"FBI and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such 'extraordinary access' to encrypted devices," reports The New York Times (alternative source), citing people familiar with the matter. Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking. Slashdot reader schwit1 shares the report: Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said. The FBI has been agitating for versions of such a mandate since 2010, complaining that the spreading use of encryption is eroding investigators' ability to carry out wiretap orders and search warrants -- a problem it calls "going dark." The issue repeatedly flared without resolution under the Obama administration, peaking in 2016, when the government tried to force Apple to help it break into the iPhone of one of the attackers in the terrorist assault in San Bernardino, Calif. The debate receded when the Trump administration took office, but in recent months top officials like Rod J. Rosenstein, the deputy attorney general, and Christopher A. Wray, the FBI director, have begun talking publicly about the "going dark" problem. The National Security Council and the Justice Department declined to comment about the internal deliberations. The people familiar with the talks spoke on the condition of anonymity, cautioning that they were at a preliminary stage and that no request for legislation was imminent. But the renewed push is certain to be met with resistance.

  • Impossible (Score:3)

    by b0s0z0ku ( 752509 ) on Sunday March 25, 2018 @12:40PM (#56323283)

    This is basically impossible without banning general-purpose computing devices entirely. Even if phones have a backdoor, what's to stop someone from loading a Linux variant designed outside the US onto a laptop and using it for secure communications?

    Entirely banning "unhackable" communication would require a walled garden that looks more like Alcatraz for every single compute device sold in the world.

    • Electronic Frontier Foundation laughed. 'There's no use trying,' she said. 'One can't believe impossible things.'

      I daresay you haven't had much practice,' said the Justice Department. 'When I was your age, I always did it for half-an-hour a day. Why, sometimes I've believed as many as six impossible things before breakfast.”

    • You misunderstand. Its not necessarily about being hackable or backdoored. There is no need to remove the current level of encryption and digital signatures and other technical security features, nor is it necessary to prevent further advances in these areas. All that government would need to do is require Apple/Google/Microsoft/etc to archive your passcode, and give up your passcode when presented with a warrant. Yes, that is not desirable. However it is not "banning unhackable communication".
      • What if you're running an OS where Apple/M$/Google/etc is not privy to your LUKS passphrase? Will this ban any OS that doesn't require a "cloud" login?

        • Re: (Score:2)

          by drnb ( 2434720 )

          What if you're running an OS where Apple/M$/Google/etc is not privy to your LUKS passphrase? Will this ban any OS that doesn't require a "cloud" login?

          What I referred to is not a cloud login. Its a one-time archiving of your "passcode" when it is initially set or changed. Day-to-day passcode use would remain offline.

          Is this a problem for open source, yes, but that is something separate from technical feasibility. Is this a problem for Linux users, possibly not for many. Red Hat, Canonical, etc could archive things just like Apple, Google, Microsoft, etc.

          Again, none of this is desirable. I'm just arguing against the notion of "impossible". If you don

          • Sure, but Linux is open-source. What's to stop someone from writing, downloading, and/or installing an "unapproved" distro that doesn't archive passcodes? Or just disabling whatever is responsible for archiving the passcodes. Not all Linux variants are released by companies subject to US jurisdiction.

            Unless they're willing to dictate that all hardware sold in the US (or worldwide!) has to be designed to only to run approved OS's.

      • So, We will end up with a block market selling older permanently lockable phones to those who do NOT wish to share their secrets with the FBI, KGB. NSA, local law enforcement and the weird kid down the street? Here's your chance to make a killing folks. Get in early. Business Plan? When a decsion is needed, just ask yourself -- "What would Uber Do?"

  • I'd expect the issue to surface as many times as necessary until the Justice (lol) Department gets what they want.

    • So how do we fix it? How do we get a government that respects its citizens' privacy?

  • These companies don;t just do business in America. If the U.S. Government gets it, then other governments will likely follow suit. Blanket refusal is the only answer to protect global civil rights.

  • This should be easy- just find a way to invalidate the basic laws of physics and mathematics, and voilà, you got it!

  • Current crypto isn't good enough. No amount of talking to consumer tech / engineers / "security researchers" will make it work.

    Like moving from symmetric key to asymmetric key, a whole new way of doing crypto mathematics will be needed to solve this. So get some mathematicians on super-magic-only-good-guys-can-spy algorithms.

  • They seem to be collecting it all, anyway.

