back to article NSA: 'Back doors are a bad idea, give us a FRONT door key'

“Give me your tired, your poor, your huddled masses yearning for an iPhone, and we'll give you an encryption master key” seems to be the dream of the National Security Agency (NSA). The NSA's latest thought bubble, floated in front of noted cryptography journal The Washington Post, is that a “master key” for all products …

  1. Anonymous Coward
    Anonymous Coward

    Sounds like the NSA...

    Really would like Cameron to be POTUS....

  2. Anonymous Coward
    Anonymous Coward

    Vulture South can't wait to see the tech sector's response to these ideas.

    Get fucked, would sum up the response from this particular part of the tech sector.

    I have rarely heard such a stupid idea. Every device from every manufacturer in every county? Who would all then want their own set of keys. Quite apart from the technical implausibility of getting keys onto all hardware, all the user would need to do is run their own encryption on top and you're right back to where you are now. Apart from (I suspect) a good few billion quid lighter in the tax budget.

    1. Dan 55 Silver badge

      And as they've already got the legal powers to make demands to the cloud provider and the operator, along with their keys just in case they're feeling uncooperative, they've already got this mirror account anyway.

    2. Brent Longborough

      We need a new version of Moore's Law:

      The amount of Government Stupidity (TM) created, anent security and cryptography, approximately doubles every x months.

      1. Anonymous Coward
        Anonymous Coward

        The amount of Government Stupidity (TM) created, anent security and cryptography, approximately doubles every x months.

        Moron's law? I agree, but your formulation needs a bit of adjusting - at the rate we're going, it's weeks rather than months :(.

    3. Vimes

      The last time this seemed to have any serious traction was with the clipper chip saga.

      http://en.m.wikipedia.org/wiki/Clipper_chip

      1. MacroRodent

        deja-vu

        " the clipper chip saga."

        Ah, that was why I thought I had seen this movie before. Bad ideas never die.

    4. Tim 11

      "....all the user would need to do is run their own encryption on top"

      yes in theory, but this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that... only the ones with something to hide... oh crap!

      1. Anonymous Coward
        Anonymous Coward

        Re: "....all the user would need to do is run their own encryption on top"

        "yes in theory, but this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that..."

        And if you walk around a bad part of town and do not know self-defense (or are not self-defense savvy or motivated, as it were), their problem.

        You either are or are not savvy. Those who take the time to become [savvy] have an advantage. It's the same everywhere - Finance, job, relationships, etc. Too bad for them.

        1. Anonymous Coward
          Anonymous Coward

          Re: "....all the user would need to do is run their own encryption on top"

          "this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that"

          Not really. I'm pretty sure that the intenet would come up with a few point-and-click solutions for the less technically-inclined.

          There's 4 elephants in the room for this NSA chap:

          The first is that my data is mine. This assumption that a thing that is mine also belongs to someone else is colossal arrogance on the part of the NSA. Attempts to take what is mine by force will meet resistance. And talking of arrogance...

          The plan falls apart as soon as other countries become involved. It seems to be a peculiarly American failing to completely forget that countries other than America exist. Other countries would (of course) want their own set of keys; thus turning the idea into an instant clusterfuck. You either end up with every country having their own set of keys (and I'm not sure if this is even possible; but I'm pretty damned sure it's not possible to do it safely); or you refuse countries, in which case you get entire countries resisting the data-rape.

          This is a world where -with all the illegal data-hoovering that the public is still largely unaware/uncaring of- schoolgirls can still get from the UK to Syria undetected. Charlie Hebdo. Etc. So with all the advantages in the world; the spook agencies are just not doing the job. Giving them more powers is extremely unlikely to make any of us one whit safer. Speaking of safety...

          The keys *WILL* come together and be leaked at some point. It is inevitable.

          1. Anonymous Coward
            Anonymous Coward

            Re: "....all the user would need to do is run their own encryption on top"

            You keep forgetting that British Intelligence agencies can't "hoover the data" themselves so they ask the NSA to do it for them and vice versa.

          2. Anonymous Coward
            Anonymous Coward

            Re: "....all the user would need to do is run their own encryption on top"

            "The keys *WILL* come together and be leaked at some point. It is inevitable."

            They always seem to forget (or conveniently ignore) that's there's always someone eminently corruptible in just the right place if the price is right. With ever larger amounts of money concentrated in ever fewer places, the rest is indeed a foregone conclusion.

    5. Vimes

      @moiety

      For bonus points if you ever get the chance, ask them:

      If non-US companies can be forced to make life easy for the US how does this not open the door (front, back or any other sort you'd care to name) to the same thing happening in either Russia or China when it comes to companies there dealing with data originating from the US?

  3. Anonymous Coward
    Anonymous Coward

    Leave your front door open

    Spooks want to hand all your data over to Al Quaeda the first time one of their own defects.

    Idiots.

    1. Anonymous Coward
      Facepalm

      Re: Leave your front door open

      I think you mean 'the next time one of their own defects.'

    2. This post has been deleted by its author

  4. Anonymous Coward
    Anonymous Coward

    That's nothing that Safenet doesn't already do

    But as I posted elsewhere, the trick would be to become the third member of the key party, and after its been created, and split, and you're driving home....lose it, delete it, just don't keep it.

  5. Anonymous Coward
    Anonymous Coward

    COINTELPRO

    Seeing how it was that very same NSA which contrived and vigorously extolled those (almost universally demonstrated to be BORKED) primitives, which the entire mechanism of the "5 eyes" then crowbarred into just about every international protocol in existence, while simultaneously suppressing other (better) primitives, I can't help feeling that this "polite request" is *nothing* more than post-Snowden damage control theatre for goldfish and the braindead.

  6. Dan 55 Silver badge
    Facepalm

    Custom firmware?

    Only used by turrists.

  7. A Non e-mouse Silver badge

    American cloud providers are already moaning about loosing business due to American law enforcements love of stealing data/spying on people. Surely this will just drive more companies to not have a US legal presence so they can avoid giving the NSA the keys to the castle?

    1. james 68

      It's ok though, because the government clearly stated that no business has been lost due to this whole fiasco, and they are plainly more trustworthy than the businesses themselves.....aren't they?

  8. Anonymous Coward
    Anonymous Coward

    America wants the rest of the world

    to develop non-US based encryption technology, using non-US hardware, running non-US owned OS'es.

    The spooks just care enough to totally destroy their own countries economy, to help the rest of the world. They really do care that much, it is not about spying on everyone, it is about helping the rest of the world have freedom (from America).

    1. Anonymous Coward
      Anonymous Coward

      Re: America wants the rest of the world

      Interesting.

      While I'm sure the intent of this oh-so-gloriously-public spookgasm was to pretend by implication that they don't already pwn the lot of it. Contrary to the Snowden "revelations". You're suggesting that all this astonishingly raucous splashing and flailing is just making their situation worse? Fanning the flames?

      Damned if they do...

  9. depicus
    Facepalm

    Github

    Github already hosts some forks of well known encryption libraries for users in the Middle East and I've read reports that the Syrian opposition uses modified open source programs to communicate as they cannot trust anything developed in the west. So I fail to see how this most ridiculous of ideas is going to help. Indeed how are these people even employed coming up with such stupid ideas.

    Our world wide web is becoming more segregated by the day.

    1. A Non e-mouse Silver badge

      Re: Github

      Wasn't there a terrorist group who developed their own encryption, because they didn't trust encryption developed in the west, only to have their efforts shown as being futile as their encryption was easily broken?

      1. alain williams Silver badge

        Re: Github

        Quite possibly: good encryption is hard; but just because one group got it wrong does not mean that they all will.

    2. Antonymous Coward
      Big Brother

      Re: Github

      If it's a modified GnuPG they're using then I hope they've spotted the booby-trap.

      1. Zippy's Sausage Factory
        Coat

        Re: Github

        Booby traps are easily spotted. The nippes are a dead giveaway.

        1. Graham Hawkins

          Re: Github

          Upvote for Spike Milligan reference...

  10. JimmyPage Silver badge
    FAIL

    Clipper chip

    'nuffr said

    1. Maynard G. Krebs

      Re: Clipper chip

      Those were truly the days. I also remember back then server OS's coming in 2 flavors. 128-bit encryption for in the USA, 56-bit for all you heathen foreigners. You all just can not be trusted......

  11. RonWheeler

    I get it, but

    I get it - better 'legitimate' security bodies use approved known methods to access devices than continue the arms race of encryption and backdoors. And yes, I'd prefer it if they worked within a rigidly defined legal framework with proper scrutiny and, subject to a time delay,public review.

    BUT. Until these bodies are subject to true scrutiny and working in a legal framework, I don't trust NSA, GCHQ or any similar agencies not to misuse the data collected.

    1. MrXavia

      Re: I get it, but

      I agree they need scrutiny by an independent organisation, but I trust the people working in these agencies more than I trust the politicians in charge..

      People working in GCHQ are after terrorists and real bad guys.. .

      Politicians are after votes no matter how dumb their ideas are....

      1. Anonymous Coward
        Anonymous Coward

        Re: I get it, but

        Politicians are after degrading sexual favours from "lobbyists" and enormous nest-eggs....

        FTFY

        O:-)

      2. Anonymous Coward
        Anonymous Coward

        Re: I get it, but

        >People working in GCHQ are after terrorists and real bad guys.. .

        No they're not. If you obey an order then you are as culpable as the person who gave it.

      3. Vimes

        Re: I get it, but

        People working in GCHQ are after terrorists and real bad guys

        That's not always the case.

        http://www.gloucestershireecho.co.uk/Staff-member-GCHQ-sacked-inappropriate-searches/story-26187243-detail/story.html

      4. Oninoshiko
        Facepalm

        Re: I get it, but

        "I agree they need scrutiny by an independent organisation, but I trust the people working in these agencies more than I trust the politicians in charge.."

        Then you're an idiot. They've been caught, numerous times, spying on people because they have a nice set of tits.

        1. MrXavia
          Facepalm

          Re: I get it, but

          You mean you Trust politicians MORE than people working at GCHQ?

          They are both un-trustworthy, but surely politicians are worst, since it is their fault that people at GCHQ do what they do.... And if Theresa May & Dave had their way, nothing would be secret....

          I never said I trusted them very much....

  12. Anonymous Coward
    Anonymous Coward

    Actually, they are admitting their incompetence.

    If I were in charge of overseeing NSA & C. I would be very, very worried, because they are basically admitting their intel abilities are now wholly unable to find anythning but using a dragnet approach. It's pretty clear that their spies, under cover agents, agents, investigators, analysts, etc. are people without any clue and just hope to find an "enemy" by pure chance gathering any data they can and hoping for the best.

    Moreover, if they start to rely and sleep happily being able to access US made devices, they will find themsevelve wholly unprepared when an opponent with the proper skill and technology will implement its own protection, and the US will have lost any skill to counter those threats - well, it's no new that the US always entered any conflict unprepared and with outdated, wrong, and often ill-designed devices and weapons. Complacency is always your worst enemy.

    I would be very, very worried NSA & C. are stubbornly chasing the easiest way, it means its commanders are unable to front the new threats and are desperately seeking for some fingers to hide behind. Probably the only reasonable action would be to fire them all, and find someone who's really got a clue about the new environment...

    1. Anonymous Coward
      Anonymous Coward

      Re: Actually, they are admitting their incompetence.

      You're taking the PUBLIC utterances of a professional spook at face value? Seriously? Why?

      1. Anonymous Coward
        Anonymous Coward

        Re: Actually, they are admitting their incompetence.

        Because sometimes you can read between the lines...

  13. Archivist

    Plug that leak

    And what happens when the next Snowden leaks the master key?

    Oh that could NEVER happen!

    1. Anonymous Coward
      Anonymous Coward

      Re: Plug that leak

      I think the point is that NO ONE has the complete master key because no one firm controls the whole thing. It's like a key split into five pieces, ALL of which are required to work the lock. It seems it would basically take FIVE Snowdens all working in concert (which increases risk exposure) to find the correct five pieces and put them all together.

      1. Mad Chaz

        Re: Plug that leak

        except of course those 5 pieces will need to be put in one place at some point, to use it. What keeps the spooks from remembering the 4 other pieces exactly? It's not like a bunch of characters can be copied ...

        Not to mention, it'll have to be all there in the devices. Not like we ever heard of someone extracting keys from hardware. DVD and blue rays are still impossible to copy, right?

        1. Charles 9

          Re: Plug that leak

          Not if the pieces can be transmitted remotely over secure channels and the pieces only come together inside a black box unit. Penetrating black boxes is still an active security exercise, meaning extracting the key from a black box is still far from a given.

          1. Anonymous Coward
            Anonymous Coward

            Re: Plug that leak

            That implies that what they say is what they want. More likely they publicly and piously proclaim they've spilt the key, then pool their portions and copy them around in private so everyone can enjoy the fun whenever they want. Honesty hasn't been much in evidence thus far after all.

  14. Erix

    Sounds vaguely familiar?

    ... And nine, nine rings were gifted to the race of Men, who above all else desire power. But they were all of them deceived...

    1. phil dude
      Gimp

      Re: Sounds vaguely familiar?

      I head the voice in my head too...!

      Carry on...

      P.

      1. Stevie

        Re: Sounds vaguely familiar?

        I heard it in a Sellars/Clouseau voice, complete with the last word being pronounced "deceive-ed".

  15. Anonymous Coward
    Anonymous Coward

    I don't think they mean a single master key for all devices, more likely they mean each device will have its own unique key which will then be broken up and stored in separate escrows. Either way its still a terrible idea. It will produce a honey pot effect with both foreign and domestic intelligence agencies doing everything they can to gain access to the individual escrows

    1. Charles 9

      But wouldn't the very act of doing so attract attention to themselves, allowing the spooks to take care of them?

  16. Sureo

    I think it's all a smokescreen to hide the fact that they already have access to everything they want, but they don't want you to know that.

  17. Annihilator
    Coat

    By your powers combined...

    "The idea seems to be that only when all the agencies holding portions of a key decide to use it together will decryption become possible."

    In very much a Captain Planet style?

  18. Anonymous Coward
    Anonymous Coward

    I was watching Tom Baker do something very similar just the other day - nearly messed up due to a sophisticated guardian-in-the-middle attack.

  19. Mark 85
    Devil

    Why bother?

    If there's a master key available, it will be compromised. Perhaps a better idea is for the industry to not have any encryption, any firewalls, any protection. Period. Then these agencies will have an easier time spying on everyone including the "bad guys" (for some value of "bad"). But then some agency (or perhaps the existing ones since they would know everything, everywhere that's going on) would have to take out the spammer's, miscreants, etc. no matter where in the world they are. Simples... After all, isn't these agencies goals "to keep us safe"?

    Now where's the cynical, cranky, old git icon?

    1. Captain DaFt

      Re: Why bother?

      "But then some agency (or perhaps the existing ones since they would know everything, everywhere that's going on) would have to take out the spammer's, miscreants, etc. no matter where in the world they are. Simples... After all, isn't these agencies goals "to keep us safe"?"

      A chorus of Spooks: "But, but... Then we'd have to do our job and do real WOOOOORRRRK! {WAAAAHH!} Work is too hard!"

  20. crayon

    "the spook agencies are just not doing the job"

    They are. All the plots that they thwart involve some "undercover" agent encouraging/urging/helping the perp to commit the crime that was thwarted.

    "Politicians are after votes no matter how dumb their ideas are...."

    I don't think any politicians, judges, or other public figure are free agents anymore. The intensive, all pervasive surveillance that has been going on these past years has made them all subject to blackmail by the "security" services. The exception being Dutch MEP, Sophie in 't Veld, who either has no skeletons in her closet or she doesn't mind letting them out. Once upon a time, politicians in opposition would vigorously oppose legislation that eg allowed the government to spy on its own citizens - even though they themselves would try to bring in the same legislation when they next come to power. Now they don't even make a token effort of opposing.

  21. A Ghost
    Black Helicopters

    A lot of truisms in this thread

    These security services are probably the only people/organisation capable of stamping down on something as multi-headed and nefarious as things like child abuse imagery and spam. They could really be earning their dollars.

    We work in the tech field (well, you do, I don't really work at all), and we know that it is indeed possible to 'backtrace' someone if you REALLY REALLY want to. And time again they show this to be the case. Someone pisses the wrong person off and et voila Rodders, fait accompli pour vous mon frere! </delboy>

    You think 'how the cat in hell's chance did they catch that bloke'. And they don't say, of course. But when you reverse their strategic capability, it can be pretty impressive. Sometimes. Other times, not so much.

    We all know the game. They aren't interested in improving quality of life for children caught in a hell hole, or even slightly improving our quality of life by removing the main pushers of spam (just two examples previously given), they just want dirt to dish, just in case. Don't stick your head above the parapet, coz once you are on their radar, you are pretty much toast. Behaviour modification at its finest.

    And they want more. Never mind as my learned friends have pointed out, not only is it technically unfeasible, but it's just totally god damn unworkable. But they keep pushing. Pushing. Pushing. Never happy, even with the blatant data-rape they already have. Like an addict. When will they stop.

    It's going to reach a point where people say 'alright - just shut up - have the keys to my house/computer - do what the hell you like - just leave me alone', which is what they want. Anyway, they don't care what we think and I agree with the earlier poster, this is probably just another smoke screen. They probably have everything/everywhere/everyone real time on their big screen anyway. It's not like there was ever a real debate on this. Or that they listened to anyone but themselves from the start. They just do what the hell they want anyway. They probably even have a snappy name for it 'The Martini Doctrine' or something else worthy of a Michael Caine film (got to be better than, what was it? Fanny!).

    And somewhere in the world tomorrow a little girl or boy will have their lives ruined _again_ for the nth time, for some lost impotent soul to gain some kind of pleasure from, and they will be going through your wife's titty pics and your dick pics (as snowden put it). And the wheel turn around.

    This isn't about making the world a better/safer place. It's about power/control and the maintenance of the status quo. And they know we know that, but they turn the thumb screw another half turn with ramped up hyped hysteria about 'think of the children' for the dumbed down masses. They don't give a fuck about the children. These people have the power to pull the plug on these fuckers, but they won't get off their arses to bust a move.

    They already have more than enough to make a real world difference in this life. Hell yeah, backtrace that IP mofo, send in the black hawks to gulag 17 flat 32, flashgrenades and smashed windows shock and awe, all televised real time. I'd pay for it - that would be one channel I would subscribe to. I think this is the appropriate point to quote one John McClaine - we're cleaning up this town, kind of thing. But then I wake up, time for another dose of Largactil, unable to move with my arms strapped to my chest, and realise it was all just a beautiful dream. The world won't be saved today. The real heroes are too busy fapping over tit/dick pics.

    What have we become?

    1. Mark 85

      Re: A lot of truisms in this thread

      Nice summation. Have an upvote. At some point, even us tired, cynical, old gits will just give up and toss our keys to whatever kingdom we have and say.. "it's yours. Have a ball." Then quietly pack our bag, turn off the lights and go fishing in a quiet stream.

  22. Anonymous Coward
    Anonymous Coward

    The Dark Lord speaketh

    "... a “master key” for all products running encryption should be created, split up, and distributed among several agencies."

    Ahh, the 'one ring to bring them all and in the darkness bind them' strategy. I wonder who gets to play Sauron?

    I wonder if these clowns have any idea how increasingly ridiculous they look every time one of them opens their mouth. The only way they can stoop lower is if they hire Labour's Andy Burnham as a spokesman.

  23. Anonymous Coward
    Anonymous Coward

    If they want our shit

    Then just CC in all the relevant Agencies with your day to day emails and social media minutiae.

    DDOS?

    Deliberate Direction Of Shit

  24. Anonymous Coward
    Anonymous Coward

    Do they think we all have amnesia or something?

    >"The idea seems to be that only when all the agencies holding portions of a key decide to use it together will decryption become possible."

    Yeah, right, sure that's what would happen.

    Except that as we all now know, the NSA has spent the past who-knows-how-many years stealing every single key they can get their hands on.

    Do they really expect us to forget that and believe that they won't have all the pieces of the key pretty much from the word go?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like