IIRC, the National Institute of Standards and Technology (NIST) was found to have purposely compromised encryption technology by producing a poor random number generator used in some encryption products. Once that was corrected I'm guessing various commercial encryption methods improved immensely.
Perhaps a bit off topic but the push by some government three letter agency leaders and politicians for back doors to encryption probably won't stop the use of secure encryption. Should this be required and implemented then immediately cracked it would be interesting to see the response of those pushing this when their most private correspondence is published including financial records, hotel bills, notes to girlfriends or boyfriends, etc.
It'll be interesting how the anti-privacy hawks will feel if they get their way regarding the installation of back doors in hardware and software and their most private and secret information is made available for all to read. For sure as soon as the back doors are installed they will be hacked and there will be no data privacy for anyone unless stored completely off the Internet. Then again, there may be some advantages. Government may become very transparent!
There's a pretty big building that I passed that houses ISS. Hmm... I wondered if they needed to change their name. I think it stands for Intelligent Software Solutions. And then there's the International Space Station, and there's a company that makes fluorescence equipment. And there are Chase bank branches all over town and I wonder if ISS employees have problems with their banking there. Oh, hum...
All signals, like messages, are encrypted over an HTTPS connection with 128-bit encryption, using TLS 1.2. The connection is encrypted and authenticated using AES_128_GCM. The key exchange mechanism is ECDHE_ECDSA.
Audio and video
To improve audio and video quality, Hangouts calls use a direct peer-to-peer connection when possible, instead of routing through a server.
Audio and video in Hangouts are encrypted using SRTP. Video is AES_CM_128_HMAC_SHA1_80, and audio is AES_CM_128_HMAC_SHA1_32 (128-bit AES encryption and SHA-1 HMAC for authentication).
When you dial a phone number from a Hangout, audio is encrypted until it reaches the carrier network. But telephone carriers are responsible for the audio within carrier networks
I'm not a security expert, but it seems messages using Hangouts are end-to-end encrypted over Wi-Fi and possibly over cell networks. I believe that's also the case for Gmail as messages are stored encrypted on Google's servers. Whether decryption of these Google products messages can be done by others, I don't know. Others should comment.
The possibility of detecting members of a connected web of terrorists by just knowing their messaging connections should one or more persons in the terrorist web is a known terrorist is a fascinating possibility. This suggests the authorities need to leave at least one known terrorist at large for awhile to complete the web while keeping an eye on the connected individuals. Burner phones may be a problem in this scenario, though.
The USA is one of the only places, maybe the only place, where free speech is enshrined in the a founding document. The UK does not have such a commitment as far as I know. Even then, there are limits to free speech in the USA - you can't yell, "Fire!" in a theater when there is no fire to start a riot of escape. Threatening someone with violence or other threats is not allowed and can put one in jail, too.
It seems the conventional wisdom has been that no one, not even Apple, could break into one of their phone's encrypted data. I guess that's not the case. It may be Apple can't guarantee such a level of security and this knowledge will one of the most important results of this episode. Perhaps the best way to prevent anyone getting at your data is to physically destroy the phone with an industrial strength shredder and/or a high temperature blow torch focused on its parts.
I admitted I was somewhat ignorant of what Apple could do and what folks who bought iPhones thought Apple or anyone else could not do, that is get at the decrypted data in the phone. According to Mike Masnick's post above even new phones can be hacked without destroying the data or the encryption key. Updating the phone's OS does not harm the data or or the encryption key if done properly. Apple can do this and apparently has done this at least 70 times for law enforcement.
My interest is to stimulate discussion. I haven't heard whether Apple ever claimed the encrypted data and its decryption key could be obtained. It looks like it can regardless of what iPhone owners thought.
I'm not an iPhone user and pretty ignorant about what's going on here with regard to Apple's ability to undo the encryption on it's phones, old or new, but my guess is that a vary high percentage (>>99% ?) of iPhone purchasers believed that no one, not even Apple, could gain access to the encrypted data on an iPhone that was properly secured. I'm not sure Apple ever said that but it seems to be the conventional wisdom. It's also possible that a lot of folks didn't care, but for knowledgeable people who use their iPhones for things that ordinary, law abiding folks do, such as banking, retail purchases at brick and mortar stores, etc., such security was very, very important. Apple needs to match perception or admit it can't be done.
TV sets have basically become video monitors with multiple inputs - cable/satellite boxes, Blu-ray players, Chromecasts, Rokus, gaming consoles, computers, etc. The only real requirement is they contain an over the air broadcast tuner. I don't even know why they need to have "smartness" built in and from my experience the smart TV UI is horrible. If the built in cable box were to die or need hardware upgrade to get the latest video experience, you'd probably have to throw the whole thing away or get a new attachment anyway. Keep the TV as a video monitor and let folks buy the attachments they want.
"covering a license plate with anything is illegal."
Is it illegal to drive in a snow storm?
In Colorado, it's illegal to drive in a snowstorm if you don't have the right kind of tires or traction gear (chains). If drivers block traffic or skid off the road and don't have the proper traction the fine is something like $600 or more. Commercial vehicles must carry chains, whether it's snowing or not, from something like Oct. 1 to May 31. The fine there is $1,000. Accidents have decreased greatly since this law was enforced.
Didn't I read somewhere that Google's connected thermostat update drained the battery and prevented access. The result was that there was the possibility of a cold house and maybe frozen water pipes. Bad for folks who went to a warm place to get away from those Northern Minnesota temperatures and couldn't use their cell phones to warm up their houses.
I read that the recent Paris terrorists used unencrypted phone communictions which were obtained by the authorities but it was never recognized for what it was. Just because it's readily available doesn't mean it'll be read and even then any action taken. One of the problems with all the enormous amount of information collected there's just too much to analyze. When one collects billions and billions of phone calls, emails, SMSs, MMSs, etc., finding the 10 or 100 that might be significant is almost impossible. There's information overload. Then again, the San Bernardino terrorists apparently never communicated about what they were intending using technology. My guess is that in the future terrorists will not use discoverable communication methods.
I'm not sure Bernie Madoff would be considered a terrorist but it is estimated his "clients" lost ~$18 billion over many years starting in 1970. His activities were in the open and the financial regulators didn't find out until ~2008. If someone can hide their nefarious activities in one of the most highly regulated industries in the world, why can't violent terrorists do the same despite the intense surveillance by all these three letter agencies?
Looking at everything isn't going to work. Perhaps an implication of the quotation above from the NY state constitution and the US Constitution about probable cause and the sanctity of personal documents suggests a very narrow, focused search for the bad guys. It might even require spies infiltrating organizations before getting proper search warrants. It might even cost less than what's being done now.
This is too monumentally stupid to have any hope. People should really be upset at the waste of time and effort on the part of the senator and his aides. They should spend their resources on issues that matter.
Remember: we get the kind and quality of government we elect.
I wonder if Google, Netflix and others could show up T-Mobile by noticing that they are streaming to T-Mobile and display a popup noting something like:
"You are using T-Mobile to view our video stream and the quality of the stream is degraded to the point that your experience will be unacceptable. Since we wish you to have a great experience viewing our video we will stop the stream. Contact T-Mobile to fix the situation."
On the other hand, these streaming companies make money when one views their product they may not care about the quality of your experience. That is, unless, of course, you stop watching or cancel a paid subscription.
As Tim suggests, nothing in the bill would prevent the purchaser from providing encryption software. I'm not sure if the encryption software could be provided by the phone's manufacturer or an independent company set up by the manufacturer. Apple could set up Baldwin,Inc. or Granny Smith, Inc. Google - or is it Alphabet - could have a company called Green Robot, Inc. The 5th avenue Apple store might end up in New Jersey as well. Think of the sales tax losses. And, what about mail order purchases?
Folks interested in the German publishers' valuable information can pay the publishers directly for it. Cut out Google out of the middle. Then they will find out how valuable it is to folks. If it's really worth much to the audience the publishers will make a pile of money.