Sounds like the NSA...
Really would like Cameron to be POTUS....
“Give me your tired, your poor, your huddled masses yearning for an iPhone, and we'll give you an encryption master key” seems to be the dream of the National Security Agency (NSA). The NSA's latest thought bubble, floated in front of noted cryptography journal The Washington Post, is that a “master key” for all products …
Vulture South can't wait to see the tech sector's response to these ideas.
Get fucked, would sum up the response from this particular part of the tech sector.
I have rarely heard such a stupid idea. Every device from every manufacturer in every county? Who would all then want their own set of keys. Quite apart from the technical implausibility of getting keys onto all hardware, all the user would need to do is run their own encryption on top and you're right back to where you are now. Apart from (I suspect) a good few billion quid lighter in the tax budget.
"yes in theory, but this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that..."
And if you walk around a bad part of town and do not know self-defense (or are not self-defense savvy or motivated, as it were), their problem.
You either are or are not savvy. Those who take the time to become [savvy] have an advantage. It's the same everywhere - Finance, job, relationships, etc. Too bad for them.
"this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that"
Not really. I'm pretty sure that the intenet would come up with a few point-and-click solutions for the less technically-inclined.
There's 4 elephants in the room for this NSA chap:
The first is that my data is mine. This assumption that a thing that is mine also belongs to someone else is colossal arrogance on the part of the NSA. Attempts to take what is mine by force will meet resistance. And talking of arrogance...
The plan falls apart as soon as other countries become involved. It seems to be a peculiarly American failing to completely forget that countries other than America exist. Other countries would (of course) want their own set of keys; thus turning the idea into an instant clusterfuck. You either end up with every country having their own set of keys (and I'm not sure if this is even possible; but I'm pretty damned sure it's not possible to do it safely); or you refuse countries, in which case you get entire countries resisting the data-rape.
This is a world where -with all the illegal data-hoovering that the public is still largely unaware/uncaring of- schoolgirls can still get from the UK to Syria undetected. Charlie Hebdo. Etc. So with all the advantages in the world; the spook agencies are just not doing the job. Giving them more powers is extremely unlikely to make any of us one whit safer. Speaking of safety...
The keys *WILL* come together and be leaked at some point. It is inevitable.
"The keys *WILL* come together and be leaked at some point. It is inevitable."
They always seem to forget (or conveniently ignore) that's there's always someone eminently corruptible in just the right place if the price is right. With ever larger amounts of money concentrated in ever fewer places, the rest is indeed a foregone conclusion.
For bonus points if you ever get the chance, ask them:
If non-US companies can be forced to make life easy for the US how does this not open the door (front, back or any other sort you'd care to name) to the same thing happening in either Russia or China when it comes to companies there dealing with data originating from the US?
This post has been deleted by its author
Seeing how it was that very same NSA which contrived and vigorously extolled those (almost universally demonstrated to be BORKED) primitives, which the entire mechanism of the "5 eyes" then crowbarred into just about every international protocol in existence, while simultaneously suppressing other (better) primitives, I can't help feeling that this "polite request" is *nothing* more than post-Snowden damage control theatre for goldfish and the braindead.
to develop non-US based encryption technology, using non-US hardware, running non-US owned OS'es.
The spooks just care enough to totally destroy their own countries economy, to help the rest of the world. They really do care that much, it is not about spying on everyone, it is about helping the rest of the world have freedom (from America).
Interesting.
While I'm sure the intent of this oh-so-gloriously-public spookgasm was to pretend by implication that they don't already pwn the lot of it. Contrary to the Snowden "revelations". You're suggesting that all this astonishingly raucous splashing and flailing is just making their situation worse? Fanning the flames?
Damned if they do...
Github already hosts some forks of well known encryption libraries for users in the Middle East and I've read reports that the Syrian opposition uses modified open source programs to communicate as they cannot trust anything developed in the west. So I fail to see how this most ridiculous of ideas is going to help. Indeed how are these people even employed coming up with such stupid ideas.
Our world wide web is becoming more segregated by the day.
I get it - better 'legitimate' security bodies use approved known methods to access devices than continue the arms race of encryption and backdoors. And yes, I'd prefer it if they worked within a rigidly defined legal framework with proper scrutiny and, subject to a time delay,public review.
BUT. Until these bodies are subject to true scrutiny and working in a legal framework, I don't trust NSA, GCHQ or any similar agencies not to misuse the data collected.
I agree they need scrutiny by an independent organisation, but I trust the people working in these agencies more than I trust the politicians in charge..
People working in GCHQ are after terrorists and real bad guys.. .
Politicians are after votes no matter how dumb their ideas are....
You mean you Trust politicians MORE than people working at GCHQ?
They are both un-trustworthy, but surely politicians are worst, since it is their fault that people at GCHQ do what they do.... And if Theresa May & Dave had their way, nothing would be secret....
I never said I trusted them very much....
If I were in charge of overseeing NSA & C. I would be very, very worried, because they are basically admitting their intel abilities are now wholly unable to find anythning but using a dragnet approach. It's pretty clear that their spies, under cover agents, agents, investigators, analysts, etc. are people without any clue and just hope to find an "enemy" by pure chance gathering any data they can and hoping for the best.
Moreover, if they start to rely and sleep happily being able to access US made devices, they will find themsevelve wholly unprepared when an opponent with the proper skill and technology will implement its own protection, and the US will have lost any skill to counter those threats - well, it's no new that the US always entered any conflict unprepared and with outdated, wrong, and often ill-designed devices and weapons. Complacency is always your worst enemy.
I would be very, very worried NSA & C. are stubbornly chasing the easiest way, it means its commanders are unable to front the new threats and are desperately seeking for some fingers to hide behind. Probably the only reasonable action would be to fire them all, and find someone who's really got a clue about the new environment...
I think the point is that NO ONE has the complete master key because no one firm controls the whole thing. It's like a key split into five pieces, ALL of which are required to work the lock. It seems it would basically take FIVE Snowdens all working in concert (which increases risk exposure) to find the correct five pieces and put them all together.
except of course those 5 pieces will need to be put in one place at some point, to use it. What keeps the spooks from remembering the 4 other pieces exactly? It's not like a bunch of characters can be copied ...
Not to mention, it'll have to be all there in the devices. Not like we ever heard of someone extracting keys from hardware. DVD and blue rays are still impossible to copy, right?
That implies that what they say is what they want. More likely they publicly and piously proclaim they've spilt the key, then pool their portions and copy them around in private so everyone can enjoy the fun whenever they want. Honesty hasn't been much in evidence thus far after all.
I don't think they mean a single master key for all devices, more likely they mean each device will have its own unique key which will then be broken up and stored in separate escrows. Either way its still a terrible idea. It will produce a honey pot effect with both foreign and domestic intelligence agencies doing everything they can to gain access to the individual escrows