Senator Asks FBI Director To Justify His 'Ill-Informed' Policy Proposal For Encryption

In a speech earlier this month, FBI Director Christopher Wray said the inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue." He proposed that Silicon Valley companies should add a backdoor to their encryption so that they could both "provide data security and permit lawful access with a court order." One person is not amused by Wray's proposal. Senator Ron Wyden criticized Wray on Thursday for not consulting him before going public with the proposal for encryption. Wyden said today, via Gizmodo: Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.

[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.

Before anyone blames KKKonervative$

[mi]

I'll just leave this [wikipedia.org] here [epic.org].

The problem is not at all new, and the Senator is right to allude to the Lawman's predecessors.

Re:Before anyone blames KKKonervative$

[Gaxx]

Yes - both parties have been pretty bad on the issue. Nice to see that _someone_ is taking it seriously and listening to the experts, though :)

Wyden was always reliable on this

[Xenographic]

Wyden was always reliable on this sort of issue. If you search his name, you'll see a lot of past stories not unlike this one on various encryption or privacy issues.

We could use more people in Congress like him.

Re:

[EndlessNameless]

Oregon is already electing competent Senators. Well, at least this one---I don't know about their other guy.

We need more tech-literate voters and advocates in other places. It takes 50-60 Senators to pass a good law.

How is China solving this dillema

[goombah99]

Not trolling. Serious question. Different states have different policies and it seems likely have acceptable outcomes in their respective societies. North Korea allegedly is the worst, with the mandated document editors saving copies of, and watermarking everything you write. But even in the US we've lived with having all printers watermark all documents (why you run out of yellow ink so fast) as well as PRISM and other data slurps. On the flip side law enforcement has had to confront cryptography for

Re:How is China solving this dillema

[Anne Thwacks]

The key difference is ubiquity and the accessibility to the tools by a non-expert.

Nope - the key difference is whether your government is into control freakery.

Uncrackable encryption is available to anyone who bothers to ask, and has been since before the invention of paper. Anyone can create completely uncrackable one-time-pad based systems with a pencil and paper and the use of a few brain cells. Steganography was known to ancient Greeks, and plenty of ancient codes have still to be broken.

I bet there are quite a large number of languages in regular use that no-one in the CIA, FBI or TSA can speak. It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't. Mandating buckets with holes in is not going to eliminate theft of liquid either. Sometimes you will have to do detective work to solve crimes but "You can't win them all". Mandating that everyone writes all their thoughts in a placard and holds it above their heads at all times won't stop people from lying. Hell, nothing stops politicians from lying. And there is clearly no limit to stupidity.

Re:

[gnick]

It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't.

Rot13? [decode.org] Vs gurer'f n GYN gung pna'g penpx Ebg13, fbzrguvat vf irel jebat.

Re:

[AmiMoJo]

You have to remember that most criminals are not particularly bright. How often do you hear that they were scuppered by posting incriminating photos on Facebook, or using the phone they just stole without wiping and disabling "find my phone"?

They probably don't realize that WattsApp is encrypting their messages, or that the NSA is trying to read them. They only become aware when they get arrested and they find that the police can't get past the unlock code on their iPhone.

So from the FBI's point of view if

Re:

[aaarrrgggh]

You also have to remember that most people are not criminals, and are unlikely to be investigated for a crime (presuming proper due-process), as they are unlikely to be the victims of a crime for which evidence from a phone is likely to make a difference to their outcome.

Well but then

[fyngyrz]

You have to remember that most criminals are not particularly bright. How often do you hear that they were scuppered by posting incriminating photos on Facebook, or using the phone they just stole without wiping and disabling "find my phone"?

Yes, you hear about those.

It's the ones you don't hear about that aren't dumb.

Re:

[Blymie]

In the old days, people didn't use the phone or mail to communicate illegal intent or ideas. At least not even the dumbest of crooks.

Which left voice. In person.

Yet astonishingly, people were caught for all manner of illegal acts. Again and again, courts were full of crooks in trial -- and yes, prisons had people in them.

Now fast forward. Suddenly, it's only possible to catch crooks with encryption. Eh? What? Say again?

It's all about dollars. About the big buckaroo. About how much you spend on law

Re:How is China solving this dillema

[TheRaven64]

One-time pads are not really feasible. An earlier Slashdot post suggested not thinking of one-time pads as encryption, but as a way of time shifting use of a secure channel. If you have a secure channel now over which you can distribute n bits of data, then you can distribute an n-bit one-time pad and then later you can use an insecure channel to send an n-bit message securely. Having to distribute a key as long as a message is not very easy, and the requirement that the pad be generated with a cryptographically secure random number generator makes it a bit harder.

That said, algorithms like RSA and AES are pretty simple to implement. Most of the attacks on implementations of these have been timing vulnerabilities (requiring an attacker either on the same machine or very close on the network), or attacks on incorrect use of the crypto primitives in more complex cryptosystems. You can take the code examples from Applied Cryptography, change the #defines to give you longer key lengths (many of the examples use insecure key lengths to avoid export restrictions), and you've got an implementation of a secure algorithm. If you're encrypting offline and exchanging messages via some channel where an attacker has no control over or visibility of your timing, it's probably secure.

Re:

[AHuxley]

One time pads used once will be secure. That gives the needed privacy.
One time pads only fail is they get reused due to the amount of data needing to be sent.
Spies having full past plain text messages on them when captured due to they way they learned to decode and encode.
The problem is not getting found using a communications network i.e. anonymity. The number station works well one way.

Re:

[TheRaven64]

Please will you point out anything that I've said that is incorrect and why? Also, who on earth do you think would pay someone to point out the limitations of one-time pads?

Re:

[bluefoxlucid]

That's a book cipher. Book ciphers use widely-available books or else are prone to discovery by the fact that people involved own an obscure book. The use of a widely-available book makes it easy to get a hold of the source material; however, it also means you have a small number of books from which to select, making computerized brute forcing feasible.

Periodicals are even worse: magazines have limited distribution area, and outside that area are specialty items. In applications requiring high-securit

Re:

[bluefoxlucid]

Not really. You've already identified a human target. You can monitor them, yet not come across decoded messages. It's comparatively-easy to discover they're never without access to (or keep referencing in public libraries) a certain book or periodical. If it's not on your common list, it goes to the front of the line for potential book cipher cryptanalysis.

Re:

[gtall]

Congratulations on your use of SneakerNet to securely distributed your one-time pads. Don't trip now, you wouldn't want to spill any.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Bob the Super Hamste]

The TSA has backdoors in luggage locks.

Sounds like a good reason [wonderhowto.com] for not allowing backdoored encryption.

I always just use zip ties, because then I will know that they where in there.

I really hope you are joking [wonderhowto.com].

Re:

[HornWumpus]

Not all printers. EFF maintains a list. Reward OKI for their finger to the NSA. Don't buy from collaborators.

Re:

[AHuxley]

By recovering the keys from anyone offering a telco product on their networks.

Re:Before anyone blames KKKonervative$

[Rick Schumann]

As I just said to someone else: sadly typical law-enforcement type: obsessed with control, doesn't want silliness like 'civil rights', 'human rights', or 'common sense' getting in the way of controlling everything 24/7/365.

Re:

[DaMattster]

As I just said to someone else: sadly typical law-enforcement type: obsessed with control, doesn't want silliness like 'civil rights', 'human rights', or 'common sense' getting in the way of controlling everything 24/7/365.

Well said, sir! I could not agree more.

Re:

[Rick Schumann]

To be fair, I should also say: Not all law enforcement types are like this, it's just what's (sadly) typical of the breed. It's not that being in law enforcement creates this type of person, it's that it attracts this type of person. They try to screen them out, but they have a way of hiding their natural tendencies.

Re:

[Blymie]

Also -- many of such obsessive types MEAN WELL. They see short term, not long term, and it PAINS them that those that they know are guilty, might get off. Even for a second. Their risk assessments are also way out of wack, seeing small issues as MAJOR HOLY HELL! issues, where the entire planet will explode because one person got away.

In such a scenario, tossing the bill of rights, ignoring or destroying individual rights is 100% secondary to the fact that someone GOT AWAY WITH IT! In their mind, they're

Re:

[Rick Schumann]

Well, you know what they say: nothing more dangerous than a 'true believer'.
It's often the case that people who know in their heart-of-hearts that they're 100% right who commit the worst atrocities, cause the most damage.

Re:

[HiThere]

Sorry, but I *will* blame those folks currently calling themselves conservatives. (I deny that they have any right to that name.) This doesn't either mean or imply that they are alone in this evil idiocy. As you point out, they aren't. But that doesn't let them off the hook for complicit behavior. One can point to an entire series of control freaks of both the left and the right (mainly the right, even in leftist controlled administrations, but definitely not solely of the right).

Read "The Authoritaria

Re:

[BronsCon]

Laws do make reality happen; the math you're referring to is documented as... mathematical law. Of course, when two laws are in conflict, only one of them can make reality and, well, some laws (mathematical laws in this case) fare a bit better in that respect.

That is, laws the universe writes will always trump laws we write. Which, if I may venture off-topic briefly (I'll bring it back home, don't worry), is why gun control laws don't work; the universe has already dictated that, as long as they exist and

Re:

[HornWumpus]

Making a third copy of a one time use pad and giving it to the cops is workable encryption with a workable backdoor (it's as secure as the pads are).

But fuck the feds with a rusty pipe anyhow. Even if it's possible, it's not a good outcome.

Re:

[BronsCon]

That works for one specific type of encryption. In fact, it works for a (relatively speaking) somewhat uncommon type of encryption; we don't have a good way to securely distribute pads to a large number of entities we might want to securely communicate with so, for example, SSL and TLS (think HTTPS) don't use one time pads. For the types of encryption commonly used by the vast majority of the population on a daily basis, whether or not they're even aware they're using it, it simply is not mathematically pos

Re:

[HornWumpus]

I was addressing this: the universe has decreed that no mathematically sound encryption can have a workable backdoor

Not true, but not relevant.

Pads are ancient 'strong encryption'. They existed at the time the constitution was written. Fuck the feds.

Re:

[pnutjam]

Wow, you are so insightful.

Tell me please, how does one gun compare to an army? Is it useful against them? How many can you hurt before it is neutralized?

Now let's imagine a backdoor or "Master key". How many times can this be used before it is neutralized? How useful is it to one person against many?

Do you see the flaw in your argument, or are you too full on NRA kool-aid.

Re:Before anyone blames KKKonervative$

[Rakarra]

I remember GORE going to Oprah and stating that CLIPPER will STOP MOLESTERS and SATANISTS (remember that Satanists were a ****big deal**** and a moral panic in the late 90's. CLIPPER would STOP THEM).

Well I haven't heard much about ritual satanic abuse recently, so it looks like Clipper caught the abusers. Who's laughing now??

Re:

[RoccamOccam]

the Republican challenger will say that the baby killing Democrat who is beholden to Nancy Pelosi ...

I'll just leave this here: The House of Representatives has just voted to pass the Born-Alive Abortion Survivors Protection Act, by a vote of 241-183. Every Republican representative voted in favor of the bill, and all Democrats voted against it, with just six exceptions [nationalreview.com].

Score

[DontBeAMoran]

Senator Ron Wyden: intelligent and well-informed
FBI Director Christopher Wray: either imbecile and/or not to be trusted

Probably the Latter

[RumGunner]

Shady as heck, preying upon the fears of those poor uninformed politicians! That's so mean!

Re:

[gtall]

Yes, but so far he's resisted pressure from Trump and his oompa-loompas to fire lower level people. Wray is going to retire soon, it will be interesting (or disheartening) to see who is the successor.

Re:

[Rick Schumann]

Not imbecile or untrustworthy, at least not in the way you might mean; he's just (sadly) typical law enforcement type: obsessively wants to control everything and everyone around him, regardless of silly inconsequential little things like 'civil rights' or even 'human rights', to the point of throwing common sense out the window.

Re:

[HornWumpus]

How is that not untrustworthy in every sense?

Re:

[HiThere]

Well, if you can predict his opinion, then in a sense he's trustworthy. You may not like what you can trust him to do, but that's, technically, a different matter.

Re:

[amiga3D]

Don't worry, Wray is about to be fired from his job on The Apprentice-White House Edition.

Spot fucking on.

[rogoshen1]

As a republican living in OR, thank you Mr. Wyden. I wish more of legislature had an iota of common sense and understanding relating to tech before shitting out half-assed regulation with absolutely no care taken to unintended consequences.

We should be more focused on keeping the pigs honest than catching the *incredibly* rare bogeymen.

Re:

[PoopJuggler]

Wyden is a Democrat.

Re:

[grasshoppa]

And?

Sadly, common sense and intelligence is a rare enough trait that it should be celebrated whenever and where ever it's found.

I hate all politicians, but I appreciate this particular one's stance on this particular issue.

Re:

[gtall]

That fellow Kennedy from La. nailed el Presidente Tweetie's court nominee (one of the lessor courts) when the nominee couldn't answer legal questions posed by Kennedy. The nominee withdrew in shame.

Re:Spot fucking on.

[Strider-]

Ahh, but some people, of which I presume rogoshen1 is, realize that people from the other side of the aisle aren't always the enemy, but can in fact do things that you like. It's not "Us" vs "Them" it's all "Us" just that we may not agree 100% with some of the othe othe rparts of "us"

Re:Spot fucking on.

[Tailhook]

thank you Mr. Wyden

I'm much less impressed with this. Wyden has as a premise that a backdoor is legitimate if only the mechanism can be made secure. Wyden does not assert that we are supposedly free people and may use whatever algorithm we wish, but that they should have such a backdoor capability once they can convince him that their backdoor can't be exploited.

Re:

[SecurityGuy]

It's a start, though. It's a short step from that viewpoint to "no backdoor can be made secure" to "I guess we shouldn't do that."

Just out of curiosity

[rsilvergun]

what makes you stick with the Rs? They've been pushing the 'Tough on Crime' / 'Think of the Children' agenda for ages. Sure, Clinton (Bill) pushed it too, but largely to court Republicans. While I'm not saying the Dems are saints I think it'd be much easier to purge and/or marginalize the corporatist schelps & authoritarian types from their party than the Rs.

Hide data on FBI phones!

[Fringe]

Given that the FBI can't even track down messages sent between their own agents that they were required to "compliance" and archive, I'm not sure how encryption can add more difficulty. They've got a Keystone Cops vibe going there.

Senator

[ragnar_ianal]

Can we mod this senator up?

Re:

[dgatwood]

As a Californian, any chance we could steal him as a replacement for Feinstein?

coming soon, the Hoover retort

[cas2000]

In a few weeks, an avalanche of dirt (both true and untrue) from "anonymous whistle-blowers" about this Senator Wyden will start mysteriously appearing in news stories all over the country.

They'll continue at least until he resigns in disgrace, is imprisoned due to the absolutely totally not photoshopped(*) donkey-fucking kiddie-porn incest home movies, or commits suicide.

(*) The FBI have access to far better software than photoshop.

Some faith in humanity restored!

[Rick Schumann]

Well, then, there's at least one Congresscritter in our government who has a working brain! Who knows, maybe he can educate the rest of them?

Wyden for President!

[TheFakeTimCook]

I don't know anything about this Senator; but on this one topic alone, he would have my vote!

I'd suggest we all write him and thank him for his courage and intelligence...

https://www.wyden.senate.gov/c... [senate.gov]

Re:

[DaMattster]

I am glad that Wyden had the courage to call out the crap that the FBI has been spewing.

Re:

[TheFakeTimCook]

I am glad that Wyden had the courage to call out the crap that the FBI has been spewing.

Me too!!!

Re:

[Xenographic]

Surprised you don't know his name, Wyden has always been good on issues like encryption and is too often one of the very few voices of reason in Congress on some of these issues.

Re:

[TheFakeTimCook]

Surprised you don't know his name, Wyden has always been good on issues like encryption and is too often one of the very few voices of reason in Congress on some of these issues.

I have probably heard his name before, but before this article, it didn't "register".

Re:

[swell]

Or try this edress from http://hrlibrary.umn.edu/peace... [umn.edu]
wyden@teleport.com

They only respond to constituents in Oregon.

Sadly, comedian and senator Al Franken, D-MN, who is tech savvy, is no longer able to speak for justice on the Hill.

Re:

[dgatwood]

Depends on the issue and the position. Someone taking a position based on an emotional reaction, in ways that try to invoke an emotional reaction in others, is likely to be a manipulator. Someone taking a position on logic, and doing so in ways that are designed to get people to not react emotionally and to think before they pass laws, is likely to be a good legislator.

So strange

[Anonymous Coward]

It just hit me that one of the reasons this story is so strange, is that someone in government (who is this Senator Wyden?) is treating the situation in a way that you might expect from an adult. I'm not used to this.

Are we sure he's a Senator from a state in America? I don't want to later find out that Oregon is a place in Wales or something like that.

Re:

[clovis]

Most legislators are indeed like Ryden. That's why you've never heard of them.
No thanks to CNN, FOX, and their ilk for only quoting the spewings of the ones who are clowns.

Re:

[gtall]

Wyden is fairly well-known.

Junk gov encryption won't walk out the door?

[AHuxley]

What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?
They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.
Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.
If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.

Dont tell anyone the FBI has the keys, ever.
Build up a voice print database and cell phone ID matching system within the FBI. Stop using other agency/teloc/contractor support within the USA. Too many ex and former workers who might have gov methods to sell to keep track of.
Start investigations internally but always have another reason for lawyers, FOIA, human rights groups, mid and low ranking cult members, faith groups, corrupt military/police to guess at. Informers, witnesses, luck, past investigative work. Anything to keep the interesting people guessing and talking as to FBI skill sets and methods.
The bad people do not need to know the FBI has their conversations, voice prints, locations, files.
Let the bad people keep trusting their computers, cell phones, big brand junk crypto.
Ensure criminals feel confident to keep talking to their friends and with corrupt people in the military/police/gov/big brands/telcos.
Suggest to the media and lawyers that every next generation of computer and cell phone is very/too difficult for law enforcement.
Once bad people know the backdoor exists in every gen of cell phone they can just stop using that live mic and GPS they carry around.
They can return to community, faith, their own networks.
Consider how the GCHQ worked in Ireland to stop the flow of support entering Ireland. Lots of interesting people had a theory but nobody worked out the methods used to track interesting people, support moving, funding globally.
If the crypto is junk, don't tell the world, use the data gathered and win.

Re:

[eth1]

What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?

They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.

Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.

If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.

It won't even last that long. Most likely someone involved in building said back doors will release the info before it's even live just to kill the whole thing before it starts.

Re:

[AHuxley]

Think of the new buddy system trying to stop the keys from been copied and walked out....
The polygraphs and investigations of the contractors trying to work on the crypto backdoor for the US gov.
Once the US telco keys are in the wild it will be a
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/... [wikipedia.org]–05
SISMI-Telecom scandal https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[DaMattster]

Well that made a whole lot of sense .... NOT!

Re:

[sconeu]

Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.

They're so cute when they're naive. You think that the Feds will use the backdoored encryption?

Re:

[AHuxley]

Re You think that the Feds will use the backdoored encryption?
Just find who has that not 'backdoored encryption". The consumer systems/networks will decrypt once the keys are in the wild.
If the gov/mil encryption holds and all surrounding consumer junk is decrypted? Thats all that is needed to track gov/mil.

And three tweets back...

[Trailer Trash]

He's talking about "baseless attacks on professional law enforcement", "professional law enforcement" being the FBI in this case.

https://twitter.com/RonWyden/s... [twitter.com]

I can personally reconcile those two things, but the optics aren't good. I know the response: "But my attack wasn't *baseless*." Okay. The problem is that it's a matter of opinion.

Re:

[oh_my_080980980]

Actually it's a matter of fact.

"Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers."

"Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely."

"I would like to learn more about how you arr

No one is saying that it doesn't weaken it

[Nukenbar]

The FBI is saying that the public law enforcement need justifies weakening already strong encryption.

Though others will disagree that encryption should be anything but the strongest available.

Re:

[cascadingstylesheet]

The FBI is saying that the public law enforcement need justifies weakening already strong encryption.

Though others will disagree that encryption should be anything but the strongest available.

Precisely. It's a political decision (meaning, one that we resolve peacefully through our elected representatives), not a technical issue per se.

Technical details, yes, bring on the tech experts. Deciding which trade-offs to make, well, that's what the political system is for.

what will happen in a month?

[v1]

It looks like the senator gave him a month to dig up an excuse, and left him with very little wiggle room. It's nice to see a tech-savvy representative, and specifically one that knows how to close all the escapes at the same time to speed up the process. I'm sure the director would love to be able to stall for 30 days and then step back up into the light and kick the can down the road another 30 days, but I don't see that happening this time.

He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter. (though in this case it's almost certainly coming down to just doing specifically what he's been told to do, more of a "trump by proxy" move) It's rather irritating to see we've set things up so that certain people can't make certain rules, but then we go and let them replace the person responsible for that rule with someone that will do whatever they tell them to - it defeats the purpose of the separation.

I'm also a little bit curious why I haven't seen this whole idea get compared with the TSA's baggage locks? Isn't that basically the same idea as this, though on a much more limited scale? Mandating a government back-door, and all the unintended as well as the widely-anticipated problems that you get as a result?

Re:

[cascadingstylesheet]

He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter.

It's at least partly a political question though, not just a technical question (I mean the whole issue, not the senator's question).

Fire exits make stores less secure, for example, but we still require stores to have them.

Now if this requires the director to be explicit about the tradeoffs, fine.

Re:

[gtall]

No, he'll simply ignore Wyden. Unless Wyden comes back with a subpoena which would have to come from the entire Committee, Wray will simply fade away when he retires shortly.
 

Acceptable losses

[rsilvergun]

That's all he needs to say. The damage from occasional breach by criminals will be dwarf by the gains from proper law enforcement. His arguments will be non technical. They'll pass the 'truthiness' test. Emotional if you will. To be honest such arguments usually win out in the end, if only because the people making them keep pushing for it.

This is so simple....

[wbr1]

If the authorities have keys to everyone's houses then you have:

1. Made the location of those keys a target for criminals with a huge payoff.
2. Made it easy for certain of the authorities themselves to abuse those keys for illegitimate purposes.

The sickening thins is that this is a bi-partisan issue, that BOTH sides have horrible track records for. It seems that privacy and security of their constituents takes a back seat to anything else. Wonder why that is.

Wyden's awesome!

[lkcl]

this guy's a hoot! look at the list - calling out the bullshit on so many topics, including pointing out the nonsense on industrial hemp being classified as a schedule 1 drug when there's BELOW 0.3% THC in it! i like this guy :) https://www.wyden.senate.gov/n... [senate.gov]

LOL Clipper Chip

[Jody Bruchon]

I guess this isn't the best time to remind Mr. FBI about the Clipper Chip near-disaster. The government though they'd force people to use backdoored encryption chips in the 90s that contained a "Law Enforcement Access Field (LEAF)" and it not only compromised security but the LEAF check hash was also easily spoofed [wikipedia.org] plus the Skipjack algorithm used was ripped to shreds by cryptography researchers pretty quickly after declassification. [wikipedia.org] Had we been forced to use the Clipper Chip, we'd have had a major security mess on our hands since it was practically a placebo at its one main job: security.

Partisans Attention

[31415926535897]

As a conservative, I stand with Democrat Ron Wyden in his position. And that fact made me realize something.

To liberals who often want to ban firearms: if you support Ron Wyden's reasoning about encryption, then please realize conservatives have been making the same arguments about firearms and the second amendment since forever. (e.g. if you ban strong encryption de jure, then only criminals will have strong encryption and that will be used against the average law abiding citizen).

To conservatives to often want the state to have strong enforcement powers: don't be hypocrites. If you support the FBI/NSA/CIA desires for compromised encryption for the effectiveness of law enforcement, realize that the same logic will be used against your second amendment rights.

We the people need to work together to make sure that the state doesn't abuse it's power, and this relates to encryption and firearms. Don't let the government use partisan politics to turn us against each other so that they can do as they please.

encryption is a 2nd Amendment issue

[Anonymous Coward]

First, just common sense, it is essential to self defense to have reliable encryption.

Second, the fed gov't already treats encryption technology like "arms" in some ways, i.e., export controls.

So NRA, where are you now? Why aren't you protecting our rights?!?!

Re:

[Gaxx]

Um... maybe to ensure that your bank transactions are kept secure such that those potentially snooping upon them can't follow up your legitimate transactions with ones that, for instance, move all of the money from your account to their own accounts?

I mean... just as a starter for 10...

Re:Encryption enables criminals

[Jason Levine]

Because encrypting also hides information from criminals. If I'm buying something online, I want to give my credit card information to that site, not the whole world. If the site encrypts the traffic, it can protect my data. If it doesn't, anyone can listen in and then charge items on my credit cards. (It gets worse if you need to use a site to submit more personal information like your social security number.)

If the authorities have a backdoor key, it's only a matter of time before the criminals get that key too. Even if we assumed the authorities had the purest of intentions (a HUGE assumption mind you), I would still want encryption without "police only" back doors to protect against malicious users abusing the back door.

Re:Encryption enables criminals

[Anne Thwacks]

If the authorities have a backdoor key, it's only a matter of time before the criminals get that key too.

I fully expect the bookies to take bets on whether the authorities lose the keys before the black hats find them. I am still considering my position on this one.

Re:

[HiThere]

Here's the problem with that bet:
How can you prove the source of the key.

Re:

[Luthair]

Don't forget if we're talking about communication the ideal is perfect forward secrecy [wikipedia.org] otherwise if master keys are compromised attackers (e.g. Russia, NK) who have stored past encrypted data have access to it all.

Re:

[AHuxley]

AC re 'criminals *will* have the backdoor key?"
SISMI-Telecom scandal https://en.wikipedia.org/wiki/... [wikipedia.org]
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/... [wikipedia.org]–05
Once that crypto walks out of the gov/mil, anyone can become a trusted part of a nations telco network.

Re:

[tietokone-olmi]

>Why do you assert that criminals *will* have the backdoor key?

Because the backdoor key will be tremendously valuable, someone with legit access will be corrupted into handing it, or access to it, over. Similarly, a software program that provides access to the backdoor will be copied and its accountability protections stripped because it's tremendously valuable to the NSA. And so forth.

The genie ain't staying in the bottle for two fucking days.

Re:Encryption enables criminals

[jellomizer]

One of the aspects of a free society, is the general concept of innocent until proven guilty. We encrypt in order to protect our information from bad actors. A government is managed by people not all of them trustful, so the government shouldn't get my data, unless absolutely needed say via a warrant. Because I am innocent until proven of a crime, so my encrypted communication shouldn't be considered anything nefarious until I am expected to be up to something concrete.

I expect for 99.99% of all encrypted data it is just information that isn't proof of wrong doing. But lets say this post from Jellomizer connects me to my boss who may disagree with such a position could get me fired, because my Point of view while perfectly legal may not be in sync with the company policy.

Re:Encryption enables criminals

[wonkey_monkey]

We encrypt in order to protect our information from bad actors.

Rob Schneider's always after my password!

Re:

[Fetko]

I'm sure this is a joke, but i'm hoping that it is literal and true.

Re:

[Anonymous Coward]

The issue (from the FBI's point of view) is they went and got the warrant, took your phone, and still can't read your data.
They want a backdoor so that once they take your phone they are able to read the data so that when they are allowed to do so they can.

And really that would be possible. The phone manufacturers could include a unique per device override pin that is burned into the secure enclave and works like the user defined pin. Then when the FBI gets the warrant they can also subpoena the override pi

Re:

[Rick Schumann]

Congratulations! You get the Low Quality Bait Award for the day!

Re:

[danbert8]

I just hope during a phone upgrade they don't lose the keys to the back door...

Re:

[HornWumpus]

This mess won't be fixed until the Ds also have a presidential candidate wiretapped during an election. They think like 5 year olds. Right now they think they 'got away with it'.

Give it 3-4 years until it's addressed.

Re:

[HiThere]

Try 15-20 years. And then it will be addressed because the problem is obsolete.

People are always looking for a short-term advantage even if the long term costs are higher than the short term gains.

Re:

[HornWumpus]

If it goes that long, we're as fucked as we would have been if Hillary had won (and the dirt never came out).