    If the FBI director would like to put a halt to the availability of strong encryption, then he should set an example. Let's give the man a phone with all the encryption protections disabled. Setup a proxy for his web browser that will give him unencrypted access to encrypted web sites. Remove the Wi-Fi passwords from his office and home Wi-Fi. Get his bank to do all of his transactions in the clear... and so on.

    He'd learn two things quickly: ripping encryption out of existing infrastructure and technology i

    • Encryption for me but not for thee, one of the legs of the panopticon. Others are Eye in the Sky (go listen to Radiolab podcast on it), and omnipresent cameras with facial recognition, license plate recognition, and so on, dumping into a database where you can look up where anyone is at any given moment. Oh and tracking who calls who, when, and the ability to listen in with no technological barriers if you don't get a warrant.

  • by Vermonter ( 2683811 ) on Friday December 11, 2015 @10:03AM (#51099881)
    Now taking bets for what will be our "answer" in January: A: The Obama administration gives a vague answer that answers nothing. B: The Obama administration kicks the can down the road 6 months, saying they have not reached a conclusion yet. C: The Obama administration will do nothing, pretending this promise was never made.
    • by jandersen ( 462034 ) on Friday December 11, 2015 @11:02AM (#51100161)

      Whatever - if Obama was to declare that Christmas falls in December, there would be a storm of protests from so-called freedom advocates. He could probably push through a complete ban on encryption by declaring that it is a human right to encrypt things.

      • This is the same President who has expanded NSA surveillance. Your donkiness is showing.
      • Whatever - if Obama was to declare that Christmas falls in December, there would be a storm of protests from so-called freedom advocates.

        Huh.....now I kind of want him to do that, just to see the fallout.

      • Whatever - if Obama was to declare that Christmas falls in December, there would be a storm of protests from so-called freedom advocates.

        That's because Jesus was born in August [tripod.com], you insensitive clod!

      • I want Obama to come out fully and completely supporting oxygen, and Trump to the same with water. The survivors should be much more reasonable.

    • by Anonymous Coward

      D: Obama cites a 2,859 page document written entirely in legalese that he describes as "sensible encryption policy." Actual skilled former lawyers who take the effort to parse the entire mess describe an incoherent collection of mutually contradictory statements. Prosecutors insist that the law is "a good start, but needs more restrictions." News reporters claim that anyone who disagrees with "President Obama's simple encryption guidelines" is a terrorist and worse than Hitler. Congressional Republicans

  • by GameboyRMH ( 1153867 ) <gameboyrmh@gma i l . com> on Friday December 11, 2015 @10:09AM (#51099907) Journal

    Terrorist attacks not stopped by mass internet surveillance:

    Boston Bombers. Downloaded a terrorist publication containing bomb plans from the Internet, tweeted about upcoming attacks in coded language.

    Anders Breivik: Discussed violent extremist leanings online

    November 2015 France attackers: Spoke freely about their plans in plaintext SMS

    2015 San Bernadino Shooters: Met and discussed jihadist leanings through various social media.

    Even if you put the horrendous privacy issues aside, this shit clearly doesn't work. Shut it down.

  • He has to take a few weeks to check with his handlers. He shouldn't have to check with his handlers. After all, we're told he's a Constitutional scholar. The answer is, "I will neither propose nor sign any legislation prohibiting or regulating encryption for the same reason I won't sign any regulating safes or locks. 'The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be infringed.' This is not just idealism, but the

    • Well, certainly, the left believe there is no American exceptionalism. They say it quite openly.
      • As a leftist, there certainly isn't much American exceptionalism left. The US is a frequently warlike and belligerent power, bullies other countries, has a terrible health care system, and has a great deal other problems that first-world nations tend not to have. We used to be an inspiration to the world, a showcase of what a democracy could be like.

  • Obama talks the talk but doesn't walk the walk. He is beholden to the powers that be and takes orders from them.

  • by Jim Sadler ( 3430529 ) on Friday December 11, 2015 @12:14PM (#51100513)
    I simply can not understand how we have such cowards among us. The terror incidents simply do not justify radical precautions. At the point that we start to spend big money and change the basics of our nation terrorism has already won. And I have no doubt that the intercepts will be used for items other than antiterrorism. The temptation to sweep up more mundane criminals will be too strong for law enforcement to resist. And that points to a really serious problem. As a nation, we have out arrested ourselves. The entire legal system in the US could easily be collapsed. Right now if every person arrested simply refuses to post bail, the system can not deal with what will result. If every person arrested insists upon their right to a speedy trial the courts would totally collapse. Right now California can not go after people who rip up their traffic tickets. The problem is so huge that California dare not do much about it. In Miami, Fl. numerous people drive without a license or insurance. A few of them do a bit of jail time, but they seem willing to spend a few days in jail rather than buy insurance and pay for tickets. So now that we know we have a legal system that clearly can not handle the current load just what will happen if we start using intense spying, seeking not only for lawbreakers but also for people that we fear might do something in the future.
  • He's probably waiting until the end of the year because by then their shipment of D-Wave quantum computers will have arrived...

  • Guns and algorithms (Score:5, Interesting)

    by iamacat ( 583406 ) on Friday December 11, 2015 @12:48PM (#51100721)

    I find that my own positions on encryption mirror a lot of NRA positions on guns. A vast majority of encryption users are responsible and utilize technology for self defense from crime, as do a majority of gun users. On the other hand, guns can be used to commit crimes, as can encryption. Finally, both guns and encryption make it more difficult for an oppressive government to subjugate the population. Guns are more immediately dangerous, but on the other hand they protect people from getting murdered, not just from getting p0wned.

    I sincerely believe that benefits of encryption to society outweigh the action of a few lunatics. Therefore I support citizens right to encryption, including military grade encryption with no limits on key size. I certainly do not want a federal database of encryption users.

    Yet similar arguments ring hollow coming from NRA. I am not sure what to make of it. On one hand, I could be missing valid perspective of people living in rural or high crime areas, just like encryption opponents do not fully understand how widespread cyber crime and state espionage are.

    On the other hand, perhaps I should support common sense legislation to keep strong crypto out of the hands of children and criminals. If you are a convicted pedophile, law can not keep you from encrypting your phone. But if we catch you with an encrypting phone, your parole can be revoked and whatever you are trying to hide stopped.

    Or for children's devices, parents should have an escrow key to see if the kids are up to no good, are getting dangerously bullied on Facebook or are contacted by drug dealers/pedophiles. But leave a big banner describing that the device has been accessed, and which apps were used to discourage abuse BY parents.

    • I find that my own positions on encryption mirror a lot of NRA positions on guns...I am not sure what to make of it.

      Did you hear about the toddler that found his parent's encryption in the closet and encrypted himself? Did you hear about Dick Cheney "accidentally" encrypting his friend in the face?

      Neither did I. That's the difference.

      • by iamacat ( 583406 )

        I heard of plenty of teens who were groomed and lured away by an online pedophile or committed suicide after Facebook bullying. And I don't know of a single home invasion where a crook took a single look at PGP icon on owner's computer and ran away.

    • There's three big differences between guns and cryptography. First, a gun accident or impulsive action can easily kill, while encryption can't. Second, while it's hard to keep guns out of the hands of criminals, it's completely impossible to stop people from using encryption. Third, a gun is a fairly large chunk of metal, and can be checked for fairly easily, while it's not possible to see if someone is using an illegal cryptosystem without actually trying to decrypt it.

      • by iamacat ( 583406 )

        On the other hand, a gun can easily save your life (mostly criminal getting scared off upon seeing your gun, or knowing that gun ownership is common in the area), while encryption can not. So the bar for denying someone this means of self defense seems to be much higher.

        If we decide that some people (like minors or convicted felons) should not use unescrowed encryption, devices on their person or at their home can be examined by police/parents in suspicious circumstances. Skills and diligence needed to cons

  • He's met with the privacy guys once or twice. He's met with the security guys probably two thousand times since he took office. This meeting was a political stunt to pretend that both sides were being listened to, and now he'll spin a lie about how it's possible to have encryption the government can look at with a warrant.

    Here's the thing--even if you could make key escrow really secure, and as a practical matter you can't, it's still far too risky because of government abuse risk.

    Our spies and federal la

  • There was a previous "We the People" petition to the White House regarding encryption, and it got the required number of signatures to elicit a response. Rather than just putting out a useless blanket statement (as they do for a lot of the petitions), the White House is actually soliciting specific feedback before creating a position. You can send them comments regarding encryption through the White House website (links below). No idea if this will actually go anywhere (or get you put on some kind of wat
  • Who gives a rip what his position is? Even if he says encryption is good, back doors are bad, we will have no idea if that is the same direction being given to the NSA behind closed doors.
  • by Scarletdown ( 886459 ) on Friday December 11, 2015 @04:56PM (#51102269) Journal

    The only position to be considered is already encapsulated in the 4th Amendment of the United States Constitution, specifically the first portion...

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,

    Your data, even though it is stored electronically, falls under the papers portion of the above line.

  • Problem solved.

Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Working...