Sign in / up

back to article Deputy AG Rosenstein calls for law to require encryption backdoors

The deputy US Attorney General said he wants legislators to force technology companies to decrypt people's private conversations. Rod Rosenstein on Wednesday told a crowd of over 600 police officers that software developers should be required by law to unscrambled end-to-end encrypted chatter on demand – and if the engineers …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: An unbreakable backdoor would be nice

          "Currently, any encryption algorithm using a key, or key pair, wider than 1024 bits falls under ITAR, and is considered munition. It cannot be exported to any country without prior permission from the US Department Of Commerce - Bureau of Industry and Security."

          I'm sorry, but after reviewing your link, I'm just not able to confirm your assertion. It seems to even directly contradict it:

          "There is no "unexportable" level of encryption under license exception ENC. Most encryption products can be exported to most destinations under license exception ENC, once the exporter has complied with applicable reporting and classification requirements."

          3 1 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: An unbreakable backdoor would be nice

            > I'm just not able to confirm your assertion. It seems to even directly contradict

            Nope it does not contradict any of it:

            Federal Register - BIS EAR - Encryption Export Control Regulations.

            There are plenty of details about key length restrictions for export control.

            You quoted the relevant sentence yourself:

            Most encryption products can be exported to most destinations under license exception ENC, once the exporter has complied with applicable reporting and classification requirements

            If you really want to learn about US crypto export control details, you need to spend a lot of time reading the Federal Register, because these regulations are spread around many documents.

            2 0 Reply
        2. Roland6 Silver badge
          Reply Icon

          Re: An unbreakable backdoor would be nice

          >This is a relaxation of the rules that have existed since WWII. Before 1997, any encryption software or device was considered munition, regardless of key length.

          Which is why no one outside of the US used DES and instead purchased encryption software typically developed in Israel. Also the open source community quickly got wise and ensured relevant projects were led by non-US nationals and hosted by non-US providers on servers physically located outside the US.

          5 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: An unbreakable backdoor would be nice

            Like that's gonna help you if the US REALLY want you. Remember, the US broke the legendary Swiss bank anonymity. If they can do that, odds are they can do nigh anything.

            0 0 Reply
            1. Roland6 Silver badge
              Reply Icon

              Re: An unbreakable backdoor would be nice

              Like that's gonna help you if the US REALLY want you.

              Agreed, however it did mean that the rest of the world could use whatever level of encryption was legal in their neck of the woods without having to get Uncle Sam's permission...

              0 0 Reply
              1. Anonymous Coward
                Reply Icon
                Anonymous Coward

                Re: An unbreakable backdoor would be nice

                It's not his permission you have to worry about, but his fingers, to be sure he never had a hand, overt or covert, in the design such that you can be certain he didn't insert a backdoor. After all, consider the data center in Utah. What's to say it isn't secretly concealing a black-project quantum computer?

                0 0 Reply
      2. Captain DaFt
        Reply Icon

        Re: An unbreakable backdoor would be nice

        backdoored software would be classified as "munitions" and made illegal to export to other countries.

        Of course, The US has no qualms about selling munitions to friendly countries and allies, Like say, Their old allies in the Middle East: Iran, Iraq, and the Taliban.

        Sure came in handy later when we were fighting in the Middle East with... Iran, Iraq, and the Taliban? Uh, wait, hold on...

        11 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: An unbreakable backdoor would be nice

          Getting shot by shit your own side sold to the (later) enemy is a fine American tradition. At least you know the characteristics of the weaponry and their quirks. Might help somehow.

          I believe we got this tradition from the British.

          11 0 Reply
          1. CrazyOldCatMan Silver badge
            Reply Icon

            Re: An unbreakable backdoor would be nice

            Getting shot by shit your own side sold

            Or, as the old joke goes: "When the British shoot, the Germans duck. When the Germans shoot, the British duck. When the Americans shoot, everybody ducks.."

            7 0 Reply
      3. CrazyOldCatMan Silver badge
        Reply Icon

        Re: An unbreakable backdoor would be nice

        law enforcement

        Which, as we all well know, includes dog warden, parish councillors, TV licence enforcers and local schools[1]..

        [1] Can't have people applying to schools they don't qualify for!

        6 0 Reply
  2. Terafirma-NZ

    Two things

    1st. Can they even enforce this when the devices ship from China and I am sure it would not be hard to move the systems that compile the code off shore thus the product is never exported.

    2nd. I'll use this the second the USA confirms that all government agencies including the military use the same encryption for all their communications!

    2 0 Reply
    1. Orv Silver badge
      Reply Icon

      Re: Two things

      I think they could enforce it if they wanted to badly enough. We already know the NSA intercepts and backdoors routers being shipped to some countries. The amount of manpower required to do it in the other direction for cell phones would be steep, though. It would probably be easier to slip a backdoor in at the source, without the manufacturers knowledge.

      Would this actually happen? Probably not, not for feasibility reasons, but for political ones. The NSA and the other three-letter agencies are rivals and they don't like to share. They're especially not keen on having their methods revealed in court, which tends to deter them from participating in criminal cases.

      1 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        Re: Two things

        "I think they could enforce it if they wanted to badly enough. We already know the NSA intercepts and backdoors routers being shipped to some countries."

        You're still thinking in the US box. There's a whole lot of other countries out here. Some of them have quite nice climates where CxOs will be happy to live, quite amenable financial regimes and others have cheap manufacturing locations. OK, the NSA can make those intercepts when the goods are being shipped to one country - the US but the rest of us won't worry.

        3 0 Reply
    2. Doctor Syntax Silver badge
      Reply Icon

      Re: Two things

      " I am sure it would not be hard to move the systems that compile the code off shore thus the product is never exported."

      More than that: move the businesses themselves off-shore. Then, in a few years, the US can reminisce about the days when it had an IT industry.

      3 0 Reply
  3. Woodnag

    Not necessarily...

    "..the Feds eventually opted instead to pay for a zero-day vulnerability to circumvent the passcode."

    That's what they said. Also possible is that it had been broken before inadmissably (no warrant), and they wanted to avoid having the technique (or the act) publicised.

    4 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    We promise not to look

    OK, maybe just a bit....

    0 0 Reply
  5. katgod

    Do it the old fashion way, shut up, figure it out and don't tell anyone you can get in. Why are there so many idiots in positions of power.

    Of course it is possible some of them have figured it out and then they let the idiots provide a smoke screen to make it look like they can't get in, but now I am starting to assume what you see is not what you get and that is usually wrong.

    0 0 Reply
  6. mako23

    If I chose to use AES encryption during communication thats my decision

    1 0 Reply
  7. Anonymous Coward
    Anonymous Coward

    What happens when...

    ... Russia, China, and the other 260, or so, law enforcement require access for their criminal investigations? And that investigation involves agencies or persons working for the government? In a classified matter? Need I go on? Beware what you ask for.

    6 0 Reply
  8. Charlie Clark Silver badge

    Habeas corpus?

    After a terrorist attack, obtaining stored electronic information is an effective and necessary law enforcement technique.

    Yeah, who needs a crime to start investigations? Just start suspecting everyone!

    Fortunately, the US Supreme Court would almost certain to slap down anything like this and the DoJ know it. So, it's the usual kind of posturing.

    2 0 Reply
    1. Charles 9
      Reply Icon

      Re: Habeas corpus?

      Don't be so sure. The SCOTUS waxes conservative now.

      0 0 Reply
  9. Anonymous Coward
    Anonymous Coward

    Oh boy.....

    'He also made a point somehow related to encryption when he referenced the natural disaster unfolding in Texas.'

    Wow. The man just make the biggest quantum leap since Sam Beckett. Where's Al and Ziggy? Do do do doodoo do do do doo..

    5 0 Reply
    1. Flakk
      Reply Icon

      Re: Oh boy.....

      Wow. The man just make the biggest quantum leap since Sam Beckett. Where's Al and Ziggy? Do do do doodoo do do do doo..

      Maybe Rosenstein is an Evil Leaper. That would actually explain a few things.

      2 0 Reply
  10. Christian Berger

    Essentially that would make US products unbuyable to the rest of the world...

    ... at least that's the common idea. The counter-argument is of course Blackberry, who have been found to have back doors many times, but still manages to sell their products.

    0 1 Reply
    1. James 51
      Reply Icon

      Re: Essentially that would make US products unbuyable to the rest of the world...

      You do realise that Blackberry don't sell phones directly any more? Cooperating with the police in the London riots cost them their teenage users.

      4 0 Reply
  11. Anonymous Coward
    Anonymous Coward

    They need to test this first ..

    .. so let's ensure that the not-so-esteemed deputy AG is stripped of all crypto. He should not be able to set a password other than "1234" and "password", and must be mandated to access his bank only online.

    If he objects, well, he's only exposed to the natural consequences of what he proposes so why the protests?

    Bloody idiot.

    5 0 Reply
  12. Milton

    Laws of Math vs Laws of Men

    The Reg readership doesn't need to have it explained why Rosenstein is talking complete drivel, but you do have to wonder why politicians, political appointees and even moderately smart guys like the late not-much-lamented Comey simply *will not* understand that the backdoors idea cannot work, will have no effect on the Black Hats it's supposed to be targeting and will render everyone less safe. Even the kind of intellectual pond life infesting DC are surely capable of understanding that π is not 3.000. It will never be 3.000. No amount of political gobshittery from a mouth-on-a-stick will make it become 3.000. The laws of math trump those of men and that's all there is to it.

    Then again, perhaps I overestimate them. Maybe their stupidity should be diverted into a more harmless route: leveraged, in a word, rather than us simply banging our foreheads in frustration.

    So someone please tell these nincompoops that the problem is prime numbers. Get Trump to twat something presidential like "Primes unamerikan. Helping nookoolar tursts. Bad!" Congress obviously must set itself to pass a law to make it easier to perform prime factorisation on large numbers. It's scandalous that this has been overlooked for so long. Give them a mountain of paper and as many pencils as they like (there's always some attrition, as Representatives in particular keep sticking them in their ears and noses) and leave them to secure the nation and make America great again. Should keep them from causing trouble elsewhere for years at least.

    4 0 Reply
    1. Roo
      Reply Icon
      Windows

      Re: Laws of Math vs Laws of Men

      "but you do have to wonder why politicians, political appointees and even moderately smart guys like the late not-much-lamented Comey simply *will not* understand that the backdoors idea cannot work, will have no effect on the Black Hats it's supposed to be targeting and will render everyone less safe"

      The answer is very simple: They don't actually care about security and locking up bad guys, they just want access to all your data 24x7. Given that the motivation is clearly not security, and the folks talking this shite are pole climbers by definition, I believe we can safely conclude that they want this stuff because it will give them a massive edge over the proles in terms of insider trading, blackmail, extortion and evading justice. I am not even sure why they are trying to justify this crap to the television cameras, it's not as if the voters have a choice in the matter.

      7 0 Reply
  13. JJKing
    Black Helicopters

    How to keep a secret? Tell NOBODY!

    A secret backdoor that is known about by more than one person is no longer a secret backdoor.

    3 0 Reply
    1. Charles 9
      Reply Icon

      Re: How to keep a secret? Tell NOBODY!

      Don't you mean more than ZERO people?

      2 0 Reply
  14. poohbear

    IANAL but I have a question:... if they demand your password, and you give it to them, and it still doesn't work (perhaps, just perhaps, they are using the wrong program to decrypt it....), are you obliged to tell them?

    And how do they prove you gave them the wrong password then?

    Or do they require you to do the decrypting?

    Isn't that where the whole "self incriminating" thing kicks in?

    All your secrets are belong to us.

    1 0 Reply
    1. Orv Silver badge
      Reply Icon

      In the US that question is so far up in the air, in my understanding.

      On the one hand there have been rulings that held that police can compel you to unlock your phone with a fingerprint, but can't compel you to give your PIN.

      On the other hand, there's currently a guy who's been held in prison for two years on contempt of court charges, because he won't give the password to unlock an encrypted drive that's believed to contain child porn.

      2 0 Reply
  15. Nimby
    Devil

    Simple ansswer: prove the concept.

    I say we let them have their backdoors. But like any good technology, first it must be proven to work. So before the law forces world+dog to use it, first anyone who voted for, signed a dotted line, supported, etc. the backdoor is required to be a part of the Proof of Concept phase wherein all of their phones, bank accounts, emails, etc. are now all replaced with backdoored equivalents. Anyone else who wants to support this can also opt-in to this trial. And this trial must occur for no less than six months prior to forcing it upon everyone else. And there is no opting out or cancelling. You supported it, then are locked in to the trial to the end.

    I figure just one week of that and random and sundry hackers of the world will have pwned them to hell and back and generally stolen all their money, pillaged their identity, ruined their lives, and badmouthed their dog enough to prove even to people as mentally deficient as these idiots just why exactly mandatory backdoored encryption is such a bad idea. LOL The remaining five months and three weeks or so is just me laughing endlessly.

    4 0 Reply
    1. Charles 9
      Reply Icon

      Re: Simple ansswer: prove the concept.

      And if they STILL go along with it? Some can be gluttons for punishment, for example.

      0 0 Reply
  16. Vic Sub
    Facepalm

    Here we go again

    Same old crap. Hopefully it fizzles again once people, who know wtf they're talking about, school these misguided legislators how futile this kind of legislation would be.

    Goes something like:

    1) Pass laws in US requiting back-doors to encryption

    2) Users\Companies stop using those products\protocols and opt for some foreign-made product that does not adhere to US laws

    3) US tech loses market share.

    Also, can't make a law that will compel people to use back-doored tech

    3 0 Reply
    1. Charles 9
      Reply Icon

      Re: Here we go again

      Sure you can. Just require the use of it if you want lucrative government (some run in the BEEELIONS) contracts, many of which can be make-or-break-ers for companies. Think about it. ALL states set their alcohol minimum ages to 21 (IN SPITE of the age being determined by the states in the years following the 21st Amendment) because setting any lower means no federal highway funds for you (BY LAW). Same tactic.

      2 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        Re: Here we go again

        "Just require the use of it if you want lucrative government (some run in the BEEELIONS) contracts, many of which can be make-or-break-ers for companies."

        No problem. The US has a rump tech industry that sells to the US govt The rest of the world uses non-US products from firms that either left the US or started elsewhere in the first place. If that leaves the US floundering with its downsized tech industry why should the rest of us care?

        1 0 Reply
        1. Charles 9
          Reply Icon

          Re: Here we go again

          Nearly 400 million people and a lot of money. Not even China ignores them.

          1 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like