back to article Deputy AG Rosenstein calls for law to require encryption backdoors

The deputy US Attorney General said he wants legislators to force technology companies to decrypt people's private conversations. Rod Rosenstein on Wednesday told a crowd of over 600 police officers that software developers should be required by law to unscrambled end-to-end encrypted chatter on demand – and if the engineers …

  1. Youngone Silver badge

    Flogging a Dead Horse?

    Or just a throwaway speech tailored to his audience?

    1. Anonymous Coward
      Anonymous Coward

      Re: Flogging a Dead Horse?

      Probably they're going to try again to get public support for it now that Trump is president. He was on record as against Apple during their battle with the FBI so they'll have his support. The problem is that the public is still at best split on this issue - and Trump's low popularity isn't going to help him win any converts beyond his base.

      Fortunately congress can't get anything done, and the stuff they MUST get done will take priority over arguing about stuff like this, so we don't have to worry about any laws of the type of Rosenstein wants happening.

      1. Anonymous Coward
        Anonymous Coward

        Re: Flogging a Dead Horse?

        I doubt Trump will spend much energy on the little stuff, that's more Obama's style. Trump has a big ego and only big causes will energize him, such as Immigration, Taxes, Health Care and the like.

        1. Anonymous Coward
          Anonymous Coward

          Re: Flogging a Dead Horse?

          You're probably right that Trump won't see it as a cause worth his time, but that won't stop the FBI from trying once again to mandate encryption backdoors. They've been pushing this in one form or another since Clipper back in the 90s, even though the genie has been out of the bottle so long he has grandkids.

        2. Velv

          Re: Flogging a Dead Horse?

          @Big John

          Trump has a big ego and only big causes will energize him, such as Immigration, Taxes, Health Care and the like.

          HELLO!!!

          Terrorists!

          Wasn't it his first Executive Order to persecute Muslims as all his followers consider them a terrorist risk that needs controlled and monitored?

    2. bombastic bob Silver badge
      Devil

      Re: Flogging a Dead Horse?

      if you flog it enough, it becomes *UNDEAD*

      http://tvtropes.org/pmwiki/pmwiki.php/Main/UndeadHorseTrope

      Anyway, Rosenstein's "audience" is more like "the D.C. Establishment" as he's one of THEM...

      Don't these numbskulls understand that if you FORCE A BACK DOOR like that, you render the encryption WORTHLESS©®¶™? And then EVERYBODY will download some foreign entity's encryption, and/or use PGP, and/or use an algorithm OF THEIR OWN DESIGN [me], which would render this worthless argument into complete irrelevance.

      Or, like 'gun control', if it's not "hitting the target by aiming properly" it's making sure that law abiding citizens cannot DEFEND THEMSELVES [because ONLY the criminals will have them].

      So if we ONLY want terrorists and criminals to be the ones with proper encryption, then going THAT DIRECTION will ENSURE IT.

      1. John Smith 19 Gold badge
        Coat

        "if you FORCE A BACK DOOR like that, you render the encryption WORTHLESS"

        No, in a word. They don't.

        I'm not sure what the correct collective noun is for when people like this get together and one of them gives a speech like this.

        A "lynch mob" of Aholes, perhaps?

        1. Sir Runcible Spoon

          Re: "if you FORCE A BACK DOOR like that, you render the encryption WORTHLESS"

          "A "lynch mob" of Aholes, perhaps?"

          How about..

          A clusterfuck of dingbats.

      2. Anonymous Coward
        Anonymous Coward

        Re: Flogging a Dead Horse?

        "Don't these numbskulls understand that if you FORCE A BACK DOOR "

        Random use of CAPS always reminds me of the Sun, Mirror, etc. i.e. content that is for those with a very low IQ...

    3. streaky

      Re: Flogging a Dead Horse?

      Yup, send in the throwaway moral panic to go with it. Still no sign of the NSA/GCHQ paper accompanying it for peer review to tell us how it's safe to do it. Probably because the NSA/GCHQ don't think it's actually possible either..

    4. Anonymous Coward
      Anonymous Coward

      Re: Flogging a Dead Horse?

      In the words of Sandor Clegane....stupid c*nt.

  2. Scoular

    If they succeed than US software will be at a disadvantage elsewhere in the world.

    Anything known to Apple, Microsoft, Facebook etc is automatically known to the US government is not a good advertising line.

    1. fidodogbreath

      It's funny; US conservatives often deride gun control by saying "criminals don't obey laws, so if we ban guns then only criminals will have them."

      The same logic applies to banning (or back-dooring) encryption. The sheeple will use the security-neutered comms to send cat pics to mom, and ISIS / the mafia / etc. will use something like PGP.

      TLAs will gain access to mountains of "where you at" messages, pictures of food, and other useless data. Meanwhile, the thugs will continue their thuggy business unabated...with the added benefit of not getting their bank accounts hacked, because now they're the only ones who have secure comms.

      1. frank ly

        "... ISIS / the mafia / etc. will use something like PGP."

        I'm sure they already do, with well managed key distribution and a bullet in the head for anyone who does anything that threatens their security.

        1. Bronek Kozicki

          I'm sure they already do, with well managed

          I doubt it. Too many of them are incompetent dumbasses

      2. 's water music
        Linux

        call to arms

        It's funny; US conservatives often deride gun control by saying "criminals don't obey laws, so if we ban guns then only criminals will have them."

        The same logic applies to banning (or back-dooring) encryption. The sheeple will use the security-neutered comms to send cat pics to mom, and ISIS / the mafia / etc. will use something like PGP

        But unless enough "sheeple" also use proper encryption, then 'properly encrypted' becomes a sufficiently valuable property for identifying 'traffic of interest' and allows TLAs to concentrate resources on looking out for opsec fuckups or meta-data so ISIS will need to cut over to using lame-o encryption on their seecrit comms steggoed into cat videos

        Video for cats -->

        1. Sir Runcible Spoon
          Paris Hilton

          Re: call to arms

          "But unless enough "sheeple" also use proper encryption"

          Take a look at the top of your browser, right now. See that bit that starts 'https://' ?

          If you need any more clues - I refer you to the right doshonourable Paris Hilton, T.A.R.T. ->>

        2. Anonymous Coward
          Anonymous Coward

          Re: call to arms

          "But unless enough "sheeple" also use proper encryption, then 'properly encrypted' becomes a sufficiently valuable property for identifying 'traffic of interest' "

          But if it's "properly encrypted" then it's not going to help...Disguising sources on the internet is easy via TOR / VPN / Proxy etc etc.

        3. Cynic_999

          Re: call to arms

          "

          But unless enough "sheeple" also use proper encryption, then 'properly encrypted' becomes a sufficiently valuable property for identifying 'traffic of interest'

          "

          Not if the properly encrypted messages are sent over a connection that has compromised encryption. In that case the FBI et al will have to decrypt all the weakly-encrypted traffic in order to find out who is using "proper" encryption, which is not practical.

        4. Anonymous Coward
          Anonymous Coward

          Re: call to arms

          "then 'properly encrypted' becomes a sufficiently valuable property for identifying 'traffic of interest' "

          That argument doesn't quite work. You can detect well-encrypted message bodies by measuring their degree of randomness (and then checking that they aren't simply well-compressed, which also makes them look random). But detecting by looking at the ciphertext that they've been encrypted with a back door is a completely different, i.e. impossible, problem. So in practice they will have to pick a message for analysis based on its metadata or on the sender or receiver's profile, and only then will they find out whether it has a back door. Of course, if it's suspect based on metadata, it may become a bit more suspect if there's no back door, but that doesn't have evidentiary value. Not that actual evidence seems to mean a lot to these spooks.

          Oops, better be AC for this one... although I wonder whether that helps... who's that knocking at the door?

          1. TheVogon

            Re: call to arms

            "But detecting by looking at the ciphertext that they've been encrypted with a back door is a completely different, i.e. impossible, problem."

            I don't believe it is. If you can identify the application / traffic type then presumably you could test it against a known backdoor key and see if the output makes sense / is non random. Or even testing it against a whole suite of keys wouldn't be hard baring in mind the CPU power these guys have leverage.

            You could also make "authorised" backdoored encrypted traffic in some way distinctive. After all if you are forcing a backdoor then presumably you can force whatever else you want as part of the package.

            Then the use case here is if you know it's encrypted in a "non authorised manner" and the source or destination is something that you have / can compromise then with a bit of extra effort you can still go take a look what is inside it. We already know the security services had exploits for most OS, VPNs, network hardware, etc, etc for many years. And worked by compromising and exploiting internal networks to get access for things they couldn't otherwise crack. I would imagine that they have already replaced all the exploits that were previously stolen and released with new ones.

            I wouldn't be surprised if they have exploits in things like imessage, WhatsApp, etc. etc too. They are not going to admit it if they do. In that case they can potentially monitor you just by sending a message or even a packet....

            And don't forget there are known security flaws in many of these apps anyway that a well resourced adversary could attack. For instance https://www.scmagazineuk.com/ss7-vulnerability-defeats-whatsapp-encryption-researchers-claim/article/530945/ and http://bgr.com/2017/01/13/whatsapp-encryption-broken-key-generated-nsa-oh-no/

      3. Roo
        Windows

        "TLAs will gain access to mountains of "where you at" messages, pictures of food, and other useless data."

        Google, Whatsapp, Facebook et al all leverage that 'useless' data to generate cash. Presumably the TLAs & gov can and will do exactly the same - much like our allegedly confidential NHS records here in the UK.

    2. Doctor Syntax Silver badge

      "Anything known to Apple, Microsoft, Facebook etc is automatically known to the US government is not a good advertising line."

      It's a very good line for vendors not in that list.

  3. Frumious Bandersnatch

    irresistable force vs

    immovable object.

    My money's on maths (the latter protagonist here).

    何となく、そんな矛盾の問題はとても面白いですよね。

    1. fidodogbreath

      Re: irresistable force vs

      My money's on maths

      "The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia."

      -- Malcolm Turnbull

  4. Duncan Macdonald

    Impossible

    Good quality encryption is already in the public domain (eg OpenPGP ) and any attempt to insert a backdoor is very unlikely to succeed when the source is publicly available.

    For people who REALLY want to keep information secret - it is possible to use multiple encryption programs in series (eg use 7-Zip to create a password protected Zip file then use ccrypt to encrypt the Zip file then use OpenPGP to encrypt the output from ccrypt.). Done properly there is no way of recovering the original message without knowing the keys even if one of the programs has a backdoor.

    1. Yet Another Anonymous coward Silver badge

      Re: Impossible

      Except by the simple method of keeping you in prison indefintely until you reveal the keys and holding you upside down in a tank of water with electrodes on your bits until you remember

      1. Anonymous Coward
        Holmes

        Re: Impossible

        That level of pain is normal here, and yes I'm serious. I've been tasered and that didn't work out so well for the cops. Hardest part was pulling out the hooks. The shock did nothing. They decided that talking me out of one of my rambles was better idea.

        The real problem for law enforcement is that it's only companies that they have a real bit of leverage on. I'm now a private citizen and unless they figure out some way of banning encryption entirely, there are probably close to a myriad of ways we citizens can short-circuit their monitoring. Save for the point to point metadata, and some of that can be scrambled too, the content is a mystery.

        They've been told and told that only by leveraging the end-point (hacking the devices on each end) will they be able to gain access to the content. And that's dead on*. Anything else is a pipe dream and as I recall, AG Sessions has a thing about people that smoke drugs.

        * - In the military I worked professionally in a dozen fields of engineering, half that in analysis (including intelligence), had a nuclear security clearance, and used to fix NSA gear when it broke and the cryppies couldn't fix it. [Real easy to troubleshoot if you know what should be looking for in-circuit.] Also a computer scientist, statistician, econometrician and a bunch of other applied math stuff. The point of this footnote is that there isn't a damn thing in the world preventing me from literally encrypting the world+dog, should I choose to do so. The hardest part is killing side-channel attacks. And then, share the results. Short of locking me up forever which will have to be solitary since there's stuff they don't want me to talk about. Ever. And I'm far from the only one with these distinct libertarian/anti-authoritarian impulses.

        1. StargateSg7

          Re: Impossible

          Those dumbkopff at teh upepr levels of NSA/GCHQ/MI5/MI6/CSE/CSIS, etc can't do toodle SQUAT

          when I can write an OPEN SOURCE text and video messaging app that works on MULTIPLE OSes

          and web browsers which can encrypt data to and from almost ANY application!

          I can design and code Triple AES-256, Elliptic Curve and Quantum Computing Shor's

          resistant encryption algorithms EVERYWHERE in almost ANY application!

          And of course I will GIVE IT AWAY COMPLETELY FREE AND OPEN SOURCE !!!

          and there is NOTHING they can do about it! BECAUSE...I'm ONE of those people

          who simply IGNORESTHE LAW if I find it to be stooopid and/or outrageously illegal

          and/or immoral! I JUST IGNORE IT AND SEND MY SOFTWARE OUT ANYWAYS!

          NOT A THING THEY CAN DO ABOUT IT AS I keep dead hand switches active

          EVERYWHERE in the world!

          1. Sir Runcible Spoon

            Re: Impossible

            I hope you don't litter your coding remarks with that many capital letters :)

      2. Sir Runcible Spoon

        Re: Impossible

        keeping you in prison indefintely until you reveal the keys and holding you upside down in a tank of water with electrodes on your bits until you remember

        PTSD interferes with my memory recall. As does being pissed off at someone trampling over my rights.

      3. CrazyOldCatMan Silver badge

        Re: Impossible

        holding you upside down in a tank of water with electrodes on your bits until you remember

        Or the (much more cheap) rubber cosh and big burly types option.

    2. Voland's right hand Silver badge

      Re: Impossible

      Done properly there is no way

      Of course there is a way. There is a very well known side channel attack - you download the key by attaching two electrodes to the testicles and applying short pulses of 5Kv..

      1. CrazyOldCatMan Silver badge

        Re: Impossible

        you download the key by attaching two electrodes to the testicles

        Will only work on ~51% of the population..

    3. Dave 32
      Coat

      Re: Impossible

      "or people who REALLY want to keep information secret - it is possible to use multiple encryption programs in series "

      That's why I double encrypt everything with ROT-13 when I want to make sure it stays secret. ;-)

      Dave

      P.S. I'm waiting for an intelligent genius to develop an encryption routine which, when the data is decrypted with one key, produces the secret text, but, when decrypted with an alternate key, produces a grocery list.

      1. Cynic_999

        Re: Impossible

        "

        P.S. I'm waiting for an intelligent genius to develop an encryption routine which, when the data is decrypted with one key, produces the secret text, but, when decrypted with an alternate key, produces a grocery list.

        "

        It's been done.

        Search "TrueCrypt" (or VeraCrypt") and "hidden container"

      2. Orv Silver badge

        Re: Impossible

        There are deniable encryption systems that come close, but they have strong usage constraints that make them not super practical for day to day use. Generally they let you selectively decrypt portions of the data without revealing how many portions are still encrypted. This only helps you if the cops aren't sure what you have, of course -- if they have other evidence you have a specific piece of info, they can just keep you in jail on contempt charges until you cough up the passphrase for it.

    4. Adam 1

      Re: Impossible

      > it is possible to use multiple encryption programs in series (eg use 7-Zip to create a password protected Zip file then use ccrypt to encrypt the Zip file then use OpenPGP to encrypt the output from ccrypt.). Done properly there is no way of recovering the original message without knowing the keys even if one of the programs has a backdoor.

      Obligatory

      Also your idea whilst stopping attacks on specific ciphers does bit assist when said TLA compromises your RNG.

  5. ma1010
    Facepalm

    And in other news...

    A new bill was just introduced into Congress to repeal the law of gravity. "After all," stated a congressional spokesperson, "it's a LAW, so Congress has the power to repeal it, at least in the U.S. With gravity under our control, it will be much more economical to explore space since the rockets won't need as much fuel to take off. We're also looking into making both pi and e equal to 3.0 to simplify mathematics for our children and bring up STEM scores."

    1. Old Used Programmer

      Re: And in other news...

      I regret to have to say that tehre are almost certainly US congresscritters that would go along with all three of those.

  6. a_yank_lurker

    Shyster Stupidity

    Given the average shyster over here has problems with basic arithmetic I am not surprise at the near Congresscritter level of stupidity here.

  7. Anonymous Coward
    Anonymous Coward

    Maybe it's time America updated it's constitution to make privacy a right with retribution for anyone who proposes to take it away. Little by little they empower the enforcers and disempower the people. Where is the line? Isn't this surrendering our freedom to terrorism?

    1. Anonymous Coward
      Anonymous Coward

      Privacy is a constitutional right, just not an explicitly listed one. It underlies decisions like Rowe vs. Wade that tend to piss a lot of people off when they discover the government can't compel behaviors they don't like.

      While making it an explicit right wouldn't change much legally, it would sure do a lot for the whiners that want the government to run our lives.

      1. bombastic bob Silver badge
        Pirate

        " It underlies decisions like Rowe vs. Wade that tend to piss a lot of people off when they discover the government can't compel behaviors they don't like."

        unless it's the OBAKA-CARE INDIVIDUAL MANDATE (according to the Supreme Court, anyway)

        /me still waiting for THAT @#$%-ing thing to GO THE @#$% AWAY and I will _CONTINUE_ to _VIOLATE_ that "law" until it does... because it's a "hardship"

    2. Anonymous Coward
      Anonymous Coward

      On the bright side today, the California Supreme Court shut down retention of automatic license plate recording data. Have to wait for the full judgement to see how effective it will be against private firms, not just law enforcement. The LAPD ain't happy. Good.

      1. John Smith 19 Gold badge
        Gimp

        "the California Supreme Court shut down retention of automatic license plate recording data."

        A situation the British can only dream of.

        UK police forces have been doing this for a decade, despite no apparent formal request to set it up in the first place, and absolutely no government or local authority oversight.

        1. James 51
          Big Brother

          Re: "the California Supreme Court shut down retention of automatic license plate recording data."

          The police in the UK have been told holding mug shots and DNA info on ordinary citizens is illegal and they should destory what they have and not collect any more. Guess what they're doing? Exactly as they dam well please and we don't have an one with the nerve to hold the police to account for breaking the law.

  8. Chairo
    Devil

    An unbreakable backdoor would be nice

    And as we are on it. Could we also outlaw general relativity? Why should we limit ourselves to the speed of light?

    1. DNTP

      Re: An unbreakable backdoor would be nice

      According to the law, usage of the backdoor would be only permitted by law enforcement. Also to guarantee the well known concept of "security by obscurity", backdoored software would be classified as "munitions" and made illegal to export to other countries. Practically, usage and specific knowledge of backdoors would be limited only to cases vital to national security and not made available to local agencies to access people's phones without securing warrants- ok, yeah I can't keep going.

      1. Anonymous Coward
        Angel

        Re: An unbreakable backdoor would be nice

        > backdoored software would be classified as "munitions" and made illegal to export to other countries

        Encryption software or any encryption device is already classified as munition in the US, and it has been so for a very long time, at least since WWII.

        Currently, any encryption algorithm using a key, or key pair, wider than 1024 bits falls under ITAR, and is considered munition. It cannot be exported to any country without prior permission from the US Department Of Commerce - Bureau of Industry and Security.

        Just because an encryption algorithm is open source - that is, the source code is publicly available, it does not mean that the software is not subject to EAR export restrictions.

        This is a relaxation of the rules that have existed since WWII. Before 1997, any encryption software or device was considered munition, regardless of key length.

        1. Anonymous Coward
          Anonymous Coward

          Re: An unbreakable backdoor would be nice

          "Currently, any encryption algorithm using a key, or key pair, wider than 1024 bits falls under ITAR, and is considered munition. It cannot be exported to any country without prior permission from the US Department Of Commerce - Bureau of Industry and Security."

          I'm sorry, but after reviewing your link, I'm just not able to confirm your assertion. It seems to even directly contradict it:

          "There is no "unexportable" level of encryption under license exception ENC. Most encryption products can be exported to most destinations under license exception ENC, once the exporter has complied with applicable reporting and classification requirements."

          1. Anonymous Coward
            Anonymous Coward

            Re: An unbreakable backdoor would be nice

            > I'm just not able to confirm your assertion. It seems to even directly contradict

            Nope it does not contradict any of it:

            Federal Register - BIS EAR - Encryption Export Control Regulations.

            There are plenty of details about key length restrictions for export control.

            You quoted the relevant sentence yourself:

            Most encryption products can be exported to most destinations under license exception ENC, once the exporter has complied with applicable reporting and classification requirements

            If you really want to learn about US crypto export control details, you need to spend a lot of time reading the Federal Register, because these regulations are spread around many documents.

        2. Roland6 Silver badge

          Re: An unbreakable backdoor would be nice

          >This is a relaxation of the rules that have existed since WWII. Before 1997, any encryption software or device was considered munition, regardless of key length.

          Which is why no one outside of the US used DES and instead purchased encryption software typically developed in Israel. Also the open source community quickly got wise and ensured relevant projects were led by non-US nationals and hosted by non-US providers on servers physically located outside the US.

          1. Anonymous Coward
            Anonymous Coward

            Re: An unbreakable backdoor would be nice

            Like that's gonna help you if the US REALLY want you. Remember, the US broke the legendary Swiss bank anonymity. If they can do that, odds are they can do nigh anything.

            1. Roland6 Silver badge

              Re: An unbreakable backdoor would be nice

              Like that's gonna help you if the US REALLY want you.

              Agreed, however it did mean that the rest of the world could use whatever level of encryption was legal in their neck of the woods without having to get Uncle Sam's permission...

              1. Anonymous Coward
                Anonymous Coward

                Re: An unbreakable backdoor would be nice

                It's not his permission you have to worry about, but his fingers, to be sure he never had a hand, overt or covert, in the design such that you can be certain he didn't insert a backdoor. After all, consider the data center in Utah. What's to say it isn't secretly concealing a black-project quantum computer?

      2. Captain DaFt

        Re: An unbreakable backdoor would be nice

        backdoored software would be classified as "munitions" and made illegal to export to other countries.

        Of course, The US has no qualms about selling munitions to friendly countries and allies, Like say, Their old allies in the Middle East: Iran, Iraq, and the Taliban.

        Sure came in handy later when we were fighting in the Middle East with... Iran, Iraq, and the Taliban? Uh, wait, hold on...

        1. Anonymous Coward
          Anonymous Coward

          Re: An unbreakable backdoor would be nice

          Getting shot by shit your own side sold to the (later) enemy is a fine American tradition. At least you know the characteristics of the weaponry and their quirks. Might help somehow.

          I believe we got this tradition from the British.

          1. CrazyOldCatMan Silver badge

            Re: An unbreakable backdoor would be nice

            Getting shot by shit your own side sold

            Or, as the old joke goes: "When the British shoot, the Germans duck. When the Germans shoot, the British duck. When the Americans shoot, everybody ducks.."

      3. CrazyOldCatMan Silver badge

        Re: An unbreakable backdoor would be nice

        law enforcement

        Which, as we all well know, includes dog warden, parish councillors, TV licence enforcers and local schools[1]..

        [1] Can't have people applying to schools they don't qualify for!

  9. Terafirma-NZ

    Two things

    1st. Can they even enforce this when the devices ship from China and I am sure it would not be hard to move the systems that compile the code off shore thus the product is never exported.

    2nd. I'll use this the second the USA confirms that all government agencies including the military use the same encryption for all their communications!

    1. Orv Silver badge

      Re: Two things

      I think they could enforce it if they wanted to badly enough. We already know the NSA intercepts and backdoors routers being shipped to some countries. The amount of manpower required to do it in the other direction for cell phones would be steep, though. It would probably be easier to slip a backdoor in at the source, without the manufacturers knowledge.

      Would this actually happen? Probably not, not for feasibility reasons, but for political ones. The NSA and the other three-letter agencies are rivals and they don't like to share. They're especially not keen on having their methods revealed in court, which tends to deter them from participating in criminal cases.

      1. Doctor Syntax Silver badge

        Re: Two things

        "I think they could enforce it if they wanted to badly enough. We already know the NSA intercepts and backdoors routers being shipped to some countries."

        You're still thinking in the US box. There's a whole lot of other countries out here. Some of them have quite nice climates where CxOs will be happy to live, quite amenable financial regimes and others have cheap manufacturing locations. OK, the NSA can make those intercepts when the goods are being shipped to one country - the US but the rest of us won't worry.

    2. Doctor Syntax Silver badge

      Re: Two things

      " I am sure it would not be hard to move the systems that compile the code off shore thus the product is never exported."

      More than that: move the businesses themselves off-shore. Then, in a few years, the US can reminisce about the days when it had an IT industry.

  10. Woodnag

    Not necessarily...

    "..the Feds eventually opted instead to pay for a zero-day vulnerability to circumvent the passcode."

    That's what they said. Also possible is that it had been broken before inadmissably (no warrant), and they wanted to avoid having the technique (or the act) publicised.

  11. Anonymous Coward
    Anonymous Coward

    We promise not to look

    OK, maybe just a bit....

  12. katgod

    Do it the old fashion way, shut up, figure it out and don't tell anyone you can get in. Why are there so many idiots in positions of power.

    Of course it is possible some of them have figured it out and then they let the idiots provide a smoke screen to make it look like they can't get in, but now I am starting to assume what you see is not what you get and that is usually wrong.

  13. mako23

    If I chose to use AES encryption during communication thats my decision

  14. Anonymous Coward
    Anonymous Coward

    What happens when...

    ... Russia, China, and the other 260, or so, law enforcement require access for their criminal investigations? And that investigation involves agencies or persons working for the government? In a classified matter? Need I go on? Beware what you ask for.

  15. Charlie Clark Silver badge

    Habeas corpus?

    After a terrorist attack, obtaining stored electronic information is an effective and necessary law enforcement technique.

    Yeah, who needs a crime to start investigations? Just start suspecting everyone!

    Fortunately, the US Supreme Court would almost certain to slap down anything like this and the DoJ know it. So, it's the usual kind of posturing.

    1. Charles 9

      Re: Habeas corpus?

      Don't be so sure. The SCOTUS waxes conservative now.

  16. Anonymous Coward
    Anonymous Coward

    Oh boy.....

    'He also made a point somehow related to encryption when he referenced the natural disaster unfolding in Texas.'

    Wow. The man just make the biggest quantum leap since Sam Beckett. Where's Al and Ziggy? Do do do doodoo do do do doo..

    1. Flakk

      Re: Oh boy.....

      Wow. The man just make the biggest quantum leap since Sam Beckett. Where's Al and Ziggy? Do do do doodoo do do do doo..

      Maybe Rosenstein is an Evil Leaper. That would actually explain a few things.

  17. Christian Berger

    Essentially that would make US products unbuyable to the rest of the world...

    ... at least that's the common idea. The counter-argument is of course Blackberry, who have been found to have back doors many times, but still manages to sell their products.

    1. James 51

      Re: Essentially that would make US products unbuyable to the rest of the world...

      You do realise that Blackberry don't sell phones directly any more? Cooperating with the police in the London riots cost them their teenage users.

  18. Anonymous Coward
    Anonymous Coward

    They need to test this first ..

    .. so let's ensure that the not-so-esteemed deputy AG is stripped of all crypto. He should not be able to set a password other than "1234" and "password", and must be mandated to access his bank only online.

    If he objects, well, he's only exposed to the natural consequences of what he proposes so why the protests?

    Bloody idiot.

  19. Milton

    Laws of Math vs Laws of Men

    The Reg readership doesn't need to have it explained why Rosenstein is talking complete drivel, but you do have to wonder why politicians, political appointees and even moderately smart guys like the late not-much-lamented Comey simply *will not* understand that the backdoors idea cannot work, will have no effect on the Black Hats it's supposed to be targeting and will render everyone less safe. Even the kind of intellectual pond life infesting DC are surely capable of understanding that π is not 3.000. It will never be 3.000. No amount of political gobshittery from a mouth-on-a-stick will make it become 3.000. The laws of math trump those of men and that's all there is to it.

    Then again, perhaps I overestimate them. Maybe their stupidity should be diverted into a more harmless route: leveraged, in a word, rather than us simply banging our foreheads in frustration.

    So someone please tell these nincompoops that the problem is prime numbers. Get Trump to twat something presidential like "Primes unamerikan. Helping nookoolar tursts. Bad!" Congress obviously must set itself to pass a law to make it easier to perform prime factorisation on large numbers. It's scandalous that this has been overlooked for so long. Give them a mountain of paper and as many pencils as they like (there's always some attrition, as Representatives in particular keep sticking them in their ears and noses) and leave them to secure the nation and make America great again. Should keep them from causing trouble elsewhere for years at least.

    1. Roo
      Windows

      Re: Laws of Math vs Laws of Men

      "but you do have to wonder why politicians, political appointees and even moderately smart guys like the late not-much-lamented Comey simply *will not* understand that the backdoors idea cannot work, will have no effect on the Black Hats it's supposed to be targeting and will render everyone less safe"

      The answer is very simple: They don't actually care about security and locking up bad guys, they just want access to all your data 24x7. Given that the motivation is clearly not security, and the folks talking this shite are pole climbers by definition, I believe we can safely conclude that they want this stuff because it will give them a massive edge over the proles in terms of insider trading, blackmail, extortion and evading justice. I am not even sure why they are trying to justify this crap to the television cameras, it's not as if the voters have a choice in the matter.

  20. JJKing
    Black Helicopters

    How to keep a secret? Tell NOBODY!

    A secret backdoor that is known about by more than one person is no longer a secret backdoor.

    1. Charles 9

      Re: How to keep a secret? Tell NOBODY!

      Don't you mean more than ZERO people?

  21. poohbear

    IANAL but I have a question:... if they demand your password, and you give it to them, and it still doesn't work (perhaps, just perhaps, they are using the wrong program to decrypt it....), are you obliged to tell them?

    And how do they prove you gave them the wrong password then?

    Or do they require you to do the decrypting?

    Isn't that where the whole "self incriminating" thing kicks in?

    All your secrets are belong to us.

    1. Orv Silver badge

      In the US that question is so far up in the air, in my understanding.

      On the one hand there have been rulings that held that police can compel you to unlock your phone with a fingerprint, but can't compel you to give your PIN.

      On the other hand, there's currently a guy who's been held in prison for two years on contempt of court charges, because he won't give the password to unlock an encrypted drive that's believed to contain child porn.

  22. Nimby
    Devil

    Simple ansswer: prove the concept.

    I say we let them have their backdoors. But like any good technology, first it must be proven to work. So before the law forces world+dog to use it, first anyone who voted for, signed a dotted line, supported, etc. the backdoor is required to be a part of the Proof of Concept phase wherein all of their phones, bank accounts, emails, etc. are now all replaced with backdoored equivalents. Anyone else who wants to support this can also opt-in to this trial. And this trial must occur for no less than six months prior to forcing it upon everyone else. And there is no opting out or cancelling. You supported it, then are locked in to the trial to the end.

    I figure just one week of that and random and sundry hackers of the world will have pwned them to hell and back and generally stolen all their money, pillaged their identity, ruined their lives, and badmouthed their dog enough to prove even to people as mentally deficient as these idiots just why exactly mandatory backdoored encryption is such a bad idea. LOL The remaining five months and three weeks or so is just me laughing endlessly.

    1. Charles 9

      Re: Simple ansswer: prove the concept.

      And if they STILL go along with it? Some can be gluttons for punishment, for example.

  23. Vic Sub
    Facepalm

    Here we go again

    Same old crap. Hopefully it fizzles again once people, who know wtf they're talking about, school these misguided legislators how futile this kind of legislation would be.

    Goes something like:

    1) Pass laws in US requiting back-doors to encryption

    2) Users\Companies stop using those products\protocols and opt for some foreign-made product that does not adhere to US laws

    3) US tech loses market share.

    Also, can't make a law that will compel people to use back-doored tech

    1. Charles 9

      Re: Here we go again

      Sure you can. Just require the use of it if you want lucrative government (some run in the BEEELIONS) contracts, many of which can be make-or-break-ers for companies. Think about it. ALL states set their alcohol minimum ages to 21 (IN SPITE of the age being determined by the states in the years following the 21st Amendment) because setting any lower means no federal highway funds for you (BY LAW). Same tactic.

      1. Doctor Syntax Silver badge

        Re: Here we go again

        "Just require the use of it if you want lucrative government (some run in the BEEELIONS) contracts, many of which can be make-or-break-ers for companies."

        No problem. The US has a rump tech industry that sells to the US govt The rest of the world uses non-US products from firms that either left the US or started elsewhere in the first place. If that leaves the US floundering with its downsized tech industry why should the rest of us care?

        1. Charles 9

          Re: Here we go again

          Nearly 400 million people and a lot of money. Not even China ignores them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like