Intelligence Community's Top Lawyer Endorses Desire For Unicorns, Leprechauns & Golden Keys That Don't Undermine Encryption

from the same-thing dept

Bob Litt, the General Counsel for the Office of the Director of National Intelligence (ODNI), gave a speech on Wednesday trying to address the public's ongoing concerns about government surveillance. The speech is long, but it's well worth reading. There's a lot of "yes, we could have done a better job explaining ourselves, and we promise we're learning" kind of talk, but little of real substance. However, at the very end of the speech, he joins the ridiculous bandwagon of ignorant government and law enforcement attacking the idea of encryption the government can't crack. But, similar to the Washington Post's magical golden key (not a backdoor!) proposal, Litt has some wishful thinking about a magic key that only the government can use:
Encryption is a critical tool to protect privacy, to facilitate commerce, and to provide security, and the United States supports its use. At the same time, the increasing use of encryption that cannot be decrypted when we have the lawful authority to collect information risks allowing criminals, terrorists, hackers and other threats to escape detection. As President Obama recently said, “[i]f we get into a situation in which the technologies do not allow us at all to track someone that we’re confident is a terrorist …that’s a problem.” I’m not a cryptographer, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.
I'm not sure how many times in how many different ways this needs to be explained, but what they're asking for is a fantasy. You cannot put a backdoor in encryption and create a magic rule that says "only the government can use this in lawful situations." That's just not how it works. At all. The very idea of decryption by a third party "compromises the integrity of the encryption technology," almost by definition.

Separately, Litt's reassurances elsewhere ring incredibly hollow. In trying to respond to concerns about so-called "incidental" collection of information under Section 702 of the FISA Amendments Act (information that the NSA isn't allowed to collect, but does so anyway and then hangs onto it and makes it searchable by a variety of government agencies), he notes that they have "reaffirmed" that such data must be deleted if they're determined to have no foreign intelligence value, but then (no joke!) his own speech has an asterisk with a giant loophole. Here is the speech posted on the ODNI's own Tumblr page:
It's like they're really not even trying to hide the massive loopholes they've built in. In case you're wondering, the loopholes buried in that asterisk include basically everything:
Under the new policy, in addition to any other limitations imposed by applicable law, including FISA, any communication to or from, or information about, a U.S. person acquired under Section 702 of FISA shall not be introduced as evidence against that U.S. person in any criminal proceeding except (1) with the prior approval of the Attorney General and (2) in (A) criminal proceedings related to national security (such as terrorism, proliferation, espionage, or cybersecurity) or (B) other prosecutions of crimes involving (i) death; (ii) kidnapping; (iii) substantial bodily harm; (iv) conduct that constitutes a criminal offense that is a specified offense against a minor as defined in 42 USC 16911; (v) incapacitation or destruction of critical infrastructure as defined in 42 USC 5195c(e); (vi) cybersecurity; (vii) transnational crimes; (or (vii) human trafficking.
Yes, some of the activities covered by this list are pretty bad. But it doesn't change the fact that the NSA isn't supposed to collect such information or retain it at all. Writing in all these exceptions is pretty damn broad, especially given the NSA and its "cute" interpretations of the law.

Filed Under: backdoors, bob litt, encryption, golden key, incidental collection, magic key, nsa, odni, section 702, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 5 Feb 2015 @ 7:53am

    There is a very simple question that must be asked when these fools bring the "Golden Key" into the discussion: supposing such 'Keyhole' (not a backdoor!) ins installed and the key is given to law enforcement and nobody can use any other means (ie: it's perfectly secure). This key is obviously digital, right? So, WHAT HAPPENS WHEN SOMOBODY OUTSIDE THE GOVERNMENT DISCOVERS THE KEY? No really. What happens if Russia/China/Iran/ISIS/Bogeyman discover it either by accident or by other means such as espionage? Then what?

    After the clueless silence that follow the question you add: that's why such thing is not feasible. There is no security if there's a hole in it, call it whatever you want. To finish it while mocking these morons propose to change the name 'Golden Key', 'Solution' or whatever they call it to "Cyber Unicorn". At least it's cute and rhymes with Cyber War.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 5 Feb 2015 @ 8:10am

      Re:

      What a silly question, obviously no one would ever discover the key! I mean, every single branch of the government and police has absolutely perfect security, the mere idea that anyone could ever just make off with vast amounts of highly sensitive data, much less a single digital 'key', is just preposterous! /s

      I'll second the proposed name change to 'Cyber Unicorn'. It's catchy, while at the same time describes perfectly what they are asking for: Something that doesn't exist.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 9:51am

      Re:

      Trust us, we won't (obvious thing that will absolutely happen)!

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 5 Feb 2015 @ 8:04am

    'I’m not a cryptographer, but I am an optimist'

    Red flag #1: Someone who admits that they don't have any knowledge in a field, a field that requires very specialized training and knowledge, and then proceeds to try and tell those in that field what they should be able to do.

    "I’m not a scientist, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the laws of physics as we know them but that enables both faster than light travel and infinite replication of physical goods without expending any energy."

    "I’m not a chemist, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the vast diversity and complexity in genetics but that enables both completely effective cures for every disease and treatments that work equally well for every single person, treatments that don't require any modifications between individuals."

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 5 Feb 2015 @ 8:33am

      Re: 'I’m not a cryptographer, but I am an optimist'

      I’m not a cryptographer, but I am an optimist

      It's like when you have a terminal patient and the family starts lashing out at the doctors because "there must be something that can be done" as if they haven't tried everything possible. You know, denial. Because there are plenty of security holes that weren't abused when discovered to show that any weak point will be exploited eventually.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Anonymous Coward, 5 Feb 2015 @ 9:44am

        Re: Re: 'I’m not a cryptographer, but I am an optimist'

        It sure looks like they are going through the five stages of grief: Denial, Anger, Bargaining, Depression, Acceptance. This sounds like they are in stage 3, Bargaining. I hate to think what the Depression and Acceptance stages will look like.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Feb 2015 @ 10:18am

          Re: Re: Re: 'I’m not a cryptographer, but I am an optimist'

          acceptance - The NSA accepts what they do.
          Kind of already at that stage.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 10:16am

      Re: 'I’m not a cryptographer, but I am an optimist'

      Here's part of the problem. We've let people who have no knowledge in the subject they're talking about but have a feeling have equal weight of importance to those who are experts in their field.
      Rather than belittling or mocking them, we instead empower them.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 5 Feb 2015 @ 1:38pm

        We empower those who act on gut feeling...

        ...and thus mighty empires fall.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Feb 2015 @ 5:07pm

        Re: Re: 'I’m not a cryptographer, but I am an optimist'

        Sociopathy + Dunning-Kruger = "Leader"

        reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 6 Feb 2015 @ 12:00am

        Re: Re: 'I’m not a cryptographer, but I am an optimist'

        Yeah, the idea that 'Everyone's opinion is equally valid' needs to die, horribly.

        Everyone's opinion is not in fact equally valid, someone who has studied a subject for years, or decades, is far more qualified to give a statement regarding their field of choice than someone how lacks those qualifications, and while someone with only a vague familiarity with a given field/subject are certainly welcome to give their opinion, the two statements or opinions are not even remotely close.

        One person knows what they are talking about and has the experience to back it up, the other one doesn't, so society needs to stop treating both as though they are equally valid and should be given equal consideration.

        Now, this is not to say that the person without experience cannot make good points, or come up with interesting ideas, as sometimes not knowing what you 'can't do' allows you to think of ideas and solutions that the more educated on the subject might have ignored, but more often than not, the one with experience will be right, the one without, will not.

        reply to this | link to this | view in chronology ]

        • identicon
          Marcus, 6 Feb 2015 @ 6:49am

          Re: Re: Re: 'I’m not a cryptographer, but I am an optimist'

          Yeah, the idea that 'Everyone's opinion is equally valid' needs to die, horribly.


          As the Good Doctor once put it:
          Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge".
          --Isaac Asimov

          reply to this | link to this | view in chronology ]

        • identicon
          Marcus, 6 Feb 2015 @ 6:49am

          Re: Re: Re: 'I’m not a cryptographer, but I am an optimist'

          Yeah, the idea that 'Everyone's opinion is equally valid' needs to die, horribly.


          As the Good Doctor once put it:
          Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge".
          --Isaac Asimov

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 10:27am

      Re: 'I’m not a cryptographer, but I am an optimist'

      It is some kind of bad joke isn't it?

      I'm the Big Bad Wolf, but I'm an optimist. I am sure the the little pig will let me in.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 5 Feb 2015 @ 11:55am

      Re: 'I’m not a cryptographer, but I am an optimist'

      This.

      From the same government that had to take a vote in the Senate on whether climate change is a hoax.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 9:36am

    Obama has begun sending his pawns to "lay the groundwork" for him, as he's supposed to say whether he's pro-encryption (cybersecurity!) or anti-encryption (terrorism!)

    In typical Obama fashion, he'll make it seem as if his decision is "balanced", when it fact it's pro-surveillance to the extreme.

    So he'll say "we need encryption for cybersecurity, but we also need golden keys to decrypt everything ourselves".

    reply to this | link to this | view in chronology ]

  • identicon
    JD, 5 Feb 2015 @ 9:38am

    I'm not ...

    I'm not a politician, but I'm an optimist, and I believe that one day we'll have a national security apparatus which doesn't lie to the American public, doesn't overstep its boundaries, and is held responsible for its violations of the law.

    I also believe my optimistic vision will occur first.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 9:40am

    Damn it, Jim! I'm an optimist, not a cryptographer!

    reply to this | link to this | view in chronology ]

  • icon
    pixelpusher220 (profile), 5 Feb 2015 @ 9:43am

    in terms they may understand

    Basically they want a 'window' through which they can look into your 'house'.

    It doesn't stop a burglar from breaking entering via said window even though its an 'official use only window'.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 9:45am

    Can they create it, sure. Is it safe, not at all. Would anyone use it? Would customers feel safe using US services? Fuck NO

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 9:46am

    Is not a government mandated backdoor into all citizen's private communications. While also mandating that third party service providers must seize and retain a copy of all those backdoored communications for a period of time. So that if the government chooses to unlock and search those seized communications at some point in the future, they are free to do so. Is that not the definition of a general warrant?

    Could not these government mandated backdoors for digital devices and services, also be applied to doorlock manufacturers? Could not they also be mandated into supplying government with it's own separate copy of a universal doorlock key? With which, the government could use this universal key to unlock any door in a citizen's home with minimal effort. While leaving behind little evidence that such a search of the home ever took place.

    If the answer is yes. The government reserves that right to unlock all backdoored products citizens use to communicate, locks on their homes, and requires businesses craft these backdoors into the products they sell. Would this not imply the government also reserves the right to unlock and peer directly into a citizen's private life, thoughts, and associations?

    After all, the ultimate universal key a government can possibly posses. Is one with which, grants government the ability to directly peer into the private lives of all citizens. While also offering citizens no way of knowing who's private communications are being secretly unlocked through use of universal keys in the government's possession.

    I say no! Such universal keys grant government too much power over the lives of citizens, and destroys the constitutional principles enshrined in the 4th Amendment. Such that a citizen's private communications can no longer reasonably be thought of as exhibiting an actual expectation of privacy, due to forced use of government mandated backdoors. While also failing to meet the constitutional standard of only seizing a citizen's communications upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    Such universal keys also all but destroy any chances of future whistleblowers communicating their message to the public. For if such messages were to take place over backdoored communication channels. For which, the government has both access to the archives of everyone's messages, and is also in possession of the universal key capable of unlocking all those archived messages. Such whisleblowing actions will be deemed too risky and near impossible.

    It's hard to image how freedom and democracy could survive through such a bleak looking authoritarian future. Or how future administrations who grasp ahold the helm of power. Could possibly restrain itself from abusing such awesome powers into the indefinite future.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 9:58am

      Re:

      Such universal keys also all but destroy any chances of future whistleblowers communicating their message to the public.

      Right there is one of the major reasons that governments wish to have backdoors; they have much more to hide that the citizens that they wish to spy on.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 5 Feb 2015 @ 11:58am

      Re:

      > Is not a government mandated backdoor into all citizen's private communications.

      Yes it is.

      Golden Keys ARE back doors.

      Just like a system with a back door special password. That key, or password, works for anyone who happens to have it (a copy of it).

      In every way you can describe a back door in a system, the golden key is equivalent.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 12:25pm

      Re:

      The printing press is to the internet as a candle is to the sun.

      We will prevail.

      reply to this | link to this | view in chronology ]

    • identicon
      Cal, 6 Feb 2015 @ 9:47am

      Re:

      "It's hard to image how freedom and democracy could survive through such a bleak looking authoritarian future. "

      If it was democracy it cannot. Study history.

      Thankfully we do NOT have a democracy here in the USA, we NEVER have had one here, and we will NEVER have one here though they are trying hard to make it seem like we do. Why not? Because they all have ALWAYS (100%) gone to tyranny.

      Thank God we have a Constitutional Republic. The US Constitution IS basically our government and their contract (it defines our contract with, and it is from where, those who serve within our governments get their authority).

      "... a bleak looking authoritarian future"

      That is up to us, it has ALWAYS been up to us.

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 6 Feb 2015 @ 10:13am

        Re: Re:

        Thankfully we do NOT have a democracy here in the USA, we NEVER have had one here, and we will NEVER have one here though they are trying hard to make it seem like we do.

        That depends on which definition of "democracy" you use.

        reply to this | link to this | view in chronology ]

  • identicon
    STJ, 5 Feb 2015 @ 9:56am

    I'm not a cook

    but I believe that Doritos can make a chip without calories or fat, but all the taste.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 9:57am

    Where's the exception for copyright violation offenses? How can we possibly protect the American way of life without protecting the artists and other creative individuals who would stop creating immediately without that protection? We can't afford to let pirates and other copyright violators hide behind encryption.

    reply to this | link to this | view in chronology ]

    • identicon
      jackn, 5 Feb 2015 @ 10:22am

      Re:

      I think you're in the wrong forum.

      Nobody protects artists or creative types. They exist to be exploited. You bosses know this as well and will do anything to keep it this way.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 10:51am

      Re:

      You joke, but it's clear that copyright is the ideal mechanism for the surveillance state. Not that the excuses of "but terrorism" and "for the children" are going away anytime soon, but the ultimate excuse for full time surveillance is to ensure that everyone pays for every bit of media and culture that hits their senses.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 6 Feb 2015 @ 6:13am

      Re:

      What is your point?

      Are you trying, poorly, to suggest that the intelligence agencies should share their back door (aka 'golden key') with the RIAA and MPAA?

      Or would it be too much work for the **AA-holes to monitor and decrypt all traffic looking for copyrighted bits? Would it be better for the intelligence agencies to simply send notices to the **AA-holes that they found a copyright infringement? Or would even that be too much work? Maybe the intelligence agencies should just send an infringement notice directly to the ISPs and cut out the middle man?

      Oh, wait. I know what the **AA-holes would like best. The intelligence agencies simply show up in the middle of the nigtht and secretly arrest and 'disappear' anyone they suspect of copyright infringement, with no due process. Why bother the ISPs?

      > We can't afford to let pirates and other
      > copyright violators hide behind encryption.

      I just suggested the answer for you. And it's just as evil as 'golden keys'.

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 6 Feb 2015 @ 6:23am

        Re: Re:

        Are you trying, poorly, to suggest that the intelligence agencies should share their back door (aka 'golden key') with the RIAA and MPAA?

        Poe's law and all, but I'm pretty sure that was a joke.

        reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 5 Feb 2015 @ 10:22am

    The proper ending to the sentence

    "I'm not a cryptographer...

    ...so now I'm going to defer to the expertise of people who are."

    reply to this | link to this | view in chronology ]

  • identicon
    Ambrellite, 5 Feb 2015 @ 10:23am

    Does anyone believe they wouldn't eagerly accept *any* backdoor, regardless of its implementation? That's exactly what they do when they exploit vulnerabilities in consumer products without trying to fix them.

    That such a backdoor would do the *opposite* of what the intelligence community ostensibly wants (by making unwary consumers vulnerable while letting *everyone* know not to use American software products) is apparently unknown to the ODNI.

    It's the cybersecurity equivalent of the surgeon general recommending everyone have a daily bleeding to stay healthy and free of bad humours.

    reply to this | link to this | view in chronology ]

  • identicon
    New Mexico Mark, 5 Feb 2015 @ 10:47am

    This is a wonderful idea...

    for people who truly believe "secret" means something you only tell one person at a time.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 10:47am

    The empire has spoken

    reply to this | link to this | view in chronology ]

  • identicon
    Jigsy, 5 Feb 2015 @ 10:59am

    "As a burglar, I would like families to have an alarm system that keeps them safe, but also allows me to break into their house."

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 5 Feb 2015 @ 12:50pm

      Re:

      I am reminded of security gates in gated communities. All of those (in my area, anyway) are required to provide a standard means by which emergency vehicles can get in. This is usually a special remote and a standard unlock code, either of which opens the gate. That makes sense, but is the very definition of a "back door".

      It turns out that pretty much every company that delivers stuff has access to the back door as well, which is how I learned the code that opens them all up: I asked the pizza guy.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Feb 2015 @ 5:39pm

        Re: Re:

        Gotta love gated communities. The only people from the outside world who can get past the wall are either servants or criminals. I wonder what this outlook does to children. Probably fills them with a false sense of security along with an abject fear of anything in the least bit unusual, completely skewing their view of reality. I'm sure there's a metaphor for the Security State in there somewhere, but my mind wanders...

        reply to this | link to this | view in chronology ]

  • identicon
    David, 5 Feb 2015 @ 11:08am

    Actually, one can get closer to this aim

    One can actually create compromised encryption where the compromising key is generated and distributed across a number of parties.

    That would mean that any communication that needs to get "legally" decrypted needs to pass through all of the involved entities.

    Now it would particularly nice if, say, law enforcement cannot decrypt any communication by themselves but have to hand it off to an authorized judge first.

    That would actually put technical measures in place for ensuring non-violation of the Fourth Amendment.

    Which, of course, means that it will never work since the executive will not tolerate getting locked out of the cookie jar and will get back in, never mind whether it is illegal.

    And then we are back at the situation where all the compromise-enabling information is in a single hand.

    In the end, reliable key escrow is not insoluble because cryptographers can't make it work, but because sociologists can't make it work.

    We have repeatedly demonstrated that we don't have the humans for making it work. There is no technological solution for that.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 11:55am

      Re: Actually, one can get closer to this aim

      Interesting idea! I believe such a system which encrypts all captured data from US citizens, and only allows that data to be unlocked by the authority of warrant issued by a judge was already proposed by William Binney. The name of Binney's proposed system was called 'Thinthread'.

      The US government rejected such an encryption system that locked them out of the data and required a court order to access US citizen's communications. The US government chose to go went with 'Stellarwind' instead. Stellarwind gave the US government unfettered access to all US citizen's communications without involving judges or warrants.

      http://www.computerweekly.com/feature/Interview-the-original-NSA-whistleblower

      So you are correct Master David. We do have the technological means to make such a system plausible. But we humans lack the integrity, social, and moral means as a species to make such a system practical. As the choice between Thinthread and Stellarwind proved. As the unconstitutional actions of the NSA, FBI, DEA, DOJ and CIA under the executive branch have proved. As well as the lack of reform efforts in all three branches of government after the Snowden revelations have also proved.

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 5 Feb 2015 @ 12:21pm

      Re: Actually, one can get closer to this aim

      Now it would particularly nice if, say, law enforcement cannot decrypt any communication by themselves but have to hand it off to an authorized judge first.

      Judges hardly ever deny warrant applications, but at least there would then be a paper trail for all these searches. Until the DOJ compromised the judicial computer systems and stole the other half of the key. Nah, they would never do that, right?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 12:24pm

    I’m not an optimist, but I am a cryptographer...

    I *know* (NOT an article of faith) that if our businesses and academics put their minds to it, they will find many solutions that do not compromise the integrity of encryption technology but that all such answers will by their very nature and proper purpose impede any attempts at decryption under lawful authority to protect national security.

    Any solution that enables decryption under lawful authority to protect national security must by definition compromise the integrity of encryption technology.

    Bob Litt is spouting...something, something, hmmm, what rhymes with "Bob Litt"?

    reply to this | link to this | view in chronology ]

  • identicon
    Beech, 5 Feb 2015 @ 12:31pm

    Even if their magical government-only-golden-front-door-key is a theoretical possibility, why on Earth should private parties pay the (probably hefty) sum to research/invent it? It would be like, instead of funding the Manhattan Project, the government raided the Harvard Physics department, handed the department head a picture of a huge mushroom cloud sketched on a napkin, and demanded that they make them something like that, out of his own pocket.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 1:10pm

      Re:

      The government does not pay for anything, the tax payers pay the governments bills, including the pay of the politicians and all th bureaucrats involve in government. This includes all the donations made by corporations, as these come out of their profits, which come from the prices that they charge their customers.

      reply to this | link to this | view in chronology ]

  • identicon
    Stephen, 5 Feb 2015 @ 12:58pm

    Sauce for the Goose

    I wonder whether the NSA itself--not to mention the president and his national securirty people (not to mention the US military)--will be using such golden-key enabled encryption devicthemselves or whether manufacturers like Apple & Google will be obliged to make two distinct kinds of their devices: one for the plebs with the golden key enabled and one for the president et al where it has been DISabled?

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 5 Feb 2015 @ 1:10pm

      Re: Sauce for the Goose

      "whether manufacturers like Apple & Google will be obliged to make two distinct kinds of their devices: one for the plebs with the golden key enabled and one for the president et al where it has been DISabled?"

      It would be this, since that's essentially how it works right now. It's not that companies are required to create special devices, it's that either they're paid to do so or the NSA modifies them. In any case, the devices the President uses is not the same as the devices you & I use, even if they're technically the same model.

      Remember the big deal about Obama's Blackberry? That was a stock Blackberry modified by the NSA to enhance security.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Feb 2015 @ 1:14pm

        Re: Re: Sauce for the Goose

        Remember the big deal about Obama's Blackberry? That was a stock Blackberry modified by the NSA to enhance security.

        The NSA are the very people who believe that they are entitled to spy on heads of governments, by installing backdoors where possible. They has the presidents phone in their hands, and if they know what the president is thinking, they know what intelligence and with what slant to give him, hmmm....

        reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 5 Feb 2015 @ 1:08pm

    The Big Unicorn In The Room

    At what point did I lose the right to have private data?

    Assuming that the DoJ wasn't just a power-grabbing street-gang and actually had a modicum of integrity left, where's my constitutional right to privacy?

    There just aren't enough child predators and terrorists in this world to justify my entire life being put on display for the courts to mull over to see if I did something wrong that day.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 5 Feb 2015 @ 1:12pm

      Re: The Big Unicorn In The Room

      "At what point did I lose the right to have private data?"

      According to the government, you lost that right as soon as you allowed the private data to touch a third party server. They want to expand that to include if the data exists on a device you didn't build yourself.

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 5 Feb 2015 @ 1:24pm

      Re: The Big Unicorn In The Room

      Assuming that the DoJ wasn't just a power-grabbing street-gang and actually had a modicum of integrity left, where's my constitutional right to privacy?

      Oh, I think I see where you went wrong...

      reply to this | link to this | view in chronology ]

  • icon
    Brian Weeden (profile), 5 Feb 2015 @ 1:46pm

    It is perfectly possible to design strong crypto that allows govt access

    It is possible to have a system with strong crypto that still gives the government access.

    1. have everyone generate a public/private key pair
    2. take a message you want to encrypt
    3. choose a random string (nonce) and use that nonce as the key to a symmetric cipher to encrypt the message
    4. encrypt the nonce with the sender's public key
    5. encrypt the nonce with the recipient's public key
    6. encrypt the nonce with the provider's (or government's) public key
    7. attach all three encrypted nonces to the encrypted message and send

    The only people who can decrypt that message are the three people with the corresponding private keys: the sender, the recipient, and the provider/govt. The ability of the provider/govt to decrypt the message does not undermine the crypto in any way.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 1:54pm

      Re: It is perfectly possible to design strong crypto that allows govt access

      Not undermining the depends on all the private keys being kept private. The government private key will become widely distributed within government organizations, and will leak to other parties rather rapidly.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Feb 2015 @ 2:27pm

      Re: It is perfectly possible to design strong crypto that allows govt access

      Right. Exactly. Techdirt doesn't understand this. Multiple keys or copies of one key don't constitute a technical barrier to security.

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 5 Feb 2015 @ 5:44pm

      An alternative even more secure design

      1. Encrypt your message with your recipients public key and send.
      2. Encrypt a banal message of similar length to the first one message with the government's public key and send.
      3. In the case that the difference between the two messages are shared, compared and discovered to be different, blame damn encryption software.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 6 Feb 2015 @ 6:21am

      Re: It is perfectly possible to design strong crypto that allows govt access

      > The ability of the provider/govt to decrypt the message does not undermine the crypto in any way.


      While technically clever and simple in implementation, that is the most idiotic statement I've heard in a while.

      The purpose of crypto is to communicate privately.

      Being mandated to include a way for and unknown number of unknown third parties to read the secret message totally and utterly undermines crypto.



      Having a central government Key repository (car keys, house keys, vault keys, etc) that keeps copies of each and every key on your keyring does not undermine security in any way. Idiotic. Keys are for security. Giving the government all keys provides a central weak point. An unknown number of weak points because all those keys can be copies unlimited times.

      reply to this | link to this | view in chronology ]

    • icon
      Griffdog (profile), 6 Feb 2015 @ 12:02pm

      Re: It is perfectly possible to design strong crypto that allows govt access

      The approach of symmetrically encrypting the message once and then encrypting the key multiple times for multiple readers is technically feasible but totally impractical for use as a Golden Key.

      1. Why would you assume that you only need to include one Golden Key? If my email went from the US to the UK, wouldn't the GCHQ demand their own ability to read my mail? If I sent a message from the US to my US-citizen friend who happened to be on vacation in Japan, isn't Japan going to want a key? If the email was between two US citizens, maybe DHS and the FBI would someday need to read it, but who's going to stop the NSA from illegally reading my communication? They should have their own key, and my email system shouldn't apply it unless I'm sending the message to an international destination. How's it going to know that? Under current law, the IRS asserts that it doesn't even need a warrant to read emails stored for more than 18 months on an online server; do they get a key so that they can unlock the database of stored, encrypted emails once they're the right age? Where does it stop?

      2. Assume there's a single key that can decrypt every email message originating in the US. Every country and bad-ass gang of evil-doers is going to be trying like hell to guess or steal the US public-private key pair. The private key simply won't be private for long. (see point #6, below)

      3. Email is useful as an example, but the Government will want to access all communications, because it can't tell whether there's something nefarious happening until it reads the data. (Of course, the NSA just assumes that ALL encrypted messages are of interest.) So, every encrypted communications path will need to provide dozens of golden keys; HTTPS links, VPN channels, financial data links, EVERYTHING.

      4. So, now my email system needs to manage not only the public keys for my friends, but also an undefined number of Golden Keys from the various agencies and foreign governments that might potentially, some day have a legal right to read my mail. Ignoring the concern that I now need to extend my trust to many entities to protect their Golden Keys and their stored copies of my emails, who is going to verify that all of these Golden Keys I've received are actually owned by the agencies that are allowed to get copies of my mail? How hard will it be for a bad guy to issue his own key under the guise of a valid eavesdropper, or to hack a government web page and insert his own key instead of the government's key?

      6. How frequently will the Golden Keys roll over to a new key? The NSA recommendation for communications security of most classified links is to change the key daily. These Golden Keys are protecting so much data, they should probably be protected at least as high as Top Secret. So, now you need to reissue the government's public key(s) every day. But it's not good practice to store encrypted data when the encryption key has been superceded, so the data storage facility is going to want to decrypt everything as soon as it's intercepted and then maybe bulk encrypt it for long term storage. But heck, ya' might as well scan the info for trigger phrases as long as it's just sitting there in readable form, right? Anyone out there who trusts every government agency, foreign and domestic, to always ignore that temptation?

      7. Finally, why would any government invest in such a scheme when it would so easily be thwarted. While reducing the privacy of law-abiding citizens and increasing the risk of HUGE data breaches, this scheme doesn't offer any greater insight into the encrypted communications of people who choose not to use a product that sends a copy of the data to the Golden Key recepients.

      These points were framed against the straw man approach of using multiple public keys to share a symmetric key among multiple authorized (or potentially maybe someday authorized) recipients, but all of these issues would remain detractors of any approach that allows third-party access to encrypted communications.

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 6 Feb 2015 @ 12:32pm

        Re: Re: It is perfectly possible to design strong crypto that allows govt access

        While reducing the privacy of law-abiding citizens and increasing the risk of HUGE data breaches, this scheme doesn't offer any greater insight into the encrypted communications of people who choose not to use a product that sends a copy of the data to the Golden Key recepients.

        Presumably if this golden key nonsense were mandated, the law would also make it a felony to transmit any incompatible encrypted message. Probably it would also be illegal to make, sell, import, or possess software or hardware capable of doing that.

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 7 Feb 2015 @ 10:13am

          If we were going in the direction of mandating government access

          It would start with small steps, such as the courts deciding that refusing to unencrypted data was not protected by our fourth and fifth amendment rights.

          That's the state of the issue right there. And this notion of a golden key even though it presents obvious problems, helps the courts justify the subpoena of decrypted data.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 7 Feb 2015 @ 10:20am

            This presents yet another opportunity for new technology

            Namely an encryption time-bomb that destroys a segment of the key if it's not reset within a certain time frame.

            That way, private data is lost (locked beyond practical cryptanalysis) just from the owner not taking action for a short period of time (say a week or month).

            Considering how our right to speedy trial is regarded by the courts, that would be plenty to assure that all the courts could subpoena is garbage.

            reply to this | link to this | view in chronology ]

            • icon
              nasch (profile), 7 Feb 2015 @ 10:41am

              Re: This presents yet another opportunity for new technology

              Namely an encryption time-bomb that destroys a segment of the key if it's not reset within a certain time frame.

              Wouldn't that depend on a particular software implementation? Law enforcement, intelligence, or criminals (insert joke here) could snap the ciphertext and use some decryption software that doesn't implement the time bomb. I don't see how it would be possible to encrypt something so the key works only temporarily.

              reply to this | link to this | view in chronology ]

              • icon
                Uriel-238 (profile), 7 Feb 2015 @ 11:05pm

                Software implementation

                A time-bomb device like this wouldn't be encryption side, but key management, and yes: it's software implementation.

                You could use the same device that Invisible Inc suggested for emails that expired, in which a third party held a part of the key and released it only within time limits.

                In this case, the same third party would hold a part of your key (encrypted, itself, so it's useless on its own) and would delete it upon expiration. The expiration date is renewed with frequent check-ins (e.g. once a week).

                Once the original data is seized (stolen, intercepted, whatever), the check-ins cease. The key rapidly expires, and the data turns into (essentially) a block of garbage.

                It's an encryption scheme with a dead-man kill switch.

                reply to this | link to this | view in chronology ]

                • icon
                  nasch (profile), 8 Feb 2015 @ 7:04am

                  Re: Software implementation

                  I get it, so it's technically feasible but law enforcement and the three letter agencies would never go for it.

                  reply to this | link to this | view in chronology ]

                  • icon
                    Uriel-238 (profile), 8 Feb 2015 @ 11:30am

                    "Law enforcement wouldn't go for it"

                    Of course not. Such a service is not intended to capitulate to law enforcement but to create a privacy they cannot invade.

                    If the third party is centralized and in their jurisdiction then yeah, they might try to subpoena all the partials. The cure for that is to either launch the service out of US jurisdiction (much the way that VPNs do) or to decentralize the service (friendly companies hold each other's timelock codes).

                    It's not illegal yet. But neither are VPNs, and neither is robust encryption -- yet. But criminalizing these things would be a big step in admitting that we're in a police state. Still the technology would continue to develop encryption beyond reach of the law, such as deniable encryption (encrypted data that appears as garbage in unused portions of the storage device.)

                    reply to this | link to this | view in chronology ]

                    • icon
                      nasch (profile), 8 Feb 2015 @ 12:37pm

                      Re: "Law enforcement wouldn't go for it"

                      But criminalizing these things would be a big step in admitting that we're in a police state.

                      Indeed, that's the thing to watch for. Hopefully encryption will become too mainstream, and it will be too late to ban it without major backlash.

                      reply to this | link to this | view in chronology ]

  • icon
    Bamboo Harvester (profile), 5 Feb 2015 @ 2:00pm

    Really?

    Come ON. "Government ONLY"? Doesn't this clown realize that EVERY company making hardware or software falling under this ruling would need a copy of that key to test compliance?

    Even if a way were found around that (like all prototypes must be NSA approved before production), it would likely take less than 24 hours before that key was released into the wilds of the internet.

    I suspect this whole "story" is a distraction - what ELSE is going on in this field (or a closely related one) that the government doesn't want us looking at too closely?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 2:07pm

    What you're saying is factually uintrue:

    "The very idea of decryption by a third party "compromises the integrity of the encryption technology," almost by definition. "


    If there exists a key that can decrypt it at all, it does not become less secure because either 1) someone has a copy of that key or a 2) second key exists. As a matter of fact, any number of keys COULD exist to the same encrypted content and meaningfully decrease the security.

    The question is who has the keys and can they be trusted Suposedly, you trust yourself with your private key. But the correctness of this trust is the ONLY thing that makes that encryption secure. If yo're the type who gets wasted and like to get on a bar stool and recite your key, then all bets are off. So also with other keys. Each one is as secure as the other so long as there aren't a ridiculous number of them and they're both kept secret from all other parties including the other key holder.

    So you may have a point, but I'm afraid you fail to make it using your present argument.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 5 Feb 2015 @ 4:16pm

      Re:

      The question is who has the keys and can they be trusted

      Exactly. Even if the keys stayed with the federal government, there's no way they would be kept secure indefinitely. Whether it would be intentionally leaked, accidentally leaked, purchased, or stolen, it's too valuable a secret to be kept secret forever. And if the keys were given to local police as well, then forget it. Just the sheer number of people with access guarantees it would get out quickly.

      reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 5 Feb 2015 @ 2:13pm

    Someone needs to explain to these idiots that what they're asking for is the equivalent of an easy-open button on a door lock; You press it and the door opens without needing to use a key. Now ask them how they would prevent burglars from using that button and ensure that it's only used by law enforcement.

    reply to this | link to this | view in chronology ]

  • identicon
    Marcus, 5 Feb 2015 @ 3:16pm

    Another gem from the speech:

    One of the many ways in which Snowden's leaks have damaged our national security is by driving a wedge between the government and providers and technology companies, so that some companies that formerly recognized that protecting our nation was a valuable and important public service now feel compelled to stand in opposition.


    The guy is still a toddler, not mature enough to realize that the problem is "I did wrong" rather than "I got caught".

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Feb 2015 @ 6:23pm

    Even if they are truly magical, golden keys and secret backdoors only work until someone comes along and asks "What's the Elvish word for friend?" Riddles are only useful if they have an answer.

    reply to this | link to this | view in chronology ]

  • identicon
    Just Another Anonymous Troll, 6 Feb 2015 @ 8:05am

    (iv) conduct that constitutes a criminal offense that is a specified offense against a minor as defined in 42 USC 16911;
    Obligatory for the children there for ya.

    reply to this | link to this | view in chronology ]

  • identicon
    Rearden Hank, 6 Feb 2015 @ 8:16am

    ayn rand was right

    reminds me of a wind energy messe
    where a girl was showing a beautiful computer model of wind flowing around buildings in a city,
    I told her it was kind of useless because the wind turbine technology we have had for the last thousands of years does not handle well turbulence...
    and she said something like :

    "perhaps you need to properly design new wind turbines then"

    reply to this | link to this | view in chronology ]

  • identicon
    Clipper chip, 6 Feb 2015 @ 8:23am

    Clipper chip

    Clipper chip

    we need to kill all the internet sites talking about "Clipper chip"

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.