Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Encryption Government United Kingdom United States

Non-US Encryption Is 'Theoretical', Claims CIA Chief In Backdoor Debate (theregister.co.uk) 312

Iain Thomson, writing for The Register: CIA director John Brennan told U.S. senators they shouldn't worry about mandatory encryption backdoors hurting American businesses. And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use U.S.-based technology because it's been forced to use weakened cryptography, they'll be out of luck because non-American solutions are simply "theoretical." Thus, the choice is American-built-and-backdoored or nothing, apparently. The spymaster made the remarks at a congressional hearing on Thursday after Senator Ron Wyden (D-OR) questioned the CIA's support for weakening cryptography to allow g-men to peek at people's private communications and data. Brennan said this was needed to counter the ability of terrorists to coordinate their actions using encrypted communications. The director denied that forcing American companies to backdoor their security systems would cause any commercial problems.
This discussion has been archived. No new comments can be posted.

Non-US Encryption Is 'Theoretical', Claims CIA Chief In Backdoor Debate

Comments Filter:
  • by Anonymous Coward on Friday June 17, 2016 @12:23PM (#52337479)

    LOL, how quaint. As if a company belongs to a particular nation state. Freemasons 2016, huyah!

    Sir Bush, president and knighted...

    • Can't decide (Score:5, Insightful)

      by fyngyrz ( 762201 ) on Friday June 17, 2016 @12:39PM (#52337597) Homepage Journal

      I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

      I readily admit this is not an uncommon reaction of mine when I read of the things presented by elected and appointed officials. The US government is a madhouse.

      • Re:Can't decide (Score:5, Insightful)

        by Jawnn ( 445279 ) on Friday June 17, 2016 @12:54PM (#52337713)

        I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

        Judging by the universal cringe displayed by all the analysts and technicians who an actual understanding of crypto, I'd go with "a little of both". I just can't believe he's so clueless as to not understand that math doesn't recognize lines on a map, nor can I quite believe he didn't expect to get called out on his bullshit. Either way, it was a dumbass thing to say.

        • Re: (Score:3, Informative)

          by zlives ( 2009072 )

          actually i would say he was telling the 100% truth. The target for backdoor is compliant American citizens that would only purchase approved and not legally blocked soft/hardware. This has nothing to do with terrorists, corporations or any one with any knowledge at all.

          • Re:Can't decide (Score:5, Insightful)

            by cayenne8 ( 626475 ) on Friday June 17, 2016 @01:38PM (#52338145) Homepage Journal

            I just can't believe he's so clueless as to not understand that math doesn't recognize lines on a map, nor can I quite believe he didn't expect to get called out on his bullshit.

            Well, it isn't HIS cluelessness that is the problem here..is the his audience...the US Senators/CongressCritters that he speaks to in these hearings.

            See, they are the ones that pass the laws that could mandate weakening software and forcing backdoors.

            He may know perfectly well that this is a false and stupid thing to say, but it IS something the TLA's want badly...so, he tells them this and they think that it won't cause harm to US businesses, and they have, instead, just helped to fight the terrorists...and have their constituents be happy about this.

            It is the ignorance of the lawmakers that you have to worry about.....and unfortunately they're getting their information from a guy like this, that wants what he wants, no matter the cost to business or the constitution.

        • Re:Can't decide (Score:5, Insightful)

          by Anonymous Coward on Friday June 17, 2016 @02:23PM (#52338599)

          I can understand how you'd make that mistake, but he's not clueless. It's much worse than that.

          He's a man who knows that no one can challenge the power that he's amassed for himself, because the establishment is on his side. Surveillance is just a fact of life now, some people aren't going to give up their Facebook accounts until they die and he's grinning like the shit-eater he really is, because he's getting paid to take away the same freedoms they claimed they were "defending" after September 11th happened. People are legally required to pay money out of pocket straight into the hands of the same people who are supressing their rights to privacy and free speech.

          If you knew that you were taken care of for life and there were no consequences to anything you did, no matter how horrendous, how would you act? These are the same people that had pictures of their torture at Abu Ghraib published around the world, a thousand-plus-page report on their methods published around the world and what did people do? Fuck all nothing, that's what. Brennan has that grin because he knows nobody is challenging him any time soon, period.

      • I'm opting for F'N-Batshit-Crazy - which could include him thinking everyone else is stupid.
      • Re:Can't decide (Score:5, Insightful)

        by bluefoxlucid ( 723572 ) on Friday June 17, 2016 @12:57PM (#52337745) Homepage Journal

        If he's incompetent, the President should dismiss him from his post. (Executive)

        If he's lying, Congress can impeach him.

        Being so severely wrong so often is hazardous to your health.

        • by unrtst ( 777550 )

          If he's incompetent, the President should dismiss him from his post. (Executive)

          If he's lying, Congress can impeach him.

          Being so severely wrong so often is hazardous to your health.

          And when neither happens, then similar rules apply to both the President and Congress. This eventually trickles down to blaming the voters. The majority of voters are currently proving that point quite well in their handling of the current presidential election, so this should be no surprise to anyone that's conscious.

      • Re:Can't decide (Score:5, Insightful)

        by Cro Magnon ( 467622 ) on Friday June 17, 2016 @01:04PM (#52337821) Homepage Journal

        I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

        The two aren't mutually exclusive.

      • Re:Can't decide (Score:5, Insightful)

        by whoever57 ( 658626 ) on Friday June 17, 2016 @01:23PM (#52338029) Journal

        I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

        He thinks enough people are stupid, and, unfortunately, he isn't wrong about that.

      • Re:Can't decide (Score:4, Interesting)

        by kheldan ( 1460303 ) on Friday June 17, 2016 @01:27PM (#52338069) Journal
        He's the head honcho of the freakin' CIA, of course he thinks everyone else is stupid, especially politicians! How else other than overweening arrogance and likely a liberal amount of narcissism do you think someone gets that job in the first place? Strong work ethic? A strong sense of justice? LOL no, more likely successfully backstabbing all the competition and covering his tracks so thoroughly that nobody could pin anything on him!
      • by Anonymous Coward

        You have to be not actually dumb to get high up in government. But you do have to have a certain capacity to believe in the institutional lies, or at least repeat them as if you mean them. They still institutionally believe in a rather simplistic device to the point that gaming the thing is a criminal offence, for example.

        More to the point, this here is politics in action. He is furthering an agenda in front of an audience that made this agenda-pushing their day-and-night jobs, but who do not necessarily ha

    • by St.Creed ( 853824 ) on Friday June 17, 2016 @02:41PM (#52338777)

      National companies and multi-national companies *do* belong to a nation-state. It doesn't show much, until they need someone to get their potatoes out of some hot fire somewhere. They can't just move and up, since they need ties on a personal level when you get into the big leagues. Not to mention the fact that if they have a lot of infrastructure somewhere, it's also physically difficult to move.

      Let's assume corporations don't belong to a particular nation state. Like Disney. Could be Chinese, right? Mi Lao Shu and security guards with pink rifles. Works quite well in Shanghai - they are a minority shareholder though because, for some reason or another, the local company *does* belong to their nation state and the nation state knows it. Or take Coca Cola. Wouldn't hurt the brand at all if it incorporated as a Nigerian company tomorrow, I think. Or Mercedes. It could easily become an Italian brand. Would do wonders for its design, probably. Volkswagen could move to Rumania - their cars have the same amount of pollution as the old cars they have there so they wouldn't stand out so much.

      But seriously: no company can do without the protection of a nation state because in the final analysis, a tug of war between competing business interests will eventually be decided with weapons. And that is the job of the nation state. And it will only defend it's *own* companies. Companies that don't have a protector will be at a severe disadvantage. Just consider what the support of the CIA meant for Boeing when it sank lucrative trade deals in the Middle East for Airbus because they had been tapping the trade negotiations and were able to provide tapes that proved corruption. Do you think that would have happened if it had been Airbus versus Dassault? Not a chance.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Friday June 17, 2016 @12:23PM (#52337483)
    Comment removed based on user account deletion
    • by mrchaotica ( 681592 ) * on Friday June 17, 2016 @12:30PM (#52337541)

      Under 18 U.S.C. ss. 1001 [house.gov], lying to Congress is offense punishable by up to five years in prison (or eight if the lie is terrorism-related). The correct "response" to John Brennon's blatant, politically motivated, criminal lie is to indict him, convict him, and send him to Federal prison where totalitarian freedom-hating enemies of the American public like him belong.

      • by NatasRevol ( 731260 ) on Friday June 17, 2016 @12:38PM (#52337587) Journal

        In theory, yes.

        In practice, not a fucking chance.

        • Speaking of "in theory," considering what the news is reporting about how the FBI is going after the wife of the Orlando shooter, wouldn't failure to indict make every member of Congress an accomplice?

        • In theory, yes.

          In practice, not a fucking chance.

          If "practice" has been reduced to not-a-fucking-chance-in-hell, then US law is nothing more than a "theory".

          I really grow tired of the American people supporting criminals who blatantly ignore the law, especially when those same Americans want to bitch about how fucked up things are.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Well, given the fact that the Chinese are at least as smart and as technological advantage as far as public math goes as the Americans, and have more than enough money to do it and more than enough reason to do it, you could actually argue that this guy is advocating for a position where China can break American encryption, while using non-weakened encryption of their own (which there is no reason to believe to be any worse than the best American encryption).

        So, well, what is the punishment for high treason

      • Good luck.

        As much as I would like to see people like him sent off to federal PMITA prison it isn't going to happen. These guys are part of the protected class and they really need to screw over congress. Even spying and hacking into the Senate Intelligence Committee [cnn.com] servers didn't' get them into trouble, so I doubt anything will ever come of this. I just wonder what they have on the congress critters.
      • Under 18 U.S.C. ss. 1001 [house.gov], lying to Congress is offense punishable by up to five years in prison (or eight if the lie is terrorism-related). The correct "response" to John Brennon's blatant, politically motivated, criminal lie is to indict him, convict him, and send him to Federal prison where totalitarian freedom-hating enemies of the American public like him belong.

        Oh didnt you know?.. 18 U.S.C. ss. 1001 ONLY applies to the unwashed plebs, ie: Joe and Jane Six-pack.. People like Brennon don't have to worry about violating any of those pesky laws..

    • Re:Lies from Spies (Score:5, Informative)

      by Bob the Super Hamste ( 1152367 ) on Friday June 17, 2016 @01:27PM (#52338063) Homepage
      Seriously why?

      I find that the Brits generally do a better job covering the US than the US news does.
  • This halfwit is the best that the US can come up with to head their "intelligence" apparatus?

    • by tiberus ( 258517 )

      What?!? Hey, guess neither of a new the US was an international leader in technology and encryption.

      Um, yeah...

    • by pushing-robot ( 1037830 ) on Friday June 17, 2016 @12:32PM (#52337557)

      When it comes to intelligence agencies, never attribute to ignorance that which can adequately be explained by malice.

    • by Kernel Kurtz ( 182424 ) on Friday June 17, 2016 @12:44PM (#52337643)

      He is worse than the terrorists.

    • by thegarbz ( 1787294 ) on Friday June 17, 2016 @01:11PM (#52337897)

      This halfwit is the best that the US can come up with to head their "intelligence" apparatus?

      You wouldn't come up with the same excuse given the following information:

      1. You're standing in front of a group of people who consider you the expert.
      2. You stand to gain a lot from forced backdoors and the job for your agency becomes far easier.
      3. You have almost zero chance of being punished for lying through your teeth.

      What would you have said? Personally I would have come up with the exact same thing and sugar coated it by saying all terrorists use all American technology.

    • Statements like that aren't for the people who work for him, or even the /. crowd. They are for the consumption of the assorted idiots and defectives in congress [smbc-comics.com] as well as to placate the general populous that has know knowledge of how encryption works. He knows exactly what he is after and is positioning things so that he gets them even if he is lying through his teeth. Before the Paris attacks there were statements out of the FBI or CIA (I forget which) where one of their people said it would take a terro
  • by archatheist ( 316491 ) on Friday June 17, 2016 @12:24PM (#52337497)

    Glad to see that this fellow has figured out how to create new technology jobs in foreign countries. I didn't realize that was his job, but kudos nevertheless.

  • Only "theoretical"? (Score:2, Informative)

    by Anonymous Coward

    This guy is smoking some premium shit.

    He realizes that many of the Nordic area countries in Europe have some really talented crypto people, and that it would take all of about 2-3 years for some seriously competing cryptographic solutions to hit the commercial space, right?

    What will his precious 3-letter agency do when everyone stops sitting on inertia, and is compelled to create cryptography outside their control, while all the people in the US are forced to use the shitty crap he insists on-- you know, wh

    • "Purely theoretically" you could just take any OSS encryption implementation, audit the living shit out of it to ensure that none of li'l Jonny's backdoors remain and recompile it.

      If that takes a WEEK I'd be surprised.

      • Be sure to audit your compiler, the compiler used to compile it, 8 layers of firmware/uefi/bios, and the physical CPU itself.

  • by xxxJonBoyxxx ( 565205 ) on Friday June 17, 2016 @12:30PM (#52337537)
    >> (for crypto) there's no one else for people to turn to (mofos)

    Well, it's a good thing that all mathematicians have always been and will always be American then.
  • Black Hat Herring (Score:3, Interesting)

    by Lyle Thompson ( 2965671 ) <lylefile@noSPAM.gmail.com> on Friday June 17, 2016 @12:32PM (#52337561)

    The issue isn't whether the rest of the world would use it. The question is how long until the backdoor is hacked. Knowing its there will make it a prime target. Is the US government willing to back up its confidence with a guarantee to reimbursed all losses for everyone using this technology? Only then could the claim that it wouldn't "cause any commercial problems" be at all plausible.

    • by msauve ( 701917 )
      "Is the US government willing to back up its confidence with a guarantee to reimbursed all losses for everyone using this technology?"

      You do realize that simply ends up being taxpayers footing the bill.

      Better to hold CIA director John Brennan, and those congresscritters who support such backdoors personally responsible for the consequences of their actions..
      • You do realize that simply ends up being taxpayers footing the bill.

        Most people think money is wealth, and don't believe in labor and production. They think you work for money, and don't think about where all the shit they're buying comes from (aside from "CHINA!").

        You can't eat money, as much as everyone seems to want to.

  • by presidenteloco ( 659168 ) on Friday June 17, 2016 @12:38PM (#52337593)

    Would be only a slight generalization of his view point.

    A lot of people think this is how Americans think about the rest of the world.

    We've heard it's out there, but it doesn't matter very much, as long as they have a McDonalds, a 7-11, and a Starbucks.

  • Isn't GnuPG German? (Score:5, Informative)

    by HawkinsD ( 267367 ) on Friday June 17, 2016 @12:38PM (#52337595)

    Hold up there a minute, Mr SpyMaster. I think GnuPG (open-source implementation of PGP) is German. Or at least: " g10code GmbH, the legal entity employing some of the GnuPG hackers" is German.

    My company has been using GnuPG for ten years.

    See https://gnupg.org/ .

    • Britains GCHQ came up with public key encryption years before others, so its not as if the rest of the world cant do encryption theory...

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Also AES is based on Rijndael which was created by a couple of Belgium cryptographers lol

  • Jonny, listen. There is a thing called "compiler". That's a program that lets anyone around the globe take source code, that is like some sort of text that anyone who knows how to program can read (trust me on that one, anyone who can program can read this stuff. Just because you can't doesn't mean nobody else can, there is intelligence outside of your agency on the planet, ya know? Some of it even in people). That source code can also be changed by people who can read it. And then they put that source code

    • by rlp ( 11898 )

      'Compiler' you say, yeah about that ... https://www.ece.cmu.edu/~gange... [cmu.edu]

      • That you audit the compiler first is a given. I mean, no later than this [slashdot.org] it's a given that the first thing you do when auditing source code is auditing the compiler for it.

      • by Megol ( 3135005 )

        Yes and the problem (theoretically) applies even to assembly code on a bare-bone system without an OS. It's actually worse than that for many systems as many have embedded control processors for power control, supporting secure boot etc.

        Which is why the idea of open-source hardware is attractive even if it in itself doesn't plug all potential security holes...

  • by FudRucker ( 866063 ) on Friday June 17, 2016 @12:39PM (#52337605)
    if the Government spooks & goons can peek at your stuff then the criminals that are good at cybercrime will find a way to crack the key to the Government's backdoor
  • The biggest threat to US security is US security.
  • He shouldn't have said it was just theoretical. After all, how does he know for certain that it doesn't already exist and the US hasn't detected it?
  • by evolutionary ( 933064 ) on Friday June 17, 2016 @12:46PM (#52337659)
    If it's known there is a backdoor people WILL find it. And the arrogance that only American companies can create encryption libraries is dumbfounding. We have China's Red Flag, edition of Linux, North Korea appearently has "Red Star" and I suspect Russia has their own version of Linux as well. It may a crime to use non-use encryption, but it will be there and used if people fear for their privacy. We recently had an event in France where the CIA tried to claim encryption was used to coordinate their operation, and it turns it...it had nothing to do with coordination. The best people will use method with less technology dependencies. This will only make it easier for people (terrorists or "partner" like China) to go through their backdoors to access data. . We seem to "terrorism" as an excuse for everything the same way we used "communism" in the Mccarthy days. the end doesn't justify the means
  • by LichtSpektren ( 4201985 ) on Friday June 17, 2016 @12:48PM (#52337669)
    I took a trip to Europe last week. I tried using GPG but it told me that it won't encrypt anything because I'm not in the USA. Then I tried VeraCrypt but it made my hard drive fizzle out.
  • I would like to apologize on behalf of the American people. Director Brennan clearly has no knowledge on the subject which he is speaking about and was advised poorly by his staff.
  • AES is Belgian (Score:5, Informative)

    by chill ( 34294 ) on Friday June 17, 2016 @12:52PM (#52337705) Journal

    The name of the algorithm behind AES is Rijndael -- a combination of the names of the Belgian cryptographers who developed it.

    His utterings are in the running for either biggest lie of the year, or most ignorant.

    • It doesn't matter who developed it, the thing that doesn't seem to fit into his world view is that the details for all these encryption schemes are already out there. Anyone with halfway decent coding ability can implement them from the the specs to get an encryption library with no backdoor. And the crypto that we have now, by all estimations, should be more than good enough for the next few decades.
  • by nehumanuscrede ( 624750 ) on Friday June 17, 2016 @12:57PM (#52337743)

    the various agencies of the US Government tend to lie ( even to Congress ), I'm somewhat puzzled about why they even bother to ask questions of them anymore.

    Perhaps Congress should forgo asking questions of the professional liars ( any intelligence agency ) and ask the tech world instead. I'm quite sure the likes of Cisco, Juniper, Apple, Google and many others ( assuming they're not secretly on the Governments payroll ) would have a much different perspective on the issue at hand.

    • as an afterthought, it has been shown time and time again that even when they DO have actionable intelligence on a would-be terrorist, they typically fail to act on the information. So, other than spying for different purposes than what they would have us believe, I fail to see the point in giving them access if they're incapable of doing anything with it.

      The only thing backdooring encryption will do is ensure the world avoids US made products at all costs. It will likely bankrupt several major companies

      • Exactly this. Even if you could somehow, magically, prevent non-backdoored strong encryption from existing (and that would be some serious "rewrite the laws of physics" level magic there), your improved security from terrorists would be exactly 0. However, your vulnerability from criminals exploiting the backdoors for their own nefarious purposes would shoot through the roof. And that's not even getting into government abuse of their backdoor.

  • by gweihir ( 88907 ) on Friday June 17, 2016 @12:58PM (#52337755)

    For example, AES is a Belgian design. The US has long since lost leadership in this. That is if they ever had it.

    Incidentally, when did US TLAs catch any terrorists "coordinating via encryption" the last time? Oh, right, NEVER.

  • As other posters have said, his words are those of an idiot.

    Any possibly that he is actually saying that known crypto algorithms have been broken by the US? I doubt it, but it is interesting to ponder.
  • Given that nearly every major tech company has large presence in multiple foreign countries, then they move their headquarters outside the US. For instance, I know for a fact that MS has contingency plans to move headquarters 60 miles up the road to Vancouver BC for some situations and given their presence in India, that likely wouldn't be much of a challenge either. I'm sure that most other big players are similar. They simply leave to avoid the law. Yay, great for America right?
  • Who's to say that some other country will do any better? I agree it is a poor move and will likely just end up being abused more against US citizens than espionage. However, it's not like the US is the only surveillance-happy country out there. The UK and China are as bad, if not worse. At least the US is being relatively transparent about their intentions. I doubt you would get much notification if China mandated that all its companies installed backdoors in their products.
  • by Sir Holo ( 531007 ) on Friday June 17, 2016 @01:08PM (#52337873)

    It would be "aiding or giving comfort to the enemies of the United States" – by encouraging them to take over for the US companies that this type of legislation would kill.

    You or I would go to Federal Prison for that.

  • by martin ( 1336 ) <maxsec@nosPaM.gmail.com> on Friday June 17, 2016 @01:09PM (#52337879) Journal

    Who actually invented public key encryption first, oh yeah a British fella working for gchq one evening in his head cos he couldnt write it down

  • And how long does it theoretically take for some non US entity to grab some existing OSS code out there today, fork it an package it un-crippled?

    • by ceoyoyo ( 59147 )

      Negative twenty years? Lots of open source encryption packages were started by non-Americans and specifically hosted outside the US in the 90s because of US export restrictions.

  • The director denied that forcing American companies to backdoor their security systems would cause any commercial problems.

    This is lie, an outright lie [theweek.com], and I hope he was under oath when testifying before congress. Absolute, outright lie! Liar, liar, pants on fire. Everyone email their representative and let them know the director outright lied to their face and cite the CEO of Cisco.

    This will hurt American Tech in China. To interoperate, China will steal all corporate America's IP and integrate it into their products.

    Dr. Mr. Director of CIA, your reality distortion field is NOT WORKING! I am still in disbelief. This is how

  • Comment removed based on user account deletion
  • Comment removed based on user account deletion
  • by Jason Levine ( 196982 ) on Friday June 17, 2016 @01:36PM (#52338127) Homepage

    Another article [morningconsult.com] has more of the exchange:

    Sen. Ron Wyden (D-Ore.), another committee member and staunch privacy advocate, has pilloried proposals to give law enforcement access to encrypted data, saying bad actors would simpy use foreign-based encrypted messaging apps. Brennan argued at the hearing that such a concern was theoretical because “U.S. companies dominate the international market as far as encryption technologies that are available through these various apps.”

    Warner [Sen. Mark Warner (D-Va.)] questioned Brennan’s assertion. “Two thousand apps a day are added to the phone store. Over half of those are foreign-based entities,” he said.

    In a statement following the hearing, Wyden countered that allowing government access to encrypted platforms “would not stop terrorists from using strong encryption and it would undermine American competitiveness and Americans’ digital security at a time when the threat from foreign hackers and cyberattacks has never been greater.”

    Let's allow the assumption that American companies currently dominate the encryption field. We'll say that's true. How long would that dominance that last if foreign companies used strong encryption and American companies used hobbled encryption left vulnerable to the American government and hackers? Thank goodness for Warner and Wyden for pointing out how idiotic Brennan 's assertion was.

    • by fnj ( 64210 )

      Let's allow the assumption that American companies currently dominate the encryption field.

      Let's not. Let's not even allow that COMPANIES dominate any technology. I think the words you want are "worlwide" instead of "American", and "scientists" instead of "companies".

  • by Anonymous Coward

    The AES encryption algorithm is Rijndael, which is Belgian
    The runner-up for the contest for becoming the AES standard was Serpent, which was a British/Danish/Israeli collaboration.
    Third place went to the Twofish algorithm, designed by Bruce Schneier, a US citizen who happens to be a vocal opponent of backdoors.

    The "main" encryption du jour happens to be from outside the USA. The best alternative is also from outside the USA. Of course, the nationality of the creators doesn't matter - the USA is able to make

  • Oh dear god, really? This is why we are ineffective. The men in charge are idiots, morons and buffoons.

It isn't easy being the parent of a six-year-old. However, it's a pretty small price to pay for having somebody around the house who understands computers.

Working...