Hillary Clinton Wants A 'Manhattan Project' For Encryption… But Not A Back Door. That Makes No Sense

from the politics-is-dumb dept

In the Democratic Presidential debate on Saturday night, Hillary Clinton followed up on her recent nonsensical arguments about why Silicon Valley has to “solve” the problem of encryption. As we’ve noted, it was pretty clear that she didn’t fully understand the issue, and that was even more evident with her comments on Saturday night.

Here’s what’s clear: she’s trying to do the old politician’s trick of attempting to appease everyone with vague ideas that allow her to tap dance around the facts.

First, she proposed a “Manhattan-like project” to create more cooperation between tech companies and the government in fighting terrorism. The Manhattan Project was the project during World War II where a bunch of scientists were sent out to the desert to build an atomic bomb. But they had a specific goal of “build this.” Here, the goal is much more vague and totally meaningless: have tech and government work together to stop bad people. How do you even do that? The only suggestion that has been made so far — and the language around which Clinton has been echoing — has been to undermine encryption with backdoors.

However, since that resulted in a (quite reasonable) backlash from basically anyone who knows anything about computer security, we get the second statement from Clinton that she doesn’t want backdoors.

“Maybe the back door isn’t the right door, and I understand what Apple and others are saying about that. I just think there’s got to be a way, and I would hope that our tech companies would work with government to figure that out.”

No, she clearly does not understand what Apple and others are saying about that. Just a week or so ago, she insisted that Apple’s complaint about it was that it might lead to the government invading users’ privacy, but that’s only a part of the concern. The real concern is that backdooring encryption means that everyone is more exposed to everyone, including malicious hackers. You create a backdoor and you open up the ability for malicious hackers from everywhere else to get in.

So, she’s trying to walk this ridiculously stupid line in trying to appease everyone. She wants the security/intelligence officials to hear “Oh, I’ll get Silicon Valley to deal with the ‘going dark’ thing you’re so scared of,” and she wants the tech world to hear “Backdoors aren’t the answer.” But, that leaves a giant “HUH?!?” in the middle.

It seems to come down to this: None of the candidates for president appear to have the slightest clue how encryption or computer security work and that allows them to make statements like this that are totally nonsensical, while believing that they make sense.

The issue, again, is that what they’re really asking for is “Can you make a technology where only ‘good’ people can use it safely, and everyone else cannot?” And the answer to that question is to point out how absolutely astoundingly stupid the question is. Because there’s no way to objectively determine who is “good” and who is “bad,” and thus the only possible response is to create code that really thinks everyone is “bad.” And to do that, you have to completely undermine basic security practices..

So this whole idea of “if we just throw smart people in a room, they’ll figure it out” is wrong. It’s starting from the wrong premise that there’s some sort of magic formula for “good people” and “bad people.” And without understanding that basic fact, the policy proposals being tossed out are nothing short of ridiculous.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Hillary Clinton Wants A 'Manhattan Project' For Encryption… But Not A Back Door. That Makes No Sense”

Subscribe: RSS Leave a comment
198 Comments
That One Guy (profile) says:

However, since that resulted in a (quite reasonable) backlash from basically anyone who knows anything about computer security, we get the second statement from Clinton that she doesn’t want backdoors.

Not quite. She still wants broken encryption, she just wants to call it something else.

Maybe the back door isn’t the right door, and I understand what Apple and others are saying about that. I just think there’s got to be a way, and I would hope that our tech companies would work with government to figure that out.”

That’s not ‘backdoors in encryption are bad’, that’s ‘holes in encryption are good, but because of the backlash I’ll ask for them by another name’.

It seems to come down to this: None of the candidates for president appear to have the slightest clue how encryption or computer security work and that allows them to make statements like this that are totally nonsensical, while believing that they make sense.

As I’ve noted before, and will continue to note: She and others who make the same claims absolutely do know that they’re asking for the impossible, they simply don’t care.

The only way they might not know is if they’ve intentionally kept themselves willfully ignorant on the subject, and that’s not any better.

That One Guy (profile) says:

Re: Re: Re:

Some? I guarantee you that there are vastly more criminals that would use security holes for their own gain, at the cost of the public, than there are criminals that are currently hiding behind encryption that the police and/or government can’t catch as a result.

Crippling encryption to catch criminals is like chopping off someone’s arm to deal with a paper-cut. The proposed ‘solution’ is massively more damaging than the ‘problem’.

Anonymous Coward says:

Re: Re: Re:2 Re:

Ahh, so some government backdooring VPNs on Juniper ScreenOS devices is perfectly okay? (link) Perhps your bank is using Juniper firewalls to communicate between branch offices as per SOX guidelines and now your account is compromised by anyone with knowledge of that hack. I’m sure they will admit to putting the backdoor in place and bankrupting you…

That One Guy (profile) says:

Re: Re: Re:2 Re:

Hmm, so it isn’t, not sure how I got turned around into thinking that it is.

However, the core point stands, adding built in security vulnerabilities to deal with a minuscule problem is a colossally foolish and counter-productive idea. The number of criminals that evade the police and/or government via encryption are tiny in comparison to the number of crimes prevented by encryption. Better security is always going to be a good thing for the public, and if it makes the jobs of the police and government more difficult than they want it to be, tough.

PaulT (profile) says:

Re: Re: Re:2 Re:

“Anyone that uses it for things they want kept private is a moron.”

That, by the way, would be you.

Oh, you might not mean to, and you probably don’t even know that’s what you’re doing. But, even if you don’t personally use the internet for anything other than posting anonymous comments on forums, the places you bank, shop, work and deal with in any way almost certainly uses some form of encryption over the internet. Huge amounts of modern business is only possible because of online encryption, and very few of those businesses are doing so on their own private dedicated connections.

Which is part of the reason why this is such a big issue. Even if you’ve never used a VPN, SSH shell or SSL login in your life, your safety will be compromised.

Ryunosuke says:

Re: Re: so uhh....

aside from obvious LEO shill being obvious, How pray tell, do you even let one specific group of people into communications without letting everyone ELSE into said communications if they have the knowledge and capabilities?

how about mass wire-tapping?

how about mass mail/package searches?

PaulT (profile) says:

Re: Re: Re:2 so uhh....

“Law enforcement is already allowed to tap phones and search mail/packages.”

Yet, they manage to do so without demanding backdoors that would allow others to listen to phone calls and intercept mail from people they are not currently investigating.

Do you see the difference? They’re not merely asking for the ability to listen to phone calls, they’re asking for every phone to do this automatically for anyone who asks.

Anonymous Coward says:

Re: Re: Re:

so because asshole hackers exist, law enforcement shouldn’t be able to tap into internet communications?

According to you, law enforcement already can tap into Internet communications, by means of using “asshole hackers”.

I am glad that you are in agreement that further weakening security, to increase the number of asshole hackers, is unnecessary.

Mat (profile) says:

Re: Re: Re: Re:

The problem: Even with that line of protections, if the communication is end to end encrypted (SSL/TLS for instance), all you get is scrambled nonsense. If a third party can defeat the encryption in anything resembling real time (what is being asked for), then the encryption isn’t worth being used as someone else will figure out the same breakhole. Because encryption isn’t magic, it’s math. And you can’t make a reversible math algorithm that only works for one group.

Anonymous Coward says:

Re: Politicians and absolutes

Politicians are negotiators. To a negotiator “impossible” is not usually an absolute; instead meaning “long and costly solution” ergo “a Manhattan Project”.
There is no bargaining stance that they can assume for or against the absolute of encryption where they leave the table with a win. They can only mitigate eventual failure through the strategies we keep seeing; keep rephrasing the problem, “we did everything we could”; transfer the failure, “if only those smart people at the tech companies would try harder” and “it’s not my fault – they didn’t try hard enough”.

Anonymous Coward says:

Re: Re: Re: There already is an Encryption Manhattan project

If any “state sponsored organisation” do operate completely rogue, it would most likely exist under the US national security complex and likely in conjunction with NSA. The effects from such a digital organisation would be indistinguishable from hackers/NSA. Thus, the relevance of knowing it would be limited.

Anonymous Coward says:

Dear Hillary, the object of encryption is is keep a conversation private between the senders and recipients of messages; and if any other party has the means of reading those messages, the encryption system is broken. Giving governments the ability to read messages where they are not an intended recipient means that the encryption system is broken.
You have just has a hissy fit over someone gaining access to information you thought was private, so why are you objecting to people wishing to keep their data private.

That One Guy (profile) says:

Re: Re:

And for even longer than that, people have been able to have private conversations outside of hearing of the police. Just because the police and government really want to be able to listen in on everything, doesn’t mean they have the right to it.

If, as could be argued to be the case, technology advances to the point where people are able to communicate over the phone with the same level of privacy that they would enjoy talking in-person at a private location, then too bad for those that want to listen in, the privacy and security of the public trumps the police and government’s desire to spy.

Anonymous Coward says:

Re: Re: Re:

“And for even longer than that, people have been able to have private conversations outside of hearing of the police.”

They still can.

“technology advances to the point where people are able to communicate over the phone with the same level of privacy that they would enjoy talking in-person at a private location, then too bad for those that want to listen in”

No. you wanting to break the law via technology doesn’t usurp the government’s obligation to protect me from you.

Anonymous Coward says:

Re: Re: Re:3 Re:

My tax dollars at the municipal, state and federal level are most certainly being paid to protect me from you.

Ahhh, the land of the free and the home of the chicken shit cowards like you. Ready to piss way freedom and make a police state because you’re scared.

Grow a set of balls, coward.

Anonymous Coward says:

Re: Re: Re:10 Enough strawmen to fill up a dozen fields.

Hmm, you’re confused. It says ‘Anonymous’ because I’m not a member of this site. But the reality is that Mike knows exactly where I’m posting from and who I am.

The guy posting that he has no problem with wiretaps but says “no way” on encryption busting? Just like most everyone here, he just doesn’t want to get busted for his torrenting addiction.

Chronno S. Trigger (profile) says:

Re: Re: Re:13 Enough strawmen to fill up a dozen fields.

You have a bank account, right? You’re an upstanding citizen (OK, I’m making an assumption there), so I’m sure you do. You are aware that if encryption is broken, you don’t even have to be on the Internet to have your account information stolen? Banks use VPN encryption to transfer data between offices and other banks. Break encryption, that information is no longer secure. You suddenly find your account balance $0.

Do you telecommute to work? Go to the doctor’s office? Use a credit card? All of that stuff and far, far more rely on secure communication. Break that and everything you know falls apart around you.

Constantly hiding under the “Copyright Infringement” banner just shows you have absolutely no idea of the horrors you’re calling for.

Gwiz (profile) says:

Re: Re: Re:13 Enough strawmen to fill up a dozen fields.

So you think Congress is going to listen to the demographic that is known for flouting laws?

Not sure what demographic you are referring to, but, it surely isn’t the audence here at Techdirt:

49% over the age of 35 (74% over age 25)
61% earn over 50k/year
72% college educated

Source: https://www.quantcast.com/techdirt.com

Anonymous Coward says:

Re: Re: Re:11 Enough strawmen to fill up a dozen fields.

The government) can certainly try to break whatever encryption I may be running.

Given the number of people using it, and the processing power required to brute force it, I don’t think it’ll scale well, but again – please go for it!

I love it when stupid people try stupid things, fail, and then keep trying. It makes me smile.

That One Guy (profile) says:

Re: Re: Re:11 Enough strawmen to fill up a dozen fields.

Nonsense, you could easily comment using your real name, don’t even need to create an account for that. And if the only reason someone could desire privacy is to hide criminal actions, as you have implied multiple times now, clearly you are trying to hide your criminal actions by refusing to provide your real name.

So come now, either back up you assertion that only criminals desire privacy by providing your real name, refuse to provide your real name, and in so doing admit that you’re doing so to hide your criminal activity, or retract the claim, and continue to post anonymously.

That One Guy (profile) says:

Re: Re: Re:13 Enough strawmen to fill up a dozen fields.

No. you wanting to break the law via technology doesn’t usurp the government’s obligation to protect me from you.

I have no interest in the government not being able to do its job just so you can hide your torrenting habit.

Just like most everyone here, he just doesn’t want to get busted for his torrenting addiction.

So you think Congress is going to listen to the demographic that is known for flouting laws?

Now then, your personal information if you would. Or are you really going to claim that your multiple instances of responding to people objecting to broken encryption by insisting that they’re doing so to hide illegal activity isn’t an argument that the only people desiring strong encryption are criminals?

Either provide your personal information as you said you would, or admit that despite your responses so far people can object to broken encryption for valid reasons that have nothing to do with wishing to hide illegal activity.

That One Guy (profile) says:

Re: Re: Re:15 Enough strawmen to fill up a dozen fields.

Option C it is then, dodge and deflect while admitting neither. Yeah, I suppose expecting honesty from you with regards to your own comments was a bit unrealistic on my part.

To save time, I’ll just copy/paste the last part until you answer it(and if anyone else wants to do the same, have at it).

Either provide your personal information as you said you would, or admit that despite your responses so far people can object to broken encryption for valid reasons that have nothing to do with wishing to hide illegal activity.

Anonymous Coward says:

Re: Re: Re:16 Enough strawmen to fill up a dozen fields.

“people can object to broken encryption for valid reasons that have nothing to do with wishing to hide illegal activity.”

Of course people can, and do object to that; your mom, for example.

It’s just that most commenters on Techdirt, yourself for example, are torrent addicts, and that is why they’re sweating encryption laws.

Chronno S. Trigger (profile) says:

Re: Re: Re:17 Enough strawmen to fill up a dozen fields.

“your mom, for example.”

“It’s just that most commenters on Techdirt, yourself for example, are torrent addicts”

OK, at this point this guy is most definitely a troll. He knows everything he’s saying is a lie, he’s just doing it to get under everyone’s skin.

Chronno S. Trigger (profile) says:

Re: Re: Re:19 Enough strawmen to fill up a dozen fields.

“My thoughts on this are the same as many others.”

Yeah, other trolls like Angry Dude and Avarage Joe. You’re just another in a long line of people intentionally antagonizing other commenters by false accusations, insults, and dragging the discussion off topic.

The truth has outlived those trolls, it’ll outlive you.

Anonymous Coward says:

Re: Re: Re:18 Enough strawmen to fill up a dozen fields.

Or, he’s not a troll, and just a gutless coward, who can’t feel safe unless he’s got law enforcement to protect him (despite the lack of obligation they have for protecting him – that other thing he’s glossed over).

Fearful of, well, everything where he’s funneling federal, state, and municipal tax dollars to law enforcement so that he can be safe in his closet, under a blanket, firmly grasping his assault rifle, waiting for, something.

Ryunosuke says:

Re: Re: Re:17 Enough strawmen to fill up a dozen fields.

do you have ANY sort of information to back that claim up?

Techdirt isnt about torrenting, if you ever read … well ANY post whatsoever

Techdirt deals with copyright law, and technology mostly, but also cyberlaws.

you sir, just made yourself look like a fool… at best, at worst, you just made yourself look like a politician.

That One Guy (profile) says:

Re: Re: Re:17 Enough strawmen to fill up a dozen fields.

Called on your dishonesty and you respond with a ‘You mother’ insult I see. Clearly expecting honesty or maturity from you was unrealistic of me.

As for your repeated baseless assertions, you really need to stop projecting so much. Just because you cannot help but torrent anything and everything that catches you eye, doesn’t mean the rest of us engage in similar practices.

PaulT (profile) says:

Re: Re: Re:17 Enough strawmen to fill up a dozen fields.

“It’s just that most commenters on Techdirt, yourself for example, are torrent addicts”

…and will the citation for this be forthcoming at any point? Rhetorical question, of course, since you are a pathological liar.

Is your life really so pathetic that you have to lie about people you’ve never met? I know it’s easier that addressing reality, but it’s not healthy to live so much time in a fantasy world.

Anonymous Coward says:

Re: Re: Re:14 Enough strawmen to fill up a dozen fields.

Eh? Nothing to hide at all. That’s why I have no problem with law enforcement accessing internet communications with a warrant.

I have no problem them getting my name, address, phone number and any other info under those same conditions.

Now if only TOG hadn’t made up a quote, he could have gotten the same. But now he’ll need a warrant 🙂

That One Guy (profile) says:

Re: Re: Re:15 Enough strawmen to fill up a dozen fields.

Now if only TOG hadn’t made up a quote, he could have gotten the same. But now he’ll need a warrant 🙂

Not so, I don’t need to provide anything more than I already have, or wouldn’t anyway were you honest enough to own up to your own words.

You implied, multiple times, that the only reason someone could desire privacy and/or protest against breaking encryption was to hide criminal actions. I called you out on it. You then said:

I’ll post my name, address and phone number just as soon as you find this quote in one of my posts.

I did so by posting several examples where you implied without any subtlety at all that the reason people were objecting to breaking encryption was to hide illegal actions, giving you the option to either admit to being wrong, admit to being a criminal, or stand behind your claims and provide your personal data. You dishonestly dodged again, choosing instead to respond with a grade-school level ‘your mother’ insult.

If you’re going to lie, at least realize that people are able to read what’s been posted, and adjust your lies accordingly. Claiming ‘I haven’t said X’, when people can simply scroll up and see that you absolutely have for example is not the best way to dishonestly defend your position.

PaulT (profile) says:

Re: Re: Re:11 Enough strawmen to fill up a dozen fields.

“The guy posting that he has no problem with wiretaps but says “no way” on encryption busting? Just like most everyone here, he just doesn’t want to get busted for his torrenting addiction.”

Meanwhile, outside of your fantasy world, what people are actually talking about are the vital technologies used by banking and virtually every other kind of business to keep financial and private information safe.

It’s sad, really. We’re talking about undermining every sector of the modern world, and all you people can think about is whether people are getting MP3s. You can’t stop lying about people even on unrelated conversations. But those strawmen keep you from realising what’s happening in the real world, I suppose…

Chronno S. Trigger (profile) says:

Re: Re: Re:9 Re:

Despite what anyone thinks about the government and it’s trustworthyness, you keep forgetting (probably intentionally)that it’s physically impossible to give the good guys a way to monitor encrypted traffic without giving the bad guys the same ability.

If anyone brings up that point, you tend to not ever respond.

Anonymous Coward says:

Re: Re: Re:6 Re:

I find cowards like you unpleasant. They’re a disgrace to all the men and women who bravely fought and are still fighting for this country.

And all without pay! Doesn’t cost us a cent. That’s amazing!

Keep paying someone else to protect you because you don’t have a working set of testicles. I’m sure they love your tax dollars.

If they could just find someone to protect us for FREE like the military does!

Anonymous Coward says:

Re: Re: Re:5 Re:

One of the things I enjoy so much about this whole encryption debate is that at the end of the day pro-spying people can bitch all they want but it doesn’t matter.

If I encrypt my communications and don’t tell anyone the key and no one else figures it out, unless they spend an insane amount of time bruteforcing they’ll never get what I encrypted. If they make it so everyone has to use a backdoored algorithm people will just encrypt with something that hasn’t been backdoored.

There isn’t really a law against math so they won’t be able to stop people from creating new non-backdoored encryption. If they make non-backdoored encryption illegal… well I’d really like to see them try to enforce that.

Pro-Surveillance people should probably get a better understanding of how technology actually works before trying to win impossible battles. It might make them look a little less silly too. ^.^

That One Guy (profile) says:

Re: Re: Re: Re:

They still can.

Unless you’re using an electronic device to communicate, at which point both you and them are insisting that no, you are not allowed any privacy.

No. you wanting to break the law via technology doesn’t usurp the government’s obligation to protect me from you.

Nice strawman, but no, you don’t get to sacrifice my privacy and security just so you can enjoy a false sense of security.

Sorry to break it to you, but the rights of people to privacy, and the security protecting countless aspects of their life(banking, email, health information) are both vastly more valuable than your sense of security and the government’s voyeuristic fetish.

Anonymous Coward says:

I think what the government ultimately wants is a “digital TSA” of sort – or in other words, “digital security theater” – especially going after their “golden/master key” talk (TSA’s own master key was only recently exposed for everyone to copy).

They want everyone to see the HTTPS lock and everything and think their conversations are kept safe from “cyber criminals and cyber terrorists”, when in fact the government as well as those cyber hackers or anyone else who cares can get past those weak defenses made just for show.

Anonymous Coward says:

The issue, again, is that what they’re really asking for is “can you make a technology where only “good” people can use it safely, and everyone else cannot?” And the answer to that question is to point out how absolutely astoundingly stupid the question is. Because there’s no way to objectively determine who is “good” and who is “bad” and thus the only possible response is to create code that really things everyone is “bad.” And to do that, you have to completely undermine basic security practices.

You’ve fallen into their framing trap, Mike. All decent crypto already assumes everyone is “bad” except the sender and the intended recipient(s). Clinton et al. want to mandate their way into the “good” list.

annonymouse (profile) says:

When it comes to “good guys” and “Bad guys” it pretty much boils down to, if what you want to do is what the bad guys do that means you are a bad guy.

The bad guy we know is bad and we can prepare for their antics but if the those who are supposed to protect us betray us then they broke trust and are far worse and need to be appropriately dealt with in the harshest way possible.

Jes Lookin says:

It's all in the ownership

Another bad name for the media to latch on to – like ‘global warming’. The intent is to have ownership of some super-techo-thing that can decrypt the bad guys on the fly. The only problem is that only the people who design, fabricate, assemble, and control the technology can do that – and that isn’t the US. For nuc stuff it was, but we can even make the components for that anymore.

Anonymous Coward says:

By definition, nothing designed by humans can be infallible.

Being connected to everyone and everything in the world means that there are built-in risks when using the internet that will never disappear. People weigh those risks when deciding what they use the internet for. That is the way it has always been and the way it will always be.

Ryunosuke says:

Meanwhile.....

Over at Juniper Networks,

“A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years” — CNN

So hey, how about that backdoor encryption “only for good guys”

Anonymous Coward says:

Anyone can build encryption...

The other major issue here is that anyone with a years with of math and programing education can build a suitable uncrackable encryption software if necessary.
So even if we end up forcing Google, Apple and the other major tech companies to build in back doors for the government all it it would do is let them spy on all the regular law abiding citizens while anyone who actually want to use real encryption would do so.
This is also so damn obvious to anyone with the smallest amount of sense that one have to assume this is their true goal….

Anonymous Coward says:

Re: Anyone can build encryption...

As always, perfect is the enemy of good. Just because a perfect solution can’t be found, doesn’t mean that a good solution (from the perspective of law enforcement) isn’t available. I think a reasonable compromise would be for Apple and Google to encrypt the device keys with a second public/private pair – one belongs to the user, the other belongs to Apple or Google.

You’re right though – banning math is hard. Anybody with high school level mathematics knowledge can understand something like Diffie-Hellman key exchange (and it’s a magical idea, lots of fun).

DannyB (profile) says:

Dear Hillary

For someone who has already had eight years experience running the country, I would expect you to understand something so simple.

You can have either:
1. A SECURE system. Secure against hackers, and secure against the government and law enforcement.
2. An INSECURE system. The government and law enforcement have access, but so do the Russians, the Chinese, Anonymous, Hackers and Criminals.

Please choose.

Anonymous Coward says:

The biggest issue...

The biggest issue is not the problem of politicians rattling off inane bullshit. That’s par for the course. The issue is that the common voter in the US is so mind numbingly stupid when it comes to anything dealing with those “magical computer TV boxes” that any sort of vague technical mumbo jumbo impresses them, so they’ll vote for the bullshit.

You want candidates to stop doing this shit? Educate the idiot masses.

Anonymous Coward says:

I still need an answer... but nobody seems to be asking the question.

So the US of A gets its not-backdoor backdoors and then what?
How can anyone assume that other governments around the world won’t be asking for the same prvilege?
How can anyone expect companies to deny access to anyone when the big can of worms has been opened?
Maybe we shouldn’t entertain the fantasy that it is actually possible, because the politicians will try to force the “best” solution through, and the best solution will be a bad solution, but here we assume that they get their wet dream fulfilled.
It is quite fitting to compare it to the Manhattan project, because even though it might have just been a question of time before somone else invented the nuke, we now live in a world with doomsday clocks where mutual annihilation starts as soon as some bastard in power, probably in a bunker somewhere, is insane enough to fire the first shot.

David says:

Can someone explain to me?

Why do those politicians equate “good guys” with “the government”? Haven’t they heard of the Snowden files? Didn’t they get the memo about the NSA heads perjuring themselves before Congress? Have they forgotten the CIA spying on Senate staffers?

Didn’t they understand that the NSA is incapable of keeping their hands out of the cookie jar? They aren’t the good guys. They are the ones trying to undermine the Constitution. They are the ones trying to abolish the U.S.A. as defined by the Founding Fathers. And they are the worst enemies of the U.S.A. since they are the most likely to succeed.

Anonymous Coward says:

Intention

Even if you could find a method that would accurately identify an entity as good, how does that prevent the ‘good’ entity from doing something ‘bad’?
Are they suddenly a ‘bad guy’ based on their intention?

for bonus points, even in intentions are ‘good’, how do you determine that the result will be ‘good’.

Good people with good intentions can still do ‘bad’ things.

Anonymous Coward says:

Manhattan project?

Remember what happened with the first Manhattan Project? It worked… and then, because of spies, the Soviets had it within 4 years. For something like this, that’s probably optimistic.

There are so many problems with what they are trying to do. If you have a password or number or code that can decrypt a message, that password or number or code can be stolen. And if you put the means to decrypt EVERY message in one place, it almost certainly WILL be stolen.

But even if we found what the government thought was perfect encryption – easy to use, government access on demand, otherwise secure (including against foreign governments and in-government corruption), and everyone was somehow forced to use it – there is no possible way that we could force the bad guys to use it *exclusively*. They could encrypt their message using normal methods and then encrypt the encrypted message using the government-sponsored method, so when the government uses the magic key all they get is an encrypted message.

Robert Beckman (profile) says:

Delayed-Escrow Encryption

There may actually be a way to get both a secure(ish) device and a way to decrypt it.

We’ve seen recently that there’s a way to break PGP through factoring of very large primes (which is what some people think the NSA’s Utah data center is for), but that it takes a huge amount of compute time.

If your iPhone uses a rolling set of encryption keys, but where the rolling refactoring could be stopped with physical possession of the device, then a nation-state could seize the phone and eventually decrypt it, since the rolling key would stop rolling.

Now the catch, of course, is that you’d need to keep the key size growing with Moore’s Law, so that even with physical possession it would still be a significant effort to break, essentially making it so that only in rare circumstances would it be worth breaking the encryption.

We used this same paradigm for years with location information – the law evolved that having the police “tail” someone wasn’t an invasion of privacy, because anything you do in public isn’t private. But the paradigm in place meant that mass surveillance was impracticably expensive, so it was only used when it was really worth it. Now that mass surveillance is cheap, we’re stuck with a legal landscape that no longer yields the same relative privacy as before – where you were private simply due to the cost of breaking your privacy.

Professor Kerr explains this in his Equilibrium-Adjustment theory of the 4th Amendment, but the same principle could be applied to computer encryption – grow the keys steadily to make it hard to decrypt a phone you have physical possession of, but possible if it’s worth it.

This gets trickier with stored data (suck up everything, sit on it for 10 years until it’s easy to break, and then charge anyone you find with an ongoing conspiracy for whatever violation you find), but there may be solutions to this (extremely large keys on transmitted data, smaller rolling keys locally).

Of course, this would necessarily mean that older data could be decrypted, so the US Government would need to thing long and hard about whether it wants it to be practical to break US encryption standards for older data.

Robert Beckman (profile) says:

Re: Re: Delayed-Escrow Encryption

That’s essentially it. I’m a data scientist, rather than a cryptographer, so I didn’t have the term of art (ephemeral keys). I’ve implemented a similar system for data processing, but what I see would be (essentially) a set of keys that time out where each section of storage gets slowly migrated from key to key, so that for any live system it will have a reasonably fresh key, but that when taken offline they become static.

This would necessarily mean a slightly higher overhead on the device (since it would always be encrypting a new volume), but it could also use smaller keys tied to the generally available compute power – similar to how bitcoin mining gets harder over time.

This sort of escalating encryption would obviously be harder to implement than a static key encryption, and harder to be sure no one planted a back door in it itself, but would have the advantage of maintaining the same relative level of protection over time for current devices.

The non-absurd argument for security is that sometimes they really do need to decrypt things, but as we’ve seen it’s far too often used now as an easy way to bypass other protections, rather than for extraordinary situations. Since we’ve been shown that we can’t trust the watchers on their own when there aren’t technical barriers, the alternative may be that practical barriers (total compute available) are a better alternative, like we had until recently due to scalability problems.

Anonymous Coward says:

It’s likely that none of the candidates expects golden keys to actually be implemented or work (not that they wouldn’t be thrilled). What they do expect is that, if elected, they have a golden scapegoat: anything bad that happens anywhere, anytime during their tenure will be blamed on the “uncooperative tech sector”. Terrorism? Apple’s fault. Pedophilia? Google’s to blame. Mass shootings? Call of Duty’s influence. Plaque and tartar build-up? Um… that Candy Crush thing.

Pavement View (looking up, from beyond the ropes) says:

Fool me once... Fool me a thousand times (naw, don't think so)

Hillary is really not an intelligent person, re: anything. She has connections, and that is what counts in this day and age of guvmint by crooks. That and appearances (O’Bummer has that down cold).

Making sense, even common sense, is not required.

We have two years of a clown show and then a charade of an elections (ditch rigged machines and bring back the smoke filled back rooms). The two-year theater serves TPTB to keep the attention of the masses diverted from their laws for bribes (and other considerations).

One thing H is good at is a posture of looking concerned.

What a life. This system is broke beyond hope (so much for hope and change Mr. Prez).

Anonymous Coward says:

It has become PAINFULLY OBVIOUS that the federal government is projecting the illusion that it’s “helpless” and cannot do what any reasonably minded individual KNOWS it can do – and that is decrypt encrypted messages with relative ease.

The arguments they’re using are simply to ludicrous and LOUD (public) to suggest anything else (it is here where any shill worth his/her salt would suggest mere “incompetence” is to blame… that tired falsehood fell apart years ago – they know what they’re doing, and you KNOW this to be the case.)

Wyrm (profile) says:

"Trusted computing", does that ring a bell?

This is the exact same “computer security” that copyright lobbies have asked for a long time.

– Security should be: when a third-party tries to access a resource, it needs authorization as configured by the user.
– “Security” as seen by all those: when a user tries to access a resource, it needs authorization as configured by a third-party. (Government, copyright group, etc.)

That’s a fundamental issue: they’re basically asking for computers (including smartphones and other mobile devices) to distrust its owner because of their own paranoia.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...