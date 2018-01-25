Senator Asks FBI Director To Justify His 'Ill-Informed' Policy Proposal For Encryption (gizmodo.com) 80
In a speech earlier this month, FBI Director Christopher Wray said the inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue." He proposed that Silicon Valley companies should add a backdoor to their encryption so that they could both "provide data security and permit lawful access with a court order." One person is not amused by Wray's proposal. Senator Ron Wyden criticized Wray on Thursday for not consulting him before going public with the proposal for encryption. Wyden said today, via Gizmodo: Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.
[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
I'll just leave this [wikipedia.org] here [epic.org].
The problem is not at all new, and the Senator is right to allude to the Lawman's predecessors.
Yes - both parties have been pretty bad on the issue. Nice to see that _someone_ is taking it seriously and listening to the experts, though
How is China solving this dillema (Score:2)
Not trolling. Serious question. Different states have different policies and it seems likely have acceptable outcomes in their respective societies. North Korea allegedly is the worst, with the mandated document editors saving copies of, and watermarking everything you write. But even in the US we've lived with having all printers watermark all documents (why you run out of yellow ink so fast) as well as PRISM and other data slurps. On the flip side law enforcement has had to confront cryptography for
Nope - the key difference is whether your government is into control freakery.
Uncrackable encryption is available to anyone who bothers to ask, and has been since before the invention of paper. Anyone can create completely uncrackable one-time-pad based systems with a pencil and paper and the use of a few brain cells. Steganography was known to ancient Greeks, and plenty of ancient codes have still to be broken.
I bet there are quite a large number of languages in regular use that no-one in the CIA, FBI or TSA can speak. It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't. Mandating buckets with holes in is not going to eliminate theft of liquid either. Sometimes you will have to do detective work to solve crimes but "You can't win them all". Mandating that everyone writes all their thoughts in a placard and holds it above their heads at all times won't stop people from lying. Hell, nothing stops politicians from lying. And there is clearly no limit to stupidity.
It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't.
Rot13? [decode.org] Vs gurer'f n GYN gung pna'g penpx Ebg13, fbzrguvat vf irel jebat.
You have to remember that most criminals are not particularly bright. How often do you hear that they were scuppered by posting incriminating photos on Facebook, or using the phone they just stole without wiping and disabling "find my phone"?
They probably don't realize that WattsApp is encrypting their messages, or that the NSA is trying to read them. They only become aware when they get arrested and they find that the police can't get past the unlock code on their iPhone.
So from the FBI's point of view if
One-time pads are not really feasible. An earlier Slashdot post suggested not thinking of one-time pads as encryption, but as a way of time shifting use of a secure channel. If you have a secure channel now over which you can distribute n bits of data, then you can distribute an n-bit one-time pad and then later you can use an insecure channel to send an n-bit message securely. Having to distribute a key as long as a message is not very easy, and the requirement that the pad be generated with a cryptogra
Not all printers. EFF maintains a list. Reward OKI for their finger to the NSA. Don't buy from collaborators.
AL GORE and BILL CLINTON were both ***HUGE*** supporters of CLIPPER! I remember GORE going to Oprah and stating that CLIPPER will STOP MOLESTERS and SATANISTS (remember that Satanists were a ****big deal**** and a moral panic in the late 90's. CLIPPER would STOP THEM).
Speaking of Supported Deception, do you know what they renamed Clipper after it was "shut down" in 1996?
Meltdown.
I remember GORE going to Oprah and stating that CLIPPER will STOP MOLESTERS and SATANISTS (remember that Satanists were a ****big deal**** and a moral panic in the late 90's. CLIPPER would STOP THEM).
Well I haven't heard much about ritual satanic abuse recently, so it looks like Clipper caught the abusers. Who's laughing now??
That is, laws the universe writes will always trump laws we write. Which, if I may venture off-topic briefly (I'll bring it back home, don't worry), is why gun control laws don't work; the universe has already dictated that, as long as they exist and
Making a third copy of a one time use pad and giving it to the cops is workable encryption with a workable backdoor (it's as secure as the pads are).
But fuck the feds with a rusty pipe anyhow. Even if it's possible, it's not a good outcome.
As I just said to someone else: sadly typical law-enforcement type: obsessed with control, doesn't want silliness like 'civil rights', 'human rights', or 'common sense' getting in the way of controlling everything 24/7/365.
Well said, sir! I could not agree more.
Re: (Score:2)
Um... maybe to ensure that your bank transactions are kept secure such that those potentially snooping upon them can't follow up your legitimate transactions with ones that, for instance, move all of the money from your account to their own accounts?
I mean... just as a starter for 10...
Re:Encryption enables criminals (Score:5, Insightful)
Because encrypting also hides information from criminals. If I'm buying something online, I want to give my credit card information to that site, not the whole world. If the site encrypts the traffic, it can protect my data. If it doesn't, anyone can listen in and then charge items on my credit cards. (It gets worse if you need to use a site to submit more personal information like your social security number.)
If the authorities have a backdoor key, it's only a matter of time before the criminals get that key too. Even if we assumed the authorities had the purest of intentions (a HUGE assumption mind you), I would still want encryption without "police only" back doors to protect against malicious users abusing the back door.
Sooner or later it will leak. See WannaCry and reason why Kaspersky was banned. Those issues were related to bug/tool leaks that were supposed to be very confidential.
I fully expect the bookies to take bets on whether the authorities lose the keys before the black hats find them. I am still considering my position on this one.
Re: (Score:3)
One of the aspects of a free society, is the general concept of innocent until proven guilty. We encrypt in order to protect our information from bad actors. A government is managed by people not all of them trustful, so the government shouldn't get my data, unless absolutely needed say via a warrant. Because I am innocent until proven of a crime, so my encrypted communication shouldn't be considered anything nefarious until I am expected to be up to something concrete.
I expect for 99.99% of all encrypte
Re: (Score:3)
We encrypt in order to protect our information from bad actors.
Rob Schneider's always after my password!
I'm sure this is a joke, but i'm hoping that it is literal and true.
The issue (from the FBI's point of view) is they went and got the warrant, took your phone, and still can't read your data.
They want a backdoor so that once they take your phone they are able to read the data so that when they are allowed to do so they can.
And really that would be possible. The phone manufacturers could include a unique per device override pin that is burned into the secure enclave and works like the user defined pin. Then when the FBI gets the warrant they can also subpoena the override pi
B-b-but we can *TRUST* the FBI!!! (Score:1)
The FBI is completely trustworthy and beyond reproach!
If the FBI says it's OK and won't be misused, by golly, they're right!
I just hope during a phone upgrade they don't lose the keys to the back door...
This mess won't be fixed until the Ds also have a presidential candidate wiretapped during an election. They think like 5 year olds. Right now they think they 'got away with it'.
Give it 3-4 years until it's addressed.
Thank you Ron. (Score:1)
Thanks Ron, seriously. Nice to see that not all politicians have lost their mind.
Score (Score:5, Insightful)
Senator Ron Wyden: intelligent and well-informed
FBI Director Christopher Wray: either imbecile and/or not to be trusted
Probably the Latter (Score:2)
Shady as heck, preying upon the fears of those poor uninformed politicians! That's so mean!
Yes, but so far he's resisted pressure from Trump and his oompa-loompas to fire lower level people. Wray is going to retire soon, it will be interesting (or disheartening) to see who is the successor.
Re: (Score:2)
How is that not untrustworthy in every sense?
Short-Term Thinking [Re:Score] (Score:1)
He's probably thinking short-term: kiss up to the current Boss T; and back-doors may be helpful to HIS job in the shorter term, with longer term consequences being somebody else's problem.
Unless, hackers crack the back-door quicker than he expects. Perhaps he's thinking he can then blame the product companies for "doing back doors sloppily". Thus, spin the breach as bad implementation, not bad law.
Those in higher positions are often pre
Don't worry, Wray is about to be fired from his job on The Apprentice-White House Edition.
Spot fucking on. (Score:4, Insightful)
As a republican living in OR, thank you Mr. Wyden. I wish more of legislature had an iota of common sense and understanding relating to tech before shitting out half-assed regulation with absolutely no care taken to unintended consequences.
We should be more focused on keeping the pigs honest than catching the *incredibly* rare bogeymen.
And?
Sadly, common sense and intelligence is a rare enough trait that it should be celebrated whenever and where ever it's found.
I hate all politicians, but I appreciate this particular one's stance on this particular issue.
Ahh, but some people, of which I presume rogoshen1 is, realize that people from the other side of the aisle aren't always the enemy, but can in fact do things that you like. It's not "Us" vs "Them" it's all "Us" just that we may not agree 100% with some of the othe othe rparts of "us"
Hide data on FBI phones! (Score:2)
Senator (Score:2)
coming soon, the Hoover retort (Score:2)
In a few weeks, an avalanche of dirt (both true and untrue) from "anonymous whistle-blowers" about this Senator Wyden will start mysteriously appearing in news stories all over the country.
They'll continue at least until he resigns in disgrace, is imprisoned due to the absolutely totally not photoshopped(*) donkey-fucking kiddie-porn incest home movies, or commits suicide.
(*) The FBI have access to far better software than photoshop.
Some faith in humanity restored! (Score:2)
It's probably a fluke. Something will restore order, or should I say, restore chaos.
"Pssst, nice brain you have there. It would too bad if something terrible happened to it..."
Wyden for President! (Score:4, Insightful)
I don't know anything about this Senator; but on this one topic alone, he would have my vote!
I'd suggest we all write him and thank him for his courage and intelligence...
https://www.wyden.senate.gov/c... [senate.gov]
So strange (Score:1)
It just hit me that one of the reasons this story is so strange, is that someone in government (who is this Senator Wyden?) is treating the situation in a way that you might expect from an adult. I'm not used to this.
Are we sure he's a Senator from a state in America? I don't want to later find out that Oregon is a place in Wales or something like that.
Most legislators are indeed like Ryden. That's why you've never heard of them.
No thanks to CNN, FOX, and their ilk for only quoting the spewings of the ones who are clowns.
Junk gov encryption won't walk out the door? (Score:2)
They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.
Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.
If that fails they will watch for nations the US trusts and get a copy for that n
What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?
They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.
Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.
If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.
It won't even last that long. Most likely someone involved in building said back doors will release the info before it's even live just to kill the whole thing before it starts.
And three tweets back... (Score:2)
He's talking about "baseless attacks on professional law enforcement", "professional law enforcement" being the FBI in this case.
https://twitter.com/RonWyden/s... [twitter.com]
I can personally reconcile those two things, but the optics aren't good. I know the response: "But my attack wasn't *baseless*." Okay. The problem is that it's a matter of opinion.
"Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers."
"Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely."
"I would like to learn more about how you arr
No one is saying that it doesn't weaken it (Score:2)
The FBI is saying that the public law enforcement need justifies weakening already strong encryption.
Though others will disagree that encryption should be anything but the strongest available.
what will happen in a month? (Score:3)
It looks like the senator gave him a month to dig up an excuse, and left him with very little wiggle room. It's nice to see a tech-savvy representative, and specifically one that knows how to close all the escapes at the same time to speed up the process. I'm sure the director would love to be able to stall for 30 days and then step back up into the light and kick the can down the road another 30 days, but I don't see that happening this time.
He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter. (though in this case it's almost certainly coming down to just doing specifically what he's been told to do, more of a "trump by proxy" move) It's rather irritating to see we've set things up so that certain people can't make certain rules, but then we go and let them replace the person responsible for that rule with someone that will do whatever they tell them to - it defeats the purpose of the separation.
I'm also a little bit curious why I haven't seen this whole idea get compared with the TSA's baggage locks? Isn't that basically the same idea as this, though on a much more limited scale? Mandating a government back-door, and all the unintended as well as the widely-anticipated problems that you get as a result?
This is so simple.... (Score:2)
1. Made the location of those keys a target for criminals with a huge payoff.
2. Made it easy for certain of the authorities themselves to abuse those keys for illegitimate purposes.
The sickening thins is that this is a bi-partisan issue, that BOTH sides have horrible track records for. It seems that privacy and security of their constituents takes a back seat to anything else. Wonder why that is.