Obama Administration Explored Ways To Bypass Smartphone Encryption 142
An anonymous reader writes: According to a story at The Washington Post, an Obama Administration working group considered four backdoors that tech companies could adopt to allow the government to break encrypted communications stored on phones of suspected terrorists or criminals. The group concluded that the solutions were "technically feasible," but they group feared blowback. "Any proposed solution almost certainly would quickly become a focal point for attacks. Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce 'backdoors' or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation," said the unclassified memo. You can read the draft paper on technical options here.
Re: (Score:2)
https://glimmerblocker.org/ [glimmerblocker.org]
You mean the PRISM program (Score:2)
and Operation Bullrun weren't give-aways before now?
If they can break it, ANYONE can break it (Score:5, Insightful)
Re: (Score:2, Insightful)
If they can break it, ANYONE can break it
It's even worse than that.
Obviously the bad guys could break it, or steal the backdoor keys, or whatever.
But the worst part is that we don't know if any bad guys have broken it yet, so -- starting on day one -- we have to assume they have.
This is true even if the bad guys haven't actually broken it yet.
This means that backdoors are a failure up front, by design -- and not just if they break.
practically true. Interesting theory $10 million b (Score:5, Interesting)
For purposes of making policy, we should absolutely assume that if the government can get in, so can the bad guys. (Ignoring the fact that sometimes the government IS the bad guys).
Having said that, it's an interesting intellectual exercise to consider that's not NECESSARILY true. For example, each year the encryption could be increased with a longer key, such that at any given time it costs about $1 million in computer time to decrypt a phone. The government could easily spend a million, or ten million, to decrypt Bin Laden's laptop, but nobody is going to spend a million or ten million to decrypt yours or mine.
I'm not suggesting that's actually a good idea in terms of policy , just an interesting puzzle to think about.
Also, years ago we thought it was impossible for you and, who have never met before, to publicly post messages to each other in such a way that nobody else could decrypt them - without ever talking privately to share an encryption key. Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way. Theoretically, it's entirely possible to invent something that allows access only to authorized individuals, with a public audit trail. We haven't invented it yet. Block chains like Bitcoin uses suggest that encryption can be tied to a publicly accessible log, so we know whose data they decrypted, or at least how many they did.
Re: (Score:2)
years ago we thought it was impossible for you and, who have never met before, to publicly post messages to each other in such a way that nobody else could decrypt them - without ever talking privately to share an encryption key. Now, we use Diffie-Hellman every day to do exactly that, as part of https.
We are talking privately - through Mozilla, or Microsoft, or Apple, or Google. That's why your browser has a big old list of certificates.
cert isn't required for secrecy, only authenticati (Score:3)
No trusted root certificate is required in order to have a secret, encrypted conversation over a public medium. We could post secret messages to each other using Diffie-Hellman right here on Slashdot.
Root certificates are for authentication- knowing my real name rather than just my Slashdot userid raymorris.
Re: (Score:1)
Without authentication, how do you know it's *me* doing the DH negotiation on the other end? That's the root of trust problem that certificates (and webs of trust) try to solve (and don't do a very good job of).
To have a truly reliable system, we need something that "square's Zooki's triangle": https://en.wikipedia.org/wiki/... [wikipedia.org]
There is promise in newer systems that use Bitcoin-like blockchains (like Namecoin).
Re: (Score:2)
> Without authentication, how do you know it's *me* doing the DH negotiation on the other end?
Because your user name is right at the top of your post. And we've never shared a secret. What I don't know is your birth name. Even better, we can use DH in a crowded room. We can shout secrets to each other*, and without any pre-arranged key we can exchange secret messages, impenetrable to everyone else in the room. I know it's you I'm talking to because I can see you.
If a man-in-the-middle has the ability to
Re:practically true. Interesting theory $10 millio (Score:4, Insightful)
Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way.
Just thought I'd mention Ralph Merkle, the guy gets nowhere near fair credit for having co-invented public key cryptography. In fact, Hellman argues we should talk about Diffie-Hellman-Merkle key exchange.
And there were some guys at GCHQ who independently did pretty much the same. But I credit them less because it was all kept secret and they work for, you know, evil.
Re: (Score:2)
It's actually possible in a very low-tech way, assuming you trust Apple.
yep. Tracking guns is similar, but simpler (Score:2)
The use of paper and manually doing work in your scenario reminds me of how guns can be tracked to people, but not vice versa, in Texas and other states without registration.
Given the serial number of a gun found at a crime scene, the cops can ask the manufacturer which wholesaler they sold the gun to. They then ask the wholesaler which store they sold it to. They then ask the store which individual they sold it to. So they can answer the question "who bought this gun?", but can't answer "does raymorris
Re: (Score:2)
Um, no, your "intellectual" exercise isn't all that interesting. What you suggest is a typical sophomoric exercise and focuses only on details that it "solves" while ignoring the entirety of the problem. In particular you are overlooking the *obvious* fact that if they have a key that can be used to backdoor then anyone who can obtain a copy of the key can use the backdoor.
In other words, you can handwave all you want about "unbreakable" keys and it doesn't matter.
For a more interesting intellectual exercis
RAID6 The House (Score:2)
Let me state one more time, as a policy matter we should assume that anything that allows the good guys in can also allow the bad guys in. That's a foundational assumption and why I don't install a control panel like CPanel on my servers.
As a mathematical puzzle, it's interesting to note that's an assumption. It's not NECESSARILY true.
Here's a very rough draft of one approach, just for fun. At the end I'll show how it can be made more secure by combining it with other approaches.
Consider, it is possible u
Re: (Score:3)
TFA mentions a few ways that they were considering implementing this.
1. Special government controlled keys in addition to user controlled keys. Obviously loss of the government controlled key would allow anyone to decrypt those messages.
2. A split private key, with half held by the manufacturer and the other half by the government. Only by bringing the two together can the user's messages be decrypted.
3. Abuse of automatic forced updates. Make device manufacturers send government malware using their update
Re: (Score:2)
Huh. I guess the Windows 10/8/7 tracking shows they picked option 3.
Why only say Obama? (Score:2, Insightful)
Saying it's Obama's Administration that did it is just as honest as saying it's Bush's Administration that allowed "enhanced interrogation" and detention facilities - it sure as hell didn't stop (or probably even start) with Bush, just like how breaking encryption sure as hell didn't begin with Obama. The problem is with the entire system, not just one political sports team or another.
Re: (Score:1)
The Obama administration is the current administration. Since we haven't learned from past administrations, there is little point in discussing them.
Re: (Score:1)
Also did anyone note that the Obama Administration also said that these plans were basically a bad idea?
Can anyone really fault them for checking if the plans were a good idea, deciding they weren't, and then not doing it?
Can you really attack them for this?
Re: (Score:2)
Mod parent informative. They explored the idea ... and then abandoned it. The latter part is in TFS but not in the headline.
Re: (Score:2)
I have a problem with the reasons they abandoned it. They abandoned it because they thought it would stir up too much trouble. Any good administration would have never explored the idea at all because it's a shitty thing to do and unconstitutional.
Re: (Score:3)
I have a problem with the reasons they abandoned it. They abandoned it because they thought it would stir up too much trouble. Any good administration would have never explored the idea at all because it's a shitty thing to do and unconstitutional.
There is a great frustration with the Constitution by our leaders.
They have been trying in earnest for years, to find a way to make the tools they already use for "parallel construction" (look it up) to allow for circumvention of the 4th and 5th Amendments. See, they get the data illicitly, then they need a way they can use a court order to say they got it legitimately. The actual back door doesn't need to work, people just need to believe it is there.
The problem is, people are getting just as pissed
Re: (Score:2)
Yup. I've explained before [slashdot.org] how law makers could have access [slashdot.org], and how much I distrust them. The facts are that they could get what they say they want, and get it securely, but what they really want is illegal.
Legal access could be managed securely, but not without limiting government and law enforcement to a legal process. They don't want that, and that's the reason they dropped this. So they say.
The problem we have is that we already know we've been repeatedly lied to by our government, and even government
Re: Why only say Obama? (Score:3)
They didn't abandon it - the FBI Director is out there insisting on it every day. Obama could reign him in with one phone call.
This is classic "political cover". Why do people still take politicians at their word? Can no amount of evidence change that?
Re: (Score:2)
How is this a "problem with a system". The administration had someone who knows technology draft a report on whether something they wanted was possible. It's not., The report said so.
A memo explaining why X is impossible is a good thing. It means they asked a question and got an answer.
Heck, I wouldn't trust my opinion on technical matters if I got made POTUS tomorrow, and I make my living deciding them now. Because there are people smarter than me out there, and sometimes stuff is actually possible th
Re: (Score:2)
They didn't try. They asked an expert what would happen if they did try. I consider it akin to calling a lawyer and seeing if there's any course of action available.
Or, in your example, akin to sitting down to plan both whether and if to murder and having one item be a long list of reasons like "illegal, will likely go to jail, etc.". And then deciding murder is not a good course of action.
Of course the administration asked the question. There are many groups in the government. Some want to break into
It IS a backdoor (Score:5, Informative)
would almost certainly be perceived as proposals to introduce 'backdoors'
Yes, that is exactly the definition of a backdoor [wikipedia.org]: a way to bypass the owner's security measures. Any suggestion that it isn't would mean that the government is the owner of the device, not you or me.
Re: (Score:2)
Any suggestion that it isn't would mean that the government is the owner of the device, not you or me.
Don't give them ideas.
Re: (Score:1)
If they pay to have it fixed when it breaks I wouldn't have much problem with that....But until then I paid for it it's mine!
Obama is All About Transparency! (Score:5, Insightful)
Re: (Score:2, Interesting)
Read TFS again. They explored the idea, and then abandoned it.
And now we know about it. You were saying something about transparency?
Re: Obama is All About Transparency! (Score:2, Insightful)
It was the black guy who promised "change". He knew he would not deliver but still acts like he's got the moral high ground. He does not. If you tell me you're going to something, you ask my backing on that condition and that renege, you broke your promise and I can call you a liar. I don't care if you're white, black, yellow or purple with green dots.
Re: (Score:2)
It was the black guy who promised "change". He knew he would not deliver but still acts like he's got the moral high ground. He does not. If you tell me you're going to something, you ask my backing on that condition and that renege, you broke your promise and I can call you a liar. I don't care if you're white, black, yellow or purple with green dots.
Things changed alright. Just not in the way people thought they would. We now have a bigger racial divide in our country than the 50's due in part, to the actions of ol'jug-ears for example.
And the 50s were worse than the 30s. (Score:3)
There were no big racial protests in the 30s, I guess that means that everyone was super happy. Also, the 1890s were even quieter, and the 1840s quieter still.
A wise robot once said, "I think you're confusing peace with quiet". The racial divide isn't created by rabble rousers, it's exposed by them.
Re: (Score:2)
So what's the endgame of all this spying? Is it to turn America into a totalitarian police state?
The endgame of this particular spying seems to be that they decided not to, for reasons that seem quite good to me.
"Any proposed solution almost certainly would quickly become a focal point for attacks. Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce 'backdoors' or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation."
Re: (Score:2)
Re: (Score:2)
Ridiculous. They decided not to for a terrible reason, which is that they didn't think they could get away with it.
They should have decided not to for the reason that it is both morally wrong and unconstitutional.
Make no mistake: these people are evil, and the fact that they abandoned this particular scheme makes them no less so!
Re: (Score:1)
Re: (Score:2)
There is no fucking excuse whatsoever for Mr. "Constitutional Scholar" not to have known damn well that this was completely and utterly verboten from the beginning! This idea should never have even been entertained in the first place!
The only reasonable answer to a government official asking the President "should we try to backdoor everyone?" is "No. And you're fired for having too poor a grasp of basic goddamn civics to do your job!
There's nothing at all verboten about it. (Score:2)
And there never has been at any point in human history. Sure you need a warrant to exercise a capability to spy--but there's absolutely nothing illegal about creating an apparatus that enables the spying.
I think you are confusing what is wrong with what is illegal. Not everything that you consider to be wrong is illegal.
Priorities (Score:1)
Re: (Score:2)
There will always be "baddies" no matter how good the world is.
Wow that's super helpful, thanks. (Score:2)
Let's shut down the military, police force, FBI, CIA, and NSA and use that money instead to shower the world with rose petals.
The backdoors are already in place (Score:5, Informative)
Transceivers are often hooked directly into sensors such as microphones, and run very complex proprietary firmware that is given undue privileged access to the rest of the system's resources.
Furthermore, for nearly 15 years, Intel as been quietly introducing an entire, higher-priority computing system within your consumer laptops and desktops and probably now your tablets and smartphones: This is known as the Intel Management Engine [libreboot.org], specifically the Intel Active Management Technology [fsf.org]. If your computer's Intel sticker lists "vPro", then you've probably got it!
It's frightening stuff.
These systems involve their own little processors, memory, storage, network interfaces, and proprietary operating systems; as long as the machine is plugged into a power source and wired network—even if the user thinks that it's switched "off"—that little computer within "your" computer can be contacted and used to access the rest of the machine, including your storage drives (hard disks, SSDs, etc.), RAM, main CPU, GPU, etc. It has higher priority than "your" system, can take control of the display and keyboard/mouse/touchpad input so that Intel's AMT can provide VNC access from the moment the main system's boot process begins. It can do all of this while your system is running, including reading your private encryption keys from your RAM or twiddling bits on your hard disk.
Any attempt to remove or alter the proprietary software and hardware that composes the AMT can be made to and likely will be made to brick your system or make it otherwise unusable.
Re: (Score:2)
Fortunately at least Vpro is targeted and large businesses and as a result Intel charges BIG bucks to enable it. Even if your processor supports Vpro, chances are it doesn't work because you didn't pay the hefty license fee for the software to enable access to it. In addition most BIOS's I've seen have a setting to disable it.
True we can't know everything it can or can't do without a full read on the capabilities from Intel but I trust that if it were capable of offline access by anyone as you claim it woul
Re:The backdoors are already in place (Score:5, Informative)
True we can't know everything it can or can't do without a full read on the capabilities from Intel but I trust that if it were capable of offline access by anyone as you claim it would be public knowledge and wouldn't have made it very far.
Part of AMT is remote management, including being able to boot a server that lost power, reboot a frozen machine, wake machines for nightly patching and so on. Obviously it can't reach a machine that doesn't have power, but from the moment you plug in a vPro machine it's live even when it's "off". Maybe it's not public knowledge but you only need to read the advertisement [intel.com]:
Find It. Fix It. Anywhere
Intel(R) Active Management Technology provides remote management over wired or wireless networks across devices. Access clients through a secure channel irrespective of power or OS state, address issues while user is online, patch, repair, and upgrade operating systems and applications, and inventory client-side software and hardware.
Of course it's only supposed to talk to your puppet master inside your enterprise and only when it's enabled. But if you had a secret knock backdoor to access AMT on any computer, even when it is allegedly disabled - and perhaps even on CPUs that don't advertise the feature since it's probably there in silicon - that would be the mother of all back doors.
Re: (Score:2)
How man days before Russian criminal gangs or the Chinese government figure out how to break into these backdoors.
Re: (Score:2)
Interesting that it's available via the wifi as well, evidently:
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2, Informative)
Oh, well, if the proprietary system says it's disabled, then it must be disabled!
Unfortunately, you are wrong.
No license is required, and there's good evidence that disabling AMT in the BIOS does not really disable it. Exploits for AMT have been published and only fixed very slowly by Intel.
It's not hidden from the public; as with all encroachments by Big Brother, it's marketed as being useful and convenient. Here, have some fun. [howtogeek.com] Any fool could follow those instructions.
Re: (Score:2, Informative)
Sorry, but this is just pure FUD and you apparently don't know anything about AMT, or you have your own agenda.
Yes, there's typically an additional cost for vPro systems vs non-vPro equivalents - but that's because vPro only works if you have Intel Wifi, Intel NIC, and a Core i5 or better processor - generally, more expensive than, say, Atheros WiFi, Broadcom NIC and a Core i3. And because the PCs are targetted at business users, the manufacturer might choose to charge a premium.
Beyond that there is no addi
Re: (Score:2, Informative)
Well, why didn't you say so?! You heard it here folks: "Security was baked in from the outset." If only every other exploited system had been so careful...
AMT has been compromised before, and it took Intel years to fix the published exploit, and that was after stonewalling the researcher who found it.
It doesn't matter that the system tells the user something is disabled; the underlying system is entirely proprietary and can say whatever the hell it wants. Sure, hardware is always going to be virtually propr
Re: (Score:2)
if the owner of the PC chooses
No, the OEM will get to choose, just like they do today in other areas. I suppose the laptops with UEFI SecureBoot enabled don't exist in your world [wikipedia.org]?
I work for Intel
So you're a collaborator. I hope you like the future you're creating. Maybe you should wake up to what is actually happening in the world?
Re: (Score:1)
Here I thought Wake on lan was pretty cool......
Re: (Score:2)
Anything sounds scary if you shine a flashlight under your face and read it in a low, spooky voice.
A lot of fairly innocuous stuff meant for large-scale corporate system administrators sounds positively Orwellian when applied to you personal computer. To put it bluntly, yes, corporate IT essentially has a "backdoor" into all the machines they administer. This is for the purpose of managing and maintaining a fleet of computers - for instance, it's useful to be able to apply patches and perform security sca
Re: (Score:1)
Spoken like a true neckbeard: "Any incoming attempt to access them from external sources is easily blocked by a simple router or firewall."
If the ME/AMT supersystem's core software were user-controllable or at least verifiably open source (auditable by anyone), then no one would care. However, it's completely proprietary, it's robust enough to run "apps", its been compromised already before, and—by design—it completely owns the user's "real" system even when it is supposedly turned off.
Yes, comp
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
vPro is intended for corporations where the users do not own the resources, but management does. This enables remotely fixing that corrupt boot sector on the hard drive. Even if an employee formats a hard drive, it is possible to remotely wipe and reinstall the OS. Think about it. If you have 20,000 employees, how long would it take you to find the correct campus, building, floor, cubicle, machine to fix a corrupt OS. Add a mobile workforce and some telecommuting and you can see the value.
Avoid the FUD
Re: (Score:1)
Some things should never be allowed to done remotely. Things like BIOS writing? Hell no. In my opinion, there should be a hardware switch[RO/W] for all BIOS. This would make any traditional rootkit impossible and cost basically nothing.
Re: (Score:2)
Every time I see people discussing AMT, they leave out the final piece of the puzzle: Intel's SGX ("Software Guard Extensions") instructions that are in Skylake and future CPUs. SGX lets a program set up "secure enclaves" in RAM that are encrypted in the CPU and cannot be accessed by other programs, including the OS itself. As the data is encrypted outside of the CPU, you cannot even use a cold-boot attack or a logic analyser to access the data the hard way.
The only people talking about these instructions
Re: (Score:2)
If its totally separate from the hard drive, then full disk encryption would stop it in its tracks. Also, if the computer is off, that couldn't access your hard drive without you hearing it turn itself on. And if it were snooping on anymore other than the extremely rare targeted event, then it would be detected by someone when it called home.
Duh!! (Score:2)
Well, gee, I don't know how we'd get the idea that proposals to introduce 'backdoors' might actually be proposals to introduce 'backdoors'. You can't investigate how to introduce 'backdoor's and not expect people to perceive this is what you're doing
At Least Someone in Government Has a Brain (Score:2)
"Any proposed solution almost certainly would quickly become a focal point for attacks."
Glad someone realized that!
Re: (Score:2)
Comment removed (Score:4, Interesting)
Re:I predict the future of a government API (Score:5, Interesting)
The paper covers this with a caveat that most encryption software is open source, freely available and has no central authority that can be compelled. The result of this is that even is some key recovery system is mandated users could simply encrypt their own data underneath the compromised encryption and render the device inaccessible and defeat the entire purpose of the law and international accords.
This caveat is actually on the first page of the document as a "technological limitation".
Re: (Score:2)
The result of this is that even is some key recovery system is mandated users could simply encrypt their own data underneath the compromised encryption and render the device inaccessible and defeat the entire purpose of the law and international accords.
If this is made illegal though most people will be disinclined towards doing it, and those that still do it can be sent to prison for that at least even if you can't figure what else wrong they may have done.
There's a million crimes in this world any one of us can commit any day (and probably get away with), yet because they are illegal most people don't. This will be another one of those.
Re: (Score:2)
Further down they mention a couple of ways around this limitation. They could use a forced update via the manufacturer's software update mechanism to install government malware and steal the user's keys. They could force cloud backup of the key. There are mechanisms in place to do all this stuff, they just need court orders to force the manufacturers to abuse them.
Re: (Score:1)
This is true only if they know what they have to look for.
If your encryption software was custom written you could use any combination of things to create the encryption key.
You could use your own code that doesn't conform to whatever pattern they are looking for to encrypt the data.
Maybe it isn't keyboard; maybe it is accelerometer shakes.
Maybe its a QR code you point the camera at.
Maybe its a sound you play from your PC.
Maybe it is the angle you hold it for each key you type into your phone.
At some point;
Re:I predict the future of a government API (Score:5, Insightful)
Re: (Score:2)
Re: (Score:1)
time to invest in carrier pigeons or perhaps carrier drones.
One of the "example" solutions (Score:4, Interesting)
One of the example solutions in the document is to force the device provider to update the device with a malicious update the decrypts the device. Talk about a way to encourage people to allow the device update to run! They even acknowledge this. It's quite humorous, people should read it. The paper discusses how even if a solution is implemented device owners could simply layer their own encryption on and make all data inaccessible. So if that's the case, exactly what is the point in the paper or the working group? They acknowledge right at the start that whatever you propose could easily be defeated by the consumer simply encrypting things themselves. So if the entire thing is technologically unfeasible why on earth would you even study it?
The one thing I haven't seen covered in the paper at all is that IF the US were to implement these requirements that all business involved in encryption would simply move off shore and destroy a thriving US business ecosystem. The paper's assumption is that any US developed protocol would then be exported world wide. This is profoundly illogical on many fronts. There would be numerous countries that would simply not participate in some US encryption compromising ring.
Re: (Score:2)
Because someone was told, in factmultiple someones, to come up wiht a comprehensive answer to a technical question for non-technical people. They are supposed to cover all the bases. There are some good reasons for that. Suppose one of their "technical limitations" has been overcome already by the NSA? Suppose one of their other "prohibitive costs" is in fact bearable. Their job is to define the problem as comple
Re: (Score:2)
They acknowledge right at the start that whatever you propose could easily be defeated by the consumer simply encrypting things themselves. So if the entire thing is technologically unfeasible why on earth would you even study it?
It makes sense as a first step towards a total solution. It will be massively imperfect but you've got to start somewhere and over a 20-30 year period of refinement and expanding the scope you might actually get to where you want to be.
The one thing I haven't seen covered in the paper at all is that IF the US were to implement these requirements that all business involved in encryption would simply move off shore and destroy a thriving US business ecosystem. The paper's assumption is that any US developed protocol would then be exported world wide. This is profoundly illogical on many fronts. There would be numerous countries that would simply not participate in some US encryption compromising ring.
This could only work if done at an international level. You absolutely must have the major economic blocs (Europe, Russia, China etc.) on team with it, and preferably also the major "new" economies. The rest will naturally follow. Actually generating this international consen
Re: (Score:2)
One of the example solutions in the document is to force the device provider to update the device with a malicious update the decrypts the device. Talk about a way to encourage people to allow the device update to run! They even acknowledge this. It's quite humorous, people should read it. The paper discusses how even if a solution is implemented device owners could simply layer their own encryption on and make all data inaccessible. So if that's the case, exactly what is the point in the paper or the working group? They acknowledge right at the start that whatever you propose could easily be defeated by the consumer simply encrypting things themselves. So if the entire thing is technologically unfeasible why on earth would you even study it?
The one thing I haven't seen covered in the paper at all is that IF the US were to implement these requirements that all business involved in encryption would simply move off shore and destroy a thriving US business ecosystem. The paper's assumption is that any US developed protocol would then be exported world wide. This is profoundly illogical on many fronts. There would be numerous countries that would simply not participate in some US encryption compromising ring.
Whatever you use to add a layer of encryption has to accept some form of password via device input (screen, keyboard, voice, camera, all of which will already be compromised by design at a lower level than we'll have access to.
Re: (Score:2)
Most people probably won't. But you aren't trying to access "most peoples" devices. The people they want to access will be the ones that defeat it. That's what makes the whole thing uniquely stupid.
But they will politely knock! (Score:2)
Law enforcement officials have rejected the “backdoor” terminology. “We aren’t seeking a backdoor approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law,” FBI chief James B. Comey said at the Brookings Institution in October.
There is no front door.
Man these people are dumb.
Re: (Score:2)
âoeWe arenâ(TM)t seeking a backdoor approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law,â FBI chief James B. Comey said at the Brookings Institution in October.
The "front door" is exactly where it's always been: you obtain a subpoena against the owner of the device requiring them to turn over the information in their possession.
There is no way to use a "front door" in secrecy, or without the cooperation (willing or otherwise) of the owner. Mechanisms for bypassing the owner's access controls or accessing the owner's property without the owner's knowledge are rightfully referred to as "back doors".
(Note: Not a warrant, a subpoena. A warrant would merely give them p
Stop willingly carrying a spying device (Score:2)
Twenty years ago very few people had a cell phone and the world got along just fine. Now most people carry a device that knows your exact location, has a microphone, a camera and is largely not under your control. It's literally a spying device. Yes, it's a spying device that has useful applications for the user as well but, is it worth it to completely give up your privacy so you can play Fruit Ninja while you sit in a waiting room? This is the not the first story on this subject and it will not be the
Don't worry, you are protected by irrelevance. (Score:2)
The biggest tragedy of the government's boneheaded approach to tech spying is that it has managed to convince an entire generation of losers that each and every one of them is a high-value government target. You aren't. Nobody gives a fuck about your insignificant little life. You don't matter. At all. Nobody is reading your emails; not because they can't, because your emails are fucking boring. Nobody is listening to your phone calls, because nobody needs to get up to date on your theories about Jon Snow.
Re: (Score:2)
Sure, there is no one at the NSA who sits around all day and reads your e-mails and listens to your phone calls. I agree that's deluded thinking. But, what we've done is willingly created the infrastructure for mass surveillance on an unprecedented level. It's unnecessary to have someone reading your e-mails to determine if you are engaging in deviant behavior. It can be determined algorithmically just by collecting and analyzing *everyones* data. As the definition of "deviant behavior" shifts over tim
This is the unclassified memo... (Score:2)
Republicans vs Democrats (Score:1)
What it *could* be used for... (Score:2)
Whether a governmental backdoor is good idea or not should not be determined on the "good" uses the government would use it for. It should be determined on the "bad" uses (abuses) the government *could* use it for, along with the risk of it being cracked and abused by third parties.
Re: Of course he did (Score:1)
The Republicans have really destroyed this country with the ACA
Re: (Score:2)
And you are the exact reason why the country is falling apart. When confronted with "Obama did ______" that you don't like, you still blame only the Republicans. And don't get me wrong, the (R) do the exact same thing. It is almost like you have said (D) cannot do any wrong, and any wrong they do is because the (R) did it first.
The cognitive dissonance here is not surprising, but I am still amazed by it.
Re: (Score:2)
What the hell is a DINO anyway? I keep reading it as an abbreviation for dinosaur, but capitalised for emphasis. That aside, don't you think the "blame republicans" troll is getting tired and boring yet? It was funny a couple of times, but now it's just irritating.
Re: Of course he did (Score:1)
It is not an insult to dinosaurs, who ruled the earth for 150+ million years.
Democrat In Name Only. Counterpart to RINO.
see the No True Scotsman argument for details.
Re: (Score:2)
Ah, cool. Thanks for the clarification. I'd probably have more of a clue about this if I lived/worked in the US.
DINO or RINO, none is as important as the PEOPLE (Score:1)
I really don't care what the fuck Obama is, all I care is that the PEOPLE will *NOT* be victimized again!
I haven't the time to RTFA yet, so I haven't the slightest idea what the '4 backdoors' are, but anyway ... I think the most important thing we must do is to find ways to defeat whatever fucking backdoor (or backdoors) that they might use on us
Any and all suggestions will be very gratefully appreciated !
Re: (Score:1)
Re: (Score:2)
We want the candidate with the great