White House Floats Idea Of Crypto Backdoor… If The Key Is Broken Into Multiple Pieces

from the crossing-the-threshold dept

It’s no secret that some in the law enforcement and intelligence communities are hell bent on stopping encryption from being widely deployed to protect your data. They’ve made it 100% clear that they want backdoors into any encryption scheme. But when actual security folks press government officials on how they’re going to do this without undermining people’s own security and privacy, we get a lot of bureaucratic gobbledygook in response. Either that or magical fairy thinking about golden keys that basically any security expert will tell you are impossible without weakening security.

Not surprisingly, the law enforcement and intelligence communities are not giving up yet. The latest is that the White House appears to be floating a proposal to setup a backdoor to encryption that requires multi-party keys. That is, rather than just having a single key that can decrypt the content, it would require multiple parties with “pieces” of the “key” to come together to unlock it:

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, said Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?

?I don?t want a back door,? said Rogers, the director of the nation?s top electronic spy agency during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. ?I want a front door. And I want the front door to have multiple locks. Big locks.?

Of course, this proposal is nothing new. As Declan McCullagh points out, during the first “Crypto Wars” of the 1990s, the NSA proposed the same sort of thing with two parties holding parts of the escrow key. It was a dumb idea then and it’s a dumb idea now.

The idea being floated here is that by setting up such a system, it’s less open to abuse by government/law enforcement/intelligence communities. And maybe that’s true. It makes it marginally less likely to be abused by the government. But it can still be abused quite a bit. It’s not like we haven’t seen multiple government agencies team up to do nefarious things in the past, or even federal officials and private companies. Hell, just look at the recent discussions about the DEA’s phone records surveillance program, where the DEA later teamed up with the NSA. And, also, that program required the more or less voluntary cooperation of telcos. So the idea that the requirement of multiple parties somehow lessens the risk seems like a stretch.

But, even if it actually did reduce the risk of direct abuse, it doesn’t get anywhere near the real problem with this approach. If you’re building in a back door, you’re building in a vulnerability that others will eventually be able to exploit. You are flat out weakening the system — whether or not you split up the key. You’re still exposing the data to those with nefarious intent by weakening the overall system.

Thankfully, at least some in the government seem to recognize this:

?The basic question is, is it possible to design a completely secure system? to hold a master key available to the U.S. government but not adversaries, said Donna Dodson, chief cybersecurity advisor at the Commerce Department?s National Institute of Standards and Technologies. ?There?s no way to do this where you don?t have unintentional vulnerabilities.?

So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST — or the people who want to undermine cybersecurity at the NSA and the FBI?

Filed Under: , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “White House Floats Idea Of Crypto Backdoor… If The Key Is Broken Into Multiple Pieces”

Subscribe: RSS Leave a comment
141 Comments
Designerfx (profile) says:

"So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST "

Uh, you remember how NIST is the group that has been compromised by the NSA on a multitude of levels?

I wouldn’t rely on NIST any more than I’d suggest relying on what NIST represents, such as FIPS – which happens to be mandated on every machine and is basically an imaginary wishlist of “your machines/processes are secure!”

Mike Masnick (profile) says:

Re: "So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST "

Uh, you remember how NIST is the group that has been compromised by the NSA on a multitude of levels?

FWIW, NIST appears to have undergone something of a radical shift in response to the NSA stuff. It has come out strongly against the NSA’s activities on that one and since then has been pretty regularly standing up for good encryption practices. I think it got religion in a good way.

Anonymous Coward says:

Re: Re:

“No.”

Such a simple little word. But the US government hasn’t heard it enough. It’s forgotten there was ever even the possibility of being refused. But they need to hear it. Repeatedly. From the entire social strata of the citizenry: “No.”

May we spy on you? “No.”

May we control what you say and when you say it? “No.”

May we muzzle scientific discourse and free inquiry? “No.”

And just maybe, if enough people could stand together and say together with one voice “No. We will not give in. We will not sacrifice the principles on which this country was founded. Our Bill of Rights will not be given up as an offering on an alter of lies to appease your rampant insatiable ego and need for absolute control. We refuse.” then we could yet save this country from its slow and inexorable decay.

Something radical will need to be done soon. Perhaps like Rome’s succession of the Plebeians, which was needed before their central government would yield.

Anonymous Coward says:

Well, as long as they split the pieces and only give them to agencies that we can trust, such as NSA, DEA, DHS and FBI, then I’m okay with it.

Lol, just KIDDING!

NSA would get all the pieces anyway – with or without the other agencies’ permissions (as if I’m going to believe they wouldn’t give them their pieces anyway).

Anonymous Coward says:

Re: Re:

As usual they are ignoring the international community that this would also eventually apply. Are they really advocating that all governments should be given the spare keys. Any step in this direction will be mirrored elsewhere, and guaranteed there are countries out there where this level of government access would get people killed.
So whilst is is a bad idea and I don’t think there should be any compromise, perhaps we should argue that if there were keys they shouldn’t be the ones to get them.
How about, oh I don’t know… Amnesty international, Interpol, or something like that. Other countries expectation of their own privacy may be our best protection of our own.

John Fenderson (profile) says:

The stupid, it burns

In addition to the reasons stated in this article for why the idea should be a nonstarter, I’d like to add another:

In order to be used, the parts of the key have to be brought together. At which time, there is a whole key just waiting to be saved for future use.

Whatever reduction in the security problems breaking the key up in pieces brings only lasts until the first time the key is actually used. All bets are off after that.

Anonymous Coward says:

Re: The stupid, it burns

I was just thinking the same. It’s like buying an awesome top of the line lock for your house, but you must give a small piece of a broken up key to a few burglars. No worries, they can’t open it on their own. Next day they’ll all be at your door at the same time and then make copies of the whole key to give to others.
You’re right, the stupid burns!

DannyB (profile) says:

Re: The stupid, it burns

I was thinking the same thing.

The NSA would go to extreme effort to ensure that the first time that key is fully assembled from its parts, that the NSA is able to capture a copy of the complete key.

There is another alternative even if the master key is never assembled.

The NSA would secretly make it a priority to go after each party holding a part of that key and to obtain their part of the key. Maybe the NSA would find a way to compromise the original key generation or distribution process. There is no limit to what they would do because the stakes are so high.

This is nothing less than a key to everything! The NSA must be salivating at the mouth! Effectively once the NSA gets this key, and they will, what we’ve just done is to remove all controls that the NSA presently has. Now there wouldn’t even be a need to go to a court for a warrant. The NSA could simply unlock anything, any time.

To be found using a system that does not implement this magic key approach would be illegal. That fact should tell you everything you need to know about what they think of your privacy.

Josh in CharlotteNC (profile) says:

Re: Re: The stupid, it burns

The NSA would secretly make it a priority to go after each party holding a part of that key and to obtain their part of the key.

Even if they don’t get all of the key, knowing part of it can significantly reduce the effort to crack or brute-force the encryption. Anything that reduces the possible keyspace from the expected is a huge win to an attacker of a crypto system (cryptanalysis).

As a very simple example to explain the concept:
I’ve got a safe with a 4 digit combination. 0000 through 9999. There are 10,000 possible combinations to this safe. I break my key up into two parts: the first two digits and the second two. I give you the first two, which happen to be 64##, to the safemaker. I give the second two ##32, to the police.

Q: How many tries would either the safemaker or the police need to try to get into the safe?
A: Maximum, they would each need 100 tries.

The safe maker would try 6400, 6401, 6402, and so on. The police would try 0032, 0132, 0232, and so on. The average for either would only be 50, assuming they knew nothing else, like my penchant for choosing powers of 2 as a safe combination.

Further info:
http://en.wikipedia.org/wiki/Cryptanalysis
http://en.wikipedia.org/wiki/Related-key_attack

Anonymous Coward says:

Re: Re: Re: The stupid, it burns

No.

That’s not how secret sharing works.

With your example, the key is 6432. The key is broken in two parts, which have to be summed to get the correct key.

So one part, for instance 7754, is given to the safemaker. The second part, 8678, is given to the police. Each part is completely useless without the other: even if you have the first part, there are precisely 10000 possible values for the second part, and each of them will give one of the 10000 possible values for the combination.

It’s simpler to visualize it with a traditional 12-hour clock. The first part is the initial time, for instance 8 hours. The second part is the number of hours to add to it to get the correct time, for instance 10 hours. It’s easy to see that, given only the initial time, you have no idea where it’ll end up, and given only the number of hours to add but not the initial time, you still have no idea where it’ll end up.

For real-world usage, you would use the XOR operation instead of addition, with the same effect. For a more advanced system (k of n), take a look at Shamir’s Secret Sharing.

Josh in CharlotteNC (profile) says:

Re: Re: Re:2 The stupid, it burns

That is correct for certain types of key sharing schemes – but not all, and there can still be major issues with implementing in the real world more robust schemes. This was a very simple explanation for people not familiar with crypto (like the idiots wanting to write the law to require backdoors).

John Fenderson (profile) says:

Re: Re: The stupid, it burns

I get that this is sarcasm, but let me run with it a moment and assume that the people holding the pieces of the key are indeed incorruptibly good and virtuous.

It’s still a stupid idea. At some point, all of those virtuous people are going to have to get together and assemble their pieces into a whole key. That key is then susceptible to theft by parties unknown to the virtuous key-piece-holders.

Anonymous Coward says:

Re: Re: Re: The stupid, it burns

anything can be stolen… the biggest problem with a multi-key senario is when one of the keys are compromised. Are they going to issue new multi-keys? However will they tell all of the backdoors to re-key?

The first moment anything is compromised its over-with. And we all know how government is on the uptake of when things go wrong. The first thing they do is gird loins to prevent the incoming dick kick, to hell with the actual victims.

Anonymous Coward says:

Re: Re: Sure If the US economy is Fiscally responsible If the key Is leaked

You can already see this in play with how they keep trying to change the definition of vulnerability.

It’s not a vulnerability, it’s not a backdoor, it’s not a front door, it’s not a golden key, it’s not a key fragment…
It’s (whatever the magical word of the day is)

JustShutUpAndObey says:

Two people can keep a secret.

It doesn’t matter how many pieces there are, or where they are stored. If a key exists and more than one person has access, then a third person can (and will, given the motivation) gain access. This has been demonstrated time and time again.

Two people can keep a secret only if one of them is dead.

John Fenderson (profile) says:

Re: Re:

No, it’s a backdoor. A backdoor is a means of access other than the one that is intended for the primary users of the system. That’s precisely what this is. A backdoor is a backdoor even if it is disclosed and everyone is aware that it exists.

That’s why the fact that certain government officials continue to insist that they don’t want a backdoor is ludicrous and wrong by definition. And it’s also why I will continue to ridicule them and disregard what they say on this topic as utter bullshit.

David says:

Re: US Gov = adversary

Let’s take a good look at the logic of this:

As seen by every non-US customer of the companies that use such encryption – the US is a potential adversary. So they will never use/buy those products. So only US companies and citizens would be a market for said product. At that point, just like in the movie “Sneakers”, the decryption machine is only good at spying on American citizens/companies.

So who is really perceived as a threat by the US government?

Anonymous Coward says:

So NIST- the .gov cryptography standardization group that accepted 10 million dollors to undermine the Dual_EC_DRBG encryption standard, thinks this is a bad idea…

They’re probably afraid they’ll lose out on their bribes.

Unless this is already implemented in hardware and waiting to be activated (like with cell phones/baseband)- it would have to be done with new hardware changes. Otherwise FOSS would just fork and code around this BS.

beltorak (profile) says:

Re: Re:

You got your stories wrong. It was the RSA company that defaulted DUAL_EC as the default random number generator in its BSafe product in exchange for 10 million dollars; DUAL_EC was created by the NSA and rammed through NIST’s standardization practices over the objections of most of the other security professionals and cryptographers.

Anonymous Coward says:

Re: Re: Re:

VCAT report: NIST Cryptographic Standards and Guidelines Development Process

Background on the VCAT report from NIST press release:

… In the fall of 2013, former NIST Director Patrick D. Gallagher requested that the VCAT review NIST’s cryptographic standards and guidelines development process….

… In May 2014, the VCAT convened a blue ribbon panel of experts called the Committee of Visitors (COV) and asked each expert to review NIST’s cryptographic process and provide individual reports of their conclusions and recommendations….

Anonymous Coward says:

The only question should be this:
Do you want ANYONE to have access to your things?
Actually, it doesnt matter if you want it or not because they will do it anyway. Point is, “m..muh terrurists” is not a good excuse, especially because almost every organized terror group can be linked to the US government.
O hey lets give these people guns and help them overthrow a legitimate government over there because while thats exactly how every scary terrorist group starts, this one will be different.

They want to fuck with their own people for something they did themselves.

MarcAnthony (profile) says:

Controlling the key holders is equivalent to being the sole holder of keys

Having more than one key is a distinction without a difference, when the government has the authority to just bully others into forking them over. They will probably also compel companies to stay silent on their cooperation, just as they do now. The SOS continues, but it give the appearance of change.

Anonymous Coward says:

Partisanship

White House Floats Idea…

The linked Washington Post article makes clear that the it’s the Obama administration who are floating the idea.

The split-key approach is just one of the options being studied by the White House…

Elsewhere on the ‘net, in another recent conversation about this Washington Post article, a commenter noted that the Clipper Chip proposal came during the Clinton administration.

So, is it that the Democratic party policy honchos believe in key escrow? Or is it just that the Clinton and Obama administrations just pushovers for the NSA and FBI on key escrow?

Anonymous Coward says:

Re: Re: Partisanship

… where he said “I’m sympathetic to law enforcement”

For the duration of the election season, we should probably start referring to the Clipper Chip by its full descriptive name:

The failed Clinton-administration era Clipper Chip.

You know, that actually has a little bit of ring to it, “the failed Clinton-administration era Clipper Chip.”

Anonymous Coward says:

Re: Re: Re: Partisanship

“the failed Clinton-administration era Clipper Chip.”

Hmmmm… grammatically, I guess that should get a comma in there:

The failed, Clinton-administration era Clipper Chip.

Sorry about that initial oversight. Don’t want to have bad grammar, though. Need the comma to make sure “failed” modifies “Clipper Chip” rather than “Clinton-administration era”.

Anonymous Coward says:

Re: Re: Re:3 Partisanship

How about the failed Clinton-administration and clipper chip?

Subtlety is a virtue.

The failed, Clinton-administration era Clipper Chip.

The reader sees the juxtaposition of the words. But the reader can’t really complain about the writer’s accurate description of the Clipper Chip as “failed.” That Clinton-administration era initiative did fail. Hard.

So what if the reader knows “what’s really going on” in the sentence fragment. The reader can’t complain about the implied focus on the upcoming election—as long as the comma’s in there.

David says:

Re: Partisanship

The only real way this could even be the slightest bit tolerable is if the key was split 4 ways:

1) The President
2) The Speaker of the House
3) The Speaker of the Senate
4) The Supreme Court

All four would have to agree the the government has a valid case, probable cause, and imminent threat to enable the encryption to be performed.

Nah, still not good enough.

Anonymous Coward says:

1)With the first terrorist scare, they would use exigent circumstances to share ll the key parts with all the agencies, as it takes too long to get together to decrypt a message.
2)Unless the really think that other governments will go along with the US having a golden key to all of their citizens communications, this will only be of use against US citizens, oh.. that is what they want.
3)This would make US proprietary technology toxic outside the US, and it would Boost Linux and the BSD’s position in the market, which might Might Microsoft and Apple say something.

Anonymous Coward says:

Re: The international deal [was ]

Does China get a frontdoor into our technology devices too? What about Russia.

• China will have keys for Chinese communications.
• Russia will have keys for Russian communications.

They’ll form an international consensus. Every person’s communications must be open to surveillance by some responsible government.

Uriel-238 (profile) says:

Re: The thing is...

A court order wouldn’t matter.

This is essentially an unbreakable vault that will incinerate all your files before it will yield to safecracking.

Now as a civilian, I think this is perfectly fine.

But as a government that doesn’t trust its people, they’re freaked out.

Interestingly, they want to be able to hide things from the people using such impenetrable technology. But they don’t want things hidden from them by people.

(And at this point we have steganographic tech that makes encrypted files look like garbage in unused sectors of a drive. If we really want to hide something, it’s gone.)

DannyB (profile) says:

Question about Key Generation

I don’t know what algorithm would be used here.

Apparently there is a way to generate (at least) two completely working keys for some crypto algorithm.
1. A key for the person wanting privacy
2. A key (broken into parts) for the government

Can this cryptography algorithm generate keys 3 and 4? And 5 and 6? I’m sure this would have to be done at key generation time.

I’m just speculating about how this works, but it would seem that key generation time is a critical step. So where is the key generation done? Does the end user get to generate their own keys and then give the ‘golden key pieces’ to the government? (yeah, THAT seems secure) Or does the government generate the keys and give the end user their working key? That would mean that the government could just also keep the user’s fully assembled key, along with numerous parties who intercept it in transit to the user who wants privacy.

Can anyone elaborate on how this type of multi key, multi key part cryptography actually works?

Anonymous Coward says:

Re: Question about Key Generation

Can anyone elaborate on how this type of multi key, multi key part cryptography actually works?

Here’s a Wikipedia starting point: Shamir’s Secret Sharing.

Or you can consult one of the standard reference works on cryptography for various constructs with which to build a complete algorithm.

DannyB (profile) says:

Re: Re: Question about Key Generation

I’ve seen that one before. But it would seem that you just make enough parts, and make the threshold low enough that you can ensure that there are effectively quite a few sub groups of key joinings that would be sufficient to do decryption.

I haven’t read Applied Cryptography since the 1990’s. But I do remember, about page 100, (remember this is pre 9/11) the author talks about cryptography and how the government could severely curtail privacy if, say, there were a major terrorist attack, say on New York. Amazing foresight.

Anonymous Coward says:

Re: Re: Re: Question about Key Generation

I would not call this amazing foresight.

NY is a big target and they were bombed before 9/11 anyways. Plus add to that the history of Government setting up slippery slopes all over the place and you have someone who can understand history, unlike the vast majority of humans on the planet.

There is a reason we are doomed to repeat history.

Anonymous Coward says:

Re: Re: Re: Question about Key Generation

… I do remember, about page 100…

My copy of Schneier is packed away in a box right now.

But these days, we have some more up-to-date references.

Along those rough lines, I’ve had one book on my reading list for the past couple months now (Gutmann, 2014, Engineering Security (draft)). One of these weeks I’ll get around to it… Gutmann’s draft probably doesn’t cover secret-sharing schemes, though.

John Fenderson (profile) says:

Re: Re: Re:

I hadn’t thought of the DRM-protected key idea. That wouldn’t work for the exact reason you say. I was thinking of the idea of a key that can be used only once but becomes ineffective after that.

The only way to accomplish that is to reencrypt whatever data has been accessed so that it uses a different key and the old key will no longer work. This is unworkable from a performance and logistical point of view, but more importantly would be 100% ineffective — all that would need to be done to work around it is to decrypt the data on a system that won’t do the reencryption step.

Adam (profile) says:

It's the landlord with key issue

When I rented my home the landlord gave me a set of keys. He kept one. Shortly after moving in I went out and bought new locks and replaced them myself… which I will gladly give him the keys to when I move out. He has no key to my doors. Period.

So, when the government requires front door keys why won’t the guys they are REALLY worried about just use a different lock? The US laws won’t apply EXCEPT for import restrictions… and why is the bad guy going to care that he downloaded a torrent file that has an import restriction when whatever he’s hiding behind the encryption is far more nefarious that some stupid government law about which software he’s “allowed” to use in the US?

The answer: He doesn’t give a crap… and guess what… the gov has no front door, back door or anything else regardless of what law they pass.

See, the gov has this fantasy that that criminals follow laws. If he’s hiding something in encryption which is illegal why would he care if his encryption software was legal?

So does this help catch terrorists or pedophiles like they claim it will? No. Those people, or at least those with an IQ over 80 will still be using stuff without giving the landlord a key. Everyone else is either stupid or not hiding something they feel the government wants to see.. Say a man hiding pics from his wife of his new girlfriend…

Totally pointless idea that just needs to die now.

tek says:

I foresee the following

So, USA gets keys for everyone.

First, the UK says “me too”, and the USA says “OK”.

Then, Australia, Canada, and New Zealand say “Me 3, 4, 5” (eyes, get it). And the USA says “OK”.

After that, Europe says we want it, and the USA can’t say no, because of the amount of mutual trade, and various trade agreements.

Next, Russia and China draft the same laws, and US firms demand to be allowed to sell there. So they get keys. Rinse, repeat worldwide.

Meantime hackers already have all parts of the US key, and it’s available to anyone for free on bittorrent.

And so – encryption is gone. And suddenly the US says “what about all our financial transactions???”

-tek

Ambrellite (profile) says:

Security would be a crime

The technical impossibility of secure backdoors is on par with the attempt to outlaw secure systems. What are they going to do? Outlaw imported tech? Outlaw downloading security patches? Outlaw fixing or replacing compromised hardware?

Backdoors don’t make sense except as a means to exploit and/or persecute law-abiding citizens.

Roger Strong (profile) says:

And other countries?

Well, Mission Accomplished for the US. But what about other countries?

Will their government be willing to use programs where the US government – and only the US government – has a back door? Or will the US government share the keys (in pieces) with the other Five Eyes countries? Let alone Germany and the rest?

Will foreign corporations – or foreign subsidiaries of American corporations – allow the use of programs where the US government has a back door? Knowing full well that the NSA and others have used their spying for economic espionage?

With the inevitable availability of programs WITHOUT back doors for everyone outside the US – including open source solutions – what stops Americans from using them too?

Anonymous Coward says:

The door analogy

They keep using the door analogy. The reason I would guess is so that they can dumb the discussion down, or a least make it sound like a ‘friendly & for national security’ thing that they want to do. I am sick of the door analogy personally, especially after Michael Rogers said “I don’t want a back door, I want a front door”. There are no ‘doors’ in encryption. If anyone has a key other than you, it is NOT encryption.

My suggestion is that if they want to use the door analogy they have to use it the whole way and include it in the context of the doors on your house. Imagine the government ‘floating’ an idea of all the lock manufacturers had to have a master key that was handed over to the government that allowed them to come into your house whenever they wanted to. This is what they are asking for….

Wake up people, the sound you hear is the sound of marching jack boots plodding slowly closer to a police state. Like a light rain on a tin roof, it started as a whisper which lulled to sleep, now it is a thunderous roar which can hardly hear.

Anonymous Coward says:

Re: The door analogy

If anyone has a key other than you, it is NOT encryption.

If no-one but you has a key, it is not useful, except to protect a backup. The problem with keeping encryption secure is managing the keys needed by the communicating parties while preventing others from breaking into the communications. This protection includes preventing spyware from running on the computers involved in the communications.

scatman (profile) says:

it's just paving the way for prophesy

Revelation 13:11-18

Yeah, I know; call me a religious nut. I’ll be that; I welcome the ridicule. Yet no one can honestly deny that all of the technology (monitoring systems, tracing systems, surveillance systems, erosion of privacy, GPS, RFID, yada, yada, yada…) is consistently heading to a point in time where one political leader can monitor almost everyone…but I’m nut.

So what’s the fix? Buy a gun and move to the desert? No. Accept Jesus Christ as your savior and escape Hell and/or the tribulation.

Anon says:

Stupid Idea - Easily Broken

The problem is not just, as others point out, that the key eventually is assembled and may be compromised sometime during that process… The question is – what is the purpose of this key? Unless it’s intended for one-a-generation 9/11 events, it is simply a tool for law enforcement and will be used frequently, any time a court rubber stamps its use. So not only will the key be assembled frequently, but by implication many people will have and use the pieces many times – thus multiplying the opportunities to break it. After all, they don’t have to get a complete key each time – they could also get a different part each time it is used until they can assemble a whole.

Anonymous Coward says:

Security vs Privacy

The discussion the NSA wants to have is what privacy are we willing to give up for “security”?

The problem with this thinking is that they are not equivalent in any way.

While it is possible to have 100% privacy it is not possible to have 100% security. The question should be framed to adequately reflect the NSA’s intentions:

“Are you willing to give up 100% of your privacy for 0% increase in security?”

John Fenderson (profile) says:

Re: Security vs Privacy

I agree that the people who portray “privacy” and “security” as mutually exclusive are wrong, I have to disagree with this:

“While it is possible to have 100% privacy”

It is no more possible to have 100% privacy than it is to have 100% security. They both can only be achieved the same way: by completely isolating yourself from any chance of interacting, even indirectly, with other human beings.

Anonymous Coward says:

The door analogy

They keep using the door analogy. The reason I would guess is so that they can dumb the discussion down, or a least make it sound like a ‘friendly & for national security’ thing that they want to do. I am sick of the door analogy personally, especially after Michael Rogers said “I don’t want a back door, I want a front door”. There are no ‘doors’ in encryption. If anyone has a key other than you, it is NOT encryption.

My suggestion is that if they want to use the door analogy they have to use it the whole way and include it in the context of the doors on your house. Imagine the government ‘floating’ an idea of all the lock manufacturers had to have a master key that was handed over to the government that allowed them to come into your house whenever they wanted to. This is what they are asking for….

Wake up people, the sound you hear is the sound of marching jack boots plodding slowly closer to a police state. Like a light rain on a tin roof, it started as a whisper which lulled to sleep, now it is a thunderous roar which can hardly hear.

Coyne Tibbets (profile) says:

It's just on the tip of my tongue

I think I’ve seen this story somewhere. Let’s see, where there were many keys…hmmm….and one secret one…hmmm…

Oh, right, Lord of the Rings:

Three Rings for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for Mortal Men doomed to die,
One for the Dark Lord on his dark throne,
In the Land of Mordor where the Shadows lie,
One ring to rule them all, one ring to find them,
One ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie.
The Lord of the Rings, Epigraph

And it worked out so well back then, too, those multiple keys…oops, I mean, rings.

Coyne Tibbets (profile) says:

Re: Re: It's just on the tip of my tongue

You’re missing the point; don’t get distracted by Sauron’s so-called “person-hood”. This is about the rings…I mean, keys.

There might be multiple keys, but I bet among those will still be just one key, that does the work of all the other keys. One key to rule them all. Because otherwise DEA might get possessive and refuse to share it’s key with FBI, and we all know how bad that will be.

So this promise of key splitting is just nonsense–no matter what, there will be one key that rules them all.

Ayn Rand says:

objective reality

“A is A.” There is no contradiction.
“non A is A” is a fücking BIG contradiction;
wishfull thinking and sheeple debate is not gonna change reality.

Either you plant exploitable vulnerabilities in your “secure” system or you do not.

Dear IT Geniuses just read Ayn Rand’s Atlas Shrugged:
You can only follow the governments proposal by ignoring reason.
Reason is the tool that helps you define reality and keeps you alive.
If you ignore reason, you are going to die.

Uriel-238 (profile) says:

Re: 2 + 2 = 5 -- -- There are four lights

Out nation seems to be embracing unreason either as a willful effort too desensitize the laity to cognative dissonance or doublethink, or unwittingly by seeking to justify corporate-mandated policy that is contrary to the public good.

And people find ideology-driven values to be far easier to comprehend than reason.

Anonymous Coward says:

So… the people who want encryption will download suitable software not developed to .gov standards… The US gov will have substandard encryption as it uses its own stuff and ordinary users will have easily comprimised security… just like today. This can only be solved at hardware level encryption and then a software tack on will defeat the security flaw when someone wants to develop it.

Anonymous Coward says:

Why isn't the industry raising hell against this?

As we have seen with Cisco, if your products are proven somewhat compromised you will lose trust from the market.

If this front door abomination goes on, nobody who isn’t under US heels would accept anything produced in the US or from US corporations.

Right now there is still the thin veil of a judicial process to uncover any customer data/protection entrusted into US products/services.

Imagine any US made or developed product (Hardware/Software) is now freely accessible to any n+1 government agencys who would like access to you. And probably without leaving a trace.

I presume almost no foreign government, corporation or citizen would like this.

So any product/services would be shunned on the non-domestic market as there could be no trust in it anymore.

And thats just “legitimate” government actors.
And thats not even touching on illegitimate actors having access.

And with the US setting a blazing example, every other government would like to have its own access.
So say hello to a fractured market.

I think the front door analogy is more like, we force anyone to have an open front door with multiple signs “government access only. Pretty please”

John Fenderson (profile) says:

Re: Why isn't the industry raising hell against this?

“Why isn’t the industry raising hell against this?”

Well, it’s certainly objecting, but I think “the industry” is picking its battles. There’s not a lot of worry about this sort of thing right now because it currently has exactly zero chance of becoming law. Nobody is even considering writing a bill.

The instant that it looks like it has a chance of becoming real, hell will be raised.

Anonymous Coward says:

“This can only be solved at hardware level encryption and then a software tack on will defeat the security flaw when someone wants to develop it.”

-Look into the Replicant project, OsmocomBB, and coreboot to learn more.

The way this would have to be done to have any hope of working as intended would be by making bios/efi/uefi into the eqivelent of cellular baseband co-procesors. It would be more then just a backdoor to encryption, but to the entire device architecture. Otherwise, your right- people would just code around it.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...