Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

An anonymous reader sends this quote from TechDirt: As a string of whistle blowers like former AT&T employee Mark Klein have made clear abundantly clear, the line purportedly separating intelligence operations from the nation's incumbent phone companies was all-but obliterated long ago. As such, it's relatively amusing to see Verizon announce this week that the company is offering up a new encrypted wireless voice service named Voice Cypher. Voice Cypher, Verizon states, offers "end-to-end" encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app made by Cellcrypt.

Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.

Depends...

[TWX]

...on which 'end' they're backdooring you in apparently.

Re: Depends...

Yeah okay Hitler, whatever you say.

Re:Depends...

[schnell]

Nobody is being "backdoored" here except as required by law. The linked story summary is a troll for mentioning the NSA - it has nothing to do with them, but either the writer doesn't know what they're talking about or they just figured that would get more clicks.

Telecom providers are required to make sure that any voice service they sell is compliant with CALEA. There is no direct CALEA equivalent today for data services, interestingly - this is how far behind the times the Feds can be. And yes everything in LTE is data but for the purposes of the law, anything where you are talking - for example VoIP - is considered a voice service.

CALEA basically means that if you (the telecom) get a wiretap order - signed by a judge - from a law enforcement agency, you need to wiretap and record that user's calls for the specified time period, decrypt them if necessary, and then turn them over to the law enforcement agency. Verizon had to make this service CALEA compliant, or they couldn't have offered it. And remember that CALEA is not about mass wireless surveillance a la NSA but is actually about targeted recordings of specific individuals where there is probable cause enough to get a judge to sign off on the wiretap order. Very different things. You can dislike CALEA but you can't blame Verizon for putting in some magical backdoor - that has absolutely zero to do with the NSA - which they are required by law to have.

However for the privacy-minded it should be noted that the way things work, CALEA only applies to telecom providers. If you bought the same software from a non-telecom source (e.g. the software OEM themselves) and put it on your phone, then CALEA won't help law enforcement because Verizon wouldn't have the key to decrypt your calls with and could only turn over the encrypted stream. So if you are worried about being wiretapped by the police, don't buy your encryption service from your phone company.

Re:Depends...

[Kvathe]

From TFA:

"...the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law."

Re:Depends...

Well then YOU didn't read the story properly. If the the Telecom provider doesn't by design build in a back door they don't have to adhere to the law as you describe.

Re:Depends...

Unless they go farther like AT&T and build in a backROOM.

Re:Depends...

[Livius]

Nobody is being "backdoored" here except as required by law.

An unconstitutional law is actually not a law at all.

Re:Depends...

[jacobsm]

With no anal lube either.

Re:Depends...

[jeffmeden]

My kingdom for a modpoint! This whole submission is a troll right down to the last line, "Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world." Thinking that a large, federally regulated business is going to push a system without a central keystore (what they meant to jab at instead of the "end-to-end" nature) is laughable. Trying to make Verizon out as the bad guy over this is just taking away time that could be spent making them out as the bad guy over legitimate moral shortcomings. But, trolls will be trolls.

Re:Depends...

[fyngyrz]

Further, the presumption that because it falls under the umbrella of law, it is somehow made "ok", is utter nonsense from word one.

Re:Depends...

[jeffmeden]

From TFA:

"...the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law."

TFA is a plain ol' troll. CALEA indeed requires any switching systems used for voice traffic (land lines and cell phones) to allow for electronic eavesdropping of all calls going through them. The only caveat is that replacing/upgrading every switching system is completely impractical, even in decades-long time frames, so the FCC has been granting extensions for non-compliance. If Verizon went to the FCC saying that they were going to put software in that started to roll back CALEA compliance from any call that happened to be made using a pair of their cellphones running their provided encryption software, they would have thrown the book at them. New systems *do* have to be CALEA compliant.

Re:Depends...

[schnell]

An unconstitutional law is actually not a law at all.

What's unconstitutional about CALEA? It requires police to show probable cause and have a judge sign off on a request, just as if it were a warrant for arrest or any other search and seizure of personal records. Whether it does so in practice is a different question, but in theory the law itself is at least designed to be fully compatible with the Fourth Amendment.

NSA warrantless wiretapping? Almost certainly unconstitutional, by any reading other than Dick Cheney's. CALEA? Probably not so much.

And BTW an unconstitutional law is still a law. Not sure where you learned your legal theory. A law that's unconstitutional should in theory be overturned by the courts so that it's not a law anymore - that's how "checks and balances" work - but until such time, it is most definitely a law and entirely enforceable!

Re:Depends...

You can dislike CALEA but you can't blame Verizon for putting in some magical backdoor - that has absolutely zero to do with the NSA - which they are required by law to have.

Who is blaming Verizon for the backdoor? I'm blaming Verizon for having the gall to still call it "end-to-end" encryption.

Re:Depends...

[sjames]

But they DIDN'T have to falsely advertise it as end-to-end encryption when it clearly is not.

Re:Depends...

[sjames]

I would say that advertising the 'service' as end to end when it isn't even legal for it to actually be end to end is a legitimate moral shortcoming.

Re:Depends...

[Cramer]

While CALEA doesn't explicitly include data services, any ISP (telco, whatever) does have to provide a tap when presented an order to do so. It's nowhere near the regimented and streamlined process -- and protocol -- spelled out in CALEA. ('tho they'd like it to be.)

If it's really end-to-end -- meaning the two phones are doing the crypto, then all that's passing through the telco (any telco) network is gibberish. What makes it decryptable from a capture is the company that made the software providing that ability.

The BS "market it to the gubment" is entirely that: Bull Shit. The US Government has very detailed, lengthly, and thorough processes for approving any cryptographic technologies. The fact that it's an "app" all but certainly bins it. The fact that a 3rd party (verizon, the authors, china...) can intercept and decode the traffic disqualifies it immediately.

Re:Depends...

Fine, they can have a backdoor in there. Just make sure they have to have a warrant first. No warrant, no snooping.

Re:Depends...

[Opportunist]

Just out of curiosity, how do you identify voice data when it's encrypted?

Re:Depends...

[Opportunist]

Any law has to be tested and evaluated. Never follow any laws blindly for this is what makes dictatorships possible in the first place. And don't think "I was just following orders" will eventually save you.

Laws must not be an excuse to do what simply is not right.

Re:Depends...

[gweihir]

As this is called "end-to-end" encryption, any intentionally-created possibility to eavesdrop is a "backdoor", as it represents an "attack". That such practices may be legal in some broken legislations does not change their nature.

Re:Depends...

[bickerdyke]

Telecom providers are required to make sure that any voice service they sell is compliant with CALEA

In that case, CALEA would effectively render end-to-end encryption illegal. So, IMHO, they should be hunted down by lawyers for either not complying with CELEA or for not offering what they advertise.

And remember that CALEA is not about mass wireless surveillance a la NSA but is actually about targeted recordings of specific individuals where there is probable cause enough to get a judge to sign off on the wiretap order. Very different things.

Indeed. But there's nothing that keeps the NSA from using the same interface, too. either by serving wiretap orders themselfs (decorated with a nice gag order) or by targetting the CELEA equipment.

Re:Depends...

[Wootery]

Well, there is end-to-end crypto, technically speaking. They're 'just' deliberately misleading the customer as to its utility.

Re:Depends...

[jhantin]

Traffic analysis. You don't have to decipher anything to surmise that the same size packet exactly every 20ms in both directions is a voice call.

Re:Depends...

[kbg]

I don't have anything against law enforcement having the ability through the court system to wire tap. What I am against is when phone companies pretend that this doesn't exists. So this is not "end-to-end" encryption, it should be called "end-to-end except as required by law" encryption

Re:Depends...

" New systems *do* have to be CALEA compliant."

And I am sure Verizon will tell you this when they sell you the service. The fact that it might be required doesn't change the fact Verizon will happily profit by selling out their customers. At the end of the day, Verizon is still one of the most corrupt bunch of scumbags I've ever dealt with, and if it was a choice between them and nothing, I'd choose nothing.

Re: Depends...

Not a troll. They advertise it as end to end and it is not.

Re:Depends...

They would not have been breaking the law because they wouldn't be allowed to use it. Do you not understand the concept of requirement? Ooops I made no provisions for your requirement does not absolve you from compliance.

Re:Depends...

[codewarren]

This has never been about whether the current U.S. government is trustworthy, but whether the future U.S. government is, and no one can ensure that. Would you trust promises from the Chinese government to always get warrants, or trust the quality of the warrants if they did? Governments are made from people and the people change. You may trust the U.S. government now, but you should not trust the U.S. government of the future further than necessary.

Re:Depends...

[jeffmeden]

I would say that advertising the 'service' as end to end when it isn't even legal for it to actually be end to end is a legitimate moral shortcoming.

The term "end-to-end crypto" says nothing about who else might have the crypto key. Just blindly assuming that no one in the middle has it, it is a real shortcoming. The only way for a system like you are imaging (where only the caller and receiver have the key) to even work is for you to somehow establish a trusted key with every person you call, on the fly. How do you know no one is in the middle, ready to intercept the key before the first call? The only reason SSL/TLS is reliable is that there is a huge infrastructure of trusted root certificates to validate against (and you have to trust that third party who holds those certs). Guess what they are going to do for encrypted phone calls? The exact same thing.

Knowing that you are talking to who you say you are, and that no one outside of the org you *already* trusted to generate the software and the keys, is the only real assurance. Choosing the right provider of that infrastructure is obviously important. Given that Verizon is a huge, federally regulated company, do you really think anything passing through their hands is going to be immune from law enforcement attempts at seizure? No company at that level, moral or immoral, is going to be immune to state pressure. You should know that by now.

Re:Depends...

[dgatwood]

The term "end-to-end crypto" says nothing about who else might have the crypto key. Just blindly assuming that no one in the middle has it, it is a real shortcoming.

If anyone else has the key, then the system is pretty much useless. Cell networks already use encryption between your handset and the towers (which gets stronger periodically as folks crack the existing protocols), and the wires are only tappable by the government, realistically, which means Verizon's end-to-end encryption offers you exactly zero advantage over the encryption that you would otherwise be using without paying for it.

Re:Depends...

Let me clarify your statement, "telecommunications carrier" new systems *do* have to be CALEA compliant.

A partnership with http://zfoneproject.com/ would be completely legal.

Do not trust US-based communication company services. US-based communication companies are useful as a dumb Internet pipe when free Wi-Fi (or other alternative) is unavailable.

47 USC 1002 @ http://www.law.cornell.edu/uscode/text/47/1002

Re:Depends...

[mwvdlee]

Nobody is being "backdoored" here except as required by law

That may be what they intended.
But when it comes to security, adding a backdoor for one means adding an unpatchable gaping security hole for the entire world.
Either nobody can spy or everybody can spy.

Re:Depends...

[Archangel+Michael]

From what little I know, the NSA doesn't actually spy on US citizens en mass. Instead, it has contracted other extra-national agencies to do it, specifically to get around the letter of the law. These are quid pro quo arraignments with agencies like Britain's MI6. We monitor them, they monitor us, and we exchange data.

So technically, they don't spy on us, but the result is the same.

Re:Depends...

[sjames]

Agreed, to actually be sure, the software needs to be at least verified by someone you trust. It would not be wise for that someone to be a telco. However, end-to-end has a specific meaning and Verizon's service isn't it.

As for the keys, you can identify the party through conversation. If you've never met, you would need a trusted introducer in a 3 way call to verify each of you to the other. Then transmit public keys around and read back the key fingerprints. In other words, use the PGP/GPG web of trust rather than a central authority.

From then on, you have the keys stored and so you can skip that part.

I do know very well that the company is not at all immune to government pressure. I never anywhere suggested otherwise. I suggested that claiming a thing that is untrue and legally cannot be true is immoral. A moral company simply wouldn't claim to offer end to end encryption.

Re:Depends...

[Opportunist]

or the average contemporary game talking to its "always on" server, encrypted to avoid cracks. Or the average MMO communicating with its server, encrypted to make botting harder. Or maybe games isn't interesting enough, how about an encrypted VPN connection tunneling a Windows/XWindow session?

Voice is by no stretch the only real time dependent form of communication.

Re:Depends...

Oh, and the gubmint or corporations NEVER do things they aren't supposed to.

smoke some more

Re:Depends...

[aaaa1111111111111]

recordset fields\

Re:Depends...

[jhantin]

Didn't say it was. It's the pattern of usage, though, not any real time constraints. Server-based games tend to be receive-heavy rather than symmetric; they're sending the user's actions but updating the entire environment around the user. Always on DRM is basically periodic license re-validation, relatively low frequency. UI remoting is again going to be extremely receive-heavy; keystrokes and coordinates take up much less space than graphics pushes.

You might have difficulty distinguishing one voice app from another within an encrypted tunnel, though.

Re:Depends...

[mgcarley]

Except that SSL/TLS is no longer reliable and has not been for some time as reported by previous Slashdot stories -- it seems to be the consensus that some of the "trusted" root certificates/CAs are compromised by some entity (governmental or not) or another.

If other stories are to be believed, SSL etc is just another smokescreen and the only trustworthy certificates are (presumably) the of the self-signed variety (assuming you trust the signing party in the first place) - perhaps a touch of irony, but the kind of SSL certificate that will cause your browser to go "EEEEK! THIS MIGHT NOT BE SO GREAT" are *probably* *in some cases* *maybe* more secure than a regular certificate.

Actually, not free of charge

The service would've only been $40/month without the backdoor.

Re: Actually, not free of charge

Why wouldn't you just install Signal?

It's free, open-source, and the team is headed by someone respected in the security industry. (Moxie)

Better yet, with TextSecure integration into Signal -- coming soon to IOS (beta) already available for Android as standalone app -- one's text messages are also protected.

computer with a phone add-on

[roman_mir]

People are running around with computers in their hands, the phone is now nothing but an add-on feature, as such we should be able to have a real p2p encrypted channel with communications over it, so for people with data plans this shouldn't be a problem. I am more interested seeing if we can have a system that uses voice to send encrypted data over it...

Re:computer with a phone add-on

Perhaps if we could figure out some way to "modulate" encrypted digital data into sounds, and then "demodulate" the sounds into data on the other end, we might have something on our hands.

Re:computer with a phone add-on

I am more interested seeing if we can have a system that uses voice to send encrypted data over it...

Like in Transformers? The NSA will just hire a hot girl and black guy to crack it.

Re:computer with a phone add-on

[bytestorm]

Seems like there is some research out there about this sort of thing already, found this in one try: Digital Communication over Speech Compressed Channel (Sverrisson 2008). I think the main problem would be that the baseband processor generally has direct control of the microphone, so you'd have to do some trickery, or use a phone where this simply isn't true.

Re: computer with a phone add-on

Whoosh
NO CARRIER

Re:computer with a phone add-on

"Perhaps if we could figure out some way to "modulate" encrypted digital data into sounds, and then "demodulate" the sounds into data on the other end, we might have something on our hands."

if only we had a human language which very few people are capable of learning, and used that instead -- wait that's security through obscurity and putting a few natives on every ship to do this would mean only the government could use it...

Re:computer with a phone add-on

[Lumpy]

So write the software. Nobody is stopping you.

Re:computer with a phone add-on

ATH

Re:computer with a phone add-on

[coofercat]

Redphone: https://whispersystems.org/ Not P2P, but beats this offering.

Re:computer with a phone add-on

[DarkOx]

You right, the obvious solution is just have the handsets negotiate. There is absolutely no "good" reason call setup between two cellular handsets should not feature some kind of certificate validation step between the end points followed by the exchange of uniquely per call generated symmetric key exchanged securely using the same PKI used to validate the certificate authenticity. Essentially SSL for phone calls.

People could use third party CAs like they do for the web today for most callers. Phone software should be easily configured to ONLY accept previously installed self signed certificates for certain subjects. IE if a call wants to identify itself as being from cousin bob's cellphone it will be rejected unless it its signed with the public key Bob previously gave me; even if the cert has a valid their part signature and is otherwise valid. Users could easily exchange keys in person using bluetooth + pin etc.

This would allow LEAs to eavesdrop by MTIMing calls between say an individual and a financial institution. With a warrant the third party CA the financial uses could be compelled to provide the LEA with valid cert for that subject hopefully with a expiry of only a few days. Of course techniques like cert pinning could be used to detect this by individuals. It would leave LEA's with no easy avenue to eavesdrop on calls between Bob and myself. I think this is a reasonable compromise.

On the other hand it still does nothing to address the mass surveillance concern. It will still be easy for instance for an LEA to obtain call records from the phone company. They won't have the content and won't be able to get at it, but they absolutely can know when, how long, and how often Bob and I spoke. They can also know who else Bob and I called. We know that this information is very revealing, its been used very effectively to identify relationships. Its less clear it violates the 4th than accessing the content. I don't like it but it might be again part of an acceptable compromise.

This should be free

[Karmashock]

Aren't our calls supposed to be encrypted anyway? I mean, so some jack ass with a radio can't listen to them? So what are they charging me for here?

Sounds like a reasonable product for the government.

For the consumer though, you have to ask yourself what you're actually getting with this? Doesn't appear to be anything. After all, the only people that could normally break into your communications would be the government anyway.

Re:This should be free

[khellendros1984]

I know that for most GSM calls, there are a few stream ciphers in common use, and most or all of them can be cracked in realtime. That just covers the connection between your phone and a cell tower, anyhow. It's meant to protect you from eavesdropping, and not much more.

Re:This should be free

[dunkindave]

Aren't our calls supposed to be encrypted anyway? I mean, so some jack ass with a radio can't listen to them?

Cellular communications are encrypted between the handset and the tower to prevent the radio buff from listening in. How effective that encryption is is up for debate. This means any end-to-end encryption would actually be double encrypting the data as it passed between handsets and towers, once for the cellular signal, and once for the end-to-end system.

Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.

Also I believe the summary is misleading. This probably is an end-to-end encryption system, meaning the call is encrypted at one handset and the encrypted data travels to the other handset before being decrypted for the purpose of the call. If there is a backdoor that compromises the encryption key, that doesn't change that the system is end-to-end encrypted, just that a snooper would be able to decrypt the traffic.

Re:This should be free

[Karmashock]

Frankly, in the long term I see us going to peer to peer VOIP in any case. Everything in between doesn't need to encrypt or know my encryption keys. All it needs to know is how to route my data stream to my target.

As it stands, if I want to make a secure call, I can already do it... for free. There are lots of VOIP programs that do it. The only issue is interlocking the VOIP systems with the old phone networks. And again, you can do that in your own home without a lot of trouble.

Re:This should be free

[Karmashock]

if the keys aren't private then it is hard to claim the encryption is worth anything..

Re:This should be free

[jeffmeden]

if the keys aren't private then it is hard to claim the encryption is worth anything..

So all the SSL keys that have been generated by the root CAs aren't "worth anything", because the issuer has a copy of the private key? Seems like a funny system we spend billions of dollars on every year...

Re:This should be free

[blueg3]

The issuer generally doesn't have a copy of your private key. You make a public-private keypair, put the public key into a certificate request, send the request to a CA, and the CA generates a signed certificate from it that includes the public key. The private key is not seen by the CA at any point.

You of course *could* have the CA generate both parts and then send you both the public and private key, but that's not nearly as good a solution and is much less common. Most of the CAs I've seen that provide "easy to use" interfaces generate the keypair in the Web browser so that the private key doesn't have to be transmitted.

Re:This should be free

[Karmashock]

We've been watching the evidence of their issues for several years now as one holder of CA licenses after another gets compromised and fucks everyone over in the process.

Only two entities should have the keys. The source and the destination. And there is even an argument for having more tightly regimented systems then that.

What you're basically saying is "are you implying that our widely used encryption systems are bad!?"

Yes... they're trash. I thought everyone here already knew that.

Re:This should be free

Just like selling a line of safes that all have the same combination would still be selling a safe, it would just be unfit for the purposes a reasonable person would assume they were intended for.

Re:This should be free

Only two entities should have the keys. The source and the destination.

Because key distribution and management is so easy.

What you're basically saying is "are you implying that our widely used encryption systems are bad!?"

Yes... they're trash. I thought everyone here already knew that.

Well that certainly illustrates how much you know about the matter.

Re:This should be free

[Opportunist]

You might want to enlighten us what system you would present to replace CAs. It should at the very least solve this problem: How do I verify the identity of the other end?

Re:This should be free

It *is* free. As has been stated in a comment here, it's spelled Signal. You just have to do some diligence, but hey -- how lazy are we becoming? L'd expect the slashcrowd to be willing to tinker!

Spread the word. Help others.

Re:This should be free

[Karmashock]

As to key distribution and management, yes it is easy actually. It simply requires that the source and destination are not idiots.

Managing a security system amongst idiots is in practical terms impossible. People that are not idiots have to be in control of it. And if the source and destination are clueless then an educated third party has to manage it.

However, assuming neither source nor destination are clueless... it can be done easily. And it is done all the time by those that aren't clueless.

Re:This should be free

[cbhacking]

Well said. More info, for the curious: http://en.wikipedia.org/wiki/C...

A lot of people don't even realize that web browsers have the ability to generate key-pairs of which only the public portion is ever sent to a CA or anybody else. It's actually a fairly sane system. If you need to export the private key (for example, to copy it from your PC to your phone, or to back it up) then you have to do so through the web browser or through whatever keystore it uses (Windows, for example, has a built in one you can access through certmgr.msc, though Mozilla products use their own store instead of the system-wide one).

Re:This should be free

>How effective that encryption is is up for debate.

No, it is not.

Abstract. In this paper we present a very practical ciphertext-only cryptanalysis of GSM (Global System for Mobile communications) encrypted communication, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use “unbreakable” ciphers. We first describe a ciphertext-only attack on A5/2 that requires a few dozen milliseconds of encrypted off-the-air cellular conversation and finds the correct key in less than a second on a personal computer. We extend this attack to a (more complex) ciphertext-only attack on A5/1. We then describe new (active) attacks on the protocols of networks that use A5/1, A5/3, or even GPRS (General Packet Radio Service). These attacks exploit flaws in the GSM protocols, and they work whenever the mobile phone supports a weak cipher such as A5/2. We emphasize that these attacks are on the protocols, and are thus applicable whenever the cellular phone supports a weak cipher, for example, they are also applicable for attacking A5/3 networks using the cryptanalysis of A5/1. Unlike previous attacks on GSM that require unrealistic information, like long known-plaintext periods, our attacks are very practical and do not require any knowledge of the content of the conversation. Furthermore, we describe how to fortify the attacks to withstand reception errors. As a result, our attacks allow attackers to tap conversations and decrypt them either in real-time, or at any later time. We present several attack scenarios such as call hijacking, altering of data messages and call theft.

Re:This should be free

[the_B0fh]

You do not understand what "end-to-end encryption" means. The end isn't where ever you feel an "end" is. It's the other end that you are communicating with. That's why it's called "end-to-end" and not "end-to-middle" or "end-to-system" or any other variations.

Re:This should be free

[ArsenneLupin]

And if the source and destination are clueless then an educated third party has to manage it.

... an educated and trustworthy third party. And that's where it becomes difficult...

Re:This should be free

[Karmashock]

No third party is ultimately trustworthy.

Re:This should be free

[dunkindave]

You do not understand what "end-to-end encryption" means. The end isn't where ever you feel an "end" is. It's the other end that you are communicating with. That's why it's called "end-to-end" and not "end-to-middle" or "end-to-system" or any other variations.

How did this get modded up? The "ends" are the handsets. As I said "the call is encrypted at one handset and the encrypted data travels to the other handset before being decrypted for the purpose of the call". One handset encrypts it and the other decrypts it. The encrypted data is sent from one handset to the other with the transport system as designed not decrypting the data anywhere in the middle. That is the definition of end-to-end encryption. The only way to push the endpoints further out, assuming the handset is treated as a single unit, would be for your ears or brain to do the encrypting/decrypting. If the system does the encrypting in an insecure manner, due to bugs or due to backdoor, that doesn't change where the transport system encryption and decryption occur and therefore doesn't change that the encryption is "end-to-end encryption". What part of that do YOU not understand?

Re:This should be free

[david_thornley]

The key management is pretty much as you've stated: the website I connect to has a public key and only they know their private key. To allow them to talk to me, I generate a public key and keep the private key. Once we've negotiated that, we settle on a symmetric key that only we know.

What the CA system does is try to provide some assurance that I know whom I am talking to. If I do, everything's peachy. If not, I'm vulnerable to a man-in-the-middle attack. This is not because our encryption systems are bad, but because verification of identity on the Net is hard.

Re:This should be free

[Karmashock]

Verification of identity is self evident if only the source and destination can decode a message. A man in the middle attack gets garbage if they don't have the key.

The only way a man in the middle attack works in this system is if you're passing keys back and forth and the man in the middle intercepts the key.

There are a variety of means of avoiding that besides using a trusted third party. After all, how do you know that the trusted third party isn't compromised?

They are themselves verified by having some key or other but whatever that is tends to be pretty easy to find out if you're determined. Which means it isn't a credible defense against a serious attacker. Against a casual attacker... sure.

How then does one avoid man in the middle attacks? Do not transmit handshake keys.

For example, let us say I am logging into my bank. My bank might ask me to type in some combination of account number, birth date, street address, phone number, into a box that generates a key. The bank knows what key will be generated because the algorithm is not secret. But the information the bank asked you to input as the key is something a man in the middle system shouldn't know. By typing that in or possibly using some sort of complicated captcha, you can generate a handshake key that an automated system without access to the bank's database won't be able to generate.

That key can then be used to exchange stronger encryption keys.

Beyond this, we should think more deeply about saving/storing BIG complicated encryption keys on devices used to do certain things. Say your tablet or pc or whatever. Why not store a 2 megabyte key? Beats the hell out of a 512 bit key. Possibly overkill, but a key of that size is going to be proportionally harder to crack because it won't repeat as often. The bigger the key the harder to crack.

And a key that equals the number of bits transmitted is literally impossible to crack... by anything... ever.

Re:This should be free

Cellular communications are encrypted between the handset and the tower to prevent the radio buff from listening in. How effective that encryption is is up for debate.

No, it isn't. The ciphers used are well known (in the field of cryptography) to be easy to break.

Re:This should be free

[david_thornley]

I was describing the CA system, of course, which relies on trusted third parties, which in fact I don't trust. What keeps me doing commerce on the Web is convenience and the ability to repudiate false transactions. There's got to be something like a hundred CAs shipped with the Firefox I'm using, and the odds that at least one is compromised (and all the attacker needs is one) are pretty high.

That being said, I see problems with your approach.

My bank and I have certain information about me known. That's because it's my bank, and I filled out the application. This is essentially out-of-band information transfer, which makes any crypto scheme easier. However, my birth date, street address, and phone number are not difficult to find. Neither, really, is my account number, since I give it out to people by writing checks. What's more, we need to have dynamic, not static, key generation, since otherwise we can't guard against a replay attack (assuming I haven't changed my birth date since last transaction). The key also has to be generated on the web page, presumably in Javascript, and that Javascript is available to the bad guys. It's possible to have an application from the bank that I run on my computer instead, and this allows much more security.

However, I have a niche hobby, and wind up doing business with small, scattered merchants for fairly low amounts of money. It isn't worth my while to fly to Florida to establish out-of-band information transfer with a place I'm going to place three $150 orders with during the next two years, and then to Connecticut for the next guy. If I have no way of buying from these people online, the Net becomes a lot less useful. There's nothing that the hobby shop in Florida is going to know about me that any bad guy can't find out easily (except, I suppose, my order history). I don't see how to avoid some form of trusted third party here.

Moreover, it's iffy at best to send a strong encryption key using a weakly keyed system. You might get away with it by sending very little with the weak key, reducing the attack surface somewhat, but you'd have to ask somebody who actually knows crypto about that one.

There's no reason for megabyte-sized keys. There's no real evidence that anybody can crack AES-128, although a sufficiently large quantum computer (which may never be feasible) could crack it by splitting it into two 64-bit search spaces. There's no real evidence that anybody can crack AES-256, and a sufficiently large quantum computer won't work there, because a 128-bit search space is far too large to search if we're only using all the resources of the solar system from now until the Sun dies If we're dealing with RSA, we'd have to find two prime numbers with about 8 million bits each, and that gets difficult since the density of primes out that far is going to be about one in five or six million numbers, and testing for primality is going to be time-consuming.

Re:This should be free

[Karmashock]

As to my examples of secret information... cite something you prefer. The point was to pass on the concept and not literally design the system here and now.

As to small purchases, use your bank or any system you prefer as a trusted third party. You establish trust with that entity using entirely private crypto. Then that trusted third party can establish a link with another trusted third party and then their trusted third party can verify the transaction.

In this way every crypto stream is private and not shared. My personal encryption to my bank. Private encryption from Bank 1 to Bank 2 which they have established between each other and then their bank communicates with the merchant using that merchant's private crypto.

At no point should any non-trusted entity know the key.

It really isn't that hard.

Re:This should be free

[EndlessNameless]

And your solution only works for entities with which you have a pre-established relationship and a shared secret (in this case, your personal information).

This does not solve the general problem of identifying an entity on the internet with whom you have no shared secrets.

This suggestion is nowhere near being a replacement for existing CAs as they are currently used.

Re:This should be free

[Karmashock]

You're asking for a solution that logically cannot exist.

Your CA system is flawed and compromised routinely because it is flawed. It can't be secured because you're assuming the CA certs are only issued to trusted entities and they're not trustworthy. They don't take their position in the system seriously and even if they did you're still basing the security of the whole system on your trust in them. If you can't see how hopeless that is then I can't help you.

Re:This should be free

[EndlessNameless]

Yes, the lack of a theoretically sound system is a problem. Your "solution" was to disband the existing system without any sort of meaningful replacement.

We can always use PGP/PKI internally and with close associates. But we need some form of identity verification for everyone else in the world too.

The CA system is flawed---but better than nothing at all. Your "solution" returns us to having nothing for the rest of the world. I.e., it is not a solution or an improvement in any meaningful way to what we already have.

Re:This should be free

[Karmashock]

No that was not my solution.

My solution was to replace the existing system with a theoretically sound system.

Do I intend as part of that disbanding the current shit system? Yes. That is however not me saying we should just got totally naked in the meantime.

Please assume I am not stupid because I am not stupid. It wastes time, makes you sound like you're trying to straw man me, and it is generally counter productive.

Re:This should be free

[EndlessNameless]

Your theoretically sound system is not practical to implement. Plus, we already have a better solution.

The only problem you've clearly identified with the CA system is already addressed by certificate pinning. Your solution offers nothing of value beyond what I can accomplish with pinning---and your idea brings a whole lot of administrative overhead.

While certificate pinning does require local administration, it is significantly less burdensome than your approach. Even Microsoft supports it now, so it is not some niche security option anymore.

Certificate pinning takes ultimate trust back from the CAs yet works easily with the existing infrastructure for applications that you don't need to control as tightly. I have no idea why you are promoting a system that is more complicated and less compatible with no concrete advantages.

Re:This should be free

[Karmashock]

No, pinning only makes MITM attacks harder. It does nothing for my actual issue which you have ZERO solution for...

Do you even know what my primary complaint was about this encryption scheme? I've been pretty clear, but your comment about pinning makes it clear to me that you haven't been paying attention.

So here is a simple pass/fail test:

What is my primary problem with the current encryption scheme and why does pinning do literally nothing to address it?

You either answer that question correctly or you're either too stupid to have this conversation or just talking to yourself because you're not reading anything I am writing.

These discussions must be interactive or they just turn into stupid insult fights because one side or the other can't be bothered to fucking read what the other party is saying.

your best value in "open to bad guys"

[swschrad]

as we have pre-selected the best of the bad guys to listen in on all your calls! this handy feature is worth twice the price!

Re:your best value in "open to bad guys"

Well this is just bad buisness, one of the things big corporations are usually good at.

If your "Secure" product has a backdoor built into it, its not actually secure. That backdoor is just one more attack vector.

Nobody who actually wants this kind of thing for something important will ever even consider Verizon for it now. Legal or not doesn't enter into it, its known to have at least one more weakness than anything else.

It's required

[LynnwoodRooster]

See the CALEA Act passed in 1994. Telecom providers HAVE to provide that backdoor. If not - they are subject to fines of up to $10,000 per day per connection not in compliance, and having their network shut down until it comes into compliance.

Your indignation should not be directed at Verizon - it should be directed at Washington, DC.

Re:It's required

[mythosaz]

False.

CALEA only requires the backdoor to exist if it's technically possible. TFA is pretty clear that other manufacturers and carriers have chosen to implement end-to-end encryption that doesn't have the ability to be backdoored, and as such, there's no need to provide the (non-existent) backdoor to the feds.

Re:It's required

[nickovs]

Firstly, if you can facilitate multi-way calling then it is clearly technically feasible to support a wire tap. Secondly, unlike many other snooping regulations, CALEA explicitly obliges telecommunications companies to modify their systems and equipment in order to facilitate "lawful access" (sic). Verizon are a telco, not an app company, so they are bound by CALEA in ways that people like Silent Circle or CellTrust are not.

Re:It's required

And TFA is probably wrong about the other manufacturers... At least Verizon doesn't PRETEND to protect you from your own government (and in fact, seems to target the service primarily toward government users, who obviously have zero issue with the government being able to gain access, and would probably boycott the service if it didn't have that "feature").

Re:It's required

It's actually quite reasonable and possible to facilitate multi-way calling with end-to-end encryption for all parties that the central network can't break...

Re:It's required

[mean+pun]

If you are right, then Verizon should not offer the product, since they can't legally deliver what they promise.

Re:It's required

[jc42]

Your indignation should not be directed at Verizon - it should be directed at Washington, DC.

A fun part of this is that the government employees at ARPA back in the 1960s explained it all to us. They firmly rejected building any sort of encryption into the network itself, on the grounds that such software would always be controlled by the "middlemen" who supplied the physical connectivity, and they would always build what we now call backdoors into the encryption. They concluded that secure communication between two parties could only be done via encryption that they alone controlled. Any encryption at a lower level was a pure waste of computer time, and shouldn't even be attempted, because it will always be compromised.

This doesn't seem to have gotten through to many people today, though. We hear a lot about how "the Internet" should supply secure, encrypted connections. Sorry; that's never feasible, unless you own and control access to every piece of hardware along the data's route. And the ARPA guys didn't consider that, because that first 'A' stands for "Army", and they wanted a maximally-redundant, "mesh" type network that would be usable in battle conditions. They went with the approach that you use any kind of data equipment that's available, including the enemy's, and you build in sufficient error detection to ensure that the bits get through undamaged,. Then you use encryption that your team knows how to install on their machines and use. And you probably change the encryption software at irregular intervals.

Anyway, the real people to direct your anger at are the PR folks in both industry and government, who keep trying to convince you that they can supply encryption that's secure. Yeah, maybe they can do that, but they never have and they never will. And the odd chance that they've actually done so in some specific case doesn't change this. The next (silent, automatic;-) upgrade will introduce the backdoor.

Unless you have all the code, compile it yourself, and have people who can understand its inner workings, you don't have secure encryption; you have encryption that delivers your text to some unknown third parties. It's the US government's own security folks who explained this to us nearly half a century ago.

Re:It's required

I think his point was that multi-way calling could in theory mean a third party is connected to the call that the other participants are unaware of.

Re:It's required

TFA is pretty clear that other manufacturers and carriers have chosen to implement end-to-end encryption that doesn't have the ability to be backdoored...

Uh huh... I hope you mean they haven't announced any back doors. Because we all know their encryption is unbreakable, right?

I have to ask, apparently over and over, what makes you people think that any of your electronic communications are secured from the government? You all are so naive!

Posting AC because the mods don't like when I ask these still unanswered questions.

Re:It's required

[reve_etrange]

what makes you people think that any of your electronic communications are secured from the government?

What makes you think the government has a polynomial prime factoring algorithm?

Re:It's required

[Lunix+Nutcase]

Why would they need one if either or both the random number generator is weak or the encryption algorithm is vulnerable to cryptanalysis?

Re:It's required

[Lunix+Nutcase]

They are providing end-to-end encryption. They probably just control the keys.

Re:It's required

[LynnwoodRooster]

False.

CALEA only requires the backdoor to exist if it's technically possible. TFA is pretty clear that other manufacturers and carriers have chosen to implement end-to-end encryption that doesn't have the ability to be backdoored, and as such, there's no need to provide the (non-existent) backdoor to the feds.

Can you design a system you would solely supply for encrypted end-to-end communications that could NOT have a backdoor implemented? If you implement the end-points, then a back-door is automatically possible - you control the encryption/decryption on the ends.

Re:It's required

[LynnwoodRooster]

Actually, CALEA means that it's basically illegal to deliver a full end-to-end encrypted system that does not have a back door. Now, if Verizon simply passed encrypted data between endpoints, and let a 3rd party app developer create the endpoints which encrypted/decrypted the data, then Verizon could not offer a backdoor - it has no way of intercepting/decrypting the data. But by doing the full chain (encrypt, transport, decrypt) it simply has to offer a back-door per CALEA because it is obviously possible for them to do so (they see the raw data prior to encryption, and know the encryption scheme and keys - they did the endpoints).

Re:It's required

[fyngyrz]

What makes you think the government has a polynomial prime factoring algorithm?

What makes you think they don't? What makes you think they even need one? What makes you think they don't hire, and utilize, some of the most powerful math-heads out there? What makes you think that something that can't be broken today won't bring you to the vale of tears days, months, even years later, if that's what it takes? What makes you think they don't have, or won't have, some kind of quantum computing device that obviates encryption entirely? What makes you think they didn't log every keystroke you typed, thus making encryption a complete non-issue? Wait, what, your system is "pure"? You know they can tell what you're typing by the sound, right? Finally, what makes you think they won't come right to your home or place of business or your favorite club, hustle you into a dank basement somewhere, and waterboard you or pound your toes to mush with a hammer or actually, eventually, read your mind electronically and get what they want that way? Got any relatives you treasure? What about the recipient(s)? Now there are (at least) two points of human weakness.

And... you do know that "they" have access to quite a few technologies that "we" do not, right?

I would seriously bet on the idea that if you demonstrate you think you need to encrypt your stuff by simply doing so, all you've managed to accomplish is get on a list of "we'll get back to this suspicious character later."

Right now, if you've got something secret that you don't want the government to become aware of, just don't say it or otherwise communicate it. That's your very best chance of actually keeping it a secret. It may be your only chance.

Re:It's required

[blueg3]

And the ARPA guys didn't consider that, because that first 'A' stands for "Army"

The "A" stands for "Advanced". I think they were more interested in a research network than a tactical (battlefield) network. I think it's still true that "one organization controls all the infrastructure between two points on the Internet" was *not* the model of the Internet they were envisioning at the time.

Re:It's required

[sjames]

But that can easily be prevented in a public key system. Just a simple example that I am formulating as I type. The peers elect a master based on any arbitrary criterion (pick a number, who has the lowest mac address, who called in first, whatever). Everybody else hands it a public key. The master generates a session key and encrypts it with each authorized public key to distribute it. If LEO taps in, he gets nothing unless he can convince the master to accept his public key. If there are supposed to be 3 parties on the call, the master's owner will notice that there is an extra request for the session key.

An added benefit is that it is actual end-to-end encryption. The provider has no ability to tap the line as long as the keys are reasonable and the software doesn't have a back door in it..

If the public keys have been exchanged in advance, all the better for knowing the identity of everyone involved in the call.

Re:It's required

[Cramer]

It's always technically possible. The question then is did you serve the order to the ones who actually can decrypt it. Verizon is in the middle, so they can provide the raw traffic, but as they aren't the one doing the crypto, they're done as soon as the traffic is available. It's the software maker (and by extension Verizon as they're pushing it) who has that technical ability and thus requirement to hand over any keys.

(Yes, a system using ephemeral public/private keys known only to the phone and used only for a single call would be a very difficult system to tap.)

Re:It's required

You're missing the point.

What encrypting end to end gets the bad guys (government, marketing companies) is a non-reputable session key for all communications made.

The reason Google implemented HTTPS wasn't to make your Google searches more secure, but so they could more accurately track them; even with cookies off, your session key for the SSL stream can be tracked pretty accurately through NAT, PAT, Firewalls, and even Proxy's.

Re:It's required

[reve_etrange]

What makes you think they don't hire, and utilize, some of the most powerful math-heads out there?

They do - and they still haven't solved Kryptos, let alone polynomial prime factoring. Hard problems don't magically become easy because "it's the government."

Re:It's required

[Opportunist]

In this case there would have been nothing easier than create a new company out of thin air that sells the service that is no telco. It's not like creating a new virtual company is hard in this country.

Re:It's required

[Kjella]

It was the 1960s. You were lucky to have a 300 baud modem, they wanted to save two bits by chopping the "19" off 1960 and encryption was regulated as munitions. Heck, even in the 1990s they wanted to restrict my browser to 40 bits so I didn't have "export grade" cryptography. I still hear cost for servers and battery life on clients as an argument for why sites don't move to HTTPS, The very idea to build the Internet with strong encryption by default was ridiculous on technical merits and I don't recall anyone even suggesting it so feel free to quote some sources.

Yes, MITM attacks are possible. But unlike wiretapping they're also detectable and I don't just mean in the theoretical sense. You could still use CAs to "boost" the credibility of an IP encryption key fingerprint (The CA signs my cert, I sign a message saying my IP uses fingerprint aa:bb:cc:dd:ee:ff), you can verify by proxy (connect to your server from friends/family/open wifi/proxy or ask a third party to what certificate fingerprint they see) or you can use in-band ad hoc verification. For example you're in a chat and it says at the top "finger print for this session is aa:bb:cc:dd:ee:ff" you might say "reverse it and you get ff:ee:dd:cc:bb:aa" or "third pair is a double c" or "last two are 255 in hex" as part of the conversation. Even better if it's voice communication, think they can MITM a buddy saying the fingerprint?

MITM only works if there's a protocol you can use to automatically block/filter any information about the key. For example imagine you take a photo, overlay the fingerprint semi-transparently and display it on your website. Now they have to create a very custom solution for your site to create an identical photo to replace it with. Transparent MITM in an interactive process - not just your cell phone checking your mail - is going to be really tough to do on a mass scale. It won't have the perfect theoretical characteristics, but it sure will work for most people most of the time.

Re:It's required

[gweihir]

Nonsense. Multi-way can also be end-to-end encrypted with no way to intercept. Maybe read up on crypto before claiming BS?

Re:It's required

[Ken+D]

ARPA was also called DARPA at various times, where "D" stands for "Defense", and the ARPANet was therefore called DARPANet at those times.

Back in the day when the only people on the 'net were military, schools, and tech companies... long long before Canter and Siegel's Green Card spam.

Re:It's required

So this would explain me overhearing the tech who installed my broadband, who was on the phone with the office, say that he was "having trouble initiating a backdoor".
hehehe

Re: It's required

They do pretend.thats the whole service

Re:It's required

[fyngyrz]

You don't know if they've solved (the last part of) Kryptos. You just know the public hasn't.

The difference between what you think you know, and what you actually know, is often quite significant.

As for the "magic" straw man, not worthy of a response.

Re:It's required

[reve_etrange]

As for the "magic" straw man, not worthy of a response.

It's not a straw man at all. You explicitly claimed that the US government's collection of smart people have almost obtained a polynomial prime factoring algorithm while the vastly larger collection of non-US-government smart people has not. You have no argument other than bald assertion why that should be the case.

Re:It's required

[fyngyrz]

No, I didn't claim anything of the sort. I only asked how you didn't know that was the case, which is something else entirely. You need new reading glasses. Or remedial reading classes. Or something.

Re:It's required

[reve_etrange]

So you admit you have no arguments, but only trivial reversals of any proposition, which you then regard as authoritative.

Re:It's required

[fyngyrz]

You are promoting the idea that there is safety in a situation for which you have no data.

Only a fool would follow you there.

How is this different than the clipper chip?

I thought we had already had the "Big Brother inside" debate and weren't going t have it. Well it looks like they came back for another bite of the apple.

Re:How is this different than the clipper chip?

[ogdenk]

Yeah, so they clandestinely compromised your software and network transceivers and near silently passed legislation to make it all retroactively legal tacked onto other bills instead. That'll teach you to stick up for your rights you worthless proletariat.

Like that bit about Congress deciding parallel construction due to NSA cellphone taps does not violate your 1st, 4th or 5th amendment rights. We all know damn well that those assholes were NOT representing their constituents when they voted on that one. If that passes SCOTUS, basically all is lost and everything just gets worse until it affects rich folks enough that they get pissed off, arm a bunch of people and organize.

Make no mistake, the current regime (government and large corporate) views you as the enemy. An inconvenience in their way. And the more inconvenient you are, the less they care about breaking any and all laws to see you silenced or discredited. Welcome to Hell folks, it only gets worse from here.

Re:How is this different than the clipper chip?

[fustakrakich]

We all know damn well that those assholes were NOT representing their constituents when they voted on that one.

So what? 95% still win reelection every single time. People want to believe the lies and continue to vote for overt liars. I wouldn't know how to combat that yet.

Re: How is this different than the clipper chip?

It's simple: you can't. They won, let's face it. There's nothing anyone can do.

Re:How is this different than the clipper chip?

[TehZorroness]

If that passes SCOTUS, basically all is lost

Is this a case? Can someone drop the name or a link to the docket so I can follow it? (Typed in total sincerity. No sarcasm here.)

Re: How is this different than the clipper chip?

[ogdenk]

It's simple: you can't. They won, let's face it. There's nothing anyone can do.

Unless they make the same mistake the Nazis did and start persecuting the rich, no one will have the funds or manpower to organize an effective resistance. And due to very effective media manipulation techniques, anyone else who tried to rise would be labelled a lone, kiddie murdering, child molesting, atheist, serial rapist that preys on cute rich white girls.... and boys. And the cops will obviously be in fear for their lives as they shoot you in handcuffs.

They aren't making the same mistake the Nazis did. This is not race warfare. This is not religious warfare. This is CLASS warfare. And you aren't part of their class but they will never truly admit this to you directly. They'll just have you pulled over for your car being too old, shoot your dog in the backseat, and tell you to stop resisting as they cave your face in with onlookers doing nothing because you dared look them in the eye. And the perpetrators of the violence will investigate and clear themselves. Welcome to 21st century America.

Re: How is this different than the clipper chip?

It's not class "warfare", the term implies there's some fighting going on. This is not the case, because it's completely one-sided. Let's call it a "class shooting gallery" if you will. Welcome to 21st century everywhere.

Re:How is this different than the clipper chip?

[Opportunist]

That's the new democracy. You keep voting until the outcome the aristocracy wants happens. But you have the total choice, provided you can be available at 2am at the bottom of the ocean where the free election is going to be held.

Re: How is this different than the clipper chip?

So right and yet so wrong. Can't think of many examples where "cops shoot you in handcuffs", "shoot your dog", or "cave your face in for looking them in the eye". The class warfare exists, but it's not overt. It's the people in the right places who know the right people who rise to the top while everyone else scrambles on the bottom for what they can get. The cops by and large are part of that crowd on the bottom. Elections are never really a matter of the right guy for the job anymore, but rather who's the guy who sucks the least or will do the least amount of damage. The politicans work for the people who have the resources to keep them in office, and pad their pockets while they're there. If you're not rich that's not you. The rich rule the country because they have the resources to pay for politicans and lobiests to influence laws that benefit them. It's by the people and for the people. Just not all the people. If you try to rise up and organize you'll find that 100 different people will have 100 different ideas about what things should be. No one agrees so no one moves. That's what makes it impossible to organize and fight back.

Re: How is this different than the clipper chip?

>They won, let's face it. There's nothing anyone can do.

Huh. That was pretty much Abbie Hoffman's suicide note: "It's too late. We can't win, they've gotten too powerful."

Re:How is this different than the clipper chip?

[david_thornley]

The Clipper chip and similar things were, as I remember, key escrow. That was a major security problem, and meant that government agencies (and anybody who could fake being one or hack into some badly protected server) could decrypt anything you sent. CALEA doesn't require that; all it says is that the government has to be able to tap the communications channel when a warrant is presented. This is much more secure, and does not permit retroactive fishing expeditions.

It is end-to-end!

If one of the ends is at the man-in-the-middle.

Sell the key

[jamesl]

Verizon sells you end-to-end encryption and then sells NSA the key.

Re:Sell the key

[BoRegardless]

And then the next Snowden sells the back door key to whoever he wants!

Re:Sell the key

[steelfood]

The real cost of the service is $90 per line. The other $45 is subsidized by the NSA.

CALEA says it must

All communications devices sold in this country, by law, must have backdoors!

https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act#Provisions_of_CALEA

So Verizon should be sued into the 7th level of hell for saying this in any way secure.

Re:CALEA says it must

[NoKaOi]

FTA:

Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

Re: CALEA says it must

Does this apply to computers vpro vt Intel?

Who are you defending against?

[NoKaOi]

If you think you're defending against the NSA with encryption provided by a big telecom company, you're fooling yourself, even if this policy weren't public. If, on the other hand, you're defending against basic hackers hired by a competitor, then perhaps this would be a reasonable option. It's like locking your doors, putting bars on all your windows, and putting your stuff in a safe. Sure, that'll keep most burglars out, but do you think the NSA wouldn't be able to get to your stuff?

This is the part that bugs me: "so long as they're able to prove that there's a legitimate law enforcement reason for doing so." It used to be that meant demonstrating to an impartial judge that they had probable cause, which takes the form of a warrant. However, it doesn't say they need a warrant...so now it's a Verizon employee rather than an impartial judge who gets to decide if there's probable cause.

Re:Who are you defending against?

[NoKaOi]

Also, FTA:

Verizon believes major demand for its new encryption service will come from governmental agencies conveying sensitive but unclassified information over the phone, says Tim Petsky, a senior product manager for Verizon Wireless.

Sensitive, but unclassified. That should give an indication as to the level of security they expect it to provide.

Re:Who are you defending against?

[cavreader]

In this context a legitimate law enforcement reason means a warrant would indeed be needed. Companies are increasingly challenging governmental and law enforcement requests for data in several different venues. Including telecommunication data, data stored in data centers, and video surveillance collected from publicly mounted cameras. Even when the FBI attempted to slap a GPS tracker to a suspects car without a warrant resulted in the evidence collected being thrown out of court. There is a system in place that while hardly perfect it does get things right now and then. However you never hear much fanfare when the system works as designed. All you do hear is a lot of complaining about this or that violating someones constitutional rights but no real life case examples of this actually happening to anyone. There have been a total of two attempted prosecutions under provisions in the Patriot Act which resulted in rulings stating the PA provisions in the case violated the accused constitutional rights. There has been no other attempt by the government to use the PA against anyone since.

Re:Who are you defending against?

[AHuxley]

The voice side and network will always be wiretap friendly. So expect any new device on any network to stay backdoor and trapdoor friendly too.
Any voice or text entered will just be collected on the device before the encryption software.
Think about a number station or one time pad. Anyone can hear that long list of personal messages.

Re:Who are you defending against?

[fyngyrz]

In this context a legitimate law enforcement reason means a warrant would indeed be needed.

Are you mad? They don't even insist on warrants when they can't meet the requirements of the 4th amendment, preferring to focus cluelessly upon the word "unreasonable" and ignoring the litany of probable cause, supported by oath or affirmation that were put there to explicitly define what "reasonable" is. They just break your door down, and shoot you -- and your pets.

And you think a law that doesn't even say a warrant is required will somehow stumble in its application on needing them?

I don't think you understand how the justice system works here. Or perhaps you're not from here.

Re:Who are you defending against?

[NoKaOi]

There have been a total of two attempted prosecutions under provisions in the Patriot Act

And how many NSLs have been issued to force the cover-up of these constitutional violations?

Re:Who are you defending against?

[blueg3]

1. That's pretty common simply because getting anything approved for encryption above the SBU level is difficult and expensive. (It also requires, in essence, review by and the approval of NSA.) So tons of encryption products are made only up to the SBU level.

2. Even with end-to-end encryption, it's unlikely that they would approve classified data transiting the Internet.

Re:Who are you defending against?

[cavreader]

Give a real life example of someone prosecuted and convicted of a crime using evidence from data collected without a warrant or using a NSL Add FISA warrants into the mix as well. Although I am sure you know that any evidence collected using a FISA warrant is in admissible and can not be used in court against a defendant. Evidence collected under a FISA warrant are used to collect enough evidence to obtain a regular court warrant. And if so was the issue addressed in a court of law to support the defense? After all you seem to think you know the ends and outs of constitutional law surely you can find one case of a person convicted even though his 4th amendment rights were egregiously violated. And can you be a little less hysterical with your "just break your door down, and shoot you -- and your pets." statement because we are talking about the US not Abbottabad. The government or law enforcement agencies can request all the data they want but if they want to use that data to prosecute someone they will have to defend their methods in court. There are literally thousands of cases of evidence being throw out of court because of a lack of warrants or other violations of the evidentiary practices and statutes.

Re:Who are you defending against?

If you think you're defending against the NSA with encryption provided by a big telecom company, you're fooling yourself, even if this policy weren't public. If, on the other hand, you're defending against basic hackers hired by a competitor, then perhaps this would be a reasonable option. It's like locking your doors, putting bars on all your windows, and putting your stuff in a safe. Sure, that'll keep most burglars out, but do you think the NSA wouldn't be able to get to your stuff?

The problem is that it won't keep the hackers out. The most likely things a hacker will attack will be the phone itself and the customer premise equipment...which won't be protected by this encryption. So this product is worse than useless.

Who cares what it means? Are people buying it?

[fustakrakich]

That would be the news to report.

Re:Who cares what it means? Are people buying it?

[Opportunist]

Rather unlikely after this revelation.

People who don't care about a secure communication line won't buy it because they don't care about having a secure communication line.
People who do care about a secure communication line won't buy it because they do care about having a secure communication line.

Verizon admits it's a "weakness"

[reve_etrange]

Seth Polansky, Cellcrypt's vice president for North America, disputes the idea that building technology to allow wiretapping is a security risk. "It's only creating a weakness for government agencies," he says. "Just because a government access option exists, it doesn't mean other companies can access it."

I doubt it will be very long before third parties apart from government figure out how to access their backdoor.

Re:Verizon admits it's a "weakness"

[schnell]

I doubt it will be very long before third parties apart from government figure out how to access their backdoor.

No, because the "backdoor" is getting a judge to sign a warrant for the police to wiretap you, and the police submitting that request to Verizon through official channels so that Verizon uses the keys that they have to decrypt the communication and give it to the police.

How is a third party going to use that?

Re:Verizon admits it's a "weakness"

[Smerta]

Well it depends.

Mr. Polansky himself (while certainly not a security expert or a cryptographer) describes it as a "weakness" built into the system. The streets are littered with products and systems built with backdoors/weaknesses that are found & exploited by attackers (sometimes an insider who knows about or helped implement the weakness.)

On the other hand, while still subject to abuse, if the "weakness" is a 2nd, high entropy key, then you either have to get the key, or break the crypto (getting the key obviously being the attacker's 1st choice). This is different than a backdoor.

Re:Verizon admits it's a "weakness"

[turbidostato]

"No, because the "backdoor" is getting a judge to sign a warrant for the police to wiretap you"

The police and the police only? In each and every case?

Re:Verizon admits it's a "weakness"

If Verizon has keys to decrypt, then it's not 'end to end'. It's 'key escrow'. They are misusing crypto terminology, hoping the general public will not notice.

Re:Verizon admits it's a "weakness"

Really? A well-placed Verizon employee can easily bypass "official channels". So can anybody who has any leverage over that guy.

Money talks

A backdoor for typical communication devices is simply a telco employee who is in debt who has switch access.

Your number can be assigned to multiple phones at the switch so if you need to listen to a particular number, just pay the right employee. I assure you security isn't nearly what it should be for switch access.

Many switch access points traverse equipment that have packet sniffing capability. No they don't use SSH to talk with the switch, yes they use telnet.

And

[koan]

So will Google, Apple, and Microsoft's encryption schemes.

It's really just a sucker deal when they tell you they care and are going to implement encryption, how else do you settle the cattle after all Snowden showed us.

Tell them it's encrypted, put them at ease and make them complacent again, then provide the "agencies" with a master key/backdoor.

US Corporation...

[geekmux]

...US Laws.

'nuff said.

No, seriously, can we please stop being shocked and appalled over the (ancient) concept that a US Corporation would beholden a US Citizen with any form of communications service that also contains a back door for the US Government? The OMGWTFEFF attitude is wearing thin.

US Corporation. US Laws. CALEA is twenty years old now. You have no Right to privacy anymore with any US-based communications service.

Oh, and according to this Administration, you just might be a terrorist if you think or assume otherwise. Have fun.

Re:US Corporation...

[gweihir]

The pattern repeats itself. There are quite a few obvious spots in human history where things like this have been done before, and universally with catastrophic consequences.

Marbury v Madison "null and void"

[raymorris]

The Supreme Court says they are null and void, iow not law.
Thomas Jefferson, Alexander Hamilton, and other founders also expressed this principle.

"All laws which are repugnant to the Constitution are null and void.â (Marbury vs.Madison, 1803.)

âoeEvery law consistent with the Constitution will have been made in pursuance of the powers granted by it. Every usurpation or law repugnant to it cannot have been made in pursuance of its powers. The latter will be nugatory and void.â (Thomas Jefferson, Elliot, p. 4:187-88.)

âoeâ¦the laws of Congress are restricted to a certain sphere, and when they depart from this sphere, they are no longer supreme or binding. In the same manner the states have certain independent power, in which their laws are supreme.â (Alexander Hamilton, Elliot, 2:362.)

âoeThis Constitution, as to the powers therein granted, is constantly to be the supreme law of the land.⦠It is not the supreme law in the exercise of a power not granted.â (William Davie, Pennsylvania, p. 277.)

âoeIt will not, I presume, have escaped observation that it expressly confines the supremacy to laws made pursuant to the Constitutionâ (Alexander Hamilton, concerning the supremacy clause The Federalist Papers, #33.)

âoeThere is no position which depends on clearer principles than that every act of a delegated authority, contrary to the commission under which it is exercised, is void. No legislative act, therefore, contrary to the Constitution, can be valid.â (Alexander Hamilton, The Federalist Papers, #78.)

They don't need no steenking warrants

[fyngyrz]

Hysteria, eh? Well, let's just drag a few facts out. Here we go:

o Straight-up misconduct

o Botched paramilitary police raid data

o Judge, jury and executioners in blue: The death penalty -- without a court

o Warrants "not required" data

o Seizure of property without warrants details

o $2.02 billion dollars in cash and property seizures for/in which no indictment was ever filed

o Other illegal horrors

Just a little information -- what we know -- showing our government at work, cavreader. Now, I don't know how you will characterize this information, but I know how I do: Directly and unequivocally indicative of a systemic breakdown of respect, regard, and understanding of liberty and justice that extends broadly across all areas of law enforcement.

Now, you want to talk nonsense about legal protections in a system where the vast majority of defendants are pressured into plea bargains against a completely uneven scale full of extra charges, almost certain financial ruin, threats of extended incarceration, and outright lies from the police and prosecutor, where the police don't have to defend anything in court -- and which can be, and at times have been, followed up by ex post facto laws increasing punishment after conviction -- fine. But don't expect me to take you seriously, because you obviously don't have even the slightest idea what you're talking about.

Re:They don't need no steenking warrants

I call your examples statistical anomalies in a country with a population of +365 million. There are also over 1.1 million law enforcement officers in the US. Are they all corrupt liars and shoot first thugs? Your arguments suggest this is what you believe. You argue the extremes which are inherent in any system and rage against the machine because you know without a doubt you are right and everyone else is wrong. Why don't we all just relax and see if anarchy is a better system because frankly I am tired of the never ending bullshit spewed by the righteous extremist on both sides of any argument or problem we are facing today.

Easy Solution

Sue Verizon for False Advertising.

Get technical experts on the stand to testify that proper 'end-to-end' encryption means NOBODY can intercept.

And don't settle. Under no circumstance settle, go for a jury trial and force precedent.

 

Re: Easy Solution

Do it!

There is no "law enforcement only" backdoor

[Opportunist]

Any backdoor is by definition available to everyone. Some may have a key, the others have lockpicks.

Re:There is no "law enforcement only" backdoor

[codewarren]

How is this insightful? What does "backdoor" have to do with it then? If anything with keys can be picked, then all encrypted communication is vulnerable and adding a backdoor would just be meaningless.

All communication has to be decryptable or it isn't communication. (How would one-way communication work? exactly like a write-only memory chip). So someone always has to have a key, but that doesn't always have to be the NSA or government or even Verizon.

Re:There is no "law enforcement only" backdoor

[Opportunist]

The bigger the group of people who have access to resources that are to remain secret, the bigger the threat that the secret gets out. It just takes one link in the chain to break it, and only one to talk to render a key useless.

Or, in other ways, while breaking a key may be impossible, breaking a kneecap isn't.

What is the point?

Why would you have encrytion if the party most likely to intercept your communications gets access anyway?

what if the backdoor is always the master

[Dareth]

what if the backdoor is always the master

Re:what if the backdoor is always the master

[sjames]

The legit parties to the conversation would notice that none of them are the master. Or choose an election system that makes one of them the master every time.

In Soviet America...

[Methadras]

Backdoor opens you.

To quote the film "THEY LIVE"? apk

"I've got one that can see..." from -> https://www.youtube.com/watch?...

APK

P.S.=> This isn't a world of great men - it's a world of secret-handshake 'committees' now & "networking" rather than what you know (in that case, it's how cheap are you, but... the "powers that be" forgot 1 thing - you DO get what you pay for, but then again? They've "gotta get their bonuses" for doing zero, except ruining things more, imo).

Hey - All you've gotta do? "JOIN THE RIGHT 'FRAT'" & get what's yours, then split... the new mantra!

It's become bogus, but @ least you see thru it - it's wrong, but how it's become largely (the lousy results show it though, hate to say that - you get, what you get, with what you said)- it's the WHY of why I went into business for myself, my money works FOR me, making me more (rather than being a wageslave making the rich richer, practically giving away the most precious thing there is that there is no store you can buy it for: YOUR LIFE & FREE TIME)... apk

Backdoor = Open Door

Any backdoor can be exploited by hackers. A back door is an open door. Sort of negates security don't you think?

Exactly

[sansprivacy]

All the recent media hype on how manufacturers are "hardening" their devices is a joke. Of course they're going to continue to let "approved" entities spy on you. We'll start seeing devices built on an open platform running community developed OSS in the next couple of years..

Spies will spy

[meustrus]

Spies will spy. It is preferable for the spies to have private backdoors rather than for them to research (or create) and utilize hacks that could then be used by criminals. In this case the system design also requires human interaction and a court order, making it less likely for a hacker to gain the same access. The real question is whether we should have spies at all, because if we don't want them to be able to actually spy on people why pay for them? And I am including law enforcement agencies under the term "spy" because that's what they are doing when they are investigating a case. But if we decide (as others have in the past) that it's OK to spy on suspected criminals (with oversight to ensure that the definition of "suspected criminals" does not expand), this is the right way to do it.