by Tim Cushing

Fri, May 19th 2017 7:39pm


encryption, end to end encryption, messaging, senate, signal



Senate Given The Go-Ahead To Use Encrypted Messaging App Signal

from the feinstein,-burr-will-continue-to-use-AOL-chatrooms dept

Certain senators have repeatedly pushed for encryption bans or encryption backdoors, sacrificing personal security for national security in a move that will definitively result in less of both. Former FBI Director James Comey's incessant beating of his "Going Dark" drum didn't help. Several legislators always managed to get sucked in by his narrative of thousands of unsearched phones presumably being tied to thousands of unsolved crimes and free-roaming criminals.

It will be interesting if the anti-encryption narratives advanced by Sens. Feinstein and Burr (in particular -- although others equally sympathetic) continue now that senators can officially begin using an encrypted messaging system for their own communications.

Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.

The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch privacy and encryption advocate, who recognized the effort to allow the encrypted messaging app as one of many "important defensive cybersecurity" measures introduced in the chamber.

ZDNet has learned the policy change went into effect in March.

If this isn't the end of CryptoWar 2.0, then it's at least a significant ceasefire. Senators are going to find it very hard to argue against encrypted communications when they're allowed to use encrypted messaging apps. It's not that legislators are above hypocrisy. It's just that they usually allow a certain amount of time to pass before they commence openly-hypocritical activity.

This doesn't mean the rest of the government is allowed to use encrypted chat apps for official communications. Federal agencies fall under a different set of rules -- ones that provide for more comprehensive retention of communications under FOIA law. Congressional communications, however, generally can't be FOIA'ed. It usually takes a backdoor search at federal agencies to cut these loose. So, members of Congress using an encrypted chat app with self-destructing messages may seem like the perfect way to avoid transparency, but it's the law itself that provides most of the opacity.

If encryption's good for the Senate, it's good for the public. There's no other way to spin this. Even Trump's pro-law enforcement enthusiasm is unlikely to be enough to sell Congress on encryption backdoors. With this power in the palm of their hands, they're more apt to see the benefits of leaving encryption un-fucked with.

Reader Comments

  • identicon
    Anonymous Coward, 19 May 2017 @ 8:04pm

    Interesting article. Having done a little work in the area of encryption, I have always been suspicious of the government's role, even in things like DES and AES. After DES was "broken", the group that promoted it basically said "yeah we knew that", but much after the fact. That is, they knew it was insecure, but promoted it as secure. Why do people believe that AES is secure? The argument is that IF all the details of an encryption scheme (symbol size, Galois Field primitive polynomial definition, encoding group size, substitution table non-linear values, etc.) are publicly disclosed, AND no one publicly shows how to break it, THEN it is secure. I am skeptical. They said the same about DES, then basically laughed about it. Personally, I think it likely that the government ALREADY HAS the backdoors for ALL public encryption standards. Just my opinion, but it is backed up by pretty solid history in this area.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2017 @ 8:32pm

    Remember the movie "The Imitation Game" about Alan Turing? Very interesting from many angles. Did he tell the world that he cracked the German's code at the time he did it? Of course not. I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government. Does anyone else find that incredible?

    reply to this | link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 19 May 2017 @ 10:19pm

      Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

      No need to trust the US Government, or any other Government--just look at what the encryption experts in the open-research community themselves are using--they recommend AES-128.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 May 2017 @ 10:32pm

        Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

        Right (sarcasm). They recommend disclosing a LOT of VERY USEFUL information to ANY ATTACKER, and then say TRUST ME IT'S REALLY UNBREAKABLE even if you HELP ME BREAK IT. If, for example, you made simple modification of the symbol size (say 4 bits or 16 bits instead of 8 bits), you could not argue it was less secure, it could only be more secure. In fact, the more DIFFERENT your scheme is from the PUBLICLY KNOWN scheme (as long as the mods are mathematically sound) the more secure it is by definition, right?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 May 2017 @ 10:46pm

          Re: Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

          Actually, sorry for the sarcastic tone, that's a bad habit of mine. My point is that people that don't use AES will NEVER tell you they are not using AES. If there IS a back door to AES, they will NEVER tell you there is. My secondary point is that using the "open-research" community, which conjures up images of well meaning professors with academic interests and funny glasses on the end of their nose, to validate and certify the best funded, most aggressive and successful espionage services in the world (all of them) seems risky, at least.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2017 @ 8:44pm

    If the 'government' already has the ability to decrypt AES, why the cries about going dark...

    It's all a show, no matter which perspective you have on it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2017 @ 9:06pm

      Re:

      For sure, a show, and the nature of the show is to not show the show. Welcome.

      For what it's worth, here is my vision of a secure world:

      Pretty much every processor now has a SIMD unit, even tiny little processors on cheap phones and such.

      These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory. Then, this encrypted and protected data chunk can travel wherever it likes. It can be used, abused, corrupted, whatever. However, in the future, when you need it again, you retrieve whatever you get, decrypt it, validate it, and use it, knowing it is correct data with a verifiable measure of certainty.

      Encryption for everyone, everywhere, all the time, for almost no cost. Well programmed, these SIMD units, inside the CPU, burn almost no resources, because they are so inherently parallel and optimized to do just this.

      A protected world.

      Amen. :)

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 May 2017 @ 9:23pm

        Re: Re:

        Michael Masnick, would you consider offering some free advice to show the generous side of your nature? It's not convenient yet for me to have lunch with you, but perhaps you could just give me a small part of your opinion regarding the following question.

        Say, for example, that GWiz and I whipped up a kernel driver for Linux that essentially encrypted and protected both the DRAM memory system and the external storage, all the time, with no reasonable performance impact. That is, you would gain the benefits of ECC memory and Erasure Coded RAID using standard memory and standard storage on everything from cell phones to servers.

        The question is: Do you think there is some type of hybrid Open Source + Pay for Something mode that could work in this market segment? For example, offering weaker encryption or protection for free systems, and stronger encryption and protection for pay for systems? Or something like that?

        I really am interested in your opinion, and could well consider lunch with you in the future.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 May 2017 @ 10:02pm

          Re: Re: Re:

          And to celebrate the fact that GWiz is not an "Insider" (and also generally well liked), and with respect to the group that does represent itself with a badge declaring they are a "TechDirt Insider", I propose the name "Insider" for this product. It actually runs Inside the CPU, which is a key component of the protection it offers. It keeps information secret, as all Insiders do (I mean, by the definition of the word). And you can use it in everyday life easily - "Does this system have an Insider?" and everyone will know what you mean. I like it. I'm thinking both Linux and Windows versions (already written), that's a huge market. Thanks to you guys, I think I have a great name. What do you think?

          reply to this | link to this | view in chronology ]

      • identicon
        Lawrence D’Oliveiro, 19 May 2017 @ 10:25pm

        Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

        Sounds good. Do you have a trustworthy source of random numbers?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 May 2017 @ 10:33pm

          Re: Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

          Why do you need one?

          reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 19 May 2017 @ 9:06pm

    If encryption's good for the Senate, it's good for the public. There's no other way to spin this.

    The Senate may not grasp encryption issues, but I'm sure they can still master intrinsic angular momentum.

    reply to this | link to this | view in chronology ]


