White House Declines To Support Bill That Would Let Judges Order Tech Companies To Break Encryption (reuters.com) 150
kheldan quotes a report from Consumerist: Senators Richard Burr and Dianne Feinstein are expected to introduce a bill regarding phone encryption as soon as this week, according to Reuters. The draft text will give judges authority to order tech companies to help law enforcement when asked to -- basically, it would be a newer piece of law to fall back on than the All Writs Act of 1789, which is the one that usually sees use for this sort of thing. However, sources tell Reuters that the bill "does not spell out what companies might have to do or the circumstances under which they could be ordered to help," and therefore really doesn't necessarily change the underlying discussions at play, both in the tech world and in government. Nor does the bill specify penalties for failing to comply. The FBI recently briefed Senators Richard Burr and Dianne Feinstein on the methods used to unlock the San Bernardino terrorist's iPhone 5c. According to Reuters, the White House is declining to offer public support for draft legislation Burr and Feinstein are currently working on because the administration is "deeply divided on the issue." The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input, if any, sources familiar with the discussions said.
Tell me again... (Score:1)
about how Obama is all in-support of the FBI and weaker consumer encryption?
Re:Tell me again... (Score:5, Informative)
http://www.macworld.com/articl... [macworld.com]
Re: (Score:2)
When it's framed that way it doesn't sound unreasonable, he's just listening to the wrong person. I'm sure there's someone there telling him that it isn't
President has pen, can write exec order to FBI (Score:5, Insightful)
Tell me again about how Obama is all in-support of the FBI and weaker consumer encryption?
The FBI is under the President's control. The Attorney General answers to the President. The FBI answers to the Attorney General (AG).
If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.
The President can not tell the FBI what laws to enforce or not enforce but he can sure as hell can tell them what policies to pursue or not pursue. He has his pen and can write an executive order to the FBI.
Re: (Score:3, Informative)
strangely, this President does pick what laws to enforce, and which not to.
Re: (Score:2)
Re: (Score:2)
Re:President has pen, can write exec order to FBI (Score:5, Funny)
If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.
LMFTFY: If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then shares with the President selected excerpts from their files that the President would really prefer didn't end up in the hands of GOP legislators or the press.
More flexibility after election (Score:2)
If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.
LMFTFY: If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then shares with the President selected excerpts from their files that the President would really prefer didn't end up in the hands of GOP legislators or the press.
Nope, that has not been true since 2012. As the President said back then, its his last election and he never has to face the voters again, and as a result he'll have more "flexibility" on issues after the election.
Cracking phones is a **policy** not a law ... (Score:2)
Didn't he tell the DEA to stop raiding medical marijuana facilities in states where it's legal, and the DEA kept right on doing it anyway? Not even the president can keep federal law enforcement in check these days.
You missed a very important point that I hoped to make clear. The President can not tell an agency to not enforce a **law**. He can tell an agency not to pursue a **policy**.
Those DEA raids are enforcing federal *law* not some agency policy.
The FBI asking Congress to ban cell phone encryption is a *policy*. The FBI can be told don't ask for that. Congress can be told, ignore what they asked for. The President just needs to pick up that phone and pen he likes to talk about.
Re: (Score:2)
I have many failures but interpreting this point is not one of them.
Sadly, it seems to be the case. :-)
... Cracking the terrorist's phone is up to the agency ...
The policy we are actually talking about: the FBI asking Congress to ban strong cell phone encryption. In other words telling Apple they can't make a phone that is too secure. Which is basically the FBI asking Congress for a new tool. The President could say no, you don't get such a tool.
Re: (Score:2)
Yeah, after grinding under his boot heel for 7 years he finally decides to throw people concerned about the Constitution a bone. Way to go, what a guy, good riddance.
Re: (Score:2)
I think the powers that be just want to know what's going on.
It's for your own good, anyway, you ungrateful bastard.
Re: (Score:2, Insightful)
He acts like the government is doing some kind of favour to the citizens by providing protection and that somehow the citizens are obligated to give up their liberties as payment.
It's the government's FUCKING JOB to protect its citizens. They don't get to have any kind of special credit for it and they certainly don't get to have any kind of special payment (ie. private data) for it.
This reminds me of a bit [youtube.com] that Chris Rock did a long time ago about niggers trying to take credit for shit that they are suppos
Re:Declines to support == Declines to oppose (Score:4, Insightful)
No, it's not indecision. It's that he's smart enough to know this bill is potentially toxic to freedom, will be hard to write so that it is't unconstitutional, and is a non-starter with the non-brain-dead populace. So he wants no part of it, and he especially wants to avoid being caught up in the frenzy following the output from another go-around of the old standard political syllogism, to wit:
We must do SOMETHING. (political furor du jour, for example, "won't someone PLEASE think of the children")
This is something we CAN do. (bill du jour, that is, difficult to get right and potentially toxic encryption legislation)
Therefore, me MUST do THIS. (pass this bogus bill).
Re: (Score:1)
But he's *not* smart enough. He doesn't care. He does whatever Valerie Jarrett tells him he should do.
Re: (Score:1)
A little civics lesson: A bill doesn't become law until the president signs it, or his veto is overridden. And there are not enough votes to override.
Re: (Score:3)
FYI if the president doesn't sign or veto it for ten days it becomes law without his signature.
Re: (Score:2)
I wonder what was the last time that happened? Do you know? I couldn't find the answer with a few minutes googling.
Re: Declines to support == Declines to oppose (Score:3, Insightful)
Whatever his motives there's one thing certain: Dianne Feinstein is consistent enemy of freedom and of the American people. She's an insult to the Senate and to the Constitution, the path to uphold and protect she breaks with every new freedom destroying bill she introduces.
She needs to be removed from the Senate an preferably tried for treason as the only thing she does is give aid and comfort to the enemies of freedom.
Exec Order #2231 (Score:2)
Translation: (Score:5, Insightful)
"The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input."
Keyword - "public"
Obama fully supports it but because it's a political season doesn't want the public backlash of not supporting civil rights.
If he didn't support it he'd be telling the FBI to back off.. He *IS* their boss after all...
Trump will make this a day zero thing! (Score:2)
Trump will make this a day zero thing!
The only thing worse than partisanship... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3)
Since you feel this way, can you vote for my candidate since - in your mind - it doesn't really matter who you vote for?
Re: (Score:2)
Their policies are all the same.
Re: (Score:2)
Re: (Score:2)
Sounds like Obama Did Some RFC On The Subject (Score:5, Insightful)
That's code for "Yeah, everybody told us the FBI is off in left-field on this one."
Sounds like cooler heads are starting to prevail, Thank Cthulu.
Not supporting & not signing are 2 different t (Score:5, Insightful)
This was before the CA shooting: https://theintercept.com/2015/... [theintercept.com]
Re: (Score:3)
O'bama? He's not Irish.
They are avoiding the right way (Score:2, Interesting)
Burr and Feinstein that is.
The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*. That way they can still maintain their operational integrity (i.e the warranted party does not know they are being monitored) and the rest of the populations free speech rights. This could easily be supported by All writs or Telecommunication intercept acts of many commonwealth countries.
The issue is here, that they just want to have access to
Re:They are avoiding the right way (Score:5, Insightful)
Wrong answer sparky! The right way is for the manufacturers to build in the strongest, hardest to break encryption and other safeguards against hacking into personal devices that they sell, and for the government, FBI, CIA, NSA, and law enforcement to realize that they can't have the backdoors and weakened encryption that they want, and that personal devices cannot be hacked even with a warrant or judges orders!
Private citizens deserve to have privacy of the info on their devices, and privacy from having their devices tracked by ANYONE! The government and above named agencies do NOT NEED TO KNOW EVERYTHING ON EVERYONE'S DEVICES. We have already gone way to far down the road to George Orwell's 1984, its time to stop the illegal tracking and invading people's privacy!!!
Re: (Score:2)
How does making an even bigger hole in the technical solution in the form of third party keys make it any better?
I'm not saying make a hole, I'm saying build a proper legal framework. Telecommunication Intercepts *had* a warrant process attached to them *already*, now law enforcement *does not need a warrant* to intercept your communications, already.
A warrant process *forces* law enforcement *back* into a state where they have to get a warrant to access encrypted communications.
It's not like these institutions never break the law and perform illegal monitoring or anything.
That's exactly the type of behaviour this kind of law would protect people from. Any evidence captured without a warrant would not be admiss
Re:They are avoiding the right way (Score:5, Insightful)
I literally have a letter on my desk explaining that the government allowed my personal information which was entrusted to them to leak.
Before that, I received a mailed copy of tax filings with the cover letter indicating that I had requested them. I hadn't, and when I called the IRS office that sent it, they neither had any evidence of who had made the request, nor even any record that a copy had been sent out.
And you expect me to trust them with maintaining confidentiality of encryption keys? What kind of idiot do you think I am? (We already know what kind of idiot you are)
Re: (Score:3)
I literally have a letter on my desk explaining that the government allowed my personal information which was entrusted to them to leak.
At least they disclosed that they fucked up - still very bad.
Before that, I received a mailed copy of tax filings with the cover letter indicating that I had requested them. I hadn't, and when I called the IRS office that sent it, they neither had any evidence of who had made the request, nor even any record that a copy had been sent out.
Don't attribute malice to incompetence.
And you expect me to trust them with maintaining confidentiality of encryption keys?
No, I'm expecting a legal framework that forces law enforcement to observe proper procedures so they can do their job and still protect freedom. If we were talking about trust we would not be talking about encryption at all.
(We already know what kind of idiot you are)
The kind who defends your right to anonymity and stays up most of the night trawling through legislation and writing letter to politicians.
What kind of idiot do you think I am?
The kind of idiot who criticizes someone for defe
Re: (Score:3, Insightful)
Your mistake is expecting the government to have third-party keys, and not abuse them.
Various levels of government have already shown they abhor the minor inconvenience of requesting a warrant. They don't like having their activities be public, lest the people question them. W had a virtual rubber-stamp FISA court, but he still went around it because he didn't want his anti-terrorism activities exposed. And they really hate when they're told no.
A 21st century Clipper chip is not happening.
Re: (Score:2)
Your mistake is expecting the government to have third-party keys, and not abuse them.
Various levels of government have already shown they abhor the minor inconvenience of requesting a warrant.
Good, then make it a major inconvenience. Should put a sizeable dent in what is going on now.
A 21st century Clipper chip is not happening.
The Clipper Chip did not require a warrant for access to the communications. I think that is the point many people are missing. I don't want communications to be accessed without a warrant as opposed to having access to telecommunications without one.
Re: (Score:2)
Requiring a warrant doesn't make the system that you're describing "not a backdoor".
I am crying with frustration over your stupidity, we are fucking doomed.
Re: (Score:2, Interesting)
I already am on the record for defending your rights for *access* to encryption technology and the last thing I want is anybody oppressed.
Then what the fuck is this:
The right way is to have an office of the judicature maintain a set of third party keys
That's you, being "on the record" as advocating they COMPLETELY fuck it up. That exact thing has been tried before. The Clipper Chip. It was a clusterfuck. Know your history. Poking a hole in everyone's locks does NOT make anyone safer. As those holes will most assuredly be compromised, your reducing the security of a lot of people and giving out sensitive information to hackers and terrorists.
You have advocated people no longer having the right to hard encryption, but inste
Re: (Score:3)
That's you, being "on the record" as advocating they COMPLETELY fuck it up.
Intelligence agencies are going to suck up every bit of intelligence they can until they are forced to comply with a process to get it. Doesn't the fact that they are ignoring the constitution tell you where things are right now?
The Clipper Chip.
DIDN'T REQUIRE A WARRANT
Know your history. Poking a hole in everyone's locks does NOT make anyone safer. As those holes will most assuredly be compromised, your reducing the security of a lot of people and giving out sensitive information to hackers and terrorists.
FFS, they don't need a warrant now.I AM NOT ARGUING FOR BACKDOORS, I AM ARGUING FOR THE USE OF A WARRANT - THAT IS THE POINT jeeez
You have advocated people no longer having the right to hard encryption, but instead only having access to SHIT encryption full of mandated holes.
No I'm not. I am arguing for a means to control these agencies accessing the data in the first place, encrypted or not. I know
Re: (Score:2)
I AM NOT ARGUING FOR BACKDOORS, I AM ARGUING FOR THE USE OF A WARRANT
A warrant to go use the backdoor. ...Unless I'm REALLY mis-reading your statements. That backdoor doesn't exist yet you know. Yes, they can essentially go snoop on a LOT of information about you, sans any real warrant, (Legally, they still need a warrant, but I think we both know that's been worked around).
BUT. Hard encryption is still beyond their power to break. They can't do it on any meaningful scale. Now, if they had Osama Bin Laden's hard drive and he wasn't an idiot, then they might fire up some
Re: (Score:2)
Instead of not using a warrant to use a back door, that is correct.
Show me a piece of software that doesn't have bugs. Backdoors can be placed in software unintentionally or intentionally.
Why don't you
Re: (Score:2)
And you expect me to trust them with maintaining confidentiality of encryption keys?
More to the point, they've already proven that they can't even be trusted with maintaining the confidentiality of physical keys [schneier.com].
Re: (Score:3, Insightful)
"The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*."
No. That's the Clipper Chip all over again. It was a doomed idea in the 1990s. It's just as doomed in the 2010's.
Re: (Score:3)
Aaaand, fail. If you had bothered to read up on what actual security experts are saying, you would know that your plan is bogus and unworkable in practice.
Re: (Score:2)
You're missing the point. If there is a legal framework to manage access then there is also a legal framework for legal protections that violate that access. You're arguing that law enforcement should not need a warrant to access the data because you haven't applied you imagination to a technical solution.
It's software and you're trying to tell me that three way encryption won't work and that we should just give up. These attacks on privacy will continue until a workable solution is in place. Do you propos
Re: (Score:2)
No, I am not. First, a "legal frameworks" cannot fix this. Or have you forgotten that hacking is already illegal? And second, have you actually bothered to find out what the actual experts (and basically _all_ of them) are saying? Looks like you have not, because what you say is clueless bullshit.
Re: (Score:2)
No, I am not. First, a "legal frameworks" cannot fix this.
Yes you are and yes they can. They can because it is those laws that define how these organisations behave. If you weren't you would have already written to your president and demand that the wartime powers granted to Bush and Obama after 911 be wound back because they were countersigned by Bush's lawyer instead of the Attorney General. You would demand that these agencies behave constitutionally. Intelligence agencies are ignoring the constitution because you didn't defend your constitution at the right m
Re: (Score:2)
I have done enough work in that area to be over it. I'm not suggesting the technology is perfect or even exists. What I am saying is that if you do not define a *legal* mechanism for policing to do their work they will continue to lobby for unfettered access to everyone's communication. Based on their record of success so far, they will get their way.
You are mistaken on both counts. The arguments why this will not and cannot work are good enough that "I am over it" does not constitute a valid counter-argument. As to them getting unfettered access, that is rather unlikely without a full, catastrophic abolishment of civil rights. The economic, political and legal ramifications would be extreme. It is one thing for an intelligence agency to have access, at high cost and effort, and quite another thing for law enforcement to have it on the cheap. The second
Re: (Score:2)
You are arguing for establishing fascism slowly instead of faster. I will never get behind something as evil as that.
OK, there is a massive disconnect going on then because that is the opposite of my intention. There is no way I support fascism either. Protecting Human Rights is my number one concern.
As to them getting unfettered access, that is rather unlikely without a full, catastrophic abolishment of civil rights. The economic, political and legal ramifications would be extreme. It is one thing for an intelligence agency to have access, at high cost and effort, and quite another thing for law enforcement to have it on the cheap.
This is probably it, I see I did mention police in my OP. Damn posting tired. I am referring to TLAs accessing this data with a warrant. There is no way I would want ordinary police access to this data.
You are mistaken on both counts. The arguments why this will not and cannot work are good enough that "I am over it" does not constitute a valid counter-argument.
I've secured the largest banks in the world to ISO 17799, designed and implemented AP audits as well as designed security for
Re: (Score:2)
No. He is arguing that you can't have a backdoor without weakening security overall.
I am not arguing for a back door.
And the agencies already have more information than they could handle. They need to learn to work with their already collected data. They shouldn't even bother with after the fact information gathering.
Agree, imagine if they had to go through a warrant process to collect it at all, they would not collect it.
You might want to read up on the clipper chip and similar desastrous implementations of the past which are the main culprit why we had so many trouble with SSL so far. The solution is to crank up security and get the damn agencies to work instead of dreaming of the land where information flows to them like honey. The attacks on privacy will never stop as it is the easy way out for all information gatherer, governments (friendly and not so friendly) and everyone else.
I did, thank you. I'd suggest that you all have a read of your own Patriot act and understand how you email, sms, voicemail messages can be intercepted under that Act without a warrant whereas it was a requirement before. Powers of these kinds cross multiple bills.
Re: (Score:2)
I am not arguing for a back door.
Unless you are completely clueless as to how IT security actually works, you are.
Re: (Score:2)
I am not arguing for a back door.
Unless you are completely clueless as to how IT security actually works, you are.
The backdoors will exist no matter what. As to their accessibility, that is different.
Have you read this proposed bill yet? Have you seen the meta data retention clauses in Section 4 provide no provisions to protect your data by encrypting it? This is what I was referring to as it is a common characteristic in these laws as they have been proposed. What I suggested is completely appropriate in that context and would slow the slide into fascism.
You also cannot deny that this data is a target for organize
Re:They are avoiding the right way (Score:4, Insightful)
Burr and Feinstein that is.
The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*.
Problem those keys will leak and become public. It happened with physical keys, it will happen more easily with binary keys that can be just copied.
Re: (Score:2)
Problem those keys will leak and become public. It happened with physical keys, it will happen more easily with binary keys that can be just copied.
Agreed, however keys can be revoked, the important thing to remember is - we don't trust any of them who hold those keys, only a way to access them and to force the police to get a warrant.
IIRC, I seem to remember you writing some pretty cool audio analysis software - I hope that is going well for you.
Re:They are avoiding the right way (Score:5, Insightful)
I am sorry, but you are severely lacking in the technical knowledge of how these things work. AND you got modded a +5-Interesting on Slashdot of all places? Clearly there are a lot of folks that think in a similar vein... else I guess this would have been a open&shut case. I will try to dumb it down for you in non-IT. Sorry if I am coming off mean, but that is my emotion right now on your "technical solution" to a human problem.
Imagine home builders started making very secure homes. They aren't impossible to break into, just very very difficult. Whether you have a warrant, "reasonable suspicion", or just a criminal is irrelevant and a separate topic. The house is really really hard to break into. So the city council says that all builders that build in their district must provide a master key to be kept in a safe in city hall. So they have a set of master keys to every house in the city. Assume the perfect legal framework as your described.
You see NO issue in the above concept? None at all? You don't think a criminal will be able to eventually duplicate a master key? You don't think people's property values will go down and folks won't live there because of this?
How about a better technical solution to what you describe. Every key generator registers new keys/passwords/personal Q&As in the legal lockbox of yours to be used by legal/moral means only. Drop the complexity of encrypting & storing data with 2 keys. If you are going to be looking up a master key for one device, you might as well have the database just find the device's main key. Remove the risk of a crook figuring out a master key and robbing everyone.
Do you really think this is ok? This is wrong! We shouldn't be forced to have to keep our doors open for all our neighbors. The occasional inability to get into our neighbor's house for an emergency is the small price we pay for that freedom.
People are members of society, not peasants of the collective. We are all voluntary stakeholders in our overall betterment, and should not be treated like chained slaves or prisoners staring at the shoulders of one before. Democracy is a consensus, a collective bargain. Yes, it is fragile, but that is what makes it so great. We all agree to work together for our individual and collective betterment. Not one or the other. And where those goals do not meet, the misguided agreements fall apart and no one is sacrificed.
I think the concept that the "People" have the right to get into your personal stuff, is just wrong. They can have a right to try, but they don't have a right to be successful nor have it made easy. That is not a cornerstone or proper foundation of a good society. And this is before the absolute power corrupts, politicians will abuse this, criminals will hack it, mistakes happen, and bureaucracy buries in "human problems" come along.
Re: (Score:2)
The house is really really hard to break into. So the city council says that all builders that build in their district must provide a master key to be kept in a safe in city hall
You've already misunderstood the issue just like 99% of the people moaning about this case. The warrant wasn't for Apple to hand over the keys to the castle, it was for them to simply assist the FBI. The two most popular pieces of misinformation in this case are that the FBI wanted a permanent backdoor into IOS, and that the FBI somehow wants to "outlaw encryption math" (seriously, that last one is that silly). All the FBI needed was an easy way to disable the self destruct runtime process that IOS uses fo
Re: (Score:2)
I am sorry, but you are severely lacking in the technical knowledge of how these things work. AND you got modded a +5-Interesting on Slashdot of all places?
See here [slashdot.org] for my qualifications. Perhaps they knew more than you and who ever modded you up.
Clearly there are a lot of folks that think in a similar vein... else I guess this would have been a open&shut case.
I know you haven't made a conscious misrepresentation of the argument, however it is a mis-representation of the argument all the same. The myth is that this entire fiasco is about access to your encrypted phone, but it's also about the unencrypted data products it produces.
I will try to dumb it down for you in non-IT. Sorry if I am coming off mean, but that is my emotion right now on your "technical solution" to a human problem.
Well, I'm not a cryptographer however I have enough experience in the field to know that I prefer creating something and that security work is a
Re:They are avoiding the right way (Score:5, Informative)
Third party keys are never safe, here's two real-world examples:
The $8 key that can open New York City to terrorists [nypost.com]
Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos [wired.com]
For digital keys all that needs to happen is the bad guys to identify who has access to them then kidnap their family members - "give us the keys or your daughter dies".
Re: (Score:2)
The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*.
No, that's complete and total bullshit, and you're demonstrating that you, just like apparently politicians, either don't understand the technology involved, or just don't give a damn whether it actually works or not. You cannot have a 'backdoor' into an encryption algorithm, not in any way, shape, or form, without rendering that algorithm completely and totally compromised. There is NO EXCEPTION to this. ANY so-called 'backdoor' can and will be exploited, sooner than anyone would think. Even if it wasn't s
Re: (Score:2)
The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*.
No, that's complete and total bullshit, and you're demonstrating that you, just like apparently politicians, either don't understand the technology involved, or just don't give a damn whether it actually works or not.
You guys keep missing the point which is *A WARRANT* should be the first requirement to even access the encrypted information.
You cannot have a 'backdoor' into an encryption algorithm, not in any way, shape, or form, without rendering that algorithm completely and totally compromised. There is NO EXCEPTION to this. ANY so-called 'backdoor' can and will be exploited, sooner than anyone would think.
I know, did I say it was your encryption keys. I am not suggesting backdoors, I am suggesting that they get a warrant and adhere to due process.
Even if it wasn't somehow exploited by criminals and/or terrorists,it would inevitably be misused by the powers-that-be to violate the privacy of citizens who have neither broken any laws nor intend to break any laws.
Explain that to the telecommunication companies that have to maintain an unencrypted database of your online activities. How will you protect access to that data?
Why do you hate America so much that you would want this, then?
I don't hate America at all, Americans are my friends. I love freedom and democr
Re: (Score:2)
*FACEPALM* But that is EXACTLY the goddammed point! That there is a warrant to access it is IRRELEVANT, you are by definition CREATING A VULNERABILITY by creating that third party access point TO BEGIN WITH. Holy shit, how fucking hard is this for you to understand?
It is RELEVANT because it makes anything other than warranted access to you information inadmissable as evidence in a case against you. I've read the actual proposed bill, I know what it will do.
Everything is in plain text now and the proposed bill doesn't change that. If you made government recognise encryption then it increases the scope to use encryption for all of your government interactions. Access to your communications would be via a warrant - which is better than what we have now, and you would h
Re: (Score:2)
If they cannot get access to people's communications without a warrant, then what would be the point?
That is how it works without encryption.
Re: (Score:2)
If what you're saying is true, then thanks.
Also, sorry about the Second Law of Thermodynamics. :(
Re: (Score:2)
If what you're saying is true, then thanks.
I appreciate you saying.
Also, sorry about the Second Law of Thermodynamics. :(
Hah! Nicely done!
Re: (Score:2)
Your posting as an AC and you expect us to believe you do anything of the sort. Get a fucking life. And I really doubt you have done more then many of us here. Plus the fact you are defending giving the government backdoor access to the modern day equivalent of our "papers and effects" shows just how much you really care about our constitutionally protected rights.
Re: (Score:2)
"I doubt you have spent as much time as I have defending civil rights of people such as yourself, " Your posting as an AC and you expect us to believe you do anything of the sort. Get a fucking life. And I really doubt you have done more then many of us here. Plus the fact you are defending giving the government backdoor access to the modern day equivalent of our "papers and effects" shows just how much you really care about our constitutionally protected rights.
No, I posted as AC by mistake because I'm tired. Those are my words. I am not defending backdoor access to encryption.
(this is not directed at you Holi - I'm done with ACs for now) If everyone here wants to fix this problem and have unfettered free speech protected by unbreakable encryption without any monitoring then go back to George.WartimePresident's letters of authorizations for emergency powers to pass acts like the TSA and wind that back. In a showing of how bi-partisan this approach is Obama didn'
Re: (Score:2)
With defenders like you, who needs attackers?
You're a moron, and an example of how we got into this mess. You've never participated in democracy other than to vote and you don't even know much about that.
Re: (Score:2)
Re: (Score:2)
The keys need only be leaked once, then they are leaked forever.
Revoke the keys
an embarrassment (Score:3)
I'm sure that these smart Congressional interns will easily be able to understand and improve upon the original All Writs Act that the Founding Fathers came up with, after years-worth of thought and debate among the intellectual giants of that age.
Feinstein is evil (Score:5, Insightful)
Why is it that everything I hear from Feinstein is anti-liberty, anti-individual, and pro-goverment-power? She is the modern poster child for exactly the kind of person that the founders fought the revolution in order to rid themselves of. Be gone, you power-mad, anti-liberty, disaster of a legislator.
Re: (Score:2)
Why is it that everything I hear from Feinstein is anti-liberty, anti-individual, and pro-goverment-power? She is the modern poster child for exactly the kind of person that the founders fought the revolution in order to rid themselves of. Be gone, you power-mad, anti-liberty, disaster of a legislator.
All that you said is true, yet she is still alive, so clearly people don't care that much.
If they did, someone would either have run her out of office, or simply shot her.
Re: (Score:2)
Re: (Score:2)
Do you really think your life would get better if you overthrew the US Government?
In the short term? No.
In the long term? Yes.
That being said, I don't yet think that overthrowing them is required. It may come to that, but I'd much prefer a peaceful solution.
Re: (Score:2)
Maybe it's because Americans don't know what it is like to truly live under a tyrannical rule as we really don't, and while or government does like to test (and break) the limits the Constitution places on them, it does not oppress the people com[pared to what true tyrants and dictators have done in the past. Do you really think your life would get better if you overthrew the US Government?
Sounds like you're not in one of those groups who have been oppressed in the US just like the way tyrants and dictators have done elsewhere. Like black people http://www.theatlantic.com/mag... [theatlantic.com] or Communists https://en.wikipedia.org/wiki/... [wikipedia.org] https://en.wikipedia.org/wiki/... [wikipedia.org] or socialists https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
The problem is that people who love liberty are mostly nonviolent people.
Yes, that is true...
Look at the American Revolution, there were many years of harsh and unjust treatment of the American Colonies leading up to the Declaration of Independence.
If you read it (and everyone should, it is a beautiful document), it lays out very plainly the reasons for taking up arms to remove the Crown by force from America. It wasn't a decision taken lightly, but there does come a point where people get pushed too far.
Are we there today? No, of course not. But I don't think we're as far aw
But what if it was too late already (Score:3)
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
I see two, or maybe three levels to this game:
What if done correctly? (-ish)
I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
In short it is possible to do dual access securely, but the other question is what the result of such control means. Is it better for the public, better for the country, better for you?
Why do they want you to think this is what is going on?
I don't believe encryption has been broken. The math is too strong. The technology required to brute force a crack of the encryption is decades away optimistically, perhaps impossible. However, the ability to compromise the apps and updates installed on active suspects' phones isn't nearly as unattainable. If the FBI, NSA or DHS wants to monitor your activity they don't need to crack the encryption, just get the phone manufacturer to sign a compromising piece of software you already probably automatically trust. The simple fact is that if you're a suspect and you've allowed any app or update then you're probably already compromised. They'd rather you didn't know that. I'm not sure I want you (the potential criminal or terrorist) to know it, but I believe truth is vital even if if it isn't comfortable.
What if it is worse?
Lets assume it is worse than we guess. Perhaps secret letters and secret courts have already done such a thing. The recent farce with the FBI vs Apple could be just that, a farce. It could be a deliberate public show (the FBI insisted it be public instead of secret as requested by the Apple) designed to keep people from considering how comprehensively the privacy of the average citizen has already been compromised. Consider the possibility that everything you or your family does with a mobile phone is already available to law enforcement at will.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
This is exactly the myth I was referring to. Your comparison to the TSA keys would make sense only if each suitcase had a different and unique key that the TSA could only get if it had three different organizations provide their part of that secret unique key for that specific suitcase.
Like so many people, you're assuming that the government would control one key which could unlock all phones. That's exactly wrong. The government wouldn't control a key, or even half a key, but at most one third of a key, an
Re: (Score:2)
Re: (Score:2)
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
So your proposing the government keep databases of billions of keys spread across multiple agencies and you someone think this won't turn into a huge fucking security disaster?
No, I'm not proposing that, as indicated in the first sentence of the start of this thread. In fact, assuming that we're discussing the bigger game and how the best way to manage multiple party access, I didn't even specify the government keep the whole keys:
For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
You must have missed that sentence since it sounds like you were assuming I think that it is a good idea that the government has control of all the parts of any key necessary to unlock a phone.
Nor did I suggest at any point that a disaster was anything
Re: (Score:2)
Re: (Score:2)
You're the one who isn't getting it. You're fighting the wrong battle, and even if you could win, you're losing the war.
Every person who relies on this "can't be done securely" argument is helping the government case.
When you rest your argument against government interference in encryption on the idea that it can't be done securely, all it takes is one reasonable method convincing legislators that your argument is completely invalid. The way I've outlined is what I consider a best case scenario out of dozen
Re: (Score:2)
Five years from now, Apple and Google will produce phones and push updates so that every phone is encrypted with keys that Apple or Google controls. People won't stop buying iPhones or Android phones.
Wow. I so hope I'm wrong. </crying>.
Re: (Score:2)
How it works (Score:2)
"I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you ..."
Just imagine how you would do it for PGP or SSH. Oh, you want to generate a new key? not permitted. You need to go to the DMZ, pay $50 and talk to their crypto people and they'll issue you your public/private pair and submit the backdoors to the appropriate government agencies.
I guess you could have a master crypto library with a master key
Re: (Score:2)
I was talking solely about OS encryption, partly because that seems to be the focus of legal discussions, but also because application level encryption is a much lengthier and undeniably messy discussion.
Open source software makes most of the rules lawmakers might try to impose pointless. Further, even if they did manage to impose some sort of rule, the ability of people not subject to the jurisdiction of the lawmakers to implement good cryptography in their applications goes unabated. It makes the
Re: (Score:2)
Anonymous is a coward for a reason. When I say: A is true, so lets talk about B then it's silly to say "But A is true so you're wrong!"
Re: (Score:2)
First:
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
So, essentially most of what you've said is some sort of agreement with my initial premise. That's fine, but that's not the point. I do appreciate that you bring up app encryption:
The app must then send a unique key to the government whenever the user changes his key.
You then go on to detail the ways that can be defeated, but I don't think it is possible to keep anyone who really wants good encryption from having it, so I don't see that as a flaw, and honestly I doubt Congress will either.
That will only get you the low-level scum
Do you honestly think the bill is about getting high value criminal and terrorist targets? I'm conv
Publicly!!! (Score:2)
What if Apple doesn't own the encryption? (Score:2)
Scumbag Journalism (Score:2)
The draft text will give judges authority to order tech companies to help law enforcement when asked to
And the summary uses the phrase "judges order tech companies to break encryption". I don't know which one of these idiot "tech websites" started this rhetoric, but it's getting really annoying. I can't figure out if they are willing Apple propagandists, or just completely retarded.
Good encryption can't be broken - It's a mathematical algorithm. What this bill is talking about is a warrant to get around security measures. Apple's idiotic anti-theft kill switch (that was also mandated by a nanny-state law
Better idea: Repeal all-writs (Score:2)
I really think giving the courts so much power is a mistake. The law is not some special thing of such imporance that it always needs enforcement. The courts view into private matters really is too pervasive and too powerful.
Courts powers need to be extremely limited. The only people that should have no ability to hide anything from courts is the government itself. So maybe they should ammend all writs to only apply to writs where the subject is the government itself.
Re: (Score:2)
Could not agree more. It is time to remove the US from the modern, tech-centric world once and for all.
Re: (Score:2)