Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate

Re: What's all this then?

@RIBrsiq: But Occam's Razor applies and on any matter requiring understanding of law, economics, science or technology, the politician is out of their depth and probably motivated far more by what they want to be true than by any advice they might have had from experts.

@RIBrsiq -- Re: What's all this then?

Well, then, how do you explain Louie Gohmert?, Todd Akin? Tom Tancredo? Joni Ernst? Steve King? (Among others, of course...)

Re: What's all this then?

Maybe he as stock in all the companies that will make a killing replacing all the backdoored kit.

Re: What's all this then?

The effect is to create a market opportunity that will quickly be filled, US kit replaced.

The same effect (forced decryption of customer data) in Snoopers Charter that means that every conversation between customers has to be intercepted by the vendor.

Communications product vendor Charlie has to include himself in the encrypted discussion between Alice and Bob, because as the vendor of their comms software and being a British company (regardless of where Alice and Bob are) Snoopers requires he decrypt their comms.

Belgacomm spings to mind as an ex customer of any UK kit, or kit from UK companies. For UK that is only communications satellites affected I think?? Cloud services, data processing, and a few others will be hit.

So your private Alice-Bob comms also include Vendor Charlie, his friend GCHQ, their friends abroad (=5 eyes), UK police (via info sharing), and everyone from traffic wardens to animal charities via the UK's slack data protection system. Shared with everyone but courts and judges to avoid any kind of legal process or privacy right. Natch.

But I'm sure their chief will explain that their backdoors won't affect business because nobody has a choice!

Wishful thinking.

But Brit Kit, not with a free extra account.

Re: What's all this then?

Thales e-Security are pretty big, part of the huge Thales organisation, and sell hardware security devices, trusted by many household names.

Based in Cambridge (England).

I'm sure they'll be happy to pick up lots of customers fleeing from the US mandated backdoors.

Disclaimer: I work there.

Re: foreign encryption is a 'theoretical' capability

ditto SHA-3

Re: foreign encryption is a 'theoretical' capability

NIST knew that if they wanted anybody to trust their replacement crypto, they'd have to run an open international competition for it, with all the design rationales published, not just hand us a shiny updated version of the Clipper Chip or something. And yes, AES is Rijndael, from Belgium. And OpenSSH is managed by a Dutch/SouthAfrican who lives in Canada, and OpenSSL by a New Zealander. Shamir of RSA is an Israeli.

"A cryptographer, a Eurocrat, and a normal person walk into a bar. What do they order?" Three Belgian beers, and maybe some Club Mate' if it's available. (Cryptography seems to be one of the Belgian national sports these days.) But it's not just the Belgians and the Dutch and the New Zealanders and the Israelis and Canadians and the Russian Mafia writing computer security software - lots of other places do it too. And while a lot of the Cypherpunks group activities were in Silicon Valley and Berkeley in the 1990s, it's not like everybody attending were Yankees; we had Canadians and Russians and Dutch, and there was a lot of academic work back and forth between US and European and Aussie and NZ universities.

Re: What's all this then?

"Its a good thing none of the foreign countries like say Belgium understand encryption. Oh wait."

don't rule out Finland, either.

that and libertarian-minded Americans who'll do it on the "dark net" and not tell anyone they did it. HELLO "underground economy".

Making drugs illegal - that really stopped THOSE, didn't it? And how about that 'prohibition' thing back in the 1930's? How'd THAT work out?

All I can say is, "they" (politicians, D.C. insiders, "the establishment") must think WE are IDIOTS.

Re: Hog wash.

Well, he did write "US algorithms"; neither Rijndal nor Keccak are of US-origin. (One could argue that IF and DL cryptosystems are "US algorithms" -- pace Adi et Taher -- but then the NSA claims all those will be blown away in due course.)

Re: To XSSXXXX, is Creative IT Command and Control in Computers, a Brave New Orderly AI World Order

the above shows just how effective non-US encryption can be, even if we have to go to Mars to get it. ... Lyndon Hills 1

Hi, Lyndon Hills 1,

It would be a monumental folly to discount and dismiss home delivery whenever Martians realise takeaway is more than a number of steps too far for Earthlings to make and/or take.

It is neither wise nor practical to expect a primitive species to exercise quantum leaps and revolutionary actions they have no offence or defence against, so please expect something quite extraordinary to be rendered and presented currently for continuing disbelief and terrifying consternation.

Re: What's an encryption product (in this context)?

I was thinking a bit more tinfoil than that. I was wondering to myself if a sufficiently clever intelligence organisation couldn't sneak in a bug in a FOSS offering that would weaken the product in ways that only they were aware of, for however long it took before others spotted it. No, it's not a back-door, but it might be worth the effort anyway.

Note also that it wouldn't have to be in an obviously sensitive place. It might suffice to fiddle with the memory allocator (which may not seem like it is even part of the product) or make a trivial patch to remove a compiler warning.

But although this will probably be upvoted by the paranoid wing of El Reg's readership, I must say it seems a bit unlikely to me.