Slashdot Mirror
New Jersey Congressman Seeks To Bar NSA Backdoors In Encryption
Frosty P writes "Congressman Rush D. Holt, a New Jersey Democrat, has proposed legislation (summary, full text) that would prohibit the agency from installing 'back doors' into encryption, the electronic scrambling that protects e-mail, online transactions and other communications. Representative Holt, a physicist, said Friday that he believed the NSA was overreaching and could hurt American interests, including the reputations of American companies whose products the agency may have altered or influenced. 'We pay them to spy,' Mr. Holt said. 'But if in the process they degrade the security of the encryption we all use, it's a net national disservice.'"
A law to stop the NSA? Yeah, that oughta do the trick. *rolls eyes*
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
If the NSA can get through a Backdoor, how do you know if a competitor or enemy is not getting in though the same backdoor?
but if you're worrying about the reputation of US companies, you're too late.
Good luck putting your rifle against a drone.
`echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
The fact (if it can ever be concretely proven as such) that the NSA has influenced the encryption algorithms to make them less secure has completely undermined the fundamental trust that was intentionally put in place to allow secure online transactions to occur. Without this trust, much of the value of the Internet is lost. SSL is based on a specific chain of trust from the browser all the way to the Certifying Authority and the entities that allow them to act as such. If this chain is indeed broken as is suspected, then there is a major problem that needs to be fixed.
The problem with a door is that it has no idea who's passing through it.
Not unless it's the Hitchhiker's Guide to the Galaxy, in which case the door will be very happy to have opened for you :-)
Oh and also - you can be damn sure every hostile agent in the world is trying to find out about backdoors in equipment. Espionage, bribery, hacking into design documents, you name it.
A backdoor is insecurity by design.
Getting security right NORMALLY is incredibly hard.
If you've put a *DELIBERATE* backdoor in, forget it. It will be subverted.
Any kit with a backdoor - from whatever source, State sponsered or otherwise - is basically an open door.
Good luck putting your rifle against a drone.
Put it against the head of the drone operator. Far more effective.
Oh riiiight. So that's what encryption is!
“Anything that yesterday’s disclosures add to the ongoing public debate,” it continued, “is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.”
Stories of the sheriff's excesses and abuses was ALSO a roadmap given to robin hood about how he keeps Nottingham safe, as well.
That doesn't make it any less patriotic or correct to hand it over.
Good luck putting your rifle against a drone.
Put it against the head of the drone operator. Far more effective.
The end boss is so weak he'll never let you come close to him.
Isn't it already illegal under the USC Title 18, Section 1030 subsections (a)(2)(A) and (C) , (a)(6)(A)?
To answer my own question, it most certainly would except for this little gem:
USC Title 18, 1030(f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
See they're "lawfully authorized" or so they claim. I would argue that planting back doors in commonly used encryption is fraud and isn't lawfully authorized, but hey, it's the government and who's going to prosecute them? The authority to do so under the law rests with the Secret Service and the Federal Bureau of Investigation and they're as complicit as anybody could possibly be.
The proposed legislation doesn't go far enough. It needs to not only prohibit them from backdooring, undermining, lying to the public about the security of or acting as a man in the middle with regard to encrypted communications and declassify and disclose to the public all such past actions.
It needs to make explicit in law the conditions under which any agency of the government may intercept, record or attempt to decrypt foreign or domestic communications and those conditions need to be very limited in scope: communications of individuals specifically named or otherwise individually identified as having been or suspected of being involved in crimes or conspiracies to violate US law, agents of foreign governments or criminal organizations (including terrorists) and their known or suspected associates and communication devices operated by the same. It should be specifically forbidden to scoop up general communications, with the intent of combing through it later to find bad guys and there should be a time limit on how long communications can be stored at all unless those specific communications are identified to a court as pursuant to a specifically identified investigation.
Unfortunately, we're stuck with a problem of who's watching the watchers unless we want to modify the Constitution to allow State governments to go after Federal officials for issues like this.
For recognizing that too much surveillance can be a doubled edged sword.
The treason of most of the US fed gov is beyond belief. Hell Putin - even with his anti gay bias - looks like he'd be far less the jackass for a US president than Obama.
This is a stupid idea. The 1976 consultation between the NSA and IBM over DES resulted in a stronger DES. The NSA couldn't disclose what it knew about how to easily attack the DES as it was originally proposed, and it took about 8 years for an academic researcher to understand why the original algorithm was actually weaker than the one with the proposed NSA modifications.
They are doing some rather asshole things at the moment (at the behest of the Federal Government - "We were just following orders"), but they tend not to screw with cryptography which is allowed to be on the GSA schedule when embodied in communications equipment for sale to the U.S.Military.
Oh yes, there certainly would be brave presecutors and brave judges who would face down the NSA, just as Edward Snowden has, regardless of the personal cost. But they must have a law to work with.
The greatest threat in the face of evil is complacency. The greatest power of despotism is the ability to induce self-censorship.
Do you recognize evil when it is reading your email?
"He took a duck in the face at 250 knots." -- William Gibson, Pattern Recognition
And keeping guns out of the hands of criminals
And keeping the borders secure
Unfortunately, we're stuck with a problem of who's watching the watchers unless we want to modify the Constitution to allow State governments to go after Federal officials for issues like this.
I think you hit upon how it'd happen: "modify the Constitution". Three-fourths of state legislatures can go after the feds. They can call a convention, propose an amendment, and ratify it.
nice effort.... now what about the rest of the three letter thugs?
When bad guys use encryption to conceal their activities, we need to be able to decrypt it. Crippling the NSA is not the answer. The real problem is oversight. FISA is little more than a rubber stamp for whatever the intelligence services want to do. We need stronger oversight to protect the privacy of law abiding citizens, not a weaker ability to catch bad guys.
A New Jersey congressmen was killed last last night after his car veered off the road. Inspectors at the scene have said that the congressmen had most likely fallen asleep and that no foul play was suspected.
Is he permitted to hold his seat in Congress if he is in Gitmo?
Undetectable Steganography? Yep, there's an app fo
seeing as how the entire Certificate Authority system is already compromised by its structure. Each and every key is a subkey of the Root CA master key. The question then becomes, who has a copy of that master key besides the Root CA?
Web of Trust - completely broken as it does not exist. PGP/GPG and Self Signed/Generated keys are the only solutions currently and for self-signed keys, a site needs to place their Public Key on the front page of their site so it can be downloaded.
Remember the Diginotar Incident? A Certificate Authority that had been compromised? I gave up trusting all Certificates at that time and although it's a PITA at times to add the needed exceptions, I've found that I only have a few more then a dozen certs I have exceptions for. That's on the entire web. Now if we could simply convince Mozilla to move to an Untrusted Model instead. Yes it'll piss people off suddenly getting warnings about certficiates but then it may at least get them thinking about the mess that the x509 certs has become.
Mod me up/Mod me down: I wont frown as I've no crown
The problem with legislating this is that they could easily sneak in a paragraph or subsection either now or in the future that would actually allow the NSA to engage in such activity legally. It also might mean that whilst the NSA cannot do it, what about the DEA or CIA or FBI or NIO? And what if it was done not by the NSA but by the GCHQ acting on behalf of the NSA?
The only way to achieve this would be to make it illegal for any American to knowingly do it or assist (if any way) any other person in doing it.
All we need to do is settle on whether it is better to let 10 guilty men go free then one innocent suffer (William Blackstone) or 100 (Benjamin Franklin).
Right now, we are leaning toward the philosophy of Pol Pot: 'It is better that ten innocent men suffer than one guilty man escape.'
Have gnu, will travel.
The sooner we accept that we don't have a representational government, the sooner we can show even the slightest amount of diligence towards improving our country.
Make it an absolute defence in law to a charge of murder or assault on an employee of the NSA that the NSA was breaching the given clause; the jury in the case to decide whether the defendant had grounds for believing the NSA was guilty.
If you want an example of how getting a reputation for even the potential of embedded backdoors in your products can bite you, recall the ban imposed on Huawei network products by the US and Australia's National Broadcast Network. These revelations about the NSA's activities and US companies who roll over for them will definitely hurt sales of US products. I'll bet there are some marketing campaigns already being mulled over that would say, "Unlike our US competition, we aren't subject to demands from the NSA, and if they ever approach us, we'll tell them where to stick it." At least, that's what I'd be considering if I were a foreign telecom manufacturer.
It isn't murder, if the guy deserved to die. Simple rationalization.
That is the attitude of the cartels and other organized crime. Also psychopaths like Dick Cheney and Manson.
Rationalizations by individuals or small groups of like-minded, isolated individuals operating in secrecy is the very definition of outside the law.
If, as Rep. Holt apparently wishes, the NSA were to stop intercepting and decrypting electronic communication, what exactly is the point of the organization?
Their mission:
Or is Rep. Holt insisting that the NSA not take shortcuts, and instead rely on brute-force decryption to somehow "level the playing field" and improve other country's opinion of us?
Ken
as exposed in windows NT sp6 when they released it without first stripping the debugging symbols. You dont really think they removed it since then do you?
Thanks for your efforts. But please remember that you have other, more effective tools at your disposal. The NSA has shown themselves a master in creative interpretation of law. Any new law will be twisted to their purposes. Then there will be years of appeals in the courts. Before you attempt new laws, you should immediately reassert Congress's most basic and irresistible power: The power to control the purse.
Your first act should be to slash the NSA's budget in half.
It is like working with a mule. First, you have to get their attention. As you slash their budget, explain that many of the NSA's actions have been dishonest. They have created long term problems for the rest of the country. And they have been spending their budget in ways that congress does not approve.
After you slash their budget, ask them to give the complete Congress a full accounting of how they intend to spend their remaining budget. Give them a week.
If they waffle or present an incomplete accounting, then cut their remaining budget in half.
Don't worry about the NSA. They have tens of billions of budget. You can cut their budget in half several times and they will still be able to support their best analysts. Their hardware is cheaper and more powerful than ever before. Even after the cuts, they will be as effective as any time in the past few decades. But, the cuts will remove their ability to dominate entire industries. And they will not be able to use that support to justify their illegal and unethical acts. And that is a good thing.
Above all, don't let the executive branch deter you. Controlling budget is your natural, constitutionally mandated role. Congress has been shirking their duties lately. The Black Budget has been a shameful abrogation of your responsibilities. Controlling the budget of the executive branch is your job. Don't let anybody talk you out of it.
It may take several rounds of budget cuts, but eventually they will come back in line. Then you can use law to guide them.
Mortal danger seems to be the only thing that gets through to those psychopaths, so all dealing with them should involve threats to kill their agency and leave them eating garbage out of a dumpster.
[The Opera Begins]
Pe tra us
In a word and world
Pe trae us
Never once have I seen
A man so convienne
Petraeus ~~~~~~
Pe traeus ~~~~~~~
Obama is a mule
To carry his imperial rule
Pe trae us~~~~
In the dead of the night
There is one to snuff the light
Petraeus ~~~~~~
Pe traeus ~~~~~~~
And in Obama's hour of need
Does O Beiden head
Petraeus ~~~~~
Pe traeus ~~~~~~
[Applause]
Even if a major company has somehow thwarted the will of the mighty NSA, they are still probably using software or tools from a company that has been compromised. And even if they are purely using their own inhouse software, it is entirely likely that they can bend an employee in that company. And even if
they cannot bend an employee in that company, they can probably get someone in through their physical security to mame the system.
Security is like a balloon. You either have a balloon or a piece of rubber with a hole in it. Its not a balloon for more than an instant with a hole in it.
They may have no idea what it means, but if it involves backdoors, it sounds like something that should illegal.
Star Trek transporters are just 3d printers.
Doesn't the DCMA make it illegal to crack encryption no matter how lame and weak it is? So if your message is any type of copyrighted material, and everything is, then by cracking the encryption the NSA is breaking the law.
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
Thank goodness you told us what encryption is. I don't think there's a single person here who had any idea.