The Cyber World Is Falling Apart And The DOJ Is Calling For Weakened Encryption
from the better-for-cops,-worse-for-everyone-else dept
It seemed like the (mostly) one-man War on Encryption had reached a ceasefire agreement when “Going Dark” theorist James Comey was unceremoniously ejected from office for failing to pledge allegiance to the new king president. But it had barely had time to be relegated to the “Tired” heap before Deputy Attorney General Rod Rosenstein resurrected it.
Rosenstein has been going from cybersecurity conference to cybersecurity conference raising arguments for encryption before dismissing them entirely. His remarks have opened with the generally awful state of cybersecurity at both the public and private levels. He says encryption is important, especially when there are so many active security threats. Then he undermines his own arguments by calling for “responsible encryption” — a euphemism for weakened encryption that provides law enforcement access to locked devices and communications on secured platforms.
Considering recent events, this isn’t the direction the DOJ should be pushing. Russian hackers used a popular antivirus software to liberate NSA exploits from a contractor’s computer. Equifax exposed the data of millions of US citizens who never asked to be tracked by the service in the first place. Yahoo just admitted everyone who ever signed up for its email service was affected by a years-old security breach. Ransomware based on NSA malware wreaked havoc all over the world. These are all issues Rosenstein has touched on during his remarks. But they’re swiftly forgotten by the Deputy Attorney General when his focus shifts to what he personally — representing US law enforcement — can’t access because of encryption.
DAG Rosenstein needs to pay more attention to the first half of his anti-encryption stump speeches, as Matthew Green points out at Slate:
[A]ny technology that allows U.S. agencies to lawfully access data will present an irresistible target for hackers and foreign intelligence services. The idea that such data will remain safe is laughable in a world where foreign intelligence services have openly leveraged cyberweapons against corporate and political targets. In his speech, Rosenstein claims that the “master keys” needed to enable his proposal can be kept safe, but his arguments are contradicted by recent history. For example, in 2011 hackers managed to steal the master keys for RSA’s SecurID authentication product—and then used those keys to break into a slew of defense contractors. If we can’t secure the keys that protect top-secret documents, it’s hard to believe we’ll do better for your text messages.
Rosenstein is steering everyone towards his new term “responsible encryption” but there’s nothing responsible about creating a set of encryption keys for lawful access. It may not necessarily be a backdoor — a term Rosenstein is trying hard to distance himself from — but it is a hole that wouldn’t otherwise exist. And if keys are created and stored by manufacturers and platform providers, the chance malicious hackers can find them will always remain above 0%.
Filed Under: cybersecurity, encryption, going dark, hacks, matthew green, rod rosenstein, security
Comments on “The Cyber World Is Falling Apart And The DOJ Is Calling For Weakened Encryption”
'Who keeps inviting the fox to the chicken-coop builders conventions?'
I have to wonder, why does he keep getting invited to security conferences? Do the people running them have a warped sense of humor? Are they calling them ‘security’ conferences to be ironic or something?
If I was in a profession, was in charge of running a convention/conference regarding that profession, and I knew that a given person was advocating a position that would have serious negative consequences for my profession they would never even be considered for a guest invitation, and they certainly wouldn’t be invited to speak at the event.
Rosenstein isn’t just putting forth a wrong idea, he’s putting forth a dangerously wrong idea, and that groups are not only not deriding and mocking him for it but are inviting him to speak on a subject he clearly is either deliberately, woefully ignorant of and/or grossly dishonest regarding is insane.
Re: 'Who keeps inviting the fox to the chicken-coop builders conventions?'
It’s kind of like inviting a child molester to a child care conference.
Re: Re: 'Who keeps inviting the fox to the chicken-coop builders conventions?'
But .. but .. both sides!
both sides!
Re: 'Who keeps inviting the fox to the chicken-coop builders conventions?'
he’s the half time show. the serious people quietly snicker and laugh and he’s none the wiser
I have nothing against responsible encryption, as long as we take the consensus-definition, as determined by independent experts (from both academia and civil society).
What I am dead against is letting politicians rewrite the dictionary.
Re: Re:
Ok, I’ll bite.
What is “responsible encryption” according to “the consensus-definition” and why/how is that definition acceptable when a such a thing is impossible.
Re: Re: Re:
I’d hope it means “consensus between professional in the relevant industry” rather than “consensus among everybody, including those scared to even learn the technology”, in which case that’s very possible. Otherwise, nobody who knows what they’re talking about has a chance
Re: Re: Re: Re:
Prepending the word responsible to the word encryption is their way of saying backdoor. Encryption that has a backdoor is not very good encryption and it is certainly not responsible to tell potential customers (victims) that your encryption is secure when in fact it is not.
Re: Re: Re:2 Re:
Indeed, which is why I would hope those people who know this get their was, and not grandstanding idiots
Re: Re: Re: Re:
“consensus between professional in the relevant industry”
Do you know who else had a consensus? All those folks conducting human experiments all across time under the umbrella of their governments and institutions.
Professional is not without corruption.
Re: Re: Re:2 Re:
Well, that was a desperate Godwin attempt.
So, you’re saying that because corruption exists, professional groups should be ignored and we just go with the opinions of people who know nothing? That knowledge and expertise should be rejected in favour of ignorance? The US government seems to be following your path, let’s see how much damage they cause in the next few years, I suppose
Re: Re: Re: Re:
Indeed, I use the term “expert” to refer to professionals with expertise around the subject.
As to the definition of ‘responsible’: This is exactly what I want to have established.
There are still people denying global warming, although the experts in climate-science have reached consensus that it actually is happening. This is the kind of consensus that I hope for.
Re: Re: Re:2 Re:
I know, I was agreeing with you and informing the AC. Sorry if that wasn’t clear
cant wait for the leaks
ya know us hackers are gonna have a field day
Rosenstein doesn't understand how CI works
We Americans tend to think in terms of the next quarter. Some of our adversaries think in terms of the next quarter-century. And having observed the “crypto wars”, they’ve no doubt anticipated that the USG would try again (and again) to weaken encryption standards.
Given that, the obvious move on their part is to get their own people into positions that are likely to be on the inside…and WAIT. For years. Decades, if necessary.
Thus if/when the day comes that, let’s say, Apple decides to go along with this farce and create backdoored encryption, the master key(s) will be in Beijing before they’re in DC.
Irresponsible Encryption
“Irresponsible encryption” is what he is really proposing.
Re: Irresponsible Encryption
No, “responsible”. It’s like responsible love, responsible trust, responsible commitment, responsible obeyance, synonymous with “not actually”.
The real thing is “irreponsible” in all of those cases, not responsive to overriding interests.
Re: Re: Irresponsible Encryption
idk – it all looks like bullshit to me
Re: Re: Re: Irresponsible Encryption
Well, “not actually”, “responsible”, and “bullshit” are to some degree interchangeable. So that’s not a contradiction.
“t seemed like the (mostly) one-man War on Encryption had reached a ceasefire agreement when “Going Dark” theorist James Comey was unceremoniously ejected from office”
You started with a fail. The idea of an encryption back door was not the idea of a single man, nor was it something pushed by a single man. It’s a concept that more than stretches through the various three letter agencies. In fact, the fire is burning possibly even stronger in Europe. While the Euro parliament considers a “ban”, the member states are pretty much all lining up to push the concept.
So thinking some sort of cease fire happened because a single guy got kicking out for failing to lick Trump’s boots is a pretty weak opening spot.
Re: Re:
So, do you believe that the idea that this is ridiculous is true, just not limited to a one man crusade? Or, are you believe he actually has a point?
Re: Re: Re:
Go easy on the guy.
If you look back at MyNameHere/Whatever/horse with no name/Just Sayin’s posts on Techdirt, he professes a fawning admiration for James Comey. Comey’s fall has left a gaping hole in his heart.
Responsible enough?
Gov’t: We need responsible encryption.
Techs: Well, the responsible thing to do would be to make it as impossible to crack as we can, so we’ll do that.
Gov’t: No, no no. What we mean is that we need a secure backdoor so that we can get in easily.
Techs: … Um. Oh, I know! That means you want it so secure that NOBODY can get in!
Gov’t: That’s not what we said!
Techs: I always keep a deep freezer behind my back door. Ain’t NOBODY gettin’ in that way.
Gov’t: *sobbing softly* We just want to have more access to data.
Techs: Not to worry. Star Trek: The Next Generation is on Netflix! You’ll have plenty of access to Data. Now, come over here before you hurt yourself. Here’s something shiny to play with.
I once setup a web filtering for a small school and while checking the filters my friend and I came across a (Neo?) Nazi propaganda site. I just find it really interesting that the kind of logic Mr. Rosenstein appears to be using reminds me of the kind of ‘logic’ that site used.
Re: I'll bite
Okay, his arguments and position are dangerously stupid in their own special way, but for the life of me I cannot see how they could compare to neo-nazi propaganda. What kind of logic were they using that there would even begin to have some sort of similarity?
Re: Re: I'll bite
Since it’s been a while (and I don’t feel a great need to hunt the site down again) I’ll paraphrase.
Basically they (the site) claimed that all, regardless of race/ethnicity, children were innocent and should be treated with care [etc]. And then just a paragraph or two later they claim that certain ethic groups needed to be suppressed and/or euthanized simply because of race/ethnicity.
At least to me, those two kinda of thinking seem very similar.
Re: Re: I'll bite
Who do you think Nazis were? They weren’t just gung-ho about vulgar handwaving race theories, they also considered the government responsible for acting on them. Government meddling with everything and citizen rights coming second are the basics of fascism.
That a nation’s interests are to be established, if necessary, against the wishes of the constituting populace and that the populace must not have the means to exchange information outside of the government’s control, possibly contradicting propaganda: all that is very much an element of fascism.
If you want the government to act on racial supremacy wet dreams, you cannot have its mandate based on a representation of the people since you are going to sort your people into upper and lower categories. Acting on establishing and supporting such categories requires overruling the interests at least of some people, and that mandates that the government is supposed to represent more important interests than that of the individual people.
Fascism is the way to make this work. And controlling all communication and being able to eavesdrop on all of it is part of making fascism work.
It isn’t the same as racial supremacy theories, but it plays hand in hand with them as the main political system category able to support them.
Re: Re: Re: I'll bite
https://ratical.org/ratville/CAH/fasci14chars.html
Political scientist Dr. Lawrence Britt recently wrote an article about fascism (“Fascism Anyone?,” Free Inquiry, Spring 2003, page 20). Studying the fascist regimes of Hitler (Germany), Mussolini (Italy), Franco (Spain), Suharto (Indonesia), and Pinochet (Chile), Dr. Britt found they all had 14 elements in common. He calls these the identifying characteristics of fascism. The excerpt is in accordance with the magazine’s policy.
The 14 characteristics are:
Powerful and Continuing Nationalism
Fascist regimes tend to make constant use of patriotic mottos, slogans, symbols, songs, and other paraphernalia. Flags are seen everywhere, as are flag symbols on clothing and in public displays.
Disdain for the Recognition of Human Rights
Because of fear of enemies and the need for security, the people in fascist regimes are persuaded that human rights can be ignored in certain cases because of “need.” The people tend to look the other way or even approve of torture, summary executions, assassinations, long incarcerations of prisoners, etc.
Identification of Enemies/Scapegoats as a Unifying Cause
The people are rallied into a unifying patriotic frenzy over the need to eliminate a perceived common threat or foe: racial , ethnic or religious minorities; liberals; communists; socialists, terrorists, etc.
Supremacy of the Military
Even when there are widespread domestic problems, the military is given a disproportionate amount of government funding, and the domestic agenda is neglected. Soldiers and military service are glamorized.
Rampant Sexism
The governments of fascist nations tend to be almost exclusively male-dominated. Under fascist regimes, traditional gender roles are made more rigid. Opposition to abortion is high, as is homophobia and anti-gay legislation and national policy.
Controlled Mass Media
Sometimes to media is directly controlled by the government, but in other cases, the media is indirectly controlled by government regulation, or sympathetic media spokespeople and executives. Censorship, especially in war time, is very common.
Obsession with National Security
Fear is used as a motivational tool by the government over the masses.
Religion and Government are Intertwined
Governments in fascist nations tend to use the most common religion in the nation as a tool to manipulate public opinion. Religious rhetoric and terminology is common from government leaders, even when the major tenets of the religion are diametrically opposed to the government’s policies or actions.
Corporate Power is Protected
The industrial and business aristocracy of a fascist nation often are the ones who put the government leaders into power, creating a mutually beneficial business/government relationship and power elite.
Labor Power is Suppressed
Because the organizing power of labor is the only real threat to a fascist government, labor unions are either eliminated entirely, or are severely suppressed .
Disdain for Intellectuals and the Arts
Fascist nations tend to promote and tolerate open hostility to higher education, and academia. It is not uncommon for professors and other academics to be censored or even arrested. Free expression in the arts is openly attacked, and governments often refuse to fund the arts.
Obsession with Crime and Punishment
Under fascist regimes, the police are given almost limitless power to enforce laws. The people are often willing to overlook police abuses and even forego civil liberties in the name of patriotism. There is often a national police force with virtually unlimited power in fascist nations.
Rampant Cronyism and Corruption
Fascist regimes almost always are governed by groups of friends and associates who appoint each other to government positions and use governmental power and authority to protect their friends from accountability. It is not uncommon in fascist regimes for national resources and even treasures to be appropriated or even outright stolen by government leaders.
Fraudulent Elections
Sometimes elections in fascist nations are a complete sham. Other times elections are manipulated by smear campaigns against or even assassination of opposition candidates, use of legislation to control voting numbers or political district boundaries, and manipulation of the media. Fascist nations also typically use their judiciaries to manipulate or control elections.
Re: Re: Re:2 I'll bite
Fourteen out of fourteen – wow we got 100% – wooohooooo! Straight A’s top of the class Oh yeah
Re: Re: Re:2 I'll bite
Lets see….
“Powerful and Continuing Nationalism”
Singling this out to a national level is just dishonesty. This is just “group think” plain an simple. The entire purpose of a political party is this. So if you associate with a party, then you are propagating fascism.
“Disdain for the Recognition of Human Rights”
This is another false flag. Your version of human rights are just different. In one world, human rights is the ability to do anything you want without interference, in another human rights is the idea that other people have to collectively pay for the services you receive like health care, it is not a right to force someone to service you, that is a form of slavery by another name. I have found that universally, NO ONE cares about human rights. There is always an oppressed underclass somewhere no matter where you go and no matter which dogma you subscribe to.
“Identification of Enemies/Scapegoats as a Unifying Cause”
Humanity in a nutshell, everyone does this… no exceptions.
“Supremacy of the Military”
Having power is NOT a fascist ideal exclusively. Like everything else, what you do with that power is what makes you a fascist.
“Rampant Sexism”
Hollywood and Harvey anyone? Sexism just exists and it will never go away, people just want to fuck and they will concoct any games they can to fuck as much as they can get away with. From Misogyny to Misandry… its all there to get an edge.
“Controlled Mass Media”
heh… I know right? Trying to turn places in to echo chambers, silencing/flagging the opposition, calling anything you dislike a troll, fake news… heh heh heh!
“Obsession with National Security”
Gun Control falls under this exact same idea. The people are the nation. Immigration control, calling people and things terrorist and terrorism… its all the same bro… all the same!
“Religion and Government are Intertwined”
Government IS Religion. Whether you worship government or not you are GOING to follow the rules OR ELSE! Kinda like not being a Christian but being told you will have to follow it rules of moral conduct. This is just how government is and will always ever be… Humans telling other humans how society is going to behave. Calling it a religion is just a cheap, though effective distraction to these facts. Does it really matter if the person snuffing out your life or lively-hood is part of a religion? No it does not. You just need to know which group they belong to harming you so you know which group of people to fight. In fact, this one explanation would fit the entire diatribe you got going here.
“Corporate Power is Protected”
Yea, it will always be, this is just how things go when you pair haves with the have nots… and a corporate business just has more haves than most others. In fact, it is the first thing done in all aspects… solidification of power. As a human, the moment you decide to invest your support behind another human to lead, you just copped to supporting this ideal.
“Labor Power is Suppressed”
It always is… always always always. Even Unions wind up suppressing themselves in the end. Just signing a document obligating you to something in exchange for something is a form of this suppression. Most people just happen to be dumb enough to make deals with the devil and to go with the flow.
“Disdain for Intellectuals and the Arts”
Ha ha… I love this.. you mean disdain for the arts and intellectuals you like? Your version of intelligence and art is not the same as another’s. Some people gravitate to fast thinkers, others gravitate to deep thinkers. Some people hate the music you like. I have met more than enough… “this is not real art and can never be art” pseudo intellectuals. The snobbery is epic!
“Obsession with Crime and Punishment”
Have you ever said… there ought to be a law? Thought so.
Some people say meh if someone uses the N word. Others… well they are willing to justify violence in return that word being said. Everyone is obsessed with Crime and Punishment… it is literally the birthplace of Government and Religion. don’t you talk about my momma or I bust you up! it’s just that simple!
“Rampant Cronyism and Corruption”
I am always going to favor those in my group, even look the other way… because it is just more important for me to dismantle YOUR group first. Yea, I have yet to meet another human that didn’t like a little bit of both of these. Would you put your own mother under the guillotine for a transgression you would place another under the guillotine for? Most sings point to…. NO.
“Fraudulent Elections”
Ha ha ha! a clean election… has never happened.
Fascism… a funny name for “human nature” well like all the other “ism’s”. The first sign of a dirty intellectually dishonest human is when they bring up a particular “ism” and promote it over others or trash it over others.
You are humans, and you simply make up reasons to behave the way you do towards others. You even like to put cute little titles and labels on EVERYTHING than turn around and whine when they get placed on you.
Re: Re: Re:3 I'll bite
You must be Gruppenfurher AC.
Love the alt-right view.
Re: Re: Re:4 I'll bite
I am actually independent, but it’s not like you are in the business of peddling any honesty now is there? All you can do is come up with a fancy way of telling everyone else that you little sinking pile of shit does not smell.
The moment that someone likes you gets into power you become huge stinking pile of Drumpf.
Re: Re: Re:5 I'll bite
Pull this finger, it’s plays “Jingle Bells”
Re: Re: Re:6 I'll bite
No thanks, I am already close enough to smell your turd pile… NO need to get any closer.
On a positive note, you could pull the pretzel out of your logic and have a tasty treat while you wait for any other suckers to buy the crap you are peddling. Act fast, before they realize the smell is from you.
Re: Re: Re:7 I'll bite
I love the poorly educated! – Trumplthinskin
Re: Re: Re:8 I'll bite
Nothing wrong with that!
Do you hate the poorly educated? You are one of them after all.
Re: Re: Re:5 I'll bite
“it’s not like you are in the business of peddling any honesty “
You would know
Re: Re: Re:6 I'll bite
Is it not the intention of an upstanding person to identify falsity when discovered?
I am not like you, those whom fall prey to fancy speech that helps affirm their biases and bigotries.
You think you are better than others, I don’t think anyone is better than anyone else.
Re: Re: Re:7 I'll bite
You think you know a lot when you obviously do not.
Re: Re: Re:3 I'll bite
So, let’s see –
Do you think you are more knowledgeable with more experience in the field than the Political scientist Dr. Lawrence Britt?
Your comment implies such, do you have any supporting evidence to suggest this is the case? Otherwise your opinions are unsubstantiated.
Re: Re: Re:4 I'll bite
I hope the following link finds you well fellow human.
http://www.researchforprogress.us/topic/concept/fascism-neofascism/fascism-umberto-eco-slam-dunks-lawrence-britt/
Something tells me that you will not care. I know enough about many things to prevent a persons “supposed” credentials to mislead me. If you need a piece of paper to get through life, here I can scratch something authentic looking for you long enough to sucker you too. It is quite easy to fool people you know.
I need no professional of anything to tell me the truth about how bad and nasty humans can be. I experience it directly here at TD and out in the world abroad.
Do unto others as you would have them do unto you.
-Golden Rule
I understand this rule, Dr. Lawrence Britt… did not from the looks of his writings. He just had time to find a way to call “everyone” a bunch of fascists…. and he may be right.
Re: Re: Re:5 I'll bite
and he may be right you claim … after having tried extensively to say the opposite.
Re: Re: Re:5 I'll bite
Oh boy, it’s Mr. I-Think-You-Like-Regulations-So-I’ll-Bitch-At-You-About-How-Much-I-Think-You-Like-Regulations again.
You say it like nobody else wants a world where you don’t need paper qualifications. You get to live that way, congratulations! You found a bunch of people willing to put up with your constant belittling. That’s not genius, that’s luck of the draw. If you think that somehow merits respect, you’ve been lied to. Your paperless world doesn’t support that either.
And if you follow the Golden Rule, well… I hope you’re smart enough to realize what your belittling is going to get you in return.
Re: Re: Re:2 I'll bite
Team Trump called.
They want their play-book back.
WPA2 security on all operating systems is currently vulnerable to the KRACK attack.
Re: Re:
Linux distros are already distributing patches.
Re: Re:
It’s a client-side flaw.
Re: Re: Re:
The flaw is in the protocol itself… this is not just client-side.
Hand the Keys
What I want to see is everytime someone in the US Govt. brings this up the first response is, “Why do you want to give our encryption keys to the Russians?”
Because if the US gov’t has “lawful” access, then *all* governments will have this power. And you know they’ll use it. Creating this backdoor means unfettered access for all foreign powers that can issue a “lawful warrant.” And a warrant isn’t even needed in Britain – just suspicion of terrorism.
Saw a headline including the (non-)word “cyber”, and I can’t stop facepalming. I’ll read the rest of the post soon.
Re: Re:
You shouldn’t read the rest of the post if “cyber” makes you facepalm, or you’ll flatten your features beyond recognition. In fact, you shouldn’t read any treatise discussing recent U.S. politics.
We don’t accept shitty encryption. Fuck off, spying DOJ and friends.
All the more reason to keep repeating the correct term "backdoor" and emphasize that a deliberately designed backdoor is essentially identical to an accidentally created one (e.g. KRACK) except insofar as the former is easier to find (everybody knows that the backdoor key exists and where to find it) and exploit.
(Ir)responsible encryption:
“Call me irresponsible,
Yes I’m unreliable,
Throw in undependable too!”
But other than that, I’m inscrutable.
Apologies to Sammy Cahn.