nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Silver badge

F/OSS

There is no constitutional right to sell warrant-proof encryption.

Who said anything about sell?

98
0
Silver badge

Indeed. There's no constitutional right to sell bread either. What kind of effing argument is that ?

80
0

There's a difference

Or, to make it more plain to the US populace, there is no constitutional right to sell guns.

67
5
Silver badge

Sending PGP code on disc outside of the USA was considered to be exporting munitions. Sending the code out in hardcopy (a ream of paper) was protected by Freedom of Speech.

Result was the same, except for someone in Europe having sore typing fingers for a day or two.

44
0
Silver badge

"Result was the same, except for someone in Europe having sore typing fingers for a day or two."

Actually published it as a book with an OCRable font to save the fingers of the intern (although it was 'accidentally' published to usenet before then anyway)

20
0

Re: There's a difference

Actually, there is. Since the right to own a gun is a 'strictly interpreted' constitutional right here in the US, all contributory rights are similarly protected, including the right to sell a gun, because prohibiting that right would infringe on the right to own a gun, as you can't own a gun if you can't buy one and you can't buy one if nobody can sell one. There's been actual court cases on this, the last one on gun ranges in Chicago, for instance.

Anyway, I'd guess that, if the right to encryption is considered protected by the first amendment, the right to sell such encryption would be protected as well, as the first amendment right is also 'strictly interpreted'.

21
2
LDS
Silver badge

Re: There's a difference

You could still build your own gun... a flintlock one is not so difficult... you can also start with a matchlock. And still the 2nd amendment is about generic "arms" - not firearms- a sword or a bow should be enough...

10
2
Silver badge

@Pascal Monett

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

I think the 9th Amendment does provide a right to sell bread as I believe the intent of the Constitution was designed to place limits on the power of government, not the people.

I also fully support D.A.G. Rod's right to speak his misinformational opinions as he is easily refuted by the TSA lock backdoor debacle which completely avoids topics that are far over Rod's head, like mathematics. In fact the more Rod speaks, the easier he is disprove. Seriously, "scanning of content, like your emails, for advertising purposes"? Rod's one funny fellow!

18
0

This post has been deleted by its author

Anonymous Coward

Re: There's a difference

and you can't be given one for free because that would make you a pinko commie?

2
1
Facepalm

Indeed. The Bill of Rights does not work like that, as explicitly stated in the 9th Amendment.

2
0

Re: There's a difference

That is only partially true. Since the 2nd Amendment does grant the right to keep and bear arms, the right to sell arms is implied. If guns could not be sold, then the US government would be required to supply them.

0
0

Re: There's a difference

"If guns could not be sold, then the US government would be required to supply them."

After all they already do it for Mexicans....

http://edition.cnn.com/2013/08/27/world/americas/operation-fast-and-furious-fast-facts/index.html

0
0
Bronze badge

Re: There's a difference

"And still the 2nd amendment is about generic "arms" - not firearms- a sword or a bow should be enough…"

One has to go back to why the right was put in to start with and that was to prevent government abuses. If it ever became necessary to protect oneself agains the military, bringing a knife to a tank battle is a good approximation. I don't advocate the automatic weapons and grenades be sold to the public, but reliable and accurate firearms are fine by me. Full auto is usually a waste of ammo and used mainly to keep heads down while soldiers advance across defended territory. The cat's among the pixies so there is no use crying for a perfect world that doesn't have firearms.

0
0
Silver badge

I can see his point of view. Even the US Mail is not impervious to snooping. However, if encryption is backdoored, then not just those "authorized" can open it. There in is the conundrum. For some reason, he believes it's possible and I have to wonder who told him it is. Since he's a lawyer by trade, I doubt he has any clue technically of which he speaks.

57
0

He's probably been briefed by our clever home secretary Elmer Fudd.

75
0
Silver badge

Backdoors for all

if encryption is backdoored, then not just those "authorized" can open it

It is even worse, because the number of governements with access to "authorized" backdoors would be large: If U.S. succesfully demands backdooring, most other governements will follow suit. Information about the backdoors will inevitably leak. At that point we might just as well not bother with any encryption products, they would not really protect anything. People with secrets would use homebrew or "underground" code, and hide its usage with steganography.

55
0
Gold badge
Gimp

"There in is the conundrum. For some reason, he believes it's possible "

I used to think that.

But no longer.

These people simply don't care if this makes every US computer a massive treasure trove if such a system is mandated.

Their "right to know" trumps everybody else right to privacy.

At least inside their own heads.

It's not a sane policy. It's a personality disorder

94
0

I agree. He isn't saying anything unreasonable. Simply that being able to search suspects (whether physically or digitally) WITH A WARRANT BASED ON PROBABLE CAUSE is part of the rule of law, and isn't some newly made-up attack on privacy. On the other hand I fully support everyone's right to privacy, and the importance of strong encryption.

Here's the thing - It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance by rendering ineffective the coercive force to back up a legal warrant (in other words, law enforcement cannot brute-force unencrypt suspect's data if the suspect is not cooperative to the warrant). So it's not possible to balance these interests anymore. Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.

No easy solution here

34
3
Silver badge

if encryption is backdoored

then so are you.

30
0
Silver badge

Re: Backdoors for all

If encryption has a backdoor known only to the US government, they can read the information of anyone in the world who uses the software. If it is known to other governments, they can read the information of US users. Who is going to use such software?

Actually it's simple - they just pick the answer from the Magic Technology Tree that can provide them with anything they want, even if it's logically impossible.

And if the nerds say it can't be done, just keep kicking them until they agree to do it. Ignore all this rubbish about 'the real world'.

32
0
Silver badge

> It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance...

I would agree with most of this, but actually I believe the wide-spread use of encryption isn't what has borked the system. That was the wide-spread use of domestic spying, tapping every phone line in the world, eves-dropping on every conversation, and data mining every single electronic communication.

Wide-spread use of encryption has been a direct reaction of the tech companies to that (following the Snowdon leaks), and has not broken the balance, but helped to restore it. Remember how the spooks still managed to break into the single iphone, in their physical possession, in the San Bernando case? That is how things used to work, and is clearly acceptable.

Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?

53
0
Anonymous Coward

While politicians are still banging on about the need to access encrypted products then that is a good thing as it means they've haven't broken it or feel they are unlikely to break it anytime soon.

As soon as they go quiet on the subject and 'admit defeat' is when you should consider whether that encryption is still effective or not.

23
0

It's still possible to eavesdrop on a suspect - you compromise the device they use and you can read everything they do before it is sent. It's well known that intelligence services have a wide range of tools and exploits for compromising endpoints. But you can only do that in a targeted way (just as you only ever had the resources to wiretap a few people in the old days). What you can't do is read *everyone's* messages that way. Backdooring encryption remains a terrible idea for many, many reasons.

38
0
Silver badge

Re: Backdoors for all

" People with secrets would use homebrew or "underground" code, and hide its usage with steganography."

I suspect a lot do already making the whole argument moot.

6
0
Silver badge
Facepalm

Re: Backdoors for all

I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible. If I send one-time pad encrypted messages over encrypted or unencrypted comms channels, nobody can crack it. If I send such a high entropy stream hidden in the noise bit of some inane video of cats/dogs/goats/drunks nobody will know it's there.

So yes, I may not have a constitutional right to do this, but there is no way to forbid, or even police this. Given that one-time pads have been known for a long time, you cannot argue that end-to-end encryption methods (which can be cracked, but require loads of CPU grunt) have changed matters fundamentally (well, of course they can argue that, but they would be WRONG).

9
0
Silver badge
Mushroom

Simple, let the US do it and then when they world and their dog get access to everything the US publishes in digital format, then perhaps we'll finally start to get some sense from the fecking idiot politicians. The second their entire lives are splashed all over the media because it was a piece of cake to open up their private online datastores, then I'm sure things will change double quick!

13
0
Holmes

Yet

...as it means they've haven't broken it...

It could also mean that's what they want us to think. For example, they were whining about https long after they found ways around it.

5
0
Silver badge

Re: Backdoors for all

Size of crypto software: 25kb

Size of 47 mandated back doors: 25Tb

12
0
Anonymous Coward

Re: Backdoors for all

I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible.

This.

BTW, "Warrant-proof encryption" can include these.

So, by my figuring, "Warrant-proof encryption" has been around since 1882 (or 1917 at the latest - 100 years ago). Another asshat govt offal knows not of what he speaks.

9
0
Silver badge

Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?

Well-said, Sir! You've managed to summarize the entire argument in two simple sentences.

All lawmakers and government spooks should read and understand them.

They do not have the right to do more than they could do back when mail was sent on paper and a warrant was required for its interception. Since nobody has repealed laws requiring a warrant, interception without one should be penalized appropriately.

10
0
Silver badge

Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?

No?

Francis Walsingham [Wikipedia]

2
2
Bronze badge

>Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.

I take your point - but if an encrypted message is the only evidence against the criminal, there isn't much of a case against him. Nearly always, it's just one element in a kaleidoscope of pointers. Which means that investigators nearly always have alternatives, if encryption holds firm. On the other hand, if encryption fails, a great many other things fail along with it - and there are no ready alternatives available.

The fact is, this desire to crack encryption isn't about acquiring evidence against a target - it's about identifying possible targets. It's the equivalent of breaking into all the homes in a district, because you think one of them is harbouring criminal activity.

21
0
Silver badge

US Mail may not be impervious to snooping but it's also a lot more difficult to automatically scan to see if the contents are encrypted which is often the trigger for raising suspicion. If a letter is encrypted, say with a one time pad or other fairly secure method, there isn't much the government can do about it should it be discovered. Likewise, one could encrypt the contents of a safe and the government would be in the same position.

The real complaint is that encrypting the entire contents of one's safe is laborious so people won't do it and most won't even bother with the safe. On the other hand encrypting the entire contents of a hard drive or mobile phone is now very easy but decrypting it is still nearly impossible. I also think he does have at least a small clue but he's being cagey and presenting it as if he's only asking for keys to the safe when in fact he's asking for much more. It's a clear case of a little knowledge being a very dangerous thing so while he knows how to light the match he doesn't recognize that we're all standing in the same pool of petrol.

6
0
Silver badge

The US mail isn't impervious to snooping. But is it illegal to send encrypted messages through it ?

2
1
Gold badge

Re: Francis Walsingham

So from a two-sentence summary of the case against back-dooring encryption we have now progressed to a two-word summary. (Our friend FW may actually be the only case in history of this sort of thing and the resulting society is a text-book example of what the Founding Fathers didn't want for the US.)

3
0
Gold badge
WTF?

Encryption..has borked that balance..rendering ineffective the..force to back up a legal warrant

<profanity filter off>

Bullshit

</profanity filter off>

Every jurisdiction I know of makes failure to hand over passwords or encryption codes under a search warrant issued in that jurisdiction a crime.

So (maybe) do jail time if you hand over or definitely do jail time if you don't.

If you've got enough evidence to get a warrant you can definitely put someone in jail regardless of their crypto, and if you've got the computers still on you can probably find the keys in memory.

They want warrantless spy-on-demand snooping, regardless of the danger to everyone's privacy and money.

7
0
Gold badge
Unhappy

"Size of crypto software: 25kb" "Size of 47 mandated back doors: 25Tb"

Govt archive of everyone's kitty pix 700 EB

3
0
Silver badge

Re: Francis Walsingham

But he didn't monitor ALL communication. Only that to/from a specific person. Something easily permitted with a warrant.

6
0
Anonymous Coward

Age of surveillance

We live in The Golden Age of Surveillance, yet the hallucination/lie of "going dark" is met by some with anything other than derisive laughter. I have no idea if Rosenstein realizes he is really arguing for the apotheosis of Stazi monitoring, but investigations will not become impossible anymore than good op-sec by La Cosa Nostra prevented the eventual destruction of the American mafia by the FBI and friends.

2
0

Re: Encryption..has borked that balance..rendering ineffective the..force to back up a legal warrant

Yes and here is the real difference, in a supposedly civilised society you cannot beat the shit out of someone (physically, mentally or chemically) to get the key. You can chuck them in jail but the likelihood is that is a minor inconvenience to them if it as a genuine major crime. I don't know what the tariffs are for failing to provide information to the relevant authorities with a court order, but it is probably a lot less that 20 years in the clink.

I am sure there is always some agency somewhere but in the end it would simply turn into another scandal. In less fussy countries those unfortunate enough to not hand over an encryption key will simply disappear after a lot of effort has been expended.

2
0
Bronze badge

Even the US Mail is not impervious to snooping.

If you cared to do so, you could mail everything in a thick lead lined safe with a good lock.

They could get in, but the safe would be broken in the process.

1
1
Silver badge

Re: Francis Walsingham

Don't get me wrong - I think Walsingham was a Machiavellian arsehole, but he is history's prima facie example of data fetishism and illustrates why oversight of state actors is always required.

4
0
Silver badge

Re: Francis Walsingham

But he didn't monitor ALL communication. Only that to/from a specific person. Something easily permitted with a warrant.

IIRC, he monitored quite a lot of communication between various people. At the time, there wasn't really the concept of having a warrant to do this.

If you want a more recent historical example of mass-interception of physical communications, I would encourage you to visit the STASI museum in East Berlin, housed in the actual headquarters of the STASI (also used for the rather good cold-war drama Deutschland 83).

I would draw your attention to the room on the first floor (second floor if you are American) where they have a section about how the STASI did exactly what is being described, along with examples of the steamers they used to routinely open the mail of ordinary people.

The STASI were a perfect example of this sort of surveillance taken to the absurd extreme. Some people seem to think that rather than being a warning from history, they should be held up as an paragon.

7
0
Silver badge
Boffin

Re: Backdoors for all

Just make sure your one-time pads never fall into the wrong hands, and you never, ever re-use them... See Project Venona for one case where this went wrong. https://en.wikipedia.org/wiki/Venona_project

4
0
Silver badge

Re: Francis Walsingham

...just to add a little more, to illustrate that history is littered with examples...

From the wikipedia page on the Royal Mail:

In 1653 Parliament set aside all previous grants for postal services, and contracts were let for the inland and foreign mails to John Manley. Manley was given a monopoly on the postal service, which was effectively enforced by Protector Oliver Cromwell's government, and thanks to the improvements necessitated by the war Manley ran a much improved Post Office service. In July 1655 the Post Office was put under the direct government control of John Thurloe, a Secretary of State, and best known to history as Cromwell's spymaster general. Previous English governments had tried to prevent conspirators communicating, Thurloe preferred to deliver their post having surreptitiously read it.

4
0
Gold badge
Unhappy

"the resulting society..text-book example of what the Founding Fathers didn't want for the US.)"

Perhaps why they fled to "The New World" in the first place?

Perhaps if more people asked what they would have thought of these "protections" (of the state, not the citizen) they might not be so popular.

0
0
Bronze badge

"Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.

No easy solution here"

Tie goes to the runner. In a case where there might appear to be equally valid arguments when it comes to a person's rights, the person, rather than the government should be assumed to have the Right.

0
0
Bronze badge

Re: "Size of crypto software: 25kb" "Size of 47 mandated back doors: 25Tb"

"Govt archive of everyone's kitty pix 700 EB"

That's the place they built in Utah. I drove past it when I traveled to see the eclipse.

0
0
Silver badge

By the same token...

...there has never been a right to unfettered eavesdropping, either. Yet, warrant-less mass tapping of communications has been going on since the NSA admitted itWikileaks reported what was going on.

Only technology has made that possible - but that same technology has also made encryption possible. So, we've gone round in a circle.

In the end, totalitarian governments will always say that privacy is never justified, because terrorism (but, oddly enough, will vociferously protect the privacy of their politicians and staff as if their li(v)es depended on it!)

79
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing