Was the US Telecom Breach Inevitable, Proving Backdoors Can't Be Secure? (theintercept.com) 76
America's 1994 "Communications Assistance for Law Enforcement Act" (or CALEA) created the security hole that helped enable a massive telecomm breach. But now America's FBI "is falling back on the same warmed-over, bad advice about encryption that it has trotted out for years," argues the Intercept:
In response to the Salt Typhoon hack, attributed to state-backed hackers from China, the bureau is touting the long-debunked idea that federal agents could access U.S. communications without opening the door to foreign hackers. Critics say the FBI's idea, which it calls "responsibly managed encryption," is nothing more than a rebranding of a government backdoor. "It's not this huge about-face by law enforcement," said Andrew Crocker, the surveillance litigation director at the Electronic Frontier Foundation. "It's just the same, illogical talking points they have had for 30+ years, where they say, 'Encryption is OK, but we need to be able to access communications.' That is a circle that cannot be squared...."
In a blog post last month, encryption expert Susan Landau said CALEA had long been a "national security disaster waiting to happen... If you build a system so that it is easy to break into, people will do so — both the good guys and the bad. That's the inevitable consequence of CALEA, one we warned would come to pass — and it did," she said...
Sean Vitka, the policy director at the progressive group Demand Progress, said the hack has once again provided damning evidence that government backdoors cannot be secured. "If the FBI cannot keep their wiretap system safe, they absolutely cannot keep the skeleton key to all Apple phones safe," Vitka said.
Thanks to Slashdot reader mspohr for sharing the article.
In a blog post last month, encryption expert Susan Landau said CALEA had long been a "national security disaster waiting to happen... If you build a system so that it is easy to break into, people will do so — both the good guys and the bad. That's the inevitable consequence of CALEA, one we warned would come to pass — and it did," she said...
Sean Vitka, the policy director at the progressive group Demand Progress, said the hack has once again provided damning evidence that government backdoors cannot be secured. "If the FBI cannot keep their wiretap system safe, they absolutely cannot keep the skeleton key to all Apple phones safe," Vitka said.
Thanks to Slashdot reader mspohr for sharing the article.
The attitude of the government is a joke. (Score:3, Insightful)
Re: (Score:2, Insightful)
what does it mean to you, 'well meaning'? Government is a system that grows and consumes, it consumes resources and lives and it grows its own power and it doesn't stop. Everything is of no consequence, the system exists for the purpose of existing, it has no other purposes, meanings or meanings, there is no 'well meaning', there is only one purpose - to extend its own power over everyone and everything until there is nothing left. At that point the system must collapse.
Re: (Score:2)
Government is a system that grows and consumes, it consumes resources and lives and it grows its own power and it doesn't stop. Everything is of no consequence, the system exists for the purpose of existing, it has no other purposes, meanings or meanings, there is no 'well meaning', there is only one purpose - to extend its own power over everyone and everything until there is nothing left. At that point the system must collapse.
I disagree with what you said - but if you substitute "economy" for "government" then you and I might share some common ground. BTW, "economy" includes whatever might pass for one in a Libertarian society, should one ever exist. (shudders...)
Re: (Score:3)
Well, if your idea of paradise is increasing poverty and a starving population, Argentina is a role model.
Re: (Score:2)
Funny how that sounds almost exactly like capitalism.
Re: (Score:2)
No, I mean like how it grows and consumes resources and lives and it grows its own power and it doesn't stop. Everything is of no consequence, the system exists for the purpose of profit, it has no other purposes, meaning, heart, soul or conscience, there is no 'well meaning', there is only one purpose - to extend its own power over everyone and everything until there is nothing left. At that point the system must collapse.
I daresay you knew that anyway, though, what with the CEOs and all.
Re: (Score:1)
Capitalism is not a system of governance, it is a system of production and ownership of property, it grows as long as it allows the population to grow (if the population prefers to grow). If the population at some point decides to curb its own growth, the system of ownership and production will shrink as well.
Re:The attitude of the government is a joke. (Score:5, Informative)
Re:The attitude of the government is a joke. (Score:5, Interesting)
You and three friends like to play golf. You select one person to call the golf course each Monday to make reserve a tee time for each Wednesday. You trust this person with this responsibility.
You are also a member of a bowling league. The league has a committee to organize a tournament, selecting which teams play each other, how the winner is selected, and what trophies are awarded. You probably trust the committee.
You have a city counsel that votes on how the utilities are repaired, how the streets are plowed, etc. Do you trust this counsel? What about your State congress? What about the Federal congress?
At what level do you stop trusting a representative group to respect your wishes or to follow the majority of the people that they represent? It's easy to voice your opinion to your golf buddies but harder for most people to let their senators and congress representative know their stance on issues.
How to write to your members of Congress [congress.gov]
Re: (Score:1)
If I have a friend who needs to call the golf course, he also benefits from maintaining this arrangement, no real reason to misrepresent what he does, and those responsibilities can be easily removed should he prove inadequate.
When they have demonstrated on multiple occasions that they cannot bear the consequences of the decisions they make, and make no demonstrable ef
Re: (Score:2)
I trust my golf friends: I have known them for years, we care about each other; the one who makes the booking does not gain an advantage by so doing.
I do not personally know my member of Parliament (I am a Brit) or other government decision makers, they do not care about my individual well being. They have great scope to personally benefit by choosing with who to place government contracts (roads, health, defence, ...) that can yield them benefits (fat brown envelopes, foreign holidays, future consultancies
Re: (Score:2)
How to write to your members of Congress
Every time I have tried to communicate with a person in Congress about an issue that affects me, the response has ALWAYS been a form letter about whatever current thing that congressperson is currently trying to push through. Not once have I ever received a response that indicated that ANYONE had bothered to understand what I was saying.
They are just in it for the power and personal aggrandizement. We are done as a nation.
Re: (Score:2)
Or, more to the point, the government is corrupt. And this is the entity you want to trust with backdoors?
It is worse when the government demands it is solely trustworthy enough for this level of access, with NO accountability or compensation when it goes horribly wrong.
Before you go asking for that authority, explain how you will account for it.
Yes. And there is the bad insider problem. it is guaranteed that whatever organization you have, there will be a faithless insider. Once that happens, those secrets are out forever and cannot be retrieved.
Even good guys can make mistakes.
https://i.dailymail.co.uk/1s/2... [dailymail.co.uk]
Re:The attitude of the government is a joke. (Score:5, Insightful)
Who signed off on the forensic audit of this backdoor vulnerability?
It SHOULD be made a charge with formidable penalties both criminal and civil for government personnel to negligently sign off on an audit result that should apply excepting for a one-off incident where it can be proven the signer examined it with thorough due dilligence and had not overlooked multiple issues or glaring issues any diligent and qualified reviewer could not reasonably have missed.
Re: (Score:3, Insightful)
Um ...
The password only needs to be stolen one time. Yes, that's what the FBI will mean by excepting a "one-off". Because, they know and they promise, this time, back-door security will be different.
US justice/intelligence agencies can't and won't change.
Re: (Score:2)
That's if you have only one password.
What they *should* have had is many accounts, each with its unique password, easily revokable.
Re: (Score:2)
Re: (Score:3)
Here's the thing:
* In a perfect system, with no security holes. There is also NO recovery. Once that cat is out of the bag, it's out of the bag forever.
* In a perfect system, with no eavesdropping holes, there is guaranteed privacy, including criminal activity, stuff like CSAM and Assault/Assassination.
Ideally, the best way to make sure bad guys don't have the privacy they want to do crimes unfettered, is to not make the eavesdropping point "the network" but rather the traversal point where it's encrypted a
Re:The attitude of the government is a joke. (Score:5, Insightful)
The US Government cannot afford the best IT guys and their archaic purity rules go further to ensure that they only have mediocre talent. I mean the government no ill, but they are basically well meaning idiots.
That is a well worn trope usually followed by an appeal for large scale privatisation citing the supposedly self evident superior competence of private industry and your implication here is obviously that all the 'real talent' works in private industry. However, considering how much of private industry has been thoroughly hacked and pwned by both state and non-state actors alike in the decades I've worked in the IT business it seems to me that private industry is nothing more than a bunch of 'well meaning idiots' either.
Re: (Score:2)
Anyone that thinks the private sector is more efficient should really look around a corporate office some time and notice all the pre-pre-pre meeting-meetings where nothing is decided and half the people weren't even invited to the meeting that they're pre-discussing. Then notice all the reports filled out, filed, and never seen by human eyes again. The micro-managing idiots who somehow find the single least efficient way possible to do something and demand that it's the one true way.
Meanwhile in the execut
Re: (Score:2)
The US Government cannot afford the best IT guys and their archaic purity rules go further to ensure that they only have mediocre talent. I mean the government no ill, but they are basically well meaning idiots.
That is a well worn trope usually followed by an appeal for large scale privatisation citing the supposedly self evident superior competence of private industry and your implication here is obviously that all the 'real talent' works in private industry. However, considering how much of private industry has been thoroughly hacked and pwned by both state and non-state actors alike in the decades I've worked in the IT business it seems to me that private industry is nothing more than a bunch of 'well meaning idiots' either.
The thing is, in the olden days a government job was a job for life. You were looked after, got training, sure the pay was better in the dreaded private sector but in exchange you were given better conditions and a less stressful job. A lot of people who had talent but not the drive or patience for corporate callisthenics would seek government roles because they just wanted to do a good job for a steady pay cheque, plus the satisfaction that you're helping the country, ergo it's citizens. All those benefits
Re: (Score:2)
The US Government cannot afford the best IT guys and their archaic purity rules go further to ensure that they only have mediocre talent. I mean the government no ill, but they are basically well meaning idiots.
You miss some key points about the Salt Typhoon hack and government cybersecurity. Yes, the government faces challenges recruiting top talent—competitive pay in the private sector is a real hurdle—but labeling them "well-meaning idiots" ignores the complex, systemic issues at play here.
The failure in this case is not a reflection of the entire U.S. government’s cybersecurity posture but rather points to specific legislation (CALEA) and to problems within the FBI's processes. It is not abo
Re: (Score:2)
The FBI director has chosen poorly (Score:1)
Re: (Score:2)
The director has consistency chosen poorly.
The FBI will get blamed if they can't solve a crime. They will not get blamed because someone else used their back-door. The decision (by the director) is an almost forgone conclusion.
Re: The FBI director has chosen poorly (Score:2)
Thatâ(TM)s the catch 22. Thereâ(TM)s history way back, like pre WWII of law enforcement preventing security bugs in phones from being fixed, knowing the criminals used them too. Really, you could have lock down points where messages are unencrypted and re-encrypted in any network, and it is secure, but there is this way messier dynamic of wanting to leave holes in the chicken coop to see what will sneak in.
Re: (Score:2)
Part of the solution is to make it clear that this problem was very much predicted by many and it is very much the FBI's fault that it happened because a child could have forseen the bad outcome.
The FBI manages fine with unsolved crimes. The 10 most wanted is a monument to the fact that not all crimes can be solved in a day.
There's a key for every lock (Score:5, Insightful)
If you mandate the same lock be installed everywhere, eventually somebody will copy that key and have the same access you do.
Anybody in IT or with a lick of common sense could have told them this. Many actually did. Nobody listens.
Re:There's a key for every lock (Score:4, Informative)
If you mandate the same lock be installed everywhere, eventually somebody will copy that key and have the same access you do.
They could have deployed each lock with a different key and used public-key crypto both for negotiating authorization for backdoor operations, And for providing decryption keys for the response to backdoor requests.
For example: If each payload is encrypted with a different symmetric key, and that symkey is written to a separate medium encrypted to an authorized public key.
And the public keys used to authorize commands have to be signed by a tightly-controlled Offline certificate authority.
So far we are able to prevent the bad guys from launching our nukes Or digitally signing a fake *.google.com certificate. If private industry can safeguard root keys, and operate secure certificate authorities, Then the government certainly could: they just do not want to.
Re: (Score:1)
Lotus Notes had a backdoor something like 24 bits of every 64 bit symmetric key used for encryption was encrypted using the NSA's public key. So the NSA only needed to crack 40 bit crypto while everyone else had to crack 64 bits. Do note that this method meant the NSA still needed to crack 40 bits. Back then it would have required significant hardware to crack 40 bits in a timely manner.
Others could copy the public key but that doesn't give them access unless they can crack public key crypto, in which case
Re:There's a key for every lock (Score:4, Informative)
The bad guys can't launch our nukes, because the systems to initiate launch are analog. There are no digital or automatic fallbacks for launching them. No alternatives or bypasses. Which is why it's always such a dumb and ridiculous concept when movies/TV have hackers or AI launch American nukes. It's literally not possible. There is no combination of hacks you can possibly make that would ever work. It wouldn't even matter if China played some sort of long con to get some microchip they've compromised into the nuke or it's systems - it still wouldn't be able to do anything relevant. The President can't just press a single button and off they go.
Re: (Score:2)
Wow, a grade A retard right here.
Re: (Score:2)
Very much this. The "football" is not a remote control. It is a series of challenge-response pairs designed to authenticate a voice order to launch. In the end, at each silo it comes down to two people agreeing that a launch order is authentic and lawful acting together to launch the nuke.
Re: (Score:2)
Doesn't matter what you do, if the entire FBI has access to the backdoor, there are too many people involved and the access will not be kept in house.
Re: (Score:2)
Also there will be "un-authorized" copies everywhere just in case they want to avoid going through channels where there might be oversight.
Re: (Score:2)
And then, that secret key is leaked, just like when the NSA lost their mittens and a treasure trove of exploits went up for auction on the dark web a few years ago.
Re: (Score:2)
And then, that secret key is leaked
It doesn't have to be leakable. Check a look at all the DNSSEC Key signing ceremony scripts [icann.org]. It is very possible to safeguard crypto keys through offline exhaustive processes. The simple fact is that sometimes Government agencies are lazy and decline to implement the proper controls.
If the key is generated and only accessible to an offline HSM, then it's tied to that hardware and physically Can't be leaked without physically stealing both the HSM and the operators'
Re: (Score:2)
Your scenario works just fine when there's ONE person with access.
Now explain how you're going to deploy this system across an entire nation's worth of devices and have it accessible to millions of valid searches (we are trying to ignore the illegal ones that happen, right?).
Whatever mechanism is deployed has to work for any 'authorized' agent who may need it, which means about a third of the FBI's 40k employees.
Re: (Score:2)
Now explain how you're going to deploy this system across an entire nation's worth of devices
Again an entire nation's worth of devices already trust the Mozilla root CAs. It is nothing more than a fear similar as to that.
and have it accessible to millions of valid searches Whatever mechanism is deployed has to work for any 'authorized' agent who may need it
You have a team who meets once every Monday and every Thursday to generate and sign a new operating keypair+certificate from the root key which is
Re: (Score:2)
Too expensive, it'll never happen. Maybe it should, but it won't. Your suggestion is wildly impractical. There is a lot of real world trust (not electronic trust) in the current systems, mainly the trust that only authorized personnel will access search functions on approved terminals.
It's been a while since I worked with the systems (upwards of a decade now, I think), but I have next to no hacking skills and could compromise your average police terminal's federal lookup function in a day to piggyback my
Re: (Score:2)
The root CAs Authenticate, they do not provide secret keys to others to use, they keep them to themselves. Notably, CAs HAVE been compromised before and a number of keys had to be re-signed as a result.
All of that data has top reside somewhere and that somewhere has to have the secret keys in order to perform the search. Guess where the secret key gets stolen from once some agency or another gets sloppy?
Re: (Score:2)
The root CAs Authenticate, they do not provide secret keys to others to use, they keep them to themselves.
Yes. However the lawful intercept protocol would be an authentication operation. To cause the equipment to create an intercept and start sending you data: you need to create a connection to the telecom gear in order to send the administrative command.
The security protecting this can be a TLS tunnel, And your client required to possess a short-lived X509 client certificate signed by the CA in orde
Re: (Score:2)
These are CAs who failed to use appropriate security procedures
And so we're back to the NSA losing it's mittens and doing a few billion in damage worldwide. Only we also depend on every under-trained deputy in every Podunk town not losing their mittens.
Perhaps we should just secure the telecomms infrastructure and let law enforcement burn shoe leather instead of investigating from their desk. That way we don't have to depend on people with a history of screwing up to not screw up. Remember, they assured us that the current system would never be breached.
Re: (Score:2)
Only we also depend on every under-trained deputy in every Podunk town not losing their mittens.
This is a bad design if every deputy is empowered to instantly create a communications tap. The law says a warrant with a judge's signature is still required for an intercept or wiretap.
Whatever protocol the providers are offering to law enforcement should definitely involve manually verifying that there is in fact a legitimate warrant, And that all the communications intercepted are pursuant to the specific
Re: (Score:2)
And who will verify that the judge didn't just rubber stamp a stack of requests? And that the "facts" presented to the judge bear any resemblance to reality?
For that matter, who will be verifying that the request is actually coming from the identified LEO and that the warrant and it's signature are not forged?
What is it? (Score:2)
We can imagine ways this could have been done somewhat securely and many disastrous ways it was probably done.
Without knowing what the thing was it's hard to know if it was bound to fail, or if say a double agent stole the highest-order keys.
Difficult to lock down humans (Score:5, Insightful)
We can imagine ways this could have been done somewhat securely and many disastrous ways it was probably done.
Without knowing what the thing was it's hard to know if it was bound to fail, or if say a double agent stole the highest-order keys.
Very difficult to lock down the human element.
Offering an employee $100,000 for their key is difficult to detect and track. Even a multiple key system (multiple employees) would fall to this type of exploit.
A strong logging system might help (ie - always log who is using the feature, and verification with an associated court order ID), but sysadmins can still wipe logs, hand-edit log files, and so on.
Maybe we should start with an open source signed logging system. Something block-chained, so that no individual log could be altered without breaking the entire chain. If there were a comprehensive open-source implementation of such as logging system, it would find use in all sorts of applications. (Voting comes to mind, as well as court paper filings, legislation edits, and so on.)
Re: (Score:3)
Offering an employee $100,000 for their key is difficult to detect and track.
A starting point would be to Not have keys most employees have access to worth 100k in the first place.
One obvious way would be to have a two or three-person rule. No one employee has access to the keys for the system. Should you need to operate the system, then you need to prepare a request for that system, and the system will Not accept it until 3 employees sign the request within a short period of time. At which t
Re: (Score:2)
Maybe we should start with an open source signed logging system.
LOL. 'They' want unfettered and unmonitored access to all communications. They want to control everything and choose winners and losers. They will destroy America.
An open sourced signed logging system goes against EXACTLY what they want, so it will never happen.
Re: (Score:2)
Is there even any single it? I don't see any government mandated access protocol.
A contradiction in terms (Score:5, Insightful)
A secure backdoor is like a healthy disease, or a perfect defect. A backdoor is malware per se, so any system with a backdoor must be considered pwn3d.
Re:Deaf ears coming (Score:5, Insightful)
I would indeed expect criminals to want to eliminate tools that could expose them. However, these ones are beyond most consequences and have use for these tools to control those beneath them.
I wouldn't hold my breath waiting for Trump to save you from government surveillance.q
Re: (Score:2, Insightful)
The "next FBI director" literally wrote a book on how he plans to use the FBI as as weapon for revenge, going after those he thinks have wronged him. Using J. Edgar Hoover as a model, he will most likely exploit and expand every surveillance tool he can find in order to increase his personal power.
Even in the short time since his nomination was announced, he has threatened to use the legal system to go after his opponents: https://www.yahoo.com/news/kas... [yahoo.com].
You faith in Trump's collection of billionaires and
Go ahead and put in back doors (Score:1)
I mean, if the US was serious about security, we wouldn't be electing a guy storing OPLAN info in unlocked bathrooms that has spies in and out of his cheap golf resort home on a daily basis and gives them pardons when they get prosecuted.
Obviously (Score:5, Informative)
Enough actual experts have thought and written about this. For decades. There really is no reason for doubt anymore. Backdoors cannot be reliably secured for the foreseeable future, period. And attackers will find any existing backdoor a big help for their efforts.
This may eventually change. Maybe next century. Maybe later. Maybe never.
Re: (Score:2)
And attackers will find any existing backdoor a big help for their efforts.
This may eventually change. Maybe next century. Maybe later. Maybe never.
If enough experts have written on this AND attackers will find any existing back door a big help, how long do you think it will take for Americans to understand the US Government enjoys their role as an attacker more than the big-help problem? Maybe next century? Maybe later?
I’m gonna go with never. Because we’re still asking questions like this. Decades later.
Re: (Score:2)
Unless something fundamental changes about the average mental capability of humans, I agree that "never" is the likely answer. People are generally not mentally capable, and General Intelligence (or common sense) is a rare thing among humans. Hence the assholes behind this will use their emotional desires (here: monitor and control others) and then hallucinate how the world works so that they can get that desire fulfilled. And the general public will not even remotely understand what is going on, as usual.
Re: (Score:2)
This installment of the human race has no use for actually smart people that can see how things work.
I suspect you and I are about the same age, so you're right. We're anachronisms simply because we look for - and actually see - the wireworks and the man behind the curtain. At best, the pointed things we say make mindless people uncomfortable - but they're not quite smart enough to get that the discomfort is a sign that they need to dig further. At worst, they make mindless people angry and dangerous.
But if we were younger, we'd be biding our time to help with the reboot after modern civilization ends up i
Re: (Score:2)
This installment of the human race has no use for actually smart people that can see how things work.
I suspect you and I are about the same age, so you're right. We're anachronisms simply because we look for - and actually see - the wireworks and the man behind the curtain. At best, the pointed things we say make mindless people uncomfortable - but they're not quite smart enough to get that the discomfort is a sign that they need to dig further. At worst, they make mindless people angry and dangerous.
Sad but true.
Time to end the backdoor BS... (Score:4, Insightful)
If the only way to catch the bad guys (no matter how bad they are) is to weaken security for everyone then I say let the bad guys go uncaught.
yes (Score:2)
Betteridge just got bent over. (Score:2)
A headline where the answer is a resounding, loud, angry, "YES!" Will wonders never cease?