Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Cellphones Communications Government United States

US Congressional Committee Concludes Encryption Backdoors Won't Work (betanews.com) 98

"Any measure that weakens encryption works against the national interest," reports a bipartisan committee in the U.S. Congress. Mark Wilson quotes Beta News: The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate. The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest".

This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one... The group says: "Congress should not weaken this vital technology... Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors...

The report recommends that instead, Congress "should foster cooperation between the law enforcement community and technology companies," adding "there is already substantial cooperation between the private sector and law enforcement." [PDF] It also suggests that analyzing the metadata from "our digital 'footprints'...could play a role in filling in the gap. The technology community leverages this information every day to improve services and target advertisements. There appears to be an opportunity for law enforcement to better leverage this information in criminal investigations."
This discussion has been archived. No new comments can be posted.

US Congressional Committee Concludes Encryption Backdoors Won't Work

Comments Filter:
  • not only will the FBI & Police be able to get in but also criminals will crack it and get in too, it would be better if the keeper of the keys would cooperate with the FBI & Police and unlock the devices on a per-user basis when a search warrant is demands it so, that way innocent people dont have to worry and quit shopping on line and changing their credit card numbers, and the FBI & Police can still do their investigations
    • by ShanghaiBill ( 739463 ) on Saturday December 24, 2016 @04:02PM (#53549403)

      There are two fatal flaws in your reasoning:
      1. You assume that "the police" and "the criminals" are disjoint sets.
      2. You assume that innocent people have nothing to hide, and nothing to fear from the police.

      • by Motard ( 1553251 )

        There are two fatal flaws in your reasoning:
        1. You assume that "the police" and "the criminals" are disjoint sets.

        He does no such thing. He is suggesting that, say, Apple would hold a key and would only unlock a device in response to the concurrence of two separate branches of government. In this case the executive and judicial.

        2. You assume that innocent people have nothing to hide, and nothing to fear from the police.

        He made no such assumption.

        • He doesn't have to make the assumption. Regardless of how many honey coated words are used, that is what he is saying, in the end. There should never be a mandate that gives the government a free pass into crypto. It is not American. But after seeing how google, yahoo, Microsoft, Apple, Facebook, and individual app makers use and sell your information, I can see where most people don't see a problem with this. But just because millions of people are oblivious to the fact that not only are they being sp
        • by Agripa ( 139780 )

          He does no such thing. He is suggesting that, say, Apple would hold a key and would only unlock a device in response to the concurrence of two separate branches of government. In this case the executive and judicial.

          Do you mean like how the telecommunication companies would only hand over metadata and content to law enforcement when presented with lawful orders until the point where Congress had to pass a law granting them immunity because they did not? How did that work out? Why would it be any different with Apple?

    • by wbr1 ( 2538558 )
      Wrong. No one should have a golden key. The only parties with keys should be parties to the communication.
    • by Anonymous Coward

      There should be no keeper of the keys. The keys should be inaccessible to the manufacturer and anybody but the person who owns the device. Then we dont have this problem and the FBI can go to hell. Why is it just because something's electronic that they should have unfetterred access to it? And with courts largely comprised of pro-cop judges search warrants aren't all that much of an impediment or check in far too much of this country.

  • Disturbing. (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Saturday December 24, 2016 @02:45PM (#53549085)

    While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      The backdoors are starting to impact international trade, making US products less appealing. China has also had problems with backdoors, but this allows different countries to become more competitive while the US remains politically divided (preventing them from competing globally in the future, over the long-term).

    • Re:Disturbing. (Score:5, Insightful)

      by Areyoukiddingme ( 1289470 ) on Saturday December 24, 2016 @03:08PM (#53549187)

      ... "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions."

      I expect the experts testifying used illustrations in crayon and very small words. And they still got a weasel-worded statement from the committee. "Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system..." No, that's not what they said. Every single one of them said it is impossible. Because it is.

      Congresses come and go, but there is one invariant: they all have trouble with mathematics.

      • by gtall ( 79522 )

        "Congresses come and go, but there is one invariant: they all have trouble with mathematics."

        That's not saying much, most people have trouble with mathematics.

        • Re:Disturbing. (Score:5, Insightful)

          by hawguy ( 1600213 ) on Saturday December 24, 2016 @05:54PM (#53549749)

          "Congresses come and go, but there is one invariant: they all have trouble with mathematics."

          That's not saying much, most people have trouble with mathematics.

          Most people aren't making Federal policy decisions related to science, math, and technology while being unversed in science, math, and technology.

      • by raymorris ( 2726007 ) on Saturday December 24, 2016 @03:26PM (#53549285) Journal

        I'm sure cryptography experts did in fact say it's infeasible or impractable. That's what those of us who work in the field say about things we think nobody can do (probably). For instance, it's currently infeasible to crack 2048 bit Diffie-Hellman. We tend to avoid saying something is impossible, because as soon as you say that someone's likely to do it :) Theoretically, it's trivial to crack Diffie-Hellman, it's not cracked because of the PRACTICAL difficulty of doing so.

        There's nothing theoretically preventing a master key from working just fine, only PRACTICAL problems of a) keeping the government key secret (while it's used) and b) selecting ciphers and implementations that won't be hacked ten years from now. The practical issues mean it's impractical to have a government master key.

        • by Anonymous Coward

          only PRACTICAL problems of a) keeping the government key secret (while it's used)

          This is what makes it totally impossible. They couldn't keep big secrets like the nuclear bomb - one would think it'd be nice if others really had to do all the development all the way from basic principles. Failing on the big secrets, how could you expect them to keep smaller secrets like a master key that allow full control of one series of phones from one particular brand? Doesn't seem as interesting a secret to keep as "details of a nuke" so it'll get out even easier.

          Other governments will want their ow

        • by Agripa ( 139780 )

          I'm sure cryptography experts did in fact say it's infeasible or impractable. That's what those of us who work in the field say about things we think nobody can do (probably). For instance, it's currently infeasible to crack 2048 bit Diffie-Hellman. We tend to avoid saying something is impossible, because as soon as you say that someone's likely to do it :) Theoretically, it's trivial to crack Diffie-Hellman, it's not cracked because of the PRACTICAL difficulty of doing so.

          Since the government's position [wikipedia.org] is that "limited" is any duration of time which is bounded, I do not know what they are complaining about. Under that definition, any encryption key can be cracked in a limited amount of time.

      • by Agripa ( 139780 )

        I expect the experts testifying used illustrations in crayon and very small words. And they still got a weasel-worded statement from the committee. "Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system..." No, that's not what they said. Every single one of them said it is impossible. Because it is.

        Congresses come and go, but there is one invariant: they all have trouble with mathematics.

        The technology part for key escrow and similar systems works fine but the social part is completely broken. Congress cannot pass a law limiting access which the government cannot later ignore.

    • by Ungrounded Lightning ( 62228 ) on Saturday December 24, 2016 @03:30PM (#53549307) Journal

      While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

      You see this a lot.

      A stock thing for Congress to do when there's a lot of public pressure over some crisis is to take the pressure off themselves by commissioning a study. By the time the study is finished the crisis is old news and the pressure is gone. The results of the study can then be safely ignored and the Congresscritters can continue to vote the same way as always.

      The only thing the study results are usually used for is occasional speech sound bites for proponents of the side that agrees with the conclusions. Since the conclusions don't actually matter, the study groups don't have to be packed to come up with a desired result. So sometimes they come up with something accurate and useful. But it's still noise as far as actually changing anything politically sensitive. About the best thing it does is occasionally help a legislator understand an issue better and/or formulate a better way to present his position.

      One example of this is the Second Amendment. Congress commissioned a study on whether the framers intended it to protect an individual right of members of the civilian population to arm themselves as they see fit. The study went deep and came to a resounding conclusion that this was exactly the point. This was reported in 1982.

      Then Congress and the executive branch completely ignored the study and continued legislating and enforcing ever more gun restrictions - to this day, nearly 35 years later. Most of the federal level legal changes that favor those who want to buy guns and use them for self defence have come from the Supreme Court, which came to the same conclusion by their own procedures.

      • Arms and Armies (Score:5, Interesting)

        by Tenebrousedge ( 1226584 ) <tenebrousedge@gmail. c o m> on Saturday December 24, 2016 @10:21PM (#53550441)

        Fascinating. What did the study say about the utter uselessness of the militia (as demonstrated by the burning of the Capitol in 1814), the intentions of the Founders not to have a military in peacetime, and the current lack of any organized militia, that being necessary to the security of a free state? Do you imagine that any part of warfare has changed since 1789? Do you feel that muskets and automatic machine guns should be treated identically by legislation? How are we doing on the citizen-farmer thing that the Founders were also in favor of? Is it possible that the conditions under which the 2nd Amendment were drafted have little or nothing to do with the society that has resulted?

        I believe that it is only consistent, that if one wishes to argue the Founders' perspective on the second amendment, that if they argue in favor of an individual right to bear arms, they must also argue against the United States maintaining a standing army in peacetime. Furthermore, the Founders would probably not have considered our police forces as anything other than a standing army targeted against the People; certainly no such thing existed during their lifetimes. I am sure your mental gyrations will be fascinating to watch.

        • by Anonymous Coward

          ... argue against the United States maintaining a standing army in peacetime.

          As you note, the issues of bearing arms and forming a standing militia have wrongly been separated. But obeying the purpose of the second amendment raises some issues: What authority does the US government have to order citizens to repel invading forces, to fight overseas, to fight for allies such as South Korea and the Philippines, to illegally invade a country such as Iraq? Then there's the issue of generals and intelligence officers: One doesn't get those skills by monthly drills and an annual tri-st

        • I believe that it is only consistent, that if one wishes to argue the Founders' perspective on the second amendment, that if they argue in favor of an individual right to bear arms, they must also argue against the United States maintaining a standing army in peacetime.

          Oddly, you say that in an incredulous manner, but surprise! We should NOT be maintaining a standing army in peacetime.

          Furthermore, the Founders would probably not have considered our police forces as anything other than a standing army targeted against the People; certainly no such thing existed during their lifetimes.

          I am unsure wtf you are on about with the police forces. Policemen have been a fixture of society since prehistoric times. You gotta stop smoking that wacky tobaccy if you wish to be coherent. To be fair, the current state of police forces is more like an occupying army... but your discussion concerning police is still incoherent. Perhaps you should have saved that little gem for another top

          • I did skip a sentence there, as you say the point was not entirely coherent, but it wasn't worth the trouble to post a correction. The first police forces in the US were created during the mid-19th Century. Prior to that, there were such things as beadles and tipstaves, night watchmen, and other private security forces, but they did not have guns, because muskets and long rifles are not particularly effective at that task. The first "bobbies" were armed with clubs and wooden noisemakers, which they later tr

      • One example of this is the Second Amendment. Congress commissioned a study on whether the framers intended it to protect an individual right of members of the civilian population to arm themselves as they see fit. The study went deep and came to a resounding conclusion that this was exactly the point. This was reported in 1982.

        Then Congress and the executive branch completely ignored the study and continued legislating and enforcing ever more gun restrictions - to this day, nearly 35 years later. Most of the federal level legal changes that favor those who want to buy guns and use them for self defence have come from the Supreme Court, which came to the same conclusion by their own procedures.

        Well, it's kind of telling when you live in a country where "constantly carrying lethal force, and being ready to use it to kill any random schmuck" seems a normal rational decision.

        To us on in more peaceful countries, you sound like someone asking to introduce a new amendment in your constitution to make it legal for everyone to drive a tank around just to be able to defend themselves against any potential threat - like an invader or a terrorist ramming the crowd with a truck.

        And don't start about "being a

    • While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

      I must admit my basic assumptions about Congress were rattled a bit...
      but then I remembered that this is a very small subset of the legislative body overall.
      So, somehow they got the right people looking and listening to the actual experts...
      even lotto tickets hit sometimes...
      now back to business as usual.

    • While most people start thinking, "oh what a breath of fresh air, the government getting it right for once"

      Interesting, becasue that's not what I was thinking at all. I was thinking "What astonishing hubris implicit in this debate that they assume they have the authority to access data that has been explicity access controlled by encryption." Apparently just because they are in government or law enforecement they assume they have this authority, when they actually do not. The only persons who can grant this access are the encryption key holders. So, no, I don't think they got it right by any means.

    • by dgatwood ( 11270 )

      While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

      Nope. They no doubt spent millions of dollars on a study to tell them what they could have learned for free by asking any software engineer who has ever spent even a single week in his/her entire life implementing any sort of cryptographic software. This is why our g

      • The alternative would seem to be to find people who appear to be experts, and just trust them. That can backfire. For matters of policy, it's very useful to have determined who the actual experts are and what the basic situation is like.

  • by HangingChad ( 677530 ) on Saturday December 24, 2016 @02:50PM (#53549099) Homepage
    I think we've all seen how good the FBI is at keeping secrets. Any encryption backdoor would be in the wild in a week. In the week before it got loose it would be mostly a political weapon.
    • by gtall ( 79522 )

      Oh, have they been sending you the memos saying what's secret and what's been leaked, or are you just talking out of your ass.

      • We're extrapolating based on the fact that it seems increasingly difficult to keep secrets these days, even the NSA, who have admitted that Snowden's leaks have been very "damaging" to them. What about the Italian hacking firm "Hacking Team" which was itself hacked, and all its secrets laid bare? I'll bet some of the Democratic National Committee's leaked internal e-mails even talked about such security concerns. And then there's good ole Yahoo, with about a billion leaked e-mail credentials at last coun

    • 100% agreed. You *CANNOT* keep secrets. Consider...

      * Aldrich Ames https://en.wikipedia.org/wiki/... [wikipedia.org]
      * Jonathan Pollard https://en.wikipedia.org/wiki/... [wikipedia.org]
      * Edward Snowden https://en.wikipedia.org/wiki/... [wikipedia.org]

  • by v1 ( 525388 )

    It almost sounds like they listened to reason for once? Hearing the expert testimony of many experts in the field, enduring the BS babble of the FBI, and came to a logical conclusion?

    Now I'm worried that the bodysnatchers have gotten into congress...

    • by grumling ( 94709 )

      Yea, there's a lot of very good research done in Washington. Look at some of the work generated by the CBO. Much of it is logical, reasonable and will never be implemented because logic and reason have no place in US politics.

    • by AHuxley ( 892839 )
      It's more about branding and sales.
      Who would by a US crypto or networking product with the NSA, GCHQ, Australia, Canada, NZ, the FBI, city, state police, their workers, ex staff and former staff having the once secret NSA only keys?
      Then any US ex staff and former gov/mil staff could sell access or give access to... their faith, cult, the media, other nations, competing corporations, any monarchy or theocracy who can pay for information on dissidents or people suspected of blasphemous acts?
      The other cost
  • by L. J. Beauregard ( 111334 ) on Saturday December 24, 2016 @03:05PM (#53549173)

    Because to hell with the experts, he knows more than the experts. SAD!

  • All those "smart" people on the McLaughlin Group talked about how apple and the like would put that in their phones that would let the government in while keeping it otherwise safe. Yes I'm being sarcastic. (I've never seen a better example of the "Murray Gell-Mann Amnesia effect" in my life FWIW.)
  • Having encryption that can be broken makes it easier for police and FBI to catch criminals, and easier for foreign nations and companies to find out information that the government, police, army, or private companies, want to keep confidential. That should be obvious to everyone but is likely to be ignored by FBI and police because it is a problem, but they don't see it as their problem.

    The NSA has argued for a very long time that good encryption is overall better for national security. If there had been
    • by Agripa ( 139780 )

      The NSA has argued for a very long time that good encryption is overall better for national security.

      That is certainly their public position but it is undermined by their known activities in subverting encryption including subverting IPSEC. I believe their real position is that they want everybody to rely on flawed encryption without believing it is flawed.

  • To say that I'm stunned is pure understatement!

    • Well, it was just a working group. We have no idea whether what they concluded will have any effect on Congress as a whole.

      Additionally, they seem to want the companies themselves to have keys... At least that's how I read the bit about law enforcement working to maintain good relationships with tech companies.

      So I'm going to hold off on rejoicing, for the time being.

      • by Chas ( 5144 )

        I know. But even THIS level of common sense is just jaw-dropping.

        I'm just afraid I've been dropped onto Bizarro World or into the Mirror Universe or something...

  • What will happen instead is that only state licensed encryption will pass through your ISP's mandatory deep packet inspection (goodbye TOR, Freenet, and VPN). All other types will be dropped and reported to the proper authorities.

    • by PPH ( 736903 )

      Steganography. You can't examine every cat video.

      • When it's automated you most certainly can, and they will...

        • by PPH ( 736903 )

          What's the difference between a cat video with a concealed message using unapproved cryptography and one with random noise added if they all have one or the other?

  • ...fuck off, and rediscover traditional investigative techniques, instead of relying on the fascist relationships it has with corporations to get the easy access to illegal surveillance it's been reliant on for too long.

  • ... Hobbits are not Orcs.

    (apologies to all the Ents out there. You are not as slow as congress.)

  • Congress..... did something... right?
  • Sudden outbreak of common sense ....
  • This seems to be the right answer. My theory is that their ignorance has clouded their poor judgement.

  • by Opportunist ( 166417 ) on Saturday December 24, 2016 @09:23PM (#53550317)

    I guess I got my Christmas wish granted. A government finding about "computer stuff" that not only makes sense, it even seems they finally got it.

    They ... they might really have understood the problem. I still cannot believe it, it really sounds like they not only went by some hunch or an "expert" recommendation without buying into it, it really seems they finally, FINALLY understood the underlying problem.

    I ... I'm kinda scared, government understanding computers, what comes next? If we're not careful, they might even stop wasting taxpayer money. And what kind of government would that be? And more important, what could we ridicule about them and what should we then complain about? Did anyone think about that? What should we feel superior about anymore if the government starts to understand computer problems?

    Won't somebody PLEASE think of us professional smug know-it-alls?

  • Apparently Congress switched to bottled water at some point in the past, and started chelation therapy for all that lead poisoning they were suffering from, because this news shows that their brains are starting to work correctly again, they're listening to their tech advisers, and coming to the correct conclusions about encryption. Now if we can just get the FBI to switch to bottled water and chelation therapy, we can get their brains working correctly again, and they'll see that what they've wanted all th

The computer is to the information industry roughly what the central power station is to the electrical industry. -- Peter Drucker

Working...