Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government

A Quick Look At the Fight Against Encryption (linuxsecurity.com) 87

b-dayyy shared this overview from the Linux Security site: Strong encryption is imperative to securing sensitive data and protecting individuals' privacy online, yet governments around the world refuse to recognize this, and are continually aiming to break encryption in an effort to increase the power of their law enforcement agencies... This fear of strong, unbroken encryption is not only unfounded -- it is dangerous. Encryption with built-in backdoors which provide special access for select groups not only has the potential to be abused by law enforcement and government agencies by allowing them to eavesdrop on potentially any digital conversation, it could also be easily exploited by threat actors and criminals.

U.S. Attorney General William Barr and U.S. senators are currently pushing for legislation that would force technology companies to build backdoors into their products, but technology companies are fighting back full force. Apple and Facebook have spoken out against the introduction of encryption backdoors, warning that it would introduce massive security and privacy threats and would serve as an incentive for users to choose devices from overseas. Apple's user privacy manager Erik Neuenschwander states, "We've been unable to identify any way to create a backdoor that would work only for the good guys." Facebook has taken a more defiant stance on the issue, adamantly saying that it would not provide access to encrypted messages in Facebook and WhatsApp.

Senator Lindsey Graham has responded to this resistance authoritatively, advising the technology giants to "get on with it", and stating that the Senate will ultimately "impose its will" on privacy advocates and technologists. However, Graham's statement appears unrealistic, and several lawmakers have indicated that Congress won't make much progress on this front in 2020...

Encryption is an essential component of digital security that should be embraced, not feared. In any scenario, unencrypted data is subject to prying eyes. Strong, unbroken encryption is vital in protecting privacy and securing data both in transit and in storage, and backdoors would leave sensitive data vulnerable to tampering and theft.

This discussion has been archived. No new comments can be posted.

A Quick Look At the Fight Against Encryption

Comments Filter:
  • by DontBeAMoran ( 4843879 ) on Saturday January 11, 2020 @04:45PM (#59610380)

    You know when in movies, the general/whatever military/FBI/CIA top guy asks for something impossible?

    This is exactly what's happening here. Encryption is mathematics. You can't magically add "good guys vs bad guys" logic into maths. What they're asking for is impossible.

    And even if if were somehow magically possible, we all know that in the end "the good guys" would abuse this system 100% of the time, in 100% of the cases.

    • It is possible, most hard drive encryption systems have unlock schemes where multiple keys (multiple users) are present or where someone like a sysadmin has the key escrowed either into LDAP or a cloud system.

      The problem is the key eventually gets out. No government has been able to keep anything secret; it's why conspiracy theories about the moon landing and 9/11 are just that, the government can't do anything right even if they actively try to hide it, someone always blabs (eg Benghazi, the Bin Laden raid

      • by dryeo ( 100693 )

        OTOH, if there has been times the government has managed to keep a secret, how would we know?
        Some conspiracy theories are just stupid such as the Moon landing, others are questionable.

    • by swschrad ( 312009 ) on Saturday January 11, 2020 @05:33PM (#59610486) Homepage Journal

      Lindsay Graham is a perfect example of a knee-jerk know-nothing. toady. without John McCain to keep him in check, he'd make a great lieutanant in the Red Army, and wouldn't have to change his mind much to succeed.

      • by gtall ( 79522 ) on Saturday January 11, 2020 @06:12PM (#59610542)

        You speak as though Lindsay Graham has an independent set of beliefs which he changes depending upon which way the wind is blowing. He's a bit more feral intellectually than that. He doesn't have any beliefs whatsoever. He merely parrots what he thinks will advance his re-election. He has no reason for being re-elected other than he doesn't have anything else to do.

        He merely refracts Trump's mental zephyrs because he has no independent thoughts of his own. Trump does not have thoughts as such, he's quite animalistic in that he has very limited powers of reflection and has the attention span of a gnat. Whatever is fizzing in his brain at the moment comes out of his mouth or fingers. In that sense, he cannot be said to lie as he simply fails to comprehend a distinction between truth and falsity. There is no such dialectic within him when he see the world. Being so devoid of intellectual contemplation, it's no wonder he's such a TV and social media whore. Graham is even more totally without merit.

        • Unfortunately all of that is true of virtually every member of Congress and in fact of politicians generally. Mark Twain said it best: "Let us first assume that you are a member of Congress, and let us secondly assume that you are an idiot. But I repeat myself."
    • Re: (Score:1, Interesting)

      You can't magically add "good guys vs bad guys" logic into maths. What they're asking for is impossible.

      This is wrong. It is possible to create an encryption algorithm with more than one key. One key is for the user. The other is held in escrow by "the good guys".

      The problem is not the technology, but the fact that few people see "the good guys" as actually being "good". Many people don't even see "law enforcement" and "criminals" as disjoint sets.

      I have never been accused of a crime. But I was involved in a Federal criminal case as an alleged victim*. I dealt with several law enforcement officers. I w

      • by gweihir ( 88907 )

        There is also the problem that backdoors may get compromised by "bad" guys, and that keys may leak. I mean, the NSA was incapable of stealing of protecting its malware against being stolen, and it has done a ton of damage since.

      • by Aighearach ( 97333 ) on Saturday January 11, 2020 @06:42PM (#59610604)

        Dude, this is a conversation slashdot has been having since long before you signed up.

        And yet, you don't seem to even understand the basic points.

        The simple parts, like "you can't tell the good guys from the bad guys" your response is, "can too, you can just label each of them."

        Did you even consider reading what you reply to before replying? Or do you just click on something randomly before spewing a reply?

        You even sort of wander in the direction of what you're replying to when you say, "Many people don't even see "law enforcement" and "criminals" as disjoint sets." Well fucking duh, now keep that thought in your head while re-reading the claim, "You can't magically add "good guys vs bad guys" logic into maths." It isn't really that far of a walk for you to understand what is being said. If you'd try.

        • The simple parts, like "you can't tell the good guys from the bad guys" your response is, "can too, you can just label each of them."

          This reminds me of the very old Usenet proposals for female-only newsgroups, with appropriately labelled network packets.....

        • He probably wants to make use of TCP/IP's Evil Bit [wikipedia.org] proposal. /s =P

        • The simple parts, like "you can't tell the good guys from the bad guys" your response is, "can too, you can just label each of them."

          I disagree, and thing ShanghaiBill's point is valid. Indeed I made much the same point in another post in this thread.

          Perhaps it's just a disagreement on semantics. But I read many arguments against encryption which seem to imply that criminals, etc. (distinct from law enforcement) would be able to make use of the same "vulnerability". This is the case when the backdoor is the traditional cracker backdoor, or a software vulnerability. In those cases it's true that anyone could discover and use them.

          • Perhaps it's just a disagreement on semantics.

            The semantics is the meaning.

            What you're saying is that you want to be counted as being right, even if you're wrong.

            Everything substantive is semantics. The less relevant parts would actually be syntax. If you screw up the syntax, that's fine. We'll usually know what you meant. If you screw up the semantics, don't just wave your hands, go back and start over and try again.

            • Sigh. Way to be intentionally obtuse. When people say "it's semantics", they mean that perhaps we're simply disagreeing on definitions, which is not uncommon because English is imprecise. But if you're going to be an ass, I'm out.
              • No, that's a lie, you're just repeating it mindlessly without even thinking about what it means.

                And that isn't what people mean when they say it.

                If you actually disagree on definitions, you have to resolve that difference to communicate, that isn't something irrelevant that you would sweep under the rug.

      • by AmiMoJo ( 196126 )

        Can you name a practical crypto scheme that allows "good guy keys" and is actually secure?

        Say something that could be used for a SSH/HTTPS type connection or for end to end encrypted chat.

        No such scheme exists.

        • by tricorn ( 199664 )

          It doesn't matter if such a scheme exists. If messages can be decrypted by the government, it will inevitably be abused or exploited, AND it won't be effective, even if all other encryption is outlawed and all traffic is routinely decoded to make sure no one is using a non-sanctioned encryption method.

          Sending random numbers would have to be made illegal, so all formats (including compression) used to send data would have to be approved.

          And it STILL wouldn't stop properly done steganography.

          I do believe you

      • by Ape21 ( 6521208 )
        Do you just click on something randomly before spewing a reply? Say something that could be used for a SSH/HTTPS type connection or for end to end encrypted chat. No such scheme exists. https://decorgully.in/home-dec... [decorgully.in]
    • by gweihir ( 88907 )

      Also, the unified front that tech companies offer to this strongly suggests that they at least understand the reality of the situation. The politicians obviously do not. Why do we think we can afford "leadership" that has no clue how things work and is incapable to actually listen to experts?

      Also, authoritarians (the most dangerous type of human, an absolute destroyer of society if not kept carefully under control) are always convinced they have all the answers and understand everything. Kind of a Dunning-K

    • It’s disingenuous to keep parroting the line that encryption must be algorithmically weakened or “backdoored” so law enforcement can get their snoop on.

      As others have already mentioned, the key/password to decrypt can be duplicated and held by more than one entity. The legislators aren’t as stupid as you think, and we’re going to end up facing the figurative “$5 wrench” scenario (you will provide a copy of the password, by force of law), if this isn’t fought

    • It is worse than that; there isn't even a "fight." Almost everybody that would need to agree with them in order to try to do the thing are already on the other side. The thing can't be done, and there isn't any fight over it. There are just some angry old men who continue to shout at the clouds about it, and some of them also have some role in government.

    • I had a very circular discussion with a lawyer about this. They just can't conceive of the idea that you can write code that can't decrypt what it encrypts and insist that the creators are being uncooperative. The sad part is that asymmetric encryption is over 40 years old at this point and the legal community still doesn't get it!
      • A LAWYER (most politicians are) has a job of finding ways to weasel the impossible and logic/math have nothing to do with that; furthermore, law always wins. Don't like 2+2=4? A good lawyer can change that. Seriously.

        Honesty and reason are just tools they sometimes use; everything else can be used.Redefine 2, 4, =, + to something else; or completely skip logic based upon a lie and just appeal to emotions and completely DENY reason. I'd think today with Trump you'd see how reality does not have to be a fa

    • And even if if were somehow magically possible, we all know that in the end "the good guys" would abuse this system 100% of the time, in 100% of the cases.

      You undermine your own (good) argument with this bit of hyperbole, which is obviously false. If the FBI somehow had a good-guys-only backdoor that allowed them to decrypt everything, they absolutely would use it to solve a lot of real crimes, from financial fraud to murder. In fact, the majority of their use of the backdoor would be clearly beneficial to society.

      But, they would also abuse it. The abuses would be rarer than the proper uses, but insidious, ultimately making the backdoor more harmful than

      • You undermine your own (good) argument with this bit of hyperbole, which is obviously false. If the FBI somehow had a good-guys-only backdoor that allowed them to decrypt everything, they absolutely would use it to solve a lot of real crimes, from financial fraud to murder. In fact, the majority of their use of the backdoor would be clearly beneficial to society.

        But, they would also abuse it. The abuses would be rarer than the proper uses, but insidious, ultimately making the backdoor more harmful than beneficial.

        This does not align with my own observations on this matter.

        If I look at something like the mandatory metadata retention in Australia, and how it's been used, the vast majority of the cases it's been used are of no clear value to society as a whole. Similarly, no major cases that have been successfully prosecuted since the program was started have been linked with the usage of this metadata repository. There is still no public proof ay clearly beneficial use of this data has occurred yet, several years afte

  • by Gravis Zero ( 934156 ) on Saturday January 11, 2020 @04:45PM (#59610382)

    You mean that guy that New York City Bar Association is calling on congressional leaders to launch an investigation into [thehill.com]? That Barr? Yeah, not what I would call a trustworthy guy.

  • by account_deleted ( 4530225 ) on Saturday January 11, 2020 @04:52PM (#59610396)
    Comment removed based on user account deletion
  • by AnotherAnonymousUser ( 972204 ) on Saturday January 11, 2020 @04:59PM (#59610410)
    As someone not familiar enough with the political process, could someone weigh in on what this kind of legislation would look like, or how it would be implemented? Would this be compelling companies to do things certain ways to enable back doors, or just to share access to government agencies? Is it something that the government has any grounds to actually require, outside of specific law enforcement cases?
    • And how will it affect open-source software like gnupg?
      • by UnknownSoldier ( 67820 ) on Saturday January 11, 2020 @05:27PM (#59610474)

        Developers or Users?

        * Developers: It will just mean developers will write encryption outside of the retarded US's jurisdiction -- again -- just like in the 1990's Crypto Wars [wikipedia.org] when encryption technology was declared Category XIII item in the United States Munitions List. **Facepalm**
        * End users: Will probably go through some bullshit trial where the case will be escalated to the Supreme Court who will decide that Encryption is a 1st Amendment right.

        Vote these idiots of out office. They are TOO STUPID to understand Mathematics.

        • by gweihir ( 88907 ) on Saturday January 11, 2020 @06:20PM (#59610558)

          Vote these idiots of out office. They are TOO STUPID to understand Mathematics.

          Worse. They are too stupid to ask actual experts and to listen to them. That puts them at the very lowest end of the insight-scale.

          • Worse. They are too stupid to ask actual experts and to listen to them. That puts them at the very lowest end of the insight-scale.

            Worse. They have too much hubris and think they know better than the experts they asked and then try to berate and discredit the experts who have opinions contrary to their desired outcome.

            But nothing's new. Been happening forever - look at the climate change politics.

            • by gweihir ( 88907 )

              Indeed. It is surprising that the world is not completely in chaos. Well, that can still happen.

    • As someone not familiar enough with the political process, could someone weigh in on what this kind of legislation would look like, or how it would be implemented?

      It wouldn't, they don't have the support of any political party, and everybody that matters is already against it.

      In the 1990s, when it was actually being debated as a possible thing, the idea was to require manufacturers to include a hardware backdoor. An example was the Clipper chip [wikipedia.org], which was also used as an example when they were talking about backdoors for other types of communication.

      Also note that when the wikipedia page talks about "the U.S. government" pushing for this or that, they only mean "some

    • ... not familiar enough with the political process ...

      Since the 'war on terror' began, this idea surfaces every election: Politicians have totally succumbed to the idea they can legislate-away all unapproved behaviour.

      ... legislation would look like, or how it would be implemented?

      It comes in two flavours:

      • A) encryption is hard-coded into software/hardware and the keys are given to the government.
        B) the vendor assigns keys to users and maintains a database of them, which the government can access either online, or via warrant. (In case of the latter, the next step is legislating that vendors provide acess, absent
  • Use the broken back-doored encryption for banking & communications but only for whose politicians who demanded it after informing them that as well as the US Government having access to the backdoors, they will also be giving them that the governments in China, Iran, North Korea, Russia and EVERY other country in the world that requests them.

  • let me know when you finally destroy encryption so i can have my credit/debit card numbers changed, and switch to using one time gift cards online
  • Oh so they want full trust do they? Well, if they want us to trust them - trust by the way, that they have repeatedly proven that they have not earned or deserve - then there must be these conditions in cases of violation...

    If any individual in that organization violates any of the rules set out to protect people's privacy, in any way, shape or form, either directly or indirectly, then they must, must be punished!

    And I do mean punished. They should be terminated from their position - immediately - without p

    • by gweihir ( 88907 )

      So you do not want to send anybody to prison for misusing this in an official capacity? That seems excessively lenient compared to what happens to ordinary citizens when they misstep.

  • by Anonymous Coward

    I believe that Facebook, Google, Apple, and everyone else should make it clear to the US authorities that if they insist on having backdoors in the crypto, they may have to provide those, but only to the US users of the system. The rest of the world can enjoy the benefits of safe crypto. US laws can and should not have any relevance for communications between (say) two EU citizens. If Americans want to feel like second-class citizens on the net, let them!

  • U.S. Attorney General William Barr and U.S. senators are currently pushing for legislation that would force technology companies to build backdoors into their products ...

    The words "U.S. Attorney General", "William Barr", "US senators" and "backdoor" should never appear in the same sentence in any combination.

  • what about an law saying an china backdoor must be given to us gov or you can't see it in the usa?

    • Google translate is not enough all by itself.

      It can help with vocabulary, but it won't be able to do a good enough job on the grammar. Sorry Ivan.

  • by hdyoung ( 5182939 ) on Saturday January 11, 2020 @06:21PM (#59610564)
    Verbally griping doesn't really get very far with companies, even when it comes from powerful politicians. Legislation or actual bone-fide regulation is required to get change done. This is actually a feature of our capitalist system. The companies are far too focused on profits to do something just cause a politician's jaw starts flapping. The most powerful politician in the country at the moment (Trump) has been blathering for years about bringing jobs and factories home. How much of that has happened? Yeah, a few initiatives were "announced" in his first year of office..... how many of them actually went anywhere? Foxconn plant in the US? Hahahahaha right.

    Tech back-doors are the same way. The companies know that a good number of paying customers don't want gov-controlled back-doors in their cell phones. No company wants to be the first to knuckle under and lose business to competitors. Not gonna happen until actual legislation or regulation passes. Even a presidential order wouldn't cut it. The way things are going right how, this will happen sometime between "sun burns out" and "hell freezes over".
  • by Framboise ( 521772 ) on Saturday January 11, 2020 @06:33PM (#59610588)

    Good luck to legislators for preventing deniable encryption.
    https://en.wikipedia.org/wiki/...>

  • Why is it that the folks who write the laws are some of the most ill-informed idiots on the planet ?

    At the bare minimum, we really need an entrance exam for all elected positions of the US Government.

    We have exams for quite a few professions, yet the one that wields the most power is the same one where any idiot ( given enough votes )
    can walk into a job they know absolutely nothing about and start demanding changes.

    I really hate to break it to Senator Graham, but the line between the " Bad Guys " and the "

    • Why is it that the folks who write the laws are some of the most ill-informed idiots on the planet?

      Because they are the ones that win the most votes. If you want smart people to write laws, you have to vote them into office first, then hope for the best.

    • They are pretending to be stupid. This allows them to take bribes and sell out their voters, and claim they were tricked if caught.
  • With PRISM the NSA just has to ask once and so many of the one trusted and respected big US brands said "yes"...
    Its not encryption when the NSA gets the keys from the OS, computer brand, ad company, telco.

    A fight would be saying no and ending up in prison...
    How many in the freedom talking "tech" leadership of the USA did that? 1?
  • Forbidding encryption seems entirely stupid, not only because it opens up all kinds of security issues, but also because the bad guys could still encrypt messages through steganography.

  • Our company created what they termed as an 'air gap' system to protect sensitive data from moving from our production environment to corporate and unapproved software from corporate to production. It is a platform that examines all data and makes sure that no personal or sensitive data is every copied except using approved programs and processes.

    I pointed out one day that anyone could create a custom encryption program that would mask all data and circumvent the system. It didn't even have to be good encr

  • There is no government only backdoor in encryption. Never was, never will be. Any backdoor built into encryption WILL be abused by someone other than you. That means by extension that your secrets WILL be open to be read by whoever you deem your enemy. Whether that's some competing party or some foreign actors.

    The weak point won't be the technical side. Encryption, and the lack of it, can be made technically resilient. The weak point is the human factor, because at some point, some human will have the key t

  • We've been unable to identify any way to create a backdoor that would work only for the good guys.

    Nor have been able to find any way to identify the "good guys".

  • Whether or not they understand what they're demanding makes sense, is dangerous, or not, is irrelevant to them: they want MORE POWER, and they don't give a flying fuck what it does to us little peon citizens, so long as they feed their anal-retentive power-grubbing need to stick their noses into anything and everything, with no ability for the rest of us to say "NO!" to it. This has nothing whatsoever to do with 'national security', 'law enforcement', 'crime prevention', or any of the other bullshit excuses
  • That back door will be breached by bad actors within 24 hours of it hitting the streets. Back Doors in Encryption INVITES crackers. And will virtually shut down commerce on the internet. In one Swell Foop, we'll be back in the 1970s.
  • Europe ? you didnt mean Europe, did you there , i have a huawei and a xiaomi ... the flashlights on it are great other than that and the steam/valve and google auth needed for some sites im still looking for a use for them but im sure if the chinese are backdooring me they wont find much of use , if they can read the local slang what's stopping anyone from encrypting msges with personal keys anyway ? most probably dont even care since "they got nothing to hide" as the ancient proverb goes "why would you

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...