Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Japan

Five Eyes Governments, India, and Japan Make New Call For Encryption Backdoors (zdnet.com) 129

Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications. From a report: The statement is the alliance's latest effort to get tech companies to agree to encryption backdoors. The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively. Just like before, government officials claim tech companies have put themselves in a corner by incorporating end-to-end encryption (E2EE) into their products. If properly implemented, E2EE lets users have secure conversations -- may them be chat, audio, or video -- without sharing the encryption key with the tech companies. Representatives from the seven governments argue that the way E2EE encryption is currently supported on today's major tech platforms prohibits law enforcement from investigating crime rings, but also the tech platforms themselves from enforcing their own terms of service. Signatories argue that "particular implementations of encryption technology" are currently posing challenges to law enforcement investigations, as the tech platforms themselves can't access some communications and provide needed data to investigators.
This discussion has been archived. No new comments can be posted.

Five Eyes Governments, India, and Japan Make New Call For Encryption Backdoors

Comments Filter:
  • We want communications to safely unsafe.
    • No, it means they want to spy.

      Big "Tech" companies don't have a monopoly on encryption. If they become insecure, criminals will just download something else and use that instead.

      (and really big criminals will simply roll their own).

      • Uum, every kid with a bit of computer clue can roll their own nowadays. XORing with data from /dev/random, that previously was shared between the comminicating sides, is trivial. People did it by hand during the cold war, using a code book.
        The only quirk is for both sides to know where they left off the last time.

        • So... the problem of transmitting an encrypted message becomes the problem of transmitting your one time pad. Aren't they equally difficult problems?

          Code books were used during wars because coding was usually done with pencil and paper and it was normal for people to meet up beforehand.

          All you need in the computer age is a single encryption key per user. 128 bits of data is enough and there's many ways to transmit it safely.

  • by AcidFnTonic ( 791034 ) on Monday October 12, 2020 @09:58AM (#60598690) Homepage
    This is a grab at being able to "understand" instead of just being able to "search". No different than if I stacked quarters on my desk, heads is a 0, tails is a 1. Your search warrant lets you break into my house and take a look at my quarter piles. Your search warrant *doesn't* mean I have to explain to you my "system" and what it means. Encryption is just me arranging my life in a way that "once searched" is not easily understandable. There has not been any violation of their right to search (and be confused). The next step is that once broken encryption is required, other encryption will be prohibited. Since randomness looks like encryption, this is basically a rule that you are not allowed to be random or non-understandable or else perhaps you are using encryption. It is an end-run around the concept of guilty until proven innocent. Random is resistance.
    • by eatvegetables ( 914186 ) on Monday October 12, 2020 @10:34AM (#60598888)

      Very well said.

      The government's perceived right to gain access to personal communication on demand is disconcerting but not new. This heavy-handed intrusiveness is more visible now because wide spread use of encryption prevents governments from carrying out large-scale, indiscriminate surveillance that they believe is required to identify and then track illegal activities. Most disconcertingly, our federal law enforcement overlords seem to be oblivious to the fact that enabling nation-wide surveillance of the citizenry is antithetical to the principles of individual rights and liberties enumerated in our Constitution.

      • by jm007 ( 746228 )
        this post and the GP are well said and spot on

        no more mod pts, but if I had some, yall would get 'em
      • by Shaitan ( 22585 )

        Mod parent and GP up. Hear hear!

      • by znrt ( 2424692 )

        This heavy-handed intrusiveness is more visible now because wide spread use of encryption prevents governments from carrying out large-scale, indiscriminate surveillance that they believe is required to identify and then track illegal activities.

        indiscriminate surveillance is the point, illegal activities are just the excuse. for starters e2ee would be "impossible" to backdoor if users did it on their own behalf and means instead of relying on user-friendly out of the box features of mass consumer products. just like actual criminals would do. this is not about crime, but about the general population.

        they just want to covertly do what china openly does while still shouting around how evil china is. values and all that! which isn't really a surprise

    • by AmiMoJo ( 196126 )

      Unfortunately in the UK they can force you to decrypt things and people have gone to jail for refusing.

      We are already in a very bad place.

    • by nasor ( 690345 )
      Perhaps a better analogy would be; if the police get a warrant to sieze my diary but then are disappointed to find that it's written in a foreign language that they can't easily translate, does their warrant obligate me to translate it for them? Or do my obligations end when I hand over the diary?
      • Perhaps a better analogy would be; if the police get a warrant to sieze my diary but then are disappointed to find that it's written in a foreign language that they can't easily translate, does their warrant obligate me to translate it for them? Or do my obligations end when I hand over the diary?

        Depends.. Courts have often held that you must hand over the decryption keys, so if you encode your personal diary you could possibly be ordered to turn over the key.

        Now, many argue the courts don't have the right to do this, that your 5th amendment rights trump their orders in this case, but I'd want to have a lawyer advising me before I got crosswise with a judge who's likely to hold me in contempt and cart me off to jail until I comply (and most lawyers will advise you to comply). Your mileage may vary b

      • I like quarters better.... Because I can encode anything with 1's and 0's and people love to stack quarters, often without making all heads or tails, thus a random assortment is *natural*.

        Also they are physical and easy to erase by just knocking them over. Paper needs to be burned. Knocking over quarters is *natural*, burning papers gets you extra charges and suspicion.

        I could build a robot to take a message over a network and quickly apply a key and sort that into stacks of quarters. It could even be porta

    • by fred911 ( 83970 )

      ''This is a grab at being able to "understand"''

      They perfectly understand. What they don't understand is the fact that one can't legislate the rules of math. The cat is out of the bag. This type of governmental posturing isn't any different than Clinton with his the ''clipper initiative''.

      ''If properly implemented, E2EE lets users have secure conversations'' Aside from a minimal amount of published applications [I can think of two aside from PGP], I seriously doubt the ability of Joe Sixpack to properly imp

      • ''This is a grab at being able to "understand"'' They perfectly understand. What they don't understand is the fact that one can't legislate the rules of math.

        Oh, don't worry this is just the beginning. Once/if something like this is passed as a law, it won't be long until they criminalize the implementation of unapproved encryption. Strong encryption will still exist of course, but it won't be available in commercial apps, and using it will carry the risk of criminal prosecution.
        And be sure, that "they" are going to use every opportunity to drum up support - every mass shooting, every bombing, kidnapping, etc. - "We could've stopped him, if we could've read al

  • Hey, you intelligence crypto "experts"...you geniuses figure out the answer to the obvious Catch-22 yet? How you're going to keep the bad guys from stealing or abusing that backdoor you keep insisting on?

    No?

    Then shut the fuck UP already about backdoors. Seriously.

    Besides, the bullshit "Waaaa, we're blind to the eeevils!" façade gets old. I believe Five Eyes doesn't currently have a backdoor about as much as I trust elected Representatives to act calmly and rationally to election results.

    • How you're going to keep the bad guys from stealing or abusing that backdoor you keep insisting on?

      Furthermore, "law enforcement" and "bad guys" are not disjoint sets.

    • by marcle ( 1575627 )

      And of course, the bad guys will just use one of the many crypto apps that won't have a back door, because the technology is widely known, and governments can't put the genie back in the bottle, nor can they control every single developer.

  • And these people are beyond stupid. They are anti-science, anti-reality morons that actively refuse to understand how things actually work. And they are dangerous.

    • Don't play down their evilness by calling them merely stupid.

      The answer to "evil or stupid" is:
      Being evil IS stupid.
      But being stupid IS evil too.
      (Under the common assumption that evil means effctively harming you. Because a stupid peson by definition makes bad choices. Bad by definition means harmful. To those involved. Not just him.)

      • by gweihir ( 88907 )

        Well, some of them are stupid, others are clearly evil. It is a mix. Without the stupid ones, the evil ones would not have traction.

    • by Shaitan ( 22585 )

      Never attribute to incompetence that which can adequately be explained by malice when discussing sociopaths. If you do they have a term for people like you, meat.

    • And these people are beyond stupid. They are anti-science, anti-reality morons that actively refuse to understand how things actually work. And they are dangerous.

      Unfortunately, we've been hearing this same argument off and on from governments of all political stripes, for years. In the US, at least, these calls come from both Democrats and Republicans.

      • by gweihir ( 88907 )

        Well, the US has a strongly right wing party and an extremist right wing party. Of course, both will call for this. Those on the right side of the spectrum always crave more control over everybody, no matter how much damage that does.

    • And these people are beyond stupid. They are anti-science, anti-reality morons that actively refuse to understand how things actually work. And they are dangerous.

      Government bureaucracy at its level best.. Which is why I advocate for as little government as we can possibly manage. It is a necessary evil, which should be used as sparingly as possible.

      • I've never figured out how so many people seem to love the idea of using the power of government to "fix" anything they deem a societal problem, but have a complete disconnect about how those same governments also start encroaching on their rights, in ways that sprawling and powerful government bureaucracies are wont to do. Instead, they'll focus on a particular administration, or perhaps focus their rage on a single department, or even a department head, as though the entire apparatus was not inclined tow

        • Exactly. This was exactly the situation I was trying to illustrate. The very same folks who decry such government "over reach" (as in this article) would be the first to say we should have "single payer" for our healthcare. Why do they not see the irony?

  • Putting a backdoor in a scheme means the scheme is no longer secured.

    You just need to be lucky once when searching for the key.
    That if the gov just doesn't leave it lying around on some insecure AWS bucket of some sort.
  • Make no mistake. If those traitors will receive no mercy at the second Nürnberg trials.
    If they are lucky.

  • It is VERY easy to make your own encryption.

    Those who want "Encryption Backdoors" are people with no understanding of encryption or computer technology.
  • So lets say we have backdoors in "approved" encryption methods. Now we have a large org selling illegal items and they have resources. Will they use a backdoored encryption method ? For Pols, answer is No. And I doubt most people here would use it either. Also I am sure politicians will be given non-backdoored encryption too.

    So, all you will do is catch the stupid, who you could easily catch without a backdoor.

    All this is about is spying on law abiding citizens of each country

  • Maybe their claims of needing backdoors are an effort to hide backdoors and encryption breaking quantum computers they already have. Maybe not. The only thing we know for sure is that the people wanting their own keys to our houses aren't trustworthy.
  • Stupid people in politics and military do not understand mathematics. It's either secure for everyone, or it's not secure for anyone. It is mathematically impossible to make encryption that can only be accessed by the "good" guys.

  • In this age of global wealth inequality and corporate personhood and international banking cartels controlling governments and police forces, the People need to hold on to their E2EE and cannot trust police investigators with such power over them; the investigators and the governments to whom they are beholden and the banks and corporations to whom they, in turn, are beholden, simply prove every single year that they lack sufficient trustworthiness for us to trust them with that much control over our commun

  • At this point, wouldn't it just be easiest for the "spy on your own citizens" community to get friendly with Huawei. They already have the infrastructure these undemocratic asshats want. Be honest with yourselves and your citizens and buy it.
  • by Joe Gillian ( 3683399 ) on Monday October 12, 2020 @10:50AM (#60598982)

    Let's say the Five Eyes countries get their wish. The problem is that there would obviously need to be exceptions.

    The financial system is one. Health care providers are another (at least in the US under HIPAA). In addition, you'd probably want e-commerce covered. The legal system as well, due to attorney-client privelige.

    The problem is, how do you differentiate that traffic from Signal or Telegram? Moreover, how do companies who have both priveliged and un-priveliged communications interpret which communications they can encrypt and which ones they can't?

    The whole thing is a nightmare.

    • The financial system is one. Health care providers are another (at least in the US under HIPAA).

      Huh? When has a government ever considered themselves to be required to abide by privacy / encryption laws? These laws are very much for people, not for governments.

  • will apple bend over? but still not help the FBI?

    • Based on Apple's demonstrated behavior in other countries - if a law requiring this access is passed, Apple will comply and provide such access. They will not break the law for their customers.

  • End-to-end encryption versus back door.

  • by Miles_O'Toole ( 5152533 ) on Monday October 12, 2020 @11:05AM (#60599070)

    Anyone witnessing the absolutely brutal treatment non-violent demonstrators have received from police in any number of "free" countries will understand why even terrorist activity might be preferable to giving governments this kind of access to private communications and the power that would give them over their citizens.

    To be clear: I am not singling out the United States, and I am not referring specifically to recent events. For years the Five Eyes countries have used their relationship to circumvent even the minimal privacy protections afforded by their national constitutions. And during this time they have all demonstrated time after time why they cannot be trusted to use their power responsibly. If anything, they've learned lessons from China's terrifying surveillance state and moved toward the kind of Big Brother government no decent person would willingly tolerate.

    If cops can't catch criminals with the formidable array of powerful tools already at their disposal, I think we should assume the problem isn't that they need even more laws and toys, but that they're lazy, incompetent buffoons who won't be much more successful no matter how much more help they're given. The chances that increased power of mass surveillance will be used in the manner promised rather than against citizens exercising their legal rights in a way the government of the day doesn't like are zero.

    Basically, we need to tell these long-nosed bastards to mind their own business and get on with their jobs.

    • I suspect you thought that your subject title was clever at the time,
      but it appears that you did not think it through.

      • I'm aware that the title can be willfully misinterpreted. I simply counted on the perspicacity of Slashdot readers to put it in context and understand what I was getting at.

        In one case, at least, it appears I overestimated the intelligence of the reader.

  • for all of the above governments to get fucked.

    I'll stick to proven open source programs with no back doors, and proven encryption methods that are documented. No more NSA back doored ciphers for me.

    Sorry feds, but you can't repeal or outlaw math.

  • "Hey, just look at all those totalitarian governments. How awful!"
    "But their crime rates.... way down. And their opposition political parties... way down."

    "OK, then, let's put in massive backdoor requirements everywhere."

  • PISS. OFF. We'll expose holes in our encryption tech when you do the same in yours when we file FOIA requests and otherwise try to hold you accountable. Fair is fair, amirite?
  • That this, to the five buffoons plus the two buffoonettes.
  • by Rick Schumann ( 4662797 ) on Monday October 12, 2020 @11:38AM (#60599282) Journal
    They can all eat shit and die. Do your gods-be-damned jobs without making it easy for criminals to compromise our communications and transactions. Also get your fucking noses out of OUR business. Just fuck off.
  • Attention enforcement agents, managers, and politicians!

    The reason you have free countries to live in is because government is restricted in the spying on its citizens. This derives from historical examples of kings using the power of government to investigate political enemies to hurt them, as opposed to indifferent and coincidental concern for lawbreaking.

    Hence the 4th and 5th Amendments in the US, among many other things.

    What better way to thwart eternal dictatorship than disallowing such backdoors. Re

  • Access to any back door will be sold to criminals or foreign powers or both. It's inevitable. Anything so valuable will inevitably be sold or acquired through blackmail, or discovered through hacking or social engineering. There is no such thing as creating a back door and confining it to a certain set of people. The fact that they ARE people, and not automatons, makes this impossible.

  • by Z80a ( 971949 )

    But first prove your point by creating an encryption scheme that ONLY THE GOVERNMENT can break and can be ran on mobile chips.

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...