They're back! 'Feds only' encryption backdoors prepped in US by Dems US lawmakers are yet again trying to force backdoors into tech products, allowing Uncle Sam, and anyone else with the necessary skills, to rifle through people's private encrypted information. Two years after her effort to introduce new legislation died, Senator Dianne Feinstein (D-CA) is again spearheading an effort to make …
Chances are if you know what you are doing you can find a device with open firmware
In the first place, "firmware" is not enough. You'd also need to redesign the hardware.
In the second place, 'open' != 'secure'. Plenty of vulnerabilities go unnoticed for years in open-source software. I would assume that in either Chinese or Russian OS firmware, at least some vulnerabilities would be added deliberately (and well hidden, to make them hard to discover without very close examination).
Others are presumably included by sheer incompetence, same as in every other piece of software ever.
there are open source BIOS images out there, too. Some of them disable things like 'management core'.
just because the sheeple are using "Win-Tel" (with its potential back-doors, etc.) doesn't mean YOU have to. Those same sheeple use FACE-B*TCH and TW*TTER, too.
(the use of 'asterisk' is because I only have one ass-to-risk...)
@JohnFen: "Yes, but if they were outlawed in such a way, that would probably not reduce their usage much."
The thing is, if strong encryption were outlawed, it'd criminalise anyone using the stuff. But if you're intent on, erm, breaking the law anyway, you might consider using strong encryption to be worth the risk - and unlike, for example, guns and bombs, it's pretty easy to move software from one place to another without it being easy to spot.
And if you DO ban strong encryption, what about (e.g.) banking security? On-line trading - be it high finance or buying from Amazon? And so on?
It seems to me that banning strong encryption would penalise those who respect the law and do very little to stop savvy criminals/terrorists/whoever.
I've just done a Web search and soon came up with reports of two retired spooks - one the former head of MI5, the other of MI6 - both expressing the opinion that we need strong encryption without back doors.
https://cointelegraph.com/news/ex-mi5-head-dont-weaken-very-positive-encryption
https://netlawmedia.com/news/former-mi6-head-tells-european-legal-security-forum-im-favour-strong-encryption-albeit-legal-safeguards/
- although the ex MI6 bloke does seem guilty of magical thinking where he "backed the use of “strong encryption” as a tool for protecting information security, claiming he is “100 per cent in favour of it”." then went on to say:
"[...] he wanted to see a form of “front door access in the virtual world that you have in the physical world”. Technology providers should behave less like safe manufacturers, who pride themselves in their inability to unlock their own products, he said, and more like old-style telecoms companies. Telecom companies, he added, traditionally allowed the security services to eavesdrop on conversations facilitated by their technology – albeit with the “right legal framework” and the “right authorities in place”."
This argument seems set to run and run...
Ignoring the firmware aspect, there's too many people who use computers in "grandma mode". Whatever Microsoft puts on there by default is good enough, and you can jolly well bet MS's security is going to leak like a sieve. Or flat out just copy everything over to secret servers before encryption gets involved. It's like VPNs. It only takes a little knowledge to do a lot of protecting, but many of the masses have never even heard of a VPN.
Not that grandma really has anything to hide, but that's beside the point. Much like a strip search -- it's the inspection itself that is the offensive part, not the risk (or non-risk) of going to the clink after the man with the rubber glove has probed her cervix.
Here's the thing wrt Grandma. Grandma takes a lot of prescription medicine - for thyroid, blood pressure, cholesterol, hrt, etc - and supplements like calcium and iron. She organizes a week's worth at a time in a pill case, so she's not a walking drug store with a dozen bottles.
In most US states (YMMV), not carrying prescriptive drugs in their original bottles with labeling showing what they are, what doctor prescribed them, and the name of the patient getting the prescription, is a felony (thanks to the war on drugs).
No, they have no reason to put granny in prison, but they might want something from YOU. So you have a choice: give them what they want, or granny goes to jail.
Government is nothing but a collection of people, each having their own agenda. Be afraid. Be very afraid. Do not give them any more power than the least needed to maintain society, and never enough power to control it.
People of means (their own or the taxpayer's) use couriers for the important communications, or hop on a jet (their own or the taxpayer's) to have a same-day face-to-face. If they're tech-savvy, they also print their courier-delivered messages on a printer purchase by someone else, and frequently changed. Indeed, all this BS is for the little people.
In 4th amendment terms, Ray wants it so that "only the police" can ransack our private papers at will. Well, sure, that sounds constitutional. The "with specificity" clause was trashed long ago.
I find it interesting that despite the NSA hacking tools being stolen, the Federal personnel database being stolen, etc., that no hacker has published Trumps tax returns. Either the IRS has the best security on the planet, or only Russians can truly pilfer the US governments secrets.
no hacker has published Trumps tax returns
What's the incentive to?
It's trivial to forge a tax return, and possible to create a pretty plausible one. So if you just want to publish a tax return you claim is Trump's, showing whatever it is you'd like to show, there's no reason to bother "hacking" anything.
So say someone publishes what they claim is Trump's return for one or more recent years. Then:
- Trump denies it. There's no advantage to him in admitting it's genuine, if it is; and if it isn't, even less to pretending otherwise.
- Supporters who feel the return justifies their support will claim it's genuine but for reasons of "privacy" or "security" Trump is denying it. Those who feel it puts their man in a poor light will claim it's a fake.
- Trump opponents would almost certainly seize on it as further evidence of Trump's mendacity, but they don't need any more evidence of that. They're already convinced, and they're not likely to convince many others at this point.
It's far more useful for opponents to keep demanding that Trump release the returns himself. He almost certainly won't, so they can continue to claim he's hiding something. It's more useful for supporters if no returns are released, because whatever they say and regardless of whether they're genuine they just fuel an argument that supporters prefer would die down.
ack. too late for guns, and now knives. Those genie's are out of the bottle, and have been out for a LONG time.
Make them illegal, and ONLY the criminals will have them. SO much for defending yourself, preventing thieves from cracking your bank accounts, etc. when ONLY the bad guys have the necessary means to protect themselves, _AND_ to attack YOU.
I'm not surprised the Demo-rats are behind this. Their so-called position for pro-civil-rights is nothing more than a SHAM. They've been about controlling the masses for a LONG time. The Republi-crats ("establishment" Republicans, mostly RINOs) are, too, but they've been singled out in the past.
NOW, Dianne Franken-Feinstein [who occasionally made sense in the past] has gone full-on bat-blank nutzy-cuckoo crying for back-door'd encryption, not knowing a cipher from a key.
These idiots are SO emotion-based and irresponsibly sinister in their motives, it's pathetic.
time to "clean house". TEA PARTY!
NOTE: when you take away the right of an individual to speak his own mind AND to defend himself, you end up with SHEEPLE. And they're *EASY* to control, like a herd of sheep.
1984 anyone? that's a TYPO.
"too late for guns, and now knives. Those genie's are out of the bottle, and have been out for a LONG time... Make them illegal, and ONLY the criminals will have them."
The thing is that this makes the job easier for the police: Someone has a gun, they are a criminal. They don't need to start looking for other crimes they committed straight away, the dangerous nut job can be taken off the street immediately. Unlike the current situation in the US where anyone may "legitimately" have and be carrying a gun...
The whole "guns make people safe" argument doesn't fly with me, never has and never will. It's a machine designed with one purpose: to kill. Apart from a few people in specific circumstances, noone should have one.
Well, guns are pretty much illegal in the UK (with some exceptions) so mostly only criminals have them.
I don't see the Police arresting that many criminals with guns though. False argument, totally based on trust of people who have abused our trust, repeatedly.
If TPTB want people to rescind all options of protecting themselves in favour of letting their government do all that for them, then perhaps the governments should first try re-establishing some trust with the people.
Otherwise it looks like what it most probably is: another tool for oppression and systemic population control.
"Well, guns are pretty much illegal in the UK (with some exceptions) so mostly only criminals have them... I don't see the Police arresting that many criminals with guns though. False argument, totally based on trust of people who have abused our trust, repeatedly."
And how many cases of gun-related crime do we have? If a cop spots someone on the street with a gun, what do they do? A car on the M62 was recently thought to have an illegal firearm in it, and they did all in their power to catch them (and succeeded). The fact that there is such a low amount of gun crime in this country shows that the policy works.
The other end of the argument which always comes back is that guns allow you to protect yourself from the government. This is wrong too: The government will always have more guns and weapons, and having a gun yourself just leads to a higher chance you would be killed in any confrontation.
I see what you are saying, but we are using guns as an analogy for encryption.
Encryption doesn't have a greater velocity/mass than that of an unladen swallow, European or otherwise, so isn't exactly lethal.
If we take your extension of the analogy and apply it to cryptography, it would require that only criminals or law-enforcement have access to strong crypto - in that case you can kiss goodbye to the world economy.
@jJtom "You have pretty much eliminated the guns, yet the murders and assaults contine."
"just what have you accomplished?"
What have we accomplished?
A rate per head of intentional homicide in the UK of about a quarter of that in the USA, and a murder rate per head in the UK of about 1/18th of that in the USA.
At least, that's what this link says:
http://www.nationmaster.com/country-info/compare/United-Kingdom/United-States/Crime/Violent-crime
"The fact that there is such a low amount of gun crime in this country shows that the policy works."
And what about victims of non-gun crime? They don't deserve to be included in your dataset, why exactly?
I don't know about you, but if I were laying stabbed in a pool of my own blood, my last words wouldn't be "At least I can die happy knowing I wasn't shot..."
I don't see the Police arresting that many criminals with guns though. False argument, totally based on trust of people who have abused our trust, repeatedly.
That would be because most people they arrest don't have guns. Gun crime is exceedingly rare here, despite what the news may report.
If someone is seen with a gun, and they don't have a good explanation for it, then they will be arrested, no questions asked.
As for those automatic weapons that can be purchased e.g. AR15s with bump stock conversion? Not readily available here, even the police have custom modified weapons, that are limited to semi-auto, despite the gun not being produced with a semi-auto option.
"The thing is that this makes the job easier for the police: Someone has a gun, they are a criminal."
Well yeah, by definition, being a police officer becomes a hell of a lot easier and less risky when your job description is to arrest people who have yet to harm anyone!
Someone uses strong encryption, they are a criminal. (Why would you need strong encryption anyway if you don't have criminal intent?) This makes the job easier for police.
@"bombastic bob
"NOTE: when you take away the right of an individual to speak his own mind AND to defend himself, you end up with SHEEPLE."
I wonder, bombastic bob, if you could specify exactly what degree of restriction on access to weaponry turns people into SHEEPLE? As far as I know, even in the USA, ordinary citizens aren't allowed to possess and bear arms such as M18 Claymore mines, AGM-114 Hellfire missiles, or even some straightforward rifles like the M2 0.5 inch Browning machine gun.
Are such restrictions a problem? If not, exactly where is the line drawn between the weapons needed to stop people turning into SHEEPLE and those weapons which aren't required?
"So at what point will legislation force all public servants and politicians to use the "magical" proposed system and only the proposed system?"
I think if they're so insistent on this, the crypto-experts should suggest a 5-10 year test plan where compromised crypto is used for all government encryption. The keys are secure right?
They've wanted this crap for how long now? What's another 5 years to prove their claims to us by leading by example?
So at what point will legislation force all public servants and politicians to use the "magical" proposed system and only the proposed system?
After all if it is secure and never going to be abused then they have nothing to worry about and surely will be delighted.
heh. They'll still be hosting their own illegal servers in their bathrooms if they think it will be an advantage to them.
I'm ok with this IF they do it first for at least a year..... If nothing gets hacked then they can shove it at everyone else. OTOH, I'm betting that Congress and the Agencies will exempt themselves from using any backdoor.
Icon.... there's are real shitstorm coming.....
"to come up with a secure way to allow only law enforcement to access information."
Law enforcement of which country?
Of the USA only? So the USA government can read the messages of everyone in the world? How exactly are they going to enforce that?
Or will they let other governments use it - so they can spy on the USA?
Will they ban strong encryption only in the USA? So everyone has to switch devices as they cross the border? If strong encryption is available just across the border, how will they stop USA criminals using it?
If international companies have to switch to weakened encryption when talking to their USA offices, they are going to move as much as possible out of the USA.
None of this seems to get mentioned - the politicians talk about it as if the USA was the only place in the world (which is not exactly unusual).
Law enforcement of which country?
Even within the USA - which law enforcement?
Do you think the boss of the CIA is going to have a phone that a community support officer in Arkansas can access?
Every branch of government, law enforcement, state, county, municipal, military, DEA, DHS, MMB are going to want the ability to read everyone else's phone while having theirs entirely secure from all their law enforcement colleagues
I ask only this. If you wish to continue insisting there is a workable backdoor, then we get to insist on writing "There is no workable backdoor" on your tombstone. If at that point you want to continue debating the matter, we'll be waiting for you...
(Required disclaimer for this age: no, I'm not suggesting killing them. I'm suggesting every legislator should be forcibly memorialized on their eventual tombstone by reference to their stupidest act of public legislation. No grand statue is going to hide the message "We the people regret electing this idiot".)
John, there is more then enough stupid bollocks coming out of both sides of your congress, so every legislator IS appropriate. Why dont you pull your head out of your bipartisan arse and realise that all politicians no matter from what political spectrum should face mockery.
They would not listen,
They're not listening still.
Perhaps they never will.
"It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"
Upton Sinclair, I, Candidate for Governor: And How I Got Licked (1935), ISBN 0-520-08198-6; repr. University of California Press, 1994, p. 109.
Um, the current issue here is the proposed installation of backdoors, not warrantless wiretapping, bad as that is. But your switch enabled you to include the GOP in the discussion. Is it just too painful for you to see the Democrats doing evil stuff without being able to blame the GOP?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
