Slashdot Mirror
Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor
An anonymous reader sends this quote from TechDirt:
As a string of whistle blowers like former AT&T employee Mark Klein have made clear abundantly clear, the line purportedly separating intelligence operations from the nation's incumbent phone companies was all-but obliterated long ago. As such, it's relatively amusing to see Verizon announce this week that the company is offering up a new encrypted wireless voice service named Voice Cypher. Voice Cypher, Verizon states, offers "end-to-end" encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app made by Cellcrypt.
Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.
Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.
Aren't our calls supposed to be encrypted anyway? I mean, so some jack ass with a radio can't listen to them? So what are they charging me for here?
Sounds like a reasonable product for the government.
For the consumer though, you have to ask yourself what you're actually getting with this? Doesn't appear to be anything. After all, the only people that could normally break into your communications would be the government anyway.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
If you are right, then Verizon should not offer the product, since they can't legally deliver what they promise.
Your indignation should not be directed at Verizon - it should be directed at Washington, DC.
A fun part of this is that the government employees at ARPA back in the 1960s explained it all to us. They firmly rejected building any sort of encryption into the network itself, on the grounds that such software would always be controlled by the "middlemen" who supplied the physical connectivity, and they would always build what we now call backdoors into the encryption. They concluded that secure communication between two parties could only be done via encryption that they alone controlled. Any encryption at a lower level was a pure waste of computer time, and shouldn't even be attempted, because it will always be compromised.
This doesn't seem to have gotten through to many people today, though. We hear a lot about how "the Internet" should supply secure, encrypted connections. Sorry; that's never feasible, unless you own and control access to every piece of hardware along the data's route. And the ARPA guys didn't consider that, because that first 'A' stands for "Army", and they wanted a maximally-redundant, "mesh" type network that would be usable in battle conditions. They went with the approach that you use any kind of data equipment that's available, including the enemy's, and you build in sufficient error detection to ensure that the bits get through undamaged,. Then you use encryption that your team knows how to install on their machines and use. And you probably change the encryption software at irregular intervals.
Anyway, the real people to direct your anger at are the PR folks in both industry and government, who keep trying to convince you that they can supply encryption that's secure. Yeah, maybe they can do that, but they never have and they never will. And the odd chance that they've actually done so in some specific case doesn't change this. The next (silent, automatic;-) upgrade will introduce the backdoor.
Unless you have all the code, compile it yourself, and have people who can understand its inner workings, you don't have secure encryption; you have encryption that delivers your text to some unknown third parties. It's the US government's own security folks who explained this to us nearly half a century ago.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Any backdoor is by definition available to everyone. Some may have a key, the others have lockpicks.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.