Hillary Clinton Wants A 'Manhattan Project' For Encryption... But Not A Back Door. That Makes No Sense

from the politics-is-dumb dept

In the Democratic Presidential debate on Saturday night, Hillary Clinton followed up on her recent nonsensical arguments about why Silicon Valley has to "solve" the problem of encryption. As we've noted, it was pretty clear that she didn't fully understand the issue, and that was even more evident with her comments on Saturday night.

Here's what's clear: she's trying to do the old politician's trick of attempting to appease everyone with vague ideas that allow her to tap dance around the facts.

First, she proposed a "Manhattan-like project" to create more cooperation between tech companies and the government in fighting terrorism. The Manhattan Project was the project during World War II where a bunch of scientists were sent out to the desert to build an atomic bomb. But they had a specific goal of "build this." Here, the goal is much more vague and totally meaningless: have tech and government work together to stop bad people. How do you even do that? The only suggestion that has been made so far -- and the language around which Clinton has been echoing -- has been to undermine encryption with backdoors.

However, since that resulted in a (quite reasonable) backlash from basically anyone who knows anything about computer security, we get the second statement from Clinton that she doesn't want backdoors.
"Maybe the back door isn't the right door, and I understand what Apple and others are saying about that. I just think there's got to be a way, and I would hope that our tech companies would work with government to figure that out."
No, she clearly does not understand what Apple and others are saying about that. Just a week or so ago, she insisted that Apple's complaint about it was that it might lead to the government invading users' privacy, but that's only a part of the concern. The real concern is that backdooring encryption means that everyone is more exposed to everyone, including malicious hackers. You create a backdoor and you open up the ability for malicious hackers from everywhere else to get in.

So, she's trying to walk this ridiculously stupid line in trying to appease everyone. She wants the security/intelligence officials to hear "Oh, I'll get Silicon Valley to deal with the 'going dark' thing you're so scared of," and she wants the tech world to hear "Backdoors aren't the answer." But, that leaves a giant "HUH?!?" in the middle.

It seems to come down to this: None of the candidates for president appear to have the slightest clue how encryption or computer security work and that allows them to make statements like this that are totally nonsensical, while believing that they make sense.

The issue, again, is that what they're really asking for is "Can you make a technology where only 'good' people can use it safely, and everyone else cannot?" And the answer to that question is to point out how absolutely astoundingly stupid the question is. Because there's no way to objectively determine who is "good" and who is "bad," and thus the only possible response is to create code that really thinks everyone is "bad." And to do that, you have to completely undermine basic security practices..

So this whole idea of "if we just throw smart people in a room, they'll figure it out" is wrong. It's starting from the wrong premise that there's some sort of magic formula for "good people" and "bad people." And without understanding that basic fact, the policy proposals being tossed out are nothing short of ridiculous.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 21 Dec 2015 @ 5:20am

    However, since that resulted in a (quite reasonable) backlash from basically anyone who knows anything about computer security, we get the second statement from Clinton that she doesn't want backdoors.

    Not quite. She still wants broken encryption, she just wants to call it something else.

    "Maybe the back door isn't the right door, and I understand what Apple and others are saying about that. I just think there's got to be a way, and I would hope that our tech companies would work with government to figure that out."

    That's not 'backdoors in encryption are bad', that's 'holes in encryption are good, but because of the backlash I'll ask for them by another name'.

    It seems to come down to this: None of the candidates for president appear to have the slightest clue how encryption or computer security work and that allows them to make statements like this that are totally nonsensical, while believing that they make sense.

    As I've noted before, and will continue to note: She and others who make the same claims absolutely do know that they're asking for the impossible, they simply don't care.

    The only way they might not know is if they've intentionally kept themselves willfully ignorant on the subject, and that's not any better.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 7:20am

      Re:

      OIC, so because asshole hackers exist, law enforcement shouldn't be able to tap into internet communications?

      Sorry, no.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 21 Dec 2015 @ 7:26am

        Re: Re:

        Some? I guarantee you that there are vastly more criminals that would use security holes for their own gain, at the cost of the public, than there are criminals that are currently hiding behind encryption that the police and/or government can't catch as a result.

        Crippling encryption to catch criminals is like chopping off someone's arm to deal with a paper-cut. The proposed 'solution' is massively more damaging than the 'problem'.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Dec 2015 @ 7:33am

          Re: Re: Re:

          'Some' what? The word 'some' isn't in my post. You magically projected it there.

          The internet has never been a secure space, due to asshole hackers. And it never will be. Ever. Anyone that uses it for things they want kept private is a moron.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Dec 2015 @ 7:49am

            Re: Re: Re: Re:

            Ahh, so some government backdooring VPNs on Juniper ScreenOS devices is perfectly okay? (link) Perhps your bank is using Juniper firewalls to communicate between branch offices as per SOX guidelines and now your account is compromised by anyone with knowledge of that hack. I'm sure they will admit to putting the backdoor in place and bankrupting you...

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Anonymous Coward, 21 Dec 2015 @ 7:51am

            Re: Re: Re: Re:

            Um, where do you bank?

            reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 21 Dec 2015 @ 8:12am

            Re: Re: Re: Re:

            Hmm, so it isn't, not sure how I got turned around into thinking that it is.

            However, the core point stands, adding built in security vulnerabilities to deal with a minuscule problem is a colossally foolish and counter-productive idea. The number of criminals that evade the police and/or government via encryption are tiny in comparison to the number of crimes prevented by encryption. Better security is always going to be a good thing for the public, and if it makes the jobs of the police and government more difficult than they want it to be, tough.

            reply to this | link to this | view in chronology ]

          • icon
            PaulT (profile), 22 Dec 2015 @ 5:01am

            Re: Re: Re: Re:

            "Anyone that uses it for things they want kept private is a moron."

            That, by the way, would be you.

            Oh, you might not mean to, and you probably don't even know that's what you're doing. But, even if you don't personally use the internet for anything other than posting anonymous comments on forums, the places you bank, shop, work and deal with in any way almost certainly uses some form of encryption over the internet. Huge amounts of modern business is only possible because of online encryption, and very few of those businesses are doing so on their own private dedicated connections.

            Which is part of the reason why this is such a big issue. Even if you've never used a VPN, SSH shell or SSL login in your life, your safety will be compromised.

            reply to this | link to this | view in chronology ]

      • identicon
        Ryunosuke, 21 Dec 2015 @ 7:28am

        so uhh....

        aside from obvious LEO shill being obvious, How pray tell, do you even let one specific group of people into communications without letting everyone ELSE into said communications if they have the knowledge and capabilities?

        how about mass wire-tapping?

        how about mass mail/package searches?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Dec 2015 @ 7:35am

          Re: so uhh....

          Law enforcement is already allowed to tap phones and search mail/packages.

          Care to try again?

          reply to this | link to this | view in chronology ]

          • identicon
            Ryunosuke, 21 Dec 2015 @ 7:47am

            Re: Re: so uhh....

            Meant unwarranted, unlimited, unrestricted access with NO oversight.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Dec 2015 @ 7:55am

            Re: Re: so uhh....

            And they can continue to tap encrypted communications. Breaking the encryption is their problem, though, so I'm not sure the point you're trying to make.

            Care to try again?

            reply to this | link to this | view in chronology ]

          • icon
            PaulT (profile), 22 Dec 2015 @ 5:04am

            Re: Re: so uhh....

            "Law enforcement is already allowed to tap phones and search mail/packages."

            Yet, they manage to do so without demanding backdoors that would allow others to listen to phone calls and intercept mail from people they are not currently investigating.

            Do you see the difference? They're not merely asking for the ability to listen to phone calls, they're asking for every phone to do this automatically for anyone who asks.

            reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Dec 2015 @ 7:48am

        Re: Re:

        >so because asshole hackers exist, law enforcement shouldn't be able to tap into internet communications?

        According to you, law enforcement already can tap into Internet communications, by means of using "asshole hackers".

        I am glad that you are in agreement that further weakening security, to increase the number of asshole hackers, is unnecessary.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Dec 2015 @ 7:53am

        Re: Re:

        Sure - they can tap into whatever they want. If it's encrypted, and they can't decrypt it, tough shit.

        Sorry - if you don't understand the technology, you shouldn't be making half-baked statements like that. It makes you sound just as out of touch as Hillary.

        reply to this | link to this | view in chronology ]

      • identicon
        Klaus, 21 Dec 2015 @ 8:34am

        Re: Re:

        "law enforcement shouldn't be able to tap into internet communications?"

        Not directly, no. There needs to be a judge and a comms carrier in the way.

        police => judge => warrant => carrier

        reply to this | link to this | view in chronology ]

        • icon
          Mat (profile), 21 Dec 2015 @ 10:32am

          Re: Re: Re:

          The problem: Even with that line of protections, if the communication is end to end encrypted (SSL/TLS for instance), all you get is scrambled nonsense. If a third party can defeat the encryption in anything resembling real time (what is being asked for), then the encryption isn't worth being used as someone else will figure out the same breakhole. Because encryption isn't magic, it's math. And you can't make a reversible math algorithm that only works for one group.

          reply to this | link to this | view in chronology ]

          • identicon
            Klaus, 22 Dec 2015 @ 4:57pm

            Re: Re: Re: Re:

            I understand that Mat and agree 100%.

            I was talking purely about procedure. I think someone else posted before I did along the lines of "if law enforcement gets crud, then hard-cheese". And I agree with that 100%.

            reply to this | link to this | view in chronology ]

    • identicon
      Ryunosuke, 21 Dec 2015 @ 7:24am

      Re:

      You would think, that with the email scandal, and working with the FUCKING STATE DEPT. that Clinton would have been the MOST qualified person to talk about electronic encryption?!?!?!


      I suspect money is involved...

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 9:38am

      Re: Politicians and absolutes

      Politicians are negotiators. To a negotiator "impossible" is not usually an absolute; instead meaning "long and costly solution" ergo "a Manhattan Project".
      There is no bargaining stance that they can assume for or against the absolute of encryption where they leave the table with a win. They can only mitigate eventual failure through the strategies we keep seeing; keep rephrasing the problem, "we did everything we could"; transfer the failure, "if only those smart people at the tech companies would try harder" and "it's not my fault - they didn't try hard enough".

      reply to this | link to this | view in chronology ]

    • identicon
      Joem5636, 21 Dec 2015 @ 10:42am

      Re:

      Legislating a back door is equivalent to legislating that 2X2=5. Crypto IS math and unless you can change math, forget trying to stop it.

      reply to this | link to this | view in chronology ]

    • identicon
      None, 21 Dec 2015 @ 11:31am

      Re:

      She's asking for a side door, with a sign that says Government only :)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:00am

    There already is an Encryption Manhattan project

    It's called the NSA.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 7:05am

      Re: There already is an Encryption Manhattan project

      They have been found out though, we need a new secret agency that is even LESS known by citizens, more corrupt, and even less beholden to anything other than a rubber stamping machine!

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Dec 2015 @ 7:14am

        Re: Re: There already is an Encryption Manhattan project

        If that existed, we wouldn't know about it. So who's to say it doesn't already?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Dec 2015 @ 9:31am

          Re: Re: Re: There already is an Encryption Manhattan project

          If any "state sponsored organisation" do operate completely rogue, it would most likely exist under the US national security complex and likely in conjunction with NSA. The effects from such a digital organisation would be indistinguishable from hackers/NSA. Thus, the relevance of knowing it would be limited.

          reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 21 Dec 2015 @ 7:02am

    Here's what's clear: she's trying to do the old politician's trick of attempting to appease everyone with vague ideas that allow her to tap dance around the facts.

    That's exactly what you do when it comes to talking about whether we should have copyright, Mike! HILARIOUS!!!!

    reply to this | link to this | view in chronology ]

  • icon
    wereisjessicahyde (profile), 21 Dec 2015 @ 7:02am

    Has she hired Frank Winter?

    reply to this | link to this | view in chronology ]

  • icon
    wereisjessicahyde (profile), 21 Dec 2015 @ 7:05am

    She also said..

    "I don’t know enough about the technology to say what it is," Really she did. Says it all really. She should shut the fuck up then.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:05am

    hey, while the lady's sharpies are convened, could they do something about us having short days in the winter and long days in the summer? much better to even them out, and if her sharpies can solve her request, that daylight problem should be a breather for them.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:06am

    Bob Dylan's reply

    Front door's shut
    Back door too
    Blind's pulled down
    What you gonna do

    reply to this | link to this | view in chronology ]

    • icon
      JoeCool (profile), 21 Dec 2015 @ 11:23am

      Re: Bob Dylan's reply

      They'll pass a law that mandates the shades be capable of being raised from the outside by law enforcement. Of course, only the "good guys" will have that ability, so no need to worry about perverts trying to peek in the windows.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:12am

    Dear Hillary, the object of encryption is is keep a conversation private between the senders and recipients of messages; and if any other party has the means of reading those messages, the encryption system is broken. Giving governments the ability to read messages where they are not an intended recipient means that the encryption system is broken.
    You have just has a hissy fit over someone gaining access to information you thought was private, so why are you objecting to people wishing to keep their data private.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:12am

    I want a pony but I also want it to be a dog.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:16am

    For almost 100 years via a warrant, law enforcement has been able to tap telephones. And they should be able to do the same with internet communications.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 21 Dec 2015 @ 7:21am

      Re:

      And for even longer than that, people have been able to have private conversations outside of hearing of the police. Just because the police and government really want to be able to listen in on everything, doesn't mean they have the right to it.

      If, as could be argued to be the case, technology advances to the point where people are able to communicate over the phone with the same level of privacy that they would enjoy talking in-person at a private location, then too bad for those that want to listen in, the privacy and security of the public trumps the police and government's desire to spy.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Dec 2015 @ 7:28am

        Re: Re:

        "And for even longer than that, people have been able to have private conversations outside of hearing of the police."

        They still can.

        "technology advances to the point where people are able to communicate over the phone with the same level of privacy that they would enjoy talking in-person at a private location, then too bad for those that want to listen in"

        No. you wanting to break the law via technology doesn't usurp the government's obligation to protect me from you.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Dec 2015 @ 7:49am

          Re: Re: Re:

          No. you wanting to break the law via technology doesn't usurp the government's obligation to protect me from you.

          The government is not obligated to protect me from you.

          Just saying.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Dec 2015 @ 7:54am

            Re: Re: Re: Re:

            My tax dollars at the municipal, state and federal level are most certainly being paid to protect me from you.

            There are plenty of sources on the internet that can help explain how government works if you're having trouble understanding this concept.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 21 Dec 2015 @ 7:58am

              Re: Re: Re: Re: Re:

              My tax dollars at the municipal, state and federal level are most certainly being paid to protect me from you.

              Ahhh, the land of the free and the home of the chicken shit cowards like you. Ready to piss way freedom and make a police state because you're scared.

              Grow a set of balls, coward.

              reply to this | link to this | view in chronology ]

              • This comment has been flagged by the community. Click here to show it
                identicon
                Anonymous Coward, 21 Dec 2015 @ 8:04am

                Re: Re: Re: Re: Re: Re:

                Sorry you lost the debate, and blew a gasket. The truth is unpleasant for some people.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 21 Dec 2015 @ 8:07am

                  Re: Re: Re: Re: Re: Re: Re:

                  I find cowards like you unpleasant. They're a disgrace to all the men and women who bravely fought and are still fighting for this country.

                  Keep paying someone else to protect you because you don't have a working set of testicles. I'm sure they love your tax dollars.

                  reply to this | link to this | view in chronology ]

                  • This comment has been flagged by the community. Click here to show it
                    identicon
                    Anonymous Coward, 21 Dec 2015 @ 8:13am

                    Re: Re: Re: Re: Re: Re: Re: Re:

                    Yes, I'm sure for decades your whole family has been out in the streets protesting law enforcement having the right to tap phones. Don't forget to post some pics.

                    reply to this | link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 21 Dec 2015 @ 8:17am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re:

                      It's not like they still can't tap phones.

                      I don't feel the need to take that away from them. If they can't decipher the encryption, well, that's exactly their problem now, isn't it?

                      reply to this | link to this | view in chronology ]

                      • This comment has been flagged by the community. Click here to show it
                        identicon
                        Anonymous Coward, 21 Dec 2015 @ 8:22am

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                        I have no interest in the government not being able to do its job just so you can hide your torrenting habit. So I fully support them having complete access to internet communications when they have obtained legal authority to do so.

                        reply to this | link to this | view in chronology ]

                        • identicon
                          Anonymous Coward, 21 Dec 2015 @ 8:26am

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                          Well, then perhaps you can help them fix this problem - perhaps with more of your tax dollars.

                          reply to this | link to this | view in chronology ]

                          • identicon
                            Anonymous Coward, 21 Dec 2015 @ 8:55am

                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                            No need, they're doing that right now. It's just more delicate since it's an election year.

                            reply to this | link to this | view in chronology ]

                        • icon
                          That One Guy (profile), 21 Dec 2015 @ 8:29am

                          Enough strawmen to fill up a dozen fields.

                          I love how you continue to imply that the only possible reason someone could want privacy and security is to hide illegal actions.

                          While you're posting anonymously.

                          So then, what illegal activities are you hiding, hmm?

                          reply to this | link to this | view in chronology ]

                          • identicon
                            Anonymous Coward, 21 Dec 2015 @ 8:54am

                            Re: Enough strawmen to fill up a dozen fields.

                            Hmm, you're confused. It says 'Anonymous' because I'm not a member of this site. But the reality is that Mike knows exactly where I'm posting from and who I am.

                            The guy posting that he has no problem with wiretaps but says "no way" on encryption busting? Just like most everyone here, he just doesn't want to get busted for his torrenting addiction.

                            reply to this | link to this | view in chronology ]

                            • icon
                              Chronno S. Trigger (profile), 21 Dec 2015 @ 8:58am

                              Re: Re: Enough strawmen to fill up a dozen fields.

                              "he just doesn't want to get busted for his torrenting addiction."

                              Or, you know, have his bank accounts stolen or his work passwords stolen, or any number of other things backdoors in encryption will cause.

                              reply to this | link to this | view in chronology ]

                              • identicon
                                Anonymous Coward, 21 Dec 2015 @ 9:07am

                                Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                So you think Congress is going to listen to the demographic that is known for flouting laws?

                                Cant say I like the odds on that one.

                                reply to this | link to this | view in chronology ]

                                • icon
                                  Chronno S. Trigger (profile), 21 Dec 2015 @ 9:15am

                                  Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                  You have a bank account, right? You're an upstanding citizen (OK, I'm making an assumption there), so I'm sure you do. You are aware that if encryption is broken, you don't even have to be on the Internet to have your account information stolen? Banks use VPN encryption to transfer data between offices and other banks. Break encryption, that information is no longer secure. You suddenly find your account balance $0.

                                  Do you telecommute to work? Go to the doctor's office? Use a credit card? All of that stuff and far, far more rely on secure communication. Break that and everything you know falls apart around you.

                                  Constantly hiding under the "Copyright Infringement" banner just shows you have absolutely no idea of the horrors you're calling for.

                                  reply to this | link to this | view in chronology ]

                                • icon
                                  Gwiz (profile), 21 Dec 2015 @ 6:13pm

                                  Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                  So you think Congress is going to listen to the demographic that is known for flouting laws?


                                  Not sure what demographic you are referring to, but, it surely isn't the audence here at Techdirt:

                                  49% over the age of 35 (74% over age 25)
                                  61% earn over 50k/year
                                  72% college educated

                                  Source: https://www.quantcast.com/techdirt.com

                                  reply to this | link to this | view in chronology ]

                            • identicon
                              Anonymous Coward, 21 Dec 2015 @ 8:59am

                              Re: Re: Enough strawmen to fill up a dozen fields.

                              The government) can certainly try to break whatever encryption I may be running.

                              Given the number of people using it, and the processing power required to brute force it, I don't think it'll scale well, but again - please go for it!

                              I love it when stupid people try stupid things, fail, and then keep trying. It makes me smile.

                              reply to this | link to this | view in chronology ]

                            • identicon
                              Anonymous Coward, 21 Dec 2015 @ 9:02am

                              Re: Re: Enough strawmen to fill up a dozen fields.

                              "no way" on encryption busting

                              I never said that. Basically I'm saying "good luck trying."

                              They have your federal, state, and municipal tax dollars after all...should be pretty easy with that kind of fiscal muscle.

                              reply to this | link to this | view in chronology ]

                            • icon
                              That One Guy (profile), 21 Dec 2015 @ 9:09am

                              Re: Re: Enough strawmen to fill up a dozen fields.

                              Nonsense, you could easily comment using your real name, don't even need to create an account for that. And if the only reason someone could desire privacy is to hide criminal actions, as you have implied multiple times now, clearly you are trying to hide your criminal actions by refusing to provide your real name.

                              So come now, either back up you assertion that only criminals desire privacy by providing your real name, refuse to provide your real name, and in so doing admit that you're doing so to hide your criminal activity, or retract the claim, and continue to post anonymously.

                              reply to this | link to this | view in chronology ]

                              • identicon
                                Anonymous Coward, 21 Dec 2015 @ 9:15am

                                Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                "back up you assertion that only criminals desire privacy"

                                I'll post my name, address and phone number just as soon as you find this quote in one of my posts.

                                reply to this | link to this | view in chronology ]

                                • icon
                                  That One Guy (profile), 21 Dec 2015 @ 9:37am

                                  Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                  No. you wanting to break the law via technology doesn't usurp the government's obligation to protect me from you.

                                  ...

                                  I have no interest in the government not being able to do its job just so you can hide your torrenting habit.

                                  ...

                                  Just like most everyone here, he just doesn't want to get busted for his torrenting addiction.

                                  ...

                                  So you think Congress is going to listen to the demographic that is known for flouting laws?


                                  Now then, your personal information if you would. Or are you really going to claim that your multiple instances of responding to people objecting to broken encryption by insisting that they're doing so to hide illegal activity isn't an argument that the only people desiring strong encryption are criminals?

                                  Either provide your personal information as you said you would, or admit that despite your responses so far people can object to broken encryption for valid reasons that have nothing to do with wishing to hide illegal activity.

                                  reply to this | link to this | view in chronology ]

                                  • identicon
                                    Anonymous Coward, 21 Dec 2015 @ 9:46am

                                    Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                    Reading comprehension issues, I see...

                                    reply to this | link to this | view in chronology ]

                                    • identicon
                                      Anonymous Coward, 21 Dec 2015 @ 9:49am

                                      Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                      Identifying that you have reading comprehension issues is step 1 - congratulations on realizing your shortcoming.

                                      Step 2 is getting remedial reading lessons, idiot.

                                      reply to this | link to this | view in chronology ]

                                    • icon
                                      That One Guy (profile), 21 Dec 2015 @ 9:56am

                                      Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                      Option C it is then, dodge and deflect while admitting neither. Yeah, I suppose expecting honesty from you with regards to your own comments was a bit unrealistic on my part.

                                      To save time, I'll just copy/paste the last part until you answer it(and if anyone else wants to do the same, have at it).

                                      Either provide your personal information as you said you would, or admit that despite your responses so far people can object to broken encryption for valid reasons that have nothing to do with wishing to hide illegal activity.

                                      reply to this | link to this | view in chronology ]

                                      • This comment has been flagged by the community. Click here to show it
                                        identicon
                                        Anonymous Coward, 21 Dec 2015 @ 10:00am

                                        Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                        "people can object to broken encryption for valid reasons that have nothing to do with wishing to hide illegal activity."

                                        Of course people can, and do object to that; your mom, for example.

                                        It's just that most commenters on Techdirt, yourself for example, are torrent addicts, and that is why they're sweating encryption laws.

                                        reply to this | link to this | view in chronology ]

                                        • icon
                                          Chronno S. Trigger (profile), 21 Dec 2015 @ 10:04am

                                          Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                          "your mom, for example."

                                          "It's just that most commenters on Techdirt, yourself for example, are torrent addicts"

                                          OK, at this point this guy is most definitely a troll. He knows everything he's saying is a lie, he's just doing it to get under everyone's skin.

                                          reply to this | link to this | view in chronology ]

                                          • This comment has been flagged by the community. Click here to show it
                                            identicon
                                            Anonymous Coward, 21 Dec 2015 @ 10:09am

                                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                            Nope, not a troll. Been reading this site for years. My thoughts on this are the same as many others.

                                            reply to this | link to this | view in chronology ]

                                            • icon
                                              Chronno S. Trigger (profile), 21 Dec 2015 @ 10:11am

                                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                              "My thoughts on this are the same as many others."

                                              Yeah, other trolls like Angry Dude and Avarage Joe. You're just another in a long line of people intentionally antagonizing other commenters by false accusations, insults, and dragging the discussion off topic.

                                              The truth has outlived those trolls, it'll outlive you.

                                              reply to this | link to this | view in chronology ]

                                          • identicon
                                            Anonymous Coward, 21 Dec 2015 @ 10:29am

                                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                            Or, he's not a troll, and just a gutless coward, who can't feel safe unless he's got law enforcement to protect him (despite the lack of obligation they have for protecting him - that other thing he's glossed over).

                                            Fearful of, well, everything where he's funneling federal, state, and municipal tax dollars to law enforcement so that he can be safe in his closet, under a blanket, firmly grasping his assault rifle, waiting for, something.

                                            reply to this | link to this | view in chronology ]

                                        • icon
                                          Mike Masnick (profile), 21 Dec 2015 @ 11:11am

                                          Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                          It's just that most commenters on Techdirt, yourself for example, are torrent addicts, and that is why they're sweating encryption laws.

                                          You seem overly paranoid about torrenting. Weird.

                                          I've actually never used BitTorrent myself. Don't even have any BitTorrent clients on my computer. And I'm quite worried about encryption issues. It's got nothing to do with copyright stuff, and everything to do with privacy.

                                          Do you always project so much on people who actually know what they're talking about when you get into arguments?

                                          reply to this | link to this | view in chronology ]

                                        • identicon
                                          Ryunosuke, 21 Dec 2015 @ 12:05pm

                                          Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                          do you have ANY sort of information to back that claim up?

                                          Techdirt isnt about torrenting, if you ever read ... well ANY post whatsoever

                                          Techdirt deals with copyright law, and technology mostly, but also cyberlaws.


                                          you sir, just made yourself look like a fool... at best, at worst, you just made yourself look like a politician.

                                          reply to this | link to this | view in chronology ]

                                        • icon
                                          That One Guy (profile), 21 Dec 2015 @ 11:11pm

                                          Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                          Called on your dishonesty and you respond with a 'You mother' insult I see. Clearly expecting honesty or maturity from you was unrealistic of me.

                                          As for your repeated baseless assertions, you really need to stop projecting so much. Just because you cannot help but torrent anything and everything that catches you eye, doesn't mean the rest of us engage in similar practices.

                                          reply to this | link to this | view in chronology ]

                                        • icon
                                          PaulT (profile), 22 Dec 2015 @ 5:19am

                                          Re: Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                          "It's just that most commenters on Techdirt, yourself for example, are torrent addicts"

                                          ...and will the citation for this be forthcoming at any point? Rhetorical question, of course, since you are a pathological liar.

                                          Is your life really so pathetic that you have to lie about people you've never met? I know it's easier that addressing reality, but it's not healthy to live so much time in a fantasy world.

                                          reply to this | link to this | view in chronology ]

                                      • identicon
                                        Anonymous Coward, 21 Dec 2015 @ 1:13pm

                                        Re: Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                        We all know copyrights best and brightest will never live up to their side of a bargain. But we do know this one here works at an IMAX, cause he's a giant projectionist.

                                        reply to this | link to this | view in chronology ]

                                    • identicon
                                      Anonymous Coward, 21 Dec 2015 @ 11:17am

                                      Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                      Pay up or shut up.

                                      reply to this | link to this | view in chronology ]

                                • identicon
                                  Anonymous Coward, 21 Dec 2015 @ 9:52am

                                  Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                  Wassamatter?

                                  Don't want to expose your torrenting habits, criminal?

                                  What have you got to hide?

                                  reply to this | link to this | view in chronology ]

                                  • This comment has been flagged by the community. Click here to show it
                                    identicon
                                    Anonymous Coward, 21 Dec 2015 @ 9:57am

                                    Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                    Eh? Nothing to hide at all. That's why I have no problem with law enforcement accessing internet communications with a warrant.

                                    I have no problem them getting my name, address, phone number and any other info under those same conditions.

                                    Now if only TOG hadn't made up a quote, he could have gotten the same. But now he'll need a warrant :)

                                    reply to this | link to this | view in chronology ]

                                    • icon
                                      That One Guy (profile), 21 Dec 2015 @ 11:23pm

                                      Re: Re: Re: Re: Re: Re: Enough strawmen to fill up a dozen fields.

                                      Now if only TOG hadn't made up a quote, he could have gotten the same. But now he'll need a warrant :)

                                      Not so, I don't need to provide anything more than I already have, or wouldn't anyway were you honest enough to own up to your own words.

                                      You implied, multiple times, that the only reason someone could desire privacy and/or protest against breaking encryption was to hide criminal actions. I called you out on it. You then said:

                                      I'll post my name, address and phone number just as soon as you find this quote in one of my posts.

                                      I did so by posting several examples where you implied without any subtlety at all that the reason people were objecting to breaking encryption was to hide illegal actions, giving you the option to either admit to being wrong, admit to being a criminal, or stand behind your claims and provide your personal data. You dishonestly dodged again, choosing instead to respond with a grade-school level 'your mother' insult.

                                      If you're going to lie, at least realize that people are able to read what's been posted, and adjust your lies accordingly. Claiming 'I haven't said X', when people can simply scroll up and see that you absolutely have for example is not the best way to dishonestly defend your position.

                                      reply to this | link to this | view in chronology ]

                            • icon
                              Mike Masnick (profile), 21 Dec 2015 @ 11:06am

                              Re: Re: Enough strawmen to fill up a dozen fields.

                              But the reality is that Mike knows exactly where I'm posting from and who I am.

                              I actually have no idea who you are. I could dig your IP address out of the files, but I haven't and I don't know anything more about you other than you seem woefully uninformed about encryption.

                              So feel free to enlighten us.

                              reply to this | link to this | view in chronology ]

                            • identicon
                              Santa Claus, fo real., 21 Dec 2015 @ 11:33am

                              Re: Re: Enough strawmen to fill up a dozen fields.

                              Mike knows exactly where I'm posting from and who I am.

                              Mind posting exactly where you're posting from and who you are? And don't try lying to me because I'll know if you do, because I'm Santa Claus, fo real.

                              reply to this | link to this | view in chronology ]

                            • icon
                              PaulT (profile), 22 Dec 2015 @ 5:15am

                              Re: Re: Enough strawmen to fill up a dozen fields.

                              "The guy posting that he has no problem with wiretaps but says "no way" on encryption busting? Just like most everyone here, he just doesn't want to get busted for his torrenting addiction."

                              Meanwhile, outside of your fantasy world, what people are actually talking about are the vital technologies used by banking and virtually every other kind of business to keep financial and private information safe.

                              It's sad, really. We're talking about undermining every sector of the modern world, and all you people can think about is whether people are getting MP3s. You can't stop lying about people even on unrelated conversations. But those strawmen keep you from realising what's happening in the real world, I suppose...

                              reply to this | link to this | view in chronology ]

                        • icon
                          Chronno S. Trigger (profile), 21 Dec 2015 @ 8:49am

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                          Despite what anyone thinks about the government and it's trustworthyness, you keep forgetting (probably intentionally)that it's physically impossible to give the good guys a way to monitor encrypted traffic without giving the bad guys the same ability.

                          If anyone brings up that point, you tend to not ever respond.

                          reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 21 Dec 2015 @ 11:26am

                    Re: Re: Re: Re: Re: Re: Re: Re:

                    I find cowards like you unpleasant. They're a disgrace to all the men and women who bravely fought and are still fighting for this country.

                    And all without pay! Doesn't cost us a cent. That's amazing!

                    Keep paying someone else to protect you because you don't have a working set of testicles. I'm sure they love your tax dollars.

                    If they could just find someone to protect us for FREE like the military does!

                    reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 21 Dec 2015 @ 8:32am

                  Re: Re: Re: Re: Re: Re: Re:

                  One of the things I enjoy so much about this whole encryption debate is that at the end of the day pro-spying people can bitch all they want but it doesn't matter.

                  If I encrypt my communications and don't tell anyone the key and no one else figures it out, unless they spend an insane amount of time bruteforcing they'll never get what I encrypted. If they make it so everyone has to use a backdoored algorithm people will just encrypt with something that hasn't been backdoored.

                  There isn't really a law against math so they won't be able to stop people from creating new non-backdoored encryption. If they make non-backdoored encryption illegal... well I'd really like to see them try to enforce that.

                  Pro-Surveillance people should probably get a better understanding of how technology actually works before trying to win impossible battles. It might make them look a little less silly too. ^.^

                  reply to this | link to this | view in chronology ]

            • icon
              Chronno S. Trigger (profile), 21 Dec 2015 @ 8:09am

              Re: Re: Re: Re: Re:

              I can't find it and I don't remember enough detail to search for it. Can someone link this asshole the article about the court case stating the Police don't have to stand between anyone and harm?

              The government is not required to protect your ass. You're on your own.

              reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 21 Dec 2015 @ 8:12am

              Re: Re: Re: Re: Re:

              You may want them to protect you, you may pay them to protect you, but all they're obligated to do is take a report after you get hurt. In fact, I'm not sure they're even obligated to do that.

              reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 21 Dec 2015 @ 8:14am

              Re: Re: Re: Re: Re:

              My tax dollars at the municipal, state and federal level are most certainly being paid to protect me from you.

              http://www.nytimes.com/2005/06/28/politics/justices-rule-police-do-not-have-a-constitutional-duty-to -protect-someone.html?_r=0

              Hmm...are you really, really, really sure?

              reply to this | link to this | view in chronology ]

            • icon
              techflaws (profile), 21 Dec 2015 @ 8:52am

              Re: Re: Re: Re: Re:

              There are plenty of sources on the internet that can help explain how government works if you're having trouble understanding this concept.

              Said the guy using the Obama fallacy of "I'm here to protect the American people" rather than what he's sworn to do: uphold the constitution.

              reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 21 Dec 2015 @ 8:20am

          Re: Re: Re:

          They still can.

          Unless you're using an electronic device to communicate, at which point both you and them are insisting that no, you are not allowed any privacy.

          No. you wanting to break the law via technology doesn't usurp the government's obligation to protect me from you.

          Nice strawman, but no, you don't get to sacrifice my privacy and security just so you can enjoy a false sense of security.

          Sorry to break it to you, but the rights of people to privacy, and the security protecting countless aspects of their life(banking, email, health information) are both vastly more valuable than your sense of security and the government's voyeuristic fetish.

          reply to this | link to this | view in chronology ]

        • identicon
          Your worst nightmare, 21 Dec 2015 @ 10:17pm

          Re: Re: Re:really?

          The government can't, and is not supposed to, protect you from me. They will deal with the aftermath, that is it.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 22 Dec 2015 @ 4:19am

            Re: Re: Re: Re:really?

            They will deal with the aftermath, that is it.

            If you really believe that, then you're delusional.

            reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 21 Dec 2015 @ 7:36am

      Re:

      For almost 100 years via a warrant, law enforcement has been able to tap telephones. And they should be able to do the same with internet communications.

      You are, apparently, totally unaware of how a cost-benefit analysis works, huh?

      The issue here is not just the ability to tap internet communications. If it were just that, I don't think many would complain. Tapping phone is mostly possible to only be limited to law enforcement. But that's not the case with internet communications. Because it's software based, and because of the nature of encryption, opening up a backdoor puts everyone at significant risk. The "benefits" are much smaller than the "costs."

      Your simplistic "well we do it for telephones" misses the point in a huge way.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Dec 2015 @ 7:38am

        Re: Re:

        No, you're just trying to complicate the issue. Badly, I might add.

        reply to this | link to this | view in chronology ]

        • icon
          Chronno S. Trigger (profile), 21 Dec 2015 @ 7:50am

          Re: Re: Re:

          Care to actually elaborate on your oh so unclear response?

          All telephone communication goes through one of a few central hubs, so tapping the communication securely is relatively simple.

          Encrypted communication does not go through any central hubs thus cannot be tapped into in that way. The only possible way is to create a security flaw in the encryption and thus destroy everything because you're afraid.

          And don't get the wrong idea. If these assholes get what they want, it will be found by or leaked to the wrong people and you, along with everyone else, will be harmed by it.

          reply to this | link to this | view in chronology ]

        • icon
          Almost Anonymous (profile), 21 Dec 2015 @ 7:55am

          Re: Re: Re:

          I just don't have the patience anymore, so I'll just go with this:

          You're stupid.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Dec 2015 @ 7:57am

          Re: Re: Re:

          And you're trying to simply something that just isn't as simple as you'd like it to be.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Dec 2015 @ 9:19am

        Re: Re:

        I think you have to read between the lines. The police would like a master key for all encryption, but that's just not possible or even desirable (outside of law enforcement circles).

        What is possible and likely to happen is that Apple and Google will add a second public key to phones that they will use when presented with a court order to do so. This is basically analogous to the access law enforcement currently has with the current phone system and that has mostly worked ok.

        I think that's a pretty reasonable compromise and returns us to how things were a few years ago when Apple would brute-force phones when ordered to do so by a court.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 21 Dec 2015 @ 9:49am

          Re: Re: Re:

          This is basically analogous to the access law enforcement currently has with the current phone system and that has mostly worked ok.

          Except for the fact that it really hasn't.

          To save you some time, the link above leads to an article talking about how the police were accessing phones without warrants to such an extent that it reached the US Supreme Court, which thankfully came down on the side of the public in saying that no, they are not allowed to search a phone without a warrant. If they can't be trusted to respect the public's privacy, then they have no-one to blame but themselves when the public and tech companies step in to protect their own privacy.

          I think that's a pretty reasonable compromise and returns us to how things were a few years ago when Apple would brute-force phones when ordered to do so by a court.

          No, it isn't. Any security hole, whether you call it a 'master key' or 'second public key' is available for the 'good guys' and 'bad guys' alike to use, because there is no way for the security to tell the difference. Therefore the less security holes in general the better off the public will be, and if that makes it difficult for the government and/or police, that's just too bad for them.

          Just because it was an option to force companies to break the security of their devices to allow access to the police/government in the past does not mean that they are owed that ability perpetually.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Dec 2015 @ 10:23am

            Re: Re: Re: Re:

            I used to think in exactly the same terms that you have outlined. I've recently shifted my opinion. Change *is* coming. Maintaining the nothing-can-decrypt-phones line isn't tenable. So, what is the smallest compromise you would be willing to make? For me, it's that every phone encrypts the master key with the user's password and the manufacturers public key. Individual phones can be decrypted with a warrant but bulk real-time decryption isn't happening.

            That's what I most strongly object to -- the bulk collection of data. Sucking all data up with no probably cause is waaaay over the line (IMHO) and I would hope is a violation of the 4th amendment. Targeted decryption is reasonable and clearly not a violation of the 4th amendment. It would grant law enforcement similar, but slightly weaker abilities than what they currently have with land lines.

            What I would like to ask politicians that are promoting much weaker privacy protections is this: when the PRC presents Apple with a valid court order demanding the decryption of some communications that had an endpoint in the US (possibly a politician or a dissident or an engineer), do they comply? The answer is clearly "yes they do". The weakened technology will affect the US government as well and they have to accept that.

            reply to this | link to this | view in chronology ]

            • icon
              Chronno S. Trigger (profile), 21 Dec 2015 @ 10:34am

              Re: Re: Re: Re: Re:

              So, one key to unencrypt all phones of a specific manufacturer? One key that can be copied infinitely and can't be returned to the manufacturer? One key that becomes a vary large target for all hackers out there?

              Like the HDDVD encryption key? How long did that take to crack? How often does Blu-Ray have to change their encryption keys?

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 21 Dec 2015 @ 10:48am

                Re: Re: Re: Re: Re: Re:

                > one key to unencrypt all phones of a specific manufacturer?

                No. One private/public pair per handset. The public key on the handset, the private key held by Apple or Google. That would cover the vast majority of phones out there.

                reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 21 Dec 2015 @ 10:51am

                Re: Re: Re: Re: Re: Re:

                > one key to unencrypt all phones of a specific manufacturer?

                No. One private/public pair per handset. The public key on the handset, the private key held by Apple or Google. That would cover the vast majority of phones out there.

                And it would be nothing like encryption used in video players. Those things put the private key in the hardware and rely on obfuscation and technical barriers to keep it secret.

                reply to this | link to this | view in chronology ]

                • icon
                  Chronno S. Trigger (profile), 21 Dec 2015 @ 11:11am

                  Re: Re: Re: Re: Re: Re: Re:

                  So you're saying that there should be one central database holding the passwords for each and every device out there? As much as there is wrong with what you're saying, there's one giant flaw that even those who don't understand encryption should be able to see:

                  You're still making one central target to crack everything.

                  The biggest advantage of encryption is it's decentralization. Crack one device and you don't crack everything. But with your idea, crack Google or Apple's database and you've got everything. And it wouldn't take a master hacker, all it would take is one lazy/malicious/mistaken employee.

                  This, of course, assumes that the government would even allow a database like that to exist outside of their control.

                  And why are we even bothering? Smart criminals will never be caught by this. ISIS has their own encryption now, drug dealers use burner phones (and they don't even bother with encryption), smart criminals would just use the not intentionally flawed software we already have. Stupid criminals already incriminate themselves. Why make everyone else less secure?

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 21 Dec 2015 @ 11:43am

                    Re: Re: Re: Re: Re: Re: Re: Re:

                    There already is one target to crack everything for most phones - Apple or Google.

                    For example, Apple's messaging app sends encrypted encrypted messages but if you could crack Apple, you could silently add a foreign key to the transaction and the user would never know (the encryption keys are managed entirely by Apple).

                    You already are trusting Apple and Google. I think they can be trusted to manage keys (the certainly know how to do so).

                    > Smart criminals will never be caught by this.

                    That's ok. There are enough dumb criminals to keep law enforcement busy for a long, long time. There's no perfect solution and looking for a single, magical solution is foolish.

                    Change is coming. I answered what the minimal compromise I think is reasonable. If the solution is forced on tech companies via legislation, it's going to be much, much worse than simply adding the ability to unlock a device.

                    reply to this | link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 21 Dec 2015 @ 11:48am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re:

                      You already are trusting Apple and Google. I think they can be trusted to manage keys (the certainly know how to do so).

                      However, the government (who clearly has network security issues - see "OPM hack") is trying to tell them what to do.

                      So no, it's not a matter of trust with Google/Apple - it's them taking direction from someone with a shitty track record.

                      reply to this | link to this | view in chronology ]

                      • identicon
                        Anonymous Coward, 21 Dec 2015 @ 12:48pm

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                        > However, the government (who clearly has network security issues - see "OPM hack") is trying to tell them what to do.

                        That's exactly why the big tech companies should start talking about the compromises that least impact normal users. Installing a public key that can be used when presented with a court order is the least problematic solution that I can think of. If the tech companies don't start, legislation will tell them what they have to do and that would be the worst outcome.

                        reply to this | link to this | view in chronology ]

                        • identicon
                          Anonymous Coward, 21 Dec 2015 @ 1:08pm

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                          Before long law enforcement would demand the key so that they can decrypt what they want as soon as they get the court order, and of course they would never abuse it or let a copy leak.

                          reply to this | link to this | view in chronology ]

                        • identicon
                          Anonymous Coward, 21 Dec 2015 @ 1:39pm

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                          ...the least problematic solution that I can think of.

                          That still doesn't address the single point of failure you're creating, nor the ramifications of what happens when the key(s) are compromised.

                          The companies keep saying it can't be done, yet the government insists that it can. Since they're so sure, the onus is on the government to create a working model/proof of concept. Not Apple or Google - they have a profit motive and shareholders to be responsible to.

                          If the tech companies don't start, legislation will tell them what they have to do and that would be the worst outcome.

                          In other words, legislate that 2+2=5?

                          reply to this | link to this | view in chronology ]

                          • identicon
                            Anonymous Coward, 21 Dec 2015 @ 1:50pm

                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                            > That still doesn't address the single point of failure you're creating

                            The tech companies are already a single point of failure. They are pushing stuff to your phone all the time.

                            > In other words, legislate that 2+2=5?

                            No, they will pass legislation that gives law enforcement everything without regard to the harm it does to people and businesses in the US.

                            Going dark on a mass scale won't be allowed to happen. What's a compromise that you could live with? I already trust Google and Apple, so for them to have a way to unlock my phone doesn't change much (it goes back to how things were a few years ago).

                            I can still install 3rd party secure messaging apps just like I could use a scrambler on my phone line to secure my conversations.

                            reply to this | link to this | view in chronology ]

                            • identicon
                              Anonymous Coward, 21 Dec 2015 @ 2:00pm

                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                              No, they will pass legislation that gives law enforcement everything without regard to the harm it does to people and businesses in the US.

                              And if it's all encrypted anyways, nothing will change. They'll still have collected everything, and will still not have the processing power to decrypt it all.

                              Nothing changes.

                              reply to this | link to this | view in chronology ]

                            • identicon
                              Anonymous Coward, 21 Dec 2015 @ 2:02pm

                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                              What's a compromise that you could live with?

                              I don't need to compromise. I have encryption, and choose to use it to make my communications private.

                              Law enforcement has the ability to collect it, and with enough processing power, possibly decrypt it within my lifetime.

                              They already have exactly what they need. What they should be lobbying for is to change how time works. I think they'd have a better shot of making a 30 hour day instead of getting any backdoor to pass.

                              reply to this | link to this | view in chronology ]

                    • icon
                      Chronno S. Trigger (profile), 21 Dec 2015 @ 12:14pm

                      Re: Re: Re: Re: Re: Re: Re: Re: Re:

                      You're confusing two different things. You're talking about local encryption and communication encryption at the same time and getting confused.

                      Google's chat encryption is not end to end, it's from your PC to the central server and from the other PC to the central server. The government doesn't need to crack encryption to get that information.

                      Google chat and Apple chat are not secure systems, we all know this.

                      Local encryption is something else entirely. If I encrypt a file on my phone, say a password list, there is no central server between me and the file. I expect that file to be secure. At least as secure as the software used to encrypt it, not some unrelated, uninterested third party. I expect my communication with my bank to be as secure as the bank, not some unrelated, uninterested third party. Google should not have access to this information.

                      The government doesn't want access to Google chat, they want access to everything encrypted. Your compromise will never be enough for them because they already have it.

                      reply to this | link to this | view in chronology ]

                      • identicon
                        Anonymous Coward, 21 Dec 2015 @ 12:50pm

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                        > Google chat and Apple chat are not secure systems, we all know this.

                        I don't know how Google Chat works, but Apple details their security model in their iOS security white paper and it is end-to-end encrypted. Apple can't see the messages.

                        > Your compromise will never be enough for them because they already have it.

                        No, they don't. Recent iOS devices and some Android devices are still secure, even to Apple and Google.

                        reply to this | link to this | view in chronology ]

                        • icon
                          Chronno S. Trigger (profile), 21 Dec 2015 @ 1:15pm

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                          Didn't know that, but it helps my point, not yours.

                          Why does Apple have end to end encryption for their chat service? Think about that for a second, why would they spend that much effort into creating that? Is it to help the criminals stay under the radar? Or maybe because Apple knows that keeping everything in a central repository is a stupid idea.

                          Your compromise will end up like the 6 strike compromise the ISPs put in place. Utterly worthless yet still being ratcheted up. ISPs should have stood their ground and Google and Apple should as well.

                          reply to this | link to this | view in chronology ]

                          • identicon
                            Anonymous Coward, 21 Dec 2015 @ 1:38pm

                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                            > Why does Apple have end to end encryption for their chat service?

                            Two big reasons:

                            1) It's fantastic for marketing. Their chief rival makes money by mining everything you do on the device for advertising purposes (that's a cynical view, but somewhat correct). It makes sense to zig where their rival zags.

                            2) It saves them a lot of money. When they are presented with a court order saying "reveal the contents of this", an intern can prepare the response: "sorry, but due to technical limitations, there's no possible way to comply".

                            Change is coming. It's the perfect climate right now for anti-privacy legislation to be passed. It's important that tech companies (and communities like this one) get involved.

                            Many in this community are holding the position that they are unwilling to cede any privacy protections to law enforcement. It's a principled position to hold for sure, but when there's no compromise to be made, none will be offered. That's how you end up with terrible legislation that makes everybody a criminal.

                            reply to this | link to this | view in chronology ]

                            • identicon
                              Anonymous Coward, 21 Dec 2015 @ 1:43pm

                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                              Many in this community are holding the position that they are unwilling to cede any privacy protections to law enforcement.

                              Primarily because it's been well documented that law enforcement can't be trusted.

                              Question for you, if I may...why does law enforcement absolutely need this? Exactly how many people are flying under the radar and causing random acts of violence, where they now must be suspicious of EVERYONE?

                              And if that's the case, and everyone needs to be treated with suspicion, then inevitably, some of those suspicious people WILL end up in law enforcement...what in your solution will prevent THEM from also exploiting the TSA key, I mean, master encryption key?

                              reply to this | link to this | view in chronology ]

                              • identicon
                                Anonymous Coward, 21 Dec 2015 @ 1:58pm

                                Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                > And if that's the case, and everyone needs to be treated with suspicion

                                Does the fact that your landline is easily tapped imply that you are under suspicion?

                                > what in your solution will prevent THEM from also exploiting the TSA key, I mean, master encryption key?

                                Transparency and real oversight would be a good start. If all law enforcement decryption requests are eventually made public, it would be easier to spot abuse.

                                I think that's why it's important for this community to get involved. If legislators hear law enforcement say "tech companies must be made to comply with a court order demanding decryption" and hear tech companies say "under our current set up, that's not possible", then it's easy to predict what will happen: CALEA for mobile phone companies with no reasonable limits, oversight, or transparency.

                                We can stand around here and pretend that any ability to decrypt is the same as not encrypting at all in the first place (which is ridiculous), or get involved and give up as little ground as possible.

                                reply to this | link to this | view in chronology ]

                                • identicon
                                  Anonymous Coward, 21 Dec 2015 @ 2:04pm

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                  Does the fact that your landline is easily tapped imply that you are under suspicion?

                                  I can still speak in code over my potentially tapped landline. Should I also have to make the cipher available to law enforcement?

                                  reply to this | link to this | view in chronology ]

                                  • identicon
                                    Anonymous Coward, 21 Dec 2015 @ 2:20pm

                                    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                    If you choose to communicate securely, you can do so.

                                    For secure messaging my favorite app is Threema.

                                    Law enforcement doesn't want to make it impossible to communicate securely (they need that too), they just don't want it to be the default.

                                    reply to this | link to this | view in chronology ]

                                    • icon
                                      PaulT (profile), 22 Dec 2015 @ 6:00am

                                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                      "If you choose to communicate securely, you can do so.

                                      For secure messaging my favorite app is Threema."

                                      Cool. Are you aware that Threema depends on encryption technology that's the very thing that's being called to be compromised here?

                                      reply to this | link to this | view in chronology ]

                                  • identicon
                                    Anonymous Coward, 22 Dec 2015 @ 4:08am

                                    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                    I can still speak in code over my potentially tapped landline.

                                    Something they would like to outlaw.

                                    reply to this | link to this | view in chronology ]

                                • identicon
                                  Anonymous Coward, 21 Dec 2015 @ 2:26pm

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                  or get involved and give up as little ground as possible.

                                  How much ground will the government take? It will enough to ensure that they and their corporate buddies cannot be easily challenged.
                                  Terrorists know enough to keep their planning secure, while a local neighbourhood trying to organize replacement of their politician; or a group trying to organize a protest against an unjust law, or against a corporation ruining their environment, are easily disrupted if their communications can be monitored.

                                  reply to this | link to this | view in chronology ]

                                • identicon
                                  Anonymous Coward, 22 Dec 2015 @ 4:06am

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                  Transparency and real oversight would be a good start.

                                  Let that happen first, then come back. But since that is never going to happen,

                                  If all law enforcement decryption requests are eventually made public, it would be easier to spot abuse.

                                  Eventually. Forever minus a day. Kind of the opposite of the "transparency" you were just promoting. You're already being self-contradictory.

                                  I think that's why it's important for this community to get involved.

                                  In case you hadn't notice, it is.

                                  it's easy to predict what will happen: CALEA for mobile phone companies ... blah blah blah

                                  CALEA already applies to mobile phone companies. Nice try.

                                  reply to this | link to this | view in chronology ]

                                  • identicon
                                    Anonymous Coward, 22 Dec 2015 @ 6:07am

                                    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                    > CALEA already applies to mobile phone companies.

                                    No, it doesn't. Right now Apple doesn't have to provide surveillance hooks to law enforcement and that's precisely what is being pushed for. Phone companies aren't allowed to buy telecom gear unless it has surveillance capabilities. Soon, they may not be allowed to activate handsets unless they too have surveillance capabilities.

                                    I trust Apple more than I trust AT&T or Verizon. If somebody is going to have to manage keys (and I really think that's where we are headed), I want Apple to do it. That's really the bottom line of everything I've been saying.

                                    In the little Techdirt bubble, that's an insane thing that everybody hates, but among the general population, it's entirely sensible. You may have noticed that people really don't give a shit about privacy. Most don't worry about adblocking or trackers, they give up their demographic info for a chance to win a car, they are happy to fill out a survey to get a free sandwich, or apply for a credit card to save 5% on today's purchase. Privacy isn't a big deal, but security is. They are scared about terrorists even though the probability of being hurt or killed by terrorists is about as likely as being killed by a shark. Generally, people may not like their city or state police, but they are mostly happy with the FBI, the CIA, and they LOVE every branch of the armed forces.

                                    reply to this | link to this | view in chronology ]

                                    • icon
                                      PaulT (profile), 22 Dec 2015 @ 7:25am

                                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                      "I trust Apple more than I trust AT&T or Verizon. If somebody is going to have to manage keys (and I really think that's where we are headed), I want Apple to do it"

                                      Well, trust is only part of the issue here. Even if you trust the ability of a company to manage the security, you're talking about introducing a single point of failure that cannot be repaired. Mistakes happen, and Apple have been compromised in the past. Not only that, but you won't be able to pick and choose. This isn't just an argument about your mobile handset, it's about encryption in total. If Apple are forced to do this for your phone, others you trust less will need to do it for their systems too. Some of whom you will not know are involved, because you don't know the backend of every business you interact with and you don't know who's managing those keys.

                                      "You may have noticed that people really don't give a shit about privacy."

                                      Until it's compromised or there's real negative effects from a breach. People not interested in the subject have a hard time understanding future implications, but tend to have stronger opinions when it actually affects something they can see.

                                      "Most don't worry about adblocking or trackers, they give up their demographic info for a chance to win a car, they are happy to fill out a survey to get a free sandwich, or apply for a credit card to save 5% on today's purchase."

                                      This is all true. However, basic demographic info (much of which is public anyway) is rather different from what's being requested here. If someone doesn't mind giving away their email address for some free crap, that doesn't mean they'd agree to hand over live access to their phone conversations and financial transactions. There's different levels of importance to consider here.

                                      Also, those people do demand that data be protected even as they're handing it over. They'll give their email, address or phone number over for a free sandwich, yes, but they also demand that junk mail and unsolicited phone calls can be avoided. The suggestions so far don't seem to involve any protection once a compromise happens with keys.

                                      "Privacy isn't a big deal, but security is. They are scared about terrorists..."

                                      Privacy and security often go hand in hand. Perhaps instead of whining about a "bubble" on a site that understands these things, you'd be better off explaining to less savvy users why those terrorists would potentially be able to access these backdoors. You'd be amazed how quickly their opinions can change.

                                      Part of the issue is not that people don't care about their privacy, it's that they're not educated in the subject enough to know why it matters to their security. of course, the reason why they're scared of terrorists is they also don't know how rare such attacks are, but just because they're misinformed in one area that's not an excuse to misinform them in another.

                                      reply to this | link to this | view in chronology ]

                                      • identicon
                                        Anonymous Coward, 22 Dec 2015 @ 7:41am

                                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                        So what's your prediction for what things look like two years from now? Does the tech community successfully fight off government overreach, or does some poorly written rider get attached to a budget bill that mandates phone companies activate only handsets they can unlock? Or is there some third possibility?

                                        reply to this | link to this | view in chronology ]

                                        • icon
                                          PaulT (profile), 22 Dec 2015 @ 7:57am

                                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                          "Or is there some third possibility?"

                                          There's plenty of other options. Not least because what you seem to be missing is that this isn't just about mobile phone communication but encryption as a whole. For some reason, you seem to be intent on trying to simplify the whole issue to 2 companies. Despite the fact that there would be more than that involved even if this was only about mobile handsets.

                                          I can't tell the future, but I can tell you that letting people get away with the ignorant comments described in the article without comment is certainly not going to lead us anywhere positive. I can also tell you that breaking encryption will lead to people you don't want to give access to having full access. Unless you have a solution that doesn't involve putting such a back door in, which you're failed to suggest so far. Sorry, the idea of an extra private key doesn't count, that's still a back door no matter how much you trust Apple.

                                          reply to this | link to this | view in chronology ]

                                          • identicon
                                            Anonymous Coward, 22 Dec 2015 @ 8:02am

                                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                            > There's plenty of other options.

                                            For example?

                                            reply to this | link to this | view in chronology ]

                                            • icon
                                              PaulT (profile), 22 Dec 2015 @ 1:08pm

                                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                              Figures... Just as you try to reduce the entire argument to 2 companies, you can only conceive of 2 options for the future. You ignore the rest of my comments, but hone into the parts you can try to wave away with some simplistic misunderstanding.

                                              There's an entire spectrum of possibilities, ranging from a long political and legal battle to fight against any such requirement, to tech companies giving in but having to agree to increasingly draconian demands, to a major attack on existing vulnerabilities proving that encryption is absolutely necessary, to discovering some fundamental existing vulnerability that makes the whole demand moot.

                                              But, we can't deal with huge numbers of possible outcomes based on what we can guess. We can only realistically address the suggestion being made. When you consider the entire landscape rather than whatever handy false dichotomy you can dream up, the predictable consequences are not good.

                                              reply to this | link to this | view in chronology ]

                                    • identicon
                                      Anonymous Coward, 22 Dec 2015 @ 1:25pm

                                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                      > CALEA already applies to mobile phone companies.
                                      No, it doesn't.


                                      CALEA applies to all telecommunications providers. If you want to argue that doesn't apply to AT&T, Verizon, T-Mobile, Sprint etc. then you are truly delusional.

                                      reply to this | link to this | view in chronology ]

                                • icon
                                  PaulT (profile), 22 Dec 2015 @ 5:51am

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                  "Does the fact that your landline is easily tapped imply that you are under suspicion?"

                                  No, but then a landline is not factory set to be tapped by whoever requests it without any other intervention.

                                  "Transparency and real oversight would be a good start"

                                  How would that stop non-government entities from using the key, which you've now blocked by law from being re-secured?

                                  "We can stand around here and pretend that any ability to decrypt is the same as not encrypting at all in the first place (which is ridiculous)"

                                  That might be what you think they're saying. What others are actually saying is that once you create a master key, it works for everyone who wishes to use it. Which is the same as not encrypting at all to those people who have the key.

                                  reply to this | link to this | view in chronology ]

                            • icon
                              Chronno S. Trigger (profile), 21 Dec 2015 @ 1:47pm

                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                              That's what it comes down to isn't it. Person A is right and set a line in the sand. Person B is vary wrong and set their line in the sand. If person A steps over their line, they step into the wrong. But person B wants to compromise. Just step a little into the wrong, just a toe, I promise I won't pull you further in.

                              One would think we would have learned better by now.

                              reply to this | link to this | view in chronology ]

                              • identicon
                                Anonymous Coward, 21 Dec 2015 @ 2:09pm

                                Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                I don't think that's a bad analogy.

                                I think the lesson that we should have learned by now is that if we don't get involved, we get terrible, unbalanced, overreaching legislation. Decrypting a phone they capture is one thing, the real time decryption of all communications is another. Granting the first doesn't give them the second thing.

                                Everybody has their own line in the sand. Mine is untargeted surveillance. I have no problem with narrowly scoped spying but bulk data collection of everybody is too much.

                                reply to this | link to this | view in chronology ]

                                • icon
                                  That One Guy (profile), 21 Dec 2015 @ 11:54pm

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                  Decrypting a phone they capture is one thing, the real time decryption of all communications is another. Granting the first doesn't give them the second thing.

                                  Assuming a 'central repository' of decryption keys as you've suggested several times so far, if they can do the first, they can do the second(and if they can't do it for whatever reason now, just give it a few years). The only way to keep them from doing the second is to keep them from being able to do the first.

                                  Not to mention, as has been demonstrated time, and time, and time again, they always want more. Give them the ability to do A now, and it's only a matter of time before they're insisting that, because Terrorism, they absolutely need the ability to do B, C, and D as well(assuming they even ask).

                                  They want to search a phone? Get a warrant, and present it to the owner of the phone to unlock. Don't want to do either of the above? Then no search allowed.

                                  reply to this | link to this | view in chronology ]

                                • identicon
                                  Anonymous Coward, 22 Dec 2015 @ 4:12am

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                  I have no problem with narrowly scoped spying...

                                  We already have that.

                                  but bulk data collection of everybody is too much.

                                  which we also already have. So, you think they've already gone too far, yet you argue for them to go further? I detect duplicity.

                                  reply to this | link to this | view in chronology ]

                                • icon
                                  PaulT (profile), 22 Dec 2015 @ 5:57am

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                  "I have no problem with narrowly scoped spying but bulk data collection of everybody is too much."

                                  Here, I think you actually agree with people. The problem is simple - the solution you are calling for eventually hands the ability for bulk data collection from anyone, government and civilian, with no way to take it back.

                                  reply to this | link to this | view in chronology ]

                                  • identicon
                                    Anonymous Coward, 22 Dec 2015 @ 7:06am

                                    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                    No, it doesn't do that. If you use an iPhone or an Android device you are already trusting Apple or Google. Google is basically doing bulk data collection (with user consent and for the benefit of that user). Apple could, but they have a different business model. Asking either of them to hold a key for you isn't a huge further step as you are already dependent on them for much of your security.

                                    The government can't directly force Apple or Google to implement interception capabilities. What they will do (this is a guess) is pass a law prohibiting mobile network operators from accepting devices that lack that capability. They already require the network gear to have that capability (CALEA) and so I think it could be argued that requiring the same capability in the handsets is logical (from a law enforcement perspective).

                                    Apple and Google would have no choice but to build that in and hand over the keys to the network operators. For me, that's basically the worst case scenario because I *do* trust Apple and Google, but have zero trust in AT&T, Verizon, Sprint, or TMobile.

                                    reply to this | link to this | view in chronology ]

                                    • icon
                                      PaulT (profile), 22 Dec 2015 @ 7:25am

                                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                      "If you use an iPhone or an Android device you are already trusting Apple or Google"

                                      There are far more than 2 companies involved here, and more than mobile phones. I mean, Google don't even manufacture their handsets' hardware and 3rd party Android devices can patch the OS at any time. So, wherever you expect the decryption to happen, you're looking at way more than 2 vectors. Yes, that also means that carriers may have the keys as well.

                                      I can see where you're coming from, but so long as you continue to oversimplify the realities of the situation, you're going to be arguing something other than what's being discussed. Any security is only as good as its weakest link, and you're demanding that at least one be weakened further.

                                      reply to this | link to this | view in chronology ]

                    • icon
                      PaulT (profile), 22 Dec 2015 @ 5:46am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re:

                      "There already is one target to crack everything for most phones - Apple or Google."

                      Yes, if you want to massively over-simplify things. Bear in mind we're not just talking about phones here, nor are we just talking about consumer level devices.

                      But, you know what people at both of those companies spend a lot of their time doing ? Fixing flaws that allow people to crack their devices. What's you're supporting here is not only introducing numerous extra vulnerable points, but making sure that nobody is allowed to fix them. Ensuring that once that target has been compromised, it is never allowed to re-secure their devices.

                      Do you see the problem yet?

                      "That's ok. There are enough dumb criminals to keep law enforcement busy for a long, long time"

                      So, you support handing smarter, more organised criminals the tools to operate unhindered because some dumber people will get caught? Do you even understand what you're saying here?

                      "Change is coming. I answered what the minimal compromise I think is reasonable"

                      If you think that's reasonable, you don't understand the issue.

                      reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 21 Dec 2015 @ 11:22am

                  Re: Re: Re: Re: Re: Re: Re:

                  So the one key pair would be stored in a centralized location, and be completely impervious to attack - like the OPM database holding all the information for those having security clearances?

                  Not for nothing, if they can't keep what they have safe, I don't see why they get MORE information to not keep safe. Seems like they don't deserve that privilege.

                  reply to this | link to this | view in chronology ]

            • icon
              That One Guy (profile), 21 Dec 2015 @ 11:40pm

              Re: Re: Re: Re: Re:

              So, what is the smallest compromise you would be willing to make?

              None whatsoever.

              If you've got one person saying 'I don't think it's a smart idea to play russian roulette', and another person saying 'I think it is a smart idea to play russian' roulette, there is no room for compromise. The first person is right, the second person is wrong, and it's not in any way reasonable for the first person to give any ground, 'compromise' or not.

              In the case of security and encryption, you either have encryption that works, and is secure for everyone, or you have encryption that doesn't work, and is secure for no-one. Those are the only two options. There is no room, at all, for 'compromise' when it comes to encryption. It either works or it doesn't, that's it.

              For me, it's that every phone encrypts the master key with the user's password and the manufacturers public key.

              Creating a 'master key' rather than a 'golden key'. Well, I guess you changed the name, that's got to count for something, right?

              No, no it doesn't.

              No matter what you call it, a security vulnerability is a security vulnerability, and not something to be desired or deliberately introduced.

              Individual phones can be decrypted with a warrant but bulk real-time decryption isn't happening.

              Right up until someone gets the master key and uses that. If the system you are envisioning allows for individual real-time decryption, then it also allows for bulk real-time decryption, it's simply a matter of resources. And even if it doesn't allow for real-time bulk decryption, the fact that it might take them a little bit longer to get around to decrypting everything they scooped up doesn't make it any better or acceptable.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 22 Dec 2015 @ 4:25am

                Re: Re: Re: Re: Re: Re:

                If you've got one person saying 'I don't think it's a smart idea to play russian roulette', and another person saying 'I think it is a smart idea to play russian' roulette, there is no room for compromise.

                Oh come on, Russian Roulette is perfectly safe, on average. Can't we just compromise and say that it's "usually" a good idea?

                reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Dec 2015 @ 10:23am

          Re: Re: Re:

          And your baddy baddy Russkie/Chinese/ hacker won't be able to use that same "second public key" that all phones got now, of course.

          Because that "second public key" will realize that they are evil guys, and won't let herself be used. She'll die before letting herself be violated.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Dec 2015 @ 10:24am

            Re: Re: Re: Re:

            The baddie hacker doesn't need the second key - they can use the first one. Like you said, the key doesn't care.

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 7:56am

      Re:

      They can - breaking the encryption is their problem.

      It's not like we took the tapping capabilities away, amirite?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 11:41am

      Re:

      For almost 100 years via a warrant, law enforcement has been able to tap telephones. And they should be able to do the same with internet communications.

      They can. So what's the problem? They may not understand those communications, but the same holds true for telephones as well. Or don't you understand that?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:19am

    I think what the government ultimately wants is a "digital TSA" of sort - or in other words, "digital security theater" - especially going after their "golden/master key" talk (TSA's own master key was only recently exposed for everyone to copy).

    They want everyone to see the HTTPS lock and everything and think their conversations are kept safe from "cyber criminals and cyber terrorists", when in fact the government as well as those cyber hackers or anyone else who cares can get past those weak defenses made just for show.

    reply to this | link to this | view in chronology ]

  • icon
    Matthew (profile), 21 Dec 2015 @ 7:23am

    Shirley...

    Surely there must be a way for the government to have complete and total control without causing riots and rebellion? Bread and Circuses - the real reason government is so cozy with Hollywood. If only the Republicans would get on board with the social programs all their Orwellian wet dreams could come true.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:24am

    The issue, again, is that what they're really asking for is "can you make a technology where only "good" people can use it safely, and everyone else cannot?" And the answer to that question is to point out how absolutely astoundingly stupid the question is. Because there's no way to objectively determine who is "good" and who is "bad" and thus the only possible response is to create code that really things everyone is "bad." And to do that, you have to completely undermine basic security practices.


    You've fallen into their framing trap, Mike. All decent crypto already assumes everyone is "bad" except the sender and the intended recipient(s). Clinton et al. want to mandate their way into the "good" list.

    reply to this | link to this | view in chronology ]

  • icon
    Steve R. (profile), 21 Dec 2015 @ 7:26am

    Hillary Fumbled

    Hillary is pretty good, unfortunately, at slick rhetoric that allows her to be on "both" sides of an issue. She did the same with encryption, but she was clearly outside of her element and fumbled at finding the appropriate language.

    reply to this | link to this | view in chronology ]

  • identicon
    annonymouse, 21 Dec 2015 @ 7:30am

    When it comes to "good guys" and "Bad guys" it pretty much boils down to, if what you want to do is what the bad guys do that means you are a bad guy.

    The bad guy we know is bad and we can prepare for their antics but if the those who are supposed to protect us betray us then they broke trust and are far worse and need to be appropriately dealt with in the harshest way possible.

    reply to this | link to this | view in chronology ]

  • identicon
    NJD, 21 Dec 2015 @ 7:35am

    It's a bit like "What I want is for the gun manufacturers to work with government to figure out how to make bulletproof vests that don't protect bad people so that the police can shoot them".

    reply to this | link to this | view in chronology ]

  • identicon
    Jes Lookin, 21 Dec 2015 @ 7:40am

    It's all in the ownership

    Another bad name for the media to latch on to - like 'global warming'. The intent is to have ownership of some super-techo-thing that can decrypt the bad guys on the fly. The only problem is that only the people who design, fabricate, assemble, and control the technology can do that - and that isn't the US. For nuc stuff it was, but we can even make the components for that anymore.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Howard, 21 Dec 2015 @ 7:42am

    If we can't call it a backdoor

    I propose that from now on, when Hillary talks crap, we say she's talking out of her Manhattan.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 7:50am

    By definition, nothing designed by humans can be infallible.

    Being connected to everyone and everything in the world means that there are built-in risks when using the internet that will never disappear. People weigh those risks when deciding what they use the internet for. That is the way it has always been and the way it will always be.

    reply to this | link to this | view in chronology ]

  • identicon
    Guardian, 21 Dec 2015 @ 7:56am

    everyday the us govt sounds more like retards

    repeat after me:
    "everyday the us govt sounds more like retards"
    "everyday the us govt sounds more like retards"

    reply to this | link to this | view in chronology ]

  • identicon
    Ryunosuke, 21 Dec 2015 @ 7:59am

    Meanwhile.....

    Over at Juniper Networks,


    "A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years" -- CNN


    So hey, how about that backdoor encryption "only for good guys"

    reply to this | link to this | view in chronology ]

  • identicon
    AJ, 21 Dec 2015 @ 8:00am

    With the amount of time she should be doing behind bars for breaking the law with her email server (among other things), You would think she would be a strong supporter of encryption.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 8:14am

    Well, if she doesn't mind the difference in name, Russia and China supposedly launched a "Juniper Project" for encryption, and they seemed to get it right...


    Oh, wait! These aren't the backdoors we are looking for...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 8:21am

    Anyone can build encryption...

    The other major issue here is that anyone with a years with of math and programing education can build a suitable uncrackable encryption software if necessary.
    So even if we end up forcing Google, Apple and the other major tech companies to build in back doors for the government all it it would do is let them spy on all the regular law abiding citizens while anyone who actually want to use real encryption would do so.
    This is also so damn obvious to anyone with the smallest amount of sense that one have to assume this is their true goal....

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 21 Dec 2015 @ 8:31am

      Re: Anyone can build encryption...

      Well, clearly banning effective encryption is only the first step. The next step is to make not using crippled encryption a criminal offense, since clearly criminals are always careful to obey the laws, especially the ones that make it easier for the authorities to catch and prosecute them.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 9:47am

      Re: Anyone can build encryption...

      As always, perfect is the enemy of good. Just because a perfect solution can't be found, doesn't mean that a good solution (from the perspective of law enforcement) isn't available. I think a reasonable compromise would be for Apple and Google to encrypt the device keys with a second public/private pair - one belongs to the user, the other belongs to Apple or Google.

      You're right though - banning math is hard. Anybody with high school level mathematics knowledge can understand something like Diffie-Hellman key exchange (and it's a magical idea, lots of fun).

      reply to this | link to this | view in chronology ]

  • identicon
    Glenn, 21 Dec 2015 @ 8:36am

    Stopping the "bad" people...

    Step 1: get/keep the bad people out of our govt. (an uphill battle)

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 21 Dec 2015 @ 8:39am

    Dear Hillary

    For someone who has already had eight years experience running the country, I would expect you to understand something so simple.

    You can have either:
    1. A SECURE system. Secure against hackers, and secure against the government and law enforcement.
    2. An INSECURE system. The government and law enforcement have access, but so do the Russians, the Chinese, Anonymous, Hackers and Criminals.

    Please choose.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 8:40am

    The biggest issue...

    The biggest issue is not the problem of politicians rattling off inane bullshit. That's par for the course. The issue is that the common voter in the US is so mind numbingly stupid when it comes to anything dealing with those "magical computer TV boxes" that any sort of vague technical mumbo jumbo impresses them, so they'll vote for the bullshit.

    You want candidates to stop doing this shit? Educate the idiot masses.

    reply to this | link to this | view in chronology ]

  • icon
    AricTheRed (profile), 21 Dec 2015 @ 8:52am

    "Maybe the back door isn't the right door..."

    Wifey said the exact same thing...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 8:52am

    Can we get guns and cars to not be used by those bad guys too? I am pretty sure those terrorist guys are using those a lot too.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 8:56am

    I still need an answer... but nobody seems to be asking the question.

    So the US of A gets its not-backdoor backdoors and then what?
    How can anyone assume that other governments around the world won't be asking for the same prvilege?
    How can anyone expect companies to deny access to anyone when the big can of worms has been opened?
    Maybe we shouldn't entertain the fantasy that it is actually possible, because the politicians will try to force the "best" solution through, and the best solution will be a bad solution, but here we assume that they get their wet dream fulfilled.
    It is quite fitting to compare it to the Manhattan project, because even though it might have just been a question of time before somone else invented the nuke, we now live in a world with doomsday clocks where mutual annihilation starts as soon as some bastard in power, probably in a bunker somewhere, is insane enough to fire the first shot.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 8:57am

    She is dedicated to learning from what Obama and most presidents before him got away with. "say what people want to hear, then do whatever the hell you planned to do from the start"

    reply to this | link to this | view in chronology ]

  • identicon
    David, 21 Dec 2015 @ 9:40am

    Can someone explain to me?

    Why do those politicians equate "good guys" with "the government"? Haven't they heard of the Snowden files? Didn't they get the memo about the NSA heads perjuring themselves before Congress? Have they forgotten the CIA spying on Senate staffers?

    Didn't they understand that the NSA is incapable of keeping their hands out of the cookie jar? They aren't the good guys. They are the ones trying to undermine the Constitution. They are the ones trying to abolish the U.S.A. as defined by the Founding Fathers. And they are the worst enemies of the U.S.A. since they are the most likely to succeed.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 9:55am

    Intention

    Even if you could find a method that would accurately identify an entity as good, how does that prevent the 'good' entity from doing something 'bad'?
    Are they suddenly a 'bad guy' based on their intention?

    for bonus points, even in intentions are 'good', how do you determine that the result will be 'good'.

    Good people with good intentions can still do 'bad' things.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 10:48am

    Manhattan project?

    Remember what happened with the first Manhattan Project? It worked... and then, because of spies, the Soviets had it within 4 years. For something like this, that's probably optimistic.

    There are so many problems with what they are trying to do. If you have a password or number or code that can decrypt a message, that password or number or code can be stolen. And if you put the means to decrypt EVERY message in one place, it almost certainly WILL be stolen.

    But even if we found what the government thought was perfect encryption - easy to use, government access on demand, otherwise secure (including against foreign governments and in-government corruption), and everyone was somehow forced to use it - there is no possible way that we could force the bad guys to use it *exclusively*. They could encrypt their message using normal methods and then encrypt the encrypted message using the government-sponsored method, so when the government uses the magic key all they get is an encrypted message.

    reply to this | link to this | view in chronology ]

  • identicon
    Whoever, 21 Dec 2015 @ 11:20am

    Manhatten projects

    Perhaps we could have a project to make pi equal to 3, or another project to make 1 + 1 = 3. Because that's what she is asking for, and the reason it won't work is just as obvious.

    She knows this, so the real question is why is she asking for it?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 11:47am

      Re: Manhatten projects

      She knows this, so the real question is why is she asking for it?

      Because she wants know when someone is even thinking about crossing her. To do that she needs to be able to spy on everyone.

      reply to this | link to this | view in chronology ]

  • icon
    Robert Beckman (profile), 21 Dec 2015 @ 12:01pm

    Delayed-Escrow Encryption

    There may actually be a way to get both a secure(ish) device and a way to decrypt it.

    We've seen recently that there's a way to break PGP through factoring of very large primes (which is what some people think the NSA's Utah data center is for), but that it takes a huge amount of compute time.

    If your iPhone uses a rolling set of encryption keys, but where the rolling refactoring could be stopped with physical possession of the device, then a nation-state could seize the phone and eventually decrypt it, since the rolling key would stop rolling.

    Now the catch, of course, is that you'd need to keep the key size growing with Moore's Law, so that even with physical possession it would still be a significant effort to break, essentially making it so that only in rare circumstances would it be worth breaking the encryption.

    We used this same paradigm for years with location information - the law evolved that having the police "tail" someone wasn't an invasion of privacy, because anything you do in public isn't private. But the paradigm in place meant that mass surveillance was impracticably expensive, so it was only used when it was really worth it. Now that mass surveillance is cheap, we're stuck with a legal landscape that no longer yields the same relative privacy as before - where you were private simply due to the cost of breaking your privacy.

    Professor Kerr explains this in his Equilibrium-Adjustment theory of the 4th Amendment, but the same principle could be applied to computer encryption - grow the keys steadily to make it hard to decrypt a phone you have physical possession of, but possible if it's worth it.

    This gets trickier with stored data (suck up everything, sit on it for 10 years until it's easy to break, and then charge anyone you find with an ongoing conspiracy for whatever violation you find), but there may be solutions to this (extremely large keys on transmitted data, smaller rolling keys locally).

    Of course, this would necessarily mean that older data could be decrypted, so the US Government would need to thing long and hard about whether it wants it to be practical to break US encryption standards for older data.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 2:32pm

      Re: Delayed-Escrow Encryption

      What you are calling rolling keys I think cryptographers call ephemeral keys. They are generated for the session then discarded. It's in service of perfect forward secrecy.

      reply to this | link to this | view in chronology ]

      • icon
        Robert Beckman (profile), 21 Dec 2015 @ 3:58pm

        Re: Re: Delayed-Escrow Encryption

        That's essentially it. I'm a data scientist, rather than a cryptographer, so I didn't have the term of art (ephemeral keys). I've implemented a similar system for data processing, but what I see would be (essentially) a set of keys that time out where each section of storage gets slowly migrated from key to key, so that for any live system it will have a reasonably fresh key, but that when taken offline they become static.

        This would necessarily mean a slightly higher overhead on the device (since it would always be encrypting a new volume), but it could also use smaller keys tied to the generally available compute power - similar to how bitcoin mining gets harder over time.

        This sort of escalating encryption would obviously be harder to implement than a static key encryption, and harder to be sure no one planted a back door in it itself, but would have the advantage of maintaining the same relative level of protection over time for current devices.

        The non-absurd argument for security is that sometimes they really do need to decrypt things, but as we've seen it's far too often used now as an easy way to bypass other protections, rather than for extraordinary situations. Since we've been shown that we can't trust the watchers on their own when there aren't technical barriers, the alternative may be that practical barriers (total compute available) are a better alternative, like we had until recently due to scalability problems.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:04pm

    She misspoke

    She meant to say that we need a Madison Ave Project to come up with a term for backdoors that she can sell to the American public.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:37pm

    A very clear and logical statement, Mike. Bravo. Your point about it being impossible to build software that can discern between 'good' and 'evil' users, really is the core issue.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 1:12pm

      Re:

      No, the core issue is that people have to have privacy from the government, like when gathering information about a law enforcers or politicians wrong doing, or trying to find out if there is enough local support for a protest against planned laws.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 1:29pm

    It's likely that none of the candidates expects golden keys to actually be implemented or work (not that they wouldn't be thrilled). What they do expect is that, if elected, they have a golden scapegoat: anything bad that happens anywhere, anytime during their tenure will be blamed on the "uncooperative tech sector". Terrorism? Apple's fault. Pedophilia? Google's to blame. Mass shootings? Call of Duty's influence. Plaque and tartar build-up? Um... that Candy Crush thing.

    reply to this | link to this | view in chronology ]

  • icon
    crade (profile), 21 Dec 2015 @ 1:58pm

    Everyone who knows how encryption works are obviously all in a big conspiracy together to pretend we can't just hit this encryption doohicky with a sledge hammer and everyone will be safe.

    reply to this | link to this | view in chronology ]

  • icon
    RocRizzo (profile), 21 Dec 2015 @ 2:22pm

    They don't need encryption back doors

    What they need is better reasons to get search warrants.
    They could search someone's phone if they had a warrant to, but even law enforcement is pretty much clueless.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 2:51pm

      Re: They don't need encryption back doors

      Actually, the problem is that even with a warrant, many phones can't be searched unless the owner unlocks it.

      reply to this | link to this | view in chronology ]

  • identicon
    Pavement View (looking up, from beyond the ropes), 21 Dec 2015 @ 3:18pm

    Fool me once... Fool me a thousand times (naw, don't think so)

    Hillary is really not an intelligent person, re: anything. She has connections, and that is what counts in this day and age of guvmint by crooks. That and appearances (O'Bummer has that down cold).

    Making sense, even common sense, is not required.

    We have two years of a clown show and then a charade of an elections (ditch rigged machines and bring back the smoke filled back rooms). The two-year theater serves TPTB to keep the attention of the masses diverted from their laws for bribes (and other considerations).

    One thing H is good at is a posture of looking concerned.

    What a life. This system is broke beyond hope (so much for hope and change Mr. Prez).

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 3:25pm

    It has become PAINFULLY OBVIOUS that the federal government is projecting the illusion that it's "helpless" and cannot do what any reasonably minded individual KNOWS it can do - and that is decrypt encrypted messages with relative ease.

    The arguments they're using are simply to ludicrous and LOUD (public) to suggest anything else (it is here where any shill worth his/her salt would suggest mere "incompetence" is to blame... that tired falsehood fell apart years ago - they know what they're doing, and you KNOW this to be the case.)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 3:37pm

    Hillary, go stick a Juniper

    Hillary, go stick a Juniper where...

    well, the thought is too ugly to finish.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 3:47pm

      Re: Hillary, go stick a Juniper

      Hillary "Surströmming-Crotch" Clinton probably won't mind - she has everything else stuck up there.

      reply to this | link to this | view in chronology ]

  • icon
    JuddSandage (profile), 21 Dec 2015 @ 3:50pm

    Yeah...

    Clinton added some caveats. "Maybe the back door is the wrong door..."


    "She's been telling me that for years."
    - Bill

    reply to this | link to this | view in chronology ]

  • icon
    Wyrm (profile), 21 Dec 2015 @ 4:14pm

    "Trusted computing", does that ring a bell?

    This is the exact same "computer security" that copyright lobbies have asked for a long time.

    - Security should be: when a third-party tries to access a resource, it needs authorization as configured by the user.
    - "Security" as seen by all those: when a user tries to access a resource, it needs authorization as configured by a third-party. (Government, copyright group, etc.)

    That's a fundamental issue: they're basically asking for computers (including smartphones and other mobile devices) to distrust its owner because of their own paranoia.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Copymouse
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.