'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …
Actually, there is. Since the right to own a gun is a 'strictly interpreted' constitutional right here in the US, all contributory rights are similarly protected, including the right to sell a gun, because prohibiting that right would infringe on the right to own a gun, as you can't own a gun if you can't buy one and you can't buy one if nobody can sell one. There's been actual court cases on this, the last one on gun ranges in Chicago, for instance.
Anyway, I'd guess that, if the right to encryption is considered protected by the first amendment, the right to sell such encryption would be protected as well, as the first amendment right is also 'strictly interpreted'.
"And still the 2nd amendment is about generic "arms" - not firearms- a sword or a bow should be enough…"
One has to go back to why the right was put in to start with and that was to prevent government abuses. If it ever became necessary to protect oneself agains the military, bringing a knife to a tank battle is a good approximation. I don't advocate the automatic weapons and grenades be sold to the public, but reliable and accurate firearms are fine by me. Full auto is usually a waste of ammo and used mainly to keep heads down while soldiers advance across defended territory. The cat's among the pixies so there is no use crying for a perfect world that doesn't have firearms.
This post has been deleted by its author
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
I think the 9th Amendment does provide a right to sell bread as I believe the intent of the Constitution was designed to place limits on the power of government, not the people.
I also fully support D.A.G. Rod's right to speak his misinformational opinions as he is easily refuted by the TSA lock backdoor debacle which completely avoids topics that are far over Rod's head, like mathematics. In fact the more Rod speaks, the easier he is disprove. Seriously, "scanning of content, like your emails, for advertising purposes"? Rod's one funny fellow!
I can see his point of view. Even the US Mail is not impervious to snooping. However, if encryption is backdoored, then not just those "authorized" can open it. There in is the conundrum. For some reason, he believes it's possible and I have to wonder who told him it is. Since he's a lawyer by trade, I doubt he has any clue technically of which he speaks.
if encryption is backdoored, then not just those "authorized" can open it
It is even worse, because the number of governements with access to "authorized" backdoors would be large: If U.S. succesfully demands backdooring, most other governements will follow suit. Information about the backdoors will inevitably leak. At that point we might just as well not bother with any encryption products, they would not really protect anything. People with secrets would use homebrew or "underground" code, and hide its usage with steganography.
If encryption has a backdoor known only to the US government, they can read the information of anyone in the world who uses the software. If it is known to other governments, they can read the information of US users. Who is going to use such software?
Actually it's simple - they just pick the answer from the Magic Technology Tree that can provide them with anything they want, even if it's logically impossible.
And if the nerds say it can't be done, just keep kicking them until they agree to do it. Ignore all this rubbish about 'the real world'.
I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible. If I send one-time pad encrypted messages over encrypted or unencrypted comms channels, nobody can crack it. If I send such a high entropy stream hidden in the noise bit of some inane video of cats/dogs/goats/drunks nobody will know it's there.
So yes, I may not have a constitutional right to do this, but there is no way to forbid, or even police this. Given that one-time pads have been known for a long time, you cannot argue that end-to-end encryption methods (which can be cracked, but require loads of CPU grunt) have changed matters fundamentally (well, of course they can argue that, but they would be WRONG).
I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible.
This.
BTW, "Warrant-proof encryption" can include these.
So, by my figuring, "Warrant-proof encryption" has been around since 1882 (or 1917 at the latest - 100 years ago). Another asshat govt offal knows not of what he speaks.
I used to think that.
But no longer.
These people simply don't care if this makes every US computer a massive treasure trove if such a system is mandated.
Their "right to know" trumps everybody else right to privacy.
At least inside their own heads.
It's not a sane policy. It's a personality disorder
I agree. He isn't saying anything unreasonable. Simply that being able to search suspects (whether physically or digitally) WITH A WARRANT BASED ON PROBABLE CAUSE is part of the rule of law, and isn't some newly made-up attack on privacy. On the other hand I fully support everyone's right to privacy, and the importance of strong encryption.
Here's the thing - It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance by rendering ineffective the coercive force to back up a legal warrant (in other words, law enforcement cannot brute-force unencrypt suspect's data if the suspect is not cooperative to the warrant). So it's not possible to balance these interests anymore. Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.
No easy solution here
> It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance...
I would agree with most of this, but actually I believe the wide-spread use of encryption isn't what has borked the system. That was the wide-spread use of domestic spying, tapping every phone line in the world, eves-dropping on every conversation, and data mining every single electronic communication.
Wide-spread use of encryption has been a direct reaction of the tech companies to that (following the Snowdon leaks), and has not broken the balance, but helped to restore it. Remember how the spooks still managed to break into the single iphone, in their physical possession, in the San Bernando case? That is how things used to work, and is clearly acceptable.
Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?
Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?
Well-said, Sir! You've managed to summarize the entire argument in two simple sentences.
All lawmakers and government spooks should read and understand them.
They do not have the right to do more than they could do back when mail was sent on paper and a warrant was required for its interception. Since nobody has repealed laws requiring a warrant, interception without one should be penalized appropriately.
Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?
No?
So from a two-sentence summary of the case against back-dooring encryption we have now progressed to a two-word summary. (Our friend FW may actually be the only case in history of this sort of thing and the resulting society is a text-book example of what the Founding Fathers didn't want for the US.)
But he didn't monitor ALL communication. Only that to/from a specific person. Something easily permitted with a warrant.
IIRC, he monitored quite a lot of communication between various people. At the time, there wasn't really the concept of having a warrant to do this.
If you want a more recent historical example of mass-interception of physical communications, I would encourage you to visit the STASI museum in East Berlin, housed in the actual headquarters of the STASI (also used for the rather good cold-war drama Deutschland 83).
I would draw your attention to the room on the first floor (second floor if you are American) where they have a section about how the STASI did exactly what is being described, along with examples of the steamers they used to routinely open the mail of ordinary people.
The STASI were a perfect example of this sort of surveillance taken to the absurd extreme. Some people seem to think that rather than being a warning from history, they should be held up as an paragon.
...just to add a little more, to illustrate that history is littered with examples...
From the wikipedia page on the Royal Mail:
In 1653 Parliament set aside all previous grants for postal services, and contracts were let for the inland and foreign mails to John Manley. Manley was given a monopoly on the postal service, which was effectively enforced by Protector Oliver Cromwell's government, and thanks to the improvements necessitated by the war Manley ran a much improved Post Office service. In July 1655 the Post Office was put under the direct government control of John Thurloe, a Secretary of State, and best known to history as Cromwell's spymaster general. Previous English governments had tried to prevent conspirators communicating, Thurloe preferred to deliver their post having surreptitiously read it.
Perhaps why they fled to "The New World" in the first place?
Perhaps if more people asked what they would have thought of these "protections" (of the state, not the citizen) they might not be so popular.
It's still possible to eavesdrop on a suspect - you compromise the device they use and you can read everything they do before it is sent. It's well known that intelligence services have a wide range of tools and exploits for compromising endpoints. But you can only do that in a targeted way (just as you only ever had the resources to wiretap a few people in the old days). What you can't do is read *everyone's* messages that way. Backdooring encryption remains a terrible idea for many, many reasons.
>Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.
I take your point - but if an encrypted message is the only evidence against the criminal, there isn't much of a case against him. Nearly always, it's just one element in a kaleidoscope of pointers. Which means that investigators nearly always have alternatives, if encryption holds firm. On the other hand, if encryption fails, a great many other things fail along with it - and there are no ready alternatives available.
The fact is, this desire to crack encryption isn't about acquiring evidence against a target - it's about identifying possible targets. It's the equivalent of breaking into all the homes in a district, because you think one of them is harbouring criminal activity.
<profanity filter off>
Bullshit
</profanity filter off>
Every jurisdiction I know of makes failure to hand over passwords or encryption codes under a search warrant issued in that jurisdiction a crime.
So (maybe) do jail time if you hand over or definitely do jail time if you don't.
If you've got enough evidence to get a warrant you can definitely put someone in jail regardless of their crypto, and if you've got the computers still on you can probably find the keys in memory.
They want warrantless spy-on-demand snooping, regardless of the danger to everyone's privacy and money.
Yes and here is the real difference, in a supposedly civilised society you cannot beat the shit out of someone (physically, mentally or chemically) to get the key. You can chuck them in jail but the likelihood is that is a minor inconvenience to them if it as a genuine major crime. I don't know what the tariffs are for failing to provide information to the relevant authorities with a court order, but it is probably a lot less that 20 years in the clink.
I am sure there is always some agency somewhere but in the end it would simply turn into another scandal. In less fussy countries those unfortunate enough to not hand over an encryption key will simply disappear after a lot of effort has been expended.
We live in The Golden Age of Surveillance, yet the hallucination/lie of "going dark" is met by some with anything other than derisive laughter. I have no idea if Rosenstein realizes he is really arguing for the apotheosis of Stazi monitoring, but investigations will not become impossible anymore than good op-sec by La Cosa Nostra prevented the eventual destruction of the American mafia by the FBI and friends.
"Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.
No easy solution here"
Tie goes to the runner. In a case where there might appear to be equally valid arguments when it comes to a person's rights, the person, rather than the government should be assumed to have the Right.
While politicians are still banging on about the need to access encrypted products then that is a good thing as it means they've haven't broken it or feel they are unlikely to break it anytime soon.
As soon as they go quiet on the subject and 'admit defeat' is when you should consider whether that encryption is still effective or not.
Simple, let the US do it and then when they world and their dog get access to everything the US publishes in digital format, then perhaps we'll finally start to get some sense from the fecking idiot politicians. The second their entire lives are splashed all over the media because it was a piece of cake to open up their private online datastores, then I'm sure things will change double quick!
US Mail may not be impervious to snooping but it's also a lot more difficult to automatically scan to see if the contents are encrypted which is often the trigger for raising suspicion. If a letter is encrypted, say with a one time pad or other fairly secure method, there isn't much the government can do about it should it be discovered. Likewise, one could encrypt the contents of a safe and the government would be in the same position.
The real complaint is that encrypting the entire contents of one's safe is laborious so people won't do it and most won't even bother with the safe. On the other hand encrypting the entire contents of a hard drive or mobile phone is now very easy but decrypting it is still nearly impossible. I also think he does have at least a small clue but he's being cagey and presenting it as if he's only asking for keys to the safe when in fact he's asking for much more. It's a clear case of a little knowledge being a very dangerous thing so while he knows how to light the match he doesn't recognize that we're all standing in the same pool of petrol.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
