AG Barr Says Consumers Should Accept Security Risks of Encryption Backdoors (techcrunch.com) 582
U.S. attorney general William Barr has said consumers should accept the risks that encryption backdoors pose to their personal cybersecurity to ensure law enforcement can access encrypted communications. From a report: In remarks, Barr said the "significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society." He suggested that the "residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. [...] Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety." The risk, he said, was acceptable because "we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications," and "not talking about protecting the nation's nuclear launch codes."
Should? (Score:5, Insightful)
Maybe, but we won't.
Re:Should? (Score:5, Interesting)
There's a quite considerable danger if we accept the risk of backdoors. Any compromised individual also is a risk for an organization.
The day when a prominent leader gets to suffer from a backdoor is when the wind really will change.
Re:Should? (Score:5, Funny)
The wind coming out of those backdoors can definitely be a fearful thing.
Re: (Score:3, Insightful)
It's not encryption if there's a backdoor.
Re:Should? (Score:5, Insightful)
The day when a prominent leader gets to suffer from a backdoor is when the wind really will change.
The thing is that prominent leaders, military, law enforcement, and government in general will get to use uncrippled strong cryptography because of national security and whatnot. They can't have the enemy reading their communications.
Re: Should? (Score:5, Insightful)
Are we talking about Clinton or Kushner? Because both essentially did it.
Re:Should? (Score:5, Insightful)
Barr's risk assessment contains an implicit assumption that the value of the consumer's data is practically nil, as opposed to the government's extremely valuable data that needs to be protected with no backdoors, etc. Unfortunately, that is about the best we can expect from a government agent. The idea that the data of a citizen is valuable is apparently ludicrous. This is a stunning exposure of his attitude about the rights of citizens. I'm not so happy that this is one of the chief people charged with maintaining the 4th amendment of the US Constitution https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution [wikipedia.org]. After all, if there is little of value to protect, it is fairly easy to minimize violations of that protection.
Re:Should? (Score:5, Interesting)
While I don't disagree with your critique, your first sentence is ridiculous. Compared to my most secret data, the government's most secret data is far more important.
I don't disagree that the government has some data that needs to be protected with the utmost of security, and that their most secret data is probably of greater inherent value than my most secret data. But I have data that it is very important to me to keep private, and I daresay that my needs are just as important as the government's needs to keep data private in the case of the vast majority of the data that the government is keeping private. In fact, I will go out on a limb and say that the government is probably keeping data private that it has no right to keep private from the citizens, just as some citizens may be keeping data private from the government that the government has a responsibility to try and uncover (following proper protocol etc.). With respect to this kind of data, I suspect that the harm being done by keeping data secret is probably greater for the government's than for any single individual citizen. So will we see a "backdoor" mandated for the government's data that can be exposed and opened for all to see by court order?
The government desires strong encryption with no backdoors for the government. The government is advocating encryption with a non-blockable backdoors for use by citizens. This isn't the same as everyone having strong encryption, and undermines the citizens' ability to monitor and oversee the actions of the government.
He's half right, half wrong (Score:5, Insightful)
first significant asset that I owned was my first car.
A 1979 Toyota Corolla station wagon, which I purchased for $500. I did not hire a team of armed guards to protect it, because the cost of the security would be too high relative to its value. It is correct to consider the costs.
Barr said:
"The significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society.â
Yes, it should be assessed. Losing the capability to do proper, lawful intercepts and search warrants based on probable cause has a real cost to society.
Barr continued:
"residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product."
Yes, a "lawful access mechanism" would indeed increase the risk of vulnerability - greatly.
Where he's wrong is the judgement call between the two. Sorry, security is more important than search warrants. Also, there is an issue of freedom - my freedom to choose to use end-to-end encryption. Because this is supposed to be a nation of the people, for the people, by the people, and the federal government is, in the end, goons with guns threatening violence of I don't comply, government should force things on us only when absolutely necessary. "It's a good idea" is not a sufficient reason for government to force something on you, with the threat of violence if you refuse.
Re: (Score:2)
Absolutely not. I won't accept other individuals or companies deciding this for me.
Re:Should? (Score:5, Interesting)
Maybe we should, and maybe we should not. But this decision -- Is like deciding to abridge free speech,
for example: "Accept a government backdoor to censor any news article; to ensure government officials can
prevent a mass panic some story could cause, or protect national security."
Decisions should at least be made by the public whose rights you intend to infringe at the marketplace, and not be
argued by officials in authority such as justice department and law enforcement themselves who have an inherent
vested self-interest in their own power and convenience.
Re: (Score:3)
But this decision -- Is like deciding to abridge free speech,
More specifically, this is an attempt to criminalize whispering:
"There must be no secrets!!!
Why are we even saying maybe? (Score:5, Interesting)
No. No. No. No. We need to stop this crap where we treat the world like a market place of ideas where everything gets help up and considered. Some ideas are so vile and reprehensible that they do not bear consideration. This is one of those. We've known this for hundreds of years. That's why the constitution says no unauthorized search and seizures. This is a hard NO.
We already have a mechanism for that (Score:5, Interesting)
Re: (Score:3)
Same thing happens with a locked room, safe etc. They can still compel you to open it or cut the locks off but only with a court order.
Actually... its different. A state backdoor would be like requiring every Safe manufactured have a standard government combination to open it, And every Padlock has a second government key that will open it.
If they have this backdoor in place, then in at least some circumstances --- it will likely be deemed a "Reasonable search and seizure" for them to use their b
Re: Should? (Score:2)
-William Barr
Re: Should? (Score:2)
As a consumer I say AG Barr should bite me
Re: Should? (Score:5, Insightful)
As an IT guy, I'd like to offer him a custom certificate that we can add to his keychain to we can spy on all of his encrypted communications.
If he really thinks that backdoored security is not really a big deal, I can't see how he would mind us keeping an eye on his communications.
Re:43% will (Score:5, Insightful)
Google, Apple, Microsoft and anyone else working on this needs to lock their systems down without any backdoor and when the feds come knocking tell them, sorry we don't have the ability to decrypt.
Fight any attempts to force imposition of backdoors and start buying up the congress critters needed to pass a law forbidding backdoors. They've got Billions and Billions in cash, start spending it to protect the right to privacy.
Re:43% will (Score:4)
Re:You're missing the point (Score:4, Insightful)
If Trump wins re-election and is followed by a successor with the same level of blind support then we are probably going to become a defacto dictatorship.
Living in constant extreme paranoia is unhealthy. Also, Trump is most definitely constrained by polls, it's just that the Democrats haven't put up a credible option to run against him yet. All they need to do is get their act together and stop just promising free stuff to everybody. Once that happens Trump is done for. It's an easy fix that seems to be completely lost on most Democrats.
Fear can be healthy (Score:3)
I am tired of repeating myself, so for anyone interested here is a thread [slashdot.org] where I detail reasons to be afraid of the current administration, the TL;DR; is:
I want to address your "Free stuff" point (Score:5, Interesting)
Take healthcare. The most conservative (e.g. right wing) estimates say a single payer "Medicare for All" system paid for with payroll taxes would save $2 trillion every 10 years vs our current system. Or take climate change, where the cost of droughts, refugees and war are in the trillions. A $15 national min wage would raise prices
My point is that at no time are the Democrats giving away "free stuff". Instead they're considering the real costs of inaction. We did this in the 40s, 50s and 60s and it lead to the strongest economy ever. We stopped doing it in the 80s and we've had one economic crash after another, with only a
Re: You're missing the point (Score:3, Insightful)
As an outsider I saw the cult of personality for the first time in modern US politics during Obama's reign. It was quite something...
Re:Should? (Score:5, Insightful)
The right to bear arms is also a good legal approach against those who would take away our crypto: my crypto is my best weapon against hackers.
The Attorney General's fundamental argument is also flawed. This country was not founded to provide for more perfect law enforcement. It was founded by people who fought an armed revolution against the government of the time and wanted to preserve the ability of those who followed to do the same, should it ever become necessary. That's the key reason we have the second amendment, as well, and the reason we have so many checks and balances to preserve freedom against the government to prevent it from becoming necessary.
The bottom line is, there is in fact something more important than protecting our children's safety, and that is protecting their freedom. Our rights aren't designed to protect us against criminals, they are designed to protect us against the government.
Re: (Score:3)
The government even already did some of the ground work for ya. When they harassed Phil Zimmermann, it was for exporting "munitions." Their word.
The right to cryptography is likely guaranteed by both the first and second amendments. It wasn't covered by the second amendment until the government decided to phrase their attack that way, but they did, so that's yet ano
Re:Should? (Score:5, Interesting)
The NRA has often talked about the 2nd amendment to the US Constitution as being only one of the legs of the stool that holds up American freedoms. It is the leg that they defend, but they recognize that the others are important and must be defended as well.
The US government labeled crypto technology a munition, in order to use existing law to exert a greater control over it than otherwise was available. I think it would be somewhat of a novel legal theory to argue that since the 2nd Amendment says "... the right of the people to keep and bear arms shall not be infringed" AND the government itself has labeled crypto a munition (i.e., an "arm") that the people have a right to possess and use crypto technology that cannot be infringed. Novel, but interesting.
Re: (Score:3)
I think it would be somewhat of a novel legal theory to argue that since the 2nd Amendment says "... the right of the people to keep and bear arms shall not be infringed" AND the government itself has labeled crypto a munition (i.e., an "arm") that the people have a right to possess and use crypto technology that cannot be infringed. Novel, but interesting.
But the Heller decision did uphold that the government CAN put bans on some weapons. Scalia mentioned "dangerous and unusual" weapons, saying that bans on tanks or nuclear weapons are certainly warranted, which left the door open for assault weapons bans. He specifically mentioned that the understanding of the framers is that the weapons allowed for the militia would be "in common use for lawful purposes." Well, encryption is in common use for lawful purposes, of course, so maybe that's a point in encryptio
Re: (Score:3)
The NRA is a group built around gun safety education
Bullshit, I don't see them parading mandatory gun safety training or requiring gun safes in homes, in fact they do the exact opposite.
Re:Should? (Score:5, Interesting)
Did you take a mandatory speech safety training before posting that?
Re: (Score:3)
Did you take a mandatory speech safety training before posting that?
You mean Civics class? Why yes, I live in a community that has that.
Re: (Score:3, Insightful)
The NRA is a group built around gun safety education
Bullshit, I don't see them parading mandatory gun safety training or requiring gun safes in homes, in fact they do the exact opposite.
I can tell you don't pay much attention to the NRA and what they advocate. Pretty much all of the above concepts ARE supported by the NRA with the possible exception of making it "mandatory" for everyone as a condition to own a firearm. They advocate trigger locks, safes and other means of securing firearms. They train folks in gun safety for FREE and provide low cost materials for such training.
The NRA, however, does read the whole 2nd amendment and that pesky "shall not be infringed" phrase is certain
HAHAHAHAHA (Score:4, Insightful)
Re:HAHAHAHAHA (Score:5, Informative)
Why this is a dumb idea.
Re: HAHAHAHAHA (Score:2)
Why this is a dumb idea.
Don't be naive; it's hardly dumb for the evil slime that would benefit from it.
As long as he can accept the security risk of.... (Score:5, Insightful)
me telling him to fuck himself with a cactus.
Just another fascist dickhead that fails to understand that we need strong encryption to protect ourselves from people like him.
Re:As long as he can accept the security risk of.. (Score:5, Interesting)
The worst thing I saw on this (Score:2)
Re: (Score:3, Interesting)
Re: As long as he can accept the security risk of. (Score:5, Insightful)
And the Obama admin got the same response. As did the Bush administration. And the Clinton administration.
Re: (Score:3)
Except the previous administration did not do this. So as much as I hate both democrates and republicans when it comes to this issue, the later is clearly worse then the former.
No you are lying to us about who you hate as you are willfully ignorant (or lying about being ignorant) of facts on the subject and that shows your bias. You don't even have to go that far back to find the fight between Apple and the FBI over gaining access to the iPhone used by Farook. Surrounding that legal battle were politicians on both sides demanding better access from companies like Apple to the encrypted messages for law enforcement investigation.
Or how about the information that Snowden dumped on u
Re: As long as he can accept the security risk of (Score:3)
AG Eric Holder did it. [slashdot.org]
FBI Director Comey and NSA Director Rodgers did it. [slashdot.org]
It was just no big deal, they were part of a Democrat administration I guess...
Re:As long as he can accept the security risk of.. (Score:5, Insightful)
Actions which are bad are bad regardless of who does them. This song and dance has been done by every administration since the Clinton era, has always been wrong, and is never about any specific political party.
You aren't American. You have never lived in the US. You have said this several times. Why do you so strongly post on US poilitics during the election season just like the foreign interference trolls last time?
Fuck off. We don't need more of your chaos.
Actions that were bad are in the past, actions that are past. Actions that are unfolding as we speak are things we can still do something about. Whenever somebody brings up what the Trump admin is messing up at the moment some Trumpkin shows up and pivots to past events. Rolling around in the mistakes of Clinton, Obama and the Bush administrations like pigs in shit may be great fun but will not help us solve the problems of the present. Only talking about what is being messed up at the moment will solve problems and there is plenty to talk about. As for the rest of your comment, the US felt entitled invade my country and occupy it. The US has several times come within a whisker of making my country into a nuclear battle field. Whenever the American public decides to do something stupid it directly affects me in multiple ways, just like ti effects my life in multiple ways every time the Russian plublic decides to do something stupd and if you have a snowflake meltdown over what I have to say about the state of affairs in America, what I have to say about Russia would make your head explode. If the US feels entitled to invade other countries and occupy them It seems only fair to me that people in other countries can be that annoying voice reminding Americans of all the stupid ways they are messing up the world. If you don't like being reminded of the fuckups of the Trump administration go back to one of your echo chambers where there are no critical or dissenting voices and your fluttering little heart won't bleed whenever somebody disagrees with you.
Re: (Score:3)
Understanding the history of an issue of a problem will get you a lot further in criticizing current actions than to blindly rage at orange man. No one will take you seriously if you criticism follows political lines.
Using over the top hyperbole (fascist) to describe something that has been done by previous administrations who were not labeled as such means that you are following a religion of blind rage. If you think this is fascism then you are saying Obama, Bush, and Clinton were fascists. Which is retarded. I may not like them but fascists they were not.
>go back to one of your echo chambers Pot meet kettle.
It has nothing to do with rage. The guy is manifestly corrupt and incompetent, that's a simple and irrefutable observation. All I have done is adopt the debating style of Trump and his ilk, loud, obnoxious, self assured and in your face. If you people are going to dish it out you have to learn to take it. You can't just melt down like a precious little snowflake every time somebody shoots back the same kind of ammo you blast at everybody else. Plus, I never said Trump is a Fascist, he's plainly too dumb to
Re: (Score:2)
Just another fascist dickhead that fails to understand that we need strong encryption to protect ourselves from people like him.
He understands perfectly, that's why he want to stop you from being able to protect yourself.
Re: (Score:2)
Re: (Score:2)
me telling him to fuck himself with a cactus.
Just another fascist dickhead that fails to understand that we need strong encryption to protect ourselves from people like him.
You are naive or blind if you believe that. They know perfectly well what the encryption is good for and that is why they want it broken by design. Talk of criminals, terrorists, and thinking of the children is just a smoke screen to placate the masses that don't understand the scope or implications.
Re: As long as he can accept the security risk of (Score:4, Insightful)
Yes. And then blackmail you about them as a form of control. Sexual misconduct is the go-to strategy intelligence agencies use to discredit people. It goes back at least as far as MLK, probably further. It's probably why Assange was charged with rape.
Control is what fascists want. Not tittilation.
Re: As long as he can accept the security risk of. (Score:5, Insightful)
Right, their real goal is what, exactly? To monitor your text messages with your old girlfriend from high school?
Just because I have nothing particular to hide at this point in time does not mean that they have any business having access to the information.
And once they have the power, where does it stop? Today it is terrorists and drug cartels. Tomorrow it is identifying white supremacists (when the Dems are in control) or illegal aliens (if the Reps are in control). Later it's flagging any views critical of the government. It's a different scale that they have access to through today's technology, but this path has been followed many times throughout history.
Hell, even now look at what is going on in China with all their surveillance (physical and digital) that they are using to decide if you are a good enough citizen to be allowed to do various mundane things (like have a job, ride the train, etc..).
The UK isn't quite that bad, but they are quite the surveillance state as well yet they still have murders, terrorist plots, white supremacists, and other crimes. So what has all that monitoring really bought them?
Re: (Score:3)
We should remember that the government abuses authority like this CONSTANTLY. The NSA datacenter collecting american's calling metadata saw over 50,000 instances of agents accessing the information to spy on lovers, family or acquaintances without warrants or even authority to do so.
Any type of information access of this depth will be abused and will be a target of hackers. There should be no discussion on this. Put in a backdoor and that backdoor will be on sale on hacking forums in a year and the cops, FB
Re: (Score:3)
we need strong encryption to protect ourselves from people like him.
The "strong encryption" you refer to are known as firearms.
"Yes, the Founding Fathers were smarter than you."
Re: (Score:2)
Nobody is keeping you from writing your own operating system, because that is what it would take if encryption backdoors are mandated by law.
Re: (Score:3)
Actually, it might be creating your own hardware. Even now the CPU's and perhaps modems can bypass the OS.
crypto farm (Score:5, Insightful)
Some animals are permitted more security than others...
Of course he'd say that... (Score:2)
The US like Putin's Russia (Score:2)
Who would have thunked it, the land of the free, the home of the brave.
Security for the plebians (Score:5, Interesting)
So...you're cool with volunteering your own device to be the first with a backdoor? You don't deal in the nation's launch codes, after all, and surely your own personal business is appropriate for consumer products.
Oh, you meant it's just for us? No thank you.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not only that, but even if we assumed that the government wouldn't use their access maliciously (a HUGE assumption), then all it would take is one hack and suddenly malicious individuals across the world would have access to our systems. It's not like you can make a "Government Use Only" backdoor that's immune to hackers abusing it.
Re:Huawei as a solution provider (Score:4)
Let me guess, Huawei will be the solution provider. yes?
Seriously, this is asinine! It's tantamount to state-sponsored espionage at a national suicidal level!
The funny thing is that the Trump administration just banned Huawei devices because they were afraid of spying ... then they turned around and came up with this genius chess move. I'm pretty sure that Chinese intelligence is competent enough that they don't need any help to hack the legally mandated back door Barr wants to put into every computer, mobile phone and tablet device in the US and if the Chinese do crack this back door they will have access to way more data than if they had planted backdoor in Huawei devices and they'll have Barr to thank for it.
That's a great photo of him in the article. (Score:2)
Re: (Score:2)
Re: (Score:2)
"Where am I? How did I get here? Is this my office?"
"This is not my beautiful house, this is not my beautiful wife."
Noooope. (Score:5, Insightful)
AG Barr is a man utterly without integrity, openly acting as a purely partisan hack, working to undermine everything he can for crude private interests.
That dude asking for us to literally turn off basic security on our computers is worth less than a spam-bot asking something similar.
I mean, the effective algorithms aren't THAT complex - they're open, interesting and elegant packet coding/checking systems that don't need a method for third parties to break into.
Replacing those basic tools with ones shunted with a channel for outside parties to see the raw data is just utterly mindless.
Barr knows this, but again - no integrity.
I understand - he's got relationships worth money to maintain though - gotta be worth more than everything else in the world I suppose in his mind.
I mean, really, if anyone listens to a guy like Barr, he's got to figure they deserve the choice they made trusting him - at least that's what I see in the smirk he makes as he presents anything.
Towards his ideals at least, he's proving you can't trust government, by representing governance in general in as horrible a light as he can.
Ryan Fenton
Re:Noooope. (Score:5, Interesting)
Re: Noooope. (Score:2)
he's proving you can't trust government
Does this really need to be proven millions of times over??
Re: (Score:2)
It was fun watching David Brooks on PBS, when Barr said he would look at the special council's report, tell us that Barr was a respectable lawyer and he was going to trust him. A week later, after Barr made his pronouncement that Trump was innocent of attempting to sabotage Mueller, Brooks dismissed him as merely a spokesman for the Administration. Barr had a chance to make a basically conservative guy have some faith in the Administration and by being a hack, lost that chance in a mere week.
I'm for it, we're for it (Score:5, Interesting)
Re: (Score:2)
BULL SHIT (Score:5, Insightful)
Like HELL am I going to accept the risk willingly.
For one, I have the right per the 4th amendment to be secure in my effects, and that means that unless the government has a damn warrant they can kindly keep their big fat nose out of my private business. And by warrant, I mean one supported "by oath or affirmation" as specified in the 4th amendment, which probably means a police officer is in front of a judge and swearing to the justification for the warrant UNDER OATH, and that means they're sure enough of what they're telling the judge that they're willing to risk being charged with perjury if they're caught fibbing about it.
For two, their paychecks come out of taxes on my income and property, and I am not about to bless them wasting government man hours on my dime rifling through information they don't need in the first place to do their jobs.
For three, just because they're the government doesn't make them any more immune to being hacked than the private sector. Any information in government hands is information at risk of hack from both private hackers as well as enemy spies and the last thing I want is my personal information in the hands of the enemy, especially if the government doesn't need it in the first place.
So fuck back doors with a rusty pitchfork for three very good reasons. The principle of the 4th amendment, I don't want them wasting my tax money, and I don't want my shit exposed to hackers.
Nuclear Launch Codes (Score:5, Funny)
From what I understand, there is already a computer called the WOPR, that can rapidly decode the launch codes. So I am not sure what he is talking about.
What a maroon. (Score:2)
My social security number is my personal equivalent of a nation's nuclear launch codes.
Re: What a maroon. (Score:2)
What a maroon
You'd have to be ridiculously stupid to think that [your enemy's attempts to enslave you] are born out of stupidity.
Re: (Score:3)
In which case, my personal nuclear launch codes were leaked (how I never found out) and someone used them. Luckily, the credit card they opened arrived at my doorstep instead of theirs, but still it's a horrible feeling to know that your entire identity has been stolen and won't ever be solely yours again. My credit is frozen so nobody - including me - can use my credit unless I first thaw it, but it's still a horrible feeling.
So, no, I won't be willingly opening myself up to more of this just so the police
And he'll be the first to cry when (Score:2, Insightful)
Some crims get the private key and use it to steal his savings.
Seriously, encryption backdoors are so bad. I see why they would want access to stuff for law enforcement, though that should always be gotten through the individuals right to disclose the key if required, and every country already has laws/etc for this already.
Putting a deliberate backdoor into stuff (which is just going to creep into other stuff) *he* cannot possibly know what stuff is going to be used for - it could inadvertently be used for
Re: (Score:2)
In the USA you are NOT required to hand over passwords, unlock codes for a safe etc. The government can try to break into these thing with a warrant but they are not guaranteed success and you don't have to help them.
Genie is out of the bottle. What you going to do? (Score:2)
Meanwhile, Trump Admin Encrypts Their Comms (Score:2)
AG Barr lobbying for a government backdoor is ridiculous given that the Trump Administration has consistently argued against the "Deep State" "wiretapping" their communications during investigations into Russian election tampering. Top Trump officials have used encrypted chat applications such as Confide and WhatsApp to avoid surveillance, even though such conduct violates federal laws requiring that official communications to be archived.
Good luck with that. (Score:3)
How many times (Score:5, Insightful)
How many GD times do we have to keep telling these people " NO " ?
It's like they wait a generation, then ask the question again. Eventually, they'll find a generation of folks stupid enough to say " Yes ". :|
As it stands today, I can't even trust a company to possess sensitive information of any kind due to the incompetence of the folks who store and hold it. Barr thinks their " magic backdoor " will be immune to this ?
Do you think it likely the crypto the government uses will be subject to said backdoors ? ( Of course not ) So if they aren't willing to put their faith into the proposed system, why the hell would we ?
The NSA can't even keep their hacking toys ( which were likely classified at the TS level ) a GD secret FFS.
If anything, backdoors in crypto ( intentional or otherwise ) will be the PRIORITY TARGET because, once compromised, it gives you all the keys to the kingdom.
Re: (Score:2)
" He suggested that the "residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. [...] Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety." "
In related news, Mr. Barr should probably familiarize himself with some of the oft quoted sayings of one Benjamin Franklin.
Specifically the once concerning libert
Comment removed (Score:3)
Pig! (Score:2)
Umm.. 4th amendment (Score:2)
Sure, no problem. (Score:2)
We'll accept encryption backdoors just as soon as the Government accepts the responsibility of destroying trillions in revenue when those backdoors are compromised, which inevitably they will be.
Let's stop pretending it's little Johnny Drug Dealer who is the only one affected by this kind of legislation. We're talking about all encryption here, to include encryption that every legal entity relies on to secure business.
I can't believe we have such a hard time convincing lawmakers of this, as if they're no
Re: (Score:2)
And it's not only limited to that. There's criminal identity theft to worry about too. By that, I mean a criminal is arrested and gives a fake name/SSN/DOB. Suddenly, all police records list that YOU have committed a crime and any police interactions (like, for example, you're speeding and they run your plate) will begin with "this guy committed a major felony two states over." Also, good luck purging those databases because deleting one reference causes the data to just flow back in. (Here's an article det [libertyid.com]
Here's why this discussion is moot (Score:5, Interesting)
This discussion of US companies putting backdoors in their software is pointless: even if the US passed a law requiring backdoors, no one would do it. No only because security professionals would refuse to comply out of principle, but mainly because the *lawyers* won't let you do it. The legal implications of getting sued for non-compliance would be fewer than the legal implications of having a backdoor in your system. There's no way your software could be sold in China, Russia, or the EU with a known backdoor in it. And if a law was passed, there would be no path to plausibly deny that such a backdoor existed. Every competent security organization would be in a race to write the CVE indicating that the product had a known backdoor.
An acquaintance of mine works for the NSA and tries to find backdoors in hardware chips (stuff like routers). I can't imagine how an organization like the NSA could ever purchase a piece of software or hardware knowing that some other 3-letter-agency could spy on the NSA. [wikipedia.org]
Even the US's own regulations would be ripped apart. For example, I write software that has to comply with the FDA security directives. I can't imagine a reading of those directives that would allow a known backdoor in the software. My employer's legal and compliance team would have a meltdown trying to figure out how to comply with a US backdoor + FDA security directives + IEC 62304 + 21 CFR Part 11 + GDPR. It would probably be easier to disregard the law.
So the US Attorneys General can talk all they want about backdoors. It was voted down in the Clinton era, and it will be voted down again because your own legal team doesn't support it, and not a lawyer in the country does either. If Barr really wants a surveillance state, his best path is to quietly shut-up about it and do what we do now: have the NSA find vulnerabilities in software and quietly insert backdoors. At least then the corporations can plausibly deny the backdoors. The only reason for Barr to bring this up publicly is if the NSA is panicking that vulnerabilities are closing and they are losing access.
What Barr doesn't seem to understand... (Score:4, Interesting)
And while certainly its true that this person would be a lawbreaker and have to be punished, the net result is that law enforcement's job is made *harder*, not easier, because it now additionally has to protect the public from such exploitation.
If you throw in the dubiousness of trusting a government agency with such backdoor keys in the first place, it just goes downhill from there.
All the more reason (Score:2)
If America's AG has this frame of mind that is all the more reason to seek out another country to host your e-mail and data storage.
Re: (Score:2)
Quantum encryption (Score:5, Funny)
When quantum encryption is outlawed, both criminals and law abiding citizens will simultaneously have and lack quantum encryption!
It's just an iron boot, what's your problem!?!?? (Score:2)
Again, several billion around the world are living the dream of not imagining, but actually experiencing a boot stamping on their face -- forever (Orwell).
And as usual, politicians in the west are more interested in notches on their belts for prosaic crime and ignoring the real reason encryption is needed -- the biggest crime of all, dictatorship.
Stop enabling the tools of tyrrany. No censorship. No panopticons. And encryption for everything.
AG Barr should accept that he is clueless (Score:5, Insightful)
Encryption and system software is obviously not AG Barr's area of expertise, if he even has one.
The risk of doing what he suggests is a 100% probability of a compromised system. If a government organization holds a key that will unlock the door to every computer system, then every computer system will be compromised. If there are many keys, they will still be compromised, but it might take a little longer.
Why? The logic to that back door will be embedded in the system software that is delivered and running on each system. Thus the algorithm will be published for all the adversaries to explore, reverse engineer, and utilize at will. Once the adversary understands how the code works its only a matter of time before they know how to defeat any protections built into it. The system itself then becomes a cyber weapon capable of being used against us.
After this code publication, Russia, China, NK, and Iran will all have the secret weapon needed to disrupt any efforts to defend ourselves against attack. They can then devastate the economy, shut down all power, water, and emergency services whenever they choose. No system containing this back door will be safe to use during an emergency.
AG Barr, be very careful what you wish for. I'm sitting here wishing you had a clue.
Comment removed (Score:3)
Irn Bru (Score:3)
What has this got to do with Irn Bru?
https://www.agbarr.co.uk/ [agbarr.co.uk]
Re: (Score:2)
Or what, is your bigoted hate filled mind to tin foil wrapped to accept this has always been what has been wanted by law enforcement agencies. No matter what political party is in power?
Re: (Score:2)
Law enforcement and the president are usually in agreement that they should be able to spy on us and that we should not be able to protect ourselves from them. The party or lack of party doesn't matter. I don't see why this should even be a problem. If you buy a safe that law enforcement can't break into you are not required to help them get in. You only have to let them try. They are free to try and break the encryption and we are free to keep making it better.
Re: (Score:2)
Re: (Score:2)
As much as I don't like cloud services, at least they require encryption in transit and get general scrutiny to how data is stored. There is no such planning on a local app or peer-to-peer connectivity.