FBI Again Calls For Magical Solution To Break Into Encrypted Phones (arstechnica.com) 232
An anonymous reader quotes a report from Ars Technica: FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem, the idea that the prevalence of default strong encryption on digital devices makes it more difficult for law enforcement to extract data during an investigation. However, in a Wednesday speech at Boston College, Wray again did not outline any specific piece of legislation or technical solution that would provide both strong encryption and allow the government to access encrypted devices when it has a warrant. A key escrow system, with which the FBI or another entity would be able to unlock a device given a certain set of circumstances, is by definition weaker than what cryptographers would traditionally call "strong encryption." There's also the problem of how to compel device and software makers to impose such a system on their customers -- similar efforts were attempted during the Clinton administration, but they failed. A consensus of technical experts has said that what the FBI has asked for is impossible. "I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available," Wray said Wednesday. "But I just don't buy the claim that it's impossible. Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe."
And yet again... (Score:5, Insightful)
Re: (Score:2)
Because they don't work in the FBI
Nobody is interested in "knowing better". They simply say what they are told to say, or they get fired.
Re:And yet again... (Score:5, Insightful)
These people think _they_ define how reality works. They think that laws and power can change reality. They have no understanding that mathematics and engineering are far close to actual reality than their fantasy of how the world works will ever be. As such, once they think they have enough power to demand things, they become a serious problem.
Re: (Score:2)
Well, that actually goes with the territory. I have dealt with the same thing all over as tech expanded. Lazy useless people demanding tech do their work for them and I would advise them quite simply, if tech could do their work for them, why would the company employ them.
So poorly performing lazy FBI agents demand tech do their job for them, sit in their office whilst pretending to do great investigative work but in reality just spying on everyone, more often than not their next hopeful sexual conquest or
Re: (Score:2)
Ah, yes. I have had that even from people that should know better.
Re:And yet again... (Score:4, Insightful)
Also, calling the director of the FBI an "FBI mouthpiece" is not really what the word mouthpiece is intended to convey.
Here's the impossible (Score:4, Interesting)
Imagine I want to tell Travelsonic something secret. I don't have his email address or any other way to contact him other than posting here, for all to see. My desire is to post openly, where everyone can read it, but only Travelsonic can tell what it means. We have no means of agreeing on a secret password or anything.
Cryptography experts tells us that's impossible. Or was impossible, until Diffie and Hellman figured out a very clever way to do it. Diffie-Hellman key exchange is now used all the time, of course. It's a brilliant solution to a problem that seemed impossible for many years.
Therefore I don't think it's unreasonable to say "I understand we don't have any way to X, but it's possible that some clever innovation can somehow achieve this goal, something nobody had thought of yet.". In his remarks he acknowledged that there is not a solution, currently. He said he's not proposing any law or regulation, because there isn't any law that could make sense right now. He's right, most any such law that could be passed today would be bad.
In fact, I happen to know of some innovative ideas that partially solve the need. It's possible to do encryption in such a way that you can't read the message, but you can check if the message has certain strings in it. You can build a chip that, without revealing some fact , cryptographically proves that the fact is stored in the chip.
Simple salted hashing of text and call message numbers makes it impossible to know who someone called, yet still possible to answer whether they called one specific number. So the FBI could find out whether a suspect called Muhammad Atta, without being able to tell who else they called. This isn't super-advanced technology - every web site that has password login uses salted hashes, or should be using them.
I'm fact saving only the salted hash of the numbers you call and text would be MORE SECURE than what your phone does today.
This guy may, five years from now, propose something stupid. If so I'll oppose it. I don't see expressing a desire to consider what innovative solutions might solve certain needs, with a search warrant, as stupid. Such a search might have some uninformed people making dumb proposals, but he made none in this case.
Re: (Score:3)
The problem might be easier for people to mentally deal with if you shuffled things around. I would suggest looking at it from the position of "Peggy wishes to prove to Victor that her cell phone has not been used to call Carol, but without risking revealing anything else." Presume that somebody may be wanting to clear themselves without giving away any more of their privacy than absolutely necessary.
That's a good perspective (Score:2)
That's certainly doable, and a good way of looking at it.
Also in these discussions we should keep in mind the difference between *with a proper warrant*, based on probable cause, vs random searches such as a the border. In my opinion, for someone whose *job* is to catch bad guys, mostly very bad bad guys, and get evidence of what happened, it's not unreasonable for them to say "I'd like some of the really smart technical people to think about how we investigate crime in 21st century without impacting secur
Re: (Score:2)
It'd also be important to keep in mind that the it protects privacy outside of the scope of the search--which means you might want to have it so either the consent to the search or the warrant must contain a complete list of what strings will be checked for, which won't prevent additional strings from being checked for but will keep it out of court.
But the same tools that let Agent Victor catch very bad bad guys would enable Peggy to clear herself with a minimum amount of compromising of her privacy. It sh
They're called timers, Ed. Heard of a PIN? (Score:2)
You know how if you enter your unlock code wrong once, have to wait a few seconds, three times and you have to wait a minute, ten times and you have to wait an hour? Yeah. That's how you stop enumeration of large sets.
Re: (Score:2)
I'm waiting for Warren to get on the bandwagon and fuck this guy up. Unfortunately, she's a lawyer, and not technical enough AFAICT. I'll work on this with her once elected; she's quite intelligent and, I'm certain, will enjoy having a few more lethal weapons in her belt.
If her Senate career doesn't pan out, I'd be happy to see her appointed to succeed Ruth.
Also (Score:5, Funny)
I'd like a magical pony. I know magic doesn't exist, but that shouldn't mean I can't get a magical pony.
Re: (Score:2)
> magic doesn't exist
I just don't buy that claim.
Our education systems needs to be thoughtfully designed so they don't undermine our ability to keep pace with international wizarding schools.
And I'm going to put man hours behind my opinion. Tax dollars. Legislation.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Our education systems needs to be thoughtfully designed so they don't undermine our ability to keep pace with international wizarding schools.
No, we just need high tariffs on international magic imported into the US.
Or exported, imported or otherwise traded anywhere else in the world. The IRS could greatly increase tax revenues by taxing the incomes of foreign nationals living and working abroad.
The TSA can staff domestic wizards to detect those trying to smuggle cheap, foreign magic into this Grape Kool-Aid Nation!
Those wizards caught at the border will be turned into newts!
Re: (Score:3)
I know magic doesn't exist...
Gravity is magic. Anything I don't understand is magic performed by the gods.
Re: (Score:3, Funny)
Gravity is a NASA hoax. The disc that is Earth & its counterpart anti-Earth have been accelerating away from each other at 9.8 m/s/s since they split, driven by the strong repulsive force between matter and antimatter. We will never reach the speed of light. For an explanation why, I refer you to Einstein's papers in their original Hebrew. NASA heavily censored Einstein during translation.
Re: (Score:2)
Magnets [kinja-img.com] are magic.
Re: (Score:2)
That is way fucking cooler than magic.
Re: (Score:3)
A magical pony ought to be able to exist in spite of magic not existing, because it can use its magic to circumvent the lack-of-magic.
Re: (Score:2)
You obviously don't understand how real magic [youtube.com] works. There's no ponies, just wizards.
Oh...
I should probably stop using spurs...
Re: (Score:2)
Obviously a Pony can be a wizard, and a wizard can be a Pony
Re: (Score:2)
The FBI should come back to us when the government's three-letter agencies actually manage to keep a secret for more than a few years. Do they really think the public will trust them to keep these figurative "keys to the kingdom" secured, when we've seen time after time after time they can't keep their own secrets from leaking?
Technically speaking, it's pretty straightforward to design strong encryption that can be unlocked with multiple keys. The "magical pony" part is the human factor, which will inevit
Re:Also (Score:4, Interesting)
Any hole is exploitable (Score:5, Insightful)
There is no security when a backdoor exists. Once it is known, everyone will work to get in, and you wont find out it was cracked until it has been heavily exploited.
Re: (Score:3)
Every actual expert knows and understands that. These people are not experts in this field and they are not experts in any other field that has hard laws and realities. Hence they do not understand this is a statement of fact and think it is negotiable. Or in other words, these people are not only stupid, they are utterly disconnected from reality. That is why they keep asking for something that is impossible. And, of course, these people are dangerous, because they will continue to do damage as they think
Re: (Score:2)
There is a (large) class of people that do not understand what a "fact" is. I have no idea where that problem comes from. Mental defect? Previous life where wishes or talking could change reality? Not enough intelligence to understand how things work in reality?
Re: (Score:2)
How much data is actually on "the phone?" My phone is a thin client device that connects to "the cloud." If I forget my password I simply reset it.
Mind you I'm not a criminal. But is there really secret data exclusively on the phone? Or is it simply that they need to figure out what the accounts are so that they can call the Help Desk to get the passwords changed?
My cell phone provider keeps track of all the data and hostnames that the cell phone connects to. I can see it as part of my "how much data
You'd never guess it (Score:3)
But it turns out that a $5 wrench turns out to be as good as key escrow.
Re: (Score:2)
Not just as good; it's better. If a copy of a key is made and someone accesses it, how will the victim know? No due process.
OTOH, if you physically attack or threaten someone, they know it happened. Unless you murder them or keep them kidnapped without access to their lawyer, a judge is eventually going to find out what you did. Due process will happen.
Ergo, a civilized society will choose $5 wrenches as a better solution to "the going dark
Strong Encryption, But Not For Us (Score:5, Insightful)
Anytime someone says they support strong encryption but want to be able to bypass whenever they have the need, my head wants to explode. Any bypass, back door or master key, no matter how well designed, perfectly implemented, or zealously protected, fundamentally weakens the encryption they claim to support. If a way around the encryption exists, someone will find and exploit it. Pure and simple.
I'm all for law enforcement being able to do their job. But I'm also all for strong encryption - my job in information security depends on it, and the sensitive information of millions of people would be at risk without it. Encryption is a tool, like a hammer: people with bad intent can use it to build harm as well as upstanding citizens can use it to build good. I'm sorry, but law enforcement needs to find another way to get to those nails, rather than make hammers defective for everyone.
Re:Strong Encryption, But Not For Us (Score:5, Interesting)
Any bypass, back door or master key, no matter how well designed, perfectly implemented, or zealously protected, fundamentally weakens the encryption they claim to support.
The FBI is asking for something infeasible, and probably a bad idea even if it were feasible (see my comments here [slashdot.org]), but this is not true. Modern cryptography provides us with ready tools to do this sort of thing. Escrowing of keys, protected by public key encryption, is very well understood. It's actually pretty common in enterprise system configurations for the crucial keys on employee devices to be escrowed with the enterprise to enable it to recover data from the device in the event of employee unavailability (death, termination, etc.). What the FBI wants is fundamentally the same thing, but on a vastly larger scale.
And it's the scale that makes it infeasible. Secure key management is hard even on a small scale, and it gets exponentially harder with scale and with the number of parties involved. In addition, there are all kinds of hard-to-handle corner cases. In the enterprise case, those are addressed with a combination of fiat -- employees must do whatever needs to be done to enable the key escrow -- and acceptance that sometimes stuff happens and data gets lost. In the FBI's scenario, the first of those is impossible and the second is unacceptable. Enterprises don't generally have to contend with employees deliberately subverting the escrow system.
So, yes, this is a bad idea, but not because it's fundamentally impossible as you say, but because it's just way too hard. Especially since we haven't managed to figure out how to secure consumer devices at all yet.
Re: (Score:2)
I've devolved straight to MOTHERFUCKER NO. I'm not debating, not engaging, not explaining why you don't need that and won't get that.
Want a pony? MOTHERFUCKER NO. But why not? NO. But why though? BECAUSE NO.
When they have some idea of what this will look like ill go back to explaining but not before.
Re: (Score:2)
I've devolved straight to MOTHERFUCKER NO. I'm not debating, not engaging, not explaining why you don't need that and won't get that.
That works when you have the power to say no, which isn't the case in this situation. If Congress enacts a law requiring backdoors, companies will have to choose between complying as best they can, or just exiting the business, which means they'll comply. It's crucial to debate, to engage, to explain, to prevent that from happening. We must make people understand why this is a bad idea, and just saying "it's impossible" won't work, because the other side can find someone to show that we have the cryptograph
Re: (Score:2)
Law enforcement must be carefully limited in what they can do and also carefully monitored. Otherwise you end up in a police-state and eventually in full-blown fascism. It is not the purpose of law enforcement to be able to solve every crime or even most of them. It is also not their purpose to enforce morals or be able to access everything on computers. What is their purpose is to make sure crime does not pay on average. They are already failing at that task often enough, just think of how many banksters a
Re:Strong Encryption, But Not For Us (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2, Insightful)
Tis better for one guilty man to go free then 10 innocent to be falsely accused... or something like that.
You cannot set up ANY solution that would allow the "authorities" to access encryption WITHOUT weakening encryption for INNOCENT people.
Since the govs primary responsibility is to protect its citizens, this request is an anathema to civilized society.
So take your fear mongering think of the family talk and shove it.
Re:Strong Encryption, But Not For Us (Score:5, Insightful)
Re:Strong Encryption, But Not For Us (Score:5, Informative)
I'm all for being able to keep data private from unauthorized viewing. But I'm also for law and order - my safety, and the safety of my family, depends on it. Encryption is a tool, like a hammer, but if you give perpetrators impenetrable boxes to hide their precious loot in then all the tools in the world will not allow them to be brought to justice - ever.
You do realize that those "impenetrable boxes" are also protecting your banking information, medical records, credit/debit card transactions, private communications, etc, etc, etc, don't you? You and your family's safety depends on it.
I Got It! (Score:2)
But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe.
So here's what the industry should do...
Yes, you can use strong encryption on your phones. You then provide a super-convenient way for your customers to unlock their phones via biometrics. Then you convince the courts that, while they can't compel you to give up your password, there's nothing wrong with forcing people to unlock their phone with their fingerprints, face, etc.
There. Problem solved. You still have strong encryption but the government can compel you to use your fingerprint to unlock your ph
Re: (Score:3)
Biometrics can be stolen. And when they are stolen, there is no way to change them. Has been known to any actual expert for decades.
Re: (Score:2)
That's accurate, but it depends on if it wipes it with random binary a few times and then with all zeros after. Deletion will just leave the data accessible.
Recovering Overwritten Data (Score:2)
Overwriting it once is good enough. There's no evidence that anyone has ever pulled off an real-world attack such as Gutmann described, and the people who have tried this under ideal situations (very old drive, never previously written, target data was the only thing on the drive, overwritten once) only managed to recover a few characters. In this century, recovering overwritten data is impossible, and the odds are that it was never practical to begin with.
Re: (Score:2)
But here's a solution. If someone's phone is locked, you bring them into court. Show Probable Cause. The judge will order said someone to unlock their phone. They will decline. The judge will find them in contempt of court and sentence them to jail time. Or a fine.
After a week in the clink you bring them back into court. Rinse and repeat as necessary.
It's called Due Process. It's a Constitutional Right. (Although it feels like the only one anyone cares about is the Second Amendment.)
That "solution" probably violates the 5th amendment right to not self-incriminate.
Re: (Score:2)
That "solution" probably violates the 5th amendment right to not self-incriminate.
I forget...which amendments do we respect and which ones do we trample because 'muh agendas!' this week? Same ones as last week, or are there new additions that somehow thwart the justified means to the ends?
Strat
Re: (Score:2)
I think so far courts are ruling that compelling the production of a fingerprint to unlock a phone is not a 5th amendment issue.
Re: (Score:2)
In the mean time it's supposed to be hard to keep finding someone in contempt of court over and over and over.
Generally as long as the person continues to not comply, and the order is still relevant to an ongoing proceeding, that means that person is still (not again) in contempt of court. How do you think it's supposed to work?
keeping America safe? (Score:5, Insightful)
The FBI was watching the 9/11 attackers to see what they would do. The FBI was warned by Russia about the Boston marathon bomber. FBI was given tips about Florida school shooter.
Yeah, FBI, keeping America safe.....keeping the government safe from its citizens anyway.
Re: (Score:3)
Indeed. What they are doing is performing a show that keeps the average citizen believing that everything would go up in flames without them. They are applying the technique of the "Big Lie".
Re: (Score:3)
it's even better than that, don't forget where the FBI seeks out low IQ impressionable losers, befriends them and fills their minds with crazy violent talk and ideas over months, then gives them access to fake bomb materials or guns. Then they swoop in to arrest them in what is trumpeted as a "great victory in the war on terror" with mutual back patting and cock sucking all around.
False Flag Attacks, Incitement, etc.
Re: (Score:2)
Of if you have no real threats to keep up the pretense that you are useful, just create a fake one.
Re: (Score:2)
From what I remember the FBI wasn't watching the 9/11 terrorists, and that was the problem. The CIA had a team that was doing that work while the terrorists where outside of the USA. When some of the terrorists traveled to the USA an FBI agent that was working with the CIA team tried to bring in the FBI. The CIA leadership over that team threatened the FBI agent into silence because they were afraid of losing credit for eventually catching the terrorists in the act. Of course that didn't work out so well be
Worked so well... (Score:2)
... for TSA luggage locks. I can pick up a set of luggage lock keys from Alibaba for $5. Sure feel like my luggage is secure knowing any joker can get the key to open my luggage, even if the TSA agent himself doesn't steal things from it.
Re: (Score:2)
even if the TSA agent himself doesn't steal things from it.
And that's a BIG if.
Re: (Score:2)
Sure feel like my luggage is secure
There is a concept called "appropriate levels of security". I'm sure it has an official name, but that's what I'm going to call it for now.
If you thought the TSA luggage lock was intended to provide "security" in any absolute sense, then it is your worldview that needs adjustment.
What is the purpose of the lock? It cannot be to provide "security", because most likely your luggage is soft-sided. A simple box cutter or pocket knife will open it up. If it's hard sided, then a blow with a two-by-four will c
Re: (Score:2)
TSA locks, when opened with a TSA key, will pop up a flag that can only be reset with the real key. So you know the TSA has rifled through your baggage because the lock will indicate it was opened.
Lock makers aren't dumb. They know there's a backdoor, and the best they can do is indicate when the backdoor was used.
The problem with encryption is there's no way to design it with a backdoor that indicates a backdoor was used that can be reset only by using the proper decryption key. It's just a software flag a
Re: (Score:2)
They want to be trusted? (Score:5, Insightful)
Oh so they want full trust do they? Well, if they want us to trust them - trust by the way, that they have repeatedly proven that they have not earned or deserve - then there must be these conditions in cases of violation...
If any individual in that organization violates any of the rules set out to protect people's privacy, in any way, shape or form, either directly or indirectly, then they must, must be punished!
And I do mean punished. They should be terminated from their position - immediately - without pay. They forfeit any severance. They forfeit their retirement fund. They forfeit any future government employment in any level of government. They forfeit their current life savings. They forfeit their house. Basically, do the whole 'asset forfeiture' stuff to them.
And let's not just stop at that individual. Their entire department/division should also be investigated. Everyone in it should be interrogated. Their families too. Any found complicit should suffer the same punishment. That'll keep everyone on their toes, making sure others aren't violating the rules, avoid them protecting each other or higher ups under some code of silence, or try to frame just the one individual to avoid getting caught.
Basically, they should be treated just as they've treated past whistleblowers. Anything less means they really just get carte blanche to violate the rules at their leisure.
Any why no due process? Simple: if they break the rules, they can't be trusted - the very basic thing they're demanding. It's their job not to break the rules. Don't do the job, get fired! Break the rule, get punished!
If I tell you "don't push that button" then you turn around and push it, it's the same thing: Your job was to not push the button. It required no effort to not push the button!! You couldn't follow the basic rule; in fact, you deliberately went out of your way to break it. If you do push the button, you can't be trusted. Why should I trust you if you can't follow the rule?
Re: (Score:2)
Sessions, the AG, has until Thursday to answer if the rules for obtaining FISA warrants have been changed since Congress passed them (they haven't). If they are following the currently passed rules, multiple people at the FBI and DOJ have broken 5 specific laws in obtaining FISA warrant...
All FISA warrants are illegal. Due process can not be conducted in secret.
Finally! (Score:2)
Actually, the FBI is on the front line fighting cyber crime and economic espionage
So it looks like a US agency has finally decided to take responsibility for our nation's information security disaster!!!
Tarriff (Score:3)
Ball's in your court, asshole (Score:4, Insightful)
Ok, fine. Don't believe it.
But if you're honest, you'll definitely recognize that everyone else believes it. Apparently you're the one smart person in America, and you're surrounded by fools and so-called "experts" who lack your insight.
Now prove everyone else wrong, inventor Christopher Wray.
Re: (Score:2)
Ok, fine. Don't believe it.
But if you're honest, you'll definitely recognize that everyone else believes it. Apparently you're the one smart person in America, and you're surrounded by fools and so-called "experts" who lack your insight.
Now prove everyone else wrong, inventor Christopher Wray.
I was looking for a comment like this, and I'm glad I wasn't disappointed!
It feels Dilbert-ish, really.
"But I just don’t buy the claim that it’s impossible." = "I will reject what you say to me until you say what I want to hear."
In the same way that technology doesn't respect copyright (how many copies did you make of this to see it on your screen?), it doesn't magically know when the law now states 'okay, because of a court ruling, I shall no longer do what I was designed to do.' It is
Re: (Score:2)
But if you're honest, you'll definitely recognize that everyone else believes it.
There are some truths that are truths because everyone believes them. There are other truths where it doesn't matter how many people believe it, it simply isn't true. Technology tends to fall into the latter category. Sociology is the former.
For example, "everyone" believed that analog AMPS cell phone calls were private and couldn't be eavesdropped on. Oh, wait, if I tune my TV up around channel 64 or so I can pick up your cell phone call! Clear as a bell. Both sides. It's even easier if I tune my DC-to-da
Encryption is pointless if 3rd. parties can bypass (Score:4, Insightful)
If you want a pretty decent example of this, look at the encryption methods used in such things as DirecTV or Dish Network receivers. For many years,the "smartcards" containing your authorized programming were hacked in a cat and mouse game. You had to buy this programmer devices or that piece of PC software to keep up with it, but it was absolutely possible to unlock those things so you had all the programming without paying (or with just paying for a bare minimum subscription to keep something flagged as an active account).
Then, both of them discontinued their existing card technology and rolled out mandatory upgrades, and the hole was effectively sealed. Nobody I'm aware is really hacking these things anymore, in any big commercial way?
As I understand it, many of the previous hacks were really the result of leaks.... Someone was paid off to reveal a way to access the card and modify it.
That's always going to be the "weak spot" ... having such a hole that you're aware of and leave in there for internal use. If you give keys to a "trusted third party" like the FBI -- same problem only amplified because now the info exists both with the manufacturer AND the agency holding the keys. Twice as likely it will get leaked out by somebody, somewhere.
Could someone from Colombia please ... (Score:2)
ship these guys a few kilograms of good quality Cocaine. It seems clear that they are starting to be able to talk after the last lot, but are not yet making sense. It is probably simpler and more effective for everyone if we just push them back into their drug induced addled fantasy world that to try to sober them up and break the bad new that what the rocks told them just is not true.
That way: they'll be happy and we'll all be happy!
Let's call this what it is: NEED FOR CONTROL (Score:5, Interesting)
Re: (Score:2)
And that is exactly it. They cannot stand that somebody tells them "no" and actually can get away with it (because facts).
No (Score:2)
What's the problem? (Score:3, Insightful)
I have been hearing Liberals and Progressives telling me for 2 weeks non-stop how the US Constitution only gives me the right to use whatever tools were in existence at the time it was written (or amended). Personal computing devices most certainly did not exist in the early 1790s when the amendments known as the Bill of Rights were adopted so they cannot possibly be covered by the 4th Amendment anymore than television and radio are covered by the 1st Amendment.
Don't like it? Then get of the Leftist bandwagon trying to completely ignore one-tenth of the Bill of Rights and stop promoting false ideas about what rights we have.
If you support a string of lies against one right, those same lies will be used against your interests in regards to other rights.
Why ? (Score:2)
According to the news lately, there seems to be no shortage of private firms who are willing to do this work for them.
But, this probably isn't about ' criminal ' phones is it ? They want the ability to get into any phone on demand. Having another firm do it for you creates all that nasty paperwork that can come back to haunt you later.
If they can do it in house, then they really don't don't need to ask permission.
It may be possible, but we're not up to it (Score:5, Insightful)
As a lead cryptographic security engineer on the world's largest operating system, I think I have pretty clear visibility into the problems and potential solutions... and the truth is that while there's no information-theoretic reason why a law-enforcement access system couldn't be built while keeping the systems secure from everyone else, I have zero confidence in the industry's ability to do it in the foreseeable future.
The truth is that we have not been able to build truly strong security into consumer devices yet. We're getting closer. The work that Apple has done is excellent, and I think the Pixel 2 is even better, but the fact is that devices still get popped with monotonous regularity. The most we've been able to achieve so far is to raise the cost of extracting data from them, as the FBI found out when they were able to pay for the extraction of the data on the San Bernardino shooter's phone.
The FBI is asking industry to "innovate" in the same way that NASA might ask SpaceX to innovate by producing a fully reusable direct-to-Mars-and-back passenger spacecraft. Sure, there's no reason it's physically impossible, but we're quite some distance from being able to get live people to Mars at all. The FBI wants to build a secure back door while we're still working out how to make sure the hinges are mounted on the inside of the front door and the lock isn't easily pickable.
All of this, of course, is addressing the question of technical feasibility. A separate, and perhaps even more important, question is whether or not it should be done even if it could, and what sorts of protections it would require. Mobile devices are repositories of far more personal information than any other single, non-living source has ever been. I think something more than a simple search warrant should be required -- again, assuming it were even possible.
Re: (Score:3, Insightful)
Once law enforcement has access to backdoor keys, those keys are subject to rubber-hose cryptanalysis and just plain bribery. One dirty cop or judge, or one honest cop or judge with a loved one taken hostage, and the keys are out. In other words ,"secure back door" is an oxymoron.
Adding a back door is trivial. Public-key crypto syste
Re: (Score:3)
I call BS on this, and even on your so-called credentials. "A lead cryptographic security engineer on the world's largest operating system" -- you do crypto for Minix?
Android. You think Minix is the world's largest operating system? I guess I should have been clear that by "largest" I meant "most users".
FWIW, what I do on Android is strong authentication [android.com], hardware-backed crypto [android.com] and device encryption [android.com]. I'm the owner of the auth and HW crypto subsystems, and contribute significantly to device encryption. In terms of Android components, I own keystore, gatekeeper and keymaster. I also do a lot of work on biometrics. If you're skeptical, feel free to look through the Androi
Re: (Score:2)
Re: (Score:2)
The problem is once you have humans, especially a lot of humans, there's way too much opportunity for corruption. You say you need multiple parties? Well, small town America where the judge, sheriff, bailiff may descend from the same family already eliminates 3 parties from the list, because they are good friends with the mayor and their representative. Company representative? Well, let's say people managed to steal Apple's source code and it leaked out eventually, so all it takes is one intern.
Yep, it's very, very hard. The claim that it's impossible is bunk, but the claim that we can do it is also bunk.
Re: (Score:3)
Thank you for taking this position and explaining it. When these threads come up, they quickly fill up with comments heavy on the word "impossible." While there are some rational uses of that word, I believe anytime it is used in the context of security there is a huge burden of proof. Proof I rarely see attempted by the majority of posters here.
Building something to deliberately circumvent consumer privacy into a device, when your company has built its reputation on protecting privacy is, at best, a questi
Re: (Score:2)
Keeping that back door secure is impossible. That private key would then be worth multiple billions of dollars to organized crime, terrorists, or similar folks.
There are already keys with that sort of value. Consider the firmware signing keys for major phone OSes. The keys that the FBI wanted Apple to use to subvert the security of the San Bernardino shooter's phone.
I think his point is that the only reason that works now, is because one person - like you - ever has access to the key. Once you allow any of the millions of police officers, lawyers and judges out there to get a copy - even a temporary one - then one of them will turn out to be corrupt, and provide the bad guys the information they need.
You should never allow any human access to a copy of the key. You allow them controlled, limited access to secure hardware that holds the key and will use it to perform operations on request, but will never give release a copy.
Re: (Score:2)
Re: (Score:2)
PRISM showed what the security forces like doing to users, computers, networks, OS, brands.
Magic Lantern (software) https://en.wikipedia.org/wiki/... [wikipedia.org]
"... as to whether anti-virus companies could or should detect the FBI's keystroke logger."
Operation Socialist https://en.wikipedia.org/wiki/... [wikipedia.org]
"The Inside Story of How British Spies Hacked Belgium’s Largest Telco" https://theintercept.com/2014/... [theintercept.com]
SISMI-Telecom_scandal https://en.wikip [wikipedia.org]
Re: (Score:2)
So now the Federal Government has the magic keys to encryption. Why would anyone from a foreign country buy your product, especially anyone with any government or corporate level, given that they know the US can easily decrypt anything?
That's not a real problem. It would be easy enough to turn off the access switch -- or enable it for use by the relevant foreign government. Which, BTW, creates some real moral concerns. Even if you believe that western, democratic governments can be trusted (a big, big "if"), there are other countries that absolutely will abuse the hell out of it.
Yes, it may be technically possible, but it's totally not feasible.
I believe that's what I said :-)
Doesn't buy it... (Score:2)
But I just don't buy the claim that it's impossible.
Guess what? Math works whether you buy into it or not, bitch.
two words, Mr Wray (Score:2)
FBI Must have missed ... (Score:2)
I believe you (Score:2)
Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe. --Christopher Wray
Translation from FBIese: We would like you all to use very secure encryption that no one can break into except for us
I have 0 doubts that they sincerely want this.
FBI doesn't understand technology and says.. (Score:2)
3 Keys (Score:2)
Manufacturer has unique key per device.
Justice dept has key 2
Law enforcement has key 3 held by 3rd party Security company.
Judges order unlocks the use of all 3 Keys which must be handled by another 3rd party forensics company which must use a system that pulls the Keys securely so nobody can view them in transit to the device.
Complicated as hell, but without access to the unique key and the other 2 Keys nothing can be decrypted.
Could go further and generate unique Keys per device for all 3 parties it would
simple answers (Score:2)
I like Occam's Razor, and it gives a better answer than the conspiracy theories.
I've done a bit of forensics, and I write a little. I can imagine how much information about a person you could get from the contents of their smartphone. For a criminal investigation, if I were in that position and I had a choice to search a persons home or their smartphone but not both, I would pick the smartphone.
The job of the FBI is to investigate crimes, and having access to a suspects smartphone would do a ton of good tow
What problem (Score:2)
FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem...
It's not a problem, but a direct response to governmental overreach. It's a solution.
I always find it astonighing how many people who work in government don't agree with the core principles the country was founded on. It really should be a prerequisite to obtaining a job in government.
Really... (Score:2)
Sorry Comrade,
But Encryption that keeps data safe IS the goal, and if you can't crack it, tough.
Privacy is a right. PERIOD.
Perhaps if you and your fellow evil losers in government stopped violating Americans rights constantly and betraying the public's trust at every opportunity you'd have some sympathy out there.
Let them pilot the project (Score:2)
Prebroken encryption is a bad idea. (Score:2)
When you say "we need to keep Americans safe", what I think is "Americans need to be kept safe from you."
Every "law" enforcement agency has proven that it has bad apples who will abuse any authority given to them.
The FBI can not be trusted with master keys.
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Hmm, I won't get into that argument. Who knows. Definitely a 4th amendment issue.
Re: (Score:2)
It is. When something is public key encrypted, what actually happens is a symmetric cypher is uesd and then that key is encrypted by the public key and stored somewhere. You just encrypt another copy of the symmetric key with a different public key and store it.
BUT you have just severely compromised the safety of your data. There now exists an extremely valuable master key that can unlock every phone in America. Being kept safe by the same people who leaked a top secret bag of hacking tools to the world and
Re: (Score:2)
When lots of different people have that 3rd key to use, copy and share the nation wide results fro privacy get interesting.
The mil and security services copy and share that third key. Ex and former staff use the their key. Other nations, groups, criminals get the third key thanks to trusted staff having split loyalties.
SISMI-Telecom scandal https://en.wikipedia.org/wiki/... [wikipedia.org] "illegal domestic surveillance program"