A Quick Look At the Fight Against Encryption (linuxsecurity.com) 87
b-dayyy shared this overview from the Linux Security site:
Strong encryption is imperative to securing sensitive data and protecting individuals' privacy online, yet governments around the world refuse to recognize this, and are continually aiming to break encryption in an effort to increase the power of their law enforcement agencies... This fear of strong, unbroken encryption is not only unfounded -- it is dangerous. Encryption with built-in backdoors which provide special access for select groups not only has the potential to be abused by law enforcement and government agencies by allowing them to eavesdrop on potentially any digital conversation, it could also be easily exploited by threat actors and criminals.
U.S. Attorney General William Barr and U.S. senators are currently pushing for legislation that would force technology companies to build backdoors into their products, but technology companies are fighting back full force. Apple and Facebook have spoken out against the introduction of encryption backdoors, warning that it would introduce massive security and privacy threats and would serve as an incentive for users to choose devices from overseas. Apple's user privacy manager Erik Neuenschwander states, "We've been unable to identify any way to create a backdoor that would work only for the good guys." Facebook has taken a more defiant stance on the issue, adamantly saying that it would not provide access to encrypted messages in Facebook and WhatsApp.
Senator Lindsey Graham has responded to this resistance authoritatively, advising the technology giants to "get on with it", and stating that the Senate will ultimately "impose its will" on privacy advocates and technologists. However, Graham's statement appears unrealistic, and several lawmakers have indicated that Congress won't make much progress on this front in 2020...
Encryption is an essential component of digital security that should be embraced, not feared. In any scenario, unencrypted data is subject to prying eyes. Strong, unbroken encryption is vital in protecting privacy and securing data both in transit and in storage, and backdoors would leave sensitive data vulnerable to tampering and theft.
U.S. Attorney General William Barr and U.S. senators are currently pushing for legislation that would force technology companies to build backdoors into their products, but technology companies are fighting back full force. Apple and Facebook have spoken out against the introduction of encryption backdoors, warning that it would introduce massive security and privacy threats and would serve as an incentive for users to choose devices from overseas. Apple's user privacy manager Erik Neuenschwander states, "We've been unable to identify any way to create a backdoor that would work only for the good guys." Facebook has taken a more defiant stance on the issue, adamantly saying that it would not provide access to encrypted messages in Facebook and WhatsApp.
Senator Lindsey Graham has responded to this resistance authoritatively, advising the technology giants to "get on with it", and stating that the Senate will ultimately "impose its will" on privacy advocates and technologists. However, Graham's statement appears unrealistic, and several lawmakers have indicated that Congress won't make much progress on this front in 2020...
Encryption is an essential component of digital security that should be embraced, not feared. In any scenario, unencrypted data is subject to prying eyes. Strong, unbroken encryption is vital in protecting privacy and securing data both in transit and in storage, and backdoors would leave sensitive data vulnerable to tampering and theft.
This is getting ridiculous (Score:5, Insightful)
You know when in movies, the general/whatever military/FBI/CIA top guy asks for something impossible?
This is exactly what's happening here. Encryption is mathematics. You can't magically add "good guys vs bad guys" logic into maths. What they're asking for is impossible.
And even if if were somehow magically possible, we all know that in the end "the good guys" would abuse this system 100% of the time, in 100% of the cases.
Re: This is getting ridiculous (Score:1)
Is that not how PGP came about back in the day?
Re: (Score:2)
Well pgp is person to person, and I doubt any backdoor could ever be put into it. IIRC development was moved out of the US due to it's old encryption laws. All that proves is whatever law is passed real encryption will still be available.
All these laws will do is allow law enforcement to 'spy' on law abiding citizens.
Re: (Score:2)
'IIRC development was moved out of the US due to it's old encryption laws'
Citation please. Perhaps you were thinking about how the US government arrested Phil Zimmerman and charged him with a federal violation of the Arms Control Act, that they eventually had to drop.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: This is getting ridiculous (Score:3)
It is possible, most hard drive encryption systems have unlock schemes where multiple keys (multiple users) are present or where someone like a sysadmin has the key escrowed either into LDAP or a cloud system.
The problem is the key eventually gets out. No government has been able to keep anything secret; it's why conspiracy theories about the moon landing and 9/11 are just that, the government can't do anything right even if they actively try to hide it, someone always blabs (eg Benghazi, the Bin Laden raid
Re: (Score:2)
OTOH, if there has been times the government has managed to keep a secret, how would we know?
Some conspiracy theories are just stupid such as the Moon landing, others are questionable.
Re: (Score:2)
"Good guys" are defined as the subset of bad guys who are sufficiently powerful that you cannot resist them. If I have the drop on you (my loaded gun is already aimed at your face and you credibly believe that I will fuck you up forever if you don't do what I say) that makes me the good guy. You'll include a copy of the session key encrypted with my public key, in all your messages. Well, you'll do that or else you are the person whose final moment happened in the parking lot.
That's what government is: the
Pigs In Your Spaaaceeee (Score:4, Interesting)
Lindsay Graham is a perfect example of a knee-jerk know-nothing. toady. without John McCain to keep him in check, he'd make a great lieutanant in the Red Army, and wouldn't have to change his mind much to succeed.
Re:Pigs In Your Spaaaceeee (Score:4, Interesting)
You speak as though Lindsay Graham has an independent set of beliefs which he changes depending upon which way the wind is blowing. He's a bit more feral intellectually than that. He doesn't have any beliefs whatsoever. He merely parrots what he thinks will advance his re-election. He has no reason for being re-elected other than he doesn't have anything else to do.
He merely refracts Trump's mental zephyrs because he has no independent thoughts of his own. Trump does not have thoughts as such, he's quite animalistic in that he has very limited powers of reflection and has the attention span of a gnat. Whatever is fizzing in his brain at the moment comes out of his mouth or fingers. In that sense, he cannot be said to lie as he simply fails to comprehend a distinction between truth and falsity. There is no such dialectic within him when he see the world. Being so devoid of intellectual contemplation, it's no wonder he's such a TV and social media whore. Graham is even more totally without merit.
Re: (Score:1)
Re: (Score:1, Interesting)
You can't magically add "good guys vs bad guys" logic into maths. What they're asking for is impossible.
This is wrong. It is possible to create an encryption algorithm with more than one key. One key is for the user. The other is held in escrow by "the good guys".
The problem is not the technology, but the fact that few people see "the good guys" as actually being "good". Many people don't even see "law enforcement" and "criminals" as disjoint sets.
I have never been accused of a crime. But I was involved in a Federal criminal case as an alleged victim*. I dealt with several law enforcement officers. I w
Re: (Score:3)
There is also the problem that backdoors may get compromised by "bad" guys, and that keys may leak. I mean, the NSA was incapable of stealing of protecting its malware against being stolen, and it has done a ton of damage since.
Re:This is getting ridiculous (Score:4, Insightful)
Dude, this is a conversation slashdot has been having since long before you signed up.
And yet, you don't seem to even understand the basic points.
The simple parts, like "you can't tell the good guys from the bad guys" your response is, "can too, you can just label each of them."
Did you even consider reading what you reply to before replying? Or do you just click on something randomly before spewing a reply?
You even sort of wander in the direction of what you're replying to when you say, "Many people don't even see "law enforcement" and "criminals" as disjoint sets." Well fucking duh, now keep that thought in your head while re-reading the claim, "You can't magically add "good guys vs bad guys" logic into maths." It isn't really that far of a walk for you to understand what is being said. If you'd try.
Re: (Score:2)
The simple parts, like "you can't tell the good guys from the bad guys" your response is, "can too, you can just label each of them."
This reminds me of the very old Usenet proposals for female-only newsgroups, with appropriately labelled network packets.....
Re: (Score:2)
He probably wants to make use of TCP/IP's Evil Bit [wikipedia.org] proposal. /s =P
Re: (Score:2)
The simple parts, like "you can't tell the good guys from the bad guys" your response is, "can too, you can just label each of them."
I disagree, and thing ShanghaiBill's point is valid. Indeed I made much the same point in another post in this thread.
Perhaps it's just a disagreement on semantics. But I read many arguments against encryption which seem to imply that criminals, etc. (distinct from law enforcement) would be able to make use of the same "vulnerability". This is the case when the backdoor is the traditional cracker backdoor, or a software vulnerability. In those cases it's true that anyone could discover and use them.
Re: (Score:2)
Perhaps it's just a disagreement on semantics.
The semantics is the meaning.
What you're saying is that you want to be counted as being right, even if you're wrong.
Everything substantive is semantics. The less relevant parts would actually be syntax. If you screw up the syntax, that's fine. We'll usually know what you meant. If you screw up the semantics, don't just wave your hands, go back and start over and try again.
Re: (Score:2)
Re: (Score:2)
No, that's a lie, you're just repeating it mindlessly without even thinking about what it means.
And that isn't what people mean when they say it.
If you actually disagree on definitions, you have to resolve that difference to communicate, that isn't something irrelevant that you would sweep under the rug.
Re: (Score:3)
Can you name a practical crypto scheme that allows "good guy keys" and is actually secure?
Say something that could be used for a SSH/HTTPS type connection or for end to end encrypted chat.
No such scheme exists.
Re: (Score:3)
It doesn't matter if such a scheme exists. If messages can be decrypted by the government, it will inevitably be abused or exploited, AND it won't be effective, even if all other encryption is outlawed and all traffic is routinely decoded to make sure no one is using a non-sanctioned encryption method.
Sending random numbers would have to be made illegal, so all formats (including compression) used to send data would have to be approved.
And it STILL wouldn't stop properly done steganography.
I do believe you
Re: (Score:1)
Re: (Score:2)
Also, the unified front that tech companies offer to this strongly suggests that they at least understand the reality of the situation. The politicians obviously do not. Why do we think we can afford "leadership" that has no clue how things work and is incapable to actually listen to experts?
Also, authoritarians (the most dangerous type of human, an absolute destroyer of society if not kept carefully under control) are always convinced they have all the answers and understand everything. Kind of a Dunning-K
Re: (Score:2)
It’s disingenuous to keep parroting the line that encryption must be algorithmically weakened or “backdoored” so law enforcement can get their snoop on.
As others have already mentioned, the key/password to decrypt can be duplicated and held by more than one entity. The legislators aren’t as stupid as you think, and we’re going to end up facing the figurative “$5 wrench” scenario (you will provide a copy of the password, by force of law), if this isn’t fought
Re: (Score:2)
Re: (Score:2)
It is worse than that; there isn't even a "fight." Almost everybody that would need to agree with them in order to try to do the thing are already on the other side. The thing can't be done, and there isn't any fight over it. There are just some angry old men who continue to shout at the clouds about it, and some of them also have some role in government.
Re: This is getting ridiculous (Score:2)
It's Perspective (Score:2)
A LAWYER (most politicians are) has a job of finding ways to weasel the impossible and logic/math have nothing to do with that; furthermore, law always wins. Don't like 2+2=4? A good lawyer can change that. Seriously.
Honesty and reason are just tools they sometimes use; everything else can be used.Redefine 2, 4, =, + to something else; or completely skip logic based upon a lie and just appeal to emotions and completely DENY reason. I'd think today with Trump you'd see how reality does not have to be a fa
Re: (Score:2)
And even if if were somehow magically possible, we all know that in the end "the good guys" would abuse this system 100% of the time, in 100% of the cases.
You undermine your own (good) argument with this bit of hyperbole, which is obviously false. If the FBI somehow had a good-guys-only backdoor that allowed them to decrypt everything, they absolutely would use it to solve a lot of real crimes, from financial fraud to murder. In fact, the majority of their use of the backdoor would be clearly beneficial to society.
But, they would also abuse it. The abuses would be rarer than the proper uses, but insidious, ultimately making the backdoor more harmful than
Re: (Score:2)
You undermine your own (good) argument with this bit of hyperbole, which is obviously false. If the FBI somehow had a good-guys-only backdoor that allowed them to decrypt everything, they absolutely would use it to solve a lot of real crimes, from financial fraud to murder. In fact, the majority of their use of the backdoor would be clearly beneficial to society.
But, they would also abuse it. The abuses would be rarer than the proper uses, but insidious, ultimately making the backdoor more harmful than beneficial.
This does not align with my own observations on this matter.
If I look at something like the mandatory metadata retention in Australia, and how it's been used, the vast majority of the cases it's been used are of no clear value to society as a whole. Similarly, no major cases that have been successfully prosecuted since the program was started have been linked with the usage of this metadata repository. There is still no public proof ay clearly beneficial use of this data has occurred yet, several years afte
Bill Barr? (Score:3)
You mean that guy that New York City Bar Association is calling on congressional leaders to launch an investigation into [thehill.com]? That Barr? Yeah, not what I would call a trustworthy guy.
Re: (Score:2)
Doesn't matter if he's trustworthy if the people you elect put him in charge anyway.
Comment removed (Score:3)
Legal Requirement (Score:3)
Re: (Score:2)
Re:Legal Requirement (Score:5, Insightful)
Developers or Users?
* Developers: It will just mean developers will write encryption outside of the retarded US's jurisdiction -- again -- just like in the 1990's Crypto Wars [wikipedia.org] when encryption technology was declared Category XIII item in the United States Munitions List. **Facepalm**
* End users: Will probably go through some bullshit trial where the case will be escalated to the Supreme Court who will decide that Encryption is a 1st Amendment right.
Vote these idiots of out office. They are TOO STUPID to understand Mathematics.
Re:Legal Requirement (Score:4, Insightful)
Vote these idiots of out office. They are TOO STUPID to understand Mathematics.
Worse. They are too stupid to ask actual experts and to listen to them. That puts them at the very lowest end of the insight-scale.
Re: (Score:1)
Worse. They are too stupid to ask actual experts and to listen to them. That puts them at the very lowest end of the insight-scale.
Worse. They have too much hubris and think they know better than the experts they asked and then try to berate and discredit the experts who have opinions contrary to their desired outcome.
But nothing's new. Been happening forever - look at the climate change politics.
Re: (Score:2)
Indeed. It is surprising that the world is not completely in chaos. Well, that can still happen.
Re: (Score:2)
As someone not familiar enough with the political process, could someone weigh in on what this kind of legislation would look like, or how it would be implemented?
It wouldn't, they don't have the support of any political party, and everybody that matters is already against it.
In the 1990s, when it was actually being debated as a possible thing, the idea was to require manufacturers to include a hardware backdoor. An example was the Clipper chip [wikipedia.org], which was also used as an example when they were talking about backdoors for other types of communication.
Also note that when the wikipedia page talks about "the U.S. government" pushing for this or that, they only mean "some
Re: (Score:1)
Since the 'war on terror' began, this idea surfaces every election: Politicians have totally succumbed to the idea they can legislate-away all unapproved behaviour.
It comes in two flavours:
B) the vendor assigns keys to users and maintains a database of them, which the government can access either online, or via warrant. (In case of the latter, the next step is legislating that vendors provide acess, absent
If I was in charge of one of these companies i'd (Score:1)
Use the broken back-doored encryption for banking & communications but only for whose politicians who demanded it after informing them that as well as the US Government having access to the backdoors, they will also be giving them that the governments in China, Iran, North Korea, Russia and EVERY other country in the world that requests them.
Re: (Score:2)
./Oblg. Voters will "get on with it" and vote this idiot out of office who is too stupid to understand Mathematics.
Hey, look, it's the 1990's Crypto Wars [wikipedia.org] all over again where encryption was ruled a 1st Amendment Right.
Hey, Senator Lindsey Graham, you can: "Fuck Off with your 'National Security' BULLSHIT." It didn't work before. It won't THIS time either just because you are too insecure about the RIGHT to Privacy and stupid to understand Mathematics.
Re: GOV LAW ENFORCEMENT SHOULD/MUST HAVE FULL ACCE (Score:1)
Oh, you're that Indian guy supporting Modi and his CurryNazi party.
Fuck you, and fuck off.
Re: (Score:3)
hey Lindsay Graham (Score:2)
Full Access, huh? (Score:2)
Oh so they want full trust do they? Well, if they want us to trust them - trust by the way, that they have repeatedly proven that they have not earned or deserve - then there must be these conditions in cases of violation...
If any individual in that organization violates any of the rules set out to protect people's privacy, in any way, shape or form, either directly or indirectly, then they must, must be punished!
And I do mean punished. They should be terminated from their position - immediately - without p
Re: (Score:2)
So you do not want to send anybody to prison for misusing this in an official capacity? That seems excessively lenient compared to what happens to ordinary citizens when they misstep.
Simple solution (Score:1)
I believe that Facebook, Google, Apple, and everyone else should make it clear to the US authorities that if they insist on having backdoors in the crypto, they may have to provide those, but only to the US users of the system. The rest of the world can enjoy the benefits of safe crypto. US laws can and should not have any relevance for communications between (say) two EU citizens. If Americans want to feel like second-class citizens on the net, let them!
Maybe it's just me, but ... (Score:1)
U.S. Attorney General William Barr and U.S. senators are currently pushing for legislation that would force technology companies to build backdoors into their products ...
The words "U.S. Attorney General", "William Barr", "US senators" and "backdoor" should never appear in the same sentence in any combination.
what about an law saying an china backdoors must (Score:2)
what about an law saying an china backdoor must be given to us gov or you can't see it in the usa?
Re: (Score:2)
Google translate is not enough all by itself.
It can help with vocabulary, but it won't be able to do a good enough job on the grammar. Sorry Ivan.
requires legislation (Score:4, Insightful)
Tech back-doors are the same way. The companies know that a good number of paying customers don't want gov-controlled back-doors in their cell phones. No company wants to be the first to knuckle under and lose business to competitors. Not gonna happen until actual legislation or regulation passes. Even a presidential order wouldn't cut it. The way things are going right how, this will happen sometime between "sun burns out" and "hell freezes over".
Deniable encryption (Score:3)
Good luck to legislators for preventing deniable encryption.
https://en.wikipedia.org/wiki/...>
Why is it (Score:2)
Why is it that the folks who write the laws are some of the most ill-informed idiots on the planet ?
At the bare minimum, we really need an entrance exam for all elected positions of the US Government.
We have exams for quite a few professions, yet the one that wields the most power is the same one where any idiot ( given enough votes )
can walk into a job they know absolutely nothing about and start demanding changes.
I really hate to break it to Senator Graham, but the line between the " Bad Guys " and the "
Re: (Score:2)
Why is it that the folks who write the laws are some of the most ill-informed idiots on the planet?
Because they are the ones that win the most votes. If you want smart people to write laws, you have to vote them into office first, then hope for the best.
Re: (Score:2)
What fight? (Score:1)
Its not encryption when the NSA gets the keys from the OS, computer brand, ad company, telco.
A fight would be saying no and ending up in prison...
How many in the freedom talking "tech" leadership of the USA did that? 1?
Stupid (Score:1)
Forbidding encryption seems entirely stupid, not only because it opens up all kinds of security issues, but also because the bad guys could still encrypt messages through steganography.
Bad guys can write software themselves, you morons (Score:2)
Our company created what they termed as an 'air gap' system to protect sensitive data from moving from our production environment to corporate and unapproved software from corporate to production. It is a platform that examines all data and makes sure that no personal or sensitive data is every copied except using approved programs and processes.
I pointed out one day that anyone could create a custom encryption program that would mask all data and circumvent the system. It didn't even have to be good encr
Dear idiots, elected and otherwise (Score:2)
There is no government only backdoor in encryption. Never was, never will be. Any backdoor built into encryption WILL be abused by someone other than you. That means by extension that your secrets WILL be open to be read by whoever you deem your enemy. Whether that's some competing party or some foreign actors.
The weak point won't be the technical side. Encryption, and the lack of it, can be made technically resilient. The weak point is the human factor, because at some point, some human will have the key t
"good guys"? (Score:2)
We've been unable to identify any way to create a backdoor that would work only for the good guys.
Nor have been able to find any way to identify the "good guys".
Simple: NONE OF THEM GIVE A FUCK ABOUT *US*! (Score:2)
If the Government requires a back door (Score:1)
devices from overseas ? (Score:1)