Obama Administration To Offer Full Position On Encryption By End of Year 152
blottsie writes with this story from The Daily Dot that the President met with encryption advocates on Thursday and is expected to make a statement on his official stance before the end of the year. From the story: "The Obama administration plans to clarify its stance on strong encryption before Washington shuts down for the holidays. Administration officials met Thursday with the civil-society groups behind a petition urging the White House to back strong, end-to-end encryption over the objections of some law-enforcement and intelligence professionals. Kevin Bankston, director of New America's Open Technology Institute and the coalition's organizer, told the Daily Dot that it was a 'very hopeful meeting.'"
If he says its OK (Score:3)
Re:If he says its OK (Score:5, Insightful)
Will it make a difference? The horse has already bolted. Encryption exists.
Not that it's needed, I can say "The fish is in the wolf" on national TV and the FBI won't know when the attack will happen.
Nope. This is just about not letting encryption happen by default on all our messaging. It's espionage, it's political control, it's subversion of democracy.
(ie. the people in power know what's trending after last night's presidential speech, the opposition doesn't).
Re: (Score:3)
I honestly think there's some level of paranoia, because as techies we know what they can actually do. Whether they do it or not is where I start justifying the use of the word paranoia. As simpletons there's not much the authorities want to know about us and wasting resources to find out that we eat 3 meals a day and that are bowels are consistent or not does is just a waste of resources. After all, getting to all this information and deciphering it isn't a piece a cake and requires man hours and technical
Re:If he says its OK (Score:5, Interesting)
According to the Snowdon leaks, they're tapped into just about everything. They've also probably gotten into Intel chips to weaken the RNG, etc. (https://www.schneier.com/blog/archives/2013/09/surreptitiously.html)
They've got the budget to waste time/resources. You only have to crack a communications system once, after that you can read ALL the messages with no manpower needed.
I'm not a conspiracy theorist but there's just too much evidence to think they aren't doing anything they can possibly do to set up a spying network. What do they use it for? I dunno, but it's definitely there.
Re: (Score:2)
I understand that they tapped directly into communication lines but that's like looking for a needle in a haystack. I also get that algorithms can help with that but considering we can barely get computers to understand sentences it's hard to believe they would be able to accurately assess even 1% of the data.
Re: (Score:1)
I am not a conspiracy theorist. I am a conspiracy acceptor. Conspiracies have happened in the past, are happening now, and will happen in the future. Those in power do not care about law, only power. And will do any deed to maintain their perceived power.
Re: (Score:2)
Nope. This is just about not letting encryption happen by default on all our messaging. It's espionage, it's political control, it's subversion of democracy.
Good point! This could result in Watergate [wikipedia.org] all over again, but no one will get caught.
Re:If he says its OK (Score:5, Informative)
If the NSA controls the chain of cryptographic certificates (eg. Verisign) then they don't need to crack anything. Nothing can be authenticated. They can simply impersonate people and perform man-in-the-middle attacks. Most of the world's encryption is wide open to them.
Do they control that certification chain? You can be pretty sure they do. It's such an obvious target.
Re: (Score:2)
Even if they did, they could not use it for mass surveillance. Signing certs on-the-fly would be detected
by most browsers on most relevant websites (through HSTS).
Even for targeted attacks, they would have to have performed MITM forever (i.e. since the victim's OS was installed) to
get away with it.
Re: (Score:2)
I call bullshit
Re: (Score:2)
Re: (Score:2)
....and in which "stuff" do you use it to communicate with other people?
Re: (Score:2)
I assume OP uses it for TLS, SSH and VPN, like most of us do.
Does it matter? (Score:5, Insightful)
Does it matter what his position is? Its not like he can outlaw it and enforce it, its not like Congress is going to work with him after all the name calling he has directed at them over the years. Even if he does come up with something "reasonable" why would anyone else care at this point? His administration lies constantly and he has shown the NSA can't be trusted.
I can't think of a policy position on anything that will have less impact than this will.
Re: (Score:1)
If the President says something is "common-sense", it isn't.
Re:Does it matter? (Score:4, Insightful)
Call me when Microsoft adds provably secure messaging to Windows by default (ie. no man-in-the-middle attack possible).
When that happens I'll believe the USA has relaxed its position on encryption.
Until then? It's all just hot air and political posturing.
Generate a CA certificate and sneakernet it (Score:2)
It depends on what you mean by "Windows" (client? server?) and "by default". You can generate a mail CA certificate using Windows Server [microsoft.com] and then sneakernet that certificate to the machines of your communication partners. In an era of compromised X.509 certificate authorities and compromised participants in the PGP web of trust, nothing short of sneakernet is provably free of MITM. By "by default" do you mean that Outlook should default to showing a Big Scary Warning when sending or receiving messages to or
Re: (Score:2)
In an era of compromised X.509 certificate authorities
There is also S/MIME as well. I fetch a client cert from Symantec or another CA
That's what I was referring to. Symantec has been compromised, as have many other CAs.
Re: (Score:2)
Even "provably secure" algorithms (which doesn't mean what you think is does) can have weak implementations.
Relying on closed-source (or open-source with non-repeatable builds) software for high cryptography needs is insufficient.
Re: (Score:2)
yea, I mean look at how bad it was when they tried to work together to replace the awful no child left behind bill, oh wait, that worked well.
Just because you are a conspiracy nut does not mean the rest of us are.
Strange days indeed... (Score:1)
The question isn't,"Are you paranoid?"
The question is,"Are you paranoid enough."
You're thinking of Constitutional process. (Score:5, Informative)
When you talk about the president needing Congress to pass laws, you're thinking of the old system, the Constitutional process. The Constitution is now just "an old piece of paper".
This president has already unilaterally changed immigration law after Congress denied his request and the news today is that he plans to issue new gun laws within the next few days.
Even before he was elected president, he pointed out that a law was unconstitutional- just before he voted to pass it. Meaning he knowingly, intentionally voted to pass a law that he knew to be unconstitutional. The Constitution is meaningless under this administration.
Re: (Score:1)
can we have a credible source for the last one?
Telecom Immunity (Score:2)
can we have a credible source for the last one?
That sounds like the telecom immunity bill.
I don't remember Obama pointing out that it was unconstitutional, but it otherwise fits the description.
Telecoms had been spying on American citizens at the request of law enforcement with no warrant and no oversight, and telecoms were simply handing over the data. Several lawsuits against telecoms were ongoing at the time, this legislation torpedoed them. It gave telecoms immunity for all past offenses.
It would have passed without his support, and after the vote h
Re: (Score:1)
NOWHERE in the constitution does it say being a FELON prevents anyone from owning a firearm. IN FACT, the Second Amendment provides that EVERY AMERICAN has the RIGHT to KEEP and BEAR ARMS. It is very clear.
Welcome America... home of the COWARDS and SECRET STASI WATCHLISTS and GOVT MINDERS.
You better get up off your ass and fight this shit.
Dishonorable discharge from state militia (Score:2)
I'm guessing that bans on gun ownership by convicted felons follow from a premise that felons have been less than honorably discharged from their otherwise implicit membership in a particular U.S. state's "well-regulated militia". Otherwise, what does "well-regulated" mean in the context of the Second Amendment?
Re: (Score:2)
The right of the people to keep and bear arms shall not be infringed. It's a right of the people, not of a militia.
Re: (Score:2)
This has been settled, that it applies to individual rights to bear arms by the Supreme Court [wikipedia.org] .
Done deal....the Chicago and Dist. of Columbia cases have settled this.
Nothing to see here, please move on...
Re: (Score:2)
So should felons be allowed to carry while in prison? (I'm mentioning an extreme position to begin bisection.)
Re: (Score:2)
When you talk about the president needing Congress to pass laws, you're thinking of the old system, the Constitutional process. The Constitution is now just "an old piece of paper".
This president has already unilaterally changed immigration law after Congress denied his request and the news today is that he plans to issue new gun laws within the next few days.
Even before he was elected president, he pointed out that a law was unconstitutional- just before he voted to pass it. Meaning he knowingly, intentionally voted to pass a law that he knew to be unconstitutional. The Constitution is meaningless under this administration.
I thought that the reason for guns was the founding fathers desire to insure the British or others could not attack and destroy the new country. Today, that need rests with the army. Civilians taking up arms against tanks, airplanes, submarines and nuclear bombs seems to suggest that the Gun Laws should be extended to allow civilians to purchase said types of armoured vehicles for their personal protection.
replied to the right post? (Score:2)
Did you intend to reply to my post, or a different one? I'm not sure how your point relates to my post. I did mention that one area in which Obama is currently taking unilateral action, essentially making law in contravention of the Constitution , happens to be in regard to guns, but my point is that under the Constitution, the president wouldn't be making law at all. I suppose that fact that he does this in areas where the Congress most certainly would not make such a law, and such a law is repugnant to
Keeps getting worse b/c people forget elections (Score:2)
It seems each president sets a new precedent for how much they ignore the Constitution, so it keeps getting worse. As you said, when "your team" does it it's okay, because people forget that in a few years the other party will have that office. Whatever new power you allow Obama to take, Donald Trump may soon wield.
I sure -hope- Trump doesn't get elected - Rubio, Cruz and even Carson would all be better choices. Regardless, guaranteed someone I don't like will be elected to the Senate and/or presidency nex
Re: (Score:1)
He's going to draw a thick red line between strong encryption and ROT-13 and don't you dare cross that line or there'll be comprehensive consequences.
Re: (Score:2)
...its not like Congress is going to work with him after all the name calling he has directed at them over the years.
If congress won't work with him, how did he get his massive education reform bill [washingtonpost.com] passed this week?
Re: (Score:2)
Does it matter what his position is?
Not really. He'll only be the President for one more year anyway.
Re: (Score:1)
Re: (Score:2)
http://ciphersaber.gurus.org/ [gurus.org]
Re: (Score:2)
Re: (Score:1)
ephemeral prime
ephemeral prime? Is that like a number that is prime right now, at this very moment, but it won't be prime for long?
I guess that could make for interesting cryptography.
Re: expect a meaningful response. (Score:2)
Ephemeral primes are prime numbers (typically in pairs), used to establish persistent keys (e.g. DH, J-Pake).
So, even though you went AC to mock this commenter, you should really check your self before exposing ignorance.
That said, the Dual_EC_DRBG trick used by the NSA involved specially crafted primes that, effectively, gave the NSA a back door by which pseudorandom sequences could be inferred with comparatively little effort. It's a brutally clever bit of math, though I'm not sure it would qualify as an
Full position? (Score:2, Insightful)
Where's the goatse URL when you need it? "Open wide, America!!"
This administration has been a sad, pitiful disappointment on civil liberties, constitutional rights, and even intelligible economic and foreign policy. They've been so busy getting "consensus" on everything they've only succeeded in not being as bad as Shrub.
Re: (Score:3, Funny)
I can't wait (Score:2, Insightful)
I don't think I have anything to contribute to the discussion, but I'm waiting for our President, Barack Hussein Obama, to let us know what his stance is on this important argument so that I may follow. I understand those are very hard and complicated matters and that we citizens cannot possibily expect to have the scope and understanding to do anything but being led, and we are grateful for President Obama's leadership. I have never been, I am not and I will never be a malcontent and I have never and will
Re: (Score:2)
You do realise that if an algorythm running in some gov datacenter farts in the wrong direction whilst processing your email, becuase no goverment code ever ever contains bugs, then all that could be taken away from you with increasingly less and less due process. We are building the machinery of the ultimate totalitarian state.
Re: (Score:2)
Re: (Score:2)
Damn, I wish this was the land of the free and the home of the brave. A large number of my fellow citizens have turned craven.
Comment removed (Score:4, Insightful)
Re: (Score:2)
If anything, you mean Fourth amendment.
Re: (Score:2)
The encrypted speech is, independently, also speech, and thus protected.
Re: (Score:3)
Re: (Score:2, Insightful)
Over 20 years ago, the government declared encryption to be a munition.
So not only does encryption get First and Fourth Amendment protection, it gets Second Amendment protection as well.
Re: (Score:2)
First amendment, motherfucker. If the government doesn't want me to use strong encryption, they can go pound sand up their asses.
-jcr
No, the real reason it doesn't matter is because we will have a new president 14 months from now who will most likely have a completely different position on encryption.
The more things change... (Score:2)
No, the real reason it doesn't matter is because we will have a new president 14 months from now who will most likely have a completely different position on encryption.
It's adorable that you really seem to believe that. Hail to the new boss, same as the old boss.
Heil Trump (Score:2)
Hail to the new boss, same as the old boss.
And hopefully it won't be Heil to the new boss [cracked.com].
Re:Who cares what the fuck he says? (Score:5, Insightful)
Nonsense. Whoever is president 14 months from now will have exactly the same position on encryption. And the same position on the Middle East and the same position on Afghanistan and Iraq and "free trade" and...
Re: (Score:2)
How did the first amendment prevent the ban on exporting strong encryption back in the 1990s (when those of us outside the US using Netscape and IE had to make do with 40bit https encryption)? Why would it be any more effective today?
Re: (Score:3)
Re: (Score:1)
If you think these politicians can't destroy cryptography though, think again. They can, and will if you don't fight back and defend your rights. A good read that was published in acmqueue is "More Encryption Is Not the Solution" [acm.org], which outlines some of the practical issues involved, and why winning this politi
The government needs full access...trust us (Score:5, Insightful)
Trust us to not misuse the data.
Trust us to act according to the Constitution, even though there is absolutely no oversight to make us.
Trust us to secure the data so it can't be hacked.
Trust us to never use any of it as evidence against you, since it was obtained without a warrant.
Trust us to never use it to blackmail you.
Trust us, we're your government.
Re: (Score:2)
Trust us to act according to the Constitution, even though there is absolutely no oversight to make us.
This is why we have the Second Amendment.
YOU are the oversight.
YOU are expected to vote in the polls, pay taxes, fight in the wars, and enforce constitutional limits on your government. That's the price of freedom. And damned grateful that you have the opportunity to pay it instead of being a tyrant's slave.
Re: (Score:2)
First, the US military has things like artillery and tanks and helicopters that will easily defeat an army relying on semi-automatic rifles.
Second, the experiment of putting high-morale individuals against poorly armed, poorly trained, and poorly led regular infantry was tried in Yugoslavia in WWII. The regulars win.
There's no freaking way a bunch of citizens with rifles can defeat the US Army.
Re: (Score:1)
There's no freaking way a bunch of citizens with rifles can defeat the US Army.
Vietnam, Iraq, Afghanistan, and Syria are all proof to the contrary. Rebels don't necessarily fold easily against even a modern tyrant's army.
Artillery, tanks, helicopters, and drones don't hold territory. They must be used very judiciously in a civil war lest the government piss off the very citizens that it's fighting for control over.
But beyond all that: what do you propose? Just lay down and die?
Not everyone wants to be a tyrant's slave, even at the price of death.
The FBI director should go first. (Score:1)
If the FBI director would like to put a halt to the availability of strong encryption, then he should set an example. Let's give the man a phone with all the encryption protections disabled. Setup a proxy for his web browser that will give him unencrypted access to encrypted web sites. Remove the Wi-Fi passwords from his office and home Wi-Fi. Get his bank to do all of his transactions in the clear... and so on.
He'd learn two things quickly: ripping encryption out of existing infrastructure and technology i
Re: (Score:2)
Encryption for me but not for thee, one of the legs of the panopticon. Others are Eye in the Sky (go listen to Radiolab podcast on it), and omnipresent cameras with facial recognition, license plate recognition, and so on, dumping into a database where you can look up where anyone is at any given moment. Oh and tracking who calls who, when, and the ability to listen in with no technological barriers if you don't get a warrant.
Oh goodie, a politician has made a promise! (Score:3)
Re:Oh goodie, a politician has made a promise! (Score:5, Informative)
Whatever - if Obama was to declare that Christmas falls in December, there would be a storm of protests from so-called freedom advocates. He could probably push through a complete ban on encryption by declaring that it is a human right to encrypt things.
Re: (Score:1)
Re: (Score:2)
Whatever - if Obama was to declare that Christmas falls in December, there would be a storm of protests from so-called freedom advocates.
Huh.....now I kind of want him to do that, just to see the fallout.
Re: (Score:2)
Whatever - if Obama was to declare that Christmas falls in December, there would be a storm of protests from so-called freedom advocates.
That's because Jesus was born in August [tripod.com], you insensitive clod!
Re: (Score:2)
I want Obama to come out fully and completely supporting oxygen, and Trump to the same with water. The survivors should be much more reasonable.
Re: (Score:1)
D: Obama cites a 2,859 page document written entirely in legalese that he describes as "sensible encryption policy." Actual skilled former lawyers who take the effort to parse the entire mess describe an incoherent collection of mutually contradictory statements. Prosecutors insist that the law is "a good start, but needs more restrictions." News reporters claim that anyone who disagrees with "President Obama's simple encryption guidelines" is a terrorist and worse than Hitler. Congressional Republicans
Re: (Score:3)
Mass Internet Surveillance is Useless (Score:5, Insightful)
Terrorist attacks not stopped by mass internet surveillance:
Boston Bombers. Downloaded a terrorist publication containing bomb plans from the Internet, tweeted about upcoming attacks in coded language.
Anders Breivik: Discussed violent extremist leanings online
November 2015 France attackers: Spoke freely about their plans in plaintext SMS
2015 San Bernadino Shooters: Met and discussed jihadist leanings through various social media.
Even if you put the horrendous privacy issues aside, this shit clearly doesn't work. Shut it down.
Re: (Score:2)
The problem with this theory is that under it, we can't tell the difference between the effectiveness of mass surveillance and that of a magic terrorist-repelling rock.
Re: (Score:2)
You're apparently operating under the mistaken impression that the purpose of government is to keep you safe. In fact, government is principally a jobs program to reduce the number of unemployed people so that they don't rise up against the elite class, coupled with a handout program to fund various friends of whichever administration is in power at the time.
Re: (Score:2)
Re: (Score:2)
Except that we know what surveillance is giving us without encryption, and it doesn't look worthwhile. The Boston Marathon bombers were reported by Russia, via official channels, as terrorists. Surveillance with back-doored ciphers would be no better than what we have in these cases, since the terrorists didn't use crypto. Not to mention that, when you outlaw decent crypto, only outlaws have decent crypto. It's as easy to use good crypto as bad, and terrorists are not known for their scrupulous attenti
Obama being Obama (Score:2)
He has to take a few weeks to check with his handlers. He shouldn't have to check with his handlers. After all, we're told he's a Constitutional scholar. The answer is, "I will neither propose nor sign any legislation prohibiting or regulating encryption for the same reason I won't sign any regulating safes or locks. 'The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be infringed.' This is not just idealism, but the
Re: (Score:1)
Re: (Score:2)
As a leftist, there certainly isn't much American exceptionalism left. The US is a frequently warlike and belligerent power, bullies other countries, has a terrible health care system, and has a great deal other problems that first-world nations tend not to have. We used to be an inspiration to the world, a showcase of what a democracy could be like.
Don't get your hopes up kids (Score:2)
Obama talks the talk but doesn't walk the walk. He is beholden to the powers that be and takes orders from them.
It Won't Work (Score:3)
End of the year (Score:2)
He's probably waiting until the end of the year because by then their shipment of D-Wave quantum computers will have arrived...
Guns and algorithms (Score:5, Interesting)
I find that my own positions on encryption mirror a lot of NRA positions on guns. A vast majority of encryption users are responsible and utilize technology for self defense from crime, as do a majority of gun users. On the other hand, guns can be used to commit crimes, as can encryption. Finally, both guns and encryption make it more difficult for an oppressive government to subjugate the population. Guns are more immediately dangerous, but on the other hand they protect people from getting murdered, not just from getting p0wned.
I sincerely believe that benefits of encryption to society outweigh the action of a few lunatics. Therefore I support citizens right to encryption, including military grade encryption with no limits on key size. I certainly do not want a federal database of encryption users.
Yet similar arguments ring hollow coming from NRA. I am not sure what to make of it. On one hand, I could be missing valid perspective of people living in rural or high crime areas, just like encryption opponents do not fully understand how widespread cyber crime and state espionage are.
On the other hand, perhaps I should support common sense legislation to keep strong crypto out of the hands of children and criminals. If you are a convicted pedophile, law can not keep you from encrypting your phone. But if we catch you with an encrypting phone, your parole can be revoked and whatever you are trying to hide stopped.
Or for children's devices, parents should have an escrow key to see if the kids are up to no good, are getting dangerously bullied on Facebook or are contacted by drug dealers/pedophiles. But leave a big banner describing that the device has been accessed, and which apps were used to discourage abuse BY parents.
Re: (Score:2)
I find that my own positions on encryption mirror a lot of NRA positions on guns...I am not sure what to make of it.
Did you hear about the toddler that found his parent's encryption in the closet and encrypted himself? Did you hear about Dick Cheney "accidentally" encrypting his friend in the face?
Neither did I. That's the difference.
Re: (Score:2)
I heard of plenty of teens who were groomed and lured away by an online pedophile or committed suicide after Facebook bullying. And I don't know of a single home invasion where a crook took a single look at PGP icon on owner's computer and ran away.
Re: (Score:2)
There's three big differences between guns and cryptography. First, a gun accident or impulsive action can easily kill, while encryption can't. Second, while it's hard to keep guns out of the hands of criminals, it's completely impossible to stop people from using encryption. Third, a gun is a fairly large chunk of metal, and can be checked for fairly easily, while it's not possible to see if someone is using an illegal cryptosystem without actually trying to decrypt it.
Re: (Score:2)
On the other hand, a gun can easily save your life (mostly criminal getting scared off upon seeing your gun, or knowing that gun ownership is common in the area), while encryption can not. So the bar for denying someone this means of self defense seems to be much higher.
If we decide that some people (like minors or convicted felons) should not use unescrowed encryption, devices on their person or at their home can be examined by police/parents in suspicious circumstances. Skills and diligence needed to cons
One meeting versus two thousand (Score:1)
He's met with the privacy guys once or twice. He's met with the security guys probably two thousand times since he took office. This meeting was a political stunt to pretend that both sides were being listened to, and now he'll spin a lie about how it's possible to have encryption the government can look at with a warrant.
Here's the thing--even if you could make key escrow really secure, and as a practical matter you can't, it's still far too risky because of government abuse risk.
Our spies and federal la
The White House is soliciting feedback - link: (Score:1)
Oh, I'll wait with anticipation /sarcasm (Score:2)
May the Fourth Be With You (Score:4, Insightful)
The only position to be considered is already encapsulated in the 4th Amendment of the United States Constitution, specifically the first portion...
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,
Your data, even though it is stored electronically, falls under the papers portion of the above line.
Ban math (Score:2)
Re: (Score:2)
You'd trade one sort of backdoor for another? No, thanks.
Re: (Score:2)
That's really plausible, considering that one of them didn't even come to the US until the middle of last year and they only met (in Saudi Arabia) about a year before that.
Re: (Score:2)
Haney explained that if his work was allowed to continue, it could possibly have thwarted last week's attack.
Source: Fox News website [foxnews.com], emphasis is mine.