NSA Director: If I Say 'Legal Framework' Enough, Will It Convince You Security People To Shut Up About Our Plan To Backdoor Encryption?

from the wanna-try-that-again dept

Admiral Mike Rogers, the NSA Director, has barely been on the job for a year, and so far he'd mostly avoided making the same kinds of absolutely ridiculous statements that his predecessor General Keith Alexander was known for. Rogers had, at the very least, appeared slightly more thoughtful in his discussions about the surveillance state and his own role in it. However, Rogers ran into a bit of trouble at New America's big cybersecurity event on Monday -- in that there were actual cybersecurity folks in the audience and they weren't accepting any of Rogers' bullshit answers. The most notable exchange was clearly between Rogers and Alex Stamos, Yahoo's chief security officer, and a well known privacy/cybersecurity advocate.

Alex Stamos (AS): “Thank you, Admiral. My name is Alex Stamos, I’m the CISO for Yahoo!. … So it sounds like you agree with Director Comey that we should be building defects into the encryption in our products so that the US government can decrypt…

Mike Rogers (MR): That would be your characterization. [laughing]

AS: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.

MR: I’ve got a lot of world-class cryptographers at the National Security Agency.

AS: I’ve talked to some of those folks and some of them agree too, but…

MR: Oh, we agree that we don’t accept each others’ premise. [laughing]

AS: We’ll agree to disagree on that. So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?

MR: So, I’m not gonna… I mean, the way you framed the question isn’t designed to elicit a response.

AS: Well, do you believe we should build backdoors for other countries?

MR: My position is — hey look, I think that we’re lying that this isn’t technically feasible. Now, it needs to be done within a framework. I’m the first to acknowledge that. You don’t want the FBI and you don’t want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it. And I’m the first to acknowledge there are international implications. I think we can work our way through this.

AS: So you do believe then, that we should build those for other countries if they pass laws?

MR: I think we can work our way through this.

AS: I’m sure the Chinese and Russians are going to have the same opinion.

MR: I said I think we can work through this.

AS: Okay, nice to meet you. Thanks.

[laughter]

MR: Thank you for asking the question. I mean, there are going to be some areas where we’re going to have different perspectives. That doesn’t bother me at all. One of the reasons why, quite frankly, I believe in doing things like this is that when I do that, I say, “Look, there are no restrictions on questions. You can ask me anything.” Because we have got to be willing as a nation to have a dialogue. This simplistic characterization of one-side-is-good and one-side-is-bad is a terrible place for us to be as a nation. We have got to come to grips with some really hard, fundamental questions. I’m watching risk and threat do this, while trust has done that. No matter what your view on the issue is, or issues, my only counter would be that that’s a terrible place for us to be as a country. We’ve got to figure out how we’re going to change that.

[Moderator Jim Sciutto]: For the less technologically knowledgeable, which would describe only me in this room today, just so we’re clear: You’re saying it’s your position that in encryption programs, there should be a backdoor to allow, within a legal framework approved by the Congress or some civilian body, the ability to go in a backdoor?

MR: So “backdoor” is not the context I would use. When I hear the phrase “backdoor,” I think, “well, this is kind of shady. Why would you want to go in the backdoor? It would be very public.” Again, my view is: We can create a legal framework for how we do this. It isn’t something we have to hide, per se. You don’t want us unilaterally making that decision, but I think we can do this.

As you read it, you realize that Rogers keeps thinking that if he says "legal framework" enough times, he can pretend he's not really talking about undermining encryption entirely. Well known cybersecurity guy Bruce Schneier pushed back, pointing out that:
It’s not the legal framework that’s hard, it’s the technical framework. That’s why it’s all or nothing.
No matter what anyone said, however, Rogers appears to keep going back to the "legal framework" well, over and over again, as if that magic phrase would change magical thinking into reality:
“If these are the paths that criminals, foreign actors, terrorist are going to use to communicate, how do we access that?” he asked, citing the need for a “formalized process” to break through encrypted technology.

Rogers pointed toward cooperation between tech companies and law enforcement to combat child pornography. “We have shown in other areas that through both technology, a legal framework, and social compact that we have been able to take on tough issues. I think we can do the same thing here.”
Yes, but that's very different, even as anyone looking to rip apart important privacy and free speech tools loves to shout "child porn," the examples are not even remotely comparable. And no one's looking to backdoor everything just to get at people passing around child porn. But the larger point stands. Rogers seems to think that there is a magic bullet/golden key that will magically only let the good guys through if only the tech industry is willing to work with him on this.
“You don’t want the FBI and you don’t want the NSA unilaterally deciding what” is permissible, Mr. Rogers said.
Except that presumes that if only the surveillance community and the tech industry got together they could come up with such a safe system, and as everyone else is telling him, that's impossible. And for a guy who is supposed to be running an agency that understand cryptography better than anyone else, that's really troubling:

Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 24 Feb 2015 @ 11:57am

    “If these are the paths that heretics, witches, satanists are going to use to communicate, how do we access that?” he asked, citing the need for a “formalized process” to break through encrypted technology.

    Rogers pointed toward cooperation between tech companies and law enforcement to combat witchcraft. “We have shown in other areas that through both technology, a legal framework, and social compact that we have been able to take on tough issues. I think we can do the same thing here.”

    reply to this | link to this | view in chronology ]

  • identicon
    Jason, 24 Feb 2015 @ 12:02pm

    Of everything said in that interview, what I personally found the most offensive was this:
    “Be grateful that you live in a nation that is willing to have this kind of dialogue,” Rogers told the audience.
    (from here)

    We don't. We're having "this kind of dialogue"---such as it is---only because the government and intelligence community has been dragged, kicking and screaming and pronouncing the immediate doom of us all, into it.

    I cycle through a lot of emotions as I keep up with all this... concern, mistrust, whatever. But comments like that make me genuinely angry.

    reply to this | link to this | view in chronology ]

    • identicon
      Lord Binky, 24 Feb 2015 @ 12:08pm

      Re:

      They should be grateful we haven't decided to reboot the United States government to get our freedom and rights back.

      reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 24 Feb 2015 @ 12:18pm

      Re:

      Indeed, if they had their way, we wouldn't be having 'this kind of dialogue', as any leaks would have been quickly destroyed, any leakers quickly thrown in solitary confinement to keep them from spreading any other 'dangerous classified information', and any news outlets or reporters quickly shut down and silenced if they dared to report on what had been leaked.

      We may be having a discussion on the matter, but that's in spite of their actions and their wishes.

      reply to this | link to this | view in chronology ]

    • identicon
      David, 24 Feb 2015 @ 12:25pm

      Mod this man up.

      reply to this | link to this | view in chronology ]

    • identicon
      David, 24 Feb 2015 @ 12:25pm

      Mod this man up.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 12:28pm

      Re:

      I said a similar thing downstream, but I think it's a safe bet that the diaglog ends the moment there's a "legal framework".

      Unless by dialog Rogers means, "this is perfectly legal, so stop complaining, and do what you're told, because Legal!"

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Feb 2015 @ 2:09pm

        Re: Re:

        I believe that is exactly what he is saying. He is not in dialogue with the american people or their representatives, he is in dialogue with legislators and trying to push a ban on the most effective encryption.

        That he is saying "there is a will, there is a way" is problematic on so many levels. Not only, is he being deliberately obtuse on the technical issue, he is also making the assumption that everybody "will" legislation or is uncooperative.
        That is so dangerous since the legislator constantly is reminded of their deadlock. Something like national safety is an area where coming off as uncooperative is dangerous.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 12:32pm

      Re:

      More like a dictation.......their still gonna push for total control at every opportunity they get, unless something substantial is written into law to stop them..........oh wait, their already ignoring their constitional laws to get away with this, so i guess they dont really give a shit about laws in general.........that fills me with so much trust

      reply to this | link to this | view in chronology ]

    • icon
      Eldakka (profile), 24 Feb 2015 @ 8:48pm

      Re:

      We're having "this kind of dialogue"---such as it is---only because the government and intelligence community...
      ...have been caught red-handed already doing this, and wish to justify and continue their endeavours.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 25 Feb 2015 @ 3:59am

        Re: Re:

        Uh, have you read the transcript? It's not a "dialogue". The giving-up-in-disgust line was "Nice to meet you" but it could equally well have been "thank you for padding the silence between my questions with talk noise". Talking about a "dialogue" is just plain contempt for his "discussion" partner and the audience.

        He is exhibiting the intellect of a mop that has never been to the ground.

        reply to this | link to this | view in chronology ]

    • identicon
      Prisoner 201, 25 Feb 2015 @ 5:36am

      Re:

      Is it just me or does that sound like a threat? Nice country you have there, willing to talk about removing your rights before we do it. Shame if something were to ...happen to it.

      reply to this | link to this | view in chronology ]

  • identicon
    Lord Binky, 24 Feb 2015 @ 12:02pm

    How about this for a legal framework. If you get a golden key for all my data and encryption, I get a golden key for all of yours.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:03pm

    I’m the first to acknowledge there are international implications. I think we can work our way through this."

    Work you're way through the shit you're creating you mean

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:10pm

    Rogers seems to think that there is a magic bullet/golden key that will magically only let the good guys through if only the tech industry is willing to work with him on this."

    Wanting the backdoor automatically, makes you the the "bad guy" as far as this lone voice is concerned

    reply to this | link to this | view in chronology ]

    • icon
      AricTheRed (profile), 24 Feb 2015 @ 12:49pm

      Re:

      "Wanting the backdoor automatically, makes you the the "bad guy" as far as this lone voice is concerned"


      Wifey says the same thing!

      reply to this | link to this | view in chronology ]

    • icon
      Padpaw (profile), 25 Feb 2015 @ 12:34pm

      Re:

      Simple enough, If they are foolish enough to pass a law requiring companies to do this or have all their assets seized because aiding and abetting terrorism if you don't do what the government tells you to.

      Does this idea really sound all that farfetched considering how these governments act and the complete lack of respect they have towards human rights or even the rights their country was founded on.

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 24 Feb 2015 @ 12:13pm

    'We can work our way through this' = 'I already tried to dodge your question, why do you keep asking it?!'

    AS: We’ll agree to disagree on that. So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?

    ...

    AS: So you do believe then, that we should build those for other countries if they pass laws?
    MR: I think we can work our way through this.
    AS: I’m sure the Chinese and Russians are going to have the same opinion.
    MR: I said I think we can work through this.
    AS: Okay, nice to meet you. Thanks.


    That point really needs to be hammered home any time someone starts talking about 'Golden keys' or 'backdoors', any company that builds in a weakness for one group is basically building in a weakness for everyone who cares to look for it, and some, if not most of those people are not going to be the kind of people that you'd want browsing through systems that are supposed to be secure.

    In addition, a company that folds once is going to have a very difficult time refusing when others come knocking and demand the same level of access, and the only defense against that it to refuse every single time, no matter who's asking.

    I can't help but think that he had to have been very unpleasantly surprised by the fact that they were willing, and able to call him out on his lies and attempts and dodging the question. I imagine he went there with the idea that he'd be able to just throw out the usual crap and they'd just nod their heads like the idiots in the 'news' do, to have them actually point out how completely wrong he was seems to have completely thrown him, to the point where all he could do was repeat the same empty line in response.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:15pm

    The US government loves legal frameworks, it allowed them to torture people didn't it?

    All they want is the right magic words to make everything legal. Then concepts like, right or wrong, technically practical or impractical, safe or unsafe don't matter anymore. What matters is that they can make people do it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 12:42pm

      Re:

      they also love

      Excutive orders
      War time laws
      Super duper shiny whiny new authorities, commonaly known as terrorist laws, because criminal law has to much of that damed rights business
      National security get out of jail free card
      shuddup you face letters
      Multiple secret interpretations of words and stuff
      Tragedies >: [
      Etc
      Etc

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Feb 2015 @ 12:47pm

      Re:

      A million times this.

      Having a "legal framework" provides very nearly no protection from abusive government agencies. Look at the the history of the NSA, CIA, and FBI for copious examples.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Feb 2015 @ 1:06pm

        Re: Re:

        ikr

        they can't even comply with this:

        The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.


        how are they gonna wade through the inevitable 9,543 page legal framework?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 24 Feb 2015 @ 1:18pm

          Re: Re: Re:

          You know, if i had read that constitutional quote 10 years ago, i probably would'nt have had an iota of a clue as to what it meant, a vague understanding, sure...... now, thanks to the real word examples of rights being violated, im starting to understand alot more then i originally thought i understood,

          Maybe thats what this is all about, a global conspiracy to violate our rights in order to make us understand intellectually our natural rights...........oh god, im sorry, i did try to keep a straight face while saying that...........well, they are teaching alot of folks to intellectually understand our/their natural rights, but i seriously doubt their happy about that fact

          reply to this | link to this | view in chronology ]

        • icon
          Padpaw (profile), 25 Feb 2015 @ 12:36pm

          Re: Re: Re:

          they just ignore it, or say it doesn't apply when they say so.

          Why would an openly corrupt government care for laws when its clear most of their citizens are apathetic to their government breaking said laws

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:24pm

    It's so simple

    if (guy = good){
    key.golden.letIn(True)
    else
    key.golden.letIn(False)
    }

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 12:44pm

      Re: It's so simple

      Wait........did you just hack me...........why i oughta

      :]

      reply to this | link to this | view in chronology ]

    • identicon
      David, 24 Feb 2015 @ 1:00pm

      Re: It's so simple

      I think you want == here instead of =. Or was that backdoor intentional?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 1:30pm

      Re: It's so simple

      (guy == good)

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Feb 2015 @ 1:42pm

        Re: Re: It's so simple

        I'm pretty sure the single '=' is the punchline. I am, however, strangely disturbed by the placement of the curly braces.

        reply to this | link to this | view in chronology ]

        • identicon
          PRMan, 24 Feb 2015 @ 4:18pm

          Re: Re: Re: It's so simple

          I was more upset that he didn't just write:

          key.golden.letIn(guy == good);

          I mean, why even have boolean variables if you aren't going to use them properly?

          reply to this | link to this | view in chronology ]

    • identicon
      Edgar Allen, 24 Feb 2015 @ 3:47pm

      Re: It's so simple

      Now show us how to handle the case where SOME good becomes BAD.

      The bad countries have techs of their own, undoubtably working on universal decryptors for their own government.

      Does our magic decryptor also have to be able decrypt their stuff ?

      Why doesn't somebody ask this fool what it is going to take for the NSA to let us have the perpetual motion machines that the NSA is holding back ?

      reply to this | link to this | view in chronology ]

    • identicon
      Zonker, 24 Feb 2015 @ 3:49pm

      Re: It's so simple

      I tested this algorithm with a lot of "bad" guys and not only does it always return "True", it also turned every "bad" guy "good". Bug or feature?

      reply to this | link to this | view in chronology ]

    • icon
      Josh in CharlotteNC (profile), 24 Feb 2015 @ 8:19pm

      Re: It's so simple

      The government redefines every other word. Why should 'good' be any different?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:24pm

    You don’t want the FBI and you don’t want the NSA unilaterally deciding what” is permissible, Mr. Rogers said."

    But that seems to be EXACTLY whats ALREADY happened, and seems to continually be the case..........you decide, and someone who has pittifull knowledge on the subject or/and a poor understanding of rights, rubber stamps it..........it looks like a purposfull circumvention, a way to get around, what you already seem to know, would be opposition to the things you do, keeping it secret the way you did was a very very very bad thing for everyone, the disclosures were a bad thing for you, good for us, bad for you........now were all left standing here wondering just how far did you go through this period that you managed to stay under the radar........

    Less not forget, you're STILL keeping your secrets

    If secrets were a pin hole in a water trust baloon, how do you expect to RAISE trust, if you continue to pucture the damn baloon

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 1:53pm

      Re:

      If secrets were a pin hole in a water trust baloon, how do you expect to RAISE trust, if you continue to pucture the damn baloon


      Freeze the water first.

      reply to this | link to this | view in chronology ]

  • identicon
    JD, 24 Feb 2015 @ 12:25pm

    It's the second step that's the problem...

    Step 1: Government tells technology company that because [X], they need to hand over encrypted data belonging to a customer. We'll call this the legal step.

    Step 2: Company decrypts data belonging to customer, gives it to government. We'll call this the technical step.

    The NSA and Obama keep focusing on Step 1, saying "This is safe because [X] will only happen in tightly controlled legal situations."*

    The problem is in Step 2; once the company has gotten the green light to hand over the data, it has to have the ability to decrypt it no matter what steps the user has taken to keep it encrypted.

    AND THAT'S THE CATCH.

    Once the technical step is in place which allows a company to override the user's encryption, that means that (a) other countries can create their own legal step to compel the technical step to happen, and (b) the user loses the technical ability to keep their data secure.

    This means that there will be attacks on both the legal and technical steps, and eventually both will be impotent defenses.

    * This is almost certainly a lie.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 12:55pm

      Re: It's the second step that's the problem...

      Its also having the, what im sure is an intentional "side affect", of public normalizing the fact that companies should be ADDING this in their software/hardware

      If i were a corporation, the message i'd be getting from the government is, that i WONT be penalised for violition of privacy or security, when infact, that is EXACTLY the message our governments SHOULD be sending...........so much possible damage from that alone.......what programs are being written for those purposes today because corporations have been given the proverbial green light........how many off those programs will flourish and perservere in the future with bad intentions, maybe so incorperated into their program by then that they couldnt take it out without MASSIVE changes to said program, perhaps enough to make most folks try to avoid the path that fixes the problem.......does that make sense

      reply to this | link to this | view in chronology ]

    • icon
      Richard (profile), 24 Feb 2015 @ 1:37pm

      Re: It's the second step that's the problem...

      Once the technical step is in place which allows a company to override the user's encryption, that means that (a) other countries can create their own legal step to compel the technical step to happen, and (b) the user loses the technical ability to keep their data secure.

      Actually b) is: any smart hacker in the world can take the technical step without the authority of a government.

      It is hard enough to create a secure system when you don't put such a "technical step" into the mix.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 24 Feb 2015 @ 1:59pm

        Re: Re: It's the second step that's the problem...

        This is perhaps the most nefarious thing. If backdoors are built into the crypto used by phones and such, then privacy-minded people and criminals will simply use their own crypto (many, if not most, already do). The feds gain nothing in terms of their stated goals, but gain a lot of ability to spy on the innocent and naive.

        The next step would be to outlaw encryption by anybody unless it has a backdoor. At that point, we're fighting the original crypto wars all over again. The bright side is that we won that one.

        reply to this | link to this | view in chronology ]

    • identicon
      Edgar Allen, 24 Feb 2015 @ 4:00pm

      Re: It's the second step that's the problem...

      Assuming that Facebook has the keys to all their customers' data, what keeps each of us from using Yahoo encryption on the data before we give it to Facebook ?

      Good luck guessing which company I chose for inside Yahoo encryption.

      Somebody needs to explain a book cipher to this and every other dummy talking like this and then point out how difficult finding the RIGHT book is.

      No magic book will ever exist to decrypt that message. Only the original book.

      Then tell them that good encryption is like that, always, no magic, ever !

      reply to this | link to this | view in chronology ]

      • identicon
        Edgar Allen, 24 Feb 2015 @ 4:19pm

        Re: Re: It's the second step that's the problem...

        Or why don't I just use a book cipher inside Facebook and Yahoo ?

        Good luck knowing if they are even the same book.

        reply to this | link to this | view in chronology ]

  • identicon
    Ambrellite, 24 Feb 2015 @ 12:28pm

    I'm sure Rogers knows full well that a secure backdoor is impossible. That's why he can think of no way to make it a reality that doesn't start with a law forcing backdoors to exist (and then, presumably, blaming the inevitable disasters that result on unforeseeable increases in Terrorist capabilities).

    I'm sure they believe whole-heartedly that opening up vulnerabilities will give them a new battleground to catch the bad guys, but the rest of us can see that NSA has become dependent on perpetuating the threats it's supposed to be mitigating, and they don't even realize how dangerous they've become.

    reply to this | link to this | view in chronology ]

    • identicon
      Gene Poole, 24 Feb 2015 @ 3:09pm

      Re:

      Wait...I'm running my brain through this.

      So...

      - they make it law that any encryption has to have backdoors in it.

      - The public, not trusting backdoored encryption, make an open source encryption technology that does not have a backdoor; this is technically possible because math is not flawed and anyone can do maths. This technology is open source and so therefore clear to see if it's been compromised, numerous experts can advise if it's been backdoored, and roll back the the most recent secure version.

      - this technological creation is, because of the recent law, illegal.

      But wait!

      - Bernstein v. United States has set precedent that (a) certain types of math cannot be made illegal just because they're useful for things, it's math. and (b) encryption protocols are a form of free speech. making it illegal would kinda be prior restraint.

      Well I don't see how making backdoors mandatory can be constitutional, in that framework. And even if it's put through, the industry can go ahead and just make their own standard that's not backdoored, defeating the entire object. *


      * I may be wrong. That's certainly conceivable.

      reply to this | link to this | view in chronology ]

      • icon
        Padpaw (profile), 25 Feb 2015 @ 12:40pm

        Re: Re:

        the current things that make an American citizen a "possible domestic terrorist" would have 90% of the population arrested as terrorists if they followed through on it.

        You need to stop viewing this government as one that cares for the constitution or the laws they create themselves.

        They act as if the laws do not apply to them. That if they decide someone has no constitutional rights, then they treat them as if they have no constitutional rights.

        Your constitution only protects you if the people in charge of your country upholds it. It is currently toilet paper in the eyes of those entrusted to pass judgment.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Feb 2015 @ 3:19pm

        Re: Re:

        Maybe what we really need are recommendations from the security community that would legalize whatever math is required to make a backdoor actually work. It doesn't need to make perfect logical sense, it just needs to be something any security pro can agree with so they can trot it out and stonewall security agencies the same way they do everyone else.

        "You want a backdoor for our security program? Sure, but first we need a legal framework requiring 1+1=5. Enforcing it is YOUR problem, not OURS. Have a nice day!"

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:28pm

    It's sort of amazing how this is Yahoo! who are defending privacy on a amass scale.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:32pm

    We have this already - see Komodia/Superfish

    no problems there, right?

    reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 24 Feb 2015 @ 12:35pm

    Step 1: Create an encryption system with no backdoor.
    Step 2: Wait for the NSA to show up.
    Step 3: When NSA show up requesting a backdoor, charge $1 million to rewrite the code.
    Step 4: Finish code, then close up shop.
    Step 5: Think of a new name for your new encryption company, Profit!
    Step 6: Goto step 1.

    reply to this | link to this | view in chronology ]

  • icon
    johnjac (profile), 24 Feb 2015 @ 12:44pm

    What's good for the goose:

    Let's try an empathy exercise with the NSA director:
    Would he be comfortable the NSA using an encryption method that allowed Congress to hold keys they promise will only be use legally?

    If not, why not?

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 24 Feb 2015 @ 12:45pm

    At least two things are explained

    Mike Rogers said:

    So “backdoor” is not the context I would use. When I hear the phrase “backdoor,” I think, “well, this is kind of shady. Why would you want to go in the backdoor?


    This shines a very bright light on two things for me. First, it explains that weird statement a while back that the government doesn't want a back door, it wants a golden key to the front door. This reply makes it clear that "back door" doesn't play well in the focus groups, which is why they want everyone to stop using a well-defined, well-established term of the art no matter how correct it is. Here's a free hint, MR: "back door" is not actually a pejorative.

    Second, this comment makes it clear that either the director of the NSA is unfamiliar with the jargon of a field that is perhaps the very core of his agency, or he's willing to look like he doesn't know what he's talking about in an effort to fool the American people.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 1:08pm

      Re: At least two things are explained

      or he's willing to look like he doesn't know what he's talking about in an effort to fool the American people.

      If that's the case, then there's one tech term he's familiar with, though it's pretty widely known.

      Trojan Horse.

      reply to this | link to this | view in chronology ]

    • identicon
      Edgar Allen, 24 Feb 2015 @ 4:07pm

      Re: At least two things are explained

      I have no doubt that he is truly ignorant.

      That he thinks he can convince OTHER PEOPLE to be ignorant with him also reveals that he is stupid as well.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:48pm

    He's 'optimistic' that we can work through this...

    reply to this | link to this | view in chronology ]

  • identicon
    David, 24 Feb 2015 @ 12:50pm

    Weaseling slimebag

    Paraphrased: "I am not answering your questions, but America is great because we are having this dialog."

    Or the short version: "Fuck you. Because we can."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 12:52pm

    So let's look at this using an analogy

    It's not a perfect analogy, but I think it's fairly accurate. Surely someone has brought up this point before this post!

    Let's pretend that encryption works just like a lock on a door, briefcase, safe, etc.
    The private decryption key would be either a physical key (traditional tumbler or some kind of electronic fob) or some shared code (combination lock).

    I've seen door locks that can use 2 different keys; one is a 'master' that can access other doors, the other is just for that door (or some set of doors).
    I'm guessing there's something similar for some combination based locks, but I'm not specifically aware of any.

    If law enforcement thinks it's such a problem to be 'locked out' from accessing something protected, why do we even have physical locks that do not have some sort of 'master'?

    The first thing that pops in my mind: you can use 'brute force' to gain access to something protected by a physical lock, whereas it's not usually feasible to 'brute force' opening an encrypted file.

    My fear is that once law enforcement is able to enforce some sort of 'master' key on encryption, something similar for physical locks will follow shortly after.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Feb 2015 @ 1:09pm

      Re: So let's look at this using an analogy

      "I'm guessing there's something similar for some combination based locks"

      Yes, there are combination locks that accept multiple combinations.

      "My fear is that once law enforcement is able to enforce some sort of 'master' key on encryption, something similar for physical locks will follow shortly after."

      I'm not "comfortable" with either kind of back door, so forgive my wording here but I'm sure you understand: I would actually be much more comfortable with a government-held master key on all physical locks than I would be with the same thing when it comes to crypto.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Feb 2015 @ 1:29pm

        Re: Re: So let's look at this using an analogy

        The government agency known as the TSA already has a master key for all luggage locks and we see how secure our items are as they pass through safety inspection right to the agent's home or fence.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Feb 2015 @ 1:53pm

        Re: Re: So let's look at this using an analogy

        If they need to access the contents of some locked container, with a warrant, they hire a locksmith.

        If they need to access the decrypted contents of an encrypted transmission, with a warrant, they hire a cryptologist.

        Why is there a need for some new law, do they need to hire two cryptologists?

        reply to this | link to this | view in chronology ]

        • identicon
          Edgar Allen, 24 Feb 2015 @ 4:13pm

          Re: Re: Re: So let's look at this using an analogy

          Because all the cryptologists' are telling him that they don't know any master combination and he is convinced that they are either lying or less knowlegable
          than they pretend.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Feb 2015 @ 12:14pm

        Re: Re: So let's look at this using an analogy

        They don't need a master key for physical locks. They can simply brute force them, as they are wont to do.

        They are freaking out that if public cryptography develops a little more (not in small part thanks to their efforts to undermine privacy) they won't be able to get access to anything they want anymore.

        Corporations are now planning on making it so even if they government comes, secret subpoena in hand, all they can walk away with is serialized bins of encrypted data nobody has a key for, and you can't take bolt clippers to for obvious reasons.

        This is pretty close to an existential crisis for those used to being able to control literally everything by simply shouting loud enough and failing that, violence.

        reply to this | link to this | view in chronology ]

  • identicon
    Inigo Montoya, 24 Feb 2015 @ 12:59pm

    Blah blah blah 'legal framework' blah.

    You keep using that phrase. I do not think it means what you think it means.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 1:09pm

    MR: I said I think we can work through this.

    Translation: I have no idea. There is no answer. I don't know. I don't care about facts and such. I want it now. Just gimmi, gimmi, gimmi.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2015 @ 1:29pm

      Re:

      Wing it

      Lets just go ahead full steam and let fate decide if were making the most monumental mistake ever

      I can imagine this being the same sentiment when nukes were born

      Just because you can do it...........

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 1:42pm

    Computers and computer language are entirely logical. You input a variable, it calculated the variable and returns a result.
    But these politicians keep trying to demand a morality, something that is entirely a human concept that is impossible to program in a literal and logical language. Because what is moral to one person may not be to another, it cannot be translated to code.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 1:45pm

    Lies, Lies and more Lies

    “If these are the paths that criminals, foreign actors, terrorist are going to use to communicate, how do we access that?”

    Hey moron, weapons can be used for good or evil

    Keep your hands of the cryptography that protects my information from falling into the hands of criminals, foreign actors, terrorists and the US government.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 1:50pm

    Fine, we can speak MR's language...

    If we were to implement a framework that will allow authorized individuals to access encrypted data in approved situations, how to we prevent: unauthorized individuals from using the framework to access encrypted data, and authorized individuals from using the framework to access encrypted data in non-approved situations?

    reply to this | link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 24 Feb 2015 @ 1:52pm

    Why?

    This is why we don't want to leave the foxes in charge of the hen house... Hmmm... Tasty!

    reply to this | link to this | view in chronology ]

  • identicon
    Lord Binky, 24 Feb 2015 @ 2:04pm

    “If these are the paths that criminals, foreign actors, terrorist are going to use to communicate, how do we access that?”

    Why is it you HAVE to have access to the communications en route or in storage? I can see why it is a nice to have. I don't see why it is a must have. Apparently they lost all ability to properly identify and spy on criminals, foreign actors, and terrorists without looking at the communication between them. Makes you wonder why we don't just give Google or Microsoft a golden key and contract them to do the intelligence work, and fire all these guys.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 2:10pm

    “If these are the paths that criminals, foreign actors, terrorist are going to use to communicate, how do we access that?”
    "Criminals"? The NSA's mandate is foreign national security threats, and the agency is not authorized to handle criminal matters. I am surprised the directory of the NSA admits his true intentions so easily.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 2:13pm

    “If these are the paths that criminals, foreign actors, terrorist are going to use to communicate, how do we access that?” he asked, citing the need for a “formalized process” to break through encrypted technology.
    You do it the old-fashioned way, via brute-force key guessing. Or if you're feeling exotic, side-channel attacks like acoustic cryptanalysis.

    reply to this | link to this | view in chronology ]

    • identicon
      Lord Binky, 24 Feb 2015 @ 2:44pm

      Re:

      Why not simply hack the systems the messages are being transmitted from and to instead of undermine everyone's security? Maybe even do it the old fashioned way by bugging or surveillance being done on the actors directly? They are focusing on the most detrimental option for everyone that just so happens to have the smallest return on actual security.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 25 Feb 2015 @ 4:38am

        Re: Re:

        Maybe even do it the old fashioned way by bugging or surveillance being done on the actors directly?

        That would require reasonable suspicion in advance. If one had that, one could just get a warrant. However, that would not help with getting blackmail material on politicians, figuring out the sources of journalists, and doing reasonably fail-safe parallel construction.

        Would you want the Fourth Amendment to win over the good guys?

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 2:25pm

    The answer is no. NO NSA you get nothing and you deserve less than you already have.

    Not only no! but we are going to go in the opposite direction. We are going to build more secure encryption than the world has ever seen before into everything. People and companies are going to be shamed for tracking, shamed for crappy security, shamed for exploits. We are going to change this whole dynamic. Whoever actually works at the NSA talk to your higher ups and tell them how crazy they are being if you have any balls at all.

    We still haven't finished talking about all the massively illegal stuff they have done over the last 10 years. If they think they are getting backdoors given to them they are in la la land. Go F yourselves.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 24 Feb 2015 @ 2:26pm

    Terminology Note

    Please do not say "secure" golden keys.

    Let's call them what they are: secure insecurities.

    A government style oxymoron if I ever heard one.

    Rationale:
    Golden Keys == Back Doors
    Back Doors == Insecure
    Secure Golden Keys == Secure Insecurities

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2015 @ 2:46pm

    NSA/FBI wants a back door to my PJ's

    so I can moon them.

    reply to this | link to this | view in chronology ]

  • identicon
    Zonker, 24 Feb 2015 @ 4:06pm

    Sure Rogers, as soon as you finally implement our golden key to know all there is to know about NSA operations in our name.

    Don't worry, we have a legal framework for that: the Freedom of Information Act and the Whistleblower Protection Enhancement Act.

    reply to this | link to this | view in chronology ]

  • identicon
    Hans, 24 Feb 2015 @ 6:36pm

    It's all legal

    I couldn't understand why he kept wanting a legal framework when he also said everything they do is perfectly legal.

    reply to this | link to this | view in chronology ]

  • identicon
    FUCK YOU BIG BROTHER, 25 Feb 2015 @ 12:25am

    The people with real power over our capitalist society are the ones pushing for backdoors. Terrorism, child porn and "piracy" are excuses to control the Internet and our lives.

    reply to this | link to this | view in chronology ]

  • identicon
    Yes, I know I'm commenting anonymously, 25 Feb 2015 @ 4:19am

    Is it me, or is it yesterdays' battle that he is still fighting? (the legality of the mass surveillance program)

    reply to this | link to this | view in chronology ]

  • identicon
    psiuuuuuuu, 25 Feb 2015 @ 6:37am

    NSA Director Palpatine

    "I will make it...a legal framework."

    http://i.imgur.com/JUZ6TfW.jpg

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 25 Feb 2015 @ 10:09am

    They do seem to be fixated on legality.

    Whether it's our representatives or our agency managers or even the pro-dystopia schlub on the street, and whether we're talking about torture, or mass surveillance or mandated backdoors or the ability to convict and imprison a fellow just because we wanna (by selectively invoking laws of which almost everyone is guilty)...

    ...they keep on saying it's perfectly legal not addressing points of whether or not it's ethical or technically problematic or is prone to have severe consequences or violates the rights of ordinary citizens.

    Why do they think that legality trumps all these other issues, or makes them irrelevant?

    And while we're here, even Jon Stewart pointed out, regarding legality maybe they shouldn't be. We've an entire history of dubious legalities. Why can they not see this? Is it intellectual dishonesty, or moral incompetence?

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 25 Feb 2015 @ 3:30pm

      Re: They do seem to be fixated on legality.

      Why do they think that legality trumps all these other issues, or makes them irrelevant?

      Because they have the power to change the laws, either openly or via 'classified interpretations', so if the only way to judge whether or not something is acceptable is whether or not it's legal, then they can pretty much do anything they want.

      reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 25 Feb 2015 @ 12:31pm

    its always about combatting child pornography. Yet for whatever reasons they always protect those pedophiles in their ranks.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 25 Feb 2015 @ 2:26pm

      As someone who follows some children's welfare interests

      I've noticed that that our society in general, and police specifically, are interested in busting people they can label as pedophiles or pornographers, but these institutions have statistically little interest in curbing child sexual abuse, tracing and intercepting child trafficking or prostitution rackets.

      Our law enforcement and department of justice wants to imprison you for looking at a picture of a naked child, and maybe intercept the distribution of pictures, but couldn't care less about the welfare of the child in question, or about halting production of further pictures. Or halting vectors by which children are captured and indoctrinated into the black-market sex industries.

      Incidentally, child sex slaves average a service life-span of seven years. That's around seven years after they are captured and broken in. Most, by far, die as slaves, and their masters are rarely discovered or face justice.

      For the children.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Feb 2015 @ 6:04pm

    [sarcasm on]

    Well, you all know the real cause of Child Pornography.

    And even though nobody wants to admit it, it is quite obvious.

    We must destroy all of the Cameras!
    Both still and motion!!
    For the Children!!

    For it was the birth of the Camera, that spawned the birth of Child Pornography and only when the Cameras are all destroyed and legislation is enacted making the manufacture or use of such demon devices illegal and punishable by death, will this dastardly deviance be eliminated.

    [sarcasm off]

    reply to this | link to this | view in chronology ]

  • icon
    GEMont (profile), 26 Feb 2015 @ 6:09pm

    Fascist Dictionary

    Framework
    =========
    A PR word for secret interpretation.

    Legal Framework
    ===============
    A PR term for a secret interpretation of a law.

    ---

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2015 @ 10:20am

    I like how Yahoo's chief security officer Alex Stamos, asked Mike Rogers what happens once China, Russia, and Iran start mandating backdoors/frontdoors into their products and services too. Apparently Mike Rogers didn't have a response to that obvious question. Except to say a "Framework" would need to be built. Whatever that's supposed to mean.

    reply to this | link to this | view in chronology ]

  • icon
    sophie (profile), 3 Apr 2016 @ 12:05pm

    The TELECOMS and the ATTORNEYS are the REAL TRAITORS, as well as the Senators and other politicians who support the fraudlent/immoral "government" contractors.

    Shame on the perpetuation of evil, greedy agendae, and the destruction of innocent lives and livelihoods by "security" cons and deceit.

    Traitors selling out our country to inside and outside traitors and criminals are a disgrace to the very foundations of our nation and the US Constitution.

    reply to this | link to this | view in chronology ]

  • icon
    sophie (profile), 3 Apr 2016 @ 12:10pm

    The "Bottom" Line

    This is what happens when over-sexed, morally challenged perverts attain positions of power.

    They certainly have reached a new "Low."

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.