Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption Government Iphone Privacy Security The Courts United States Your Rights Online News Technology

White House Declines To Support Bill That Would Let Judges Order Tech Companies To Break Encryption (reuters.com) 150

kheldan quotes a report from Consumerist: Senators Richard Burr and Dianne Feinstein are expected to introduce a bill regarding phone encryption as soon as this week, according to Reuters. The draft text will give judges authority to order tech companies to help law enforcement when asked to -- basically, it would be a newer piece of law to fall back on than the All Writs Act of 1789, which is the one that usually sees use for this sort of thing. However, sources tell Reuters that the bill "does not spell out what companies might have to do or the circumstances under which they could be ordered to help," and therefore really doesn't necessarily change the underlying discussions at play, both in the tech world and in government. Nor does the bill specify penalties for failing to comply. The FBI recently briefed Senators Richard Burr and Dianne Feinstein on the methods used to unlock the San Bernardino terrorist's iPhone 5c. According to Reuters, the White House is declining to offer public support for draft legislation Burr and Feinstein are currently working on because the administration is "deeply divided on the issue." The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input, if any, sources familiar with the discussions said.
This discussion has been archived. No new comments can be posted.

White House Declines To Support Bill That Would Let Judges Order Tech Companies To Break Encryption

Comments Filter:
  • about how Obama is all in-support of the FBI and weaker consumer encryption?

    • Re:Tell me again... (Score:5, Informative)

      by Edis Krad ( 1003934 ) on Thursday April 07, 2016 @07:04PM (#51864511)
      Glad to
      http://www.macworld.com/articl... [macworld.com]
      • by guises ( 2423402 )
        The way it's framed in the article it really just sounds like naivete. Someone told him that it was possible to "create a system where the encryption is as strong as possible, the key is as secure as possible, it’s accessible by the smallest number of people possible for the subset of issues that we agree is important." And he believed that person.

        When it's framed that way it doesn't sound unreasonable, he's just listening to the wrong person. I'm sure there's someone there telling him that it isn't
    • by drnb ( 2434720 ) on Thursday April 07, 2016 @07:35PM (#51864681)

      Tell me again about how Obama is all in-support of the FBI and weaker consumer encryption?

      The FBI is under the President's control. The Attorney General answers to the President. The FBI answers to the Attorney General (AG).

      If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.

      The President can not tell the FBI what laws to enforce or not enforce but he can sure as hell can tell them what policies to pursue or not pursue. He has his pen and can write an executive order to the FBI.

      • Re: (Score:3, Informative)

        strangely, this President does pick what laws to enforce, and which not to.

        • You got modded down, but this is clearly true. He ordered the INS to stay away from the parents of anchor babies in November 2014. This is "phone and pen" stuff. The truth is not up for debate.
          • He's definitely right. look at the deferred deportation program for illegal aliens... or the fact they release illegal aliens from prison INTO the US instead of deporting them.
      • by ZipK ( 1051658 ) on Friday April 08, 2016 @08:15AM (#51867147)

        If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.

        LMFTFY: If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then shares with the President selected excerpts from their files that the President would really prefer didn't end up in the hands of GOP legislators or the press.

        • If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.

          LMFTFY: If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then shares with the President selected excerpts from their files that the President would really prefer didn't end up in the hands of GOP legislators or the press.

          Nope, that has not been true since 2012. As the President said back then, its his last election and he never has to face the voters again, and as a result he'll have more "flexibility" on issues after the election.

    • Yeah, after grinding under his boot heel for 7 years he finally decides to throw people concerned about the Constitution a bone. Way to go, what a guy, good riddance.

  • or something like that. don't need those congress-critters anymore.
  • Translation: (Score:5, Insightful)

    by Anonymous Coward on Thursday April 07, 2016 @07:01PM (#51864491)

    "The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input."
    Keyword - "public"
    Obama fully supports it but because it's a political season doesn't want the public backlash of not supporting civil rights.

    If he didn't support it he'd be telling the FBI to back off.. He *IS* their boss after all...

  • Trump will make this a day zero thing!

  • by TsuruchiBrian ( 2731979 ) on Thursday April 07, 2016 @07:34PM (#51864677)
    is bipartisanship. Democrats and Republicans really only come together when it is time to give themselves a raise or shit like this. Can we go back to gridlock?
  • by macs4all ( 973270 ) on Thursday April 07, 2016 @07:40PM (#51864703)
    Administration is Deeply Divided on the issue.

    That's code for "Yeah, everybody told us the FBI is off in left-field on this one."

    Sounds like cooler heads are starting to prevail, Thank Cthulu.
  • by sasparillascott ( 1267058 ) on Thursday April 07, 2016 @07:42PM (#51864709)
    Its important to remember, with regards to the this administration which has been orchestrating and allowing this all along. That not outright supporting the bill (which would immediately loose a bunch GOP support - because hey, O'bama) versus saying he wouldn't sign it are 2 very different things. O'bama is no friend of public security / privacy.

    This was before the CA shooting: https://theintercept.com/2015/... [theintercept.com]
  • Burr and Feinstein that is.

    The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*. That way they can still maintain their operational integrity (i.e the warranted party does not know they are being monitored) and the rest of the populations free speech rights. This could easily be supported by All writs or Telecommunication intercept acts of many commonwealth countries.

    The issue is here, that they just want to have access to

    • by Anonymous Coward on Thursday April 07, 2016 @08:26PM (#51864953)

      Wrong answer sparky! The right way is for the manufacturers to build in the strongest, hardest to break encryption and other safeguards against hacking into personal devices that they sell, and for the government, FBI, CIA, NSA, and law enforcement to realize that they can't have the backdoors and weakened encryption that they want, and that personal devices cannot be hacked even with a warrant or judges orders!

      Private citizens deserve to have privacy of the info on their devices, and privacy from having their devices tracked by ANYONE! The government and above named agencies do NOT NEED TO KNOW EVERYTHING ON EVERYONE'S DEVICES. We have already gone way to far down the road to George Orwell's 1984, its time to stop the illegal tracking and invading people's privacy!!!

    • by Anonymous Coward on Thursday April 07, 2016 @08:36PM (#51865007)

      I literally have a letter on my desk explaining that the government allowed my personal information which was entrusted to them to leak.

      Before that, I received a mailed copy of tax filings with the cover letter indicating that I had requested them. I hadn't, and when I called the IRS office that sent it, they neither had any evidence of who had made the request, nor even any record that a copy had been sent out.

      And you expect me to trust them with maintaining confidentiality of encryption keys? What kind of idiot do you think I am? (We already know what kind of idiot you are)

      • by MrKaos ( 858439 )

        I literally have a letter on my desk explaining that the government allowed my personal information which was entrusted to them to leak.

        At least they disclosed that they fucked up - still very bad.

        Before that, I received a mailed copy of tax filings with the cover letter indicating that I had requested them. I hadn't, and when I called the IRS office that sent it, they neither had any evidence of who had made the request, nor even any record that a copy had been sent out.

        Don't attribute malice to incompetence.

        And you expect me to trust them with maintaining confidentiality of encryption keys?

        No, I'm expecting a legal framework that forces law enforcement to observe proper procedures so they can do their job and still protect freedom. If we were talking about trust we would not be talking about encryption at all.

        (We already know what kind of idiot you are)

        The kind who defends your right to anonymity and stays up most of the night trawling through legislation and writing letter to politicians.

        What kind of idiot do you think I am?

        The kind of idiot who criticizes someone for defe

        • Re: (Score:3, Insightful)

          by operagost ( 62405 )

          Your mistake is expecting the government to have third-party keys, and not abuse them.

          Various levels of government have already shown they abhor the minor inconvenience of requesting a warrant. They don't like having their activities be public, lest the people question them. W had a virtual rubber-stamp FISA court, but he still went around it because he didn't want his anti-terrorism activities exposed. And they really hate when they're told no.

          A 21st century Clipper chip is not happening.

          • by MrKaos ( 858439 )

            Your mistake is expecting the government to have third-party keys, and not abuse them.

            Various levels of government have already shown they abhor the minor inconvenience of requesting a warrant.

            Good, then make it a major inconvenience. Should put a sizeable dent in what is going on now.

            A 21st century Clipper chip is not happening.

            The Clipper Chip did not require a warrant for access to the communications. I think that is the point many people are missing. I don't want communications to be accessed without a warrant as opposed to having access to telecommunications without one.

      • And you expect me to trust them with maintaining confidentiality of encryption keys?

        More to the point, they've already proven that they can't even be trusted with maintaining the confidentiality of physical keys [schneier.com].

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      "The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*."

      No. That's the Clipper Chip all over again. It was a doomed idea in the 1990s. It's just as doomed in the 2010's.

    • by gweihir ( 88907 )

      Aaaand, fail. If you had bothered to read up on what actual security experts are saying, you would know that your plan is bogus and unworkable in practice.

      • by MrKaos ( 858439 )

        You're missing the point. If there is a legal framework to manage access then there is also a legal framework for legal protections that violate that access. You're arguing that law enforcement should not need a warrant to access the data because you haven't applied you imagination to a technical solution.

        It's software and you're trying to tell me that three way encryption won't work and that we should just give up. These attacks on privacy will continue until a workable solution is in place. Do you propos

        • by gweihir ( 88907 )

          No, I am not. First, a "legal frameworks" cannot fix this. Or have you forgotten that hacking is already illegal? And second, have you actually bothered to find out what the actual experts (and basically _all_ of them) are saying? Looks like you have not, because what you say is clueless bullshit.

          • by MrKaos ( 858439 )

            No, I am not. First, a "legal frameworks" cannot fix this.

            Yes you are and yes they can. They can because it is those laws that define how these organisations behave. If you weren't you would have already written to your president and demand that the wartime powers granted to Bush and Obama after 911 be wound back because they were countersigned by Bush's lawyer instead of the Attorney General. You would demand that these agencies behave constitutionally. Intelligence agencies are ignoring the constitution because you didn't defend your constitution at the right m

            • by gweihir ( 88907 )

              I have done enough work in that area to be over it. I'm not suggesting the technology is perfect or even exists. What I am saying is that if you do not define a *legal* mechanism for policing to do their work they will continue to lobby for unfettered access to everyone's communication. Based on their record of success so far, they will get their way.

              You are mistaken on both counts. The arguments why this will not and cannot work are good enough that "I am over it" does not constitute a valid counter-argument. As to them getting unfettered access, that is rather unlikely without a full, catastrophic abolishment of civil rights. The economic, political and legal ramifications would be extreme. It is one thing for an intelligence agency to have access, at high cost and effort, and quite another thing for law enforcement to have it on the cheap. The second

              • by MrKaos ( 858439 )

                You are arguing for establishing fascism slowly instead of faster. I will never get behind something as evil as that.

                OK, there is a massive disconnect going on then because that is the opposite of my intention. There is no way I support fascism either. Protecting Human Rights is my number one concern.

                As to them getting unfettered access, that is rather unlikely without a full, catastrophic abolishment of civil rights. The economic, political and legal ramifications would be extreme. It is one thing for an intelligence agency to have access, at high cost and effort, and quite another thing for law enforcement to have it on the cheap.

                This is probably it, I see I did mention police in my OP. Damn posting tired. I am referring to TLAs accessing this data with a warrant. There is no way I would want ordinary police access to this data.

                You are mistaken on both counts. The arguments why this will not and cannot work are good enough that "I am over it" does not constitute a valid counter-argument.

                I've secured the largest banks in the world to ISO 17799, designed and implemented AP audits as well as designed security for

    • by Plumpaquatsch ( 2701653 ) on Friday April 08, 2016 @04:03AM (#51866393) Journal

      Burr and Feinstein that is.

      The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*.

      Problem those keys will leak and become public. It happened with physical keys, it will happen more easily with binary keys that can be just copied.

      • by MrKaos ( 858439 )

        Problem those keys will leak and become public. It happened with physical keys, it will happen more easily with binary keys that can be just copied.

        Agreed, however keys can be revoked, the important thing to remember is - we don't trust any of them who hold those keys, only a way to access them and to force the police to get a warrant.

        IIRC, I seem to remember you writing some pretty cool audio analysis software - I hope that is going well for you.

    • by orlanz ( 882574 ) on Friday April 08, 2016 @08:09AM (#51867119)

      I am sorry, but you are severely lacking in the technical knowledge of how these things work. AND you got modded a +5-Interesting on Slashdot of all places? Clearly there are a lot of folks that think in a similar vein... else I guess this would have been a open&shut case. I will try to dumb it down for you in non-IT. Sorry if I am coming off mean, but that is my emotion right now on your "technical solution" to a human problem.

      Imagine home builders started making very secure homes. They aren't impossible to break into, just very very difficult. Whether you have a warrant, "reasonable suspicion", or just a criminal is irrelevant and a separate topic. The house is really really hard to break into. So the city council says that all builders that build in their district must provide a master key to be kept in a safe in city hall. So they have a set of master keys to every house in the city. Assume the perfect legal framework as your described.

      You see NO issue in the above concept? None at all? You don't think a criminal will be able to eventually duplicate a master key? You don't think people's property values will go down and folks won't live there because of this?

      How about a better technical solution to what you describe. Every key generator registers new keys/passwords/personal Q&As in the legal lockbox of yours to be used by legal/moral means only. Drop the complexity of encrypting & storing data with 2 keys. If you are going to be looking up a master key for one device, you might as well have the database just find the device's main key. Remove the risk of a crook figuring out a master key and robbing everyone.

      Do you really think this is ok? This is wrong! We shouldn't be forced to have to keep our doors open for all our neighbors. The occasional inability to get into our neighbor's house for an emergency is the small price we pay for that freedom.

      People are members of society, not peasants of the collective. We are all voluntary stakeholders in our overall betterment, and should not be treated like chained slaves or prisoners staring at the shoulders of one before. Democracy is a consensus, a collective bargain. Yes, it is fragile, but that is what makes it so great. We all agree to work together for our individual and collective betterment. Not one or the other. And where those goals do not meet, the misguided agreements fall apart and no one is sacrificed.

      I think the concept that the "People" have the right to get into your personal stuff, is just wrong. They can have a right to try, but they don't have a right to be successful nor have it made easy. That is not a cornerstone or proper foundation of a good society. And this is before the absolute power corrupts, politicians will abuse this, criminals will hack it, mistakes happen, and bureaucracy buries in "human problems" come along.

      • by tom229 ( 1640685 )

        The house is really really hard to break into. So the city council says that all builders that build in their district must provide a master key to be kept in a safe in city hall

        You've already misunderstood the issue just like 99% of the people moaning about this case. The warrant wasn't for Apple to hand over the keys to the castle, it was for them to simply assist the FBI. The two most popular pieces of misinformation in this case are that the FBI wanted a permanent backdoor into IOS, and that the FBI somehow wants to "outlaw encryption math" (seriously, that last one is that silly). All the FBI needed was an easy way to disable the self destruct runtime process that IOS uses fo

      • by MrKaos ( 858439 )

        I am sorry, but you are severely lacking in the technical knowledge of how these things work. AND you got modded a +5-Interesting on Slashdot of all places?

        See here [slashdot.org] for my qualifications. Perhaps they knew more than you and who ever modded you up.

        Clearly there are a lot of folks that think in a similar vein... else I guess this would have been a open&shut case.

        I know you haven't made a conscious misrepresentation of the argument, however it is a mis-representation of the argument all the same. The myth is that this entire fiasco is about access to your encrypted phone, but it's also about the unencrypted data products it produces.

        I will try to dumb it down for you in non-IT. Sorry if I am coming off mean, but that is my emotion right now on your "technical solution" to a human problem.

        Well, I'm not a cryptographer however I have enough experience in the field to know that I prefer creating something and that security work is a

    • by SpiceWare ( 3438 ) on Friday April 08, 2016 @09:20AM (#51867567) Homepage

      Third party keys are never safe, here's two real-world examples:

      The $8 key that can open New York City to terrorists [nypost.com]

      Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos [wired.com]

      For digital keys all that needs to happen is the bad guys to identify who has access to them then kidnap their family members - "give us the keys or your daughter dies".

    • The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*.

      No, that's complete and total bullshit, and you're demonstrating that you, just like apparently politicians, either don't understand the technology involved, or just don't give a damn whether it actually works or not. You cannot have a 'backdoor' into an encryption algorithm, not in any way, shape, or form, without rendering that algorithm completely and totally compromised. There is NO EXCEPTION to this. ANY so-called 'backdoor' can and will be exploited, sooner than anyone would think. Even if it wasn't s

      • by MrKaos ( 858439 )

        The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*.

        No, that's complete and total bullshit, and you're demonstrating that you, just like apparently politicians, either don't understand the technology involved, or just don't give a damn whether it actually works or not.

        You guys keep missing the point which is *A WARRANT* should be the first requirement to even access the encrypted information.

        You cannot have a 'backdoor' into an encryption algorithm, not in any way, shape, or form, without rendering that algorithm completely and totally compromised. There is NO EXCEPTION to this. ANY so-called 'backdoor' can and will be exploited, sooner than anyone would think.

        I know, did I say it was your encryption keys. I am not suggesting backdoors, I am suggesting that they get a warrant and adhere to due process.

        Even if it wasn't somehow exploited by criminals and/or terrorists,it would inevitably be misused by the powers-that-be to violate the privacy of citizens who have neither broken any laws nor intend to break any laws.

        Explain that to the telecommunication companies that have to maintain an unencrypted database of your online activities. How will you protect access to that data?

        Why do you hate America so much that you would want this, then?

        I don't hate America at all, Americans are my friends. I love freedom and democr

    • by Agripa ( 139780 )

      The issue is here, that they just want to have access to peoples communications without a warrant, which is a violation of privacy no better than any other garden variety black hat access.

      If they cannot get access to people's communications without a warrant, then what would be the point?

      That is how it works without encryption.

  • by supernova87a ( 532540 ) <kepler1@NoSpaM.hotmail.com> on Thursday April 07, 2016 @08:33PM (#51864987)
    I am really looking forward to reading the legislative drivel that comes out of these Senators' staffs' iPads just one month after this single news story broke.

    I'm sure that these smart Congressional interns will easily be able to understand and improve upon the original All Writs Act that the Founding Fathers came up with, after years-worth of thought and debate among the intellectual giants of that age.
  • Feinstein is evil (Score:5, Insightful)

    by dbc ( 135354 ) on Thursday April 07, 2016 @09:19PM (#51865251)

    Why is it that everything I hear from Feinstein is anti-liberty, anti-individual, and pro-goverment-power? She is the modern poster child for exactly the kind of person that the founders fought the revolution in order to rid themselves of. Be gone, you power-mad, anti-liberty, disaster of a legislator.

    • Why is it that everything I hear from Feinstein is anti-liberty, anti-individual, and pro-goverment-power? She is the modern poster child for exactly the kind of person that the founders fought the revolution in order to rid themselves of. Be gone, you power-mad, anti-liberty, disaster of a legislator.

      All that you said is true, yet she is still alive, so clearly people don't care that much.

      If they did, someone would either have run her out of office, or simply shot her.

      • by Holi ( 250190 )
        Maybe it's because Americans don't know what it is like to truly live under a tyrannical rule as we really don't, and while or government does like to test (and break) the limits the Constitution places on them, it does not oppress the people com[pared to what true tyrants and dictators have done in the past. Do you really think your life would get better if you overthrew the US Government?
        • Do you really think your life would get better if you overthrew the US Government?

          In the short term? No.

          In the long term? Yes.

          That being said, I don't yet think that overthrowing them is required. It may come to that, but I'd much prefer a peaceful solution.

        • by nbauman ( 624611 )

          Maybe it's because Americans don't know what it is like to truly live under a tyrannical rule as we really don't, and while or government does like to test (and break) the limits the Constitution places on them, it does not oppress the people com[pared to what true tyrants and dictators have done in the past. Do you really think your life would get better if you overthrew the US Government?

          Sounds like you're not in one of those groups who have been oppressed in the US just like the way tyrants and dictators have done elsewhere. Like black people http://www.theatlantic.com/mag... [theatlantic.com] or Communists https://en.wikipedia.org/wiki/... [wikipedia.org] https://en.wikipedia.org/wiki/... [wikipedia.org] or socialists https://en.wikipedia.org/wiki/... [wikipedia.org]

      • As it has been apparent that voting does not work anymore with the bribery^HHH lobbying and crazy district lines that make it impossible to vote someone out, we need more of the shooting to straighten out these congress scum. When they break the constitution so frequently but have no repercussions, we need some vigilante justice to fix things. The first 3 boxes have failed, time to move on to the ammo box.
  • by argumentsockpuppet ( 4374943 ) on Thursday April 07, 2016 @10:27PM (#51865455)

    There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.

    I see two, or maybe three levels to this game:
    What if done correctly? (-ish)
    I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.

    In short it is possible to do dual access securely, but the other question is what the result of such control means. Is it better for the public, better for the country, better for you?

    Why do they want you to think this is what is going on?
    I don't believe encryption has been broken. The math is too strong. The technology required to brute force a crack of the encryption is decades away optimistically, perhaps impossible. However, the ability to compromise the apps and updates installed on active suspects' phones isn't nearly as unattainable. If the FBI, NSA or DHS wants to monitor your activity they don't need to crack the encryption, just get the phone manufacturer to sign a compromising piece of software you already probably automatically trust. The simple fact is that if you're a suspect and you've allowed any app or update then you're probably already compromised. They'd rather you didn't know that. I'm not sure I want you (the potential criminal or terrorist) to know it, but I believe truth is vital even if if it isn't comfortable.

    What if it is worse?
    Lets assume it is worse than we guess. Perhaps secret letters and secret courts have already done such a thing. The recent farce with the FBI vs Apple could be just that, a farce. It could be a deliberate public show (the FBI insisted it be public instead of secret as requested by the Apple) designed to keep people from considering how comprehensively the privacy of the average citizen has already been compromised. Consider the possibility that everything you or your family does with a mobile phone is already available to law enforcement at will.

    • It has never been about whether it is technically possible. It is all about competence and the complete lack of trust in those that possess that access, They have been repeatedly shown to abuse every privilege they have, why would anyone think this would be any different?
    • by tlhIngan ( 30335 )

      I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control

      • This is exactly the myth I was referring to. Your comparison to the TSA keys would make sense only if each suitcase had a different and unique key that the TSA could only get if it had three different organizations provide their part of that secret unique key for that specific suitcase.

        Like so many people, you're assuming that the government would control one key which could unlock all phones. That's exactly wrong. The government wouldn't control a key, or even half a key, but at most one third of a key, an

        • So your proposing the government keep databases of billions of keys spread across multiple agencies and you someone think this won't turn into a huge fucking security disaster?
          • There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.

            So your proposing the government keep databases of billions of keys spread across multiple agencies and you someone think this won't turn into a huge fucking security disaster?

            No, I'm not proposing that, as indicated in the first sentence of the start of this thread. In fact, assuming that we're discussing the bigger game and how the best way to manage multiple party access, I didn't even specify the government keep the whole keys:

            For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.

            You must have missed that sentence since it sounds like you were assuming I think that it is a good idea that the government has control of all the parts of any key necessary to unlock a phone.

            Nor did I suggest at any point that a disaster was anything

            • You don't seem to get it. It doesn't matter whether it is the FBI, CIA, Manufacturers or joe blogs in his basement that have part of the key. Eventually security is breached, eventually each of the parts of the keys will leak, each leak progressively makes the security weaker. You cannot eliminate the risk as the key risk is incompetent management of the keys and all parties from manufacturers to government have shown they are not competent at Security. The most likely security disaster is NOT that the keys
              • You're the one who isn't getting it. You're fighting the wrong battle, and even if you could win, you're losing the war.

                Every person who relies on this "can't be done securely" argument is helping the government case.

                When you rest your argument against government interference in encryption on the idea that it can't be done securely, all it takes is one reasonable method convincing legislators that your argument is completely invalid. The way I've outlined is what I consider a best case scenario out of dozen

                • Five years from now, Apple and Google will produce phones and push updates so that every phone is encrypted with keys that Apple or Google controls. People won't stop buying iPhones or Android phones.

                  Wow. I so hope I'm wrong. </crying>.

                • your living in a dream land. You did NOT outline a reasonable method to make it secure at all, unfortunately you obviously have very little background in the way of security and it is tainting your view of reasonable. Five years from now neither Google nor Apple will have anyway whatsoever to access your phone, if they don't go this way then they will be replaced by foreign companies who don't have to contend with such insanely insecure ideas. How many emails do I receive that are signed and encrypted secu
    • "I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you ..."

      Just imagine how you would do it for PGP or SSH. Oh, you want to generate a new key? not permitted. You need to go to the DMZ, pay $50 and talk to their crypto people and they'll issue you your public/private pair and submit the backdoors to the appropriate government agencies.

      I guess you could have a master crypto library with a master key

      • I was talking solely about OS encryption, partly because that seems to be the focus of legal discussions, but also because application level encryption is a much lengthier and undeniably messy discussion.

        Open source software makes most of the rules lawmakers might try to impose pointless. Further, even if they did manage to impose some sort of rule, the ability of people not subject to the jurisdiction of the lawmakers to implement good cryptography in their applications goes unabated. It makes the

  • The White House declines to publicly support the bill during an election year you mean.
  • What does the government do when end users install open-source, encryption-enabled communication software, and there's no company to sue? Will they outlaw the mathematical formulas that enable encryption?
  • The draft text will give judges authority to order tech companies to help law enforcement when asked to

    And the summary uses the phrase "judges order tech companies to break encryption". I don't know which one of these idiot "tech websites" started this rhetoric, but it's getting really annoying. I can't figure out if they are willing Apple propagandists, or just completely retarded.

    Good encryption can't be broken - It's a mathematical algorithm. What this bill is talking about is a warrant to get around security measures. Apple's idiotic anti-theft kill switch (that was also mandated by a nanny-state law

  • I really think giving the courts so much power is a mistake. The law is not some special thing of such imporance that it always needs enforcement. The courts view into private matters really is too pervasive and too powerful.

    Courts powers need to be extremely limited. The only people that should have no ability to hide anything from courts is the government itself. So maybe they should ammend all writs to only apply to writs where the subject is the government itself.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...