Five Eyes Governments, India, and Japan Make New Call For Encryption Backdoors (zdnet.com) 129
Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications. From a report: The statement is the alliance's latest effort to get tech companies to agree to encryption backdoors. The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively. Just like before, government officials claim tech companies have put themselves in a corner by incorporating end-to-end encryption (E2EE) into their products. If properly implemented, E2EE lets users have secure conversations -- may them be chat, audio, or video -- without sharing the encryption key with the tech companies. Representatives from the seven governments argue that the way E2EE encryption is currently supported on today's major tech platforms prohibits law enforcement from investigating crime rings, but also the tech platforms themselves from enforcing their own terms of service. Signatories argue that "particular implementations of encryption technology" are currently posing challenges to law enforcement investigations, as the tech platforms themselves can't access some communications and provide needed data to investigators.
In other words (Score:2)
Re: (Score:2)
No, it means they want to spy.
Big "Tech" companies don't have a monopoly on encryption. If they become insecure, criminals will just download something else and use that instead.
(and really big criminals will simply roll their own).
Re: In other words (Score:2)
Uum, every kid with a bit of computer clue can roll their own nowadays. XORing with data from /dev/random, that previously was shared between the comminicating sides, is trivial. People did it by hand during the cold war, using a code book.
The only quirk is for both sides to know where they left off the last time.
Re: (Score:2)
So... the problem of transmitting an encrypted message becomes the problem of transmitting your one time pad. Aren't they equally difficult problems?
Code books were used during wars because coding was usually done with pencil and paper and it was normal for people to meet up beforehand.
All you need in the computer age is a single encryption key per user. 128 bits of data is enough and there's many ways to transmit it safely.
Re:In other words (Score:5, Insightful)
All the trade-offs for key escrow of end-to-end encrypted communications are terrible for the end users. Embed keys in the cipher stream? They become the immediate target for all adversaries. Give the keys to the government immediately? The government's archive becomes the universal target, and an evil government can intercept all the communications immediately. Require companies to hold keys for some period? Now your content is compromised along with your accounts, and the least secure providers will become easy targets.
If governments want backdoors to private communications, they should publish descriptions of how to do it so that we can examine and decide whether to trust the proposed mechanisms. Every mechanism that has been proposed and studied so far has grievous security compromises for normal users.
Re: In other words (Score:3)
Computers should be good at automating this for multiple users, multiple messages. I give you a one time pad on a USB key. You give me one. I give someone else another one time pad, they reciprocate.
One time pads are the hardest to break. Keep your friends close, keep your one time pads closer.
Delete the one time key after you read the message, and it becomes impossible for you to decrypt the message even under a cour
Re: In other words (Score:4, Informative)
There are a number of reasons why "One Time Pads" are not in common use.
1. It's extremely inconvenient generate and distribute the pads.
2. Pads must be at least as large as the data they encrypt.
3. It's pretty hard to generate truly random pads.
4. Other techniques offer reasonable security, don't require distributing large amounts of key material, and are much easier to setup and use.
Oh, and one time pads ARE unbreakable, basically because the actual message can be anything that is the same size, literally. Even if you guess the pad and extract the message, you have zero way to know if you have the right information or not.
Re: (Score:2)
Walk up to them, with pad and paper, write note, they read it and then burn the note. Don't be bloody lazy. So many ways, they are not even targeting real criminals who will told what encryption software to install on top of what hardware. The backdoors are for the boobs who do not know what they are doing, the goal convict everyone of a crime, home detention and ankle straps to watch and monitor them at all times. If you are poor, you are inherently a criminal, which is why you must be monitored at all tim
Re: (Score:2)
GCHQ came up with an interesting (but flawed) proposal. They suggested that the client would allow them to silently join any communication session, similar to joining a group chat. Then there would be no need for routine storing of encryption keys or anything like that, but of course the weak point is the method of silently joining. If they can, anyone can.
Re: In other words (Score:2)
By interesting, I'm assuming that you mean absolutely terrifying and something that only authoritarian governments (e.g., China) would even seriously consider.
Can you even get more 1984 than this?
Re: (Score:2)
something that only authoritarian governments (e.g., China) would even seriously consider.
Five Eyes, India, and Japan-- all countries not China.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The issue is the cake recipe. And the cat is completely out of the bag on that front. This isn't the 'secret sauce' tiktok cake that can be banned at the app store.
Five Eyes plus ancillary despots want to add shit to our yummy cake recipe. But they're forgetting we already have the frikkin' cake recipe! It's FOSS cake. How can this basic principle be hard to explain to our diktat overlords?
Re:In other words (Score:5, Insightful)
The problem is that there is no trade-off here. If the backdoors get used, the keys _will_ leak and then a lot of criminal enterprises will have exactly the same access. That would be a major catastrophe, that immediately would negate any potential advantages.
And, seriously, no actually dangerous terrorists are going to use back-doored crypto. This serves one purpose only: To spy on regular citizens.
Re: (Score:3)
You know the proof that this is government wanting to spy on citizens?
They aren't making the same demands of financial institutions, which have run E2E nigh forever. Just "Silicon Valley firms".
Re: (Score:3, Informative)
General incompetency aside, have the codes for a nuclear launch ever been leaked? If given appropriate security, secrets can be kept.
The code to detonate US nuclear weapons is 00000000.
Re: In other words (Score:2)
Launch, not detonate. And thatâ(TM)s only for Air Force nukes. As far as Iâ(TM)ve ever read, the codes for the nukes controlled by the Navy have never been leaked.
Re: (Score:3)
Are you under the impression that "nuclear launch codes" are some digital code that's sent over the internet?
You might want to read up on that [wikipedia.org], think about all the ongoing manual intervention involved in securing that system - and multiply that by several hundred million people. It's not remotely scalable.
Also, you might remember this from a while back - the old codes were leaked at least once, after the fact [medium.com].
BTW search results for "nuclear launch codes" appear to include results from a bogus website (possi
Re:In other words (Score:5, Insightful)
While I personally agree that secrets can be kept...for a long enough time to be useful. This situation is nothing like nuclear launch codes (and I wouldn't be surprised if those have become known after the fact, even if they were kept secret while active).
Maybe this could be kept secret if this were only available to, say, some very specific part of the FBI that only investigated the most serious crimes. However, do you really think that's what they're proposing here? To be useful to LEOs broadly, this "secret" will need to be available to all sorts of LEOs all over the country, meaning that a leak is inevitable. It'd be like if the nuclear launch codes had to be available to the local deputy, which isn't going to end well.
If tech companies are running this and LEOs are just making requests for information, then does this mean that you can't use encryption on a network unless you're a big tech company that can keep up with the encryption regulations? Plus anyway, you have the same fundamental problem: many actors (tech companies) have access to the backdoor or backdoors, and if a key is compromised you have an epic breach on your hands.
Crucially, damage can still be done for a much longer time. If the backdoor is compromised, then anyone who harvested data and sat on it can now decrypt and read everything they've stored up. So, if a nefarious actor has collected a bunch of e-commerce transactions, then they could get all the older credit card numbers and identifying/security information. Some of these credit cards will still be valid, and any static information will remain valid indefinitely. So, in the wake of such a breach, we'd have to immediately re-issue all credit cards, SSNs, drivers licenses, etc. We'd also have to stop using any static identifying information for security purposes, and just assume it's all known. This isn't even to mention all the information that can be gleaned from reading everyone's private conversations. It would be an intelligence goldmine for any foreign intelligence agencies, giving them a very clear picture of what's going on in the compromised country or countries.
This is really just such a dumb idea, and implementing it would be shooting themselves in the foot. It's much better to build security into your own infrastructure first and foremost, even if that security can be misused by some.
Re: (Score:3)
Other dumb aspects:
* How do you get keys with the backdoor registered with devices, without revealing the backdoor key?
* If there's a breach, how do you get replacement keys registered with devices? You can't send them encrypted by the old key, because an attacker would be able to find out your new key if they ever breached the old key. If the old key is breached before replacement, an attacker could also send devices a spoofed key that the attackers control, and likely this would allow them to permanently
Re: (Score:2)
Exactly. Nice summary of the problem.
Re: (Score:2)
Yes, they have, so no, they can't.
That's why actually launching nuclear missiles requires multiple highly trained people to actually open a key vault, insert the keys, and turn them simultaneously after following a fairly complex security protocol.
Having the launch codes is just step one exactly because we CANNOT trust that they will never leak.
Now imagine a weapon that cannot be deactivated, the codes can't be changed, and you can't retrieve the device, and then the codes leak. That's the situation for enc
Re: (Score:2)
General incompetency aside, have the codes for a nuclear launch ever been leaked? If given appropriate security, secrets can be kept.
If they are not used. If we had a nuclear launch every few weeks, ordered by a multitude of different actors, the codes would be general knowledge by now.
secrets can be kept, but aren't kept (Score:3)
Data leak, by the arms of the government are very frequent :
https://techcrunch.com/2019/01... [techcrunch.com]
https://techcrunch.com/2019/02... [techcrunch.com]
After data leak, typically there is no punishment. At best an apology :
https://indianexpress.com/arti... [indianexpress.com]
https://indianexpress.com/arti... [indianexpress.com]
https://thewire.in/law/identit... [thewire.in]
These are only the examples where secrets were leaked to everybody. If the secrets are leaked to selected audience, possibly in exchange for favours, we may not even know about it.
Re: In other words (Score:3)
It is not a trade off!
It is a complete loss!
A backdoor means NO encryption. Period.
And if you believe THEY can keep more secure encryption for themselves, and the "peasants" are just going to use the incecure one, you're crazy.
Besides, secrure encryption is already out there. And we can always make our own. If push comes to shove I'm carrying a drive with random data around so I can use XOR. Should nit be too hard. Stick it in your home server in the evening, and in the morning you take it with you, with en
Re: (Score:2)
I can only speak specifically about UK law, but here we have RIPA, the Regulation of Investigatory Powers Act 2000. Part 3 (2006) says that the police can demand encryption keys and refusal can earn a five-year jail term.
If a country's laws mandate the provision of encryption keys on demand that's much the same as outlawing encryption in the first place.
Re: (Score:3, Interesting)
Maybe, but it's interesting that the 'I forgot the key' defence has never been tested. 'I refuse to provide the key' has resulted in at least one conviction, but the 'I forgot' defence has not. As it's probably impossible to prove beyond reasonable doubt that someone actually did *not* forget, a conviction seems unlikely, although it might need to be appealed to the SCOTUK to establish that.
It's also interesting that in 14 years no case has actually been bought which might test this defence. This indicates
Key refusal (Score:2)
If a person doesn't admit that the encrypted device is theirs, and in fact just maintains a blanket silence, then it isn't a refusal to decrypt one's property. Probably more legally valid in USA than UK due to the 5th amendment.
Re: (Score:2)
The Criminal Justice and Public Order Act 1994 allows the police and courts to draw adverse inference from silence.
In plain English that means if you refuse to deny the device is yours, the police or court can adversely infer the device is yours and you're prosecuted on that basis.
Re: (Score:2)
A backdoor means anyone seriously wanting secrecy will use their own encryption outside of any OS or App - like privately traded keys, one-time random number pads, and/or steganography.
Re: (Score:2)
Tradeoff (Score:3)
The tradeoff is that the secret services in the US, the UK, Canada, Australia, and New Zealand plus India, Japan will be able to covertly play with the bank balances (etc) of anybody in the world.
Frameups will be trivial, because chains of custody will become unsecurable.
I wonder if courts will accept that all electronic evidence must be regarded as tainted by default?
Re: (Score:2)
Having your cake and eating it to would mean getting to have a phone AND retain your privacy.
Re: (Score:2)
Having a Master Key, is Dangerous. A government has thousands of employees, who are often underpaid, and forced to follow a lot of regulations. Giving them a key to decrypt all traffic, will make a few people thinkinging if they were to sell it to someone, they could make some serious cash.
The NSA or other Government could give some Indian or Japanese a few million bucks, and safe transit for themselves and their family to America where they can live their lives in luxury. If they get caught there might
Re: In other words (Score:3)
Are you implying that the standard of living is higher in the US than Japan? India.. Yes. But Japan? I don't think so.
Right to search not infringed. (Score:5, Insightful)
Re: Right to search not infringed. (Score:5, Insightful)
Very well said.
The government's perceived right to gain access to personal communication on demand is disconcerting but not new. This heavy-handed intrusiveness is more visible now because wide spread use of encryption prevents governments from carrying out large-scale, indiscriminate surveillance that they believe is required to identify and then track illegal activities. Most disconcertingly, our federal law enforcement overlords seem to be oblivious to the fact that enabling nation-wide surveillance of the citizenry is antithetical to the principles of individual rights and liberties enumerated in our Constitution.
Re: (Score:2)
no more mod pts, but if I had some, yall would get 'em
Re: (Score:2)
Mod parent and GP up. Hear hear!
Re: (Score:3)
This heavy-handed intrusiveness is more visible now because wide spread use of encryption prevents governments from carrying out large-scale, indiscriminate surveillance that they believe is required to identify and then track illegal activities.
indiscriminate surveillance is the point, illegal activities are just the excuse. for starters e2ee would be "impossible" to backdoor if users did it on their own behalf and means instead of relying on user-friendly out of the box features of mass consumer products. just like actual criminals would do. this is not about crime, but about the general population.
they just want to covertly do what china openly does while still shouting around how evil china is. values and all that! which isn't really a surprise
Re: (Score:3)
Unfortunately in the UK they can force you to decrypt things and people have gone to jail for refusing.
We are already in a very bad place.
Re: (Score:3)
Re: (Score:2)
Perhaps a better analogy would be; if the police get a warrant to sieze my diary but then are disappointed to find that it's written in a foreign language that they can't easily translate, does their warrant obligate me to translate it for them? Or do my obligations end when I hand over the diary?
Depends.. Courts have often held that you must hand over the decryption keys, so if you encode your personal diary you could possibly be ordered to turn over the key.
Now, many argue the courts don't have the right to do this, that your 5th amendment rights trump their orders in this case, but I'd want to have a lawyer advising me before I got crosswise with a judge who's likely to hold me in contempt and cart me off to jail until I comply (and most lawyers will advise you to comply). Your mileage may vary b
Re: (Score:2)
I like quarters better.... Because I can encode anything with 1's and 0's and people love to stack quarters, often without making all heads or tails, thus a random assortment is *natural*.
Also they are physical and easy to erase by just knocking them over. Paper needs to be burned. Knocking over quarters is *natural*, burning papers gets you extra charges and suspicion.
I could build a robot to take a message over a network and quickly apply a key and sort that into stacks of quarters. It could even be porta
Re: (Score:3)
''This is a grab at being able to "understand"''
They perfectly understand. What they don't understand is the fact that one can't legislate the rules of math. The cat is out of the bag. This type of governmental posturing isn't any different than Clinton with his the ''clipper initiative''.
''If properly implemented, E2EE lets users have secure conversations'' Aside from a minimal amount of published applications [I can think of two aside from PGP], I seriously doubt the ability of Joe Sixpack to properly imp
Re: (Score:2)
''This is a grab at being able to "understand"'' They perfectly understand. What they don't understand is the fact that one can't legislate the rules of math.
Oh, don't worry this is just the beginning. Once/if something like this is passed as a law, it won't be long until they criminalize the implementation of unapproved encryption. Strong encryption will still exist of course, but it won't be available in commercial apps, and using it will carry the risk of criminal prosecution.
And be sure, that "they" are going to use every opportunity to drum up support - every mass shooting, every bombing, kidnapping, etc. - "We could've stopped him, if we could've read al
Here we go again. (Score:2)
Hey, you intelligence crypto "experts"...you geniuses figure out the answer to the obvious Catch-22 yet? How you're going to keep the bad guys from stealing or abusing that backdoor you keep insisting on?
No?
Then shut the fuck UP already about backdoors. Seriously.
Besides, the bullshit "Waaaa, we're blind to the eeevils!" façade gets old. I believe Five Eyes doesn't currently have a backdoor about as much as I trust elected Representatives to act calmly and rationally to election results.
Re: (Score:2)
How you're going to keep the bad guys from stealing or abusing that backdoor you keep insisting on?
Furthermore, "law enforcement" and "bad guys" are not disjoint sets.
Re: (Score:2)
Bingo.
Re: (Score:2)
And of course, the bad guys will just use one of the many crypto apps that won't have a back door, because the technology is widely known, and governments can't put the genie back in the bottle, nor can they control every single developer.
Re: (Score:2)
The governments arent talking to "crypto experts" whenever this comes up. They are talking to bureaucrats, and calling those bureaucrats "experts." Sheds new light on global warming, yes?
Governments secretly not wanting to reveal their own intelligence capabilities (either individually or collectively), is more likely what is going on here. No light to shed on the obvious reason to keep that capability secret either.
Re: (Score:2)
People aren't that smart. And governments are extremely well versed with how smart the people are.
People would support a government more if the government claims that we are so nice (unlike China) and we allow open use of cryptography to our citizens. IFF they could break the cryptography easily.
Also, Snowden said correct usage of commonly available cryptography is unbreakable to typical government types, which adds weight to the argument that governments currently can only easily break badly used encryptio
Re: (Score:2)
No.
Stupid never dies (Score:2)
And these people are beyond stupid. They are anti-science, anti-reality morons that actively refuse to understand how things actually work. And they are dangerous.
Re: Stupid never dies (Score:2)
Don't play down their evilness by calling them merely stupid.
The answer to "evil or stupid" is:
Being evil IS stupid.
But being stupid IS evil too.
(Under the common assumption that evil means effctively harming you. Because a stupid peson by definition makes bad choices. Bad by definition means harmful. To those involved. Not just him.)
Re: (Score:2)
Well, some of them are stupid, others are clearly evil. It is a mix. Without the stupid ones, the evil ones would not have traction.
Re: (Score:2)
Never attribute to incompetence that which can adequately be explained by malice when discussing sociopaths. If you do they have a term for people like you, meat.
Re: (Score:3)
And these people are beyond stupid. They are anti-science, anti-reality morons that actively refuse to understand how things actually work. And they are dangerous.
Unfortunately, we've been hearing this same argument off and on from governments of all political stripes, for years. In the US, at least, these calls come from both Democrats and Republicans.
Re: (Score:3)
Well, the US has a strongly right wing party and an extremist right wing party. Of course, both will call for this. Those on the right side of the spectrum always crave more control over everybody, no matter how much damage that does.
Re: (Score:3)
And these people are beyond stupid. They are anti-science, anti-reality morons that actively refuse to understand how things actually work. And they are dangerous.
Government bureaucracy at its level best.. Which is why I advocate for as little government as we can possibly manage. It is a necessary evil, which should be used as sparingly as possible.
Re: (Score:3)
I've never figured out how so many people seem to love the idea of using the power of government to "fix" anything they deem a societal problem, but have a complete disconnect about how those same governments also start encroaching on their rights, in ways that sprawling and powerful government bureaucracies are wont to do. Instead, they'll focus on a particular administration, or perhaps focus their rage on a single department, or even a department head, as though the entire apparatus was not inclined tow
Re: (Score:2)
Exactly. This was exactly the situation I was trying to illustrate. The very same folks who decry such government "over reach" (as in this article) would be the first to say we should have "single payer" for our healthcare. Why do they not see the irony?
If they can access it, it isn't end to end at all. (Score:2)
This is fucking dumb (Score:2)
You just need to be lucky once when searching for the key.
That if the gov just doesn't leave it lying around on some insecure AWS bucket of some sort.
People's enemies number 1 (Score:2)
Make no mistake. If those traitors will receive no mercy at the second Nürnberg trials.
If they are lucky.
It is VERY easy to make your own encryption. (Score:2)
Those who want "Encryption Backdoors" are people with no understanding of encryption or computer technology.
Encryption methods that are free. (Score:5, Informative)
GNU Privacy Guard [gnupg.org].
Use a combination of several encryption methods, with several passwords.
Lets think about (Score:2)
So lets say we have backdoors in "approved" encryption methods. Now we have a large org selling illegal items and they have resources. Will they use a backdoored encryption method ? For Pols, answer is No. And I doubt most people here would use it either. Also I am sure politicians will be given non-backdoored encryption too.
So, all you will do is catch the stupid, who you could easily catch without a backdoor.
All this is about is spying on law abiding citizens of each country
Hiding the ones they've got? (Score:2)
Here we go again (Score:2)
Stupid people in politics and military do not understand mathematics. It's either secure for everyone, or it's not secure for anyone. It is mathematically impossible to make encryption that can only be accessed by the "good" guys.
by design (Score:2)
In this age of global wealth inequality and corporate personhood and international banking cartels controlling governments and police forces, the People need to hold on to their E2EE and cannot trust police investigators with such power over them; the investigators and the governments to whom they are beholden and the banks and corporations to whom they, in turn, are beholden, simply prove every single year that they lack sufficient trustworthiness for us to trust them with that much control over our commun
Ask Huawei (Score:2)
Needs too many exceptions. (Score:3)
Let's say the Five Eyes countries get their wish. The problem is that there would obviously need to be exceptions.
The financial system is one. Health care providers are another (at least in the US under HIPAA). In addition, you'd probably want e-commerce covered. The legal system as well, due to attorney-client privelige.
The problem is, how do you differentiate that traffic from Signal or Telegram? Moreover, how do companies who have both priveliged and un-priveliged communications interpret which communications they can encrypt and which ones they can't?
The whole thing is a nightmare.
Re: (Score:2)
The financial system is one. Health care providers are another (at least in the US under HIPAA).
Huh? When has a government ever considered themselves to be required to abide by privacy / encryption laws? These laws are very much for people, not for governments.
will apple bend over? but still not help the FBI? (Score:3)
will apple bend over? but still not help the FBI?
Re: (Score:3)
Based on Apple's demonstrated behavior in other countries - if a law requiring this access is passed, Apple will comply and provide such access. They will not break the law for their customers.
Oxymoron (Score:2)
End-to-end encryption versus back door.
I've gotcher back door right here... (Score:5, Insightful)
Anyone witnessing the absolutely brutal treatment non-violent demonstrators have received from police in any number of "free" countries will understand why even terrorist activity might be preferable to giving governments this kind of access to private communications and the power that would give them over their citizens.
To be clear: I am not singling out the United States, and I am not referring specifically to recent events. For years the Five Eyes countries have used their relationship to circumvent even the minimal privacy protections afforded by their national constitutions. And during this time they have all demonstrated time after time why they cannot be trusted to use their power responsibly. If anything, they've learned lessons from China's terrifying surveillance state and moved toward the kind of Big Brother government no decent person would willingly tolerate.
If cops can't catch criminals with the formidable array of powerful tools already at their disposal, I think we should assume the problem isn't that they need even more laws and toys, but that they're lazy, incompetent buffoons who won't be much more successful no matter how much more help they're given. The chances that increased power of mass surveillance will be used in the manner promised rather than against citizens exercising their legal rights in a way the government of the day doesn't like are zero.
Basically, we need to tell these long-nosed bastards to mind their own business and get on with their jobs.
Re: (Score:3)
I suspect you thought that your subject title was clever at the time,
but it appears that you did not think it through.
Re: (Score:2)
I'm aware that the title can be willfully misinterpreted. I simply counted on the perspicacity of Slashdot readers to put it in context and understand what I was getting at.
In one case, at least, it appears I overestimated the intelligence of the reader.
And in other news, I'm making a new call.. (Score:2)
for all of the above governments to get fucked.
I'll stick to proven open source programs with no back doors, and proven encryption methods that are documented. No more NSA back doored ciphers for me.
Sorry feds, but you can't repeal or outlaw math.
rush to the bottom (Score:3)
"Hey, just look at all those totalitarian governments. How awful!"
"But their crime rates.... way down. And their opposition political parties... way down."
"OK, then, let's put in massive backdoor requirements everywhere."
Dear 5 Eyes + JPN + IND Governments, (Score:2)
A big middle finger to you (Score:2)
NO, FUCK YOU 'Five Eyes' (Score:3)
So stop it (Score:2)
Attention enforcement agents, managers, and politicians!
The reason you have free countries to live in is because government is restricted in the spying on its citizens. This derives from historical examples of kings using the power of government to investigate political enemies to hurt them, as opposed to indifferent and coincidental concern for lawbreaking.
Hence the 4th and 5th Amendments in the US, among many other things.
What better way to thwart eternal dictatorship than disallowing such backdoors. Re
The back doors will be sold to criminals (Score:2)
Access to any back door will be sold to criminals or foreign powers or both. It's inevitable. Anything so valuable will inevitably be sold or acquired through blackmail, or discovered through hacking or social engineering. There is no such thing as creating a back door and confining it to a certain set of people. The fact that they ARE people, and not automatons, makes this impossible.
Okay.. (Score:2)
But first prove your point by creating an encryption scheme that ONLY THE GOVERNMENT can break and can be ran on mobile chips.
Re: (Score:2)
So in other words, a bunch of low-level drug dealers can use technical solutions to outsmart trillions of dollars of surveillance efforts across multiple governments.
Technology trumps authoritarianism. And it doesn't even have to cost trillions of dollars to defeat them.
Sure.
And ISMI catchers are practically worthless and hardly ever (ab)used, FISA warrants and gag orders are imaginary tools made up by the MSM, and of course we have never caught a single drug dealer using these anti-Constitutional tools with tactics that are never revealed in a courtroom.
Riiiight.
It hardly takes technology, to convince the painfully gullible.
Re: (Score:2)
"And ISMI catchers are practically worthless and hardly ever (ab)used, FISA warrants and gag orders are imaginary tools made up by the MSM, and of course we have never caught a single drug dealer using these anti-Constitutional tools with tactics that are never revealed in a courtroom."
They are worthless (for legitimate use and individual surveillance), are abuse by definition, the FISA warrants and gag orders are real, and no we've probably never caught any drug dealers with them but certainly haven't caug
Re: Five Eyes Luddites Outsmarted! (Score:2)
Drug dealers? Just follow the drugs and the money. The drugs can't be encrypted and sent over the wire.
Terrorists? Just follow the drugs (gotta fund their operations) and money, and the terrorists themselves. After all, if you want a back foot into a specific persons device, you already know who to target.
Re: (Score:3)
Or just legalize the drugs WITHOUT heavy taxation... the black market won't be able to compete with the legal one and drug dealers will either go legal or on to something else, terrorist funding will dry up over night. Keep the tax savings on following anybody.
Re: (Score:2)
Without drug money all they'd have would be gun running to fund CIA black ops.
Re: (Score:3)
Re: (Score:2)
No the baseband driver in the cell phone has remote commands the cell towers can run as part of the protocol. FYI these commands can include things like sending any arbitrary memory location's contents back to the tower. So they can basically read your ram out from under the apps on the phone.
Not really... baseband is an entirely separate computer with its own processor and operating system. For the sake of BOM costs some phones share hardware (e.g. ram) with the phone opening up at the least a question of the possibility of direct memory access to the phones operating system.
To side step the possibility of baseband exploiting (un)intentional MMU defects phones where nothing is shared with the baseband are readily available.
Baseband communication with host system is essentially a serial link. A
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
When I was living in a large metropolitan area in California (moved out years ago) in a high crime area, I remember that the local government was trying to outlaw high security doors. The reasoning put forward was that if there was a fire, the firemen should be able to break the door down. So, for the children, we were asked to give up the metal doors and heavy frames we had put in place to keep the criminal element out.
It didn't go over well, and I think the effort was eventually abandoned. However, I h