Former security officials and BlackBerry CEO pile in on encryption debate The rolling debate over encryption has been joined by BlackBerry's CEO and a range of former national security officials. Following a recent political pushback, and a Republican debate that appeared to again ask for backdoors to be introduced into encryption products, the experts have stepped in to argue for a more realistic …
There is only one solution for providers like Apple that don't want to hand over data: make a true 'no knowledge' system where they can't access the information.
None of them will do that because they want they want as much grist for the mill to make the user experience as rich and streamlined as possible.
If you can get the information for your own use then expect the government to come knocking sooner or later; if you really want to protect your customers then you have to protect them from you as well.
"One of the world's most powerful tech companies recently refused a lawful access request in an investigation of a known drug dealer because doing so would 'substantially tarnish the brand' of the company. ..."
This is obviously a reference to WhatsApp and the recent Brazilian court case. In the small number of reports that I've read, it's been said that WhatsApp refused but gave no further details of any reasons why. Where is John Chen getting his quotes from?
If you have a side channel to securely exchange keys (which could for example be hidden on an SD card) then you can encrypt all your data on your local device and then send it over a clear connection.
Not much the service provider can do then, apart from reporting you for sending encrypted data.
I guess the issue with the spooks is providing the feature to unskilled users and making things too easy.
Well, cup of concrete time. Harden up and do it the old fashioned way with feet on the ground
Yes, and "lawful request" is a weasel term too. Was it a warrant obtained from a truly independent judiciary, under a regime of due process, for ethically sound reasons? In many jurisdictions - certainly including the US - many requests for information are "lawful" but still reprehensible incursions on civil rights.
I find Chen's argument woefully unpersuasive.
IMHO there is a big difference between a "Back Door" and a "Legal Request".
With the Back Door there is a much bigger risk of casual abuse of such power - For example I'm sure there are many substantiated cases of the UK's PNC system being abused by lower ranking police officers checking out police records for "a friend of a friend". Information which may be out of date or inaccurate for reasons known about to the holder of the information, but not necessarily imparted to those viewing it ("oh, we're migrating to a new system, what you're seeing there is a transient snapshot").
Not only is a Legal Request a more stringent auditable event, more sparingly used, but there is a better chance that the recipient of the request will provide some kind of meaningful interpretation to the request, which they would no doubt need to do if they were called into court to explain the method of collection.
This just isn't how encryption works. A legal request for data from a government would require some sort of shared key, else how would you decrypt the random bits.
Maybe the government going to have some sort of database which will hold all the keys for the population so that they can decrypt data as required, but how long until that database gets hacked, just think of the OPM raid.
Anyway that the 3 and 4 letter agencies think of getting there hands on our data, is unlikely to be the way that a terrorist communicates, they'll just roll their own encryption it's not hard to do, the maths is just a Google away.
Mine's the one with the PRNG stream in the pocket
Maybe the government going to have some sort of database which will hold all the keys for the population so that they can decrypt data as required, but how long until that database gets hacked, just think of the OPM raid.
The term you're looking for is "key escrow". And protocols for key escrow can be rather more sophisticated than a "database which will hold all the keys". Some people have even patented them.
Mind you, I'm not saying I'm in favor of government key escrow, or that it's magically "secure" (which wouldn't be a meaningful claim anyway). Of course it's an additional attack surface. But this all-or-nothing discourse of "encryption with a back door isn't encryption", however emotionally appealing, is naive.
Key escrow can improve security under some threat models. It's often useful within an organization, for example; you have all your users use filesystem encryption on company machines, and escrow their corporate keys in case they forget their password. That prevents a nasty failure mode while increasing the work factor for attackers under many much more likely attack branches.
I'm strongly opposed to government key escrow and other attempts by pandering and fear-mongering officials (and straight-up surveillance fans like Feinstein1) to restrict cryptographic technology. The all-or-nothing argument, though, is naive and technically incorrect, and doesn't do much to support the pro-cryptography position.
The most prominent previous attempt at government key escrow, Clipper, foundered as much on technical weakness2 as political opposition. Once the government learned the scheme could be defeated in practice, they didn't see much point in pushing it. So technical arguments have certainly been useful, historically, in this area; but they should be good technical arguments, and not bumper-sticker slogans with no real content.
1I'm a registered "lesser of two evils" Democrat, but she's a prime example of why I've refused to support the party, financially or otherwise, for decades. Both parties have had terrible records for some time regarding civil rights.
2Matt Blaze showed you could forge the LEAF checksum, which meant you could create a key that appeared to be escrowed (actually self-escrowing3) but wasn't. The patent I linked to above - the one recently used in ECC extortion attempts - is for a protocol that makes it infeasible to forge this sort of looks-escrowed-but-isn't key.
3Clipper provided built-in escrow: It used a relatively (for the time) large key, but encrypted part of the key using another key that the government had. So the government could decrypt part of the key, then brute-force the remainder. The LEAF (Law Enforcement Access Field) was the encrypted key-part, and the LEAF checksum was supposed to guarantee that the LEAF was valid and not some random garbage you stuck in there after Clipper had encrypted your data. This is all from memory, as I'm feeling daring at the moment. I look forward to outraged corrections.
"So the government could decrypt part of the key, then brute-force the remainder"
One aspect of all of this that I wondered about is most folk have pretty simple PIN sequences or unlock patters for their phones, so I suspect they are brute-forcible in the order of 1E8 attempts or less, for a 4 digit PIN probably ~500 attempts. So is recovery from a confiscated phone really beyond the law enforcement capabilities, or is it simply an issue of cost/time that it looks too hard to do without a simple backdoor?
After all the Internet part needs very strong encryption because there are plenty of opportunities for the data to be intercepted and plenty of botnet PCs to do cracking if it looks worth it, but physical access to a phone is much less common and generally I suspect most stolen phones are going to be wiped and re-sold unless its trivial to get profitable data off it.
Or as Mary Shaefer put it "Insisting on perfect safety is ofr people who don't have the b**ls to live in the real world."
Storing everyone's data to catch (but not always you'll notice EG the 7/7 bombers) the 0.013% (roughly the number of suspects MI5 said they were tracking) of the population they think might commit a terrorist act.
The terrorist excuse is bu***hit.
Who asks for perfect safety? Only those in the media looking to fill column inches or screen minutes.
In the '80's early 90's my wife and I worked in Great Peter Street in London which is not far from Downing Street, close enough to hear the IRA bomb that went off. At that time, the trains would be regularly stopped or delayed because of a threat. Everyone I spoke to was of the mind "bring it on" just get the trains running, anything else is giving the terrorists what they want. The reality is that you are many times more likely to be knocked down by a vehicle on the way from/to the station than be taken out by a terrorist device - which of course were all hoaxes.
Everyone I spoke to was of the mind "bring it on" just get the trains running, anything else is giving the terrorists what they want.
Yes, this!
All of the current risk-adverse cowering and fearfulness is just telling the Daesh scum that what they are doing is working.
"Of course the big difference between being in government and having left government is that you no longer have the direct responsibility to keep people safe to knee-jerk to tabloid scare stories and moronic voters who believe them"
Is the fixed version for you. Really, what we have seen recently mostly did not use encryption, and decades ago when the likes of the IRA, Red Brigade, ETA, etc, we bombing and shooting people they did not have access to encrypted phones at all but some how managed to keep killing.
"Of course the big difference between being in government and having left government is that you no longer have the direct responsibility to keep people safe."
A better reason would be:
Of course the big difference between being in government and having left government is that you no longer can be fired for telling the truth.
In the greater picture of things the back door encryption debate is just a straw man that directs attention from the real debate. Both sides know that weakening encryption won't result in better security. So why keep debating it?
What about the real issue? In my opinion the real debate, which politicians choose not to partake in, is how to reign in the mass surveillance that continues unabated.
The sheer stupidity of this 'debate' is mind numbing. The only thing these clowns will achieve is a reduction in security for your average person on the web. Terrorists and career criminals already use encryption. They understand its value. That encryption is freely available using open source tools and code. It is accessible for whomever wants it. The idea that it can be controlled is risible. Our elected officials, many public officials and many in the IT industry are so far out of their depth on this one it is a joke.
This post has been deleted by its author
Wow. I am impressed so many wise people, I just wish you were all in Gov to stop this complete debacle going on atm. If and I mean if I was terrorist, I would just encrypt any data and send the key by post in a letter, then use OCR to read it, obviously suppling a checksum to verify that the key has been correctly inputted. Then phone then destination asking have you eaten tonight - code word meaning have you received the public key, they say yes and ask and have you - any key word meaning have you received my public key. When both public keys have been received then data can be send to anywhere and collect maybe using public wifi in the many establishments around the country without any link to the postal address where the keys were sent.
The method of transport payment should be cash and not Oyster cards and hoodies should be warn at all times once leaving said postal address !
Now I await a knock on the door by said security forces !
PS: Also not to use Win 10 as it phones so many homes we have nick-named it Jobe from "The Lawnmower man" !
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
