Linked by Thom Holwerda on Thu 6th Sep 2018 21:14 UTC
Privacy, Security, Encryption

The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don't, the governments say they "may pursue technological, enforcement, legislative, or other measures" in order to get into locked devices and services.

Their statement came out of a meeting last week between nations in the Five Eyes pact, an intelligence sharing agreement between the US, UK, Canada, Australia, and New Zealand. The nations issued a statement covering a range of technology-related issues they face, but it was their remarks on encryption that stood out the most.

Break encryption, or we'll break you.

Order by: Score:
BlueofRainbow
Member since:
2009-01-06

Security flaws in applications and operating systems leading to unintentional back-doors are patched once discovered.

Introducing official back-doors into device encryption code is probably the most dangerous of all. The mere mention of their existence will entice non-law-abiding entities and individuals to seek them out. Furthermore, such official back-doors will be, by design and under the law, un-patchable.

No matter what, it will be difficult to achieve a reasonable balance between privacy rights and public safety.

Reply Score: 6

People are obviously ready for...
by Kochise on Thu 6th Sep 2018 21:50 UTC
Kochise
Member since:
2006-03-03

...restoring feudalism and even jus primae noctis. Don't oppose resistance, pay your taxes and bow before your mighty lord. Otherwise...

Reply Score: 3

Comment by streetmagick
by streetmagick on Thu 6th Sep 2018 22:18 UTC
streetmagick
Member since:
2013-04-14

Feudalism never died. It just got replaced by wannabes after WW1. Some died off, others persist. They kept the powerful bits for themselves and then siphoned off the decadent aspects of feudalism to Hollywood. Both make up a sham ruling class/nobility... and the same adoring public who seems to take them all at their word.

edit: Oh yeah.. security. ;) Funnily enough, I'm in the process of enabling Bitlocker. The FBI already tried pressuring MS once before about it.

Strangely, some of the military uses it, so that's actually a good sign. The last thing they'd want is a backdoor open to a civilian agency like the clowns in the FBI (and anyone who thinks the military and FBI are automatically buddies because they're part of the same government is misinformed).

Edited 2018-09-06 22:29 UTC

Reply Score: 6

Darkmage
Member since:
2006-10-20

I guess I will make sure to encrypt my mythical Terrorist Crime Net(TM) with Open Source software.

Reply Score: 4

timl Member since:
2005-12-06

I wonder if, in a complete reversal of previous policy, the US will then impose *im*port restrictions on strong, independently created cryptography?

Reply Score: 5

kurkosdr Member since:
2011-04-11

I wonder if, in a complete reversal of previous policy, the US will then impose *im*port restrictions on strong, independently created cryptography?


They had something like that in the past, restricting all cryptography available to citizens to 40-bits. This is why the CSS protection in DVDs and WEP were bruteforce-able from launch day, they simply had to work within the 40-bits max limit.

Basically, the simple question is: Should companies be allowed to manufacture and sell to the public a safe that cannot be opened without the password and immediately destroys all its contents the moment someone tries to crack it open with a blowtorch? There is no easy answer to this question.

Reply Score: 3

Alfman Member since:
2011-01-28

kurkosdr,

Basically, the simple question is: Should companies be allowed to manufacture and sell to the public a safe that cannot be opened without the password and immediately destroys all its contents the moment someone tries to crack it open with a blowtorch? There is no easy answer to this question.



In a government "for the people by the people", the government really shouldn't have any say over this. In fact, we ought to be entitled to demand all "our" government's secrets rather than the other way around. Our private matters are none of their business. It's only through a perverted role-change that we've ended up becoming subjects of government rules. Democracy isn't supposed to work this way, we the people should be making the rules and the government should obey.

Some will argue that weakening crypto is for the public good, but A) you can't stop people from using math, and B) whatever the case is for prohibiting effective crypto, it needs to be made in the open were it is the people's will. It is inherently undemocratic for a government to dictate rules without the public's consent.

Edited 2018-09-07 03:50 UTC

Reply Score: 3

streetmagick Member since:
2013-04-14

I'd be cool with it if the government actually followed our nation's laws : They're free to search with a warrant. Citizens are supposed to have a right to privacy. If you could trust them to respect that, it'd be OK.


...You'd have to make failsafes/backdoors in these conditions when they actually DO get a warrant though.


But now the real problem is that the government will try to find any damn way to get a warrant. And I hate to get too political, but people are going to finally see how deeply corrupt it is when they find out what they did to obtain FISA warrants on Donald Trump to smear his presidential campaign (and now presidency). If a president can't even get justice (whether you like him or not is irrelevant.. I know he's not a pleasant guy), then YOU sure as hell won't. He's being punished simply because he isn't one of the "right" people. He wasn't "supposed" to win. We've already seen a little come out on the shenanigans they tried (the Steele dossier), but there's more coming.

This should be a lesson for EVERYONE, but no one yet sees what kind of disaster it spells for themselves. They're clouded by their disgust for one guy. But that's how laws often get abused. Burn one witch.. and then suddenly you're burning thousands.

Reply Score: 1

Brendan Member since:
2005-11-16

In a government "for the people by the people", the government really shouldn't have any say over this.


Let's try a multiple choice question:

a) The government has a duty to protect the people, and needs to be able to protect the people.

b) You get your butt raped daily and doctors aren't able to stop your anal bleeding; but you're glad that nobody can find your rapist even if you can't sit down.

Note: My point here is that there needs to be a balance between "protecting people from other people" and "protecting people from the government". Too far to one extreme or the other is bad.

- Brendan

Edited 2018-09-07 09:35 UTC

Reply Score: 2

Alfman Member since:
2011-01-28

Brendan,

a) The government has a duty to protect the people, and needs to be able to protect the people.



This may sound odd given how we just accept things, but no it does not have a duty to protect the people against it's will. With regards to threats of banning crypto, this has not undergone a necessary public debate necessary for democracy, it oversteps moral bounds and is reminiscent of an undemocratic regime.

b) You get your butt raped daily and doctors aren't able to stop your anal bleeding; but you're glad that nobody can find your rapist even if you can't sit down.


With regards to things like military and police, they can exist but only because the people will it, the underlying authority must come from the people rather than the other way around.

Reply Score: 3

kurkosdr Member since:
2011-04-11

A) you can't stop people from using math


Well, duh. Even in the era of 40-bits encryption limit, people could download and compile source code from off-shore websites, and in fact they did. Much like the DMCA prohibits DVD ripping software but everyone can acquire one easily.

I think the real problem governments have is that every smartphone sold out there has full-disk encryption and prompts the user to enable it during initial setup. This means any information stored in a phone is off-limits to law enforcement, including petty thieves, sex offenders and drug mules, not only organized terrorist networks using secure channels.

I can imagine how this makes governments and police departments feel powerless and why they want to stop it. I mean, if strong encryption was outlawed DMCA-style, iPhone users would be SOL without going through the process of jailbreaking, and Android users would have to download an apk from a third party website to gain access to some kind of encryption, which is something fewer users would do or even know where to go.

Edited 2018-09-07 12:57 UTC

Reply Score: 3

Alfman Member since:
2011-01-28

kurkosdr,

I can imagine how this makes governments and police departments feel powerless and why they want to stop it. I mean, if strong encryption was outlawed DMCA-style, iPhone users would be SOL without going through the process of jailbreaking, and Android users would have to download an apk from a third party website to gain access to some kind of encryption, which is something fewer users would do or even know where to go.


Agree but just want to make a subtle point that for crypto to be integrated into the file system (rather than just a standalone app) you'd need more than just "sideloading" APKs. You may need root and even a new kernel build to enable file system crypto. Otherwise you end up copying files between secure and insecure storage, which obviously represents a weak link.

Many android devices are still too locked down to allow owners to modify the OS itself despite sideloading (I wish it weren't this way, but alas, lost cause...) So if manufacturers were to remove/weaken OS based crypto, it would negatively affect security at the OS level for both android and IOS users.

IMHO open source on mobile in it's current form is not in a good place to promote owner freedoms. It's ironic then that most of our phones are running linux. Trouble is the freedoms offered by GPLv2 were conceived under assumptions that owners would be in control their machines, which is increasingly in jeopardy in more modern computer eras.

Edited 2018-09-07 14:03 UTC

Reply Score: 3

kurkosdr Member since:
2011-04-11



IMHO open source on mobile in it's current form is not in a good place to promote owner freedoms. It's ironic then that most of our phones are running linux. Trouble is the freedoms offered by GPLv2 were conceived under assumptions that owners would be in control their machines, which is increasingly in jeopardy in more modern computer eras.


It's something not often mentioned: Most people don't really care about the freedom of access to the source code. Some people care about freedom of installation and freedom to patch the binary (hence the whole deal with jailbreaking and rooting). Stallman made a big mistake two consider these two as granted. On the other hand, can't blame him for doing so, he wrote the GPLv2 in more innocent times.

Edited 2018-09-07 22:11 UTC

Reply Score: 2

Alfman Member since:
2011-01-28

kurkosdr,

It's something not often mentioned: Most people don't really care about the freedom of access to the source code. Some people care about freedom of installation and freedom to patch the binary.


Sure, most people don't express an interest in open source code, but technically this doesn't mean they don't benefit from it nevertheless. Consider that people who don't express an interest in "right to repair" legislation nevertheless benefit from repairmen having such access, people who don't express any interest in chemistry can nevertheless benefit from having chemists, people who don't express an interest in mechanical engineering nevertheless benefit from having bridges and buildings that don't fail, etc. There are thousands of examples we could use here, but I hope the point is clear: "not interested in" does not imply "not impacted by".


Stallman made a big mistake two consider these two as granted. On the other hand, can't blame him for doing so, he wrote the GPLv2 in more innocent times.


Yea, he had a vision, but didn't know how things were going to unfold.

Reply Score: 3

Dr.Cyber Member since:
2017-06-17



Basically, the simple question is: Should companies be allowed to manufacture and sell to the public a safe that cannot be opened without the password and immediately destroys all its contents the moment someone tries to crack it open with a blowtorch? There is no easy answer to this question.

Actually there is an easy answer to that question. The people pay for the government and thus the government should serve the people. If you pay taxes, then the government should owe you, not own you.

So the government does not have the right to limit our privacy because it does not serve us when they do. We on the other hand do have the right to demand their secrets because their secrets are also paid for by us. Without us the government and all it's secrets could not exist.

You seem to be in the mindset that the people ought to serve the government instead of the government serving the people. I know that nowadays the people do serve the government and the government does not serve the people, but this is not how it ought to be.

Reply Score: 2

Alfman Member since:
2011-01-28

Darkmage,

I guess I will make sure to encrypt my mythical Terrorist Crime Net(TM) with Open Source software.


This works, so long as owners get root & sideload access to their devices to install unencumbered crypto. Otherwise, owners are SOL if government tells app stores to remove the software from official channels. Being open source becomes irrelevant when someone else holds the keys to the software you get to install on your device.

Reply Score: 3

Earl C Pottinger Member since:
2008-07-12

I could write a one-pad cipher in 6 line of code on a 8 bit machine that can not be broken by the most powerful machine in existence.

The idea that you can listen to terrorists or criminals if they want secure messages is funny.

Reply Score: 2

avgalen Member since:
2010-09-23

In general I would agree with you, but a one-time-pad "requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent." so instead of securing the message you just move the problem to securing the pre-shared key. I would also be very interested in how you would code a truly random generator in 8 lines ;)
https://en.wikipedia.org/wiki/One-time_pad#Perfect_secrecy

Again, in general I agree with you. Writing perfect encryption is almost trivial.

Reply Score: 3

zima Member since:
2005-07-06

And one might wonder how would it be enforced with "legal" open source software? ...what, everybody would have a backdoor? ;) O_o

Reply Score: 2

v OK
by Dr.Cyber on Fri 7th Sep 2018 08:03 UTC
whartung
Member since:
2005-07-06

I actually don't have a problem with backdoors on physical items, basically following what I call the "Safe" principal.

Simply, if the authorities seize a safe, and you don't provide the combination, what do they do?

They cut the thing open, effectively destroying it in the process.

The have a lawful warrant, representing a lawful need and due process, then they should have access to the safe. As a society, we've basically agreed that this kind of evidence gathering for law enforcement is an "OK" thing.

So, similarly, if there was a technique that allowed a device (i.e. a hand held device) to be "unlocked" that require both physical access and, effectively, physical destruction of the device, then I'd be just fine with that. Unsoldering a chip, breaking the motherboard for a "fortune cookie" back door key, who knows.

The biggest problem for me is "secret" and/or "remote" access. Monitoring vs access. If you come back to your home and find your safe busted open, well, you pretty much know someone got it to the contents.

If you come home and find your phone broken in to pieces, then, again, you know someone got in to the contents.

None of this stops folks from using other methods to protect their information or property. But it covers a large swath of the law enforcement use cases for common, mundane crimes.

Rather than hopping on some slippery slope argument that leads to the destruction of mankind, I simply posit that I see no reason why a phone should be any more or less accessible than a safe or something of that nature. I just don't want them doing it behind peoples back.

"You need to open your phone for us, or we're going to not just open it anyway, but destroy it -- so, your call."

Reply Score: 2

BlueofRainbow Member since:
2009-01-06

Interesting argument and one that is easy to grasp.

One weakness is that the tools which would allow access to the contents by authorities (when in possession of a valid search warrant) could also be used by other entities/individuals for illegitimate purposes.

Nevertheless, "hard access" leaves clear signs that it has occurred. Any "remote/soft access" can potentially be enabled for illegitimate purposes without one ever noticing it.

Reply Score: 2

Hmmmm ....
by cade on Sat 8th Sep 2018 06:36 UTC
cade
Member since:
2009-02-28

The military-industrial-human-genocide-project is starting to feel the "pinch".

Decades ago, when our main source of "news" was from the CRT (cathode ray tube) based "idiot box" TV, the propaganda directed from the PTB (powers-that-be) was effective in brainwashing the citizenry in accepting the notion that the "terrorists" are those "bad bad bad people" who always lived abroad in some foriegn country.

The current digital age has empowered the citizenry with informational and cryptographic resources that have threatened the PTB's multi-decadal old modern-age propaganda machine. The citizenry have started to wakeup.

For example, consider ....
- Assange's Wikileaks (Paypal restricts Wikileak donations then Assange goes crypto, etc.)
- the encrypted Telegram messenger application has been pressured by the Russian government on numerous occassions for it's encryption keys
- we now have a much more complete picture on entities that promote terrorist actions and these entities are not limited to the stereotypical "middle eastern" players we were propagandised about since the 1970's; the "west" has made great contributions to the terrorism-based loss of innocent lives (a blowback-based bloated foreign policy does not help)
- "false flags" are the norm, not the exception
- the PTB's worry about {blockchain,crypto}-based {currency, etc.} inventions.

Reply Score: 0