Slashdot Mirror
NSA Director Wants Legal Right To Snoop On Encrypted Data
jfruh writes: This may not come as a huge shock, but the director of the NSA doesn't believe that you have the right to encrypt your data in a way that the government can't access it. At a cybersecurity policy event, Michael Rogers said that the U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to.
Go fuck yourself.
That is all.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
they'll be moving to places with more sensible security policies
(no text.)
...did having the legal right matter to the NSA? Or recent governments, for that matter...
--- Pork is not a verb.
Does anyone have some insight of how this might be done? If they could read it, wouldn't that mean that anyone could read it? Are there multiple-key type systems? If there are, is it all thrown out once the master key gets leaked/brute forced with all of Chinas CPUs?
Okay, if we receive the legal right to snoop on the NSA. Fair trade.
The day cybernetic implants become feasible, the US will demand access to your thoughts.
I mean, there are going to be some areas where we’re going to have different perspectives. That doesn’t bother me at all. One of the reasons why, quite frankly, I believe in doing things like this is that when I do that, I say, “Look, there are no restrictions on questions. You can ask me anything.”
Welcome to the new Amerika. Your possessions and money may be seized at any time via civil asset forfeiture, your communications are under constant surveillance, and now they want to make sure absolutely nothing can be kept private.
But, hey, so long as we're having "dialogue" (you'll do what you want anyways) and we have your permission to ask questions then it's all good.
Who really won the cold war?
It's called a subpoena.
What you want is a system that allows it, and if you have a backdoor, they have it too. Snowden's leaks didn't convince me that you were the all powerful octopus, it convinced me that you were the Keystone Cops of the Information Superhighway. I don't distrust you because of your bad intent. I don't trust you because of your incompetence.
just like you had a reason to look at stuff, ya goofballs
if this is supposed to be a new economy, how come they still want my old fashioned money?
Get a warrant and demand the keys. Or brute force it. Same as a locked box. I know the legal system is such a pain in the ass for making you do your God damned jobs the proper way.
Ok, lets assume they are right and the government **should** be allowed to access encrypted data (not that I agree with this).
Its going to be an absolutely impossible for them to implement technically it without significantly increasing the risk an unauthorized 3rd party can.
The non-technical way (give me your password) has constitutional issues.
This falls into two categories.
1.) Lawful investigation (warrant and all). In this case, encryption has been regarded as a 'locked box' they can seize and search your gun safe but they can not ask you to give up the combination. If they get past that, there are other legal hurdles....The Government cannot compel you to incriminate yourself (give up the key) (5th Amendment).....If that doesn't work, who says you can recall the password or didn't lose the key--This could be fun and I don't know the law.....
2.) We will call it "Creative Surveillance". Well, thats a whole can of 4th amendment.
I was just thinking the rest of the world should have the legal right to kick anybody from the NSA in the nuts.
These people are assholes who don't give a crap about civil liberties and human rights.
Mauled by bears would be too good for them.
Lost at C:>. Found at C.
The transcript is such a piece of weasel shit. It is really embarrassing that greasy evasive double-talking conmen like that are given powerful positions in the U.S.
The rest of the world don't want products with official US backdoors though. So you'll have a very hard time selling anything US made abroad and you'd have to ban foreign imports that don't comply with your backdoor policy. Probably also all second hand private imports like eBay. And open source. If the NSA didn't cost the US enough money already, it will after that. I remember a time when you had to fight to get non-crippled crypto out of the US, only 40 bits for us schmucks. I guess now you'll have to fight to get non-crippled crypto back in...
Live today, because you never know what tomorrow brings
Didn't you yanks go to war with the British to stop this sort of warrantless invasion of privacy?
Back in the cold war era so many of our American leaders criticized the totalitarianism and lack of human rights in China and the Soviet bloc nations. Now fifty some years later we are gradually becoming just like them.
All enemies, foreign and domestic.
If I thought it was OK for them to read my messages, I wouldn't fucking encrypt them.
If the NSA can legally read my encrypted messages, it won't be long before that's 1) abused and 2) done by [other] criminals. So what's the point of encrypting?
The ending was perfect:
Okay, nice to meet you. Thanks.
“He’s not deformed, he’s just drunk!”
The problem is secret courts and that they have been caught spying on everyone multiple times already.
If he was arguing that they should be able to get a court order at a NORMAL court not the FISA one and with probably cause have the right to decrypt the data and only the data covered by the search warrant then I would support him.
Computer modeling for biotech drug manufacturing is HARD!
"We need to be able to catch perverts and terrorists"
Considering that many of the purveyors of terrorism work behind the scenes in our own government, and that many, many 'prominent, upstanding citizens' are members of elite pedophile rings, then the answer is simple:
Spy on them as they spy on us.
I'm willing to bet that there are more pedophiles and criminals out of every 100 'elitists' than there are in the general population of 'average joes'.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Abuse: http://en.wikipedia.org/wiki/McCarthyism Who gets labelled a terrorist and why? It's not just about who commits violence. It's about who is a threat to the existing power-structure. Terrorist is the new communist.
It's hilarious. For a moment I wondered if the transcript is even real. This makes Eliza look sophisticated.
He seems to believe, "I think we can work through this" is an acceptable answer to a simple yes/no question. The guy doesn't even have a coherent answer to one of the most basic and obvious questions he could possibly be asked. I thought Comey did a poor job of explaining his position but this takes it to a whole other level.
it's called due process. Subpoenas, search warrants, etc.
Use the tools you have and don't invade the privacy and rights of everyone.
The same burblings emerged from our Prime Minister a few weeks ago.
From him, it was potentially forgivable as the technically ignorant ramblings of a politican trying to score some election points.
From the Director of the NSA.... he knows exactly what he's asking for. Compulsory key escrow.
They tried this already with Clipper. They were unanimously told where to shove it. Are we really going to have to fight this battle every 20 years?
Maybe he's just acting out all petulant because their biggest hack, stealing the keys from Gemalto, has come to light and they aren't going to be able to pull that one again in a hurry.
The problem is more or less that we're no longer fighting nation states. We're fighting civilians who use our own communications systems for perpetrating limited small scale war against us. And they're content with the results because they frankly have nothing to lose. Short of killing a lot of innocent people or permitting a lot of innocent people to be killed, I don't see a reasonable path.
That is all.
Comment removed based on user account deletion
I don't know how someone so ignorant got to be so high in the bureaucracy, but there is a mechanism for this. It's called a warrant. One of the reasons we have this system is as a failsafe precisely in case that someone so ignorant does happen to get so high in the bureaucracy.
To decrypt my hard drive. The old saw.
Good to see it is remembered.
Perhaps he hasn't heard all about the one-time-pad?
We can indeed craft a policy to allow this. We cannot build an encryption scheme to support this. To use the cliche, two people can keep a secret, if one of them is dead. With the ability of the government to decrypt anything at any time, using a technical, rather than legal access measure, means that everyone can in theory, access anything at any time. At which point, identity thieves merely need to steal one key to get everyone's bank records. And between Snowden, Wikileaks, and all the other information pouring out of the government currently, it's not hard for them to conceivably get it.
I personally have no problems with the idea of catching bad guys. But at this point, thanks to laws that haven't caught up with reality, if you guess the password on your wife's laptop, or your kids, and have ever ordered anything from amazon on it, then you technically have violated the Computer Fraud and Abuse Act. If you "borrow" someone's computer and use it to look at NASA pictures, that's technically a violation, if you forgot to ask.
We have a legal system, where people can be compelled to give up encryption keys with such measures as subpeona's ETC. If you failed to give it up, then they can charge you with such things as contempt of court. At which point, you can attempt to brute force the encryption. After all, any human memorable key will likely not be resistant to 6 months or more of effort. Most people use 1234 as a password for gods sake.
And as a closing bit, the fourth amendment, protecting against unreasonable search and seizure, requires probable cause or explicit consent to go through people's stuff. as such, they are entitled to look through what they can prove has relation to the crimes in question, or convince a judge is related. My voicemail and email are not so related.
Tb shpx lbhefrys.
Gung vf nyy.
Fixed that for you.
I am very small, utmostly microscopic.
they haven't given a shit about doing anything legally so far, who cares if this is illegal too?!
...comes ultimate responsibility. And these guys have done /nothing/ if not prove themselves ultimately responsible.
That said, this is all just PR bluster. They've already backdoored all harddrives by infecting the firmware, compromised Cisco and backdoored all switches, they probably have operatives inside MS who've placed impossible-to-find backdoors in all versions of their OS's, they've stolen millions of SIM card K{i} keys, and their monitoring kit can hoover up any data for later processing that has the mildest whiff of interesting to it--automatically.
They "say" they *want* to sniff all encrypted coms... because they already are. Probably.
Who knows, maybe not, but when secretive agencies make a lot of PR noise, you can be certain it's a distraction.
No.
I am very small, utmostly microscopic.
What are companies supposed to do when security agencies in other countries want the same access, such as FSB (Russia)? DIRNSA tried to pass that one over, but it is a real concern -- look at what Blackberry went through with India, for example. And how many other countries has Blackberry provided access to?
As they say at the NSA..... If you have Nothing to HIDE, then you have nothing to FEAR........ Riiiiiiiiiight.
Perhaps. But an FBI phone tap is useless for listening in on a scrambled conversation (for suitably effective scramblers).
The whole thing is bullshit.
He is only trying to mask the fact that they already have broken most if not all encryption.
I am very small, utmostly microscopic.
The encryption drive was caused by the NSA and others not obeying due process when they went after information. They used little legal loopholes or just broke the law outright as it suited them. And of course that being known people are going to take steps to protect themselves.
The damage the NSA has done will take a generation to repair and that would be a generation with the NSA not actively doing damage the entire time. Absent that, we're not going back to the way things were... possibly ever.
And that means the NSA should get used to running into encrypted brick walls. They had all the trust. Companies would openly brag that their security had been vetted by the NSA. Now, no one says that because there is always the fear that the NSA saw a flaw and intentionally kept it secret so they could exploit it or worse they might have even injected a backdoor in themselves.
The trust is gone and they have only themselves to blame.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Everything, including the crackdown on encryption, is indeed happening in 2015: http://ytcracker.bandcamp.com/...
Who's Neals? Or rather, how many Neals are there among us?
There are multiple problems with your statement. Lets look at them all, shall we:
No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.
Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.
Attacking RSA/DSA/AES/etc is the NSA's job. If they can do that, fine. Deliberately weakening an existing system to make it *easier* for them to do those attacks isn't our job, or our problem. If they want to beat their heads against AES, go for it. But that's not a valid reason for country-wide key escrow.
Lastly, on the specialness of America: Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.
FUCK YOU!
I am not much of a programmer (I'm learning math), but if they put code in GPG to give themselves keys, and nobody else in the world would fix it, I'd learn C and do it myself.
1000X FUCK OFF
If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?
Are you really stupid enough to think that if we had legislation mandating backdoors in the 1940s, that the Japanese and German would have incorporated them?
If not, what's your point?
This has nothing to do with surveillance of "the enemy", whoever that may be at any given time. Because they won't build in the back doors. It has everything to do with ability to read the data of those who are not the enemy, and who can't guard themselves from CIA. Ordinary people and businesses.
Naval Information Warfare Officer, right?
“He’s not deformed, he’s just drunk!”
They have proved themselves untrustworthy. If they have the technical capability to do it, they WILL abuse it.
Good for you. And if you are a non-US person outside the US (which covers about 99.9% of the communications that foreign intelligence agencies -- key word being foreign -- actually care about) engaged in activity that is a national security threat to the US, as defined by the valid mechanisms (even if you personally disagree with those mechanisms) that democratic nations such as the US develop, then we will try to access your communications. I don't see how this is possibly shocking. Shocking, perhaps, if you are a US adversary, or someone who believes that it's all an overarching plot by the US and other free Western nations to illegally access everyone's communications, especially that of their own citizens to solidify power, or serve corporate/elite/shadowy overlords, but otherwise...yeah, no.
Mod parent up, please.
I had almost no memories of Eliza.
When governments of countries that claim to be free behave like this (here's looking at you America, UK, Canada, Australia and New Zealand) one can expect just as bad behavior if not worse in most other countries. This brazen grab everything mentality is why we can no longer trust any government when it comes to encryption. Control freaks that virtually all completely lost touch with reality and violate all our human right to privacy.
Thus it is up to the public to take back their privacy through technology and government officals everywhere can go fuck themselves.
1. Client side encryption. Any encryption that works off remote server is cannot be trusted. We already know for a fact government's target servers.
2. All software, including OS, should be open source (not to be confused with necessarily free). Running code without knowing what we are running is like saying to government invest me with backdoors.If even one piece of software isn't, rest assured it will be exploited by Peeping Toms at organizations like NSA.
3, Al firmware should be open source. (Hard drives, GPUs, mobo bios, nics, cpu, etc...) See above.
4. All code should be hashchecked before running (including apps and scripts that run in browser) before it is allowed to run (preferably using some P2P- method like bitcoin rather than remote servers that can easily be tampered with). What's the use of any security if code can be tampered with during updates on a whim. Proton mail is hands down most secure email providere but even it can be tampered with because the client side javascript code that decrypts can be tampered with.
5. Entire WWW needs to be encrypted by default. Also there needs to be new method to retrieve data that allows the benefit of a POST (i..e URL doesn''t guve away what you are looking at with the benefit of a get (ability to bookmark).
6. New suite of network protocols that are designed from the ground up for client side encryption (new IMAP, FTP, etc). Every protocol should be a zero-knowledge protocol.
7. Shaming lists. EFF does great work here but even the EFF needs to up its game. Mega corps whose products aren't open source, don't offer code hash checking, and don't offer zero-knowledge should be considered compromised. Period. Any politicians on public record supporting mass surveillance should be be added to lists labeled "human rights violators".
NSA: we currently have to go through the secret fisa rubber stamp factory to read encrypted data. thats cumbersome, you're a criminal and we just need time to build...er...prove...it.
EFF: ok so you can read crypto...thats new...we're going to educate people on crypto...the strong flavor....
NSA: thats probably evidence of a crime...people shouldnt hide things they dont...
Google: we just upped our ssl cyphers...so...up yours.
NSA: guise...come on...just because we can read SOME crypto doesnt mean all of it...we have to tap googles data centerrrrr-
Google: Oh? Nice. Also all our devices ship with crypto enabled. by default. for, you know. security.
Apple: Ditto....and it just works....
NSA:ok...seriously guise you dont understand...this is different. sometimes we listen to everyones phonecalls and, well sometimes there are terrorists that...
Moxie Marlinspike:sshhhhhhh...redphone....from whispersystems...
NSA: arent you locked up in an airport somewhere? er...no. you still dont understand!! damnit we need LEGAL access to snoop on encrypted data now theres just too much...
Tor: hey.
I2P: hey guise i heard you like crypto
cryptocat: M30w
NSA: wait....just hang on we need to get together and talk about this, its just a big misunderstanding this is about security.
DefCON: is it, NSA senpai? you've changed. I heard Schneier-san thinks youre baka.
NSA:ITS NOT ME ITS SNOWDEN! hes the real traitor and that AARON SCHWARTZ is trying to CHELSEA MANNING the FREEDOM!!
The Community : I'll just...leave this here....
Good people go to bed earlier.
So how long before the NSA requests that you shouldn't be able to have a conversation that it cannot access?
If we're essentially saying that it was only okay for the US and our allies to, for example, break the German or Japanese codes during WWII simply because Americans weren't also using the same codes, and therefore that is the only reason that the government could be "trusted" to not misbehave or abuse its powers, then we have a serious problem on our hands.
nope. The constitution doesn't apply to citizens of other countries.
What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.
and that data should be subject to constitutional protections, same as mail and other forms of communication that are. This whole idea of 'on the internet' not having the same status is just dirty reach around tactics. If anything, the government's behavior in this area is proof of why we need those protections in the first place. Regardless of how the data was acquired, if it is associated with an american citizen, he is owed due process and the right of presumed innocence. Things the NSA enables like secret watch lists and indefinite incarceration (gitmo) are NOT constitutional, regardless of whether the data acquired was digital or not.
If these threats you speak of are so dire as to require the suspension of constitutional rights, then it's time to declare war on the countries that house/fund/maintain these threats. It is NOT ok to use it as an excuse to clamp down on your own citizens.
The point is the exact reverse of what you are saying.
This is not about whether the Germans or Japanese should have incorporated "backdoors" that any external entity would have required.
This is about the fact that US adversaries, today, as you and I speak, are using the EXACT SAME systems, networks, devices, services, OSes, and encryption standards and protocols, as you and I and innocent Americans and many others in the world. THAT is the issue...does this fact put those communications off limits?
Please. Your comment proves just how deep the misunderstanding of this situation actually is.
Thank you Captain Rouge Spook. No, the government can't be trusted. That's why it is given limited powers. Those powers it does have are broken up into three pieces at the federal level, and divided between federal and state entities. We don't want an omnipotent government, Sir Spooks Alot! Not now, not in the future. No amount of terrorism will change my mind on that, nor, I hope, the minds of a lot of other citizens. The government can't be trusted, because governments ALWAYS abuse their powers, and ALWAYS wind up killing their own citizens. Trust? How about the government trust its own citizens, huh? To have private conversations? Yes, we have a serious problem on our hands, and it is people like you and Mike Rogers who have utterly failed to grasp the lessons of history, and failed to understand the benefits of continued democracy. Both of you should get out of the government.
Join the IParty!
I want my communications to be as secure as technically feasible.
If it's a choice between hobbling my security or hobbling the NSA, I pick hobbling the NSA.
OMG, that must invalidate everything I have to say!
Sorry, been there, done that, been through all the logical fallacies you can lob my way.
Wow. Do you work for free or is there some sort of compensation? I particularly like how you mix fact with fiction.
"It is NSA's job to conduct its missions as aggressively as possible within the law and its resource limitations."
Maybe you should go read the NSA mission statement again. What you said is not what it is directed to do, but is what I would expect a shill, astroturfer, hurdur, or duped idiot to say.
OMG, "SCOTUS probably also never imagined that terrorists would plot devastating domestic attacks using our own communications systems within our own country." Nor did they, even in their wildest dreams, imagine the stupidity that would emanate from the mouths of sycophants. They probably rest easier simply not knowing.
I am sorry, but you are not allowed to have those keys for reasons of national security. No I'm not going to explain it, for reasons of national security.
What? I just play his game!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It's just nice to know the motivation for ones position. It means something. And it serves to further validate the counterpoints. The cops want to disarm the people.
“He’s not deformed, he’s just drunk!”
Wow, where to even begin with this comment. Communications outside of the US by non-US persons are clearly not 99.9% of the communications that they actually care about. If that were the case, they would NOT be tapping into all US citizens phone records, pulling in massive amounts of US citizens emails, communications, phone calls, and other forms of electronic communications. They would be solely focused outside the US, which they aren't. To even say that its 99.9 foreign is disingenuous at best and a flat out lie at worst. You also don't need to believe in a "plot" to believe that encryption of your communications, as a United States citizen or as a foreign citizen doing nothing wrong, is vital because chances are the NSA or other agencies ARE collecting and analyzing your traffic.
This is about the fact that US adversaries, today, as you and I speak, are using the EXACT SAME systems, networks, devices, services, OSes, and encryption standards and protocols, as you and I and innocent Americans and many others in the world. THAT is the issue...does this fact put those communications off limits?
That is because there is no evidence that those systems have a backdoor.
If a backdoor is mandated, so that everyone will be using one with a backdoor, everyone outside the reach of US law will fork their own standard without those backdoors.
So, in the end, it will only be used against Americans.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
The people who want to hide from the US will not include your backdoors in their systems. The backdoors only serve to allow the NSA (and possibly anyone else) to read Americans' communications.
I believe we should craft a policy where Mike Rogers apologizes for his misdeeds and the misdeeds of the NSA in general, and asks, for the sake of humanity, that the NSA be completely and totally destroyed, ideally releasing info that will lead to the destruction of similar agencies around the world (perhaps some conclusive evidence that spies always do more harm than good). Rogers then jumping off a tall building is highly recommended, but I wouldn't consider it mandatory.
This is my signature. There are many like it, but this one is mine.
Reading your endorsement of such acts, it's as though you're oblivious to the revelations / leaks of what our governments have actually been doing.
Well, either that, or you are aware but don't believe in civil liberties.
"An even worse joke is when people believe NSA is operating rouge..."
And just think if they were wearing eyeliner - the mind boggles!
A.
...bringing you cynical quips since 1998
So âoebackdoorâ is not the context I would use. When I hear the phrase âoebackdoor,â I think, âoewell, this is kind of shady. Why would you want to go in the backdoor?"
In venues I have read or listened to NSA brass speak they come prepared with exotic definitions of plain language and seek to confuse and manipulate perception by invoking nonsense that would give most lawyers a run for their money.
Completely Ignoring underlying topic when you act like a weasel hard to understand how it is you expect to earn any respect or consideration for your cause.
I want a pony, and a solid 99.99% pure rhodium toilet, and a private moon base.
The problem is I won't get those things but the constitution violating NSA Director Michael Rogers stands a reasonable chance of getting what he wants.
Time to offend someone
Paedophilia is an expensive hobby.
just like everyone else.
And? NSA may "want" a lot of things. That doesn't mean they are going to get it. But if a US-based company is holding encrypted data to which they also have access, you had damned well better believe the government is going to seek access to that data if it is supported by law. If companies want to take the direction of removing themselves from the encryption picture altogether, that is their prerogative. And guess what? There are other technical ways to get that data, such as before it's encrypted in the first place.
No, there isn't. And I didn't say there is. I was stating a set of facts, as are you. See? We can talk like adults.
No...you are completely misunderstanding my point. If you reread what I said, you will note that nowhere did I argue that anyone should build a backdoor for anything...but the fact is that some US-based companies DO have the ability to decrypt stored encrypted data, which they sometimes do for any variety of reasons, and, if when those services are storing the foreign communications of adversaries of the United States, which they are, then we should have a legal framework that allows access to said data. That is all.
Arguing for a master key -- which is what you THINK ADM Rogers is arguing for, but actually isn't -- is antithetical to the security interests of the United States, our people, our military, our intelligence community, and anyone else who requires secure communications in any form. But if you have already formed your conclusions, that is fine. What ADM Rogers is arguing for is a legal framework for data access of entities that operate within and under a US legal construct...and if there is encrypted data present that the data holder cannot access, that is just the way it goes. But as you know, there a number of ways to access the contents of what is ultimately encrypted data without breaking the encryption...ways that are as old as this decades-old discussion.
And we are going to seek those ways, and I will say something that is offensive to many slashdotters' sensibilities: if you support the principles that you claim to -- things like freedom, of speech, of choice, of anything else -- then you should support the abilities of one of the strongest powers in the world at actually, materially, and in reality (not in your little internet fantasy) of actually protecting and projecting those ideals. Actually judging the actions of the US Intelligence Community based on facts, to say nothing of having some perspective on history and reality beyond what self-styled internet tech-libertarians tell you, would be helpful also.
If we're essentially saying that it was only okay for the US and our allies to, for example, break the German or Japanese codes during WWII simply because Americans weren't also using the same codes, and therefore that is the only reason that the government could be "trusted" to not misbehave or abuse its powers, then we have a serious problem on our hands.
We are not saying that at all. It was okay to crack those codes because it was part of an effort to fight a DECLARED war against a foreign power. Those ciphers were specifically being used protected the military communications of our enemies. (Yes I am aware Enigma had commercial applications) The message they were focused on cracking specifically were those where there was GOOD CAUSE to believe they military communications.
There is nothing wrong SIGINT or pretty much any and all efforts to obtain information related to an entity we have lawful declaration of war against. Its a grey area where it comes to foreign nations which we are not at war with.
Its a violation of the 4th amendment in the opinion of many reasonable educated American citizens when it comes to doing it to us. You have already demonstrated that you will play fast and loose with any restrictions placed upon you. The hole 3 steps linking meant practically everyone's records were subject to tap, for example. So the fact your ilk and you sir are ilk because your comparisons of our largely impotent (in real terms of ability to cause mass causalities or economic harm no self inflicted in response ) terrorist enemies of today to those of WWII which had massive armies on the march and sunk our naval fleet off Perl Harbor is a blatant attempt to create fear and distract from the real issues.
Society simply does not have a strong enough interest in the ability decipher most peoples private communicates. If you have enough evidence obtained by methods most of the public would agree is reasonable to actually obtain a warrant to track someones phone, or seize their computer, intercept their e-mails etc, you probably have near enought to convict anyway. The thing is you don't have that, instead you grab up people with your little dragnet and than parallel construct your way to an excuse to size something that you than have to decipher because you need that evidence as you can't talk about anything else. Never mind all the other folks whose rights your violated along the way, nope its all good because it puts criminals behind bars. Guess what our justice system was predicated on the idea of individual rights needed to be respected even if that means the guilty go undetected or get aquited perhaps even most of the time. The fact they YOU DON'T LOVE AMERICA AND FREEDOM to borrow and politically charged quote of the day isn't our problem.
100 years ago it was okay under the 5th amendment not to tell you where I'd buried my ledgers in the woods, so today should it be okay for me to use encryption that you don't know how to break and not give you the keys.
Do what you want to ISIS AFTER CONGRESS DECLARES WAR until then go sit in the corner quietly and masturbate or something.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
In theory you are right. The problem is that laws change and I cannot predict in what fashion.
What you do today and what is perfectly legal may well be illegal tomorrow. Take, say, smoking. Maybe you're smoking. Now let's imagine smoking gets banned. Well, tobacco is addictive. And if you're known to be a smoker, maybe you should be monitored whether you heed that ban or whether you engage in some illegal activity now that your addictive substance is banned.
And should you have dared to criticize the government in a way that has caused enough waves, this just might serve as the excuse needed to make you disappear behind some bars where you cannot reach those that like to listen to you. And hopefully soon you'll be forgotten and life will go on.
There are some countries, and I'm far from talking third world dictatorships, that are on the verge of heavy unrest. I don't want to say civil war, we're far from that, but there's a LOT of very unhappy and very disillusioned people in many countries that we'd consider first world countries.
All it takes is someone to gather behind. And that's to be avoided at all cost if you're a government, interested in preserving the status quo as long as you can.
So anything to get rid of such people is a good excuse. And having access to data is one way to find something. In case you ever wondered what purpose all those unexectuable laws we're seeing popping up could possibly serve, this pretty much is it. But if you need to construct dirt about someone, you need to have access to his documents.
Everyone breaks the law. Daily. Multiple times. All it takes is access to the proof.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
My motivation for commenting on these topics on slashdot may be informed by my position, but has nothing to do with it beyond that.
They can already do that today. They don't like dealing with the inconvenience of playing by constitutional rules and their rubber stamp "court" may be taken away.
I am becoming gerund, destroyer of verbs.
> ... to illegally access everyone's communications, especially that of their own citizens to solidify power, or serve corporate/elite/shadowy overlords ...
But this is what is happening, no ? And this is what people in power positions are requesting access for - ability to read ANYONE's communications. Snowden revelations clearly listed massive dragnet surveillance on own US citizens.
They don't whine that they can't read Iran's / North Korea's communications, or even Germany's or France's. They whine that they can't read EVERYBODY's communications, including those of political opponents (remember Nixon ? or own NSA's lack of legislative/judicial oversight ?).
So what's shocking is not that they were reading's US enemy's communications - that was expected; not even that they recorded US citizens on US soil, although you were labeled a conspiratard if you voiced your opinion.
What's shocking is that they are reading and archiving EVERYBODY's communication, because they may be useful in the future. And then they come and say, when caught, not that they are sorry and destroy the archives, but that we have to actually bend over, spread the cheeks and say thank you.
I agree, these people would never think to use any data they gathered for personal gain or in the pursuit of suppressing dissent.
Nothing to hide, nothing to fear.
History lessons don't count today.
Today, or any time after about 1991, general encryption available to the public became unbreakable (PGP). Breaking older code happened because they where breakable. Today, this is not the case. To actually break todays code, no one can. They break the systems they run on. For anyone to continue as it was before is not to ask if one can break codes, it's to ask to break everyone's system. Intentionally crippling security is less security than is already available. Unfortunately our "enemies" can just not use our systems and we are to be left with crippled implementations. It is a disadvantage that doesn't support the goals stated.
I think I just cashed out all my cool points.
The older I get, the more I see the wisdom in the saying, "It is very hard to get someone to understand something when their paycheck depends on them not understanding it." The truth is a bit more complicated and nuanced than this. It is not just paycheck, but power, prestige, fame, honor, and overall dominance that make a person's profession breed intellectual dishonesty. So, it is relevant. But you won't convince daveschroeder of this. It may be true that other people's profession affected their objectivity, but not daveschroder's! OMG, logical fallacy!
Join the IParty!
I too want the legal right to snoop on encrypted data.
Any data, actually.
So, can I have it?
It's that simple, isn't it?
Since when did government change from governing FOR the people, to governing OF the people?
Seems to me the likes of the NSA etc have misunderstood their job descriptions ;)
What a mess. Why do ordinary Americans tolerate these people?
The real issue here seems to be defining proper use of said back doors.
Mr. Rogers, you claim that you need to be able to have access to encrypted data when you "need to".
The problem is you seemingly "need to" have 100% full access, 100% of the time, and you want to capture 100% of the traffic.
Sounds like the only real thing you "need" here is to come up with an excuse to allow your legal transgressions to continue.
Sounds like the only thing the People to do in response to that is to remind you that you're breaking the fucking law.
Yes, where to even begin...
Do you realize that over 70% of FOREIGN internet traffic enters, traverses, or otherwise touches the US?
Do you understand that an individualized warrant is required to target, collect, store, analyze, or disseminate the communications content of a US Person anywhere on the globe, and that the current law on the issue is stronger and more restrictive with regard to US Persons than it has ever been?
Do you understand that the FOREIGN communications we are going after are now intermixed with the communications of the rest of the world, including that of Americans?
Do you understand that when terrorists use Gmail, Facebook, Yahoo, WhatsApp, Hotmail, Twitter, Skype, etc. etc. etc., or Windows, or Dell computers, or Android phones, or Cisco routers, and so on, that there is no technical distinction between your communications and theirs, yet -- surprise -- we still would like to access those communications, and have legal, policy, and technical frameworks to do so, even if you have not personally inspected them yourself?
If you are a US citizen, and not covered by any warrant, no one cares about your communications. And almost by definition, no foreign intelligence agency (NSA, CIA, DIA) remotely gives a shit about your communications, and would greatly prefer to avoid it altogether, unless you have some kind of connection with foreign intelligence targets -- in which case any collection or monitoring of your communications would require an individualized warrant from FISC or another court of competent jurisdiction. I realize you think this isn't the case, and that all of your communications are being mined and monitored (illegally, no less), and since proving a negative is impossible, I won't be able to help in that regard.
The constitution was meant to be understood by all, and interpreted in the courts, by a jury. Inconsistently.
The fact you can't even see that fact, and argue all that gobble-goop, is an indication of indoctrination. It's absolutely fucking absurd.
Go look up what the gold frills on the outside of the flag in the court-room mean. Hint: Research Maritime flags and the states that were once republics, and what the 14th amendment did. Maybe then you'll start to understand what you're fighting for.
what we the citizens think. All the Snowden revelations and they have the nerve to even suggest such a thing.
I think it's time for the release of some more damning files from the repository of documented evil. If, for no other reason, to show exactly WHY we need strong crypto in this day and age.
( It needs to be in Comic Sans and giant font with lots of pictures though. The majority aren't getting it )
I find it amusing that the Government argues it must do its job in secret to be effective while, at the same time, no one else is allowed access to any sort of privacy or secrecy at all.
When we inevitable lose the battle (the government does have a tendency to get their way in these things), do we get to reap the benefits of a total information society? I mean, will there be a searchable database where I can find out where I left my keys? That link to that awesome video i saw on sometube.com that i can't remember? If i remembered to feed the cat?
The German and Japanese were war opponents who wanted to take over the world.
How the fuck can you compare another country's attacking military with me wanting my health care records private between myself and my doctor? Or my messages to my wife?
The NSA can not magically say, "We don't know if what you're doing is wrong, so we deserve the right to find out." That goes against every grain of Innocent Until Proven Guilty and moves us to a "Let us proof you're not doing anything illegal" system.
From the bottom of my heart: Fuck you.
I encrypted it with a one-time pad then I added ROT13 just for good measure.
Then I burned the pad.
That will show them!
Bwuhahahahahaha.
--
For the humor-impaired: As long as we have a constitutionally protected right to not divulge our encryption keys, the use of a one-time pad is mathematically unbeatable as long as it is used correctly and the pad does not fall into the wrong hands. Sometimes destroying the pad is the only way to prevent it from falling into the wrong hands.
--
Spooky "I am not a number, I am a free man"-themed captha: resigns
Present me a bona fide warrant issued by a bona fide seated judge and I will assist you in decrypting it.
That's all.
Once a back door exists, all power hungry countries will find the keys.
I don't see how this is feasible given:
1. encryption algorithms are well known, and being improved as time progresses.
2. people have unfettered access to build programs on their systems today - e.g. C, assembly languages; how would you stop people from writing code?
3. how can anyone effectively police this given maker projects (people building their own circuit boards, computers etc) and the sheer size of the problem set?
The only way to do this effectively would be to break computers, networks, and the economy (by suppressing general innovation). That would cost trillions of dollars to automate and police, and would set back progress decades - all to capture a handful of terrorists that could be more cost effectively investigated using more traditional methods.
Stop being lazy NSA - and do your job legally without destroying that you say you want to protect.
I am Bennett Haselton! I am Bennett Haselton!
:-) It's all good, man. I'm pretty sure I'd feel the same way if there something in it for me. We're all just regular folks.
*You serve your master well*
“He’s not deformed, he’s just drunk!”
And compel someone to incriminate him/herself?
Decrypt this, asshole! --> G_ F_ck Y__rs_lf
Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
The NSA says your photo has a hidden message done by Steganography. You say no and they LOCK YOU UP.
This is a guaranteed way to silence &/or stop anyone in society who the government disagrees with.
how exactly, other than brute force, is the NSA going to get access to the data?
BINGO! Only it will be applied to the person encrypting the data, not the data itself.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
"If you actually trusted our government, or that of any Western governments, then you would support that, too."
There. FTFY.
Please tell me more about how you disregard reality and substitute it with your own.
You're are naive to think they won't use this to spy on US citizens.
I am Bennett Haselton! I am Bennett Haselton!
My biggest beef about those who say, "just encrypt it"... is the fact that it isn't a switch that you can flip, walk away, and call the matter done. People fear the spooks, but realistically for most everyone, they are far at the back end of the line when it comes to security threats. China has done a crapload more in trying to break in, slurp data, and actively compromise/sabotage, for example... and nobody ever considers them a threat, even when one of their companies ships products that are stated to have major security issues. So, lets be real... encryption is important, but the problem is that it needs more than just click the "encrypt" checkbox.
For example, key management. Brute force password guessing is getting smarter, and that is without faster equipment via Moore's Law, as well as the fact that compromised botnets can be used for password guessing. If one wants to store stuff offsite, just setting a password and calling it done isn't wise (unless one actually uses something that is 30+ characters long.) The ideal is a keyfile that is stashed at endpoints, so an attacker has to deal with all 128 or 256 bits of the keyspace, and not just the relatively small space from a password. Another option is to use public/private key encryption, since the attacker would at least have to brute force the private key.
Key management, long term, isn't insignificant, especially dealing with encrypted, stored data. Keep too few key copies, and a disaster results in the company having lots of inaccessible data. Too loose on keys, and a bad guy can scarf the data, and have the key to decode it. This is something that needs someone with enough smarts to figure out the company/organization/individual needs and go from there. For example, one firm might have a separate office in a no-name building whose sole job is to keep the recovery keys, and a separate office in another part of the country with another set. These are stashed in a burglary resistant, alarmed safe in an office that has very good security. Another way of protecting keys is sending each corporate officer home with a Trapper Keeper with printed keys, keys on CD, and keys on a USB flash drive. The local tape safe also has a set. This way, if a chunk of media falls off the back of the Iron Maiden van, it is a $25.00 write-off, not an "oh shit, we just made the front pages" security breach.
Another item is in-flight encryption. It is sort of insane that session keys don't get changed out, and PFS wasn't a part of the core SSL/TLS standard. It should be that when a session is over, the keys are gone, and one session can't be decoded from another.
As for the NSA, with the NIST guidelines and documents that is actually written by people who know what they are doing, and how to properly secure stuff (most of it is obvious, but there are a few things like enabling TripWire or AIDE) which are useful. So, for what I do, they have done more to help my security against bad guys than destroy it. Part of security is to spend time and resources dealing with the most plausible threats, and the crackhead looking to invade a home or business is far bigger an issue.
tl;dr... The NSA is one thing, but the actual focus needs to be doing encryption and security right, since there are a line of bad guys who will mess a person up far worse, and should be dealt with first.
And why would a US company lose their right to privacy just because they deal with a foreign nation? News flash, this isn't 1605, EVERYTHING is international these days. Claiming that rights cease to exist because "DUH FOREIGNERS!" is idiotic.
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
Men like you made Hitler great. Keep up the great work; ideally on some other planet.
Well, at least your bullshit has been appropriately modded as "funny" - because it's a joke if you think that FISA gives a fuck about our rights or that your beloved NSA has no ill intentions towards Americans.
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
wow, I haven't seen so many shills in one place in quite a while. the reason you are being called out isn't because of your position but because you conveniently leave out details which completely invalidate your arguments.
1. secret courts - yes, the original intention was to make sure there was probable cause before the court was to issue a warrant. In reality, even statements by the court indicate that it has been not much more than a rubber stamp. Less that one percent of requests for warrants have actually been denied. The court is not protecting any citizens. It is protecting the impression of process and procedures so that the government cannot be sued for breaking fourth amendment protections.
2. Spying on everyone. - yes, we all know that the NSA director perjured himself when he said that only metadata was being collected. Within weeks, the rest of us learned about prism which collects not only metadata but content itself. The fact that you leave this out means to me that you know your argument is flawed and that you are trying to discount and minimize facts and evidence that has already been publicly disseminated.
blah blah blah. more bullshit about things being legal that in fact were not legal until unconstitutional laws were instituted to make them less illegal. Lets not even get into the fact that when these laws were passed, the senate intelligence committee did not even know about prism and other programs which were meant to "collect all data".
As for phone record metadata, this is the type of information that government and investigators used to need a warrant to get and they needed to request it from the phone company. Now you are implying that a warrant isn't needed because it's public information and therefore there is no expectation of privacy. FUCK YOU! If there is a reason to suspect someone of a crime, then there is cause to get a warrant. If there isn't, then you have no claim to that or any other information.
Blah blah blah. About the NSA and breaking laws. Laws have been created to make what the NSA is doing "legal". That does not in any way mean that it is constitutional. These things are not at all equivalent to how things were in 1979 or even before the patriot act. You are disingenuous to imply that these things are even remotely equivalent. In 1979, the intelligence infrastructure was even remotely set up to monitor the activities of normal American citizens.
Blah blah blah. terrorists use the same networks and such. You know there was a time when the intelligence services needed to actually do real investigative work. They didn't just get to treat everyone like a criminal until one committed a crime.
Freedom isn't free. It's difficult and expensive. Attempting to take away peoples privacy and autonomy to make the jobs at the NSA easier doesn't make us more free. It makes us less free. Being free without the freedom part of it is actually not being free. Even if some government officials are lying to you about how much freedom you actually have.
If you would actually like to have a discussion, I am more than happy to engage. I have articulated these views (not on this specific topic, of course) long before I ever served in uniform, and they have nothing to do with a "paycheck" -- in fact, it's the inverse: the reason I chose to serve is because of my personal desire to do what I can to support things I believe in, and believe are important for our nation and my family and fellow citizens, not the other way around. Yes, our system of government is imperfect...grossly so -- but I choose to support it over any and all alternatives, warts and all. (And that is not to say that there are not things that cannot be improved.)
And again -- and I sincerely mean this -- if you are actually serious about engaging in a dialogue, I am happy to.
Hey Dave - Go fuck yourself.
Any citizen of any country has the right to keep their data private.
Just because they are outside of the U.S., doesn't reduce their own rights to privacy.
Yes some people do bad things, that doesn't restrict or remove their rights to privacy.
As soon as you allow for any kind of restriction of rights, then that restriction will be expanded to cover everyone that isn't a multi billionaire, international bank or government fucktard.
hes trying to hide the fact that hes not looking for a technological solution.. hes looking for a lawfull solution that would have strong reprocussions should you not unlock your hardware for the approperiate LEO. its all just a circus act now.. end lesson: encrypt everything, teach others how to encrypt everything, and never give in to these wackjobs.
its also worth noting that so very few of the people in the top places now a days had little to no tech training and i am willing to bet rarely if ever go for retraining.
Do you understand that current Executive branch thinking says that they can do all of this data collection on U.S. citizens without that warrant?
Do you understand that current Executive branch thinking believes that they can kill U.S. citizens with drone strikes without any kind of criminal activity being involved?
Do you understand that current Executive branch thinking allows the USAG to kill or induce suicide on victims of baseless laws?
Do you understand that current Executive branch thinking says that the Bill of Rights is null and void?
Again I say, go fuck yourself Dave
Give me the legal right to give the NSA director a colonoscopy with a bottle brush and we'll talk.
"The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability."
Complete BS.
History has proven that the primary thing that kept the 4th amendment alive for as long as it lived was the technological inability of the govt. to snoop on most aspects of its citizens lives. Now that technological progress and the digitization of our lives has made it technically possible to capture and examine grand swathes of citizens' lives, lo and behold, suddenly all those previously sacrosanct legal constraints of the past suddenly start getting REAL squishy. Suddenly, Orwellian "full capture" approaches are claimed to be NECESSARY for the govt. to properly protect the HOMELAND against Oceania. Or is it Eastasia these days? I always get it mixed up.
Worse, the military-industrial types and their security pawns in Congress actively chip away at whatever fig leafs of legal constraints still exist on govt. snooping as we've seen over the last decade and a half.
Then these same folks have the audacity to be shocked, surprised and upset when citizens and companies object to them shredding their formerly fundamental rights. They smear anyone who actively takes steps to restore a more proper balance as criminals, terrorists and traitors.
As the OP said, they can go fuck themselves. You aren't putting this genie back in the bottle.
world war 2? really??
ok, let me turn your argument against you. the way history happened, and the side that we're on, yeah, the ability to decypher german messages helped us win.
but suppose we lost? suppose it was them that decyphered OUR important messages and suppose that freedom lost out when our private messages were understood by the germans.
see, the analogy only 'works' for you when it happens to correlate with the desired outcome. bad guy did something wrong, you caught him because you can read his messages. USA USA USA!f
but, not so fast. it could very easily be the other way around. I'm sure it has been, too, but that its not made public. the fact that foreign countries can pick up and decode our private messages surely have hurt us in the past and continue to hurt us.
the solution is clear, if you understand the above. everyone gets to have privacy or no one has it, not even governments and those who think that they are above the laws that the rest of us have to live by.
if you get privacy, we should have it. and that means that you don't get to break it! or, if you argue for that, then we demand symmetry. and I'm SURE you won't want that!
--
"It is now safe to switch off your computer."
As a servicemember, he's legally prohibited from discussing or viewing them. No wonder he's wrapped up in a fiction.
How about an alternative where our government actually follows the Constitution even if we can have our lawyers weasel around it through advanced legalese? One where we value personal liberty over threats that we've made up or manufactured ourselves? We would be safer if someone were to burn all of the NSA's facilities to the ground, leaving nothing but rubble. They are a much bigger liability than any risk that they fight, and this has problem been the case for intelligence agencies going back to Hoover.
This is my signature. There are many like it, but this one is mine.
Naive to the core.
If they let me do it, they can do me!
Its already been said here but I'll say it again as added insurance that you get the message:
Go fuck yourself.
... I realize you think this isn't the case, and that all of your communications are being mined and monitored (illegally, no less), and since proving a negative is impossible, I won't be able to help in that regard.
While my thoughts on the general matter at hand fall somewhere between daveschroeder's and the AC, I feel it's a bit insincere to imply that all US communications are NOT being monitored at all unless a warrant is involved. As far as metadata goes, we *know* they are; Snowden leaks have shown it; it's been confirmed by multiple sources; it happening isn't really a question.
Are they logging the content of all communications, or monitoring it, or analyzing it, etc? I don't know. Maybe that's what you are referring to. AC will probably still argue with you, but being more accurate and honest about recent events would lend your argument a bit more credibility.
thanks for the information. let me guess, you work for one of the ABCs???
have you seen my sig? there are many others like it but none that are the same
the constitution has not been amended last time i checked. therefore anything tomorrow that is found unconstitutional, will have been unconstitutional from the start, if the program has started after the last constitutional convention.
have you seen my sig? there are many others like it but none that are the same
It would probably look something like this with the tagline "Encryption? I'll break right through that defence."
Live today, because you never know what tomorrow brings
Uh, no.Smith v. Maryland was decided on two points.
First, the collection of very limited data which was specific to a single physical phone line, using a pen recorder which only captures a called phone number and time. The court placed significant weight on the limits of the data collected, saying:
-442 U.S. 735
and continues to base its reasoning on those limits.
The government tries to use that to justify collecting "metadata" which includes MUCH more information, and which is collected in bulk against a large number of citizens. Unlike the wired phones in play with Smith, cell phones are much more effectively linked to specific individuals.
Second, the decision depended upon "no reasonable expectation of privacy" for the numbers dialed. It was in the days of the old Bell System, which didn't promise customers any level of privacy. Most, if not all, modern cell carriers have explicit privacy policies, from which customers DO gain a reasonable expectation of privacy for any information they provide to the carrier.
Your claim that modern activities have been "affirmed by a 35 year old case" are false at best, otherwise ignorant or deliberately misleading.
"National Security is the chief cause of national insecurity." - Celine's First Law
You will be mandated to run ROT13 on all your email communications twice. That's double security folks!
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
The US constitution is the document that authorizes our form of government. Even a cursory reading of it reveals that it spends a great deal of time restricting government action. Given that this is the case, it must (and of course does) follow that there was a perceived risk deemed significant enough to guide the construction of the document, that risk being the government acting in such a way as to compromise the citizens.
Further, again without much effort, we can see that the restrictions implemented at times actively disadvantage the government. The 4th amendment is a poster child for this; it would, of course, be much more convenient for law enforcement if searching any venue they wanted, any time they wanted, for anything they might happen to find, was ok. But all three are disallowed: Warrants are required, specifying where to search, what to search for, and the prior existence of a reason (probable cause indicative of wrongdoing) for the search.
This is the source of those "self-styled internet tech-libertarians" ideas that the government should not have everything easy, no matter what justifications they might bring to the table today. The document that served (and serves) as the very foundation of this country does not agree with your "you should support" assertion, and it does agree with those "self-styled internet tech-libertarians."
Indirectly related to all this is the pervasiveness of blatent agitprop put forth by the government regarding the risks of terrorism within our borders (slim... getting hit by lightning is much more likely) and the risks operations like ISIS pose to the US (almost none... certainly nothing that justifies paying them any attention at all, much less getting unconstitutionally invasive within our borders.)
Finally, as US law extends exactly zero distance within the borders of, and the communications mechanisms of, other countries, what the NSA and other TLAs do in those venues is pretty much irrelevant, legally speaking, except when it touches upon a US citizen or breaks a treaty to which we are signatory. There's no need to ask for powers out there; there's no significant limit on such activity that we didn't sign up to on our own. There's no premise that provides for search or seizure of anything within the US without a warrant pendant upon probable cause, supported by oath or affirmation.
It's worth examining the role of the oath there as well. At the time, a person's word was the foundation of their reputation. An oath was something given when even the most awful circumstances would not disrupt the giver's honor. Should someone's oath be found wanting, their reputation was destroyed, and likely, permanently. This is the source of requiring an oath before a warrant could be issued: if the assertion of criminality was found to be incorrect, the oath-giver, a person directly responsible in the chain of warrant issuance, was harmed deeply by the utter destruction of anyone's ability to trust them -- and you could be sure the falsely accused would see that it is so.
So we can see that the government's ability to search and seize was not only restricted by procedure, but also by the willingness of a citizen to destroy themselves should the undertaking prove fruitless. The authors of the constitution really didn't want the government searching and seizing "just because it wanted to." You'll also note there are absolutely no exceptions made for constructions like "national security", "public safety", "the children" or "moral decency." The whole and entire premise that any part or parcel of search and seizure of anything within our borders should be at the government's ultimate discretion is utter claptrap made up by, and for the benefit o
I've fallen off your lawn, and I can't get up.
..well, then I would ask what you think about the German and Japanese codes in WWII?
Germany and Japan are the targets of declarations of war by our Congress. Once Congress formally declares war on America, feel free to decode at will.
Your (and my, and any individual citizen's) personal interpretation of the Constitution is not the measure. It is the interpretation and implementation by our three branches of government. I realize that some reading this believe they have all been compromised, or that they think some particular thing is "obviously unconstitutional" (even though the judicial, legislative, and executive branches say otherwise), but the fact is we have the system of government we have. So how about you consider the alternative: one where you don't assume that everyone working at every/any level of government, e.g., NSA, doesn't have the worst motivations and is actually trying to do their best to honorably, legally, and Constitutionally, protect our nation and its people instead of the opposite. How about that?
If those communications are within areas governed by US law, then yes, it does, barring completion of the steps specified in the 4th amendment. Which, if you actually have evidence of wrongdoing, should not prove in any way inconvenient.
No government agency deserves immunity from the very constitutional provisions that authorize their existence. None ever will. Yes, this entails risk. We know. That's not sufficient justification to let the government off the leash the constitution defines.
I've fallen off your lawn, and I can't get up.
You know what? My mail uses the exact same paper, glue, and ink technology as everywhere else in the world. It is delivered by the same postal service criminals and mobsters all over America use. Still, my mail is protected from illegal search and seizure by the Constitution, and the FBI and CIA have still managed to do their job for most of a century.
Why is it any different if it's digital?
The bottom line is this: it doesn't matter if terrorists are using US pathways for information relay. That doesn't magically grant you the right to breach a US citizen's constitutional rights, and certainly not in the name of 'security.' We are legally protected from this by our founding documents. The ends have never justified the means, and it's a weak argument to make.
The insecurity that comes with freedom is part and parcel with our form of government.
.
The real power of the western democracies lies not in the governments doing what they want, it is in the people being free to do what they want. Free people made a thriving movie industry, which is something the government could never create. Can you imagine if we had a federal agency that tried to make movies to compete with Hollywood? Free people made the computer and software industries. Free people made the insurance industry. Free people made the auto industry. Free people made public key cryptography. Free people invented airplanes. Free people made the Internet what it is today (maybe it was created as a government project, but it is hardly a government thing right now). Freedom to do what we want without excessive government interference makes us successful and ultimately more powerful.
.
The governments need to be strictly limited, or they will destroy our freedom and power. Seriously, does anyone still wonder why the western democracies have become so powerful? It is because they are designed to guarantee the freedom of the people. The people, doing what they want, create very powerful industries, technologies, and social structures. The problem with all this spying is that it threatens our freedoms. With nearly complete information available to the leader, there is too much potential that the leader could abuse the power. First, the leader abuses the power to silence his/her political opposition. Then, the leader abuses the power to silence the backlash from the people supporting the opposition. Then, the leader abuses the power to hide his/her corruption, abuses, mistakes and problems. This is not a question of "if" but "when".
.
People sometimes think that, because a problem occured when people were free, maybe the freedom is to blame. I agree with *you*, danheskett. I believe we should always resist the presumption that any agent of the executive should be allowed to act without oversight and accountability to combat terrorism. That is a recipe for disaster in the form of dictatorship. So if anyone out there is struggling to find the answer, here it is: "It's freedom, stupid!" Less freedom will not make us more safe. It will endanger us! In this particular case of government access to encrypted data, it will make our computers more vulnerable not only to the government but to the terrorists! A free and secure populace will protect the government, because it is free and secure. A subjugated and oppressed populace will not protect the government.
Join the IParty!
NSA Director Wants Legal Right To Snoop On Encrypted Data
He already believes he has the (legal) right to snoop on your data, encrypted or otherwise. What he wants is the (legally mandated) ability to decrypt your data.
And in other news the government would like to get rid of cash so that they know everything that you buy and that you pay taxes on everything (except things bought on the internet).
A bureaucrat from an intelligence agency thinks we should all stop making their lives difficult. Due process, phhfftthhpptt!! Oversight, who needs that you Communist/Nazi/Terr'ist! Why don't we just surrender all our rights and just trust in the machine of surveillance and the grand czars who run the system?!
There was just an article in the IT press. The state government of Utah says they have seen a huge spike in hacking attacks against them. The state official involved speculated that they were secondary or even innocent targets of hackers who were actually after the NSA data center in that state.
The hackers will go wherever the targets are. If the NSA has a treasure trove of information and the hackers think they are immune to any reprecussions for their activities, then the hackers will go after the treasure trove. That's always the risk. And the risk appears to be materializing (the NSA will say they are sufficiently protected. However let's be real, if a hack was effective against them, do you think they will disclose that to us, the great unwashed public? Of course not.)
As a company man, Michael Rogers is paid not to understand this, or any other aspect of how bad his company ideas are.
Yea fuck you you bitch!
This is incorrect. More properly, the Constitution doesn't apply to people IN other countries.
That is to say, if a German comes to the USA, the Constitutional protections apply to him while he is here. But they don't apply while he's in Germany.
"I do not agree with what you say, but I will defend to the death your right to say it"
A new generation of the oh-so-much-more-important-than-us spouting yet another refrain of the Tyrant's Plea.
As always, all IMO. Insert "I think" everywhere grammatically possible.
You are attempting to compare metadata to an encrypted communication between two private parties.
That's like comparing an abacus to a modern computer.
I am Bennett Haselton! I am Bennett Haselton!
That's quite the one-sided viewpoint. The Constitution is a contract between the citizens of the US and the government. If the interpretation of that contract as held by the government and the citizens diverge too much, it ceases to be valid.
Ultimately, "your (and my, and any individual citizen's) personal interpretation of the Constitution" is the only absolute measure, because the US government only exists at the behest of the people. It entirely and completely derives its authority from the people.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Overkill it may be, but I've been writing my prototype security code to generate new AES256 keys for each session, using the pre-generated keys only to initialize communications and handshake the generated keys. Even I won't know what keys are in use.
The NSA can kiss my ass. So can CSEC, GCHQ, and everyone else who thinks they have a "right" to spy on me.
Approach the service provider with a properly signed warrant in the appropriate jurisdiction of the server if you want access to my data.
I do not fail; I succeed at finding out what does not work.
This is the exact reason when the document was written it was written in plain English.
/tinfoilhat> They would lose the threat of "to fight terrorists".
For your quote there see the 10th Amendment.
To be clear I am not so much concerned with anyone collecting my metadata, I am concerned with someone having the ability to indiscriminately read an encrypted private communication between myself and a second party on a witch hunt for "reds under the bed".
This is the slippery slope. In fact tinfoilhat>this would go a good ways to why the gov didn't do away with ISIS when presented the opportunity.
People should wake up, the real terrorists are in Washington. We elected some of them, the rest were appointed.
I am glad to hear that if I had wads of cash that you completely are ok with my lobbying whomever in Washington for whatever purpose I wanted just because I had pockets deep enough.
I am Bennett Haselton! I am Bennett Haselton!
I fear my government removing my liberties more than I fear losing my life in a terrorist attack.
I am Bennett Haselton! I am Bennett Haselton!
So how about you consider the alternative: one where you don't assume that everyone working at every/any level of government, e.g., NSA, doesn't have the worst motivations and is actually trying to do their best to honorably, legally, and Constitutionally, protect our nation and its people instead of the opposite. How about that?
Because most of the evidence says exactly the opposite. If the Russians are a problem, and they are a minor one, in a mobster kind of way, then point your rifle at them. And whether it's constitutional or not doesn't matter. The people who vote solidly approve, the wars, the spying, the patriot act, all of it. I don't blame the grunts (including you) for *following orders*. That is the job the voters gave you through their reps. Only they can reverse it. The government has no incentive otherwise.
I try to remind people that they should take every step possible to protect the security of the communications, and to ignore those who claim they have any right to interfere with their pompous rationalization of *god and country*. It's a lot of hogwash.
“He’s not deformed, he’s just drunk!”
As do I, yet our government has proven over many decades it's inability to not overreach, many times has it been caught red handed in the cookie jar.
If you want to believe they can be trusted then good on you, however I don't trust them as far as I could throw them.
If terrorism is such the threat that every communication needs monitoring and archival why are good old fashioned letters not opened and scanned then sent on about their way, you know in case terrorists are using pen and paper to coordinate.
With your last two paragraphs I fully agree with.
I am Bennett Haselton! I am Bennett Haselton!
The government can, has, does, and will continue to abuse their spying powers for personal financial gain. The citizenry *must* protect themselves, and that means being able to encrypt their communications. The means by which the government should be able to enforce laws is to obtain a warrant, which is a system that forces public accountability. It might mean they have to contend themselves with saved documents they can obtain, and not real-time encryption, but that is the necessary cost of keeping our government from becoming a crime boss.
Yes, the government should be able to compel decryption with a properly-obtained warrant. No, the government should not have an always-available backdoor to decrypt all private communication. That is the proper balance.
Every person has some data that should be secret, like credit card details. If your devices have a backdoor for government then criminals can use it too. Just matter of time before the way to use it leaks into criminal underground. Requiring mandatory backdoors for storage is as absurd as requiring a single mandatory government usable master key for all locks. You may be 100% sure that actual use it to catch criminals will be dwarfed by abuse by government officials for their own petty ends.
A bright red spook, eh? Oh, did you mean, "rogue"?
Your (and my, and any individual citizen's) personal interpretation of the Constitution is not the measure. It is the interpretation and implementation by our three branches of government.
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.
Wrong.
Government's job is to secure and protect the rights of the people. The government can decide/declare anything it wants, but if the overwhelming majority of people refuse to comply there is actually very little it can do, and it risks being abolished and replaced/restored.
So how about you consider the alternative: one where you don't assume that everyone working at every/any level of government, e.g., NSA, doesn't have the worst motivations and is actually trying to do their best to honorably, legally, and Constitutionally, protect our nation and its people instead of the opposite. How about that?
Sorry, but that boat sailed with all the lawlessness and abuses that have been revealed regarding domestic data/comm interception/storage, the widespread use of parallel construction, and the mass compromise of encryption schemes.
History proves over and over that the biggest danger to life and liberty is and has always been one's own government. The kind of "trust" you advocate for in this context would be foolish.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
There's two very different propositions here, and TFS does a good job of confusing them.
First, "should the NSA be allowed to try to crack our encrypted data?" Answer: well yes, knock yourselves out. And that means, if you develop a technique for cracking an encryption that others think is secure - fair play to you, job well done. I don't see any way you can expect the NSA to do anything useful at all, if it's prevented from making that attempt.
But the second question is very different: "should people be allowed to use a form of encryption that the NSA doesn't know how to crack?" And the answer to that is also "Yes, of course." Because any plausible way of preventing that would be at best blatantly intrusive and a huge infringement on our freedoms. At worst, it would be all of the above plus also self-defeating, as it would ensure that the US rapidly fell behind in the international arms' race of encryption technology.
"Free Western nations"
Please could you expand on what you mean by this phrase.
A friend of mine who researches such things told me that FISA gives at least one fuck: if they catch somebody lying to them too egregiously, they don't accept warrant requests from that person any more. This puts a little pressure on the people asking for the warrant. It doesn't invalidate the warrant, unfortunately, or get the liar prosecuted, but its something.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
And I suppose leaving their region alone, not bombing their kids with drones, not locking up innocent members of their community in Gitmo for years, and not demonizing them in the media is all out of the question?
The Constitution was written in fairly plain English, and that's what's causing the problems. English is somewhat ambiguous, and there's a lot of things that we can do now that we couldn't do then.
The government may not search my papers without some sort of reason. Can it search for copies of my papers (emails) that may be elsewhere, and aren't technically mine? It's agreed that my mail and email are secure, but is it a search if my email is copied to government storage as long as nobody looks at it or analyzes it without a warrant? Is the address supposed to be secure? There's things that the government has been allowed to do, such as follow my car. Do they have the right to follow everybody's car simultaneously, which they can do now? If I'm served a search warrant, do I have to do anything to cooperate? Switching to the Fifth Amendment, is turning over a password like turning over a key, or is it more like incriminating myself?
These questions can be argued both ways, and they can be pushed almost out of recognition by a government agency that still considers itself in compliance.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The exact same? The Western TypeX cipher machine was a ripoff of Enigma, and some Brits were feeling that they should ideally be paying license fees. The TypeX was, to my knowledge, never broken by the Axis.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
More properly, the Constitution defines what the Federal government may or may not do (and, in some cases, what other governments in the US may or may not do).
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The cat is out of the bag and they keep trying to stuff it back in
The U.S. and its agencies have no right to acces my data in any way under any circumstances, full stop.
What they do in their own country to their own citizens (who, at least in theory, can decide what the U.S. government can and cannot do) is their own business, but anything they do or try to do outside their borders is subject to local laws and regulations and if it involves snooping into people's data quite likely illegal in most cases.
The NSA also has two roles: to read communications and to protect US communications from the bad guys. If the NSA can read encrypted data, all other intelligence agencies will make it a priority to get the same capability, and the bad guys read our mail. The NSA really needs to take its role of protecting US communications more seriously.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Do you understand that an individualized warrant is required to target, collect, store, analyze, or disseminate the communications content of a US Person anywhere on the globe, and that the current law on the issue is stronger and more restrictive with regard to US Persons than it has ever been?
That is delusions of political scale.
Also, notice 'content'.
Massive abuses can be, and have been, taken with metadata too.
There are two types of people in the world: Those who crave closure
That'd be great. Except they were just shown to have compromised every cell phone on the planet by illegally hacking into the manufacture of SIM cards.
Does that sound like 'worst motivations'?
To normal people, it does.
There are two types of people in the world: Those who crave closure
Not foolish.
Life (and liberty) threatening. To all citizens.
There are two types of people in the world: Those who crave closure
Rightfully so.
One happens daily. The other happens when our government pisses off somebody.
There are two types of people in the world: Those who crave closure
That's like a quarter of a fuck. At most.
There are two types of people in the world: Those who crave closure
It's one thing to encrypt your web traffic to prevent malicious persons with access to it from seeing sensitive information. It is quite another to use it to hide criminal activity.
IMHO, it is cause for the government to suspect criminal activity whenever super-strong encryption is used, or whenever encryption is used in uncommon places and in uncommon ways. Normal, law-abiding citizens who don't have anything to hide, don't expend the effort to hide what they are doing. That's a plain and simple fact.
And, in the end, how many innocent people have really been harmed by government snooping? Name one innocent person who was incarcerated as the result of NSA spying. Just one.
My concern is this-
The NSA decrypts all messages to see if they need to read those messages. Those decrypted messages go into a database which, like the cellphone metadata database, is opened to other agencies (the police) to browse. Pretty soon the only messages the police will need a wiretap to gather are those which are easiest to collect.
With regard to:
"AS: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.
MR: I’ve got a lot of world-class cryptographers at the National Security Agency.
AS: I’ve talked to some of those folks and some of them agree too, but
MR: Oh, we agree that we don’t accept each others’ premise. [laughing]"
Would these be the same world-class cryptographers at the NSA that created the defective: http://en.wikipedia.org/wiki/Skipjack_%28cipher%29 ?
It's a constant function with the government regardless of had badly an organization has done in the past, regardless of the consistent level of incompetence, abuse and unethical behavior they'll always say trust us, we've got it right this time. The sad part of of course is congress, the president and normally the SCOTUS all just rollover and let them do what they want.
And their fruits are rotten and infested with vermin.
/. If the government wants us to respect the law, it should set a better example.
It's like saying, a penguin isn't a bird because it doesn't fly... then, one day, a computer at the N.S.A. becomes smart enough to realize that, yes, indeed, penguins are classified as birds.
So what do *you* think, are penguins birds?
Actually, "both of the above" (foolish and malicious) fits the available evidence best. For instance, Rogers' answers at Monday's cybersecurity forum were both pathetically lame (foolish) and contemptuous of American values (malicious).
/. If the government wants us to respect the law, it should set a better example.
My argument wasn't that anything was "obviously unconstitutional", my argument was that they should try and keep their practices as far into "obviously constitutional" as possible. If doing nothing is 0 and the threshold of unconstitutional is 10, let's try and keep most things around 3 or 4 and only go up to a 7 when we absolutely have to. Or, if you want a real life equivalent for citizens, it's appreciated if we aren't barely legally sober all the time while driving.
That's fine. However, that road to hell is paved with good intentions. Genuine malice is actually pretty rare in humanity, but gross incompetence is abundant in 100% of the population. Thus, putting too much power in one place results in great power being inevitably wielded incompetently. The inherent secrecy of the institution means that they are largely shielded from serious outside criticism, which results in incompetence being baked into their practices. Being enormous and secretive means that our intelligence agencies are bathed in incompetence and useless practices to the extent that Maxwell Smart is an incredibly generous portrayal.
This is my signature. There are many like it, but this one is mine.
Terrorist group wants to legitimize their snooping activities.
News at 11
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
If companies want to take the direction of removing themselves from the encryption picture altogether, that is their prerogative.
And yet that is precisely what the government is pissing and moaning and setting its hair on fire about. Showing that sort of contempt for citizens' private prerogatives is what caused them to forfeit our trust in the first place.
/. If the government wants us to respect the law, it should set a better example.
Indeed. This proves beyond any sane doubt that the targets are not foreigners (who for obvious reasons would ignore any "legal framework" and avoid using defective-by-design NSA-approved encryption). The targets are domestic.
/. If the government wants us to respect the law, it should set a better example.
Firstly it's clear NSA Director Adm. Mike Rogers doesn't get it. We are losing the world's trust in U.S. business because we can't keep our government out of private data. The question he wouldn't answer about the ability of other nations to do the same thing hit the nail on the head. We would never be comfortable allowing foreign nations to decrypt our citizens data, we shouldn't expect other nations to tolerate that either. It's a global market and we can't just cut U.S. companies out of the global market by forcing them to offer untrustworthy products.
Regarding his comment: "Now, it needs to be done within a framework. I`m the first to acknowledge that. You don`t want the FBI and you don`t want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn`t be for us."
That isn't a genuine statement. The people of the U.S. and those around the globe are saying no, and that just isn't the answer they want to hear. I'm not interested in a new framework, I'm interested in the NSA and FBI taking no for an answer.
I do wonder about the pros and cons of a concept like allowing strong encryption, but forcing the node communicating to reveal the identity. I absolutely believe that we deserve the right to be anonymous, and we deserve the right to protect the content of communication, but it may be possible that in any given communication flow we have to choose one or the other and not both. It does make some sense that completely unchecked encrypted communications across borders with enemy states does pose a security risk. Personally if I had to choose between government being able to read my encrypted data and having to identify myself when I send encrypted data, I'd prefer the later.
Not Eliza -- more like PARRY:
PARRY was written in 1972 by psychiatrist Kenneth Colby, then at Stanford University.[1] While ELIZA was a tongue-in-cheek simulation of a Rogerian therapist, PARRY attempted to simulate a paranoid schizophrenic.
/. If the government wants us to respect the law, it should set a better example.
He does realize this doesn't he? If weak encryption or back doors are put into software that mean eventually these will wind up in the software they use too.
Of course they probably just assume they will roll their own encryption software; well guess what the bad guys will do, steal it and use it!
You want the best security you can have to keep everyone safe, and if that means that you have to do some more leg work to prove criminal activity then so be it. Given the nature of electronic data (which can easily be faked) this information shouldn't be the basis of any criminal investigation anyway.
So much this. Being not American is not justification for spying on someone.
Most citizens of the world have no plans to bomb this country. Don't give them a desire to do so. The quickest way to make someone your enemy is to treat them like an enemy.
a country where something like this can even be seriously proposed, or one where terrorism sometimes occurs because it isn't?
The devil in the details, of course, is the definition of terrorism: in this case, you probably don't agree with it, and it's classified anyway. Are we better off with the occasional hijacking or bombing in exchange for freedom from government spying? We have to decide soon. Wait too long and the choice goes away. Apathetic majorities unleash hell on the rest of us.
Did you know anyone can create their own very strong cipher by constructing it with established crypto primitives? Contrary to popular belief "don't roll your own" is NOT good advice. That creates what we real security researchers call a "single point of failure", due to everyone using the same crypto suites.
in this CBC system we use SHA-1 and HMAC to create key expansion with key stretching. Then a random initialization vector is perpended as the first block, and the block is hashed with the SHA-1 then XORed with the next plaintext block. The IV + plaintext block is fed into a SHA-1 hash which then XORs the second block of plaintext. The third block is XORed with the hash( IV + plain1, plain2 ). The fourth block is XORed with the hash( IV + plain1 + plain2 + plain3 ), etc. Though the public version is SHA-1 (which is still fine for this, don't buy the FUD), I can drop in a SHA256, SHA3, or any hashing function to "upgrade" the cipher. The internal hash state is cloned before performing the digest for each block so it can continue to add plaintext and thus runs in O( n ) time not O( n! ) as it seems.
Decryption requires that each prior block's input not be modified. The deciphered block is fed into the hash and its digest decrypts the next block. Thus, turning any "1-way" hash into a 2 way stream cipher, and even if you encrypt the same message with the same key, you never get the same output due to the random init vector (browsers have crap random number generator, so user input & timing is hashed to supply the randomness). A full SHA-1 hash round per block is stronger than most stream ciphers provide today, and still runs very quickly. This also avoids chosen plaintext attacks.
This is a simple form of keyed "authenticated encryption", which is the new hotness in crypto ciphers. Such homebrewed systems were developed over a decade before the mainstream crypto community was even working on such things (the original version used MD5 in 1992). You can construct crypto from any pseudo random number generator, the stronger the better. This is made all the more difficult to crack since there's no dedicated hardware or software created to crack it -- Just being a new configuration means it requires more manpower to develop the cracking tools. Imagine not knowing what cipher it is as being part of the bit-strength of the cipher. Everyone who needs strong crypto should just roll their own, and let the powers that be spin their wheels trying to break crypto with the wrong tools.
Dasvidaniya NSA SJWs.
you don't get the "right" to win at the game you want to play, sorry. It's life, liberty and the PURSUIT of happiness, there are no guarantees. If the other guy is better at encrypting than you are at decrypting, you don't get to change the rules.
Grow a spine, Michael Rogers.
NSA = Nasty Sneaky Americans
OMG, that must invalidate everything I have to say!
In essence, yes. It means we cannot know whether anything you say is your opinion, but have to presume that it has all been vetted.
What have the chocolate rations been increased to again?
Do you understand that an individualized warrant is required to target, collect, store, analyze, or disseminate the communications content of a US Person anywhere on the globe, and that the current law on the issue is stronger and more restrictive with regard to US Persons than it has ever been?
Whether a warrant is required or not is irrelevant when the agency itself ignores such laws as "inefficient."
It has been proven that they log everything (what used to be called a pen register) and admit to it ("it's only metadata, why should you care?" we are told), and I've previously calculated how much data they'd need to record any person's utterances 24 hours a day, 365 days a year and it came out to something like 5 bucks the last time, assuming that someone talked continuously without sleep or stopping to breathe . It's less now because single 4 terabyte hard disks are available for $132 at Newegg, retail and a top-of-the-line enterprise quality 8TB disk with helium goes for under $750. And these are retail prices.
Don't believe me? 16Kb/s for that amount of time is roughly 64GB (516.7E9 bits no parity). So being generous, say we lose 500GB to formatting a 4TB drive, 3500 Salesman Gigabytes.
3500/64=54.blahblah 1 year partitions.
132/54=$2.44.
Less than an Extra Large Dunkin Donuts coffee.
For a year.
But wait there's more.
People don't talk 24 hours a day. They talk on average about 16000 words a day, according to this:
http://www.scientificamerican....
So what amount of time does that mean? It means about an hour-and-a-half of speaking at 3 words/second (which is average). 1/16'th of a day.
So take all of that $2.44, and divide it by 16
15 cents.
That's all it takes to store your utterances for an entire year. Half that if you really don't give a fuck about voice quality.
For the entire nation, which is 319 million, that gives $48 million to record everyone's utterances for an entire year. If you only record what is said on the phone, it's a tiny fraction of that.
CHUMP CHANGE WELL WITHIN A FEDERAL AGENCY'S BUDGET ESPECIALLY IF THAT BUDGET IS BLACK.
This does not include all the other stuff like connection to the networks, but that is all externalized by requiring the phone companies, etc, to take the bulk of that cost on themselves.
And by looking at that huge datacenter in Utah, they are already doing it and doubling-down on the methodology.
They don't give a flying fuck about warrants as we've seen, and it's technically and financially feasible, so they'll do it / are doing it.
--
BMO
I thought the NSA's charter was to spy on our enemies and that they were forbidden by law from spying on US citizens (they pay the Brits to do that for them). Now how are we going to convince Iran, China and other evil governments that they MUST use GovBackDoor.exe for all their encryption needs? OTOH is not the NSA also chartered to secure our data/systems to prevent our enemies from accessing them? Now if they weaken these systems so the Brits can continue spying on US citizens for them, how do they justify when these backdoors get exploited by Iran, China, USSR, ISIS, and all other actual enemies.
Sounds like the NSA is guilty of committing TREASON to me and should be dealt with appropriately through the courts.
You can just use Intel amt DMA access to pull ram contents from any of their processors. Why all this writing? Most people use Intel. Even if there are no intentional backdoor in their firmware is 1 to 5 megabytes massive.
Do something about the 100 Christians isis just kidnapped. Stop directing your eyes on your own country. There are teams in the world and if you treat your own guys like an enemy you get the Soviet Union where people hated their own country so much they cheered for our Olympic team rather than their own.
That sounds awesome. When will the Stargate to that alternate Earth be opening?
http://www.washingtonsblog.com/2014/03/nsa-recorded-every-single-call-one-country-country-america.html
http://www.pbs.org/newshour/bb/government_programs-july-dec13-whistleblowers_08-01/
NSA collects everything, every word. They might not bee able to lisstento it all, but it sis all sstored so analyssts can go bbbacck maybe 30 dayss.
That's whey the Utah Bata Center is sooooo big ! To store everything.
They can read my encrypted stuff anytime they want... all they have to do is get a warrant, serve the warrant on me, and then ask me for the key, and if I don't give it to them then they can try to decrypt it on their own. The law allows them to do all that already... the key part of that is, of course, that they need a warrant based "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
If not, you can google it. Suffice to say, a message thus encrypted cannot be deciphered. Not even by NSA.
I was poking a bit of 4th grade humor at the parent, for having misspelled rogue in his post. But now the parent post and mine are separated by a vast gulf of comments.
Join the IParty!
Seriously, this has been tackled and answered. People just don't want to believe it, and of course the same powers pulling the strings own all of the media "average" people consume. Carol Quigley's "Tragedy and Hope" is a comprehensive book covering the whole thing. Nobody wants to read the 1300 pages, because it's hard and quite frankly scary to contemplate. Gary Allen's book was a severely limited rehash of details found in "Tragedy and Hope" attempting to wake people up to what is really happening. He used more recent examples than Carol's stint within the group could use. Mark Dice also have a couple books detailing the same people doing the same things, he also references "Tragedy and Hope" frequently.
The circus show has thus far paid off. Brain washing people to believe "Conspiracy" is an impossible thing that only idiots believe has been well done. Even though people watched a conspiracy unfold on the top rated reality TV show called Survivor on a weekly basis, they can't fathom that a few people that own the majority of the worlds wealth could actually conspire to get more and fuck over.. well, just about everyone except themselves.
There are a couple of distinct issues to overcome. First is to convince people "It can happen here and now", just like tyrannical horrors have occurred throughout history. Nobody wants to believe it, and the bought and paid for media simply keeps pushing this narrative. Second, is to challenge people to stop being scared and take action. The latter is going to be much easier than the former, but it's dependent.
Other people have also tried to warn the public, even two former Presidents who were not members of the "club".
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Well everyone has the right to snoop on encrypted communication.......If they CAN.
Don't come crying to the intelligence agencies for help when terrorists shoot up innocent people. Self righteous Europeans blasted intelligence until ISIS attacked then they changed their tune. Go ahead and down vote my post. It won't change the fact that you all will be begging for help from the spooks when ISIS hits your state and country.
You do realize the U.S. Constitution only applies to US citizens and individuals from other counties when they are in the United States?
A country that breaks it's own laws now wants legal methods for their illegal activities even when it doesn't have to answer to any courts in the first place.
So does Micheal Rogers want to have sex with my wife as well?
The Foreign Intelligence Surveillance Court is the very court whose sole purpose is protecting the rights of Americans under the law and the Constitution in the context of foreign intelligence collection.
If that is their purpose, they are failing miserably.
Even if it means a massive terrorist attack on US soil, even if means the collapse of the government, or invasion, or a mushroom cloud over a major US city, we have to resist the presumption that any agent of the executive acts without oversight and accountability.
The problem is going to be finding politicians who are willing to take the risk of having a terrorist attack succeed 'because' they stood up against the NSA et. al.
I put 'because' in quotes as such a thing could conceivably be allowed to happen by the NSA et. al. to prove the point that they need such power.
blindly antisocialist = antisocial
Care to explain how "a legal framework for data access of entities that operate within and under a US legal construct" (aside from, you know, warrants and subpoenas and so forth) is possible for encrypted data *without* weakening the cryptosystem in a manner "antithetical to the security interests of the United States, our people, our military, our intelligence community, and anyone else who requires secure communications in any form"?
You talk a lot, but you aren't actually offering any solutions. You're just cheering for team World Gestapo. If you want anybody to take anything you say seriously, start offering solutions. The fact that crypto beats the NSA is a feature (a vital one), not a bug. If you want to argue otherwise, try coming up with the following:
1) A method / reason we should believe it won't be used to cripple our information security.
2) A reason we should believe other nations won't obtain and use the same access against us.
3) An actual problem that would be solved by going through all this rigmarole, that existing laws and government powers don't provide.
4) A reason to believe this wouldn't be abused and cause greater harm than good.
The standard of evidence I require for #4, but the way, is to make this more important than freeing the innocents held in Guantanamo Bay and punishing the uniformed abominations who tortured them.
There. I've told you what it would take to change my mind. Care to do the same?
There's no place I could be, since I've found Serenity...
Free people made the insurance industry.
Dude, you didn't help your case by saying that.
Logicacal consequence of right to snoop on all data is that either memorising becomes illegal or the right to remain silent must be withdrawn...
"or someone who believes that it's all an overarching plot by the US and other free Western nations to illegally access everyone's communications, especially that of their own citizens to solidify power, or serve corporate/elite/shadowy overlords, but otherwise...yeah, no."
You're forgetting one simple thing Mr. Schroeder. The US has already OPENLY ADMITTED TO THAT. Sorry, you LOSE.
1. "Secret courts". The Foreign Intelligence Surveillance Court is the very court whose sole purpose is protecting the rights of Americans under the law and the Constitution in the context of foreign intelligence collection. Secrecy is required for the conduct of foreign intelligence, even in free societies. That you may disagree with this does not invalidate this fact. That you may see 3-4 pieces of a 1000 piece puzzle and believe you have the full picture does not invalidate this fact.
How can we establish it as FACT (which you adamantly claim), if there is no rational basis to do so (all action is conducted in secret)??
YOU AREN'T BEING RATIONAL, MR SCHROEDER
So the Constitution means whatever the US Government tells us peasants it means..........RIIIIIIIGHT, Dave.
One thing that always bothers me when people mention that the Constitution doesn't apply outside of the US to non-citizens is that, if the Constitution doesn't apply, the government has NO right to act because it has no power without the Constitution.
This is my signature. There are many like it, but this one is mine.
... imagine being responsible for the security our country. Imagine trying to avoid or to solve a terrible crime only to find out that a key piece of evidence is unavailable due to string crypto. I understand the dilemma, intelligence and law enforcement agencies are facing. It's simply not good enough to say - well, they suck. I am doing IT security for a long time. I am protecting the digital assets of my clients in a way, that nobody will be able to intercept or to eavesdrop on them. So I guess I know what I am talking about. We are on a slippery slope. We expect our government to prosecute criminals but at the same time we're promoting encryption and complain about the governments attempts to break it. In order to understand the situation - consider the extremes: Everything is encrypted and law enforcement is unable to access any communications or data storage. Would the world be a better and safer place? Only if you are daydreaming. So how will it play out? How will we find a way to keep the public need for law enforcement in sync with personal liberties ? Politicians may try to outlaw encryption or demand back doors. But that won't work, because good crypto is undetectable and can be hidden pretty much anywhere. Usually it all boils down to personal responsibility and accountability. I am a big fan of "I do stuff and I will be responsible for the consequences" . In other words: If you do (or provide) crypto, you will have to surrender the keys if ordered (by a court of law) to do so. This of course might interfere with the constitutional protection of 'self incrimination'. Lawyers will have to figure this one out. One thing is for sure: We want a government that is able to prosecute offenders. In order to do so, law enforcement might need access to encrypted data. If we don't want broken crypto or back doors, we will have to accept responsibility for the data we encrypt. If the government finds it. But that is another story.
A few more thoughts:
1) Part of the reason this whole thing is coming up is that Apple said that were going to modify the encryption on iPhones so that they couldn't decrypt them either. It's at that point that the big push for breakable encryption started. So, saying that this is just about companies giving the NSA data that the companies already have isn't true. A subpoena/NSL/FISA court order is sufficient for legal access to data that the companies already have. If that were all the NSA/FBI/etc wanted, then they already have the tools to get that data.
2) given that, it is imperative upon the people asking for the change to explain why supoenas/NSLs/FISA court orders are insufficient. I haven't heard a single thing about that, *except* in the context of companies like Apple enabling encryption and *not* escrowing the keys. That puts a lie to the idea that this is just about accessing data that the companies already have.
Lastly, please don't make "talk like adults" sideswipes...you're assuming bad faith on the part of your commenters, (me, in this case) which you have no evidence of. This is a very passive-aggressive way of insulting your debate partner. If you'd really like to debate, this is not helpful.
For what it's worth, how are they going to
unecrypt it if they
can't tell it's encrypted.
know what I mean.
You have all kinds
of options to
use a variety of methods.
Now you don't need a decoder ring to
See the message here.
Although this one is obvious, you get my meaning.
Yeah, they would not surveil Congress staff working for the Intelligence Oversight Committee, because you know, that's totally beyond the scope of what they do...
How many warrant requests has FISA turned down, ever?
Rights were not granted by the Constitution. They were recognized. They pre-existed. People don't have those rights because they are Americans. They have those rights because they are human beings. If the government chooses not to recognize those rights then that is a choice, but it does not alter the fact that those rights exist. Otherwise, it would be impossible for a government to be guilty of rights violations.
We did have a whistleblower Snowden but did his dump of information really change anything? sadly no. This is a clear ACT OF TREASON against us "The People" of the United States. My papers are suppose to be secure and only subject to be searched WITH A PROPER WARRENT!.
Yet are the Congresscritters doing anything? No. Personally I think the NSA, CIA, FBI have stink on the members of Congress to where they can't do or saying anything without their own dirty laundry being exposed. Look what happed to Gen. Patarus (miss spelled). He talks a bit and bang his emails to his girlfriend are leaked.
Until the NSA is totally scrapped which I don't see happening we are fucked.
Note that Yahoo's CSIO is talking with him yet Yahoo's network IS WIRETAPPED!. I know I watch the NSA install the harvesting nodes in the data center where Yahoo's servers are in Atlanta. Even got photos of the boxes. No not a "direct" tap but just on the other side of the Data Center's border router sits the harvesting node. Actully two of them. You need reduncey. So not a direct tap but one hop up there it is stripping the SSL down to clear text and pumping to the NSA listening post down the road. They installed this in 2006.
Oh the words spoken between us that day.
These are the only terrorist I live in fear of all headquartered in DC.
Yet will anyone get off their ass and do something about this? Sadly I think not. Sadly I see my Grandchildren being slaves to the State.
THIS IS FUCKING TREASON!!!
The intent of the Constitution is perfectly clear. It is only weasel lawyers that want to find a way around it, to oppress and enslave, who find it confusing.
Probably true, AC, probably true. Except for people who work in the industry, probably true.
No nation worthy of loyalty or respect does this to its citizens. The purpose is not to protect us - it's to protect the 'State'. These domestic spies (NSA, FBI, CIA, and all of the local Stats Polizei) and the politicians we, the 'Stupid', elect, are only interested in controlling an increasingly 'restless' and angry public. And in a nation like this one, with perhaps a hundred million armed civilians, they have every reason to feel insecure! If our Constitution is the law of the land, and truly represents the moral underpinnings of the United States, then these agents of the 'State' should be hung as traitors to the Republic.
This is all fine and dandy. Make sure US companies encryption products have an extra front door. This can probably even be made reasonably secure by use of a gov' public key to add an extra header to all encrypted data from said products.
But how exactly are you going to make Open Source products comply with these regulations. All it will do internationally is make US encryption products unpalatable to anyone who guards their privacy weather they be criminal or not. Perhaps via international treaty, the US could like it has with copyright, force nations to criminalize large portions of their populace.
You know, I say go ahead, we all know where this ends and the vox-populi is not something Mr Director you would want to be lined up against the wall to answer.
"When government fears the people, there is liberty. When the people fear the government, there is tyranny." - Thomas Jefferson
Get mad at ISIS and all of the bored, unfulfilled 1st world kids threatening non-war zones. Not the government.
2. "Spying on everyone". Not sure what you mean, but if you could possibly be referring to metadata collection, that has been affirmed by a Supreme Court ruling that is 35 years old.
Let me help you out with that, dave:
http://yro.slashdot.org/story/15/02/28/1316203/nsa-spying-wins-another-rubber-stamp
"A federal court has again renewed an order allowing the National Security Agency to continue its bulk collection of Americans' phone records"
LOL there it is in black and white pal. Try to fuckin spin that, shit for brains.
It isn't an efficient law or action. E.g., it is illegal to rob convenience stores - but does that stop convenience stores from being robbed? Keeping that indisputable fact in mind, who would expect criminals - let alone terrorists - to comply with laws or regulations on the encryption algorithms and methods "permitted" for use? As another example, it is also illegal to 'jack airliners - and has been since well before 9/11.
IMHO, the NSA would be better off (from the perspective of accomplishing their mission) investing the time, money, and resources into developing ever better decryption methods and into the ability to detect the use of encryption techniques - be they known or new to the NSA - in the flood of traffic that is "the 'Net", thus weeding out what needs further analysis from the chaff.
(By the way: Would I care if the 'Net was reconfigured to completely block those nations and states that repetitiously source/harbor/fund crackerz and terrorists? Nope.)
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"