Linked by Thom Holwerda on Thu 6th Sep 2018 21:14 UTC
Privacy, Security, Encryption

The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don't, the governments say they "may pursue technological, enforcement, legislative, or other measures" in order to get into locked devices and services.

Their statement came out of a meeting last week between nations in the Five Eyes pact, an intelligence sharing agreement between the US, UK, Canada, Australia, and New Zealand. The nations issued a statement covering a range of technology-related issues they face, but it was their remarks on encryption that stood out the most.

Break encryption, or we'll break you.

Thread beginning with comment 662035
To read all comments associated with this story, please click here.
Darkmage
Member since:
2006-10-20

I guess I will make sure to encrypt my mythical Terrorist Crime Net(TM) with Open Source software.

Reply Score: 4

timl Member since:
2005-12-06

I wonder if, in a complete reversal of previous policy, the US will then impose *im*port restrictions on strong, independently created cryptography?

Reply Parent Score: 5

kurkosdr Member since:
2011-04-11

I wonder if, in a complete reversal of previous policy, the US will then impose *im*port restrictions on strong, independently created cryptography?


They had something like that in the past, restricting all cryptography available to citizens to 40-bits. This is why the CSS protection in DVDs and WEP were bruteforce-able from launch day, they simply had to work within the 40-bits max limit.

Basically, the simple question is: Should companies be allowed to manufacture and sell to the public a safe that cannot be opened without the password and immediately destroys all its contents the moment someone tries to crack it open with a blowtorch? There is no easy answer to this question.

Reply Parent Score: 3

Alfman Member since:
2011-01-28

Darkmage,

I guess I will make sure to encrypt my mythical Terrorist Crime Net(TM) with Open Source software.


This works, so long as owners get root & sideload access to their devices to install unencumbered crypto. Otherwise, owners are SOL if government tells app stores to remove the software from official channels. Being open source becomes irrelevant when someone else holds the keys to the software you get to install on your device.

Reply Parent Score: 3

Earl C Pottinger Member since:
2008-07-12

I could write a one-pad cipher in 6 line of code on a 8 bit machine that can not be broken by the most powerful machine in existence.

The idea that you can listen to terrorists or criminals if they want secure messages is funny.

Reply Parent Score: 2

avgalen Member since:
2010-09-23

In general I would agree with you, but a one-time-pad "requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent." so instead of securing the message you just move the problem to securing the pre-shared key. I would also be very interested in how you would code a truly random generator in 8 lines ;)
https://en.wikipedia.org/wiki/One-time_pad#Perfect_secrecy

Again, in general I agree with you. Writing perfect encryption is almost trivial.

Reply Parent Score: 3

zima Member since:
2005-07-06

And one might wonder how would it be enforced with "legal" open source software? ...what, everybody would have a backdoor? ;) O_o

Reply Parent Score: 2