Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
United States Privacy Security

Obama Administration Explored Ways To Bypass Smartphone Encryption 142

An anonymous reader writes: According to a story at The Washington Post, an Obama Administration working group considered four backdoors that tech companies could adopt to allow the government to break encrypted communications stored on phones of suspected terrorists or criminals. The group concluded that the solutions were "technically feasible," but they group feared blowback. "Any proposed solution almost certainly would quickly become a focal point for attacks. Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce 'backdoors' or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation," said the unclassified memo. You can read the draft paper on technical options here.
This discussion has been archived. No new comments can be posted.

Obama Administration Explored Ways To Bypass Smartphone Encryption

Comments Filter:
  • and Operation Bullrun weren't give-aways before now?

  • by kheldan ( 1460303 ) on Thursday September 24, 2015 @07:43PM (#50593269) Homepage Journal
    ..and at that point it's useless. By all means, try to break it; if you can then that means it needs to be improved.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If they can break it, ANYONE can break it

      It's even worse than that.

      Obviously the bad guys could break it, or steal the backdoor keys, or whatever.

      But the worst part is that we don't know if any bad guys have broken it yet, so -- starting on day one -- we have to assume they have.

      This is true even if the bad guys haven't actually broken it yet.

      This means that backdoors are a failure up front, by design -- and not just if they break.

    • by raymorris ( 2726007 ) on Friday September 25, 2015 @12:09AM (#50594417) Journal

      For purposes of making policy, we should absolutely assume that if the government can get in, so can the bad guys. (Ignoring the fact that sometimes the government IS the bad guys).

      Having said that, it's an interesting intellectual exercise to consider that's not NECESSARILY true. For example, each year the encryption could be increased with a longer key, such that at any given time it costs about $1 million in computer time to decrypt a phone. The government could easily spend a million, or ten million, to decrypt Bin Laden's laptop, but nobody is going to spend a million or ten million to decrypt yours or mine.

      I'm not suggesting that's actually a good idea in terms of policy , just an interesting puzzle to think about.

      Also, years ago we thought it was impossible for you and, who have never met before, to publicly post messages to each other in such a way that nobody else could decrypt them - without ever talking privately to share an encryption key. Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way. Theoretically, it's entirely possible to invent something that allows access only to authorized individuals, with a public audit trail. We haven't invented it yet. Block chains like Bitcoin uses suggest that encryption can be tied to a publicly accessible log, so we know whose data they decrypted, or at least how many they did.

      • by jez9999 ( 618189 )

        years ago we thought it was impossible for you and, who have never met before, to publicly post messages to each other in such a way that nobody else could decrypt them - without ever talking privately to share an encryption key. Now, we use Diffie-Hellman every day to do exactly that, as part of https.

        We are talking privately - through Mozilla, or Microsoft, or Apple, or Google. That's why your browser has a big old list of certificates.

        • No trusted root certificate is required in order to have a secret, encrypted conversation over a public medium. We could post secret messages to each other using Diffie-Hellman right here on Slashdot.

          Root certificates are for authentication- knowing my real name rather than just my Slashdot userid raymorris.

          • Without authentication, how do you know it's *me* doing the DH negotiation on the other end? That's the root of trust problem that certificates (and webs of trust) try to solve (and don't do a very good job of).

            To have a truly reliable system, we need something that "square's Zooki's triangle": https://en.wikipedia.org/wiki/... [wikipedia.org]

            There is promise in newer systems that use Bitcoin-like blockchains (like Namecoin).

            • > Without authentication, how do you know it's *me* doing the DH negotiation on the other end?

              Because your user name is right at the top of your post. And we've never shared a secret. What I don't know is your birth name. Even better, we can use DH in a crowded room. We can shout secrets to each other*, and without any pre-arranged key we can exchange secret messages, impenetrable to everyone else in the room. I know it's you I'm talking to because I can see you.

              If a man-in-the-middle has the ability to

      • by erikkemperman ( 252014 ) on Friday September 25, 2015 @03:38AM (#50595035)

        Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way.

        Just thought I'd mention Ralph Merkle, the guy gets nowhere near fair credit for having co-invented public key cryptography. In fact, Hellman argues we should talk about Diffie-Hellman-Merkle key exchange.

        And there were some guys at GCHQ who independently did pretty much the same. But I credit them less because it was all kept secret and they work for, you know, evil.

      • by dgatwood ( 11270 )

        Having said that, it's an interesting intellectual exercise to consider that's not NECESSARILY true. For example, each year the encryption could be increased with a longer key, such that at any given time it costs about $1 million in computer time to decrypt a phone. The government could easily spend a million, or ten million, to decrypt Bin Laden's laptop, but nobody is going to spend a million or ten million to decrypt yours or mine.

        It's actually possible in a very low-tech way, assuming you trust Apple.

        • The use of paper and manually doing work in your scenario reminds me of how guns can be tracked to people, but not vice versa, in Texas and other states without registration.

          Given the serial number of a gun found at a crime scene, the cops can ask the manufacturer which wholesaler they sold the gun to. They then ask the wholesaler which store they sold it to. They then ask the store which individual they sold it to. So they can answer the question "who bought this gun?", but can't answer "does raymorris

      • Um, no, your "intellectual" exercise isn't all that interesting. What you suggest is a typical sophomoric exercise and focuses only on details that it "solves" while ignoring the entirety of the problem. In particular you are overlooking the *obvious* fact that if they have a key that can be used to backdoor then anyone who can obtain a copy of the key can use the backdoor.

        In other words, you can handwave all you want about "unbreakable" keys and it doesn't matter.

        For a more interesting intellectual exercis

        • Let me state one more time, as a policy matter we should assume that anything that allows the good guys in can also allow the bad guys in. That's a foundational assumption and why I don't install a control panel like CPanel on my servers.

          As a mathematical puzzle, it's interesting to note that's an assumption. It's not NECESSARILY true.

          Here's a very rough draft of one approach, just for fun. At the end I'll show how it can be made more secure by combining it with other approaches.

          Consider, it is possible u

    • by AmiMoJo ( 196126 )

      TFA mentions a few ways that they were considering implementing this.

      1. Special government controlled keys in addition to user controlled keys. Obviously loss of the government controlled key would allow anyone to decrypt those messages.

      2. A split private key, with half held by the manufacturer and the other half by the government. Only by bringing the two together can the user's messages be decrypted.

      3. Abuse of automatic forced updates. Make device manufacturers send government malware using their update

      • 3. Abuse of automatic forced updates. Make device manufacturers send government malware using their update system. Would require a court order, and doesn't appear to be any more open to abuse than current update systems. Presumably the user would lose the ability to disable these updates.

        Huh. I guess the Windows 10/8/7 tracking shows they picked option 3.

  • by Anonymous Coward

    Saying it's Obama's Administration that did it is just as honest as saying it's Bush's Administration that allowed "enhanced interrogation" and detention facilities - it sure as hell didn't stop (or probably even start) with Bush, just like how breaking encryption sure as hell didn't begin with Obama. The problem is with the entire system, not just one political sports team or another.

    • The Obama administration is the current administration. Since we haven't learned from past administrations, there is little point in discussing them.

      • by Anonymous Coward

        Also did anyone note that the Obama Administration also said that these plans were basically a bad idea?

        Can anyone really fault them for checking if the plans were a good idea, deciding they weren't, and then not doing it?

        Can you really attack them for this?

        • Mod parent informative. They explored the idea ... and then abandoned it. The latter part is in TFS but not in the headline.

          • by alzoron ( 210577 )

            I have a problem with the reasons they abandoned it. They abandoned it because they thought it would stir up too much trouble. Any good administration would have never explored the idea at all because it's a shitty thing to do and unconstitutional.

            • by jafiwam ( 310805 )

              I have a problem with the reasons they abandoned it. They abandoned it because they thought it would stir up too much trouble. Any good administration would have never explored the idea at all because it's a shitty thing to do and unconstitutional.

              There is a great frustration with the Constitution by our leaders.

              They have been trying in earnest for years, to find a way to make the tools they already use for "parallel construction" (look it up) to allow for circumvention of the 4th and 5th Amendments. See, they get the data illicitly, then they need a way they can use a court order to say they got it legitimately. The actual back door doesn't need to work, people just need to believe it is there.

              The problem is, people are getting just as pissed

            • Yup. I've explained before [slashdot.org] how law makers could have access [slashdot.org], and how much I distrust them. The facts are that they could get what they say they want, and get it securely, but what they really want is illegal.

              Legal access could be managed securely, but not without limiting government and law enforcement to a legal process. They don't want that, and that's the reason they dropped this. So they say.

              The problem we have is that we already know we've been repeatedly lied to by our government, and even government

          • They didn't abandon it - the FBI Director is out there insisting on it every day. Obama could reign him in with one phone call.

            This is classic "political cover". Why do people still take politicians at their word? Can no amount of evidence change that?

    • How is this a "problem with a system". The administration had someone who knows technology draft a report on whether something they wanted was possible. It's not., The report said so.

      A memo explaining why X is impossible is a good thing. It means they asked a question and got an answer.

      Heck, I wouldn't trust my opinion on technical matters if I got made POTUS tomorrow, and I make my living deciding them now. Because there are people smarter than me out there, and sometimes stuff is actually possible th

  • It IS a backdoor (Score:5, Informative)

    by phantomfive ( 622387 ) on Thursday September 24, 2015 @07:51PM (#50593309) Journal

    would almost certainly be perceived as proposals to introduce 'backdoors'

    Yes, that is exactly the definition of a backdoor [wikipedia.org]: a way to bypass the owner's security measures. Any suggestion that it isn't would mean that the government is the owner of the device, not you or me.

    • Any suggestion that it isn't would mean that the government is the owner of the device, not you or me.

      Don't give them ideas.

    • by sims 2 ( 994794 )

      If they pay to have it fixed when it breaks I wouldn't have much problem with that....But until then I paid for it it's mine!

  • by Irate Engineer ( 2814313 ) on Thursday September 24, 2015 @07:58PM (#50593345)
    Unfortunately he was thinking of one-way glass with the ability to look into our affairs.
    • Re: (Score:2, Interesting)

      by ClickOnThis ( 137803 )

      Read TFS again. They explored the idea, and then abandoned it.

      And now we know about it. You were saying something about transparency?

  • What? The motherfucker who betrayed every last one of us when he signed and extension to the PATRIOT act, which he knows full well is unconstitutional, is allowing the criminal class to try to defeat encryption? Say it ain't so!

    -jcr

  • Maybe if the spent more time actually making the world a better place, they wouldn't have to worry so much about finding out what the "baddies" are up to.
  • by Anonymous Coward on Thursday September 24, 2015 @08:19PM (#50593425)

    Transceivers are often hooked directly into sensors such as microphones, and run very complex proprietary firmware that is given undue privileged access to the rest of the system's resources.

    Furthermore, for nearly 15 years, Intel as been quietly introducing an entire, higher-priority computing system within your consumer laptops and desktops and probably now your tablets and smartphones: This is known as the Intel Management Engine [libreboot.org], specifically the Intel Active Management Technology [fsf.org]. If your computer's Intel sticker lists "vPro", then you've probably got it!

    It's frightening stuff.

    These systems involve their own little processors, memory, storage, network interfaces, and proprietary operating systems; as long as the machine is plugged into a power source and wired network—even if the user thinks that it's switched "off"—that little computer within "your" computer can be contacted and used to access the rest of the machine, including your storage drives (hard disks, SSDs, etc.), RAM, main CPU, GPU, etc. It has higher priority than "your" system, can take control of the display and keyboard/mouse/touchpad input so that Intel's AMT can provide VNC access from the moment the main system's boot process begins. It can do all of this while your system is running, including reading your private encryption keys from your RAM or twiddling bits on your hard disk.

    Any attempt to remove or alter the proprietary software and hardware that composes the AMT can be made to and likely will be made to brick your system or make it otherwise unusable.

    • Fortunately at least Vpro is targeted and large businesses and as a result Intel charges BIG bucks to enable it. Even if your processor supports Vpro, chances are it doesn't work because you didn't pay the hefty license fee for the software to enable access to it. In addition most BIOS's I've seen have a setting to disable it.

      True we can't know everything it can or can't do without a full read on the capabilities from Intel but I trust that if it were capable of offline access by anyone as you claim it woul

      • by Kjella ( 173770 ) on Thursday September 24, 2015 @09:20PM (#50593739) Homepage

        True we can't know everything it can or can't do without a full read on the capabilities from Intel but I trust that if it were capable of offline access by anyone as you claim it would be public knowledge and wouldn't have made it very far.

        Part of AMT is remote management, including being able to boot a server that lost power, reboot a frozen machine, wake machines for nightly patching and so on. Obviously it can't reach a machine that doesn't have power, but from the moment you plug in a vPro machine it's live even when it's "off". Maybe it's not public knowledge but you only need to read the advertisement [intel.com]:

        Find It. Fix It. Anywhere
        Intel(R) Active Management Technology provides remote management over wired or wireless networks across devices. Access clients through a secure channel irrespective of power or OS state, address issues while user is online, patch, repair, and upgrade operating systems and applications, and inventory client-side software and hardware.

        Of course it's only supposed to talk to your puppet master inside your enterprise and only when it's enabled. But if you had a secret knock backdoor to access AMT on any computer, even when it is allegedly disabled - and perhaps even on CPUs that don't advertise the feature since it's probably there in silicon - that would be the mother of all back doors.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Oh, well, if the proprietary system says it's disabled, then it must be disabled!

        Unfortunately, you are wrong.

        No license is required, and there's good evidence that disabling AMT in the BIOS does not really disable it. Exploits for AMT have been published and only fixed very slowly by Intel.

        It's not hidden from the public; as with all encroachments by Big Brother, it's marketed as being useful and convenient. Here, have some fun. [howtogeek.com] Any fool could follow those instructions.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Sorry, but this is just pure FUD and you apparently don't know anything about AMT, or you have your own agenda.

        Yes, there's typically an additional cost for vPro systems vs non-vPro equivalents - but that's because vPro only works if you have Intel Wifi, Intel NIC, and a Core i5 or better processor - generally, more expensive than, say, Atheros WiFi, Broadcom NIC and a Core i3. And because the PCs are targetted at business users, the manufacturer might choose to charge a premium.

        Beyond that there is no addi

        • Re: (Score:2, Informative)

          by Anonymous Coward

          Well, why didn't you say so?! You heard it here folks: "Security was baked in from the outset." If only every other exploited system had been so careful...

          AMT has been compromised before, and it took Intel years to fix the published exploit, and that was after stonewalling the researcher who found it.

          It doesn't matter that the system tells the user something is disabled; the underlying system is entirely proprietary and can say whatever the hell it wants. Sure, hardware is always going to be virtually propr

        • by Endymion ( 12816 )

          if the owner of the PC chooses

          No, the OEM will get to choose, just like they do today in other areas. I suppose the laptops with UEFI SecureBoot enabled don't exist in your world [wikipedia.org]?

          I work for Intel

          So you're a collaborator. I hope you like the future you're creating. Maybe you should wake up to what is actually happening in the world?

    • by sims 2 ( 994794 )

      Here I thought Wake on lan was pretty cool......

    • Anything sounds scary if you shine a flashlight under your face and read it in a low, spooky voice.

      A lot of fairly innocuous stuff meant for large-scale corporate system administrators sounds positively Orwellian when applied to you personal computer. To put it bluntly, yes, corporate IT essentially has a "backdoor" into all the machines they administer. This is for the purpose of managing and maintaining a fleet of computers - for instance, it's useful to be able to apply patches and perform security sca

      • by Anonymous Coward

        Spoken like a true neckbeard: "Any incoming attempt to access them from external sources is easily blocked by a simple router or firewall."

        If the ME/AMT supersystem's core software were user-controllable or at least verifiably open source (auditable by anyone), then no one would care. However, it's completely proprietary, it's robust enough to run "apps", its been compromised already before, and—by design—it completely owns the user's "real" system even when it is supposedly turned off.

        Yes, comp

    • Lost me at "Very complex firmware"... it's just a nonsense term used by people who don't understand computers.
    • Sounds like one more reason to vote with your wallet and buy AMD to me, You can even get an AM1 board which supports coreboot for just $30 [phoronix.com] which will let YOU have the code so you can be assured of exactly what is and is not enabled on your system!

      I've built several systems with the Am1 chips, make great HTPCs and office boxes, hell you can even do light gaming on them like Skyrim [youtube.com] and CoD:AW if you don't mind turning down the effects.

    • by Anonymous Coward

      vPro is intended for corporations where the users do not own the resources, but management does. This enables remotely fixing that corrupt boot sector on the hard drive. Even if an employee formats a hard drive, it is possible to remotely wipe and reinstall the OS. Think about it. If you have 20,000 employees, how long would it take you to find the correct campus, building, floor, cubicle, machine to fix a corrupt OS. Add a mobile workforce and some telecommuting and you can see the value.

      Avoid the FUD

      • by Anonymous Coward

        Some things should never be allowed to done remotely. Things like BIOS writing? Hell no. In my opinion, there should be a hardware switch[RO/W] for all BIOS. This would make any traditional rootkit impossible and cost basically nothing.

    • by Endymion ( 12816 )

      Every time I see people discussing AMT, they leave out the final piece of the puzzle: Intel's SGX ("Software Guard Extensions") instructions that are in Skylake and future CPUs. SGX lets a program set up "secure enclaves" in RAM that are encrypted in the CPU and cannot be accessed by other programs, including the OS itself. As the data is encrypted outside of the CPU, you cannot even use a cold-boot attack or a logic analyser to access the data the hard way.

      The only people talking about these instructions

    • If its totally separate from the hard drive, then full disk encryption would stop it in its tracks. Also, if the computer is off, that couldn't access your hard drive without you hearing it turn itself on. And if it were snooping on anymore other than the extremely rare targeted event, then it would be detected by someone when it called home.

  • Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce 'backdoors' or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation

    Well, gee, I don't know how we'd get the idea that proposals to introduce 'backdoors' might actually be proposals to introduce 'backdoors'. You can't investigate how to introduce 'backdoor's and not expect people to perceive this is what you're doing

  • "Any proposed solution almost certainly would quickly become a focal point for attacks."

    Glad someone realized that!

    • by wbr1 ( 2538558 )
      I think the meant attacks from us nuts that actually care about government.I tension and.computer security. Not attacks from elite Chinese esionage groups or Czech mobsters.
  • by DigiShaman ( 671371 ) on Thursday September 24, 2015 @08:28PM (#50593471) Homepage

    So what will happen is this: The US Government will mandate all phones be PRISM compliant, or at the least have the master encryption key to the data. Apple, and perhaps Google if I recall, took an engineering route to make it physically impossible to respond to an FBI request. Primarily because Apple doesn't want the liability, and secondly it costs money to staff an entire department of warm bodies to fulfill said requests.

    Now comes the fun part. China is basically mandating that the top Silicon Valley CEOs fly to China and agree working with the government at backdoor access to all user accounts and data with regards to its own citizens. The US, as does EU and Australia want something similar. At some point, there will be a treaty among all major nations to mandate a Government API written into all software and cloud based services. This way, each Government can plug right into the application layer and pull data upon request.

    Welcome to a period of darkness!!!!!

    • by rahvin112 ( 446269 ) on Thursday September 24, 2015 @08:51PM (#50593581)

      The paper covers this with a caveat that most encryption software is open source, freely available and has no central authority that can be compelled. The result of this is that even is some key recovery system is mandated users could simply encrypt their own data underneath the compromised encryption and render the device inaccessible and defeat the entire purpose of the law and international accords.

      This caveat is actually on the first page of the document as a "technological limitation".

      • by bentcd ( 690786 )

        The result of this is that even is some key recovery system is mandated users could simply encrypt their own data underneath the compromised encryption and render the device inaccessible and defeat the entire purpose of the law and international accords.

        If this is made illegal though most people will be disinclined towards doing it, and those that still do it can be sent to prison for that at least even if you can't figure what else wrong they may have done.

        There's a million crimes in this world any one of us can commit any day (and probably get away with), yet because they are illegal most people don't. This will be another one of those.

      • by AmiMoJo ( 196126 )

        Further down they mention a couple of ways around this limitation. They could use a forced update via the manufacturer's software update mechanism to install government malware and steal the user's keys. They could force cloud backup of the key. There are mechanisms in place to do all this stuff, they just need court orders to force the manufacturers to abuse them.

    • by Attila Dimedici ( 1036002 ) on Thursday September 24, 2015 @10:35PM (#50594065)
      You seem to be missing the same thing the idiots trying to get this in place miss. If this gets implemented, it won't just be the governments with access...and because the people trying to implement this will want to be able to spy on people in government, it will be on government computers. If this gets implemented (and it may already be partially implemented), the world will get very ugly indeed, including for the people proposing it.
      • :) This is government we're talking about. I'm not missing anything, and I agree with your assessment 100%. If we're all going to have vulnerable backdoors into our hardware, OS, and apps stack, only government can mandate it while royally fucking up the implementations standards!

        Like I said, I'm calling the prediction, not justifying it in any way.

    • by Elric55 ( 180616 )

      time to invest in carrier pigeons or perhaps carrier drones.

  • by rahvin112 ( 446269 ) on Thursday September 24, 2015 @08:42PM (#50593535)

    One of the example solutions in the document is to force the device provider to update the device with a malicious update the decrypts the device. Talk about a way to encourage people to allow the device update to run! They even acknowledge this. It's quite humorous, people should read it. The paper discusses how even if a solution is implemented device owners could simply layer their own encryption on and make all data inaccessible. So if that's the case, exactly what is the point in the paper or the working group? They acknowledge right at the start that whatever you propose could easily be defeated by the consumer simply encrypting things themselves. So if the entire thing is technologically unfeasible why on earth would you even study it?

    The one thing I haven't seen covered in the paper at all is that IF the US were to implement these requirements that all business involved in encryption would simply move off shore and destroy a thriving US business ecosystem. The paper's assumption is that any US developed protocol would then be exported world wide. This is profoundly illogical on many fronts. There would be numerous countries that would simply not participate in some US encryption compromising ring.

    • So if the entire thing is technologically unfeasible why on earth would you even study it?

      Because someone was told, in factmultiple someones, to come up wiht a comprehensive answer to a technical question for non-technical people. They are supposed to cover all the bases. There are some good reasons for that. Suppose one of their "technical limitations" has been overcome already by the NSA? Suppose one of their other "prohibitive costs" is in fact bearable. Their job is to define the problem as comple

    • by bentcd ( 690786 )

      They acknowledge right at the start that whatever you propose could easily be defeated by the consumer simply encrypting things themselves. So if the entire thing is technologically unfeasible why on earth would you even study it?

      It makes sense as a first step towards a total solution. It will be massively imperfect but you've got to start somewhere and over a 20-30 year period of refinement and expanding the scope you might actually get to where you want to be.

      The one thing I haven't seen covered in the paper at all is that IF the US were to implement these requirements that all business involved in encryption would simply move off shore and destroy a thriving US business ecosystem. The paper's assumption is that any US developed protocol would then be exported world wide. This is profoundly illogical on many fronts. There would be numerous countries that would simply not participate in some US encryption compromising ring.

      This could only work if done at an international level. You absolutely must have the major economic blocs (Europe, Russia, China etc.) on team with it, and preferably also the major "new" economies. The rest will naturally follow. Actually generating this international consen

    • One of the example solutions in the document is to force the device provider to update the device with a malicious update the decrypts the device. Talk about a way to encourage people to allow the device update to run! They even acknowledge this. It's quite humorous, people should read it. The paper discusses how even if a solution is implemented device owners could simply layer their own encryption on and make all data inaccessible. So if that's the case, exactly what is the point in the paper or the working group? They acknowledge right at the start that whatever you propose could easily be defeated by the consumer simply encrypting things themselves. So if the entire thing is technologically unfeasible why on earth would you even study it?

      The one thing I haven't seen covered in the paper at all is that IF the US were to implement these requirements that all business involved in encryption would simply move off shore and destroy a thriving US business ecosystem. The paper's assumption is that any US developed protocol would then be exported world wide. This is profoundly illogical on many fronts. There would be numerous countries that would simply not participate in some US encryption compromising ring.

      Whatever you use to add a layer of encryption has to accept some form of password via device input (screen, keyboard, voice, camera, all of which will already be compromised by design at a lower level than we'll have access to.

  • Law enforcement officials have rejected the “backdoor” terminology. “We aren’t seeking a backdoor approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law,” FBI chief James B. Comey said at the Brookings Institution in October.

    There is no front door.

    Man these people are dumb.

    • âoeWe arenâ(TM)t seeking a backdoor approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law,â FBI chief James B. Comey said at the Brookings Institution in October.

      The "front door" is exactly where it's always been: you obtain a subpoena against the owner of the device requiring them to turn over the information in their possession.

      There is no way to use a "front door" in secrecy, or without the cooperation (willing or otherwise) of the owner. Mechanisms for bypassing the owner's access controls or accessing the owner's property without the owner's knowledge are rightfully referred to as "back doors".

      (Note: Not a warrant, a subpoena. A warrant would merely give them p

  • Twenty years ago very few people had a cell phone and the world got along just fine. Now most people carry a device that knows your exact location, has a microphone, a camera and is largely not under your control. It's literally a spying device. Yes, it's a spying device that has useful applications for the user as well but, is it worth it to completely give up your privacy so you can play Fruit Ninja while you sit in a waiting room? This is the not the first story on this subject and it will not be the

    • The biggest tragedy of the government's boneheaded approach to tech spying is that it has managed to convince an entire generation of losers that each and every one of them is a high-value government target. You aren't. Nobody gives a fuck about your insignificant little life. You don't matter. At all. Nobody is reading your emails; not because they can't, because your emails are fucking boring. Nobody is listening to your phone calls, because nobody needs to get up to date on your theories about Jon Snow.

      • Sure, there is no one at the NSA who sits around all day and reads your e-mails and listens to your phone calls. I agree that's deluded thinking. But, what we've done is willingly created the infrastructure for mass surveillance on an unprecedented level. It's unnecessary to have someone reading your e-mails to determine if you are engaging in deviant behavior. It can be determined algorithmically just by collecting and analyzing *everyones* data. As the definition of "deviant behavior" shifts over tim

  • It suggests actions/approaches that could be taken towards the collection of data. I'd like the see the unclassified memo, the one that says they're going to proceed without regards to this memo.
  • Hell, what's the difference? They both have a goal of destroying freedom, liberty. Flood the country with illegal aliens that benefit both parties. Democrats get em here for votes and free stuff, Republicans want em here to destroy the labor force, reduce labor cost for the cheap labor. In the end, we stopped having a representative republic over a century ago (17th amendment). It's just taken a while to completely destroy it. It's more of a post constitution "politburo" now. About the only thing left w
  • Whether a governmental backdoor is good idea or not should not be determined on the "good" uses the government would use it for. It should be determined on the "bad" uses (abuses) the government *could* use it for, along with the risk of it being cracked and abused by third parties.

"Morality is one thing. Ratings are everything." - A Network 23 executive on "Max Headroom"

Working...