FBI: Just Don't Call Them Backdoors (networkworld.com) 347
sandbagger writes: The FBI still wants backdoors into encrypted communications, it just doesn't want to call them backdoors, and it doesn't want to dictate what they should look like. Tech companies [says FBI Director James Comey] 'need' to change their business models – by selling only communications gear that enables law enforcement to access communications in unencrypted form, he says, rather than products that only the parties participating in the communication can decrypt. He also says tech companies should just accept that they would be selling less secure products.
Dear Mr FBI (Score:5, Insightful)
Re:Dear Mr FBI (Score:5, Interesting)
^This
I'd like a "rear entry portal" into the Capitol Building, just so I can know how they operate behind closed doors. It should be legal because (a) my tax dollars pay their salary and (b) they're suppossedly not committing any crimes!
This is all of course in line with the FBI's thought process.
Re: (Score:3)
Re:Dear Mr FBI (Score:5, Insightful)
Re:Dear Mr FBI (Score:4, Funny)
Once the capability is there, the corporate lawyers will simply have us agree in the "end user license" (that we negotiate with them by clicking "I agree") that Google et al. can read and sell ALL our communications regardless of any court order.
Google doesn't sell user communications, to the government or to anyone else, and Google doesn't provide any data to government that it's not legally compelled to provide.
(Disclaimer: I work for Google, but I don't speak for Google.)
Re: (Score:3, Informative)
Google is an advertising company. Add companies are their customers, and the people using their software are the product to be sold. The purpose of a corporation is to make money, selling our communications makes them money.
Google does make money from advertising. It does not sell your communications. To the degree it makes money from your communications, it does that by scanning your communications to decide what ads would most likely be of interest to you, and then showing you those ads.
Re:Dear Mr FBI (Score:5, Insightful)
Cops regularly brandish weapons without cause which is illegal, point them at people without cause which is assault and illegal, kill people without cause which is murder... In fact, here's a damned great statistic: in 2008, there were about 765,000 "sworn personnel", meaning cops with arrest powers. Today, over eleven million US citizens have a permit to carry a concealed weapon. Even if only ten percent of them make use of it, there are still hundreds of thousands more "ordinary" citizens carrying weapons than cops. In spite of this, cops will wrongfully kill more people even than deliberate mass shooters this year. They are killing people who are proven by the evidence to not have a weapon, they are turning off their body cameras before they kill people, they are killing people who they have incarcerated and they are killing people on their way to incarceration.
Everywhere you look, the people who are supposed to protect us and keep us from corruption are more dangerous and corrupt than we are.
Re: (Score:3, Interesting)
You can add pretty much the entirety of eligible Mainers to that list. You no longer need a permit to conceal carry in Maine provided it is lawful for you to own a firearm. Yup... You may still want a permit if you travel (I do and have mine) because this doesn't extend to other states as of yet. Strangely enough, we don't have a whole bunch of crime, firearm violence, or any need to keep track of who has what in their waistband.
No, no don't move there. It's terrible and the people are mean. It's cold and n
Re: (Score:3)
Oh no, it's a horrible place with mean people! The winters are deadly and the summers are even worse! The tourists will kill you, the animals are deadly, the people are all armed and dangerous. You don't even want to *visit* Maine. Just come drop your vacation money off at the border.
Re: (Score:3)
A combination of both, depending on where you are and if using a loose definition of English.
Re: (Score:3)
You are probably explaining it to someone who lacks the initiative or, perhaps, capacity to understand the intricacies beyond the idea that they're afraid and want others to give up their liberties to help lessen that fear. They're gripped with fear and their method of "flight" means taking the objects away that bad people use to cause harm.
Many of us elect to open-carry. More than once, without intending to, I've gone into my credit union while open carrying. Once, and only once, a group of us went into th
Re: (Score:2)
Ya know... I haven't written any software since the early 2000s. I've hacked some and maybe written a small script or two as needed. I might have poked a few buttons to learn a little as time has passed. But, no, realistically, I'll need to relearn a lot... That's okay.
Maybe it's time to start writing software again? Maybe it's time to just write and host my own software that does exactly what I want it to do, irrespective of the legality, and just accept the consequences? What? They're going to yell at me
Re:Dear Mr FBI (Score:4, Interesting)
Then you get labeled as a pedo, or more likely a terrorist -- and then it doesn't really matter if they convict you of anything, your life is over.
Re:Dear Mr FBI (Score:5, Insightful)
I'm in a unique position where I can say, "Fuck you." I'm unfamiliar with your username so I imagine you may be unfamiliar with my posts and my history. I'm financially able to say, "Fuck you." I'm also able to move to another country, if need be, but I'd really hate to do so. I am, after all, a patriot at heart. It's my patriotic duty to circumvent any attempts they make at weakening encryption. It's my patriotic duty to assist others in encrypting their communication.
Our country was founded by a bunch of terrorists who hid behind anonymity until they'd gained enough popularity and wealth to be able to risk speaking freely. Whilst I'm not a violent person by nature, I am still a fan of allowed anonymous speech. I, for one, am tired of my government trying to keep me safe. I, for one, accept the risks that bad things might happen. Risks are proportionate to gain, often enough. The more liberties you have the more risks it entails. So be it.
Re: (Score:3)
I already donate a significant sum to the EFF on a fairly regular basis. Usually once a year I make a larger donation and then I make a few smaller donations as they pop up in conversations and I am reminded to donate. My most recent donation was 48 BTC when they were worth some ~600 each. It was easier to donate them than to figure out the taxes on them. I did not write off said donation.
First Build Safeguards into the FBI (Score:5, Insightful)
If you want us to trust our intelligence communities with decryption capabilities in case we happen to be criminals, then we need the FBI to put MUCH better accountability in place to ensure that THEY are not doing anything criminal. BEGINNING with a reliable and INDEPENDENT commission that can be approached by whistleblowers without fear of reprisal and that has the independent power to declassify anything they believe is government action in violation of Federal Law.
Because they do things that are criminal. Like, for example, mass surveillance, parallel construction, and to some extent the entrapment they use as effectively a primary tool for big investigations.
Right now we don't have the accountability to ensure that our government isn't acting criminally. We just fucking don't. They are mostly a black box saying that nobody else should be a black box.
Re: (Score:2)
Re:First Build Safeguards into the FBI (Score:5, Interesting)
You mean like putting the split in between the NSA and FBI? The one Bush removed?*
Removing that split allowed the "Parallel Construction" path, with NSA handing evidence it obtained illegally (or perhaps faked) while getting the DEA & FBI to cover up the true evidence trail from the courts.
And it also allowed FBI to turn NSLs into mass surveillance devices. FBI turns up with an NSL, insists on putting in a box on the network to only capture 'meta data', the box is run by the NSA, slurps down all the passwords SSL keys and data. NSA hands back to FBI only the meta data it can legally have. Or like they did with Lavabit, demand Lavabit provide the SSL keys so they could decrypt all traffic perhaps? Again only to collect metadata.. honest.... except is the NSA that taps all the networks, so the NSA would get all the keys and all the data.
The problem here is the FBI which would be required to keep the NSA in check on behalf of Congress and the Judicial branch, has instead become a co-conspirator in many of the NSAs illegal schemes. When NSA pisses all over the constitution who exactly is supposed to march in and raid them? The boy scouts?
*Bush's company Arbusto Energy was rescued by Saudi Binladin Group. (Yes that Bin Laden). So of course he wouldn't do his job and let FBI and NSA co-operate on stopping 9/11. Of course he refused to act when CIA demanded an emergency meeting, they shouldn't have named their memo "Bin Laden determined to attack the US", as soon as he saw Bin Laden, I bet the memo went in the bin.
Re: (Score:3)
Re: (Score:2)
Well, not just that, but then continuing to fuck with (and over) the countries of those radicals we trained and supplied. Even (especially?) radicals know all about patriotism, and when your organization begins to crumble and implode from irrelevance, well what are you going to do to stay relevant and inspire new members to join? (and many other to donate - the number one priority of well-organized terrorist organizations is fundraising) You go poke the biggest, ugliest bear you can find - someone who's al
Re: (Score:3)
You mean like putting the split in between the NSA and FBI? The one Bush removed? Removing that split allowed the "Parallel Construction" path
Supposedly, a DEA official told Reuters: "Parallel construction is a law enforcement technique we use every day. It's decades old, a bedrock concept."
Fruit of the poison tree (Score:2)
That aside (Score:2)
How do you prevent criminals et al from using it? The problem with back doors is there really isn't any way I know of to make them secure. You can't make encryption where you don't need the key to decrypt it, yet it still is secure. The back door can be obfuscated or the like, but if someone finds it then it is game over.
So even if we decide we trust the government and they have good oversight and all that, it is still leaving things open to other parties. Good encryption keeps everyone else out, that is ju
Re:That aside (Score:5, Informative)
All you need is to look at what happened with those TSA master keys for your luggage.
Not going to post the link again because I've already done so twice in the last few days and I'm not looking to be a karma whore, but just search for something along the lines of "TSA Keys Schneier Security" and you'll find the story quickly enough.
Re: (Score:3)
Well, it is possible, but it requires making it hard enough to use that the government won't want to bother with it. For example, the company could place a private key in an escrow service offshore, destroy their only copy, and provide the public key to every device. The device could then encrypt a copy of its private key using the company's public key, which the company could print out on paper and store in boxes organized by date. If the government wante
Re: (Score:3)
The problem will always be foreign governments. I don't want the FBI to be able to decrypt my communications under any circumstances, and they have no legal jurisdiction over me as I'm not a US citizen. Worse still, US constitutional protections don't apply to me so they don't even have to pretend to have permission.
Anything with an FBI backdoor is automatically banned for me.
Re: (Score:2)
FBI is domestic so you wouldn't be worrying about them unless you are in the US or in communication with someone or something that is.
What you need to be concerned with is the CIA and the NSA unless you are in a terrorist hotspot which you can add sigtel opperations by various military organizations including those of other countries too.
Re:First Build Safeguards into the FBI (Score:5, Insightful)
> If you want us to trust our intelligence communities with decryption capabilities in case we happen to be criminals, then we need
It's not decryption they want, it's a backdoor. If there's a back door, it was never really encrypted to begin with.
And what we need is encryption that works and is implemented properly- with no back doors. The idea that the government has the right to spy on each and every thing that is said at any time, at any place, and push it through whatever the latest grep / pattern analysis / AI farm- is ludicrous. It's simply ludicrous.
Encryption- not back doored encryption where you are trusted with a slave key and a bunch of people in the shadows have a master key- is the only answer.
Re: (Score:2)
> then we need the FBI to put MUCH better accountability in place to ensure that THEY are not doing anything criminal.
The FBI has demonstrated that they can, and will, use their privileged access to monitoring to abuse and harass innocent people, and to perform criminal behavior to go after the "big fish" or the "kingpins". They've also demonstrated fundamental incompetence in handling chronic, lower level crime such as identity theft, "copyright violation", inter-state stalking of minors and domestic ab
Re:First Build Safeguards into the FBI (Score:5, Insightful)
All we have to do is put the right people into office.
No way. That doesn't even work with HOAs, which are democracy on the smallest scale imaginable. I have never met anyone that likes their HOA, or feels they represent their interests. So how can it possibly work with a national government of 330 million people? The solution is not "the right people", because that will never happen, but the right systems, including checks and balances, and an adversarial relationship between bureaucrats and their legislative overseers. The first sign that we are on the right path, will be when we start treating whistleblowers as heroes rather than traitors.
Re: (Score:2)
the problem is a HOA very quickly goes National Socialist
Grass must be green and no longer than 1.752 inches at all times
All Houses must use paints from this list of suppliers (purchase list for 19.95 from Betty)
ect
Re: HOAs (was Re:First Build Safeguards into the F (Score:4, Insightful)
Nonsense.
Living in the right neighborhood with a sufficiently high "buy in" prevents "neighbors from hell". Even with the "wrong kind of people", such neighbors are limited not so much by HOAs but pretty mundane zoning laws.
The old-biddie gestapo is simply unnecessary.
All an HOA does is prevent you from using your own property how you see fit. It makes your property part of the collective and the collective is clueless. Ugly paint still goes up and other measures that could improve curb appeal are banned.
The rules that could be useful aren't ever actually enforced.
Re: (Score:2)
Not the AC, but I've got to say that while there are a couple of your points I agree with (you want me to turn my beautiful healthy lawn into a short-cropped wasteland because you have no idea what healthy grass looks like? F that.), Do you really not see why people would object to their neighbor turning their property into an eyesore? I have to look at that pink shit every day, and it lowers my property value by association. I agree that any reasonable person should be able to work on their own car at h
Re: (Score:3)
I remember clearly that they did. It wasn't their biggest argument, and it was their first argument (rather it came about when it became clear that the people at large weren't buying into Colin Powell's magic show at the UN), but it was pushed nonetheless.
Re: (Score:2)
Their argument was never that Iraq was behind 9/11, it was always that the devastation of 9/11 proves we cannot wait until after an attack and treat it like a law enforcement measure because the risk to innocent human life was now too large. And because of Iraq's connection to terrorist groups including al qeada and their resistance to verification of WMDS as outlined in the armistice, we couldn't wait for something to happen before acting against them or terrorist groups.
The connection between Iraq and 9
Re: (Score:3)
They also claimed that Iraq had strong Al Queda ties. According to the US House of Representatives, they lied repeatedly about it.
http://web.archive.org/web/200... [archive.org]
The idea that Sadam Hussein was tied to 9/11 was a popular and understandable one in the shock after 9/11 given the broad policy of lies. Unfortunately, it had no validity. Sadam and his regime knew much, much better than to allow a fundamentalist, radical Muslim group access to any weapons or sign
Re: First Build Safeguards into the FBI (Score:5, Insightful)
Their argument was never that Iraq was behind 9/11, it was always that the devastation of 9/11 proves we cannot wait until after an attack and treat it like a law enforcement measure because the risk to innocent human life was now too large.
As quoted from here [csmonitor.com]:
"In his prime-time press conference last week, which focused almost solely on Iraq, President Bush mentioned Sept. 11 eight times. He referred to Saddam Hussein many more times than that, often in the same breath with Sept. 11."
"Bush never pinned blame for the attacks directly on the Iraqi president. Still, the overall effect was to reinforce an impression that persists among much of the American public: that the Iraqi dictator did play a direct role in the attacks. A New York Times/CBS poll this week shows that 45 percent of Americans believe Mr. Hussein was "personally involved" in Sept. 11, about the same figure as a month ago."
"Sources knowledgeable about US intelligence say there is no evidence that Hussein played a role in the Sept. 11 attacks, nor that he has been or is currently aiding Al Qaeda. Yet the White House appears to be encouraging this false impression, as it seeks to maintain American support for a possible war against Iraq and demonstrate seriousness of purpose to Hussein's regime."
If we are to accept your reasoning, then we have to admit that the Bush Administration was inept, at the very least. But, in reality, it wasn't the president alone who made these repeated references, it was the entire administration. Then we have that ugly Powell appearance with the vial full of white powder not to mention that wonderful "artist's rendition" of the terrorist headquarters known as Tora Bora - which never existed.
When taken as a whole, we find that no other answer can be arrived at other than this was a deliberate, false dialog meant to confuse the American people and did so successfully.
The problem is what we are seeing is a need to create a false narrative which proves those who originally created these lies know that they have been pegged as liars. Does it bother you that you are one of those people spreading a false narrative designed to cover the deceit which caused tens of thousands of Iraqis to be killed with a likely hundred thousand or so maimed? Can't you understand that it was those actions which you are trying to hide that led to us having to deal with ISIS?
Either way, what you need to know is that you are the problem, not part of the solution.
Re: First Build Safeguards into the FBI (Score:5, Insightful)
The Bush Administration never said Iraq had anything to do with 9/11. That's a false narrative that was pushed by anti-war activists back in 2002.
You mean to tell me that more than two out of three Americans who believed that Saddam was behind 9/11 [usatoday.com] did so because anti-war activists back in 2002. pushed that line? That lie was still poisoning the discourse of one out of three American voters in 2007 [prwatch.org]. Apparently, the drive by, liberal, mass media was involved on pushing this lie [csmonitor.com] too. This lie was foisted upon the world by the Bush Administration. What bothers me most is that you (or the people who told you the lie you're repeating) know that this was not only a despicable lie but one that they felt needed to be countered or the lie you are regurgitating never would have seen the light of day.
Re: (Score:2)
In the real world, you sometimes have to give things you don't want to give so that others might be inclined to return the favour.
Re:Dear Mr FBI (Score:5, Insightful)
The FBI recently admitted to using 0-day exploits. By definition, this means they do not alert vendors to the the exploits so that they can be fixed. It's not clear to me how this can be viewed as anything but acting like the bad guy. Law enforcement's role is to uphold law, not to catch criminals by any means.
Re: (Score:2)
All Ted's manifestos and lunatic ravings would fit on a modern cell phone, with gigabytes to spare for his pr0n collection.
Which would give him something to do and keep him warm during those long, cold winters.
Re: (Score:2)
If the government wants to end encryption they will need to revoke the first and fourth amendments by voting to amend the constitution, and then ratify the amendments in all 50 states. (To which efforts I say good luck, you'll need it.)
It's actually 3/4 of the states (38 of 50).
"Getting in the way of our work" (Score:5, Insightful)
So does the Fifth Amendment. What's your point? Gonna put a back door in that too? (Posting AC so the FBI trash men don't come get me.)
Moot Point Now (Score:5, Funny)
Groups like ISIS are now using their own encryption apps so there is nothing that can be done by any US tech companies prevent that. What would the point of making everything less secure be.
Re: (Score:3, Insightful)
Because it isn't about terrorism, it's about control.
Re: (Score:3)
What would the point of making everything less secure be.
The FBI has obviously been compromised by traitors and foreign double-agents.
Their true purpose is to sabotage US technology companies in favor of foreign technology companies.
Re: (Score:2)
Back a few decades ago, the MP3 file format was created, documented, and some apps became available.
Enter the Music industry, on full tilt attack mode They're still at it. The salient point that they have missed is that it is not the pirates, the sellers, the site operators that made the difference. The fundamental change was the mere existance of a portable, easily exchanged format. What has transpired since then, and what is still transpiring is due to the simple fact that file copying and exchange w
Re: (Score:2, Insightful)
Indeed. With ISIS in the picture, we're now allies with Al Quaida in many places. I guess we're building them up for the next thing after ISIS.
Like Microsoft Skype and Hotmail? (Score:5, Informative)
They want to expand PRISM, remember PRISM?
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
The documents show that:
Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.
----------------------
So all the private communications you have well the US grabbed them stuck them in giant databases to be datamined at the whim of the military complex without judicial process.
And all the companies involved knew it, and helped. Microsoft even helping remove the encryption on future version so the NSA could slurp down their data more easily.
So when you want to use Cloud Office Services, remember that your companies documents are directly available within any judicial process to the spys for the military industrial complex.
Re:Like Microsoft Skype and Hotmail? (Score:4, Informative)
In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
FWIW, David Drummond, chief legal counsel for Google, denied [theguardian.com] that Google has ever given access, direct or indirect, to the NSA. Snowden's documents made clear that the NSA was tapping communications links between Google data centers, which may have been the basis for the "direct access" claim. Google quickly moved to encrypt all of those communications links, though, so if that was the "direct access", it's been shut off.
Somebody needs to (Score:5, Funny)
hit this guy with a clue stick. Asshole.
Nope... (Score:5, Insightful)
There is no way to guarantee nobody but the FBI can access these "back doors", or to guarantee that the FBI will do the right thing.
The business model of the FBI needs to change.
Re:Nope... (Score:5, Interesting)
It provides great opportunity for foreign companies to produce similar products, but better and cheaper as they don't have to add this insecurity.
Thanks to the FBI, Chinese-built software may very well become the more secure choice over US-built software.
And that's before the keys to the FBI-mandated back doors are leaked or cracked or whatever making them available to the world at large...
key escrow (Score:5, Informative)
Maybe we could call this new scheme "key escrow". That way we can run our side of the debate just by recycling posts from ~20 years ago.
Re: (Score:2)
Call it what it is- you get a slave key, the government gets a master key.
Re: (Score:2)
So Comcast is now a government agency? (Score:5, Funny)
Comcast:
It's not a "cap", it's a "usage plan"
If Comcast were a Swiss insurance agency:
Don't think of it as "exclusive", think of it as a "custom experience".
If Comcast was the FBI:
It's not a backdoor, it's [redacted].
Re: (Score:2)
Might as well call it a "smurf".
some other suggestions (Score:5, Funny)
So, the FBI doesn't want to call these things "backdoors". OK, let's come up with some alternatives:
The FBI wants to install security barndoors in your software.
The FBI wants to create festering security wounds in your software.
The FBI wants to buttf*ck your software.
Which of those other euphemisms would you prefer, Mr. Comey?
Re: (Score:2)
This is a government policy, remember. From the organisation that brought you the "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act."
I suggest "Secure Homeland Intel Transferal holes."
Or possibly "Freedom holes."
Re: (Score:2)
Re: (Score:2)
no mad max (Score:2)
typewriters are still made and sold; ribbons are made and still sold
Re: (Score:2)
that works on the plastic kind that get cut and stuck to paper, but use the old-school inked cloth ribbon, get it re-inked regularly (or do it yourself) and you're golden
Re: (Score:2)
also copy machines and printing presses. reference prints of every machine were organized and kept on file to identity any printed matter.
Re: (Score:3)
Color copiers and laser printers embed a steganographic code into every printed page too - if you know how to read the pattern of very pale yellow dots, you can determine the printer's serial number. It's an anti-counterfeiting measure. Inkjets usually don't do it because no-one is going to mistake inkjet-printed currency for the real thing.
Great news for free software and work locations (Score:5, Interesting)
Remember how, back in the days, we used to download PGP from Finland because of US export restrictions? These days are coming again, with resulting renewed public interest in free software and sideloading apps outside the walled garden. As well, it's a chance for a developing country to establish an alternative Silicon Valley exporting truly secure software, even PC and mobile operating systems, worldwide. Hopefully I can move there and live like a king.
Re: (Score:2)
Nowadays people are turning to apps like Signal [whispersystems.org] and RetroShare. Another interesting option is Ostel. [ostel.co] For browsing and other PC apps, running Tor on Whonix fits the bill.
Cliched, but fitting (Score:2)
A lot of people rush to Orwell references, but this seems like a genuine attempt at Newspeak [wikipedia.org] to me.
FTFY (Score:2)
FTFY
Re:FTFY (Score:4, Insightful)
by selling only communications gear that enables law enforcement , foreign governments and criminals who have a linchpin's dirty little secret to access communications in unencrypted form,
FTFY
The ridiculousness is appaling (Score:5, Insightful)
It's come to this now? The US agencies don't even pretend to respect the rights to privacy and freedom of expression. They are now openly asking for Orwelian features in products produced by private companies?
Are American citizens so lost that they do not see how ridiculous that sounds ? They might as well just as every citizen to spend a mandatory year in prison ...just in case they get incarcerated later in life.
Re:The ridiculousness is appaling (Score:5, Informative)
Are American citizens so lost that they do not see how ridiculous that sounds ?
24x7 media propaganda works. People are scared out their minds.
Re: (Score:3)
It's come to this now?
"Now"?
The agencies persistently pester for it. They were asking for it [wikipedia.org] twenty years ago; they'll still be asking in another twenty years.
The FBI has not thought it out (Score:3)
So considering that that the us government uses nowadays mammy commercial products of the shelf itself;
Considering that other governments control access to potentially as big or bigger markets than the US one ->
Are they happy with the Chinese/Russians also reading the communications of the US government?
And they are using commercial regular stuff. By design (to save money and make certain projects even feasible) or mistake (do I need to say Clinton ' email).
Also consider that practically all the hardware for these new communications is produced outside the states. Where other governments can insist on back doors (when it quacks ... call it by it's proper name).
E.g. the German privacy watchdog has currently issued a ruling that Google Mail is a communication service and needs to provide "an automatic interface for lawful interception". If the courts let that stand (something quite realistic) and Google not being able to prove to legal standards if an account is "German", that might mean that they'll need to allow to intercept traffic on all accounts.
Great that the FBI gives governments the inspiration to what they should require from companies (including US ones).
What Terminology Would You Prefer (Score:2)
Re: (Score:2)
Just click and install Enigmail. It's not PGP but it is GPG and I don't recall needing the government's permission to make use of it. They do (if they want) have my public key files available but that's not a problem - they're the public keys and they're allowed to have them. I can, if I want, opt to transfer the key to someone via any number of different routes and not have a public key store.
But no, not all traffic needs to be encrypted (for starters) and no government cared one iota that I opted to use e
Just call it what it is. (Score:2)
Just call a hammer a hammer and a backdoor a backdoor.
Today I'd worry more about shortcomings in security on Chinese-made devices, but with the FBI involved it's going to be additional holes.
Meanwhile the terrorists just go on with their own ways of information exchange. It's also a huge information flood to sift through making it hard for authorities to ever figure out if something is serious or not. Even if they know they may not take action to avoid revealing their sources. Like the shootings in Paris -
American companies (Score:4, Insightful)
He also says tech companies should just accept that they would be selling less secure products.
LMFTFY
He also says American tech companies should just accept that they would be selling less desirable products than their non-American competitors.
Re: (Score:3)
He also says tech companies should just accept that they would be selling less secure products.
Federal Agencies should just accept that they are supposed to be bound by the US Constitution.
Re: (Score:2)
Federal Agencies should just accept that they are supposed to be bound by the US Constitution.
Federal Agencies accept that they are supposed to be bound by the US Constitution the same way whores accept they are supposed to decent.
Re: (Score:2)
Yep. First thing I thought when I saw that line. I'm not generally a fan of the degree of influence businesses can impose on the government, but if it takes the united front of everything from Apple down to (relatively tiny) Mozilla to stop this bullshit, I'll take it. The NSA has already cost American corporations significantly, both in lost sales and in needing to defend themselves against their own government (which, in fairness, isn't that different from the defending against foreign governments that th
Re: (Score:2)
Oh, that can be made worse. US companies could be forced to buy those products for security relevant applications, pretty much opening any and all trade secrets to anyone willing to bribe whoever has the key.
a problem is an opportunity (Score:2)
One of the leaders in civil UAV is the DJI, and it is not an US company.
that's ok (Score:3)
We'll just be going back to using strong crypto from outside the USA, like we did for most of Internets history.
This will continue (Score:4, Insightful)
This will continue nearly indefinitely. The game plan would be something like- first pass laws to prevent it from happening in the US, which will include free and open source software, second talk easily persuaded nations into the same thing, third use trade tactics and even threats to push down the "terrorism supporting" nations.
Encryption is speech. Any of these attempts are flatly unconstitutional.
...and guns? (Score:2)
Would they also like to force everyone to buy guns that can only shoot blank ammunition?
I'd like to see that debate.
Don't call them "backdoors" (Score:2)
No problem, folks. We've been calling you "assholes" for a while now already.
Whats the point? (Score:3, Insightful)
Waaaaaaaaaah! (Score:2)
Don't call our "back doors" by the evil name of "back doors"!!
Call them "Butthole Access Portals" or "Freedom Shafts", but not "back doors"!
This is stupid. (Score:4, Insightful)
The real bad guys ALREADY have strong encryption. PGP is free and widespread. Hizbollah operate a fiber network in Lebanon, just to make it hard for Israel to tap their traffic. Cyber criminals and terrorists know how to use strong encryption to protect their traffic.
So all you're doing by putting backdoors in all the products is to allow the bad guys to break into those devices and steal law-abiding citizen's data, while not affecting the ability of the bad guys to communicate securely. The backdoors ENABLE the criminal behaviour while doing NOTHING to help the victims of the bad guys.
When strong encryption is outlawed, only outlaws will have strong encryption.
Re:A rose by any other name... (Score:5, Insightful)
Re: (Score:2)
I prefer a cupola. You can really get a good overall view from a cupola.
Re: (Score:2)
Re: (Score:2)
I'm sure there would be plenty on here volunteering for a bodily inspection by Dana Scully!
Re: (Score:2)
Re: (Score:3)
Pretty much this. If I have to assume that any service I host in the US is backdoored (and frankly, there is no such thing as a "government only" back door. Money will open this backdoor to anyone willing to pay), I cannot host any sensitive information in the US. I cannot use any software from a company based in the US that I cannot audit thoroughly (read: is OSS) for any security related application if I have to pretty much expect that there is a way for anyone able to spend the time or money to gain acce
Re: (Score:2)
Demand? Why bother?
If there is a backdoor, someone has to have the key to it. We're not talking about script kiddies and Anonymous wanting this access. We would have nation states and international corporations wanting this access. It's not Joe Randomhacker in his basement. It's Iran, China, Boeing and various corporations that would try to gain access. They don't hack it. They find someone to drop a few millions on to hand over the key.
You think that would be hard? Finding an underpaid government official
Re: (Score:2)
> It's not Joe Randomhacker in his basement.
Until Joe Randomhacker steals it from poorly secured governmental resources. The same problem is built into the digatal rights management system called "Trusted Computing". The "Trusted Comting" key escrow, which basically puts private keys for software and hardware based encryption and access control in an screw repository held by Microsoft. The system has somewhat languished since it was discovered that one could virtualize the required hardware component, a
Re: (Score:2)
Sometimes routers can decrypt user messages. It is called a man in the middle attack. About any router capable of deep packet inspection can also achieve this withssome patches but they can also be programmed to record sessions to other storage devices which could be replayed later unencrypted.
Of course there are ways to avoid that but you have to be actually trying to avoid it in most cases. This may be less of an issue after the Citibank situation in 2006 or 2008, but still exist as a concern.