White House Cyber Security Boss Also Wants Encryption Backdoors He Refuses To Call Backdoors
from the torturing-words dept
Deputy Attorney General Rod Rosenstein recently pitched a new form of backdoor for encryption: “responsible encryption.” The DAG said encryption was very, very important to the security of the nation and its citizens, but not so important it should ever prevent warrants from being executed.
According to Rosenstein, this is the first time in American history law enforcement officers haven’t been able to collect all the evidence they seek with warrants. And that’s all the fault of tech companies and their perverse interest in profits. Rosenstein thinks the smart people building flying cars or whatever should be able to make secure backdoors, but even if they can’t, maybe they could just leave the encryption off their end of the end-to-end so cops can have a look-see.
This is the furtherance of former FBI director James Comey’s “going dark” dogma. It’s being practiced by more government agencies than just the DOJ. Calls for backdoors echo across Europe, with every government official making them claiming they’re not talking about backdoors. These officials all want the same thing: a hole in encryption. All that’s really happening is the development of new euphemisms.
Rob Joyce, the White House cybersecurity coordinator, is the latest to suggest the creation of encryption backdoors — and the latest to claim the backdoor he describes is not a backdoor. During a Q&A at Cyber Summit 2017, Joyce said this:
[Encryption is] “definitely good for America, it’s good for business, it’s good for individuals,” Joyce said. “So it’s really important that we have strong encryption and that’s available.”
Every pitch against secure encryption begins exactly like this: a government official professing their undying appreciation for security. And like every other pitch, the undying appreciation is swiftly smothered by follow-up statements specifying which kinds of security they like.
“The other side of that is there are some evil people in this world, and the rule of law needs to proceed, and so what we’re asking for is for companies to consider how they can support legal needs for information. Things that come from a judicial order, how can they be responsive to that, and if companies consider from the outset of building a platform or building a capability how they’re going to respond to those inevitable asks from a judge’s order, we’ll be in a better place.”
In other words, Joyce loves the security encrypted devices provide. But he’d love them more if they weren’t quite so encrypted. Perhaps if the manufacturers held the keys… The same goes for encrypted communications. Wonderful stuff. Unless the government has a warrant. Then it should be allowed to use its golden key or backdoor or whatever to gain access.
Once again, a government official asks for a built-in backdoor, but doesn’t have the intellectual honesty to describe it as such, nor the integrity to take ownership of the collateral damage. Neither the White House nor Congress seem interested in encryption bans or mandated backdoors. The officials talking about the “going dark” problem keep hinting tech companies should just weaken security for the greater good — with the “greater good” apparently benefiting only government agencies.
This way, when everything goes to hell, officials can wash their hands of the collateral blood because there’s no mandate or legislation tech companies can point to as demanding they acquiesce to the government’s desires. Officials like Joyce and Rosenstein want all of the access, but none of the responsibility. And every single person offering these arguments think the smart guys should do all the work and carry 100% of the culpability. Beyond being stupid, these arguments are disingenuous and dangerous. And no one making them seems to show the slightest bit of self-awareness.
Filed Under: cybersecurity, doj, responsible encryption, rob joyce, rod rosenstein
Comments on “White House Cyber Security Boss Also Wants Encryption Backdoors He Refuses To Call Backdoors”
When did the permanent recording of all conversation, and keeping permanent copies of all letters and notes go out of fashion?
It has never been possible for the police to have guaranteed collection of evidence via a warrant.
Wrong on all points
There have always been obstacles and systems that prevented law enforcement obtaining information. For example, DNA analysis is a relatively recent technology for identifying and excluding suspects. Criminals are being brought to justice in cases decades old because of it. But what about the criminal that won’t reveal the location of the drugs, money or body? Sticks, carrots and warrants are useless without cooperation. Although technology has provided an indispensable tool to crime fighters, like all technology it sometimes creates an obstacle. Does the constitution allow the government or its agents to use any means to their end? Does it allow preemptive access to the insides of our persons, homes and papers, lest one of us commit a crime in the future? What they are asking for not only provides access to current information but potentially years of cumulative information. These issues need to be addressed. The stakes are higher for the millions of law abiding citizens who are being asked to trade their privacy just in case one of them commits or is even suspected of committing a crime.
Re: Wrong on all points
“For example, DNA analysis is a relatively recent technology for identifying and excluding suspects. Criminals are being brought to justice in cases decades old because of it.”
DNA analysis is good for excluding, not so good at including. I think you had it correct with your first sentence, the second one not so much.
Re: Re: Wrong on all points
“DNA analysis is good for excluding, not so good at including. I think you had it correct with your first sentence, the second one not so much.”
I think some crime victims would disagree. Just because it happens less often doesn’t make it insignificant. 20 years ago the actor that played Random Task in one of the Austin Powers movie brutally raped a woman. He was arrested for a relatively minor crime and when they took his DNA it matched the evidence in the crime.
Re: Re: Re: Wrong on all points
But that is what I’m saying … the “match” is still being debated whereas the “no match” is not.
“Rob Joyce, the White House cybersecurity coordinator”
The fact he is stupid enough to make these comments means he is not even remotely qualified to hold that position.
Really is sad how often this kind of thing happens. Why are morons with no security experience keep getting high level “cybersecurity” jobs?
Re: Rob Joyce [was ]
“Five key players for Trump on cybersecurity”, by Morgan Chalfant, The Hill, May 6, 2017
Re: Re: Rob Joyce [was ]
to be honest, those credentials are hardly worth anything.
It’s like me running around saying I have 40 years experience in cyber security…
I have seen more than enough dullards in positions of power to know that experience is a CON MANS GAME!
Re: Re: Re: Rob Joyce [was ]
Agreed. When someone says “I have X years of experience”, my first question is
“Do you have 1 year of experience repeated X times? Or do you actually have X different years of experience?”
And all too often the true answer is “One year repeated X times”
Re: Re: Re:2 Rob Joyce [was ]
Or he’s one of those government employees who sat at a computer and surfed for porn 7.9 hours out of 8 over the last decade or two. Just because you HAVE a job for a decade or two is no indication that you actually DID the job, or were any good at it.
Re: Re: Rob Joyce [was ]
“Rob Joyce”, CNBC, (undated – url contains “2017/08/22” )
Re: Re: Re: Rob Joyce [was ]
Ah, so he WILLFULLY IGNORANT in order to push an agenda. Those people make me more sick than the ones who are just plain ignorant.
Re: Re: Re: Rob Joyce [was ]
Incidentally, and fwiw, carefully compare the phrasing of that CNBC-hosted bio with a less-recent bio sketch for the Usenix Association’s Enigma 2016 conference. It appears likely to me that CNBC did not entirely originate the wording used.
Re: Re: Rob Joyce [was ]
“Rob Joyce, the former leader of an elite hacking group at the National Security Agency”
Ok, so maybe I was wrong and this guy does have some experience. That makes this even worse honestly, because that means he knows and is just telling bold face lies.
Also, the NSA, really? They have proven they are rabid attack dogs who give zero shits about collateral damage.
Re: Re:
The question remains, are all these people really that stupid, or do they in fact know what they are asking for and don’t care because they want access to all the things?
I would think it would not be outside the realm of possibility that they want to force the civilian population to use a backdoored version of encryption so law enforcement and the NSA can look at whatever they want to. Meanwhile the NSA and any other government agency quietly uses a version of encryption that isn’t backdoored to protect their stuff and tools.
There’s 3rd party open source Encryption that the government has ZERO control over that’s not made in the U.S. No law could even stop it from being used.
So really, 99% of the population who are just normal American’s get the weak encryption that everyone will end up with keys for it one way or another and the Criminals who want real Protection just just download a open source, no backdoor version and the U.S. Government can’t do anything to stop that.
Since when is the Government snooping into my conversations to someone recording away, but only will hear what I’m saying with one of their open ended bogus warrants when they need to? Because that’s really what he’s saying.
Re: Re:
They will ask for “Responsible Programming”, meaning only government approved code…. How I wish I could consider that sentence a joke.
The point is moot.
The behavior of the current administration, the DoJ and its respective agencies have demonstrated that they not only don’t hunt down evil people (rather they pick at low hanging fruit), but also they’re not trustworthy themselves, and often make rackets from their own authority.
Even if we could make a secure backdoor, there is no-one on Earth trustworthy to keep it.
The recent Equifax hack illustrates this. Those trusted with the data they already have aren’t trustworthy.
Re: The point is moot.
At this point, there are still many of Obama’s faithful still in our bureaucracies. Those who were attracted to government service by Obama and Bill before him to promote their own philosophy. There are rules against indiscriminately firing civil-service workers. Keep that in mind while talking about the current government.
Re: Re: The point is moot.
“Obama’s faithful”
wtf does this mean?
“Keep that in mind while talking about the current government.”
How is this any different than past administrations? Why not not just simply spit it out, come on … you can tell us what you really think.
Re: Re: Re: The point is moot.
I would guess that is code for Deep State.
Which we all know is code for Law Abiding Constitution Obeying Civil Servant.
Re: Re: The point is moot.
You say that as if people were not attracted to government service by Reagan or one of the Bushes for the same reason.
Re: Re: "obama's faithful"
In our last election, we got the drone strikes candidate, and then we got the even more drone strikes candidate. We voted the latter in.
The only reason Trump isn’t using the intelligence sector to route out dissidents is he doesn’t know how. But should he ever learn, it is totally within his character to do so and round them up into work camps.
This isn’t about Obama’s state versus Trump’s state (or Obama’s state vs. Bush’s state). Obama has been discharged. No agent works for him, though some may still seek to carry out old missions rather than the new ones.
Though Trump has certainly been moving to shift the loyalty of agencies to him personally, starting with ICE and CBP, rather than to the United States. It’s terribly similar to the Schutzstaffel, Hitler’s personal army, in contrast to the general Wehrmacht. And they’re constructing work camps.
Every president since Nixon (if not before) has strived to consolidate power, unconcerned about what happens when the other guys (whichever other guys) get it, or what happens when agents of the state start regarding the public as the enemy.
We’re in a police state now. It’s been trending that way at least since the 60s. During the Bush and Obama eras lines were crossed that showed that the people are no longer governed by consent but by force.
What is the problem here?
If those silicone valley geeks can create perpetual motion machines and faster than light spacecraft, then why can’t they make responsible encryption that is perfectly secure until a warrant is issued?
/s
Re: What is the problem here?
…they want porn stars to fix this?
Re: Re: What is the problem here?
The pornography industry develops and uses some of the most advanced technology available.
Re: Re: Re: What is the problem here?
It would give new meaning to the phrase “nerd harder”, at least.
They are just taking a clue from the 1990s anti-tobacco people. Frustrated by years of not finding the silver bullet to stop cigarette smoking, Bill Clintons administration released them from the shackles science placed on them and they went wild creating terms and pseudo-science for their campaigns. They created terms like 2nd hand smoke and PM2.5 particles. PM2.5 particles to us regular Joes is humidity or water vapor. Water acts as a diluent for many naturally occurring, but nasty sounding things.
Obama’s EPA, CDC, and FDA picked up on how successful using misleading terms and pseudo-science was and attacked the very safe e-cigarette. Even WHO was getting into using PM2.5 particles. Like CO2, they are found everywhere and makes regulating people possible until the sun stops shining.
Having some of our bureaucracies with over 25 years of lying to the public under their belt, I am not surprised the intelligence community is trying to use the same method. And to think, it all started with smoking.
Re: Re:
lol
Re: Bill Clintons administration released them from the shackles science placed on them
Didn’t Trump promise to fix all that?
Re: Re:
“it all started with smoking.”
So, according to you – the government never lied to the public before the whole tobacco thing.
Wow – some people.
Re: Re: Re:
No. The intentional misinformation started with the Clinton anti-smoking crusades. We all know smoking is bad. But most people do not realize it is the smoke that kills, not the tobacco. There are decades long Swedish Snus studies that show their product users suffer no more maladies than the general population.
The EPA at this time produced a 2nd hand smoking report that was tossed so far out of court, it still hasn’t landed. The EPA was saved from liability by arguing on appeal, they were only the publisher of the report and not responsible for the ‘3rd party’ bad science.
The intelligence agencies arguing for back-doors appear to be using this type of misinformation campaigning.
So you think smoking does not cause cancer – got it.
Re: I think you missed the point
Non-smoker here. I don’t smoke, I don’t want to smoke, but I also don’t like a lack of honesty. Tobacco companies telling the truth is one issue, but that doesn’t justify lying on the other side. There was one major anti-tobacco group some years ago with TV commercials that were offensively dishonest, and the group ironically had some form of ‘tru’ or ‘truth’ in their name. As an example, urea is often added to a lot of materials as a humectant, and tobacco is one example. The compound also naturally occurs in urine, as well as a lot of other places. One of these ‘PSA’ spots equated urea in tobacco to having urine on tobacco.
The originator of this thread did hit on a legitimate point in that lying does not help a cause in the long run.
Re: Re: I think you missed the point
Wait. Doesn’t the tobacco/cigarette industry actually pay for some of those anti-smoking ads? It would certainly explain why they are so ineffective.
Re: Re: I think you missed the point
You understood my point. We can’t have a legitimate debate when the terms are changed and false evidence is presented. The 1980s and earlier days of simply showing a person smoking a joint and then killing someone are over in public health videos. And this deceitful way of communicating has now reached the intelligence community again. We all know operation Mockingbird was just Russian propaganda. Yea, right. The games are almost cyclic in nature.
The CDC ran a study of how effective their new style misinformation and negative anti e-cigarette demonizing campaign was. It showed it was very effective at reaching 24 year olds and younger. That campaign managed to illicit a response from both Public Health England and the Royal College of Physicians asking that it be stopped. People who would most benefit from e-cigarettes were thinking they were as bad as tobacco cigarettes.
“The other side of that is there are some evil people in this world”
It’s funny how they pretend that they are not evil.
If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath
"The other side of that is there are some evil people in this world, and the rule of law needs to proceed, and so what we’re asking for is for companies to consider how they can support legal needs for information. Things that come from a judicial order, how can they be responsive to that, and if companies consider from the outset of building a platform or building a capability how they’re going to respond to those inevitable asks from a judge’s order, we’ll be in a better place."
Dear Rob Joyce super genius (aka White House cybersecurity coordinator) there are no such creatures as unicorns that poop golden eggs or for that matter secure encryption algorithms with backdoors baked-in for US government snoops (ie criminals) to exploit.
Does siphoning every last bit/byte sent 24/7/365 globally (American citizens data too) in a massive fishing expedition and then storing the data indefinitely for potential future reference considered legal needs for information?
Dear Rob Joyce get yourself a copy of the US Bill of Rights and study. You and your tax-feeding ilk can start with this:
Amendment IV: The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures shall not be violated, and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized.
Re: If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath
Hmmmmm. I do hope he reads your quote. I read that he wants to be able to be responsive to a court order. That seems to fit the constitutional intent “unreasonable searches and seizures shall not be violated, and no warrants shall issue”
Doubleplus Good
The Minister for Teh Cybers says that the Gubmnt mandated Portal of Safety in encryption is not a “backdoor”.
I’ll believe the nimrods are serious about “backdoors” being harmless when they agree to do all their personal online banking and credit card transactions in the clear.