Domain: phantomcode.com
Stories and comments across the archive that link to phantomcode.com.
Comments · 7
-
Re:Crybabies
Okay, this is an argument I haven't considered. I think what most people mean by "won't work" is that with the existing tools and suggested methods, there would be nothing stopping someone who wished to use cryptographically secure tools on top of, or beyond the consumer level system. (See http://www.phantomcode.com/com...)
What you suggest is that we would mandate all encryption without government access illegal. Banks and large corporations would get a registration for their crypto/certificates and then just add software to their servers to log/transmit the unencrypted data at government requirement. Other encryption, like iPhone system level encryption, could still be legal (see http://www.phantomcode.com/com...) with access available to government requirement and, otherwise, with no discernible change to the security to the average voter.
Then the government could snoop on streams of data and servers and have just cause to arrest anyone using encryption that isn't authorized and accessible. The result would be that most data streams would be monitored by programs essentially looking for data streams that aren't authorized. It'd be tricky to kill off all the non-US certificates, but a MITM with certs issued by someone like Symantec or Google could do effectively the same thing.
I think this is the ultimate goal of the great firewall of China. They haven't been successful. Yet. I'm not confident they won't be mostly successful in the long run though. I'm not confident the US won't get to the same place eventually.
-
Re:Crybabies
Okay, this is an argument I haven't considered. I think what most people mean by "won't work" is that with the existing tools and suggested methods, there would be nothing stopping someone who wished to use cryptographically secure tools on top of, or beyond the consumer level system. (See http://www.phantomcode.com/com...)
What you suggest is that we would mandate all encryption without government access illegal. Banks and large corporations would get a registration for their crypto/certificates and then just add software to their servers to log/transmit the unencrypted data at government requirement. Other encryption, like iPhone system level encryption, could still be legal (see http://www.phantomcode.com/com...) with access available to government requirement and, otherwise, with no discernible change to the security to the average voter.
Then the government could snoop on streams of data and servers and have just cause to arrest anyone using encryption that isn't authorized and accessible. The result would be that most data streams would be monitored by programs essentially looking for data streams that aren't authorized. It'd be tricky to kill off all the non-US certificates, but a MITM with certs issued by someone like Symantec or Google could do effectively the same thing.
I think this is the ultimate goal of the great firewall of China. They haven't been successful. Yet. I'm not confident they won't be mostly successful in the long run though. I'm not confident the US won't get to the same place eventually.
-
Re:Law Enforcement Backdoors
I think you didn't read the link: The Golden Key Fallacy, because what you argue first is exactly the fallacy I pointed out there. You go on to make the same argument I made immediately below that link: It Wouldn't Accomplish the Goal, namely that encryption exists independently of whatever rules or laws might be made. It looks like you're ignoring the issues I was trying to raise for discussion.
So, first off, it is possible to keep a key secure. Apple has such a key and they've apparently kept it secure (paranoid speculation aside.) To make it absolutely clear, Apple has the ability to make breaking encryption trivial any time they decide to, whether by creating the software update that would do it themselves or by providing that key to someone in law enforcement. You can call that a backdoor or not, but the result is the same: Anytime Apple decides to, they can break your encryption or allow law enforcement to do the same. The only thing that keeps that from happening is Apple's desire to market privacy. (The same goes for Google, Samsung, HTC, LG, etc.)
The bigger issues are that most people don't care and most criminals don't plan that well. You and I, even most
/. readers, understand what encryption is and why protecting it is important. Great. If you ask ten people on the street whether law enforcement should be able to access encrypted data with a warrant, you'll get at least nine people saying they should. The only thing preventing it from happening is that the ten percent who do understand the issue are vocal and have math on their side. If Congress decides they need to be "tough on crime" in order to get re-elected, then you can expect laws mandating phone manufacturers have a way to provide access to encrypted data. Then there is the biggest and most dangerous issue. It will work.The first six months of government mandated decrypt capability will result in hundreds of criminals being successfully prosecuted. Every one of those will be a headline that trumpets the success of the laws. Public opinion will strongly support it. It won't catch smart criminals, but those are rare and won't make headlines when the laws fail. Government will strengthen its hold on the ability to spy on its citizens at will.
To quote my website, since most people won't read it:
When lawmakers consult sympathetic technology and security experts, guess what they'll hear:
* Golden keys are already in place to secure phones
* Golden keys aren't necessary to accomplish the goalThe golden key fallacy hurts our case. Stop using it. We need better arguments. Help me find them.
-
Re:Law Enforcement Backdoors
I think you didn't read the link: The Golden Key Fallacy, because what you argue first is exactly the fallacy I pointed out there. You go on to make the same argument I made immediately below that link: It Wouldn't Accomplish the Goal, namely that encryption exists independently of whatever rules or laws might be made. It looks like you're ignoring the issues I was trying to raise for discussion.
So, first off, it is possible to keep a key secure. Apple has such a key and they've apparently kept it secure (paranoid speculation aside.) To make it absolutely clear, Apple has the ability to make breaking encryption trivial any time they decide to, whether by creating the software update that would do it themselves or by providing that key to someone in law enforcement. You can call that a backdoor or not, but the result is the same: Anytime Apple decides to, they can break your encryption or allow law enforcement to do the same. The only thing that keeps that from happening is Apple's desire to market privacy. (The same goes for Google, Samsung, HTC, LG, etc.)
The bigger issues are that most people don't care and most criminals don't plan that well. You and I, even most
/. readers, understand what encryption is and why protecting it is important. Great. If you ask ten people on the street whether law enforcement should be able to access encrypted data with a warrant, you'll get at least nine people saying they should. The only thing preventing it from happening is that the ten percent who do understand the issue are vocal and have math on their side. If Congress decides they need to be "tough on crime" in order to get re-elected, then you can expect laws mandating phone manufacturers have a way to provide access to encrypted data. Then there is the biggest and most dangerous issue. It will work.The first six months of government mandated decrypt capability will result in hundreds of criminals being successfully prosecuted. Every one of those will be a headline that trumpets the success of the laws. Public opinion will strongly support it. It won't catch smart criminals, but those are rare and won't make headlines when the laws fail. Government will strengthen its hold on the ability to spy on its citizens at will.
To quote my website, since most people won't read it:
When lawmakers consult sympathetic technology and security experts, guess what they'll hear:
* Golden keys are already in place to secure phones
* Golden keys aren't necessary to accomplish the goalThe golden key fallacy hurts our case. Stop using it. We need better arguments. Help me find them.
-
Re:Law Enforcement Backdoors
My initial reaction is also one of outrage and frustration. I started to formulate a response to express that when I realized that most of the other commenters would be doing the same.
(Does it need to be said? Does it need be said now? Does it need to be said by me?) I answered "no" to the last one.
Having read through the comments, it appears to me that there are zero supporters of mandating government access to encrypted files. I haven't seen anything new added to the discussion either, which makes this whole comment section less useful than a poll. Lets change that. You're a writer, an effective communicator, someone who can think through alternate possibilities. I'd like you to tell me why giving government access to encrypted files, with a warrant, is bad IF it doesn't involve a back door. (I've written about this before. You'll read my arguments against access there but I'm looking for new and better ones.)
Justice is important to our society and we should be outraged when it isn't served. Sometimes that means that it is necessary to invade the security or privacy of someone who has committed a criminal act. That's what warrants are for. Abuses can happen, and we should be outraged when they do, but addressing those abuses when they happen is the correct response. It isn't good for society to instead decide to prevent law enforcement from being able to do their jobs.
-
Re:Which tablets?
I hope that it becomes reasonably simple to add a signed GPL system to computers using the Secure Boot system. For now I haven't seen much to give me confidence, so I'm looking for workarounds. What puzzles me is that I haven't seen anybody discussing booting Grub using the Windows boot configuration data store (BCDEdit.) That's what I do now. My computer boots to the Windows boot loader which I modified from Windows to load the IPL for Grub. Grub then takes over and boots Linux. It isn't even hard to set up, though you do have to be able to get an installation of Linux onto the machine. My notes aren't great but are enough to get the technique if you are interested.
Won't that still work? I see notes that BCD is still in use with Win8, but haven't tested it. Anybody know for sure?
The other workaround that occurs to me is to use MS Hyper-V 2012. I think that it should be a supported bootable system, but once booted, you could run Linux as the only VM and it should be really, really close to a native install. I haven't tried this (yet) but would be interested to hear if anybody is doing this already.
-
Re:The People ResponsibleI'm with you and even wrote a short note on it for a school project back in the day. (See it here.)
In a nutshell, Apple did a lot of work and only then made money with something Xerox couldn't figure out how to make commercially viable. It would be more reasonable to say Xerox (PARC) inspired Apple.