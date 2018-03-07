FBI Again Calls For Magical Solution To Break Into Encrypted Phones (arstechnica.com) 85
An anonymous reader quotes a report from Ars Technica: FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem, the idea that the prevalence of default strong encryption on digital devices makes it more difficult for law enforcement to extract data during an investigation. However, in a Wednesday speech at Boston College, Wray again did not outline any specific piece of legislation or technical solution that would provide both strong encryption and allow the government to access encrypted devices when it has a warrant. A key escrow system, with which the FBI or another entity would be able to unlock a device given a certain set of circumstances, is by definition weaker than what cryptographers would traditionally call "strong encryption." There's also the problem of how to compel device and software makers to impose such a system on their customers -- similar efforts were attempted during the Clinton administration, but they failed. A consensus of technical experts has said that what the FBI has asked for is impossible. "I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available," Wray said Wednesday. "But I just don't buy the claim that it's impossible. Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe."
And yet again... (Score:5, Insightful)
Re: (Score:1)
Because they don't work in the FBI
Nobody is interested in "knowing better". They simply say what they are told to say, or they get fired.
Also (Score:3)
I'd like a magical pony. I know magic doesn't exist, but that shouldn't mean I can't get a magical pony.
Re: (Score:2)
> magic doesn't exist
I just don't buy that claim.
Our education systems needs to be thoughtfully designed so they don't undermine our ability to keep pace with international wizarding schools.
And I'm going to put man hours behind my opinion. Tax dollars. Legislation.
Re: (Score:2)
Re: (Score:2)
Our education systems needs to be thoughtfully designed so they don't undermine our ability to keep pace with international wizarding schools.
No, we just need high tariffs on international magic imported into the US.
Or exported, imported or otherwise traded anywhere else in the world. The IRS could greatly increase tax revenues by taxing the incomes of foreign nationals living and working abroad.
The TSA can staff domestic wizards to detect those trying to smuggle cheap, foreign magic into this Grape Kool-Aid Nation!
Those wizards caught at the border will be turned into newts!
Re: (Score:2)
I know magic doesn't exist...
Gravity is magic. Anything I don't understand is magic performed by the gods.
Re: (Score:1)
Gravity is a NASA hoax. The disc that is Earth & its counterpart anti-Earth have been accelerating away from each other at 9.8 m/s/s since they split, driven by the strong repulsive force between matter and antimatter. We will never reach the speed of light. For an explanation why, I refer you to Einstein's papers in their original Hebrew. NASA heavily censored Einstein during translation.
Any hole is exploitable (Score:3)
There is no security when a backdoor exists. Once it is known, everyone will work to get in, and you wont find out it was cracked until it has been heavily exploited.
Re: (Score:1)
Clinton lied about it. He could have said "she gave me a bj, what of it" but he wagged his finger instead. Then we nearly elected his literally-a-cuck wife.
You'd never guess it (Score:2)
But it turns out that a $5 wrench turns out to be as good as key escrow.
Strong Encryption, But Not For Us (Score:4, Insightful)
Anytime someone says they support strong encryption but want to be able to bypass whenever they have the need, my head wants to explode. Any bypass, back door or master key, no matter how well designed, perfectly implemented, or zealously protected, fundamentally weakens the encryption they claim to support. If a way around the encryption exists, someone will find and exploit it. Pure and simple.
I'm all for law enforcement being able to do their job. But I'm also all for strong encryption - my job in information security depends on it, and the sensitive information of millions of people would be at risk without it. Encryption is a tool, like a hammer: people with bad intent can use it to build harm as well as upstanding citizens can use it to build good. I'm sorry, but law enforcement needs to find another way to get to those nails, rather than make hammers defective for everyone.
Re:Strong Encryption, But Not For Us (Score:4, Insightful)
Re: (Score:2)
Any bypass, back door or master key, no matter how well designed, perfectly implemented, or zealously protected, fundamentally weakens the encryption they claim to support.
The FBI is asking for something infeasible, and probably a bad idea even if it were feasible (see my comments here [slashdot.org]), but this is not true. Modern cryptography provides us with ready tools to do this sort of thing. Escrowing of keys, protected by public key encryption, is very well understood. It's actually pretty common in enterprise system configurations for the crucial keys on employee devices to be escrowed with the enterprise to enable it to recover data from the device in the event of employee unavaila
I Got It! (Score:2)
But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe.
So here's what the industry should do...
Yes, you can use strong encryption on your phones. You then provide a super-convenient way for your customers to unlock their phones via biometrics. Then you convince the courts that, while they can't compel you to give up your password, there's nothing wrong with forcing people to unlock their phone with their fingerprints, face, etc.
There. Problem solved. You still have strong encryption but the government can compel you to use your fingerprint to unlock your ph
Re: (Score:1)
The idea appears to be making it mandatory to enable them.
Re: (Score:2)
That's accurate, but it depends on if it wipes it with random binary a few times and then with all zeros after. Deletion will just leave the data accessible.
keeping America safe? (Score:5, Insightful)
The FBI was watching the 9/11 attackers to see what they would do. The FBI was warned by Russia about the Boston marathon bomber. FBI was given tips about Florida school shooter.
Yeah, FBI, keeping America safe.....keeping the government safe from its citizens anyway.
Why do you need it? (Score:2)
Re: (Score:2)
Hmm, I won't get into that argument. Who knows. Definitely a 4th amendment issue.
Worked so well... (Score:3)
... for TSA luggage locks. I can pick up a set of luggage lock keys from Alibaba for $5. Sure feel like my luggage is secure knowing any joker can get the key to open my luggage, even if the TSA agent himself doesn't steal things from it.
Re: (Score:3)
even if the TSA agent himself doesn't steal things from it.
And that's a BIG if.
Re: (Score:2)
Sure feel like my luggage is secure
There is a concept called "appropriate levels of security". I'm sure it has an official name, but that's what I'm going to call it for now.
If you thought the TSA luggage lock was intended to provide "security" in any absolute sense, then it is your worldview that needs adjustment.
What is the purpose of the lock? It cannot be to provide "security", because most likely your luggage is soft-sided. A simple box cutter or pocket knife will open it up. If it's hard sided, then a blow with a two-by-four will c
They want to be trusted? (Score:2)
Oh so they want full trust do they? Well, if they want us to trust them - trust by the way, that they have repeatedly proven that they have not earned or deserve - then there must be these conditions in cases of violation...
If any individual in that organization violates any of the rules set out to protect people's privacy, in any way, shape or form, either directly or indirectly, then they must, must be punished!
And I do mean punished. They should be terminated from their position - immediately - without
But information security programs need to be.... (Score:1)
From an old Dick Van Dyke episode (Score:1)
FBI = Fat, Bald & Ignorant
Re: (Score:1)
Finally! (Score:2)
Actually, the FBI is on the front line fighting cyber crime and economic espionage
So it looks like a US agency has finally decided to take responsibility for our nation's information security disaster!!!
Re: (Score:2)
Re: (Score:2)
Tarriff (Score:3)
Ball's in your court, asshole (Score:2)
Ok, fine. Don't believe it.
But if you're honest, you'll definitely recognize that everyone else believes it. Apparently you're the one smart person in America, and you're surrounded by fools and so-called "experts" who lack your insight.
Now prove everyone else wrong, inventor Christopher Wray.
Re: (Score:2)
Ok, fine. Don't believe it.
But if you're honest, you'll definitely recognize that everyone else believes it. Apparently you're the one smart person in America, and you're surrounded by fools and so-called "experts" who lack your insight.
Now prove everyone else wrong, inventor Christopher Wray.
I was looking for a comment like this, and I'm glad I wasn't disappointed!
It feels Dilbert-ish, really.
"But I just don’t buy the claim that it’s impossible." = "I will reject what you say to me until you say what I want to hear."
In the same way that technology doesn't respect copyright (how many copies did you make of this to see it on your screen?), it doesn't magically know when the law now states 'okay, because of a court ruling, I shall no longer do what I was designed to do.' It is
Encryption is pointless if 3rd. parties can bypass (Score:2)
If you want a pretty decent example of this, look at the encryption methods used in such things as DirecTV or Dish Network receivers. For many years,the "smartcards" containing your authorized programming were hacked in a cat and mouse game. You had to buy this programmer devices or that piece of PC software to keep up with it, but it was absolutely possible to unlock those things so you had all the programming without paying (or with just paying for a bare minimum subscription to keep something flagged as
Just like the FISA Warrants (Score:1)
The FBI would never lie or abuse their power....
Could someone from Colombia please ... (Score:2)
ship these guys a few kilograms of good quality Cocaine. It seems clear that they are starting to be able to talk after the last lot, but are not yet making sense. It is probably simpler and more effective for everyone if we just push them back into their drug induced addled fantasy world that to try to sober them up and break the bad new that what the rocks told them just is not true.
That way: they'll be happy and we'll all be happy!
Let's call this what it is: NEED FOR CONTROL (Score:2)
No (Score:2)
Something tells me this is just (Score:2)
Were the tip calls from citizens about the parkland shooter encrypted? Yet they still did nothing! They are so busy trying to take down the President, they are not even looking at doing their real jobs.
This all just an attempt to get the media and public to look a different direction! The top 40% of DOJ and FBI leadership need to be clean
Why ? (Score:2)
According to the news lately, there seems to be no shortage of private firms who are willing to do this work for them.
But, this probably isn't about ' criminal ' phones is it ? They want the ability to get into any phone on demand. Having another firm do it for you creates all that nasty paperwork that can come back to haunt you later.
If they can do it in house, then they really don't don't need to ask permission.
It may be possible, but we're not up to it (Score:2)
As a lead cryptographic security engineer on the world's largest operating system, I think I have pretty clear visibility into the problems and potential solutions... and the truth is that while there's no information-theoretic reason why a law-enforcement access system couldn't be built while keeping the systems secure from everyone else, I have zero confidence in the industry's ability to do it in the foreseeable future.
The truth is that we have not been able to build truly strong security into consumer
Doesn't buy it... (Score:2)
But I just don't buy the claim that it's impossible.
Guess what? Math works whether you buy into it or not, bitch.
two words, Mr Wray (Score:2)